def view_shared_upload_link(request, token): assert token is not None # Checked by URLconf uploadlink = UploadLinkShare.objects.get_valid_upload_link_by_token(token) if uploadlink is None: raise Http404 if uploadlink.is_encrypted(): if not check_share_link_access(request.user.username, token): d = {"token": token, "view_name": "view_shared_upload_link"} if request.method == "POST": post_values = request.POST.copy() post_values["enc_password"] = uploadlink.password form = SharedLinkPasswordForm(post_values) d["form"] = form if form.is_valid(): # set cache for non-anonymous user if request.user.is_authenticated(): set_share_link_access(request.user.username, token) else: return render_to_response( "share_access_validation.html", d, context_instance=RequestContext(request) ) else: return render_to_response("share_access_validation.html", d, context_instance=RequestContext(request)) username = uploadlink.username repo_id = uploadlink.repo_id path = uploadlink.path dir_name = os.path.basename(path[:-1]) repo = get_repo(repo_id) if not repo: raise Http404 uploadlink.view_cnt = F("view_cnt") + 1 uploadlink.save() no_quota = True if seaserv.check_quota(repo_id) < 0 else False token = seafile_api.get_fileserver_access_token(repo_id, "dummy", "upload", request.user.username) ajax_upload_url = gen_file_upload_url(token, "upload-aj") return render_to_response( "view_shared_upload_link.html", { "repo": repo, "token": token, "path": path, "username": username, "dir_name": dir_name, "max_upload_file_size": seaserv.MAX_UPLOAD_FILE_SIZE, "no_quota": no_quota, "ajax_upload_url": ajax_upload_url, "uploadlink": uploadlink, }, context_instance=RequestContext(request), )
def view_shared_upload_link(request, token): assert token is not None # Checked by URLconf uploadlink = UploadLinkShare.objects.get_valid_upload_link_by_token(token) if uploadlink is None: raise Http404 if uploadlink.is_encrypted() and not check_share_link_access( request, token): d = { 'token': token, 'view_name': 'view_shared_upload_link', } if request.method == 'POST': post_values = request.POST.copy() post_values['enc_password'] = uploadlink.password form = SharedLinkPasswordForm(post_values) d['form'] = form if form.is_valid(): set_share_link_access(request, token) else: return render_to_response( 'share_access_validation.html', d, context_instance=RequestContext(request)) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) username = uploadlink.username repo_id = uploadlink.repo_id path = uploadlink.path dir_name = os.path.basename(path[:-1]) repo = get_repo(repo_id) if not repo: raise Http404 uploadlink.view_cnt = F('view_cnt') + 1 uploadlink.save() no_quota = True if seaserv.check_quota(repo_id) < 0 else False return render_to_response( 'view_shared_upload_link.html', { 'repo': repo, 'path': path, 'username': username, 'dir_name': dir_name, 'max_upload_file_size': seaserv.MAX_UPLOAD_FILE_SIZE, 'no_quota': no_quota, 'uploadlink': uploadlink, 'enable_upload_folder': ENABLE_UPLOAD_FOLDER, 'enable_resumable_fileupload': ENABLE_RESUMABLE_FILEUPLOAD, }, context_instance=RequestContext(request))
def view_shared_upload_link(request, token): assert token is not None # Checked by URLconf uploadlink = UploadLinkShare.objects.get_valid_upload_link_by_token(token) if uploadlink is None: raise Http404 if uploadlink.is_encrypted() and not check_share_link_access( request, token, is_upload_link=True): d = {'token': token, 'view_name': 'view_shared_upload_link', } if request.method == 'POST': post_values = request.POST.copy() post_values['enc_password'] = uploadlink.password form = SharedLinkPasswordForm(post_values) d['form'] = form if form.is_valid(): set_share_link_access(request, token, is_upload_link=True) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) username = uploadlink.username repo_id = uploadlink.repo_id repo = get_repo(repo_id) if not repo: raise Http404 path = uploadlink.path if path == '/': # use repo name as dir name if share whole library dir_name = repo.name else: dir_name = os.path.basename(path[:-1]) repo = get_repo(repo_id) if not repo: raise Http404 uploadlink.view_cnt = F('view_cnt') + 1 uploadlink.save() no_quota = True if seaserv.check_quota(repo_id) < 0 else False return render_to_response('view_shared_upload_link.html', { 'repo': repo, 'path': path, 'username': username, 'dir_name': dir_name, 'max_upload_file_size': seaserv.MAX_UPLOAD_FILE_SIZE, 'no_quota': no_quota, 'uploadlink': uploadlink, 'enable_upload_folder': ENABLE_UPLOAD_FOLDER, 'enable_resumable_fileupload': ENABLE_RESUMABLE_FILEUPLOAD, }, context_instance=RequestContext(request))
def view_shared_upload_link(request, token): assert token is not None # Checked by URLconf uploadlink = UploadLinkShare.objects.get_valid_upload_link_by_token(token) if uploadlink is None: raise Http404 if uploadlink.is_encrypted(): if not check_share_link_access(request.user.username, token): d = {'token': token, 'view_name': 'view_shared_upload_link', } if request.method == 'POST': post_values = request.POST.copy() post_values['enc_password'] = uploadlink.password form = SharedLinkPasswordForm(post_values) d['form'] = form if form.is_valid(): # set cache for non-anonymous user if request.user.is_authenticated(): set_share_link_access(request.user.username, token) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) username = uploadlink.username repo_id = uploadlink.repo_id path = uploadlink.path dir_name = os.path.basename(path[:-1]) repo = get_repo(repo_id) if not repo: raise Http404 uploadlink.view_cnt = F('view_cnt') + 1 uploadlink.save() no_quota = True if seaserv.check_quota(repo_id) < 0 else False token = seafile_api.get_fileserver_access_token(repo_id, 'dummy', 'upload', request.user.username) ajax_upload_url = gen_file_upload_url(token, 'upload-aj') return render_to_response('view_shared_upload_link.html', { 'repo': repo, 'token': token, 'path': path, 'username': username, 'dir_name': dir_name, 'max_upload_file_size': seaserv.MAX_UPLOAD_FILE_SIZE, 'no_quota': no_quota, 'ajax_upload_url': ajax_upload_url, 'uploadlink': uploadlink, 'enable_upload_folder': ENABLE_UPLOAD_FOLDER, }, context_instance=RequestContext(request))
