def repo_remove_share(request): """ If repo is shared from one person to another person, only these two peson can remove share. If repo is shared from one person to a group, then only the one share the repo and group staff can remove share. """ repo_id = request.GET.get('repo_id', '') group_id = request.GET.get('gid', '') from_email = request.GET.get('from', '') if not is_valid_username(from_email): return render_error(request, _(u'Argument is not valid')) username = request.user.username # if request params don't have 'gid', then remove repos that share to # to other person; else, remove repos that share to groups if not group_id: to_email = request.GET.get('to', '') if not is_valid_username(to_email): return render_error(request, _(u'Argument is not valid')) if username != from_email and username != to_email: return render_permission_error(request, _(u'Failed to remove share')) if is_org_context(request): org_id = request.user.org.org_id org_remove_share(org_id, repo_id, from_email, to_email) else: seaserv.remove_share(repo_id, from_email, to_email) else: try: group_id = int(group_id) except: return render_error(request, _(u'group id is not valid')) group = seaserv.get_group(group_id) if not group: return render_error( request, _(u"Failed to unshare: the group doesn't exist.")) if not seaserv.check_group_staff(group_id, username) \ and username != from_email: return render_permission_error(request, _(u'Failed to remove share')) if is_org_group(group_id): org_id = get_org_id_by_group(group_id) del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, from_email) messages.success(request, _('Successfully removed share')) next = request.META.get('HTTP_REFERER', SITE_ROOT) return HttpResponseRedirect(next)
def repo_remove_share(request): """ If repo is shared from one person to another person, only these two peson can remove share. If repo is shared from one person to a group, then only the one share the repo and group staff can remove share. """ repo_id = request.GET.get('repo_id', '') group_id = request.GET.get('gid', '') from_email = request.GET.get('from', '') if not is_valid_username(from_email): return render_error(request, _(u'Argument is not valid')) username = request.user.username # if request params don't have 'gid', then remove repos that share to # to other person; else, remove repos that share to groups if not group_id: to_email = request.GET.get('to', '') if not is_valid_username(to_email): return render_error(request, _(u'Argument is not valid')) if username != from_email and username != to_email: return render_permission_error(request, _(u'Failed to remove share')) if is_org_context(request): org_id = request.user.org.org_id org_remove_share(org_id, repo_id, from_email, to_email) else: seaserv.remove_share(repo_id, from_email, to_email) else: try: group_id = int(group_id) except: return render_error(request, _(u'group id is not valid')) group = seaserv.get_group(group_id) if not group: return render_error(request, _(u"Failed to unshare: the group doesn't exist.")) if not seaserv.check_group_staff(group_id, username) \ and username != from_email: return render_permission_error(request, _(u'Failed to remove share')) if is_org_group(group_id): org_id = get_org_id_by_group(group_id) del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, from_email) messages.success(request, _('Successfully removed share')) next = request.META.get('HTTP_REFERER', SITE_ROOT) return HttpResponseRedirect(next)
def repo_remove_share(request): """ If repo is shared from one person to another person, only these two peson can remove share. If repo is shared from one person to a group, then only the one share the repo and group staff can remove share. """ repo_id = request.GET.get('repo_id', '') group_id = request.GET.get('gid', '') from_email = request.GET.get('from', '') if not is_valid_username(from_email): return render_error(request, _(u'Argument is not valid')) # if request params don't have 'gid', then remove repos that share to # to other person; else, remove repos that share to groups if not group_id: to_email = request.GET.get('to', '') if not is_valid_username(to_email): return render_error(request, _(u'Argument is not valid')) if request.user.username != from_email and \ request.user.username != to_email: return render_permission_error(request, _(u'Failed to remove share')) remove_share(repo_id, from_email, to_email) else: try: group_id_int = int(group_id) except: return render_error(request, _(u'group id is not valid')) if not check_group_staff(group_id_int, request.user.username) \ and request.user.username != from_email: return render_permission_error(request, _(u'Failed to remove share')) if is_org_group(group_id_int): org_id = get_org_id_by_group(group_id_int) del_org_group_repo(repo_id, org_id, group_id_int) else: from seahub.group.views import group_unshare_repo group_unshare_repo(request, repo_id, group_id_int, from_email) messages.success(request, _('Successfully removed share')) next = request.META.get('HTTP_REFERER', None) if not next: next = SITE_ROOT return HttpResponseRedirect(next)
