def test_valid_prop(self):
assert parse_repo_perm(PERMISSION_READ).can_download is True
if parse_repo_perm(PERMISSION_READ).can_download:
assert True
else:
assert False
assert parse_repo_perm(PERMISSION_PREVIEW).can_download is False
if parse_repo_perm(PERMISSION_PREVIEW).can_download:
assert False
else:
assert True
def repo_download_dir(request, repo_id):
repo = get_repo(repo_id)
if not repo:
return render_error(request, _('Library does not exist'))
path = request.GET.get('p', '/')
if path[-1] != '/': # Normalize dir path
path += '/'
if not seafile_api.get_dir_id_by_path(repo.id, path):
return render_error(request, _('"%s" does not exist.') % path)
if len(path) > 1:
dirname = os.path.basename(path.rstrip('/')) # Here use `rstrip` to cut out last '/' in path
else:
dirname = repo.name
allow_download = parse_repo_perm(check_folder_permission(
request, repo_id, '/')).can_download
if allow_download:
dir_id = seafile_api.get_dir_id_by_commit_and_path(repo.id,
repo.head_cmmt_id, path)
try:
total_size = seafile_api.get_dir_size(repo.store_id,
repo.version, dir_id)
except Exception as e:
logger.error(str(e))
return render_error(request, _('Internal Server Error'))
if total_size > MAX_DOWNLOAD_DIR_SIZE:
return render_error(request, _('Unable to download directory "%s": size is too large.') % dirname)
is_windows = 0
if is_windows_operating_system(request):
is_windows = 1
fake_obj_id = {
'obj_id': dir_id,
'dir_name': dirname,
'is_windows': is_windows
}
token = seafile_api.get_fileserver_access_token(
repo_id, json.dumps(fake_obj_id), 'download-dir', request.user.username)
if not token:
return render_error(request, _('Internal Server Error'))
else:
return render_error(request, _('Unable to download "%s"') % dirname )
url = gen_file_get_url(token, dirname)
from seahub.views.file import send_file_access_msg
send_file_access_msg(request, repo, path, 'web')
return redirect(url)
def delete(self, request, repo_id, format=None):
""" Delete file.
Permission checking:
1. user with 'rw' permission.
"""
# argument check
path = request.GET.get('p', None)
if not path:
error_msg = 'p invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
path = normalize_file_path(path)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
file_id = seafile_api.get_file_id_by_path(repo_id, path)
if not file_id:
return Response({'success': True})
# permission check
parent_dir = os.path.dirname(path)
username = request.user.username
if parse_repo_perm(check_folder_permission(request, repo_id, parent_dir)).can_delete is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check file lock
try:
is_locked, locked_by_me = check_file_lock(repo_id, path, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if is_locked and not locked_by_me:
error_msg = _("File is locked")
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# delete file
file_name = os.path.basename(path)
try:
seafile_api.del_file(repo_id, parent_dir,
file_name, request.user.username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def delete(self, request, repo_id, format=None):
""" Delete dir.
Permission checking:
1. user with 'rw' permission.
"""
# argument check
path = request.GET.get('p', None)
if not path:
error_msg = 'p invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if path == '/':
error_msg = 'Can not delete root path.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
dir_id = seafile_api.get_dir_id_by_path(repo_id, path)
if not dir_id:
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if parse_repo_perm(check_folder_permission(request, repo_id, path)).can_delete is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if path[-1] == '/':
path = path[:-1]
path = path.rstrip('/')
username = request.user.username
parent_dir = os.path.dirname(path)
dir_name = os.path.basename(path)
try:
seafile_api.del_file(repo_id, parent_dir, dir_name, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def post(self, request):
""" Create share link.
Permission checking:
1. default(NOT guest) user;
"""
# argument check
repo_id = request.data.get('repo_id', None)
if not repo_id:
error_msg = 'repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
path = request.data.get('path', None)
if not path:
error_msg = 'path invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
password = request.data.get('password', None)
if password and len(password) < config.SHARE_LINK_PASSWORD_MIN_LENGTH:
error_msg = _('Password is too short.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
expire_days = int(request.data.get('expire_days', 0))
except ValueError:
error_msg = 'expire_days invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if expire_days <= 0:
if SHARE_LINK_EXPIRE_DAYS_DEFAULT > 0:
expire_days = SHARE_LINK_EXPIRE_DAYS_DEFAULT
if SHARE_LINK_EXPIRE_DAYS_MIN > 0:
if expire_days < SHARE_LINK_EXPIRE_DAYS_MIN:
error_msg = _('Expire days should be greater or equal to %s') % \
SHARE_LINK_EXPIRE_DAYS_MIN
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if SHARE_LINK_EXPIRE_DAYS_MAX > 0:
if expire_days > SHARE_LINK_EXPIRE_DAYS_MAX:
error_msg = _('Expire days should be less than or equal to %s') % \
SHARE_LINK_EXPIRE_DAYS_MAX
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if expire_days <= 0:
expire_date = None
else:
expire_date = timezone.now() + relativedelta(days=expire_days)
try:
perm = check_permissions_arg(request)
except Exception:
error_msg = 'permissions invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if path != '/':
dirent = seafile_api.get_dirent_by_path(repo_id, path)
if not dirent:
error_msg = 'Dirent %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if repo.encrypted:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
repo_folder_permission = seafile_api.check_permission_by_path(
repo_id, path, username)
if parse_repo_perm(
repo_folder_permission).can_generate_share_link is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if repo_folder_permission in (PERMISSION_PREVIEW_EDIT, PERMISSION_PREVIEW) \
and perm != FileShare.PERM_VIEW_ONLY:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if repo_folder_permission in (PERMISSION_READ) \
and perm not in (FileShare.PERM_VIEW_DL, FileShare.PERM_VIEW_ONLY):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if path != '/':
s_type = 'd' if stat.S_ISDIR(dirent.mode) else 'f'
if s_type == 'f':
file_name = os.path.basename(path.rstrip('/'))
can_edit, error_msg = can_edit_file(file_name, dirent.size,
repo)
if not can_edit and perm in (FileShare.PERM_EDIT_DL,
FileShare.PERM_EDIT_ONLY):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
s_type = 'd'
# create share link
org_id = request.user.org.org_id if is_org_context(request) else None
if s_type == 'f':
fs = FileShare.objects.get_file_link_by_path(
username, repo_id, path)
if fs:
error_msg = _('Share link %s already exists.' % fs.token)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
fs = FileShare.objects.create_file_link(username,
repo_id,
path,
password,
expire_date,
permission=perm,
org_id=org_id)
elif s_type == 'd':
fs = FileShare.objects.get_dir_link_by_path(
username, repo_id, path)
if fs:
error_msg = _('Share link %s already exists.' % fs.token)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
fs = FileShare.objects.create_dir_link(username,
repo_id,
path,
password,
expire_date,
permission=perm,
org_id=org_id)
link_info = get_share_link_info(fs)
return Response(link_info)
def post(self, request):
""" Create share link.
Permission checking:
1. default(NOT guest) user;
"""
# argument check
repo_id = request.data.get('repo_id', None)
if not repo_id:
error_msg = 'repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
path = request.data.get('path', None)
if not path:
error_msg = 'path invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
password = request.data.get('password', None)
if password and len(password) < config.SHARE_LINK_PASSWORD_MIN_LENGTH:
error_msg = _('Password is too short.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
expire_days = int(request.data.get('expire_days', 0))
except ValueError:
expire_days = 0
if SHARE_LINK_EXPIRE_DAYS_MIN > 0:
if expire_days < SHARE_LINK_EXPIRE_DAYS_MIN:
error_msg = _('Expire days should be greater or equal to %s') % \
SHARE_LINK_EXPIRE_DAYS_MIN
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if SHARE_LINK_EXPIRE_DAYS_MAX > 0:
if expire_days > SHARE_LINK_EXPIRE_DAYS_MAX:
error_msg = _('Expire days should be less than or equal to %s') % \
SHARE_LINK_EXPIRE_DAYS_MAX
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if expire_days <= 0:
expire_date = None
else:
expire_date = timezone.now() + relativedelta(days=expire_days)
perm = check_permissions_arg(request)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if repo.encrypted:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
obj_id, s_type = self._generate_obj_id_and_type_by_path(repo_id, path)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not obj_id:
if s_type == 'f':
error_msg = 'file %s not found.' % path
elif s_type == 'd':
error_msg = 'folder %s not found.' % path
else:
error_msg = 'path %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if parse_repo_perm(check_folder_permission(request, repo_id, path)).can_download is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
org_id = request.user.org.org_id if is_org_context(request) else None
if s_type == 'f':
fs = FileShare.objects.get_file_link_by_path(username, repo_id, path)
if not fs:
fs = FileShare.objects.create_file_link(username, repo_id, path,
password, expire_date,
permission=perm, org_id=org_id)
elif s_type == 'd':
fs = FileShare.objects.get_dir_link_by_path(username, repo_id, path)
if not fs:
fs = FileShare.objects.create_dir_link(username, repo_id, path,
password, expire_date,
permission=perm, org_id=org_id)
link_info = get_share_link_info(fs)
return Response(link_info)
def post(self, request):
""" Create share link.
