def check_dtable_permission(username, workspace, dtable=None, org_id=None):
"""Check workspace/dtable access permission of a user.
"""
owner = workspace.owner
if '@seafile_group' in owner:
group_id = int(owner.split('@')[0])
if is_group_member(group_id, username):
return PERMISSION_READ_WRITE
else:
if username == owner:
return PERMISSION_READ_WRITE
if dtable: # check user's all permissions from `share`, `group-share` and checkout higher one
dtable_share = DTableShare.objects.get_by_dtable_and_to_user(
dtable, username)
if dtable_share and dtable_share.permission == PERMISSION_READ_WRITE:
return dtable_share.permission
permission = dtable_share.permission if dtable_share else None
if org_id and org_id > 0:
groups = ccnet_api.get_org_groups_by_user(org_id, username)
else:
groups = ccnet_api.get_groups(username, return_ancestors=True)
group_ids = [group.id for group in groups]
group_permissions = DTableGroupShare.objects.filter(
dtable=dtable, group_id__in=group_ids).values_list('permission',
flat=True)
for group_permission in group_permissions:
permission = permission if permission else group_permission
if group_permission == PERMISSION_READ_WRITE:
return group_permission
return permission
return None
def get(self, request):
""" List groups that user can share a library to.
"""
if config.ENABLE_SHARE_TO_ALL_GROUPS:
if CUSTOM_GET_GROUPS:
groups = custom_get_groups(request)
else:
groups = ccnet_api.get_all_groups(-1, -1)
else:
username = request.user.username
if is_org_context(request):
org_id = request.user.org.org_id
groups = ccnet_api.get_org_groups_by_user(org_id, username)
else:
groups = ccnet_api.get_groups(username)
filtered_groups = []
for group in groups:
if not ENABLE_SHARE_TO_DEPARTMENT and group.parent_group_id != 0:
continue
else:
filtered_groups.append(group)
result = [
self._get_group_info(request, group) for group in filtered_groups
]
return Response(result)
def get(self, request):
""" List groups that user can share a library to.
"""
if config.ENABLE_SHARE_TO_ALL_GROUPS:
if CUSTOM_GET_GROUPS:
groups = custom_get_groups(request)
else:
groups = ccnet_api.get_all_groups(-1, -1)
else:
username = request.user.username
if is_org_context(request):
org_id = request.user.org.org_id
groups = ccnet_api.get_org_groups_by_user(org_id, username)
else:
groups = ccnet_api.get_groups(username)
try:
avatar_size = int(
request.GET.get('avatar_size', GROUP_AVATAR_DEFAULT_SIZE))
except ValueError:
avatar_size = GROUP_AVATAR_DEFAULT_SIZE
result = [
self._get_group_info(request, group, avatar_size)
for group in groups
]
return Response(result)
def get(self, request):
""" List groups that user can share a library to.
"""
if config.ENABLE_SHARE_TO_ALL_GROUPS:
if CUSTOM_GET_GROUPS:
groups = custom_get_groups(request)
else:
groups = ccnet_api.get_all_groups(-1, -1)
else:
username = request.user.username
if is_org_context(request):
org_id = request.user.org.org_id
groups = ccnet_api.get_org_groups_by_user(org_id, username)
else:
groups = ccnet_api.get_groups(username)
try:
avatar_size = int(request.GET.get('avatar_size',
GROUP_AVATAR_DEFAULT_SIZE))
except ValueError:
avatar_size = GROUP_AVATAR_DEFAULT_SIZE
result = [self._get_group_info(request, group, avatar_size) for group in groups]
return Response(result)
def get(self, request):
user = request.user
org_id = -1
if is_org_context(request):
org_id = request.user.org.org_id
if org_id and org_id > 0:
groups = ccnet_api.get_org_groups_by_user(org_id, user.username)
else:
groups = ccnet_api.get_groups(user.username, return_ancestors=True)
starred_dtable_uuids = set(
UserStarredDTables.objects.get_dtable_uuids_by_email(
user.username))
group_ids = [group.id for group in groups]
dgses = DTableGroupShare.objects.filter(
group_id__in=group_ids, dtable__deleted=False).order_by(
'created_at').select_related('dtable')
results = {
group_id: []
for group_id in dgses.values_list('group_id', flat=True)
}
for dgs in dgses:
dtable_info = dgs.dtable.to_dict()
dtable_info[
'starred'] = dgs.dtable.uuid.hex in starred_dtable_uuids
results[dgs.group_id].append(dtable_info)
return Response({'group_shared_dtables': results})
def check_dtable_permission(self):
"""Check workspace/dtable access permission of a user.
