def share_dir_to_group(repo, path, owner, share_from, gid, permission, org_id=None): # Share repo or subdir to group with permission(r, rw, admin). extra_share_permission = '' if permission == PERMISSION_ADMIN: extra_share_permission = permission permission = PERMISSION_READ_WRITE if is_valid_org_id(org_id): if path == '/': seafile_api.add_org_group_repo(repo.repo_id, org_id, gid, owner, permission) else: seafile_api.org_share_subdir_to_group(org_id, repo.repo_id, path, owner, gid, permission) else: if path == '/': seafile_api.set_group_repo(repo.repo_id, gid, owner, permission) else: seafile_api.share_subdir_to_group(repo.repo_id, path, owner, gid, permission) # add share permission if between is admin and is extra permission. if path == '/' and extra_share_permission == PERMISSION_ADMIN: ExtraGroupsSharePermission.objects.create_share_permission(repo.repo_id, gid, extra_share_permission)
def share_dir_to_group(repo, path, owner, share_from, gid, permission, org_id=None): # Share repo or subdir to group with permission(r, rw, admin). extra_share_permission = '' if permission == PERMISSION_ADMIN: extra_share_permission = permission permission = PERMISSION_READ_WRITE if org_id: if path == '/': seafile_api.add_org_group_repo(repo.repo_id, org_id, gid, owner, permission) else: seafile_api.org_share_subdir_to_group(org_id, repo.repo_id, path, owner, gid, permission) else: if path == '/': seafile_api.set_group_repo(repo.repo_id, gid, owner, permission) else: seafile_api.share_subdir_to_group(repo.repo_id, path, owner, gid, permission) # add share permission if between is admin and is extra permission. if path == '/' and extra_share_permission == PERMISSION_ADMIN: ExtraGroupsSharePermission.objects.create_share_permission(repo.repo_id, gid, extra_share_permission)
def share_folder_to_user_and_group(self): # share folder to user seafile_api.share_subdir_to_user(self.repo_id, self.folder_path, self.user_name, self.admin_name, 'rw') # share folder to group seafile_api.share_subdir_to_group(self.repo_id, self.folder_path, self.user_name, self.group_id, 'rw')
def test_share_dir_to_group(repo, group, permission): assert ccnet_api.group_add_member(group.id, USER, USER2) == 0 v_repo_id_1 = api.share_subdir_to_group(repo.id, '/dir1', USER, group.id, permission) v_repo_id_2 = api.share_subdir_to_group(repo.id, '/dir2', USER, group.id, permission) assert api.check_permission(v_repo_id_1, USER2) == permission assert api.check_permission(v_repo_id_2, USER2) == permission assert api.del_file(repo.id, '/', 'dir1', USER) == 0 assert api.unshare_subdir_for_group(repo.id, '/dir2', USER, group.id) == 0 assert api.check_permission(v_repo_id_1, USER2) is None assert api.check_permission(v_repo_id_2, USER2) is None
def test_subdir_permission_in_virtual_repo(repo, group, permission): api.post_dir(repo.id, '/dir1', 'subdir1', USER) api.post_dir(repo.id, '/dir2', 'subdir2', USER) v_repo_id_1 = api.share_subdir_to_user(repo.id, '/dir1', USER, USER2, permission) v_subdir_repo_id_1 = api.create_virtual_repo(v_repo_id_1, '/subdir1', 'subdir1', 'test_desc', USER, passwd='') assert api.check_permission(v_subdir_repo_id_1, USER2) == permission assert ccnet_api.group_add_member(group.id, USER, USER2) == 0 v_repo_id_2 = api.share_subdir_to_group(repo.id, '/dir2', USER, group.id, permission) v_subdir_repo_id_2 = api.create_virtual_repo(v_repo_id_2, '/subdir2', 'subdir2', 'test_desc', USER, passwd='') assert api.check_permission(v_subdir_repo_id_2, USER2) == permission assert api.unshare_subdir_for_user(repo.id, '/dir1', USER, USER2) == 0 assert api.unshare_subdir_for_group(repo.id, '/dir2', USER, group.id) == 0
def test_update_share_subdir_perm_for_group(repo, group, permission_to_update, permission_to_share): ccnet_api.group_add_member(group.id, USER, USER2) v_repo_id = api.share_subdir_to_group(repo.id, '/dir1', USER, group.id, permission_to_share) assert api.check_permission(v_repo_id, USER2) == permission_to_share api.update_share_subdir_perm_for_group(repo.id, '/dir1', USER, group.id, permission_to_update) assert api.check_permission(v_repo_id, USER2) == permission_to_update api.unshare_subdir_for_group(repo.id, '/dir1', USER, group.id)
def test_share_dir_to_group(repo, group, permission): assert ccnet_api.group_add_member(group.id, USER, USER2) == 0 v_repo_id_1 = api.share_subdir_to_group(repo.id, '/dir1', USER, group.id, permission) v_repo_id_2 = api.share_subdir_to_group(repo.id, '/dir2', USER, group.id, permission) assert api.check_permission(v_repo_id_1, USER2) == permission assert api.check_permission(v_repo_id_2, USER2) == permission repo_get = api.get_group_shared_repo_by_path (repo.id, '/dir1', group.id) assert repo_get and repo_get.repo_id == v_repo_id_1 users = api.get_shared_groups_for_subdir(repo.id, '/dir1', USER) assert len(users) == 1 assert api.del_file(repo.id, '/', 'dir1', USER) == 0 assert api.unshare_subdir_for_group(repo.id, '/dir2', USER, group.id) == 0 assert api.check_permission(v_repo_id_1, USER2) is None assert api.check_permission(v_repo_id_2, USER2) is None