Permission checking:
1. default(NOT guest) user;
"""
# argument check
repo_id = request.data.get('repo_id', None)
if not repo_id:
error_msg = 'repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
path = request.data.get('path', None)
if not path:
error_msg = 'path invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
password = request.data.get('password', None)
if password and len(password) < config.SHARE_LINK_PASSWORD_MIN_LENGTH:
error_msg = _('Password is too short.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
expire_days = request.data.get('expire_days', '')
expiration_time = request.data.get('expiration_time', '')
if expire_days and expiration_time:
error_msg = 'Can not pass expire_days and expiration_time at the same time.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
expire_date = None
if expire_days:
try:
expire_days = int(expire_days)
except ValueError:
error_msg = 'expire_days invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if expire_days <= 0:
error_msg = 'expire_days invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if SHARE_LINK_EXPIRE_DAYS_MIN > 0:
if expire_days < SHARE_LINK_EXPIRE_DAYS_MIN:
error_msg = _('Expire days should be greater or equal to %s') % \
SHARE_LINK_EXPIRE_DAYS_MIN
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if SHARE_LINK_EXPIRE_DAYS_MAX > 0:
if expire_days > SHARE_LINK_EXPIRE_DAYS_MAX:
error_msg = _('Expire days should be less than or equal to %s') % \
SHARE_LINK_EXPIRE_DAYS_MAX
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
expire_date = timezone.now() + relativedelta(days=expire_days)
elif expiration_time:
try:
expire_date = dateutil.parser.isoparse(expiration_time)
except Exception as e:
logger.error(e)
error_msg = 'expiration_time invalid, should be iso format, for example: 2020-05-17T10:26:22+08:00'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
expire_date = expire_date.astimezone(get_current_timezone()).replace(tzinfo=None)
if SHARE_LINK_EXPIRE_DAYS_MIN > 0:
expire_date_min_limit = timezone.now() + relativedelta(days=SHARE_LINK_EXPIRE_DAYS_MIN)
expire_date_min_limit = expire_date_min_limit.replace(hour=0).replace(minute=0).replace(second=0)
if expire_date < expire_date_min_limit:
error_msg = _('Expiration time should be later than %s.') % \
expire_date_min_limit.strftime("%Y-%m-%d %H:%M:%S")
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if SHARE_LINK_EXPIRE_DAYS_MAX > 0:
expire_date_max_limit = timezone.now() + relativedelta(days=SHARE_LINK_EXPIRE_DAYS_MAX)
expire_date_max_limit = expire_date_max_limit.replace(hour=23).replace(minute=59).replace(second=59)
if expire_date > expire_date_max_limit:
error_msg = _('Expiration time should be earlier than %s.') % \
expire_date_max_limit.strftime("%Y-%m-%d %H:%M:%S")
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
else:
if SHARE_LINK_EXPIRE_DAYS_DEFAULT > 0:
expire_date = timezone.now() + relativedelta(days=SHARE_LINK_EXPIRE_DAYS_DEFAULT)
try:
perm = check_permissions_arg(request)
except Exception:
error_msg = 'permissions invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if path != '/':
dirent = seafile_api.get_dirent_by_path(repo_id, path)
if not dirent:
error_msg = 'Dirent %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if repo.encrypted:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
repo_folder_permission = seafile_api.check_permission_by_path(repo_id, path, username)
if parse_repo_perm(repo_folder_permission).can_generate_share_link is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if repo_folder_permission in (PERMISSION_PREVIEW_EDIT, PERMISSION_PREVIEW) \
and perm != FileShare.PERM_VIEW_ONLY:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if repo_folder_permission in (PERMISSION_READ) \
and perm not in (FileShare.PERM_VIEW_DL, FileShare.PERM_VIEW_ONLY):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# can_upload requires rw repo permission
if perm == FileShare.PERM_VIEW_DL_UPLOAD and \
repo_folder_permission != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if path != '/':
s_type = 'd' if stat.S_ISDIR(dirent.mode) else 'f'
if s_type == 'f':
file_name = os.path.basename(path.rstrip('/'))
can_edit, error_msg = can_edit_file(file_name, dirent.size, repo)
if not can_edit and perm in (FileShare.PERM_EDIT_DL, FileShare.PERM_EDIT_ONLY):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
s_type = 'd'
# create share link
org_id = request.user.org.org_id if is_org_context(request) else None
if s_type == 'f':
fs = FileShare.objects.get_file_link_by_path(username, repo_id, path)
if fs:
error_msg = _('Share link %s already exists.' % fs.token)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
fs = FileShare.objects.create_file_link(username, repo_id, path,
password, expire_date,
permission=perm, org_id=org_id)
elif s_type == 'd':
fs = FileShare.objects.get_dir_link_by_path(username, repo_id, path)
if fs:
error_msg = _('Share link %s already exists.' % fs.token)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
fs = FileShare.objects.create_dir_link(username, repo_id, path,
password, expire_date,
permission=perm, org_id=org_id)
link_info = get_share_link_info(fs)
return Response(link_info)
def test_invalid_prop(self):
try:
parse_repo_perm(PERMISSION_READ).can_downloadxx
assert False
except AttributeError:
assert True
def test_parse_repo_perm_upload(self):
assert parse_repo_perm(PERMISSION_ADMIN).can_upload is True
assert parse_repo_perm(PERMISSION_READ_WRITE).can_upload is True
assert parse_repo_perm(PERMISSION_READ).can_upload is False
assert parse_repo_perm(PERMISSION_PREVIEW).can_upload is False
assert parse_repo_perm(PERMISSION_PREVIEW_EDIT).can_upload is False
def post(self, request, repo_id, format=None):
""" Create, rename, move, copy, revert file
Permission checking:
1. create: user with 'rw' permission for current parent dir;
2. rename: user with 'rw' permission for current file;
3. move : user with 'rw' permission for current file, 'rw' permission for dst parent dir;
4. copy : user with 'r' permission for current file, 'rw' permission for dst parent dir;
4. revert: user with 'rw' permission for current file's parent dir;
"""
# argument check
path = request.GET.get('p', None)
if not path:
error_msg = 'p invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
path = normalize_file_path(path)
operation = request.data.get('operation', None)
if not operation:
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
operation = operation.lower()
if operation not in ('create', 'rename', 'move', 'copy', 'revert'):
error_msg = "operation can only be 'create', 'rename', 'move', 'copy' or 'revert'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
username = request.user.username
parent_dir = os.path.dirname(path)
is_draft = request.POST.get('is_draft', '')
if operation == 'create':
# resource check
try:
parent_dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not parent_dir_id:
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if check_folder_permission(request, repo_id, parent_dir) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if is_draft.lower() == 'true':
file_name = os.path.basename(path)
file_dir = os.path.dirname(path)
draft_type = os.path.splitext(file_name)[0][-7:]
file_type = os.path.splitext(file_name)[-1]
if draft_type != '(draft)':
f = os.path.splitext(file_name)[0]
path = file_dir + '/' + f + '(draft)' + file_type
# create new empty file
new_file_name = os.path.basename(path)
if not is_valid_dirent_name(new_file_name):
return api_error(status.HTTP_400_BAD_REQUEST,
'name invalid.')
new_file_name = check_filename_with_rename(repo_id, parent_dir, new_file_name)
try:
seafile_api.post_empty_file(repo_id, parent_dir, new_file_name, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if is_draft.lower() == 'true':
Draft.objects.add(username, repo, path, file_exist=False)
# update office file by template
if new_file_name.endswith('.xlsx'):
empty_file_path = os.path.join(OFFICE_TEMPLATE_ROOT, 'empty.xlsx')
elif new_file_name.endswith('.pptx'):
empty_file_path = os.path.join(OFFICE_TEMPLATE_ROOT, 'empty.pptx')
elif new_file_name.endswith('.docx'):
empty_file_path = os.path.join(OFFICE_TEMPLATE_ROOT, 'empty.docx')
else:
empty_file_path = ''
if empty_file_path:
# get file server update url
update_token = seafile_api.get_fileserver_access_token(
repo_id, 'dummy', 'update', username)
if not update_token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
update_url = gen_inner_file_upload_url('update-api', update_token)
# update file
new_file_path = posixpath.join(parent_dir, new_file_name)
try:
requests.post(
update_url,
data={'filename': new_file_name, 'target_file': new_file_path},
files={'file': open(empty_file_path, 'rb')}
)
except Exception as e:
logger.error(e)
new_file_path = posixpath.join(parent_dir, new_file_name)
file_info = self.get_file_info(username, repo_id, new_file_path)
return Response(file_info)
if operation == 'rename':
# argument check
new_file_name = request.data.get('newname', None)
if not new_file_name:
error_msg = 'newname invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not is_valid_dirent_name(new_file_name):
return api_error(status.HTTP_400_BAD_REQUEST,
'name invalid.')
