def share_link_thumbnail_create(request, token): """generate thumbnail from dir download link page return thumbnail src to web """ content_type = 'application/json; charset=utf-8' result = {} fileshare = FileShare.objects.get_valid_file_link_by_token(token) if not fileshare: err_msg = _(u"Invalid token.") return HttpResponse(json.dumps({"error": err_msg}), status=400, content_type=content_type) repo_id = fileshare.repo_id repo = get_repo(repo_id) if not repo: err_msg = _(u"Library does not exist.") return HttpResponse(json.dumps({"error": err_msg}), status=400, content_type=content_type) if repo.encrypted or not ENABLE_THUMBNAIL: err_msg = _(u"Permission denied.") return HttpResponse(json.dumps({"error": err_msg}), status=403, content_type=content_type) req_path = request.GET.get('path', None) if not req_path or '../' in req_path: err_msg = _(u"Invalid arguments.") return HttpResponse(json.dumps({"error": err_msg}), status=400, content_type=content_type) if fileshare.path == '/': real_path = req_path else: real_path = posixpath.join(fileshare.path, req_path.lstrip('/')) size = request.GET.get('size', THUMBNAIL_DEFAULT_SIZE) success, status_code = generate_thumbnail(request, repo_id, size, real_path) if success: src = get_share_link_thumbnail_src(token, size, req_path) result['encoded_thumbnail_src'] = urlquote(src) return HttpResponse(json.dumps(result), content_type=content_type) else: err_msg = _('Failed to create thumbnail.') return HttpResponse(json.dumps({'err_msg': err_msg}), status=status_code, content_type=content_type)
def view_shared_dir(request, fileshare): token = fileshare.token password_check_passed, err_msg = check_share_link_common( request, fileshare) if not password_check_passed: d = { 'token': token, 'view_name': 'view_shared_dir', 'err_msg': err_msg } return render(request, 'share_access_validation.html', d) username = fileshare.username repo_id = fileshare.repo_id # Get path from frontend, use '/' if missing, and construct request path # with fileshare.path to real path, used to fetch dirents by RPC. req_path = request.GET.get('p', '/') if req_path[-1] != '/': req_path += '/' if req_path == '/': real_path = fileshare.path else: real_path = posixpath.join(fileshare.path, req_path.lstrip('/')) if real_path[-1] != '/': # Normalize dir path real_path += '/' repo = get_repo(repo_id) if not repo: raise Http404 if repo.encrypted or not \ seafile_api.check_permission_by_path(repo_id, '/', username): return render_error(request, _(u'Permission denied')) # Check path still exist, otherwise show error if not seafile_api.get_dir_id_by_path(repo.id, fileshare.path): return render_error(request, _('"%s" does not exist.') % fileshare.path) if fileshare.path == '/': # use repo name as dir name if share whole library dir_name = repo.name else: dir_name = os.path.basename(real_path[:-1]) current_commit = seaserv.get_commits(repo_id, 0, 1)[0] file_list, dir_list, dirent_more = get_repo_dirents( request, repo, current_commit, real_path) # generate dir navigator if fileshare.path == '/': zipped = gen_path_link(req_path, repo.name) else: zipped = gen_path_link(req_path, os.path.basename(fileshare.path[:-1])) if req_path == '/': # When user view the root of shared dir.. # increase shared link view_cnt, fileshare = FileShare.objects.get(token=token) fileshare.view_cnt = F('view_cnt') + 1 fileshare.save() traffic_over_limit = user_traffic_over_limit(fileshare.username) permissions = fileshare.get_permissions() # mode to view dir/file items mode = request.GET.get('mode', 'list') if mode != 'list': mode = 'grid' thumbnail_size = THUMBNAIL_DEFAULT_SIZE if mode == 'list' else THUMBNAIL_SIZE_FOR_GRID for f in file_list: file_type, file_ext = get_file_type_and_ext(f.obj_name) if file_type == IMAGE: f.is_img = True if file_type == VIDEO: f.is_video = True if (file_type == IMAGE or file_type == VIDEO) and ENABLE_THUMBNAIL: if os.path.exists( os.path.join(THUMBNAIL_ROOT, str(thumbnail_size), f.obj_id)): req_image_path = posixpath.join(req_path, f.obj_name) src = get_share_link_thumbnail_src(token, thumbnail_size, req_image_path) f.encoded_thumbnail_src = urlquote(src) return render( request, 'view_shared_dir.html', { 'repo': repo, 'token': token, 'path': req_path, 'username': username, 'dir_name': dir_name, 'file_list': file_list, 'dir_list': dir_list, 'zipped': zipped, 'traffic_over_limit': traffic_over_limit, 'permissions': permissions, 'ENABLE_THUMBNAIL': ENABLE_THUMBNAIL, 'mode': mode, 'thumbnail_size': thumbnail_size, })
