def group_add(request, gid): group_id_int = int(gid) # Checked by URL Conf if not check_group_staff(group_id_int, request.user): raise Http404 group = ccnet_threaded_rpc.get_group(group_id_int) if not group: return HttpResponseRedirect(reverse('group_list', args=[])) # change navigator when user in diffent context org, base_template = check_and_get_org_by_group(group_id_int, request.user.username) form = GroupAvatarForm(request.POST or None, request.FILES or None) if request.method == 'POST' and 'avatar' in request.FILES: if form.is_valid(): image_file = request.FILES['avatar'] avatar = GroupAvatar() avatar.group_id = gid avatar.avatar.save(image_file.name, image_file) avatar.save() # invalidate group avatar cache invalidate_group_cache(gid) messages.success(request, _("Successfully uploaded a new group avatar.")) else: messages.error(request, form.errors['avatar']) return HttpResponseRedirect(_get_next(request)) else: # Only allow post request to change group avatar. raise Http404
def group_message_remove(request, group_id, msg_id): """ Remove group message and all message replies and attachments. """ # Checked by URL Conf group_id_int = int(group_id) msg_id = int(msg_id) group = get_group(group_id_int) if not group: raise Http404 # Test whether user is in the group if not is_group_user(group_id_int, request.user.username): raise Http404 try: gm = GroupMessage.objects.get(id=msg_id) except GroupMessage.DoesNotExist: return HttpResponse( json.dumps({"success": False, "err_msg": _(u"The message doesn't exist")}), content_type="application/json; charset=utf-8", ) else: # Test whether user is group admin or message owner. if seaserv.check_group_staff(group_id, request.user.username) or gm.from_email == request.user.username: gm.delete() return HttpResponse(json.dumps({"success": True}), content_type="application/json; charset=utf-8") else: return HttpResponse( json.dumps({"success": False, "err_msg": _(u"You don't have the permission.")}), content_type="application/json; charset=utf-8", )
def group_message_remove(request, group_id, msg_id): """ Remove group message and all message replies and attachments. """ # Checked by URL Conf group_id_int = int(group_id) msg_id = int(msg_id) group = get_group(group_id_int) if not group: raise Http404 # Test whether user is in the group if not is_group_user(group_id_int, request.user.username): raise Http404 try: gm = GroupMessage.objects.get(id=msg_id) except GroupMessage.DoesNotExist: return HttpResponse(json.dumps({'success': False, 'err_msg':_(u"The message doesn't exist")}), content_type='application/json; charset=utf-8') else: # Test whether user is group admin or message owner. if seaserv.check_group_staff(group_id, request.user.username) or \ gm.from_email == request.user.username: gm.delete() return HttpResponse(json.dumps({'success': True}), content_type='application/json; charset=utf-8') else: return HttpResponse(json.dumps({'success': False, 'err_msg': _(u"You don't have the permission.")}), content_type='application/json; charset=utf-8')
def get_group_member_info(request, group_id, email, avatar_size=AVATAR_DEFAULT_SIZE): p = Profile.objects.get_profile_by_user(email) if p: login_id = p.login_id if p.login_id else '' else: login_id = '' try: avatar_url, is_default, date_uploaded = api_avatar_url( email, avatar_size) except Exception as e: logger.error(e) avatar_url = get_default_avatar_url() is_admin = seaserv.check_group_staff(group_id, email) member_info = { "name": email2nickname(email), 'email': email, "contact_email": Profile.objects.get_contact_email_by_user(email), "login_id": login_id, "avatar_url": request.build_absolute_uri(avatar_url), "is_admin": is_admin, } return member_info
def group_add(request, gid): group_id_int = int(gid) # Checked by URL Conf if not check_group_staff(group_id_int, request.user.username): raise Http404 group = ccnet_threaded_rpc.get_group(group_id_int) if not group: return HttpResponseRedirect(reverse('group_list', args=[])) # change navigator when user in diffent context org, base_template = check_and_get_org_by_group(group_id_int, request.user.username) form = GroupAvatarForm(request.POST or None, request.FILES or None) if request.method == 'POST' and 'avatar' in request.FILES: if form.is_valid(): image_file = request.FILES['avatar'] avatar = GroupAvatar() avatar.group_id = gid avatar.avatar.save(image_file.name, image_file) avatar.save() # invalidate group avatar cache invalidate_group_cache(gid) messages.success(request, _("Successfully uploaded a new group avatar.")) else: messages.error(request, form.errors['avatar']) return HttpResponseRedirect(_get_next(request)) else: # Only allow post request to change group avatar. raise Http404
def _decorated(request, *args, **kwargs): try: group_id = int(kwargs.get('group_id', None)) except TypeError: raise TypeError("No group_id in url arguments") if check_group_staff(group_id, request.user.username): return func(request, *args, **kwargs) raise Http404