if len(new_file_name) > MAX_UPLOAD_FILE_NAME_LEN:
error_msg = 'newname is too long.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
oldname = os.path.basename(path)
if oldname == new_file_name:
error_msg = 'The new name is the same to the old'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
try:
file_id = seafile_api.get_file_id_by_path(repo_id, path)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not file_id:
error_msg = 'File %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if check_folder_permission(request, repo_id, parent_dir) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check file lock
try:
is_locked, locked_by_me = check_file_lock(repo_id, path, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if is_locked and not locked_by_me:
error_msg = _("File is locked")
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# rename file
new_file_name = check_filename_with_rename(repo_id, parent_dir,
new_file_name)
try:
seafile_api.rename_file(repo_id, parent_dir, oldname,
new_file_name, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_file_path = posixpath.join(parent_dir, new_file_name)
# rename draft file
filetype, fileext = get_file_type_and_ext(new_file_name)
if filetype == MARKDOWN or filetype == TEXT:
is_draft = is_draft_file(repo.id, path)
review = get_file_draft(repo.id, path, is_draft)
draft_id = review['draft_id']
if is_draft:
try:
draft = Draft.objects.get(pk=draft_id)
draft.draft_file_path = new_file_path
draft.save()
except Draft.DoesNotExist:
pass
file_info = self.get_file_info(username, repo_id, new_file_path)
return Response(file_info)
if operation == 'move':
# argument check
dst_repo_id = request.data.get('dst_repo', None)
dst_dir = request.data.get('dst_dir', None)
if not dst_repo_id:
error_msg = 'dst_repo invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dst_dir:
error_msg = 'dst_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dst_dir = normalize_dir_path(dst_dir)
# resource check for source file
try:
file_id = seafile_api.get_file_id_by_path(repo_id, path)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not file_id:
error_msg = 'File %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# resource check for dst repo and dir
dst_repo = seafile_api.get_repo(dst_repo_id)
if not dst_repo:
error_msg = 'Library %s not found.' % dst_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dst_dir_id = seafile_api.get_dir_id_by_path(dst_repo_id, dst_dir)
if not dst_dir_id:
error_msg = 'Folder %s not found.' % dst_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check for source file
src_repo_id = repo_id
src_dir = os.path.dirname(path)
if check_folder_permission(request, src_repo_id, src_dir) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# permission check for dst dir
if check_folder_permission(request, dst_repo_id, dst_dir) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check file lock
try:
is_locked, locked_by_me = check_file_lock(repo_id, path, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if is_locked and not locked_by_me:
error_msg = _("File is locked")
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# move file
if src_repo_id == dst_repo_id and src_dir == dst_dir:
file_info = self.get_file_info(username, repo_id, path)
return Response(file_info)
filename = os.path.basename(path)
new_file_name = check_filename_with_rename(dst_repo_id, dst_dir, filename)
try:
seafile_api.move_file(src_repo_id, src_dir, filename,
dst_repo_id, dst_dir, new_file_name, replace=False,
username=username, need_progress=0, synchronous=1)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
dst_file_path = posixpath.join(dst_dir, new_file_name)
dst_file_info = self.get_file_info(username, dst_repo_id, dst_file_path)
return Response(dst_file_info)
if operation == 'copy':
# argument check
dst_repo_id = request.data.get('dst_repo', None)
dst_dir = request.data.get('dst_dir', None)
if not dst_repo_id:
error_msg = 'dst_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dst_dir:
error_msg = 'dst_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dst_dir = normalize_dir_path(dst_dir)
# resource check for source file
try:
file_id = seafile_api.get_file_id_by_path(repo_id, path)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not file_id:
error_msg = 'File %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# resource check for dst repo and dir
dst_repo = seafile_api.get_repo(dst_repo_id)
if not dst_repo:
error_msg = 'Library %s not found.' % dst_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dst_dir_id = seafile_api.get_dir_id_by_path(dst_repo_id, dst_dir)
if not dst_dir_id:
error_msg = 'Folder %s not found.' % dst_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check for source file
src_repo_id = repo_id
src_dir = os.path.dirname(path)
if parse_repo_perm(check_folder_permission(
request, src_repo_id, src_dir)).can_copy is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# permission check for dst dir
if check_folder_permission(request, dst_repo_id, dst_dir) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
filename = os.path.basename(path)
new_file_name = check_filename_with_rename(dst_repo_id, dst_dir, filename)
try:
seafile_api.copy_file(src_repo_id, src_dir, filename, dst_repo_id,
dst_dir, new_file_name, username, 0, synchronous=1)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
dst_file_path = posixpath.join(dst_dir, new_file_name)
dst_file_info = self.get_file_info(username, dst_repo_id, dst_file_path)
return Response(dst_file_info)
if operation == 'revert':
commit_id = request.data.get('commit_id', None)
if not commit_id:
error_msg = 'commit_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if seafile_api.get_file_id_by_path(repo_id, path):
# file exists in repo
if check_folder_permission(request, repo_id, parent_dir) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check file lock
try:
is_locked, locked_by_me = check_file_lock(repo_id, path, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if is_locked and not locked_by_me:
error_msg = _("File is locked")
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
# file NOT exists in repo
if check_folder_permission(request, repo_id, '/') != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
seafile_api.revert_file(repo_id, commit_id, path, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def post(self, request, repo_id, format=None):
""" Create, rename, revert dir.
Permission checking:
1. create: user with 'rw' permission for current dir's parent dir;
2. rename: user with 'rw' permission for current dir;
3. revert: user with 'rw' permission for current dir's parent dir;
"""
# argument check
path = request.GET.get('p', None)
if not path or path[0] != '/':
error_msg = 'p invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if path == '/':
error_msg = 'Can not operate root dir.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
operation = request.data.get('operation', None)
if not operation:
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
operation = operation.lower()
if operation not in ('mkdir', 'rename', 'revert'):
error_msg = "operation can only be 'mkdir', 'rename' or 'revert'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = path.rstrip('/')
username = request.user.username
parent_dir = os.path.dirname(path)
if operation == 'mkdir':
# resource check
parent_dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
if not parent_dir_id:
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if check_folder_permission(request, repo_id, parent_dir) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
new_dir_name = os.path.basename(path)
if not is_valid_dirent_name(new_dir_name):
return api_error(status.HTTP_400_BAD_REQUEST,
'name invalid.')
retry_count = 0
while retry_count < 10:
new_dir_name = check_filename_with_rename(repo_id,
parent_dir, new_dir_name)
try:
seafile_api.post_dir(repo_id,
parent_dir, new_dir_name, username)
break
except SearpcError as e:
if str(e) == 'file already exists':
retry_count += 1
else:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
new_dir_path = posixpath.join(parent_dir, new_dir_name)
dir_info = self.get_dir_info(repo_id, new_dir_path)
resp = Response(dir_info)
return resp
if operation == 'rename':
# resource check
dir_id = seafile_api.get_dir_id_by_path(repo_id, path)
if not dir_id:
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if parse_repo_perm(check_folder_permission(request, repo_id, path)).can_edit_on_web is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
old_dir_name = os.path.basename(path)
new_dir_name = request.data.get('newname', None)
if not new_dir_name:
error_msg = 'newname invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not is_valid_dirent_name(new_dir_name):
return api_error(status.HTTP_400_BAD_REQUEST,
'name invalid.')
if new_dir_name == old_dir_name:
dir_info = self.get_dir_info(repo_id, path)
resp = Response(dir_info)
return resp
try:
# rename duplicate name
new_dir_name = check_filename_with_rename(repo_id, parent_dir, new_dir_name)
# rename dir
seafile_api.rename_file(repo_id, parent_dir, old_dir_name,
new_dir_name, username)
new_dir_path = posixpath.join(parent_dir, new_dir_name)
dir_info = self.get_dir_info(repo_id, new_dir_path)
resp = Response(dir_info)
return resp
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if operation == 'revert':
commit_id = request.data.get('commit_id', None)
if not commit_id:
error_msg = 'commit_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if seafile_api.get_dir_id_by_path(repo_id, path):
# dir exists in repo
if check_folder_permission(request, repo_id, path) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
# dir NOT exists in repo
if check_folder_permission(request, repo_id, '/') != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
seafile_api.revert_dir(repo_id, commit_id, path, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def post(self, request, repo_id, format=None):
""" Get file server token for download-dir and download-multi.
Permission checking:
1. user with 'r' or 'rw' permission;
"""
# argument check
parent_dir = request.data.get('parent_dir', None)
if not parent_dir:
error_msg = 'parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dirent_name_list = request.data.getlist('dirents', None)
if not dirent_name_list:
error_msg = 'dirents invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if len(dirent_name_list) == 1:
download_type = 'download-dir'
elif len(dirent_name_list) > 1:
download_type = 'download-multi'
else:
error_msg = 'dirents invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not seafile_api.get_dir_id_by_path(repo_id, parent_dir):
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if parse_repo_perm(check_folder_permission(request, repo_id, parent_dir)).can_download is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# get file server access token
is_windows = 0
if is_windows_operating_system(request):
is_windows = 1
if download_type == 'download-dir':
dir_name = dirent_name_list[0].strip('/')
full_dir_path = posixpath.join(parent_dir, dir_name)
dir_id = seafile_api.get_dir_id_by_path(repo_id, full_dir_path)
if not dir_id:
error_msg = 'Folder %s not found.' % full_dir_path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dir_size = seafile_api.get_dir_size(
repo.store_id, repo.version, dir_id)
if dir_size > seaserv.MAX_DOWNLOAD_DIR_SIZE:
error_msg = 'Unable to download directory "%s": size is too large.' % dir_name
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
fake_obj_id = {
'obj_id': dir_id,
'dir_name': dir_name,
'is_windows': is_windows
}
if download_type == 'download-multi':
dirent_list = []
total_size = 0
for dirent_name in dirent_name_list:
dirent_name = dirent_name.strip('/')
dirent_list.append(dirent_name)
full_dirent_path = posixpath.join(parent_dir, dirent_name)
current_dirent = seafile_api.get_dirent_by_path(repo_id, full_dirent_path)
if not current_dirent:
continue
if stat.S_ISDIR(current_dirent.mode):
total_size += seafile_api.get_dir_size(repo.store_id,
repo.version, current_dirent.obj_id)
else:
total_size += current_dirent.size
if total_size > seaserv.MAX_DOWNLOAD_DIR_SIZE:
error_msg = _('Total size exceeds limit.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
fake_obj_id = {
'parent_dir': parent_dir,
'file_list': dirent_list,
'is_windows': is_windows
}
username = request.user.username
try:
zip_token = seafile_api.get_fileserver_access_token(
repo_id, json.dumps(fake_obj_id), download_type, username,
use_onetime=settings.FILESERVER_TOKEN_ONCE_ONLY
)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not zip_token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if len(dirent_name_list) > 10:
send_file_access_msg(request, repo, parent_dir, 'web')
else:
for dirent_name in dirent_name_list:
full_dirent_path = posixpath.join(parent_dir, dirent_name)
send_file_access_msg(request, repo, full_dirent_path, 'web')
return Response({'zip_token': zip_token})
def post(self, request):
""" Copy/move file/dir, and return task id.
