def can_send_share_link_mail(self): if not IS_EMAIL_CONFIGURED: return False return get_enabled_role_permissions_by_role(self.user.role).get( 'can_send_share_link_mail', True)
def update_user_role(self, user, parse_result): role = parse_result.get('role', '') if role: User.objects.update_role(user.username, role) # update user role quota role_quota = get_enabled_role_permissions_by_role( role)['role_quota'] if role_quota: quota = get_quota_from_string(role_quota) seafile_api.set_role_quota(role, quota) return SHIBBOLETH_AFFILIATION_ROLE_MAP = getattr( settings, 'SHIBBOLETH_AFFILIATION_ROLE_MAP', False) if not SHIBBOLETH_AFFILIATION_ROLE_MAP: return if user.username in SHIBBOLETH_AFFILIATION_ROLE_MAP: role = SHIBBOLETH_AFFILIATION_ROLE_MAP[user.username] elif 'patterns' in SHIBBOLETH_AFFILIATION_ROLE_MAP: patterns = SHIBBOLETH_AFFILIATION_ROLE_MAP['patterns'] try: ordered_patterns = OrderedDict(patterns) except Exception as e: logger.error(e) return for key in ordered_patterns: if fnmatch(user.username, key): role = ordered_patterns[key] break else: return if role: User.objects.update_role(user.email, role) # update user role quota role_quota = get_enabled_role_permissions_by_role( role)['role_quota'] if role_quota: quota = get_quota_from_string(role_quota) seafile_api.set_role_quota(role, quota)
def can_view_org(self): if MULTI_TENANCY: return True if self.user.org is not None else False if CLOUD_MODE: return False return get_enabled_role_permissions_by_role(self.user.role)['can_view_org']
def can_view_org(self): if MULTI_TENANCY: return True if self.user.org is not None else False if CLOUD_MODE: return False return get_enabled_role_permissions_by_role(DEFAULT_USER)['can_view_org']
def check_user_workspace_quota(workspace): """ check workspace is whether valid about quota """ # if workspace is a group workspace and not a org workspace, don't need to check # because users are not allowed to create groups but org users can if '@seafile_group' in workspace.owner and workspace.org_id == -1: return True if workspace.org_id != -1: # org workspace, check the sum of the org's all workspace size is whether valid org_role = OrgSettings.objects.filter(org_id=workspace.org_id).first() org_role = org_role.role if org_role else ORG_DEFAULT quota = get_enabled_role_permissions_by_role(org_role).get( 'role_asset_quota', '') quota = get_quota_from_string(quota) if quota else quota if quota: asset_size = cache.get( normalize_cache_key(str(workspace.org_id), ASSET_SIZE_CACHE_PREFIX)) if not asset_size: repo_ids = Workspaces.objects.filter( org_id=workspace.org_id).values_list('repo_id', flat=True) asset_size = 0 for repo_id in repo_ids: asset_size += seafile_api.get_repo_size(repo_id) cache.set( normalize_cache_key(str(workspace.id), ASSET_SIZE_CACHE_PREFIX), asset_size, ASSET_SIZE_CACHE_TIMEOUT) if int(asset_size) > quota: return False else: # check user's workspace size user = ccnet_api.get_emailuser_with_import(workspace.owner) if not user: return False quota = get_enabled_role_permissions_by_role(user.role).get( 'role_asset_quota', '') quota = get_quota_from_string(quota) if quota else quota if quota and seafile_api.get_repo_size(workspace.repo_id) > quota: return False return True
def can_add_public_repo(self): """ Check if user can create public repo or share existed repo to public. Used when MULTI_TENANCY feature is NOT enabled. """ if CLOUD_MODE: return False elif self.user.is_staff: return True elif get_enabled_role_permissions_by_role( self.user.role)['can_add_public_repo']: return True else: return bool(config.ENABLE_USER_CREATE_ORG_REPO)