def delete(self, request, repo_id, format=None): """ Unshare a library. Only repo owner can perform this operation. """ share_type = request.GET.get('share_type', '') user = request.GET.get('user', '') group_id = request.GET.get('group_id', '') if not (share_type and user and group_id): return api_error(status.HTTP_400_BAD_REQUEST, 'share_type and user and group_id is required.') if share_type == 'personal': remove_share(repo_id, request.user.username, user) elif share_type == 'group': unshare_group_repo(repo_id, group_id, user) elif share_type == 'public': unset_inner_pub_repo(repo_id) else: return api_error(status.HTTP_400_BAD_REQUEST, 'share_type can only be personal or group or public.') return Response('success', status=status.HTTP_200_OK)
def delete(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_400_BAD_REQUEST, 'Repo not found.') shared_to_user, shared_to_group = self.handle_shared_to_args(request) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_400_BAD_REQUEST, 'Directory not found.') if path == '/': shared_repo = repo else: try: sub_repo = self.get_sub_repo_by_path(request, repo, path) if sub_repo: shared_repo = sub_repo else: return api_error(status.HTTP_400_BAD_REQUEST, 'No sub repo found') except SearpcError as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub repo') if shared_to_user: shared_to = request.GET.get('username') if shared_to is None or not is_valid_username(shared_to): return api_error(status.HTTP_400_BAD_REQUEST, 'Bad argument.') if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_remove_share( org_id, shared_repo.id, username, shared_to) else: seaserv.remove_share(shared_repo.id, username, shared_to) permission = seafile_api.check_permission_by_path(repo.id, path, shared_to) send_perm_audit_msg('delete-repo-perm', username, shared_to, repo_id, path, permission) if shared_to_group: group_id = request.GET.get('group_id') try: group_id = int(group_id) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'Bad group id') # hacky way to get group repo permission permission = '' for e in seafile_api.list_repo_shared_group(username, shared_repo.id): if e.group_id == group_id: permission = e.perm break if is_org_context(request): org_id = request.user.org.org_id seaserv.del_org_group_repo(shared_repo.id, org_id, group_id) else: seafile_api.unset_group_repo(shared_repo.id, group_id, username) send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, path, permission) return HttpResponse(json.dumps({'success': True}), status=200, content_type=json_content_type)
def ajax_repo_remove_share(request): """ Remove repo shared to user/group/public """ content_type = 'application/json; charset=utf-8' repo_id = request.POST.get('repo_id', None) share_type = request.POST.get('share_type', None) if not seafile_api.get_repo(repo_id): return HttpResponse(json.dumps({'error': _(u'Library does not exist')}), status=400, content_type=content_type) username = request.user.username if share_type == 'personal': from_email = request.POST.get('from', None) if not is_valid_username(from_email): return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400, content_type=content_type) if is_org_context(request): org_id = request.user.org.org_id org_remove_share(org_id, repo_id, from_email, username) else: seaserv.remove_share(repo_id, from_email, username) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) elif share_type == 'group': from_email = request.POST.get('from', None) if not is_valid_username(from_email): return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400, content_type=content_type) group_id = request.POST.get('group_id', None) group = seaserv.get_group(group_id) if not group: return HttpResponse(json.dumps({'error': _(u"Group does not exist")}), status=400, content_type=content_type) if seaserv.check_group_staff(group_id, username) or \ seafile_api.is_repo_owner(username, repo_id): if is_org_group(group_id): org_id = get_org_id_by_group(group_id) del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, from_email) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) else: return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=400, content_type=content_type) elif share_type == 'public': if is_org_context(request): org_repo_owner = seafile_api.get_org_repo_owner(repo_id) is_org_repo_owner = True if org_repo_owner == username else False if request.user.org.is_staff or is_org_repo_owner: org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id, repo_id) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) else: return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=403, content_type=content_type) else: if seafile_api.is_repo_owner(username, repo_id) or \ request.user.is_staff: unset_inner_pub_repo(repo_id) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) else: return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=403, content_type=content_type) else: return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400, content_type=content_type)
