def post(self, request):
""" Create a group
Permission checking:
1. Admin user;
"""
# argument check
group_name = request.data.get('group_name', '')
if not group_name:
error_msg = 'group_name %s invalid.' % group_name
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group_name = group_name.strip()
# Check whether group name is validate.
if not validate_group_name(group_name):
error_msg = _(
u'Group name can only contain letters, numbers, blank, hyphen, dot, single quote or underscore'
)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group_owner = request.data.get('group_owner', '')
if group_owner:
try:
User.objects.get(email=group_owner)
except User.DoesNotExist:
error_msg = 'User %s not found.' % group_owner
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
username = request.user.username
new_owner = group_owner or username
# create group.
try:
group_id = ccnet_api.create_group(group_name, new_owner)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# send admin operation log signal
admin_op_detail = {
"id": group_id,
"name": group_name,
"owner": new_owner,
}
admin_operation.send(sender=None,
admin_name=username,
operation=GROUP_CREATE,
detail=admin_op_detail)
# get info of new group
group_info = get_group_info(group_id)
return Response(group_info, status=status.HTTP_201_CREATED)
def post(self, request):
"""Add a group in address book.
parent_group: -1 - no parent group;
> 0 - have parent group.
group_owner: default to system admin
group_staff: default to system admin
"""
group_name = request.data.get('group_name', '').strip()
if not group_name:
error_msg = 'name %s invalid.' % group_name
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is validate.
if not validate_group_name(group_name):
error_msg = _('Name can only contain letters, numbers, blank, hyphen or underscore.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
pattern_matched_groups = ccnet_api.search_groups(group_name, -1, -1)
for group in pattern_matched_groups:
if group.group_name == group_name:
error_msg = _('There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Group owner is 'system admin'
group_owner = request.data.get('group_owner', '')
try:
parent_group = int(request.data.get('parent_group', -1))
except ValueError:
error_msg = 'parent_group invalid'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if parent_group < 0 and parent_group != -1:
error_msg = 'parent_group invalid'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# TODO: check parent group exists
try:
if is_org_context(request):
# request called by org admin
org_id = request.user.org.org_id
group_id = ccnet_api.create_org_group(
org_id, group_name, group_owner,
parent_group_id=parent_group)
else:
group_id = ccnet_api.create_group(group_name, group_owner,
parent_group_id=parent_group)
seafile_api.set_group_quota(group_id, -2)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# get info of new group
group_info = address_book_group_to_dict(group_id)
return Response(group_info, status=status.HTTP_200_OK)
def clean_group_name(self):
group_name = self.cleaned_data['group_name']
if not validate_group_name(group_name):
error_msg = _(u'Group name can only contain letters, numbers or underscore')
raise forms.ValidationError(error_msg)
else:
return group_name
def post(self, request):
""" Create a group
"""
if not self._can_add_group(request):
error_msg = _(u'You do not have permission to create group.')
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
group_name = request.data.get('name', '')
group_name = group_name.strip()
# Check whether group name is validate.
if not validate_group_name(group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# create group.
try:
group_id = seaserv.ccnet_threaded_rpc.create_group(group_name, username)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Failed')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# get info of new group
group_info = get_group_info(request, group_id, GROUP_AVATAR_DEFAULT_SIZE)
return Response(group_info, status=status.HTTP_201_CREATED)
def rename_group_with_new_name(request, group_id, new_group_name):
"""Rename a group with new name.
Arguments:
- `request`:
- `group_id`:
- `new_group_name`:
Raises:
BadGroupNameError: New group name format is not valid.
ConflictGroupNameError: New group name confilicts with existing name.
