def delete(self, request, repo_id, org_id, format=None): """ User delete a repo shared to him/her. """ repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not check_folder_permission(request, repo_id, '/'): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) username = request.user.username repo_owner = get_repo_owner(request, repo_id) try: if org_id: is_org = True seafile_api.org_remove_share(org_id, repo_id, repo_owner, username) else: is_org = False seafile_api.remove_share(repo_id, repo_owner, username) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) permission = check_user_share_in_permission(repo_id, username, is_org) send_perm_audit_msg('delete-repo-perm', repo_owner, username, repo_id, '/', permission) return Response({'success': True})
def delete(self, request, repo_id): repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check permission username = request.user.username repo_owner = get_repo_owner(request, repo_id) if username != repo_owner: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check repo status repo_status = repo.status if repo_status != 0: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) org_id = None if is_org_context(request): org_id = request.user.org.org_id # remove repo seafile_api.remove_repo(repo_id) repo_deleted.send(sender=None, org_id=org_id, operator=username, repo_owner=repo_owner, repo_id=repo_id, repo_name=repo.name) return Response('success', status=status.HTTP_200_OK)
def delete(self, request, repo_id, org_id, format=None): """ Delete repo user share permission. Permission checking: 1. is group admin """ # parameter check to_user = request.data.get('username', None) if not to_user: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) path = request.data.get('path', '/') SeafileAPI.delete_shared_user_by_repo_path( repo_id, repo_owner, to_user, path, org_id=org_id) permission = check_user_share_out_permission(repo_id, path, to_user, is_org_context(request)) send_perm_audit_msg('delete-repo-perm', username, to_user, repo_id, path, permission) return Response({'success': True})
def get(self, request, repo_id): """ List repo user share info. Permission checking: 1. is group admin """ # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = request.GET.get('path', '/') if not seafile_api.get_dir_id_by_path(repo_id, path): error_msg = 'Folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) result = self.list_user_shared_items(request, repo_id, path) return Response(result)
def get(self, request, repo_id, format=None): """ Get all file/folder in a library """ repo = seafile_api.get_repo(repo_id) parent_dir = request.GET.get('parent_dir', '/') parent_dir = normalize_dir_path(parent_dir) dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir) if not dir_id: error_msg = 'Folder %s not found.' % parent_dir return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) try: dirs = seafile_api.list_dir_with_perm(repo_id, parent_dir, dir_id, repo_owner, -1, -1) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return_results = {} return_results['repo_name'] = repo.repo_name return_results['repo_id'] = repo.repo_id return_results['is_system_library'] = True if \ repo.id == get_system_default_repo_id() else False return_results['dirent_list'] = [] for dirent in dirs: dirent_info = get_dirent_info(dirent) return_results['dirent_list'].append(dirent_info) return Response(return_results)
def sys_repo_delete(request, repo_id): """Delete a repo. """ next_page = request.META.get('HTTP_REFERER', None) if not next_page: next_page = HASH_URLS['SYS_REPO_ADMIN'] if get_system_default_repo_id() == repo_id: messages.error(request, _('System library can not be deleted.')) return HttpResponseRedirect(next_page) repo = seafile_api.get_repo(repo_id) if repo: # Handle the case that repo is `None`. repo_name = repo.name else: repo_name = '' repo_owner = get_repo_owner(request, repo_id) try: org_id = seafile_api.get_org_id_by_repo_id(repo_id) usernames = get_related_users_by_repo(repo_id, org_id if org_id and org_id > 0 else None) except Exception as e: logger.error(e) org_id = -1 usernames = [] seafile_api.remove_repo(repo_id) repo_deleted.send(sender=None, org_id=org_id, operator=request.user.username, usernames=usernames, repo_owner=repo_owner, repo_id=repo_id, repo_name=repo_name) messages.success(request, _('Successfully deleted.')) return HttpResponseRedirect(next_page)
def get_group_repo_info(request, group_repo): group_id = group_repo.group_id repo_id = group_repo.repo_id is_admin = ExtraGroupsSharePermission.objects.get_group_permission( repo_id, group_id) group_repo_info = {} group_repo_info['repo_id'] = repo_id group_repo_info['repo_name'] = group_repo.name group_repo_info['mtime'] = timestamp_to_isoformat_timestr( group_repo.last_modified) group_repo_info['permission'] = group_repo.permission group_repo_info['size'] = group_repo.size group_repo_info['encrypted'] = group_repo.encrypted group_repo_info['is_admin'] = True if is_admin else False repo_owner = get_repo_owner(request, repo_id) group_repo_info['owner_email'] = repo_owner group_repo_info['owner_name'] = email2nickname(repo_owner) group_repo_info['owner_contact_name'] = email2contact_email(repo_owner) modifier = group_repo.last_modifier group_repo_info['modifier_email'] = modifier group_repo_info['modifier_name'] = email2nickname(modifier) group_repo_info['modifier_contact_email'] = email2contact_email(modifier) return group_repo_info
def post(self, request, repo_id, format=None): """Post a comments of a file. """ # argument check path = request.GET.get('p', '/').rstrip('/') if not path: return api_error(status.HTTP_400_BAD_REQUEST, 'Wrong path.') comment = request.data.get('comment', '') if not comment: return api_error(status.HTTP_400_BAD_REQUEST, 'Comment can not be empty.') try: avatar_size = int(request.GET.get('avatar_size', AVATAR_DEFAULT_SIZE)) except ValueError: avatar_size = AVATAR_DEFAULT_SIZE # resource check try: file_id = seafile_api.get_file_id_by_path(repo_id, path) except SearpcError as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error') if not file_id: return api_error(status.HTTP_404_NOT_FOUND, 'File not found.') # permission check if check_folder_permission(request, repo_id, '/') is None: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') detail = request.data.get('detail', '') username = request.user.username file_comment = FileComment.objects.add_by_file_path( repo_id=repo_id, file_path=path, author=username, comment=comment, detail=detail) repo = seafile_api.get_repo(repo_id) repo_owner = get_repo_owner(request, repo.id) if is_draft_file(repo_id, path): draft = Draft.objects.filter(origin_repo_id=repo_id, draft_file_path=path) if draft: draft = draft[0] comment_draft_successful.send(sender=None, draft=draft, comment=comment, author=username) else: Draft.DoesNotExist else: comment_file_successful.send(sender=None, repo=repo, repo_owner=repo_owner, file_path=path, comment=comment, author=username) comment = file_comment.to_dict() comment.update(user_to_dict(username, request=request, avatar_size=avatar_size)) return Response(comment, status=201)
def put(self, request, repo_id, org_id, format=None): """ Update repo group share permission. Permission checking: 1. is group admin """ # parameter check to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) permission = request.data.get('permission', PERMISSION_READ) if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]: error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not ccnet_api.get_group(to_group_id): error_msg = 'Group %s not found.' % to_group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = request.data.get('path', '/') if not seafile_api.get_dir_id_by_path(repo_id, path): error_msg = 'Folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) update_group_dir_permission( repo_id, path, repo_owner, to_group_id, permission, org_id) send_perm_audit_msg('modify-repo-perm', username, to_group_id, repo_id, path, permission) return Response({'success': True})
def post(self, request, repo_id): """ Only used for reset encrypted repo's password, and then send new password to user's mainbox. Permission checking: 1. repo owner. """ if not ENABLE_RESET_ENCRYPTED_REPO_PASSWORD or \ not IS_EMAIL_CONFIGURED: error_msg = _('Feature disabled.') return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not repo.encrypted: error_msg = 'Library %s is not encrypted.' % repo_id return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check username = request.user.username repo_owner = get_repo_owner(request, repo_id) if '@seafile_group' in repo_owner: group_id = email2nickname(repo_owner) if not ccnet_api.check_group_staff(int(group_id), username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if username != repo_owner: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) secret_key = RepoSecretKey.objects.get_secret_key(repo_id) if not secret_key: error_msg = _("Can not reset this library's password.") return api_error(HTTP_520_OPERATION_FAILED, error_msg) new_password = get_random_string(10) try: seafile_api.reset_repo_passwd(repo_id, username, secret_key, new_password) content = {'repo_name': repo.name, 'password': new_password} send_html_email( _('New password of library %s') % repo.name, 'snippets/reset_repo_password.html', content, None, [email2contact_email(username)]) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'success': True})