"""
owner = self.workspace_owner
username = self.username
if not hasattr(self, 'org_id'):
self.org_id = -1
org_id = self.org_id
if '@seafile_group' in owner:
group_id = int(owner.split('@')[0])
if self.is_group_member(group_id, username):
return PERMISSION_READ_WRITE
else:
if username == owner:
return PERMISSION_READ_WRITE
self.dtable = self.db_session.query(DTables).filter_by(
uuid=self.dtable_uuid).first()
dtable = self.dtable
if dtable: # check user's all permissions from `share`, `group-share` and checkout higher one
dtable_share = self.db_session.query(DTableShare).filter_by(
dtable_id=dtable.id, to_user=username).first()
if dtable_share and dtable_share.permission == PERMISSION_READ_WRITE:
return dtable_share.permission
permission = dtable_share.permission if dtable_share else ''
if org_id and org_id > 0:
groups = ccnet_api.get_org_groups_by_user(org_id, username)
else:
groups = ccnet_api.get_groups(username, return_ancestors=True)
group_ids = [group.id for group in groups]
group_permissions = self.db_session.query(
DTableGroupShare.permission).filter(
DTableGroupShare.dtable_id == dtable.id,
DTableGroupShare.group_id.in_(group_ids)).all()
for group_permission in group_permissions:
permission = permission if permission else group_permission[0]
if group_permission[0] == PERMISSION_READ_WRITE:
return group_permission[0]
return permission
return ''
def get(self, request):
"""get shared forms
"""
username = request.user.username
org_id = -1
if is_org_context(request):
org_id = request.user.org.org_id
if org_id and org_id > 0:
groups = ccnet_api.get_org_groups_by_user(org_id, username)
else:
groups = ccnet_api.get_groups(username, return_ancestors=True)
group_ids = [group.id for group in groups]
group_name_map = {
group_id: group_id_to_name(group_id)
for group_id in group_ids
}
try:
shared_queryset = DTableFormShare.objects.list_by_group_ids(
group_ids)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
shared_list = list()
for item in shared_queryset:
form = item.form
if form.share_type != SHARED_GROUPS:
continue
data = form.to_dict()
group_id = item.group_id
data["group_name"] = group_name_map.get(group_id)
data["group_id"] = group_id
shared_list.append(data)
return Response({'shared_list': shared_list},
status=status.HTTP_200_OK)
def get(self, request):
""" List all groups.
"""
org_id = None
username = request.user.username
if is_org_context(request):
org_id = request.user.org.org_id
user_groups = ccnet_api.get_org_groups_by_user(
org_id, username, return_ancestors=True)
else:
user_groups = ccnet_api.get_groups(username, return_ancestors=True)
try:
avatar_size = int(
request.GET.get('avatar_size', GROUP_AVATAR_DEFAULT_SIZE))
except ValueError:
avatar_size = GROUP_AVATAR_DEFAULT_SIZE
try:
with_repos = int(request.GET.get('with_repos', 0))
except ValueError:
with_repos = 0
if with_repos not in (0, 1):
error_msg = 'with_repos invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
groups = []
if with_repos:
gids = [g.id for g in user_groups]
admin_info = ExtraGroupsSharePermission.objects.batch_get_repos_with_admin_permission(
gids)
try:
starred_repos = UserStarredFiles.objects.get_starred_repos_by_user(
username)
starred_repo_id_list = [item.repo_id for item in starred_repos]
except Exception as e:
logger.error(e)
starred_repo_id_list = []
for g in user_groups:
group_info = get_group_info(request, g.id, avatar_size)
if with_repos:
if org_id:
group_repos = seafile_api.get_org_group_repos(org_id, g.id)
else:
group_repos = seafile_api.get_repos_by_group(g.id)
repos = []
# get repo id owner dict
all_repo_owner = []
repo_id_owner_dict = {}
for repo in group_repos:
repo_id = repo.id
if repo_id not in repo_id_owner_dict:
repo_owner = get_repo_owner(request, repo_id)
all_repo_owner.append(repo_owner)
