def get(self, request, workspace_id): """view table file, get table download link """ # argument check table_name = request.GET.get('name', None) if not table_name: error_msg = 'name invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) reuse = request.GET.get('reuse', '0') if reuse not in ('1', '0'): error_msg = 'reuse invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check workspace = Workspaces.objects.get_workspace_by_id(workspace_id) if not workspace: error_msg = 'Workspace %s not found.' % workspace_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_id = workspace.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) dtable = DTables.objects.get_dtable(workspace, table_name) if not dtable: error_msg = 'dtable %s not found.' % table_name return api_error(status.HTTP_404_NOT_FOUND, error_msg) table_file_name = table_name + FILE_TYPE table_path = normalize_file_path(table_file_name) table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path) if not table_file_id: error_msg = 'file %s not found.' % table_file_name return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username owner = workspace.owner if '@seafile_group' in owner: group_id = int(owner.split('@')[0]) if not is_group_member(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if username != owner: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # send stats message send_file_access_msg(request, repo, table_path, 'api') op = request.GET.get('op', 'download') use_onetime = False if reuse == '1' else True return get_repo_file(request, repo_id, table_file_id, table_file_name, op, use_onetime)
def get(self, request, repo_id): """ get info of a single file/folder in a library """ repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not can_view_sys_admin_repo(repo): error_msg = 'Feature disabled.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) path = request.GET.get('path', None) if not path: error_msg = 'path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if path[0] != '/': path = '/' + path try: dirent = seafile_api.get_dirent_by_path(repo_id, path) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not dirent: error_msg = 'file/folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) if stat.S_ISDIR(dirent.mode): is_file = False else: is_file = True username = request.user.username if is_file and request.GET.get('dl', '0') == '1': token = seafile_api.get_fileserver_access_token(repo_id, dirent.obj_id, 'download', username, use_onetime=True) if not token: error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) dl_url = gen_file_get_url(token, dirent.obj_name) send_file_access_msg(request, repo, path, 'web') return Response({'download_url': dl_url}) dirent_info = get_dirent_info(dirent) return Response(dirent_info)
def repo_download_dir(request, repo_id): repo = get_repo(repo_id) if not repo: return render_error(request, _('Library does not exist')) path = request.GET.get('p', '/') if path[-1] != '/': # Normalize dir path path += '/' if not seafile_api.get_dir_id_by_path(repo.id, path): return render_error(request, _('"%s" does not exist.') % path) if len(path) > 1: dirname = os.path.basename(path.rstrip('/')) # Here use `rstrip` to cut out last '/' in path else: dirname = repo.name allow_download = parse_repo_perm(check_folder_permission( request, repo_id, '/')).can_download if allow_download: dir_id = seafile_api.get_dir_id_by_commit_and_path(repo.id, repo.head_cmmt_id, path) try: total_size = seafile_api.get_dir_size(repo.store_id, repo.version, dir_id) except Exception as e: logger.error(str(e)) return render_error(request, _('Internal Server Error')) if total_size > MAX_DOWNLOAD_DIR_SIZE: return render_error(request, _('Unable to download directory "%s": size is too large.') % dirname) is_windows = 0 if is_windows_operating_system(request): is_windows = 1 fake_obj_id = { 'obj_id': dir_id, 'dir_name': dirname, 'is_windows': is_windows } token = seafile_api.get_fileserver_access_token( repo_id, json.dumps(fake_obj_id), 'download-dir', request.user.username) if not token: return render_error(request, _('Internal Server Error')) else: return render_error(request, _('Unable to download "%s"') % dirname ) url = gen_file_get_url(token, dirname) from seahub.views.file import send_file_access_msg send_file_access_msg(request, repo, path, 'web') return redirect(url)
def get(self, request, repo_id, format=None): repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # argument checking parent_dir = request.GET.get('parent_dir', None) dirent_name_string = request.GET.get('dirents', None) if not parent_dir: error_msg = 'parent_dir invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not dirent_name_string: error_msg = 'dirents invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # folder exist checking if not seafile_api.get_dir_id_by_path(repo_id, parent_dir): error_msg = 'Folder %s not found.' % parent_dir return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission checking if check_folder_permission(request, repo_id, parent_dir) is None: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) dirent_name_list = string2list(dirent_name_string) dirent_list = [] for dirent_name in dirent_name_list: dirent_list.append(dirent_name.strip('/')) fake_obj_id = {} fake_obj_id['file_list'] = dirent_list fake_obj_id['parent_dir'] = parent_dir username = request.user.username try: token = seafile_api.get_fileserver_access_token( repo_id, json.dumps(fake_obj_id), 'download-multi', username, False) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if len(dirent_list) > 10: send_file_access_msg(request, repo, parent_dir, 'web') else: for dirent_name in dirent_list: full_dirent_path = posixpath.join(parent_dir, dirent_name) send_file_access_msg(request, repo, full_dirent_path, 'web') download_url = '%s/files/%s' % (get_fileserver_root(), token) return Response({'url': download_url})
