def test_delete_file_with_invalid_folder_perm(self): if not LOCAL_PRO_DEV_ENV: return # create a file in user repo sub-folder file_name = randstring(6) seafile_api.post_empty_file(repo_id=self.repo_id, parent_dir=self.folder_path, filename=file_name, username=self.user_name) # share user's repo to admin with 'rw' permission seafile_api.share_repo(self.repo_id, self.user_name, self.admin_name, 'rw') # set sub-folder permisson as 'r' for admin seafile_api.add_folder_user_perm(self.repo_id, self.folder_path, 'r', self.admin_name) # admin can visit file with 'r' permission file_path = posixpath.join(self.folder_path, file_name) assert seafile_api.check_permission_by_path(self.repo_id, file_path, self.admin_name) == 'r' # login as admin, then delete a 'r' permission file self.login_as(self.admin) resp = self.client.delete(self.url + '?p=' + file_path, {}, 'application/x-www-form-urlencoded') self.assertEqual(403, resp.status_code)
def test_can_delete_folder_perm(self): if not LOCAL_PRO_DEV_ENV: return seafile_api.add_folder_user_perm(self.user_repo_id, self.user_folder_path, self.perm_r, self.admin_email) self.login_as(self.user) resp = self.client.get( reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])) json_resp = json.loads(resp.content) assert len(json_resp) == 1 url = reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]) data = 'user_email=%s&folder_path=%s' % (self.admin_email, self.user_folder_path) resp = self.client.delete(url, data, 'application/x-www-form-urlencoded') self.assertEqual(200, resp.status_code) resp = self.client.get( reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])) json_resp = json.loads(resp.content) assert len(json_resp) == 0
def test_rename_file_with_invalid_folder_perm(self): if not LOCAL_PRO_DEV_ENV: return # create a file as old file in user repo sub-folder old_file_name = randstring(6) seafile_api.post_empty_file(repo_id=self.repo_id, parent_dir=self.folder_path, filename=old_file_name, username=self.user_name) # share user's repo to admin with 'rw' permission seafile_api.share_repo(self.repo_id, self.user_name, self.admin_name, 'rw') # set sub-folder permisson as 'r' for admin seafile_api.add_folder_user_perm(self.repo_id, self.folder_path, 'r', self.admin_name) # admin can visit old file with 'r' permission old_file_path = posixpath.join(self.folder_path, old_file_name) assert seafile_api.check_permission_by_path(self.repo_id, old_file_path, self.admin_name) == 'r' # login as admin, then rename a 'r' permission old file self.login_as(self.admin) new_name = randstring(6) data = {'operation': 'rename', 'newname': new_name} resp = self.client.post(self.url + '?p=' + old_file_path, data) self.assertEqual(403, resp.status_code)
def test_rename_folder_with_invalid_folder_perm(self): if not LOCAL_PRO_DEV_ENV: return # share user's repo to admin with 'rw' permission seafile_api.share_repo(self.repo_id, self.user_name, self.admin_name, 'rw') # set sub-folder permisson as 'r' for admin seafile_api.add_folder_user_perm(self.repo_id, self.folder_path, 'r', self.admin_name) # admin can visit sub-folder with 'r' permission assert seafile_api.check_permission_by_path(self.repo_id, self.folder_path, self.admin_name) == 'r' # login as admin, then rename a 'r' permission folder self.login_as(self.admin) new_name = randstring(6) data = {'operation': 'rename', 'newname': new_name} resp = self.client.post(self.url + '?p=' + self.folder_path, data) self.assertEqual(403, resp.status_code)
def set_user_folder_rw_permission_to_admin(self): # share user's repo to admin with 'r' permission seafile_api.share_repo(self.repo.id, self.user.username, self.admin.username, 'r') # set user sub-folder 'rw' permisson to admin seafile_api.add_folder_user_perm(self.repo.id, self.folder, 'rw', self.admin.username) # admin can visit user sub-folder with 'rw' permission assert seafile_api.check_permission_by_path(self.repo.id, self.folder, self.admin.username) == 'rw'
def set_user_folder_rw_permission_to_admin(self): # share user's repo to admin with 'r' permission seafile_api.share_repo(self.repo.id, self.user.username, self.admin.username, 'r') # set user sub-folder 'rw' permisson to admin seafile_api.add_folder_user_perm(self.repo.id, self.folder, 'rw', self.admin.username) # admin can visit user sub-folder with 'rw' permission assert seafile_api.check_permission_by_path( self.repo.id, self.folder, self.admin.username) == 'rw'
