def share_dir_to_group(repo, path, owner, share_from, gid, permission, org_id=None):
# Share repo or subdir to group with permission(r, rw, admin).
extra_share_permission = ''
if permission == PERMISSION_ADMIN:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE
if is_valid_org_id(org_id):
if path == '/':
seafile_api.add_org_group_repo(repo.repo_id, org_id, gid,
owner, permission)
else:
seafile_api.org_share_subdir_to_group(org_id, repo.repo_id,
path, owner,
gid, permission)
else:
if path == '/':
seafile_api.set_group_repo(repo.repo_id, gid, owner,
permission)
else:
seafile_api.share_subdir_to_group(repo.repo_id, path,
owner, gid,
permission)
# add share permission if between is admin and is extra permission.
if path == '/' and extra_share_permission == PERMISSION_ADMIN:
ExtraGroupsSharePermission.objects.create_share_permission(repo.repo_id, gid, extra_share_permission)
def share_to_group(request, repo, group, permission):
"""Share repo to group with given permission.
"""
repo_id = repo.id
group_id = group.id
group_name = group.group_name
from_user = request.user.username
if is_org_context(request):
org_id = request.user.org.org_id
group_repo_ids = seafile_api.get_org_group_repoids(org_id, group.id)
else:
group_repo_ids = seafile_api.get_group_repoids(group.id)
if repo.id in group_repo_ids:
msg = _(u'"%(repo)s" is already in group %(group)s. <a href="%(href)s">View</a>') % {
'repo': escape(repo.name), 'group': escape(group.group_name),
'href': reverse('group_info', args=[group.id])}
messages.error(request, msg, extra_tags='safe')
return
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(repo_id, org_id, group_id,
from_user, permission)
else:
seafile_api.set_group_repo(repo_id, group_id, from_user,
permission)
except Exception, e:
logger.error(e)
msg = _(u'Failed to share %(repo)s to %(group)s, please try again later.') % \
{'repo': repo.name, 'group': group_name}
messages.error(request, msg)
def share_to_group(request, repo, group, permission):
"""Share repo to group with given permission.
"""
repo_id = repo.id
group_id = group.id
group_name = group.group_name
from_user = request.user.username
if is_org_context(request):
org_id = request.user.org.org_id
group_repo_ids = seafile_api.get_org_group_repoids(org_id, group.id)
else:
group_repo_ids = seafile_api.get_group_repoids(group.id)
if repo.id in group_repo_ids:
msg = _(u'"%(repo)s" is already in group %(group)s. <a href="%(href)s">View</a>') % {
'repo': repo.name, 'group': group.group_name,
'href': reverse('group_info', args=[group.id])}
messages.error(request, msg)
return
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(repo_id, org_id, group_id,
from_user, permission)
else:
seafile_api.set_group_repo(repo_id, group_id, from_user,
permission)
except Exception, e:
logger.error(e)
msg = _(u'Failed to share %(repo)s to %(group)s, please try again later.') % \
{'repo': repo.name, 'group': group_name}
messages.error(request, msg)
def share_to_group(request, repo, group, permission):
"""Share repo to group with given permission.
"""
repo_id = repo.id
group_id = group.id
from_user = request.user.username
if is_org_context(request):
org_id = request.user.org.org_id
group_repo_ids = seafile_api.get_org_group_repoids(org_id, group.id)
else:
group_repo_ids = seafile_api.get_group_repoids(group.id)
if repo.id in group_repo_ids:
return False
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(repo_id, org_id, group_id,
from_user, permission)
else:
seafile_api.set_group_repo(repo_id, group_id, from_user,
permission)
return True
except Exception, e:
logger.error(e)
return False
def share_to_group(request, repo, group, permission):
"""Share repo to group with given permission.
"""
repo_id = repo.id
group_id = group.id
from_user = request.user.username
if is_org_context(request):
org_id = request.user.org.org_id
group_repo_ids = seafile_api.get_org_group_repoids(org_id, group.id)
else:
group_repo_ids = seafile_api.get_group_repoids(group.id)
if repo.id in group_repo_ids:
return False
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(repo_id, org_id, group_id,
from_user, permission)
else:
seafile_api.set_group_repo(repo_id, group_id, from_user,
permission)
return True
except Exception, e:
logger.error(e)
return False
def share_dir_to_group(repo, path, owner, share_from, gid, permission, org_id=None):
# Share repo or subdir to group with permission(r, rw, admin).
extra_share_permission = ''
if permission == PERMISSION_ADMIN:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE
if org_id:
if path == '/':
seafile_api.add_org_group_repo(repo.repo_id, org_id, gid,
owner, permission)
else:
seafile_api.org_share_subdir_to_group(org_id, repo.repo_id,
path, owner,
gid, permission)
else:
if path == '/':
seafile_api.set_group_repo(repo.repo_id, gid, owner,
permission)
else:
seafile_api.share_subdir_to_group(repo.repo_id, path,
owner, gid,
permission)
# add share permission if between is admin and is extra permission.
if path == '/' and extra_share_permission == PERMISSION_ADMIN:
ExtraGroupsSharePermission.objects.create_share_permission(repo.repo_id, gid, extra_share_permission)
def create_group_repo(request, group_id):
"""Create a repo and share it to current group"""
content_type = 'application/json; charset=utf-8'
def json_error(err_msg):
result = {'error': err_msg}
return HttpResponseBadRequest(json.dumps(result),
content_type=content_type)
group_id = int(group_id)
group = get_group(group_id)
if not group:
return json_error(_(u'Failed to create: the group does not exist.'))
