def test_modify_repo_group_share_permission(self):
# user share repo to tmp user
self.share_repo_to_group_with_rw_permission()
shared_groups = seafile_api.list_repo_shared_group(
self.user_name, self.repo_id)
for e in shared_groups:
if e.group_id == self.group_id:
permission = e.perm
break
assert permission == 'rw'
self.login_as(self.admin)
modified_perm = 'r'
data = 'repo_id=%s&share_type=%s&permission=%s&share_to=%s' % \
(self.repo_id, 'group', modified_perm, self.group_id)
resp = self.client.put(self.url, data,
'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
shared_groups = seafile_api.list_repo_shared_group(
self.user_name, self.repo_id)
for e in shared_groups:
if e.group_id == self.group_id:
permission = e.perm
break
assert permission == modified_perm
def test_modify_repo_group_share_permission(self):
# user share repo to tmp user
self.share_repo_to_group_with_rw_permission()
shared_groups = seafile_api.list_repo_shared_group(
self.user_name, self.repo_id)
for e in shared_groups:
if e.group_id == self.group_id:
permission = e.perm
break
assert permission == 'rw'
self.login_as(self.admin)
modified_perm = 'r'
data = 'repo_id=%s&share_type=%s&permission=%s&share_to=%s' % \
(self.repo_id, 'group', modified_perm, self.group_id)
resp = self.client.put(self.url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
shared_groups = seafile_api.list_repo_shared_group(
self.user_name, self.repo_id)
for e in shared_groups:
if e.group_id == self.group_id:
permission = e.perm
break
assert permission == modified_perm
def test_delete_repo_group_share_admin_permission(self):
self.share_repo_to_group_with_admin_permission()
shared_groups = seafile_api.list_repo_shared_group(
self.user_name, self.repo_id)
for e in shared_groups:
if e.group_id == self.group_id:
permission = e.perm
break
assert permission == 'rw'
self.login_as(self.admin)
resp = self.client.get(self.url + self.para + '&share_type=group')
json_resp = json.loads(resp.content)
self.assertEqual(200, resp.status_code)
assert json_resp[0]['repo_id'] == self.repo_id
assert json_resp[0]['path'] == '/'
assert json_resp[0]['share_type'] == 'group'
assert json_resp[0]['group_id'] == self.group_id
assert json_resp[0]['permission'] == 'rw'
assert json_resp[0]['is_admin'] == True
data = 'repo_id=%s&share_type=%s&share_to=%s' % \
(self.repo_id, 'group', self.group_id)
resp = self.client.delete(self.url, data,
'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
def list_group_shared_items(self, request, repo_id, path):
username = request.user.username
if path == '/':
share_items = seafile_api.list_repo_shared_group(username, repo_id)
else:
share_items = seafile_api.get_shared_groups_for_subdir(
repo_id, path, username)
ret = []
for item in share_items:
ret.append({
"share_type": "group",
"group_info": {
"id": item.group_id,
"name": seaserv.get_group(item.group_id).group_name,
},
"permission": item.perm,
})
return ret
def list_group_shared_items(self, request, repo_id, path):
username = request.user.username
if path == '/':
share_items = seafile_api.list_repo_shared_group(username, repo_id)
else:
share_items = seafile_api.get_shared_groups_for_subdir(repo_id,
path, username)
ret = []
for item in share_items:
ret.append({
"share_type": "group",
"group_info": {
"id": item.group_id,
"name": seaserv.get_group(item.group_id).group_name,
},
"permission": item.perm,
})
return ret
def show_share_info(user, show_groupmembers=False):
shared_repos = seafile_api.get_share_out_repo_list(user, -1, -1)
shared_repos += seafile_api.get_group_repos_by_owner(user)
shown_repos = set()
if show_groupmembers:
groups = {}
for repo in shared_repos:
if repo.repo_id in shown_repos:
continue
shown_repos.add(repo.repo_id)
if repo.is_virtual:
print("Folder %s of Repo %s, shared to:" %
(repo.origin_path, repo.origin_repo_id))
else:
print("Repo %s (%s), shared to:" % (repo.repo_id, repo.name))
sgroups = seafile_api.list_repo_shared_group(user, repo.repo_id)
print("groups:")
for sgroup in sgroups:
print("%s (%d), %s" % (ccnet_api.get_group(
sgroup.group_id).group_name, sgroup.group_id, sgroup.perm))
if show_groupmembers:
groups[sgroup.group_id] = sgroup
susers = seafile_api.list_repo_shared_to(user, repo.repo_id)
print("users:")
for suser in susers:
print("%s, %s" % (suser.user, suser.perm))
print("\n")
if show_groupmembers:
print("\ngroup memberships:")
for group in groups.values():
print("group %s (%d):" % (ccnet_api.get_group(
group.group_id).group_name, group.group_id))
gusers = ccnet_api.get_group_members(group.group_id)
for guser in gusers:
print("%s" % (guser.user_name))
print("")
def test_delete_repo_group_share_permission(self):
self.share_repo_to_group_with_rw_permission()
shared_groups = seafile_api.list_repo_shared_group(
self.user_name, self.repo_id)
for e in shared_groups:
if e.group_id == self.group_id:
permission = e.perm
break
assert permission == 'rw'
self.login_as(self.admin)
data = 'repo_id=%s&share_type=%s&share_to=%s' % \
(self.repo_id, 'user', self.tmp_user_email)
resp = self.client.delete(self.url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
def delete(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND,
'Folder %s not found.' % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
if path == '/':
shared_repo = repo
else:
try:
sub_repo = self.get_sub_repo_by_path(request, repo, path)
if sub_repo:
shared_repo = sub_repo
else:
return api_error(status.HTTP_404_NOT_FOUND,
'Sub-library not found.')
