def delete(self, request, repo_id, org_id, format=None):
""" User delete a repo shared to him/her.
"""
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not check_folder_permission(request, repo_id, '/'):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
try:
if org_id:
is_org = True
seafile_api.org_remove_share(org_id, repo_id, repo_owner, username)
else:
is_org = False
seafile_api.remove_share(repo_id, repo_owner, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
permission = check_user_share_in_permission(repo_id, username, is_org)
send_perm_audit_msg('delete-repo-perm', repo_owner, username,
repo_id, '/', permission)
return Response({'success': True})
def delete(self, request, repo_id):
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check permission
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
if username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check repo status
repo_status = repo.status
if repo_status != 0:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
# remove repo
seafile_api.remove_repo(repo_id)
repo_deleted.send(sender=None,
org_id=org_id,
operator=username,
repo_owner=repo_owner,
repo_id=repo_id,
repo_name=repo.name)
return Response('success', status=status.HTTP_200_OK)
def delete(self, request, repo_id, org_id, format=None):
""" Delete repo user share permission.
Permission checking:
1. is group admin
"""
# parameter check
to_user = request.data.get('username', None)
if not to_user:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
path = request.data.get('path', '/')
SeafileAPI.delete_shared_user_by_repo_path(
repo_id, repo_owner, to_user, path, org_id=org_id)
permission = check_user_share_out_permission(repo_id, path, to_user, is_org_context(request))
send_perm_audit_msg('delete-repo-perm', username, to_user,
repo_id, path, permission)
return Response({'success': True})
def delete(self, request, repo_id, org_id, format=None):
""" Delete repo user share permission.
Permission checking:
1. is group admin
"""
# parameter check
to_user = request.data.get('username', None)
if not to_user:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
path = request.data.get('path', '/')
SeafileAPI.delete_shared_user_by_repo_path(
repo_id, repo_owner, to_user, path, org_id=org_id)
permission = check_user_share_out_permission(repo_id, path, to_user, is_org_context(request))
send_perm_audit_msg('delete-repo-perm', username, to_user,
repo_id, path, permission)
return Response({'success': True})
def get(self, request, repo_id):
""" List repo user share info.
Permission checking:
1. is group admin
"""
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = request.GET.get('path', '/')
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
result = self.list_user_shared_items(request, repo_id, path)
return Response(result)
def delete(self, request, repo_id, org_id, format=None):
""" User delete a repo shared to him/her.
"""
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not check_folder_permission(request, repo_id, '/'):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
try:
if org_id:
is_org = True
seafile_api.org_remove_share(org_id, repo_id, repo_owner, username)
else:
is_org = False
seafile_api.remove_share(repo_id, repo_owner, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
permission = check_user_share_in_permission(repo_id, username, is_org)
send_perm_audit_msg('delete-repo-perm', repo_owner, username,
repo_id, '/', permission)
return Response({'success': True})
def get(self, request, repo_id, format=None):
""" Get all file/folder in a library
"""
repo = seafile_api.get_repo(repo_id)
parent_dir = request.GET.get('parent_dir', '/')
parent_dir = normalize_dir_path(parent_dir)
dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
if not dir_id:
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
try:
dirs = seafile_api.list_dir_with_perm(repo_id,
parent_dir, dir_id, repo_owner, -1, -1)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return_results = {}
return_results['repo_name'] = repo.repo_name
return_results['repo_id'] = repo.repo_id
return_results['is_system_library'] = True if \
repo.id == get_system_default_repo_id() else False
return_results['dirent_list'] = []
for dirent in dirs:
dirent_info = get_dirent_info(dirent)
return_results['dirent_list'].append(dirent_info)
return Response(return_results)
def sys_repo_delete(request, repo_id):
"""Delete a repo.
"""
next_page = request.META.get('HTTP_REFERER', None)
if not next_page:
next_page = HASH_URLS['SYS_REPO_ADMIN']
if get_system_default_repo_id() == repo_id:
messages.error(request, _('System library can not be deleted.'))
return HttpResponseRedirect(next_page)
repo = seafile_api.get_repo(repo_id)
if repo: # Handle the case that repo is `None`.
repo_name = repo.name
else:
repo_name = ''
repo_owner = get_repo_owner(request, repo_id)
try:
org_id = seafile_api.get_org_id_by_repo_id(repo_id)
usernames = get_related_users_by_repo(repo_id,
org_id if org_id and org_id > 0 else None)
except Exception as e:
logger.error(e)
org_id = -1
usernames = []
seafile_api.remove_repo(repo_id)
repo_deleted.send(sender=None, org_id=org_id, operator=request.user.username,
usernames=usernames, repo_owner=repo_owner, repo_id=repo_id,
repo_name=repo_name)
messages.success(request, _('Successfully deleted.'))
return HttpResponseRedirect(next_page)
def get_group_repo_info(request, group_repo):
group_id = group_repo.group_id
repo_id = group_repo.repo_id
is_admin = ExtraGroupsSharePermission.objects.get_group_permission(
repo_id, group_id)
group_repo_info = {}
group_repo_info['repo_id'] = repo_id
group_repo_info['repo_name'] = group_repo.name
group_repo_info['mtime'] = timestamp_to_isoformat_timestr(
group_repo.last_modified)
group_repo_info['permission'] = group_repo.permission
group_repo_info['size'] = group_repo.size
group_repo_info['encrypted'] = group_repo.encrypted
group_repo_info['is_admin'] = True if is_admin else False
repo_owner = get_repo_owner(request, repo_id)
group_repo_info['owner_email'] = repo_owner
group_repo_info['owner_name'] = email2nickname(repo_owner)
group_repo_info['owner_contact_name'] = email2contact_email(repo_owner)
modifier = group_repo.last_modifier
group_repo_info['modifier_email'] = modifier
group_repo_info['modifier_name'] = email2nickname(modifier)
group_repo_info['modifier_contact_email'] = email2contact_email(modifier)
return group_repo_info
def post(self, request, repo_id, format=None):
"""Post a comments of a file.
"""
# argument check
path = request.GET.get('p', '/').rstrip('/')
if not path:
return api_error(status.HTTP_400_BAD_REQUEST, 'Wrong path.')
comment = request.data.get('comment', '')
if not comment:
return api_error(status.HTTP_400_BAD_REQUEST, 'Comment can not be empty.')
try:
avatar_size = int(request.GET.get('avatar_size',
AVATAR_DEFAULT_SIZE))
except ValueError:
avatar_size = AVATAR_DEFAULT_SIZE
# resource check
try:
file_id = seafile_api.get_file_id_by_path(repo_id, path)
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Internal Server Error')
if not file_id:
return api_error(status.HTTP_404_NOT_FOUND, 'File not found.')
# permission check
if check_folder_permission(request, repo_id, '/') is None:
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
detail = request.data.get('detail', '')
username = request.user.username
file_comment = FileComment.objects.add_by_file_path(
repo_id=repo_id, file_path=path, author=username, comment=comment, detail=detail)
repo = seafile_api.get_repo(repo_id)
repo_owner = get_repo_owner(request, repo.id)
if is_draft_file(repo_id, path):
draft = Draft.objects.filter(origin_repo_id=repo_id, draft_file_path=path)
if draft:
draft = draft[0]
comment_draft_successful.send(sender=None,
draft=draft,
comment=comment,
author=username)
else:
Draft.DoesNotExist
else:
comment_file_successful.send(sender=None,
repo=repo,
repo_owner=repo_owner,
file_path=path,
comment=comment,
author=username)
comment = file_comment.to_dict()
comment.update(user_to_dict(username, request=request, avatar_size=avatar_size))
return Response(comment, status=201)
def get(self, request, repo_id):
""" List repo user share info.
Permission checking:
1. is group admin
"""
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = request.GET.get('path', '/')
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
result = self.list_user_shared_items(request, repo_id, path)
return Response(result)
def get(self, request, repo_id, format=None):
""" Get all file/folder in a library
"""
repo = seafile_api.get_repo(repo_id)
parent_dir = request.GET.get('parent_dir', '/')
parent_dir = normalize_dir_path(parent_dir)
dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
if not dir_id:
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
try:
dirs = seafile_api.list_dir_with_perm(repo_id, parent_dir, dir_id,
repo_owner, -1, -1)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return_results = {}
return_results['repo_name'] = repo.repo_name
return_results['repo_id'] = repo.repo_id
return_results['is_system_library'] = True if \
repo.id == get_system_default_repo_id() else False
return_results['dirent_list'] = []
for dirent in dirs:
dirent_info = get_dirent_info(dirent)
return_results['dirent_list'].append(dirent_info)
return Response(return_results)
def put(self, request, repo_id, org_id, format=None):
""" Update repo group share permission.
Permission checking:
1. is group admin
"""
# parameter check
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
permission = request.data.get('permission', PERMISSION_READ)
if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not ccnet_api.get_group(to_group_id):
error_msg = 'Group %s not found.' % to_group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = request.data.get('path', '/')
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
update_group_dir_permission(
repo_id, path, repo_owner, to_group_id, permission, org_id)
send_perm_audit_msg('modify-repo-perm',
username, to_group_id, repo_id, path, permission)
return Response({'success': True})
def put(self, request, repo_id, org_id, format=None):
""" Update repo group share permission.
