def check_dtable_permission(username, workspace, dtable=None, org_id=None): """Check workspace/dtable access permission of a user. """ owner = workspace.owner if '@seafile_group' in owner: group_id = int(owner.split('@')[0]) if is_group_member(group_id, username): return PERMISSION_READ_WRITE else: if username == owner: return PERMISSION_READ_WRITE if dtable: # check user's all permissions from `share`, `group-share` and checkout higher one dtable_share = DTableShare.objects.get_by_dtable_and_to_user( dtable, username) if dtable_share and dtable_share.permission == PERMISSION_READ_WRITE: return dtable_share.permission permission = dtable_share.permission if dtable_share else None if org_id and org_id > 0: groups = ccnet_api.get_org_groups_by_user(org_id, username) else: groups = ccnet_api.get_groups(username, return_ancestors=True) group_ids = [group.id for group in groups] group_permissions = DTableGroupShare.objects.filter( dtable=dtable, group_id__in=group_ids).values_list('permission', flat=True) for group_permission in group_permissions: permission = permission if permission else group_permission if group_permission == PERMISSION_READ_WRITE: return group_permission return permission return None
def get(self, request): """ List groups that user can share a library to. """ if config.ENABLE_SHARE_TO_ALL_GROUPS: if CUSTOM_GET_GROUPS: groups = custom_get_groups(request) else: groups = ccnet_api.get_all_groups(-1, -1) else: username = request.user.username if is_org_context(request): org_id = request.user.org.org_id groups = ccnet_api.get_org_groups_by_user(org_id, username) else: groups = ccnet_api.get_groups(username) filtered_groups = [] for group in groups: if not ENABLE_SHARE_TO_DEPARTMENT and group.parent_group_id != 0: continue else: filtered_groups.append(group) result = [ self._get_group_info(request, group) for group in filtered_groups ] return Response(result)
def get(self, request): """ List groups that user can share a library to. """ if config.ENABLE_SHARE_TO_ALL_GROUPS: if CUSTOM_GET_GROUPS: groups = custom_get_groups(request) else: groups = ccnet_api.get_all_groups(-1, -1) else: username = request.user.username if is_org_context(request): org_id = request.user.org.org_id groups = ccnet_api.get_org_groups_by_user(org_id, username) else: groups = ccnet_api.get_groups(username) try: avatar_size = int( request.GET.get('avatar_size', GROUP_AVATAR_DEFAULT_SIZE)) except ValueError: avatar_size = GROUP_AVATAR_DEFAULT_SIZE result = [ self._get_group_info(request, group, avatar_size) for group in groups ] return Response(result)
def get(self, request): """ List groups that user can share a library to. """ if config.ENABLE_SHARE_TO_ALL_GROUPS: if CUSTOM_GET_GROUPS: groups = custom_get_groups(request) else: groups = ccnet_api.get_all_groups(-1, -1) else: username = request.user.username if is_org_context(request): org_id = request.user.org.org_id groups = ccnet_api.get_org_groups_by_user(org_id, username) else: groups = ccnet_api.get_groups(username) try: avatar_size = int(request.GET.get('avatar_size', GROUP_AVATAR_DEFAULT_SIZE)) except ValueError: avatar_size = GROUP_AVATAR_DEFAULT_SIZE result = [self._get_group_info(request, group, avatar_size) for group in groups] return Response(result)
def get(self, request): user = request.user org_id = -1 if is_org_context(request): org_id = request.user.org.org_id if org_id and org_id > 0: groups = ccnet_api.get_org_groups_by_user(org_id, user.username) else: groups = ccnet_api.get_groups(user.username, return_ancestors=True) starred_dtable_uuids = set( UserStarredDTables.objects.get_dtable_uuids_by_email( user.username)) group_ids = [group.id for group in groups] dgses = DTableGroupShare.objects.filter( group_id__in=group_ids, dtable__deleted=False).order_by( 'created_at').select_related('dtable') results = { group_id: [] for group_id in dgses.values_list('group_id', flat=True) } for dgs in dgses: dtable_info = dgs.dtable.to_dict() dtable_info[ 'starred'] = dgs.dtable.uuid.hex in starred_dtable_uuids results[dgs.group_id].append(dtable_info) return Response({'group_shared_dtables': results})
