def share_dir_to_group(repo, path, owner, share_from, gid, permission, org_id=None): # Share repo or subdir to group with permission(r, rw, admin). extra_share_permission = '' if permission == PERMISSION_ADMIN: extra_share_permission = permission permission = PERMISSION_READ_WRITE if is_valid_org_id(org_id): if path == '/': seafile_api.add_org_group_repo(repo.repo_id, org_id, gid, owner, permission) else: seafile_api.org_share_subdir_to_group(org_id, repo.repo_id, path, owner, gid, permission) else: if path == '/': seafile_api.set_group_repo(repo.repo_id, gid, owner, permission) else: seafile_api.share_subdir_to_group(repo.repo_id, path, owner, gid, permission) # add share permission if between is admin and is extra permission. if path == '/' and extra_share_permission == PERMISSION_ADMIN: ExtraGroupsSharePermission.objects.create_share_permission(repo.repo_id, gid, extra_share_permission)
def share_to_group(request, repo, group, permission): """Share repo to group with given permission. """ repo_id = repo.id group_id = group.id from_user = request.user.username if is_org_context(request): org_id = request.user.org.org_id group_repo_ids = seafile_api.get_org_group_repoids(org_id, group.id) else: group_repo_ids = seafile_api.get_group_repoids(group.id) if repo.id in group_repo_ids: return False try: if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo(repo_id, org_id, group_id, from_user, permission) else: seafile_api.set_group_repo(repo_id, group_id, from_user, permission) return True except Exception, e: logger.error(e) return False
def _add_shared_items(self): # create repo for user sub_repo_id = seafile_api.create_virtual_repo(self.repo.id, self.folder, self.repo.name, '', self.user.username) self.sub_repo_id = sub_repo_id # create group for admin admin_group_id = seaserv.ccnet_threaded_rpc.create_group('admin-group', self.admin.email) self.admin_group_id = admin_group_id # A user shares a folder to admin with permission 'rw'. seafile_api.share_repo(sub_repo_id, self.user.username, self.admin.username, 'rw') # A user shares a folder to admin group with permission 'rw'. seafile_api.set_group_repo(sub_repo_id, admin_group_id, self.user.username, 'rw') # A user shares a folder to public with permission 'rw'. seafile_api.add_inner_pub_repo(sub_repo_id, 'rw')
def share_to_group(request, repo, group, permission): """Share repo to group with given permission. """ repo_id = repo.id group_id = group.id group_name = group.group_name from_user = request.user.username if is_org_context(request): org_id = request.user.org.org_id group_repo_ids = seafile_api.get_org_group_repoids(org_id, group.id) else: group_repo_ids = seafile_api.get_group_repoids(group.id) if repo.id in group_repo_ids: msg = _(u'"%(repo)s" is already in group %(group)s. <a href="%(href)s">View</a>') % { 'repo': repo.name, 'group': group.group_name, 'href': reverse('group_info', args=[group.id])} messages.error(request, msg) return try: if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo(repo_id, org_id, group_id, from_user, permission) else: seafile_api.set_group_repo(repo_id, group_id, from_user, permission) except Exception, e: logger.error(e) msg = _(u'Failed to share %(repo)s to %(group)s, please try again later.') % \ {'repo': repo.name, 'group': group_name} messages.error(request, msg)
def share_to_group(request, repo, group, permission): """Share repo to group with given permission. """ repo_id = repo.id group_id = group.id group_name = group.group_name from_user = request.user.username if is_org_context(request): org_id = request.user.org.org_id group_repo_ids = seafile_api.get_org_group_repoids(org_id, group.id) else: group_repo_ids = seafile_api.get_group_repoids(group.id) if repo.id in group_repo_ids: msg = _(u'"%(repo)s" is already in group %(group)s. <a href="%(href)s">View</a>') % { 'repo': escape(repo.name), 'group': escape(group.group_name), 'href': reverse('group_info', args=[group.id])} messages.error(request, msg, extra_tags='safe') return try: if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo(repo_id, org_id, group_id, from_user, permission) else: seafile_api.set_group_repo(repo_id, group_id, from_user, permission) except Exception, e: logger.error(e) msg = _(u'Failed to share %(repo)s to %(group)s, please try again later.') % \ {'repo': repo.name, 'group': group_name} messages.error(request, msg)
def test_reshare_to_group_after_transfer_repo(self): # If new owner in group repo shared to, reshare to group # share user's repo to group with 'r' permission seafile_api.set_group_repo(self.user_repo_id, self.group_id, self.user_name, 'r') group_repos = seafile_api.get_repos_by_group(self.group_id) assert group_repos[0].permission == 'r' # add admin user to group ccnet_api.group_add_member(self.group_id, self.user_name, self.admin.username) self.login_as(self.user) url = reverse("api2-repo-owner", args=[self.user_repo_id]) data = 'owner=%s' % self.admin.email # transfer repo to admin resp = self.client.put(url, data, 'application/x-www-form-urlencoded') self.assertEqual(200, resp.status_code) group_repos = seafile_api.get_repos_by_group(self.group_id) assert group_repos[0].permission == 'r'
def test_reshare_to_user_group_after_transfer_repo(self): tmp_user = '******' User.objects.create_user(tmp_user) # add admin user to group ccnet_api.group_add_member(self.group_id, self.user_name, self.admin.username) # share user's repo to tmp_user with 'rw' permission seafile_api.share_repo(self.user_repo_id, self.user.username, tmp_user, 'rw') # share user's repo to group with 'r' permission seafile_api.set_group_repo(self.user_repo_id, self.group_id, self.user_name, 'r') group_repos = seafile_api.get_repos_by_group(self.group_id) assert group_repos[0].permission == 'r' assert seafile_api.check_permission_by_path(self.user_repo_id, '/', tmp_user) == 'rw' self.login_as(self.user) url = reverse("api2-repo-owner", args=[self.user_repo_id]) data = 'owner=%s' % self.admin.email # transfer repo to admin resp = self.client.put(url, data, 'application/x-www-form-urlencoded') self.assertEqual(200, resp.status_code) group_repos = seafile_api.get_repos_by_group(self.group_id) assert group_repos[0].permission == 'r' assert seafile_api.check_permission_by_path(self.user_repo_id, '/', tmp_user) == 'rw'
def share_dir_to_group(repo, path, owner, share_from, gid, permission, org_id=None): # Share repo or subdir to group with permission(r, rw, admin). extra_share_permission = '' if permission == PERMISSION_ADMIN: extra_share_permission = permission permission = PERMISSION_READ_WRITE if org_id: if path == '/': seafile_api.add_org_group_repo(repo.repo_id, org_id, gid, owner, permission) else: seafile_api.org_share_subdir_to_group(org_id, repo.repo_id, path, owner, gid, permission) else: if path == '/': seafile_api.set_group_repo(repo.repo_id, gid, owner, permission) else: seafile_api.share_subdir_to_group(repo.repo_id, path, owner, gid, permission) # add share permission if between is admin and is extra permission. if path == '/' and extra_share_permission == PERMISSION_ADMIN: ExtraGroupsSharePermission.objects.create_share_permission(repo.repo_id, gid, extra_share_permission)
def setUp(self): self.user_name = self.user.username self.admin_name = self.admin.username self.group_id = self.group.id self.repo_id = self.repo.id seafile_api.set_group_repo(self.repo_id, self.group_id, self.admin.username, 'r')
def share_repo_to_user_and_group(self): # share repo to user seafile_api.share_repo(self.repo_id, self.user_name, self.admin_name, 'rw') # share repo to group seafile_api.set_group_repo(self.repo_id, self.group_id, self.user_name, 'rw')
def setUp(self): self.login_as(self.user) self.group_id = self.group.id self.group_name = self.group.group_name self.repo_id = self.repo.id self.url = reverse("api-v2.1-groups") # share repo to group seafile_api.set_group_repo(self.repo_id, self.group_id, self.user.email, "rw")
def set_group_repo_permission(repo, group, permission_to_share, permission_to_set): ccnet_api.group_add_member(group.id, USER, USER2) assert api.check_permission(repo.id, USER2) == None api.set_group_repo(repo.id, group.id, USER, permission_to_share) assert api.check_permission(repo.id, USER2) == permission_to_share api.set_group_repo_permission(group.id, repo.id, permission_to_set) assert api.check_permission(repo.id, USER2) == permission_to_set api.group_unshare_repo(repo.id, group.id, USER)
