def update_group_dir_permission(repo_id, path, owner, gid, permission, org_id=None):
# Update the group's permission(r, rw, admin) in the repo or subdir.
extra_share_permission = ''
if permission == PERMISSION_ADMIN:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE
if org_id:
if path == '/':
seaserv.seafserv_threaded_rpc.set_org_group_repo_permission(
org_id, gid, repo_id, permission)
else:
seafile_api.org_update_share_subdir_perm_for_group(
org_id, repo_id, path, owner, gid, permission)
else:
if path == '/':
seafile_api.set_group_repo_permission(gid, repo_id, permission)
else:
seafile_api.update_share_subdir_perm_for_group(
repo_id, path, owner, gid, permission)
# update extra share permission if updated is repo
if path == '/':
ExtraGroupsSharePermission.objects.update_share_permission(repo_id,
gid,
extra_share_permission)
def update_group_dir_permission(repo_id, path, owner, gid, permission, org_id=None):
# Update the group's permission(r, rw, admin) in the repo or subdir.
extra_share_permission = ''
if permission == PERMISSION_ADMIN:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE
if is_valid_org_id(org_id):
if path == '/':
seaserv.seafserv_threaded_rpc.set_org_group_repo_permission(
org_id, gid, repo_id, permission)
else:
seafile_api.org_update_share_subdir_perm_for_group(
org_id, repo_id, path, owner, gid, permission)
else:
if path == '/':
seafile_api.set_group_repo_permission(gid, repo_id, permission)
else:
seafile_api.update_share_subdir_perm_for_group(
repo_id, path, owner, gid, permission)
# update extra share permission if updated is repo
if path == '/':
ExtraGroupsSharePermission.objects.update_share_permission(repo_id,
gid,
extra_share_permission)
def test_update_share_subdir_perm_for_group(repo, group, permission_to_update, permission_to_share):
ccnet_api.group_add_member(group.id, USER, USER2)
v_repo_id = api.share_subdir_to_group(repo.id, '/dir1', USER, group.id, permission_to_share)
assert api.check_permission(v_repo_id, USER2) == permission_to_share
api.update_share_subdir_perm_for_group(repo.id, '/dir1', USER, group.id, permission_to_update)
assert api.check_permission(v_repo_id, USER2) == permission_to_update
api.unshare_subdir_for_group(repo.id, '/dir1', USER, group.id)
def post(self, request, repo_id, format=None):
"""Update shared item permission.
"""
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND,
'Folder %s not found.' % path)
permission = request.data.get('permission', PERMISSION_READ)
if permission not in [
PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN
]:
return api_error(status.HTTP_400_BAD_REQUEST,
'permission invalid.')
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST,
'Email %s invalid.' % shared_to)
if username != self.get_repo_owner(request, repo_id) and \
ExtraSharePermission.objects.get_user_permission(repo_id, username) != PERMISSION_ADMIN:
return api_error(status.HTTP_403_FORBIDDEN,
'Permission denied.')
else:
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN,
'Permission denied.')