"""
if not validate_group_name(new_group_name):
raise BadGroupNameError
# Check whether group name is duplicated.
username = request.user.username
org_id = -1
if is_org_context(request):
org_id = request.user.org.org_id
checked_groups = seaserv.get_org_groups_by_user(org_id, username)
else:
if request.cloud_mode:
checked_groups = seaserv.get_personal_groups_by_user(username)
else:
checked_groups = get_all_groups(-1, -1)
for g in checked_groups:
if g.group_name == new_group_name:
raise ConflictGroupNameError
ccnet_threaded_rpc.set_group_name(group_id, new_group_name)
def rename_group_with_new_name(request, group_id, new_group_name):
"""Rename a group with new name.
Arguments:
- `request`:
- `group_id`:
- `new_group_name`:
Raises:
BadGroupNameError: New group name format is not valid.
ConflictGroupNameError: New group name confilicts with existing name.
"""
if not validate_group_name(new_group_name):
raise BadGroupNameError
# Check whether group name is duplicated.
username = request.user.username
org_id = -1
if is_org_context(request):
org_id = request.user.org.org_id
checked_groups = seaserv.get_org_groups_by_user(org_id, username)
else:
if request.cloud_mode:
checked_groups = seaserv.get_personal_groups_by_user(username)
else:
checked_groups = get_all_groups(-1, -1)
for g in checked_groups:
if g.group_name == new_group_name:
raise ConflictGroupNameError
ccnet_threaded_rpc.set_group_name(group_id, new_group_name)
def clean_group_name(self):
group_name = self.cleaned_data['group_name']
group_name = group_name.strip()
if not validate_group_name(group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
raise forms.ValidationError(error_msg)
else:
return group_name
def post(self, request):
"""Add a group in address book.
parent_group: -1 - no parent group;
> 0 - have parent group.
group_owner: default to system admin
group_staff: default to system admin
"""
group_name = request.data.get('group_name', '').strip()
if not group_name:
error_msg = 'name %s invalid.' % group_name
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is validate.
if not validate_group_name(group_name):
error_msg = _(u'Name can only contain letters, numbers, blank, hyphen or underscore.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, group_name):
error_msg = _(u'The name already exists.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Group owner is 'system admin'
group_owner = request.data.get('group_owner', '')
try:
parent_group = int(request.data.get('parent_group', -1))
except ValueError:
error_msg = 'parent_group invalid'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if parent_group < 0 and parent_group != -1:
error_msg = 'parent_group invalid'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# TODO: check parent group exists
try:
if is_org_context(request):
# request called by org admin
org_id = request.user.org.org_id
group_id = ccnet_api.create_org_group(
org_id, group_name, group_owner,
parent_group_id=parent_group)
else:
group_id = ccnet_api.create_group(group_name, group_owner,
parent_group_id=parent_group)
seafile_api.set_group_quota(group_id, -2)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# get info of new group
group_info = address_book_group_to_dict(group_id)
return Response(group_info, status=status.HTTP_200_OK)
def post(self, request):
""" Create a group
"""
if not self._can_add_group(request):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
group_name = request.data.get('name', '')
group_name = group_name.strip()
# Check whether group name is validate.
if not validate_group_name(group_name):
error_msg = _(
'Group name can only contain letters, numbers, blank, hyphen, dot, single quote or underscore'
)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, group_name):
error_msg = _('There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# create group.
try:
if is_org_context(request):
org_id = request.user.org.org_id
group_id = seaserv.ccnet_threaded_rpc.create_org_group(
org_id, group_name, username)
else:
group_id = seaserv.ccnet_threaded_rpc.create_group(
group_name, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# if the group has no workspace, create a workspace
owner = '%s@seafile_group' % group_id
workspace = Workspaces.objects.get_workspace_by_owner(owner)
if not workspace:
try:
org_id = -1
if is_org_context(request):
org_id = request.user.org.org_id
create_repo_and_workspace(owner, org_id)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
# get info of new group
group_info = get_group_info(request, group_id)
return Response(group_info, status=status.HTTP_201_CREATED)
def post(self, request):
""" Create a group
Permission checking:
1. Admin user;
"""
# argument check
group_name = request.data.get('group_name', '')
if not group_name:
error_msg = 'group_name %s invalid.' % group_name
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group_name = group_name.strip()
