def _decorated(view, request, org_id, email): # argument check org_id = int(org_id) if org_id == 0: error_msg = 'org_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: org = ccnet_api.get_org_by_id(org_id) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # resource check if not org: error_msg = 'Organization %d not found.' % org_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not is_org_user(email, org_id): error_msg = 'User %s is not member of organization %s.' \ % (email, org.org_name) return api_error(status.HTTP_400_BAD_REQUEST, error_msg) return func(view, request, org_id, email)
def _decorated(view, request, org_id, email): # argument check org_id = int(org_id) if org_id == 0: error_msg = 'org_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: org = ccnet_api.get_org_by_id(org_id) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # resource check if not org: error_msg = 'Organization %d not found.' % org_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not is_org_user(email, org_id): error_msg = 'User %s is not member of organization %s.' \ % (email, org.org_name) return api_error(status.HTTP_400_BAD_REQUEST, error_msg) return func(view, request, org_id, email)
def post(self, request, group_id): """ Add a group member. """ username = request.user.username # only group owner/admin can add a group member if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) email = request.data.get('email', None) try: User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: if is_group_member(group_id, email): error_msg = _('User %s is already a group member.' ) % email2nickname(email) return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if is_org_context(request): org_id = request.user.org.org_id if not ccnet_api.org_user_exists(org_id, email): error_msg = _('User %s not found in organization.' ) % email2nickname(email) return api_error(status.HTTP_404_NOT_FOUND, error_msg) elif is_org_user(email): error_msg = _('User %s is an organization user.') % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) ccnet_api.group_add_member(group_id, username, email) add_user_to_group.send(sender=None, group_staff=username, group_id=group_id, added_user=email) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) member_info = get_group_member_info(request, group_id, email) return Response(member_info, status=status.HTTP_201_CREATED)
def search_user_with_exact_match(request, q): """ Return 10 items at most. """ email_list = [] username = request.user.username current_user = User.objects.get(email=username) if is_valid_email(q) and current_user.role.lower() != 'guest': # if `q` is a valid email and current is not a guest user email_list.append(q) # get user whose `contact_email` is `q` users = Profile.objects.filter(contact_email=q).values('user') for user in users: if not is_org_user(user['user']): email_list.append(user['user']) return email_list
def put(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) if repo.encrypted and path != '/': return api_error(status.HTTP_400_BAD_REQUEST, 'Folder invalid.') share_type = request.data.get('share_type') if share_type != 'user' and share_type != 'group': return api_error(status.HTTP_400_BAD_REQUEST, 'share_type invalid.') repo_owner = self.get_repo_owner(request, repo_id) if repo_owner != username and not is_repo_admin(username, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') permission = request.data.get('permission', PERMISSION_READ) if permission not in get_available_repo_perms(): return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.') result = {} result['failed'] = [] result['success'] = [] if share_type == 'user': share_to_users = request.data.getlist('username') for to_user in share_to_users: if not is_valid_username(to_user): result['failed'].append({ 'email': to_user, 'error_msg': _('username invalid.') }) continue try: User.objects.get(email=to_user) except User.DoesNotExist: result['failed'].append({ 'email': to_user, 'error_msg': _('User %s not found.') % to_user }) continue if self.has_shared_to_user(request, repo_id, path, to_user): result['failed'].append({ 'email': to_user, 'error_msg': _('This item has been shared to %s.') % email2nickname(to_user) }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id if not is_org_user(to_user, int(org_id)): org_name = request.user.org.org_name error_msg = 'User %s is not member of organization %s.' \ % (to_user, org_name) result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue # when calling seafile API to share authority related functions, change the uesrname to repo owner. repo_owner = seafile_api.get_org_repo_owner(repo_id) # can't share to owner if to_user == repo_owner: error_msg = "Library can not be shared to owner" return api_error(status.HTTP_400_BAD_REQUEST, error_msg) share_dir_to_user(repo, path, repo_owner, username, to_user, permission, org_id) else: if is_org_user(to_user): error_msg = 'User %s is a member of organization.' % to_user result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue repo_owner = seafile_api.get_repo_owner(repo_id) # can't share to owner if to_user == repo_owner: error_msg = "Library can not be shared to owner" return api_error(status.HTTP_400_BAD_REQUEST, error_msg) share_dir_to_user(repo, path, repo_owner, username, to_user, permission, None) avatar_url, is_default, date_uploaded = api_avatar_url( to_user, 72) result['success'].append({ "share_type": "user", "user_info": { "name": to_user, "nickname": email2nickname(to_user), "contact_email": email2contact_email(to_user), "avatar_url": avatar_url, }, "permission": PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission, "is_admin": permission == PERMISSION_ADMIN }) # send a signal when sharing repo successful share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=repo, path=path, org_id=org_id) send_perm_audit_msg('add-repo-perm', username, to_user, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'email': to_user, 'error_msg': 'Internal Server Error' }) continue if share_type == 'group': group_ids = request.data.getlist('group_id') for gid in group_ids: try: gid = int(gid) except ValueError: result['failed'].append( {'error_msg': 'group_id %s invalid.' % gid}) continue group = ccnet_api.get_group(gid) if not group: result['failed'].append( {'error_msg': 'Group %s not found' % gid}) continue if not config.ENABLE_SHARE_TO_ALL_GROUPS and \ not is_group_member(gid, username): result['failed'].append({ 'group_name': group.group_name, 'error_msg': 'Permission denied.' }) continue if self.has_shared_to_group(request, repo_id, path, gid): result['failed'].append({ 'group_name': group.group_name, 'error_msg': _('This item has been shared to %s.') % group.group_name }) continue try: org_id = None if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. repo_owner = seafile_api.get_org_repo_owner(repo_id) org_id = request.user.org.org_id share_dir_to_group(repo, path, repo_owner, username, gid, permission, org_id) else: repo_owner = seafile_api.get_repo_owner(repo_id) share_dir_to_group(repo, path, repo_owner, username, gid, permission, None) result['success'].append({ "share_type": "group", "group_info": { "id": gid, "name": group.group_name, }, "permission": PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission, "is_admin": permission == PERMISSION_ADMIN }) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=repo, path=path, org_id=org_id) send_perm_audit_msg('add-repo-perm', username, gid, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'group_name': group.group_name, 'error_msg': 'Internal Server Error' }) continue return HttpResponse(json.dumps(result), status=200, content_type=json_content_type)
def put(self, request, org_id, email): """ update name of an org user. Permission checking: 1. only admin can perform this action. """ # resource check org_id = int(org_id) if not ccnet_api.get_org_by_id(org_id): error_msg = 'Organization %s not found.' % org_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: user = User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check if not request.user.org.is_staff: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if request.user.org.org_id != org_id: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not is_org_user(email, org_id): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # update user's name name = request.data.get("name", None) if name is not None: name = name.strip() if len(name) > 64: error_msg = 'Name is too long (maximum is 64 characters).' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if "/" in name: error_msg = "Name should not include '/'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: Profile.objects.add_or_update(email, nickname=name) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # update user's contact email contact_email = request.data.get("contact_email", None) if contact_email is not None: contact_email = contact_email.strip() if contact_email != '' and not is_valid_email(contact_email): error_msg = 'contact_email invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: Profile.objects.add_or_update(email, contact_email=contact_email) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) info = get_user_info(email) info['is_active'] = user.is_active return Response(info)