def view_shared_upload_link(request, token): assert token is not None # Checked by URLconf uploadlink = UploadLinkShare.objects.get_valid_upload_link_by_token(token) if uploadlink is None: raise Http404 if uploadlink.is_encrypted(): if not check_share_link_access(request.user.username, token): d = {'token': token, 'view_name': 'view_shared_upload_link', } if request.method == 'POST': post_values = request.POST.copy() post_values['enc_password'] = uploadlink.password form = SharedLinkPasswordForm(post_values) d['form'] = form if form.is_valid(): # set cache for non-anonymous user if request.user.is_authenticated(): set_share_link_access(request.user.username, token) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) username = uploadlink.username repo_id = uploadlink.repo_id path = uploadlink.path dir_name = os.path.basename(path[:-1]) repo = get_repo(repo_id) if not repo: raise Http404 uploadlink.view_cnt = F('view_cnt') + 1 uploadlink.save() no_quota = True if seaserv.check_quota(repo_id) < 0 else False token = seafile_api.get_fileserver_access_token(repo_id, 'dummy', 'upload', request.user.username) ajax_upload_url = gen_file_upload_url(token, 'upload-aj') return render_to_response('view_shared_upload_link.html', { 'repo': repo, 'token': token, 'path': path, 'username': username, 'dir_name': dir_name, 'max_upload_file_size': seaserv.MAX_UPLOAD_FILE_SIZE, 'no_quota': no_quota, 'ajax_upload_url': ajax_upload_url, 'uploadlink': uploadlink, }, context_instance=RequestContext(request))
def view_shared_file(request, token): """ Preview file via shared link. """ assert token is not None # Checked by URLconf fileshare = FileShare.objects.get_valid_file_link_by_token(token) if fileshare is None: raise Http404 if fileshare.is_encrypted(): if not check_share_link_access(request.user.username, token): d = { 'token': token, 'view_name': 'view_shared_file', } if request.method == 'POST': post_values = request.POST.copy() post_values['enc_password'] = fileshare.password form = SharedLinkPasswordForm(post_values) d['form'] = form if form.is_valid(): # set cache for non-anonymous user if request.user.is_authenticated(): set_share_link_access(request.user.username, token) else: return render_to_response( 'share_access_validation.html', d, context_instance=RequestContext(request)) else: return render_to_response( 'share_access_validation.html', d, context_instance=RequestContext(request)) shared_by = fileshare.username repo_id = fileshare.repo_id repo = get_repo(repo_id) if not repo: raise Http404 path = fileshare.path.rstrip('/') # Normalize file path obj_id = seafile_api.get_file_id_by_path(repo_id, path) if not obj_id: return render_error(request, _(u'File does not exist')) file_size = seafile_api.get_file_size(repo.store_id, repo.version, obj_id) filename = os.path.basename(path) filetype, fileext = get_file_type_and_ext(filename) access_token = seafserv_rpc.web_get_access_token(repo.id, obj_id, 'view', '') raw_path = gen_file_get_url(access_token, filename) inner_path = gen_inner_file_get_url(access_token, filename) # get file content ret_dict = { 'err': '', 'file_content': '', 'encoding': '', 'file_enc': '', 'file_encoding_list': [], 'html_exists': False, 'filetype': filetype } exceeds_limit, err_msg = file_size_exceeds_preview_limit( file_size, filetype) if exceeds_limit: ret_dict['err'] = err_msg else: """Choose different approach when dealing with different type of file.""" if is_textual_file(file_type=filetype): handle_textual_file(request, filetype, inner_path, ret_dict) elif filetype == DOCUMENT: handle_document(inner_path, obj_id, fileext, ret_dict) elif filetype == SPREADSHEET: handle_spreadsheet(inner_path, obj_id, fileext, ret_dict) elif filetype == OPENDOCUMENT: if file_size == 0: ret_dict['err'] = _(u'Invalid file format.') elif filetype == PDF: handle_pdf(inner_path, obj_id, fileext, ret_dict) # Increase file shared link view_cnt, this operation should be atomic fileshare.view_cnt = F('view_cnt') + 1 fileshare.save() # send statistic messages if ret_dict['filetype'] != 'Unknown': try: send_message('seahub.stats', 'file-view\t%s\t%s\t%s\t%s' % \ (repo.id, shared_by, obj_id, file_size)) except SearpcError, e: logger.error('Error when sending file-view message: %s' % str(e))
def post(self, request, token): """ Only used for saving notification after user upload file via folder share link and upload link. Permission checking: 1, If enable SHARE_LINK_LOGIN_REQUIRED, user must have been authenticated. 2, If enable ENABLE_SHARE_LINK_AUDIT, user must have been authenticated, or have been audited. 3, If share link is encrypted, share link password must have been checked. 4, Share link must be a folder share link and has can_upload permission. """ # resource check share_link = None upload_link = None try: share_link = FileShare.objects.get(token=token) except FileShare.DoesNotExist: upload_link = UploadLinkShare.objects.get(token=token) except UploadLinkShare.DoesNotExist: error_msg = 'token %s not found.' % token return api_error(status.HTTP_404_NOT_FOUND, error_msg) if share_link: # check if login required if SHARE_LINK_LOGIN_REQUIRED and \ not request.user.is_authenticated: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check share link audit if is_pro_version() and ENABLE_SHARE_LINK_AUDIT and \ not request.user.is_authenticated and \ not request.session.get('anonymous_email'): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check share link validation if share_link.is_encrypted() and not check_share_link_access(request, token): error_msg = 'Share link is encrypted.