def put(self, request, token): """ This api only used for refresh OnlineOffice lock when user edit office file via share link. Permission checking: 1, If enable SHARE_LINK_LOGIN_REQUIRED, user must have been authenticated. 2, Share link should have can_edit permission. 3, File must have been locked by OnlineOffice. """ if SHARE_LINK_LOGIN_REQUIRED and \ not request.user.is_authenticated(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) try: share_link = FileShare.objects.get(token=token) except FileShare.DoesNotExist: error_msg = 'Share link %s not found.' % token return api_error(status.HTTP_404_NOT_FOUND, error_msg) if share_link.is_expired(): error_msg = 'Share link %s is expired.' % token return api_error(status.HTTP_400_BAD_REQUEST, error_msg) shared_by = share_link.username repo_id = share_link.repo_id path = normalize_file_path(share_link.path) parent_dir = os.path.dirname(path) if seafile_api.check_permission_by_path( repo_id, parent_dir, shared_by) != PERMISSION_READ_WRITE: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) permissions = share_link.get_permissions() can_edit = permissions['can_edit'] if not can_edit: error_msg = 'Share link %s has no edit permission.' % token return api_error(status.HTTP_403_FORBIDDEN, error_msg) locked_by_online_office = if_locked_by_online_office(repo_id, path) if locked_by_online_office: # refresh lock file try: seafile_api.refresh_file_lock(repo_id, path) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) else: error_msg = _("You can not refresh this file's lock.") return api_error(status.HTTP_403_FORBIDDEN, error_msg) return Response({'success': True})
def refresh_file_lock(request): key, value = generate_file_lock_key_value(request) cache.set(key, value, WOPI_LOCK_EXPIRATION) token = request.GET.get('access_token', None) info_dict = get_file_info_by_token(token) repo_id = info_dict['repo_id'] file_path = info_dict['file_path'] seafile_api.refresh_file_lock(repo_id, file_path, int(time.time()) + 40 * 60)
def put(self, request, token): """ This api only used for refresh OnlineOffice lock when user edit office file via share link. Permission checking: 1, If enable SHARE_LINK_LOGIN_REQUIRED, user must have been authenticated. 2, Share link should have can_edit permission. 3, File must have been locked by OnlineOffice. """ if SHARE_LINK_LOGIN_REQUIRED and \ not request.user.is_authenticated(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) try: share_link = FileShare.objects.get(token=token) except FileShare.DoesNotExist: error_msg = 'Share link %s not found.' % token return api_error(status.HTTP_404_NOT_FOUND, error_msg) if share_link.is_expired(): error_msg = 'Share link %s is expired.' % token return api_error(status.HTTP_400_BAD_REQUEST, error_msg) shared_by = share_link.username repo_id = share_link.repo_id path = normalize_file_path(share_link.path) parent_dir = os.path.dirname(path) if seafile_api.check_permission_by_path(repo_id, parent_dir, shared_by) != PERMISSION_READ_WRITE: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) permissions = share_link.get_permissions() can_edit = permissions['can_edit'] if not can_edit: error_msg = 'Share link %s has no edit permission.' % token return api_error(status.HTTP_403_FORBIDDEN, error_msg) locked_by_online_office = if_locked_by_online_office(repo_id, path) if locked_by_online_office: # refresh lock file try: seafile_api.refresh_file_lock(repo_id, path) except SearpcError, e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) else: error_msg = 'You can not unlock this file.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if operation == 'refresh-lock': if not is_locked: error_msg = _("File is not locked.") return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if locked_by_me or locked_by_online_office: # refresh lock file try: seafile_api.refresh_file_lock(repo_id, path) except SearpcError, e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) else: error_msg = _("You can not refresh this file's lock.") return api_error(status.HTTP_403_FORBIDDEN, error_msg) file_info = self.get_file_info(username, repo_id, path) return Response(file_info) def delete(self, request, repo_id, format=None): """ Delete file. Permission checking:
def put(self, request, repo_id, format=None): """ Currently only support lock, unlock, refresh-lock file. Permission checking: 1. user with 'rw' permission for current file; """ if not is_pro_version(): error_msg = 'file lock feature only supported in professional edition.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # argument check path = request.GET.get('p', None) if not path: error_msg = 'p invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) path = normalize_file_path(path) operation = request.data.get('operation', None) if not operation: error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) operation = operation.lower() if operation not in ('lock', 'unlock', 'refresh-lock'): error_msg = "operation can only be 'lock', 'unlock' or 'refresh-lock'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) file_id = seafile_api.get_file_id_by_path(repo_id, path) if not file_id: error_msg = 'File %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check parent_dir = os.path.dirname(path) if check_folder_permission(request, repo_id, parent_dir) != PERMISSION_READ_WRITE: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) username = request.user.username try: is_locked, locked_by_me = check_file_lock(repo_id, path, username) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # check if is locked by online office locked_by_online_office = if_locked_by_online_office(repo_id, path) if operation == 'lock': if is_locked: error_msg = _("File is locked") return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # lock file expire = request.data.get('expire', FILE_LOCK_EXPIRATION_DAYS) try: seafile_api.lock_file(repo_id, path, username, expire) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if operation == 'unlock': if not is_locked: error_msg = _("File is not locked.") return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if locked_by_me or locked_by_online_office: # unlock file try: seafile_api.unlock_file(repo_id, path) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) else: error_msg = 'You can not unlock this file.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if operation == 'refresh-lock': if not is_locked: error_msg = _("File is not locked.") return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if locked_by_me or locked_by_online_office: # refresh lock file try: seafile_api.refresh_file_lock(repo_id, path) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) else: error_msg = _("You can not refresh this file's lock.") return api_error(status.HTTP_403_FORBIDDEN, error_msg) file_info = self.get_file_info(username, repo_id, path) return Response(file_info)