def delete(self, request, repo_id, token):
""" Delete upload link.
Permission checking:
1. repo owner or admin;
"""
# resource check
try:
upload_link = UploadLinkShare.objects.get(token=token)
except UploadLinkShare.DoesNotExist:
error_msg = 'Upload link %s not found.' % token
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_repo_admin(username, upload_link.repo_id):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
upload_link.delete()
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def get(self, request, repo_id):
""" Get all share links of a repo.
Permission checking:
1. repo owner or admin;
"""
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_repo_admin(username, repo_id):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
result = []
fileshares = FileShare.objects.filter(repo_id=repo_id)
for fileshare in fileshares:
link_info = get_share_link_info(fileshare)
link_info['repo_id'] = repo_id
link_info['repo_name'] = repo.name
result.append(link_info)
return Response(result)
def get(self, request, repo_id):
""" Return repo info
Permission checking:
1. all authenticated user can perform this action.
"""
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
permission = check_folder_permission(request, repo_id, '/')
if permission is None:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
lib_need_decrypt = False
if repo.encrypted \
and not seafile_api.is_password_set(repo.id, username):
lib_need_decrypt = True
repo_owner = get_repo_owner(request, repo_id)
try:
has_been_shared_out = repo_has_been_shared_out(request, repo_id)
except Exception as e:
has_been_shared_out = False
logger.error(e)
result = {
"repo_id": repo.id,
"repo_name": repo.name,
"owner_email": repo_owner,
"owner_name": email2nickname(repo_owner),
"owner_contact_email": email2contact_email(repo_owner),
"size": repo.size,
"encrypted": repo.encrypted,
"file_count": repo.file_count,
"permission": permission,
"no_quota": True if seafile_api.check_quota(repo_id) < 0 else False,
"is_admin": is_repo_admin(username, repo_id),
"is_virtual": repo.is_virtual,
"has_been_shared_out": has_been_shared_out,
"lib_need_decrypt": lib_need_decrypt,
"last_modified": timestamp_to_isoformat_timestr(repo.last_modify),
"status": normalize_repo_status_code(repo.status),
}
return Response(result)
def get(self, request, repo_id):
""" Return repo info
Permission checking:
1. all authenticated user can perform this action.
"""
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
permission = check_folder_permission(request, repo_id, '/')
if permission is None:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
lib_need_decrypt = False
if repo.encrypted \
and not seafile_api.is_password_set(repo.id, username):
lib_need_decrypt = True
repo_owner = get_repo_owner(request, repo_id)
try:
has_been_shared_out = repo_has_been_shared_out(request, repo_id)
except Exception as e:
has_been_shared_out = False
logger.error(e)
result = {
"repo_id": repo.id,
"repo_name": repo.name,
"owner_email": repo_owner,
"owner_name": email2nickname(repo_owner),
"owner_contact_email": email2contact_email(repo_owner),
"size": repo.size,
"encrypted": repo.encrypted,
"file_count": repo.file_count,
"permission": permission,
"no_quota": True if seafile_api.check_quota(repo_id) < 0 else False,
"is_admin": is_repo_admin(username, repo_id),
"is_virtual": repo.is_virtual,
"has_been_shared_out": has_been_shared_out,
"lib_need_decrypt": lib_need_decrypt,
"last_modified": timestamp_to_isoformat_timestr(repo.last_modify),
}
return Response(result)
def put(self, request, repo_id):
"""
Set auto del days of a repo
perm: repo admin
"""
auto_delete_days = request.data.get('auto_delete_days')
if not auto_delete_days:
error_msg = 'auto_delete_days invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
auto_delete_days = int(auto_delete_days)
except Exception as e:
error_msg = 'auto_del_days %s invalid.' % auto_delete_days
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if auto_delete_days < 0:
error_msg = 'auto_del_days %s invalid.' % auto_delete_days
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
username = request.user.username
if not is_repo_admin(username, repo_id):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
repo_auto_delete, _ = RepoAutoDelete.objects.update_or_create(
repo_id=repo_id, defaults={'days': auto_delete_days})
except Exception as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Internal Server Error.')
return Response({'auto_delete_days': repo_auto_delete.days})
def delete(self, request, repo_id, token):
""" Delete share link.
Permission checking:
1. repo owner or admin;
"""
# resource check
try:
fileshare = FileShare.objects.get(token=token)
except FileShare.DoesNotExist:
error_msg = 'Share link %s not found.' % token
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_repo_admin(username, fileshare.repo_id):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
has_published_library = False
if fileshare.path == '/':
try:
Wiki.objects.get(repo_id=fileshare.repo_id)
has_published_library = True
except Wiki.DoesNotExist:
pass
if has_published_library:
error_msg = 'There is an associated published library.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
fileshare.delete()
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def put(self, request, repo_id, format=None):
""" Currently only support lock, unlock, refresh-lock file.
Permission checking:
1. user with 'rw' permission for current file;
"""
if not is_pro_version():
error_msg = 'file lock feature only supported in professional edition.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# argument check
path = request.GET.get('p', None)
if not path:
error_msg = 'p invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
path = normalize_file_path(path)
operation = request.data.get('operation', None)
if not operation:
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
operation = operation.lower()
if operation not in ('lock', 'unlock', 'refresh-lock'):
error_msg = "operation can only be 'lock', 'unlock' or 'refresh-lock'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
file_id = seafile_api.get_file_id_by_path(repo_id, path)
if not file_id:
error_msg = 'File %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
parent_dir = os.path.dirname(path)
if check_folder_permission(request, repo_id,
parent_dir) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
try:
is_locked, locked_by_me = check_file_lock(repo_id, path, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# check if is locked by online office
locked_by_online_office = if_locked_by_online_office(repo_id, path)
if operation == 'lock':
if is_locked:
error_msg = _("File is locked")
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
expire = request.data.get('expire', 0)
try:
expire = int(expire)
except ValueError:
error_msg = 'expire invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if expire < 0:
error_msg = 'expire invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# lock file
try:
if expire > 0:
seafile_api.lock_file(repo_id, path, username,
int(time.time()) + expire)
else:
seafile_api.lock_file(repo_id, path, username, 0)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
if operation == 'unlock':
if not is_locked:
error_msg = _("File is not locked.")
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if locked_by_me or locked_by_online_office or \
is_repo_owner(request, repo_id, username) or \
is_repo_admin(username, repo_id):
# unlock file
try:
seafile_api.unlock_file(repo_id, path)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
else:
error_msg = 'You can not unlock this file.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if operation == 'refresh-lock':
if not is_locked:
error_msg = _("File is not locked.")
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
expire = request.data.get('expire', 0)
try:
expire = int(expire)
except ValueError:
error_msg = 'expire invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if expire < 0:
error_msg = 'expire invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if locked_by_me or locked_by_online_office:
# refresh lock file
try:
if expire > 0:
seafile_api.refresh_file_lock(
repo_id, path,
int(time.time()) + expire)
else:
seafile_api.refresh_file_lock(repo_id, path)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
else:
error_msg = _("You can not refresh this file's lock.")
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
file_info = self.get_file_info(username, repo_id, path)
return Response(file_info)