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not share_link.get_permissions()['can_upload']: error_msg = 'Share link has no can_upload permission' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if share_link.is_expired(): error_msg = 'Share link is expired' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not share_link.is_dir_share_link(): error_msg = 'Share link %s is not a folder share link.' % token return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # recourse check repo_id = share_link.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) parent_dir = share_link.path if seafile_api.check_permission_by_path(repo_id, parent_dir, share_link.username) != 'rw': error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) file_path = request.data.get('file_path') if not file_path: error_msg = 'file_path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) file_id = seafile_api.get_file_id_by_path(repo_id, file_path) if not file_id: error_msg = 'File %s not found.' % file_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) # send singal upload_file_successful.send(sender=None, repo_id=repo_id, file_path=file_path, owner=share_link.username) return Response({'success': True}) if upload_link: if upload_link.is_encrypted() and not check_share_link_access(request, token, is_upload_link=True): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if upload_link.is_expired(): error_msg = 'Upload link is expired' return api_error(status.HTTP_403_FORBIDDEN, error_msg) repo_id = upload_link.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) parent_dir = upload_link.path if seafile_api.check_permission_by_path(repo_id, parent_dir, upload_link.username) != 'rw': error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) file_path = request.data.get('file_path') if not file_path: error_msg = 'file_path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) file_id = seafile_api.get_file_id_by_path(repo_id, file_path) if not file_id: error_msg = 'File %s not found.' % file_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) upload_file_successful.send(sender=None, repo_id=repo_id, file_path=file_path, owner=upload_link.username) return Response({'success': True})
def view_shared_dir(request, token): assert token is not None # Checked by URLconf fileshare = FileShare.objects.get_valid_dir_link_by_token(token) if fileshare is None: raise Http404 if fileshare.is_encrypted(): if not check_share_link_access(request, token): d = {'token': token, 'view_name': 'view_shared_dir', } if request.method == 'POST': post_values = request.POST.copy() post_values['enc_password'] = fileshare.password form = SharedLinkPasswordForm(post_values) d['form'] = form if form.is_valid(): set_share_link_access(request, token) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) username = fileshare.username repo_id = fileshare.repo_id # Get path from frontend, use '/' if missing, and construct request path # with fileshare.path to real path, used to fetch dirents by RPC. req_path = request.GET.get('p', '/') if req_path[-1] != '/': req_path += '/' if req_path == '/': real_path = fileshare.path else: real_path = posixpath.join(fileshare.path, req_path.lstrip('/')) if real_path[-1] != '/': # Normalize dir path real_path += '/' repo = get_repo(repo_id) if not repo: raise Http404 # Check path still exist, otherwise show error if not seafile_api.get_dir_id_by_path(repo.id, fileshare.path): return render_error(request, _('"%s" does not exist.') % fileshare.path) # download shared dir if request.GET.get('dl', '') == '1': return _download_dir_from_share_link(request, fileshare, repo, real_path) if fileshare.path == '/': # use repo name as dir name if share whole library dir_name = repo.name else: dir_name = os.path.basename(real_path[:-1]) current_commit = seaserv.get_commits(repo_id, 0, 1)[0] file_list, dir_list, dirent_more = get_repo_dirents(request, repo, current_commit, real_path) # generate dir navigator if fileshare.path == '/': zipped = gen_path_link(req_path, repo.name) else: zipped = gen_path_link(req_path, os.path.basename(fileshare.path[:-1])) if req_path == '/': # When user view the root of shared dir.. # increase shared link view_cnt, fileshare = FileShare.objects.get(token=token) fileshare.view_cnt = F('view_cnt') + 1 fileshare.save() traffic_over_limit = user_traffic_over_limit(fileshare.username) for f in file_list: file_type, file_ext = get_file_type_and_ext(f.obj_name) if file_type == IMAGE: f.is_img = True if allow_generate_thumbnail(username, repo, f): f.allow_generate_thumbnail = True if os.path.exists(os.path.join(THUMBNAIL_ROOT, THUMBNAIL_DEFAULT_SIZE, f.obj_id)): f.thumbnail_src = get_thumbnail_src(repo.id, f.obj_id, THUMBNAIL_DEFAULT_SIZE) return render_to_response('view_shared_dir.html', { 'repo': repo, 'token': token, 'path': req_path, 'username': username, 'dir_name': dir_name, 'file_list': file_list, 'dir_list': dir_list, 'zipped': zipped, 'traffic_over_limit': traffic_over_limit, 'ENABLE_THUMBNAIL': ENABLE_THUMBNAIL, 'PREVIEW_DEFAULT_SIZE': PREVIEW_DEFAULT_SIZE, }, context_instance=RequestContext(request))