def get(self, request): """Get info of an organization """ org = request.user.org org_id = org.org_id # space quota org_role = OrgSettings.objects.filter(org_id=org_id).first() org_role = org_role.role if org_role else ORG_DEFAULT storage_quota = get_enabled_role_permissions_by_role(org_role).get('role_asset_quota', '') storage_quota = get_quota_from_string(storage_quota) if storage_quota else -2 storage_usage = Workspaces.objects.get_org_total_storage(org_id) # member quota if ORG_MEMBER_QUOTA_ENABLED: member_quota = OrgMemberQuota.objects.get_quota(org_id) else: member_quota = None # member usage try: url_prefix = request.user.org.url_prefix org_members = ccnet_api.get_org_emailusers(url_prefix, -1, -1) except Exception as e: logger.error(e) org_members = [] member_usage = 0 active_members = 0 if org_members: member_usage = len(org_members) active_members = len([m for m in org_members if m.is_active]) info = {} info['org_id'] = org_id info['org_name'] = org.org_name info['storage_quota'] = storage_quota info['storage_usage'] = storage_usage info['member_quota'] = member_quota info['member_usage'] = member_usage info['active_members'] = active_members return Response(info)
def update_user_role(self, user_info): """ Specific for Shibboleth """ affiliation = user_info.get('affiliation', '') if not affiliation: return for e in affiliation.split(';'): role = self._get_role_by_affiliation(e) if not role: continue # update user role ccnet_api.update_role_emailuser(user_info['email'], role) # update user role quota role_quota = get_enabled_role_permissions_by_role( role)['role_quota'] if role_quota: quota = get_quota_from_string(role_quota) seafile_api.set_role_quota(role, quota)
def can_generate_upload_link(self): return get_enabled_role_permissions_by_role( self.user.role)['can_generate_upload_link']
def can_generate_shared_link(self): return get_enabled_role_permissions_by_role(DEFAULT_USER)['can_generate_shared_link']
def can_use_global_address_book(self): return get_enabled_role_permissions_by_role(DEFAULT_USER)['can_use_global_address_book']
def can_add_group(self): return get_enabled_role_permissions_by_role( DEFAULT_USER)['can_add_group']
def can_add_group(self): return get_enabled_role_permissions_by_role(DEFAULT_USER)['can_add_group']
def can_drag_drop_folder_to_sync(self): return get_enabled_role_permissions_by_role( self.user.role)['can_drag_drop_folder_to_sync']
def can_invite_guest(self): return get_enabled_role_permissions_by_role( self.user.role)['can_invite_guest']
def can_drag_drop_folder_to_sync(self): return get_enabled_role_permissions_by_role(DEFAULT_USER)['can_drag_drop_folder_to_sync']
def can_drag_drop_folder_to_sync(self): return get_enabled_role_permissions_by_role( DEFAULT_USER)['can_drag_drop_folder_to_sync']
def can_invite_guest(self): return get_enabled_role_permissions_by_role(DEFAULT_USER)['can_invite_guest']
def test_get_enabled_role_permissions_by_role(self): assert len( get_enabled_role_permissions_by_role(DEFAULT_USER).keys()) == 18
def can_invite_guest(self): # KEEPER return get_enabled_role_permissions_by_role( self.user.role)['can_invite_guest'] and user_can_invite( self.user.email)
def can_generate_upload_link(self): return get_enabled_role_permissions_by_role( DEFAULT_USER)['can_generate_upload_link']
def can_export_files_via_mobile_client(self): return get_enabled_role_permissions_by_role( DEFAULT_USER)['can_export_files_via_mobile_client']
def can_invite_guest(self): return get_enabled_role_permissions_by_role( DEFAULT_USER)['can_invite_guest']
def can_connect_with_desktop_clients(self): return get_enabled_role_permissions_by_role( DEFAULT_USER)['can_connect_with_desktop_clients']
def can_connect_with_desktop_clients(self): return get_enabled_role_permissions_by_role(DEFAULT_USER)['can_connect_with_desktop_clients']
def can_use_global_address_book(self): return get_enabled_role_permissions_by_role( DEFAULT_USER)['can_use_global_address_book']
def can_export_files_via_mobile_client(self): return get_enabled_role_permissions_by_role(DEFAULT_USER)['can_export_files_via_mobile_client']
def storage_ids(self): return get_enabled_role_permissions_by_role(self.user.role).get( 'storage_ids', [])
def _get_perm_by_roles(self, perm_name): role = self.user.role return get_enabled_role_permissions_by_role(role).get(perm_name, False)