def test_get_group_repos(repo, group): repo = api.get_repo(repo.id) api.group_share_repo(repo.id, group.id, USER, 'rw') repos = api.get_repos_by_group(group.id) assert_group_repos_attr(repo, repos[0]) repos = api.get_group_repos_by_owner(USER) assert_group_repos_attr(repo, repos[0]) v_repo_id = api.share_subdir_to_group(repo.id, '/dir1', USER, group.id, 'rw') v_repo = api.get_repo(v_repo_id) v_repo_to_test = api.get_group_shared_repo_by_path(repo.id, '/dir1', group.id) assert_group_repos_attr(v_repo, v_repo_to_test) api.unshare_subdir_for_group(repo.id, '/dir1', USER, group.id) repos = api.get_group_repos_by_user(USER) assert_group_repos_attr(repo, repos[0]) assert api.group_unshare_repo(repo.id, group.id, USER) == 0
def put(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) share_type = request.data.get('share_type') if share_type != 'user' and share_type != 'group': return api_error(status.HTTP_400_BAD_REQUEST, 'share_type invalid.') if share_type == 'user': if username != self.get_repo_owner(request, repo_id) and \ ExtraSharePermission.objects.get_user_permission(repo_id, username) != PERMISSION_ADMIN: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') else: if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') permission = request.data.get('permission', PERMISSION_READ) if permission not in [ PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN ]: return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.') result = {} result['failed'] = [] result['success'] = [] if share_type == 'user': share_to_users = request.data.getlist('username') for to_user in share_to_users: if not is_valid_username(to_user): result['failed'].append({ 'email': to_user, 'error_msg': _(u'username invalid.') }) continue try: User.objects.get(email=to_user) except User.DoesNotExist: result['failed'].append({ 'email': to_user, 'error_msg': _(u'User %s not found.') % to_user }) continue if self.has_shared_to_user(request, repo_id, path, to_user): result['failed'].append({ 'email': to_user, 'error_msg': _(u'This item has been shared to %s.') % to_user }) continue try: extra_share_permission = '' if permission == PERMISSION_ADMIN: extra_share_permission = permission permission = PERMISSION_READ_WRITE if is_org_context(request): username = seafile_api.get_org_repo_owner(repo_id) org_id = request.user.org.org_id if not is_org_user(to_user, int(org_id)): org_name = request.user.org.org_name error_msg = 'User %s is not member of organization %s.' \ % (to_user, org_name) result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue if path == '/': seaserv.seafserv_threaded_rpc.org_add_share( org_id, repo_id, username, to_user, permission) else: sub_repo_id = seafile_api.org_share_subdir_to_user( org_id, repo_id, path, username, to_user, permission) else: if is_org_user(to_user): error_msg = 'User %s is a member of organization.' % to_user result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue username = seafile_api.get_repo_owner(repo_id) if path == '/': seafile_api.share_repo(repo_id, username, to_user, permission) else: sub_repo_id = seafile_api.share_subdir_to_user( repo_id, path, username, to_user, permission) if path == '/' and extra_share_permission == PERMISSION_ADMIN: ExtraSharePermission.objects.create_share_permission( repo_id, to_user, extra_share_permission) # send a signal when sharing repo successful if path == '/': share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=repo) else: sub_repo = seafile_api.get_repo(sub_repo_id) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=sub_repo) result['success'].append({ "share_type": "user", "user_info": { "name": to_user, "nickname": email2nickname(to_user), }, "permission": permission, "is_admin": extra_share_permission == PERMISSION_ADMIN }) send_perm_audit_msg('add-repo-perm', username, to_user, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'email': to_user, 'error_msg': 'Internal Server Error' }) continue if share_type == 'group': group_ids = request.data.getlist('group_id') for gid in group_ids: try: gid = int(gid) except ValueError: result['failed'].append( {'error_msg': _(u'group_id %s invalid.') % gid}) continue group = ccnet_api.get_group(gid) if not group: result['failed'].append( {'error_msg': _(u'Group %s not found') % gid}) continue if not config.ENABLE_SHARE_TO_ALL_GROUPS and \ not ccnet_api.is_group_user(gid, username): result['failed'].append({ 'group_name': group.group_name, 'error_msg': _(u'Permission denied.') }) continue if self.has_shared_to_group(request, repo_id, path, gid): result['failed'].append({ 'group_name': group.group_name, 'error_msg': _(u'This item has been shared to %s.') % group.group_name }) continue try: if is_org_context(request): org_id = request.user.org.org_id if