def delete(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') shared_to_user, shared_to_group = self.handle_shared_to_args(request) if path == '/': shared_repo = repo else: try: sub_repo = self.get_sub_repo_by_path(request, repo, path) if sub_repo: shared_repo = sub_repo else: return api_error(status.HTTP_404_NOT_FOUND, 'Sub-library not found.') except SearpcError as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub-library.') if shared_to_user: shared_to = request.GET.get('username') if shared_to is None or not is_valid_username(shared_to): return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % share_to) try: User.objects.get(email=shared_to) except User.DoesNotExist: return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid user, should be registered') if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_remove_share( org_id, shared_repo.id, username, shared_to) else: seaserv.remove_share(shared_repo.id, username, shared_to) permission = seafile_api.check_permission_by_path( repo.id, path, shared_to) send_perm_audit_msg('delete-repo-perm', username, shared_to, repo_id, path, permission) if shared_to_group: group_id = request.GET.get('group_id') try: group_id = int(group_id) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id) # hacky way to get group repo permission permission = '' for e in seafile_api.list_repo_shared_group( username, shared_repo.id): if e.group_id == group_id: permission = e.perm break if is_org_context(request): org_id = request.user.org.org_id seaserv.del_org_group_repo(shared_repo.id, org_id, group_id) else: seafile_api.unset_group_repo(shared_repo.id, group_id, username) send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, path, permission) return HttpResponse(json.dumps({'success': True}), status=200, content_type=json_content_type)
def delete(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') shared_to_user, shared_to_group = self.handle_shared_to_args(request) if path == '/': shared_repo = repo else: try: sub_repo = self.get_sub_repo_by_path(request, repo, path) if sub_repo: shared_repo = sub_repo else: return api_error(status.HTTP_404_NOT_FOUND, 'Sub-library not found.') except SearpcError as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub-library.') if shared_to_user: shared_to = request.GET.get('username') if shared_to is None or not is_valid_username(shared_to): return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % shared_to) try: User.objects.get(email=shared_to) except User.DoesNotExist: return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid user, should be registered') if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_remove_share( org_id, shared_repo.id, username, shared_to) else: seaserv.remove_share(shared_repo.id, username, shared_to) permission = seafile_api.check_permission_by_path(repo.id, path, shared_to) send_perm_audit_msg('delete-repo-perm', username, shared_to, repo_id, path, permission) if shared_to_group: group_id = request.GET.get('group_id') try: group_id = int(group_id) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id) # hacky way to get group repo permission permission = '' for e in seafile_api.list_repo_shared_group_by_user(username, shared_repo.id): if e.group_id == group_id: permission = e.perm break if is_org_context(request): org_id = request.user.org.org_id seaserv.del_org_group_repo(shared_repo.id, org_id, group_id) else: seafile_api.unset_group_repo(shared_repo.id, group_id, username) send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, path, permission) return HttpResponse(json.dumps({'success': True}), status=200, content_type=json_content_type)
