def get(self, request, dtable_uuid):
base_dir = '/asset/' + dtable_uuid
# resource check
dtable = DTables.objects.get_dtable_by_uuid(dtable_uuid)
if not dtable or dtable.deleted:
error_msg = 'Table %s not found.' % (dtable_uuid, )
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not check_dtable_permission(username, dtable.workspace):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
repo_id = dtable.workspace.repo_id
repo_owner = dtable.workspace.owner
parent_dir = request.GET.get('parent_dir')
if not parent_dir or parent_dir == '/':
parent_dir = base_dir
parent_dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
if not parent_dir_id:
return Response({'dirent_list': []})
dirent_list = _get_dir_list_by_path(repo_id, parent_dir)
return Response({'dirent_list': dirent_list})
parent_dir = base_dir + parent_dir
parent_dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
if not parent_dir_id:
error_msg = 'parent_dir is invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dirent_list = _get_dir_list_by_path(repo_id, parent_dir)
return Response({'dirent_list': dirent_list})
def delete(self, request, dtable_uuid):
# argument check
parent_path = request.GET.get('parent_path', '')
if not parent_path:
error_msg = 'parent_path is invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
parent_path = parent_path.lstrip('/')
name = request.GET.get('name', '').lstrip('/')
if not name:
error_msg = 'name is invalid'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# dtable check
dtable = DTables.objects.get_dtable_by_uuid(dtable_uuid)
if not dtable:
error_msg = 'Table %s not found.' % (dtable_uuid, )
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if check_dtable_permission(username,
dtable.workspace) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# delete resource
parent_path = os.path.join('/asset', dtable_uuid, parent_path)
try:
seafile_api.del_file(dtable.workspace.repo_id, parent_path, name,
username)
except Exception as e:
logger.error('del parent_path: %s, name: %s, error: %s',
parent_path, name, e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def post(self, request):
# argument check
dtable_uuid = request.data.get('dtable_uuid')
if not dtable_uuid:
return api_error(status.HTTP_400_BAD_REQUEST,
'dtable_uuid is invalid.')
user = request.user
# resource check
dtable = DTables.objects.get_dtable_by_uuid(dtable_uuid)
if not dtable:
return api_error(status.HTTP_404_NOT_FOUND, 'Table not found.')
# permission check
if not check_dtable_permission(user.username, dtable.workspace,
dtable):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
try:
UserStarredDTables.objects.create(email=user.username,
dtable_uuid=dtable.uuid.hex)
except IntegrityError:
return Response({'success': True})
except Exception as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Internal Server Error.')
return Response({'success': True})
def delete(self, request, token):
""" delete a form.
Permission:
1. owner
2. group member
3. shared user with `rw`
"""
# resource check
form_obj = DTableForms.objects.get_form_by_token(token)
if not form_obj:
return Response({'success': True}, status=status.HTTP_200_OK)
# permission check
username = request.user.username
dtable = DTables.objects.get_dtable_by_uuid(form_obj.dtable_uuid)
if not dtable:
error_msg = 'DTable %s not found.' % form_obj.dtable_uuid
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
workspace = dtable.workspace
if check_dtable_permission(username, workspace,
dtable) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
DTableForms.objects.delete_form(token)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True}, status=status.HTTP_200_OK)
def get(self, request, workspace_id, name):
"""get dtable access token
"""
table_name = name
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
permission = check_dtable_permission(username, workspace, dtable)
if not permission:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# generate json web token
payload = {
'exp':
int(time.time()) + 86400 * 3,
'dtable_uuid':
dtable.uuid.hex,
'username':
username,
'permission':
permission
if check_user_workspace_quota(dtable.workspace) else 'r',
}
try:
access_token = jwt.encode(payload,
DTABLE_PRIVATE_KEY,
algorithm='HS256')
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({
'access_token': access_token,
'dtable_uuid': dtable.uuid.hex,
'dtable_server': DTABLE_SERVER_URL,
'dtable_socket': DTABLE_SOCKET_URL,
})
def dtable_asset_file_view(request, workspace_id, dtable_id, path):
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
return render_error(request, 'Workspace does not exist.')
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
return render_error(request, 'Library does not exist.')
dtable = DTables.objects.get_dtable_by_uuid(dtable_id)
if not dtable:
return render_error(request, 'DTable does not exist.')
asset_path = normalize_file_path(os.path.join('/asset', dtable_id, path))
asset_id = seafile_api.get_file_id_by_path(repo_id, asset_path)
if not asset_id:
return render_error(request, 'Asset file does not exist.')