Permission checking:
1. is group admin
"""
# parameter check
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
permission = request.data.get('permission', PERMISSION_READ)
if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not ccnet_api.get_group(to_group_id):
error_msg = 'Group %s not found.' % to_group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = request.data.get('path', '/')
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
update_group_dir_permission(
repo_id, path, repo_owner, to_group_id, permission, org_id)
send_perm_audit_msg('modify-repo-perm',
username, to_group_id, repo_id, path, permission)
return Response({'success': True})
def post(self, request, repo_id):
""" Only used for reset encrypted repo's password, and then send new
password to user's mainbox.
Permission checking:
1. repo owner.
"""
if not ENABLE_RESET_ENCRYPTED_REPO_PASSWORD or \
not IS_EMAIL_CONFIGURED:
error_msg = _('Feature disabled.')
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not repo.encrypted:
error_msg = 'Library %s is not encrypted.' % repo_id
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
if '@seafile_group' in repo_owner:
group_id = email2nickname(repo_owner)
if not ccnet_api.check_group_staff(int(group_id), username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
if username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
secret_key = RepoSecretKey.objects.get_secret_key(repo_id)
if not secret_key:
error_msg = _("Can not reset this library's password.")
return api_error(HTTP_520_OPERATION_FAILED, error_msg)
new_password = get_random_string(10)
try:
seafile_api.reset_repo_passwd(repo_id, username, secret_key,
new_password)
content = {'repo_name': repo.name, 'password': new_password}
send_html_email(
_('New password of library %s') % repo.name,
'snippets/reset_repo_password.html', content, None,
[email2contact_email(username)])
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def get(self, request, repo_id):
""" Return repo info
Permission checking:
1. all authenticated user can perform this action.
"""
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
permission = check_folder_permission(request, repo_id, '/')
if permission is None:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
lib_need_decrypt = False
if repo.encrypted \
and not seafile_api.is_password_set(repo.id, username):
lib_need_decrypt = True
repo_owner = get_repo_owner(request, repo_id)
try:
has_been_shared_out = repo_has_been_shared_out(request, repo_id)
except Exception as e:
has_been_shared_out = False
logger.error(e)
result = {
"repo_id": repo.id,
"repo_name": repo.name,
"owner_email": repo_owner,
"owner_name": email2nickname(repo_owner),
"owner_contact_email": email2contact_email(repo_owner),
"size": repo.size,
"encrypted": repo.encrypted,
"file_count": repo.file_count,
"permission": permission,
"no_quota": True if seafile_api.check_quota(repo_id) < 0 else False,
"is_admin": is_repo_admin(username, repo_id),
"is_virtual": repo.is_virtual,
"has_been_shared_out": has_been_shared_out,
"lib_need_decrypt": lib_need_decrypt,
"last_modified": timestamp_to_isoformat_timestr(repo.last_modify),
"status": normalize_repo_status_code(repo.status),
}
return Response(result)
def get(self, request, repo_id):
""" Return repo info
Permission checking:
1. all authenticated user can perform this action.
"""
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
permission = check_folder_permission(request, repo_id, '/')
if permission is None:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
lib_need_decrypt = False
if repo.encrypted \
and not seafile_api.is_password_set(repo.id, username):
lib_need_decrypt = True
repo_owner = get_repo_owner(request, repo_id)
try:
has_been_shared_out = repo_has_been_shared_out(request, repo_id)
except Exception as e:
has_been_shared_out = False
logger.error(e)
result = {
"repo_id": repo.id,
"repo_name": repo.name,
"owner_email": repo_owner,
"owner_name": email2nickname(repo_owner),
"owner_contact_email": email2contact_email(repo_owner),
"size": repo.size,
"encrypted": repo.encrypted,
"file_count": repo.file_count,
"permission": permission,
"no_quota": True if seafile_api.check_quota(repo_id) < 0 else False,
"is_admin": is_repo_admin(username, repo_id),
"is_virtual": repo.is_virtual,
"has_been_shared_out": has_been_shared_out,
"lib_need_decrypt": lib_need_decrypt,
"last_modified": timestamp_to_isoformat_timestr(repo.last_modify),
}
return Response(result)
def post(self, request, repo_id, format=None):
"""Post a comments of a file.
"""
# argument check
path = request.GET.get('p', '/').rstrip('/')
if not path:
return api_error(status.HTTP_400_BAD_REQUEST, 'Wrong path.')
comment = request.data.get('comment', '')
if not comment:
return api_error(status.HTTP_400_BAD_REQUEST, 'Comment can not be empty.')
try:
avatar_size = int(request.GET.get('avatar_size',
AVATAR_DEFAULT_SIZE))
except ValueError:
avatar_size = AVATAR_DEFAULT_SIZE
# resource check
try:
file_id = seafile_api.get_file_id_by_path(repo_id, path)
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Internal error.')
if not file_id:
return api_error(status.HTTP_404_NOT_FOUND, 'File not found.')
# permission check
if check_folder_permission(request, repo_id, '/') is None:
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
detail = request.data.get('detail', '')
username = request.user.username
file_comment = FileComment.objects.add_by_file_path(
repo_id=repo_id, file_path=path, author=username, comment=comment, detail=detail)
repo = seafile_api.get_repo(repo_id)
repo_owner = get_repo_owner(request, repo.id)
if is_draft_file(repo_id, path):
draft = Draft.objects.get(origin_repo_id=repo_id, draft_file_path=path)
comment_draft_successful.send(sender=None,
draft=draft,
comment=comment,
author=username)
else:
comment_file_successful.send(sender=None,
repo=repo,
repo_owner=repo_owner,
file_path=path,
comment=comment,
author=username)
comment = file_comment.to_dict()
comment.update(user_to_dict(username, request=request, avatar_size=avatar_size))
return Response(comment, status=201)
def get(self, request, group_id):
""" List group repo contents
currently one group -> one workspace -> one repo
"""
group_id = int(group_id)
try:
group = ccnet_api.get_group(group_id)
except Exception as e:
logging.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Internal Server Error.')
if not group:
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
owner = '%s@seafile_group' % group_id
workspace = Workspaces.objects.get_workspace_by_owner(owner)
if not workspace:
error_msg = 'Workspace not found.'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
parent_dir = request.GET.get('parent_dir', '/')
dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
if not dir_id:
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# dtable's repo_owner if always 'dtable@seafile', not same as workspace and group owner
try:
repo_owner = get_repo_owner(request, repo_id)
dirs = seafile_api.list_dir_with_perm(repo_id, parent_dir, dir_id,
repo_owner, -1, -1)
except Exception as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Internal Server Error')
# convert dirent obj to dict and exclude '*.dtable' files.
dirent_list = [
get_dirent_info(dir) for dir in dirs
if '.dtable' not in dir.obj_name
]
return Response({
'dirent_list': dirent_list,
'group_name': group.group_name,
})
def delete(self, request, group_id, repo_id):
""" Delete a group library.
Permission checking:
1. is group admin;
1. is repo owner;
1. repo is shared to group with `admin` permission;
"""
group_id = int(group_id)
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
is_org = False
if is_org_context(request):
is_org = True
group_repo = seafile_api.get_group_shared_repo_by_path(
repo_id, None, group_id, is_org)
if not group_repo:
error_msg = 'Group library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# only group admin or repo owner can delete group repo.
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
if not is_group_admin(group_id, username) and \
repo_owner != username and \
not is_repo_admin(username, repo_id):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
permission = check_group_share_in_permission(repo_id, group_id, is_org)
if is_org:
org_id = ccnet_api.get_org_id_by_group(group_id)
seafile_api.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, username)
origin_repo_id = group_repo.origin_repo_id or repo_id
origin_path = group_repo.origin_path or '/'
send_perm_audit_msg('delete-repo-perm', username, group_id,
origin_repo_id, origin_path, permission)
# delete extra share permission
ExtraGroupsSharePermission.objects.delete_share_permission(
repo_id, group_id)
return Response({'success': True})
def delete(self, request, repo_id, format=None):
""" Clean library's trash.
Permission checking:
1. repo owner can perform this action.
2. is group admin.
"""
# argument check
try:
keep_days = int(request.data.get('keep_days', 0))
except ValueError:
error_msg = 'keep_days invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
if not config.ENABLE_USER_CLEAN_TRASH:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if '@seafile_group' in repo_owner:
group_id = get_group_id_by_repo_owner(repo_owner)
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
if username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
seafile_api.clean_up_repo_history(repo_id, keep_days)
org_id = None if not request.user.org else request.user.org.org_id
clean_up_repo_trash.send(sender=None,
org_id=org_id,
operator=username,
repo_id=repo_id,
repo_name=repo.name,
repo_owner=repo_owner,
days=keep_days)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def delete(self, request, group_id, repo_id):
""" Delete a group library.
Permission checking:
1. is repo owner;
2. is repo admin;
3. is group admin;
"""
group_id = int(group_id)
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
is_org = False
if is_org_context(request):
is_org = True
group_repo = seafile_api.get_group_shared_repo_by_path(repo_id,
None, group_id, is_org)
if not group_repo:
error_msg = 'Group library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# only group admin or repo owner can delete group repo.
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
if not is_group_admin(group_id, username) and \
repo_owner != username and \
not is_repo_admin(username, repo_id):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
permission = check_group_share_in_permission(repo_id, group_id, is_org)
if is_org:
org_id = ccnet_api.get_org_id_by_group(group_id)
seafile_api.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, username)
origin_repo_id = group_repo.origin_repo_id or repo_id
origin_path = group_repo.origin_path or '/'
send_perm_audit_msg('delete-repo-perm', username, group_id,
origin_repo_id, origin_path, permission)
# delete extra share permission
ExtraGroupsSharePermission.objects.delete_share_permission(repo_id, group_id)
return Response({'success': True})
def delete(self, request, repo_id):
""" Delete repo user folder perm.