def test_can_get_folder_perm_with_admin(self): if not LOCAL_PRO_DEV_ENV: return self.share_repo_to_admin_with_admin_permission() self.login_as(self.admin) seafile_api.add_folder_user_perm(self.user_repo_id, self.user_folder_path, self.perm_r, self.admin_email) resp = self.client.get( reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])) self.assertEqual(200, resp.status_code) json_resp = json.loads(resp.content) assert json_resp[0]['user_email'] == self.admin_email assert json_resp[0]['repo_id'] == self.user_repo_id assert json_resp[0]['permission'] == self.perm_r assert json_resp[0]['folder_path'] == self.user_folder_path
def test_can_modify_folder_perm_with_admin(self): if not LOCAL_PRO_DEV_ENV: return self.share_repo_to_admin_with_admin_permission() self.login_as(self.admin) seafile_api.add_folder_user_perm(self.user_repo_id, self.user_folder_path, self.perm_r, self.admin_email) url = reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]) data = 'user_email=%s&folder_path=%s&permission=%s' % ( self.admin_email, self.user_folder_path, self.perm_rw) resp = self.client.put(url, data, 'application/x-www-form-urlencoded') self.assertEqual(200, resp.status_code) resp = self.client.get( reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])) json_resp = json.loads(resp.content) assert json_resp[0]['permission'] == self.perm_rw
def test_can_get_folder_perm(self): if not LOCAL_PRO_DEV_ENV: return seafile_api.add_folder_user_perm(self.user_repo_id, self.user_folder_path, self.perm_r, self.admin_email) self.login_as(self.user) resp = self.client.get(reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])) self.assertEqual(200, resp.status_code) json_resp = json.loads(resp.content) assert json_resp[0]['user_email'] == self.admin_email assert json_resp[0]['repo_id'] == self.user_repo_id assert json_resp[0]['permission'] == self.perm_r assert json_resp[0]['folder_path'] == self.user_folder_path
def test_can_not_add_if_folder_perm_already_exist(self): if not LOCAL_PRO_DEV_ENV: return seafile_api.add_folder_user_perm(self.user_repo_id, self.user_folder_path, self.perm_r, self.admin_email) self.login_as(self.user) url = reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]) data = { "user": self.admin_email, "path": self.user_folder_path, "perm": self.perm_r } resp = self.client.post(url, data) self.assertEqual(409, resp.status_code)
def test_can_modify_folder_perm(self): if not LOCAL_PRO_DEV_ENV: return seafile_api.add_folder_user_perm(self.user_repo_id, self.user_folder_path, self.perm_r, self.admin_email) self.login_as(self.user) url = reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]) data = 'user=%s&path=%s&perm=%s' % (self.admin_email, self.user_folder_path, self.perm_rw) resp = self.client.put(url, data, 'application/x-www-form-urlencoded') self.assertEqual(200, resp.status_code) resp = self.client.get(reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])) json_resp = json.loads(resp.content) assert json_resp[0]['permission'] == self.perm_rw
def test_can_not_add_if_folder_perm_already_exist(self): if not LOCAL_PRO_DEV_ENV: return seafile_api.add_folder_user_perm(self.user_repo_id, self.user_folder_path, self.perm_r, self.admin_email) self.login_as(self.user) url = reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]) data = { "user_email": self.admin_email, "folder_path": self.user_folder_path, "permission": self.perm_r } resp = self.client.post(url, data) self.assertEqual(409, resp.status_code)
def test_copy_file_with_invalid_dst_folder_perm(self): if not LOCAL_PRO_DEV_ENV: return # share user's repo to admin with 'rw' permission seafile_api.share_repo(self.repo_id, self.user_name, self.admin_name, 'rw') # set sub-folder permisson as 'r' for admin seafile_api.add_folder_user_perm(self.repo_id, self.folder_path, 'r', self.admin_name) # admin can visit sub-folder with 'r' permission assert seafile_api.check_permission_by_path(self.repo_id, self.folder_path, self.admin_name) == 'r' # create a file for admin repo admin_repo_id = self.admin_create_new_repo() admin_file_name = randstring(6) seafile_api.post_empty_file(repo_id=admin_repo_id, parent_dir='/', filename=admin_file_name, username=self.admin_name) # login as admin, then move file to a 'r' permission folder self.login_as(self.admin) # create new repo for admin data = { 'operation': 'copy', 'dst_repo': self.repo_id, 'dst_dir': self.folder_path, } url = reverse('api-v2.1-file-view', args=[admin_repo_id]) resp = self.client.post(url + '?p=/' + admin_file_name, data) self.assertEqual(403, resp.status_code)