# Check whether user belongs to the group.
username = request.user.username
if not is_group_user(group_id, username):
return json_error(_(u'Failed to create: you are not in the group.'))
form = SharedRepoCreateForm(request.POST)
if not form.is_valid():
return json_error(str(form.errors.values()[0]))
# Form is valid, create group repo
repo_name = form.cleaned_data['repo_name']
repo_desc = form.cleaned_data['repo_desc']
permission = form.cleaned_data['permission']
encryption = int(form.cleaned_data['encryption'])
uuid = form.cleaned_data['uuid']
magic_str = form.cleaned_data['magic_str']
encrypted_file_key = form.cleaned_data['encrypted_file_key']
if is_org_context(request):
org_id = request.user.org.org_id
try:
if encryption:
repo_id = seafile_api.create_org_enc_repo(uuid,
repo_name,
repo_desc,
username,
magic_str,
encrypted_file_key,
enc_version=2,
org_id=org_id)
else:
repo_id = seafile_api.create_org_repo(repo_name, repo_desc,
username, None, org_id)
except SearpcError, e:
logger.error(e)
return json_error(_(u'Failed to create'))
try:
seafile_api.add_org_group_repo(repo_id, org_id, group.id, username,
permission)
except SearpcError, e:
logger.error(e)
return json_error(_(u'Failed to create: internal error.'))
def share_org_repo_to_org_user_and_org_group(self):
seaserv.seafserv_threaded_rpc.org_add_share(self.org.org_id,
self.org_repo.repo_id,
self.org_user.username,
self.org_admin.username,
'rw')
seafile_api.add_org_group_repo(self.org_repo.repo_id, self.org.org_id,
self.org_group.id,
self.org_user.username, 'rw')
def create_group_repo(request, group_id):
"""Create a repo and share it to current group"""
content_type = 'application/json; charset=utf-8'
def json_error(err_msg):
result = {'error': err_msg}
return HttpResponseBadRequest(json.dumps(result),
content_type=content_type)
group_id = int(group_id)
group = get_group(group_id)
if not group:
return json_error(_(u'Failed to create: the group does not exist.'))
# Check whether user belongs to the group.
username = request.user.username
if not is_group_user(group_id, username):
return json_error(_(u'Failed to create: you are not in the group.'))
form = SharedRepoCreateForm(request.POST)
if not form.is_valid():
return json_error(str(form.errors.values()[0]))
# Form is valid, create group repo
repo_name = form.cleaned_data['repo_name']
repo_desc = form.cleaned_data['repo_desc']
permission = form.cleaned_data['permission']
encryption = int(form.cleaned_data['encryption'])
uuid = form.cleaned_data['uuid']
magic_str = form.cleaned_data['magic_str']
encrypted_file_key = form.cleaned_data['encrypted_file_key']
if is_org_context(request):
org_id = request.user.org.org_id
try:
if encryption:
repo_id = seafile_api.create_org_enc_repo(
uuid, repo_name, repo_desc, username, magic_str,
encrypted_file_key, enc_version=2, org_id=org_id)
else:
repo_id = seafile_api.create_org_repo(repo_name, repo_desc,
username, None, org_id)
except SearpcError, e:
logger.error(e)
return json_error(_(u'Failed to create'))
try:
seafile_api.add_org_group_repo(repo_id, org_id, group.id,
username, permission)
except SearpcError, e:
logger.error(e)
return json_error(_(u'Failed to create: internal error.'))
def share_org_repo_to_org_group_with_rw_permission(self):
seafile_api.add_org_group_repo(self.org_repo.repo_id, self.org.org_id,
self.org_group.id, self.org_user.username, 'rw')
def put(self, request, org_id, repo_id):
"""Transfer an organization library
"""
new_owner = request.data.get('email', None)
if not new_owner:
error_msg = 'Email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not is_valid_email(new_owner):
error_msg = 'Email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
org_id = int(org_id)
if not ccnet_api.get_org_by_id(org_id):
error_msg = 'Organization %s not found.' % org_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission checking
if not org_user_exists(org_id, new_owner):
error_msg = 'User %s not in org %s.' % (new_owner, org_id)
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not is_org_repo(org_id, repo_id):
error_msg = 'Library %s not in org %s.' % (repo_id, org_id)
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = seafile_api.get_org_repo_owner(repo_id)
# get repo shared to user/group list
shared_users = seafile_api.list_org_repo_shared_to(
org_id, repo_owner, repo_id)
shared_groups = seafile_api.list_org_repo_shared_group(
org_id, repo_owner, repo_id)
# get all pub repos
pub_repos = seafile_api.list_org_inner_pub_repos_by_owner(
org_id, repo_owner)
seafile_api.set_org_repo_owner(org_id, repo_id, new_owner)
# reshare repo to user
for shared_user in shared_users:
shared_username = shared_user.user
if new_owner == shared_username:
continue
seafile_api.org_share_repo(org_id, repo_id, new_owner,
shared_username, shared_user.perm)
# reshare repo to group
for shared_group in shared_groups:
shared_group_id = shared_group.group_id
if not ccnet_api.is_group_user(shared_group_id, new_owner):
continue
seafile_api.add_org_group_repo(repo_id, org_id, shared_group_id,
new_owner, shared_group.perm)
# check if current repo is pub-repo
# if YES, reshare current repo to public
for pub_repo in pub_repos:
if repo_id != pub_repo.id:
continue
seafile_api.set_org_inner_pub_repo(org_id, repo_id,
pub_repo.permission)
break
repo_info = {}
repo_info['owner_email'] = new_owner
repo_info['owner_name'] = email2nickname(new_owner)
repo_info['encrypted'] = repo.encrypted
repo_info['repo_id'] = repo.repo_id
repo_info['repo_name'] = repo.name
repo_info['is_department_repo'] = False
repo_info['group_id'] = ''
return Response(repo_info)
def put(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND, "Library %s not found." % repo_id)
path = request.GET.get("p", "/")
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND, "Folder %s not found." % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, "Permission denied.")
share_type = request.data.get("share_type")
if share_type != "user" and share_type != "group":
return api_error(status.HTTP_400_BAD_REQUEST, "share_type invalid.")
permission = request.data.get("permission", "r")
if permission not in ["r", "rw"]:
return api_error(status.HTTP_400_BAD_REQUEST, "permission invalid.")
