def put(self, request, repo_id, org_id):
""" Update repo user share permission.
Permission checking:
1. is group admin
"""
# parameter check
to_user = request.data.get('username', None)
if not to_user:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not is_valid_username(to_user):
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
permission = request.data.get('permission', PERMISSION_READ)
if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = request.data.get('path', '/')
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
error_msg = 'User %s not found.' % to_user
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
update_user_dir_permission(repo_id, path, repo_owner, to_user, permission, org_id)
send_perm_audit_msg('modify-repo-perm', username, to_user, repo_id, path, permission)
return Response({'success': True})
def put(self, request, repo_id, org_id):
""" Update repo user share permission.
Permission checking:
1. is group admin
"""
# parameter check
to_user = request.data.get('username', None)
if not to_user:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not is_valid_username(to_user):
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
permission = request.data.get('permission', PERMISSION_READ)
if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = request.data.get('path', '/')
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
error_msg = 'User %s not found.' % to_user
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
update_user_dir_permission(repo_id, path, repo_owner, to_user, permission, org_id)
send_perm_audit_msg('modify-repo-perm', username, to_user, repo_id, path, permission)
return Response({'success': True})
def put(self, request, repo, path, share_type):
""" Update user/group share permission.
Permission checking:
1. admin user.
"""
# argument check
permission = request.data.get('permission', None)
if not permission or permission not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
share_info = {}
share_info['repo_id'] = repo.repo_id
share_info['path'] = path
share_info['share_type'] = share_type
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo.repo_id)
username = request.user.username
share_to = request.data.get('share_to', None)
if share_type == 'user':
email = share_to
if not email or not is_valid_username(email):
error_msg = 'email %s invalid.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not has_shared_to_user(repo.repo_id, path, email):
error_msg = 'Shared items not found'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
update_user_dir_permission(repo.repo_id, path, repo_owner,
email, permission)
send_perm_audit_msg('modify-repo-perm', username, email,
repo.repo_id, path, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
share_info['user_email'] = email
share_info['user_name'] = email2nickname(email)
share_info[
'permission'] = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission
share_info['is_admin'] = permission == PERMISSION_ADMIN
if share_type == 'group':
group_id = share_to
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id %s invalid.' % group_id
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %s not found' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not has_shared_to_group(repo.repo_id, path, group_id):
error_msg = 'Shared items not found'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
update_group_dir_permission(repo.repo_id, path, repo_owner,
group_id, permission)
send_perm_audit_msg('modify-repo-perm', username, group_id,
repo.repo_id, path, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
share_info['group_id'] = group_id
share_info['group_name'] = group.group_name
share_info[
'permission'] = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission
share_info['is_admin'] = permission == PERMISSION_ADMIN
return Response(share_info)
def post(self, request, repo_id, format=None):
"""Update shared item permission.
"""
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND,
'Folder %s not found.' % path)
permission = request.data.get('permission', PERMISSION_READ)
if permission not in get_available_repo_perms():
return api_error(status.HTTP_400_BAD_REQUEST,
'permission invalid.')
repo_owner = self.get_repo_owner(request, repo_id)
if repo_owner != username and not is_repo_admin(username, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST,
'Email %s invalid.' % shared_to)
try:
User.objects.get(email=shared_to)
except User.DoesNotExist:
return api_error(status.HTTP_400_BAD_REQUEST,
'Invalid user, should be registered')
if is_org_context(request):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
repo_owner = seafile_api.get_org_repo_owner(repo_id)
org_id = request.user.org.org_id
update_user_dir_permission(repo_id, path, repo_owner,
shared_to, permission, org_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
update_user_dir_permission(repo_id, path, repo_owner,
shared_to, permission)
send_perm_audit_msg('modify-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
gid = request.GET.get('group_id')
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST,
'group_id %s invalid.' % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_404_NOT_FOUND,
'Group %s not found.' % gid)
if is_org_context(request):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
repo_owner = seafile_api.get_org_repo_owner(repo_id)
org_id = request.user.org.org_id
update_group_dir_permission(repo_id, path, repo_owner, gid,
permission, org_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
update_group_dir_permission(repo_id, path, repo_owner, gid,
permission, None)
send_perm_audit_msg('modify-repo-perm', username, gid, repo_id,
path, permission)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=json_content_type)
def put(self, request, repo_id, format=None):
""" Update permission of a shared repo.