def post(self, request, group_id): """ Import members from xlsx file Permission checking: 1. group admin or owner. """ xlsx_file = request.FILES.get('file', None) if not xlsx_file: error_msg = 'file can not be found.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) file_type, ext = get_file_type_and_ext(xlsx_file.name) if ext != 'xlsx': error_msg = file_type_error_msg(ext, 'xlsx') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # recourse check group_id = int(group_id) group = ccnet_api.get_group(group_id) if not group: error_msg = _('Group does not exist') return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check permission # only group owner/admin can add group members username = request.user.username if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) content = xlsx_file.read() try: fs = BytesIO(content) wb = load_workbook(filename=fs, read_only=True) except Exception as e: logger.error(e) # example file is like: # Email # [email protected] # [email protected] rows = wb.worksheets[0].rows records = [] # skip first row(head field). next(rows) for row in rows: records.append([col.value for col in row]) emails_list = [] for record in records: if record[0]: email = record[0].strip().lower() emails_list.append(email) result = {} result['failed'] = [] result['success'] = [] emails_need_add = [] org_id = None if is_org_context(request): org_id = request.user.org.org_id for email in emails_list: email_name = email2nickname(email) try: User.objects.get(email=email) except User.DoesNotExist: result['failed'].append({ 'email': email, 'email_name': email_name, 'error_msg': 'User %s not found.' % email_name }) continue if is_group_member(group_id, email, in_structure=False): result['failed'].append({ 'email': email, 'email_name': email_name, 'error_msg': _('User %s is already a group member.') % email_name }) continue # Can only invite organization users to group if org_id and not ccnet_api.org_user_exists(org_id, email): result['failed'].append({ 'email': email, 'email_name': email_name, 'error_msg': _('User %s not found in organization.') % email_name }) continue if not org_id and is_org_user(email): result['failed'].append({ 'email': email, 'email_name': email_name, 'error_msg': _('User %s is an organization user.') % email_name }) continue emails_need_add.append(email) # Add user to group. for email in emails_need_add: try: ccnet_api.group_add_member(group_id, username, email) member_info = get_group_member_info(request, group_id, email) result['success'].append(member_info) except SearpcError as e: logger.error(e) result['failed'].append({ 'email': email, 'error_msg': 'Internal Server Error' }) add_user_to_group.send(sender=None, group_staff=username, group_id=group_id, added_user=email) return Response(result)
def post(self, request, group_id): """ Bulk add group members. """ username = request.user.username try: if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) emails_str = request.data.get('emails', '') emails_list = string2list(emails_str) emails_list = [x.lower() for x in emails_list] result = {} result['failed'] = [] result['success'] = [] emails_need_add = [] org_id = None if is_org_context(request): org_id = request.user.org.org_id for email in emails_list: email_name = email2nickname(email) try: User.objects.get(email=email) except User.DoesNotExist: result['failed'].append({ 'email': email, 'email_name': email_name, 'error_msg': 'User %s not found.' % email_name }) continue if is_group_member(group_id, email, in_structure=False): result['failed'].append({ 'email': email, 'email_name': email_name, 'error_msg': _('User %s is already a group member.') % email_name }) continue # Can only invite organization users to group if org_id and not ccnet_api.org_user_exists(org_id, email): result['failed'].append({ 'email': email, 'email_name': email_name, 'error_msg': _('User %s not found in organization.') % email_name }) continue if not org_id and is_org_user(email): result['failed'].append({ 'email': email, 'email_name': email_name, 'error_msg': _('User %s is an organization user.') % email_name }) continue emails_need_add.append(email) # Add user to group. for email in emails_need_add: try: ccnet_api.group_add_member(group_id, username, email) member_info = get_group_member_info(request, group_id, email) result['success'].append(member_info) except SearpcError as e: logger.error(e) result['failed'].append({ 'email': email, 'error_msg': 'Internal Server Error' }) add_user_to_group.send(sender=None, group_staff=username, group_id=group_id, added_user=email) return Response(result)