Permission checking:
1. is group admin
"""
# argument check
user = request.data.get('user_email', None)
if not user:
error_msg = 'user_email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
path = request.data.get('folder_path', None)
if not path:
error_msg = 'folder_path invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# delete permission
path = normalize_dir_path(path)
permission = seafile_api.get_folder_user_perm(repo_id, path, user)
if not permission:
return Response({'success': True})
try:
seafile_api.rm_folder_user_perm(repo_id, path, user)
send_perm_audit_msg('delete-repo-perm', username,
user, repo_id, path, permission)
return Response({'success': True})
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
def delete(self, request, repo_id):
""" Delete repo user folder perm.
Permission checking:
1. is group admin
"""
# argument check
user = request.data.get('user_email', None)
if not user:
error_msg = 'user_email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
path = request.data.get('folder_path', None)
if not path:
error_msg = 'folder_path invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# delete permission
path = normalize_dir_path(path)
permission = seafile_api.get_folder_user_perm(repo_id, path, user)
if not permission:
return Response({'success': True})
try:
seafile_api.rm_folder_user_perm(repo_id, path, user)
send_perm_audit_msg('delete-repo-perm', username,
user, repo_id, path, permission)
return Response({'success': True})
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
def repo_snapshot(request, repo_id):
"""View repo in history.
"""
repo = get_repo(repo_id)
if not repo:
raise Http404
username = request.user.username
user_perm = check_folder_permission(request, repo.id, '/')
if user_perm is None:
return render_error(request, _('Permission denied'))
try:
server_crypto = UserOptions.objects.is_server_crypto(username)
except CryptoOptionNotSetError:
# Assume server_crypto is ``False`` if this option is not set.
server_crypto = False
reverse_url = reverse('lib_view', args=[repo_id, repo.name, ''])
if repo.encrypted and \
(repo.enc_version == 1 or (repo.enc_version == 2 and server_crypto)) \
and not is_password_set(repo.id, username):
return render(
request, 'decrypt_repo_form.html', {
'repo': repo,
'next': get_next_url_from_request(request) or reverse_url,
})
commit_id = request.GET.get('commit_id', None)
if commit_id is None:
return HttpResponseRedirect(reverse_url)
current_commit = get_commit(repo.id, repo.version, commit_id)
if not current_commit:
current_commit = get_commit(repo.id, repo.version, repo.head_cmmt_id)
has_perm = is_repo_owner(request, repo.id, username)
# department admin
if not has_perm:
repo_owner = get_repo_owner(request, repo_id)
if '@seafile_group' in repo_owner:
group_id = get_group_id_by_repo_owner(repo_owner)
has_perm = is_group_admin(group_id, username)
return render(
request, 'repo_snapshot_react.html', {
'repo': repo,
"can_restore_repo": has_perm,
'current_commit': current_commit,
})
def list_user_shared_items(self, request, repo_id, path, org_id):
repo_owner = get_repo_owner(request, repo_id)
share_items = SeafileAPI.get_shared_users_by_repo_path(
repo_id, repo_owner, path=path, org_id=org_id)
ret = []
for item in share_items:
email = item.user
ret.append({
"user_email": email,
"user_name": email2nickname(email),
"user_contact_email": email2contact_email(email),
"permission": item.perm
})
return ret
def list_user_shared_items(self, request, repo_id, path, org_id):
repo_owner = get_repo_owner(request, repo_id)
share_items = SeafileAPI.get_shared_users_by_repo_path(
repo_id, repo_owner, path=path, org_id=org_id)
ret = []
for item in share_items:
email = item.user
ret.append({
"user_email": email,
"user_name": email2nickname(email),
"user_contact_email": email2contact_email(email),
"permission": item.perm
})
return ret
def post(self, request, repo_id, commit_id, format=None):
""" revert commit in repo history
Permission checking:
1. only repo owner can perform this action.
"""
username = request.user.username
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
commit = seafile_api.get_commit(repo.id, repo.version, commit_id)
if not commit:
error_msg = 'Commit %s not found.' % commit_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
has_perm = is_repo_owner(request, repo.id, username)
if not has_perm:
repo_owner = get_repo_owner(request, repo_id)
# department admin
if '@seafile_group' in repo_owner:
group_id = get_group_id_by_repo_owner(repo_owner)
has_perm = is_group_admin(group_id, username)
if not has_perm:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# main
if repo.encrypted:
ret = seafile_api.is_password_set(repo_id, username)
is_decrypted = False if ret == 0 else True
if not is_decrypted:
error_msg = _('This library has not been decrypted.')
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
seafile_api.revert_repo(repo_id, commit_id, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def get_group_owned_repo_info(request, repo_id):
repo = seafile_api.get_repo(repo_id)
repo_info = {}
repo_info['repo_id'] = repo_id
repo_info['repo_name'] = repo.name
repo_info['mtime'] = timestamp_to_isoformat_timestr(repo.last_modified)
repo_info['size'] = repo.size
repo_info['encrypted'] = repo.encrypted
repo_owner = get_repo_owner(request, repo_id)
repo_info['owner_email'] = repo_owner
return repo_info
def get_group_owned_repo_info(request, repo_id):
repo = seafile_api.get_repo(repo_id)
repo_info = {}
repo_info['repo_id'] = repo_id
repo_info['repo_name'] = repo.name
repo_info['mtime'] = timestamp_to_isoformat_timestr(repo.last_modified)
repo_info['size'] = repo.size
repo_info['encrypted'] = repo.encrypted
repo_owner = get_repo_owner(request, repo_id)
repo_info['owner_email'] = repo_owner
return repo_info
def test_can_get(self):
username = self.user.username
owner = get_repo_owner(self.fake_request, self.repo.id)
assert owner == username
assert get_repo_shared_users(self.repo.id, owner) == []
# user share a repo to admin
seafile_api.share_repo(self.repo.id, username,
self.admin.username, 'rw')
assert get_repo_shared_users(self.repo.id, owner) == [self.admin.username]
# user share a repo to group
seafile_api.set_group_repo(self.repo.id, self.group.id,
username, 'rw')
assert get_repo_shared_users(self.repo.id, owner) == [self.admin.username, self.user2.username]
def post(self, request, repo_id, format=None):
"""Post a comments of a file.
"""
path = request.GET.get('p', '/').rstrip('/')
if not path:
return api_error(status.HTTP_400_BAD_REQUEST, 'Wrong path.')
try:
avatar_size = int(
request.GET.get('avatar_size', AVATAR_DEFAULT_SIZE))
except ValueError:
avatar_size = AVATAR_DEFAULT_SIZE
try:
obj_id = seafile_api.get_file_id_by_path(repo_id, path)
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Internal error.')
if not obj_id:
return api_error(status.HTTP_404_NOT_FOUND, 'File not found.')
comment = request.data.get('comment', '')
if not comment:
return api_error(status.HTTP_400_BAD_REQUEST,
'Comment can not be empty.')
username = request.user.username
o = FileComment.objects.add_by_file_path(repo_id=repo_id,
file_path=path,
author=username,
comment=comment)
repo = seafile_api.get_repo(repo_id)
repo_owner = get_repo_owner(request, repo.id)
comment_file_successful.send(sender=None,
repo=repo,
repo_owner=repo_owner,
file_path=path,
comment=comment,
author=username)
comment = o.to_dict()
comment.update(
user_to_dict(request.user.username,
request=request,
avatar_size=avatar_size))
return Response(comment, status=201)
def test_can_get(self):
username = self.user.username
owner = get_repo_owner(self.fake_request, self.repo.id)
assert owner == username
assert get_repo_shared_users(self.repo.id, owner) == []
# user share a repo to admin
seafile_api.share_repo(self.repo.id, username, self.admin.username,
'rw')
assert get_repo_shared_users(self.repo.id,
owner) == [self.admin.username]
# user share a repo to group
seafile_api.set_group_repo(self.repo.id, self.group.id, username, 'rw')
assert get_repo_shared_users(
self.repo.id, owner) == [self.admin.username, self.user2.username]
def delete(self, request, repo_id):
repo = seafile_api.get_repo(repo_id)
if not repo:
# for case of `seafile-data` has been damaged
# no `repo object` will be returned from seafile api
# delete the database record anyway
try:
seafile_api.remove_repo(repo_id)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
return Response({'success': True})
# check permission
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
if username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check repo status
repo_status = repo.status
if repo_status != 0:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
# remove repo
seafile_api.remove_repo(repo_id)
repo_deleted.send(sender=None,
org_id=org_id,
operator=username,
repo_owner=repo_owner,
repo_id=repo_id,
repo_name=repo.name)
return Response('success', status=status.HTTP_200_OK)
def get(self, request, repo_id, format=None):
""" List repo group folder perms (by folder_path).
Permission checking:
1. is group admin
"""
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
results = []
path = request.GET.get('folder_path', None)
group_folder_perms = seafile_api.list_folder_group_perm_by_repo(repo_id)
for perm in group_folder_perms:
result = {}
if path:
if path == perm.path:
result = self._get_group_folder_perm_info(
perm.group_id, perm.repo_id, perm.path,
perm.permission)
else:
result = self._get_group_folder_perm_info(
perm.group_id, perm.repo_id, perm.path,
perm.permission)
if result:
results.append(result)
return Response(results)
def get(self, request, repo_id, format=None):
""" List repo group folder perms (by folder_path).