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Failed to get sub-library.')
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST,
'Email %s invalid.' % share_to)
try:
User.objects.get(email=shared_to)
except User.DoesNotExist:
return api_error(status.HTTP_400_BAD_REQUEST,
'Invalid user, should be registered')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, shared_repo.id, username, shared_to)
else:
seaserv.remove_share(shared_repo.id, username, shared_to)
permission = seafile_api.check_permission_by_path(
repo.id, path, shared_to)
send_perm_audit_msg('delete-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
group_id = request.GET.get('group_id')
try:
group_id = int(group_id)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST,
'group_id %s invalid' % group_id)
# hacky way to get group repo permission
permission = ''
for e in seafile_api.list_repo_shared_group(
username, shared_repo.id):
if e.group_id == group_id:
permission = e.perm
break
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.del_org_group_repo(shared_repo.id, org_id, group_id)
else:
seafile_api.unset_group_repo(shared_repo.id, group_id,
username)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=json_content_type)
def delete(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
if path == '/':
shared_repo = repo
else:
try:
sub_repo = self.get_sub_repo_by_path(request, repo, path)
if sub_repo:
shared_repo = sub_repo
else:
return api_error(status.HTTP_404_NOT_FOUND, 'Sub-library not found.')
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub-library.')
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % shared_to)
try:
User.objects.get(email=shared_to)
except User.DoesNotExist:
return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid user, should be registered')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, shared_repo.id, username, shared_to)
else:
seaserv.remove_share(shared_repo.id, username, shared_to)
permission = seafile_api.check_permission_by_path(repo.id, path,
shared_to)
send_perm_audit_msg('delete-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
group_id = request.GET.get('group_id')
try:
group_id = int(group_id)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id)
# hacky way to get group repo permission
permission = ''
for e in seafile_api.list_repo_shared_group(username, shared_repo.id):
if e.group_id == group_id:
permission = e.perm
break
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.del_org_group_repo(shared_repo.id, org_id, group_id)
else:
seafile_api.unset_group_repo(shared_repo.id, group_id, username)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=json_content_type)
def delete(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND,
'Folder %s not found.' % path)
# check permission
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST,
'Email %s invalid.' % shared_to)
if username != self.get_repo_owner(request, repo_id) and \
ExtraSharePermission.objects.get_user_permission(repo_id, username) != PERMISSION_ADMIN:
return api_error(status.HTTP_403_FORBIDDEN,
'Permission denied.')
else:
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN,
'Permission denied.')
if shared_to_user:
# if user not found, permission will be None
permission = seafile_api.check_permission_by_path(
repo_id, '/', shared_to)
if is_org_context(request):
username = seafile_api.get_org_repo_owner(repo_id)
org_id = request.user.org.org_id
if path == '/':
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, repo_id, username, shared_to)
else:
seafile_api.org_unshare_subdir_for_user(
org_id, repo_id, path, username, shared_to)
else:
username = seafile_api.get_repo_owner(repo_id)
if path == '/':
seaserv.remove_share(repo_id, username, shared_to)
else:
seafile_api.unshare_subdir_for_user(
repo_id, path, username, shared_to)