# permission check
username = request.user.username
if not check_dtable_permission(username, workspace, dtable):
return render_permission_error(request, _('Permission denied.'))
file_enc = request.GET.get('file_enc', 'auto')
if file_enc not in FILE_ENCODING_LIST:
file_enc = 'auto'
token = seafile_api.get_fileserver_access_token(repo_id,
asset_id,
'view',
'',
use_onetime=False)
file_name = os.path.basename(normalize_file_path(path))
file_type, file_ext = get_file_type_and_ext(file_name)
inner_path = gen_inner_file_get_url(token, file_name)
error_msg, file_content, encoding = get_file_content(
file_type, inner_path, file_enc)
raw_path = gen_file_get_url(token, file_name)
return_dict = {
'repo': repo,
'filename': file_name,
'file_path': asset_path,
'file_type': file_type,
'file_ext': file_ext,
'raw_path': raw_path,
'file_content': file_content,
'err':
'File preview unsupported' if file_type == 'Unknown' else error_msg,
}
return render(request, 'dtable_asset_file_view_react.html', return_dict)
def get(self, request, workspace_id, name):
"""list dtable related users
"""
table_name = name
table_file_name = table_name + FILE_TYPE
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if '@seafile_group' in workspace.owner:
group_id = workspace.owner.split('@')[0]
group = seaserv.get_group(group_id)
if not group:
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
table_path = normalize_file_path(table_file_name)
table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path)
if not table_file_id:
error_msg = 'file %s not found.' % table_file_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner) and \
not check_dtable_share_permission(dtable, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# main
user_list = list()
try:
email_list = list_dtable_related_users(workspace, dtable)
for email in email_list:
user_info = get_user_common_info(email)
user_list.append(user_info)
except Exception as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error')
return Response({'user_list': user_list})
def get(self, request, workspace_id):
"""view table file, get table download link
Permission:
1. owner
2. group member
3. shared user
"""
# argument check
table_name = request.GET.get('name', None)
if not table_name:
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
reuse = request.GET.get('reuse', '0')
if reuse not in ('1', '0'):
error_msg = 'reuse invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
table_file_name = table_name + FILE_TYPE
table_path = normalize_file_path(table_file_name)
table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path)
if not table_file_id:
error_msg = 'file %s not found.' % table_file_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner) and \
not check_dtable_share_permission(dtable, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# send stats message
send_file_access_msg(request, repo, table_path, 'api')
op = request.GET.get('op', 'download')
use_onetime = False if reuse == '1' else True
return get_repo_file(request, repo_id, table_file_id, table_file_name, op, use_onetime)
def get(self, request, workspace_id, name):
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = "Workspace %s not found." % (workspace_id, )
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, name)
if not dtable:
error_msg = "Table %s not found." % (name, )
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not check_dtable_permission(username, dtable.workspace, dtable):
error_msg = "Permission denied."
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# checkout apps
tokens = DTableAPIToken.objects.list_by_dtable(dtable)
# access dtable server
payload = {'admin': 'dtable', 'exp': int(time.time()) + 60 * 60 * 3}
access_token = jwt.encode(payload,
DTABLE_PRIVATE_KEY,
algorithm='HS256').decode()
headers = {'authorization': 'Token ' + access_token}
app_status_url = DTABLE_SERVER_URL.strip(
'/') + '/api/v1/internal/' + dtable.uuid.hex + '/connected-apps/'
try:
resp = requests.get(app_status_url, headers=headers)
except Exception as e:
logger.error('request url: %s error: %s', app_status_url, e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if resp.status_code != 200:
logger.error('request url: %s status code: %s', app_status_url,
resp.status_code)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
try:
connected_apps = resp.json()['connected_apps']
except Exception as e:
logger.error('checkout connected apps from response error: %s', e)
error_msg = "Internal Server Error"
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
