def get(self, request, workspace_id, name):
"""list dtable related users
"""
table_name = name
table_file_name = table_name + FILE_TYPE
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if '@seafile_group' in workspace.owner:
group_id = workspace.owner.split('@')[0]
group = seaserv.get_group(group_id)
if not group:
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
table_path = normalize_file_path(table_file_name)
table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path)
if not table_file_id:
error_msg = 'file %s not found.' % table_file_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner) and \
not check_dtable_share_permission(dtable, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# main
user_list = list()
try:
email_list = list_dtable_related_users(workspace, dtable)
for email in email_list:
user_info = get_user_common_info(email)
user_list.append(user_info)
except Exception as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error')
return Response({'user_list': user_list})
def get(self, request, workspace_id):
"""view table file, get table download link
Permission:
1. owner
2. group member
3. shared user
"""
# argument check
table_name = request.GET.get('name', None)
if not table_name:
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
reuse = request.GET.get('reuse', '0')
if reuse not in ('1', '0'):
error_msg = 'reuse invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
table_file_name = table_name + FILE_TYPE
table_path = normalize_file_path(table_file_name)
table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path)
if not table_file_id:
error_msg = 'file %s not found.' % table_file_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner) and \
not check_dtable_share_permission(dtable, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# send stats message
send_file_access_msg(request, repo, table_path, 'api')
op = request.GET.get('op', 'download')
use_onetime = False if reuse == '1' else True
return get_repo_file(request, repo_id, table_file_id, table_file_name, op, use_onetime)
def get(self, request, workspace_id, name):
"""get dtable access token
"""
table_name = name
table_file_name = table_name + FILE_TYPE
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
table_path = normalize_file_path(table_file_name)
table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path)
if not table_file_id:
error_msg = 'file %s not found.' % table_file_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner) and \
not check_dtable_share_permission(dtable, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# generate json web token
payload = {
'exp': int(time.time()) + 86400 * 3,
'dtable_uuid': dtable.uuid.hex,
'username': username,
}
try:
access_token = jwt.encode(payload,
DTABLE_PRIVATE_KEY,
algorithm='HS256')
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'access_token': access_token})
def dtable_asset_access(request, workspace_id, dtable_id, path):
"""
Permission:
1. owner
2. group member
3. shared user with `rw` or `admin` permission
"""
# asset file type check
asset_name = os.path.basename(normalize_file_path(path))
file_type, file_ext = get_file_type_and_ext(asset_name)
if file_type != IMAGE:
err_msg = 'Invalid file type'
return render_error(request, err_msg)
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
raise Http404
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
raise Http404
dtable = DTables.objects.get_dtable_by_uuid(dtable_id)
if not dtable:
raise Http404
asset_path = normalize_file_path(os.path.join('/asset', dtable_id, path))
asset_id = seafile_api.get_file_id_by_path(repo_id, asset_path)
if not asset_id:
raise Http404
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner) and \
check_dtable_share_permission(dtable, username) not in WRITE_PERMISSION_TUPLE:
return render_permission_error(request, _(u'Permission denied.'))
dl = request.GET.get('dl', '0') == '1'
operation = 'download' if dl else 'view'
token = seafile_api.get_fileserver_access_token(repo_id,
asset_id,
operation,
'',
use_onetime=False)
url = gen_file_get_url(token, asset_name)
return HttpResponseRedirect(url)
def get(self, request, workspace_id):
"""get table file update link
Permission:
1. owner
2. group member
3. shared user with `rw` or `admin` permission
"""
# argument check
table_name = request.GET.get('name', None)
if not table_name:
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner) and \
check_dtable_share_permission(dtable, username) not in WRITE_PERMISSION_TUPLE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
token = seafile_api.get_fileserver_access_token(repo_id, 'dummy', 'update',
username, use_onetime=False)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
dtable.modifier = username
dtable.save()
url = gen_file_upload_url(token, 'update-api')
return Response(url)
def dtable_file_view(request, workspace_id, name):
"""
Permission:
1. owner
2. group member
3. shared user
"""
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
raise Http404
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
raise Http404
dtable = DTables.objects.get_dtable(workspace, name)
if not dtable:
return render_error(request, _(u'Table does not exist'))
table_file_name = name + FILE_TYPE
table_path = normalize_file_path(table_file_name)
table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path)
if not table_file_id:
return render_error(request, _(u'Table does not exist'))
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner) and \
not check_dtable_share_permission(dtable, username):
return render_permission_error(request, _(u'Permission denied.'))
return_dict = {
'share_link_expire_days_default': SHARE_LINK_EXPIRE_DAYS_DEFAULT,
'share_link_expire_days_min': SHARE_LINK_EXPIRE_DAYS_MIN,
'share_link_expire_days_max': SHARE_LINK_EXPIRE_DAYS_MAX,
'repo': repo,
'filename': name,
'path': table_path,
'filetype': 'dtable',
'workspace_id': workspace_id,
'dtable_uuid': dtable.uuid.hex,
'media_url': MEDIA_URL,
'dtable_server': DTABLE_SERVER_URL,
'dtable_socket': SEAFILE_COLLAB_SERVER
}
return render(request, 'dtable_file_view_react.html', return_dict)