def oauth_callback(request): """ Step 3: Retrieving an access token. The user has been redirected back from the provider to your registered callback URL. With this redirection comes an authorization code included in the redirect URL. We will use that to obtain an access token. """ session = OAuth2Session(client_id=CLIENT_ID, scope=SCOPE, state=request.session.get('oauth_state', None), redirect_uri=REDIRECT_URL) try: token = session.fetch_token( TOKEN_URL, client_secret=CLIENT_SECRET, authorization_response=request.get_full_path()) if 'user_id' in session._client.__dict__['token']: # used for sjtu.edu.cn # https://xjq12311.gitbooks.io/sjtu-engtc/content/ user_id = session._client.__dict__['token']['user_id'] user_info_resp = session.get(USER_INFO_URL + '?user_id=%s' % user_id) else: user_info_url = USER_INFO_URL if ACCESS_TOKEN_IN_URI: code = request.GET.get('code') user_info_url = USER_INFO_URL + '?access_token=%s&code=%s' % ( token['access_token'], code) user_info_resp = session.get(user_info_url) except Exception as e: logger.error(e) return render_error(request, _('Error, please contact administrator.')) def format_user_info(user_info_resp): logger.info('user info resp: %s' % user_info_resp.text) error = False user_info = {} user_info_json = user_info_resp.json() for item, attr in list(ATTRIBUTE_MAP.items()): required, user_attr = attr value = user_info_json.get(item, '') if value: # ccnet email if user_attr == 'email': user_info[user_attr] = value if is_valid_email(str(value)) else \ '%s@%s' % (str(value), PROVIDER_DOMAIN) else: user_info[user_attr] = value elif required: error = True return user_info, error user_info, error = format_user_info(user_info_resp) if error: logger.error('Required user info not found.') logger.error(user_info) return render_error(request, _('Error, please contact administrator.')) # seahub authenticate user email = user_info['email'] try: user = auth.authenticate(remote_user=email) except User.DoesNotExist: user = None except Exception as e: logger.error(e) return render_error(request, _('Error, please contact administrator.')) if not user or not user.is_active: logger.error('User %s not found or inactive.' % email) # a page for authenticate user failed return render_error(request, _('User %s not found.') % email) # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user auth.login(request, user) # update user's profile name = user_info['name'] if 'name' in user_info else '' contact_email = user_info['contact_email'] if 'contact_email' in user_info else '' profile = Profile.objects.get_profile_by_user(email) if not profile: profile = Profile(user=email) if name: profile.nickname = name.strip() profile.save() if contact_email: profile.contact_email = contact_email.strip() profile.save() if CUSTOM_GET_USER_ROLE: remote_role_value = user_info.get('role', '') if remote_role_value: role = custom_get_user_role(remote_role_value) # update user role ccnet_api.update_role_emailuser(user_info['email'], role) # update user role quota role_quota = get_enabled_role_permissions_by_role(role)['role_quota'] if role_quota: quota = get_quota_from_string(role_quota) seafile_api.set_role_quota(role, quota) # generate auth token for Seafile client api_token = get_api_token(request) # redirect user to home page response = HttpResponseRedirect(request.session.get('oauth_redirect', '/')) response.set_cookie('seahub_auth', email + '@' + api_token.key) return response
def can_add_group(self): return get_enabled_role_permissions_by_role( self.user.role)['can_add_group']
def role_quota(self): return get_enabled_role_permissions_by_role(self.user.role).get( 'role_quota', '')
def can_use_global_address_book(self): return get_enabled_role_permissions_by_role( self.user.role)['can_use_global_address_book']
def can_send_share_link_mail(self): return get_enabled_role_permissions_by_role(self.user.role).get( 'can_send_share_link_mail', True)
def can_connect_with_desktop_clients(self): return get_enabled_role_permissions_by_role( self.user.role)['can_connect_with_desktop_clients']
def _get_perm_by_roles(self, perm_name): role = self._get_user_role() return get_enabled_role_permissions_by_role(role)[perm_name]
def can_export_files_via_mobile_client(self): return get_enabled_role_permissions_by_role( self.user.role)['can_export_files_via_mobile_client']
def test_get_enabled_role_permissions_by_role(self): assert len(get_enabled_role_permissions_by_role(DEFAULT_USER).keys()) == 12