def setUp(self): self.login_as(self.user) self.group_id = self.group.id self.group_name = self.group.group_name self.repo_id = self.repo.id self.url = reverse('api-v2.1-groups') # share repo to group seafile_api.set_group_repo(self.repo_id, self.group_id, self.user.email, 'rw')
def _add_shared_items(self): sub_repo_id = seafile_api.create_virtual_repo(self.repo.id, self.folder, self.repo.name, '', self.user.username) # A user shares a folder to admin with permission 'rw'. seafile_api.share_repo(sub_repo_id, self.user.username, self.admin.username, 'rw') # A user shares a folder to group with permission 'rw'. seafile_api.set_group_repo(sub_repo_id, self.group.id, self.user.username, 'rw')
def test_get_shared_users_by_repo(repo, group, permission): ccnet_api.group_add_member(group.id, USER, USER2) t_users = api.get_shared_users_by_repo(repo.id) assert len(t_users) == 0 api.share_repo(repo.id, USER, USER2, permission) api.set_group_repo(repo.id, group.id, ADMIN_USER, permission) t_users = api.get_shared_users_by_repo(repo.id) assert len(t_users) == 2 api.remove_share(repo.id, USER, USER2) api.group_unshare_repo(repo.id, group.id, USER)
def test_can_list_group_repo(self): self._prepare_repo_and_group() # A user shares a folder to admin group with permission 'rw'. seafile_api.set_group_repo(self.sub_repo_id, self.admin_group_id, self.user.username, 'rw') resp = self.client.get('/api2/beshared-repos/') self.assertEqual(200, resp.status_code) json_resp = json.loads(resp.content) assert json_resp[0]['repo_id'] == self.sub_repo_id assert json_resp[0]['share_type'] == 'group'
def setUp(self): self.repo_id = self.repo.id self.repo_name = self.repo.name self.group_id = self.group.id self.user_name = self.user.username self.admin_name = self.admin.username self.group_library_url = reverse('api-v2.1-group-library', args=[self.group_id, self.repo_id]) seafile_api.set_group_repo(self.repo_id, self.group_id, self.user_name, 'rw') group_repos = seafile_api.get_repos_by_group(self.group_id) assert len(group_repos) == 1
def test_can_get(self): # share repo to group seafile_api.set_group_repo(self.repo_id, self.group_id, self.user_name, 'rw') group_repos = seafile_api.get_repos_by_group(self.group_id) assert len(group_repos) == 1 self.login_as(self.user) resp = self.client.get(self.group_libraries_url) self.assertEqual(200, resp.status_code) json_resp = json.loads(resp.content) assert json_resp[0]['repo_name'] == self.repo_name assert json_resp[0]['repo_id'] == self.repo_id
def test_can_get(self): username = self.user.username owner = get_repo_owner(self.fake_request, self.repo.id) assert owner == username assert get_repo_shared_users(self.repo.id, owner) == [] # user share a repo to admin seafile_api.share_repo(self.repo.id, username, self.admin.username, 'rw') assert get_repo_shared_users(self.repo.id, owner) == [self.admin.username] # user share a repo to group seafile_api.set_group_repo(self.repo.id, self.group.id, username, 'rw') assert get_repo_shared_users(self.repo.id, owner) == [self.admin.username, self.user2.username]
def test_can_get(self): username = self.user.username owner = get_repo_owner(self.fake_request, self.repo.id) assert owner == username assert get_repo_shared_users(self.repo.id, owner) == [] # user share a repo to admin seafile_api.share_repo(self.repo.id, username, self.admin.username, 'rw') assert get_repo_shared_users(self.repo.id, owner) == [self.admin.username] # user share a repo to group seafile_api.set_group_repo(self.repo.id, self.group.id, username, 'rw') assert get_repo_shared_users( self.repo.id, owner) == [self.admin.username, self.user2.username]
def group_wiki_create(request, group): if group.view_perm == "pub": raise Http404 if request.method != 'POST': raise Http404 content_type = 'application/json; charset=utf-8' def json_error(err_msg, status=400): result = {'error': err_msg} return HttpResponse(json.dumps(result), status=status, content_type=content_type) form = WikiCreateForm(request.POST) if not form.is_valid(): return json_error(str(form.errors.values()[0])) # create group repo in user context repo_name = form.cleaned_data['repo_name'] repo_desc = form.cleaned_data['repo_desc'] user = request.user.username passwd = None permission = "rw" repo_id = create_repo(repo_name, repo_desc, user, passwd) if not repo_id: return json_error(_(u'Failed to create'), 500) try: seafile_api.set_group_repo(repo_id, group.id, user, permission) except SearpcError as e: remove_repo(repo_id) return json_error(_(u'Failed to create: internal error.'), 500) GroupWiki.objects.save_group_wiki(group_id=group.id, repo_id=repo_id) # create home page page_name = "home.md" if not post_empty_file(repo_id, "/", page_name, user): return json_error(_(u'Failed to create home page. Please retry later'), 500) next = reverse('group_wiki', args=[group.id]) return HttpResponse(json.dumps({'href': next}), content_type=content_type)
def test_can_notify_others_including_group(self): self.logout() self.login_as(self.tmp_user) assert len(UserNotification.objects.all()) == 0 # share repo to tmp_user username = self.user.username seafile_api.share_repo(self.repo.id, username, self.tmp_user.username, 'rw') # share repo to group(owner, admin) ccnet_api.group_add_member(self.group.id, username, self.admin.username) seafile_api.set_group_repo(self.repo.id, self.group.id, username, 'rw') # tmp_user comment a file resp = self.client.post(self.endpoint, {'comment': 'new comment'}) self.assertEqual(201, resp.status_code) assert len(UserNotification.objects.all()) == 2
def test_not_reshare_to_group_after_transfer_repo(self): # If new owner NOT in group repo shared to, NOT reshare to group # share user's repo to group with 'r' permission seafile_api.set_group_repo(self.user_repo_id, self.group_id, self.user_name, 'r') group_repos = seafile_api.get_repos_by_group(self.group_id) assert group_repos[0].permission == 'r' self.login_as(self.user) url = reverse("api2-repo-owner", args=[self.user_repo_id]) data = 'owner=%s' % self.admin.email # transfer repo to admin resp = self.client.put(url, data, 'application/x-www-form-urlencoded') self.assertEqual(200, resp.status_code) group_repos = seafile_api.get_repos_by_group(self.group_id) assert len(group_repos) == 0
def setUp(self): self.login_as(self.user) self.group_id = self.group.id self.group_name = self.group.group_name self.repo_id = self.repo.id self.url = reverse('api-v2.1-related-user', args=[self.repo_id]) # add tmp user to group self.tmp_user = self.create_user('*****@*****.**' % randstring(4), is_staff=False) ccnet_api.group_add_member(self.group_id, self.user.username, self.tmp_user.username) # share repo to group seafile_api.set_group_repo(self.repo_id, self.group_id, self.user.username, 'rw') # share repo to admin seafile_api.share_repo(self.repo.id, self.user.username, self.admin.username, 'rw')
def _add_shared_items(self): # create repo for user sub_repo_id = seafile_api.create_virtual_repo(self.repo.id, self.folder, self.repo.name, '', self.user.username) self.sub_repo_id = sub_repo_id # create group for admin admin_group_id = seaserv.ccnet_threaded_rpc.create_group( 'admin-group', self.admin.email) self.admin_group_id = admin_group_id # A user shares a folder to admin with permission 'rw'. seafile_api.share_repo(sub_repo_id, self.user.username, self.admin.username, 'rw') # A user shares a folder to admin group with permission 'rw'. seafile_api.set_group_repo(sub_repo_id, admin_group_id, self.user.username, 'rw') # A user shares a folder to public with permission 'rw'. seafile_api.add_inner_pub_repo(sub_repo_id, 'rw')
def test_can_notify_others_including_group(self): self.logout() self.login_as(self.tmp_user) assert len(UserNotification.objects.all()) == 0 # share repo to tmp_user username = self.user.username seafile_api.share_repo(self.repo.id, username, self.tmp_user.username, 'rw') # share repo to group(owner, admin) ccnet_api.group_add_member(self.group.id, username, self.admin.username) seafile_api.set_group_repo(self.repo.id, self.group.id, username, 'rw') # tmp_user comment a file resp = self.client.post(self.endpoint, { 'comment': 'new comment' }) self.assertEqual(201, resp.status_code) assert len(UserNotification.objects.all()) == 2