def put(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) share_type = request.data.get('share_type') if share_type != 'user' and share_type != 'group': return api_error(status.HTTP_400_BAD_REQUEST, 'share_type invalid.') if share_type == 'user': if username != self.get_repo_owner(request, repo_id) and \ ExtraSharePermission.objects.get_user_permission(repo_id, username) != PERMISSION_ADMIN: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') else: if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') permission = request.data.get('permission', PERMISSION_READ) if permission not in [ PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN ]: return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.') result = {} result['failed'] = [] result['success'] = [] if share_type == 'user': share_to_users = request.data.getlist('username') for to_user in share_to_users: if not is_valid_username(to_user): result['failed'].append({ 'email': to_user, 'error_msg': _(u'username invalid.') }) continue try: User.objects.get(email=to_user) except User.DoesNotExist: result['failed'].append({ 'email': to_user, 'error_msg': _(u'User %s not found.') % to_user }) continue if self.has_shared_to_user(request, repo_id, path, to_user): result['failed'].append({ 'email': to_user, 'error_msg': _(u'This item has been shared to %s.') % to_user }) continue try: extra_share_permission = '' if permission == PERMISSION_ADMIN: extra_share_permission = permission permission = PERMISSION_READ_WRITE if is_org_context(request): username = seafile_api.get_org_repo_owner(repo_id) org_id = request.user.org.org_id if not is_org_user(to_user, int(org_id)): org_name = request.user.org.org_name error_msg = 'User %s is not member of organization %s.' \ % (to_user, org_name) result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue if path == '/': seaserv.seafserv_threaded_rpc.org_add_share( org_id, repo_id, username, to_user, permission) else: sub_repo_id = seafile_api.org_share_subdir_to_user( org_id, repo_id, path, username, to_user, permission) else: if is_org_user(to_user): error_msg = 'User %s is a member of organization.' % to_user result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue username = seafile_api.get_repo_owner(repo_id) if path == '/': seafile_api.share_repo(repo_id, username, to_user, permission) else: sub_repo_id = seafile_api.share_subdir_to_user( repo_id, path, username, to_user, permission) if path == '/' and extra_share_permission == PERMISSION_ADMIN: ExtraSharePermission.objects.create_share_permission( repo_id, to_user, extra_share_permission) # send a signal when sharing repo successful if path == '/': share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=repo) else: sub_repo = seafile_api.get_repo(sub_repo_id) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=sub_repo) result['success'].append({ "share_type": "user", "user_info": { "name": to_user, "nickname": email2nickname(to_user), }, "permission": permission, "is_admin": extra_share_permission == PERMISSION_ADMIN }) send_perm_audit_msg('add-repo-perm', username, to_user, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'email': to_user, 'error_msg': 'Internal Server Error' }) continue if share_type == 'group': group_ids = request.data.getlist('group_id') for gid in group_ids: try: gid = int(gid) except ValueError: result['failed'].append( {'error_msg': _(u'group_id %s invalid.') % gid}) continue group = ccnet_api.get_group(gid) if not group: result['failed'].append( {'error_msg': _(u'Group %s not found') % gid}) continue if not config.ENABLE_SHARE_TO_ALL_GROUPS and \ not ccnet_api.is_group_user(gid, username): result['failed'].append({ 'group_name': group.group_name, 'error_msg': _(u'Permission denied.') }) continue if self.has_shared_to_group(request, repo_id, path, gid): result['failed'].append({ 'group_name': group.group_name, 'error_msg': _(u'This item has been shared to %s.') % group.group_name }) continue try: if is_org_context(request): org_id = request.user.org.org_id if path == '/': seafile_api.add_org_group_repo( repo_id, org_id, gid, username, permission) else: sub_repo_id = seafile_api.org_share_subdir_to_group( org_id, repo_id, path, username, gid, permission) else: if path == '/': seafile_api.set_group_repo(repo_id, gid, username, permission) else: sub_repo_id = seafile_api.share_subdir_to_group( repo_id, path, username, gid, permission) if path == '/': share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=repo) else: sub_repo = seafile_api.get_repo(sub_repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=sub_repo) result['success'].append({ "share_type": "group", "group_info": { "id": gid, "name": group.group_name, }, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, gid, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'group_name': group.group_name, 'error_msg': 'Internal Server Error' }) continue return HttpResponse(json.dumps(result), status=200, content_type=json_content_type)