def view_shared_file(request, token): """ Preview file via shared link. """ assert token is not None # Checked by URLconf fileshare = FileShare.objects.get_valid_file_link_by_token(token) if fileshare is None: raise Http404 if fileshare.is_encrypted(): if not check_share_link_access(request.user.username, token): d = {'token': token, 'view_name': 'view_shared_file', } if request.method == 'POST': post_values = request.POST.copy() post_values['enc_password'] = fileshare.password form = SharedLinkPasswordForm(post_values) d['form'] = form if form.is_valid(): # set cache for non-anonymous user if request.user.is_authenticated(): set_share_link_access(request.user.username, token) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) shared_by = fileshare.username repo_id = fileshare.repo_id repo = get_repo(repo_id) if not repo: raise Http404 path = fileshare.path.rstrip('/') # Normalize file path obj_id = seafile_api.get_file_id_by_path(repo_id, path) if not obj_id: return render_error(request, _(u'File does not exist')) file_size = seafile_api.get_file_size(repo.store_id, repo.version, obj_id) filename = os.path.basename(path) filetype, fileext = get_file_type_and_ext(filename) access_token = seafserv_rpc.web_get_access_token(repo.id, obj_id, 'view', '') raw_path = gen_file_get_url(access_token, filename) inner_path = gen_inner_file_get_url(access_token, filename) # get file content ret_dict = {'err': '', 'file_content': '', 'encoding': '', 'file_enc': '', 'file_encoding_list': [], 'html_exists': False, 'filetype': filetype} exceeds_limit, err_msg = file_size_exceeds_preview_limit(file_size, filetype) if exceeds_limit: ret_dict['err'] = err_msg else: """Choose different approach when dealing with different type of file.""" if is_textual_file(file_type=filetype): handle_textual_file(request, filetype, inner_path, ret_dict) elif filetype == DOCUMENT: handle_document(inner_path, obj_id, fileext, ret_dict) elif filetype == SPREADSHEET: handle_spreadsheet(inner_path, obj_id, fileext, ret_dict) elif filetype == OPENDOCUMENT: if file_size == 0: ret_dict['err'] = _(u'Invalid file format.') elif filetype == PDF: handle_pdf(inner_path, obj_id, fileext, ret_dict) # Increase file shared link view_cnt, this operation should be atomic fileshare.view_cnt = F('view_cnt') + 1 fileshare.save() # send statistic messages if ret_dict['filetype'] != 'Unknown': try: send_message('seahub.stats', 'file-view\t%s\t%s\t%s\t%s' % \ (repo.id, shared_by, obj_id, file_size)) except SearpcError, e: logger.error('Error when sending file-view message: %s' % str(e))
def get(self, request, token): """ Only used for get seafhttp upload link for a folder share link. Permission checking: 1, If enable SHARE_LINK_LOGIN_REQUIRED, user must have been authenticated. 2, If enable ENABLE_SHARE_LINK_AUDIT, user must have been authenticated, or have been audited. 3, If share link is encrypted, share link password must have been checked. 4, Share link must be a folder share link and has can_upload permission. """ # check if login required if SHARE_LINK_LOGIN_REQUIRED and \ not request.user.is_authenticated(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check share link audit if is_pro_version() and ENABLE_SHARE_LINK_AUDIT and \ not request.user.is_authenticated() and \ not request.session.get('anonymous_email'): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check try: share_link = FileShare.objects.get(token=token) except FileShare.DoesNotExist: error_msg = 'Share link %s not found.' % token return api_error(status.HTTP_404_NOT_FOUND, error_msg) if share_link.s_type != 'd': error_msg = 'Share link %s is not a folder share link.' % token return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo_id = share_link.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) share_link_path = share_link.path request_path = request.GET.get('path', '/') if request_path == '/': path = share_link_path else: path = posixpath.join(share_link_path, request_path.strip('/')) path = normalize_dir_path(path) dir_id = seafile_api.get_dir_id_by_path(repo_id, path) if not dir_id: error_msg = 'Folder %s not found.' % request_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) if share_link.is_encrypted() and not check_share_link_access(request, token): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not share_link.get_permissions()['can_upload']: error_msg = 'Permission denied.' # generate token obj_id = json.dumps({'parent_dir': path}) token = seafile_api.get_fileserver_access_token(repo_id, obj_id, 'upload-link', share_link.username, use_onetime=False) if not token: error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) result = {} result['upload_link'] = gen_file_upload_url(token, 'upload-api') return Response(result)
def post(self, request, format=None): """ Only used for download dirents in a folder share link. Permission checking: 1, If enable SHARE_LINK_LOGIN_REQUIRED, user must have been authenticated. 2, If enable ENABLE_SHARE_LINK_AUDIT, user must have been authenticated, or have been audited. 3, If share link is encrypted, share link password must have been checked. """ # argument check share_link_token = request.data.get('token', None) if not share_link_token: error_msg = 'share_link_token invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) parent_dir = request.data.get('parent_dir', '/') if not parent_dir: error_msg = 'parent_dir invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) dirent_name_list = request.data.get('dirents', None) if not dirent_name_list: error_msg = 'dirent_name invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check try: share_link= FileShare.objects.get(token=share_link_token) except FileShare.DoesNotExist: error_msg = 'Share link %s not found.' % share_link_token return api_error(status.HTTP_404_NOT_FOUND, error_msg) if share_link.s_type != 'd': error_msg = 'Share link %s is not a folder share link.' % share_link_token return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo_id = share_link.