def get(self, request, repo_id): """ get info of a single file/folder in a library """ if not request.user.admin_permissions.can_manage_library(): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') repo = seafile_api.get_repo(repo_id) path = request.GET.get('path', None) if not path: error_msg = 'path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) path = normalize_file_path(path) try: dirent = seafile_api.get_dirent_by_path(repo_id, path) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not dirent: error_msg = 'File or folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) if stat.S_ISDIR(dirent.mode): is_file = False else: is_file = True username = request.user.username if is_file and request.GET.get('dl', '0') == '1': token = seafile_api.get_fileserver_access_token( repo_id, dirent.obj_id, 'download', username, use_onetime=settings.FILESERVER_TOKEN_ONCE_ONLY) if not token: error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) dl_url = gen_file_get_url(token, dirent.obj_name) send_file_access_msg(request, repo, path, 'web') return Response({'download_url': dl_url}) dirent_info = get_dirent_info(dirent) return Response(dirent_info)
def get(self, request, repo_id): """ get info of a single file/folder in a library """ repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not can_view_sys_admin_repo(repo): error_msg = 'Feature disabled.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) path = request.GET.get('path', None) if not path: error_msg = 'path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if path[0] != '/': path = '/' + path try: dirent = seafile_api.get_dirent_by_path(repo_id, path) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not dirent: error_msg = 'file/folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) if stat.S_ISDIR(dirent.mode): is_file = False else: is_file = True username = request.user.username if is_file and request.GET.get('dl', '0') == '1': token = seafile_api.get_fileserver_access_token(repo_id, dirent.obj_id, 'download', username, use_onetime=True) dl_url = gen_file_get_url(token, dirent.obj_name) send_file_access_msg(request, repo, path, 'web') return Response({'download_url': dl_url}) dirent_info = get_dirent_info(dirent) return Response(dirent_info)
def get(self, request, repo_id): """ get info of a single file/folder in a library """ repo = seafile_api.get_repo(repo_id) path = request.GET.get('path', None) if not path: error_msg = 'path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) path = normalize_file_path(path) try: dirent = seafile_api.get_dirent_by_path(repo_id, path) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not dirent: error_msg = 'File or folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) if stat.S_ISDIR(dirent.mode): is_file = False else: is_file = True username = request.user.username if is_file and request.GET.get('dl', '0') == '1': token = seafile_api.get_fileserver_access_token( repo_id, dirent.obj_id, 'download', username, use_onetime=settings.FILESERVER_TOKEN_ONCE_ONLY) if not token: error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) dl_url = gen_file_get_url(token, dirent.obj_name) send_file_access_msg(request, repo, path, 'web') return Response({'download_url': dl_url}) dirent_info = get_dirent_info(dirent) return Response(dirent_info)
def _download_dir_from_share_link(request, fileshare, repo, real_path): # check whether owner's traffic over the limit if user_traffic_over_limit(fileshare.username): return render_error( request, _(u'Unable to access file: share link traffic is used up.')) shared_by = fileshare.username if real_path == '/': dirname = repo.name else: dirname = os.path.basename(real_path.rstrip('/')) dir_id = seafile_api.get_dir_id_by_path(repo.id, real_path) if not dir_id: return render_error(request, _(u'Unable to download: folder not found.')) try: total_size = seaserv.seafserv_threaded_rpc.get_dir_size( repo.store_id, repo.version, dir_id) except Exception as e: logger.error(str(e)) return render_error(request, _(u'Internal Error')) if total_size > seaserv.MAX_DOWNLOAD_DIR_SIZE: return render_error( request, _(u'Unable to download directory "%s": size is too large.') % dirname) token = seafile_api.get_fileserver_access_token(repo.id, dir_id, 'download-dir', request.user.username) try: seaserv.send_message( 'seahub.stats', 'dir-download\t%s\t%s\t%s\t%s' % (repo.id, shared_by, dir_id, total_size)) send_file_access_msg(request, repo, real_path, 'web') except Exception as e: logger.error('Error when sending dir-download message: %s' % str(e)) return HttpResponseRedirect(gen_file_get_url(token, dirname))