result = {}
result["failed"] = []
result["success"] = []
if share_type == "user":
share_to_users = request.data.getlist("username")
for to_user in share_to_users:
if not is_valid_username(to_user):
result["failed"].append({"email": to_user, "error_msg": "username invalid."})
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
result["failed"].append({"email": to_user, "error_msg": "User %s not found." % to_user})
continue
try:
if is_org_context(request):
org_id = request.user.org.org_id
if path == "/":
seaserv.seafserv_threaded_rpc.org_add_share(org_id, repo_id, username, to_user, permission)
else:
seafile_api.org_share_subdir_to_user(org_id, repo_id, path, username, to_user, permission)
else:
if path == "/":
seafile_api.share_repo(repo_id, username, to_user, permission)
else:
seafile_api.share_subdir_to_user(repo_id, path, username, to_user, permission)
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=repo)
result["success"].append(
{
"share_type": "user",
"user_info": {"name": to_user, "nickname": email2nickname(to_user)},
"permission": permission,
}
)
send_perm_audit_msg("add-repo-perm", username, to_user, repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result["failed"].append({"email": to_user, "error_msg": "Internal Server Error"})
continue
if share_type == "group":
group_ids = request.data.getlist("group_id")
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, "group_id %s invalid." % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_404_NOT_FOUND, "Group %s not found" % gid)
try:
if is_org_context(request):
org_id = request.user.org.org_id
if path == "/":
seafile_api.add_org_group_repo(repo_id, org_id, gid, username, permission)
else:
seafile_api.org_share_subdir_to_group(org_id, repo_id, path, username, gid, permission)
else:
if path == "/":
seafile_api.set_group_repo(repo_id, gid, username, permission)
else:
seafile_api.share_subdir_to_group(repo_id, path, username, gid, permission)
share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=repo)
result["success"].append(
{
"share_type": "group",
"group_info": {"id": gid, "name": group.group_name},
"permission": permission,
}
)
send_perm_audit_msg("add-repo-perm", username, gid, repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result["failed"].append({"group_name": group.group_name, "error_msg": "Internal Server Error"})
continue
return HttpResponse(json.dumps(result), status=200, content_type=json_content_type)
def post(self, request):
# argument check
operation = request.data.get('operation', None)
if not operation:
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# operation could be `share`, `unshare`, `delete`, `transfer`
# we now only use `share`, `unshare`
if operation not in ('share', 'unshare'):
error_msg = 'operation can only be "share", "unshare".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
username = request.user.username
repo_id_list = request.data.getlist('repo_id')
valid_repo_id_list = []
# filter out invalid repo id
for repo_id in repo_id_list:
if not seafile_api.get_repo(repo_id):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Library %s not found.' % repo_id
})
continue
repo_owner = get_repo_owner(request, repo_id)
if repo_owner != username and not is_repo_admin(username, repo_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Permission denied.'
})
continue
valid_repo_id_list.append(repo_id)
# share repo
if operation == 'share':
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('user', 'group'):
error_msg = 'share_type can only be "user", "group".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
permission = request.data.get('permission', 'rw')
if permission not in [
PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN
]:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# share repo to user
if share_type == 'user':
to_username = request.data.get('username', None)
if not to_username:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
User.objects.get(email=to_username)
except User.DoesNotExist:
error_msg = 'User %s not found.' % to_username
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check if to_user is an org user
try:
org_of_to_user = ccnet_api.get_orgs_by_user(to_username)
except Exception as e:
logger.error(e)
org_of_to_user = []
if is_org_context(request):
org_id = request.user.org.org_id
org_name = request.user.org.org_name
if len(org_of_to_user
) == 0 or org_id != org_of_to_user[0].org_id:
error_msg = 'User %s is not member of organization %s.' \
% (to_username, org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
if len(org_of_to_user) >= 1:
error_msg = 'User %s is member of organization %s.' \
% (to_username, org_of_to_user[0].org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_user(request, repo_id, to_username):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has been shared to %s.' % to_username
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, repo_id, username, to_username,
permission)
else:
seafile_api.share_repo(repo_id, username,
to_username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_username,
repo=repo,
path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"username": to_username,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username,
to_username, repo_id, '/',
permission)
except Exception as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
# share repo to group
if share_type == 'group':
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(to_group_id)
if not group:
error_msg = 'Group %s not found.' % to_group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
group_name = group.group_name
if not is_group_member(to_group_id, username):
error_msg = 'User %s is not member of group %s.' % (
username, group_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_group(request, repo_id, to_group_id):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has been shared to %s.' % group_name
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(
repo_id, org_id, to_group_id, username,
permission)
else:
seafile_api.set_group_repo(repo_id, to_group_id,
username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_group_successful.send(
sender=None,
from_user=username,
group_id=to_group_id,
repo=repo,
path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"group_id": to_group_id,
"group_name": group_name,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username,
to_group_id, repo_id, '/',
permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
# unshare repo
if operation == 'unshare':
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('user', 'group'):
error_msg = 'share_type can only be "user", "group".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# unshare repo from user
if share_type == 'user':
to_username = request.data.get('username', None)
if not to_username:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
for repo_id in valid_repo_id_list:
if not self.has_shared_to_user(request, repo_id,
to_username):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has not been shared to %s.' %
to_username
})
continue
repo_owner = get_repo_owner(request, repo_id)
try:
# get share permission before unshare operation
permission = check_user_share_out_permission(
repo_id, '/', to_username, is_org_context(request))
if is_org_context(request):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
org_id = request.user.org.org_id
seafile_api.org_remove_share(
org_id, repo_id, repo_owner, to_username)
else:
seafile_api.remove_share(repo_id, repo_owner,
to_username)