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) full_parent_dir = posixpath.join(normalize_dir_path(share_link.path), parent_dir.strip('/')) full_parent_dir = normalize_dir_path(full_parent_dir) dir_id = seafile_api.get_dir_id_by_path(repo_id, full_parent_dir) if not dir_id: error_msg = 'Folder %s not found.' % parent_dir return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check # check if login required if SHARE_LINK_LOGIN_REQUIRED and \ not request.user.is_authenticated(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check share link audit if is_pro_version() and ENABLE_SHARE_LINK_AUDIT and \ not request.user.is_authenticated() and \ not request.session.get('anonymous_email'): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check share link password if share_link.is_encrypted() and not check_share_link_access(request, share_link_token): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check if has download permission for share link creator if not parse_repo_perm(seafile_api.check_permission_by_path( repo_id, full_parent_dir, share_link.username)).can_download: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check if share link has download permission if not share_link.get_permissions()['can_download']: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # get file server access token is_windows = 0 if is_windows_operating_system(request): is_windows = 1 dirent_list = [] total_size = 0 for dirent_name in dirent_name_list: dirent_name = dirent_name.strip('/') full_dirent_path = posixpath.join(full_parent_dir, dirent_name) current_dirent = seafile_api.get_dirent_by_path(repo_id, full_dirent_path) if not current_dirent: continue if stat.S_ISDIR(current_dirent.mode): total_size += seafile_api.get_dir_size(repo.store_id, repo.version, current_dirent.obj_id) else: total_size += current_dirent.size dirent_list.append(dirent_name) if total_size > seaserv.MAX_DOWNLOAD_DIR_SIZE: error_msg = _('Total size exceeds limit.') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not dirent_list: error_msg = 'No valid dirent.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) fake_obj_id = { 'parent_dir': full_parent_dir, 'file_list': dirent_list, 'is_windows': is_windows } try: zip_token = seafile_api.get_fileserver_access_token( repo_id, json.dumps(fake_obj_id), 'download-multi', '', use_onetime=settings.FILESERVER_TOKEN_ONCE_ONLY) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not zip_token: error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'zip_token': zip_token})
def view_shared_dir(request, token): assert token is not None # Checked by URLconf fileshare = FileShare.objects.get_valid_dir_link_by_token(token) if fileshare is None: raise Http404 if fileshare.is_encrypted(): if not check_share_link_access(request, token): d = { 'token': token, 'view_name': 'view_shared_dir', } if request.method == 'POST': post_values = request.POST.copy() post_values['enc_password'] = fileshare.password form = SharedLinkPasswordForm(post_values) d['form'] = form if form.is_valid(): set_share_link_access(request, token) else: return render_to_response( 'share_access_validation.html', d, context_instance=RequestContext(request)) else: return render_to_response( 'share_access_validation.html', d, context_instance=RequestContext(request)) username = fileshare.username repo_id = fileshare.repo_id path = request.GET.get('p', '') path = fileshare.path if not path else path if path[-1] != '/': # Normalize dir path path += '/' if not path.startswith(fileshare.path): path = fileshare.path # Can not view upper dir of shared dir repo = get_repo(repo_id) if not repo: raise Http404 # Check path still exist, otherwise show error if not seafile_api.get_dir_id_by_path(repo.id, fileshare.path): return render_error(request, _('"%s" does not exist.') % fileshare.path) dir_name = os.path.basename(path[:-1]) current_commit = seaserv.get_commits(repo_id, 0, 1)[0] file_list, dir_list, dirent_more = get_repo_dirents( request, repo, current_commit, path) zipped = gen_path_link(path, '') if path == fileshare.path: # When user view the shared dir.. # increase shared link view_cnt, fileshare = FileShare.objects.get(token=token) fileshare.view_cnt = F('view_cnt') + 1 fileshare.save() traffic_over_limit = user_traffic_over_limit(fileshare.username) for f in file_list: if allow_generate_thumbnail(username, repo, f): f.allow_generate_thumbnail = True if os.path.exists( os.path.join(THUMBNAIL_ROOT, THUMBNAIL_DEFAULT_SIZE, f.obj_id)): f.thumbnail_src = get_thumbnail_src(repo.id, f.obj_id, THUMBNAIL_DEFAULT_SIZE) return render_to_response('view_shared_dir.html', { 'repo': repo, 'token': token, 'path': path, 'username': username, 'dir_name': dir_name, 'file_list': file_list, 'dir_list': dir_list, 'zipped': zipped, 'traffic_over_limit': traffic_over_limit, 'ENABLE_THUMBNAIL': ENABLE_THUMBNAIL, 'PREVIEW_DEFAULT_SIZE': PREVIEW_DEFAULT_SIZE, }, context_instance=RequestContext(request))