def delete(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) repo_owner = self.get_repo_owner(request, repo_id) if repo_owner != username and not is_repo_admin(username, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') shared_to_user, shared_to_group = self.handle_shared_to_args(request) if shared_to_user: shared_to = request.GET.get('username') if shared_to is None or not is_valid_username(shared_to): return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % shared_to) permission = check_user_share_out_permission( repo_id, path, shared_to, is_org_context(request)) if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. org_id = request.user.org.org_id if path == '/': seaserv.seafserv_threaded_rpc.org_remove_share( org_id, repo_id, repo_owner, shared_to) else: seafile_api.org_unshare_subdir_for_user( org_id, repo_id, path, repo_owner, shared_to) else: if path == '/': seaserv.remove_share(repo_id, repo_owner, shared_to) else: seafile_api.unshare_subdir_for_user( repo_id, path, repo_owner, shared_to) # Delete share permission at ExtraSharePermission table. if path == '/': ExtraSharePermission.objects.delete_share_permission( repo_id, shared_to) send_perm_audit_msg('delete-repo-perm', username, shared_to, repo_id, path, permission) if shared_to_group: group_id = request.GET.get('group_id') try: group_id = int(group_id) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id) # hacky way to get group repo permission is_org = is_org_context(request) permission = check_group_share_out_permission( repo_id, path, group_id, is_org) if is_org: # when calling seafile API to share authority related functions, change the uesrname to repo owner. org_id = request.user.org.org_id if path == '/': seaserv.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.org_unshare_subdir_for_group( org_id, repo_id, path, repo_owner, group_id) else: if path == '/': seafile_api.unset_group_repo(repo_id, group_id, username) else: seafile_api.unshare_subdir_for_group( repo_id, path, repo_owner, group_id) # delete share permission if repo is deleted if path == '/': ExtraGroupsSharePermission.objects.delete_share_permission( repo_id, group_id) send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, path, permission) return HttpResponse(json.dumps({'success': True}), status=200, content_type=json_content_type)
def delete(self, request, repo_id, format=None): if not seafile_api.get_repo(repo_id): return api_error(status.HTTP_400_BAD_REQUEST, 'Library does not exist') username = request.user.username share_type = request.GET.get('share_type', None) if share_type == 'personal': from_email = request.GET.get('from', None) if not is_valid_username(from_email): return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument') if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_remove_share( org_id, repo_id, from_email, username) else: seaserv.remove_share(repo_id, from_email, username) elif share_type == 'group': from_email = request.GET.get('from', None) if not is_valid_username(from_email): return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument') group_id = request.GET.get('group_id', None) group = seaserv.get_group(group_id) if not group: return api_error(status.HTTP_400_BAD_REQUEST, 'Group does not exist') if not seaserv.check_group_staff(group_id, username) and \ not seafile_api.is_repo_owner(username, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied') if seaserv.is_org_group(group_id): org_id = seaserv.get_org_id_by_group(group_id) seaserv.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, from_email) elif share_type == 'public': if is_org_context(request): org_repo_owner = seafile_api.get_org_repo_owner(repo_id) is_org_repo_owner = True if org_repo_owner == username else False if not request.user.org.is_staff and not is_org_repo_owner: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied') org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo( org_id, repo_id) else: if not seafile_api.is_repo_owner(username, repo_id) and \ not request.user.is_staff: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied') seaserv.unset_inner_pub_repo(repo_id) else: return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument') return Response({'success': True}, status=status.HTTP_200_OK)
def ajax_repo_remove_share(request): """ Remove repo shared to user/group/public """ content_type = 'application/json; charset=utf-8' repo_id = request.POST.get('repo_id', None) share_type = request.POST.get('share_type', None) if not seafile_api.get_repo(repo_id): return HttpResponse(json.dumps({'error': _(u'Library does not exist')}), status=400, content_type=content_type) username = request.user.username if share_type == 'personal': from_email = request.POST.get('from', None) if not is_valid_username(from_email): return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400, content_type=content_type) if is_org_context(request): org_id = request.user.org.org_id org_remove_share(org_id, repo_id, from_email, username) else: seaserv.remove_share(repo_id, from_email, username) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) elif share_type == 'group': from_email = request.POST.get('from', None) if not is_valid_username(from_email): return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400, content_type=content_type) group_id = request.POST.get('group_id', None) group = seaserv.get_group(group_id) if not group: return