def update_user_quota(self, user, user_role):
if user.permissions.role_quota():
quota = get_quota_from_string(user.permissions.role_quota())
logger.info('Set quota[%d] for user: %s, role[%s]' % (quota, user.username, user_role))
seafile_api.set_role_quota(user_role, quota)
else:
return
def update_user_role(self, user, parse_result):
role = parse_result.get('role', '')
if role:
User.objects.update_role(user.username, role)
# update user role quota
role_quota = get_enabled_role_permissions_by_role(
role)['role_quota']
if role_quota:
quota = get_quota_from_string(role_quota)
seafile_api.set_role_quota(role, quota)
return
SHIBBOLETH_AFFILIATION_ROLE_MAP = getattr(
settings, 'SHIBBOLETH_AFFILIATION_ROLE_MAP', False)
if not SHIBBOLETH_AFFILIATION_ROLE_MAP:
return
if user.username in SHIBBOLETH_AFFILIATION_ROLE_MAP:
role = SHIBBOLETH_AFFILIATION_ROLE_MAP[user.username]
elif 'patterns' in SHIBBOLETH_AFFILIATION_ROLE_MAP:
patterns = SHIBBOLETH_AFFILIATION_ROLE_MAP['patterns']
try:
ordered_patterns = OrderedDict(patterns)
except Exception as e:
logger.error(e)
return
for key in ordered_patterns:
if fnmatch(user.username, key):
role = ordered_patterns[key]
break
else:
return
if role:
User.objects.update_role(user.email, role)
# update user role quota
role_quota = get_enabled_role_permissions_by_role(
role)['role_quota']
if role_quota:
quota = get_quota_from_string(role_quota)
seafile_api.set_role_quota(role, quota)
def check_user_workspace_quota(workspace):
"""
check workspace is whether valid about quota
"""
# if workspace is a group workspace and not a org workspace, don't need to check
# because users are not allowed to create groups but org users can
if '@seafile_group' in workspace.owner and workspace.org_id == -1:
return True
if workspace.org_id != -1: # org workspace, check the sum of the org's all workspace size is whether valid
org_role = OrgSettings.objects.filter(org_id=workspace.org_id).first()
org_role = org_role.role if org_role else ORG_DEFAULT
quota = get_enabled_role_permissions_by_role(org_role).get(
'role_asset_quota', '')
quota = get_quota_from_string(quota) if quota else quota
if quota:
asset_size = cache.get(
normalize_cache_key(str(workspace.org_id),
ASSET_SIZE_CACHE_PREFIX))
if not asset_size:
repo_ids = Workspaces.objects.filter(
org_id=workspace.org_id).values_list('repo_id', flat=True)
asset_size = 0
for repo_id in repo_ids:
asset_size += seafile_api.get_repo_size(repo_id)
cache.set(
normalize_cache_key(str(workspace.id),
ASSET_SIZE_CACHE_PREFIX), asset_size,
ASSET_SIZE_CACHE_TIMEOUT)
if int(asset_size) > quota:
return False
else: # check user's workspace size
user = ccnet_api.get_emailuser_with_import(workspace.owner)
if not user:
return False
quota = get_enabled_role_permissions_by_role(user.role).get(
'role_asset_quota', '')
quota = get_quota_from_string(quota) if quota else quota
if quota and seafile_api.get_repo_size(workspace.repo_id) > quota:
return False
return True
def _handle_login_form_valid(request, user, redirect_to, remember_me):
if UserOptions.objects.passwd_change_required(user.username):
redirect_to = reverse('auth_password_change')
request.session['force_passwd_change'] = True
if user.permissions.role_quota():
user_role = get_user_role(user)
quota = get_quota_from_string(user.permissions.role_quota())
seafile_api.set_role_quota(user_role, quota)
# password is valid, log user in
request.session['remember_me'] = remember_me
return log_user_in(request, user, redirect_to)
def get(self, request):
"""Get info of an organization
"""
org = request.user.org
org_id = org.org_id
# space quota
org_role = OrgSettings.objects.filter(org_id=org_id).first()
org_role = org_role.role if org_role else ORG_DEFAULT
storage_quota = get_enabled_role_permissions_by_role(org_role).get('role_asset_quota', '')
storage_quota = get_quota_from_string(storage_quota) if storage_quota else -2
storage_usage = Workspaces.objects.get_org_total_storage(org_id)
# member quota
if ORG_MEMBER_QUOTA_ENABLED:
member_quota = OrgMemberQuota.objects.get_quota(org_id)
else:
member_quota = None
# member usage
try:
url_prefix = request.user.org.url_prefix
org_members = ccnet_api.get_org_emailusers(url_prefix, -1, -1)
except Exception as e:
logger.error(e)
org_members = []
member_usage = 0
active_members = 0
if org_members:
member_usage = len(org_members)
active_members = len([m for m in org_members if m.is_active])
info = {}
info['org_id'] = org_id
info['org_name'] = org.org_name
info['storage_quota'] = storage_quota
info['storage_usage'] = storage_usage
info['member_quota'] = member_quota
info['member_usage'] = member_usage
info['active_members'] = active_members
return Response(info)
def _get_account_info(self, request):
info = {}
email = request.user.username
p = Profile.objects.get_profile_by_user(email)
if is_org_context(request):
org_id = request.user.org.org_id
is_org_staff = request.user.org.is_staff
info['is_org_staff'] = is_org_staff
else:
quota_total = request.user.permissions.role_asset_quota()
quota_total = get_quota_from_string(
quota_total) if quota_total else -2
quota_usage = Workspaces.objects.get_owner_total_storage(
request.user.username)
if quota_total is not None and quota_total > 0:
info['space_usage'] = str(
float(quota_usage) / quota_total * 100) + '%'
else: # no space quota set in config
info['space_usage'] = '0%'
info['total'] = quota_total
info['usage'] = quota_usage
url, _, _ = api_avatar_url(email, int(72))
info['avatar_url'] = url
info['email'] = email
info['name'] = email2nickname(email)
info['login_id'] = p.login_id if p and p.login_id else ""
info['contact_email'] = p.contact_email if p else ""
info['institution'] = p.institution if p and p.institution else ""
info['is_staff'] = request.user.is_staff
if getattr(settings, 'MULTI_INSTITUTION', False):
info['is_inst_admin'] = request.user.inst_admin
interval = UserOptions.objects.get_dtable_updates_email_interval(email)
info[
'email_notification_interval'] = 0 if interval is None else interval
return info
def update_user_role(self, user_info):
""" Specific for Shibboleth
"""
affiliation = user_info.get('affiliation', '')
if not affiliation:
return
for e in affiliation.split(';'):
role = self._get_role_by_affiliation(e)
if not role:
continue
# update user role
ccnet_api.update_role_emailuser(user_info['email'], role)
# update user role quota
role_quota = get_enabled_role_permissions_by_role(
role)['role_quota']
if role_quota:
quota = get_quota_from_string(role_quota)
seafile_api.set_role_quota(role, quota)
def oauth_callback(request):
""" Step 3: Retrieving an access token.
The user has been redirected back from the provider to your registered
callback URL. With this redirection comes an authorization code included
in the redirect URL. We will use that to obtain an access token.
"""
session = OAuth2Session(client_id=CLIENT_ID,
scope=SCOPE,
state=request.session.get('oauth_state', None),
redirect_uri=REDIRECT_URL)
try:
token = session.fetch_token(
TOKEN_URL,
client_secret=CLIENT_SECRET,
authorization_response=request.get_full_path())
if 'user_id' in session._client.__dict__['token']:
# used for sjtu.edu.cn
# https://xjq12311.gitbooks.io/sjtu-engtc/content/
user_id = session._client.__dict__['token']['user_id']
user_info_resp = session.get(USER_INFO_URL +
'?user_id=%s' % user_id)
else:
user_info_url = USER_INFO_URL
if ACCESS_TOKEN_IN_URI:
code = request.GET.get('code')
user_info_url = USER_INFO_URL + '?access_token=%s&code=%s' % (
token['access_token'], code)
user_info_resp = session.get(user_info_url)
except Exception as e:
logger.error(e)
return render_error(request, _('Error, please contact administrator.'))
def format_user_info(user_info_resp):
logger.info('user info resp: %s' % user_info_resp.text)
error = False
user_info = {}
user_info_json = user_info_resp.json()
for item, attr in list(ATTRIBUTE_MAP.items()):
required, user_attr = attr
value = user_info_json.get(item, '')
if value:
# ccnet email
if user_attr == 'email':
user_info[user_attr] = value if is_valid_email(str(value)) else \
'%s@%s' % (str(value), PROVIDER_DOMAIN)
else:
user_info[user_attr] = value
elif required:
error = True
return user_info, error
user_info, error = format_user_info(user_info_resp)
if error:
logger.error('Required user info not found.')
logger.error(user_info)
return render_error(request, _('Error, please contact administrator.'))
# seahub authenticate user
email = user_info['email']
try:
user = auth.authenticate(remote_user=email)
except User.DoesNotExist:
user = None
except Exception as e:
logger.error(e)
return render_error(request, _('Error, please contact administrator.'))
if not user or not user.is_active:
logger.error('User %s not found or inactive.' % email)
# a page for authenticate user failed
return render_error(request, _('User %s not found.') % email)
# User is valid. Set request.user and persist user in the session
# by logging the user in.
request.user = user
auth.login(request, user)
# update user's profile
name = user_info['name'] if 'name' in user_info else ''
contact_email = user_info['contact_email'] if 'contact_email' in user_info else ''
profile = Profile.objects.get_profile_by_user(email)
if not profile:
profile = Profile(user=email)
if name:
profile.nickname = name.strip()
profile.save()
if contact_email:
profile.contact_email = contact_email.strip()
profile.save()
if CUSTOM_GET_USER_ROLE:
remote_role_value = user_info.get('role', '')
if remote_role_value:
role = custom_get_user_role(remote_role_value)
# update user role
ccnet_api.update_role_emailuser(user_info['email'], role)
# update user role quota
role_quota = get_enabled_role_permissions_by_role(role)['role_quota']
if role_quota:
quota = get_quota_from_string(role_quota)
seafile_api.set_role_quota(role, quota)
# generate auth token for Seafile client
api_token = get_api_token(request)
# redirect user to home page
response = HttpResponseRedirect(request.session.get('oauth_redirect', '/'))
response.set_cookie('seahub_auth', email + '@' + api_token.key)
return response
def update_user_quota(self, user, user_role):
if user.permissions.role_quota():
quota = get_quota_from_string(user.permissions.role_quota())
seafile_api.set_role_quota(user_role, quota)
else:
return