def repo_remove_share(request): """ If repo is shared from one person to another person, only these two peson can remove share. If repo is shared from one person to a group, then only the one share the repo and group staff can remove share. """ repo_id = request.GET.get('repo_id', '') group_id = request.GET.get('gid', '') from_email = request.GET.get('from', '') if not is_valid_username(from_email): return render_error(request, _(u'Argument is not valid')) username = request.user.username # if request params don't have 'gid', then remove repos that share to # to other person; else, remove repos that share to groups if not group_id: to_email = request.GET.get('to', '') if not is_valid_username(to_email): return render_error(request, _(u'Argument is not valid')) if username != from_email and username != to_email: return render_permission_error(request, _(u'Failed to remove share')) if is_org_context(request): org_id = request.user.org.org_id org_remove_share(org_id, repo_id, from_email, to_email) else: seaserv.remove_share(repo_id, from_email, to_email) else: try: group_id = int(group_id) except: return render_error(request, _(u'group id is not valid')) group = seaserv.get_group(group_id) if not group: return render_error( request, _(u"Failed to unshare: the group doesn't exist.")) if not seaserv.check_group_staff(group_id, username) \ and username != from_email: return render_permission_error(request, _(u'Failed to remove share')) if is_org_group(group_id): org_id = get_org_id_by_group(group_id) del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, from_email) messages.success(request, _('Successfully removed share')) next = request.META.get('HTTP_REFERER', SITE_ROOT) return HttpResponseRedirect(next)
def is_group_repo_staff(request, repo_id, username): is_staff = False repo_owner = get_repo_owner(request, repo_id) if '@seafile_group' in repo_owner: group_id = email2nickname(repo_owner) is_staff = seaserv.check_group_staff(group_id, username) return is_staff
def put(self, request, group_id): """ Rename, transfer a specific group """ group = seaserv.get_group(group_id) username = request.user.username new_group_name = request.data.get('name', None) if new_group_name: # rename a group # Check whether group name is validate. if not validate_group_name(new_group_name): error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # Check whether group name is duplicated. if check_group_name_conflict(request, new_group_name): error_msg = _(u'There is already a group with that name.') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: seaserv.ccnet_threaded_rpc.set_group_name(group_id, new_group_name) except SearpcError as e: logger.error(e) error_msg = _(u'Internal Server Error') return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) new_creator= request.data.get('creator', None) if new_creator: # transfer a group if not is_valid_username(new_creator): error_msg = _('Creator %s is not valid.') % new_creator return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if new_creator == group.creator_name: error_msg = _('%s is already group owner') % new_creator return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: if not seaserv.is_group_user(group_id, new_creator): seaserv.ccnet_threaded_rpc.group_add_member(group_id, username, new_creator) if not seaserv.check_group_staff(group_id, new_creator): seaserv.ccnet_threaded_rpc.group_set_admin(group_id, new_creator) seaserv.ccnet_threaded_rpc.set_group_creator(group_id, new_creator) except SearpcError as e: logger.error(e) error_msg = _(u'Internal Server Error') return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # get new info of this group group_info = get_group_info(request, group_id, GROUP_AVATAR_DEFAULT_SIZE) return Response(group_info)
def repo_remove_share(request): """ If repo is shared from one person to another person, only these two peson can remove share. If repo is shared from one person to a group, then only the one share the repo and group staff can remove share. """ repo_id = request.GET.get('repo_id', '') group_id = request.GET.get('gid', '') from_email = request.GET.get('from', '') if not is_valid_username(from_email): return render_error(request, _(u'Argument is not valid')) username = request.user.username # if request params don't have 'gid', then remove repos that share to # to other person; else, remove repos that share to groups if not group_id: to_email = request.GET.get('to', '') if not is_valid_username(to_email): return render_error(request, _(u'Argument is not valid')) if username != from_email and username != to_email: return render_permission_error(request, _(u'Failed to remove share')) if is_org_context(request): org_id = request.user.org.org_id org_remove_share(org_id, repo_id, from_email, to_email) else: seaserv.remove_share(repo_id, from_email, to_email) else: try: group_id = int(group_id) except: return render_error(request, _(u'group id is not valid')) group = seaserv.get_group(group_id) if not group: return render_error(request, _(u"Failed to unshare: the group doesn't exist.")) if not seaserv.check_group_staff(group_id, username) \ and username != from_email: return render_permission_error(request, _(u'Failed to remove share')) if is_org_group(group_id): org_id = get_org_id_by_group(group_id) del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, from_email) messages.success(request, _('Successfully removed share')) next = request.META.get('HTTP_REFERER', SITE_ROOT) return HttpResponseRedirect(next)