# Delete share permission at ExtraSharePermission table.
ExtraSharePermission.objects.delete_share_permission(
repo_id, to_username)
# send message
send_perm_audit_msg('delete-repo-perm', username,
to_username, repo_id, '/',
permission)
result['success'].append({
"repo_id": repo_id,
"username": to_username,
})
except Exception as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
# unshare repo from group
if share_type == 'group':
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(to_group_id)
group_name = group.group_name if group else ''
for repo_id in valid_repo_id_list:
if not self.has_shared_to_group(request, repo_id,
to_group_id):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has not been shared to %s.' % group_name
})
continue
try:
# get share permission before unshare operation
permission = check_group_share_out_permission(
repo_id, '/', to_group_id, is_org_context(request))
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.del_org_group_repo(
repo_id, org_id, to_group_id)
else:
seafile_api.unset_group_repo(
repo_id, to_group_id, username)
# Delete share permission at ExtraSharePermission table.
ExtraGroupsSharePermission.objects.delete_share_permission(
repo_id, to_group_id)
# send message
send_perm_audit_msg('delete-repo-perm', username,
to_group_id, repo_id, '/',
permission)
result['success'].append({
"repo_id": repo_id,
"group_id": to_group_id,
"group_name": group_name,
})
except SearpcError as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
return Response(result)
def put(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND, "Library %s not found." % repo_id)
path = request.GET.get("p", "/")
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND, "Folder %s not found." % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, "Permission denied.")
if path != "/":
try:
sub_repo = self.get_or_create_sub_repo_by_path(request, repo, path)
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, "Failed to get sub repo.")
else:
sub_repo = None
share_type = request.data.get("share_type")
if share_type != "user" and share_type != "group":
return api_error(status.HTTP_400_BAD_REQUEST, "share_type invalid.")
permission = request.data.get("permission", "r")
if permission not in ["r", "rw"]:
return api_error(status.HTTP_400_BAD_REQUEST, "permission invalid.")
shared_repo = repo if path == "/" else sub_repo
success, failed = [], []
if share_type == "user":
share_to_users = request.data.getlist("username")
for to_user in share_to_users:
if not is_valid_username(to_user):
failed.append(to_user)
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
failed.append(to_user)
continue
if not check_user_share_quota(username, shared_repo, users=[to_user]):
return api_error(status.HTTP_403_FORBIDDEN, "Not enough quota.")
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, shared_repo.id, username, to_user, permission
)
else:
seafile_api.share_repo(shared_repo.id, username, to_user, permission)
# send a signal when sharing repo successful
share_repo_to_user_successful.send(
sender=None, from_user=username, to_user=to_user, repo=shared_repo
)
success.append(
{
"share_type": "user",
"user_info": {"name": to_user, "nickname": email2nickname(to_user)},
"permission": permission,
}
)
send_perm_audit_msg("add-repo-perm", username, to_user, repo_id, path, permission)
except SearpcError as e:
logger.error(e)
failed.append(to_user)
continue
if share_type == "group":
group_ids = request.data.getlist("group_id")
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, "group_id %s invalid." % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_404_NOT_FOUND, "Group %s not found" % gid)
if not check_user_share_quota(username, shared_repo, groups=[group]):
return api_error(status.HTTP_403_FORBIDDEN, "Not enough quota.")
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(shared_repo.repo_id, org_id, gid, username, permission)
else:
seafile_api.set_group_repo(shared_repo.repo_id, gid, username, permission)
success.append(
{
"share_type": "group",
"group_info": {"id": gid, "name": group.group_name},
"permission": permission,
}
)
send_perm_audit_msg("add-repo-perm", username, gid, repo_id, path, permission)
except SearpcError as e:
logger.error(e)
failed.append(group.group_name)
continue
return HttpResponse(
json.dumps({"success": success, "failed": failed}), status=200, content_type=json_content_type
)
def put(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND,
'Folder %s not found.' % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
if path != '/':
try:
sub_repo = self.get_or_create_sub_repo_by_path(
request, repo, path)
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Failed to get sub repo.')
else:
sub_repo = None
share_type = request.data.get('share_type')
if share_type != 'user' and share_type != 'group':
return api_error(status.HTTP_400_BAD_REQUEST,
'share_type invalid.')
permission = request.data.get('permission', 'r')
if permission not in ['r', 'rw']:
return api_error(status.HTTP_400_BAD_REQUEST,
'permission invalid.')
shared_repo = repo if path == '/' else sub_repo
result = {}
result['failed'] = []
result['success'] = []
if share_type == 'user':
share_to_users = request.data.getlist('username')
for to_user in share_to_users:
if not is_valid_username(to_user):
result['failed'].append({
'email':
to_user,
'error_msg':
'Nutzername oder E-Mail-Adresse ungültig.'
})
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
result['failed'].append({
'email':
to_user,
'error_msg':
'Es wurde kein Nutzer mit der E-Mail-Adresse %s gefunden. Benutzen Sie die Option „Download-Link erstellen” bzw. „Upload-Link erstellen”, um Elemente für nicht-registrierte Nutzer freizugeben.'
% to_user
})
continue
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, shared_repo.id, username, to_user,
permission)
else:
seafile_api.share_repo(shared_repo.id, username,
to_user, permission)
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_user,
repo=shared_repo)
result['success'].append({
"share_type": "user",
"user_info": {
"name": to_user,
"nickname": email2nickname(to_user),
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_user,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'email':
to_user,
'error_msg':
'Internal Server Error'
})
continue
if share_type == 'group':
group_ids = request.data.getlist('group_id')
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST,
'group_id %s invalid.' % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_404_NOT_FOUND,
'Group %s not found' % gid)
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(shared_repo.repo_id,
org_id, gid, username,
permission)
else:
seafile_api.set_group_repo(shared_repo.repo_id, gid,
username, permission)
share_repo_to_group_successful.send(sender=None,
from_user=username,
group_id=gid,
repo=shared_repo)
result['success'].append({
"share_type": "group",
"group_info": {
"id": gid,
"name": group.group_name,
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, gid,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'group_name':
group.group_name,
'error_msg':
'Internal Server Error'
})
continue
return HttpResponse(json.dumps(result),
status=200,
content_type=json_content_type)
def put(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_400_BAD_REQUEST, 'Repo not found.')
