Exemplo n.º 1
0
    def test_get_with_invalid_repo_permission(self):

        user_shared_repos = \
                seafile_api.get_share_out_repo_list(self.admin_name, -1, -1)
        for repo in user_shared_repos:
            seafile_api.remove_share(repo.repo_id, self.admin_name, repo.user)

        group_shared_repos = seafile_api.get_group_repos_by_owner(
            self.admin_name)
        for repo in group_shared_repos:
            seafile_api.unset_group_repo(repo.repo_id, repo.group_id,
                                         self.admin_name)

        public_shared_repos = seafile_api.list_inner_pub_repos_by_owner(
            self.admin_name)
        for repo in public_shared_repos:
            seafile_api.remove_inner_pub_repo(repo.repo_id)

        self.share_repo_to_user()
        self.share_repo_to_group()
        self.share_repo_to_public()

        # login with admin, then get user's share repo info
        self.login_as(self.admin)
        resp = self.client.get(self.url)
        self.assertEqual(200, resp.status_code)

        json_resp = json.loads(resp.content)
        assert len(json_resp) == 0
Exemplo n.º 2
0
    def test_not_reshare_to_user_after_transfer_repo(self):

        # remove all share
        shared_repos = seafile_api.get_share_in_repo_list(self.admin.username, -1, -1)
        for repo in  shared_repos:
            seafile_api.remove_share(repo.repo_id, self.admin.username,
                    self.user.username)

            seafile_api.remove_share(repo.repo_id, self.user.username,
                    self.admin.username)

        # share user's repo to admin with 'rw' permission
        seafile_api.share_repo(self.user_repo_id, self.user.username,
                self.admin.username, 'rw')

        # assert repo in admin's be shared repo list
        shared_repos = seafile_api.get_share_in_repo_list(self.admin.username, -1, -1)
        assert shared_repos[0].repo_name == self.repo.repo_name

        self.login_as(self.user)

        url = reverse("api2-repo-owner", args=[self.user_repo_id])
        data = 'owner=%s' % self.admin.email

        resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
        self.assertEqual(200, resp.status_code)

        # assert repo NOT in admin's be shared repo list
        shared_repos = seafile_api.get_share_in_repo_list(self.admin.username, -1, -1)
        assert len(shared_repos) == 0
Exemplo n.º 3
0
    def delete(self):
        """
        When delete user, we should also delete group relationships.
        """
        if self.source == "DB":
            source = "DB"
        else:
            source = "LDAP"

        username = self.username

        orgs = []
        if is_pro_version():
            orgs = ccnet_api.get_orgs_by_user(username)

        # remove owned repos
        owned_repos = []
        if orgs:
            for org in orgs:
                owned_repos += seafile_api.get_org_owned_repo_list(
                    org.org_id, username)
        else:
            owned_repos += seafile_api.get_owned_repo_list(username)

        for r in owned_repos:
            seafile_api.remove_repo(r.id)

        # remove shared in repos
        shared_in_repos = []
        if orgs:
            for org in orgs:
                org_id = org.org_id
                shared_in_repos = seafile_api.get_org_share_in_repo_list(
                    org_id, username, -1, -1)

                for r in shared_in_repos:
                    seafile_api.org_remove_share(org_id, r.repo_id, r.user,
                                                 username)
        else:
            shared_in_repos = seafile_api.get_share_in_repo_list(
                username, -1, -1)
            for r in shared_in_repos:
                seafile_api.remove_share(r.repo_id, r.user, username)
        ExtraSharePermission.objects.filter(share_to=username).delete()

        # clear web api and repo sync token
        # when delete user
        try:
            clear_token(self.username)
        except Exception as e:
            logger.error(e)

        # remove current user from joined groups
        ccnet_api.remove_group_user(username)
        ccnet_api.remove_emailuser(source, username)
        Profile.objects.delete_profile_by_user(username)

        if settings.ENABLE_TERMS_AND_CONDITIONS:
            from termsandconditions.models import UserTermsAndConditions
            UserTermsAndConditions.objects.filter(username=username).delete()
Exemplo n.º 4
0
    def tearDown(self):
        seafile_api.remove_share(self.repo_id, self.user_name, self.admin_user)
        seafile_api.unset_group_repo(self.repo_id, self.group_id,
                                     self.user_name)
        seafile_api.remove_inner_pub_repo(self.repo_id)

        self.remove_repo()
Exemplo n.º 5
0
    def delete(self, request, repo_id, org_id, format=None):
        """ User delete a repo shared to him/her.
        """
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            error_msg = 'Library %s not found.' % repo_id
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)

        if not check_folder_permission(request, repo_id, '/'):
            error_msg = 'Permission denied.'
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)

        username = request.user.username
        repo_owner = get_repo_owner(request, repo_id)
        try:
            if org_id:
                is_org = True
                seafile_api.org_remove_share(org_id, repo_id, repo_owner, username)
            else:
                is_org = False
                seafile_api.remove_share(repo_id, repo_owner, username)
        except Exception as e:
            logger.error(e)
            error_msg = 'Internal Server Error'
            return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

        permission = check_user_share_in_permission(repo_id, username, is_org)
        send_perm_audit_msg('delete-repo-perm', repo_owner, username,
                repo_id, '/', permission)

        return Response({'success': True})
Exemplo n.º 6
0
    def delete(self, request, repo_id, org_id, format=None):
        """ User delete a repo shared to him/her.
        """
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            error_msg = 'Library %s not found.' % repo_id
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)

        if not check_folder_permission(request, repo_id, '/'):
            error_msg = 'Permission denied.'
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)

        username = request.user.username
        repo_owner = get_repo_owner(request, repo_id)
        try:
            if org_id:
                is_org = True
                seafile_api.org_remove_share(org_id, repo_id, repo_owner, username)
            else:
                is_org = False
                seafile_api.remove_share(repo_id, repo_owner, username)
        except Exception as e:
            logger.error(e)
            error_msg = 'Internal Server Error'
            return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

        permission = check_user_share_in_permission(repo_id, username, is_org)
        send_perm_audit_msg('delete-repo-perm', repo_owner, username,
                repo_id, '/', permission)

        return Response({'success': True})
def test_share_repo_to_user(repo, permission):
    assert api.check_permission(repo.id, USER) == 'rw'
    assert api.check_permission(repo.id, USER2) is None