app_status = [{
'app_name':
token.app_name,
'connected':
token.app_name in connected_apps,
'last_access':
datetime_to_isoformat_timestr(token.last_access)
} for token in tokens]
return Response({'api_status_list': app_status})
def post(self, request):
"""create a dtable form
Permission:
1. owner
2. group member
3. shared user with `rw`
"""
# argument check
workspace_id = request.POST.get('workspace_id')
if not workspace_id:
error_msg = 'workspace_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
table_name = request.POST.get('name')
if not table_name:
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
form_id = request.POST.get('form_id')
if not form_id:
error_msg = 'form_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
form_config = request.POST.get('form_config', None)
# resource check
workspace, dtable, error_msg = _resource_check(workspace_id,
table_name)
if error_msg:
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if check_dtable_permission(username, workspace,
dtable) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
dtable_uuid = dtable.uuid.hex
form_obj = DTableForms.objects.get_form_by_form_id(
dtable_uuid, form_id)
if form_obj:
error_msg = 'Table form %s already exists.' % form_id
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
form_obj = DTableForms.objects.add_form_obj(
username, workspace_id, dtable_uuid, form_id, form_config)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
form = form_obj.to_dict()
return Response({"form": form}, status=status.HTTP_201_CREATED)
def get(self, request, workspace_id, name):
"""get dtable access token
"""
table_name = name
table_file_name = table_name + FILE_TYPE
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
table_path = normalize_file_path(table_file_name)
table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path)
if not table_file_id:
error_msg = 'file %s not found.' % table_file_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner) and \
not check_dtable_share_permission(dtable, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# generate json web token
payload = {
'exp': int(time.time()) + 86400 * 3,
'dtable_uuid': dtable.uuid.hex,
'username': username,
}
try:
access_token = jwt.encode(payload,
DTABLE_PRIVATE_KEY,
algorithm='HS256')
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'access_token': access_token})
def dtable_asset_access(request, workspace_id, dtable_id, path):
"""
Permission:
1. owner
2. group member
3. shared user with `rw` or `admin` permission
"""
# asset file type check
asset_name = os.path.basename(normalize_file_path(path))
file_type, file_ext = get_file_type_and_ext(asset_name)
if file_type != IMAGE:
err_msg = 'Invalid file type'
return render_error(request, err_msg)
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
raise Http404
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
raise Http404
dtable = DTables.objects.get_dtable_by_uuid(dtable_id)
if not dtable:
raise Http404
asset_path = normalize_file_path(os.path.join('/asset', dtable_id, path))
asset_id = seafile_api.get_file_id_by_path(repo_id, asset_path)
if not asset_id:
raise Http404
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner) and \
check_dtable_share_permission(dtable, username) not in WRITE_PERMISSION_TUPLE:
return render_permission_error(request, _(u'Permission denied.'))
dl = request.GET.get('dl', '0') == '1'
operation = 'download' if dl else 'view'
token = seafile_api.get_fileserver_access_token(repo_id,
asset_id,
operation,
'',
use_onetime=False)
url = gen_file_get_url(token, asset_name)
return HttpResponseRedirect(url)
def thumbnail_get(request, workspace_id, dtable_uuid, path):
""" handle thumbnail src from repo file list
return thumbnail file to web
"""
try:
size = int(request.GET.get('size'))
except Exception as e:
logger.error(e)
return HttpResponse()
else:
if size <= 0:
return HttpResponse()
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
return HttpResponse()
dtable = DTables.objects.get_dtable_by_uuid(dtable_uuid)
if not dtable:
return HttpResponse()
repo_id = workspace.repo_id
path = normalize_file_path(os.path.join('/asset', dtable_uuid, path))
file_id = seafile_api.get_file_id_by_path(repo_id, path)
if not file_id:
return HttpResponse()
# permission check
username = request.user.username
if not (check_dtable_permission(username, workspace, dtable) or \
(request.session.get('external_link') and request.session.get('external_link')['dtable_uuid'] == dtable.uuid.hex)):
return render_permission_error(request, _('Permission denied.'))