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_400_BAD_REQUEST, 'Directory not found.')
if path != '/':
try:
sub_repo = self.get_or_create_sub_repo_by_path(request, repo, path)
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub repo')
else:
sub_repo = None
share_type = request.DATA.get('share_type')
if share_type != 'user' and share_type != 'group':
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad share type')
permission = request.DATA.get('permission', 'r')
if permission not in ['r', 'rw']:
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad permission')
shared_repo = repo if path == '/' else sub_repo
success, failed = [], []
if share_type == 'user':
share_to_users = request.DATA.getlist('username')
for to_user in share_to_users:
if not is_valid_username(to_user):
return api_error(status.HTTP_400_BAD_REQUEST,
'Username must be a valid email address.')
if not check_user_share_quota(username, shared_repo, users=[to_user]):
return api_error(status.HTTP_403_FORBIDDEN,
'Failed to share: No enough quota.')
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, shared_repo.id, username, to_user,
permission)
else:
seafile_api.share_repo(shared_repo.id, username,
to_user, permission)
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_user,
repo=shared_repo)
success.append({
"share_type": "user",
"user_info": {
"name": to_user,
"nickname": email2nickname(to_user),
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_user,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
failed.append(to_user)
continue
if share_type == 'group':
group_ids = request.DATA.getlist('group_id')
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad group id: %s' % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_400_BAD_REQUEST, 'Group not found: %s' % gid)
if not check_user_share_quota(username, shared_repo, groups=[group]):
return api_error(status.HTTP_403_FORBIDDEN,
'Failed to share: No enough quota.')
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(shared_repo.repo_id,
org_id, gid, username,
permission)
else:
seafile_api.set_group_repo(shared_repo.repo_id, gid,
username, permission)
success.append({
"share_type": "group",
"group_info": {
"id": gid,
"name": group.group_name,
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, gid,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
failed.append(group.group_name)
continue
return HttpResponse(json.dumps({
"success": success,
"failed": failed
}), status=200, content_type=json_content_type)
def put(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
if path != '/':
try:
sub_repo = self.get_or_create_sub_repo_by_path(request, repo, path)
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub repo.')
else:
sub_repo = None
share_type = request.data.get('share_type')
if share_type != 'user' and share_type != 'group':
return api_error(status.HTTP_400_BAD_REQUEST, 'share_type invalid.')
permission = request.data.get('permission', 'r')
if permission not in ['r', 'rw']:
return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.')
shared_repo = repo if path == '/' else sub_repo
result = {}
result['failed'] = []
result['success'] = []
if share_type == 'user':
share_to_users = request.data.getlist('username')
for to_user in share_to_users:
if not is_valid_username(to_user):
result['failed'].append({
'email': to_user,
'error_msg': 'username invalid.'
})
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
result['failed'].append({
'email': to_user,
'error_msg': 'User %s not found.' % to_user
})
continue
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, shared_repo.id, username, to_user,
permission)
else:
seafile_api.share_repo(shared_repo.id, username,
to_user, permission)
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_user,
repo=shared_repo)
result['success'].append({
"share_type": "user",
"user_info": {
"name": to_user,
"nickname": email2nickname(to_user),
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_user,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'email': to_user,
'error_msg': 'Internal Server Error'
})
continue
if share_type == 'group':
group_ids = request.data.getlist('group_id')
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid.' % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_404_NOT_FOUND, 'Group %s not found' % gid)
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(shared_repo.repo_id,
org_id, gid, username,
permission)
else:
seafile_api.set_group_repo(shared_repo.repo_id, gid,
username, permission)
share_repo_to_group_successful.send(sender=None,
from_user=username, group_id=gid, repo=shared_repo)
result['success'].append({
"share_type": "group",
"group_info": {
"id": gid,
"name": group.group_name,
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, gid,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'group_name': group.group_name,
'error_msg': 'Internal Server Error'
})
continue
return HttpResponse(json.dumps(result),
status=200, content_type=json_content_type)
def share_org_repo_to_org_group_with_rw_permission(self):
seafile_api.add_org_group_repo(self.org_repo.repo_id, self.org.org_id,
self.org_group.id,
self.org_user.username, 'rw')
def org_repo_transfer(request):
"""Transfer a repo to others.
"""
if request.method != 'POST':
raise Http404
repo_id = request.POST.get('repo_id', None)
new_owner = request.POST.get('email', None)
next = request.META.get('HTTP_REFERER', reverse(org_repo_admin))
if not repo_id and not new_owner:
messages.error(request, 'Failed to transfer, invalid arguments.')
return HttpResponseRedirect(next)
# permission checking
org_id = request.user.org.org_id
if not org_user_exists(org_id, new_owner) or \
not is_valid_username(new_owner):
messages.error(request, 'Failed to transfer, user does not exist.')
return HttpResponseRedirect(next)
if not is_org_repo(org_id, repo_id):
messages.error(request, 'Failed to transfer, library does not exist.')
return HttpResponseRedirect(next)
repo_owner = seafile_api.get_org_repo_owner(repo_id)
# get repo shared to user/group list
shared_users = seafile_api.list_org_repo_shared_to(org_id, repo_owner,
repo_id)
shared_groups = seafile_api.list_org_repo_shared_group(
org_id, repo_owner, repo_id)
# get all pub repos
pub_repos = seaserv.seafserv_threaded_rpc.list_org_inner_pub_repos_by_owner(
org_id, repo_owner)
seafile_api.set_org_repo_owner(org_id, repo_id, new_owner)
messages.success(request, _(u'Successfully transfered 1 item.'))
