def authenticate_v2(self, request, key): try: token = TokenV2.objects.get(key=key) except TokenV2.DoesNotExist: # Continue authentication in token v1 return None if token.wiped_at: raise DeviceRemoteWipedException('Device set to be remote wiped') try: user = User.objects.get(email=token.user) except User.DoesNotExist: raise AuthenticationFailed('User inactive or deleted') if MULTI_TENANCY: orgs = ccnet_api.get_orgs_by_user(token.user) if orgs: user.org = orgs[0] if user.is_active: need_save = False # We update the device's last_login_ip, client_version, platform_version if changed ip = get_client_ip(request) if ip and ip != token.last_login_ip: token.last_login_ip = ip need_save = True client_version = request.META.get(HEADER_CLIENT_VERSION, '') if client_version and client_version != token.client_version: token.client_version = client_version need_save = True platform_version = request.META.get(HEADER_PLATFORM_VERSION, '') if platform_version and platform_version != token.platform_version: token.platform_version = platform_version need_save = True if not within_time_range(token.last_accessed, datetime.datetime.now(), 10 * 60): # We only need 10min precision for the last_accessed field need_save = True if need_save: try: token.save() except: logger.exception('error when save token v2:') return (user, token)
def process_request(self, request): username = request.user.username request.user.org = None if CLOUD_MODE: request.cloud_mode = True if MULTI_TENANCY: orgs = ccnet_api.get_orgs_by_user(username) if orgs: request.user.org = orgs[0] else: request.cloud_mode = False return None
def authenticate_v1(self, request, key): try: token = Token.objects.get(key=key) except Token.DoesNotExist: raise AuthenticationFailed('Invalid token') try: user = User.objects.get(email=token.user) except User.DoesNotExist: raise AuthenticationFailed('User inactive or deleted') if MULTI_TENANCY: orgs = ccnet_api.get_orgs_by_user(token.user) if orgs: user.org = orgs[0] if user.is_active: return (user, token)
def put(self, request, repo_id, format=None): """ transfer a library Permission checking: 1. only admin can perform this action. """ repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) new_owner = request.data.get('owner', None) if not new_owner: error_msg = 'owner invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=new_owner) except User.DoesNotExist: error_msg = 'User %s not found.' % new_owner return api_error(status.HTTP_404_NOT_FOUND, error_msg) if is_org_context(request): try: if seafserv_threaded_rpc.get_org_id_by_repo_id(repo_id) > 0: error_msg = 'Can not transfer organization library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if ccnet_api.get_orgs_by_user(new_owner): error_msg = 'Can not transfer library to organization user %s' % new_owner return api_error(status.HTTP_403_FORBIDDEN, error_msg) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) seafile_api.set_repo_owner(repo_id, new_owner) repo = seafile_api.get_repo(repo_id) repo_info = get_repo_info(repo) return Response(repo_info)
def _populate_user_quota_usage(user): """Populate space/share quota to user. Arguments: - `user`: """ orgs = ccnet_api.get_orgs_by_user(user.email) try: if orgs: user.org = orgs[0] org_id = user.org.org_id user.space_usage = seafile_api.get_org_user_quota_usage( org_id, user.email) user.space_quota = seafile_api.get_org_user_quota( org_id, user.email) else: user.space_usage = seafile_api.get_user_self_usage(user.email) user.space_quota = seafile_api.get_user_quota(user.email) except SearpcError as e: logger.error(e) user.space_usage = -1 user.space_quota = -1
def post(self, request): # argument check operation = request.data.get('operation', None) if not operation: error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # operation could be `share`, `unshare`, `delete`, `transfer` # we now only use `share`, `unshare` if operation not in ('share', 'unshare'): error_msg = 'operation can only be "share", "unshare".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) result = {} result['failed'] = [] result['success'] = [] username = request.user.username repo_id_list = request.data.getlist('repo_id') valid_repo_id_list = [] # filter out invalid repo id for repo_id in repo_id_list: if not seafile_api.get_repo(repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Library %s not found.' % repo_id }) continue repo_owner = get_repo_owner(request, repo_id) if repo_owner != username and not is_repo_admin(username, repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Permission denied.' }) continue valid_repo_id_list.append(repo_id) # share repo if operation == 'share': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) permission = request.data.get('permission', 'rw') if permission not in [ PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN ]: error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # share repo to user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=to_username) except User.DoesNotExist: error_msg = 'User %s not found.' % to_username return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check if to_user is an org user try: org_of_to_user = ccnet_api.get_orgs_by_user(to_username) except Exception as e: logger.error(e) org_of_to_user = [] if is_org_context(request): org_id = request.user.org.org_id org_name = request.user.org.org_name if len(org_of_to_user ) == 0 or org_id != org_of_to_user[0].org_id: error_msg = 'User %s is not member of organization %s.' \ % (to_username, org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if len(org_of_to_user) >= 1: error_msg = 'User %s is member of organization %s.' \ % (to_username, org_of_to_user[0].org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % to_username }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_add_share( org_id, repo_id, username, to_username, permission) else: seafile_api.share_repo(repo_id, username, to_username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_username, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "username": to_username, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_username, repo_id, '/', permission) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # share repo to group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) if not group: error_msg = 'Group %s not found.' % to_group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) group_name = group.group_name if not is_group_member(to_group_id, username): error_msg = 'User %s is not member of group %s.' % ( username, group_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % group_name }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo( repo_id, org_id, to_group_id, username, permission) else: seafile_api.set_group_repo(repo_id, to_group_id, username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send( sender=None, from_user=username, group_id=to_group_id, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_group_id, repo_id, '/', permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo if operation == 'unshare': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # unshare repo from user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) for repo_id in valid_repo_id_list: if not self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % to_username }) continue repo_owner = get_repo_owner(request, repo_id) try: # get share permission before unshare operation permission = check_user_share_out_permission( repo_id, '/', to_username, is_org_context(request)) if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. org_id = request.user.org.org_id seafile_api.org_remove_share( org_id, repo_id, repo_owner, to_username) else: seafile_api.remove_share(repo_id, repo_owner, to_username) # Delete share permission at ExtraSharePermission table. ExtraSharePermission.objects.delete_share_permission( repo_id, to_username) # send message send_perm_audit_msg('delete-repo-perm', username, to_username, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "username": to_username, }) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo from group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) group_name = group.group_name if group else '' for repo_id in valid_repo_id_list: if not self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % group_name }) continue try: # get share permission before unshare operation permission = check_group_share_out_permission( repo_id, '/', to_group_id, is_org_context(request)) org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.del_org_group_repo( repo_id, org_id, to_group_id) else: seafile_api.unset_group_repo( repo_id, to_group_id, username) # Delete share permission at ExtraSharePermission table. ExtraGroupsSharePermission.objects.delete_share_permission( repo_id, to_group_id) # send message send_perm_audit_msg('delete-repo-perm', username, to_group_id, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, }) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) return Response(result)
def get(self, request, format=None): """ List 'all' libraries (by name/owner/page) Permission checking: 1. only admin can perform this action. """ if not request.user.admin_permissions.can_manage_library(): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') order_by = request.GET.get('order_by', '').lower().strip() if order_by and order_by not in ('size', 'file_count'): error_msg = 'order_by invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # search libraries (by name/owner) repo_name = request.GET.get('name', '') owner = request.GET.get('owner', '') repos = [] if repo_name and owner: # search by name and owner orgs = ccnet_api.get_orgs_by_user(owner) if orgs: org_id = orgs[0].org_id owned_repos = seafile_api.get_org_owned_repo_list( org_id, owner) else: owned_repos = seafile_api.get_owned_repo_list(owner) for repo in owned_repos: if not repo.name or repo.is_virtual: continue if repo_name in repo.name: repo_info = get_repo_info(repo) repos.append(repo_info) return Response({ "name": repo_name, "owner": owner, "repos": repos }) elif repo_name: # search by name(keyword in name) repos_all = seafile_api.get_repo_list(-1, -1) for repo in repos_all: if not repo.name or repo.is_virtual: continue if repo_name in repo.name: repo_info = get_repo_info(repo) repos.append(repo_info) return Response({"name": repo_name, "owner": '', "repos": repos}) elif owner: # search by owner orgs = ccnet_api.get_orgs_by_user(owner) if orgs: org_id = orgs[0].org_id owned_repos = seafile_api.get_org_owned_repo_list( org_id, owner) else: owned_repos = seafile_api.get_owned_repo_list(owner) for repo in owned_repos: if repo.is_virtual: continue repo_info = get_repo_info(repo) repos.append(repo_info) return Response({"name": '', "owner": owner, "repos": repos}) # get libraries by page try: current_page = int(request.GET.get('page', '1')) per_page = int(request.GET.get('per_page', '100')) except ValueError: current_page = 1 per_page = 100 start = (current_page - 1) * per_page limit = per_page + 1 if order_by: repos_all = seafile_api.get_repo_list(start, limit, order_by) else: repos_all = seafile_api.get_repo_list(start, limit) if len(repos_all) > per_page: repos_all = repos_all[:per_page] has_next_page = True else: has_next_page = False default_repo_id = get_system_default_repo_id() repos_all = [r for r in repos_all if not r.is_virtual] repos_all = [r for r in repos_all if r.repo_id != default_repo_id] return_results = [] for repo in repos_all: repo_info = get_repo_info(repo) return_results.append(repo_info) page_info = { 'has_next_page': has_next_page, 'current_page': current_page } return Response({"page_info": page_info, "repos": return_results})