Permission checking:
1. is group admin
"""
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
results = []
path = request.GET.get('folder_path', None)
group_folder_perms = seafile_api.list_folder_group_perm_by_repo(repo_id)
for perm in group_folder_perms:
result = {}
if path:
if path == perm.path:
result = self._get_group_folder_perm_info(
perm.group_id, perm.repo_id, perm.path,
perm.permission)
else:
result = self._get_group_folder_perm_info(
perm.group_id, perm.repo_id, perm.path,
perm.permission)
if result:
results.append(result)
return Response(results)
def post(self, request, repo_id, format=None):
"""Post a comments of a file.
"""
path = request.GET.get('p', '/').rstrip('/')
if not path:
return api_error(status.HTTP_400_BAD_REQUEST, 'Wrong path.')
try:
avatar_size = int(request.GET.get('avatar_size',
AVATAR_DEFAULT_SIZE))
except ValueError:
avatar_size = AVATAR_DEFAULT_SIZE
try:
obj_id = seafile_api.get_file_id_by_path(repo_id,
path)
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Internal error.')
if not obj_id:
return api_error(status.HTTP_404_NOT_FOUND, 'File not found.')
comment = request.data.get('comment', '')
if not comment:
return api_error(status.HTTP_400_BAD_REQUEST, 'Comment can not be empty.')
username = request.user.username
o = FileComment.objects.add_by_file_path(
repo_id=repo_id, file_path=path, author=username, comment=comment)
repo = seafile_api.get_repo(repo_id)
repo_owner = get_repo_owner(request, repo.id)
comment_file_successful.send(sender=None,
repo=repo,
repo_owner=repo_owner,
file_path=path,
comment=comment,
author=username)
comment = o.to_dict()
comment.update(user_to_dict(request.user.username, request=request,
avatar_size=avatar_size))
return Response(comment, status=201)
def put(self, request, group_id, repo_id):
""" Rename a library.
Permission checking:
1. is group admin;
"""
# argument check
new_repo_name = request.data.get('name', '')
if not new_repo_name:
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not is_valid_dirent_name(new_repo_name):
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
group_id = int(group_id)
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# rename repo
try:
repo_owner = get_repo_owner(request, repo_id)
# desc is ''
seafile_api.edit_repo(repo_id, new_repo_name, '', repo_owner)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
repo_info = get_group_owned_repo_info(request, repo_id)
return Response(repo_info)
def list_group_shared_items(self, request, repo_id, path, org_id):
repo_owner = get_repo_owner(request, repo_id)
share_items = SeafileAPI.get_shared_groups_by_repo_path(
repo_id, repo_owner, path, org_id)
ret = []
for item in share_items:
group_id = item.group_id
group = ccnet_api.get_group(group_id)
if not group:
SeafileAPI.delete_shared_group_by_repo_path(
repo_id, repo_owner, group_id, path, org_id)
continue
ret.append({
"group_id": group_id,
"group_name": group.group_name,
"permission": item.perm,
})
return ret
def list_group_shared_items(self, request, repo_id, path, org_id):
repo_owner = get_repo_owner(request, repo_id)
share_items = SeafileAPI.get_shared_groups_by_repo_path(
repo_id, repo_owner, path, org_id)
ret = []
for item in share_items:
group_id = item.group_id
group = ccnet_api.get_group(group_id)
if not group:
SeafileAPI.delete_shared_group_by_repo_path(
repo_id, repo_owner, group_id, path, org_id)
continue
ret.append({
"group_id": group_id,
"group_name": group.group_name,
"permission": item.perm,
})
return ret
def delete(self, request, repo_id, format=None):
""" Delete repo group share permission.
Permission checking:
1. is group admin
"""
# parameter check
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
path = request.data.get('path', '/')
if path == '/':
seafile_api.unset_group_repo(repo_id, to_group_id, username)
else:
seafile_api.unshare_subdir_for_group(
repo_id, path, repo_owner, group_id)
permission = check_group_share_out_permission(repo_id, path, group_id, False)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return Response({'success': True})
def get_group_owned_repo_info(request, repo_id):
repo = seafile_api.get_repo(repo_id)
repo_info = {}
repo_info['id'] = repo_id
repo_info['name'] = repo.name
repo_info['mtime'] = timestamp_to_isoformat_timestr(repo.last_modified)
repo_info['size'] = repo.size
repo_info['encrypted'] = repo.encrypted
repo_owner = get_repo_owner(request, repo_id)
repo_info['owner'] = repo_owner
try:
group_id = get_group_id_by_repo_owner(repo_owner)
group = ccnet_api.get_group(int(group_id))
repo_info['group_name'] = group.group_name
except Exception as e:
logger.error(e)
repo_info['group_name'] = ''
return repo_info
def delete(self, request, repo_id):
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check permission
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
if username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
try:
related_users = get_related_users_by_repo(repo_id, org_id)
except Exception as e:
logger.error(e)
related_users = []
# remove repo
seafile_api.remove_repo(repo_id)
repo_deleted.send(sender=None,
org_id=org_id,
operator=username,
usernames=related_users,
repo_owner=repo_owner,
repo_id=repo_id,
repo_name=repo.name)
return Response('success', status=status.HTTP_200_OK)
def get_group_owned_repo_info(request, repo_id):
repo = seafile_api.get_repo(repo_id)
repo_info = {}
repo_info['id'] = repo_id
repo_info['name'] = repo.name
repo_info['mtime'] = timestamp_to_isoformat_timestr(repo.last_modified)
repo_info['size'] = repo.size
repo_info['encrypted'] = repo.encrypted
repo_owner = get_repo_owner(request, repo_id)
repo_info['owner'] = repo_owner
try:
group_id = get_group_id_by_repo_owner(repo_owner)
group = ccnet_api.get_group(int(group_id))
repo_info['group_name'] = group.group_name
except Exception as e:
logger.error(e)
repo_info['group_name'] = ''
return repo_info
def post(self, request, repo_id, format=None):
""" Add repo group folder perm.
Permission checking:
1. is group admin
"""
# argument check
path = request.data.get('folder_path', None)
if not path:
error_msg = 'folder_path invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
perm = request.data.get('permission', None)
if not perm or perm not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = normalize_dir_path(path)
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
result = {}
result['failed'] = []
result['success'] = []
group_ids = request.data.getlist('group_id')
for group_id in group_ids:
try:
group_id = int(group_id)
except ValueError:
result['failed'].append({
'group_id': group_id,
'error_msg': 'group_id invalid.'
})
continue
if not ccnet_api.get_group(group_id):
result['failed'].append({
'group_id': group_id,
'error_msg': 'Group %s not found.' % group_id
})
continue
permission = seafile_api.get_folder_group_perm(repo_id, path, group_id)
if permission:
result['failed'].append({
'group_id': group_id,
'error_msg': _(u'Permission already exists.')
})
continue
try:
seafile_api.add_folder_group_perm(repo_id, path, perm, group_id)
send_perm_audit_msg('add-repo-perm', username, group_id, repo_id, path, perm)
except Exception as e:
logger.error(e)
result['failed'].append({
'group_id': group_id,
'error_msg': 'Internal Server Error'
})
new_perm = seafile_api.get_folder_group_perm(repo_id, path, group_id)
new_perm_info = self._get_group_folder_perm_info(
group_id, repo_id, path, new_perm)
result['success'].append(new_perm_info)
return Response(result)
def delete(self, request, repo_id, format=None):
""" Delete repo group folder perm.
Permission checking:
1. is group admin
"""
# arguments check
group_id = request.data.get('group_id', None)
path = request.data.get('folder_path', None)
if not group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not path:
error_msg = 'folder_path invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
library_group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(library_group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(library_group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# delete permission
path = path.rstrip('/') if path != '/' else path
permission = seafile_api.get_folder_group_perm(repo_id, path, group_id)
if not permission:
return Response({'success': True})
try:
seafile_api.rm_folder_group_perm(repo_id, path, group_id)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return Response({'success': True})
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
def post(self, request):
# argument check
operation = request.data.get('operation', None)
if not operation:
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# operation could be `share`, `unshare`, `delete`, `transfer`
# we now only use `share`, `unshare`
if operation not in ('share', 'unshare'):
error_msg = 'operation can only be "share", "unshare".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
username = request.user.username
repo_id_list = request.data.getlist('repo_id')
valid_repo_id_list = []
# filter out invalid repo id
for repo_id in repo_id_list:
if not seafile_api.get_repo(repo_id):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Library %s not found.' % repo_id
})
continue
repo_owner = get_repo_owner(request, repo_id)
if repo_owner != username and not is_repo_admin(username, repo_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Permission denied.'