# reshare repo to user
for shared_user in shared_users:
shared_username = shared_user.user
if new_owner == shared_username:
continue
seaserv.seafserv_threaded_rpc.org_add_share(org_id, repo_id, new_owner,
shared_username,
shared_user.perm)
# reshare repo to group
for shared_group in shared_groups:
shared_group_id = shared_group.group_id
if not ccnet_api.is_group_user(shared_group_id, new_owner):
continue
seafile_api.add_org_group_repo(repo_id, org_id, shared_group_id,
new_owner, shared_group.perm)
# check if current repo is pub-repo
# if YES, reshare current repo to public
for pub_repo in pub_repos:
if repo_id != pub_repo.id:
continue
seaserv.seafserv_threaded_rpc.set_org_inner_pub_repo(
org_id, repo_id, pub_repo.permission)
break
return HttpResponseRedirect(next)
def post(self, request):
# argument check
operation = request.data.get('operation')
# operation could be `share`, `delete`, `transfer`
# we now only use `share`
if not operation or operation not in ('share'):
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
username = request.user.username
repo_id_list = request.data.getlist('repo_id')
valid_repo_id_list = []
# filter out invalid repo id
for repo_id in repo_id_list:
if not seafile_api.get_repo(repo_id):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Library %s not found.' % repo_id
})
continue
if is_org_context(request):
org_id = request.user.org.org_id
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
if not username == org_repo_owner:
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Permission denied.'
})
continue
else:
if not seafile_api.is_repo_owner(username, repo_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Permission denied.'
})
continue
valid_repo_id_list.append(repo_id)
# share repo
if operation == 'share':
share_type = request.data.get('share_type')
if share_type != 'user' and share_type != 'group':
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
permission = request.data.get('permission', 'rw')
if permission not in ('r', 'rw'):
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# share repo to user
if share_type == 'user':
to_username = request.data.get('username', None)
if not to_username:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
User.objects.get(email=to_username)
except User.DoesNotExist:
error_msg = 'User %s not found.' % to_username
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check if to_user is an org user
try:
org_of_to_user = ccnet_api.get_orgs_by_user(to_username)
except Exception as e:
logger.debug(e)
org_of_to_user = []
if is_org_context(request):
org_id = request.user.org.org_id
org_name = request.user.org.org_name
if len(org_of_to_user
) == 0 or org_id != org_of_to_user[0].org_id:
error_msg = 'User %s is not member of organization %s.' \
% (to_username, org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
if len(org_of_to_user) >= 1:
error_msg = 'User %s is member of organization %s.' \
% (to_username, org_of_to_user[0].org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_user(request, repo_id, to_username):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has been shared to %s.' % to_username
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, repo_id, username, to_username,
permission)
else:
seafile_api.share_repo(repo_id, username,
to_username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_username,
repo=repo,
path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"username": to_username,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username,
to_username, repo_id, '/',
permission)
except Exception as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
# share repo to group
if share_type == 'group':
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(to_group_id)
if not group:
error_msg = 'Group %s not found.' % to_group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
group_name = group.group_name
if not is_group_member(to_group_id, username):
error_msg = 'User %s is not member of group %s.' % (
username, group_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_group(request, repo_id, to_group_id):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has been shared to %s.' % group_name
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(
repo_id, org_id, to_group_id, username,
permission)
else:
seafile_api.set_group_repo(repo_id, to_group_id,
username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_group_successful.send(
sender=None,
from_user=username,
group_id=to_group_id,
repo=repo,
path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"group_id": to_group_id,
"group_name": group_name,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username,
to_group_id, repo_id, '/',
permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
return Response(result)
def put(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND,
'Folder %s not found.' % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
if path != '/':
try:
sub_repo = self.get_or_create_sub_repo_by_path(
request, repo, path)
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Failed to get sub repo.')
else:
sub_repo = None
share_type = request.data.get('share_type')
if share_type != 'user' and share_type != 'group':
return api_error(status.HTTP_400_BAD_REQUEST,
'share_type invalid.')
permission = request.data.get('permission', 'r')
if permission not in ['r', 'rw']:
return api_error(status.HTTP_400_BAD_REQUEST,
'permission invalid.')
shared_repo = repo if path == '/' else sub_repo
success, failed = [], []
if share_type == 'user':
share_to_users = request.data.getlist('username')
for to_user in share_to_users:
if not is_valid_username(to_user):
failed.append(to_user)
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
failed.append(to_user)
continue
if not check_user_share_quota(
username, shared_repo, users=[to_user]):
return api_error(status.HTTP_403_FORBIDDEN,
'Not enough quota.')
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, shared_repo.id, username, to_user,
permission)
else:
seafile_api.share_repo(shared_repo.id, username,
to_user, permission)
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_user,
repo=shared_repo)
success.append({
"share_type": "user",
"user_info": {
"name": to_user,
"nickname": email2nickname(to_user),
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_user,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
failed.append(to_user)
continue
if share_type == 'group':
group_ids = request.data.getlist('group_id')
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST,
'group_id %s invalid.' % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_404_NOT_FOUND,
'Group %s not found' % gid)
if not check_user_share_quota(
username, shared_repo, groups=[group]):
return api_error(status.HTTP_403_FORBIDDEN,
'Not enough quota.')
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(shared_repo.repo_id,
org_id, gid, username,
permission)
else:
seafile_api.set_group_repo(shared_repo.repo_id, gid,
username, permission)
success.append({
"share_type": "group",
"group_info": {
"id": gid,
"name": group.group_name,
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, gid,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
failed.append(group.group_name)
continue
return HttpResponse(json.dumps({
"success": success,
"failed": failed
}),
status=200,
content_type=json_content_type)
def put(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
share_type = request.data.get('share_type')
if share_type != 'user' and share_type != 'group':
return api_error(status.HTTP_400_BAD_REQUEST, 'share_type invalid.')
permission = request.data.get('permission', 'r')
if permission not in ['r', 'rw']:
return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.')
result = {}
result['failed'] = []
result['success'] = []
if share_type == 'user':
share_to_users = request.data.getlist('username')
for to_user in share_to_users:
if not is_valid_username(to_user):
result['failed'].append({
'email': to_user,
'error_msg': 'username invalid.'