def view_shared_dir(request, fileshare): token = fileshare.token password_check_passed, err_msg = check_share_link_common(request, fileshare) if not password_check_passed: d = {'token': token, 'view_name': 'view_shared_dir', 'err_msg': err_msg} return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) username = fileshare.username repo_id = fileshare.repo_id # Get path from frontend, use '/' if missing, and construct request path # with fileshare.path to real path, used to fetch dirents by RPC. req_path = request.GET.get('p', '/') if req_path[-1] != '/': req_path += '/' if req_path == '/': real_path = fileshare.path else: real_path = posixpath.join(fileshare.path, req_path.lstrip('/')) if real_path[-1] != '/': # Normalize dir path real_path += '/' repo = get_repo(repo_id) if not repo: raise Http404 # Check path still exist, otherwise show error if not seafile_api.get_dir_id_by_path(repo.id, fileshare.path): return render_error(request, _('"%s" does not exist.') % fileshare.path) if fileshare.path == '/': # use repo name as dir name if share whole library dir_name = repo.name else: dir_name = os.path.basename(real_path[:-1]) current_commit = seaserv.get_commits(repo_id, 0, 1)[0] file_list, dir_list, dirent_more = get_repo_dirents(request, repo, current_commit, real_path) # generate dir navigator if fileshare.path == '/': zipped = gen_path_link(req_path, repo.name) else: zipped = gen_path_link(req_path, os.path.basename(fileshare.path[:-1])) if req_path == '/': # When user view the root of shared dir.. # increase shared link view_cnt, fileshare = FileShare.objects.get(token=token) fileshare.view_cnt = F('view_cnt') + 1 fileshare.save() traffic_over_limit = user_traffic_over_limit(fileshare.username) # mode to view dir/file items mode = request.GET.get('mode', 'list') if mode != 'list': mode = 'grid' thumbnail_size = THUMBNAIL_DEFAULT_SIZE if mode == 'list' else THUMBNAIL_SIZE_FOR_GRID if not repo.encrypted and ENABLE_THUMBNAIL: for f in file_list: file_type, file_ext = get_file_type_and_ext(f.obj_name) if file_type == IMAGE: f.is_img = True if os.path.exists(os.path.join(THUMBNAIL_ROOT, str(thumbnail_size), f.obj_id)): req_image_path = posixpath.join(req_path, f.obj_name) src = get_share_link_thumbnail_src(token, thumbnail_size, req_image_path) f.encoded_thumbnail_src = urlquote(src) return render_to_response('view_shared_dir.html', { 'repo': repo, 'token': token, 'path': req_path, 'username': username, 'dir_name': dir_name, 'file_list': file_list, 'dir_list': dir_list, 'zipped': zipped, 'traffic_over_limit': traffic_over_limit, 'ENABLE_THUMBNAIL': ENABLE_THUMBNAIL, 'mode': mode, 'thumbnail_size': thumbnail_size, }, context_instance=RequestContext(request))
def view_shared_dir(request, token): assert token is not None # Checked by URLconf fileshare = FileShare.objects.get_valid_dir_link_by_token(token) if fileshare is None: raise Http404 if fileshare.is_encrypted(): if not check_share_link_access(request, token): d = { 'token': token, 'view_name': 'view_shared_dir', } if request.method == 'POST': post_values = request.POST.copy() post_values['enc_password'] = fileshare.password form = SharedLinkPasswordForm(post_values) d['form'] = form if form.is_valid(): set_share_link_access(request, token) else: return render_to_response( 'share_access_validation.html', d, context_instance=RequestContext(request)) else: return render_to_response( 'share_access_validation.html', d, context_instance=RequestContext(request)) username = fileshare.username repo_id = fileshare.repo_id # Get path