def get(self, request, email):
""" return all groups user joined
Permission checking:
1. Admin user;
"""
if not request.user.admin_permissions.can_manage_user():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
try:
User.objects.get(email=email)
except User.DoesNotExist as e:
logger.error(e)
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
groups_info = []
try:
groups = ccnet_api.get_groups(email)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# Use dict to reduce memcache fetch cost in large for-loop.
nickname_dict = {}
creator_name_set = set([g.creator_name for g in groups])
for e in creator_name_set:
if e not in nickname_dict:
nickname_dict[e] = email2nickname(e)
for group in groups:
isoformat_timestr = timestamp_to_isoformat_timestr(group.timestamp)
group_info = {
"id": group.id,
"name": group.group_name,
"owner_email": group.creator_name,
"owner_name": nickname_dict.get(group.creator_name, ''),
"created_at": isoformat_timestr,
"parent_group_id":
group.parent_group_id if is_pro_version() else 0
}
groups_info.append(group_info)
try:
is_group_staff = ccnet_api.check_group_staff(group.id, email)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
if email == group.creator_name:
group_info['role'] = 'Owner'
elif is_group_staff:
group_info['role'] = 'Admin'
else:
group_info['role'] = 'Member'
return Response({'group_list': groups_info})
def get_group_member_info(request,
group_id,
email,
avatar_size=AVATAR_DEFAULT_SIZE):
p = Profile.objects.get_profile_by_user(email)
if p:
login_id = p.login_id if p.login_id else ''
else:
login_id = ''
avatar_url, is_default, date_uploaded = api_avatar_url(email, avatar_size)
role = 'Member'
group = ccnet_api.get_group(int(group_id))
is_admin = bool(ccnet_api.check_group_staff(int(group_id), email))
if email == group.creator_name:
role = 'Owner'
elif is_admin:
role = 'Admin'
member_info = {
'group_id': group_id,
"name": email2nickname(email),
'email': email,
"contact_email": Profile.objects.get_contact_email_by_user(email),
"login_id": login_id,
"avatar_url": avatar_url,
"is_admin": is_admin,
"role": role,
}
return member_info
def get_group_member_info(request, group_id, email, avatar_size=AVATAR_DEFAULT_SIZE):
p = Profile.objects.get_profile_by_user(email)
if p:
login_id = p.login_id if p.login_id else ''
else:
login_id = ''
try:
avatar_url, is_default, date_uploaded = api_avatar_url(email, avatar_size)
except Exception as e:
logger.error(e)
avatar_url = get_default_avatar_url()
role = 'Member'
group = ccnet_api.get_group(int(group_id))
is_admin = bool(ccnet_api.check_group_staff(int(group_id), email))
if email == group.creator_name:
role = 'Owner'
elif is_admin:
role = 'Admin'
member_info = {
'group_id': group_id,
"name": email2nickname(email),
'email': email,
"contact_email": Profile.objects.get_contact_email_by_user(email),
"login_id": login_id,
"avatar_url": request.build_absolute_uri(avatar_url),
"is_admin": is_admin,
"role": role,
}
return member_info
def post(self, request, repo_id):
""" Only used for reset encrypted repo's password, and then send new
password to user's mainbox.
Permission checking:
1. repo owner.
"""
if not ENABLE_RESET_ENCRYPTED_REPO_PASSWORD or \
not IS_EMAIL_CONFIGURED:
error_msg = _('Feature disabled.')
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not repo.encrypted:
error_msg = 'Library %s is not encrypted.' % repo_id
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
if '@seafile_group' in repo_owner:
group_id = email2nickname(repo_owner)
if not ccnet_api.check_group_staff(int(group_id), username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
if username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
secret_key = RepoSecretKey.objects.get_secret_key(repo_id)
if not secret_key:
error_msg = _("Can not reset this library's password.")
return api_error(HTTP_520_OPERATION_FAILED, error_msg)
new_password = get_random_string(10)
try:
seafile_api.reset_repo_passwd(repo_id, username, secret_key,
new_password)
content = {'repo_name': repo.name, 'password': new_password}
send_html_email(
_('New password of library %s') % repo.name,
'snippets/reset_repo_password.html', content, None,
[email2contact_email(username)])
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def delete(self, request, group_id, discuss_id, format=None):
"""Remove a group discussion.
Only discussion creator or group admin can perform this op.
"""
username = request.user.username
group_id = int(group_id)
try:
discussion = GroupMessage.objects.get(pk=discuss_id)
except GroupMessage.DoesNotExist:
return api_error(status.HTTP_400_BAD_REQUEST, 'Discussion id %s not found.' % discuss_id)
# perm check
if not ccnet_api.check_group_staff(group_id, username) and \
discussion.from_email != username:
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
discussion.delete()
return Response(status=204)
def is_group_admin(group_id, email):
return ccnet_api.check_group_staff(int(group_id), email)
def is_group_admin(group_id, email):
return ccnet_api.check_group_staff(int(group_id), email)
def put(self, request, repo_id):
""" Change/Init repo password.
Permission checking:
1. repo owner
"""
# argument check
operation = request.data.get('operation', 'change-password')
operation = operation.lower()
if operation not in ('change-password', 'reset-password', 'can-reset-password'):
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not repo.encrypted:
error_msg = 'Library %s is not encrypted.' % repo_id
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
if '@seafile_group' in repo_owner:
group_id = email2nickname(repo_owner)
if not ccnet_api.check_group_staff(int(group_id), username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
if username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if operation == 'change-password':
old_password = request.data.get('old_password', None)
if not old_password:
error_msg = 'old_password invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
new_password = request.data.get('new_password', None)
if not new_password:
error_msg = 'new_password invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
seafile_api.change_repo_passwd(repo_id, old_password, new_password, username)
except Exception as e:
if e.msg == 'Incorrect password':
error_msg = _('Wrong old password')
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if ENABLE_RESET_ENCRYPTED_REPO_PASSWORD:
add_encrypted_repo_secret_key_to_database(repo_id, new_password)
if operation == 'can-reset-password':
if not ENABLE_RESET_ENCRYPTED_REPO_PASSWORD:
error_msg = 'Feature disabled.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if not RepoSecretKey.objects.get_secret_key(repo_id):
return Response({'allowed': False})
else:
return Response({'allowed': True})
if operation == 'reset-password':
if not ENABLE_RESET_ENCRYPTED_REPO_PASSWORD:
error_msg = 'Feature disabled.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
new_password = request.data.get('new_password', None)
if not new_password:
error_msg = 'new_password invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
secret_key = RepoSecretKey.objects.get_secret_key(repo_id)
if not secret_key:
error_msg = _("Can not reset this library's password.")
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
seafile_api.reset_repo_passwd(repo_id, username, secret_key, new_password)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