def view_shared_dir(request, token): assert token is not None # Checked by URLconf fileshare = FileShare.objects.get_valid_dir_link_by_token(token) if fileshare is None: raise Http404 if fileshare.is_encrypted(): if not check_share_link_access(request, token): d = { 'token': token, 'view_name': 'view_shared_dir', } if request.method == 'POST': post_values = request.POST.copy() post_values['enc_password'] = fileshare.password form = SharedLinkPasswordForm(post_values) d['form'] = form if form.is_valid(): set_share_link_access(request, token) else: return render_to_response( 'share_access_validation.html', d, context_instance=RequestContext(request)) else: return render_to_response( 'share_access_validation.html', d, context_instance=RequestContext(request)) username = fileshare.username repo_id = fileshare.repo_id path = request.GET.get('p', '') path = fileshare.path if not path else path if path[-1] != '/': # Normalize dir path path += '/' if not path.startswith(fileshare.path): path = fileshare.path # Can not view upper dir of shared dir repo = get_repo(repo_id) if not repo: raise Http404 dir_name = os.path.basename(path[:-1]) current_commit = seaserv.get_commits(repo_id, 0, 1)[0] file_list, dir_list, dirent_more = get_repo_dirents( request, repo, current_commit, path) zipped = gen_path_link(path, '') if path == fileshare.path: # When user view the shared dir.. # increase shared link view_cnt, fileshare = FileShare.objects.get(token=token) fileshare.view_cnt = F('view_cnt') + 1 fileshare.save() traffic_over_limit = user_traffic_over_limit(fileshare.username) return render_to_response('view_shared_dir.html', { 'repo': repo, 'token': token, 'path': path, 'username': username, 'dir_name': dir_name, 'file_list': file_list, 'dir_list': dir_list, 'zipped': zipped, 'traffic_over_limit': traffic_over_limit, }, context_instance=RequestContext(request))
def view_shared_dir(request, token): assert token is not None # Checked by URLconf fileshare = FileShare.objects.get_valid_dir_link_by_token(token) if fileshare is None: raise Http404 if fileshare.is_encrypted(): if not check_share_link_access(request.user.username, token): d = {'token': token, 'view_name': 'view_shared_dir', } if request.method == 'POST': post_values = request.POST.copy() post_values['enc_password'] = fileshare.password form = SharedLinkPasswordForm(post_values) d['form'] = form if form.is_valid(): # set cache for non-anonymous user if request.user.is_authenticated(): set_share_link_access(request.user.username, token) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) username = fileshare.username repo_id = fileshare.repo_id path = request.GET.get('p', '') path = fileshare.path if not path else path if path[-1] != '/': # Normalize dir path path += '/' if not path.startswith(fileshare.path): path = fileshare.path # Can not view upper dir of shared dir repo = get_repo(repo_id) if not repo: raise Http404 # Check path still exist, otherwise show error if not seafile_api.get_dir_id_by_path(repo.id, fileshare.path): return render_error(request, _('"%s" does not exist.') % fileshare.path) dir_name = os.path.basename(path[:-1]) current_commit = seaserv.get_commits(repo_id, 0, 1)[0] file_list, dir_list, dirent_more = get_repo_dirents(request, repo, current_commit, path) zipped = gen_path_link(path, '') if path == fileshare.path: # When user view the shared dir.. # increase shared link view_cnt, fileshare = FileShare.objects.get(token=token) fileshare.view_cnt = F('view_cnt') + 1 fileshare.save() traffic_over_limit = user_traffic_over_limit(fileshare.username) for f in file_list: if allow_generate_thumbnail(username, repo, f): f.allow_generate_thumbnail = True if os.path.exists(os.path.join(THUMBNAIL_ROOT, THUMBNAIL_DEFAULT_SIZE, f.obj_id)): f.thumbnail_src = get_thumbnail_src(repo.id, f.obj_id, THUMBNAIL_DEFAULT_SIZE) return render_to_response('view_shared_dir.html', { 'repo': repo, 'token': token, 'path': path, 'username': username, 'dir_name': dir_name, 'file_list': file_list, 'dir_list': dir_list, 'zipped': zipped, 'traffic_over_limit': traffic_over_limit, 'ENABLE_THUMBNAIL': ENABLE_THUMBNAIL, 'PREVIEW_DEFAULT_SIZE': PREVIEW_DEFAULT_SIZE, }, context_instance=RequestContext(request))
def view_shared_dir(request, token): assert token is not None # Checked by URLconf fileshare = FileShare.objects.get_valid_dir_link_by_token(token) if fileshare is None: raise Http404 if fileshare.is_encrypted(): if not check_share_link_access(request.user.username, token): d = {'token': token, 'view_name': 'view_shared_dir', } if request.method == 'POST': post_values = request.POST.copy() post_values['enc_password'] = fileshare.password form = SharedLinkPasswordForm(post_values) d['form'] = form if form.is_valid(): # set cache for non-anonymous user if request.user.is_authenticated(): set_share_link_access(request.user.username, token) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) username = fileshare.username repo_id = fileshare.repo_id path = request.GET.get('p', '') path = fileshare.path if not path else path if path[-1] != '/': # Normalize dir path path += '/' if not path.startswith(fileshare.path): path = fileshare.path # Can not view upper dir of shared dir repo = get_repo(repo_id) if not repo: raise Http404 dir_name = os.path.basename(path[:-1]) current_commit = seaserv.get_commits(repo_id, 0, 1)[0] file_list, dir_list = get_repo_dirents(request, repo, current_commit, path) zipped = gen_path_link(path, '') if path == fileshare.path: # When user view the shared dir.. # increase shared link view_cnt, fileshare = FileShare.objects.get(token=token) fileshare.view_cnt = F('view_cnt') + 1 fileshare.save() traffic_over_limit = user_traffic_over_limit(fileshare.username) return render_to_response('view_shared_dir.html', { 'repo': repo, 'token': token, 'path': path, 'username': username, 'dir_name': dir_name, 'file_list': file_list, 'dir_list': dir_list, 'zipped': zipped, 'traffic_over_limit': traffic_over_limit, }, context_instance=RequestContext(request))
