def get(self, request, repo_id, format=None): """List all users who can view this library. Not support public repo """ # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check if not check_folder_permission(request, repo_id, '/'): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') # org check org_id = None if is_org_context(request): org_id = request.user.org.org_id # main user_list = list() try: related_user_list = get_related_users_by_repo(repo_id, org_id) for email in related_user_list: user_info = get_user_common_info(email) user_list.append(user_info) except Exception as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error') return Response({'user_list': user_list})
def post(self, request, group_id, format=None): """Post a group discussion. Only group members can perform this op. """ content = request.data.get('content', '') if not content: return api_error(status.HTTP_400_BAD_REQUEST, 'Content can not be empty.') try: avatar_size = int(request.data.get('avatar_size', AVATAR_DEFAULT_SIZE)) except ValueError: avatar_size = AVATAR_DEFAULT_SIZE username = request.user.username msg = GroupMessage.objects.create(group_id=group_id, from_email=username, message=content) # send signal grpmsg_added.send(sender=GroupMessage, group_id=group_id, from_email=username, message=content) info = get_user_common_info(username, avatar_size) isoformat_timestr = datetime_to_isoformat_timestr(msg.timestamp) return Response({ "id": msg.pk, "group_id": group_id, "user_name": info["name"], "user_email": info["email"], "user_contact_email": info["contact_email"], "avatar_url": request.build_absolute_uri(info["avatar_url"]), "content": msg.message, "created_at": isoformat_timestr }, status=201)
def get(self, request): dtable_uuid = request.GET.get('dtable_uuid') # permission check auth = request.META.get('HTTP_AUTHORIZATION', '').split() if not is_valid_jwt(auth, dtable_uuid): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check dtable = DTables.objects.get_dtable_by_uuid(dtable_uuid) if not dtable: error_msg = 'dtable %s not found.' % dtable_uuid return api_error(status.HTTP_404_NOT_FOUND, error_msg) workspace = Workspaces.objects.get_workspace_by_id(dtable.workspace.id) if not workspace: error_msg = 'Workspace not found.' return api_error(status.HTTP_404_NOT_FOUND, error_msg) user_list = [] try: email_list = list_dtable_related_users(workspace, dtable) for email in email_list: user_info = get_user_common_info(email) user_list.append(user_info) except Exception as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error') return Response({'user_list': user_list})
def get(self, request, workspace_id, name): """list dtable related users """ table_name = name table_file_name = table_name + FILE_TYPE # resource check workspace = Workspaces.objects.get_workspace_by_id(workspace_id) if not workspace: error_msg = 'Workspace %s not found.' % workspace_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if '@seafile_group' in workspace.owner: group_id = workspace.owner.split('@')[0] group = seaserv.get_group(group_id) if not group: error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_id = workspace.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) dtable = DTables.objects.get_dtable(workspace, table_name) if not dtable: error_msg = 'dtable %s not found.' % table_name return api_error(status.HTTP_404_NOT_FOUND, error_msg) table_path = normalize_file_path(table_file_name) table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path) if not table_file_id: error_msg = 'file %s not found.' % table_file_name return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username owner = workspace.owner if not check_dtable_permission(username, owner) and \ not check_dtable_share_permission(dtable, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # main user_list = list() try: email_list = list_dtable_related_users(workspace, dtable) for email in email_list: user_info = get_user_common_info(email) user_list.append(user_info) except Exception as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error') return Response({'user_list': user_list})