Permission checking:
1. move: user with 'rw' permission for current file, 'rw' permission for dst parent dir;
2. copy: user with 'r' permission for current file, 'rw' permission for dst parent dir;
"""
src_repo_id = request.data.get('src_repo_id', None)
src_parent_dir = request.data.get('src_parent_dir', None)
src_dirent_name = request.data.get('src_dirent_name', None)
dst_repo_id = request.data.get('dst_repo_id', None)
dst_parent_dir = request.data.get('dst_parent_dir', None)
operation = request.data.get('operation', None)
dirent_type = request.data.get('dirent_type', None)
# argument check
if not src_repo_id:
error_msg = 'src_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not src_parent_dir:
error_msg = 'src_parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not src_dirent_name:
error_msg = 'src_dirent_name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dst_repo_id:
error_msg = 'dst_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dst_parent_dir:
error_msg = 'dst_parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not operation:
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dirent_type:
error_msg = 'dirent_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if len(dst_parent_dir + src_dirent_name) > MAX_PATH:
error_msg = _('Destination path is too long.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
operation = operation.lower()
if operation not in ('move', 'copy'):
error_msg = "operation can only be 'move' or 'copy'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if operation == 'move':
if src_repo_id == dst_repo_id and src_parent_dir == dst_parent_dir:
error_msg = _('Invalid destination path')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dirent_type = dirent_type.lower()
if dirent_type not in ('file', 'dir'):
error_msg = "operation can only be 'file' or 'dir'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# src resource check
src_repo = seafile_api.get_repo(src_repo_id)
if not src_repo:
error_msg = 'Library %s not found.' % src_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
src_dirent_path = posixpath.join(src_parent_dir, src_dirent_name)
file_id = None
if dirent_type == 'file':
file_id = seafile_api.get_file_id_by_path(src_repo_id, src_dirent_path)
if not file_id:
error_msg = 'File %s not found.' % src_dirent_path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dir_id = None
if dirent_type == 'dir':
dir_id = seafile_api.get_dir_id_by_path(src_repo_id, src_dirent_path)
if not dir_id:
error_msg = 'Folder %s not found.' % src_dirent_path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# dst resource check
dst_repo = seafile_api.get_repo(dst_repo_id)
if not dst_repo:
error_msg = 'Library %s not found.' % dst_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not seafile_api.get_dir_id_by_path(dst_repo_id,
dst_parent_dir):
error_msg = 'Folder %s not found.' % dst_parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check for dst parent dir
if check_folder_permission(request, dst_repo_id, dst_parent_dir) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if operation == 'copy' or \
operation == 'move' and \
get_repo_owner(request, src_repo_id) != get_repo_owner(request, dst_repo_id):
current_size = 0
if file_id:
current_size = seafile_api.get_file_size(src_repo.store_id,
src_repo.version, file_id)
if dir_id:
current_size = seafile_api.get_dir_size(src_repo.store_id,
src_repo.version, dir_id)
# check if above quota for dst repo
if seafile_api.check_quota(dst_repo_id, current_size) < 0:
return api_error(HTTP_443_ABOVE_QUOTA, _(u"Out of quota."))
new_dirent_name = check_filename_with_rename(dst_repo_id,
dst_parent_dir, src_dirent_name)
username = request.user.username
if operation == 'move':
# permission check for src parent dir
if check_folder_permission(request, src_repo_id, src_parent_dir) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if dirent_type == 'dir' and src_repo_id == dst_repo_id and \
dst_parent_dir.startswith(src_dirent_path + '/'):
error_msg = _(u'Can not move directory %(src)s to its subdirectory %(des)s') \
% {'src': escape(src_dirent_path), 'des': escape(dst_parent_dir)}
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if dirent_type == 'file':
# check file lock
try:
is_locked, locked_by_me = check_file_lock(src_repo_id,
src_dirent_path, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if is_locked and not locked_by_me:
error_msg = _("File is locked")
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
res = seafile_api.move_file(src_repo_id, src_parent_dir,
src_dirent_name, dst_repo_id, dst_parent_dir,
new_dirent_name, replace=False, username=username,
need_progress=1)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if operation == 'copy':
# permission check for src parent dir
if parse_repo_perm(check_folder_permission(
request, src_repo_id, src_parent_dir)).can_copy is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
res = seafile_api.copy_file(src_repo_id, src_parent_dir,
src_dirent_name, dst_repo_id, dst_parent_dir,
new_dirent_name, username=username,
need_progress=1)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not res:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
result = {}
if res.background:
result['task_id'] = res.task_id
return Response(result)
def post(self, request):
""" Multi copy files/folders.
Permission checking:
1. User must has `r/rw` permission for src folder.
2. User must has `rw` permission for dst folder.
Parameter:
{
"src_repo_id":"7460f7ac-a0ff-4585-8906-bb5a57d2e118",
"dst_repo_id":"a3fa768d-0f00-4343-8b8d-07b4077881db",
"paths":[
{"src_path":"/1/2/3/","dst_path":"/4/5/6/"},
{"src_path":"/a/b/c/","dst_path":"/d/e/f/"},
]
}
"""
# argument check
path_list = request.data.get('paths', None)
if not path_list:
error_msg = 'paths invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
src_repo_id = request.data.get('src_repo_id', None)
if not src_repo_id:
error_msg = 'src_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dst_repo_id = request.data.get('dst_repo_id', None)
if not dst_repo_id:
error_msg = 'dst_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
src_repo = seafile_api.get_repo(src_repo_id)
if not src_repo:
error_msg = 'Library %s not found.' % src_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dst_repo = seafile_api.get_repo(dst_repo_id)
if not dst_repo:
error_msg = 'Library %s not found.' % dst_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if check_folder_permission(request, src_repo_id, '/') is None:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if check_folder_permission(request, dst_repo_id, '/') is None:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
result = {}
result['failed'] = []
result['success'] = []
username = request.user.username
for path_item in path_list:
src_path = path_item['src_path']
src_path = normalize_dir_path(src_path)
src_parent_dir = os.path.dirname(src_path.rstrip('/'))
src_parent_dir = normalize_dir_path(src_parent_dir)
src_obj_name = os.path.basename(src_path.rstrip('/'))
dst_path = path_item['dst_path']
dst_path = normalize_dir_path(dst_path)
dst_parent_dir = dst_path
dst_obj_name = src_obj_name
common_dict = {
'src_repo_id': src_repo_id,
'src_path': src_path,
'dst_repo_id': dst_repo_id,
'dst_path': dst_path,
}
# src/dst parameter check
if src_repo_id == dst_repo_id and \
dst_path.startswith(src_path):
error_dict = {
'error_msg': "The destination directory is the same as the source, or is it's subfolder."
}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
if src_path == '/':
error_dict = {
'error_msg': "The source path can not be '/'."
}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
if len(dst_parent_dir + dst_obj_name) > MAX_PATH:
error_dict = {
'error_msg': "'Destination path is too long."
}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
# src resource check
## as we don't know if `src_path` stands for a file or a folder,
## so we check both
src_dir_id = seafile_api.get_dir_id_by_path(src_repo_id, src_path)
src_file_id = seafile_api.get_file_id_by_path(src_repo_id,
normalize_file_path(src_path))
if not src_dir_id and not src_file_id:
error_dict = {
'error_msg': '%s not found.' % src_path
}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
# dst resource check
if not seafile_api.get_dir_id_by_path(dst_repo_id, dst_path):
error_dict = {
'error_msg': 'Folder %s not found.' % dst_path
}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
# src path permission check, user must has `r/rw` permission for src folder.
if parse_repo_perm(check_folder_permission(request, src_repo_id, src_parent_dir)).can_copy is False:
error_dict = {
'error_msg': 'Permission denied.'
}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
# dst path permission check, user must has `rw` permission for dst folder.
if check_folder_permission(request, dst_repo_id, dst_path) != 'rw':
error_dict = {
'error_msg': 'Permission denied.'
}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
try:
dst_obj_name = check_filename_with_rename(dst_repo_id,
dst_parent_dir, dst_obj_name)
# need_progress=0, synchronous=1
seafile_api.copy_file(src_repo_id, src_parent_dir, src_obj_name,
dst_repo_id, dst_parent_dir, dst_obj_name, username, 0, 1)
except Exception as e:
logger.error(e)
error_dict = {
'error_msg': 'Internal Server Error'
}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
common_dict['dst_obj_name'] = dst_obj_name
result['success'].append(common_dict)
return Response(result)
def post(self, request, repo_id, format=None):
""" Get file server token for download-dir and download-multi.