def get(self, request, repo_id, format=None): repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # argument checking parent_dir = request.GET.get('parent_dir', None) dirent_name_string = request.GET.get('dirents', None) if not parent_dir: error_msg = 'parent_dir invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not dirent_name_string: error_msg = 'dirents invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # folder exist checking if not seafile_api.get_dir_id_by_path(repo_id, parent_dir): error_msg = 'Folder %s not found.' % parent_dir return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission checking if check_folder_permission(request, repo_id, parent_dir) is None: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) dirent_name_list = string2list(dirent_name_string) dirent_list = [] total_size = 0 for dirent_name in dirent_name_list: dirent_name = dirent_name.strip('/') dirent_list.append(dirent_name) full_dirent_path = posixpath.join(parent_dir, dirent_name) current_dirent = seafile_api.get_dirent_by_path(repo_id, full_dirent_path) if stat.S_ISDIR(current_dirent.mode): total_size += seafile_api.get_dir_size(repo.store_id, repo.version, current_dirent.obj_id) else: total_size += current_dirent.size if total_size > seaserv.MAX_DOWNLOAD_DIR_SIZE: error_msg = _('Total size exceeds limit.') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) fake_obj_id = {} fake_obj_id['file_list'] = dirent_list fake_obj_id['parent_dir'] = parent_dir username = request.user.username try: token = seafile_api.get_fileserver_access_token(repo_id, json.dumps(fake_obj_id), 'download-multi', username, False) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if len(dirent_list) > 10: send_file_access_msg(request, repo, parent_dir, 'web') else: for dirent_name in dirent_list: full_dirent_path = posixpath.join(parent_dir, dirent_name) send_file_access_msg(request, repo, full_dirent_path, 'web') download_url = '%s/files/%s' % (get_fileserver_root(), token) return Response({'url': download_url})
def get(self, request, repo_id, format=None): """ Get file server token for download-dir and download-multi. Permission checking: 1. user with 'r' or 'rw' permission; """ # argument check parent_dir = request.GET.get('parent_dir', None) if not parent_dir: error_msg = 'parent_dir invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) dirent_name_list = request.GET.getlist('dirents', None) if not dirent_name_list: error_msg = 'dirents invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if len(dirent_name_list) == 1: download_type = 'download-dir' elif len(dirent_name_list) > 1: download_type = 'download-multi' else: error_msg = 'dirents invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # recourse check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not seafile_api.get_dir_id_by_path(repo_id, parent_dir): error_msg = 'Folder %s not found.' % parent_dir return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check if not check_folder_permission(request, repo_id, parent_dir): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # get file server access token is_windows = 0 if is_windows_operating_system(request): is_windows = 1 if download_type == 'download-dir': dir_name = dirent_name_list[0].strip('/') full_dir_path = posixpath.join(parent_dir, dir_name) dir_id = seafile_api.get_dir_id_by_path(repo_id, full_dir_path) if not dir_id: error_msg = 'Folder %s not found.' % full_dir_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) dir_size = seafile_api.get_dir_size( repo.store_id, repo.version, dir_id) if dir_size > seaserv.MAX_DOWNLOAD_DIR_SIZE: error_msg = 'Unable to download directory "%s": size is too large.' % dir_name return api_error(status.HTTP_400_BAD_REQUEST, error_msg) fake_obj_id = { 'obj_id': dir_id, 'dir_name': dir_name, 'is_windows': is_windows } if download_type == 'download-multi': dirent_list = [] total_size = 0 for dirent_name in dirent_name_list: dirent_name = dirent_name.strip('/') dirent_list.append(dirent_name) full_dirent_path = posixpath.join(parent_dir, dirent_name) current_dirent = seafile_api.get_dirent_by_path(repo_id, full_dirent_path) if not current_dirent: continue if stat.S_ISDIR(current_dirent.mode): total_size += seafile_api.get_dir_size(repo.store_id, repo.version, current_dirent.obj_id) else: total_size += current_dirent.size if total_size > seaserv.MAX_DOWNLOAD_DIR_SIZE: error_msg = _('Total size exceeds limit.') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) fake_obj_id = { 'parent_dir': parent_dir, 'file_list': dirent_list, 'is_windows': is_windows } username = request.user.username try: zip_token = seafile_api.get_fileserver_access_token( repo_id, json.dumps(fake_obj_id), download_type, username) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if len(dirent_name_list) > 10: send_file_access_msg(request, repo, parent_dir, 'web') else: for dirent_name in dirent_name_list: full_dirent_path = posixpath.join(parent_dir, dirent_name) send_file_access_msg(request, repo, full_dirent_path, 'web') return Response({'zip_token': zip_token})