})
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
result['failed'].append({
'email': to_user,
'error_msg': 'User %s not found.' % to_user
})
continue
try:
if is_org_context(request):
org_id = request.user.org.org_id
if path == '/':
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, repo_id, username, to_user,
permission)
else:
sub_repo_id = seafile_api.org_share_subdir_to_user(org_id,
repo_id, path, username, to_user, permission)
else:
if path == '/':
seafile_api.share_repo(
repo_id, username, to_user, permission)
else:
sub_repo_id = seafile_api.share_subdir_to_user(
repo_id, path, username, to_user, permission)
# send a signal when sharing repo successful
if path == '/':
share_repo_to_user_successful.send(sender=None,
from_user=username, to_user=to_user, repo=repo)
else:
sub_repo = seafile_api.get_repo(sub_repo_id)
share_repo_to_user_successful.send(sender=None,
from_user=username, to_user=to_user, repo=sub_repo)
result['success'].append({
"share_type": "user",
"user_info": {
"name": to_user,
"nickname": email2nickname(to_user),
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_user,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'email': to_user,
'error_msg': 'Internal Server Error'
})
continue
if share_type == 'group':
group_ids = request.data.getlist('group_id')
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid.' % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_404_NOT_FOUND, 'Group %s not found' % gid)
try:
if is_org_context(request):
org_id = request.user.org.org_id
if path == '/':
seafile_api.add_org_group_repo(
repo_id, org_id, gid, username, permission)
else:
sub_repo_id = seafile_api.org_share_subdir_to_group(org_id,
repo_id, path, username, gid, permission)
else:
if path == '/':
seafile_api.set_group_repo(
repo_id, gid, username, permission)
else:
sub_repo_id = seafile_api.share_subdir_to_group(
repo_id, path, username, gid, permission)
if path == '/':
share_repo_to_group_successful.send(sender=None,
from_user=username, group_id=gid, repo=repo)
else:
sub_repo = seafile_api.get_repo(sub_repo_id)
share_repo_to_group_successful.send(sender=None,
from_user=username, group_id=gid, repo=sub_repo)
result['success'].append({
"share_type": "group",
"group_info": {
"id": gid,
"name": group.group_name,
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, gid,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'group_name': group.group_name,
'error_msg': 'Internal Server Error'
})
continue
return HttpResponse(json.dumps(result),
status=200, content_type=json_content_type)
def put(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND,
'Folder %s not found.' % path)
share_type = request.data.get('share_type')
if share_type != 'user' and share_type != 'group':
return api_error(status.HTTP_400_BAD_REQUEST,
'share_type invalid.')
if share_type == 'user':
if username != self.get_repo_owner(request, repo_id) and \
ExtraSharePermission.objects.get_user_permission(repo_id, username) != PERMISSION_ADMIN:
return api_error(status.HTTP_403_FORBIDDEN,
'Permission denied.')
else:
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN,
'Permission denied.')
permission = request.data.get('permission', PERMISSION_READ)
if permission not in [
PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN
]:
return api_error(status.HTTP_400_BAD_REQUEST,
'permission invalid.')
result = {}
result['failed'] = []
result['success'] = []
if share_type == 'user':
share_to_users = request.data.getlist('username')
for to_user in share_to_users:
if not is_valid_username(to_user):
result['failed'].append({
'email':
to_user,
'error_msg':
_(u'username invalid.')
})
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
result['failed'].append({
'email':
to_user,
'error_msg':
_(u'User %s not found.') % to_user
})
continue
if self.has_shared_to_user(request, repo_id, path, to_user):
result['failed'].append({
'email':
to_user,
'error_msg':
_(u'This item has been shared to %s.') % to_user
})
continue
try:
extra_share_permission = ''
if permission == PERMISSION_ADMIN:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE
if is_org_context(request):
username = seafile_api.get_org_repo_owner(repo_id)
org_id = request.user.org.org_id
if not is_org_user(to_user, int(org_id)):
org_name = request.user.org.org_name
error_msg = 'User %s is not member of organization %s.' \
% (to_user, org_name)
result['failed'].append({
'email': to_user,
'error_msg': error_msg
})
continue
if path == '/':
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, repo_id, username, to_user, permission)
else:
sub_repo_id = seafile_api.org_share_subdir_to_user(
org_id, repo_id, path, username, to_user,
permission)
else:
if is_org_user(to_user):
error_msg = 'User %s is a member of organization.' % to_user
result['failed'].append({
'email': to_user,
'error_msg': error_msg
})
continue
username = seafile_api.get_repo_owner(repo_id)
if path == '/':
seafile_api.share_repo(repo_id, username, to_user,
permission)
else:
sub_repo_id = seafile_api.share_subdir_to_user(
repo_id, path, username, to_user, permission)
if path == '/' and extra_share_permission == PERMISSION_ADMIN:
ExtraSharePermission.objects.create_share_permission(
repo_id, to_user, extra_share_permission)
# send a signal when sharing repo successful
if path == '/':
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_user,
repo=repo)
else:
sub_repo = seafile_api.get_repo(sub_repo_id)
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_user,
repo=sub_repo)
result['success'].append({
"share_type":
"user",
"user_info": {
"name": to_user,
"nickname": email2nickname(to_user),
},
"permission":
permission,
"is_admin":
extra_share_permission == PERMISSION_ADMIN
})
send_perm_audit_msg('add-repo-perm', username, to_user,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'email':
to_user,
'error_msg':
'Internal Server Error'
})
continue
if share_type == 'group':
group_ids = request.data.getlist('group_id')
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
result['failed'].append(
{'error_msg': _(u'group_id %s invalid.') % gid})
continue
group = ccnet_api.get_group(gid)
if not group:
result['failed'].append(
{'error_msg': _(u'Group %s not found') % gid})
continue
if not config.ENABLE_SHARE_TO_ALL_GROUPS and \
not ccnet_api.is_group_user(gid, username):
result['failed'].append({
'group_name':
group.group_name,
'error_msg':
_(u'Permission denied.')