def share_repo_to_group(self, repo_id): seafile_api.set_group_repo( repo_id, self.group.id, self.user.username, 'rw')
def share_repo_to_group_with_rw_permission(self): seafile_api.set_group_repo(self.repo.id, self.group.id, self.user.username, 'rw')
def put(self, request, repo_id, format=None): """ transfer a library Permission checking: 1. only admin can perform this action. """ repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) new_owner = request.data.get('owner', None) if not new_owner: error_msg = 'owner invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: new_owner_obj = User.objects.get(email=new_owner) except User.DoesNotExist: error_msg = 'User %s not found.' % new_owner return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not new_owner_obj.permissions.can_add_repo(): error_msg = 'Transfer failed: role of %s is %s, can not add library.' % \ (new_owner, new_owner_obj.role) return api_error(status.HTTP_403_FORBIDDEN, error_msg) if MULTI_TENANCY: try: if seafserv_threaded_rpc.get_org_id_by_repo_id(repo_id) > 0: error_msg = 'Can not transfer organization library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if ccnet_api.get_orgs_by_user(new_owner): error_msg = 'Can not transfer library to organization user %s' % new_owner return api_error(status.HTTP_403_FORBIDDEN, error_msg) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) repo_owner = seafile_api.get_repo_owner(repo_id) # get repo shared to user/group list shared_users = seafile_api.list_repo_shared_to(repo_owner, repo_id) shared_groups = seafile_api.list_repo_shared_group_by_user( repo_owner, repo_id) # get all pub repos pub_repos = [] if not request.cloud_mode: pub_repos = seafile_api.list_inner_pub_repos_by_owner(repo_owner) # transfer repo seafile_api.set_repo_owner(repo_id, new_owner) # reshare repo to user for shared_user in shared_users: shared_username = shared_user.user if new_owner == shared_username: continue seafile_api.share_repo(repo_id, new_owner, shared_username, shared_user.perm) # reshare repo to group for shared_group in shared_groups: shared_group_id = shared_group.group_id if not ccnet_api.is_group_user(shared_group_id, new_owner): continue seafile_api.set_group_repo(repo_id, shared_group_id, new_owner, shared_group.perm) # check if current repo is pub-repo # if YES, reshare current repo to public for pub_repo in pub_repos: if repo_id != pub_repo.id: continue seafile_api.add_inner_pub_repo(repo_id, pub_repo.permission) break # send admin operation log signal admin_op_detail = { "id": repo_id, "name": repo.name, "from": repo_owner, "to": new_owner, } admin_operation.send(sender=None, admin_name=request.user.username, operation=REPO_TRANSFER, detail=admin_op_detail) repo = seafile_api.get_repo(repo_id) repo_info = get_repo_info(repo) return Response(repo_info)
def put(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') share_type = request.data.get('share_type') if share_type != 'user' and share_type != 'group': return api_error(status.HTTP_400_BAD_REQUEST, 'share_type invalid.') permission = request.data.get('permission', 'r') if permission not in ['r', 'rw']: return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.') result = {} result['failed'] = [] result['success'] = [] if share_type == 'user': share_to_users = request.data.getlist('username') for to_user in share_to_users: if not is_valid_username(to_user): result['failed'].append({ 'email': to_user, 'error_msg': 'username invalid.' }) continue try: User.objects.get(email=to_user) except User.DoesNotExist: result['failed'].append({ 'email': to_user, 'error_msg': 'User %s not found.' % to_user }) continue try: if is_org_context(request): org_id = request.user.org.org_id if path == '/': seaserv.seafserv_threaded_rpc.org_add_share( org_id, repo_id, username, to_user, permission) else: sub_repo_id = seafile_api.org_share_subdir_to_user(org_id, repo_id, path, username, to_user, permission) else: if path == '/': seafile_api.share_repo( repo_id, username, to_user, permission) else: sub_repo_id = seafile_api.share_subdir_to_user( repo_id, path, username, to_user, permission) # send a signal when sharing repo successful if path == '/': share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=repo) else: sub_repo = seafile_api.get_repo(sub_repo_id) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=sub_repo) result['success'].append({ "share_type": "user", "user_info": { "name": to_user, "nickname": email2nickname(to_user), }, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_user, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'email': to_user, 'error_msg': 'Internal Server Error' }) continue if share_type == 'group': group_ids = request.data.getlist('group_id') for gid in group_ids: try: gid = int(gid) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid.' % gid) group = seaserv.get_group(gid) if not group: return api_error(status.HTTP_404_NOT_FOUND, 'Group %s not found' % gid) try: if is_org_context(request): org_id = request.user.org.org_id if path == '/': seafile_api.add_org_group_repo( repo_id, org_id, gid, username, permission) else: sub_repo_id = seafile_api.org_share_subdir_to_group(org_id, repo_id, path, username, gid, permission) else: if path == '/': seafile_api.set_group_repo( repo_id, gid, username, permission) else: sub_repo_id = seafile_api.share_subdir_to_group( repo_id, path, username, gid, permission) if path == '/': share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=repo) else: sub_repo = seafile_api.get_repo(sub_repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=sub_repo) result['success'].append({ "share_type": "group", "group_info": { "id": gid, "name": group.group_name, }, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, gid, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'group_name': group.group_name, 'error_msg': 'Internal Server Error' }) continue return HttpResponse(json.dumps(result), status=200, content_type=json_content_type)
def share_repo_to_group(self, repo_id): seafile_api.set_group_repo(repo_id, self.group.id, self.user.username, 'rw')
def put(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') if path != '/': try: sub_repo = self.get_or_create_sub_repo_by_path( request, repo, path) except SearpcError as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub repo.') else: sub_repo = None share_type = request.data.get('share_type') if share_type != 'user' and share_type != 'group': return api_error(status.HTTP_400_BAD_REQUEST, 'share_type invalid.') permission = request.data.get('permission', 'r') if permission not in ['r', 'rw']: return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.') shared_repo = repo if path == '/' else sub_repo success, failed = [], [] if share_type == 'user': share_to_users = request.data.getlist('username') for to_user in share_to_users: if not is_valid_username(to_user): failed.append(to_user) continue try: User.objects.get(email=to_user) except User.DoesNotExist: failed.append(to_user) continue if not check_user_share_quota( username, shared_repo, users=[to_user]): return api_error(status.HTTP_403_FORBIDDEN, 'Not enough quota.') try: if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_add_share( org_id, shared_repo.id, username, to_user, permission) else: seafile_api.share_repo(shared_repo.id, username, to_user, permission) # send a signal when sharing repo successful share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=shared_repo) success.append({ "share_type": "user", "user_info": { "name": to_user, "nickname": email2nickname(to_user), }, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_user, repo_id, path, permission) except SearpcError as e: logger.error(e) failed.append(to_user) continue if share_type == 'group': group_ids = request.data.getlist('group_id') for gid in group_ids: try: gid = int(gid) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid.' % gid) group = seaserv.get_group(gid) if not group: return api_error(status.HTTP_404_NOT_FOUND, 'Group %s not found' % gid) if not check_user_share_quota( username, shared_repo, groups=[group]): return api_error(status.HTTP_403_FORBIDDEN, 'Not enough quota.') try: if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo(shared_repo.repo_id, org_id, gid, username, permission) else: seafile_api.set_group_repo(shared_repo.repo_id, gid, username, permission) success.append({ "share_type": "group", "group_info": { "id": gid, "name": group.group_name, }, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, gid, repo_id, path, permission) except SearpcError as e: logger.error(e) failed.append(group.group_name) continue return HttpResponse(json.dumps({ "success": success, "failed": failed }), status=200, content_type=json_content_type)