from frontend, use '/' if missing, and construct request path # with fileshare.path to real path, used to fetch dirents by RPC. req_path = request.GET.get('p', '/') if req_path[-1] != '/': req_path += '/' if req_path == '/': real_path = fileshare.path else: real_path = posixpath.join(fileshare.path, req_path.lstrip('/')) if real_path[-1] != '/': # Normalize dir path real_path += '/' repo = get_repo(repo_id) if not repo: raise Http404 # Check path still exist, otherwise show error if not seafile_api.get_dir_id_by_path(repo.id, fileshare.path): return render_error(request, _('"%s" does not exist.') % fileshare.path) # download shared dir if request.GET.get('dl', '') == '1': return _download_dir_from_share_link(request, fileshare, repo, real_path) if fileshare.path == '/': # use repo name as dir name if share whole library dir_name = repo.name else: dir_name = os.path.basename(real_path[:-1]) current_commit = seaserv.get_commits(repo_id, 0, 1)[0] file_list, dir_list, dirent_more = get_repo_dirents( request, repo, current_commit, real_path) # generate dir navigator if fileshare.path == '/': zipped = gen_path_link(req_path, repo.name) else: zipped = gen_path_link(req_path, os.path.basename(fileshare.path[:-1])) if req_path == '/': # When user view the root of shared dir.. # increase shared link view_cnt, fileshare = FileShare.objects.get(token=token) fileshare.view_cnt = F('view_cnt') + 1 fileshare.save() traffic_over_limit = user_traffic_over_limit(fileshare.username) # mode to view dir/file items mode = request.GET.get('mode', 'list') if mode != 'list': mode = 'grid' thumbnail_size = THUMBNAIL_DEFAULT_SIZE if mode == 'list' else THUMBNAIL_SIZE_FOR_GRID for f in file_list: file_type, file_ext = get_file_type_and_ext(f.obj_name) if file_type == IMAGE: f.is_img = True real_image_path = posixpath.join(real_path, f.obj_name) if allow_generate_thumbnail(request, repo_id, real_image_path): f.allow_generate_thumbnail = True if os.path.exists( os.path.join(THUMBNAIL_ROOT, str(thumbnail_size), f.obj_id)): req_image_path = posixpath.join(req_path, f.obj_name) src = get_share_link_thumbnail_src(token, thumbnail_size, req_image_path) f.encoded_thumbnail_src = urlquote(src) return render_to_response('view_shared_dir.html', { 'repo': repo, 'token': token, 'path': req_path, 'username': username, 'dir_name': dir_name, 'file_list': file_list, 'dir_list': dir_list, 'zipped': zipped, 'traffic_over_limit': traffic_over_limit, 'ENABLE_THUMBNAIL': ENABLE_THUMBNAIL, 'mode': mode, 'thumbnail_size': thumbnail_size, }, context_instance=RequestContext(request))
def get(self, request, token): """ Only used for get dirents in a folder share link. Permission checking: 1, If enable SHARE_LINK_LOGIN_REQUIRED, user must have been authenticated. 2, If enable ENABLE_SHARE_LINK_AUDIT, user must have been authenticated, or have been audited. 3, If share link is encrypted, share link password must have been checked. """ # argument check thumbnail_size = request.GET.get('thumbnail_size', 48) try: thumbnail_size = int(thumbnail_size) except ValueError: error_msg = 'thumbnail_size invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check # check if login required if SHARE_LINK_LOGIN_REQUIRED and \ not request.user.is_authenticated(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check share link audit if is_pro_version() and ENABLE_SHARE_LINK_AUDIT and \ not request.user.is_authenticated() and \ not request.session.get('anonymous_email'): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check try: share_link = FileShare.objects.get(token=token) except FileShare.DoesNotExist: error_msg = 'Share link %s not found.' % token return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check share link password if share_link.is_encrypted() and not check_share_link_access(request, token): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if share_link.s_type != 'd': error_msg = 'Share link %s is not a folder share link.' % token return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo_id = share_link.