Permission checking:
1. user with 'r' or 'rw' permission;
"""
# argument check
parent_dir = request.data.get('parent_dir', None)
if not parent_dir:
error_msg = 'parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dirent_name_list = request.data.getlist('dirents', None)
if not dirent_name_list:
error_msg = 'dirents invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if len(dirent_name_list) == 1:
download_type = 'download-dir'
elif len(dirent_name_list) > 1:
download_type = 'download-multi'
else:
error_msg = 'dirents invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not seafile_api.get_dir_id_by_path(repo_id, parent_dir):
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
repo_folder_permission = check_folder_permission(
request, repo_id, parent_dir)
if parse_repo_perm(repo_folder_permission).can_download is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# get file server access token
is_windows = 0
if is_windows_operating_system(request):
is_windows = 1
if download_type == 'download-dir':
dir_name = dirent_name_list[0].strip('/')
full_dir_path = posixpath.join(parent_dir, dir_name)
dir_id = seafile_api.get_dir_id_by_path(repo_id, full_dir_path)
if not dir_id:
error_msg = 'Folder %s not found.' % full_dir_path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not json.loads(seafile_api.is_dir_downloadable(repo_id, json.dumps([full_dir_path]), \
request.user.username, repo_folder_permission))['is_downloadable']:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
fake_obj_id = {
'obj_id': dir_id,
'dir_name': dir_name,
'is_windows': is_windows
}
if download_type == 'download-multi':
dirent_list = []
full_dirent_path_list = []
for dirent_name in dirent_name_list:
dirent_name = dirent_name.strip('/')
dirent_list.append(dirent_name)
full_dirent_path = posixpath.join(parent_dir, dirent_name)
current_dirent = seafile_api.get_dirent_by_path(
repo_id, full_dirent_path)
if not current_dirent:
continue
full_dirent_path_list.append(full_dirent_path)
if not json.loads(seafile_api.is_dir_downloadable(repo_id, json.dumps(full_dirent_path_list), \
request.user.username, repo_folder_permission))['is_downloadable']:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
fake_obj_id = {
'parent_dir': parent_dir,
'file_list': dirent_list,
'is_windows': is_windows
}
username = request.user.username
try:
zip_token = seafile_api.get_fileserver_access_token(
repo_id,
json.dumps(fake_obj_id),
download_type,
username,
use_onetime=settings.FILESERVER_TOKEN_ONCE_ONLY)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not zip_token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if len(dirent_name_list) > 10:
send_file_access_msg(request, repo, parent_dir, 'web')
else:
for dirent_name in dirent_name_list:
full_dirent_path = posixpath.join(parent_dir, dirent_name)
send_file_access_msg(request, repo, full_dirent_path, 'web')
return Response({'zip_token': zip_token})
def post(self, request):
""" Create share link.
Permission checking:
1. default(NOT guest) user;
"""
# argument check
repo_id = request.data.get('repo_id', None)
if not repo_id:
error_msg = 'repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
path = request.data.get('path', None)
if not path:
error_msg = 'path invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
password = request.data.get('password', None)
if password and len(password) < config.SHARE_LINK_PASSWORD_MIN_LENGTH:
error_msg = _('Password is too short.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
expire_days = int(request.data.get('expire_days', 0))
except ValueError:
error_msg = 'expire_days invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if expire_days <= 0:
if SHARE_LINK_EXPIRE_DAYS_DEFAULT > 0:
expire_days = SHARE_LINK_EXPIRE_DAYS_DEFAULT
if SHARE_LINK_EXPIRE_DAYS_MIN > 0:
if expire_days < SHARE_LINK_EXPIRE_DAYS_MIN:
error_msg = _('Expire days should be greater or equal to %s') % \
SHARE_LINK_EXPIRE_DAYS_MIN
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if SHARE_LINK_EXPIRE_DAYS_MAX > 0:
if expire_days > SHARE_LINK_EXPIRE_DAYS_MAX:
error_msg = _('Expire days should be less than or equal to %s') % \
SHARE_LINK_EXPIRE_DAYS_MAX
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if expire_days <= 0:
expire_date = None
else:
expire_date = timezone.now() + relativedelta(days=expire_days)
perm = check_permissions_arg(request)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if repo.encrypted:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
obj_id, s_type = self._generate_obj_id_and_type_by_path(repo_id, path)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not obj_id:
if s_type == 'f':
error_msg = 'file %s not found.' % path
elif s_type == 'd':
error_msg = 'folder %s not found.' % path
else:
error_msg = 'path %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if parse_repo_perm(check_folder_permission(request, repo_id, path)).can_download is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
org_id = request.user.org.org_id if is_org_context(request) else None
if s_type == 'f':
fs = FileShare.objects.get_file_link_by_path(username, repo_id, path)
if not fs:
fs = FileShare.objects.create_file_link(username, repo_id, path,
password, expire_date,
permission=perm, org_id=org_id)
elif s_type == 'd':
fs = FileShare.objects.get_dir_link_by_path(username, repo_id, path)
if not fs:
fs = FileShare.objects.create_dir_link(username, repo_id, path,
password, expire_date,
permission=perm, org_id=org_id)
link_info = get_share_link_info(fs)
return Response(link_info)
def post(self, request):
""" Copy/move file/dir, and return task id.
Permission checking:
1. move: user with 'rw' permission for current file, 'rw' permission for dst parent dir;
2. copy: user with 'r' permission for current file, 'rw' permission for dst parent dir;
"""
src_repo_id = request.data.get('src_repo_id', None)
src_parent_dir = request.data.get('src_parent_dir', None)
src_dirent_name = request.data.get('src_dirent_name', None)
dst_repo_id = request.data.get('dst_repo_id', None)
dst_parent_dir = request.data.get('dst_parent_dir', None)
operation = request.data.get('operation', None)
dirent_type = request.data.get('dirent_type', None)
# argument check
if not src_repo_id:
error_msg = 'src_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not src_parent_dir:
error_msg = 'src_parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not src_dirent_name:
error_msg = 'src_dirent_name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dst_repo_id:
error_msg = 'dst_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dst_parent_dir:
error_msg = 'dst_parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not operation:
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dirent_type:
error_msg = 'dirent_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if len(dst_parent_dir + src_dirent_name) > MAX_PATH:
error_msg = _('Destination path is too long.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
operation = operation.lower()
if operation not in ('move', 'copy'):
error_msg = "operation can only be 'move' or 'copy'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if operation == 'move':
if src_repo_id == dst_repo_id and src_parent_dir == dst_parent_dir:
error_msg = _('Invalid destination path')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dirent_type = dirent_type.lower()
if dirent_type not in ('file', 'dir'):
error_msg = "operation can only be 'file' or 'dir'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# src resource check
src_repo = seafile_api.get_repo(src_repo_id)
if not src_repo:
error_msg = 'Library %s not found.' % src_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
src_dirent_path = posixpath.join(src_parent_dir, src_dirent_name)
file_id = None
if dirent_type == 'file':
file_id = seafile_api.get_file_id_by_path(src_repo_id, src_dirent_path)
if not file_id:
error_msg = 'File %s not found.' % src_dirent_path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dir_id = None
if dirent_type == 'dir':
dir_id = seafile_api.get_dir_id_by_path(src_repo_id, src_dirent_path)
if not dir_id:
error_msg = 'Folder %s not found.' % src_dirent_path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# dst resource check
dst_repo = seafile_api.get_repo(dst_repo_id)
if not dst_repo:
error_msg = 'Library %s not found.' % dst_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not seafile_api.get_dir_id_by_path(dst_repo_id,
dst_parent_dir):
error_msg = 'Folder %s not found.' % dst_parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check for dst parent dir
if check_folder_permission(request, dst_repo_id, dst_parent_dir) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if operation == 'copy' or \
operation == 'move' and \
get_repo_owner(request, src_repo_id) != get_repo_owner(request, dst_repo_id):
current_size = 0
if file_id:
current_size = seafile_api.get_file_size(src_repo.store_id,
src_repo.version, file_id)
if dir_id:
current_size = seafile_api.get_dir_size(src_repo.store_id,
src_repo.version, dir_id)
# check if above quota for dst repo
if seafile_api.check_quota(dst_repo_id, current_size) < 0:
return api_error(HTTP_443_ABOVE_QUOTA, _("Out of quota."))
new_dirent_name = check_filename_with_rename(dst_repo_id,
dst_parent_dir, src_dirent_name)
username = request.user.username
if operation == 'move':
# permission check for src parent dir
if check_folder_permission(request, src_repo_id, src_parent_dir) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if dirent_type == 'dir' and src_repo_id == dst_repo_id and \
dst_parent_dir.startswith(src_dirent_path + '/'):
error_msg = _('Can not move directory %(src)s to its subdirectory %(des)s') \
% {'src': escape(src_dirent_path), 'des': escape(dst_parent_dir)}
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if dirent_type == 'file':
# check file lock
try:
is_locked, locked_by_me = check_file_lock(src_repo_id,
src_dirent_path, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if is_locked and not locked_by_me:
error_msg = _("File is locked")
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
res = seafile_api.move_file(src_repo_id, src_parent_dir,
src_dirent_name, dst_repo_id, dst_parent_dir,
new_dirent_name, replace=False, username=username,
need_progress=1)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if operation == 'copy':
# permission check for src parent dir
if parse_repo_perm(check_folder_permission(
request, src_repo_id, src_parent_dir)).can_copy is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
res = seafile_api.copy_file(src_repo_id, src_parent_dir,
src_dirent_name, dst_repo_id, dst_parent_dir,
new_dirent_name, username=username,
need_progress=1)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not res:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
result = {}
if res.background:
result['task_id'] = res.task_id
return Response(result)
def post(self, request):
""" Multi copy files/folders.