def put(self, request, repo_id, format=None): """ update a library status, transfer a library, rename a library Permission checking: 1. only admin can perform this action. """ # argument check new_status = request.data.get('status', None) if new_status: if new_status not in ('normal', 'read-only'): error_msg = 'status invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) new_repo_name = request.data.get('name', None) if new_repo_name: if not is_valid_dirent_name(new_repo_name): error_msg = 'name invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) new_owner = request.data.get('owner', None) if new_owner: if not is_valid_email(new_owner): error_msg = 'owner invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if new_status: try: seafile_api.set_repo_status(repo_id, normalize_repo_status_str(new_status)) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if new_repo_name: try: res = seafile_api.edit_repo(repo_id, new_repo_name, '', None) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if res == -1: e = 'Admin rename failed: ID of library is %s, edit_repo api called failed.' % \ repo_id logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if new_owner: try: new_owner_obj = User.objects.get(email=new_owner) except User.DoesNotExist: error_msg = 'User %s not found.' % new_owner return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not new_owner_obj.permissions.can_add_repo(): error_msg = _('Transfer failed: role of %s is %s, can not add library.') % \ (new_owner, new_owner_obj.role) return api_error(status.HTTP_403_FORBIDDEN, error_msg) if MULTI_TENANCY: try: if seafile_api.get_org_id_by_repo_id(repo_id) > 0: error_msg = 'Can not transfer organization library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if ccnet_api.get_orgs_by_user(new_owner): error_msg = 'Can not transfer library to organization user %s' % new_owner return api_error(status.HTTP_403_FORBIDDEN, error_msg) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) repo_owner = seafile_api.get_repo_owner(repo_id) if new_owner == repo_owner: error_msg = _("Library can not be transferred to owner.") return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # get repo shared to user/group list shared_users = seafile_api.list_repo_shared_to( repo_owner, repo_id) shared_groups = seafile_api.list_repo_shared_group_by_user( repo_owner, repo_id) # get all pub repos pub_repos = [] if not request.cloud_mode: pub_repos = seafile_api.list_inner_pub_repos_by_owner(repo_owner) # transfer repo seafile_api.set_repo_owner(repo_id, new_owner) # reshare repo to user for shared_user in shared_users: shared_username = shared_user.user if new_owner == shared_username: continue seafile_api.share_repo(repo_id, new_owner, shared_username, shared_user.perm) # reshare repo to group for shared_group in shared_groups: shared_group_id = shared_group.group_id if not is_group_member(shared_group_id, new_owner): continue seafile_api.set_group_repo(repo_id, shared_group_id, new_owner, shared_group.perm) # reshare repo to links try: UploadLinkShare.objects.filter(username=repo_owner, repo_id=repo_id).update(username=new_owner) FileShare.objects.filter(username=repo_owner, repo_id=repo_id).update(username=new_owner) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # check if current repo is pub-repo # if YES, reshare current repo to public for pub_repo in pub_repos: if repo_id != pub_repo.id: continue seafile_api.add_inner_pub_repo(repo_id, pub_repo.permission) break # send admin operation log signal admin_op_detail = { "id": repo_id, "name": repo.name, "from": repo_owner, "to": new_owner, } admin_operation.send(sender=None, admin_name=request.user.username, operation=REPO_TRANSFER, detail=admin_op_detail) repo = seafile_api.get_repo(repo_id) repo_info = get_repo_info(repo) return Response(repo_info)
repo_id = seafile_api.create_enc_repo(uuid, repo_name, repo_desc, username, magic_str, encrypted_file_key, enc_version=2) else: repo_id = seafile_api.create_repo(repo_name, repo_desc, username, None) except SearpcError, e: logger.error(e) return json_error(_(u'Failed to create')) try: seafile_api.set_group_repo(repo_id, group.id, username, permission) except SearpcError, e: logger.error(e) return json_error(_(u'Failed to create: internal error.')) else: return HttpResponse(json.dumps({'success': True}), content_type=content_type) ########## wiki @group_check def group_wiki(request, group, page_name="home"): username = request.user.username # get available modules(wiki, etc) mods_available = get_available_mods_by_group(group.id)
def share_repo_to_group_with_rw_permission(self): seafile_api.set_group_repo( self.repo.id, self.group.id, self.user.username, 'rw')
def put(self, request, repo_id, format=None): """ transfer a library, rename a library Permission checking: 1. only admin can perform this action. """ repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) new_repo_name = request.data.get('name', None) if new_repo_name: try: res = seafile_api.edit_repo(repo_id, new_repo_name, '', None) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if res == -1: e = 'Admin rename failed: ID of library is %s, edit_repo api called failed.' % \ repo_id logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) new_owner = request.data.get('owner', None) if new_owner: try: new_owner_obj = User.objects.get(email=new_owner) except User.DoesNotExist: error_msg = 'User %s not found.' % new_owner return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not new_owner_obj.permissions.can_add_repo(): error_msg = _(u'Transfer failed: role of %s is %s, can not add library.') % \ (new_owner, new_owner_obj.role) return api_error(status.HTTP_403_FORBIDDEN, error_msg) if MULTI_TENANCY: try: if seafile_api.get_org_id_by_repo_id(repo_id) > 0: error_msg = 'Can not transfer organization library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if ccnet_api.get_orgs_by_user(new_owner): error_msg = 'Can not transfer library to organization user %s' % new_owner return api_error(status.HTTP_403_FORBIDDEN, error_msg) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) repo_owner = seafile_api.get_repo_owner(repo_id) if new_owner == repo_owner: error_msg = _(u"Library can not be transferred to owner.") return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # get repo shared to user/group list shared_users = seafile_api.list_repo_shared_to( repo_owner, repo_id) shared_groups = seafile_api.list_repo_shared_group_by_user( repo_owner, repo_id) # get all pub repos pub_repos = [] if not request.cloud_mode: pub_repos = seafile_api.list_inner_pub_repos_by_owner(repo_owner) # transfer repo seafile_api.set_repo_owner(repo_id, new_owner) # reshare repo to user for shared_user in shared_users: shared_username = shared_user.user if new_owner == shared_username: continue seafile_api.share_repo(repo_id, new_owner, shared_username, shared_user.perm) # reshare repo to group for shared_group in shared_groups: shared_group_id = shared_group.group_id if not is_group_member(shared_group_id, new_owner): continue seafile_api.set_group_repo(repo_id, shared_group_id, new_owner, shared_group.perm) # reshare repo to links try: UploadLinkShare.objects.filter(username=repo_owner, repo_id=repo_id).update(username=new_owner) FileShare.objects.filter(username=repo_owner, repo_id=repo_id).update(username=new_owner) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # check if current repo is pub-repo # if YES, reshare current repo to public for pub_repo in pub_repos: if repo_id != pub_repo.id: continue seafile_api.add_inner_pub_repo(repo_id, pub_repo.permission) break # send admin operation log signal admin_op_detail = { "id": repo_id, "name": repo.name, "from": repo_owner, "to": new_owner, } admin_operation.send(sender=None, admin_name=request.user.username, operation=REPO_TRANSFER, detail=admin_op_detail) repo = seafile_api.get_repo(repo_id) repo_info = get_repo_info(repo) return Response(repo_info)