def get(self, request, token): """ Only used for get dirents in a folder share link. Permission checking: 1, If enable SHARE_LINK_LOGIN_REQUIRED, user must have been authenticated. 2, If enable ENABLE_SHARE_LINK_AUDIT, user must have been authenticated, or have been audited. 3, If share link is encrypted, share link password must have been checked. """ # argument check thumbnail_size = request.GET.get('thumbnail_size', 48) try: thumbnail_size = int(thumbnail_size) except ValueError: error_msg = 'thumbnail_size invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check # check if login required if SHARE_LINK_LOGIN_REQUIRED and \ not request.user.is_authenticated(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check share link audit if is_pro_version() and ENABLE_SHARE_LINK_AUDIT and \ not request.user.is_authenticated() and \ not request.session.get('anonymous_email'): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check try: share_link = FileShare.objects.get(token=token) except FileShare.DoesNotExist: error_msg = 'Share link %s not found.' % token return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check share link password if share_link.is_encrypted() and not check_share_link_access(request, token): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if share_link.s_type != 'd': error_msg = 'Share link %s is not a folder share link.' % token return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo_id = share_link.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) share_link_path = share_link.path request_path = request.GET.get('path', '/') if request_path == '/': path = share_link_path else: path = posixpath.join(share_link_path, request_path.strip('/')) path = normalize_dir_path(path) dir_id = seafile_api.get_dir_id_by_path(repo_id, path) if not dir_id: error_msg = 'Folder %s not found.' % request_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: current_commit = seafile_api.get_commit_list(repo_id, 0, 1)[0] dirent_list = seafile_api.list_dir_by_commit_and_path(repo_id, current_commit.id, path, -1, -1) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) result = [] for dirent in dirent_list: # don't return parent folder(share link path) info to user # so use request_path here dirent_path = posixpath.join(request_path, dirent.obj_name) dirent_info = {} dirent_info['size'] = dirent.size dirent_info['last_modified'] = timestamp_to_isoformat_timestr(dirent.mtime) if stat.S_ISDIR(dirent.mode): dirent_info['is_dir'] = True dirent_info['folder_path'] = normalize_dir_path(dirent_path) dirent_info['folder_name'] = dirent.obj_name else: dirent_info['is_dir'] = False dirent_info['file_path'] = normalize_file_path(dirent_path) dirent_info['file_name'] = dirent.obj_name file_type, file_ext = get_file_type_and_ext(dirent.obj_name) if file_type in (IMAGE, XMIND) or \ file_type == VIDEO and ENABLE_VIDEO_THUMBNAIL: if os.path.exists(os.path.join(THUMBNAIL_ROOT, str(thumbnail_size), dirent.obj_id)): req_image_path = posixpath.join(request_path, dirent.obj_name) src = get_share_link_thumbnail_src(token, thumbnail_size, req_image_path) dirent_info['encoded_thumbnail_src'] = urlquote(src) result.append(dirent_info) return Response({'dirent_list': result})
def view_shared_dir(request, token): assert token is not None # Checked by URLconf fileshare = FileShare.objects.get_valid_dir_link_by_token(token) if fileshare is None: raise Http404 if fileshare.is_encrypted(): if not check_share_link_access(request.user.username, token): d = {"token": token, "view_name": "view_shared_dir"} if request.method == "POST": post_values = request.POST.copy() post_values["enc_password"] = fileshare.password form = SharedLinkPasswordForm(post_values) d["form"] = form if form.is_valid(): # set cache for non-anonymous user if request.user.is_authenticated(): set_share_link_access(request.user.username, token) else: return render_to_response( "share_access_validation.html", d, context_instance=RequestContext(request) ) else: return render_to_response("share_access_validation.html", d, context_instance=RequestContext(request)) username = fileshare.username repo_id = fileshare.repo_id path = request.GET.get("p", "") path = fileshare.path if not path else path if path[-1] != "/": # Normalize dir path path += "/" if not path.startswith(fileshare.path): path = fileshare.path # Can not view upper dir of shared dir repo = get_repo(repo_id) if not repo: raise Http404 dir_name = os.path.basename(path[:-1]) current_commit = seaserv.get_commits(repo_id, 0, 1)[0] file_list, dir_list = get_repo_dirents(request, repo, current_commit, path) zipped = gen_path_link(path, "") if path == fileshare.path: # When user view the shared dir.. # increase shared link view_cnt, fileshare = FileShare.objects.get(token=token) fileshare.view_cnt = F("view_cnt") + 1 fileshare.save() traffic_over_limit = user_traffic_over_limit(fileshare.username) return render_to_response( "view_shared_dir.html", { "repo": repo, "token": token, "path": path, "username": username, "dir_name": dir_name, "file_list": file_list, "dir_list": dir_list, "zipped": zipped, "traffic_over_limit": traffic_over_limit, }, context_instance=RequestContext(request), )
def view_shared_dir(request, token): assert token is not None # Checked by URLconf fileshare = FileShare.objects.get_valid_dir_link_by_token(token) if fileshare is None: raise Http404 if fileshare.is_encrypted(): if not check_share_link_access(request, token): d = { 'token': token, 'view_name': 'view_shared_dir', } if request.method == 'POST': post_values = request.POST.copy() post_values['enc_password'] = fileshare.password form = SharedLinkPasswordForm(post_values) d['form'] = form if form.is_valid(): set_share_link_access(request, token) else: return render_to_response( 'share_access_validation.html', d, context_instance=RequestContext(request)) else: return render_to_response( 'share_access_validation.html', d, context_instance=RequestContext(request)) username = fileshare.username repo_id = fileshare.repo_id # Get path from frontend, use '/' if missing, and construct request path # with fileshare.path to real path, used