def get(self, request, repo_id): """ Return repo info Permission checking: 1. all authenticated user can perform this action. """ # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check permission = check_folder_permission(request, repo_id, '/') if permission is None: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) username = request.user.username lib_need_decrypt = False if repo.encrypted \ and not seafile_api.is_password_set(repo.id, username): lib_need_decrypt = True repo_owner = get_repo_owner(request, repo_id) try: has_been_shared_out = repo_has_been_shared_out(request, repo_id) except Exception as e: has_been_shared_out = False logger.error(e) result = { "repo_id": repo.id, "repo_name": repo.name, "owner_email": repo_owner, "owner_name": email2nickname(repo_owner), "owner_contact_email": email2contact_email(repo_owner), "size": repo.size, "encrypted": repo.encrypted, "file_count": repo.file_count, "permission": permission, "no_quota": True if seafile_api.check_quota(repo_id) < 0 else False, "is_admin": is_repo_admin(username, repo_id), "is_virtual": repo.is_virtual, "has_been_shared_out": has_been_shared_out, "lib_need_decrypt": lib_need_decrypt, "last_modified": timestamp_to_isoformat_timestr(repo.last_modify), "status": normalize_repo_status_code(repo.status), } return Response(result)
def get(self, request, repo_id): """ Return repo info Permission checking: 1. all authenticated user can perform this action. """ # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check permission = check_folder_permission(request, repo_id, '/') if permission is None: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) username = request.user.username lib_need_decrypt = False if repo.encrypted \ and not seafile_api.is_password_set(repo.id, username): lib_need_decrypt = True repo_owner = get_repo_owner(request, repo_id) try: has_been_shared_out = repo_has_been_shared_out(request, repo_id) except Exception as e: has_been_shared_out = False logger.error(e) result = { "repo_id": repo.id, "repo_name": repo.name, "owner_email": repo_owner, "owner_name": email2nickname(repo_owner), "owner_contact_email": email2contact_email(repo_owner), "size": repo.size, "encrypted": repo.encrypted, "file_count": repo.file_count, "permission": permission, "no_quota": True if seafile_api.check_quota(repo_id) < 0 else False, "is_admin": is_repo_admin(username, repo_id), "is_virtual": repo.is_virtual, "has_been_shared_out": has_been_shared_out, "lib_need_decrypt": lib_need_decrypt, "last_modified": timestamp_to_isoformat_timestr(repo.last_modify), } return Response(result)
def post(self, request, repo_id, format=None): """Post a comments of a file. """ # argument check path = request.GET.get('p', '/').rstrip('/') if not path: return api_error(status.HTTP_400_BAD_REQUEST, 'Wrong path.') comment = request.data.get('comment', '') if not comment: return api_error(status.HTTP_400_BAD_REQUEST, 'Comment can not be empty.') try: avatar_size = int(request.GET.get('avatar_size', AVATAR_DEFAULT_SIZE)) except ValueError: avatar_size = AVATAR_DEFAULT_SIZE # resource check try: file_id = seafile_api.get_file_id_by_path(repo_id, path) except SearpcError as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal error.') if not file_id: return api_error(status.HTTP_404_NOT_FOUND, 'File not found.') # permission check if check_folder_permission(request, repo_id, '/') is None: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') detail = request.data.get('detail', '') username = request.user.username file_comment = FileComment.objects.add_by_file_path( repo_id=repo_id, file_path=path, author=username, comment=comment, detail=detail) repo = seafile_api.get_repo(repo_id) repo_owner = get_repo_owner(request, repo.id) if is_draft_file(repo_id, path): draft = Draft.objects.get(origin_repo_id=repo_id, draft_file_path=path) comment_draft_successful.send(sender=None, draft=draft, comment=comment, author=username) else: comment_file_successful.send(sender=None, repo=repo, repo_owner=repo_owner, file_path=path, comment=comment, author=username) comment = file_comment.to_dict() comment.update(user_to_dict(username, request=request, avatar_size=avatar_size)) return Response(comment, status=201)
def get(self, request, group_id): """ List group repo contents currently one group -> one workspace -> one repo """ group_id = int(group_id) try: group = ccnet_api.get_group(group_id) except Exception as e: logging.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error.') if not group: error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) owner = '%s@seafile_group' % group_id workspace = Workspaces.objects.get_workspace_by_owner(owner) if not workspace: error_msg = 'Workspace not found.' return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_id = workspace.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) parent_dir = request.GET.get('parent_dir', '/') dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir) if not dir_id: error_msg = 'Folder %s not found.' % parent_dir return api_error(status.HTTP_404_NOT_FOUND, error_msg) # dtable's repo_owner if always 'dtable@seafile', not same as workspace and group owner try: repo_owner = get_repo_owner(request, repo_id) dirs = seafile_api.list_dir_with_perm(repo_id, parent_dir, dir_id, repo_owner, -1, -1) except Exception as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error') # convert dirent obj to dict and exclude '*.dtable' files. dirent_list = [ get_dirent_info(dir) for dir in dirs if '.dtable' not in dir.obj_name ] return Response({ 'dirent_list': dirent_list, 'group_name': group.group_name, })
def delete(self, request, group_id, repo_id): """ Delete a group library. Permission checking: 1. is group admin; 1. is repo owner; 1. repo is shared to group with `admin` permission; """ group_id = int(group_id) repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) is_org = False if is_org_context(request): is_org = True group_repo = seafile_api.get_group_shared_repo_by_path( repo_id, None, group_id, is_org) if not group_repo: error_msg = 'Group library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # only group admin or repo owner can delete group repo. username = request.user.username repo_owner = get_repo_owner(request, repo_id) if not is_group_admin(group_id, username) and \ repo_owner != username and \ not is_repo_admin(username, repo_id): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) permission = check_group_share_in_permission(repo_id, group_id, is_org) if is_org: org_id = ccnet_api.get_org_id_by_group(group_id) seafile_api.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, username) origin_repo_id = group_repo.origin_repo_id or repo_id origin_path = group_repo.origin_path or '/' send_perm_audit_msg('delete-repo-perm', username, group_id, origin_repo_id, origin_path, permission) # delete extra share permission ExtraGroupsSharePermission.objects.delete_share_permission( repo_id, group_id) return Response({'success': True})
def delete(self, request, repo_id, format=None): """ Clean library's trash. Permission checking: 1. repo owner can perform this action. 2. is group admin. """ # argument check try: keep_days = int(request.data.get('keep_days', 0)) except ValueError: error_msg = 'keep_days invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username repo_owner = get_repo_owner(request, repo_id) if not config.ENABLE_USER_CLEAN_TRASH: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if '@seafile_group' in repo_owner: group_id = get_group_id_by_repo_owner(repo_owner) if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if username != repo_owner: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) try: seafile_api.clean_up_repo_history(repo_id, keep_days) org_id = None if not request.user.org else request.user.org.org_id clean_up_repo_trash.send(sender=None, org_id=org_id, operator=username, repo_id=repo_id, repo_name=repo.name, repo_owner=repo_owner, days=keep_days) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'success': True})
def delete(self, request, group_id, repo_id): """ Delete a group library. Permission checking: 1. is repo owner; 2. is repo admin; 3. is group admin; """ group_id = int(group_id) repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) is_org = False if is_org_context(request): is_org = True group_repo = seafile_api.get_group_shared_repo_by_path(repo_id, None, group_id, is_org) if not group_repo: error_msg = 'Group library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # only group admin or repo owner can delete group repo. username = request.user.username repo_owner = get_repo_owner(request, repo_id) if not is_group_admin(group_id, username) and \ repo_owner != username and \ not is_repo_admin(username, repo_id): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) permission = check_group_share_in_permission(repo_id, group_id, is_org) if is_org: org_id = ccnet_api.get_org_id_by_group(group_id) seafile_api.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, username) origin_repo_id = group_repo.origin_repo_id or repo_id origin_path = group_repo.origin_path or '/' send_perm_audit_msg('delete-repo-perm', username, group_id, origin_repo_id, origin_path, permission) # delete extra share permission ExtraGroupsSharePermission.objects.delete_share_permission(repo_id, group_id) return Response({'success': True})