def share_repo_to_group_with_admin_permission(self): seafile_api.set_group_repo(self.repo.id, self.group.id, self.user.username, 'rw') ExtraGroupsSharePermission.objects.create_share_permission( self.repo.id, self.group.id, 'admin')
def put(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) share_type = request.data.get('share_type') if share_type != 'user' and share_type != 'group': return api_error(status.HTTP_400_BAD_REQUEST, 'share_type invalid.') if share_type == 'user': if username != self.get_repo_owner(request, repo_id) and \ ExtraSharePermission.objects.get_user_permission(repo_id, username) != PERMISSION_ADMIN: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') else: if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') permission = request.data.get('permission', PERMISSION_READ) if permission not in [ PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN ]: return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.') result = {} result['failed'] = [] result['success'] = [] if share_type == 'user': share_to_users = request.data.getlist('username') for to_user in share_to_users: if not is_valid_username(to_user): result['failed'].append({ 'email': to_user, 'error_msg': _(u'username invalid.') }) continue try: User.objects.get(email=to_user) except User.DoesNotExist: result['failed'].append({ 'email': to_user, 'error_msg': _(u'User %s not found.') % to_user }) continue if self.has_shared_to_user(request, repo_id, path, to_user): result['failed'].append({ 'email': to_user, 'error_msg': _(u'This item has been shared to %s.') % to_user }) continue try: extra_share_permission = '' if permission == PERMISSION_ADMIN: extra_share_permission = permission permission = PERMISSION_READ_WRITE if is_org_context(request): username = seafile_api.get_org_repo_owner(repo_id) org_id = request.user.org.org_id if not is_org_user(to_user, int(org_id)): org_name = request.user.org.org_name error_msg = 'User %s is not member of organization %s.' \ % (to_user, org_name) result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue if path == '/': seaserv.seafserv_threaded_rpc.org_add_share( org_id, repo_id, username, to_user, permission) else: sub_repo_id = seafile_api.org_share_subdir_to_user( org_id, repo_id, path, username, to_user, permission) else: if is_org_user(to_user): error_msg = 'User %s is a member of organization.' % to_user result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue username = seafile_api.get_repo_owner(repo_id) if path == '/': seafile_api.share_repo(repo_id, username, to_user, permission) else: sub_repo_id = seafile_api.share_subdir_to_user( repo_id, path, username, to_user, permission) if path == '/' and extra_share_permission == PERMISSION_ADMIN: ExtraSharePermission.objects.create_share_permission( repo_id, to_user, extra_share_permission) # send a signal when sharing repo successful if path == '/': share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=repo) else: sub_repo = seafile_api.get_repo(sub_repo_id) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=sub_repo) result['success'].append({ "share_type": "user", "user_info": { "name": to_user, "nickname": email2nickname(to_user), }, "permission": permission, "is_admin": extra_share_permission == PERMISSION_ADMIN }) send_perm_audit_msg('add-repo-perm', username, to_user, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'email': to_user, 'error_msg': 'Internal Server Error' }) continue if share_type == 'group': group_ids = request.data.getlist('group_id') for gid in group_ids: try: gid = int(gid) except ValueError: result['failed'].append( {'error_msg': _(u'group_id %s invalid.') % gid}) continue group = ccnet_api.get_group(gid) if not group: result['failed'].append( {'error_msg': _(u'Group %s not found') % gid}) continue if not config.ENABLE_SHARE_TO_ALL_GROUPS and \ not ccnet_api.is_group_user(gid, username): result['failed'].append({ 'group_name': group.group_name, 'error_msg': _(u'Permission denied.') }) continue if self.has_shared_to_group(request, repo_id, path, gid): result['failed'].append({ 'group_name': group.group_name, 'error_msg': _(u'This item has been shared to %s.') % group.group_name }) continue try: if is_org_context(request): org_id = request.user.org.org_id if path == '/': seafile_api.add_org_group_repo( repo_id, org_id, gid, username, permission) else: sub_repo_id = seafile_api.org_share_subdir_to_group( org_id, repo_id, path, username, gid, permission) else: if path == '/': seafile_api.set_group_repo(repo_id, gid, username, permission) else: sub_repo_id = seafile_api.share_subdir_to_group( repo_id, path, username, gid, permission) if path == '/': share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=repo) else: sub_repo = seafile_api.get_repo(sub_repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=sub_repo) result['success'].append({ "share_type": "group", "group_info": { "id": gid, "name": group.group_name, }, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, gid, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'group_name': group.group_name, 'error_msg': 'Internal Server Error' }) continue return HttpResponse(json.dumps(result), status=200, content_type=json_content_type)
def put(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, "Library %s not found." % repo_id) path = request.GET.get("p", "/") if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, "Folder %s not found." % path) if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, "Permission denied.") share_type = request.data.get("share_type") if share_type != "user" and share_type != "group": return api_error(status.HTTP_400_BAD_REQUEST, "share_type invalid.") permission = request.data.get("permission", "r") if permission not in ["r", "rw"]: return api_error(status.HTTP_400_BAD_REQUEST, "permission invalid.") result = {} result["failed"] = [] result["success"] = [] if share_type == "user": share_to_users = request.data.getlist("username") for to_user in share_to_users: if not is_valid_username(to_user): result["failed"].append({"email": to_user, "error_msg": "username invalid."}) continue try: User.objects.get(email=to_user) except User.DoesNotExist: result["failed"].append({"email": to_user, "error_msg": "User %s not found." % to_user}) continue try: if is_org_context(request): org_id = request.user.org.org_id if path == "/": seaserv.seafserv_threaded_rpc.org_add_share(org_id, repo_id, username, to_user, permission) else: seafile_api.org_share_subdir_to_user(org_id, repo_id, path, username, to_user, permission) else: if path == "/": seafile_api.share_repo(repo_id, username, to_user, permission) else: seafile_api.share_subdir_to_user(repo_id, path, username, to_user, permission) # send a signal when sharing repo successful share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=repo) result["success"].append( { "share_type": "user", "user_info": {"name": to_user, "nickname": email2nickname(to_user)}, "permission": permission, } ) send_perm_audit_msg("add-repo-perm", username, to_user, repo_id, path, permission) except SearpcError as e: logger.error(e) result["failed"].append({"email": to_user, "error_msg": "Internal Server Error"}) continue if share_type == "group": group_ids = request.data.getlist("group_id") for gid in group_ids: try: gid = int(gid) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, "group_id %s invalid." % gid) group = seaserv.get_group(gid) if not group: return api_error(status.HTTP_404_NOT_FOUND, "Group %s not found" % gid) try: if is_org_context(request): org_id = request.user.org.org_id if path == "/": seafile_api.add_org_group_repo(repo_id, org_id, gid, username, permission) else: seafile_api.org_share_subdir_to_group(org_id, repo_id, path, username, gid, permission) else: if path == "/": seafile_api.set_group_repo(repo_id, gid, username, permission) else: seafile_api.share_subdir_to_group(repo_id, path, username, gid, permission) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=repo) result["success"].append( { "share_type": "group", "group_info": {"id": gid, "name": group.group_name}, "permission": permission, } ) send_perm_audit_msg("add-repo-perm", username, gid, repo_id, path, permission) except SearpcError as e: logger.error(e) result["failed"].append({"group_name": group.group_name, "error_msg": "Internal Server Error"}) continue return HttpResponse(json.dumps(result), status=200, content_type=json_content_type)