repo_id_owner_dict[repo_id] = repo_owner
# Use dict to reduce memcache fetch cost in large for-loop.
name_dict = {}
contact_email_dict = {}
for email in all_repo_owner:
if email not in name_dict:
if '@seafile_group' in email:
group_id = get_group_id_by_repo_owner(email)
group_name = group_id_to_name(group_id)
name_dict[email] = group_name
else:
name_dict[email] = email2nickname(email)
if email not in contact_email_dict:
if '@seafile_group' in email:
contact_email_dict[email] = ''
else:
contact_email_dict[email] = email2contact_email(
email)
for r in group_repos:
repo_owner = repo_id_owner_dict.get(r.id, r.user)
repo = {
"id":
r.id,
"repo_id":
r.id,
"name":
r.name,
"repo_name":
r.name,
"size":
r.size,
"size_formatted":
filesizeformat(r.size),
"mtime":
r.last_modified,
"mtime_relative":
translate_seahub_time(r.last_modified),
"last_modified":
timestamp_to_isoformat_timestr(r.last_modified),
"encrypted":
r.encrypted,
"permission":
r.permission,
"owner":
repo_owner,
"owner_email":
repo_owner,
"owner_name":
name_dict.get(repo_owner, ''),
"owner_contact_email":
contact_email_dict.get(repo_owner, ''),
"is_admin": (r.id, g.id) in admin_info,
"starred":
r.repo_id in starred_repo_id_list,
}
repos.append(repo)
group_info['repos'] = repos
groups.append(group_info)
return Response(groups)
def get(self, request):
"""get all workspaces
"""
username = request.user.username
org_id = -1
if is_org_context(request):
org_id = request.user.org.org_id
if org_id > 0:
groups = ccnet_api.get_org_groups_by_user(org_id, username)
else:
groups = ccnet_api.get_groups(username, return_ancestors=True)
owner_list = list()
owner_list.append(username)
for group in groups:
group_user = '******' % group.id
owner_list.append(group_user)
workspace_list = list()
for owner in owner_list:
try:
workspace = Workspaces.objects.get_workspace_by_owner(owner)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
if not workspace:
if '@seafile_group' in owner:
continue
# permission check
if not request.user.permissions.can_add_repo():
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
if org_id > 0:
repo_id = seafile_api.create_org_repo(
_("My Workspace"), _("My Workspace"),
"dtable@seafile", org_id)
else:
repo_id = seafile_api.create_repo(
_("My Workspace"), _("My Workspace"),
"dtable@seafile")
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
workspace = Workspaces.objects.create_workspace(owner, repo_id)
# resource check
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
logger.warning('Library %s not found.' % repo_id)
continue
res = workspace.to_dict()
table_list = DTables.objects.get_dtable_by_workspace(workspace)
res["table_list"] = table_list
if '@seafile_group' in owner:
group_id = owner.split('@')[0]
res["owner_name"] = group_id_to_name(group_id)
res["owner_type"] = "Group"
else:
res["owner_name"] = email2nickname(owner)
res["owner_type"] = "Personal"
workspace_list.append(res)
return Response({"workspace_list": workspace_list},
status=status.HTTP_200_OK)
def get(self, request):
"""get all workspaces
"""
username = request.user.username
org_id = -1
if is_org_context(request):
org_id = request.user.org.org_id
if org_id and org_id > 0:
groups = ccnet_api.get_org_groups_by_user(org_id, username)
else:
groups = ccnet_api.get_groups(username, return_ancestors=True)
owner_list = list()
owner_list.append(username)
for group in groups:
group_user = '******' % group.id
owner_list.append(group_user)
try:
# workspaces
workspace_queryset = Workspaces.objects.filter(
owner__in=owner_list)
workspaces = list(workspace_queryset)
# user workspace
if not workspace_queryset.filter(owner=username).exists():
workspace = create_repo_and_workspace(username, org_id)
workspaces.append(workspace)
# dtables
table_queryset = DTables.objects.filter(workspace__in=workspaces,