def repo_remove_share(request): """ If repo is shared from one person to another person, only these two peson can remove share. If repo is shared from one person to a group, then only the one share the repo and group staff can remove share. """ repo_id = request.GET.get('repo_id', '') group_id = request.GET.get('gid', '') from_email = request.GET.get('from', '') if not is_valid_username(from_email): return render_error(request, _(u'Argument is not valid')) # if request params don't have 'gid', then remove repos that share to # to other person; else, remove repos that share to groups if not group_id: to_email = request.GET.get('to', '') if not is_valid_username(to_email): return render_error(request, _(u'Argument is not valid')) if request.user.username != from_email and \ request.user.username != to_email: return render_permission_error(request, _(u'Failed to remove share')) remove_share(repo_id, from_email, to_email) else: try: group_id_int = int(group_id) except: return render_error(request, _(u'group id is not valid')) if not check_group_staff(group_id_int, request.user.username) \ and request.user.username != from_email: return render_permission_error(request, _(u'Failed to remove share')) if is_org_group(group_id_int): org_id = get_org_id_by_group(group_id_int) del_org_group_repo(repo_id, org_id, group_id_int) else: from seahub.group.views import group_unshare_repo group_unshare_repo(request, repo_id, group_id_int, from_email) messages.success(request, _('Successfully removed share')) next = request.META.get('HTTP_REFERER', None) if not next: next = SITE_ROOT return HttpResponseRedirect(next)
def user_info(request, email): """Show user info, libraries and groups. """ owned_repos = mute_seafile_api.get_owned_repo_list(email, ret_corrupted=True) owned_repos = filter(lambda r: not r.is_virtual, owned_repos) in_repos = mute_seafile_api.get_share_in_repo_list(email, -1, -1) space_usage = mute_seafile_api.get_user_self_usage(email) space_quota = mute_seafile_api.get_user_quota(email) # get user profile profile = Profile.objects.get_profile_by_user(email) d_profile = DetailedProfile.objects.get_detailed_profile_by_user(email) try: personal_groups = seaserv.get_personal_groups_by_user(email) except SearpcError as e: logger.error(e) personal_groups = [] for g in personal_groups: try: is_group_staff = seaserv.check_group_staff(g.id, email) except SearpcError as e: logger.error(e) is_group_staff = False if email == g.creator_name: g.role = _('Owner') elif is_group_staff: g.role = _('Admin') else: g.role = _('Member') available_quota = get_institution_available_quota(request.user.institution) return render_to_response('institutions/user_info.html', { 'owned_repos': owned_repos, 'space_quota': space_quota, 'space_usage': space_usage, 'in_repos': in_repos, 'email': email, 'profile': profile, 'd_profile': d_profile, 'personal_groups': personal_groups, 'available_quota': available_quota, }, context_instance=RequestContext(request))
def group_remove_member(request, group_id, user_name): try: group_id_int = int(group_id) except ValueError: return render_error(request, _(u"group id is not valid")) if not check_group_staff(group_id_int, request.user): raise Http404 try: ccnet_threaded_rpc.group_remove_member(group_id_int, request.user.username, user_name) seafserv_threaded_rpc.remove_repo_group(group_id_int, user_name) messages.success(request, _(u"Operation succeeded.")) except SearpcError, e: messages.error(request, _(u"Failed:%s") % e.msg)
def user_info(request, email): """Show user info, libraries and groups. """ owned_repos = mute_seafile_api.get_owned_repo_list(email, ret_corrupted=True) owned_repos = filter(lambda r: not r.is_virtual, owned_repos) in_repos = mute_seafile_api.get_share_in_repo_list(email, -1, -1) space_usage = mute_seafile_api.get_user_self_usage(email) space_quota = mute_seafile_api.get_user_quota(email) # get user profile profile = Profile.objects.get_profile_by_user(email) d_profile = DetailedProfile.objects.get_detailed_profile_by_user(email) try: personal_groups = seaserv.get_personal_groups_by_user(email) except SearpcError as e: logger.error(e) personal_groups = [] for g in personal_groups: try: is_group_staff = seaserv.check_group_staff(g.id, email) except SearpcError as e: logger.error(e) is_group_staff = False if email == g.creator_name: g.role = _('Owner') elif is_group_staff: g.role = _('Admin') else: g.role = _('Member') return render_to_response( 'institutions/user_info.html', { 'owned_repos': owned_repos, 'space_quota': space_quota, 'space_usage': space_usage, 'in_repos': in_repos, 'email': email, 'profile': profile, 'd_profile': d_profile, 'personal_groups': personal_groups, }, context_instance=RequestContext(request))