    assert api.repo_has_been_shared(repo.id) == False

    api.share_repo(repo.id, USER, USER2, permission)
    assert api.check_permission(repo.id, USER2) == permission

    assert api.repo_has_been_shared(repo.id)

    repos = api.get_share_in_repo_list(USER2, 0, 1)
    assert_repo_with_permission(repo, repos, permission)

    repos = api.get_share_out_repo_list(USER, 0, 1)
    assert_repo_with_permission(repo, repos, permission)

    users = api.list_repo_shared_to(USER, repo.id)
    assert len(users) == 1
    assert users[0].repo_id == repo.id
    assert users[0].user == USER2
    assert users[0].perm == permission

    api.remove_share(repo.id, USER, USER2)
    assert api.check_permission(repo.id, USER2) is None
Exemplo n.º 8
0
    def delete(self, request, repo_id, format=None):
        """ Delete repo user share permission.

        Permission checking:
        1. is group admin
        """

        # parameter check
        to_user = request.data.get('username', None)
        if not to_user:
            error_msg = 'username invalid.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        # permission check
        repo_owner = get_repo_owner(request, repo_id)
        group_id = get_group_id_by_repo_owner(repo_owner)
        username = request.user.username
        if not is_group_admin(group_id, username):
            error_msg = 'Permission denied.'
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)

        path = request.data.get('path', '/')
        if path == '/':
            seafile_api.remove_share(repo_id, repo_owner, to_user)
        else:
            seafile_api.unshare_subdir_for_user(
                    repo_id, path, repo_owner, to_user)

        permission = check_user_share_out_permission(repo_id, path, to_user, False)
        send_perm_audit_msg('delete-repo-perm', username, to_user,
                            repo_id, path, permission)

        return Response({'success': True})
def test_set_share_permission(repo, permission_to_share, permission_to_set):
    assert api.check_permission(repo.id, USER2) == None

    api.share_repo(repo.id, USER, USER2, permission_to_share)
    assert api.check_permission(repo.id, USER2) == permission_to_share

    api.set_share_permission(repo.id, USER, USER2, permission_to_set)
    assert api.check_permission(repo.id, USER2) == permission_to_set

    api.remove_share(repo.id, USER, USER2)
Exemplo n.º 10
0
def test_share_repo_to_user(repo, permission):
    assert api.check_permission(repo.id, USER) == 'rw'
    assert api.check_permission(repo.id, USER2) is None

    api.share_repo(repo.id, USER, USER2, permission)
    assert api.check_permission(repo.id, USER2) == permission

    repos = api.get_share_in_repo_list(USER2, 0, 1)
    assert_repo_with_permission(repo, repos, permission)

    api.remove_share(repo.id, USER, USER2)
    assert api.check_permission(repo.id, USER2) is None
Exemplo n.º 11
0
def test_get_shared_users_by_repo(repo, group, permission):
    ccnet_api.group_add_member(group.id, USER, USER2)
    t_users = api.get_shared_users_by_repo(repo.id)
    assert len(t_users) == 0

    api.share_repo(repo.id, USER, USER2, permission)
    api.set_group_repo(repo.id, group.id, ADMIN_USER, permission)
    t_users = api.get_shared_users_by_repo(repo.id)
    assert len(t_users) == 2

    api.remove_share(repo.id, USER, USER2)
    api.group_unshare_repo(repo.id, group.id, USER)
Exemplo n.º 12
0
    def delete(self, request, repo_id, path, share_type):
        """ Delete user/group share permission.

        Permission checking:
        1. admin user.
        """

        # current `request.user.username` is admin user,
        # so need to identify the repo owner specifically.
        repo_owner = seafile_api.get_repo_owner(repo_id)

        share_to = request.data.get('share_to', None)

        if share_type == 'user':
            email = share_to
            if not email or not is_valid_username(email):
                error_msg = 'email %s invalid.' % email
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            try:
                if path == '/':
                    seafile_api.remove_share(repo_id, repo_owner, email)
                else:
                    seafile_api.unshare_subdir_for_user(
                        repo_id, path, repo_owner, email)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

        if share_type == 'group':
            group_id = share_to
            try:
                group_id = int(group_id)
            except ValueError:
                error_msg = 'group_id %s invalid' % group_id
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            try:
                if path == '/':
                    seafile_api.unset_group_repo(repo_id, group_id, repo_owner)
                else:
                    seafile_api.unshare_subdir_for_group(
                        repo_id, path, repo_owner, group_id)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

        return Response({'success': True})
Exemplo n.º 13
0
def test_share_repo(repo, permission):
    assert api.check_permission(repo.id, USER2) is None

    api.share_repo(repo.id, USER, USER2, permission)
    assert api.check_permission(repo.id, USER2) == permission

    repos = api.get_share_in_repo_list(USER2, 0, 1)
    assert len(repos) == 1
    r = repos[0]
    assert r.id == repo.id
    assert r.permission == permission

    api.remove_share(repo.id, USER, USER2)
    assert api.check_permission(repo.id, USER2) is None
Exemplo n.º 14
0
    def setUp(self):
        self.repo_id = self.repo.id
        self.group_id = self.group.id
        self.user_name = self.user.username
        self.admin_name = self.admin.username
        self.url = reverse('api-v2.1-shared-repos')

        # make sure this user has not sharing any repos
        for x in seafile_api.get_share_out_repo_list(self.user_name, -1, -1):
            seafile_api.remove_share(x.repo_id, self.user_name, x.user)
        assert len(seafile_api.get_share_out_repo_list(self.user_name, -1, -1)) == 0

        for x in seafile_api.get_group_repos_by_owner(self.user_name):
            seafile_api.unset_group_repo(x.repo_id, x.group_id, self.user_name)
        assert len(seafile_api.get_group_repos_by_user(self.user_name)) == 0
Exemplo n.º 15
0
    def delete(self):
        """
        When delete user, we should also delete group relationships.
        """
        if self.source == "DB":
            source = "DB"
        else:
            source = "LDAP"

        username = self.username
        orgs = ccnet_threaded_rpc.get_orgs_by_user(username)