})
continue
valid_repo_id_list.append(repo_id)
# share repo
if operation == 'share':
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('user', 'group'):
error_msg = 'share_type can only be "user", "group".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
permission = request.data.get('permission', 'rw')
if permission not in [
PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN
]:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# share repo to user
if share_type == 'user':
to_username = request.data.get('username', None)
if not to_username:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
User.objects.get(email=to_username)
except User.DoesNotExist:
error_msg = 'User %s not found.' % to_username
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check if to_user is an org user
try:
org_of_to_user = ccnet_api.get_orgs_by_user(to_username)
except Exception as e:
logger.error(e)
org_of_to_user = []
if is_org_context(request):
org_id = request.user.org.org_id
org_name = request.user.org.org_name
if len(org_of_to_user
) == 0 or org_id != org_of_to_user[0].org_id:
error_msg = 'User %s is not member of organization %s.' \
% (to_username, org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
if len(org_of_to_user) >= 1:
error_msg = 'User %s is member of organization %s.' \
% (to_username, org_of_to_user[0].org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_user(request, repo_id, to_username):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has been shared to %s.' % to_username
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, repo_id, username, to_username,
permission)
else:
seafile_api.share_repo(repo_id, username,
to_username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_username,
repo=repo,
path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"username": to_username,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username,
to_username, repo_id, '/',
permission)
except Exception as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
# share repo to group
if share_type == 'group':
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(to_group_id)
if not group:
error_msg = 'Group %s not found.' % to_group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
group_name = group.group_name
if not is_group_member(to_group_id, username):
error_msg = 'User %s is not member of group %s.' % (
username, group_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_group(request, repo_id, to_group_id):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has been shared to %s.' % group_name
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(
repo_id, org_id, to_group_id, username,
permission)
else:
seafile_api.set_group_repo(repo_id, to_group_id,
username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_group_successful.send(
sender=None,
from_user=username,
group_id=to_group_id,
repo=repo,
path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"group_id": to_group_id,
"group_name": group_name,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username,
to_group_id, repo_id, '/',
permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
# unshare repo
if operation == 'unshare':
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('user', 'group'):
error_msg = 'share_type can only be "user", "group".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# unshare repo from user
if share_type == 'user':
to_username = request.data.get('username', None)
if not to_username:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
for repo_id in valid_repo_id_list:
if not self.has_shared_to_user(request, repo_id,
to_username):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has not been shared to %s.' %
to_username
})
continue
repo_owner = get_repo_owner(request, repo_id)
try:
# get share permission before unshare operation
permission = check_user_share_out_permission(
repo_id, '/', to_username, is_org_context(request))
if is_org_context(request):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
org_id = request.user.org.org_id
seafile_api.org_remove_share(
org_id, repo_id, repo_owner, to_username)
else:
seafile_api.remove_share(repo_id, repo_owner,
to_username)
# Delete share permission at ExtraSharePermission table.
ExtraSharePermission.objects.delete_share_permission(
repo_id, to_username)
# send message
send_perm_audit_msg('delete-repo-perm', username,
to_username, repo_id, '/',
permission)
result['success'].append({
"repo_id": repo_id,
"username": to_username,
})
except Exception as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
# unshare repo from group
if share_type == 'group':
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(to_group_id)
group_name = group.group_name if group else ''
for repo_id in valid_repo_id_list:
if not self.has_shared_to_group(request, repo_id,
to_group_id):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has not been shared to %s.' % group_name
})
continue
try:
# get share permission before unshare operation
permission = check_group_share_out_permission(
repo_id, '/', to_group_id, is_org_context(request))
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.del_org_group_repo(
repo_id, org_id, to_group_id)
else:
seafile_api.unset_group_repo(
repo_id, to_group_id, username)
# Delete share permission at ExtraSharePermission table.
ExtraGroupsSharePermission.objects.delete_share_permission(
repo_id, to_group_id)
# send message
send_perm_audit_msg('delete-repo-perm', username,
to_group_id, repo_id, '/',
permission)
result['success'].append({
"repo_id": repo_id,
"group_id": to_group_id,
"group_name": group_name,
})
except SearpcError as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
return Response(result)
def post(self, request, repo_id, org_id):
""" Share repo to users.
Permission checking:
1. is group admin
"""
# parameter check
permission = request.data.get('permission', PERMISSION_READ)
if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = request.data.get('path', '/')
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# share repo to user
result = {}
result['failed'] = []
result['success'] = []
share_to_users = request.data.getlist('username')
for to_user in share_to_users:
to_user = to_user.strip()
if not is_valid_username(to_user):
result['failed'].append({
'email': to_user,
'error_msg': _(u'username invalid.')
})
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
result['failed'].append({
'email': to_user,
'error_msg': _(u'User %s not found.') % to_user
})
continue
if self.has_shared_to_user(request, repo_id, path, to_user):
result['failed'].append({
'email': to_user,
'error_msg': _(u'This item has been shared to %s.') % to_user
})
continue
if is_valid_org_id(org_id):
if not is_org_user(to_user, org_id):
org_name = request.user.org.org_name
error_msg = 'User %s is not member of organization %s.' \
% (to_user, org_name)
result['failed'].append({
'email': to_user,
'error_msg': error_msg
})
continue
else:
if is_org_user(to_user):
error_msg = 'User %s is a member of organization.' % to_user
result['failed'].append({
'email': to_user,
'error_msg': error_msg
})
continue
share_dir_to_user(repo, path, repo_owner, username, to_user, permission, org_id)
result['success'].append({
"user_email": to_user,
"user_name": email2nickname(to_user),
"user_contact_email": email2contact_email(to_user),
"permission": permission,
})
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=username, to_user=to_user,
repo=repo, path=path, org_id=org_id)
send_perm_audit_msg('add-repo-perm',
username, to_user, repo_id, path, permission)
return Response(result)
def post(self, request):
""" Copy/move file/dir, and return task id.
Permission checking:
1. move: user with 'rw' permission for current file, 'rw' permission for dst parent dir;
2. copy: user with 'r' permission for current file, 'rw' permission for dst parent dir;
"""
src_repo_id = request.data.get('src_repo_id', None)
src_parent_dir = request.data.get('src_parent_dir', None)
src_dirent_name = request.data.get('src_dirent_name', None)
dst_repo_id = request.data.get('dst_repo_id', None)
dst_parent_dir = request.data.get('dst_parent_dir', None)
operation = request.data.get('operation', None)
dirent_type = request.data.get('dirent_type', None)
# argument check
if not src_repo_id:
error_msg = 'src_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not src_parent_dir:
error_msg = 'src_parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not src_dirent_name:
error_msg = 'src_dirent_name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dst_repo_id:
error_msg = 'dst_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dst_parent_dir:
error_msg = 'dst_parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not operation:
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dirent_type:
error_msg = 'dirent_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if len(dst_parent_dir + src_dirent_name) > MAX_PATH:
error_msg = _('Destination path is too long.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
operation = operation.lower()
if operation not in ('move', 'copy'):
error_msg = "operation can only be 'move' or 'copy'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if operation == 'move':
if src_repo_id == dst_repo_id and src_parent_dir == dst_parent_dir:
error_msg = _('Invalid destination path')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dirent_type = dirent_type.lower()
if dirent_type not in ('file', 'dir'):
error_msg = "operation can only be 'file' or 'dir'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# src resource check
src_repo = seafile_api.get_repo(src_repo_id)
if not src_repo:
error_msg = 'Library %s not found.' % src_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
src_dirent_path = posixpath.join(src_parent_dir, src_dirent_name)
file_id = None
if dirent_type == 'file':
file_id = seafile_api.get_file_id_by_path(src_repo_id, src_dirent_path)
if not file_id:
error_msg = 'File %s not found.' % src_dirent_path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dir_id = None
if dirent_type == 'dir':
dir_id = seafile_api.get_dir_id_by_path(src_repo_id, src_dirent_path)
if not dir_id:
error_msg = 'Folder %s not found.' % src_dirent_path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# dst resource check
dst_repo = seafile_api.get_repo(dst_repo_id)
if not dst_repo:
error_msg = 'Library %s not found.' % dst_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not seafile_api.get_dir_id_by_path(dst_repo_id,
dst_parent_dir):
error_msg = 'Folder %s not found.' % dst_parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check for dst parent dir
if check_folder_permission(request, dst_repo_id, dst_parent_dir) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if operation == 'copy' or \
operation == 'move' and \
get_repo_owner(request, src_repo_id) != get_repo_owner(request, dst_repo_id):
current_size = 0
if file_id:
current_size = seafile_api.get_file_size(src_repo.store_id,
src_repo.version, file_id)
if dir_id:
current_size = seafile_api.get_dir_size(src_repo.store_id,
src_repo.version, dir_id)
# check if above quota for dst repo
if seafile_api.check_quota(dst_repo_id, current_size) < 0:
return api_error(HTTP_443_ABOVE_QUOTA, _(u"Out of quota."))
new_dirent_name = check_filename_with_rename(dst_repo_id,
dst_parent_dir, src_dirent_name)
username = request.user.username
if operation == 'move':
# permission check for src parent dir
if check_folder_permission(request, src_repo_id, src_parent_dir) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if dirent_type == 'dir' and src_repo_id == dst_repo_id and \
dst_parent_dir.startswith(src_dirent_path + '/'):
error_msg = _(u'Can not move directory %(src)s to its subdirectory %(des)s') \
% {'src': escape(src_dirent_path), 'des': escape(dst_parent_dir)}
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if dirent_type == 'file':
# check file lock
try:
is_locked, locked_by_me = check_file_lock(src_repo_id,
src_dirent_path, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if is_locked and not locked_by_me:
error_msg = _("File is locked")
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
res = seafile_api.move_file(src_repo_id, src_parent_dir,
src_dirent_name, dst_repo_id, dst_parent_dir,
new_dirent_name, replace=False, username=username,
need_progress=1)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if operation == 'copy':
# permission check for src parent dir
if parse_repo_perm(check_folder_permission(
request, src_repo_id, src_parent_dir)).can_copy is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
res = seafile_api.copy_file(src_repo_id, src_parent_dir,
src_dirent_name, dst_repo_id, dst_parent_dir,
new_dirent_name, username=username,
need_progress=1)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not res:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
result = {}
if res.background:
result['task_id'] = res.task_id
return Response(result)
def get(self, request, group_id):
""" Get all group libraries.
