def put(self, request, group_id, email):
"""
Set/unset a specific group member as admin.
"""
username = request.user.username
is_admin = request.data.get('is_admin', '')
try:
# only group owner can set/unset a specific group member as admin
if not is_group_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if not is_group_member(group_id, email):
error_msg = 'Email %s invalid.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# set/unset a specific group member as admin
if is_admin.lower() == 'true':
ccnet_api.group_set_admin(group_id, email)
elif is_admin.lower() == 'false':
ccnet_api.group_unset_admin(group_id, email)
else:
error_msg = 'is_admin invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
member_info = get_group_member_info(request, group_id, email)
return Response(member_info)
def put(self, request, group_id):
""" Admin transfer a group
Permission checking:
1. Admin user;
"""
# argument check
new_owner = request.data.get('new_owner', None)
if not new_owner or not is_valid_username(new_owner):
error_msg = 'new_owner %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
group_id = int(group_id) # Checked by URL Conf
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %d not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check if new_owner exists,
# NOT need to check old_owner for old_owner may has been deleted.
try:
User.objects.get(email=new_owner)
except User.DoesNotExist:
error_msg = 'User %s not found.' % new_owner
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
old_owner = group.creator_name
if new_owner == old_owner:
error_msg = _(u'User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
try:
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, old_owner, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, old_owner)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# send admin operation log signal
admin_op_detail = {
"id": group_id,
"name": group.group_name,
"from": old_owner,
"to": new_owner,
}
admin_operation.send(sender=None, admin_name=request.user.username,
operation=GROUP_TRANSFER, detail=admin_op_detail)
group_info = get_group_info(group_id)
return Response(group_info)
def put(self, request, group_id, email):
"""
Set/unset a specific group member as admin.
"""
username = request.user.username
is_admin = request.data.get('is_admin', '')
try:
# only group owner can set/unset a specific group member as admin
if not is_group_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if not is_group_member(group_id, email):
error_msg = 'Email %s invalid.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# set/unset a specific group member as admin
if is_admin.lower() == 'true':
ccnet_api.group_set_admin(group_id, email)
elif is_admin.lower() == 'false':
ccnet_api.group_unset_admin(group_id, email)
else:
error_msg = 'is_admin invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
member_info = get_group_member_info(request, group_id, email)
return Response(member_info)
def test_can_clean_department_repo_trash(self):
if not LOCAL_PRO_DEV_ENV:
return
# create a department
group_id = ccnet_api.create_group('department_test',
'system admin',
parent_group_id=-1)
seafile_api.set_group_quota(group_id, -2)
repo_id = seafile_api.add_group_owned_repo(group_id, 'dep_test', 'rw')
repo_owner = seafile_api.get_repo_owner(repo_id)
assert '@seafile_group' in repo_owner
group_repos = seafile_api.get_repos_by_group(group_id)
assert len(group_repos) == 1
group = ccnet_api.get_group(group_id)
# department add user
ccnet_api.group_add_member(group_id, group.creator_name,
self.user_name)
ccnet_api.group_add_member(group_id, group.creator_name,
self.tmp_user.username)
ccnet_api.group_set_admin(group_id, self.user_name)
ccnet_api.group_unset_admin(group_id, self.tmp_user.username)
assert is_group_admin(group_id, self.user_name)
assert not is_group_admin(group_id, self.tmp_user.username)
file_name = 'dep_test.txt'
self.create_file(repo_id=repo_id,
parent_dir='/',
filename=file_name,
username=self.user_name)
# delete a file first
seafile_api.del_file(repo_id, '/', file_name, self.user_name)
# get trash item count
self.login_as(self.user)
resp = self.client.get(reverse('api-v2.1-repo-trash', args=[repo_id]))
json_resp = json.loads(resp.content)
assert len(json_resp['data']) > 0
# department member can not clean trash
self.logout()
self.login_as(self.tmp_user)
resp = self.client.delete(self.url)
self.assertEqual(403, resp.status_code)
# department admin can clean library trash
self.logout()
self.login_as(self.user)
ccnet_api.group_set_admin(group_id, self.user_name)
resp = self.client.delete(self.url)
self.assertEqual(200, resp.status_code)
# get trash item count again
resp = self.client.get(self.url)
json_resp = json.loads(resp.content)
assert len(json_resp['data']) == 0
def put(self, request, group_id):
""" Admin transfer a group
Permission checking:
1. Admin user;
"""
# argument check
new_owner = request.data.get('new_owner', None)
if not new_owner or not is_valid_username(new_owner):
error_msg = 'new_owner %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
group_id = int(group_id) # Checked by URL Conf
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %d not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check if new_owner exists,
# NOT need to check old_owner for old_owner may has been deleted.
try:
User.objects.get(email=new_owner)
except User.DoesNotExist:
error_msg = 'User %s not found.' % new_owner
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
old_owner = group.creator_name
if new_owner == old_owner:
error_msg = _(u'User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
try:
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, old_owner, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, old_owner)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
group_info = get_group_info(group_id)
return Response(group_info)
def put(self, request, group_id, email, format=None):
""" update role of a group member
Permission checking:
1. only admin can perform this action.