success = True
thumbnail_file = os.path.join(THUMBNAIL_ROOT, str(size), file_id)
if not os.path.exists(thumbnail_file):
success, status_code = generate_thumbnail(request, repo_id, size, path)
if success:
try:
with open(thumbnail_file, 'rb') as f:
thumbnail = f.read()
return HttpResponse(content=thumbnail,
content_type='image/' + THUMBNAIL_EXTENSION)
except IOError as e:
logger.error(e)
return HttpResponse(status=500)
else:
return HttpResponse(status=status_code)
def get(self, request, workspace_id):
"""get table file update link
Permission:
1. owner
2. group member
3. shared user with `rw` or `admin` permission
"""
# argument check
table_name = request.GET.get('name', None)
if not table_name:
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner) and \
check_dtable_share_permission(dtable, username) not in WRITE_PERMISSION_TUPLE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
token = seafile_api.get_fileserver_access_token(repo_id, 'dummy', 'update',
username, use_onetime=False)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
dtable.modifier = username
dtable.save()
url = gen_file_upload_url(token, 'update-api')
return Response(url)
def dtable_file_view(request, workspace_id, name):
"""
Permission:
1. owner
2. group member
3. shared user
"""
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
raise Http404
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
raise Http404
dtable = DTables.objects.get_dtable(workspace, name)
if not dtable:
return render_error(request, _(u'Table does not exist'))
table_file_name = name + FILE_TYPE
table_path = normalize_file_path(table_file_name)
table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path)
if not table_file_id:
return render_error(request, _(u'Table does not exist'))
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner) and \
not check_dtable_share_permission(dtable, username):
return render_permission_error(request, _(u'Permission denied.'))
return_dict = {
'share_link_expire_days_default': SHARE_LINK_EXPIRE_DAYS_DEFAULT,
'share_link_expire_days_min': SHARE_LINK_EXPIRE_DAYS_MIN,
'share_link_expire_days_max': SHARE_LINK_EXPIRE_DAYS_MAX,
'repo': repo,
'filename': name,
'path': table_path,
'filetype': 'dtable',
'workspace_id': workspace_id,
'dtable_uuid': dtable.uuid.hex,
'media_url': MEDIA_URL,
'dtable_server': DTABLE_SERVER_URL,
'dtable_socket': SEAFILE_COLLAB_SERVER
}
return render(request, 'dtable_file_view_react.html', return_dict)
def get(self, request, workspace_id, name):
""" download dtable zip
:param request:
:param workspace_id:
:param name: dtable name
:return:
"""
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, name)
if not dtable:
error_msg = 'DTable %s not found.' % name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
permission = check_dtable_permission(request.user.username, workspace, dtable)
if not permission:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# get dtable_file_dir_id and asset_dir_id
dtable_file_dir_id = seafile_api.get_file_id_by_path(repo_id, '/' + name + '.dtable/')
if not dtable_file_dir_id:
error_msg = 'DTable %s not found.' % name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
params = {}
params['username'] = request.user.username
params['table_name'] = name
params['repo_id'] = repo_id
params['dtable_uuid'] = str(dtable.uuid)
try:
task_id = add_dtable_io_task(type='export', params=params)
except Exception as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error.')
return Response({'task_id': task_id, "table": dtable.to_dict()})
def post(self, request):
# argument check
try:
src_workspace_id = int(request.data.get('src_workspace_id'))
dst_workspace_id = int(request.data.get('dst_workspace_id'))
except:
error_msg = 'src_workspace_id or dst_workspace_id is invalid'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
name = request.data.get('name')
if not name:
error_msg = 'name is invalid'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
src_workspace = Workspaces.objects.get_workspace_by_id(
src_workspace_id)
if not src_workspace:
error_msg = 'workspace: %s not found' % src_workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
src_dtable = DTables.objects.get_dtable(src_workspace, name)
if not src_dtable:
error_msg = 'dtable: %s not found' % name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dst_workspace = Workspaces.objects.get_workspace_by_id(
dst_workspace_id)
if not dst_workspace_id:
error_msg = 'workspace: %s not found' % dst_workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
# must be dist workspace's owner or admin
username = request.user.username
if not check_dtable_permission(username, src_workspace, src_dtable) or \
not check_dtable_admin_permission(username, dst_workspace.owner):
error_msg = 'Permission denied'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# dtable-name check
if DTables.objects.get_dtable(dst_workspace, name):
error_msg = 'Table %s already exists in this workspace.' % (name)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# create dtable
dst_dtable, error = copy_dtable(src_workspace, src_dtable,
dst_workspace, name, username)
if error:
return error
return Response({'dtable': dst_dtable.to_dict()})
def _dtable_asset_access(request, workspace_id, dtable_id, path, asset_name):
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
return render_error(request, 'Workspace does not exist.')
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
return render_error(request, 'Library does not exist.')
dtable = DTables.objects.get_dtable_by_uuid(dtable_id)
if not dtable:
return render_error(request, 'DTable does not exist.')