Permission checking:
1. is group member;
"""
# only group member can get group libraries
username = request.user.username
if not is_group_member(group_id, request.user.username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if is_org_context(request):
org_id = request.user.org.org_id
group_repos = seafile_api.get_org_group_repos(org_id, group_id)
else:
group_repos = seafile_api.get_repos_by_group(group_id)
group_repos.sort(lambda x, y: cmp(y.last_modified, x.last_modified))
# get repo id owner dict
all_repo_owner = []
repo_id_owner_dict = {}
for repo in group_repos:
repo_id = repo.id
if repo_id not in repo_id_owner_dict:
repo_owner = get_repo_owner(request, repo_id)
all_repo_owner.append(repo_owner)
repo_id_owner_dict[repo_id] = repo_owner
all_modifier = [r.last_modifier for r in group_repos]
# Use dict to reduce memcache fetch cost in large for-loop.
name_dict = {}
contact_email_dict = {}
for email in set(all_repo_owner + all_modifier):
if email not in name_dict:
if '@seafile_group' in email:
group_id = get_group_id_by_repo_owner(email)
group_name= group_id_to_name(group_id)
name_dict[email] = group_name
else:
name_dict[email] = email2nickname(email)
if email not in contact_email_dict:
if '@seafile_group' in email:
contact_email_dict[email] = ''
else:
contact_email_dict[email] = email2contact_email(email)
try:
starred_repos = UserStarredFiles.objects.get_starred_repos_by_user(username)
starred_repo_id_list = [item.repo_id for item in starred_repos]
except Exception as e:
logger.error(e)
starred_repo_id_list = []
result = []
for group_repo in group_repos:
group_repo_info = get_group_repo_info(request, group_repo)
repo_owner = repo_id_owner_dict[group_repo.id]
group_repo_info['owner_email'] = repo_owner
group_repo_info['owner_name'] = name_dict.get(repo_owner, '')
group_repo_info['owner_contact_email'] = contact_email_dict.get(repo_owner, '')
modifier = group_repo.last_modifier
group_repo_info['modifier_email'] = modifier
group_repo_info['modifier_name'] = name_dict.get(modifier, '')
group_repo_info['modifier_contact_email'] = contact_email_dict.get(modifier, '')
group_repo_info['starred'] = group_repo.id in starred_repo_id_list
result.append(group_repo_info)
return Response(result)
def test_can_get(self):
assert get_repo_owner(self.fake_request, self.repo.id) == self.user.username
def post(self, request):
""" Only support move folder.
Permission checking:
User with 'rw' permission for src/dst folder.
"""
src_repo_id = request.data.get('src_repo_id', None)
src_parent_dir = request.data.get('src_parent_dir', None)
src_folder_name = request.data.get('src_dirent_name', None)
dst_repo_id = request.data.get('dst_repo_id', None)
dst_parent_dir = request.data.get('dst_parent_dir', None)
# argument check
if not src_repo_id:
error_msg = 'src_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not src_parent_dir:
error_msg = 'src_parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not src_folder_name:
error_msg = 'src_dirent_name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dst_repo_id:
error_msg = 'dst_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dst_parent_dir:
error_msg = 'dst_parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if src_repo_id == dst_repo_id and src_parent_dir == dst_parent_dir:
error_msg = _('Invalid destination path')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if len(dst_parent_dir + src_folder_name) > MAX_PATH:
error_msg = _('Destination path is too long.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# src resource check
src_repo = seafile_api.get_repo(src_repo_id)
if not src_repo:
error_msg = 'Library %s not found.' % src_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
src_folder_path = posixpath.join(src_parent_dir, src_folder_name)
dir_id = seafile_api.get_dir_id_by_path(src_repo_id, src_folder_path)
if not dir_id:
error_msg = 'Folder %s not found.' % src_folder_path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# dst resource check
dst_repo = seafile_api.get_repo(dst_repo_id)
if not dst_repo:
error_msg = 'Library %s not found.' % dst_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not seafile_api.get_dir_id_by_path(dst_repo_id, dst_parent_dir):
error_msg = 'Folder %s not found.' % dst_parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check for src folder
if check_folder_permission(request, src_repo_id,
src_folder_path) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# permission check for dst parent dir
if check_folder_permission(request, dst_repo_id,
dst_parent_dir) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
## check if above quota for dst repo
if get_repo_owner(request, src_repo_id) != get_repo_owner(
request, dst_repo_id):
current_size = 0
current_size = seafile_api.get_dir_size(src_repo.store_id,
src_repo.version, dir_id)
if seafile_api.check_quota(dst_repo_id, current_size) < 0:
return api_error(HTTP_443_ABOVE_QUOTA, _("Out of quota."))
username = request.user.username
move_folder_with_merge(username, src_repo_id, src_parent_dir,
src_folder_name, dst_repo_id, dst_parent_dir,
src_folder_name)
seafile_api.del_file(src_repo_id, src_parent_dir, src_folder_name,
username)
return Response({'success': True})
def get(self, request):
""" Return repos user can access.
Permission checking:
1. all authenticated user can perform this action.
"""
filter_by = {
'mine': False,
'shared': False,
'group': False,
'public': False,
}
request_type_list = request.GET.getlist('type', "")
if not request_type_list:
# set all to True, no filter applied
filter_by = filter_by.fromkeys(filter_by.iterkeys(), True)
for request_type in request_type_list:
request_type = request_type.strip()
filter_by[request_type] = True
email = request.user.username
# Use dict to reduce memcache fetch cost in large for-loop.
contact_email_dict = {}
nickname_dict = {}
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
try:
starred_repos = UserStarredFiles.objects.get_starred_repos_by_user(email)
starred_repo_id_list = [item.repo_id for item in starred_repos]
except Exception as e:
logger.error(e)
starred_repo_id_list = []
repo_info_list = []
if filter_by['mine']:
if org_id:
owned_repos = seafile_api.get_org_owned_repo_list(org_id,
email, ret_corrupted=True)
else:
owned_repos = seafile_api.get_owned_repo_list(email,
ret_corrupted=True)
# Reduce memcache fetch ops.
modifiers_set = set([x.last_modifier for x in owned_repos])
for e in modifiers_set:
if e not in contact_email_dict:
contact_email_dict[e] = email2contact_email(e)
if e not in nickname_dict:
nickname_dict[e] = email2nickname(e)
owned_repos.sort(lambda x, y: cmp(y.last_modify, x.last_modify))
for r in owned_repos:
# do not return virtual repos
if r.is_virtual:
continue
repo_info = {
"type": "mine",
"repo_id": r.id,
"repo_name": r.name,
"owner_email": email,
"owner_name": email2nickname(email),
"owner_contact_email": email2contact_email(email),
"last_modified": timestamp_to_isoformat_timestr(r.last_modify),
"modifier_email": r.last_modifier,
"modifier_name": nickname_dict.get(r.last_modifier, ''),
"modifier_contact_email": contact_email_dict.get(r.last_modifier, ''),
"size": r.size,
"encrypted": r.encrypted,
"permission": 'rw', # Always have read-write permission to owned repo
"starred": r.repo_id in starred_repo_id_list,
}
if is_pro_version() and ENABLE_STORAGE_CLASSES:
repo_info['storage_name'] = r.storage_name
repo_info['storage_id'] = r.storage_id
repo_info_list.append(repo_info)
if filter_by['shared']:
if org_id:
shared_repos = seafile_api.get_org_share_in_repo_list(org_id,
email, -1, -1)
else:
shared_repos = seafile_api.get_share_in_repo_list(
email, -1, -1)
repos_with_admin_share_to = ExtraSharePermission.objects.\
get_repos_with_admin_permission(email)
# Reduce memcache fetch ops.
owners_set = set([x.user for x in shared_repos])
modifiers_set = set([x.last_modifier for x in shared_repos])
for e in owners_set | modifiers_set:
if e not in contact_email_dict:
contact_email_dict[e] = email2contact_email(e)
if e not in nickname_dict:
nickname_dict[e] = email2nickname(e)
shared_repos.sort(lambda x, y: cmp(y.last_modify, x.last_modify))
for r in shared_repos:
owner_email = r.user
group_name = ''
is_group_owned_repo = False
if '@seafile_group' in owner_email:
is_group_owned_repo = True
group_id = get_group_id_by_repo_owner(owner_email)
group_name= group_id_to_name(group_id)
owner_name = group_name if is_group_owned_repo else \
nickname_dict.get(owner_email, '')
owner_contact_email = '' if is_group_owned_repo else \
contact_email_dict.get(owner_email, '')
repo_info = {
"type": "shared",
"repo_id": r.repo_id,
"repo_name": r.repo_name,
"last_modified": timestamp_to_isoformat_timestr(r.last_modify),
"modifier_email": r.last_modifier,
"modifier_name": nickname_dict.get(r.last_modifier, ''),
"modifier_contact_email": contact_email_dict.get(r.last_modifier, ''),
"owner_email": owner_email,
"owner_name": owner_name,
"owner_contact_email": owner_contact_email,
"size": r.size,
"encrypted": r.encrypted,
"permission": r.permission,
"starred": r.repo_id in starred_repo_id_list,
}
if r.repo_id in repos_with_admin_share_to:
repo_info['is_admin'] = True
else:
repo_info['is_admin'] = False
repo_info_list.append(repo_info)
if filter_by['group']:
if org_id:
group_repos = seafile_api.get_org_group_repos_by_user(email, org_id)
else:
group_repos = seafile_api.get_group_repos_by_user(email)
group_repos.sort(lambda x, y: cmp(y.last_modify, x.last_modify))