Permission checking:
1. Only repo owner can update.
"""
# argument check
permission = request.data.get('permission', None)
if permission not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('personal', 'group', 'public'):
error_msg = "share_type can only be 'personal' or 'group' or 'public'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# update share permission
if share_type == 'personal':
shared_to = request.data.get('user', None)
if not shared_to or not is_valid_username(shared_to):
error_msg = 'user invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
if is_org_context(request):
org_id = request.user.org.org_id
update_user_dir_permission(repo_id, '/', repo_owner,
shared_to, permission, org_id)
else:
update_user_dir_permission(repo_id, '/', repo_owner,
shared_to, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
send_perm_audit_msg('modify-repo-perm', username, shared_to,
repo_id, '/', permission)
if share_type == 'group':
group_id = request.data.get('group_id', None)
if not group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id must be integer.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
if is_org_context(request):
org_id = request.user.org.org_id
update_group_dir_permission(repo_id, '/', repo_owner,
group_id, permission, org_id)
else:
update_group_dir_permission(repo_id, '/', repo_owner,
group_id, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
send_perm_audit_msg('modify-repo-perm', username, group_id,
repo_id, '/', permission)
if share_type == 'public':
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.set_org_inner_pub_repo(org_id, repo_id,
permission)
else:
if not request.user.permissions.can_add_public_repo():
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
seafile_api.add_inner_pub_repo(repo_id, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
send_perm_audit_msg('modify-repo-perm', username, 'all', repo_id,
'/', permission)
return Response({'success': True})
def put(self, request, repo, path, share_type):
""" Update user/group share permission.
Permission checking:
1. admin user.
"""
# argument check
permission = request.data.get('permission', None)
if not permission or permission not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
share_info = {}
share_info['repo_id'] = repo.repo_id
share_info['path'] = path
share_info['share_type'] = share_type
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo.repo_id)
username = request.user.username
share_to = request.data.get('share_to', None)
if share_type == 'user':
email = share_to
if not email or not is_valid_username(email):
error_msg = 'email %s invalid.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not has_shared_to_user(repo.repo_id, path, email):
error_msg = 'Shared items not found'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
update_user_dir_permission(repo.repo_id, path, repo_owner, email, permission)
send_perm_audit_msg('modify-repo-perm', username, email,
repo.repo_id, path, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
share_info['user_email'] = email
share_info['user_name'] = email2nickname(email)
share_info['permission'] = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission
share_info['is_admin'] = permission == PERMISSION_ADMIN
if share_type == 'group':
group_id = share_to
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id %s invalid.' % group_id
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %s not found' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not has_shared_to_group(repo.repo_id, path, group_id):
error_msg = 'Shared items not found'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
update_group_dir_permission(repo.repo_id, path, repo_owner, group_id, permission)
send_perm_audit_msg('modify-repo-perm', username, group_id,
repo.repo_id, path, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
share_info['group_id'] = group_id
share_info['group_name'] = group.group_name
share_info['permission'] = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission
share_info['is_admin'] = permission == PERMISSION_ADMIN
return Response(share_info)
def put(self, request, repo_id, format=None):
""" Update permission of a shared repo.
Permission checking:
1. Only repo owner can update.
"""
# argument check
permission = request.data.get('permission', None)
if permission not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('personal', 'group', 'public'):
error_msg = "share_type can only be 'personal' or 'group' or 'public'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# update share permission
if share_type == 'personal':
shared_to = request.data.get('user', None)
if not shared_to or not is_valid_username(shared_to):
error_msg = 'user invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
if is_org_context(request):
org_id = request.user.org.org_id
update_user_dir_permission(repo_id, '/', repo_owner, shared_to, permission, org_id)
else:
update_user_dir_permission(repo_id, '/', repo_owner, shared_to, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
send_perm_audit_msg('modify-repo-perm', username,
shared_to, repo_id, '/', permission)
if share_type == 'group':
group_id = request.data.get('group_id', None)
if not group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id must be integer.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
if is_org_context(request):
org_id = request.user.org.org_id
update_group_dir_permission(repo_id, '/', repo_owner, group_id, permission, org_id)
else:
update_group_dir_permission(repo_id, '/', repo_owner, group_id, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
send_perm_audit_msg('modify-repo-perm', username,
group_id, repo_id, '/', permission)
if share_type == 'public':
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.set_org_inner_pub_repo(org_id, repo_id, permission)
else:
if not request.user.permissions.can_add_public_repo():
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
seafile_api.add_inner_pub_repo(repo_id, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
send_perm_audit_msg('modify-repo-perm', username,
'all', repo_id, '/', permission)
return Response({'success': True})