})
continue
if self.has_shared_to_group(request, repo_id, path, gid):
result['failed'].append({
'group_name':
group.group_name,
'error_msg':
_(u'This item has been shared to %s.') %
group.group_name
})
continue
try:
if is_org_context(request):
org_id = request.user.org.org_id
if path == '/':
seafile_api.add_org_group_repo(
repo_id, org_id, gid, username, permission)
else:
sub_repo_id = seafile_api.org_share_subdir_to_group(
org_id, repo_id, path, username, gid,
permission)
else:
if path == '/':
seafile_api.set_group_repo(repo_id, gid, username,
permission)
else:
sub_repo_id = seafile_api.share_subdir_to_group(
repo_id, path, username, gid, permission)
if path == '/':
share_repo_to_group_successful.send(sender=None,
from_user=username,
group_id=gid,
repo=repo)
else:
sub_repo = seafile_api.get_repo(sub_repo_id)
share_repo_to_group_successful.send(sender=None,
from_user=username,
group_id=gid,
repo=sub_repo)
result['success'].append({
"share_type": "group",
"group_info": {
"id": gid,
"name": group.group_name,
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, gid,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'group_name':
group.group_name,
'error_msg':
'Internal Server Error'
})
continue
return HttpResponse(json.dumps(result),
status=200,
content_type=json_content_type)
def post(self, request):
# argument check
operation = request.data.get('operation', None)
if not operation:
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# operation could be `share`, `unshare`, `delete`, `transfer`
# we now only use `share`, `unshare`
if operation not in ('share', 'unshare'):
error_msg = 'operation can only be "share", "unshare".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
username = request.user.username
repo_id_list = request.data.getlist('repo_id')
valid_repo_id_list = []
# filter out invalid repo id
for repo_id in repo_id_list:
if not seafile_api.get_repo(repo_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Library %s not found.' % repo_id
})
continue
repo_owner = get_repo_owner(request, repo_id)
if repo_owner != username and not is_repo_admin(username, repo_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Permission denied.'
})
continue
valid_repo_id_list.append(repo_id)
# share repo
if operation == 'share':
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('user', 'group'):
error_msg = 'share_type can only be "user", "group".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
permission = request.data.get('permission', 'rw')
if permission not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# share repo to user
if share_type == 'user':
to_username = request.data.get('username', None)
if not to_username:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
User.objects.get(email=to_username)
except User.DoesNotExist:
error_msg = 'User %s not found.' % to_username
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check if to_user is an org user
try:
org_of_to_user = ccnet_api.get_orgs_by_user(to_username)
except Exception as e:
logger.error(e)
org_of_to_user = []
if is_org_context(request):
org_id = request.user.org.org_id
org_name = request.user.org.org_name
if len(org_of_to_user) == 0 or org_id != org_of_to_user[0].org_id:
error_msg = 'User %s is not member of organization %s.' \
% (to_username, org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
if len(org_of_to_user) >= 1:
error_msg = 'User %s is member of organization %s.' \
% (to_username, org_of_to_user[0].org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_user(request, repo_id, to_username):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'This item has been shared to %s.' % to_username
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(org_id,
repo_id, username, to_username, permission)
else:
seafile_api.share_repo(
repo_id, username, to_username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_username,
repo=repo, path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"username": to_username,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_username,
repo_id, '/', permission)
except Exception as e:
logger.error(e)
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Internal Server Error'
})
# share repo to group
if share_type == 'group':
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(to_group_id)
if not group:
error_msg = 'Group %s not found.' % to_group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
group_name = group.group_name
if not is_group_member(to_group_id, username):
error_msg = 'User %s is not member of group %s.' % (username, group_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_group(request, repo_id, to_group_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'This item has been shared to %s.' % group_name
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(
repo_id, org_id, to_group_id, username, permission)
else:
seafile_api.set_group_repo(
repo_id, to_group_id, username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_group_successful.send(sender=None,
from_user=username,
group_id=to_group_id,
repo=repo, path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"group_id": to_group_id,
"group_name": group_name,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_group_id,
repo_id, '/', permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Internal Server Error'
})
# unshare repo
if operation == 'unshare':
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('user', 'group'):
error_msg = 'share_type can only be "user", "group".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# unshare repo from user
if share_type == 'user':
to_username = request.data.get('username', None)
if not to_username:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
for repo_id in valid_repo_id_list:
if not self.has_shared_to_user(request, repo_id, to_username):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'This item has not been shared to %s.' % to_username
})
continue
repo_owner = get_repo_owner(request, repo_id)
try:
# get share permission before unshare operation
permission = check_user_share_out_permission(repo_id,
'/', to_username, is_org_context(request))
if is_org_context(request):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
org_id = request.user.org.org_id
seafile_api.org_remove_share(org_id, repo_id, repo_owner, to_username)
else:
seafile_api.remove_share(repo_id, repo_owner, to_username)
# Delete share permission at ExtraSharePermission table.
ExtraSharePermission.objects.delete_share_permission(repo_id,
to_username)
# send message
send_perm_audit_msg('delete-repo-perm', username,
to_username, repo_id, '/', permission)
result['success'].append({
"repo_id": repo_id,
"username": to_username,
})
except Exception as e:
logger.error(e)
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Internal Server Error'
})
# unshare repo from group
if share_type == 'group':
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(to_group_id)
group_name = group.group_name if group else ''
for repo_id in valid_repo_id_list:
if not self.has_shared_to_group(request, repo_id, to_group_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'This item has not been shared to %s.' % group_name
})
continue
try:
# get share permission before unshare operation
permission = check_group_share_out_permission(repo_id,
'/', to_group_id, is_org_context(request))
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.del_org_group_repo(repo_id, org_id, to_group_id)
else:
seafile_api.unset_group_repo(
repo_id, to_group_id, username)
# Delete share permission at ExtraSharePermission table.
ExtraGroupsSharePermission.objects.delete_share_permission(repo_id,
to_group_id)
# send message
send_perm_audit_msg('delete-repo-perm', username,
to_group_id, repo_id, '/', permission)
result['success'].append({
"repo_id": repo_id,
"group_id": to_group_id,
"group_name": group_name,
})
except SearpcError as e:
logger.error(e)
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Internal Server Error'
})
return Response(result)