def group_unshare_repo(request, repo_id, group_id, from_email): """ Unshare a repo in group. """ # Check whether group exists group = get_group(group_id) if not group: return render_error(request, _(u"Failed to unshare: the group doesn't exist.")) # Check whether user is group staff or the one share the repo if not check_group_staff(group_id, from_email) and \ seafserv_threaded_rpc.get_group_repo_owner(repo_id) != from_email: return render_permission_error(request, _(u"Operation failed: only administrators and the owner of the library can unshare it.")) if seafserv_threaded_rpc.group_unshare_repo(repo_id, group_id, from_email) != 0: return render_error(request, _(u"Failed to unshare: internal error."))
def group_wiki(request, group, page_name="home"): is_staff = True if check_group_staff(group.id, request.user) else False username = request.user.username content = '' wiki_exists = True last_modified, latest_contributor = None, None try: content, repo_id, obj_id = get_wiki_page(request, group, page_name) except WikiDoesNotExist: wiki_exists = False except WikiPageMissing: '''create that page for user''' repo = find_wiki_repo(request, group) # No need to check whether repo is none, since repo is already created filename = normalize_page_name(page_name) + '.md' if not post_empty_file(repo.id, "/", filename, username): return render_error(request, _("Faied to create wiki page. Please retry later.")) return HttpResponseRedirect(reverse('group_wiki', args=[group.id, page_name])) else: content = convert_wiki_link(content, group, repo_id, username) # fetch file latest contributor and last modified path = '/' + page_name + '.md' file_path_hash = md5_constructor(urllib2.quote(path.encode('utf-8'))).hexdigest()[:12] contributors, last_modified, last_commit_id = get_file_contributors(\ repo_id, path.encode('utf-8'), file_path_hash, obj_id) latest_contributor = contributors[0] if contributors else None return render_to_response("group/group_wiki.html", { "group_id": group.id, "group" : group, "is_staff": is_staff, "content": content, "page": page_name, "wiki_exists": wiki_exists, "last_modified": last_modified, "latest_contributor": latest_contributor, }, context_instance=RequestContext(request))
def _decorated(view, request, group_id, *args, **kwargs): group_id = int(group_id) # Checked by URL Conf try: group = seaserv.get_group(group_id) except SearpcError as e: logger.error(e) error_msg = _(u'Internal Server Error') return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not group: error_msg = _(u'Group does not exist.') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) username = request.user.username try: is_group_member = seaserv.is_group_user(group_id, username) except SearpcError as e: logger.error(e) error_msg = _(u'Internal Server Error') return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not is_group_member: error_msg = _(u'Permission denied') return api_error(status.HTTP_403_FORBIDDEN, error_msg) try: is_group_staff = seaserv.check_group_staff(group_id, username) except SearpcError as e: logger.error(e) error_msg = _(u'Internal Server Error') return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not is_group_staff: error_msg = _(u'Permission denied') return api_error(status.HTTP_403_FORBIDDEN, error_msg) return func(view, request, group_id, *args, **kwargs)
def get_group_member_info(request, group_id, email, avatar_size=AVATAR_DEFAULT_SIZE): p = Profile.objects.get_profile_by_user(email) if p: login_id = p.login_id if p.login_id else '' else: login_id = '' try: avatar_url, is_default, date_uploaded = api_avatar_url(email, avatar_size) except Exception as e: logger.error(e) avatar_url = get_default_avatar_url() is_admin = seaserv.check_group_staff(group_id, email) member_info = { "name": email2nickname(email), 'email': email, "contact_email": Profile.objects.get_contact_email_by_user(email), "login_id": login_id, "avatar_url": request.build_absolute_uri(avatar_url), "is_admin": is_admin, } return member_info