# Check whether group name is validate.
if not validate_group_name(group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen, single quote or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group_owner = request.data.get('group_owner', '')
if group_owner:
try:
User.objects.get(email=group_owner)
except User.DoesNotExist:
error_msg = 'User %s not found.' % group_owner
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
username = request.user.username
new_owner = group_owner or username
# create group.
try:
group_id = ccnet_api.create_group(group_name, new_owner)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# send admin operation log signal
admin_op_detail = {
"id": group_id,
"name": group_name,
"owner": new_owner,
}
admin_operation.send(sender=None, admin_name=username,
operation=GROUP_CREATE, detail=admin_op_detail)
# get info of new group
group_info = get_group_info(group_id)
return Response(group_info, status=status.HTTP_201_CREATED)
def clean_group_name(self):
group_name = self.cleaned_data['group_name']
group_name = group_name.strip()
if not validate_group_name(group_name):
error_msg = _(
'Name can only contain letters, numbers, spaces, hyphen, dot, single quote, brackets or underscore.'
)
raise forms.ValidationError(error_msg)
else:
return group_name
def put(self, request, group_id):
""" Rename, transfer a specific group
"""
group = seaserv.get_group(group_id)
username = request.user.username
new_group_name = request.data.get('name', None)
if new_group_name:
# rename a group
# Check whether group name is validate.
if not validate_group_name(new_group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, new_group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
seaserv.ccnet_threaded_rpc.set_group_name(group_id, new_group_name)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Internal Server Error')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_creator= request.data.get('creator', None)
if new_creator:
# transfer a group
if not is_valid_username(new_creator):
error_msg = _('Creator %s is not valid.') % new_creator
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if new_creator == group.creator_name:
error_msg = _('%s is already group owner') % new_creator
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
if not seaserv.is_group_user(group_id, new_creator):
seaserv.ccnet_threaded_rpc.group_add_member(group_id, username, new_creator)
if not seaserv.check_group_staff(group_id, new_creator):
seaserv.ccnet_threaded_rpc.group_set_admin(group_id, new_creator)
seaserv.ccnet_threaded_rpc.set_group_creator(group_id, new_creator)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Internal Server Error')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# get new info of this group
group_info = get_group_info(request, group_id, GROUP_AVATAR_DEFAULT_SIZE)
return Response(group_info)
def post(self, request):
""" Create a group
"""
if not self._can_add_group(request):
error_msg = _(u'You do not have permission to create group.')
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
group_name = request.data.get('group_name', '')
group_name = group_name.strip()
# Check whether group name is validate.
if not validate_group_name(group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Group name is valid, create that group.
try:
group_id = seaserv.ccnet_threaded_rpc.create_group(group_name, username)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Failed')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
try:
size = int(request.data.get('avatar_size', GROUP_AVATAR_DEFAULT_SIZE))
except ValueError:
size = GROUP_AVATAR_DEFAULT_SIZE
g = seaserv.get_group(group_id)
try:
avatar_url, is_default, date_uploaded = api_grp_avatar_url(g.id, size)
except Exception as e:
logger.error(e)
avatar_url = get_default_group_avatar_url()
val = utc_to_local(dt(g.timestamp))
new_group = {
"id": g.id,
"name": g.group_name,
"creator": g.creator_name,
"created_at": val.strftime("%Y-%m-%dT%H:%M:%S") + DateFormat(val).format('O'),
"avatar_url": request.build_absolute_uri(avatar_url),
"admins": self._get_group_admins(g.id),
}
return Response(new_group, status=status.HTTP_201_CREATED)
def post(self, request):
""" Create a group
"""
if not self._can_add_group(request):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
group_name = request.data.get('name', '')
group_name = group_name.strip()
# Check whether group name is validate.
if not validate_group_name(group_name):
error_msg = _(
u'Group name can only contain letters, numbers, blank, hyphen or underscore'
)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# create group.