# use head method to check asset at 'path' wether exists
if request.method == 'HEAD':
asset_path = normalize_file_path(
os.path.join('/asset', dtable_id, path))
asset_id = seafile_api.get_file_id_by_path(repo_id, asset_path)
if not asset_id:
return HttpResponse(status=404)
return HttpResponse(status=200)
asset_path = normalize_file_path(os.path.join('/asset', dtable_id, path))
asset_id = seafile_api.get_file_id_by_path(repo_id, asset_path)
if not asset_id:
return render_error(request, 'Asset file does not exist.')
# permission check
username = request.user.username
if not (check_dtable_permission(username, workspace, dtable) in WRITE_PERMISSION_TUPLE or \
(get_file_type_and_ext(asset_name)[0] == IMAGE and request.session.get('external_link') and request.session.get('external_link')['dtable_uuid'] == dtable.uuid.hex)):
return render_permission_error(request, _('Permission denied.'))
dl = request.GET.get('dl', '0') == '1'
operation = 'download' if dl else 'view'
token = seafile_api.get_fileserver_access_token(repo_id,
asset_id,
operation,
'',
use_onetime=False)
url = gen_file_get_url(token, asset_name)
return HttpResponseRedirect(url)
def put(self, request, token):
"""update a dtable form config
Permission:
1. owner
2. group member
3. shared user with `rw`
"""
# argument check
form_config = request.POST.get('form_config')
if not form_config:
error_msg = 'form_config invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
form_obj = DTableForms.objects.get_form_by_token(token)
if not form_obj:
error_msg = 'Form %s not found.' % token
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
dtable = DTables.objects.get_dtable_by_uuid(form_obj.dtable_uuid)
if not dtable:
error_msg = 'DTable %s not found.' % form_obj.dtable_uuid
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
workspace = dtable.workspace
if check_dtable_permission(username, workspace,
dtable) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
form_obj.form_config = form_config
form_obj.save()
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
form = form_obj.to_dict()
return Response({"form": form}, status=status.HTTP_200_OK)
def dtable_snapshot_view(request, workspace_id, name, commit_id):
"""
Permission:
1. owner
2. group member
3. shared user
"""
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
return render_error(request, 'Workspace does not exist.')
dtable = DTables.objects.get_dtable(workspace, name)
if not dtable:
return render_error(request, 'DTable does not exist.')
# permission check
username = request.user.username
permission = check_dtable_permission(username, workspace, dtable)
if not permission:
return render_permission_error(request, _('Permission denied.'))
snapshot = DTableSnapshot.objects.get_by_commit_id(commit_id)
if not snapshot:
return render_error(request, 'Snapshot does not exist.')
return render(
request, 'dtable_snapshot_view_react.html', {
'version': SEATABLE_VERSION,
'dtable_baidu_map_key': DTABLE_BAIDU_MAP_KEY,
'dtable_google_map_key': DTABLE_GOOGLE_MAP_KEY,
'seatable_market_url': SEATABLE_MARKET_URL,
'file_name': dtable.name,
'workspace_id': workspace.id,
'dtable_uuid': dtable.uuid.hex,
'media_url': MEDIA_URL,
'dtable_server': DTABLE_SERVER_URL,
'dtable_socket': DTABLE_SOCKET_URL,
'permission': 'r',
'snapshot_commit_id': commit_id,
})
def get(self, request):
task_id = request.GET.get('task_id', '')
if not task_id:
error_msg = 'task_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dtable_uuid = request.GET.get('dtable_uuid', '')
if not dtable_uuid:
error_msg = 'dtable_uuid invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
dtable = DTables.objects.get_dtable_by_uuid(dtable_uuid)
if not dtable:
error_msg = 'DTable not found.'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
workspace = Workspaces.objects.get_workspace_by_id(dtable.workspace.id)
if not workspace:
error_msg = 'Workspace not found.'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
permission = check_dtable_permission(request.user.username, workspace, dtable)
if not permission:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
tmp_zip_path = os.path.join('/tmp/dtable-io', str(dtable.uuid), 'zip_file') + '.zip'
if not os.path.exists(tmp_zip_path):
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error')
with open(tmp_zip_path, 'rb') as f:
zip_stream = f.read()
tmp_dir = os.path.join('/tmp/dtable-io', dtable_uuid)
if os.path.exists(tmp_dir):
shutil.rmtree(tmp_dir)
response = HttpResponse(zip_stream, content_type="application/x-zip-compressed")
response['Content-Disposition'] = 'attachment;filename*=UTF-8\'\'' + urlquote(dtable.dtable_name) + '.dtable'
return response
def get(self, request, workspace_id, name):