# Reduce memcache fetch ops.
share_from_set = set([x.user for x in group_repos])
modifiers_set = set([x.last_modifier for x in group_repos])
for e in modifiers_set | share_from_set:
if e not in contact_email_dict:
contact_email_dict[e] = email2contact_email(e)
if e not in nickname_dict:
nickname_dict[e] = email2nickname(e)
for r in group_repos:
repo_info = {
"type": "group",
"group_id": r.group_id,
"group_name": r.group_name,
"repo_id": r.repo_id,
"repo_name": r.repo_name,
"last_modified": timestamp_to_isoformat_timestr(r.last_modify),
"modifier_email": r.last_modifier,
"modifier_name": nickname_dict.get(r.last_modifier, ''),
"modifier_contact_email": contact_email_dict.get(r.last_modifier, ''),
"size": r.size,
"encrypted": r.encrypted,
"permission": r.permission,
"starred": r.repo_id in starred_repo_id_list,
}
repo_info_list.append(repo_info)
if filter_by['public'] and request.user.permissions.can_view_org():
public_repos = list_inner_pub_repos(request)
# get repo id owner dict
all_repo_owner = []
repo_id_owner_dict = {}
for repo in public_repos:
repo_id = repo.repo_id
if repo_id not in repo_id_owner_dict:
repo_owner = get_repo_owner(request, repo_id)
all_repo_owner.append(repo_owner)
repo_id_owner_dict[repo_id] = repo_owner
# Reduce memcache fetch ops.
owner_set = set(all_repo_owner)
share_from_set = set([x.user for x in public_repos])
modifiers_set = set([x.last_modifier for x in public_repos])
for e in modifiers_set | share_from_set | owner_set:
if e not in contact_email_dict:
contact_email_dict[e] = email2contact_email(e)
if e not in nickname_dict:
nickname_dict[e] = email2nickname(e)
for r in public_repos:
repo_owner = repo_id_owner_dict[r.repo_id]
repo_info = {
"type": "public",
"repo_id": r.repo_id,
"repo_name": r.repo_name,
"last_modified": timestamp_to_isoformat_timestr(r.last_modify),
"modifier_email": r.last_modifier,
"modifier_name": nickname_dict.get(r.last_modifier, ''),
"modifier_contact_email": contact_email_dict.get(r.last_modifier, ''),
"owner_email": repo_owner,
"owner_name": nickname_dict.get(repo_owner, ''),
"owner_contact_email": contact_email_dict.get(repo_owner, ''),
"size": r.size,
"encrypted": r.encrypted,
"permission": r.permission,
"starred": r.repo_id in starred_repo_id_list,
}
repo_info_list.append(repo_info)
utc_dt = datetime.datetime.utcnow()
timestamp = utc_dt.strftime('%Y-%m-%d %H:%M:%S')
org_id = request.user.org.org_id if is_org_context(request) else -1
try:
send_message('seahub.stats', 'user-login\t%s\t%s\t%s' % (email, timestamp, org_id))
except Exception as e:
logger.error('Error when sending user-login message: %s' % str(e))
return Response({'repos': repo_info_list})
def post(self, request):
""" Only support move folder.
Permission checking:
User with 'rw' permission for src/dst folder.
"""
src_repo_id = request.data.get('src_repo_id', None)
src_parent_dir = request.data.get('src_parent_dir', None)
src_folder_name = request.data.get('src_dirent_name', None)
dst_repo_id = request.data.get('dst_repo_id', None)
dst_parent_dir = request.data.get('dst_parent_dir', None)
# argument check
if not src_repo_id:
error_msg = 'src_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not src_parent_dir:
error_msg = 'src_parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not src_folder_name:
error_msg = 'src_dirent_name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dst_repo_id:
error_msg = 'dst_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dst_parent_dir:
error_msg = 'dst_parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if src_repo_id == dst_repo_id and src_parent_dir == dst_parent_dir:
error_msg = _('Invalid destination path')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if len(dst_parent_dir + src_folder_name) > MAX_PATH:
error_msg = _('Destination path is too long.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# src resource check
src_repo = seafile_api.get_repo(src_repo_id)
if not src_repo:
error_msg = 'Library %s not found.' % src_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
src_folder_path = posixpath.join(src_parent_dir, src_folder_name)
dir_id = seafile_api.get_dir_id_by_path(src_repo_id, src_folder_path)
if not dir_id:
error_msg = 'Folder %s not found.' % src_folder_path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# dst resource check
dst_repo = seafile_api.get_repo(dst_repo_id)
if not dst_repo:
error_msg = 'Library %s not found.' % dst_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not seafile_api.get_dir_id_by_path(dst_repo_id, dst_parent_dir):
error_msg = 'Folder %s not found.' % dst_parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check for src folder
if check_folder_permission(request, src_repo_id, src_folder_path) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# permission check for dst parent dir
if check_folder_permission(request, dst_repo_id, dst_parent_dir) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
## check if above quota for dst repo
if get_repo_owner(request, src_repo_id) != get_repo_owner(request, dst_repo_id):
current_size = 0
current_size = seafile_api.get_dir_size(src_repo.store_id,
src_repo.version, dir_id)
if seafile_api.check_quota(dst_repo_id, current_size) < 0:
return api_error(HTTP_443_ABOVE_QUOTA, _(u"Out of quota."))
username = request.user.username
move_folder_with_merge(username,
src_repo_id, src_parent_dir, src_folder_name,
dst_repo_id, dst_parent_dir, src_folder_name)
seafile_api.del_file(src_repo_id, src_parent_dir, src_folder_name, username)
return Response({'success': True})
def put(self, request, repo_id, format=None):
""" Modify repo group folder perm.
Permission checking:
1. is group admin
"""
# argument check
path = request.data.get('folder_path', None)
if not path:
error_msg = 'folder_path invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
perm = request.data.get('permission', None)
if not perm or perm not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group_id = request.data.get('group_id')
if not group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = normalize_dir_path(path)
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
library_group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(library_group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
permission = seafile_api.get_folder_group_perm(repo_id, path, group_id)
if not permission:
error_msg = 'Folder permission not found.'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(library_group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# modify permission
try:
seafile_api.set_folder_group_perm(repo_id, path, perm, group_id)
send_perm_audit_msg('modify-repo-perm', username, group_id, repo_id, path, perm)
new_perm = seafile_api.get_folder_group_perm(repo_id, path, group_id)
result = self._get_group_folder_perm_info(group_id, repo_id, path, new_perm)
return Response(result)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
def post(self, request, repo_id, org_id, format=None):
""" Share repo to group.
Permission checking:
1. is group admin
"""
# parameter check
permission = request.data.get('permission', PERMISSION_READ)
if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = request.data.get('path', '/')
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
result = {}
result['failed'] = []
result['success'] = []
group_ids = request.data.getlist('group_id')
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
result['failed'].append({
'error_msg': 'group_id %s invalid.' % gid
})
continue
group = ccnet_api.get_group(gid)
if not group:
result['failed'].append({
'error_msg': 'Group %s not found' % gid
})
continue
if self.has_shared_to_group(request, repo_id, path, gid):
result['failed'].append({
'group_name': group.group_name,
'error_msg': _(u'This item has been shared to %s.') % group.group_name
})
continue
share_dir_to_group(repo, path, repo_owner, username, gid, permission, org_id)
result['success'].append({
"group_id": gid,
"group_name": group.group_name,
"permission": permission,
})
share_repo_to_group_successful.send(sender=None,
from_user=username, group_id=gid, repo=repo, path=path,
org_id=org_id)
send_perm_audit_msg('add-repo-perm', username, gid,
repo_id, path, permission)
return Response(result)
def get(self, request):
""" List all groups.