"""
if not request.user.admin_permissions.can_manage_group():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
# argument check
group_id = int(group_id)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %d not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
if not is_group_member(group_id, email):
error_msg = 'Email %s invalid.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
is_admin = request.data.get('is_admin', '')
try:
# set/unset a specific group member as admin
if is_admin.lower() == 'true':
ccnet_api.group_set_admin(group_id, email)
elif is_admin.lower() == 'false':
ccnet_api.group_unset_admin(group_id, email)
else:
error_msg = 'is_admin invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
member_info = get_group_member_info(request, group_id, email)
return Response(member_info)
def put(self, request, group_id, email, format=None):
""" update role of a group member
Permission checking:
1. only admin can perform this action.
"""
# argument check
group_id = int(group_id)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %d not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
if not is_group_member(group_id, email):
error_msg = 'Email %s invalid.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
is_admin = request.data.get('is_admin', '')
try:
# set/unset a specific group member as admin
if is_admin.lower() == 'true':
ccnet_api.group_set_admin(group_id, email)
elif is_admin.lower() == 'false':
ccnet_api.group_unset_admin(group_id, email)
else:
error_msg = 'is_admin invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
member_info = get_group_member_info(request, group_id, email)
return Response(member_info)
def test_can_set_department_repo(self):
if not LOCAL_PRO_DEV_ENV:
return
# create a department
group_id = ccnet_api.create_group('department_test',
'system admin',
parent_group_id=-1)
seafile_api.set_group_quota(group_id, -2)
repo_id = seafile_api.add_group_owned_repo(group_id, 'dep_test', 'rw')
repo_owner = seafile_api.get_repo_owner(repo_id)
assert '@seafile_group' in repo_owner
group_repos = seafile_api.get_repos_by_group(group_id)
assert len(group_repos) == 1
group = ccnet_api.get_group(group_id)
# department add user
ccnet_api.group_add_member(group_id, group.creator_name,
self.user.username)
ccnet_api.group_add_member(group_id, group.creator_name,
self.tmp_user.username)
ccnet_api.group_set_admin(group_id, self.user.username)
ccnet_api.group_unset_admin(group_id, self.tmp_user.username)
assert is_group_admin(group_id, self.user.username)
assert not is_group_admin(group_id, self.tmp_user.username)
url = reverse("api2-repo-history-limit", args=[repo_id])
self.config.ENABLE_REPO_HISTORY_SETTING = True
# department member can not set
self.logout()
self.login_as(self.tmp_user)
data = 'keep_days=%s' % 6
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(403, resp.status_code)
# department admin can set
self.logout()
self.login_as(self.user)
data = 'keep_days=%s' % 6
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
self.remove_group(group_id)
self.remove_repo(repo_id)
def put(self, request, group_id):
""" Rename, transfer a specific group
"""
username = request.user.username
new_group_name = request.data.get('name', None)
# rename a group
if new_group_name:
try:
# only group owner/admin can rename a group
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# Check whether group name is validate.
if not validate_group_name(new_group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, new_group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
seaserv.ccnet_threaded_rpc.set_group_name(group_id, new_group_name)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_owner = request.data.get('owner', None)
# transfer a group
if new_owner:
try:
# only group owner can transfer a group
if not is_group_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if not is_valid_username(new_owner):
error_msg = 'Email %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_group_owner(group_id, new_owner):
error_msg = _(u'User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, username, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
wiki_enabled = request.data.get('wiki_enabled', None)
# turn on/off group wiki
if wiki_enabled:
try:
# only group owner/admin can turn on a group wiki
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if wiki_enabled != 'true' and wiki_enabled != 'false':
error_msg = 'wiki_enabled invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# turn on/off group wiki
if wiki_enabled == 'true':
enable_mod_for_group(group_id, MOD_GROUP_WIKI)
else:
disable_mod_for_group(group_id, MOD_GROUP_WIKI)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
group_info = get_group_info(request, group_id)
return Response(group_info)
def put(self, request, group_id):
""" Rename, transfer a specific group
"""
username = request.user.username
new_group_name = request.data.get('name', None)
# rename a group
if new_group_name:
try:
# only group owner/admin can rename a group
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# Check whether group name is validate.