def delete(self, request, repo_id): """ Delete repo user folder perm. Permission checking: 1. is group admin """ # argument check user = request.data.get('user_email', None) if not user: error_msg = 'user_email invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) path = request.data.get('folder_path', None) if not path: error_msg = 'folder_path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # delete permission path = normalize_dir_path(path) permission = seafile_api.get_folder_user_perm(repo_id, path, user) if not permission: return Response({'success': True}) try: seafile_api.rm_folder_user_perm(repo_id, path, user) send_perm_audit_msg('delete-repo-perm', username, user, repo_id, path, permission) return Response({'success': True}) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
def repo_snapshot(request, repo_id): """View repo in history. """ repo = get_repo(repo_id) if not repo: raise Http404 username = request.user.username user_perm = check_folder_permission(request, repo.id, '/') if user_perm is None: return render_error(request, _('Permission denied')) try: server_crypto = UserOptions.objects.is_server_crypto(username) except CryptoOptionNotSetError: # Assume server_crypto is ``False`` if this option is not set. server_crypto = False reverse_url = reverse('lib_view', args=[repo_id, repo.name, '']) if repo.encrypted and \ (repo.enc_version == 1 or (repo.enc_version == 2 and server_crypto)) \ and not is_password_set(repo.id, username): return render( request, 'decrypt_repo_form.html', { 'repo': repo, 'next': get_next_url_from_request(request) or reverse_url, }) commit_id = request.GET.get('commit_id', None) if commit_id is None: return HttpResponseRedirect(reverse_url) current_commit = get_commit(repo.id, repo.version, commit_id) if not current_commit: current_commit = get_commit(repo.id, repo.version, repo.head_cmmt_id) has_perm = is_repo_owner(request, repo.id, username) # department admin if not has_perm: repo_owner = get_repo_owner(request, repo_id) if '@seafile_group' in repo_owner: group_id = get_group_id_by_repo_owner(repo_owner) has_perm = is_group_admin(group_id, username) return render( request, 'repo_snapshot_react.html', { 'repo': repo, "can_restore_repo": has_perm, 'current_commit': current_commit, })
def list_user_shared_items(self, request, repo_id, path, org_id): repo_owner = get_repo_owner(request, repo_id) share_items = SeafileAPI.get_shared_users_by_repo_path( repo_id, repo_owner, path=path, org_id=org_id) ret = [] for item in share_items: email = item.user ret.append({ "user_email": email, "user_name": email2nickname(email), "user_contact_email": email2contact_email(email), "permission": item.perm }) return ret
def post(self, request, repo_id, commit_id, format=None): """ revert commit in repo history Permission checking: 1. only repo owner can perform this action. """ username = request.user.username # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) commit = seafile_api.get_commit(repo.id, repo.version, commit_id) if not commit: error_msg = 'Commit %s not found.' % commit_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check has_perm = is_repo_owner(request, repo.id, username) if not has_perm: repo_owner = get_repo_owner(request, repo_id) # department admin if '@seafile_group' in repo_owner: group_id = get_group_id_by_repo_owner(repo_owner) has_perm = is_group_admin(group_id, username) if not has_perm: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # main if repo.encrypted: ret = seafile_api.is_password_set(repo_id, username) is_decrypted = False if ret == 0 else True if not is_decrypted: error_msg = _('This library has not been decrypted.') return api_error(status.HTTP_403_FORBIDDEN, error_msg) try: seafile_api.revert_repo(repo_id, commit_id, username) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'success': True})
def get_group_owned_repo_info(request, repo_id): repo = seafile_api.get_repo(repo_id) repo_info = {} repo_info['repo_id'] = repo_id repo_info['repo_name'] = repo.name repo_info['mtime'] = timestamp_to_isoformat_timestr(repo.last_modified) repo_info['size'] = repo.size repo_info['encrypted'] = repo.encrypted repo_owner = get_repo_owner(request, repo_id) repo_info['owner_email'] = repo_owner return repo_info
def test_can_get(self): username = self.user.username owner = get_repo_owner(self.fake_request, self.repo.id) assert owner == username assert get_repo_shared_users(self.repo.id, owner) == [] # user share a repo to admin seafile_api.share_repo(self.repo.id, username, self.admin.username, 'rw') assert get_repo_shared_users(self.repo.id, owner) == [self.admin.username] # user share a repo to group seafile_api.set_group_repo(self.repo.id, self.group.id, username, 'rw') assert get_repo_shared_users(self.repo.id, owner) == [self.admin.username, self.user2.username]
def post(self, request, repo_id, format=None): """Post a comments of a file. """ path = request.GET.get('p', '/').rstrip('/') if not path: return api_error(status.HTTP_400_BAD_REQUEST, 'Wrong path.') try: avatar_size = int( request.GET.get('avatar_size', AVATAR_DEFAULT_SIZE)) except ValueError: avatar_size = AVATAR_DEFAULT_SIZE try: obj_id = seafile_api.get_file_id_by_path(repo_id, path) except SearpcError as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal error.') if not obj_id: return api_error(status.HTTP_404_NOT_FOUND, 'File not found.') comment = request.data.get('comment', '') if not comment: return api_error(status.HTTP_400_BAD_REQUEST, 'Comment can not be empty.') username = request.user.username o = FileComment.objects.add_by_file_path(repo_id=repo_id, file_path=path, author=username, comment=comment) repo = seafile_api.get_repo(repo_id) repo_owner = get_repo_owner(request, repo.id) comment_file_successful.send(sender=None, repo=repo, repo_owner=repo_owner, file_path=path, comment=comment, author=username) comment = o.to_dict() comment.update( user_to_dict(request.user.username, request=request, avatar_size=avatar_size)) return Response(comment, status=201)
def test_can_get(self): username = self.user.username owner = get_repo_owner(self.fake_request, self.repo.id) assert owner == username assert get_repo_shared_users(self.repo.id, owner) == [] # user share a repo to admin seafile_api.share_repo(self.repo.id, username, self.admin.username, 'rw') assert get_repo_shared_users(self.repo.id, owner) == [self.admin.username] # user share a repo to group seafile_api.set_group_repo(self.repo.id, self.group.id, username, 'rw') assert get_repo_shared_users( self.repo.id, owner) == [self.admin.username, self.user2.username]
def delete(self, request, repo_id): repo = seafile_api.get_repo(repo_id) if not repo: # for case of `seafile-data` has been damaged # no `repo object` will be returned from seafile api # delete the database record anyway try: seafile_api.remove_repo(repo_id) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'success': True}) # check permission username = request.user.username repo_owner = get_repo_owner(request, repo_id) if username != repo_owner: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check repo status repo_status = repo.status if repo_status != 0: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) org_id = None if is_org_context(request): org_id = request.user.org.org_id # remove repo seafile_api.remove_repo(repo_id) repo_deleted.send(sender=None, org_id=org_id, operator=username, repo_owner=repo_owner, repo_id=repo_id, repo_name=repo.name) return Response('success', status=status.HTTP_200_OK)
def get(self, request, repo_id, format=None): """ List repo group folder perms (by folder_path). Permission checking: 1. is group admin """ # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) results = [] path = request.GET.get('folder_path', None) group_folder_perms = seafile_api.list_folder_group_perm_by_repo(repo_id) for perm in group_folder_perms: result = {} if path: if path == perm.path: result = self._get_group_folder_perm_info( perm.group_id, perm.repo_id, perm.path, perm.permission) else: result = self._get_group_folder_perm_info( perm.group_id, perm.repo_id, perm.path, perm.permission) if result: results.append(result) return Response(results)
def post(self, request, repo_id, format=None): """Post a comments of a file. """ path = request.GET.get('p', '/').rstrip('/') if not path: return api_error(status.HTTP_400_BAD_REQUEST, 'Wrong path.') try: avatar_size = int(request.GET.get('avatar_size', AVATAR_DEFAULT_SIZE)) except ValueError: avatar_size = AVATAR_DEFAULT_SIZE try: obj_id = seafile_api.get_file_id_by_path(repo_id, path) except SearpcError as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal error.') if not obj_id: return api_error(status.HTTP_404_NOT_FOUND, 'File not found.') comment = request.data.get('comment', '') if not comment: return api_error(status.HTTP_400_BAD_REQUEST, 'Comment can not be empty.') username = request.user.username o = FileComment.objects.add_by_file_path( repo_id=repo_id, file_path=path, author=username, comment=comment) repo = seafile_api.get_repo(repo_id) repo_owner = get_repo_owner(request, repo.id) comment_file_successful.send(sender=None, repo=repo, repo_owner=repo_owner, file_path=path, comment=comment, author=username) comment = o.to_dict() comment.update(user_to_dict(request.user.username, request=request, avatar_size=avatar_size)) return Response(comment, status=201)