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) share_link_path = share_link.path request_path = request.GET.get('path', '/') if request_path == '/': path = share_link_path else: path = posixpath.join(share_link_path, request_path.strip('/')) path = normalize_dir_path(path) dir_id = seafile_api.get_dir_id_by_path(repo_id, path) if not dir_id: error_msg = 'Folder %s not found.' % request_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: current_commit = seafile_api.get_commit_list(repo_id, 0, 1)[0] dirent_list = seafile_api.list_dir_by_commit_and_path(repo_id, current_commit.id, path, -1, -1) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) result = [] for dirent in dirent_list: # don't return parent folder(share link path) info to user # so use request_path here dirent_path = posixpath.join(request_path, dirent.obj_name) dirent_info = {} dirent_info['size'] = dirent.size dirent_info['last_modified'] = timestamp_to_isoformat_timestr(dirent.mtime) if stat.S_ISDIR(dirent.mode): dirent_info['is_dir'] = True dirent_info['folder_path'] = normalize_dir_path(dirent_path) dirent_info['folder_name'] = dirent.obj_name else: dirent_info['is_dir'] = False dirent_info['file_path'] = normalize_file_path(dirent_path) dirent_info['file_name'] = dirent.obj_name file_type, file_ext = get_file_type_and_ext(dirent.obj_name) if file_type in (IMAGE, XMIND) or \ file_type == VIDEO and ENABLE_VIDEO_THUMBNAIL: if os.path.exists(os.path.join(THUMBNAIL_ROOT, str(thumbnail_size), dirent.obj_id)): req_image_path = posixpath.join(request_path, dirent.obj_name) src = get_share_link_thumbnail_src(token, thumbnail_size, req_image_path) dirent_info['encoded_thumbnail_src'] = urlquote(src) result.append(dirent_info) return Response({'dirent_list': result})
def view_shared_dir(request, token): assert token is not None # Checked by URLconf fileshare = FileShare.objects.get_valid_dir_link_by_token(token) if fileshare is None: raise Http404 if fileshare.is_encrypted(): if not check_share_link_access(request, token): d = {'token': token, 'view_name': 'view_shared_dir', } if request.method == 'POST': post_values = request.POST.copy() post_values['enc_password'] = fileshare.password form = SharedLinkPasswordForm(post_values) d['form'] = form if form.is_valid(): set_share_link_access(request, token) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) username = fileshare.username repo_id = fileshare.repo_id # Get path from frontend, use '/' if missing, and construct request path # with fileshare.path to real path, used to fetch dirents by RPC. req_path = request.GET.get('p', '/') if req_path[-1] != '/': req_path += '/' if req_path == '/': real_path = fileshare.path else: real_path = posixpath.join(fileshare.path, req_path.lstrip('/')) if real_path[-1] != '/': # Normalize dir path real_path += '/' repo = get_repo(repo_id) if not repo: raise Http404 # Check path still exist, otherwise show error if not seafile_api.get_dir_id_by_path(repo.id, fileshare.path): return render_error(request, _('"%s" does not exist.') % fileshare.path) # download shared dir if request.GET.get('dl', '') == '1': return _download_dir_from_share_link(request, fileshare, repo, real_path) if fileshare.path == '/': # use repo name as dir name if share whole library dir_name = repo.name else: dir_name = os.path.basename(real_path[:-1]) current_commit = seaserv.get_commits(repo_id, 0, 1)[0] file_list, dir_list, dirent_more = get_repo_dirents(request, repo, current_commit, real_path) # generate dir navigator if fileshare.path == '/': zipped = gen_path_link(req_path, repo.name) else: zipped = gen_path_link(req_path, os.path.basename(fileshare.path[:-1])) if req_path == '/': # When user view the root of shared dir.. # increase shared link view_cnt, fileshare = FileShare.objects.get(token=token) fileshare.view_cnt = F('view_cnt') + 1 fileshare.save() traffic_over_limit = user_traffic_over_limit(fileshare.username) for f in file_list: file_type, file_ext = get_file_type_and_ext(f.obj_name) if