deleted=False)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
try:
starred_dtable_uuids = set(
UserStarredDTables.objects.get_dtable_uuids_by_email(username))
except Exception as e:
starred_dtable_uuids = set()
logger.warning(e)
workspace_list = list()
for workspace in workspaces:
# resource check
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
logger.warning('Library %s not found.' % repo_id)
continue
res = workspace.to_dict()
tables = table_queryset.filter(workspace=workspace)
res["table_list"] = [table.to_dict() for table in tables]
for t in res['table_list']:
t['starred'] = t['uuid'].hex in starred_dtable_uuids
owner = workspace.owner
if '@seafile_group' in owner:
group_id = owner.split('@')[0]
group_members = ccnet_api.get_group_members(int(group_id))
group_admins = [
m.user_name for m in group_members if m.is_staff
]
group_owner = [
g.creator_name for g in groups if g.id == int(group_id)
][0]
res["owner_name"] = group_id_to_name(group_id)
res["owner_type"] = "Group"
res["group_id"] = group_id
res["group_owner"] = group_owner
res["group_admins"] = group_admins
else:
res["owner_name"] = email2nickname(owner)
res["owner_type"] = "Personal"
workspace_list.append(res)
if DTABLE_EVENTS_ENABLED:
timestamp = datetime.utcnow().strftime('%Y-%m-%d 00:00:00')
message = {
'username': username,
'timestamp': timestamp,
'org_id': org_id
}
try:
events_redis_connection.publish('user-activity-statistic',
json.dumps(message))
except Exception as e:
logger.error("Failed to publish message: %s " % e)
return Response({"workspace_list": workspace_list},
status=status.HTTP_200_OK)
def get(self, request):
"""get dtable forms
Permission:
1. owner
2. group member
3. shared user with `rw`
"""
username = request.user.username
# argument check
workspace_id = request.GET.get('workspace_id')
table_name = request.GET.get('name')
# get user forms
if not workspace_id and not table_name:
org_id = -1
if is_org_context(request):
org_id = request.user.org.org_id
if org_id and org_id > 0:
groups = ccnet_api.get_org_groups_by_user(org_id, username)
else:
groups = ccnet_api.get_groups(username, return_ancestors=True)
owner_list = list()
owner_list.append(username)
for group in groups:
group_user = '******' % group.id
owner_list.append(group_user)
try:
# workspaces
workspace_queryset = Workspaces.objects.filter(
owner__in=owner_list)
workspace_ids = [
workspace.id for workspace in workspace_queryset
]
form_queryset = DTableForms.objects.filter(
workspace_id__in=workspace_ids)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
# forms
group_name_map = {
group.id: group_id_to_name(group.id)
for group in groups
}
form_list = list()
for form in form_queryset:
data = form.to_dict()
workspace_id = form.workspace_id
workspace = workspace_queryset.get(id=workspace_id)
owner = workspace.owner
if '@seafile_group' in owner:
group_id = int(owner.split('@')[0])
data["group_name"] = group_name_map.get(group_id)
data["group_id"] = group_id
form_list.append(data)
return Response({"form_list": form_list},
status=status.HTTP_200_OK)
# get dtable forms
else:
if not workspace_id:
error_msg = 'workspace_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not table_name:
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
workspace, dtable, error_msg = _resource_check(
workspace_id, table_name)
if error_msg:
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if check_dtable_permission(username, workspace,
dtable) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
dtable_uuid = dtable.uuid.hex
try:
forms = DTableForms.objects.get_forms_by_dtable_uuid(
dtable_uuid)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
form_list = [form_obj.to_dict() for form_obj in forms]
return Response({"form_list": form_list},
status=status.HTTP_200_OK)