def put(self, request, org_id, email): """ update name of an org user. Permission checking: 1. only admin can perform this action. """ # resource check org_id = int(org_id) if not ccnet_api.get_org_by_id(org_id): error_msg = 'Organization %s not found.' % org_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: user = User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check if not is_org_user(email, org_id): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # update user's name name = request.data.get("name", None) if name is not None: name = name.strip() if len(name) > 64: error_msg = 'Name is too long (maximum is 64 characters).' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if "/" in name: error_msg = "Name should not include '/'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: Profile.objects.add_or_update(email, nickname=name) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # update user's contact email contact_email = request.data.get("contact_email", None) if contact_email is not None: contact_email = contact_email.strip() if contact_email != '' and not is_valid_email(contact_email): error_msg = 'contact_email invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: Profile.objects.add_or_update(email, contact_email=contact_email) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) is_staff = request.data.get("is_staff", None) if is_staff is not None: try: is_staff = to_python_boolean(is_staff) except ValueError: error_msg = 'is_staff invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if is_staff: if is_org_staff(org_id, user.username): error_msg = '%s is already organization staff.' % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) set_org_staff(org_id, user.username) if not is_staff: if not is_org_staff(org_id, user.username): error_msg = '%s is not organization staff.' % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) unset_org_staff(org_id, user.username) quota_total_mb = request.data.get("quota_total", None) if quota_total_mb: try: quota_total_mb = int(quota_total_mb) except ValueError: error_msg = "Must be an integer that is greater than or equal to 0." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if quota_total_mb < 0: error_msg = "Space quota is too low (minimum value is 0)." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) org_quota = seafile_api.get_org_quota(org_id) org_quota_mb = org_quota / get_file_size_unit('MB') # -1 means org has unlimited quota if org_quota > 0 and quota_total_mb > org_quota_mb: error_msg = _(u'Failed to set quota: maximum quota is %d MB' % org_quota_mb) return api_error(status.HTTP_400_BAD_REQUEST, error_msg) quota_total = int(quota_total_mb) * get_file_size_unit('MB') try: seafile_api.set_org_user_quota(org_id, email, quota_total) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) info = get_user_info(email, org_id) info['is_active'] = user.is_active info['id'] = user.id info['ctime'] = timestamp_to_isoformat_timestr(user.ctime) try: last_login = UserLastLogin.objects.get(username=user.email) info['last_login'] = datetime_to_isoformat_timestr( last_login.last_login) except UserLastLogin.DoesNotExist: info['last_login'] = None # these two fields are designed to be compatible with the old API info['self_usage'] = info.get('quota_usage') info['quota'] = info.get('quota_total') return Response(info)
def post(self, request, repo_id, org_id): """ Share repo to users. Permission checking: 1. is group admin """ # parameter check permission = request.data.get('permission', PERMISSION_READ) if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]: error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = request.data.get('path', '/') if not seafile_api.get_dir_id_by_path(repo_id, path): error_msg = 'Folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # share repo to user result = {} result['failed'] = [] result['success'] = [] share_to_users = request.data.getlist('username') for to_user in share_to_users: to_user = to_user.strip() if not is_valid_username(to_user): result['failed'].append({ 'email': to_user, 'error_msg': _(u'username invalid.') }) continue try: User.objects.get(email=to_user) except User.DoesNotExist: result['failed'].append({ 'email': to_user, 'error_msg': _(u'User %s not found.') % to_user }) continue if self.has_shared_to_user(request, repo_id, path, to_user): result['failed'].append({ 'email': to_user, 'error_msg': _(u'This item has been shared to %s.') % to_user }) continue if is_valid_org_id(org_id): if not is_org_user(to_user, org_id): org_name = request.user.org.org_name error_msg = 'User %s is not member of organization %s.' \ % (to_user, org_name) result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue else: if is_org_user(to_user): error_msg = 'User %s is a member of organization.' % to_user result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue share_dir_to_user(repo, path, repo_owner, username, to_user, permission, org_id) result['success'].append({ "user_email": to_user, "user_name": email2nickname(to_user), "user_contact_email": email2contact_email(to_user), "permission": permission, }) # send a signal when sharing repo successful share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=repo, path=path, org_id=org_id) send_perm_audit_msg('add-repo-perm', username, to_user, repo_id, path, permission) return Response(result)