def group_discuss(request, group_id): if request.method == 'POST': form = MessageForm(request.POST) if form.is_valid(): msg = form.cleaned_data['message'] message = GroupMessage() message.group_id = group_id message.from_email = request.user.username message.message = msg message.save() # send signal grpmsg_added.send(sender=GroupMessage, group_id=group_id, from_email=request.user.username) # Always return an HttpResponseRedirect after successfully dealing # with POST data. return HttpResponseRedirect(reverse('group_discuss', args=[group_id])) else: form = MessageForm() op = request.GET.get('op', '') if op == 'delete': return group_remove(request, group_id) elif op == 'dismiss': return group_dismiss(request, group_id) elif op == 'quit': return group_quit(request, group_id) group_id_int = int(group_id) # Checkeb by URL Conf # remove user notifications UserNotification.objects.filter(to_user=request.user.username, msg_type='group_msg', detail=str(group_id)).delete() group = get_group(group_id_int) if not group: return HttpResponseRedirect(reverse('group_list', args=[])) # Check whether user belongs to the group. joined = is_group_user(group_id_int, request.user.username) if not joined and not request.user.is_staff: # Return group public info page. return render_to_response('group/group_pubinfo.html', { 'members': members, 'group': group, }, context_instance=RequestContext(request)) # Get all group members. members = get_group_members(group_id_int) is_staff = True if check_group_staff(group.id, request.user) else False """group messages""" # Show 15 group messages per page. paginator = Paginator(GroupMessage.objects.filter( group_id=group_id).order_by('-timestamp'), 15) # Make sure page request is an int. If not, deliver first page. try: page = int(request.GET.get('page', '1')) except ValueError: page = 1 # If page request (9999) is out of range, deliver last page of results. try: group_msgs = paginator.page(page) except (EmptyPage, InvalidPage): group_msgs = paginator.page(paginator.num_pages) group_msgs.page_range = paginator.get_page_range(group_msgs.number) # Force evaluate queryset to fix some database error for mysql. group_msgs.object_list = list(group_msgs.object_list) attachments = MessageAttachment.objects.filter(group_message__in=group_msgs.object_list) msg_replies = MessageReply.objects.filter(reply_to__in=group_msgs.object_list) reply_to_list = [ r.reply_to_id for r in msg_replies ] for msg in group_msgs.object_list: msg.reply_cnt = reply_to_list.count(msg.id) msg.replies = [] for r in msg_replies: if msg.id == r.reply_to_id: msg.replies.append(r) msg.replies = msg.replies[-3:] for att in attachments: if msg.id == att.group_message_id: # Attachment name is file name or directory name. # If is top directory, use repo name instead. path = att.path if path == '/': repo = get_repo(att.repo_id) if not repo: # TODO: what should we do here, tell user the repo # is no longer exists? continue att.name = repo.name else: # cut out last '/' if path[-1] == '/': path = path[:-1] att.name = os.path.basename(path) msg.attachment = att return render_to_response("group/group_discuss.html", { "members": members, "group_id": group_id, "group" : group, "is_staff": is_staff, "group_msgs": group_msgs, "form": form, 'group_members_default_display': GROUP_MEMBERS_DEFAULT_DISPLAY, }, context_instance=RequestContext(request));
def _decorated(request, *args, **kwargs): group_id = int(kwargs.get('group_id', '0')) # Checked by URL Conf if check_group_staff(group_id, request.user): return func(request, *args, **kwargs) raise Http404
def put(self, request, group_id): """ Rename, transfer a specific group """ group = seaserv.get_group(group_id) username = request.user.username new_group_name = request.data.get('name', None) if new_group_name: # rename a group # Check whether group name is validate. if not validate_group_name(new_group_name): error_msg = _( u'Group name can only contain letters, numbers, blank, hyphen or underscore' ) return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # Check whether group name is duplicated. if check_group_name_conflict(request, new_group_name): error_msg = _(u'There is already a group with that name.') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: seaserv.ccnet_threaded_rpc.set_group_name( group_id, new_group_name) except SearpcError as e: logger.error(e) error_msg = _(u'Internal Server Error') return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) new_creator = request.data.get('creator', None) if new_creator: # transfer a group if not is_valid_username(new_creator): error_msg = _('Creator %s is not valid.') % new_creator return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if new_creator == group.creator_name: error_msg = _('%s is already group owner') % new_creator return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: if not seaserv.is_group_user(group_id, new_creator): seaserv.ccnet_threaded_rpc.group_add_member( group_id, username, new_creator) if not seaserv.check_group_staff(group_id, new_creator): seaserv.ccnet_threaded_rpc.group_set_admin( group_id, new_creator) seaserv.ccnet_threaded_rpc.set_group_creator( group_id, new_creator) except SearpcError as e: logger.error(e) error_msg = _(u'Internal Server Error') return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # get new info of this group group_info = get_group_info(request, group_id, GROUP_AVATAR_DEFAULT_SIZE) return Response(group_info)
def is_group_staff(group, user): if user.is_anonymous(): return False return seaserv.check_group_staff(group.id, user.username)