if not validate_group_name(new_group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, new_group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
seaserv.ccnet_threaded_rpc.set_group_name(group_id, new_group_name)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_owner = request.data.get('owner', None)
# transfer a group
if new_owner:
try:
# only group owner can transfer a group
if not is_group_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if not is_valid_username(new_owner):
error_msg = 'Email %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_group_owner(group_id, new_owner):
error_msg = _(u'User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, username, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
wiki_enabled = request.data.get('wiki_enabled', None)
# turn on/off group wiki
if wiki_enabled:
try:
# only group owner/admin can turn on a group wiki
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if wiki_enabled != 'true' and wiki_enabled != 'false':
error_msg = 'wiki_enabled invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# turn on/off group wiki
if wiki_enabled == 'true':
enable_mod_for_group(group_id, MOD_GROUP_WIKI)
else:
disable_mod_for_group(group_id, MOD_GROUP_WIKI)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
group_info = get_group_info(request, group_id)
return Response(group_info)
def put(self, request, group_id):
""" Admin update a group
1. transfer a group.
2. set group quota.
3. rename group.
Permission checking:
1. Admin user;
"""
if not request.user.admin_permissions.can_manage_group():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
# recourse check
group_id = int(group_id) # Checked by URL Conf
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %d not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
new_owner = request.data.get('new_owner', '')
if new_owner:
if not is_valid_username(new_owner):
error_msg = 'new_owner %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# check if new_owner exists,
# NOT need to check old_owner for old_owner may has been deleted.
try:
User.objects.get(email=new_owner)
except User.DoesNotExist:
error_msg = 'User %s not found.' % new_owner
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
old_owner = group.creator_name
if new_owner == old_owner:
error_msg = _('User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
try:
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, old_owner, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, old_owner)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
# send admin operation log signal
admin_op_detail = {
"id": group_id,
"name": group.group_name,
"from": old_owner,
"to": new_owner,
}
admin_operation.send(sender=None,
admin_name=request.user.username,
operation=GROUP_TRANSFER,
detail=admin_op_detail)
# set group quota
group_quota = request.data.get('quota', '')
if group_quota:
try:
group_quota = int(group_quota)
except ValueError:
error_msg = 'quota invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not (group_quota > 0 or group_quota == -2):
error_msg = 'quota invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
seafile_api.set_group_quota(group_id, group_quota)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
new_name = request.data.get('name', '')
if new_name:
if not validate_group_name(new_name):
error_msg = _(
'Name can only contain letters, numbers, spaces, hyphen, dot, single quote, brackets or underscore.'
)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if check_group_name_conflict(request, new_name):
error_msg = _('There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
ccnet_api.set_group_name(group_id, new_name)
set_group_name_cache(group_id, new_name)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
group_info = get_group_info(group_id)
return Response(group_info)
def put(self, request, group_id):
""" Admin update a group
1. transfer a group.
2. set group quota
Permission checking:
1. Admin user;
"""
# recourse check
group_id = int(group_id) # Checked by URL Conf
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %d not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
new_owner = request.data.get('new_owner', '')
if new_owner:
if not is_valid_username(new_owner):
error_msg = 'new_owner %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# check if new_owner exists,
# NOT need to check old_owner for old_owner may has been deleted.
try:
User.objects.get(email=new_owner)
except User.DoesNotExist:
error_msg = 'User %s not found.' % new_owner
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
old_owner = group.creator_name
if new_owner == old_owner:
error_msg = _(u'User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
try:
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, old_owner, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, old_owner)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# send admin operation log signal
admin_op_detail = {
"id": group_id,
"name": group.group_name,
"from": old_owner,
"to": new_owner,
}
admin_operation.send(sender=None, admin_name=request.user.username,
operation=GROUP_TRANSFER, detail=admin_op_detail)
# set group quota
group_quota = request.data.get('quota', '')
if group_quota:
try:
group_quota = int(group_quota)
except ValueError:
error_msg = 'quota invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not (group_quota > 0 or group_quota == -2):
error_msg = 'quota invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
seafile_api.set_group_quota(group_id, group_quota)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
group_info = get_group_info(group_id)
return Response(group_info)