Permission checking:
1. User must has `r/rw` permission for src folder.
2. User must has `rw` permission for dst folder.
Parameter:
{
"src_repo_id":"7460f7ac-a0ff-4585-8906-bb5a57d2e118",
"dst_repo_id":"a3fa768d-0f00-4343-8b8d-07b4077881db",
"paths":[
{"src_path":"/1/2/3/","dst_path":"/4/5/6/"},
{"src_path":"/a/b/c/","dst_path":"/d/e/f/"},
]
}
"""
# argument check
path_list = request.data.get('paths', None)
if not path_list:
error_msg = 'paths invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
src_repo_id = request.data.get('src_repo_id', None)
if not src_repo_id:
error_msg = 'src_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dst_repo_id = request.data.get('dst_repo_id', None)
if not dst_repo_id:
error_msg = 'dst_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
src_repo = seafile_api.get_repo(src_repo_id)
if not src_repo:
error_msg = 'Library %s not found.' % src_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dst_repo = seafile_api.get_repo(dst_repo_id)
if not dst_repo:
error_msg = 'Library %s not found.' % dst_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if check_folder_permission(request, src_repo_id, '/') is None:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if check_folder_permission(request, dst_repo_id, '/') is None:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
result = {}
result['failed'] = []
result['success'] = []
username = request.user.username
for path_item in path_list:
src_path = path_item['src_path']
src_path = normalize_dir_path(src_path)
src_parent_dir = os.path.dirname(src_path.rstrip('/'))
src_parent_dir = normalize_dir_path(src_parent_dir)
src_obj_name = os.path.basename(src_path.rstrip('/'))
dst_path = path_item['dst_path']
dst_path = normalize_dir_path(dst_path)
dst_parent_dir = dst_path
dst_obj_name = src_obj_name
common_dict = {
'src_repo_id': src_repo_id,
'src_path': src_path,
'dst_repo_id': dst_repo_id,
'dst_path': dst_path,
}
# src/dst parameter check
if src_repo_id == dst_repo_id and \
dst_path.startswith(src_path):
error_dict = {
'error_msg':
"The destination directory is the same as the source, or is it's subfolder."
}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
if src_path == '/':
error_dict = {'error_msg': "The source path can not be '/'."}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
if len(dst_parent_dir + dst_obj_name) > MAX_PATH:
error_dict = {'error_msg': "'Destination path is too long."}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
# src resource check
## as we don't know if `src_path` stands for a file or a folder,
## so we check both
src_dir_id = seafile_api.get_dir_id_by_path(src_repo_id, src_path)
src_file_id = seafile_api.get_file_id_by_path(
src_repo_id, normalize_file_path(src_path))
if not src_dir_id and not src_file_id:
error_dict = {'error_msg': '%s not found.' % src_path}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
# dst resource check
if not seafile_api.get_dir_id_by_path(dst_repo_id, dst_path):
error_dict = {'error_msg': 'Folder %s not found.' % dst_path}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
# src path permission check, user must has `r/rw` permission for src folder.
if parse_repo_perm(
check_folder_permission(request, src_repo_id,
src_parent_dir)).can_copy is False:
error_dict = {'error_msg': 'Permission denied.'}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
# dst path permission check, user must has `rw` permission for dst folder.
if check_folder_permission(request, dst_repo_id, dst_path) != 'rw':
error_dict = {'error_msg': 'Permission denied.'}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
try:
dst_obj_name = check_filename_with_rename(
dst_repo_id, dst_parent_dir, dst_obj_name)
# need_progress=0, synchronous=1
seafile_api.copy_file(src_repo_id, src_parent_dir,
src_obj_name, dst_repo_id,
dst_parent_dir, dst_obj_name, username,
0, 1)
except Exception as e:
logger.error(e)
error_dict = {'error_msg': 'Internal Server Error'}
common_dict.update(error_dict)
result['failed'].append(common_dict)
continue
common_dict['dst_obj_name'] = dst_obj_name
result['success'].append(common_dict)
return Response(result)
def get(self, request, repo_id, format=None):
""" Get file server token for download-dir and download-multi.
Permission checking:
1. user with 'r' or 'rw' permission;
"""
# argument check
parent_dir = request.GET.get('parent_dir', None)
if not parent_dir:
error_msg = 'parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dirent_name_list = request.GET.getlist('dirents', None)
if not dirent_name_list:
error_msg = 'dirents invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if len(dirent_name_list) == 1:
download_type = 'download-dir'
elif len(dirent_name_list) > 1:
download_type = 'download-multi'
else:
error_msg = 'dirents invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not seafile_api.get_dir_id_by_path(repo_id, parent_dir):
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if parse_repo_perm(
check_folder_permission(request, repo_id,
parent_dir)).can_download is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# get file server access token
is_windows = 0
if is_windows_operating_system(request):
is_windows = 1
if download_type == 'download-dir':
dir_name = dirent_name_list[0].strip('/')
full_dir_path = posixpath.join(parent_dir, dir_name)
dir_id = seafile_api.get_dir_id_by_path(repo_id, full_dir_path)
if not dir_id:
error_msg = 'Folder %s not found.' % full_dir_path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dir_size = seafile_api.get_dir_size(repo.store_id, repo.version,
dir_id)
if dir_size > seaserv.MAX_DOWNLOAD_DIR_SIZE:
error_msg = 'Unable to download directory "%s": size is too large.' % dir_name
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
fake_obj_id = {
'obj_id': dir_id,
'dir_name': dir_name,
'is_windows': is_windows
}
if download_type == 'download-multi':
dirent_list = []
total_size = 0
for dirent_name in dirent_name_list:
dirent_name = dirent_name.strip('/')
dirent_list.append(dirent_name)
full_dirent_path = posixpath.join(parent_dir, dirent_name)
current_dirent = seafile_api.get_dirent_by_path(
repo_id, full_dirent_path)
if not current_dirent:
continue
if stat.S_ISDIR(current_dirent.mode):
total_size += seafile_api.get_dir_size(
repo.store_id, repo.version, current_dirent.obj_id)
else:
total_size += current_dirent.size
if total_size > seaserv.MAX_DOWNLOAD_DIR_SIZE:
error_msg = _('Total size exceeds limit.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
fake_obj_id = {
'parent_dir': parent_dir,
'file_list': dirent_list,
'is_windows': is_windows
}
username = request.user.username
try:
zip_token = seafile_api.get_fileserver_access_token(
repo_id,
json.dumps(fake_obj_id),
download_type,
username,
use_onetime=settings.FILESERVER_TOKEN_ONCE_ONLY)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not zip_token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if len(dirent_name_list) > 10:
send_file_access_msg(request, repo, parent_dir, 'web')
else:
for dirent_name in dirent_name_list:
full_dirent_path = posixpath.join(parent_dir, dirent_name)
send_file_access_msg(request, repo, full_dirent_path, 'web')
return Response({'zip_token': zip_token})
def post(self, request, format=None):
""" Only used for download dirents in a folder share link.
Permission checking:
1, If enable SHARE_LINK_LOGIN_REQUIRED, user must have been authenticated.
2, If enable ENABLE_SHARE_LINK_AUDIT, user must have been authenticated, or have been audited.
3, If share link is encrypted, share link password must have been checked.
"""
# argument check
share_link_token = request.data.get('token', None)
if not share_link_token:
error_msg = 'share_link_token invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
parent_dir = request.data.get('parent_dir', '/')
if not parent_dir:
error_msg = 'parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dirent_name_list = request.data.get('dirents', None)
if not dirent_name_list:
error_msg = 'dirent_name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
try:
share_link= FileShare.objects.get(token=share_link_token)
except FileShare.DoesNotExist:
error_msg = 'Share link %s not found.' % share_link_token
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if share_link.s_type != 'd':
error_msg = 'Share link %s is not a folder share link.' % share_link_token
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
repo_id = share_link.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
full_parent_dir = posixpath.join(normalize_dir_path(share_link.path),
parent_dir.strip('/'))
full_parent_dir = normalize_dir_path(full_parent_dir)
dir_id = seafile_api.get_dir_id_by_path(repo_id, full_parent_dir)
if not dir_id:
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
# check if login required
if SHARE_LINK_LOGIN_REQUIRED and \
not request.user.is_authenticated():
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check share link audit
if is_pro_version() and ENABLE_SHARE_LINK_AUDIT and \
not request.user.is_authenticated() and \
not request.session.get('anonymous_email'):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check share link password
if share_link.is_encrypted() and not check_share_link_access(request,
share_link_token):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check if has download permission for share link creator
if not parse_repo_perm(seafile_api.check_permission_by_path(
repo_id, full_parent_dir, share_link.username)).can_download:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check if share link has download permission
if not share_link.get_permissions()['can_download']:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# get file server access token
is_windows = 0
if is_windows_operating_system(request):
is_windows = 1
dirent_list = []
total_size = 0
for dirent_name in dirent_name_list:
dirent_name = dirent_name.strip('/')
full_dirent_path = posixpath.join(full_parent_dir, dirent_name)
current_dirent = seafile_api.get_dirent_by_path(repo_id, full_dirent_path)
if not current_dirent:
continue
if stat.S_ISDIR(current_dirent.mode):
total_size += seafile_api.get_dir_size(repo.store_id,
repo.version, current_dirent.obj_id)
else:
total_size += current_dirent.size
dirent_list.append(dirent_name)
if total_size > seaserv.MAX_DOWNLOAD_DIR_SIZE:
error_msg = _('Total size exceeds limit.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dirent_list:
error_msg = 'No valid dirent.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
fake_obj_id = {
'parent_dir': full_parent_dir,
'file_list': dirent_list,
'is_windows': is_windows
}
try:
zip_token = seafile_api.get_fileserver_access_token(
repo_id, json.dumps(fake_obj_id), 'download-multi', '',
use_onetime=settings.FILESERVER_TOKEN_ONCE_ONLY)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not zip_token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'zip_token': zip_token})
def get(self, request, format=None):
""" Only used for download dir when view dir share link from web.