HttpResponse(json.dumps( {'error': _(u"Group does not exist")}), status=400, content_type=content_type) if seaserv.check_group_staff(group_id, username) or \ seafile_api.is_repo_owner(username, repo_id): if is_org_group(group_id): org_id = get_org_id_by_group(group_id) del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, from_email) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) else: return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=400, content_type=content_type) elif share_type == 'public': if is_org_context(request): org_repo_owner = seafile_api.get_org_repo_owner(repo_id) is_org_repo_owner = True if org_repo_owner == username else False if request.user.org.is_staff or is_org_repo_owner: org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo( org_id, repo_id) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) else: return HttpResponse(json.dumps( {'error': _(u'Permission denied')}), status=403, content_type=content_type) else: if seafile_api.is_repo_owner(username, repo_id) or \ request.user.is_staff: unset_inner_pub_repo(repo_id) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) else: return HttpResponse(json.dumps( {'error': _(u'Permission denied')}), status=403, content_type=content_type) else: return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400, content_type=content_type)
def delete(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_400_BAD_REQUEST, 'Repo not found.') shared_to_user, shared_to_group = self.handle_shared_to_args(request) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_400_BAD_REQUEST, 'Directory not found.') if path == '/': shared_repo = repo else: try: sub_repo = self.get_sub_repo_by_path(request, repo, path) if sub_repo: shared_repo = sub_repo else: return api_error(status.HTTP_400_BAD_REQUEST, 'No sub repo found') except SearpcError as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub repo') if shared_to_user: shared_to = request.GET.get('username') if shared_to is None or not is_valid_username(shared_to): return api_error(status.HTTP_400_BAD_REQUEST, 'Bad argument.') if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_remove_share( org_id, shared_repo.id, username, shared_to) else: seaserv.remove_share(shared_repo.id, username, shared_to) permission = seafile_api.check_permission_by_path( repo.id, path, shared_to) send_perm_audit_msg('delete-repo-perm', username, shared_to, repo_id, path, permission) if shared_to_group: group_id = request.GET.get('group_id') try: group_id = int(group_id) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'Bad group id') # hacky way to get group repo permission permission = '' for e in seafile_api.list_repo_shared_group( username, shared_repo.id): if e.group_id == group_id: permission = e.perm break if is_org_context(request): org_id = request.user.org.org_id seaserv.del_org_group_repo(shared_repo.id, org_id, group_id) else: seafile_api.unset_group_repo(shared_repo.id, group_id, username) send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, path, permission) return HttpResponse(json.dumps({'success': True}), status=200, content_type=json_content_type)
def delete(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) # check permission shared_to_user, shared_to_group = self.handle_shared_to_args(request) if shared_to_user: shared_to = request.GET.get('username') if shared_to is None or not is_valid_username(shared_to): return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % shared_to) if username != self.get_repo_owner(request, repo_id) and \ ExtraSharePermission.objects.get_user_permission(repo_id, username) != PERMISSION_ADMIN: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') else: if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') if shared_to_user: # if user not found, permission will be None permission = seafile_api.check_permission_by_path( repo_id, '/', shared_to) if is_org_context(request): username = seafile_api.get_org_repo_owner(repo_id) org_id = request.user.org.org_id if path == '/': seaserv.seafserv_threaded_rpc.org_remove_share( org_id, repo_id, username, shared_to) else: seafile_api.org_unshare_subdir_for_user( org_id, repo_id, path, username, shared_to) else: username = seafile_api.get_repo_owner(repo_id) if path == '/': seaserv.remove_share(repo_id, username, shared_to) else: seafile_api.unshare_subdir_for_user( repo_id, path, username, shared_to) # Delete share permission at ExtraSharePermission table. if path == '/': ExtraSharePermission.objects.delete_share_permission( repo_id, shared_to) send_perm_audit_msg('delete-repo-perm', username, shared_to, repo_id, path, permission) if shared_to_group: group_id = request.GET.get('group_id') try: group_id = int(group_id) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id) # hacky way to get group repo permission permission = '' if is_org_context(request): org_id = request.user.org.org_id shared_groups = seafile_api.list_org_repo_shared_group( org_id, username, repo_id) else: shared_groups = seafile_api.list_repo_shared_group( username, repo_id) for e in shared_groups: if e.group_id == group_id: permission = e.perm break if is_org_context(request): org_id = request.user.org.org_id if path == '/': seaserv.