def test_can_delete_folder_perm(self): if not LOCAL_PRO_DEV_ENV: return seafile_api.add_folder_user_perm(self.user_repo_id, self.user_folder_path, self.perm_r, self.admin_email) self.login_as(self.user) resp = self.client.get(reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])) json_resp = json.loads(resp.content) assert len(json_resp) == 1 url = reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]) data = 'user_email=%s&folder_path=%s' % (self.admin_email, self.user_folder_path) resp = self.client.delete(url, data, 'application/x-www-form-urlencoded') self.assertEqual(200, resp.status_code) resp = self.client.get(reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])) json_resp = json.loads(resp.content) assert len(json_resp) == 0
def test_can_not_add_if_folder_perm_already_exist(self): if not LOCAL_PRO_DEV_ENV: return seafile_api.add_folder_user_perm(self.user_repo_id, self.user_folder_path, self.perm_r, self.admin_email) self.login_as(self.user) url = reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]) data = { "user_email": self.admin_email, "folder_path": self.user_folder_path, "permission": self.perm_r } resp = self.client.post(url, data) json_resp = json.loads(resp.content) assert len(json_resp['failed']) == 1 assert len(json_resp['success']) == 0 assert json_resp['failed'][0]['user_email'] == self.admin_email
def test_delete_folder_with_invalid_folder_perm(self): if not LOCAL_PRO_DEV_ENV: return # share user's repo to admin with 'rw' permission seafile_api.share_repo(self.repo_id, self.user_name, self.admin_name, 'rw') # set sub-folder permisson as 'r' for admin seafile_api.add_folder_user_perm(self.repo_id, self.folder_path, 'r', self.admin_name) # admin can visit sub-folder with 'r' permission assert seafile_api.check_permission_by_path(self.repo_id, self.folder_path, self.admin_name) == 'r' # login as admin, then delete a 'r' permission folder self.login_as(self.admin) resp = self.client.delete(self.url + '?p=' + self.folder_path, {}, 'application/x-www-form-urlencoded') self.assertEqual(403, resp.status_code)
def post(self, request, repo_id, format=None): """ Add repo user folder perm. Permission checking: 1. is group admin """ # argument check path = request.data.get('folder_path', None) if not path: error_msg = 'folder_path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) perm = request.data.get('permission', None) if not perm or perm not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = normalize_dir_path(path) if not seafile_api.get_dir_id_by_path(repo_id, path): error_msg = 'Folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # add repo user folder perm result = {} result['failed'] = [] result['success'] = [] users = request.data.getlist('user_email') for user in users: if not is_valid_username(user): result['failed'].append({ 'user_email': user, 'error_msg': 'user_email invalid.' }) continue try: User.objects.get(email=user) except User.DoesNotExist: result['failed'].append({ 'user_email': user, 'error_msg': 'User %s not found.' % user }) continue permission = seafile_api.get_folder_user_perm(repo_id, path, user) if permission: result['failed'].append({ 'user_email': user, 'error_msg': _(u'Permission already exists.') }) continue try: seafile_api.add_folder_user_perm(repo_id, path, perm, user) send_perm_audit_msg('add-repo-perm', username, user, repo_id, path, perm) except Exception as e: logger.error(e) result['failed'].append({ 'user_email': user, 'error_msg': 'Internal Server Error' }) new_perm = seafile_api.get_folder_user_perm(repo_id, path, user) new_perm_info = self._get_user_folder_perm_info( user, repo_id, path, new_perm) result['success'].append(new_perm_info) return Response(result)