def test_anonymous_request(self): send_file_access_msg(self._anon_request(), self.repo, '', '')
def get(self, request, repo_id, format=None): """ Deprecated. Sometimes when user download too many files in one request, Nginx will return 414-Request-URI Too Large error. So, use the following POST request instead. Put all parameters in request body. """ # argument check parent_dir = request.GET.get('parent_dir', None) if not parent_dir: error_msg = 'parent_dir invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) dirent_name_list = request.GET.getlist('dirents', None) if not dirent_name_list: error_msg = 'dirents invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if len(dirent_name_list) == 1: download_type = 'download-dir' elif len(dirent_name_list) > 1: download_type = 'download-multi' else: error_msg = 'dirents invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # recourse check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not seafile_api.get_dir_id_by_path(repo_id, parent_dir): error_msg = 'Folder %s not found.' % parent_dir return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check repo_folder_permission = check_folder_permission( request, repo_id, parent_dir) if not repo_folder_permission: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # get file server access token is_windows = 0 if is_windows_operating_system(request): is_windows = 1 if download_type == 'download-dir': dir_name = dirent_name_list[0].strip('/') full_dir_path = posixpath.join(parent_dir, dir_name) dir_id = seafile_api.get_dir_id_by_path(repo_id, full_dir_path) if not dir_id: error_msg = 'Folder %s not found.' % full_dir_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not json.loads(seafile_api.is_dir_downloadable(repo_id, json.dumps([full_dir_path]), \ request.user.username, repo_folder_permission))['is_downloadable']: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) fake_obj_id = { 'obj_id': dir_id, 'dir_name': dir_name, 'is_windows': is_windows } if download_type == 'download-multi': dirent_list = [] full_dirent_path_list = [] for dirent_name in dirent_name_list: dirent_name = dirent_name.strip('/') dirent_list.append(dirent_name) full_dirent_path = posixpath.join(parent_dir, dirent_name) current_dirent = seafile_api.get_dirent_by_path( repo_id, full_dirent_path) if not current_dirent: continue full_dirent_path_list.append(full_dirent_path) if not json.loads(seafile_api.is_dir_downloadable(repo_id, json.dumps(full_dirent_path_list), \ request.user.username, repo_folder_permission))['is_downloadable']: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) fake_obj_id = { 'parent_dir': parent_dir, 'file_list': dirent_list, 'is_windows': is_windows } username = request.user.username try: zip_token = seafile_api.get_fileserver_access_token( repo_id, json.dumps(fake_obj_id), download_type, username, use_onetime=settings.FILESERVER_TOKEN_ONCE_ONLY) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not zip_token: error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if len(dirent_name_list) > 10: send_file_access_msg(request, repo, parent_dir, 'web') else: for dirent_name in dirent_name_list: full_dirent_path = posixpath.join(parent_dir, dirent_name) send_file_access_msg(request, repo, full_dirent_path, 'web') return Response({'zip_token': zip_token})
def get(self, request, token): """ Get FileServer download url of the shared file/dir. Permission checking: 1. only admin can perform this action. """ try: sharelink = FileShare.objects.get(token=token) except FileShare.DoesNotExist: error_msg = 'Share link %s not found.' % token return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_id = sharelink.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library not found.' return api_error(status.HTTP_404_NOT_FOUND, error_msg) result = {} obj_path = sharelink.path if sharelink.s_type == 'f': # download shared file obj_id = seafile_api.get_file_id_by_path(repo_id, obj_path) if not obj_id: error_msg = 'File not found.' return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: # `username` parameter only used for encrypted repo download_token = seafile_api.get_fileserver_access_token( repo_id, obj_id, 'download-link', sharelink.username, use_onetime=False) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not download_token: error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) obj_name = os.path.basename(obj_path.rstrip('/')) result['download_link'] = gen_file_get_url(download_token, obj_name) else: # download (sub) file/folder in shared dir obj_id = seafile_api.get_dir_id_by_path(repo_id, obj_path) if not obj_id: error_msg = 'Folder not found.' return api_error(status.HTTP_404_NOT_FOUND, error_msg) download_type = request.GET.get('type', None) if not download_type or download_type not in ('file', 'folder'): error_msg = 'type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) req_path = request.GET.get('path', None) if not req_path: error_msg = 'path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if req_path == '/': real_path = obj_path else: real_path = posixpath.join(obj_path, req_path.strip('/')) if download_type == 'file': # download sub file in shared dir real_obj_id = seafile_api.get_file_id_by_path( repo_id, real_path) if not real_obj_id: error_msg = 'File not found.' return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: download_token = seafile_api.get_fileserver_access_token( repo_id, real_obj_id, 'download-link', sharelink.username, use_onetime=False) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not download_token: error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) file_name = os.path.basename(real_path.rstrip('/')) result['download_link'] = gen_file_get_url( download_token, file_name) else: # download sub folder in shared dir if real_path[-1] != '/': real_path += '/' real_obj_id = seafile_api.get_dir_id_by_path( repo_id, real_path) if not real_obj_id: error_msg = 'Folder %s not found.' % req_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) dir_name = repo.name if real_path == '/' else \ os.path.basename(real_path.rstrip('/')) dir_size = seafile_api.get_dir_size(repo.store_id, repo.version, real_obj_id) if dir_size > seaserv.MAX_DOWNLOAD_DIR_SIZE: error_msg = 'Unable to download directory "%s": size is too large.' % dir_name return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # get file server access token is_windows = 0 if is_windows_operating_system(request): is_windows = 1 fake_obj_id = { 'obj_id': real_obj_id, 'dir_name': dir_name, 'is_windows': is_windows } try: zip_token = seafile_api.get_fileserver_access_token( repo_id, json.dumps(fake_obj_id), 'download-dir-link', sharelink.username, use_onetime=False) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) try: # used for file audit send_file_access_msg(request, repo, real_path, 'share-link') except Exception as e: logger.error(e) result['download_link'] = gen_dir_zip_download_url(zip_token) return Response(result)
def test_normal_request(self): send_file_access_msg(self._request, self.repo, '', '')
def get(self, request, repo_id, format=None): repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = request.GET.get('p', None) if not path: error_msg = 'p invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: file_id = seafile_api.get_file_id_by_path(repo_id, path) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not file_id: error_msg = 'File %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) if check_folder_permission(request, repo_id, path) is None: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # send stats message send_file_access_msg(request, repo, path, 'api') op = request.GET.get('op', 'download') if op == 'download': reuse = request.GET.get('reuse', '0') if reuse not in ('1', '0'): error_msg = "If you want to reuse file server access token for download file, you should set 'reuse' argument as '1'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) use_onetime = False if reuse == '1' else True file_name = os.path.basename(path) token = seafile_api.get_fileserver_access_token(repo_id, file_id, op, request.user.username, use_onetime) redirect_url = gen_file_get_url(token, file_name) return Response({"url": redirect_url}) elif op == 'downloadblks': blklist = [] encrypted = False enc_version = 0 if file_id != EMPTY_SHA1: try: blks = seafile_api.list_blocks_by_file_id(repo_id, file_id) blklist = blks.split('\n') except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) blklist = [i for i in blklist if len(i) == 40] if len(blklist) > 0: repo = seafile_api.get_repo(repo_id) encrypted = repo.encrypted enc_version = repo.enc_version res = { 'file_id': file_id, 'blklist': blklist, 'encrypted': encrypted, 'enc_version': enc_version, } return Response(res) elif op == 'sharelink': link = get_shared_link(request, repo_id, path) return Response({"link": link}) else: error_msg = 'op invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
def test_anonymous_request(self): send_file_access_msg(self._anon_request(), self.repo, "", "")
return render_error(request, _(u'Internal Error')) if total_size > MAX_DOWNLOAD_DIR_SIZE: return render_error(request, _(u'Unable to download directory "%s": size is too large.') % dirname) token = seafile_api.get_fileserver_access_token(repo_id, dir_id, 'download-dir', request.user.username) else: return render_error(request, _(u'Unable to download "%s"') % dirname ) url = gen_file_get_url(token, dirname) from seahub.views.file import send_file_access_msg send_file_access_msg(request, repo, path, 'web') return redirect(url) def group_events_data(events): """ Group events according to the date. """ event_groups = [] for e in events: e.time = utc_to_local(e.timestamp) e.date = e.time.strftime("%Y-%m-%d") if e.etype == 'repo-update': e.author = e.commit.creator_name elif e.etype == 'repo-create': e.author = e.creator else:
def get(self, request, format=None): """ Only used for download dir when view dir share link from web. Permission checking: 1. authenticated user OR anonymous user has passed email code check(if necessary); """ # permission check if is_pro_version() and settings.ENABLE_SHARE_LINK_AUDIT: if not request.user.is_authenticated() and \ not request.session.get('anonymous_email'): # if anonymous user has passed email code check, # then his/her email info will be in session. error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # argument check share_link_token = request.GET.get('share_link_token', None) if not share_link_token: error_msg = 'share_link_token invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) req_path = request.GET.get('path', None) if not req_path: error_msg = 'path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # recourse check fileshare = FileShare.objects.get_valid_dir_link_by_token( share_link_token) if not fileshare: error_msg = 'share_link_token %s not found.' % share_link_token return api_error(status.HTTP_404_NOT_FOUND, error_msg) if req_path[-1] != '/': req_path += '/' if req_path == '/': real_path = fileshare.path else: real_path = posixpath.join(fileshare.path, req_path.lstrip('/')) if real_path[-1] != '/': real_path += '/' repo_id = fileshare.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) dir_id = seafile_api.get_dir_id_by_path(repo_id, real_path) if not dir_id: error_msg = 'Folder %s not found.' % real_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not seafile_api.check_permission_by_path(repo_id, '/', fileshare.username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # get file server access token dir_name = repo.name if real_path == '/' else \ os.path.basename(real_path.rstrip('/')) dir_size = seafile_api.get_dir_size(repo.store_id, repo.version, dir_id) if dir_size > seaserv.MAX_DOWNLOAD_DIR_SIZE: error_msg = _( 'Unable to download directory "%s": size is too large.' ) % dir_name return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: seaserv.send_message( 'seahub.stats', 'dir-download\t%s\t%s\t%s\t%s' % (repo_id, fileshare.username, dir_id, dir_size)) except Exception as e: logger.error(e) is_windows = 0 if is_windows_operating_system(request): is_windows = 1 fake_obj_id = { 'obj_id': dir_id, 'dir_name': dir_name, 'is_windows': is_windows } username = request.user.username try: zip_token = seafile_api.get_fileserver_access_token( repo_id, json.dumps(fake_obj_id), 'download-dir', username, use_onetime=settings.FILESERVER_TOKEN_ONCE_ONLY) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not zip_token: error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if request.session.get('anonymous_email'): request.user.username = request.session.get('anonymous_email') send_file_access_msg(request, repo, real_path, 'share-link') return Response({'zip_token': zip_token})
def post(self, request, repo_id, format=None): """ Get file server token for download-dir and download-multi. Permission checking: 1. user with 'r' or 'rw' permission; """ # argument check parent_dir = request.data.get('parent_dir', None) if not parent_dir: error_msg = 'parent_dir invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) dirent_name_list = request.data.getlist('dirents', None) if not dirent_name_list: error_msg = 'dirents invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if len(dirent_name_list) == 1: download_type = 'download-dir' elif len(dirent_name_list) > 1: download_type = 'download-multi' else: error_msg = 'dirents invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # recourse check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not seafile_api.get_dir_id_by_path(repo_id, parent_dir): error_msg = 'Folder %s not found.' % parent_dir return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check repo_folder_permission = check_folder_permission( request, repo_id, parent_dir) if parse_repo_perm(repo_folder_permission).can_download is False: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # get file server access token is_windows = 0 if is_windows_operating_system(request): is_windows = 1 if download_type == 'download-dir': dir_name = dirent_name_list[0].strip('/') full_dir_path = posixpath.join(parent_dir, dir_name) dir_id = seafile_api.get_dir_id_by_path(repo_id, full_dir_path) if not dir_id: error_msg = 'Folder %s not found.' % full_dir_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not json.loads(seafile_api.is_dir_downloadable(repo_id, json.dumps([full_dir_path]), \ request.user.username, repo_folder_permission))['is_downloadable']: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) dir_size = seafile_api.get_dir_size(repo.store_id, repo.version, dir_id) if dir_size > seaserv.MAX_DOWNLOAD_DIR_SIZE: error_msg = 'Unable to download directory "%s": size is too large.' % dir_name return api_error(status.HTTP_400_BAD_REQUEST, error_msg) fake_obj_id = { 'obj_id': dir_id, 'dir_name': dir_name, 'is_windows': is_windows } if download_type == 'download-multi': dirent_list = [] total_size = 0 full_dirent_path_list = [] for dirent_name in dirent_name_list: dirent_name = dirent_name.strip('/') dirent_list.append(dirent_name) full_dirent_path = posixpath.join(parent_dir, dirent_name) current_dirent = seafile_api.get_dirent_by_path( repo_id, full_dirent_path) if not current_dirent: continue if stat.S_ISDIR(current_dirent.mode): total_size += seafile_api.get_dir_size( repo.store_id, repo.version, current_dirent.obj_id) else: total_size += current_dirent.size full_dirent_path_list.append(full_dirent_path) if not json.loads(seafile_api.is_dir_downloadable(repo_id, json.dumps(full_dirent_path_list), \ request.user.username, repo_folder_permission))['is_downloadable']: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if total_size > seaserv.MAX_DOWNLOAD_DIR_SIZE: error_msg = _('Total size exceeds limit.') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) fake_obj_id = { 'parent_dir': parent_dir, 'file_list': dirent_list, 'is_windows': is_windows } username = request.user.username try: zip_token = seafile_api.get_fileserver_access_token( repo_id, json.dumps(fake_obj_id), download_type, username, use_onetime=settings.FILESERVER_TOKEN_ONCE_ONLY) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not zip_token: error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if len(dirent_name_list) > 10: send_file_access_msg(request, repo, parent_dir, 'web') else: for dirent_name in dirent_name_list: full_dirent_path = posixpath.join(parent_dir, dirent_name) send_file_access_msg(request, repo, full_dirent_path, 'web') return Response({'zip_token': zip_token})
def get(self, request, slug): """Get content of a wiki """ path = request.GET.get('p', '/') try: wiki = Wiki.objects.get(slug=slug) except Wiki.DoesNotExist: error_msg = "Wiki not found." return api_error(status.HTTP_404_NOT_FOUND, error_msg) # perm check if not wiki.has_read_perm(request): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if request.user.username: parent_dir = os.path.dirname(path) permission = check_folder_permission(request, wiki.repo_id, parent_dir) else: permission = 'r' try: repo = seafile_api.get_repo(wiki.repo_id) if not repo: error_msg = "Wiki library not found." return api_error(status.HTTP_404_NOT_FOUND, error_msg) except SearpcError: error_msg = _("Internal Server Error") return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) file_id = None try: file_id = seafile_api.get_file_id_by_path(repo.repo_id, path) except SearpcError as e: logger.error(e) return api_error(HTTP_520_OPERATION_FAILED, "Failed to get file id by path.") if not file_id: return api_error(status.HTTP_404_NOT_FOUND, "File not found") # send stats message send_file_access_msg(request, repo, path, 'api') file_name = os.path.basename(path) token = seafile_api.get_fileserver_access_token(repo.repo_id, file_id, 'download', request.user.username, 'False') if not token: error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) url = gen_inner_file_get_url(token, file_name) file_response = urllib2.urlopen(url) content = file_response.read() try: dirent = seafile_api.get_dirent_by_path(repo.repo_id, path) if dirent: latest_contributor, last_modified = dirent.modifier, dirent.mtime else: latest_contributor, last_modified = None, 0 except SearpcError as e: logger.error(e) latest_contributor, last_modified = None, 0 return Response({ "content": content, "latest_contributor": email2nickname(latest_contributor), "last_modified": last_modified, "permission": permission, })
def get(self, request, format=None): """ Only used for download dir when view dir share link from web. Permission checking: 1. authenticated user OR anonymous user has passed email code check(if necessary); """ # permission check if is_pro_version() and settings.ENABLE_SHARE_LINK_AUDIT: if not request.user.is_authenticated() and \ not request.session.get('anonymous_email'): # if anonymous user has passed email code check, # then his/her email info will be in session. error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # argument check share_link_token = request.GET.get('share_link_token', None) if not share_link_token: error_msg = 'share_link_token invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) req_path = request.GET.get('path', None) if not req_path: error_msg = 'path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # recourse check fileshare = FileShare.objects.get_valid_dir_link_by_token(share_link_token) if not fileshare: error_msg = 'share_link_token %s not found.' % share_link_token return api_error(status.HTTP_404_NOT_FOUND, error_msg) if req_path[-1] != '/': req_path += '/' if req_path == '/': real_path = fileshare.path else: real_path = posixpath.join(fileshare.path, req_path.lstrip('/')) if real_path[-1] != '/': real_path += '/' repo_id = fileshare.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) dir_id = seafile_api.get_dir_id_by_path(repo_id, real_path) if not dir_id: error_msg = 'Folder %s not found.' % real_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) # get file server access token dir_name = repo.name if real_path == '/' else \ os.path.basename(real_path.rstrip('/')) dir_size = seafile_api.get_dir_size( repo.store_id, repo.version, dir_id) if dir_size > seaserv.MAX_DOWNLOAD_DIR_SIZE: error_msg = 'Unable to download directory "%s": size is too large.' % dir_name return api_error(status.HTTP_400_BAD_REQUEST, error_msg) is_windows = 0 if is_windows_operating_system(request): is_windows = 1 fake_obj_id = { 'obj_id': dir_id, 'dir_name': dir_name, 'is_windows': is_windows } username = request.user.username try: zip_token = seafile_api.get_fileserver_access_token( repo_id, json.dumps(fake_obj_id), 'download-dir', username) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if request.session.get('anonymous_email'): request.user.username = request.session.get('anonymous_email') send_file_access_msg(request, repo, real_path, 'share-link') return Response({'zip_token': zip_token})