# Delete share permission at ExtraSharePermission table.
if path == '/':
ExtraSharePermission.objects.delete_share_permission(
repo_id, shared_to)
send_perm_audit_msg('delete-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
group_id = request.GET.get('group_id')
try:
group_id = int(group_id)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST,
'group_id %s invalid' % group_id)
# hacky way to get group repo permission
permission = ''
if is_org_context(request):
org_id = request.user.org.org_id
shared_groups = seafile_api.list_org_repo_shared_group(
org_id, username, repo_id)
else:
shared_groups = seafile_api.list_repo_shared_group(
username, repo_id)
for e in shared_groups:
if e.group_id == group_id:
permission = e.perm
break
if is_org_context(request):
org_id = request.user.org.org_id
if path == '/':
seaserv.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.org_unshare_subdir_for_group(
org_id, repo_id, path, username, group_id)
else:
if path == '/':
seafile_api.unset_group_repo(repo_id, group_id, username)
else:
seafile_api.unshare_subdir_for_group(
repo_id, path, username, group_id)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=json_content_type)
def delete(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % shared_to)
# if user not found, permission will be None
permission = seafile_api.check_permission_by_path(
repo_id, '/', shared_to)
if is_org_context(request):
org_id = request.user.org.org_id
if path == '/':
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, repo_id, username, shared_to)
else:
seafile_api.org_unshare_subdir_for_user(
org_id, repo_id, path, username, shared_to)
else:
if path == '/':
seaserv.remove_share(repo_id, username, shared_to)
else:
seafile_api.unshare_subdir_for_user(
repo_id, path, username, shared_to)
send_perm_audit_msg('delete-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
group_id = request.GET.get('group_id')
try:
group_id = int(group_id)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id)
# hacky way to get group repo permission
permission = ''
if is_org_context(request):
org_id = request.user.org.org_id
shared_groups = seafile_api.list_org_repo_shared_group(
org_id, username, repo_id)
else:
shared_groups = seafile_api.list_repo_shared_group(
username, repo_id)
for e in shared_groups:
if e.group_id == group_id:
permission = e.perm
break
if is_org_context(request):
org_id = request.user.org.org_id
if path == '/':
seaserv.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.org_unshare_subdir_for_group(
org_id, repo_id, path, username, group_id)
else:
if path == '/':
seafile_api.unset_group_repo(repo_id, group_id, username)
else:
seafile_api.unshare_subdir_for_group(
repo_id, path, username, group_id)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=json_content_type)
def delete(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_400_BAD_REQUEST, 'Repo not found.')
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_400_BAD_REQUEST,
'Directory not found.')
if path == '/':
shared_repo = repo
else:
try:
sub_repo = self.get_sub_repo_by_path(request, repo, path)
if sub_repo:
shared_repo = sub_repo
else:
return api_error(status.HTTP_400_BAD_REQUEST,
'No sub repo found')
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Failed to get sub repo')
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad argument.')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, shared_repo.id, username, shared_to)
else:
seaserv.remove_share(shared_repo.id, username, shared_to)
permission = seafile_api.check_permission_by_path(
repo.id, path, shared_to)
send_perm_audit_msg('delete-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
group_id = request.GET.get('group_id')
try:
group_id = int(group_id)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad group id')
# hacky way to get group repo permission
permission = ''
for e in seafile_api.list_repo_shared_group(
username, shared_repo.id):
if e.group_id == group_id:
permission = e.perm
break
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.del_org_group_repo(shared_repo.id, org_id, group_id)
else:
seafile_api.unset_group_repo(shared_repo.id, group_id,
username)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=json_content_type)
def delete(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_400_BAD_REQUEST, 'Repo not found.')
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_400_BAD_REQUEST, 'Directory not found.')
if path == '/':
shared_repo = repo
else:
try:
sub_repo = self.get_sub_repo_by_path(request, repo, path)
if sub_repo:
shared_repo = sub_repo
else:
return api_error(status.HTTP_400_BAD_REQUEST, 'No sub repo found')
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub repo')
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad argument.')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, shared_repo.id, username, shared_to)
else:
seaserv.remove_share(shared_repo.id, username, shared_to)
permission = seafile_api.check_permission_by_path(repo.id, path,
shared_to)
send_perm_audit_msg('delete-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
group_id = request.GET.get('group_id')
try:
group_id = int(group_id)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad group id')
# hacky way to get group repo permission
permission = ''
for e in seafile_api.list_repo_shared_group(username, shared_repo.id):
if e.group_id == group_id:
permission = e.perm
break
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.del_org_group_repo(shared_repo.id, org_id, group_id)
else:
seafile_api.unset_group_repo(shared_repo.id, group_id, username)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=json_content_type)