try:
if is_org_context(request):
org_id = request.user.org.org_id
group_id = seaserv.ccnet_threaded_rpc.create_org_group(
org_id, group_name, username)
else:
group_id = seaserv.ccnet_threaded_rpc.create_group(
group_name, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# get info of new group
group_info = get_group_info(request, group_id)
return Response(group_info, status=status.HTTP_201_CREATED)
def post(self, request):
""" Create a group
"""
if not self._can_add_group(request):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
group_name = request.data.get('name', '')
group_name = group_name.strip()
# Check whether group name is validate.
if not validate_group_name(group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen, single quote or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# create group.
try:
if is_org_context(request):
org_id = request.user.org.org_id
group_id = seaserv.ccnet_threaded_rpc.create_org_group(org_id,
group_name,
username)
else:
group_id = seaserv.ccnet_threaded_rpc.create_group(group_name,
username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# get info of new group
group_info = get_group_info(request, group_id)
return Response(group_info, status=status.HTTP_201_CREATED)
def post(self, request):
"""import department from work weixin
permission: IsProVersion
"""
if not request.user.admin_permissions.can_manage_user():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
# argument check
department_id = request.data.get('work_weixin_department_id')
try:
department_id = int(department_id)
except Exception as e:
logger.error(e)
error_msg = 'work_weixin_department_ids invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# is pro version and work weixin check
if not IsProVersion or not admin_work_weixin_departments_check():
error_msg = 'Feature is not enabled.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
access_token = get_work_weixin_access_token()
if not access_token:
logger.error('can not get work weixin access_token')
error_msg = '获取企业微信组织架构失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# list departments from work weixin
api_department_list = self._list_departments_from_work_weixin(
access_token, department_id)
if api_department_list is None:
error_msg = '获取企业微信组织架构失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# list department members from work weixin
api_user_list = self._list_department_members_from_work_weixin(
access_token, department_id)
if api_user_list is None:
error_msg = '获取企业微信组织架构成员失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# main
success = list()
failed = list()
department_map_to_group_dict = dict()
for index, department_obj in enumerate(api_department_list):
# check department argument
new_group_name = department_obj.get('name')
department_obj_id = department_obj.get('id')
if department_obj_id is None or not new_group_name or not validate_group_name(
new_group_name):
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '部门参数错误')
failed.append(failed_msg)
continue
# check parent group
if index == 0:
parent_group_id = -1
else:
parent_department_id = department_obj.get('parentid')
parent_group_id = department_map_to_group_dict.get(
parent_department_id)
if parent_group_id is None:
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '父级部门不存在')
failed.append(failed_msg)
continue
# check department exist by group name
exist, exist_group = self._admin_check_group_name_conflict(
new_group_name)
if exist:
department_map_to_group_dict[
department_obj_id] = exist_group.id
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '部门已存在')
failed.append(failed_msg)
continue
# import department
try:
group_id = ccnet_api.create_group(
new_group_name,
DEPARTMENT_OWNER,
parent_group_id=parent_group_id)
seafile_api.set_group_quota(group_id, -2)
department_map_to_group_dict[department_obj_id] = group_id
success_msg = self._api_department_success_msg(
department_obj_id, new_group_name, group_id)
success.append(success_msg)
except Exception as e:
logger.error(e)
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '部门导入失败')
failed.append(failed_msg)
# todo filter ccnet User database
social_auth_queryset = SocialAuthUser.objects.filter(
provider=WORK_WEIXIN_PROVIDER,
uid__contains=WORK_WEIXIN_UID_PREFIX)
# import api_user
for api_user in api_user_list:
uid = WORK_WEIXIN_UID_PREFIX + api_user.get('userid', '')
api_user['contact_email'] = api_user['email']
api_user_name = api_user.get('name')
# determine the user exists
if social_auth_queryset.filter(uid=uid).exists():
email = social_auth_queryset.get(uid=uid).username
else:
# create user
email = gen_user_virtual_id()
create_user_success = _import_user_from_work_weixin(
email, api_user)
if not create_user_success:
failed_msg = self._api_user_failed_msg(