""" list uploaded plugins in a dtable
"""
table_name = name
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'DTable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
username = request.user.username
permission = check_dtable_permission(username, workspace, dtable)
if not permission:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
plugins = DTablePlugins.objects.filter(dtable=dtable)
return Response({'plugin_list': [plugin.to_dict() for plugin in plugins]})
def get(self, request, workspace_id, name):
"""List dtable snapshots
"""
# argument check
table_name = name
table_file_name = table_name + FILE_TYPE
try:
current_page = int(request.GET.get('page', '1'))
per_page = int(request.GET.get('per_page', '50'))
except ValueError:
current_page = 1
per_page = 20
start = per_page * (current_page - 1)
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if '@seafile_group' in workspace.owner:
group_id = workspace.owner.split('@')[0]
group = ccnet_api.get_group(int(group_id))
if not group:
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not check_dtable_permission(username, workspace, dtable):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# main
snapshot_list = list()
try:
dtable_uuid = str(dtable.uuid.hex)
snapshot_queryset = DTableSnapshot.objects.list_by_dtable_uuid(
dtable_uuid)
count = snapshot_queryset.count()
for snapshot in snapshot_queryset[start:start + per_page]:
data = {
'dtable_name':
snapshot.dtable_name,
'commit_id':
snapshot.commit_id,
'ctime':
timestamp_to_isoformat_timestr(snapshot.ctime // 1000),
}
snapshot_list.append(data)
except Exception as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Internal Server Error')
has_next_page = True if count > start + per_page else False
page_info = {
'has_next_page': has_next_page,
'current_page': current_page
}
return Response({
'snapshot_list': snapshot_list,
"page_info": page_info
})
def get(self, request, workspace_id, name, commit_id):
"""Get dtable snapshot by commit_id
"""
table_name = name
table_file_name = table_name + FILE_TYPE
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if '@seafile_group' in workspace.owner:
group_id = workspace.owner.split('@')[0]
group = ccnet_api.get_group(int(group_id))
if not group:
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check for get download link
table_path = normalize_file_path(table_file_name)
table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path)
if not table_file_id:
error_msg = 'file %s not found.' % table_file_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not check_dtable_permission(username, workspace, dtable):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# main
try:
snapshot = DTableSnapshot.objects.get_by_commit_id(commit_id)
# check
if not snapshot:
error_msg = 'commit_id not found.'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable_uuid = str(dtable.uuid.hex)
if dtable_uuid != snapshot.dtable_uuid:
error_msg = 'commit_id invalid.'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# get by commit
snapshot_table_path = normalize_file_path(snapshot.dtable_name)
obj_id = seafile_api.get_file_id_by_commit_and_path(
repo_id, commit_id, snapshot_table_path)
if not obj_id:
return api_error(status.HTTP_404_NOT_FOUND,
'snapshot not found.')
except Exception as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Internal Server Error')
# download url
token = seafile_api.get_fileserver_access_token(
repo_id, obj_id, 'download', username, FILESERVER_TOKEN_ONCE_ONLY)
if not token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
redirect_url = gen_file_get_url(token, snapshot.dtable_name)
return Response(redirect_url)
def delete(self, request, workspace_id):
"""delete a table
Permission:
1. owner
2. group member
"""
# argument check
table_name = request.data.get('name')
if not table_name:
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
table_file_name = table_name + FILE_TYPE
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
table_path = normalize_file_path(table_file_name)
table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path)
if not table_file_id:
error_msg = 'file %s not found.' % table_file_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# repo status check
repo_status = repo.status
if repo_status != 0:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# delete asset
asset_dir_path = '/asset/' + str(dtable.uuid)
asset_dir_id = seafile_api.get_dir_id_by_path(repo_id, asset_dir_path)
if asset_dir_id:
parent_dir = os.path.dirname(asset_dir_path)
file_name = os.path.basename(asset_dir_path)
try:
seafile_api.del_file(repo_id, parent_dir, file_name, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
