def check_group_share_in_permission(repo_id, group_id, is_org=False): # Returns the permission to share the group you joined. repo = seafile_api.get_group_shared_repo_by_path(repo_id, None, group_id, is_org) if not repo: return None extra_permission = ExtraGroupsSharePermission.objects.get_group_permission(repo_id, group_id) return extra_permission if extra_permission else repo.permission
def delete(self, request, group_id, repo_id): """ Delete a group library. Permission checking: 1. is repo owner; 2. is repo admin; 3. is group admin; """ group_id = int(group_id) repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) is_org = False if is_org_context(request): is_org = True group_repo = seafile_api.get_group_shared_repo_by_path(repo_id, None, group_id, is_org) if not group_repo: error_msg = 'Group library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # only group admin or repo owner can delete group repo. username = request.user.username repo_owner = get_repo_owner(request, repo_id) if not is_group_admin(group_id, username) and \ repo_owner != username and \ not is_repo_admin(username, repo_id): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) permission = check_group_share_in_permission(repo_id, group_id, is_org) if is_org: org_id = ccnet_api.get_org_id_by_group(group_id) seafile_api.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, username) origin_repo_id = group_repo.origin_repo_id or repo_id origin_path = group_repo.origin_path or '/' send_perm_audit_msg('delete-repo-perm', username, group_id, origin_repo_id, origin_path, permission) # delete extra share permission ExtraGroupsSharePermission.objects.delete_share_permission(repo_id, group_id) return Response({'success': True})
def check_group_share_out_permission(repo_id, path, group_id, is_org=False): # Return the permission that share to other's group. path = None if path == '/' else path repo = seafile_api.get_group_shared_repo_by_path(repo_id, path, group_id, is_org) if not repo: return None permission = repo.permission if path is None: extra_permission = ExtraGroupsSharePermission.objects.get_group_permission(repo_id, group_id) permission = extra_permission if extra_permission else repo.permission return permission
def post(self, request, group_id): """ Add a group library. Permission checking: 1. role permission, can_add_repo; 1. is group member; """ # argument check repo_name = request.data.get("repo_name", None) if not repo_name or \ not is_valid_dirent_name(repo_name): error_msg = "repo_name invalid." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) password = request.data.get("password", None) if password and not config.ENABLE_ENCRYPTED_LIBRARY: error_msg = 'NOT allow to create encrypted library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) permission = request.data.get('permission', PERMISSION_READ) if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check if not request.user.permissions.can_add_repo(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not is_group_member(group_id, request.user.username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # create group repo org_id = -1 group_id = int(group_id) username = request.user.username is_org = False if is_org_context(request): is_org = True org_id = request.user.org.org_id repo_id = seafile_api.create_org_repo(repo_name, '', username, password, org_id) else: repo_id = seafile_api.create_repo(repo_name, '', username, password) repo = seafile_api.get_repo(repo_id) share_dir_to_group(repo, '/', username, username, group_id, permission, org_id if is_org else None) # for activities library_template = request.data.get("library_template", '') repo_created.send(sender=None, org_id=org_id, creator=username, repo_id=repo_id, repo_name=repo_name, library_template=library_template) # for notification repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=group_id, repo=repo, path='/', org_id=org_id) # for perm audit send_perm_audit_msg('add-repo-perm', username, group_id, repo_id, '/', permission) group_repo = seafile_api.get_group_shared_repo_by_path( repo_id, None, group_id, is_org) group_repo_info = get_group_repo_info(request, group_repo) return Response(group_repo_info)
def test_share_repo_to_group(repo, group, permission): assert api.check_permission(repo.id, USER) == 'rw' assert api.check_permission(repo.id, USER2) is None repos = api.get_repos_by_group(group.id) assert len(repos) == 0 group_list = ccnet_api.get_groups(USER) assert len(group_list) == 1 group_list = ccnet_api.get_groups(USER2) assert len(group_list) == 0 api.group_share_repo(repo.id, group.id, USER, permission) repos = api.get_repos_by_group(group.id) assert_repo_with_permission(repo, repos, permission) group_ids = api.get_shared_group_ids_by_repo(repo.id) assert group_ids[0] == str(group.id) group_list = api.list_repo_shared_group_by_user(USER, repo.id) assert len(group_list) == 1 group_list = api.list_repo_shared_group_by_user(USER2, repo.id) assert len(group_list) == 0 repo_get = api.get_group_shared_repo_by_path(repo.id, None, group.id) assert repo_get and repo_get.repo_id == repo.id ccnet_api.group_add_member(group.id, USER, USER2) group_list = ccnet_api.get_groups(USER2) assert len(group_list) == 1 group = group_list[0] assert group.id == group.id repos2 = api.get_repos_by_group(group.id) assert_repo_with_permission(repo, repos2, permission) assert api.check_permission(repo.id, USER2) == permission repos = api.get_group_repos_by_user(USER) assert len(repos) == 1 repoids = api.get_group_repoids(group.id) assert len(repoids) == 1 repos = api.get_group_repos_by_owner(USER) assert len(repos) == 1 api.remove_group_repos_by_owner(group.id, USER) repos = api.get_group_repos_by_owner(USER) assert len(repos) == 0 api.set_group_repo(repo.id, group.id, USER, permission) repos = api.get_repos_by_group(group.id) assert len(repos) == 1 api.remove_group_repos(group.id) repos = api.get_repos_by_group(group.id) assert len(repos) == 0 api.group_unshare_repo(repo.id, group.id, USER) repos = api.get_repos_by_group(group.id) assert len(repos) == 0 assert api.check_permission(repo.id, USER2) is None
def post(self, request, group_id): """ Add a group library. Permission checking: 1. role permission, can_add_repo; 1. is group member; """ # argument check repo_name = request.data.get("repo_name", None) if not repo_name or \ not is_valid_dirent_name(repo_name): error_msg = "repo_name invalid." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) password = request.data.get("password", None) if password and not config.ENABLE_ENCRYPTED_LIBRARY: error_msg = 'NOT allow to create encrypted library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) permission = request.data.get('permission', PERMISSION_READ) if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check if not request.user.permissions.can_add_repo(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not is_group_member(group_id, request.user.username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # create group repo org_id = -1 group_id = int(group_id) username = request.user.username is_org = False if is_org_context(request): is_org = True org_id = request.user.org.org_id repo_id = seafile_api.create_org_repo(repo_name, '', username, password, org_id) else: repo_id = seafile_api.create_repo(repo_name, '', username, password) repo = seafile_api.get_repo(repo_id) share_dir_to_group(repo, '/', username, username, group_id, permission, org_id if is_org else None) # for activities library_template = request.data.get("library_template", '') repo_created.send(sender=None, org_id=org_id, creator=username, repo_id=repo_id, repo_name=repo_name, library_template=library_template) # for notification share_repo_to_group_successful.send(sender=None, from_user=username, group_id=group_id, repo=repo, path='/', org_id=org_id) # for perm audit send_perm_audit_msg('add-repo-perm', username, group_id, repo_id, '/', permission) group_repo = seafile_api.get_group_shared_repo_by_path(repo_id, None, group_id, is_org) group_repo_info = get_group_repo_info(request, group_repo) group_repo_info['owner_email'] = username group_repo_info['owner_name'] = email2nickname(username) group_repo_info['owner_contact_email'] = email2contact_email(username) modifier = group_repo.last_modifier group_repo_info['modifier_email'] = modifier group_repo_info['modifier_name'] = email2nickname(modifier) group_repo_info['modifier_contact_email'] = email2contact_email(modifier) return Response(group_repo_info)