def is_group_admin(group_id, email): return seaserv.check_group_staff(group_id, email)
def ajax_repo_remove_share(request): """ Remove repo shared to user/group/public """ content_type = 'application/json; charset=utf-8' repo_id = request.POST.get('repo_id', None) share_type = request.POST.get('share_type', None) if not seafile_api.get_repo(repo_id): return HttpResponse(json.dumps({'error': _(u'Library does not exist')}), status=400, content_type=content_type) username = request.user.username if share_type == 'personal': from_email = request.POST.get('from', None) if not is_valid_username(from_email): return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400, content_type=content_type) if is_org_context(request): org_id = request.user.org.org_id org_remove_share(org_id, repo_id, from_email, username) else: seaserv.remove_share(repo_id, from_email, username) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) elif share_type == 'group': from_email = request.POST.get('from', None) if not is_valid_username(from_email): return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400, content_type=content_type) group_id = request.POST.get('group_id', None) group = seaserv.get_group(group_id) if not group: return HttpResponse(json.dumps({'error': _(u"Group does not exist")}), status=400, content_type=content_type) if seaserv.check_group_staff(group_id, username) or \ seafile_api.is_repo_owner(username, repo_id): if is_org_group(group_id): org_id = get_org_id_by_group(group_id) del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, from_email) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) else: return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=400, content_type=content_type) elif share_type == 'public': if is_org_context(request): org_repo_owner = seafile_api.get_org_repo_owner(repo_id) is_org_repo_owner = True if org_repo_owner == username else False if request.user.org.is_staff or is_org_repo_owner: org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id, repo_id) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) else: return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=403, content_type=content_type) else: if seafile_api.is_repo_owner(username, repo_id) or \ request.user.is_staff: unset_inner_pub_repo(repo_id) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) else: return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=403, content_type=content_type) else: return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400, content_type=content_type)
def ajax_repo_remove_share(request): """ Remove repo shared to user/group/public """ content_type = 'application/json; charset=utf-8' repo_id = request.POST.get('repo_id', None) share_type = request.POST.get('share_type', None) if not seafile_api.get_repo(repo_id): return HttpResponse(json.dumps({'error': _(u'Library does not exist')}), status=400, content_type=content_type) username = request.user.username if share_type == 'personal': from_email = request.POST.get('from', None) if not is_valid_username(from_email): return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400, content_type=content_type) if is_org_context(request): org_id = request.user.org.org_id org_remove_share(org_id, repo_id, from_email, username) else: seaserv.remove_share(repo_id, from_email, username) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) elif share_type == 'group': from_email = request.POST.get('from', None) if not is_valid_username(from_email): return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400, content_type=content_type) group_id = request.POST.get('group_id', None) group = seaserv.get_group(group_id) if not group: return HttpResponse(json.dumps( {'error': _(u"Group does not exist")}), status=400, content_type=content_type) if seaserv.check_group_staff(group_id, username) or \ seafile_api.is_repo_owner(username, repo_id): if is_org_group(group_id): org_id = get_org_id_by_group(group_id) del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, from_email) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) else: return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=400, content_type=content_type) elif share_type == 'public': if is_org_context(request): org_repo_owner = seafile_api.get_org_repo_owner(repo_id) is_org_repo_owner = True if org_repo_owner == username else False if request.user.org.is_staff or is_org_repo_owner: org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo( org_id, repo_id) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) else: return HttpResponse(json.dumps( {'error': _(u'Permission denied')}), status=403, content_type=content_type) else: if seafile_api.is_repo_owner(username, repo_id) or \ request.user.is_staff: unset_inner_pub_repo(repo_id) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) else: return HttpResponse(json.dumps( {'error': _(u'Permission denied')}), status=403, content_type=content_type) else: return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400, content_type=content_type)