# delete table
try:
seafile_api.del_file(repo_id, '/', table_file_name, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
try:
DTables.objects.delete_dtable(workspace, table_name)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True}, status=status.HTTP_200_OK)
def put(self, request, workspace_id):
"""rename a table
Permission:
1. owner
2. group member
"""
# argument check
old_table_name = request.data.get('old_name')
if not old_table_name:
error_msg = 'old_name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
new_table_name = request.data.get('new_name')
if not new_table_name:
error_msg = 'new_name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
new_table_file_name = new_table_name + FILE_TYPE
if not is_valid_dirent_name(new_table_file_name):
error_msg = 'new_name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if len(new_table_file_name) > MAX_UPLOAD_FILE_NAME_LEN:
error_msg = 'new_name is too long.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, old_table_name)
if not dtable:
error_msg = 'dtable %s not found.' % old_table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
old_table_file_name = old_table_name + FILE_TYPE
old_table_path = normalize_file_path(old_table_file_name)
table_file_id = seafile_api.get_file_id_by_path(
repo_id, old_table_path)
if not table_file_id:
error_msg = 'file %s not found.' % old_table_file_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# repo status check
repo_status = repo.status
if repo_status != 0:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# rename table
new_table_file_name = check_filename_with_rename(
repo_id, '/', new_table_file_name)
try:
seafile_api.rename_file(repo_id, '/', old_table_file_name,
new_table_file_name, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
try:
dtable.name = new_table_name
dtable.modifier = username
dtable.save()
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({"table": dtable.to_dict()}, status=status.HTTP_200_OK)
def post(self, request):
"""create a table file
Permission:
1. owner
2. group member
"""
# argument check
table_owner = request.POST.get('owner')
if not table_owner:
error_msg = 'owner invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
table_name = request.POST.get('name')
if not table_name:
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
table_file_name = table_name + FILE_TYPE
if not is_valid_dirent_name(table_file_name):
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
workspace = Workspaces.objects.get_workspace_by_owner(table_owner)
if not workspace:
if not request.user.permissions.can_add_repo():
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
org_id = -1
if is_org_context(request):
org_id = request.user.org.org_id
try:
if org_id > 0:
repo_id = seafile_api.create_org_repo(
_("My Workspace"), _("My Workspace"), "dtable@seafile",
org_id)
else:
repo_id = seafile_api.create_repo(_("My Workspace"),
_("My Workspace"),
"dtable@seafile")
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
try:
workspace = Workspaces.objects.create_workspace(
table_owner, repo_id)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not check_dtable_permission(username, table_owner):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# repo status check
repo_status = repo.status
if repo_status != 0:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# create new empty table
table_file_name = check_filename_with_rename(repo_id, '/',
table_file_name)
try:
seafile_api.post_empty_file(repo_id, '/', table_file_name,
username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
try:
dtable = DTables.objects.create_dtable(username, workspace,
table_name)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({"table": dtable.to_dict()},
status=status.HTTP_201_CREATED)
def dtable_file_view(request, workspace_id, name):
"""
Permission:
1. owner
2. group member
3. shared user
"""
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
return render_error(request, 'Workspace does not exist.')
group_id = ''
if '@seafile_group' in workspace.owner:
group_id = workspace.owner.split('@')[0]
group = seaserv.get_group(group_id)
if not group:
error_msg = 'Group %s not found.' % group_id
return render_error(request, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
return render_error(request, 'Library does not exist.')
dtable = DTables.objects.get_dtable(workspace, name)
if not dtable:
return render_error(request, 'DTable does not exist.')
# permission check
username = request.user.username
permission = check_dtable_permission(username, workspace, dtable)
if not permission:
return render_permission_error(request, _('Permission denied.'))