'', api_user_name, department_id, '导入用户失败')
failed.append(failed_msg)
continue
# bind user to department
api_user_department_list = api_user.get('department')
for department_obj_id in api_user_department_list:
group_id = department_map_to_group_dict.get(department_obj_id)
if group_id is None:
# the api_user also exist in the brother department which not import
continue
if ccnet_api.is_group_user(group_id, email):
failed_msg = self._api_user_failed_msg(
email, api_user_name, department_obj_id, '部门成员已存在')
failed.append(failed_msg)
continue
try:
ccnet_api.group_add_member(group_id, DEPARTMENT_OWNER,
email)
success_msg = self._api_user_success_msg(
email, api_user_name, department_obj_id, group_id)
success.append(success_msg)
except Exception as e:
logger.error(e)
failed_msg = self._api_user_failed_msg(
email, api_user_name, department_id, '导入部门成员失败')
failed.append(failed_msg)
return Response({
'success': success,
'failed': failed,
})
def put(self, request, group_id):
""" Rename, transfer a specific group
"""
username = request.user.username
new_group_name = request.data.get('name', None)
# rename a group
if new_group_name:
try:
# only group owner/admin can rename a group
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# Check whether group name is validate.
if not validate_group_name(new_group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, new_group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
seaserv.ccnet_threaded_rpc.set_group_name(group_id, new_group_name)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_owner = request.data.get('owner', None)
# transfer a group
if new_owner:
try:
# only group owner can transfer a group
if not is_group_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if not is_valid_username(new_owner):
error_msg = 'Email %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_group_owner(group_id, new_owner):
error_msg = _(u'User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, username, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
wiki_enabled = request.data.get('wiki_enabled', None)
# turn on/off group wiki
if wiki_enabled:
try:
# only group owner/admin can turn on a group wiki
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if wiki_enabled != 'true' and wiki_enabled != 'false':
error_msg = 'wiki_enabled invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# turn on/off group wiki
if wiki_enabled == 'true':
enable_mod_for_group(group_id, MOD_GROUP_WIKI)
else:
disable_mod_for_group(group_id, MOD_GROUP_WIKI)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
group_info = get_group_info(request, group_id)
return Response(group_info)
def put(self, request, group_id):
""" Admin update a group
1. transfer a group.
2. set group quota.
3. rename group.
Permission checking:
1. Admin user;
"""
if not request.user.admin_permissions.can_manage_group():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
# recourse check
group_id = int(group_id) # Checked by URL Conf
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %d not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
new_owner = request.data.get('new_owner', '')
if new_owner:
if not is_valid_username(new_owner):
error_msg = 'new_owner %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# check if new_owner exists,
# NOT need to check old_owner for old_owner may has been deleted.
try:
User.objects.get(email=new_owner)
except User.DoesNotExist:
error_msg = 'User %s not found.' % new_owner
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
old_owner = group.creator_name
if new_owner == old_owner:
error_msg = _('User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
try:
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, old_owner, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, old_owner)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
# send admin operation log signal
admin_op_detail = {
"id": group_id,
"name": group.group_name,
"from": old_owner,
"to": new_owner,
}
admin_operation.send(sender=None,
admin_name=request.user.username,
operation=GROUP_TRANSFER,
detail=admin_op_detail)
# set group quota
group_quota = request.data.get('quota', '')
if group_quota:
try:
group_quota = int(group_quota)
except ValueError:
error_msg = 'quota invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not (group_quota > 0 or group_quota == -2):
error_msg = 'quota invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
seafile_api.set_group_quota(group_id, group_quota)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
new_name = request.data.get('name', '')
if new_name:
if not validate_group_name(new_name):
error_msg = _(
'Name can only contain letters, numbers, spaces, hyphen, dot, single quote, brackets or underscore.'