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.org_unshare_subdir_for_group( org_id, repo_id, path, username, group_id) else: if path == '/': seafile_api.unset_group_repo(repo_id, group_id, username) else: seafile_api.unshare_subdir_for_group( repo_id, path, username, group_id) send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, path, permission) return HttpResponse(json.dumps({'success': True}), status=200, content_type=json_content_type)
def delete(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') shared_to_user, shared_to_group = self.handle_shared_to_args(request) if shared_to_user: shared_to = request.GET.get('username') if shared_to is None or not is_valid_username(shared_to): return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % shared_to) # if user not found, permission will be None permission = seafile_api.check_permission_by_path( repo_id, '/', shared_to) if is_org_context(request): org_id = request.user.org.org_id if path == '/': seaserv.seafserv_threaded_rpc.org_remove_share( org_id, repo_id, username, shared_to) else: seafile_api.org_unshare_subdir_for_user( org_id, repo_id, path, username, shared_to) else: if path == '/': seaserv.remove_share(repo_id, username, shared_to) else: seafile_api.unshare_subdir_for_user( repo_id, path, username, shared_to) send_perm_audit_msg('delete-repo-perm', username, shared_to, repo_id, path, permission) if shared_to_group: group_id = request.GET.get('group_id') try: group_id = int(group_id) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id) # hacky way to get group repo permission permission = '' if is_org_context(request): org_id = request.user.org.org_id shared_groups = seafile_api.list_org_repo_shared_group( org_id, username, repo_id) else: shared_groups = seafile_api.list_repo_shared_group( username, repo_id) for e in shared_groups: if e.group_id == group_id: permission = e.perm break if is_org_context(request): org_id = request.user.org.org_id if path == '/': seaserv.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.org_unshare_subdir_for_group( org_id, repo_id, path, username, group_id) else: if path == '/': seafile_api.unset_group_repo(repo_id, group_id, username) else: seafile_api.unshare_subdir_for_group( repo_id, path, username, group_id) send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, path, permission) return HttpResponse(json.dumps({'success': True}), status=200, content_type=json_content_type)
def delete(self, request, repo_id, format=None): if not seafile_api.get_repo(repo_id): return api_error(status.HTTP_400_BAD_REQUEST, 'Library does not exist') username = request.user.username share_type = request.GET.get('share_type', None) if share_type == 'personal': from_email = request.GET.get('from', None) if not is_valid_username(from_email): return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument') if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_remove_share(org_id, repo_id, from_email, username) else: seaserv.remove_share(repo_id, from_email, username) elif share_type == 'group': from_email = request.GET.get('from', None) if not is_valid_username(from_email): return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument') group_id = request.GET.get('group_id', None) group = seaserv.get_group(group_id) if not group: return api_error(status.HTTP_400_BAD_REQUEST, 'Group does not exist') if not seaserv.check_group_staff(group_id, username) and \ not seafile_api.is_repo_owner(username, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied') if seaserv.is_org_group(group_id): org_id = seaserv.get_org_id_by_group(group_id) seaserv.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, from_email) elif share_type == 'public': if is_org_context(request): org_repo_owner = seafile_api.get_org_repo_owner(repo_id) is_org_repo_owner = True if org_repo_owner == username else False if not request.user.org.is_staff and not is_org_repo_owner: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied') org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id, repo_id) else: if not seafile_api.is_repo_owner(username, repo_id) and \ not request.user.is_staff: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied') seaserv.unset_inner_pub_repo(repo_id) else: return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument') return Response({'success': True}, status=status.HTTP_200_OK)