        # remove owned repos
        owned_repos = []
        if orgs:
            for org in orgs:
                owned_repos += seafile_api.get_org_owned_repo_list(
                    org.org_id, username)
        else:
            owned_repos += seafile_api.get_owned_repo_list(username)

        for r in owned_repos:
            seafile_api.remove_repo(r.id)

        # remove shared in repos
        shared_in_repos = []
        if orgs:
            for org in orgs:
                org_id = org.org_id
                shared_in_repos = seafile_api.get_org_share_in_repo_list(
                    org_id, username, -1, -1)

                for r in shared_in_repos:
                    seafile_api.org_remove_share(org_id, r.repo_id, r.user,
                                                 username)
        else:
            shared_in_repos = seafile_api.get_share_in_repo_list(
                username, -1, -1)
            for r in shared_in_repos:
                seafile_api.remove_share(r.repo_id, r.user, username)

        clear_token(username)
        # remove current user from joined groups
        ccnet_api.remove_group_user(username)
        ccnet_api.remove_emailuser(source, username)
        Profile.objects.delete_profile_by_user(username)
Exemplo n.º 16
0
    def test_can_not_get_upload_link_with_invalid_creator_repo_permission(self):

        # user share repo to admin
        seafile_api.share_repo(self.repo_id, self.user_name, self.admin_name, 'rw')

        # admin create upload link
        upload_link = UploadLinkShare.objects.create_upload_link_share(
                self.admin_name, self.repo_id, '/', None, None)
        token = upload_link.token

        # can get url for upload file
        url = reverse('api-v2.1-upload-link-upload', args=[token])
        resp = self.client.get(url)
        self.assertEqual(200, resp.status_code)

        # user unshare repo
        seafile_api.remove_share(self.repo_id, self.user_name, self.admin_name)

        # can not get url for upload file
        url = reverse('api-v2.1-upload-link-upload', args=[token])
        resp = self.client.get(url)
        self.assertEqual(403, resp.status_code)
Exemplo n.º 17
0
Arquivo: rpc.py Projeto: haiwen/seahub
 def delete_shared_user_by_repo_path(self, repo_id, repo_owner, to_user,
                                     path='/', org_id=None):
     """
     """
     if is_valid_org_id(org_id):
         if path == '/':
             return seafile_api.org_remove_share(org_id, repo_id, repo_owner, to_user)
         else:
             return seafile_api.org_unshare_subdir_for_user(
                 org_id, repo_id, path, repo_owner, to_user)
     else:
         if path == '/':
             return seafile_api.remove_share(repo_id, repo_owner, to_user)
         else:
             return seafile_api.unshare_subdir_for_user(
                 repo_id, path, repo_owner, to_user)
Exemplo n.º 18
0
 def delete_shared_user_by_repo_path(self,
                                     repo_id,
                                     repo_owner,
                                     to_user,
                                     path='/',
                                     org_id=None):
     """
     """
     if is_valid_org_id(org_id):
         if path == '/':
             return seafile_api.org_remove_share(org_id, repo_id,
                                                 repo_owner, to_user)
         else:
             return seafile_api.org_unshare_subdir_for_user(
                 org_id, repo_id, path, repo_owner, to_user)
     else:
         if path == '/':
             return seafile_api.remove_share(repo_id, repo_owner, to_user)
         else:
             return seafile_api.unshare_subdir_for_user(
                 repo_id, path, repo_owner, to_user)
Exemplo n.º 19
0
def test_user_management(repo):
    email1 = '%s@%s.com' % (randstring(6), randstring(6))
    email2 = '%s@%s.com' % (randstring(6), randstring(6))
    passwd1 = 'randstring(6)'
    passwd2 = 'randstring(6)'

    ccnet_api.add_emailuser(email1, passwd1, 1, 1)
    ccnet_api.add_emailuser(email2, passwd2, 0, 0)

    ccnet_email1 = ccnet_api.get_emailuser(email1)
    ccnet_email2 = ccnet_api.get_emailuser(email2)
    assert ccnet_email1.is_active == True
    assert ccnet_email1.is_staff == True
    assert ccnet_email2.is_active == False
    assert ccnet_email2.is_staff == False

    assert ccnet_api.validate_emailuser(email1, passwd1) == 0
    assert ccnet_api.validate_emailuser(email2, passwd2) == 0

    users = ccnet_api.search_emailusers('DB', email1, -1, -1)
    assert len(users) == 1
    user_ccnet = users[0]
    assert user_ccnet.email == email1

    user_counts = ccnet_api.count_emailusers('DB')
    user_numbers = ccnet_api.get_emailusers('DB', -1, -1)

    ccnet_api.update_emailuser('DB', ccnet_email2.id, passwd2, 1, 1)
    email2_new = ccnet_api.get_emailuser(email2)
    assert email2_new.is_active == True
    assert email2_new.is_staff == True

    #test group when update user id
    id1 = ccnet_api.create_group('group1', email1, parent_group_id=-1)
    assert id1 != -1
    group1 = ccnet_api.get_group(id1)
    assert group1.parent_group_id == -1

    # test shared repo when update user id
    api.share_repo(repo.id, USER, email1, "rw")
    assert api.repo_has_been_shared(repo.id)

    new_email1 = '%s@%s.com' % (randstring(6), randstring(6))
    assert ccnet_api.update_emailuser_id(email1, new_email1) == 0

    shared_users = api.list_repo_shared_to(USER, repo.id)
    assert len(shared_users) == 1
    assert shared_users[0].repo_id == repo.id
    assert shared_users[0].user == new_email1
    assert shared_users[0].perm == "rw"

    api.remove_share(repo.id, USER, new_email1)

    email1_groups = ccnet_api.get_groups(new_email1)
    assert len(email1_groups) == 1
    assert email1_groups[0].id == id1
    rm1 = ccnet_api.remove_group(id1)
    assert rm1 == 0

    ccnet_api.remove_emailuser('DB', new_email1)
    ccnet_api.remove_emailuser('DB', email2)
Exemplo n.º 20
0
    def post(self, request):

        # argument check
        operation = request.data.get('operation', None)
        if not operation:
            error_msg = 'operation invalid.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        # operation could be `share`, `unshare`, `delete`, `transfer`
        # we now only use `share`, `unshare`
        if operation not in ('share', 'unshare'):
            error_msg = 'operation can only be "share", "unshare".'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        result = {}
        result['failed'] = []
        result['success'] = []

        username = request.user.username
        repo_id_list = request.data.getlist('repo_id')
        valid_repo_id_list = []

