def share_dir_to_user(repo, path, owner, share_from, share_to, permission, org_id=None):
# Share repo or subdir to user with permission(r, rw, admin).
extra_share_permission = ''
if permission == PERMISSION_ADMIN:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE
if is_valid_org_id(org_id):
if path == '/':
seaserv.seafserv_threaded_rpc.org_add_share(org_id, repo.repo_id,
owner, share_to,
permission)
else:
seafile_api.org_share_subdir_to_user(org_id, repo.repo_id,
path, owner,
share_to, permission)
else:
if path == '/':
seafile_api.share_repo(repo.repo_id, owner, share_to, permission)
else:
seafile_api.share_subdir_to_user(repo.repo_id, path,
owner, share_to,
permission)
if path == '/' and extra_share_permission == PERMISSION_ADMIN:
ExtraSharePermission.objects.create_share_permission(repo.repo_id, share_to, extra_share_permission)
def update_group_dir_permission(repo_id, path, owner, gid, permission, org_id=None):
# Update the group's permission(r, rw, admin) in the repo or subdir.
extra_share_permission = ''
if permission == PERMISSION_ADMIN:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE
if is_valid_org_id(org_id):
if path == '/':
seaserv.seafserv_threaded_rpc.set_org_group_repo_permission(
org_id, gid, repo_id, permission)
else:
seafile_api.org_update_share_subdir_perm_for_group(
org_id, repo_id, path, owner, gid, permission)
else:
if path == '/':
seafile_api.set_group_repo_permission(gid, repo_id, permission)
else:
seafile_api.update_share_subdir_perm_for_group(
repo_id, path, owner, gid, permission)
# update extra share permission if updated is repo
if path == '/':
ExtraGroupsSharePermission.objects.update_share_permission(repo_id,
gid,
extra_share_permission)
def share_dir_to_group(repo, path, owner, share_from, gid, permission, org_id=None):
# Share repo or subdir to group with permission(r, rw, admin).
extra_share_permission = ''
if permission == PERMISSION_ADMIN:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE
if is_valid_org_id(org_id):
if path == '/':
seafile_api.add_org_group_repo(repo.repo_id, org_id, gid,
owner, permission)
else:
seafile_api.org_share_subdir_to_group(org_id, repo.repo_id,
path, owner,
gid, permission)
else:
if path == '/':
seafile_api.set_group_repo(repo.repo_id, gid, owner,
permission)
else:
seafile_api.share_subdir_to_group(repo.repo_id, path,
owner, gid,
permission)
# add share permission if between is admin and is extra permission.
if path == '/' and extra_share_permission == PERMISSION_ADMIN:
ExtraGroupsSharePermission.objects.create_share_permission(repo.repo_id, gid, extra_share_permission)
def _add_file_share(self,
username,
repo_id,
path,
s_type,
password=None,
expire_date=None,
permission='view_download',
org_id=None):
if password is not None:
password_enc = make_password(password)
else:
password_enc = None
token = gen_token(max_length=config.SHARE_LINK_TOKEN_LENGTH)
fs = super(FileShareManager, self).create(username=username,
repo_id=repo_id,
path=path,
token=token,
s_type=s_type,
password=password_enc,
expire_date=expire_date,
permission=permission)
fs.save()
if is_valid_org_id(org_id):
OrgFileShare.objects.set_org_file_share(org_id, fs)
return fs
def share_dir_to_group(repo, path, owner, share_from, gid, permission, org_id=None):
# Share repo or subdir to group with permission(r, rw, admin).
extra_share_permission = ''
if permission == PERMISSION_ADMIN:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE
if is_valid_org_id(org_id):
if path == '/':
seafile_api.add_org_group_repo(repo.repo_id, org_id, gid,
owner, permission)
else:
seafile_api.org_share_subdir_to_group(org_id, repo.repo_id,
path, owner,
gid, permission)
else:
if path == '/':
seafile_api.set_group_repo(repo.repo_id, gid, owner,
permission)
else:
seafile_api.share_subdir_to_group(repo.repo_id, path,
owner, gid,
permission)
# add share permission if between is admin and is extra permission.
if path == '/' and extra_share_permission == PERMISSION_ADMIN:
ExtraGroupsSharePermission.objects.create_share_permission(repo.repo_id, gid, extra_share_permission)
def share_dir_to_user(repo, path, owner, share_from, share_to, permission, org_id=None):
# Share repo or subdir to user with permission(r, rw, admin).
extra_share_permission = ''
if permission == PERMISSION_ADMIN:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE
if is_valid_org_id(org_id):
if path == '/':
seaserv.seafserv_threaded_rpc.org_add_share(org_id, repo.repo_id,
owner, share_to,
permission)
else:
seafile_api.org_share_subdir_to_user(org_id, repo.repo_id,
path, owner,
share_to, permission)
else:
if path == '/':
seafile_api.share_repo(repo.repo_id, owner, share_to, permission)
else:
seafile_api.share_subdir_to_user(repo.repo_id, path,
owner, share_to,
permission)
if path == '/' and extra_share_permission == PERMISSION_ADMIN:
ExtraSharePermission.objects.create_share_permission(repo.repo_id, share_to, extra_share_permission)
def update_group_dir_permission(repo_id, path, owner, gid, permission, org_id=None):
# Update the group's permission(r, rw, admin) in the repo or subdir.
extra_share_permission = ''
if permission == PERMISSION_ADMIN:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE
if is_valid_org_id(org_id):
if path == '/':
seaserv.seafserv_threaded_rpc.set_org_group_repo_permission(
org_id, gid, repo_id, permission)
else:
seafile_api.org_update_share_subdir_perm_for_group(
org_id, repo_id, path, owner, gid, permission)
else:
if path == '/':
seafile_api.set_group_repo_permission(gid, repo_id, permission)
else:
seafile_api.update_share_subdir_perm_for_group(
repo_id, path, owner, gid, permission)
# update extra share permission if updated is repo
if path == '/':
ExtraGroupsSharePermission.objects.update_share_permission(repo_id,
gid,
extra_share_permission)
def update_user_dir_permission(repo_id, path, owner, share_to, permission, org_id=None):
# Update the user's permission(r, rw, admin) in the repo or subdir.
extra_share_permission = ''
if permission == PERMISSION_ADMIN:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE
if is_valid_org_id(org_id):
if path == '/':
seafile_api.org_set_share_permission(
org_id, repo_id, owner, share_to, permission)
else:
seafile_api.org_update_share_subdir_perm_for_user(
org_id, repo_id, path, owner, share_to, permission)
else:
if path == '/':
seafile_api.set_share_permission(
repo_id, owner, share_to, permission)
else:
seafile_api.update_share_subdir_perm_for_user(
repo_id, path, owner, share_to, permission)
if path == '/':
ExtraSharePermission.objects.update_share_permission(repo_id,
share_to,
extra_share_permission)
def update_user_dir_permission(repo_id, path, owner, share_to, permission, org_id=None):
# Update the user's permission(r, rw, admin) in the repo or subdir.
extra_share_permission = ''
if permission == PERMISSION_ADMIN:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE
if is_valid_org_id(org_id):
if path == '/':
seafile_api.org_set_share_permission(
org_id, repo_id, owner, share_to, permission)
else:
seafile_api.org_update_share_subdir_perm_for_user(
org_id, repo_id, path, owner, share_to, permission)
else:
if path == '/':
seafile_api.set_share_permission(
repo_id, owner, share_to, permission)
else:
seafile_api.update_share_subdir_perm_for_user(
repo_id, path, owner, share_to, permission)
if path == '/':
ExtraSharePermission.objects.update_share_permission(repo_id,
share_to,
extra_share_permission)
def add_group_owned_repo(self, group_id, repo_name, password, permission,
storage_id=None, org_id=None):
if is_valid_org_id(org_id):
return seafile_api.org_add_group_owned_repo(
org_id, group_id, repo_name, password, permission)
else:
return seafile_api.add_group_owned_repo(
group_id, repo_name, password, permission,
storage_id=storage_id)
def delete_shared_group_by_repo_path(self, repo_id, repo_owner, group_id,
path='/', org_id=None):
if is_valid_org_id(org_id):
if path == '/':
seafile_api.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.org_unshare_subdir_for_group(
org_id, repo_id, path, repo_owner, group_id)
else:
if path == '/':
seafile_api.unset_group_repo(repo_id, group_id,
repo_owner)
else:
seafile_api.unshare_subdir_for_group(
repo_id, path, repo_owner, group_id)
def get_shared_groups_by_repo_path(self, repo_id, repo_owner, path='/',
org_id=None):
if is_valid_org_id(org_id):
if path == '/':
return seafile_api.list_org_repo_shared_group(
org_id, repo_owner, repo_id)
else:
return seafile_api.get_org_shared_groups_for_subdir(
org_id, repo_id, path, repo_owner)
else:
if path == '/':
return seafile_api.list_repo_shared_group_by_user(
repo_owner, repo_id)
else:
return seafile_api.get_shared_groups_for_subdir(
repo_id, path, repo_owner)
def add_group_owned_repo(self,
group_id,
repo_name,
password,
permission,
storage_id=None,
org_id=None):
if is_valid_org_id(org_id):
return seafile_api.org_add_group_owned_repo(
org_id, group_id, repo_name, permission, password)
else:
return seafile_api.add_group_owned_repo(group_id,
repo_name,
permission,
password,
storage_id=storage_id)
def delete_shared_user_by_repo_path(self, repo_id, repo_owner, to_user,
path='/', org_id=None):
"""
"""
if is_valid_org_id(org_id):
if path == '/':
return seafile_api.org_remove_share(org_id, repo_id, repo_owner, to_user)
else:
return seafile_api.org_unshare_subdir_for_user(
org_id, repo_id, path, repo_owner, to_user)
else:
if path == '/':
return seafile_api.remove_share(repo_id, repo_owner, to_user)
else:
return seafile_api.unshare_subdir_for_user(
repo_id, path, repo_owner, to_user)
def delete_shared_group_by_repo_path(self,
repo_id,
repo_owner,
group_id,
path='/',
org_id=None):
if is_valid_org_id(org_id):
if path == '/':
seafile_api.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.org_unshare_subdir_for_group(
org_id, repo_id, path, repo_owner, group_id)
else:
if path == '/':
seafile_api.unset_group_repo(repo_id, group_id, repo_owner)
else:
seafile_api.unshare_subdir_for_group(repo_id, path, repo_owner,
group_id)
def has_shared_to_user(repo_id, path, username, org_id=None):
if is_valid_org_id(org_id):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
repo_owner = seafile_api.get_org_repo_owner(repo_id)
if path == '/':
share_items = seafile_api.list_org_repo_shared_to(
org_id, repo_owner, repo_id)
else:
share_items = seafile_api.get_org_shared_users_for_subdir(
org_id, repo_id, path, repo_owner)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if path == '/':
share_items = seafile_api.list_repo_shared_to(repo_owner, repo_id)
else:
share_items = seafile_api.get_shared_users_for_subdir(
repo_id, path, repo_owner)
return username in [item.user for item in share_items]
def get_shared_groups_by_repo_path(self,
repo_id,
repo_owner,
path='/',
org_id=None):
if is_valid_org_id(org_id):
if path == '/':
return seafile_api.list_org_repo_shared_group(
org_id, repo_owner, repo_id)
else:
return seafile_api.get_org_shared_groups_for_subdir(
org_id, repo_id, path, repo_owner)
else:
if path == '/':
return seafile_api.list_repo_shared_group_by_user(
repo_owner, repo_id)
else:
return seafile_api.get_shared_groups_for_subdir(
repo_id, path, repo_owner)
def add_group_owned_repo(self,
group_id,
repo_name,
password,
permission,
storage_id=None,
org_id=None):
if is_valid_org_id(org_id):
return seafile_api.org_add_group_owned_repo(
org_id, group_id, repo_name, permission, password,
ENCRYPTED_LIBRARY_VERSION)
else:
return seafile_api.add_group_owned_repo(
group_id,
repo_name,
permission,
password,
enc_version=ENCRYPTED_LIBRARY_VERSION,
storage_id=storage_id)
def has_shared_to_group(repo_id, path, gid, org_id=None):
if is_valid_org_id(org_id):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
repo_owner = seafile_api.get_org_repo_owner(repo_id)
if path == '/':
share_items = seafile_api.list_org_repo_shared_group(org_id,
repo_owner, repo_id)
else:
share_items = seafile_api.get_org_shared_groups_for_subdir(org_id,
repo_id, path, repo_owner)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if path == '/':
share_items = seafile_api.list_repo_shared_group_by_user(repo_owner, repo_id)
else:
share_items = seafile_api.get_shared_groups_for_subdir(repo_id,
path, repo_owner)
return gid in [item.group_id for item in share_items]
def get_shared_users_by_repo_path(self, repo_id, repo_owner, path='/',
org_id=None):
"""
Get user list this repo/folder is shared to.
Return: a list of SharedUser objects (lib/repo.vala)
"""
if is_valid_org_id(org_id):
if path == '/':
return seafile_api.list_org_repo_shared_to(
org_id, repo_owner, repo_id)
else:
return seafile_api.get_org_shared_users_for_subdir(
org_id, repo_id, path, repo_owner)
else:
if path == '/':
return seafile_api.list_repo_shared_to(repo_owner, repo_id)
else:
return seafile_api.get_shared_users_for_subdir(
repo_id, path, repo_owner)
def _add_file_share(self, username, repo_id, path, s_type,
password=None, expire_date=None,
permission='view_download', org_id=None):
if password is not None:
password_enc = make_password(password)
else:
password_enc = None
token = gen_token(max_length=config.SHARE_LINK_TOKEN_LENGTH)
fs = super(FileShareManager, self).create(
username=username, repo_id=repo_id, path=path, token=token,
s_type=s_type, password=password_enc, expire_date=expire_date,
permission=permission)
fs.save()
if is_valid_org_id(org_id):
OrgFileShare.objects.set_org_file_share(org_id, fs)
return fs
def delete_shared_user_by_repo_path(self,
repo_id,
repo_owner,
to_user,
path='/',
org_id=None):
"""
"""
if is_valid_org_id(org_id):
if path == '/':
return seafile_api.org_remove_share(org_id, repo_id,
repo_owner, to_user)
else:
return seafile_api.org_unshare_subdir_for_user(
org_id, repo_id, path, repo_owner, to_user)
else:
if path == '/':
return seafile_api.remove_share(repo_id, repo_owner, to_user)
else:
return seafile_api.unshare_subdir_for_user(
repo_id, path, repo_owner, to_user)
def get_shared_users_by_repo_path(self,
repo_id,
repo_owner,
path='/',
org_id=None):
"""
Get user list this repo/folder is shared to.
Return: a list of SharedUser objects (lib/repo.vala)
"""
if is_valid_org_id(org_id):
if path == '/':
return seafile_api.list_org_repo_shared_to(
org_id, repo_owner, repo_id)
else:
return seafile_api.get_org_shared_users_for_subdir(
org_id, repo_id, path, repo_owner)
else:
if path == '/':
return seafile_api.list_repo_shared_to(repo_owner, repo_id)
else:
return seafile_api.get_shared_users_for_subdir(
repo_id, path, repo_owner)
def post(self, request, repo_id, org_id):
""" Share repo to users.
Permission checking:
1. is group admin
"""
# parameter check
permission = request.data.get('permission', PERMISSION_READ)
if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = request.data.get('path', '/')
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# share repo to user
result = {}
result['failed'] = []
result['success'] = []
share_to_users = request.data.getlist('username')
for to_user in share_to_users:
to_user = to_user.strip()
if not is_valid_username(to_user):
result['failed'].append({
'email': to_user,
'error_msg': _(u'username invalid.')
})
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
result['failed'].append({
'email': to_user,
'error_msg': _(u'User %s not found.') % to_user
})
continue
if self.has_shared_to_user(request, repo_id, path, to_user):
result['failed'].append({
'email': to_user,
'error_msg': _(u'This item has been shared to %s.') % to_user
})
continue
if is_valid_org_id(org_id):
if not is_org_user(to_user, org_id):
org_name = request.user.org.org_name
error_msg = 'User %s is not member of organization %s.' \
% (to_user, org_name)
result['failed'].append({
'email': to_user,
'error_msg': error_msg
})
continue
else:
if is_org_user(to_user):
error_msg = 'User %s is a member of organization.' % to_user
result['failed'].append({
'email': to_user,
'error_msg': error_msg
})
continue
share_dir_to_user(repo, path, repo_owner, username, to_user, permission, org_id)
result['success'].append({
"user_email": to_user,
"user_name": email2nickname(to_user),
"user_contact_email": email2contact_email(to_user),
"permission": permission,
})
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=username, to_user=to_user,
repo=repo, path=path, org_id=org_id)
send_perm_audit_msg('add-repo-perm',
username, to_user, repo_id, path, permission)
return Response(result)
def delete_group_owned_repo(self, group_id, repo_id, org_id=None):
if is_valid_org_id(org_id):
return seafile_api.org_delete_group_owned_repo(org_id, group_id, repo_id)
else:
return seafile_api.delete_group_owned_repo(group_id, repo_id)
def delete_group_owned_repo(self, group_id, repo_id, org_id=None):
if is_valid_org_id(org_id):
return seafile_api.org_delete_group_owned_repo(
org_id, group_id, repo_id)
else:
return seafile_api.delete_group_owned_repo(group_id, repo_id)
def post(self, request, repo_id, org_id):
""" Share repo to users.
Permission checking:
1. is group admin
"""
# parameter check
permission = request.data.get('permission', PERMISSION_READ)
if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = request.data.get('path', '/')
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# share repo to user
result = {}
result['failed'] = []
result['success'] = []
share_to_users = request.data.getlist('username')
for to_user in share_to_users:
to_user = to_user.strip()
if not is_valid_username(to_user):
result['failed'].append({
'email': to_user,
'error_msg': _(u'username invalid.')
})
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
result['failed'].append({
'email': to_user,
'error_msg': _(u'User %s not found.') % to_user
})
continue
if self.has_shared_to_user(request, repo_id, path, to_user):
result['failed'].append({
'email': to_user,
'error_msg': _(u'This item has been shared to %s.') % to_user
})
continue
if is_valid_org_id(org_id):
if not is_org_user(to_user, org_id):
org_name = request.user.org.org_name
error_msg = 'User %s is not member of organization %s.' \
% (to_user, org_name)
result['failed'].append({
'email': to_user,
'error_msg': error_msg
})
continue
else:
if is_org_user(to_user):
error_msg = 'User %s is a member of organization.' % to_user
result['failed'].append({
'email': to_user,
'error_msg': error_msg
})
continue
share_dir_to_user(repo, path, repo_owner, username, to_user, permission, org_id)
result['success'].append({
"user_email": to_user,
"user_name": email2nickname(to_user),
"user_contact_email": email2contact_email(to_user),
"permission": permission,
})
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=username, to_user=to_user,
repo=repo, path=path, org_id=org_id)
send_perm_audit_msg('add-repo-perm',
username, to_user, repo_id, path, permission)
return Response(result)