Permission checking:
1. authenticated user OR anonymous user has passed email code check(if necessary);
"""
# permission check
if is_pro_version() and settings.ENABLE_SHARE_LINK_AUDIT:
if not request.user.is_authenticated() and \
not request.session.get('anonymous_email'):
# if anonymous user has passed email code check,
# then his/her email info will be in session.
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# argument check
share_link_token = request.GET.get('share_link_token', None)
if not share_link_token:
error_msg = 'share_link_token invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
req_path = request.GET.get('path', None)
if not req_path:
error_msg = 'path invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
fileshare = FileShare.objects.get_valid_dir_link_by_token(share_link_token)
if not fileshare:
error_msg = 'share_link_token %s not found.' % share_link_token
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if req_path[-1] != '/':
req_path += '/'
if req_path == '/':
real_path = fileshare.path
else:
real_path = posixpath.join(fileshare.path, req_path.lstrip('/'))
if real_path[-1] != '/':
real_path += '/'
repo_id = fileshare.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dir_id = seafile_api.get_dir_id_by_path(repo_id, real_path)
if not dir_id:
error_msg = 'Folder %s not found.' % real_path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if parse_repo_perm(seafile_api.check_permission_by_path(
repo_id, '/', fileshare.username)).can_download is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# get file server access token
dir_name = repo.name if real_path == '/' else \
os.path.basename(real_path.rstrip('/'))
dir_size = seafile_api.get_dir_size(
repo.store_id, repo.version, dir_id)
if dir_size > seaserv.MAX_DOWNLOAD_DIR_SIZE:
error_msg = _('Unable to download directory "%s": size is too large.') % dir_name
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
is_windows = 0
if is_windows_operating_system(request):
is_windows = 1
fake_obj_id = {
'obj_id': dir_id,
'dir_name': dir_name,
'is_windows': is_windows
}
try:
zip_token = seafile_api.get_fileserver_access_token(
repo_id, json.dumps(fake_obj_id), 'download-dir-link',
fileshare.username, use_onetime=settings.FILESERVER_TOKEN_ONCE_ONLY
)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not zip_token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if request.session.get('anonymous_email'):
request.user.username = request.session.get('anonymous_email')
send_file_access_msg(request, repo, real_path, 'share-link')
return Response({'zip_token': zip_token})
class FileView(APIView):
"""
Support uniform interface for file related operations,
including create/delete/rename/view, etc.
"""
authentication_classes = (TokenAuthentication, SessionAuthentication)
permission_classes = (IsAuthenticated, )
throttle_classes = (UserRateThrottle, )
def get_file_info(self, username, repo_id, file_path):
repo = seafile_api.get_repo(repo_id)
file_obj = seafile_api.get_dirent_by_path(repo_id, file_path)
file_name = file_obj.obj_name
file_size = file_obj.size
can_preview, error_msg = can_preview_file(file_name, file_size, repo)
can_edit, error_msg = can_edit_file(file_name, file_size, repo)
try:
is_locked, locked_by_me = check_file_lock(repo_id, file_path, username)
except Exception as e:
logger.error(e)
is_locked = False
file_info = {
'type': 'file',
'repo_id': repo_id,
'parent_dir': os.path.dirname(file_path),
'obj_name': file_name,
'obj_id': file_obj.obj_id,
'size': file_size,
'mtime': timestamp_to_isoformat_timestr(file_obj.mtime),
'is_locked': is_locked,
'can_preview': can_preview,
'can_edit': can_edit,
}
return file_info
def get(self, request, repo_id, format=None):
""" Get file info.
Permission checking:
1. user with either 'r' or 'rw' permission.
"""
# argument check
path = request.GET.get('p', None)
if not path:
error_msg = 'p invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
file_id = seafile_api.get_file_id_by_path(repo_id, path)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not file_id:
error_msg = 'File %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
parent_dir = os.path.dirname(path)
if check_folder_permission(request, repo_id, parent_dir) is None:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
file_info = self.get_file_info(request.user.username, repo_id, path)
return Response(file_info)
def post(self, request, repo_id, format=None):
""" Create, rename, move, copy, revert file
Permission checking:
1. create: user with 'rw' permission for current parent dir;
2. rename: user with 'rw' permission for current file;
3. move : user with 'rw' permission for current file, 'rw' permission for dst parent dir;
4. copy : user with 'r' permission for current file, 'rw' permission for dst parent dir;
4. revert: user with 'rw' permission for current file's parent dir;
"""
# argument check
path = request.GET.get('p', None)
if not path:
error_msg = 'p invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
path = normalize_file_path(path)
operation = request.data.get('operation', None)
if not operation:
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
operation = operation.lower()
if operation not in ('create', 'rename', 'move', 'copy', 'revert'):
error_msg = "operation can only be 'create', 'rename', 'move', 'copy' or 'revert'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
username = request.user.username
parent_dir = os.path.dirname(path)
if operation == 'create':
# resource check
try:
parent_dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not parent_dir_id:
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if check_folder_permission(request, repo_id, parent_dir) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# create new empty file
new_file_name = os.path.basename(path)
if not is_valid_dirent_name(new_file_name):
return api_error(status.HTTP_400_BAD_REQUEST,
'name invalid.')
new_file_name = check_filename_with_rename(repo_id, parent_dir, new_file_name)
try:
seafile_api.post_empty_file(repo_id, parent_dir, new_file_name, username)
except SearpcError, e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# update office file by template
if new_file_name.endswith('.xlsx'):
empty_file_path = os.path.join(OFFICE_TEMPLATE_ROOT, 'empty.xlsx')
elif new_file_name.endswith('.pptx'):
empty_file_path = os.path.join(OFFICE_TEMPLATE_ROOT, 'empty.pptx')
elif new_file_name.endswith('.docx'):
empty_file_path = os.path.join(OFFICE_TEMPLATE_ROOT, 'empty.docx')
else:
empty_file_path = ''
if empty_file_path:
# get file server update url
update_token = seafile_api.get_fileserver_access_token(
repo_id, 'dummy', 'update', username)
if not update_token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
update_url = gen_inner_file_upload_url('update-api', update_token)
# update file
new_file_path = posixpath.join(parent_dir, new_file_name)
try:
requests.post(
update_url,
data={'filename': new_file_name, 'target_file': new_file_path},
files={'file': open(empty_file_path, 'rb')}
)
except Exception as e:
logger.error(e)
new_file_path = posixpath.join(parent_dir, new_file_name)
file_info = self.get_file_info(username, repo_id, new_file_path)
return Response(file_info)
if operation == 'rename':
# argument check
new_file_name = request.data.get('newname', None)
if not new_file_name:
error_msg = 'newname invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not is_valid_dirent_name(new_file_name):
return api_error(status.HTTP_400_BAD_REQUEST,
'name invalid.')