        # filter out invalid repo id
        for repo_id in repo_id_list:

            if not seafile_api.get_repo(repo_id):
                result['failed'].append({
                    'repo_id': repo_id,
                    'error_msg': 'Library %s not found.' % repo_id
                })
                continue

            repo_owner = get_repo_owner(request, repo_id)
            if repo_owner != username and not is_repo_admin(username, repo_id):
                result['failed'].append({
                    'repo_id': repo_id,
                    'error_msg': 'Permission denied.'
                })
                continue

            valid_repo_id_list.append(repo_id)

        # share repo
        if operation == 'share':

            share_type = request.data.get('share_type', None)
            if not share_type:
                error_msg = 'share_type invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            if share_type not in ('user', 'group'):
                error_msg = 'share_type can only be "user", "group".'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            permission = request.data.get('permission', 'rw')
            if permission not in get_available_repo_perms():
                error_msg = 'permission invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            # share repo to user
            if share_type == 'user':
                to_username = request.data.get('username', None)
                if not to_username:
                    error_msg = 'username invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                try:
                    User.objects.get(email=to_username)
                except User.DoesNotExist:
                    error_msg = 'User %s not found.' % to_username
                    return api_error(status.HTTP_404_NOT_FOUND, error_msg)

                # check if to_user is an org user
                try:
                    org_of_to_user = ccnet_api.get_orgs_by_user(to_username)
                except Exception as e:
                    logger.error(e)
                    org_of_to_user = []

                if is_org_context(request):
                    org_id = request.user.org.org_id
                    org_name = request.user.org.org_name
                    if len(org_of_to_user) == 0 or org_id != org_of_to_user[0].org_id:
                        error_msg = 'User %s is not member of organization %s.' \
                                % (to_username, org_name)
                        return api_error(status.HTTP_403_FORBIDDEN, error_msg)
                else:
                    if len(org_of_to_user) >= 1:
                        error_msg = 'User %s is member of organization %s.' \
                                % (to_username, org_of_to_user[0].org_name)
                        return api_error(status.HTTP_403_FORBIDDEN, error_msg)

                for repo_id in valid_repo_id_list:
                    if self.has_shared_to_user(request, repo_id, to_username):
                        result['failed'].append({
                            'repo_id': repo_id,
                            'error_msg': 'This item has been shared to %s.' % to_username
                            })
                        continue

                    try:
                        org_id = None
                        if is_org_context(request):
                            org_id = request.user.org.org_id
                            seaserv.seafserv_threaded_rpc.org_add_share(org_id,
                                    repo_id, username, to_username, permission)
                        else:
                            seafile_api.share_repo(
                                    repo_id, username, to_username, permission)

                        # send a signal when sharing repo successful
                        repo = seafile_api.get_repo(repo_id)
                        share_repo_to_user_successful.send(sender=None,
                                                           from_user=username,
                                                           to_user=to_username,
                                                           repo=repo, path='/',
                                                           org_id=org_id)

                        result['success'].append({
                            "repo_id": repo_id,
                            "username": to_username,
                            "permission": permission
                        })

                        send_perm_audit_msg('add-repo-perm', username, to_username,
                                            repo_id, '/', permission)
                    except Exception as e:
                        logger.error(e)
                        result['failed'].append({
                            'repo_id': repo_id,
                            'error_msg': 'Internal Server Error'
                            })

            # share repo to group
            if share_type == 'group':
                to_group_id = request.data.get('group_id', None)
                if not to_group_id:
                    error_msg = 'group_id invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                try:
                    to_group_id = int(to_group_id)
                except ValueError:
                    error_msg = 'group_id invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                group = ccnet_api.get_group(to_group_id)
                if not group:
                    error_msg = 'Group %s not found.' % to_group_id
                    return api_error(status.HTTP_404_NOT_FOUND, error_msg)

                group_name = group.group_name
                if not is_group_member(to_group_id, username):
                    error_msg = 'User %s is not member of group %s.' % (username, group_name)
                    return api_error(status.HTTP_403_FORBIDDEN, error_msg)

                for repo_id in valid_repo_id_list:
                    if self.has_shared_to_group(request, repo_id, to_group_id):
                        result['failed'].append({
                            'repo_id': repo_id,
                            'error_msg': 'This item has been shared to %s.' % group_name
                            })
                        continue

                    try:
                        org_id = None
                        if is_org_context(request):
                            org_id = request.user.org.org_id
                            seafile_api.add_org_group_repo(
                                    repo_id, org_id, to_group_id, username, permission)
                        else:
                            seafile_api.set_group_repo(
                                    repo_id, to_group_id, username, permission)

                        # send a signal when sharing repo successful
                        repo = seafile_api.get_repo(repo_id)
                        share_repo_to_group_successful.send(sender=None,
                                                            from_user=username,
                                                            group_id=to_group_id,
                                                            repo=repo, path='/',
                                                            org_id=org_id)

                        result['success'].append({
                            "repo_id": repo_id,
                            "group_id": to_group_id,
                            "group_name": group_name,
                            "permission": permission
                        })

                        send_perm_audit_msg('add-repo-perm', username, to_group_id,
                                            repo_id, '/', permission)

                    except SearpcError as e:
                        logger.error(e)
                        result['failed'].append({
                            'repo_id': repo_id,
                            'error_msg': 'Internal Server Error'
                            })

        # unshare repo
        if operation == 'unshare':

            share_type = request.data.get('share_type', None)
            if not share_type:
                error_msg = 'share_type invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            if share_type not in ('user', 'group'):
                error_msg = 'share_type can only be "user", "group".'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            # unshare repo from user
            if share_type == 'user':
                to_username = request.data.get('username', None)
                if not to_username:
                    error_msg = 'username invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                for repo_id in valid_repo_id_list:

                    if not self.has_shared_to_user(request, repo_id, to_username):
                        result['failed'].append({
                            'repo_id': repo_id,
                            'error_msg': 'This item has not been shared to %s.' % to_username
                            })
                        continue

                    repo_owner = get_repo_owner(request, repo_id)
                    try:
                        # get share permission before unshare operation
                        permission = check_user_share_out_permission(repo_id,
                                '/', to_username, is_org_context(request))

                        if is_org_context(request):
                            # when calling seafile API to share authority related functions, change the uesrname to repo owner.
                            org_id = request.user.org.org_id
                            seafile_api.org_remove_share(org_id, repo_id, repo_owner, to_username)
                        else:
                            seafile_api.remove_share(repo_id, repo_owner, to_username)

                        # Delete share permission at ExtraSharePermission table.
                        ExtraSharePermission.objects.delete_share_permission(repo_id,
                                to_username)

                        # send message
                        send_perm_audit_msg('delete-repo-perm', username,
                                to_username, repo_id, '/', permission)

                        result['success'].append({
                            "repo_id": repo_id,
                            "username": to_username,
                        })
                    except Exception as e:
                        logger.error(e)
                        result['failed'].append({
                            'repo_id': repo_id,
                            'error_msg': 'Internal Server Error'
                        })

            # unshare repo from group
            if share_type == 'group':
                to_group_id = request.data.get('group_id', None)
                if not to_group_id:
                    error_msg = 'group_id invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                try:
                    to_group_id = int(to_group_id)
                except ValueError:
                    error_msg = 'group_id invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                group = ccnet_api.get_group(to_group_id)
                group_name = group.group_name if group else ''

                for repo_id in valid_repo_id_list:
                    if not self.has_shared_to_group(request, repo_id, to_group_id):
                        result['failed'].append({
                            'repo_id': repo_id,
                            'error_msg': 'This item has not been shared to %s.' % group_name
                        })
                        continue

                    try:
                        # get share permission before unshare operation
                        permission = check_group_share_out_permission(repo_id,
                                '/', to_group_id, is_org_context(request))

                        org_id = None
                        if is_org_context(request):
                            org_id = request.user.org.org_id
                            seafile_api.del_org_group_repo(repo_id, org_id, to_group_id)
                        else:
                            seafile_api.unset_group_repo(
                                    repo_id, to_group_id, username)

                        # Delete share permission at ExtraSharePermission table.
                        ExtraGroupsSharePermission.objects.delete_share_permission(repo_id,
                                to_group_id)

                        # send message
                        send_perm_audit_msg('delete-repo-perm', username,
                                to_group_id, repo_id, '/', permission)

                        result['success'].append({
                            "repo_id": repo_id,
                            "group_id": to_group_id,
                            "group_name": group_name,
                        })
                    except SearpcError as e:
                        logger.error(e)
                        result['failed'].append({
                            'repo_id': repo_id,
                            'error_msg': 'Internal Server Error'
                        })

        return Response(result)
Exemplo n.º 21
0
    def delete(self, request, repo, path, share_type):
        """ Delete user/group share permission.

        Permission checking:
        1. admin user.
        """

        # current `request.user.username` is admin user,
        # so need to identify the repo owner specifically.
        repo_owner = seafile_api.get_repo_owner(repo.repo_id)
        username = request.user.username

        share_to = request.data.get('share_to', None)

        if share_type == 'user':
            email = share_to
            if not email or not is_valid_username(email):
                error_msg = 'email %s invalid.' % email
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            if not has_shared_to_user(repo.repo_id, path, email):
                error_msg = 'Shared items not found'
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            try:
                permission = check_user_share_out_permission(
                    repo.repo_id, path, email)

                if path == '/':
                    seafile_api.remove_share(repo.repo_id, repo_owner, email)
                else:
                    seafile_api.unshare_subdir_for_user(
                        repo.repo_id, path, repo_owner, email)

                if path == '/':
                    ExtraSharePermission.objects.delete_share_permission(
                        repo.repo_id, email)
                send_perm_audit_msg('delete-repo-perm', username, email,
                                    repo.repo_id, path, permission)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

        if share_type == 'group':
            group_id = share_to
            try:
                group_id = int(group_id)
            except ValueError:
                error_msg = 'group_id %s invalid' % group_id
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            if not has_shared_to_group(repo.repo_id, path, group_id):
                error_msg = 'Shared items not found'
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            try:

                permission = check_group_share_out_permission(
                    repo.repo_id, path, group_id)

                if path == '/':
                    seafile_api.unset_group_repo(repo.repo_id, group_id,
                                                 repo_owner)
                else:
                    seafile_api.unshare_subdir_for_group(
                        repo.repo_id, path, repo_owner, group_id)

                if path == '/':
                    ExtraGroupsSharePermission.objects.delete_share_permission(
                        repo.repo_id, group_id)

                send_perm_audit_msg('delete-repo-perm', username, group_id,
                                    repo.repo_id, path, permission)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

        return Response({'success': True})
Exemplo n.º 22
0
    def get(self, request, format=None):
        """ List all shared out repos.

        Permission checking:
        1. all authenticated user can perform this action.
        """

        shared_repos = []
        username = request.user.username
        try:
            if is_org_context(request):
                org_id = request.user.org.org_id
                shared_repos += seafile_api.get_org_share_out_repo_list(
                    org_id, username, -1, -1)
                shared_repos += seaserv.seafserv_threaded_rpc.get_org_group_repos_by_owner(
                    org_id, username)
                shared_repos += seaserv.seafserv_threaded_rpc.list_org_inner_pub_repos_by_owner(
                    org_id, username)
            else:
                shared_repos += seafile_api.get_share_out_repo_list(
                    username, -1, -1)
                shared_repos += seafile_api.get_group_repos_by_owner(username)
                if not request.cloud_mode:
                    shared_repos += seafile_api.list_inner_pub_repos_by_owner(
                        username)
        except Exception as e:
            logger.error(e)
            error_msg = 'Internal Server Error'
            return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

        returned_result = []
        shared_repos.sort(lambda x, y: cmp(x.repo_name, y.repo_name))
        usernames = []
        gids = []
        for repo in shared_repos:
            if repo.is_virtual:
                continue

            result = {}
            result['repo_id'] = repo.repo_id
            result['repo_name'] = repo.repo_name
            result['share_type'] = repo.share_type
            result['share_permission'] = repo.permission
            result['modifier_email'] = repo.last_modifier
            result['modifier_name'] = email2nickname(repo.last_modifier)
            result['modifier_contact_email'] = email2contact_email(
                repo.last_modifier)

            if repo.share_type == 'personal':
                try:
                    User.objects.get(email=repo.user)
                except User.DoesNotExist:
                    seafile_api.remove_share(repo.repo_id, username, repo.user)
                    continue

                result['user_name'] = email2nickname(repo.user)
                result['user_email'] = repo.user
                result[
                    'contact_email'] = Profile.objects.get_contact_email_by_user(
                        repo.user)
                usernames.append((repo.repo_id, repo.user))

            if repo.share_type == 'group':
                group = ccnet_api.get_group(repo.group_id)
                if not group:
                    if is_org_context(request):
                        seafile_api.del_org_group_repo(repo.repo_id, org_id,
                                                       repo.group_id)
                    else:
                        seafile_api.unset_group_repo(repo.repo_id,
                                                     repo.group_id, username)
                    continue

                result['group_id'] = repo.group_id
                result['group_name'] = group.group_name
                gids.append(repo.group_id)

            returned_result.append(result)

        user_admins = ExtraSharePermission.objects.batch_is_admin(usernames)
        group_admins = ExtraGroupsSharePermission.objects.batch_get_repos_with_admin_permission(
            gids)
        for result in returned_result:
            if result['share_type'] == 'group':
                result['is_admin'] = (result['repo_id'],
                                      result['group_id']) in group_admins
            elif result['share_type'] == 'personal':
                result['is_admin'] = (result['repo_id'],
                                      result['user_email']) in user_admins

        return Response(returned_result)
Exemplo n.º 23
0
    def delete(self, request, repo_id, format=None):
        """ Unshare a repo.

        Permission checking:
        1. Only repo owner can unshare a library.
        """

        # argument check
        share_type = request.GET.get('share_type', None)
        if not share_type:
            error_msg = 'share_type invalid.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        if share_type not in ('personal', 'group', 'public'):
            error_msg = "share_type can only be 'personal' or 'group' or 'public'."
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        # resource check
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            return api_error(status.HTTP_404_NOT_FOUND,
                             'Library %s not found.' % repo_id)

        # permission check
        username = request.user.username
        if is_org_context(request):
            repo_owner = seafile_api.get_org_repo_owner(repo_id)
        else:
            repo_owner = seafile_api.get_repo_owner(repo_id)

        if username != repo_owner:
            error_msg = 'Permission denied.'
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)

        # delete share
        org_id = None
        is_org = False
        if is_org_context(request):
            org_id = request.user.org.org_id
            is_org = True

        if share_type == 'personal':
            user = request.GET.get('user', None)
            if not user or not is_valid_username(user):
                error_msg = 'user invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            permission = check_user_share_out_permission(
                repo_id, '/', user, is_org)

            try:
                if org_id:
                    seafile_api.org_remove_share(org_id, repo_id, username,
                                                 user)
                else:
                    seafile_api.remove_share(repo_id, username, user)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

            send_perm_audit_msg('delete-repo-perm', username, user, repo_id,
                                '/', permission)

        if share_type == 'group':
            group_id = request.GET.get('group_id', None)
            if not group_id:
                error_msg = 'group_id invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            try:
                group_id = int(group_id)
            except ValueError:
                error_msg = 'group_id must be integer.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            permission = check_group_share_out_permission(
                repo_id, '/', group_id, is_org)

            try:
                if is_org:
                    seaserv.del_org_group_repo(repo_id, org_id, group_id)
                else:
                    seafile_api.unset_group_repo(repo_id, group_id, username)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

            send_perm_audit_msg('delete-repo-perm', username, group_id,
                                repo_id, '/', permission)

        if share_type == 'public':
            pub_repos = []
            if org_id:
                pub_repos = seaserv.list_org_inner_pub_repos(org_id, username)

            if not request.cloud_mode:
                pub_repos = seaserv.list_inner_pub_repos(username)

            try:
                if org_id:
                    seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(
                        org_id, repo_id)
                else:
                    seafile_api.remove_inner_pub_repo(repo_id)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

            permission = ''
            for repo in pub_repos:
                if repo.repo_id == repo_id:
                    permission = repo.permission
                    break

            if permission:
                send_perm_audit_msg('delete-repo-perm', username, 'all',
                                    repo_id, '/', permission)

        return Response({'success': True})
Exemplo n.º 24
0
    def post(self, request):

        # argument check
        operation = request.data.get('operation', None)
        if not operation:
            error_msg = 'operation invalid.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        # operation could be `share`, `unshare`, `delete`, `transfer`
        # we now only use `share`, `unshare`
        if operation not in ('share', 'unshare'):
            error_msg = 'operation can only be "share", "unshare".'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        result = {}
        result['failed'] = []
        result['success'] = []

        username = request.user.username
        repo_id_list = request.data.getlist('repo_id')
        valid_repo_id_list = []

        # filter out invalid repo id
        for repo_id in repo_id_list:

            if not seafile_api.get_repo(repo_id):
                result['failed'].append({
                    'repo_id':
                    repo_id,
                    'error_msg':
                    'Library %s not found.' % repo_id
                })
                continue

            repo_owner = get_repo_owner(request, repo_id)
            if repo_owner != username and not is_repo_admin(username, repo_id):
                result['failed'].append({
                    'repo_id': repo_id,
                    'error_msg': 'Permission denied.'
                })
                continue

            valid_repo_id_list.append(repo_id)

        # share repo
        if operation == 'share':

            share_type = request.data.get('share_type', None)
            if not share_type:
                error_msg = 'share_type invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            if share_type not in ('user', 'group'):
                error_msg = 'share_type can only be "user", "group".'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            permission = request.data.get('permission', 'rw')
            if permission not in [
                    PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN
            ]:
                error_msg = 'permission invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            # share repo to user
            if share_type == 'user':
                to_username = request.data.get('username', None)
                if not to_username:
                    error_msg = 'username invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                try:
                    User.objects.get(email=to_username)
                except User.DoesNotExist:
                    error_msg = 'User %s not found.' % to_username
                    return api_error(status.HTTP_404_NOT_FOUND, error_msg)

                # check if to_user is an org user
                try:
                    org_of_to_user = ccnet_api.get_orgs_by_user(to_username)
                except Exception as e:
                    logger.error(e)
                    org_of_to_user = []

                if is_org_context(request):
                    org_id = request.user.org.org_id
                    org_name = request.user.org.org_name
                    if len(org_of_to_user
                           ) == 0 or org_id != org_of_to_user[0].org_id:
                        error_msg = 'User %s is not member of organization %s.' \
                                % (to_username, org_name)
                        return api_error(status.HTTP_403_FORBIDDEN, error_msg)
                else:
                    if len(org_of_to_user) >= 1:
                        error_msg = 'User %s is member of organization %s.' \
                                % (to_username, org_of_to_user[0].org_name)
                        return api_error(status.HTTP_403_FORBIDDEN, error_msg)

                for repo_id in valid_repo_id_list:
                    if self.has_shared_to_user(request, repo_id, to_username):
                        result['failed'].append({
                            'repo_id':
                            repo_id,
                            'error_msg':
                            'This item has been shared to %s.' % to_username
                        })
                        continue

                    try:
                        org_id = None
                        if is_org_context(request):
                            org_id = request.user.org.org_id
                            seaserv.seafserv_threaded_rpc.org_add_share(
                                org_id, repo_id, username, to_username,
                                permission)
                        else:
                            seafile_api.share_repo(repo_id, username,
                                                   to_username, permission)

                        # send a signal when sharing repo successful
                        repo = seafile_api.get_repo(repo_id)
                        share_repo_to_user_successful.send(sender=None,
                                                           from_user=username,
                                                           to_user=to_username,
                                                           repo=repo,
                                                           path='/',
                                                           org_id=org_id)

                        result['success'].append({
                            "repo_id": repo_id,
                            "username": to_username,
                            "permission": permission
                        })

                        send_perm_audit_msg('add-repo-perm', username,
                                            to_username, repo_id, '/',
                                            permission)
                    except Exception as e:
                        logger.error(e)
                        result['failed'].append({
                            'repo_id':
                            repo_id,
                            'error_msg':
                            'Internal Server Error'
                        })

            # share repo to group
            if share_type == 'group':
                to_group_id = request.data.get('group_id', None)
                if not to_group_id:
                    error_msg = 'group_id invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                try:
                    to_group_id = int(to_group_id)
                except ValueError:
                    error_msg = 'group_id invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                group = ccnet_api.get_group(to_group_id)
                if not group:
                    error_msg = 'Group %s not found.' % to_group_id
                    return api_error(status.HTTP_404_NOT_FOUND, error_msg)

                group_name = group.group_name
                if not is_group_member(to_group_id, username):
                    error_msg = 'User %s is not member of group %s.' % (
                        username, group_name)
                    return api_error(status.HTTP_403_FORBIDDEN, error_msg)

                for repo_id in valid_repo_id_list:
                    if self.has_shared_to_group(request, repo_id, to_group_id):
                        result['failed'].append({
                            'repo_id':
                            repo_id,
                            'error_msg':
                            'This item has been shared to %s.' % group_name
                        })
                        continue

                    try:
                        org_id = None
                        if is_org_context(request):
                            org_id = request.user.org.org_id
                            seafile_api.add_org_group_repo(
                                repo_id, org_id, to_group_id, username,
                                permission)
                        else:
                            seafile_api.set_group_repo(repo_id, to_group_id,
                                                       username, permission)

                        # send a signal when sharing repo successful
                        repo = seafile_api.get_repo(repo_id)
                        share_repo_to_group_successful.send(
                            sender=None,
                            from_user=username,
                            group_id=to_group_id,
                            repo=repo,
                            path='/',
                            org_id=org_id)

                        result['success'].append({
                            "repo_id": repo_id,
                            "group_id": to_group_id,
                            "group_name": group_name,
                            "permission": permission
                        })

                        send_perm_audit_msg('add-repo-perm', username,
                                            to_group_id, repo_id, '/',
                                            permission)

                    except SearpcError as e:
                        logger.error(e)
                        result['failed'].append({
                            'repo_id':
                            repo_id,
                            'error_msg':
                            'Internal Server Error'
                        })

        # unshare repo
        if operation == 'unshare':

            share_type = request.data.get('share_type', None)
            if not share_type:
                error_msg = 'share_type invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            if share_type not in ('user', 'group'):
                error_msg = 'share_type can only be "user", "group".'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            # unshare repo from user
            if share_type == 'user':
                to_username = request.data.get('username', None)
                if not to_username:
                    error_msg = 'username invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                for repo_id in valid_repo_id_list:

                    if not self.has_shared_to_user(request, repo_id,
                                                   to_username):
                        result['failed'].append({
                            'repo_id':
                            repo_id,
                            'error_msg':
                            'This item has not been shared to %s.' %
                            to_username
                        })
                        continue

                    repo_owner = get_repo_owner(request, repo_id)
                    try:
                        # get share permission before unshare operation
                        permission = check_user_share_out_permission(
                            repo_id, '/', to_username, is_org_context(request))

                        if is_org_context(request):
                            # when calling seafile API to share authority related functions, change the uesrname to repo owner.
                            org_id = request.user.org.org_id
                            seafile_api.org_remove_share(
                                org_id, repo_id, repo_owner, to_username)
                        else:
                            seafile_api.remove_share(repo_id, repo_owner,
                                                     to_username)

                        # Delete share permission at ExtraSharePermission table.
                        ExtraSharePermission.objects.delete_share_permission(
                            repo_id, to_username)

                        # send message
                        send_perm_audit_msg('delete-repo-perm', username,
                                            to_username, repo_id, '/',
                                            permission)

                        result['success'].append({
                            "repo_id": repo_id,
                            "username": to_username,
                        })
                    except Exception as e:
                        logger.error(e)
                        result['failed'].append({
                            'repo_id':
                            repo_id,
                            'error_msg':
                            'Internal Server Error'
                        })

            # unshare repo from group
            if share_type == 'group':
                to_group_id = request.data.get('group_id', None)
                if not to_group_id:
                    error_msg = 'group_id invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                try:
                    to_group_id = int(to_group_id)
                except ValueError:
                    error_msg = 'group_id invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                group = ccnet_api.get_group(to_group_id)
                group_name = group.group_name if group else ''

                for repo_id in valid_repo_id_list:
                    if not self.has_shared_to_group(request, repo_id,
                                                    to_group_id):
                        result['failed'].append({
                            'repo_id':
                            repo_id,
                            'error_msg':
                            'This item has not been shared to %s.' % group_name
                        })
                        continue

                    try:
                        # get share permission before unshare operation
                        permission = check_group_share_out_permission(
                            repo_id, '/', to_group_id, is_org_context(request))

                        org_id = None
                        if is_org_context(request):
                            org_id = request.user.org.org_id
                            seafile_api.del_org_group_repo(
                                repo_id, org_id, to_group_id)
                        else:
                            seafile_api.unset_group_repo(
                                repo_id, to_group_id, username)

                        # Delete share permission at ExtraSharePermission table.
                        ExtraGroupsSharePermission.objects.delete_share_permission(
                            repo_id, to_group_id)

                        # send message
                        send_perm_audit_msg('delete-repo-perm', username,
                                            to_group_id, repo_id, '/',
                                            permission)

                        result['success'].append({
                            "repo_id": repo_id,
                            "group_id": to_group_id,
                            "group_name": group_name,
                        })
                    except SearpcError as e:
                        logger.error(e)
                        result['failed'].append({
                            'repo_id':
                            repo_id,
                            'error_msg':
                            'Internal Server Error'
                        })

        return Response(result)
Exemplo n.º 25
0
    def delete(self, request, repo_id, format=None):
        """ Unshare a repo.

        Permission checking:
        1. Only repo owner can unshare a library.
        """

        # argument check
        share_type = request.GET.get('share_type', None)
        if not share_type:
            error_msg = 'share_type invalid.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        if share_type not in ('personal', 'group', 'public'):
            error_msg = "share_type can only be 'personal' or 'group' or 'public'."
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        # resource check
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id)

        # permission check
        username = request.user.username
        if is_org_context(request):
            repo_owner = seafile_api.get_org_repo_owner(repo_id)
        else:
            repo_owner = seafile_api.get_repo_owner(repo_id)

        if username != repo_owner:
            error_msg = 'Permission denied.'
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)

        # delete share
        org_id = None
        if is_org_context(request):
            org_id = request.user.org.org_id

        if share_type == 'personal':
            user = request.GET.get('user', None)
            if not user or not is_valid_username(user):
                error_msg = 'user invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            # if user not found, permission will be None
            permission = seafile_api.check_permission_by_path(
                    repo_id, '/', user)

            try:
                if org_id:
                    seafile_api.org_remove_share(org_id, repo_id,
                                                 username, user)
                else:
                    seafile_api.remove_share(repo_id, username, user)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

            send_perm_audit_msg('delete-repo-perm', username, user,
                    repo_id, '/', permission)

        if share_type == 'group':
            group_id = request.GET.get('group_id', None)
            if not group_id:
                error_msg = 'group_id invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            try:
                group_id = int(group_id)
            except ValueError:
                error_msg = 'group_id must be integer.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            # hacky way to get group repo permission
            permission = ''
            if org_id:
                for e in seafile_api.list_org_repo_shared_group(
                        org_id, username, repo_id):
                    if e.group_id == group_id:
                        permission = e.perm
                        break
            else:
                for e in seafile_api.list_repo_shared_group_by_user(username, repo_id):
                    if e.group_id == group_id:
                        permission = e.perm
                        break

            try:
                if org_id:
                    seaserv.del_org_group_repo(repo_id, org_id, group_id)
                else:
                    seafile_api.unset_group_repo(repo_id, group_id, username)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

            send_perm_audit_msg('delete-repo-perm', username, group_id,
                                repo_id, '/', permission)

        if share_type == 'public':
            pub_repos = []
            if org_id:
                pub_repos = seaserv.list_org_inner_pub_repos(org_id, username)

            if not request.cloud_mode:
                pub_repos = seaserv.list_inner_pub_repos(username)

            try:
                if org_id:
                    seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id, repo_id)
                else:
                    seafile_api.remove_inner_pub_repo(repo_id)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

            permission = ''
            for repo in pub_repos:
                if repo.repo_id == repo_id:
                    permission = repo.permission
                    break

            if permission:
                send_perm_audit_msg('delete-repo-perm', username, 'all', repo_id, '/', permission)

        return Response({'success': True})
Exemplo n.º 26
0
    def delete(self, request, repo, path, share_type):
        """ Delete user/group share permission.

        Permission checking:
        1. admin user.
        """

        # current `request.user.username` is admin user,
        # so need to identify the repo owner specifically.
        repo_owner = seafile_api.get_repo_owner(repo.repo_id)
        username = request.user.username

        share_to = request.data.get('share_to', None)

        if share_type == 'user':
            email = share_to
            if not email or not is_valid_username(email):
                error_msg = 'email %s invalid.' % email
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            if not has_shared_to_user(repo.repo_id, path, email):
                error_msg = 'Shared items not found'
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            try:
                permission = check_user_share_out_permission(repo.repo_id, path, email)

                if path == '/':
                    seafile_api.remove_share(repo.repo_id, repo_owner, email)
                else:
                    seafile_api.unshare_subdir_for_user(
                            repo.repo_id, path, repo_owner, email)

                if path == '/':
                    ExtraSharePermission.objects.delete_share_permission(repo.repo_id, 
                                                                         email)
                send_perm_audit_msg('delete-repo-perm', username, email,
                                    repo.repo_id, path, permission)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

        if share_type == 'group':
            group_id = share_to
            try:
                group_id = int(group_id)
            except ValueError:
                error_msg = 'group_id %s invalid' % group_id
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            if not has_shared_to_group(repo.repo_id, path, group_id):
                error_msg = 'Shared items not found'
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            try:

                permission = check_group_share_out_permission(repo.repo_id, path, group_id)

                if path == '/':
                    seafile_api.unset_group_repo(repo.repo_id, group_id, repo_owner)
                else:
                    seafile_api.unshare_subdir_for_group(
                            repo.repo_id, path, repo_owner, group_id)

                if path == '/':
                    ExtraGroupsSharePermission.objects.delete_share_permission(repo.repo_id, 
                                                                               group_id)

                send_perm_audit_msg('delete-repo-perm', username, group_id,
                                    repo.repo_id, path, permission)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

        return Response({'success': True})