def get(self, request, slug): """Get content of a wiki """ path = request.GET.get('p', '/') try: wiki = Wiki.objects.get(slug=slug) except Wiki.DoesNotExist: error_msg = "Wiki not found." return api_error(status.HTTP_404_NOT_FOUND, error_msg) # perm check if not wiki.check_access_wiki(request): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if request.user.username: parent_dir = os.path.dirname(path) permission = check_folder_permission(request, wiki.repo_id, parent_dir) else: permission = 'r' try: repo = seafile_api.get_repo(wiki.repo_id) if not repo: error_msg = "Wiki library not found." return api_error(status.HTTP_404_NOT_FOUND, error_msg) except SearpcError: error_msg = _("Internal Server Error") return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) file_id = None try: file_id = seafile_api.get_file_id_by_path(repo.repo_id, path) except SearpcError as e: logger.error(e) return api_error(HTTP_520_OPERATION_FAILED, "Failed to get file id by path.") if not file_id: return api_error(status.HTTP_404_NOT_FOUND, "File not found") # send stats message send_file_access_msg(request, repo, path, 'api') file_name = os.path.basename(path) token = seafile_api.get_fileserver_access_token( repo.repo_id, file_id, 'download', request.user.username, 'False') if not token: error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) url = gen_inner_file_get_url(token, file_name) file_response = urllib2.urlopen(url) content = file_response.read() try: dirent = seafile_api.get_dirent_by_path(repo.repo_id, path) if dirent: latest_contributor, last_modified = dirent.modifier, dirent.mtime else: latest_contributor, last_modified = None, 0 except SearpcError as e: logger.error(e) latest_contributor, last_modified = None, 0 return Response({ "content": content, "latest_contributor": email2nickname(latest_contributor), "last_modified": last_modified, "permission": permission, })
def test_normal_request(self): send_file_access_msg(self._request, self.repo, "", "")
'is_windows': is_windows } token = seafile_api.get_fileserver_access_token( repo_id, json.dumps(fake_obj_id), 'download-dir', request.user.username) if not token: return render_error(request, _(u'Internal Server Error')) else: return render_error(request, _(u'Unable to download "%s"') % dirname) url = gen_file_get_url(token, dirname) from seahub.views.file import send_file_access_msg send_file_access_msg(request, repo, path, 'web') return redirect(url) def group_events_data(events): """ Group events according to the date. """ event_groups = [] for e in events: e.time = utc_to_local(e.timestamp) e.date = e.time.strftime("%Y-%m-%d") if e.etype == 'repo-update': e.author = e.commit.creator_name elif e.etype == 'repo-create': e.author = e.creator
def get(self, request, repo_id, format=None): repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = request.GET.get('p', None) if not path: error_msg = 'p invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: file_id = seafile_api.get_file_id_by_path(repo_id, path) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not file_id: error_msg = 'File %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) if check_folder_permission(request, repo_id, path) is None: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # send stats message send_file_access_msg(request, repo, path, 'api') op = request.GET.get('op', 'download') if op == 'download': reuse = request.GET.get('reuse', '0') if reuse not in ('1', '0'): error_msg = "If you want to reuse file server access token for download file, you should set 'reuse' argument as '1'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) use_onetime = False if reuse == '1' else True file_name = os.path.basename(path) token = seafile_api.get_fileserver_access_token( repo_id, file_id, op, request.user.username, use_onetime) redirect_url = gen_file_get_url(token, file_name) return Response({"url": redirect_url}) elif op == 'downloadblks': blklist = [] encrypted = False enc_version = 0 if file_id != EMPTY_SHA1: try: blks = seafile_api.list_blocks_by_file_id(repo_id, file_id) blklist = blks.split('\n') except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) blklist = [i for i in blklist if len(i) == 40] if len(blklist) > 0: repo = seafile_api.get_repo(repo_id) encrypted = repo.encrypted enc_version = repo.enc_version res = { 'file_id': file_id, 'blklist': blklist, 'encrypted': encrypted, 'enc_version': enc_version, } return Response(res) elif op == 'sharelink': link = get_shared_link(request, repo_id, path) return Response({"link": link}) else: error_msg = 'op invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg)