Exemplo n.º 1
0
def upload_file_done(request):
    """Send a message when a file is uploaded.

    Arguments:
    - `request`:
    """
    ct = 'application/json; charset=utf-8'
    result = {}

    filename = request.GET.get('fn', '')
    if not filename:
        result['error'] = _('Argument missing')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)
    repo_id = request.GET.get('repo_id', '')
    if not repo_id:
        result['error'] = _('Argument missing')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)
    path = request.GET.get('p', '')
    if not path:
        result['error'] = _('Argument missing')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)

    # a few checkings
    if not seafile_api.get_repo(repo_id):
        result['error'] = _('Wrong repo id')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)

    # get upload link share creator
    token = request.GET.get('token', '')
    if not token:
        result['error'] = _('Argument missing')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)

    uls = UploadLinkShare.objects.get_valid_upload_link_by_token(token)
    if uls is None:
        result['error'] = _('Bad upload link token.')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)
    creator = uls.username

    file_path = path.rstrip('/') + '/' + filename
    if seafile_api.get_file_id_by_path(repo_id, file_path) is None:
        result['error'] = _('File does not exist')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)

    # send singal
    upload_file_successful.send(sender=None,
                                repo_id=repo_id,
                                file_path=file_path,
                                owner=creator)

    return HttpResponse(json.dumps({'success': True}), content_type=ct)
Exemplo n.º 2
0
def upload_file_done(request):
    """Send a message when a file is uploaded.
    
    Arguments:
    - `request`:
    """
    ct = 'application/json; charset=utf-8'
    result = {}  
    
    filename = request.GET.get('fn', '')
    if not filename:
        result['error'] = _('Argument missing')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)
    repo_id = request.GET.get('repo_id', '')
    if not repo_id:
        result['error'] = _('Argument missing')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)
    path = request.GET.get('p', '')
    if not path:  
        result['error'] = _('Argument missing')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)

    # a few checkings
    if not seafile_api.get_repo(repo_id):
        result['error'] = _('Wrong repo id')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)

    owner = seafile_api.get_repo_owner(repo_id)
    if not owner:
        result['error'] = _('Wrong repo id')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)

    file_path = path.rstrip('/') + '/' + filename
    if seafile_api.get_file_id_by_path(repo_id, file_path) is None:
        result['error'] = _('File does not exist')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)

    # send singal
    upload_file_successful.send(sender=None,
                                repo_id=repo_id,
                                file_path=file_path,
                                owner=owner)

    return HttpResponse(json.dumps({'success': True}), content_type=ct)
Exemplo n.º 3
0
def upload_file_done(request):
    """Send a message when a file is uploaded.
    
    Arguments:
    - `request`:
    """
    ct = 'application/json; charset=utf-8'
    result = {}

    filename = request.GET.get('fn', '')
    if not filename:
        result['error'] = _('Argument missing')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)
    repo_id = request.GET.get('repo_id', '')
    if not repo_id:
        result['error'] = _('Argument missing')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)
    path = request.GET.get('p', '')
    if not path:
        result['error'] = _('Argument missing')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)

    # a few checkings
    if not seafile_api.get_repo(repo_id):
        result['error'] = _('Wrong repo id')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)

    owner = seafile_api.get_repo_owner(repo_id)
    if not owner:
        result['error'] = _('Wrong repo id')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)

    file_path = path.rstrip('/') + '/' + filename
    if seafile_api.get_file_id_by_path(repo_id, file_path) is None:
        result['error'] = _('File does not exist')
        return HttpResponse(json.dumps(result), status=400, content_type=ct)

    # send singal
    upload_file_successful.send(sender=None,
                                repo_id=repo_id,
                                file_path=file_path,
                                owner=owner)

    return HttpResponse(json.dumps({'success': True}), content_type=ct)
Exemplo n.º 4
0
    def post(self, request, token):

        """ Only used for saving notification after user upload file via folder share link and upload link.

        Permission checking:
        1, If enable SHARE_LINK_LOGIN_REQUIRED, user must have been authenticated.
        2, If enable ENABLE_SHARE_LINK_AUDIT, user must have been authenticated, or have been audited.
        3, If share link is encrypted, share link password must have been checked.
        4, Share link must be a folder share link and has can_upload permission.
        """

        # resource check

        share_link = None
        upload_link = None

        try:
            share_link = FileShare.objects.get(token=token)
        except FileShare.DoesNotExist:
            upload_link = UploadLinkShare.objects.get(token=token)
        except UploadLinkShare.DoesNotExist:
            error_msg = 'token %s not found.' % token
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)

        if share_link:

            # check if login required
            if SHARE_LINK_LOGIN_REQUIRED and \
                    not request.user.is_authenticated:
                error_msg = 'Permission denied.'
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

            # check share link audit
            if is_pro_version() and ENABLE_SHARE_LINK_AUDIT and \
                    not request.user.is_authenticated and \
                    not request.session.get('anonymous_email'):
                error_msg = 'Permission denied.'
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

            # check share link validation
            if share_link.is_encrypted() and not check_share_link_access(request, token):
                error_msg = 'Share link is encrypted.'
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

            if not share_link.get_permissions()['can_upload']:
                error_msg = 'Share link has no can_upload permission'
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

            if share_link.is_expired():
                error_msg = 'Share link is expired'
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

            if not share_link.is_dir_share_link():
                error_msg = 'Share link %s is not a folder share link.' % token
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            # recourse check
            repo_id = share_link.repo_id
            repo = seafile_api.get_repo(repo_id)
            if not repo:
                error_msg = 'Library %s not found.' % repo_id
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            parent_dir = share_link.path
            if seafile_api.check_permission_by_path(repo_id, parent_dir, share_link.username) != 'rw':
                error_msg = 'Permission denied.'
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

            file_path = request.data.get('file_path')
            if not file_path:
                error_msg = 'file_path invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            file_id = seafile_api.get_file_id_by_path(repo_id, file_path)
            if not file_id:
                error_msg = 'File %s not found.' % file_path
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            # send singal
            upload_file_successful.send(sender=None,
                                        repo_id=repo_id,
                                        file_path=file_path,
                                        owner=share_link.username)

            return Response({'success': True})

        if upload_link:

            if upload_link.is_encrypted() and not check_share_link_access(request,
                                                                          token,
                                                                          is_upload_link=True):
                error_msg = 'Permission denied.'
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

            if upload_link.is_expired():
                error_msg = 'Upload link is expired'
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

            repo_id = upload_link.repo_id
            repo = seafile_api.get_repo(repo_id)
            if not repo:
                error_msg = 'Library %s not found.' % repo_id
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            parent_dir = upload_link.path
            if seafile_api.check_permission_by_path(repo_id, parent_dir, upload_link.username) != 'rw':
                error_msg = 'Permission denied.'
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

            file_path = request.data.get('file_path')
            if not file_path:
                error_msg = 'file_path invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            file_id = seafile_api.get_file_id_by_path(repo_id, file_path)
            if not file_id:
                error_msg = 'File %s not found.' % file_path
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            upload_file_successful.send(sender=None,
                                        repo_id=repo_id,
                                        file_path=file_path,
                                        owner=upload_link.username)

            return Response({'success': True})