if shared_to_user:
try:
User.objects.get(email=shared_to)
except User.DoesNotExist:
return api_error(status.HTTP_400_BAD_REQUEST,
'Invalid user, should be registered')
extra_share_permission = ""
if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else PERMISSION_READ
if is_org_context(request):
username = seafile_api.get_org_repo_owner(repo_id)
org_id = request.user.org.org_id
if path == '/':
seafile_api.org_set_share_permission(
org_id, repo_id, username, shared_to, permission)
else:
seafile_api.org_update_share_subdir_perm_for_user(
org_id, repo_id, path, username, shared_to, permission)
else:
username = seafile_api.get_repo_owner(repo_id)
if path == '/':
seafile_api.set_share_permission(repo_id, username,
shared_to, permission)
else:
seafile_api.update_share_subdir_perm_for_user(
repo_id, path, username, shared_to, permission)
if path == '/':
ExtraSharePermission.objects.update_share_permission(
repo_id, shared_to, extra_share_permission)
send_perm_audit_msg('modify-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
gid = request.GET.get('group_id')
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST,
'group_id %s invalid.' % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_404_NOT_FOUND,
'Group %s not found.' % gid)
if is_org_context(request):
org_id = request.user.org.org_id
if path == '/':
seaserv.seafserv_threaded_rpc.set_org_group_repo_permission(
org_id, gid, repo.id, permission)
else:
seafile_api.org_update_share_subdir_perm_for_group(
org_id, repo_id, path, username, gid, permission)
else:
if path == '/':
seafile_api.set_group_repo_permission(
gid, repo.id, permission)
else:
seafile_api.update_share_subdir_perm_for_group(
repo_id, path, username, gid, permission)
send_perm_audit_msg('modify-repo-perm', username, gid, repo_id,
path, permission)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=json_content_type)
def post(self, request, repo_id, format=None):
"""Update shared item permission.
"""
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_400_BAD_REQUEST, 'Directory not found.')
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
permission = request.data.get('permission', 'r')
if permission not in ['r', 'rw']:
return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.')
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path)
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % shared_to)
try:
User.objects.get(email=shared_to)
except User.DoesNotExist:
return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid user, should be registered')
if is_org_context(request):
org_id = request.user.org.org_id
if path == '/':
seafile_api.org_set_share_permission(
org_id, repo_id, username, shared_to, permission)
else:
seafile_api.org_update_share_subdir_perm_for_user(
org_id, repo_id, path, username, shared_to, permission)
else:
if path == '/':
seafile_api.set_share_permission(
repo_id, username, shared_to, permission)
else:
seafile_api.update_share_subdir_perm_for_user(
repo_id, path, username, shared_to, permission)
send_perm_audit_msg('modify-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
gid = request.GET.get('group_id')
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid.' % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_404_NOT_FOUND, 'Group %s not found.' % gid)
if is_org_context(request):
org_id = request.user.org.org_id
if path == '/':
seaserv.seafserv_threaded_rpc.set_org_group_repo_permission(
org_id, gid, repo.id, permission)
else:
seafile_api.org_update_share_subdir_perm_for_group(
org_id, repo_id, path, username, gid, permission)
else:
if path == '/':
seafile_api.set_group_repo_permission(gid, repo.id, permission)
else:
seafile_api.update_share_subdir_perm_for_group(
repo_id, path, username, gid, permission)
send_perm_audit_msg('modify-repo-perm', username, gid,
repo_id, path, permission)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=json_content_type)
def put(self, request, repo_id, path, share_type):
""" Update user/group share permission.
Permission checking:
1. admin user.
"""
# argument check
permission = request.data.get('permission', None)
if not permission or permission not in ('r', 'rw'):
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
share_info = {}
share_info['repo_id'] = repo_id
share_info['path'] = path
share_info['share_type'] = share_type
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo_id)
share_to = request.data.get('share_to', None)
if share_type == 'user':
email = share_to
if not email or not is_valid_username(email):
error_msg = 'email %s invalid.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
if path == '/':
seafile_api.set_share_permission(repo_id, repo_owner,
email, permission)
else:
seafile_api.update_share_subdir_perm_for_user(
repo_id, path, repo_owner, email, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
new_perm = seafile_api.check_permission_by_path(
repo_id, path, email)
share_info['user_email'] = email
share_info['user_name'] = email2nickname(email)
share_info['permission'] = new_perm
if share_type == 'group':
group_id = share_to
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id %s invalid.' % group_id
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %s not found' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
if path == '/':
seafile_api.set_group_repo_permission(
group_id, repo_id, permission)
else:
seafile_api.update_share_subdir_perm_for_group(
repo_id, path, repo_owner, group_id, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
share_info['group_id'] = group_id
share_info['group_name'] = group.group_name
share_info['permission'] = permission
return Response(share_info)