if len(new_file_name) > MAX_UPLOAD_FILE_NAME_LEN:
error_msg = 'newname is too long.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
oldname = os.path.basename(path)
if oldname == new_file_name:
error_msg = 'The new name is the same to the old'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
try:
file_id = seafile_api.get_file_id_by_path(repo_id, path)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not file_id:
error_msg = 'File %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if check_folder_permission(request, repo_id, parent_dir) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check file lock
try:
is_locked, locked_by_me = check_file_lock(repo_id, path, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if is_locked and not locked_by_me:
error_msg = _("File is locked")
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# rename file
new_file_name = check_filename_with_rename(repo_id, parent_dir,
new_file_name)
try:
seafile_api.rename_file(repo_id, parent_dir, oldname,
new_file_name, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_file_path = posixpath.join(parent_dir, new_file_name)
# rename draft file
filetype, fileext = get_file_type_and_ext(new_file_name)
if filetype == MARKDOWN or filetype == TEXT:
is_draft, review_id, draft_id = is_draft_file(repo.id, path)
if is_draft:
try:
draft = Draft.objects.get(pk=draft_id)
draft.draft_file_path = new_file_path
draft.save()
except Draft.DoesNotExist:
pass
if review_id is not None:
try:
review = DraftReview.objects.get(pk=review_id, draft_id=draft)
review.draft_file_path = new_file_path
review.save()
except DraftReview.DoesNotExist:
pass
file_info = self.get_file_info(username, repo_id, new_file_path)
return Response(file_info)
if operation == 'move':
# argument check
dst_repo_id = request.data.get('dst_repo', None)
dst_dir = request.data.get('dst_dir', None)
if not dst_repo_id:
error_msg = 'dst_repo invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dst_dir:
error_msg = 'dst_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dst_dir = normalize_dir_path(dst_dir)
# resource check for source file
try:
file_id = seafile_api.get_file_id_by_path(repo_id, path)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not file_id:
error_msg = 'File %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# resource check for dst repo and dir
dst_repo = seafile_api.get_repo(dst_repo_id)
if not dst_repo:
error_msg = 'Library %s not found.' % dst_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dst_dir_id = seafile_api.get_dir_id_by_path(dst_repo_id, dst_dir)
if not dst_dir_id:
error_msg = 'Folder %s not found.' % dst_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check for source file
src_repo_id = repo_id
src_dir = os.path.dirname(path)
if check_folder_permission(request, src_repo_id, src_dir) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# permission check for dst dir
if check_folder_permission(request, dst_repo_id, dst_dir) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check file lock
try:
is_locked, locked_by_me = check_file_lock(repo_id, path, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if is_locked and not locked_by_me:
error_msg = _("File is locked")
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# move file
if src_repo_id == dst_repo_id and src_dir == dst_dir:
file_info = self.get_file_info(username, repo_id, path)
return Response(file_info)
filename = os.path.basename(path)
new_file_name = check_filename_with_rename(dst_repo_id, dst_dir, filename)
try:
seafile_api.move_file(src_repo_id, src_dir, filename,
dst_repo_id, dst_dir, new_file_name, replace=False,
username=username, need_progress=0, synchronous=1)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
dst_file_path = posixpath.join(dst_dir, new_file_name)
dst_file_info = self.get_file_info(username, dst_repo_id, dst_file_path)
return Response(dst_file_info)
if operation == 'copy':
# argument check
dst_repo_id = request.data.get('dst_repo', None)
dst_dir = request.data.get('dst_dir', None)
if not dst_repo_id:
error_msg = 'dst_repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not dst_dir:
error_msg = 'dst_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dst_dir = normalize_dir_path(dst_dir)
# resource check for source file
try:
file_id = seafile_api.get_file_id_by_path(repo_id, path)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not file_id:
error_msg = 'File %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# resource check for dst repo and dir
dst_repo = seafile_api.get_repo(dst_repo_id)
if not dst_repo:
error_msg = 'Library %s not found.' % dst_repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dst_dir_id = seafile_api.get_dir_id_by_path(dst_repo_id, dst_dir)
if not dst_dir_id:
error_msg = 'Folder %s not found.' % dst_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check for source file
src_repo_id = repo_id
src_dir = os.path.dirname(path)
if parse_repo_perm(check_folder_permission(
request, src_repo_id, src_dir)).can_copy is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# permission check for dst dir
if check_folder_permission(request, dst_repo_id, dst_dir) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
filename = os.path.basename(path)
new_file_name = check_filename_with_rename(dst_repo_id, dst_dir, filename)
try:
seafile_api.copy_file(src_repo_id, src_dir, filename, dst_repo_id,
dst_dir, new_file_name, username, 0, synchronous=1)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
dst_file_path = posixpath.join(dst_dir, new_file_name)
dst_file_info = self.get_file_info(username, dst_repo_id, dst_file_path)
return Response(dst_file_info)
if operation == 'revert':
commit_id = request.data.get('commit_id', None)
if not commit_id:
error_msg = 'commit_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if seafile_api.get_file_id_by_path(repo_id, path):
# file exists in repo
if check_folder_permission(request, repo_id, parent_dir) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check file lock
try:
is_locked, locked_by_me = check_file_lock(repo_id, path, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if is_locked and not locked_by_me:
error_msg = _("File is locked")
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
# file NOT exists in repo
if check_folder_permission(request, repo_id, '/') != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
seafile_api.revert_file(repo_id, commit_id, path, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def file_revisions(request, repo_id):
"""List file revisions in file version history page.
"""
repo = get_repo(repo_id)
if not repo:
error_msg = _(u"Library does not exist")
return render_error(request, error_msg)
# perm check
if not check_folder_permission(request, repo_id, '/'):
error_msg = _(u"Permission denied.")
return render_error(request, error_msg)
path = request.GET.get('p', '/')
if not path:
return render_error(request)
if path[-1] == '/':
path = path[:-1]
u_filename = os.path.basename(path)
filetype, file_ext = [x.lower() for x in get_file_type_and_ext(u_filename)]
if filetype == 'text' or filetype == 'markdown':
can_compare = True
else:
can_compare = False
# Check whether user is repo owner
if validate_owner(request, repo_id):
is_owner = True
else:
is_owner = False
zipped = gen_path_link(path, repo.name)
can_revert_file = True
username = request.user.username
try:
is_locked, locked_by_me = check_file_lock(repo_id, path, username)
except Exception as e:
logger.error(e)
is_locked, locked_by_me = False, False
repo_perm = seafile_api.check_permission_by_path(repo_id, path, username)
if repo_perm != 'rw' or (is_locked and not locked_by_me):
can_revert_file = False
# for 'go back'
referer = request.GET.get('referer', '')
# Whether use new file revisions page which read file history from db.
if request.GET.get('_new', None) is not None:
if request.GET.get('_new') == '0':
use_new_page = False
else:
use_new_page = True
else:
new_file_history_suffix = ['txt', 'md'] # TODO: read from seafevents
use_new_page = True if file_ext in new_file_history_suffix else False
if use_new_page:
return render(request, 'file_revisions_new.html', {
'repo': repo,
'path': path,
'u_filename': u_filename,
'zipped': zipped,
'is_owner': is_owner,
'can_compare': can_compare,
'can_revert_file': can_revert_file,
'referer': referer,
})
return render(request, 'file_revisions.html', {
'repo': repo,
'path': path,
'u_filename': u_filename,
'zipped': zipped,
'is_owner': is_owner,
'can_compare': can_compare,
'can_revert_file': can_revert_file,
'can_download_file': parse_repo_perm(repo_perm).can_download,
'referer': referer,
})
def file_revisions(request, repo_id):
"""List file revisions in file version history page.
"""
repo = get_repo(repo_id)
if not repo:
error_msg = _("Library does not exist")
return render_error(request, error_msg)
# perm check
if not check_folder_permission(request, repo_id, '/'):
error_msg = _("Permission denied.")
return render_error(request, error_msg)
path = request.GET.get('p', '/')
if not path:
return render_error(request)
if path[-1] == '/':
path = path[:-1]
u_filename = os.path.basename(path)
filetype, file_ext = [x.lower() for x in get_file_type_and_ext(u_filename)]
if filetype == 'text' or filetype == 'markdown':
can_compare = True
else:
can_compare = False
# Check whether user is repo owner
if validate_owner(request, repo_id):
is_owner = True
else:
is_owner = False
zipped = gen_path_link(path, repo.name)
can_revert_file = True
username = request.user.username
try:
is_locked, locked_by_me = check_file_lock(repo_id, path, username)
except Exception as e:
logger.error(e)
is_locked, locked_by_me = False, False
repo_perm = seafile_api.check_permission_by_path(repo_id, path, username)
if repo_perm != 'rw' or (is_locked and not locked_by_me):
can_revert_file = False
# Whether use new file history API which read file history from db.
suffix_list = seafevents_api.get_file_history_suffix()
if suffix_list and isinstance(suffix_list, list):
suffix_list = [x.lower() for x in suffix_list]
else:
suffix_list = []
use_new_api = True if file_ext in suffix_list else False
use_new_style = True if use_new_api and filetype == 'markdown' else False
if use_new_style:
return render(
request, 'file_revisions_new.html', {
'repo': repo,
'path': path,
'u_filename': u_filename,
'zipped': zipped,
'is_owner': is_owner,
'can_compare': can_compare,
'can_revert_file': can_revert_file,
})
return render(
request, 'file_revisions_old.html', {
'repo': repo,
'path': path,
'u_filename': u_filename,
'zipped': zipped,
'is_owner': is_owner,
'can_compare': can_compare,
'can_revert_file': can_revert_file,
'can_download_file': parse_repo_perm(repo_perm).can_download,
'use_new_api': use_new_api,
})
def get(self, request, format=None):
""" Only used for download dir when view dir share link from web.
Permission checking:
1. authenticated user OR anonymous user has passed email code check(if necessary);
"""
# permission check
if is_pro_version() and settings.ENABLE_SHARE_LINK_AUDIT:
if not request.user.is_authenticated() and \
not request.session.get('anonymous_email'):
# if anonymous user has passed email code check,
# then his/her email info will be in session.
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# argument check
share_link_token = request.GET.get('share_link_token', None)
if not share_link_token:
error_msg = 'share_link_token invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
req_path = request.GET.get('path', None)
if not req_path:
error_msg = 'path invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
fileshare = FileShare.objects.get_valid_dir_link_by_token(share_link_token)
if not fileshare:
error_msg = 'share_link_token %s not found.' % share_link_token
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if req_path[-1] != '/':
req_path += '/'
if req_path == '/':
real_path = fileshare.path
else:
real_path = posixpath.join(fileshare.path, req_path.lstrip('/'))
if real_path[-1] != '/':
real_path += '/'
repo_id = fileshare.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dir_id = seafile_api.get_dir_id_by_path(repo_id, real_path)
if not dir_id:
error_msg = 'Folder %s not found.' % real_path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if parse_repo_perm(seafile_api.check_permission_by_path(
repo_id, '/', fileshare.username)).can_download is False:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# get file server access token
dir_name = repo.name if real_path == '/' else \
os.path.basename(real_path.rstrip('/'))
dir_size = seafile_api.get_dir_size(
repo.store_id, repo.version, dir_id)
if dir_size > seaserv.MAX_DOWNLOAD_DIR_SIZE:
error_msg = _('Unable to download directory "%s": size is too large.') % dir_name
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
is_windows = 0
if is_windows_operating_system(request):
is_windows = 1
fake_obj_id = {
'obj_id': dir_id,
'dir_name': dir_name,
'is_windows': is_windows
}
try:
zip_token = seafile_api.get_fileserver_access_token(
repo_id, json.dumps(fake_obj_id), 'download-dir-link',
fileshare.username, use_onetime=settings.FILESERVER_TOKEN_ONCE_ONLY
)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not zip_token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if request.session.get('anonymous_email'):
request.user.username = request.session.get('anonymous_email')
send_file_access_msg(request, repo, real_path, 'share-link')
return Response({'zip_token': zip_token})