def put(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, "Library %s not found." % repo_id) path = request.GET.get("p", "/") if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, "Folder %s not found." % path) if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, "Permission denied.") if path != "/": try: sub_repo = self.get_or_create_sub_repo_by_path(request, repo, path) except SearpcError as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, "Failed to get sub repo.") else: sub_repo = None share_type = request.data.get("share_type") if share_type != "user" and share_type != "group": return api_error(status.HTTP_400_BAD_REQUEST, "share_type invalid.") permission = request.data.get("permission", "r") if permission not in ["r", "rw"]: return api_error(status.HTTP_400_BAD_REQUEST, "permission invalid.") shared_repo = repo if path == "/" else sub_repo success, failed = [], [] if share_type == "user": share_to_users = request.data.getlist("username") for to_user in share_to_users: if not is_valid_username(to_user): failed.append(to_user) continue try: User.objects.get(email=to_user) except User.DoesNotExist: failed.append(to_user) continue if not check_user_share_quota(username, shared_repo, users=[to_user]): return api_error(status.HTTP_403_FORBIDDEN, "Not enough quota.") try: if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_add_share( org_id, shared_repo.id, username, to_user, permission ) else: seafile_api.share_repo(shared_repo.id, username, to_user, permission) # send a signal when sharing repo successful share_repo_to_user_successful.send( sender=None, from_user=username, to_user=to_user, repo=shared_repo ) success.append( { "share_type": "user", "user_info": {"name": to_user, "nickname": email2nickname(to_user)}, "permission": permission, } ) send_perm_audit_msg("add-repo-perm", username, to_user, repo_id, path, permission) except SearpcError as e: logger.error(e) failed.append(to_user) continue if share_type == "group": group_ids = request.data.getlist("group_id") for gid in group_ids: try: gid = int(gid) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, "group_id %s invalid." % gid) group = seaserv.get_group(gid) if not group: return api_error(status.HTTP_404_NOT_FOUND, "Group %s not found" % gid) if not check_user_share_quota(username, shared_repo, groups=[group]): return api_error(status.HTTP_403_FORBIDDEN, "Not enough quota.") try: if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo(shared_repo.repo_id, org_id, gid, username, permission) else: seafile_api.set_group_repo(shared_repo.repo_id, gid, username, permission) success.append( { "share_type": "group", "group_info": {"id": gid, "name": group.group_name}, "permission": permission, } ) send_perm_audit_msg("add-repo-perm", username, gid, repo_id, path, permission) except SearpcError as e: logger.error(e) failed.append(group.group_name) continue return HttpResponse( json.dumps({"success": success, "failed": failed}), status=200, content_type=json_content_type )
def put(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') if path != '/': try: sub_repo = self.get_or_create_sub_repo_by_path(request, repo, path) except SearpcError as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub repo.') else: sub_repo = None share_type = request.data.get('share_type') if share_type != 'user' and share_type != 'group': return api_error(status.HTTP_400_BAD_REQUEST, 'share_type invalid.') permission = request.data.get('permission', 'r') if permission not in ['r', 'rw']: return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.') shared_repo = repo if path == '/' else sub_repo result = {} result['failed'] = [] result['success'] = [] if share_type == 'user': share_to_users = request.data.getlist('username') for to_user in share_to_users: if not is_valid_username(to_user): result['failed'].append({ 'email': to_user, 'error_msg': 'username invalid.' }) continue try: User.objects.get(email=to_user) except User.DoesNotExist: result['failed'].append({ 'email': to_user, 'error_msg': 'User %s not found.' % to_user }) continue try: if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_add_share( org_id, shared_repo.id, username, to_user, permission) else: seafile_api.share_repo(shared_repo.id, username, to_user, permission) # send a signal when sharing repo successful share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=shared_repo) result['success'].append({ "share_type": "user", "user_info": { "name": to_user, "nickname": email2nickname(to_user), }, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_user, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'email': to_user, 'error_msg': 'Internal Server Error' }) continue if share_type == 'group': group_ids = request.data.getlist('group_id') for gid in group_ids: try: gid = int(gid) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid.' % gid) group = seaserv.get_group(gid) if not group: return api_error(status.HTTP_404_NOT_FOUND, 'Group %s not found' % gid) try: if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo(shared_repo.repo_id, org_id, gid, username, permission) else: seafile_api.set_group_repo(shared_repo.repo_id, gid, username, permission) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=shared_repo) result['success'].append({ "share_type": "group", "group_info": { "id": gid, "name": group.group_name, }, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, gid, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'group_name': group.group_name, 'error_msg': 'Internal Server Error' }) continue return HttpResponse(json.dumps(result), status=200, content_type=json_content_type)
else: return HttpResponse(json.dumps({"success": True}), content_type=content_type) else: try: if encryption: repo_id = seafile_api.create_enc_repo( uuid, repo_name, repo_desc, username, magic_str, encrypted_file_key, enc_version=2 ) else: repo_id = seafile_api.create_repo(repo_name, repo_desc, username, None) except SearpcError, e: logger.error(e) return json_error(_(u"Failed to create")) try: seafile_api.set_group_repo(repo_id, group.id, username, permission) except SearpcError, e: logger.error(e) return json_error(_(u"Failed to create: internal error.")) else: return HttpResponse(json.dumps({"success": True}), content_type=content_type) @login_required_ajax def attention(request): """ Handle ajax request to query group members used in autocomplete. """ user = request.user.username name_str = request.GET.get("name_startsWith") gids = request.GET.get("gids", "")
def post(self, request): # argument check operation = request.data.get('operation', None) if not operation: error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # operation could be `share`, `unshare`, `delete`, `transfer` # we now only use `share`, `unshare` if operation not in ('share', 'unshare'): error_msg = 'operation can only be "share", "unshare".