def render_group_info(request, group_id, form): group_id_int = int(group_id) # Checkeb by URL Conf # remove user notifications UserNotification.objects.filter(to_user=request.user.username, msg_type='group_msg', detail=str(group_id)).delete() group = get_group(group_id_int) if not group: return HttpResponseRedirect(reverse('group_list', args=[])) # Get all group members. members = get_group_members(group_id_int) # Check whether user belongs to the group. joined = is_group_user(group_id_int, request.user.username) if not joined and not request.user.is_staff: # Return group public info page. return render_to_response('group/group_pubinfo.html', { 'members': members, 'group': group, }, context_instance=RequestContext(request)) is_staff = True if check_group_staff(group.id, request.user) else False managers = [] common_members = [] for member in members: if member.is_staff == 1: managers.append(member) else: common_members.append(member) org = request.user.org if org: repos = get_org_group_repos(org['org_id'], group_id_int, request.user.username) else: repos = get_group_repos(group_id_int, request.user.username) for repo in repos: repo.user_perm = check_permission(repo.props.id, request.user.username) """group messages""" # Make sure page request is an int. If not, deliver first page. try: current_page = int(request.GET.get('page', '1')) per_page= int(request.GET.get('per_page', '15')) except ValueError: current_page = 1 per_page = 15 msgs_plus_one = GroupMessage.objects.filter( group_id=group_id).order_by( '-timestamp')[per_page*(current_page-1) : per_page*current_page+1] if len(msgs_plus_one) == per_page + 1: page_next = True else: page_next = False group_msgs = msgs_plus_one[:per_page] attachments = MessageAttachment.objects.filter(group_message__in=group_msgs) msg_replies = MessageReply.objects.filter(reply_to__in=group_msgs) reply_to_list = [ r.reply_to_id for r in msg_replies ] for msg in group_msgs: msg.reply_cnt = reply_to_list.count(msg.id) for att in attachments: if msg.id == att.group_message_id: # Attachment name is file name or directory name. # If is top directory, use repo name instead. path = att.path if path == '/': repo = get_repo(att.repo_id) if not repo: # TODO: what should we do here, tell user the repo # is no longer exists? continue att.name = repo.name else: # cut out last '/' if path[-1] == '/': path = path[:-1] att.name = os.path.basename(path) msg.attachment = att contacts = Contact.objects.filter(user_email=request.user.username) return render_to_response("group/group_info.html", { "managers": managers, "common_members": common_members, "members": members, "repos": repos, "group_id": group_id, "group" : group, "is_staff": is_staff, "is_join": joined, "group_msgs": group_msgs, "form": form, 'current_page': current_page, 'prev_page': current_page-1, 'next_page': current_page+1, 'per_page': per_page, 'page_next': page_next, 'create_shared_repo': True, 'contacts': contacts, 'group_members_default_display': GROUP_MEMBERS_DEFAULT_DISPLAY, }, context_instance=RequestContext(request));
def _decorated(request, *args, **kwargs): group_id = int(kwargs.get('group_id', '0')) # Checked by URL Conf if check_group_staff(group_id, request.user.username): return func(request, *args, **kwargs) raise Http404
def render_group_info(request, group_id, form): group_id_int = int(group_id) # Checkeb by URL Conf # remove user notifications UserNotification.objects.filter(to_user=request.user.username, msg_type='group_msg', detail=str(group_id)).delete() group = get_group(group_id_int) if not group: return HttpResponseRedirect(reverse('group_list', args=[])) # Get all group members. members = get_group_members(group_id_int) # Check whether user belongs to the group. joined = is_group_user(group_id_int, request.user.username) if not joined and not request.user.is_staff: # Return group public info page. return render_to_response('group/group_pubinfo.html', { 'members': members, 'group': group, }, context_instance=RequestContext(request)) is_staff = True if check_group_staff(group.id, request.user) else False org = request.user.org if org: repos = get_org_group_repos(org['org_id'], group_id_int, request.user.username) else: repos = get_group_repos(group_id_int, request.user.username) recent_commits = [] cmt_repo_dict = {} for repo in repos: repo.user_perm = check_permission(repo.props.id, request.user.username) cmmts = get_commits(repo.props.id, 0, 10) for c in cmmts: cmt_repo_dict[c.id] = repo recent_commits += cmmts recent_commits.sort(lambda x, y : cmp(y.props.ctime, x.props.ctime)) recent_commits = recent_commits[:15] for cmt in recent_commits: cmt.repo = cmt_repo_dict[cmt.id] cmt.repo.password_set = is_passwd_set(cmt.props.repo_id, request.user.username) cmt.tp = cmt.props.desc.split(' ')[0] return render_to_response("group/group_info.html", { "members": members, "repos": repos, "recent_commits": recent_commits, "group_id": group_id, "group" : group, "is_staff": is_staff, "is_join": joined, "form": form, 'create_shared_repo': True, 'group_members_default_display': GROUP_MEMBERS_DEFAULT_DISPLAY, }, context_instance=RequestContext(request));
def delete(self, request, repo_id, format=None): if not seafile_api.get_repo(repo_id): return api_error(status.HTTP_400_BAD_REQUEST, 'Library does not exist') username = request.user.username share_type = request.GET.get('share_type', None) if share_type == 'personal': from_email = request.GET.get('from', None) if not is_valid_username(from_email): return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument') if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_remove_share( org_id, repo_id, from_email, username) else: seaserv.remove_share(repo_id, from_email, username) elif share_type == 'group': from_email = request.GET.get('from', None) if not is_valid_username(from_email): return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument') group_id = request.GET.get('group_id', None) group = seaserv.get_group(group_id) if not group: return api_error(status.HTTP_400_BAD_REQUEST, 'Group does not exist') if not seaserv.check_group_staff(group_id, username) and \ not seafile_api.is_repo_owner(username, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied') if seaserv.is_org_group(group_id): org_id = seaserv.get_org_id_by_group(group_id) seaserv.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, from_email) elif share_type == 'public': if is_org_context(request): org_repo_owner = seafile_api.get_org_repo_owner(repo_id) is_org_repo_owner = True if org_repo_owner == username else False if not request.user.org.is_staff and not is_org_repo_owner: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied') org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo( org_id, repo_id) else: if not seafile_api.is_repo_owner(username, repo_id) and \ not request.user.is_staff: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied') seaserv.unset_inner_pub_repo(repo_id) else: return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument') return Response({'success': True}, status=status.HTTP_200_OK)
return render_error(request, _('Wiki root path is missing.')) try: dirs = seafserv_threaded_rpc.list_dir(dir_id) except SearpcError, e: return render_error(request, _('Failed to list wiki directories.')) pages = [] for e in dirs: if stat.S_ISDIR(e.mode): continue # skip directories name, ext = os.path.splitext(e.obj_name) if ext == '.md': pages.append(name) is_staff = True if check_group_staff(group.id, request.user) else False return render_to_response("group/group_wiki_pages.html", { "group": group, "pages": pages, "is_staff": is_staff, }, context_instance=RequestContext(request)) @login_required @group_check def group_wiki_create(request, group): if request.method != 'POST': raise Http404 content_type = 'application/json; charset=utf-8'
def delete(self, request, repo_id, format=None): if not seafile_api.get_repo(repo_id): return api_error(status.HTTP_400_BAD_REQUEST, 'Library does not exist') username = request.user.username share_type = request.GET.get('share_type', None) if share_type == 'personal': from_email = request.GET.get('from', None) if not is_valid_username(from_email): return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument') if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_remove_share(org_id, repo_id, from_email, username) else: seaserv.remove_share(repo_id, from_email, username) elif share_type == 'group': from_email = request.GET.get('from', None) if not is_valid_username(from_email): return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument') group_id = request.GET.get('group_id', None) group = seaserv.get_group(group_id) if not group: return api_error(status.HTTP_400_BAD_REQUEST, 'Group does not exist') if not seaserv.check_group_staff(group_id, username) and \ not seafile_api.is_repo_owner(username, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied') if seaserv.is_org_group(group_id): org_id = seaserv.get_org_id_by_group(group_id) seaserv.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, from_email) elif share_type == 'public': if is_org_context(request): org_repo_owner = seafile_api.get_org_repo_owner(repo_id) is_org_repo_owner = True if org_repo_owner == username else False if not request.user.org.is_staff and not is_org_repo_owner: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied') org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id, repo_id) else: if not seafile_api.is_repo_owner(username, repo_id) and \ not request.user.is_staff: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied') seaserv.unset_inner_pub_repo(repo_id) else: return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument') return Response({'success': True}, status=status.HTTP_200_OK)