def put(self, request, group_id, repo_id): """ Rename a library. Permission checking: 1. is group admin; """ # argument check new_repo_name = request.data.get('name', '') if not new_repo_name: error_msg = 'name invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not is_valid_dirent_name(new_repo_name): error_msg = 'name invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check group_id = int(group_id) username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # rename repo try: repo_owner = get_repo_owner(request, repo_id) # desc is '' seafile_api.edit_repo(repo_id, new_repo_name, '', repo_owner) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) repo_info = get_group_owned_repo_info(request, repo_id) return Response(repo_info)
def list_group_shared_items(self, request, repo_id, path, org_id): repo_owner = get_repo_owner(request, repo_id) share_items = SeafileAPI.get_shared_groups_by_repo_path( repo_id, repo_owner, path, org_id) ret = [] for item in share_items: group_id = item.group_id group = ccnet_api.get_group(group_id) if not group: SeafileAPI.delete_shared_group_by_repo_path( repo_id, repo_owner, group_id, path, org_id) continue ret.append({ "group_id": group_id, "group_name": group.group_name, "permission": item.perm, }) return ret
def delete(self, request, repo_id, format=None): """ Delete repo group share permission. Permission checking: 1. is group admin """ # parameter check to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check username = request.user.username repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) path = request.data.get('path', '/') if path == '/': seafile_api.unset_group_repo(repo_id, to_group_id, username) else: seafile_api.unshare_subdir_for_group( repo_id, path, repo_owner, group_id) permission = check_group_share_out_permission(repo_id, path, group_id, False) send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, path, permission) return Response({'success': True})
def get_group_owned_repo_info(request, repo_id): repo = seafile_api.get_repo(repo_id) repo_info = {} repo_info['id'] = repo_id repo_info['name'] = repo.name repo_info['mtime'] = timestamp_to_isoformat_timestr(repo.last_modified) repo_info['size'] = repo.size repo_info['encrypted'] = repo.encrypted repo_owner = get_repo_owner(request, repo_id) repo_info['owner'] = repo_owner try: group_id = get_group_id_by_repo_owner(repo_owner) group = ccnet_api.get_group(int(group_id)) repo_info['group_name'] = group.group_name except Exception as e: logger.error(e) repo_info['group_name'] = '' return repo_info
def delete(self, request, repo_id): repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check permission username = request.user.username repo_owner = get_repo_owner(request, repo_id) if username != repo_owner: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) org_id = None if is_org_context(request): org_id = request.user.org.org_id try: related_users = get_related_users_by_repo(repo_id, org_id) except Exception as e: logger.error(e) related_users = [] # remove repo seafile_api.remove_repo(repo_id) repo_deleted.send(sender=None, org_id=org_id, operator=username, usernames=related_users, repo_owner=repo_owner, repo_id=repo_id, repo_name=repo.name) return Response('success', status=status.HTTP_200_OK)
def post(self, request, repo_id, format=None): """ Add repo group folder perm. Permission checking: 1. is group admin """ # argument check path = request.data.get('folder_path', None) if not path: error_msg = 'folder_path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) perm = request.data.get('permission', None) if not perm or perm not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = normalize_dir_path(path) if not seafile_api.get_dir_id_by_path(repo_id, path): error_msg = 'Folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) result = {} result['failed'] = [] result['success'] = [] group_ids = request.data.getlist('group_id') for group_id in group_ids: try: group_id = int(group_id) except ValueError: result['failed'].append({ 'group_id': group_id, 'error_msg': 'group_id invalid.' }) continue if not ccnet_api.get_group(group_id): result['failed'].append({ 'group_id': group_id, 'error_msg': 'Group %s not found.' % group_id }) continue permission = seafile_api.get_folder_group_perm(repo_id, path, group_id) if permission: result['failed'].append({ 'group_id': group_id, 'error_msg': _(u'Permission already exists.') }) continue try: seafile_api.add_folder_group_perm(repo_id, path, perm, group_id) send_perm_audit_msg('add-repo-perm', username, group_id, repo_id, path, perm) except Exception as e: logger.error(e) result['failed'].append({ 'group_id': group_id, 'error_msg': 'Internal Server Error' }) new_perm = seafile_api.get_folder_group_perm(repo_id, path, group_id) new_perm_info = self._get_group_folder_perm_info( group_id, repo_id, path, new_perm) result['success'].append(new_perm_info) return Response(result)
def delete(self, request, repo_id, format=None): """ Delete repo group folder perm. Permission checking: 1. is group admin """ # arguments check group_id = request.data.get('group_id', None) path = request.data.get('folder_path', None) if not group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not path: error_msg = 'folder_path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: group_id = int(group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) library_group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(library_group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(library_group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # delete permission path = path.rstrip('/') if path != '/' else path permission = seafile_api.get_folder_group_perm(repo_id, path, group_id) if not permission: return Response({'success': True}) try: seafile_api.rm_folder_group_perm(repo_id, path, group_id) send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, path, permission) return Response({'success': True}) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
def post(self, request): # argument check operation = request.data.get('operation', None) if not operation: error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # operation could be `share`, `unshare`, `delete`, `transfer` # we now only use `share`, `unshare` if operation not in ('share', 'unshare'): error_msg = 'operation can only be "share", "unshare".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) result = {} result['failed'] = [] result['success'] = [] username = request.user.username repo_id_list = request.data.getlist('repo_id') valid_repo_id_list = [] # filter out invalid repo id for repo_id in repo_id_list: if not seafile_api.get_repo(repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Library %s not found.' % repo_id }) continue repo_owner = get_repo_owner(request, repo_id) if repo_owner != username and not is_repo_admin(username, repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Permission denied.' }) continue valid_repo_id_list.append(repo_id) # share repo if operation == 'share': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) permission = request.data.get('permission', 'rw') if permission not in [ PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN ]: error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # share repo to user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=to_username) except User.DoesNotExist: error_msg = 'User %s not found.' % to_username return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check if to_user is an org user try: org_of_to_user = ccnet_api.get_orgs_by_user(to_username) except Exception as e: logger.error(e) org_of_to_user = [] if is_org_context(request): org_id = request.user.org.org_id org_name = request.user.org.org_name if len(org_of_to_user ) == 0 or org_id != org_of_to_user[0].org_id: error_msg = 'User %s is not member of organization %s.' \ % (to_username, org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if len(org_of_to_user) >= 1: error_msg = 'User %s is member of organization %s.' \ % (to_username, org_of_to_user[0].org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % to_username }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_add_share( org_id, repo_id, username, to_username, permission) else: seafile_api.share_repo(repo_id, username, to_username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_username, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "username": to_username, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_username, repo_id, '/', permission) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # share repo to group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) if not group: error_msg = 'Group %s not found.' % to_group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) group_name = group.group_name if not is_group_member(to_group_id, username): error_msg = 'User %s is not member of group %s.' % ( username, group_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % group_name }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo( repo_id, org_id, to_group_id, username, permission) else: seafile_api.set_group_repo(repo_id, to_group_id, username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send( sender=None, from_user=username, group_id=to_group_id, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_group_id, repo_id, '/', permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo if operation == 'unshare': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # unshare repo from user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) for repo_id in valid_repo_id_list: if not self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % to_username }) continue repo_owner = get_repo_owner(request, repo_id) try: # get share permission before unshare operation permission = check_user_share_out_permission( repo_id, '/', to_username, is_org_context(request)) if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. org_id = request.user.org.org_id seafile_api.org_remove_share( org_id, repo_id, repo_owner, to_username) else: seafile_api.remove_share(repo_id, repo_owner, to_username) # Delete share permission at ExtraSharePermission table. ExtraSharePermission.objects.delete_share_permission( repo_id, to_username) # send message send_perm_audit_msg('delete-repo-perm', username, to_username, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "username": to_username, }) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo from group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) group_name = group.group_name if group else '' for repo_id in valid_repo_id_list: if not self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % group_name }) continue try: # get share permission before unshare operation permission = check_group_share_out_permission( repo_id, '/', to_group_id, is_org_context(request)) org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.del_org_group_repo( repo_id, org_id, to_group_id) else: seafile_api.unset_group_repo( repo_id, to_group_id, username) # Delete share permission at ExtraSharePermission table. ExtraGroupsSharePermission.objects.delete_share_permission( repo_id, to_group_id) # send message send_perm_audit_msg('delete-repo-perm', username, to_group_id, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, }) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) return Response(result)
def post(self, request, repo_id, org_id): """ Share repo to users. Permission checking: 1. is group admin """ # parameter check permission = request.data.get('permission', PERMISSION_READ) if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]: error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = request.data.get('path', '/') if not seafile_api.get_dir_id_by_path(repo_id, path): error_msg = 'Folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # share repo to user result = {} result['failed'] = [] result['success'] = [] share_to_users = request.data.getlist('username') for to_user in share_to_users: to_user = to_user.strip() if not is_valid_username(to_user): result['failed'].append({ 'email': to_user, 'error_msg': _(u'username invalid.') }) continue try: User.objects.get(email=to_user) except User.DoesNotExist: result['failed'].append({ 'email': to_user, 'error_msg': _(u'User %s not found.') % to_user }) continue if self.has_shared_to_user(request, repo_id, path, to_user): result['failed'].append({ 'email': to_user, 'error_msg': _(u'This item has been shared to %s.') % to_user }) continue if is_valid_org_id(org_id): if not is_org_user(to_user, org_id): org_name = request.user.org.org_name error_msg = 'User %s is not member of organization %s.' \ % (to_user, org_name) result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue else: if is_org_user(to_user): error_msg = 'User %s is a member of organization.' % to_user result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue share_dir_to_user(repo, path, repo_owner, username, to_user, permission, org_id) result['success'].append({ "user_email": to_user, "user_name": email2nickname(to_user), "user_contact_email": email2contact_email(to_user), "permission": permission, }) # send a signal when sharing repo successful share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=repo, path=path, org_id=org_id) send_perm_audit_msg('add-repo-perm', username, to_user, repo_id, path, permission) return Response(result)
def post(self, request): """ Copy/move file/dir, and return task id. Permission checking: 1. move: user with 'rw' permission for current file, 'rw' permission for dst parent dir; 2. copy: user with 'r' permission for current file, 'rw' permission for dst parent dir; """ src_repo_id = request.data.get('src_repo_id', None) src_parent_dir = request.data.get('src_parent_dir', None) src_dirent_name = request.data.get('src_dirent_name', None) dst_repo_id = request.data.get('dst_repo_id', None) dst_parent_dir = request.data.get('dst_parent_dir', None) operation = request.data.get('operation', None) dirent_type = request.data.get('dirent_type', None) # argument check if not src_repo_id: error_msg = 'src_repo_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not src_parent_dir: error_msg = 'src_parent_dir invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not src_dirent_name: error_msg = 'src_dirent_name invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not dst_repo_id: error_msg = 'dst_repo_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not dst_parent_dir: error_msg = 'dst_parent_dir invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not operation: error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not dirent_type: error_msg = 'dirent_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if len(dst_parent_dir + src_dirent_name) > MAX_PATH: error_msg = _('Destination path is too long.') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) operation = operation.lower() if operation not in ('move', 'copy'): error_msg = "operation can only be 'move' or 'copy'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if operation == 'move': if src_repo_id == dst_repo_id and src_parent_dir == dst_parent_dir: error_msg = _('Invalid destination path') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) dirent_type = dirent_type.lower() if dirent_type not in ('file', 'dir'): error_msg = "operation can only be 'file' or 'dir'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # src resource check src_repo = seafile_api.get_repo(src_repo_id) if not src_repo: error_msg = 'Library %s not found.' % src_repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) src_dirent_path = posixpath.join(src_parent_dir, src_dirent_name) file_id = None if dirent_type == 'file': file_id = seafile_api.get_file_id_by_path(src_repo_id, src_dirent_path) if not file_id: error_msg = 'File %s not found.' % src_dirent_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) dir_id = None if dirent_type == 'dir': dir_id = seafile_api.get_dir_id_by_path(src_repo_id, src_dirent_path) if not dir_id: error_msg = 'Folder %s not found.' % src_dirent_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) # dst resource check dst_repo = seafile_api.get_repo(dst_repo_id) if not dst_repo: error_msg = 'Library %s not found.' % dst_repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not seafile_api.get_dir_id_by_path(dst_repo_id, dst_parent_dir): error_msg = 'Folder %s not found.' % dst_parent_dir return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check for dst parent dir if check_folder_permission(request, dst_repo_id, dst_parent_dir) != 'rw': error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if operation == 'copy' or \ operation == 'move' and \ get_repo_owner(request, src_repo_id) != get_repo_owner(request, dst_repo_id): current_size = 0 if file_id: current_size = seafile_api.get_file_size(src_repo.store_id, src_repo.version, file_id) if dir_id: current_size = seafile_api.get_dir_size(src_repo.store_id, src_repo.version, dir_id) # check if above quota for dst repo if seafile_api.check_quota(dst_repo_id, current_size) < 0: return api_error(HTTP_443_ABOVE_QUOTA, _(u"Out of quota.")) new_dirent_name = check_filename_with_rename(dst_repo_id, dst_parent_dir, src_dirent_name) username = request.user.username if operation == 'move': # permission check for src parent dir if check_folder_permission(request, src_repo_id, src_parent_dir) != 'rw': error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if dirent_type == 'dir' and src_repo_id == dst_repo_id and \ dst_parent_dir.startswith(src_dirent_path + '/'): error_msg = _(u'Can not move directory %(src)s to its subdirectory %(des)s') \ % {'src': escape(src_dirent_path), 'des': escape(dst_parent_dir)} return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if dirent_type == 'file': # check file lock try: is_locked, locked_by_me = check_file_lock(src_repo_id, src_dirent_path, username) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if is_locked and not locked_by_me: error_msg = _("File is locked") return api_error(status.HTTP_403_FORBIDDEN, error_msg) try: res = seafile_api.move_file(src_repo_id, src_parent_dir, src_dirent_name, dst_repo_id, dst_parent_dir, new_dirent_name, replace=False, username=username, need_progress=1) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if operation == 'copy': # permission check for src parent dir if parse_repo_perm(check_folder_permission( request, src_repo_id, src_parent_dir)).can_copy is False: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) try: res = seafile_api.copy_file(src_repo_id, src_parent_dir, src_dirent_name, dst_repo_id, dst_parent_dir, new_dirent_name, username=username, need_progress=1) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if not res: error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) result = {} if res.background: result['task_id'] = res.task_id return Response(result)