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) result = {} result['failed'] = [] result['success'] = [] username = request.user.username repo_id_list = request.data.getlist('repo_id') valid_repo_id_list = [] # filter out invalid repo id for repo_id in repo_id_list: if not seafile_api.get_repo(repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Library %s not found.' % repo_id }) continue repo_owner = get_repo_owner(request, repo_id) if repo_owner != username and not is_repo_admin(username, repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Permission denied.' }) continue valid_repo_id_list.append(repo_id) # share repo if operation == 'share': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) permission = request.data.get('permission', 'rw') if permission not in [ PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN ]: error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # share repo to user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=to_username) except User.DoesNotExist: error_msg = 'User %s not found.' % to_username return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check if to_user is an org user try: org_of_to_user = ccnet_api.get_orgs_by_user(to_username) except Exception as e: logger.error(e) org_of_to_user = [] if is_org_context(request): org_id = request.user.org.org_id org_name = request.user.org.org_name if len(org_of_to_user ) == 0 or org_id != org_of_to_user[0].org_id: error_msg = 'User %s is not member of organization %s.' \ % (to_username, org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if len(org_of_to_user) >= 1: error_msg = 'User %s is member of organization %s.' \ % (to_username, org_of_to_user[0].org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % to_username }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_add_share( org_id, repo_id, username, to_username, permission) else: seafile_api.share_repo(repo_id, username, to_username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_username, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "username": to_username, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_username, repo_id, '/', permission) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # share repo to group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) if not group: error_msg = 'Group %s not found.' % to_group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) group_name = group.group_name if not is_group_member(to_group_id, username): error_msg = 'User %s is not member of group %s.' % ( username, group_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % group_name }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo( repo_id, org_id, to_group_id, username, permission) else: seafile_api.set_group_repo(repo_id, to_group_id, username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send( sender=None, from_user=username, group_id=to_group_id, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_group_id, repo_id, '/', permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo if operation == 'unshare': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # unshare repo from user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) for repo_id in valid_repo_id_list: if not self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % to_username }) continue repo_owner = get_repo_owner(request, repo_id) try: # get share permission before unshare operation permission = check_user_share_out_permission( repo_id, '/', to_username, is_org_context(request)) if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. org_id = request.user.org.org_id seafile_api.org_remove_share( org_id, repo_id, repo_owner, to_username) else: seafile_api.remove_share(repo_id, repo_owner, to_username) # Delete share permission at ExtraSharePermission table. ExtraSharePermission.objects.delete_share_permission( repo_id, to_username) # send message send_perm_audit_msg('delete-repo-perm', username, to_username, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "username": to_username, }) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo from group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) group_name = group.group_name if group else '' for repo_id in valid_repo_id_list: if not self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % group_name }) continue try: # get share permission before unshare operation permission = check_group_share_out_permission( repo_id, '/', to_group_id, is_org_context(request)) org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.del_org_group_repo( repo_id, org_id, to_group_id) else: seafile_api.unset_group_repo( repo_id, to_group_id, username) # Delete share permission at ExtraSharePermission table. ExtraGroupsSharePermission.objects.delete_share_permission( repo_id, to_group_id) # send message send_perm_audit_msg('delete-repo-perm', username, to_group_id, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, }) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) return Response(result)
def put(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_400_BAD_REQUEST, 'Repo not found.') path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_400_BAD_REQUEST, 'Directory not found.') if path != '/': try: sub_repo = self.get_or_create_sub_repo_by_path(request, repo, path) except SearpcError as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub repo') else: sub_repo = None share_type = request.DATA.get('share_type') if share_type != 'user' and share_type != 'group': return api_error(status.HTTP_400_BAD_REQUEST, 'Bad share type') permission = request.DATA.get('permission', 'r') if permission not in ['r', 'rw']: return api_error(status.HTTP_400_BAD_REQUEST, 'Bad permission') shared_repo = repo if path == '/' else sub_repo success, failed = [], [] if share_type == 'user': share_to_users = request.DATA.getlist('username') for to_user in share_to_users: if not is_valid_username(to_user): return api_error(status.HTTP_400_BAD_REQUEST, 'Username must be a valid email address.') if not check_user_share_quota(username, shared_repo, users=[to_user]): return api_error(status.HTTP_403_FORBIDDEN, 'Failed to share: No enough quota.') try: if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_add_share( org_id, shared_repo.id, username, to_user, permission) else: seafile_api.share_repo(shared_repo.id, username, to_user, permission) # send a signal when sharing repo successful share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=shared_repo) success.append({ "share_type": "user", "user_info": { "name": to_user, "nickname": email2nickname(to_user), }, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_user, repo_id, path, permission) except SearpcError as e: logger.error(e) failed.append(to_user) continue if share_type == 'group': group_ids = request.DATA.getlist('group_id') for gid in group_ids: try: gid = int(gid) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'Bad group id: %s' % gid) group = seaserv.get_group(gid) if not group: return api_error(status.HTTP_400_BAD_REQUEST, 'Group not found: %s' % gid) if not check_user_share_quota(username, shared_repo, groups=[group]): return api_error(status.HTTP_403_FORBIDDEN, 'Failed to share: No enough quota.') try: if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo(shared_repo.repo_id, org_id, gid, username, permission) else: seafile_api.set_group_repo(shared_repo.repo_id, gid, username, permission) success.append({ "share_type": "group", "group_info": { "id": gid, "name": group.group_name, }, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, gid, repo_id, path, permission) except SearpcError as e: logger.error(e) failed.append(group.group_name) continue return HttpResponse(json.dumps({ "success": success, "failed": failed }), status=200, content_type=json_content_type)
def post(self, request, repo_id, path, share_type): """ Admin share a library to user/group. Permission checking: 1. admin user. """ # argument check permission = request.data.get('permission', None) if not permission or permission not in ('r', 'rw'): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) result = {} result['failed'] = [] result['success'] = [] share_to = request.data.getlist('share_to') # current `request.user.username` is admin user, # so need to identify the repo owner specifically. repo_owner = seafile_api.get_repo_owner(repo_id) if share_type == 'user': for email in share_to: if repo_owner == email: result['failed'].append({ 'user_email': email, 'error_msg': _(u'User %s is already library owner.') % email }) continue if not is_valid_username(email): result['failed'].append({ 'user_email': email, 'error_msg': _('Email %s invalid.') % email }) continue try: User.objects.get(email=email) except User.DoesNotExist: result['failed'].append({ 'user_email': email, 'error_msg': 'User %s not found.' % email }) continue try: if path == '/': seafile_api.share_repo(repo_id, repo_owner, email, permission) else: seafile_api.share_subdir_email(repo_id, path, repo_owner, email, permission) except Exception as e: logger.error(e) result['failed'].append({ 'user_email': email, 'error_msg': 'Internal Server Error' }) continue new_perm = seafile_api.check_permission_by_path( repo_id, path, email) result['success'].append({ "repo_id": repo_id, "path": path, "share_type": share_type, "user_email": email, "user_name": email2nickname(email), "permission": new_perm }) if share_type == 'group': for group_id in share_to: try: group_id = int(group_id) except ValueError as e: logger.error(e) result['failed'].append({ 'group_id': group_id, 'error_msg': 'group_id %s invalid.' % group_id }) continue group = ccnet_api.get_group(group_id) if not group: result['failed'].append({ 'group_id': group_id, 'error_msg': 'Group %s not found' % group_id }) continue try: if path == '/': seafile_api.set_group_repo(repo_id, group_id, repo_owner, permission) else: seafile_api.share_subdir_to_group( repo_id, path, repo_owner, group_id, permission) except Exception as e: logger.error(e) result['failed'].append({ "group_id": group_id, 'error_msg': 'Internal Server Error' }) continue result['success'].append({ "repo_id": repo_id, "path": path, "share_type": share_type, "group_id": group_id, "group_name": group.group_name, "permission": permission }) return Response(result)