path == '/': seafile_api.add_org_group_repo( repo_id, org_id, gid, username, permission) else: sub_repo_id = seafile_api.org_share_subdir_to_group( org_id, repo_id, path, username, gid, permission) else: if path == '/': seafile_api.set_group_repo(repo_id, gid, username, permission) else: sub_repo_id = seafile_api.share_subdir_to_group( repo_id, path, username, gid, permission) if path == '/': share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=repo) else: sub_repo = seafile_api.get_repo(sub_repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=sub_repo) result['success'].append({ "share_type": "group", "group_info": { "id": gid, "name": group.group_name, }, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, gid, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'group_name': group.group_name, 'error_msg': 'Internal Server Error' }) continue return HttpResponse(json.dumps(result), status=200, content_type=json_content_type)
def put(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') share_type = request.data.get('share_type') if share_type != 'user' and share_type != 'group': return api_error(status.HTTP_400_BAD_REQUEST, 'share_type invalid.') permission = request.data.get('permission', 'r') if permission not in ['r', 'rw']: return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.') result = {} result['failed'] = [] result['success'] = [] if share_type == 'user': share_to_users = request.data.getlist('username') for to_user in share_to_users: if not is_valid_username(to_user): result['failed'].append({ 'email': to_user, 'error_msg': 'username invalid.' }) continue try: User.objects.get(email=to_user) except User.DoesNotExist: result['failed'].append({ 'email': to_user, 'error_msg': 'User %s not found.' % to_user }) continue try: if is_org_context(request): org_id = request.user.org.org_id if path == '/': seaserv.seafserv_threaded_rpc.org_add_share( org_id, repo_id, username, to_user, permission) else: sub_repo_id = seafile_api.org_share_subdir_to_user(org_id, repo_id, path, username, to_user, permission) else: if path == '/': seafile_api.share_repo( repo_id, username, to_user, permission) else: sub_repo_id = seafile_api.share_subdir_to_user( repo_id, path, username, to_user, permission) # send a signal when sharing repo successful if path == '/': share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=repo) else: sub_repo = seafile_api.get_repo(sub_repo_id) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=sub_repo) result['success'].append({ "share_type": "user", "user_info": { "name": to_user, "nickname": email2nickname(to_user), }, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_user, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'email': to_user, 'error_msg': 'Internal Server Error' }) continue if share_type == 'group': group_ids = request.data.getlist('group_id') for gid in group_ids: try: gid = int(gid) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid.' % gid) group = seaserv.get_group(gid) if not group: return api_error(status.HTTP_404_NOT_FOUND, 'Group %s not found' % gid) try: if is_org_context(request): org_id = request.user.org.org_id if path == '/': seafile_api.add_org_group_repo( repo_id, org_id, gid, username, permission) else: sub_repo_id = seafile_api.org_share_subdir_to_group(org_id, repo_id, path, username, gid, permission) else: if path == '/': seafile_api.set_group_repo( repo_id, gid, username, permission) else: sub_repo_id = seafile_api.share_subdir_to_group( repo_id, path, username, gid, permission) if path == '/': share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=repo) else: sub_repo = seafile_api.get_repo(sub_repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=sub_repo) result['success'].append({ "share_type": "group", "group_info": { "id": gid, "name": group.group_name, }, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, gid, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'group_name': group.group_name, 'error_msg': 'Internal Server Error' }) continue return HttpResponse(json.dumps(result), status=200, content_type=json_content_type)
def post(self, request, repo_id, path, share_type): """ Admin share a library to user/group. Permission checking: 1. admin user. """ # argument check permission = request.data.get('permission', None) if not permission or permission not in ('r', 'rw'): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) result = {} result['failed'] = [] result['success'] = [] share_to = request.data.getlist('share_to') # current `request.user.username` is admin user, # so need to identify the repo owner specifically. repo_owner = seafile_api.get_repo_owner(repo_id) if share_type == 'user': for email in share_to: if repo_owner == email: result['failed'].append({ 'user_email': email, 'error_msg': _(u'User %s is already library owner.') % email }) continue if not is_valid_username(email): result['failed'].append({ 