is_admin = False
if group_id:
is_admin = is_group_admin_or_owner(group_id, username)
else:
# open your own dtable
is_admin = username == workspace.owner
seafile_url = ''
repo_api_token = ''
try:
seafile_connector = SeafileConnectors.objects.get(dtable=dtable)
seafile_url = seafile_connector.seafile_url
repo_api_token = seafile_connector.repo_api_token
except SeafileConnectors.DoesNotExist:
pass
return_dict = {
'version':
SEATABLE_VERSION,
'dtable_baidu_map_key':
DTABLE_BAIDU_MAP_KEY,
'dtable_google_map_key':
DTABLE_GOOGLE_MAP_KEY,
'seatable_market_url':
SEATABLE_MARKET_URL,
'filename':
name,
'workspace_id':
workspace_id,
'dtable_uuid':
dtable.uuid.hex,
'permission':
permission if check_user_workspace_quota(workspace) else 'r',
'media_url':
MEDIA_URL,
'seafile_url':
seafile_url,
'repo_api_token':
repo_api_token,
'dtable_server':
DTABLE_SERVER_URL,
'dtable_socket':
DTABLE_SOCKET_URL,
'dtable_enable_geolocation_column':
DTABLE_ENABLE_GEOLOCATION_COLUMN,
'is_admin':
is_admin,
'asset_quota_exceeded':
dtable.creator == request.user.username
and not check_user_workspace_quota(workspace),
}
return render(request, 'dtable_file_view_react.html', return_dict)
def dtable_plugin_asset_view(request, workspace_id, name, plugin_id, path):
"""
Permission:
1. owner
2. group member
3. shared user
"""
try:
plugin_record = DTablePlugins.objects.get(pk=plugin_id)
except DTablePlugins.DoesNotExist:
error_msg = 'Plugin %s not found.' % plugin_id
return render_error(request, error_msg)
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return render_error(request, error_msg)
if '@seafile_group' in workspace.owner:
group_id = workspace.owner.split('@')[0]
group = ccnet_api.get_group(int(group_id))
if not group:
error_msg = 'Group %s not found.' % group_id
return render_error(request, error_msg)
table_name = name
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'DTable %s not found.' % table_name
return render_error(request, error_msg)
# permission check
username = request.user.username
permission = check_dtable_permission(username, workspace, dtable)
if not permission:
error_msg = 'Permission denied.'
return render_error(request, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return render_error(request, error_msg)
plugin_file_path = os.path.join('/asset', str(dtable.uuid), 'plugins',
plugin_record.name)
asset_path = os.path.join(plugin_file_path, path)
plugin_file_dir_id = seafile_api.get_file_id_by_path(repo_id, asset_path)
if not plugin_file_dir_id:
return render_error(request, 'Asset file does not exist.')
token = seafile_api.get_fileserver_access_token(workspace.repo_id,
plugin_file_dir_id,
'view',
'',
use_onetime=False)
url = gen_file_get_url(token, asset_path)
import requests
r = requests.get(url)
response = HttpResponse(r.content)
content_type = mimetypes.guess_type(path)
if type:
response['Content-Type'] = content_type[0]
return response
def dtable_form_edit(request, token):
"""
Permission:
1. owner
2. group member
3. shared user with `rw` permission
"""
# resource check
form_obj = DTableForms.objects.get_form_by_token(token)
if not form_obj:
return render_error(request, 'Table\'s form does not exist.')
workspace_id = form_obj.workspace_id
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
return render_error(request, 'Workspace does not exist.')
dtable_uuid = form_obj.dtable_uuid
dtable = DTables.objects.get_dtable_by_uuid(dtable_uuid)
if not dtable:
return render_error(request, 'Table does not exist.')
# permission check
username = request.user.username
permission = check_dtable_permission(username, workspace, dtable)
if permission != PERMISSION_READ_WRITE:
return render_permission_error(request, 'Permission denied.')
if not check_user_workspace_quota(workspace):
return render_error(request, 'Asset quota exceeded.')
# generate json web token
payload = {
'exp': int(time.time()) + 60 * 5,
'dtable_uuid': dtable_uuid,
'username': "******",
'permission': permission,
}
try:
access_token = jwt.encode(payload,
DTABLE_PRIVATE_KEY,
algorithm='HS256')
except Exception as e:
logger.error(e)
return render_error(request, _('Internal Server Error'))
url = '%s/api/v1/dtables/%s/metadata/' % (DTABLE_SERVER_URL.strip('/'),
dtable_uuid)
req = requests.Request(
url, headers={"Authorization": "Token %s" % access_token.decode()})
try:
dtable_metadata = requests.urlopen(req).read().decode()
except Exception as e:
logger.error(e)
return render_error(request, _('Internal Server Error'))
share_type = form_obj.share_type
shared_groups = list()
if share_type == SHARED_GROUPS:
group_ids = DTableFormShare.objects.list_by_form(form_obj)
shared_groups = [{
'id': group_id,
'name': group_id_to_name(group_id)
} for group_id in group_ids]
return_dict = {
'dtable_metadata': dtable_metadata,
'dtable_name': dtable.name,
'workspace_id': workspace_id,
'form_id': form_obj.form_id,
'form_config': form_obj.form_config,
'dtable_uuid': dtable.uuid.hex,
'dtable_web_service_url': DTABLE_WEB_SERVICE_URL,
'form_token': token,
'share_type': share_type,
'shared_groups': json.dumps(shared_groups),
}
return render(request, 'dtable_edit_form_view_react.html', return_dict)