def post(self, request, repo_id, org_id): """ Share repo to users. Permission checking: 1. is group admin """ # parameter check permission = request.data.get('permission', PERMISSION_READ) if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]: error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = request.data.get('path', '/') if not seafile_api.get_dir_id_by_path(repo_id, path): error_msg = 'Folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # share repo to user result = {} result['failed'] = [] result['success'] = [] share_to_users = request.data.getlist('username') for to_user in share_to_users: to_user = to_user.strip() if not is_valid_username(to_user): result['failed'].append({ 'email': to_user, 'error_msg': _(u'username invalid.') }) continue try: User.objects.get(email=to_user) except User.DoesNotExist: result['failed'].append({ 'email': to_user, 'error_msg': _(u'User %s not found.') % to_user }) continue if self.has_shared_to_user(request, repo_id, path, to_user): result['failed'].append({ 'email': to_user, 'error_msg': _(u'This item has been shared to %s.') % to_user }) continue if is_valid_org_id(org_id): if not is_org_user(to_user, org_id): org_name = request.user.org.org_name error_msg = 'User %s is not member of organization %s.' \ % (to_user, org_name) result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue else: if is_org_user(to_user): error_msg = 'User %s is a member of organization.' % to_user result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue share_dir_to_user(repo, path, repo_owner, username, to_user, permission, org_id) result['success'].append({ "user_email": to_user, "user_name": email2nickname(to_user), "user_contact_email": email2contact_email(to_user), "permission": permission, }) # send a signal when sharing repo successful share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=repo, path=path, org_id=org_id) send_perm_audit_msg('add-repo-perm', username, to_user, repo_id, path, permission) return Response(result)
def post(self, request, workspace_id, name): """share dtable to user """ from_user = request.user.username table_name = name table_file_name = table_name + FILE_TYPE # argument check permission = request.data.get('permission') if not permission or permission not in permission_tuple: error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) to_user = request.data.get('email') if not to_user or not is_valid_username(to_user): error_msg = 'email invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check try: user = User.objects.get(email=to_user) except User.DoesNotExist: error_msg = 'User %s not found.' % to_user return api_error(status.HTTP_404_NOT_FOUND, error_msg) workspace = Workspaces.objects.get_workspace_by_id(workspace_id) if not workspace: error_msg = 'Workspace %s not found.' % workspace_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) group_id = '' if '@seafile_group' in workspace.owner: group_id = workspace.owner.split('@')[0] group = seaserv.get_group(group_id) if not group: error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_id = workspace.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) dtable = DTables.objects.get_dtable(workspace, table_name) if not dtable: error_msg = 'dtable %s not found.' % table_name return api_error(status.HTTP_404_NOT_FOUND, error_msg) table_path = normalize_file_path(table_file_name) table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path) if not table_file_id: error_msg = 'file %s not found.' % table_file_name return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if group_id: if not is_group_member(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if is_group_member(group_id, to_user): error_msg = 'table %s can not be shared to group member.' % table_name return api_error(status.HTTP_400_BAD_REQUEST, error_msg) from_user = group_id + GROUP_DOMAIN else: if from_user != dtable.creator: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if from_user == to_user: error_msg = 'table %s can not be shared to owner.' % table_name return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # org check if is_org_context(request): org_id = request.user.org.org_id org_name = request.user.org.org_name if not is_org_user(to_user, org_id): error_msg = 'User %s is not member of organization %s.' % ( to_user, org_name) return api_error(status.HTTP_400_BAD_REQUEST, error_msg) else: if is_org_user(to_user): error_msg = 'User %s is a member of organization.' % to_user return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # main try: obj = DTableShare.objects.get_by_dtable_and_to_user( dtable, to_user) if obj: error_msg = 'table %s already shared to %s.' % (table_name, to_user) return api_error(status.HTTP_409_CONFLICT, error_msg) DTableShare.objects.add(dtable, from_user, to_user, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error.' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({"success": True}, status=status.HTTP_201_CREATED)