)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if check_group_name_conflict(request, new_name):
error_msg = _('There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
ccnet_api.set_group_name(group_id, new_name)
set_group_name_cache(group_id, new_name)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
group_info = get_group_info(group_id)
return Response(group_info)
def put(self, request, group_id):
""" Rename, transfer a specific group
"""
username = request.user.username
new_group_name = request.data.get('name', None)
# rename a group
if new_group_name:
try:
# only group owner/admin can rename a group
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# Check whether group name is validate.
if not validate_group_name(new_group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, new_group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
seaserv.ccnet_threaded_rpc.set_group_name(group_id, new_group_name)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_owner = request.data.get('owner', None)
# transfer a group
if new_owner:
try:
# only group owner can transfer a group
if not is_group_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if not is_valid_username(new_owner):
error_msg = 'Email %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_group_owner(group_id, new_owner):
error_msg = _(u'User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, username, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
wiki_enabled = request.data.get('wiki_enabled', None)
# turn on/off group wiki
if wiki_enabled:
try:
# only group owner/admin can turn on a group wiki
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if wiki_enabled != 'true' and wiki_enabled != 'false':
error_msg = 'wiki_enabled invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# turn on/off group wiki
if wiki_enabled == 'true':
enable_mod_for_group(group_id, MOD_GROUP_WIKI)
else:
disable_mod_for_group(group_id, MOD_GROUP_WIKI)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
group_info = get_group_info(request, group_id)
return Response(group_info)
def put(self, request, group_id):
""" Rename, transfer a specific group
"""
group = seaserv.get_group(group_id)
username = request.user.username
new_group_name = request.data.get('name', None)
if new_group_name:
# rename a group
# Check whether group name is validate.
if not validate_group_name(new_group_name):
error_msg = _(
u'Group name can only contain letters, numbers, blank, hyphen or underscore'
)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, new_group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
seaserv.ccnet_threaded_rpc.set_group_name(
group_id, new_group_name)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Internal Server Error')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
new_creator = request.data.get('creator', None)
if new_creator:
# transfer a group
if not is_valid_username(new_creator):
error_msg = _('Creator %s is not valid.') % new_creator
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if new_creator == group.creator_name:
error_msg = _('%s is already group owner') % new_creator
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
if not seaserv.is_group_user(group_id, new_creator):
seaserv.ccnet_threaded_rpc.group_add_member(
group_id, username, new_creator)
if not seaserv.check_group_staff(group_id, new_creator):
seaserv.ccnet_threaded_rpc.group_set_admin(
group_id, new_creator)
seaserv.ccnet_threaded_rpc.set_group_creator(
group_id, new_creator)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Internal Server Error')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
# get new info of this group
group_info = get_group_info(request, group_id,
GROUP_AVATAR_DEFAULT_SIZE)
return Response(group_info)
def post(self, request):
"""import department from dingtalk
"""
if not ENABLE_DINGTALK:
error_msg = 'Feature is not enabled.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if not request.user.admin_permissions.can_manage_user():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
# argument check
department_id = request.data.get('department_id')
try:
department_id = int(department_id)
except Exception as e:
logger.error(e)
error_msg = 'department_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
access_token = dingtalk_get_access_token()
if not access_token:
error_msg = '获取钉钉组织架构失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# get department list
# https://developers.dingtalk.com/document/app/obtain-the-department-list
data = {'access_token': access_token, 'id': department_id}
current_department_resp_json = requests.get(DINGTALK_DEPARTMENT_GET_DEPARTMENT_URL, params=data).json()
current_department_list = [current_department_resp_json]
sub_department_resp_json = requests.get(DINGTALK_DEPARTMENT_LIST_DEPARTMENT_URL, params=data).json()
sub_department_list = sub_department_resp_json.get('department', [])
department_list = current_department_list + sub_department_list
department_list = sorted(department_list, key=lambda x:x['id'])
# get department user list
data = {
'access_token': access_token,
'department_id': department_id,
'offset': 0,
'size': DINGTALK_DEPARTMENT_USER_SIZE,
}
user_resp_json = requests.get(DINGTALK_DEPARTMENT_GET_DEPARTMENT_USER_LIST_URL, params=data).json()
api_user_list = user_resp_json.get('userlist', [])
# main
success = list()
failed = list()
department_map_to_group_dict = dict()
for index, department_obj in enumerate(department_list):
# check department argument
new_group_name = department_obj.get('name')
department_obj_id = department_obj.get('id')
parent_department_id = department_obj.get('parentid', 0)
if department_obj_id is None or not new_group_name or not validate_group_name(new_group_name):
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '部门参数错误')
failed.append(failed_msg)
continue
# check parent group
if index == 0:
parent_group_id = -1
else:
parent_group_id = department_map_to_group_dict.get(parent_department_id)
if parent_group_id is None:
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '父级部门不存在')
failed.append(failed_msg)
continue
# check department exist
exist_department = ExternalDepartment.objects.get_by_provider_and_outer_id(
DINGTALK_PROVIDER, department_obj_id)
if exist_department:
department_map_to_group_dict[department_obj_id] = exist_department.group_id
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '部门已存在')
failed.append(failed_msg)
continue
# import department
try:
group_id = ccnet_api.create_group(
new_group_name, DEPARTMENT_OWNER, parent_group_id=parent_group_id)
seafile_api.set_group_quota(group_id, -2)
ExternalDepartment.objects.create(
group_id=group_id,
provider=DINGTALK_PROVIDER,
outer_id=department_obj_id,
)
department_map_to_group_dict[department_obj_id] = group_id
success_msg = self._api_department_success_msg(
department_obj_id, new_group_name, group_id)
success.append(success_msg)
except Exception as e:
logger.error(e)
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '部门导入失败')
failed.append(failed_msg)
# todo filter ccnet User database
social_auth_queryset = SocialAuthUser.objects.filter(provider='dingtalk')
# import api_user
for api_user in api_user_list:
uid = api_user.get('unionid', '')
api_user['contact_email'] = api_user['email']
api_user_name = api_user.get('name')
# determine the user exists
if social_auth_queryset.filter(uid=uid).exists():
email = social_auth_queryset.get(uid=uid).username
else:
# create user
email = gen_user_virtual_id()
try:
User.objects.create_user(email)
SocialAuthUser.objects.add(email, 'dingtalk', uid)
except Exception as e:
logger.error(e)
failed_msg = self._api_user_failed_msg(
'', api_user_name, department_id, '导入用户失败')
failed.append(failed_msg)
continue
# bind user to department
api_user_department_list = api_user.get('department')
for department_obj_id in api_user_department_list:
group_id = department_map_to_group_dict.get(department_obj_id)
if group_id is None:
# the api_user also exist in the brother department which not import
continue
if ccnet_api.is_group_user(group_id, email, in_structure=False):
failed_msg = self._api_user_failed_msg(
email, api_user_name, department_obj_id, '部门成员已存在')
failed.append(failed_msg)
continue
try:
ccnet_api.group_add_member(group_id, DEPARTMENT_OWNER, email)
success_msg = self._api_user_success_msg(
email, api_user_name, department_obj_id, group_id)
success.append(success_msg)
except Exception as e:
logger.error(e)
failed_msg = self._api_user_failed_msg(
email, api_user_name, department_id, '导入部门成员失败')
failed.append(failed_msg)
try:
update_dingtalk_user_info(email,
api_user.get('name'),
api_user.get('contact_email'),
api_user.get('avatar'))
except Exception as e:
logger.error(e)
return Response({
'success': success,
'failed': failed,
})