to fetch dirents by RPC. req_path = request.GET.get('p', '/') if req_path[-1] != '/': req_path += '/' if req_path == '/': real_path = fileshare.path else: real_path = posixpath.join(fileshare.path, req_path.lstrip('/')) if real_path[-1] != '/': # Normalize dir path real_path += '/' repo = get_repo(repo_id) if not repo: raise Http404 # Check path still exist, otherwise show error if not seafile_api.get_dir_id_by_path(repo.id, fileshare.path): return render_error(request, _('"%s" does not exist.') % fileshare.path) # download shared dir if request.GET.get('dl', '') == '1': return _download_dir_from_share_link(request, fileshare, repo, real_path) if fileshare.path == '/': # use repo name as dir name if share whole library dir_name = repo.name else: dir_name = os.path.basename(real_path[:-1]) current_commit = seaserv.get_commits(repo_id, 0, 1)[0] file_list, dir_list, dirent_more = get_repo_dirents( request, repo, current_commit, real_path) # generate dir navigator if fileshare.path == '/': zipped = gen_path_link(req_path, repo.name) else: zipped = gen_path_link(req_path, os.path.basename(fileshare.path[:-1])) if req_path == '/': # When user view the root of shared dir.. # increase shared link view_cnt, fileshare = FileShare.objects.get(token=token) fileshare.view_cnt = F('view_cnt') + 1 fileshare.save() traffic_over_limit = user_traffic_over_limit(fileshare.username) # mode to view dir/file items mode = request.GET.get('mode', 'list') if mode != 'list': mode = 'grid' thumbnail_size = THUMBNAIL_DEFAULT_SIZE if mode == 'list' else THUMBNAIL_SIZE_FOR_GRID for f in file_list: file_type, file_ext = get_file_type_and_ext(f.obj_name) if file_type == IMAGE: f.is_img = True real_image_path = posixpath.join(real_path, f.obj_name) if allow_generate_thumbnail(request, repo_id, real_image_path): f.allow_generate_thumbnail = True if os.path.exists( os.path.join(THUMBNAIL_ROOT, str(thumbnail_size), f.obj_id)): req_image_path = posixpath.join(req_path, f.obj_name) src = get_share_link_thumbnail_src(token, thumbnail_size, req_image_path) f.encoded_thumbnail_src = urlquote(src) return render_to_response('view_shared_dir.html', { 'repo': repo, 'token': token, 'path': req_path, 'username': username, 'dir_name': dir_name, 'file_list': file_list, 'dir_list': dir_list, 'zipped': zipped, 'traffic_over_limit': traffic_over_limit, 'ENABLE_THUMBNAIL': ENABLE_THUMBNAIL, 'mode': mode, 'thumbnail_size': thumbnail_size, }, context_instance=RequestContext(request))
def get(self, request, token): """ Only used for get dirents in a folder share link. Permission checking: 1, If enable SHARE_LINK_LOGIN_REQUIRED, user must have been authenticated. 2, If enable ENABLE_SHARE_LINK_AUDIT, user must have been authenticated, or have been audited. 3, If share link is encrypted, share link password must have been checked. """ # argument check thumbnail_size = request.GET.get('thumbnail_size', 48) try: thumbnail_size = int(thumbnail_size) except ValueError: error_msg = 'thumbnail_size invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check # check if login required if SHARE_LINK_LOGIN_REQUIRED and \ not request.user.is_authenticated(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check share link audit if is_pro_version() and ENABLE_SHARE_LINK_AUDIT and \ not request.user.is_authenticated() and \ not request.session.get('anonymous_email'): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check try: share_link= FileShare.objects.get(token=token) except FileShare.DoesNotExist: error_msg = 'Share link %s not found.' % token return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check share link password if share_link.is_encrypted() and not check_share_link_access(request, token): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if share_link.s_type != 'd': error_msg = 'Share link %s is not a folder share link.' % token return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo_id = share_link.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) share_link_path = share_link.path request_path = request.GET.get('path', '/') if request_path == '/': path = share_link_path else: path = posixpath.join(share_link_path, request_path.strip('/')) path = normalize_dir_path(path) dir_id = seafile_api.get_dir_id_by_path(repo_id, path) if not dir_id: error_msg = 'Folder %s not found.' % request_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: current_commit = seafile_api.get_commit_list(repo_id, 0, 1)[0] dirent_list = seafile_api.list_dir_by_commit_and_path(repo_id, current_commit.id, path, -1, -1) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) result = [] for dirent in dirent_list: # don't return parent folder(share link path) info to user # so use request_path here dirent_path = posixpath.join(request_path, dirent.obj_name) dirent_info = {} dirent_info['size'] = dirent.size dirent_info['last_modified'] = timestamp_to_isoformat_timestr(dirent.mtime) if stat.S_ISDIR(dirent.mode): dirent_info['is_dir'] = True dirent_info['folder_path'] = normalize_dir_path(dirent_path) dirent_info['folder_name'] = dirent.obj_name else: dirent_info['is_dir'] = False dirent_info['file_path'] = normalize_file_path(dirent_path) dirent_info['file_name'] = dirent.obj_name file_type, file_ext = get_file_type_and_ext(dirent.obj_name) if file_type in (IMAGE, XMIND) or \ file_type == VIDEO and ENABLE_VIDEO_THUMBNAIL: if os.path.exists(os.path.join(THUMBNAIL_ROOT, str(thumbnail_size), dirent.obj_id)): req_image_path = posixpath.join(request_path, dirent.obj_name) src = get_share_link_thumbnail_src(token, thumbnail_size, req_image_path) dirent_info['encoded_thumbnail_src'] = urlquote(src) result.append(dirent_info) return Response({'dirent_list': result})