def get(self, request, group_id, format=None): """List all group discussions. Only group members can perform this op. """ # 1 <= page, defaults to 1 try: page = int(request.GET.get('page', '1')) except ValueError: page = 1 if page < 0: page = 1 # 1 <= per_page <= 100, defaults to 20 try: per_page = int(request.GET.get('per_page', '20')) except ValueError: per_page = 20 if per_page < 1 or per_page > 100: per_page = 20 paginator = Paginator( GroupMessage.objects.filter( group_id=group_id).order_by('-timestamp'), per_page) try: group_msgs = paginator.page(page) except (EmptyPage, InvalidPage): group_msgs = paginator.page(paginator.num_pages) try: avatar_size = int( request.GET.get('avatar_size', AVATAR_DEFAULT_SIZE)) except ValueError: avatar_size = AVATAR_DEFAULT_SIZE msgs = [] for msg in group_msgs: info = get_user_common_info(msg.from_email, avatar_size) isoformat_timestr = datetime_to_isoformat_timestr(msg.timestamp) msgs.append({ "id": msg.pk, "group_id": group_id, "user_name": info["name"], "user_email": info["email"], "user_contact_email": info["contact_email"], "avatar_url": info["avatar_url"], "content": msg.message, "created_at": isoformat_timestr }) return HttpResponse(json.dumps({ "msgs": msgs, "current_page": page, "page_num": paginator.num_pages, }), status=200, content_type=json_content_type)
def get(self, request, group_id, format=None): """List all group discussions. Only group members can perform this op. """ # 1 <= page, defaults to 1 try: page = int(request.GET.get('page', '1')) except ValueError: page = 1 if page < 0: page = 1 # 1 <= per_page <= 100, defaults to 20 try: per_page = int(request.GET.get('per_page', '20')) except ValueError: per_page = 20 if per_page < 1 or per_page > 100: per_page = 20 paginator = Paginator(GroupMessage.objects.filter( group_id=group_id).order_by('-timestamp'), per_page) try: group_msgs = paginator.page(page) except (EmptyPage, InvalidPage): group_msgs = paginator.page(paginator.num_pages) try: avatar_size = int(request.GET.get('avatar_size', AVATAR_DEFAULT_SIZE)) except ValueError: avatar_size = AVATAR_DEFAULT_SIZE msgs = [] for msg in group_msgs: info = get_user_common_info(msg.from_email, avatar_size) isoformat_timestr = datetime_to_isoformat_timestr(msg.timestamp) msgs.append({ "id": msg.pk, "group_id": group_id, "user_name": info["name"], "user_email": info["email"], "user_contact_email": info["contact_email"], "avatar_url": request.build_absolute_uri(info["avatar_url"]), "content": msg.message, "created_at": isoformat_timestr }) return HttpResponse(json.dumps({ "msgs": msgs, "current_page": page, "page_num": paginator.num_pages, }), status=200, content_type=json_content_type)
def post(self, request, repo_id, format=None): """Post a participant of a file. """ # argument check path = request.data.get('path') if not path: return api_error(status.HTTP_400_BAD_REQUEST, 'path invalid.') path = normalize_file_path(path) email = request.data.get('email') if not email or not is_valid_username(email): return api_error(status.HTTP_400_BAD_REQUEST, 'email invalid.') # resource check file_id = seafile_api.get_file_id_by_path(repo_id, path) if not file_id: return api_error(status.HTTP_404_NOT_FOUND, 'File %s not found.' % path) try: user = User.objects.get(email=email) except User.DoesNotExist: return api_error(status.HTTP_404_NOT_FOUND, 'User %s not found.' % email) # permission check if not check_folder_permission(request, repo_id, '/'): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') if not seafile_api.check_permission_by_path(repo_id, '/', user.username): return api_error(status.HTTP_403_FORBIDDEN, _('%s Permission denied.') % email) # main try: file_uuid = FileUUIDMap.objects.get_or_create_fileuuidmap_by_path( repo_id, path, False) if FileParticipant.objects.get_participant(file_uuid, email): return api_error(status.HTTP_409_CONFLICT, _('Participant %s already exists.') % email) FileParticipant.objects.add_participant(file_uuid, email) participant = get_user_common_info(email) except Exception as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error.') return Response(participant, status=201)
def post(self, request): """return user_list by user_id_list """ # argument check user_id_list = request.data.get('user_id_list') if not user_id_list or not isinstance(user_id_list, list): error_msg = 'user_id_list invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # main user_list = list() for user_id in user_id_list: user_info = get_user_common_info(user_id) user_list.append(user_info) return Response({'user_list': user_list})
def post(self, request, group_id, format=None): """Post a group discussion. Only group members can perform this op. """ content = request.data.get('content', '') if not content: return api_error(status.HTTP_400_BAD_REQUEST, 'Content can not be empty.') try: avatar_size = int( request.data.get('avatar_size', AVATAR_DEFAULT_SIZE)) except ValueError: avatar_size = AVATAR_DEFAULT_SIZE username = request.user.username msg = GroupMessage.objects.create(group_id=group_id, from_email=username, message=content) # send signal grpmsg_added.send(sender=GroupMessage, group_id=group_id, from_email=username, message=content) info = get_user_common_info(username, avatar_size) isoformat_timestr = datetime_to_isoformat_timestr(msg.timestamp) return Response( { "id": msg.pk, "group_id": group_id, "user_name": info["name"], "user_email": info["email"], "user_login_id": info["login_id"], "avatar_url": request.build_absolute_uri(info["avatar_url"]), "content": msg.message, "created_at": isoformat_timestr }, status=201)
def get(self, request, repo_id, format=None): """List all participants of a file. """ # argument check path = request.GET.get('path') if not path: return api_error(status.HTTP_400_BAD_REQUEST, 'path invalid.') path = normalize_file_path(path) # resource check file_id = seafile_api.get_file_id_by_path(repo_id, path) if not file_id: return api_error(status.HTTP_404_NOT_FOUND, 'File %s not found.' % path) # permission check if not check_folder_permission(request, repo_id, '/'): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') # main try: file_uuid = FileUUIDMap.objects.get_or_create_fileuuidmap_by_path( repo_id, path, False) participant_list = [] participant_queryset = FileParticipant.objects.get_participants( file_uuid) for participant in participant_queryset: participant_info = get_user_common_info(participant.username) participant_info['avatar_url'] = request.build_absolute_uri( participant_info['avatar_url']) participant_list.append(participant_info) except Exception as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error.') return Response({'participant_list': participant_list})
def post(self, request, repo_id, format=None): """batch add participants of a file. """ # argument check path = request.data.get('path') if not path: return api_error(status.HTTP_400_BAD_REQUEST, 'path invalid.') path = normalize_file_path(path) emails = request.data.get('emails') if not emails or not isinstance(emails, list): return api_error(status.HTTP_400_BAD_REQUEST, 'emails invalid.') emails = list(set(emails)) # resource check file_id = seafile_api.get_file_id_by_path(repo_id, path) if not file_id: return api_error(status.HTTP_404_NOT_FOUND, 'File %s not found.' % path) # permission check if not check_folder_permission(request, repo_id, '/'): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') # batch add success = list() failed = list() try: uuid = FileUUIDMap.objects.get_or_create_fileuuidmap_by_path( repo_id, path, False) participants_queryset = FileParticipant.objects.get_participants( uuid) except Exception as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error.') for email in emails: if not is_valid_username(email): error_dic = { 'email': email, 'error_msg': 'email invalid.', 'error_code': 400 } failed.append(error_dic) continue try: user = User.objects.get(email=email) except User.DoesNotExist: error_dic = { 'email': email, 'error_msg': 'User not found.', 'error_code': 404 } failed.append(error_dic) continue # permission check if not seafile_api.check_permission_by_path( repo_id, '/', user.username): error_dic = { 'email': email, 'error_msg': 'Permission denied.', 'error_code': 403 } failed.append(error_dic) continue # main try: if participants_queryset.filter(uuid=uuid, username=email).count() > 0: error_dic = { 'email': email, 'error_msg': 'Participant already exists.', 'error_code': 409 } failed.append(error_dic) continue FileParticipant.objects.add_participant(uuid, email) participant = get_user_common_info(email) success.append(participant) except Exception as e: logger.error(e) error_dic = { 'email': email, 'error_msg': 'Internal Server Error.', 'error_code': 500 } failed.append(error_dic) continue return Response({'success': success, 'failed': failed})
def get(self, request, workspace_id, name): """list share users in dtable share """ username = request.user.username table_name = name table_file_name = table_name + FILE_TYPE # resource check workspace = Workspaces.objects.get_workspace_by_id(workspace_id) if not workspace: error_msg = 'Workspace %s not found.' % workspace_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) group_id = '' if '@seafile_group' in workspace.owner: group_id = workspace.owner.split('@')[0] group = seaserv.get_group(group_id) if not group: error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_id = workspace.