def get(self, request, group_id): """ Get all group libraries. Permission checking: 1. is group member; """ # only group member can get group libraries username = request.user.username if not is_group_member(group_id, request.user.username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if is_org_context(request): org_id = request.user.org.org_id group_repos = seafile_api.get_org_group_repos(org_id, group_id) else: group_repos = seafile_api.get_repos_by_group(group_id) group_repos.sort(lambda x, y: cmp(y.last_modified, x.last_modified)) # get repo id owner dict all_repo_owner = [] repo_id_owner_dict = {} for repo in group_repos: repo_id = repo.id if repo_id not in repo_id_owner_dict: repo_owner = get_repo_owner(request, repo_id) all_repo_owner.append(repo_owner) repo_id_owner_dict[repo_id] = repo_owner all_modifier = [r.last_modifier for r in group_repos] # Use dict to reduce memcache fetch cost in large for-loop. name_dict = {} contact_email_dict = {} for email in set(all_repo_owner + all_modifier): if email not in name_dict: if '@seafile_group' in email: group_id = get_group_id_by_repo_owner(email) group_name= group_id_to_name(group_id) name_dict[email] = group_name else: name_dict[email] = email2nickname(email) if email not in contact_email_dict: if '@seafile_group' in email: contact_email_dict[email] = '' else: contact_email_dict[email] = email2contact_email(email) try: starred_repos = UserStarredFiles.objects.get_starred_repos_by_user(username) starred_repo_id_list = [item.repo_id for item in starred_repos] except Exception as e: logger.error(e) starred_repo_id_list = [] result = [] for group_repo in group_repos: group_repo_info = get_group_repo_info(request, group_repo) repo_owner = repo_id_owner_dict[group_repo.id] group_repo_info['owner_email'] = repo_owner group_repo_info['owner_name'] = name_dict.get(repo_owner, '') group_repo_info['owner_contact_email'] = contact_email_dict.get(repo_owner, '') modifier = group_repo.last_modifier group_repo_info['modifier_email'] = modifier group_repo_info['modifier_name'] = name_dict.get(modifier, '') group_repo_info['modifier_contact_email'] = contact_email_dict.get(modifier, '') group_repo_info['starred'] = group_repo.id in starred_repo_id_list result.append(group_repo_info) return Response(result)
def test_can_get(self): assert get_repo_owner(self.fake_request, self.repo.id) == self.user.username
def post(self, request): """ Only support move folder. Permission checking: User with 'rw' permission for src/dst folder. """ src_repo_id = request.data.get('src_repo_id', None) src_parent_dir = request.data.get('src_parent_dir', None) src_folder_name = request.data.get('src_dirent_name', None) dst_repo_id = request.data.get('dst_repo_id', None) dst_parent_dir = request.data.get('dst_parent_dir', None) # argument check if not src_repo_id: error_msg = 'src_repo_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not src_parent_dir: error_msg = 'src_parent_dir invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not src_folder_name: error_msg = 'src_dirent_name invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not dst_repo_id: error_msg = 'dst_repo_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not dst_parent_dir: error_msg = 'dst_parent_dir invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if src_repo_id == dst_repo_id and src_parent_dir == dst_parent_dir: error_msg = _('Invalid destination path') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if len(dst_parent_dir + src_folder_name) > MAX_PATH: error_msg = _('Destination path is too long.') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # src resource check src_repo = seafile_api.get_repo(src_repo_id) if not src_repo: error_msg = 'Library %s not found.' % src_repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) src_folder_path = posixpath.join(src_parent_dir, src_folder_name) dir_id = seafile_api.get_dir_id_by_path(src_repo_id, src_folder_path) if not dir_id: error_msg = 'Folder %s not found.' % src_folder_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) # dst resource check dst_repo = seafile_api.get_repo(dst_repo_id) if not dst_repo: error_msg = 'Library %s not found.' % dst_repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not seafile_api.get_dir_id_by_path(dst_repo_id, dst_parent_dir): error_msg = 'Folder %s not found.' % dst_parent_dir return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check for src folder if check_folder_permission(request, src_repo_id, src_folder_path) != 'rw': error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # permission check for dst parent dir if check_folder_permission(request, dst_repo_id, dst_parent_dir) != 'rw': error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) ## check if above quota for dst repo if get_repo_owner(request, src_repo_id) != get_repo_owner( request, dst_repo_id): current_size = 0 current_size = seafile_api.get_dir_size(src_repo.store_id, src_repo.version, dir_id) if seafile_api.check_quota(dst_repo_id, current_size) < 0: return api_error(HTTP_443_ABOVE_QUOTA, _("Out of quota.")) username = request.user.username move_folder_with_merge(username, src_repo_id, src_parent_dir, src_folder_name, dst_repo_id, dst_parent_dir, src_folder_name) seafile_api.del_file(src_repo_id, src_parent_dir, src_folder_name, username) return Response({'success': True})
def get(self, request): """ Return repos user can access. Permission checking: 1. all authenticated user can perform this action. """ filter_by = { 'mine': False, 'shared': False, 'group': False, 'public': False, } request_type_list = request.GET.getlist('type', "") if not request_type_list: # set all to True, no filter applied filter_by = filter_by.fromkeys(filter_by.iterkeys(), True) for request_type in request_type_list: request_type = request_type.strip() filter_by[request_type] = True email = request.user.username # Use dict to reduce memcache fetch cost in large for-loop. contact_email_dict = {} nickname_dict = {} org_id = None if is_org_context(request): org_id = request.user.org.org_id try: starred_repos = UserStarredFiles.objects.get_starred_repos_by_user(email) starred_repo_id_list = [item.repo_id for item in starred_repos] except Exception as e: logger.error(e) starred_repo_id_list = [] repo_info_list = [] if filter_by['mine']: if org_id: owned_repos = seafile_api.get_org_owned_repo_list(org_id, email, ret_corrupted=True) else: owned_repos = seafile_api.get_owned_repo_list(email, ret_corrupted=True) # Reduce memcache fetch ops. modifiers_set = set([x.last_modifier for x in owned_repos]) for e in modifiers_set: if e not in contact_email_dict: contact_email_dict[e] = email2contact_email(e) if e not in nickname_dict: nickname_dict[e] = email2nickname(e) owned_repos.sort(lambda x, y: cmp(y.last_modify, x.last_modify)) for r in owned_repos: # do not return virtual repos if r.is_virtual: continue repo_info = { "type": "mine", "repo_id": r.id, "repo_name": r.name, "owner_email": email, "owner_name": email2nickname(email), "owner_contact_email": email2contact_email(email), "last_modified": timestamp_to_isoformat_timestr(r.last_modify), "modifier_email": r.last_modifier, "modifier_name": nickname_dict.get(r.last_modifier, ''), "modifier_contact_email": contact_email_dict.get(r.last_modifier, ''), "size": r.size, "encrypted": r.encrypted, "permission": 'rw', # Always have read-write permission to owned repo "starred": r.repo_id in starred_repo_id_list, } if is_pro_version() and ENABLE_STORAGE_CLASSES: repo_info['storage_name'] = r.storage_name repo_info['storage_id'] = r.storage_id repo_info_list.append(repo_info) if filter_by['shared']: if org_id: shared_repos = seafile_api.get_org_share_in_repo_list(org_id, email, -1, -1) else: shared_repos = seafile_api.get_share_in_repo_list( email, -1, -1) repos_with_admin_share_to = ExtraSharePermission.objects.\ get_repos_with_admin_permission(email) # Reduce memcache fetch ops. owners_set = set([x.user for x in shared_repos]) modifiers_set = set([x.last_modifier for x in shared_repos]) for e in owners_set | modifiers_set: if e not in contact_email_dict: contact_email_dict[e] = email2contact_email(e) if e not in nickname_dict: nickname_dict[e] = email2nickname(e) shared_repos.sort(lambda x, y: cmp(y.last_modify, x.last_modify)) for r in shared_repos: owner_email = r.user group_name = '' is_group_owned_repo = False if '@seafile_group' in owner_email: is_group_owned_repo = True group_id = get_group_id_by_repo_owner(owner_email) group_name= group_id_to_name(group_id) owner_name = group_name if is_group_owned_repo else \ nickname_dict.get(owner_email, '') owner_contact_email = '' if is_group_owned_repo else \ contact_email_dict.get(owner_email, '') repo_info = { "type": "shared", "repo_id": r.repo_id, "repo_name": r.repo_name, "last_modified": timestamp_to_isoformat_timestr(r.last_modify), "modifier_email": r.last_modifier, "modifier_name": nickname_dict.get(r.last_modifier, ''), "modifier_contact_email": contact_email_dict.get(r.last_modifier, ''), "owner_email": owner_email, "owner_name": owner_name, "owner_contact_email": owner_contact_email, "size": r.size, "encrypted": r.encrypted, "permission": r.permission, "starred": r.repo_id in starred_repo_id_list, } if r.repo_id in repos_with_admin_share_to: repo_info['is_admin'] = True else: repo_info['is_admin'] = False repo_info_list.append(repo_info) if filter_by['group']: if org_id: group_repos = seafile_api.get_org_group_repos_by_user(email, org_id) else: group_repos = seafile_api.get_group_repos_by_user(email) group_repos.sort(lambda x, y: cmp(y.last_modify, x.last_modify)) # Reduce memcache fetch ops. share_from_set = set([x.user for x in group_repos]) modifiers_set = set([x.last_modifier for x in group_repos]) for e in modifiers_set | share_from_set: if e not in contact_email_dict: contact_email_dict[e] = email2contact_email(e) if e not in nickname_dict: nickname_dict[e] = email2nickname(e) for r in group_repos: repo_info = { "type": "group", "group_id": r.group_id, "group_name": r.group_name, "repo_id": r.repo_id, "repo_name": r.repo_name, "last_modified": timestamp_to_isoformat_timestr(r.last_modify), "modifier_email": r.last_modifier, "modifier_name": nickname_dict.get(r.last_modifier, ''), "modifier_contact_email": contact_email_dict.get(r.last_modifier, ''), "size": r.size, "encrypted": r.encrypted, "permission": r.permission, "starred": r.repo_id in starred_repo_id_list, } repo_info_list.append(repo_info) if filter_by['public'] and request.user.permissions.can_view_org(): public_repos = list_inner_pub_repos(request) # get repo id owner dict all_repo_owner = [] repo_id_owner_dict = {} for repo in public_repos: repo_id = repo.repo_id if repo_id not in repo_id_owner_dict: repo_owner = get_repo_owner(request, repo_id) all_repo_owner.append(repo_owner) repo_id_owner_dict[repo_id] = repo_owner # Reduce memcache fetch ops. owner_set = set(all_repo_owner) share_from_set = set([x.user for x in public_repos]) modifiers_set = set([x.last_modifier for x in public_repos]) for e in modifiers_set | share_from_set | owner_set: if e not in contact_email_dict: contact_email_dict[e] = email2contact_email(e) if e not in nickname_dict: nickname_dict[e] = email2nickname(e) for r in public_repos: repo_owner = repo_id_owner_dict[r.repo_id] repo_info = { "type": "public", "repo_id": r.repo_id, "repo_name": r.repo_name, "last_modified": timestamp_to_isoformat_timestr(r.last_modify), "modifier_email": r.last_modifier, "modifier_name": nickname_dict.get(r.last_modifier, ''), "modifier_contact_email": contact_email_dict.get(r.last_modifier, ''), "owner_email": repo_owner, "owner_name": nickname_dict.get(repo_owner, ''), "owner_contact_email": contact_email_dict.get(repo_owner, ''), "size": r.size, "encrypted": r.encrypted, "permission": r.permission, "starred": r.repo_id in starred_repo_id_list, } repo_info_list.append(repo_info) utc_dt = datetime.datetime.utcnow() timestamp = utc_dt.strftime('%Y-%m-%d %H:%M:%S') org_id = request.user.org.org_id if is_org_context(request) else -1 try: send_message('seahub.stats', 'user-login\t%s\t%s\t%s' % (email, timestamp, org_id)) except Exception as e: logger.error('Error when sending user-login message: %s' % str(e)) return Response({'repos': repo_info_list})
def post(self, request): """ Only support move folder. Permission checking: User with 'rw' permission for src/dst folder. """ src_repo_id = request.data.get('src_repo_id', None) src_parent_dir = request.data.get('src_parent_dir', None) src_folder_name = request.data.get('src_dirent_name', None) dst_repo_id = request.data.get('dst_repo_id', None) dst_parent_dir = request.data.get('dst_parent_dir', None) # argument check if not src_repo_id: error_msg = 'src_repo_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not src_parent_dir: error_msg = 'src_parent_dir invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not src_folder_name: error_msg = 'src_dirent_name invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not dst_repo_id: error_msg = 'dst_repo_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not dst_parent_dir: error_msg = 'dst_parent_dir invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if src_repo_id == dst_repo_id and src_parent_dir == dst_parent_dir: error_msg = _('Invalid destination path') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if len(dst_parent_dir + src_folder_name) > MAX_PATH: error_msg = _('Destination path is too long.') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # src resource check src_repo = seafile_api.get_repo(src_repo_id) if not src_repo: error_msg = 'Library %s not found.' % src_repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) src_folder_path = posixpath.join(src_parent_dir, src_folder_name) dir_id = seafile_api.get_dir_id_by_path(src_repo_id, src_folder_path) if not dir_id: error_msg = 'Folder %s not found.' % src_folder_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) # dst resource check dst_repo = seafile_api.get_repo(dst_repo_id) if not dst_repo: error_msg = 'Library %s not found.' % dst_repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not seafile_api.get_dir_id_by_path(dst_repo_id, dst_parent_dir): error_msg = 'Folder %s not found.' % dst_parent_dir return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check for src folder if check_folder_permission(request, src_repo_id, src_folder_path) != 'rw': error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # permission check for dst parent dir if check_folder_permission(request, dst_repo_id, dst_parent_dir) != 'rw': error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) ## check if above quota for dst repo if get_repo_owner(request, src_repo_id) != get_repo_owner(request, dst_repo_id): current_size = 0 current_size = seafile_api.get_dir_size(src_repo.store_id, src_repo.version, dir_id) if seafile_api.check_quota(dst_repo_id, current_size) < 0: return api_error(HTTP_443_ABOVE_QUOTA, _(u"Out of quota.")) username = request.user.username move_folder_with_merge(username, src_repo_id, src_parent_dir, src_folder_name, dst_repo_id, dst_parent_dir, src_folder_name) seafile_api.del_file(src_repo_id, src_parent_dir, src_folder_name, username) return Response({'success': True})
def put(self, request, repo_id, format=None): """ Modify repo group folder perm. Permission checking: 1. is group admin """ # argument check path = request.data.get('folder_path', None) if not path: error_msg = 'folder_path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) perm = request.data.get('permission', None) if not perm or perm not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group_id = request.data.get('group_id') if not group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: group_id = int(group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = normalize_dir_path(path) if not seafile_api.get_dir_id_by_path(repo_id, path): error_msg = 'Folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) library_group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(library_group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) permission = seafile_api.get_folder_group_perm(repo_id, path, group_id) if not permission: error_msg = 'Folder permission not found.' return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(library_group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # modify permission try: seafile_api.set_folder_group_perm(repo_id, path, perm, group_id) send_perm_audit_msg('modify-repo-perm', username, group_id, repo_id, path, perm) new_perm = seafile_api.get_folder_group_perm(repo_id, path, group_id) result = self._get_group_folder_perm_info(group_id, repo_id, path, new_perm) return Response(result) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
def post(self, request, repo_id, org_id, format=None): """ Share repo to group. Permission checking: 1. is group admin """ # parameter check permission = request.data.get('permission', PERMISSION_READ) if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]: error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = request.data.get('path', '/') if not seafile_api.get_dir_id_by_path(repo_id, path): error_msg = 'Folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) result = {} result['failed'] = [] result['success'] = [] group_ids = request.data.getlist('group_id') for gid in group_ids: try: gid = int(gid) except ValueError: result['failed'].append({ 'error_msg': 'group_id %s invalid.' % gid }) continue group = ccnet_api.get_group(gid) if not group: result['failed'].append({ 'error_msg': 'Group %s not found' % gid }) continue if self.has_shared_to_group(request, repo_id, path, gid): result['failed'].append({ 'group_name': group.group_name, 'error_msg': _(u'This item has been shared to %s.') % group.group_name }) continue share_dir_to_group(repo, path, repo_owner, username, gid, permission, org_id) result['success'].append({ "group_id": gid, "group_name": group.group_name, "permission": permission, }) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=repo, path=path, org_id=org_id) send_perm_audit_msg('add-repo-perm', username, gid, repo_id, path, permission) return Response(result)
def get(self, request): """ List all groups. """ org_id = None username = request.user.username if is_org_context(request): org_id = request.user.org.org_id user_groups = seaserv.get_org_groups_by_user(org_id, username) else: user_groups = ccnet_api.get_groups(username, return_ancestors=True) try: avatar_size = int(request.GET.get('avatar_size', GROUP_AVATAR_DEFAULT_SIZE)) except ValueError: avatar_size = GROUP_AVATAR_DEFAULT_SIZE try: with_repos = int(request.GET.get('with_repos', 0)) except ValueError: with_repos = 0 if with_repos not in (0, 1): error_msg = 'with_repos invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) groups = [] if with_repos: gids = [g.id for g in user_groups] admin_info = ExtraGroupsSharePermission.objects.batch_get_repos_with_admin_permission(gids) try: starred_repos = UserStarredFiles.objects.get_starred_repos_by_user(username) starred_repo_id_list = [item.repo_id for item in starred_repos] except Exception as e: logger.error(e) starred_repo_id_list = [] for g in user_groups: group_info = get_group_info(request, g.id, avatar_size) if with_repos: if org_id: group_repos = seafile_api.get_org_group_repos(org_id, g.id) else: group_repos = seafile_api.get_repos_by_group(g.id) repos = [] # get repo id owner dict all_repo_owner = [] repo_id_owner_dict = {} for repo in group_repos: repo_id = repo.id if repo_id not in repo_id_owner_dict: repo_owner = get_repo_owner(request, repo_id) all_repo_owner.append(repo_owner) repo_id_owner_dict[repo_id] = repo_owner # Use dict to reduce memcache fetch cost in large for-loop. name_dict = {} contact_email_dict = {} for email in all_repo_owner: if email not in name_dict: if '@seafile_group' in email: group_id = get_group_id_by_repo_owner(email) group_name= group_id_to_name(group_id) name_dict[email] = group_name else: name_dict[email] = email2nickname(email) if email not in contact_email_dict: if '@seafile_group' in email: contact_email_dict[email] = '' else: contact_email_dict[email] = email2contact_email(email) for r in group_repos: repo_owner = repo_id_owner_dict.get(r.id, r.user) repo = { "id": r.id, "repo_id": r.id, "name": r.name, "repo_name": r.name, "size": r.size, "size_formatted": filesizeformat(r.size), "mtime": r.last_modified, "mtime_relative": translate_seahub_time(r.last_modified), "last_modified": timestamp_to_isoformat_timestr(r.last_modified), "encrypted": r.encrypted, "permission": r.permission, "owner": repo_owner, "owner_email": repo_owner, "owner_name": name_dict.get(repo_owner, ''), "owner_contact_email": contact_email_dict.get(repo_owner, ''), "is_admin": (r.id, g.id) in admin_info, "starred": r.repo_id in starred_repo_id_list, } repos.append(repo) group_info['repos'] = repos groups.append(group_info) return Response(groups)
def get(self, request): """ List all groups. """ org_id = None username = request.user.username if is_org_context(request): org_id = request.user.org.org_id user_groups = seaserv.get_org_groups_by_user(org_id, username) else: user_groups = ccnet_api.get_groups(username, return_ancestors=True) try: avatar_size = int(request.GET.get('avatar_size', GROUP_AVATAR_DEFAULT_SIZE)) except ValueError: avatar_size = GROUP_AVATAR_DEFAULT_SIZE try: with_repos = int(request.GET.get('with_repos', 0)) except ValueError: with_repos = 0 if with_repos not in (0, 1): error_msg = 'with_repos invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) groups = [] if with_repos: gids = [g.id for g in user_groups] admin_info = ExtraGroupsSharePermission.objects.batch_get_repos_with_admin_permission(gids) for g in user_groups: group_info = get_group_info(request, g.id, avatar_size) if with_repos: if org_id: group_repos = seafile_api.get_org_group_repos(org_id, g.id) else: group_repos = seafile_api.get_repos_by_group(g.id) repos = [] # get repo id owner dict all_repo_owner = [] repo_id_owner_dict = {} for repo in group_repos: repo_id = repo.id if repo_id not in repo_id_owner_dict: repo_owner = get_repo_owner(request, repo_id) all_repo_owner.append(repo_owner) repo_id_owner_dict[repo_id] = repo_owner # Use dict to reduce memcache fetch cost in large for-loop. name_dict = {} contact_email_dict = {} for email in all_repo_owner: if email not in name_dict: if '@seafile_group' in email: group_id = get_group_id_by_repo_owner(email) group_name= group_id_to_name(group_id) name_dict[email] = group_name else: name_dict[email] = email2nickname(email) if email not in contact_email_dict: if '@seafile_group' in email: contact_email_dict[email] = '' else: contact_email_dict[email] = email2contact_email(email) for r in group_repos: repo_owner = repo_id_owner_dict.get(r.id, r.user) repo = { "id": r.id, "repo_id": r.id, "name": r.name, "repo_name": r.name, "size": r.size, "size_formatted": filesizeformat(r.size), "mtime": r.last_modified, "mtime_relative": translate_seahub_time(r.last_modified), "last_modified": timestamp_to_isoformat_timestr(r.last_modified), "encrypted": r.encrypted, "permission": r.permission, "owner": repo_owner, "owner_email": repo_owner, "owner_name": name_dict.get(repo_owner, ''), "owner_contact_email": contact_email_dict.get(repo_owner, ''), "is_admin": (r.id, g.id) in admin_info } repos.append(repo) group_info['repos'] = repos groups.append(group_info) return Response(groups)
def post(self, request): # argument check operation = request.data.get('operation', None) if not operation: error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # operation could be `share`, `unshare`, `delete`, `transfer` # we now only use `share`, `unshare` if operation not in ('share', 'unshare'): error_msg = 'operation can only be "share", "unshare".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) result = {} result['failed'] = [] result['success'] = [] username = request.user.username repo_id_list = request.data.getlist('repo_id') valid_repo_id_list = [] # filter out invalid repo id for repo_id in repo_id_list: if not seafile_api.get_repo(repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Library %s not found.' % repo_id }) continue repo_owner = get_repo_owner(request, repo_id) if repo_owner != username and not is_repo_admin(username, repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Permission denied.' }) continue valid_repo_id_list.append(repo_id) # share repo if operation == 'share': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) permission = request.data.get('permission', 'rw') if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # share repo to user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=to_username) except User.DoesNotExist: error_msg = 'User %s not found.' % to_username return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check if to_user is an org user try: org_of_to_user = ccnet_api.get_orgs_by_user(to_username) except Exception as e: logger.error(e) org_of_to_user = [] if is_org_context(request): org_id = request.user.org.org_id org_name = request.user.org.org_name if len(org_of_to_user) == 0 or org_id != org_of_to_user[0].org_id: error_msg = 'User %s is not member of organization %s.' \ % (to_username, org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if len(org_of_to_user) >= 1: error_msg = 'User %s is member of organization %s.' \ % (to_username, org_of_to_user[0].org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % to_username }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_add_share(org_id, repo_id, username, to_username, permission) else: seafile_api.share_repo( repo_id, username, to_username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_username, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "username": to_username, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_username, repo_id, '/', permission) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # share repo to group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) if not group: error_msg = 'Group %s not found.' % to_group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) group_name = group.group_name if not is_group_member(to_group_id, username): error_msg = 'User %s is not member of group %s.' % (username, group_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % group_name }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo( repo_id, org_id, to_group_id, username, permission) else: seafile_api.set_group_repo( repo_id, to_group_id, username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=to_group_id, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_group_id, repo_id, '/', permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo if operation == 'unshare': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # unshare repo from user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) for repo_id in valid_repo_id_list: if not self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % to_username }) continue repo_owner = get_repo_owner(request, repo_id) try: # get share permission before unshare operation permission = check_user_share_out_permission(repo_id, '/', to_username, is_org_context(request)) if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. org_id = request.user.org.org_id seafile_api.org_remove_share(org_id, repo_id, repo_owner, to_username) else: seafile_api.remove_share(repo_id, repo_owner, to_username) # Delete share permission at ExtraSharePermission table. ExtraSharePermission.objects.delete_share_permission(repo_id, to_username) # send message send_perm_audit_msg('delete-repo-perm', username, to_username, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "username": to_username, }) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo from group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) group_name = group.group_name if group else '' for repo_id in valid_repo_id_list: if not self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % group_name }) continue try: # get share permission before unshare operation permission = check_group_share_out_permission(repo_id, '/', to_group_id, is_org_context(request)) org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.del_org_group_repo(repo_id, org_id, to_group_id) else: seafile_api.unset_group_repo( repo_id, to_group_id, username) # Delete share permission at ExtraSharePermission table. ExtraGroupsSharePermission.objects.delete_share_permission(repo_id, to_group_id) # send message send_perm_audit_msg('delete-repo-perm', username, to_group_id, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, }) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) return Response(result)