def check_dtable_permission(self): """Check workspace/dtable access permission of a user. """ owner = self.workspace_owner username = self.username if not hasattr(self, 'org_id'): self.org_id = -1 org_id = self.org_id if '@seafile_group' in owner: group_id = int(owner.split('@')[0]) if self.is_group_member(group_id, username): return PERMISSION_READ_WRITE else: if username == owner: return PERMISSION_READ_WRITE self.dtable = self.db_session.query(DTables).filter_by( uuid=self.dtable_uuid).first() dtable = self.dtable if dtable: # check user's all permissions from `share`, `group-share` and checkout higher one dtable_share = self.db_session.query(DTableShare).filter_by( dtable_id=dtable.id, to_user=username).first() if dtable_share and dtable_share.permission == PERMISSION_READ_WRITE: return dtable_share.permission permission = dtable_share.permission if dtable_share else '' if org_id and org_id > 0: groups = ccnet_api.get_org_groups_by_user(org_id, username) else: groups = ccnet_api.get_groups(username, return_ancestors=True) group_ids = [group.id for group in groups] group_permissions = self.db_session.query( DTableGroupShare.permission).filter( DTableGroupShare.dtable_id == dtable.id, DTableGroupShare.group_id.in_(group_ids)).all() for group_permission in group_permissions: permission = permission if permission else group_permission[0] if group_permission[0] == PERMISSION_READ_WRITE: return group_permission[0] return permission return ''
def get(self, request): """get shared forms """ username = request.user.username org_id = -1 if is_org_context(request): org_id = request.user.org.org_id if org_id and org_id > 0: groups = ccnet_api.get_org_groups_by_user(org_id, username) else: groups = ccnet_api.get_groups(username, return_ancestors=True) group_ids = [group.id for group in groups] group_name_map = { group_id: group_id_to_name(group_id) for group_id in group_ids } try: shared_queryset = DTableFormShare.objects.list_by_group_ids( group_ids) except Exception as e: logger.error(e) error_msg = 'Internal Server Error.' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) shared_list = list() for item in shared_queryset: form = item.form if form.share_type != SHARED_GROUPS: continue data = form.to_dict() group_id = item.group_id data["group_name"] = group_name_map.get(group_id) data["group_id"] = group_id shared_list.append(data) return Response({'shared_list': shared_list}, status=status.HTTP_200_OK)
def get(self, request): """ List all groups. """ org_id = None username = request.user.username if is_org_context(request): org_id = request.user.org.org_id user_groups = ccnet_api.get_org_groups_by_user( org_id, username, return_ancestors=True) else: user_groups = ccnet_api.get_groups(username, return_ancestors=True) try: avatar_size = int( request.GET.get('avatar_size', GROUP_AVATAR_DEFAULT_SIZE)) except ValueError: avatar_size = GROUP_AVATAR_DEFAULT_SIZE try: with_repos = int(request.GET.get('with_repos', 0)) except ValueError: with_repos = 0 if with_repos not in (0, 1): error_msg = 'with_repos invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) groups = [] if with_repos: gids = [g.id for g in user_groups] admin_info = ExtraGroupsSharePermission.objects.batch_get_repos_with_admin_permission( gids) try: starred_repos = UserStarredFiles.objects.get_starred_repos_by_user( username) starred_repo_id_list = [item.repo_id for item in starred_repos] except Exception as e: logger.error(e) starred_repo_id_list = [] for g in user_groups: group_info = get_group_info(request, g.id, avatar_size) if with_repos: if org_id: group_repos = seafile_api.get_org_group_repos(org_id, g.id) else: group_repos = seafile_api.get_repos_by_group(g.id) repos = [] # get repo id owner dict all_repo_owner = [] repo_id_owner_dict = {} for repo in group_repos: repo_id = repo.id if repo_id not in repo_id_owner_dict: repo_owner = get_repo_owner(request, repo_id) all_repo_owner.append(repo_owner) repo_id_owner_dict[repo_id] = repo_owner # Use dict to reduce memcache fetch cost in large for-loop. name_dict = {} contact_email_dict = {} for email in all_repo_owner: if email not in name_dict: if '@seafile_group' in email: group_id = get_group_id_by_repo_owner(email) group_name = group_id_to_name(group_id) name_dict[email] = group_name else: name_dict[email] = email2nickname(email) if email not in contact_email_dict: if '@seafile_group' in email: contact_email_dict[email] = '' else: contact_email_dict[email] = email2contact_email( email) for r in group_repos: repo_owner = repo_id_owner_dict.get(r.id, r.user) repo = { "id": r.id, "repo_id": r.id, "name": r.name, "repo_name": r.name, "size": r.size, "size_formatted": filesizeformat(r.size), "mtime": r.last_modified, "mtime_relative": translate_seahub_time(r.last_modified), "last_modified": timestamp_to_isoformat_timestr(r.last_modified), "encrypted": r.encrypted, "permission": r.permission, "owner": repo_owner, "owner_email": repo_owner, "owner_name": name_dict.get(repo_owner, ''), "owner_contact_email": contact_email_dict.get(repo_owner, ''), "is_admin": (r.id, g.id) in admin_info, "starred": r.repo_id in starred_repo_id_list, } repos.append(repo) group_info['repos'] = repos groups.append(group_info) return Response(groups)
def get(self, request): """get all workspaces """ username = request.user.username org_id = -1 if is_org_context(request): org_id = request.user.org.org_id if org_id > 0: groups = ccnet_api.get_org_groups_by_user(org_id, username) else: groups = ccnet_api.get_groups(username, return_ancestors=True) owner_list = list() owner_list.append(username) for group in groups: group_user = '******' % group.id owner_list.append(group_user) workspace_list = list() for owner in owner_list: try: workspace = Workspaces.objects.get_workspace_by_owner(owner) except Exception as e: logger.error(e) error_msg = 'Internal Server Error.' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not workspace: if '@seafile_group' in owner: continue # permission check if not request.user.permissions.can_add_repo(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) try: if org_id > 0: repo_id = seafile_api.create_org_repo( _("My Workspace"), _("My Workspace"), "dtable@seafile", org_id) else: repo_id = seafile_api.create_repo( _("My Workspace"), _("My Workspace"), "dtable@seafile") except Exception as e: logger.error(e) error_msg = 'Internal Server Error.' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) workspace = Workspaces.objects.create_workspace(owner, repo_id) # resource check repo_id = workspace.repo_id repo = seafile_api.get_repo(repo_id) if not repo: logger.warning('Library %s not found.' % repo_id) continue res = workspace.to_dict() table_list = DTables.objects.get_dtable_by_workspace(workspace) res["table_list"] = table_list if '@seafile_group' in owner: group_id = owner.split('@')[0] res["owner_name"] = group_id_to_name(group_id) res["owner_type"] = "Group" else: res["owner_name"] = email2nickname(owner) res["owner_type"] = "Personal" workspace_list.append(res) return Response({"workspace_list": workspace_list}, status=status.HTTP_200_OK)
def get(self, request): """get all workspaces """ username = request.user.username org_id = -1 if is_org_context(request): org_id = request.user.org.org_id if org_id and org_id > 0: groups = ccnet_api.get_org_groups_by_user(org_id, username) else: groups = ccnet_api.get_groups(username, return_ancestors=True) owner_list = list() owner_list.append(username) for group in groups: group_user = '******' % group.id owner_list.append(group_user) try: # workspaces workspace_queryset = Workspaces.objects.filter( owner__in=owner_list) workspaces = list(workspace_queryset) # user workspace if not workspace_queryset.filter(owner=username).exists(): workspace = create_repo_and_workspace(username, org_id) workspaces.append(workspace) # dtables table_queryset = DTables.objects.filter(workspace__in=workspaces, deleted=False) except Exception as e: logger.error(e) error_msg = 'Internal Server Error.' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) try: starred_dtable_uuids = set( UserStarredDTables.objects.get_dtable_uuids_by_email(username)) except Exception as e: starred_dtable_uuids = set() logger.warning(e) workspace_list = list() for workspace in workspaces: # resource check repo_id = workspace.repo_id repo = seafile_api.get_repo(repo_id) if not repo: logger.warning('Library %s not found.' % repo_id) continue res = workspace.to_dict() tables = table_queryset.filter(workspace=workspace) res["table_list"] = [table.to_dict() for table in tables] for t in res['table_list']: t['starred'] = t['uuid'].hex in starred_dtable_uuids owner = workspace.owner if '@seafile_group' in owner: group_id = owner.split('@')[0] group_members = ccnet_api.get_group_members(int(group_id)) group_admins = [ m.user_name for m in group_members if m.is_staff ] group_owner = [ g.creator_name for g in groups if g.id == int(group_id) ][0] res["owner_name"] = group_id_to_name(group_id) res["owner_type"] = "Group" res["group_id"] = group_id res["group_owner"] = group_owner res["group_admins"] = group_admins else: res["owner_name"] = email2nickname(owner) res["owner_type"] = "Personal" workspace_list.append(res) if DTABLE_EVENTS_ENABLED: timestamp = datetime.utcnow().strftime('%Y-%m-%d 00:00:00') message = { 'username': username, 'timestamp': timestamp, 'org_id': org_id } try: events_redis_connection.publish('user-activity-statistic', json.dumps(message)) except Exception as e: logger.error("Failed to publish message: %s " % e) return Response({"workspace_list": workspace_list}, status=status.HTTP_200_OK)
def get(self, request): """get dtable forms Permission: 1. owner 2. group member 3. shared user with `rw` """ username = request.user.username # argument check workspace_id = request.GET.get('workspace_id') table_name = request.GET.get('name') # get user forms if not workspace_id and not table_name: org_id = -1 if is_org_context(request): org_id = request.user.org.org_id if org_id and org_id > 0: groups = ccnet_api.get_org_groups_by_user(org_id, username) else: groups = ccnet_api.get_groups(username, return_ancestors=True) owner_list = list() owner_list.append(username) for group in groups: group_user = '******' % group.id owner_list.append(group_user) try: # workspaces workspace_queryset = Workspaces.objects.filter( owner__in=owner_list) workspace_ids = [ workspace.id for workspace in workspace_queryset ] form_queryset = DTableForms.objects.filter( workspace_id__in=workspace_ids) except Exception as e: logger.error(e) error_msg = 'Internal Server Error.' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # forms group_name_map = { group.id: group_id_to_name(group.id) for group in groups } form_list = list() for form in form_queryset: data = form.to_dict() workspace_id = form.workspace_id workspace = workspace_queryset.get(id=workspace_id) owner = workspace.owner if '@seafile_group' in owner: group_id = int(owner.split('@')[0]) data["group_name"] = group_name_map.get(group_id) data["group_id"] = group_id form_list.append(data) return Response({"form_list": form_list}, status=status.HTTP_200_OK) # get dtable forms else: if not workspace_id: error_msg = 'workspace_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not table_name: error_msg = 'name invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check workspace, dtable, error_msg = _resource_check( workspace_id, table_name) if error_msg: return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check if check_dtable_permission(username, workspace, dtable) != PERMISSION_READ_WRITE: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) dtable_uuid = dtable.uuid.hex try: forms = DTableForms.objects.get_forms_by_dtable_uuid( dtable_uuid) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) form_list = [form_obj.to_dict() for form_obj in forms] return Response({"form_list": form_list}, status=status.HTTP_200_OK)