def test_get_with_invalid_repo_permission(self): user_shared_repos = \ seafile_api.get_share_out_repo_list(self.admin_name, -1, -1) for repo in user_shared_repos: seafile_api.remove_share(repo.repo_id, self.admin_name, repo.user) group_shared_repos = seafile_api.get_group_repos_by_owner( self.admin_name) for repo in group_shared_repos: seafile_api.unset_group_repo(repo.repo_id, repo.group_id, self.admin_name) public_shared_repos = seafile_api.list_inner_pub_repos_by_owner( self.admin_name) for repo in public_shared_repos: seafile_api.remove_inner_pub_repo(repo.repo_id) self.share_repo_to_user() self.share_repo_to_group() self.share_repo_to_public() # login with admin, then get user's share repo info self.login_as(self.admin) resp = self.client.get(self.url) self.assertEqual(200, resp.status_code) json_resp = json.loads(resp.content) assert len(json_resp) == 0
def tearDown(self): seafile_api.remove_share(self.repo_id, self.user_name, self.admin_user) seafile_api.unset_group_repo(self.repo_id, self.group_id, self.user_name) seafile_api.remove_inner_pub_repo(self.repo_id) self.remove_repo()
def test_can_update_public_share_perm(self): for r in seaserv.seafserv_threaded_rpc.list_inner_pub_repos(): seafile_api.remove_inner_pub_repo(r.repo_id) self.share_repo_to_public() repos = seafile_api.list_inner_pub_repos_by_owner(self.user_name) assert repos[0].permission == 'rw' self.login_as(self.user) url = reverse('api-v2.1-shared-repo', args=[self.repo_id]) data = 'permission=r&share_type=public' resp = self.client.put(url, data, 'application/x-www-form-urlencoded') self.assertEqual(200, resp.status_code) repos = seafile_api.list_inner_pub_repos_by_owner(self.user_name) assert repos[0].permission == 'r'
def test_get_inner_pub_repos(repo): repo = api.get_repo(repo.id) api.add_inner_pub_repo(repo.id, 'rw') repos = api.get_inner_pub_repo_list() assert_public_repos_attr(repo, repos[0]) repos = api.list_inner_pub_repos_by_owner(USER) assert_public_repos_attr(repo, repos[0]) assert api.remove_inner_pub_repo(repo.id) == 0
def test_delete_public_share(self): for r in seaserv.seafserv_threaded_rpc.list_inner_pub_repos(): seafile_api.remove_inner_pub_repo(r.repo_id) self.share_repo_to_public() # repo in public repos = seafile_api.list_inner_pub_repos_by_owner(self.user_name) assert repos[0].permission == 'rw' self.login_as(self.user) args = '?share_type=public' url = reverse('api-v2.1-shared-repo', args=[self.repo_id]) + args resp = self.client.delete(url, {}, 'application/x-www-form-urlencoded') self.assertEqual(200, resp.status_code) # repo NOT in public repos = seafile_api.list_inner_pub_repos_by_owner(self.user_name) assert len(repos) == 0
def test_delete_public_share(self): for r in seaserv.seafserv_threaded_rpc.list_inner_pub_repos(): seafile_api.remove_inner_pub_repo(r.repo_id) self.share_repo_to_public() # repo in public repos = seafile_api.list_inner_pub_repos_by_owner( self.user_name) assert repos[0].permission == 'rw' self.login_as(self.user) args = '?share_type=public' url = reverse('api-v2.1-shared-repo', args=[self.repo_id]) + args resp = self.client.delete(url, {}, 'application/x-www-form-urlencoded') self.assertEqual(200, resp.status_code) # repo NOT in public repos = seafile_api.list_inner_pub_repos_by_owner( self.user_name) assert len(repos) == 0
def delete(self, request, repo_id, format=None): """ Unshare a repo. Permission checking: 1. Only repo owner can unshare a library. """ # argument check share_type = request.GET.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('personal', 'group', 'public'): error_msg = "share_type can only be 'personal' or 'group' or 'public'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) # permission check username = request.user.username if is_org_context(request): repo_owner = seafile_api.get_org_repo_owner(repo_id) else: repo_owner = seafile_api.get_repo_owner(repo_id) if username != repo_owner: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # delete share org_id = None is_org = False if is_org_context(request): org_id = request.user.org.org_id is_org = True if share_type == 'personal': user = request.GET.get('user', None) if not user or not is_valid_username(user): error_msg = 'user invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) permission = check_user_share_out_permission( repo_id, '/', user, is_org) try: if org_id: seafile_api.org_remove_share(org_id, repo_id, username, user) else: seafile_api.remove_share(repo_id, username, user) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) send_perm_audit_msg('delete-repo-perm', username, user, repo_id, '/', permission) if share_type == 'group': group_id = request.GET.get('group_id', None) if not group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: group_id = int(group_id) except ValueError: error_msg = 'group_id must be integer.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) permission = check_group_share_out_permission( repo_id, '/', group_id, is_org) try: if is_org: seaserv.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, username) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, '/', permission) if share_type == 'public': pub_repos = [] if org_id: pub_repos = seaserv.list_org_inner_pub_repos(org_id, username) if not request.cloud_mode: pub_repos = seaserv.list_inner_pub_repos(username) try: if org_id: seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo( org_id, repo_id) else: seafile_api.remove_inner_pub_repo(repo_id) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) permission = '' for repo in pub_repos: if repo.repo_id == repo_id: permission = repo.permission break if permission: send_perm_audit_msg('delete-repo-perm', username, 'all', repo_id, '/', permission) return Response({'success': True})
def delete(self, request, repo_id, format=None): """ Unshare a repo. Permission checking: 1. Only repo owner can unshare a library. """ # argument check share_type = request.GET.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('personal', 'group', 'public'): error_msg = "share_type can only be 'personal' or 'group' or 'public'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) # permission check username = request.user.username if is_org_context(request): repo_owner = seafile_api.get_org_repo_owner(repo_id) else: repo_owner = seafile_api.get_repo_owner(repo_id) if username != repo_owner: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # delete share org_id = None if is_org_context(request): org_id = request.user.org.org_id if share_type == 'personal': user = request.GET.get('user', None) if not user or not is_valid_username(user): error_msg = 'user invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # if user not found, permission will be None permission = seafile_api.check_permission_by_path( repo_id, '/', user) try: if org_id: seafile_api.org_remove_share(org_id, repo_id, username, user) else: seafile_api.remove_share(repo_id, username, user) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) send_perm_audit_msg('delete-repo-perm', username, user, repo_id, '/', permission) if share_type == 'group': group_id = request.GET.get('group_id', None) if not group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: group_id = int(group_id) except ValueError: error_msg = 'group_id must be integer.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # hacky way to get group repo permission permission = '' if org_id: for e in seafile_api.list_org_repo_shared_group( org_id, username, repo_id): if e.group_id == group_id: permission = e.perm break else: for e in seafile_api.list_repo_shared_group_by_user(username, repo_id): if e.group_id == group_id: permission = e.perm break try: if org_id: seaserv.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, username) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, '/', permission) if share_type == 'public': pub_repos = [] if org_id: pub_repos = seaserv.list_org_inner_pub_repos(org_id, username) if not request.cloud_mode: pub_repos = seaserv.list_inner_pub_repos(username) try: if org_id: seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id, repo_id) else: seafile_api.remove_inner_pub_repo(repo_id) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) permission = '' for repo in pub_repos: if repo.repo_id == repo_id: permission = repo.permission break if permission: send_perm_audit_msg('delete-repo-perm', username, 'all', repo_id, '/', permission) return Response({'success': True})