def post(self, request): # argument check operation = request.data.get('operation', None) if not operation: error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # operation could be `share`, `unshare`, `delete`, `transfer` # we now only use `share`, `unshare` if operation not in ('share', 'unshare'): error_msg = 'operation can only be "share", "unshare".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) result = {} result['failed'] = [] result['success'] = [] username = request.user.username repo_id_list = request.data.getlist('repo_id') valid_repo_id_list = [] # filter out invalid repo id for repo_id in repo_id_list: if not seafile_api.get_repo(repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Library %s not found.' % repo_id }) continue repo_owner = get_repo_owner(request, repo_id) if repo_owner != username and not is_repo_admin(username, repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Permission denied.' }) continue valid_repo_id_list.append(repo_id) # share repo if operation == 'share': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) permission = request.data.get('permission', 'rw') if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # share repo to user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=to_username) except User.DoesNotExist: error_msg = 'User %s not found.' % to_username return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check if to_user is an org user try: org_of_to_user = ccnet_api.get_orgs_by_user(to_username) except Exception as e: logger.error(e) org_of_to_user = [] if is_org_context(request): org_id = request.user.org.org_id org_name = request.user.org.org_name if len(org_of_to_user) == 0 or org_id != org_of_to_user[0].org_id: error_msg = 'User %s is not member of organization %s.' \ % (to_username, org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if len(org_of_to_user) >= 1: error_msg = 'User %s is member of organization %s.' \ % (to_username, org_of_to_user[0].org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % to_username }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_add_share(org_id, repo_id, username, to_username, permission) else: seafile_api.share_repo( repo_id, username, to_username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_username, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "username": to_username, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_username, repo_id, '/', permission) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # share repo to group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) if not group: error_msg = 'Group %s not found.' % to_group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) group_name = group.group_name if not is_group_member(to_group_id, username): error_msg = 'User %s is not member of group %s.' % (username, group_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % group_name }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo( repo_id, org_id, to_group_id, username, permission) else: seafile_api.set_group_repo( repo_id, to_group_id, username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=to_group_id, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_group_id, repo_id, '/', permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo if operation == 'unshare': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # unshare repo from user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) for repo_id in valid_repo_id_list: if not self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % to_username }) continue repo_owner = get_repo_owner(request, repo_id) try: # get share permission before unshare operation permission = check_user_share_out_permission(repo_id, '/', to_username, is_org_context(request)) if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. org_id = request.user.org.org_id seafile_api.org_remove_share(org_id, repo_id, repo_owner, to_username) else: seafile_api.remove_share(repo_id, repo_owner, to_username) # Delete share permission at ExtraSharePermission table. ExtraSharePermission.objects.delete_share_permission(repo_id, to_username) # send message send_perm_audit_msg('delete-repo-perm', username, to_username, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "username": to_username, }) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo from group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) group_name = group.group_name if group else '' for repo_id in valid_repo_id_list: if not self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % group_name }) continue try: # get share permission before unshare operation permission = check_group_share_out_permission(repo_id, '/', to_group_id, is_org_context(request)) org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.del_org_group_repo(repo_id, org_id, to_group_id) else: seafile_api.unset_group_repo( repo_id, to_group_id, username) # Delete share permission at ExtraSharePermission table. ExtraGroupsSharePermission.objects.delete_share_permission(repo_id, to_group_id) # send message send_perm_audit_msg('delete-repo-perm', username, to_group_id, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, }) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) return Response(result)
def share_repo_to_group_with_admin_permission(self): seafile_api.set_group_repo( self.repo.id, self.group.id, self.user.username, 'rw') ExtraGroupsSharePermission.objects.create_share_permission(self.repo.id, self.group.id, 'admin')
def put(self, request, repo_id, format=None): """ transfer a library Permission checking: 1. only admin can perform this action. """ repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) new_owner = request.data.get('owner', None) if not new_owner: error_msg = 'owner invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=new_owner) except User.DoesNotExist: error_msg = 'User %s not found.' % new_owner return api_error(status.HTTP_404_NOT_FOUND, error_msg) if MULTI_TENANCY: try: if seafserv_threaded_rpc.get_org_id_by_repo_id(repo_id) > 0: error_msg = 'Can not transfer organization library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if ccnet_api.get_orgs_by_user(new_owner): error_msg = 'Can not transfer library to organization user %s' % new_owner return api_error(status.HTTP_403_FORBIDDEN, error_msg) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) repo_owner = seafile_api.get_repo_owner(repo_id) # get repo shared to user/group list shared_users = seafile_api.list_repo_shared_to( repo_owner, repo_id) shared_groups = seafile_api.list_repo_shared_group_by_user( repo_owner, repo_id) # get all pub repos pub_repos = [] if not request.cloud_mode: pub_repos = seafile_api.list_inner_pub_repos_by_owner(repo_owner) # transfer repo seafile_api.set_repo_owner(repo_id, new_owner) # reshare repo to user for shared_user in shared_users: shared_username = shared_user.user if new_owner == shared_username: continue seafile_api.share_repo(repo_id, new_owner, shared_username, shared_user.perm) # reshare repo to group for shared_group in shared_groups: shared_group_id = shared_group.group_id if not ccnet_api.is_group_user(shared_group_id, new_owner): continue seafile_api.set_group_repo(repo_id, shared_group_id, new_owner, shared_group.perm) # check if current repo is pub-repo # if YES, reshare current repo to public for pub_repo in pub_repos: if repo_id != pub_repo.id: continue seafile_api.add_inner_pub_repo(repo_id, pub_repo.permission) break repo = seafile_api.get_repo(repo_id) repo_info = get_repo_info(repo) return Response(repo_info)