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) dtable = DTables.objects.get_dtable(workspace, table_name) if not dtable: error_msg = 'dtable %s not found.' % table_name return api_error(status.HTTP_404_NOT_FOUND, error_msg) table_path = normalize_file_path(table_file_name) table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path) if not table_file_id: error_msg = 'file %s not found.' % table_file_name return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check if group_id: if not is_group_member(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if username != dtable.creator: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # main try: share_queryset = DTableShare.objects.list_by_dtable(dtable) except Exception as e: logger.error(e) error_msg = 'Internal Server Error.' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) user_list = list() for item in share_queryset: user_info = get_user_common_info(item.to_user) user_info['permission'] = item.permission user_list.append(user_info) return Response({"user_list": user_list})
def get(self, request, dataset_id): """ return dataset contents param: from_dtable_id, optional if from_dtable_id is not given, check access permission by user through group if from_dtable_id is given, check access permission by dtable """ # resource check try: dataset = DTableCommonDataset.objects.get(pk=dataset_id) except DTableCommonDataset.DoesNotExist: error_msg = 'dataset %s not found.' % dataset_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # perm check from_dtable_id = request.GET.get('from_dtable_id', '') if from_dtable_id: try: from_dtable = DTables.objects.get(pk=from_dtable_id) except DTables.DoesNotExist: error_msg = 'from_dtable %s not found.' % from_dtable_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not dataset.can_access_by_dtable(from_dtable): error_msg = 'Permission Denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if not dataset.can_access_by_user_through_group( request.user.username): error_msg = 'Permission Denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # generate json web token dtable = DTables.objects.filter(uuid=dataset.dtable_uuid).first() if not dtable: error_msg = 'DTable %s not found.' % dataset.dtable_uuid return api_error(status.HTTP_404_NOT_FOUND, error_msg) workspace = Workspaces.objects.get_workspace_by_id(dtable.workspace.id) if not workspace: error_msg = 'Workspace not found.' return api_error(status.HTTP_404_NOT_FOUND, error_msg) # internal usage exp 60 seconds, username = dtable-web payload = { 'exp': int(time.time()) + 60, 'dtable_uuid': dtable.uuid.hex, 'username': '******', 'permission': 'r', } try: access_token = jwt.encode(payload, DTABLE_PRIVATE_KEY, algorithm='HS256') except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # 1. get cols from dtable-server url = DTABLE_SERVER_URL + 'api/v1/dtables/' + dtable.uuid.hex + '/metadata/' headers = {'Authorization': 'Token ' + access_token.decode('utf-8')} try: dtable_metadata = requests.get(url, headers=headers) except requests.HTTPError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) tables = json.loads(dtable_metadata.content)['metadata'].get( 'tables', []) target_table = {} for table in tables: if table.get('_id', '') == dataset.table_id: target_table = table if not target_table: error_msg = _('Table %s not found.') % dataset.table_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # 2. get rows from dtable server url = DTABLE_SERVER_URL + 'api/v1/dtables/' + dtable.uuid.hex + '/rows/' headers = {'Authorization': 'Token ' + access_token.decode('utf-8')} query_param = { 'table_id': dataset.table_id, 'view_id': dataset.view_id } try: res = requests.get(url, headers=headers, params=query_param) except requests.HTTPError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if res.status_code == status.HTTP_404_NOT_FOUND: error_msg = 'table %s or view %s not found.' % (dataset.table_id, dataset.view_id) return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: rows = json.loads(res.content).get('rows', []) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) related_user_emails = list_dtable_related_users(workspace=workspace, dtable=dtable) related_user_list = [ get_user_common_info(email) for email in related_user_emails ] hidden_columns = [] for view in target_table['views']: if dataset.view_id == view.get('_id', ''): hidden_columns = view.get('hidden_columns', []) show_cols = [] cols = target_table.get('columns', []) for col in cols: if col['key'] in hidden_columns: continue show_cols.append(col) return Response({ 'rows': rows, 'columns': show_cols, 'related_user_list': related_user_list })