file_type == IMAGE: f.is_img = True real_image_path = posixpath.join(real_path, f.obj_name) if allow_generate_thumbnail(request, repo_id, real_image_path): f.allow_generate_thumbnail = True if os.path.exists(os.path.join(THUMBNAIL_ROOT, str(THUMBNAIL_DEFAULT_SIZE), f.obj_id)): req_image_path = posixpath.join(req_path, f.obj_name) src = get_share_link_thumbnail_src(token, THUMBNAIL_DEFAULT_SIZE, req_image_path) f.encoded_thumbnail_src = urlquote(src) return render_to_response('view_shared_dir.html', { 'repo': repo, 'token': token, 'path': req_path, 'username': username, 'dir_name': dir_name, 'file_list': file_list, 'dir_list': dir_list, 'zipped': zipped, 'traffic_over_limit': traffic_over_limit, 'ENABLE_THUMBNAIL': ENABLE_THUMBNAIL, }, context_instance=RequestContext(request))
def get(self, request, token): """ Only used for get dirents in a folder share link. Permission checking: 1, If enable SHARE_LINK_LOGIN_REQUIRED, user must have been authenticated. 2, If enable ENABLE_SHARE_LINK_AUDIT, user must have been authenticated, or have been audited. 3, If share link is encrypted, share link password must have been checked. """ # argument check thumbnail_size = request.GET.get('thumbnail_size', 48) try: thumbnail_size = int(thumbnail_size) except ValueError: error_msg = 'thumbnail_size invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check # check if login required if SHARE_LINK_LOGIN_REQUIRED and \ not request.user.is_authenticated(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check share link audit if is_pro_version() and ENABLE_SHARE_LINK_AUDIT and \ not request.user.is_authenticated() and \ not request.session.get('anonymous_email'): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check try: share_link= FileShare.objects.get(token=token) except FileShare.DoesNotExist: error_msg = 'Share link %s not found.' % token return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check share link password if share_link.is_encrypted() and not check_share_link_access(request, token): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if share_link.s_type != 'd': error_msg = 'Share link %s is not a folder share link.' % token return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo_id = share_link.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) share_link_path = share_link.path request_path = request.GET.get('path', '/') if request_path == '/': path = share_link_path else: path = posixpath.join(share_link_path, request_path.strip('/')) path = normalize_dir_path(path) dir_id = seafile_api.get_dir_id_by_path(repo_id, path) if not dir_id: error_msg = 'Folder %s not found.' % request_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: current_commit = seafile_api.get_commit_list(repo_id, 0, 1)[0] dirent_list = seafile_api.list_dir_by_commit_and_path(repo_id, current_commit.id, path, -1, -1) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) result = [] for dirent in dirent_list: # don't return parent folder(share link path) info to user # so use request_path here dirent_path = posixpath.join(request_path, dirent.obj_name) dirent_info = {} dirent_info['size'] = dirent.size dirent_info['last_modified'] = timestamp_to_isoformat_timestr(dirent.mtime) if stat.S_ISDIR(dirent.mode): dirent_info['is_dir'] = True dirent_info['folder_path'] = normalize_dir_path(dirent_path) dirent_info['folder_name'] = dirent.obj_name else: dirent_info['is_dir'] = False dirent_info['file_path'] = normalize_file_path(dirent_path) dirent_info['file_name'] = dirent.obj_name file_type, file_ext = get_file_type_and_ext(dirent.obj_name) if file_type in (IMAGE, XMIND) or \ file_type == VIDEO and ENABLE_VIDEO_THUMBNAIL: if os.path.exists(os.path.join(THUMBNAIL_ROOT, str(thumbnail_size), dirent.obj_id)): req_image_path = posixpath.join(request_path, dirent.obj_name) src = get_share_link_thumbnail_src(token, thumbnail_size, req_image_path) dirent_info['encoded_thumbnail_src'] = urlquote(src) result.append(dirent_info) return Response({'dirent_list': result})