"""
org_id = None
username = request.user.username
if is_org_context(request):
org_id = request.user.org.org_id
user_groups = seaserv.get_org_groups_by_user(org_id, username)
else:
user_groups = ccnet_api.get_groups(username, return_ancestors=True)
try:
avatar_size = int(request.GET.get('avatar_size', GROUP_AVATAR_DEFAULT_SIZE))
except ValueError:
avatar_size = GROUP_AVATAR_DEFAULT_SIZE
try:
with_repos = int(request.GET.get('with_repos', 0))
except ValueError:
with_repos = 0
if with_repos not in (0, 1):
error_msg = 'with_repos invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
groups = []
if with_repos:
gids = [g.id for g in user_groups]
admin_info = ExtraGroupsSharePermission.objects.batch_get_repos_with_admin_permission(gids)
try:
starred_repos = UserStarredFiles.objects.get_starred_repos_by_user(username)
starred_repo_id_list = [item.repo_id for item in starred_repos]
except Exception as e:
logger.error(e)
starred_repo_id_list = []
for g in user_groups:
group_info = get_group_info(request, g.id, avatar_size)
if with_repos:
if org_id:
group_repos = seafile_api.get_org_group_repos(org_id, g.id)
else:
group_repos = seafile_api.get_repos_by_group(g.id)
repos = []
# get repo id owner dict
all_repo_owner = []
repo_id_owner_dict = {}
for repo in group_repos:
repo_id = repo.id
if repo_id not in repo_id_owner_dict:
repo_owner = get_repo_owner(request, repo_id)
all_repo_owner.append(repo_owner)
repo_id_owner_dict[repo_id] = repo_owner
# Use dict to reduce memcache fetch cost in large for-loop.
name_dict = {}
contact_email_dict = {}
for email in all_repo_owner:
if email not in name_dict:
if '@seafile_group' in email:
group_id = get_group_id_by_repo_owner(email)
group_name= group_id_to_name(group_id)
name_dict[email] = group_name
else:
name_dict[email] = email2nickname(email)
if email not in contact_email_dict:
if '@seafile_group' in email:
contact_email_dict[email] = ''
else:
contact_email_dict[email] = email2contact_email(email)
for r in group_repos:
repo_owner = repo_id_owner_dict.get(r.id, r.user)
repo = {
"id": r.id,
"repo_id": r.id,
"name": r.name,
"repo_name": r.name,
"size": r.size,
"size_formatted": filesizeformat(r.size),
"mtime": r.last_modified,
"mtime_relative": translate_seahub_time(r.last_modified),
"last_modified": timestamp_to_isoformat_timestr(r.last_modified),
"encrypted": r.encrypted,
"permission": r.permission,
"owner": repo_owner,
"owner_email": repo_owner,
"owner_name": name_dict.get(repo_owner, ''),
"owner_contact_email": contact_email_dict.get(repo_owner, ''),
"is_admin": (r.id, g.id) in admin_info,
"starred": r.repo_id in starred_repo_id_list,
}
repos.append(repo)
group_info['repos'] = repos
groups.append(group_info)
return Response(groups)
def get(self, request):
""" List all groups.
"""
org_id = None
username = request.user.username
if is_org_context(request):
org_id = request.user.org.org_id
user_groups = seaserv.get_org_groups_by_user(org_id, username)
else:
user_groups = ccnet_api.get_groups(username, return_ancestors=True)
try:
avatar_size = int(request.GET.get('avatar_size', GROUP_AVATAR_DEFAULT_SIZE))
except ValueError:
avatar_size = GROUP_AVATAR_DEFAULT_SIZE
try:
with_repos = int(request.GET.get('with_repos', 0))
except ValueError:
with_repos = 0
if with_repos not in (0, 1):
error_msg = 'with_repos invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
groups = []
if with_repos:
gids = [g.id for g in user_groups]
admin_info = ExtraGroupsSharePermission.objects.batch_get_repos_with_admin_permission(gids)
for g in user_groups:
group_info = get_group_info(request, g.id, avatar_size)
if with_repos:
if org_id:
group_repos = seafile_api.get_org_group_repos(org_id, g.id)
else:
group_repos = seafile_api.get_repos_by_group(g.id)
repos = []
# get repo id owner dict
all_repo_owner = []
repo_id_owner_dict = {}
for repo in group_repos:
repo_id = repo.id
if repo_id not in repo_id_owner_dict:
repo_owner = get_repo_owner(request, repo_id)
all_repo_owner.append(repo_owner)
repo_id_owner_dict[repo_id] = repo_owner
# Use dict to reduce memcache fetch cost in large for-loop.
name_dict = {}
contact_email_dict = {}
for email in all_repo_owner:
if email not in name_dict:
if '@seafile_group' in email:
group_id = get_group_id_by_repo_owner(email)
group_name= group_id_to_name(group_id)
name_dict[email] = group_name
else:
name_dict[email] = email2nickname(email)
if email not in contact_email_dict:
if '@seafile_group' in email:
contact_email_dict[email] = ''
else:
contact_email_dict[email] = email2contact_email(email)
for r in group_repos:
repo_owner = repo_id_owner_dict.get(r.id, r.user)
repo = {
"id": r.id,
"repo_id": r.id,
"name": r.name,
"repo_name": r.name,
"size": r.size,
"size_formatted": filesizeformat(r.size),
"mtime": r.last_modified,
"mtime_relative": translate_seahub_time(r.last_modified),
"last_modified": timestamp_to_isoformat_timestr(r.last_modified),
"encrypted": r.encrypted,
"permission": r.permission,
"owner": repo_owner,
"owner_email": repo_owner,
"owner_name": name_dict.get(repo_owner, ''),
"owner_contact_email": contact_email_dict.get(repo_owner, ''),
"is_admin": (r.id, g.id) in admin_info
}
repos.append(repo)
group_info['repos'] = repos
groups.append(group_info)
return Response(groups)
def post(self, request):
# argument check
operation = request.data.get('operation', None)
if not operation:
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# operation could be `share`, `unshare`, `delete`, `transfer`
# we now only use `share`, `unshare`
if operation not in ('share', 'unshare'):
error_msg = 'operation can only be "share", "unshare".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
username = request.user.username
repo_id_list = request.data.getlist('repo_id')
valid_repo_id_list = []
# filter out invalid repo id
for repo_id in repo_id_list:
if not seafile_api.get_repo(repo_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Library %s not found.' % repo_id
})
continue
repo_owner = get_repo_owner(request, repo_id)
if repo_owner != username and not is_repo_admin(username, repo_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Permission denied.'
})
continue
valid_repo_id_list.append(repo_id)
# share repo
if operation == 'share':
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('user', 'group'):
error_msg = 'share_type can only be "user", "group".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
permission = request.data.get('permission', 'rw')
if permission not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# share repo to user
if share_type == 'user':
to_username = request.data.get('username', None)
if not to_username:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
User.objects.get(email=to_username)
except User.DoesNotExist:
error_msg = 'User %s not found.' % to_username
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check if to_user is an org user
try:
org_of_to_user = ccnet_api.get_orgs_by_user(to_username)
except Exception as e:
logger.error(e)
org_of_to_user = []
if is_org_context(request):
org_id = request.user.org.org_id
org_name = request.user.org.org_name
if len(org_of_to_user) == 0 or org_id != org_of_to_user[0].org_id:
error_msg = 'User %s is not member of organization %s.' \
% (to_username, org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
if len(org_of_to_user) >= 1:
error_msg = 'User %s is member of organization %s.' \
% (to_username, org_of_to_user[0].org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_user(request, repo_id, to_username):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'This item has been shared to %s.' % to_username
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(org_id,
repo_id, username, to_username, permission)
else:
seafile_api.share_repo(
repo_id, username, to_username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_username,
repo=repo, path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"username": to_username,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_username,
repo_id, '/', permission)
except Exception as e:
logger.error(e)
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Internal Server Error'
})
# share repo to group
if share_type == 'group':
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(to_group_id)
if not group:
error_msg = 'Group %s not found.' % to_group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
group_name = group.group_name
if not is_group_member(to_group_id, username):
error_msg = 'User %s is not member of group %s.' % (username, group_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_group(request, repo_id, to_group_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'This item has been shared to %s.' % group_name
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(
repo_id, org_id, to_group_id, username, permission)
else:
seafile_api.set_group_repo(
repo_id, to_group_id, username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_group_successful.send(sender=None,
from_user=username,
group_id=to_group_id,
repo=repo, path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"group_id": to_group_id,
"group_name": group_name,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_group_id,
repo_id, '/', permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Internal Server Error'
})
# unshare repo
if operation == 'unshare':
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('user', 'group'):
error_msg = 'share_type can only be "user", "group".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# unshare repo from user
if share_type == 'user':
to_username = request.data.get('username', None)
if not to_username:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
for repo_id in valid_repo_id_list:
if not self.has_shared_to_user(request, repo_id, to_username):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'This item has not been shared to %s.' % to_username
})
continue
repo_owner = get_repo_owner(request, repo_id)
try:
# get share permission before unshare operation
permission = check_user_share_out_permission(repo_id,
'/', to_username, is_org_context(request))
if is_org_context(request):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
org_id = request.user.org.org_id
seafile_api.org_remove_share(org_id, repo_id, repo_owner, to_username)
else:
seafile_api.remove_share(repo_id, repo_owner, to_username)
# Delete share permission at ExtraSharePermission table.
ExtraSharePermission.objects.delete_share_permission(repo_id,
to_username)
# send message
send_perm_audit_msg('delete-repo-perm', username,
to_username, repo_id, '/', permission)
result['success'].append({
"repo_id": repo_id,
"username": to_username,
})
except Exception as e:
logger.error(e)
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Internal Server Error'
})
# unshare repo from group
if share_type == 'group':
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(to_group_id)
group_name = group.group_name if group else ''
for repo_id in valid_repo_id_list:
if not self.has_shared_to_group(request, repo_id, to_group_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'This item has not been shared to %s.' % group_name
})
continue
try:
# get share permission before unshare operation
permission = check_group_share_out_permission(repo_id,
'/', to_group_id, is_org_context(request))
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.del_org_group_repo(repo_id, org_id, to_group_id)
else:
seafile_api.unset_group_repo(
repo_id, to_group_id, username)
# Delete share permission at ExtraSharePermission table.
ExtraGroupsSharePermission.objects.delete_share_permission(repo_id,
to_group_id)
# send message
send_perm_audit_msg('delete-repo-perm', username,
to_group_id, repo_id, '/', permission)
result['success'].append({
"repo_id": repo_id,
"group_id": to_group_id,
"group_name": group_name,
})
except SearpcError as e:
logger.error(e)
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Internal Server Error'
})
return Response(result)