'user_email': email, 'error_msg': _('Email %s invalid.') % email }) continue try: User.objects.get(email=email) except User.DoesNotExist: result['failed'].append({ 'user_email': email, 'error_msg': 'User %s not found.' % email }) continue try: if path == '/': seafile_api.share_repo(repo_id, repo_owner, email, permission) else: seafile_api.share_subdir_email(repo_id, path, repo_owner, email, permission) except Exception as e: logger.error(e) result['failed'].append({ 'user_email': email, 'error_msg': 'Internal Server Error' }) continue new_perm = seafile_api.check_permission_by_path( repo_id, path, email) result['success'].append({ "repo_id": repo_id, "path": path, "share_type": share_type, "user_email": email, "user_name": email2nickname(email), "permission": new_perm }) if share_type == 'group': for group_id in share_to: try: group_id = int(group_id) except ValueError as e: logger.error(e) result['failed'].append({ 'group_id': group_id, 'error_msg': 'group_id %s invalid.' % group_id }) continue group = ccnet_api.get_group(group_id) if not group: result['failed'].append({ 'group_id': group_id, 'error_msg': 'Group %s not found' % group_id }) continue try: if path == '/': seafile_api.set_group_repo(repo_id, group_id, repo_owner, permission) else: seafile_api.share_subdir_to_group( repo_id, path, repo_owner, group_id, permission) except Exception as e: logger.error(e) result['failed'].append({ "group_id": group_id, 'error_msg': 'Internal Server Error' }) continue result['success'].append({ "repo_id": repo_id, "path": path, "share_type": share_type, "group_id": group_id, "group_name": group.group_name, "permission": permission }) return Response(result)
def put(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, "Library %s not found." % repo_id) path = request.GET.get("p", "/") if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, "Folder %s not found." % path) if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, "Permission denied.") share_type = request.data.get("share_type") if share_type != "user" and share_type != "group": return api_error(status.HTTP_400_BAD_REQUEST, "share_type invalid.") permission = request.data.get("permission", "r") if permission not in ["r", "rw"]: return api_error(status.HTTP_400_BAD_REQUEST, "permission invalid.") result = {} result["failed"] = [] result["success"] = [] if share_type == "user": share_to_users = request.data.getlist("username") for to_user in share_to_users: if not is_valid_username(to_user): result["failed"].append({"email": to_user, "error_msg": "username invalid."}) continue try: User.objects.get(email=to_user) except User.DoesNotExist: result["failed"].append({"email": to_user, "error_msg": "User %s not found." % to_user}) continue try: if is_org_context(request): org_id = request.user.org.org_id if path == "/": seaserv.seafserv_threaded_rpc.org_add_share(org_id, repo_id, username, to_user, permission) else: seafile_api.org_share_subdir_to_user(org_id, repo_id, path, username, to_user, permission) else: if path == "/": seafile_api.share_repo(repo_id, username, to_user, permission) else: seafile_api.share_subdir_to_user(repo_id, path, username, to_user, permission) # send a signal when sharing repo successful share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=repo) result["success"].append( { "share_type": "user", "user_info": {"name": to_user, "nickname": email2nickname(to_user)}, "permission": permission, } ) send_perm_audit_msg("add-repo-perm", username, to_user, repo_id, path, permission) except SearpcError as e: logger.error(e) result["failed"].append({"email": to_user, "error_msg": "Internal Server Error"}) continue if share_type == "group": group_ids = request.data.getlist("group_id") for gid in group_ids: try: gid = int(gid) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, "group_id %s invalid." % gid) group = seaserv.get_group(gid) if not group: return api_error(status.HTTP_404_NOT_FOUND, "Group %s not found" % gid) try: if is_org_context(request): org_id = request.user.org.org_id if path == "/": seafile_api.add_org_group_repo(repo_id, org_id, gid, username, permission) else: seafile_api.org_share_subdir_to_group(org_id, repo_id, path, username, gid, permission) else: if path == "/": seafile_api.set_group_repo(repo_id, gid, username, permission) else: seafile_api.share_subdir_to_group(repo_id, path, username, gid, permission) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=repo) result["success"].append( { "share_type": "group", "group_info": {"id": gid, "name": group.group_name}, "permission": permission, } ) send_perm_audit_msg("add-repo-perm", username, gid, repo_id, path, permission) except SearpcError as e: logger.error(e) result["failed"].append({"group_name": group.group_name, "error_msg": "Internal Server Error"}) continue return HttpResponse(json.dumps(result), status=200, content_type=json_content_type)