def get(self, request): """Search user from DB, LDAPImport and Profile Permission checking: 1. only admin can perform this action. """ if not request.user.admin_permissions.can_manage_user(): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') query_str = request.GET.get('query', '').lower() if not query_str: error_msg = 'query invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) users = [] # search user from ccnet db users += ccnet_api.search_emailusers('DB', query_str, 0, 10) # search user from ccnet ldapimport users += ccnet_api.search_emailusers('LDAP', query_str, 0, 10) ccnet_user_emails = [u.email for u in users] # get institution for user from ccnet if getattr(settings, 'MULTI_INSTITUTION', False): user_institution_dict = {} profiles = Profile.objects.filter(user__in=ccnet_user_emails) for profile in profiles: email = profile.user if email not in user_institution_dict: user_institution_dict[email] = profile.institution for user in users: user.institution = user_institution_dict.get(user.email, '') # search user from profile searched_profile = Profile.objects.filter( (Q(nickname__icontains=query_str)) | Q(contact_email__icontains=query_str))[:10] for profile in searched_profile: email = profile.user institution = profile.institution # remove duplicate emails if email not in ccnet_user_emails: try: # get is_staff and is_active info user = User.objects.get(email=email) user.institution = institution users.append(user) except User.DoesNotExist: continue data = [] for user in users: info = {} info['email'] = user.email info['name'] = email2nickname(user.email) info['contact_email'] = email2contact_email(user.email) info['is_staff'] = user.is_staff info['is_active'] = user.is_active info['source'] = user.source.lower() orgs = ccnet_api.get_orgs_by_user(user.email) if orgs: org_id = orgs[0].org_id info['org_id'] = org_id info['org_name'] = orgs[0].org_name info['quota_usage'] = seafile_api.get_org_user_quota_usage( org_id, user.email) info['quota_total'] = seafile_api.get_org_user_quota( org_id, user.email) else: info['quota_usage'] = seafile_api.get_user_self_usage( user.email) info['quota_total'] = seafile_api.get_user_quota(user.email) info['create_time'] = timestamp_to_isoformat_timestr(user.ctime) last_login_obj = UserLastLogin.objects.get_by_username(user.email) info['last_login'] = datetime_to_isoformat_timestr( last_login_obj.last_login) if last_login_obj else '' info['role'] = get_user_role(user) if getattr(settings, 'MULTI_INSTITUTION', False): info['institution'] = user.institution data.append(info) result = {'user_list': data} return Response(result)
def get(self, request): """List all users in DB or LDAPImport Permission checking: 1. only admin can perform this action. """ if not request.user.admin_permissions.can_manage_user(): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') # parameter check try: page = int(request.GET.get('page', '1')) per_page = int(request.GET.get('per_page', '25')) except ValueError: page = 1 per_page = 25 start = (page - 1) * per_page source = request.GET.get('source', 'DB').lower().strip() if source not in ['db', 'ldapimport']: # source: 'DB' or 'LDAPImport', default is 'DB' error_msg = 'source %s invalid.' % source return api_error(status.HTTP_400_BAD_REQUEST, error_msg) order_by = request.GET.get('order_by', '').lower().strip() if order_by: if order_by not in ('quota_usage'): error_msg = 'order_by invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) direction = request.GET.get('direction', 'desc').lower().strip() if direction not in ('asc', 'desc'): error_msg = 'direction invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if source == 'db': total_count = ccnet_api.count_emailusers('DB') + \ ccnet_api.count_inactive_emailusers('DB') if order_by: if total_count > 500 and \ not getattr(settings, 'ALWAYS_SORT_USERS_BY_QUOTA_USAGE', False): error_msg = _( "There are more than 500 users, and sort is not offered." ) return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: data = self.get_info_of_users_order_by_quota_usage( source, direction, page, per_page) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) result = {'data': data, 'total_count': total_count} return Response(result) else: users = ccnet_api.get_emailusers('DB', start, per_page) elif source == 'ldapimport': # api param is 'LDAP', but actually get count of 'LDAPImport' users total_count = ccnet_api.count_emailusers('LDAP') + \ ccnet_api.count_inactive_emailusers('LDAP') if order_by: if total_count > 500 and \ not getattr(settings, 'ALWAYS_SORT_USERS_BY_QUOTA_USAGE', False): error_msg = _( "There are more than 500 users, and sort is not offered." ) return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: data = self.get_info_of_users_order_by_quota_usage( source, direction, page, per_page) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) result = {'data': data, 'total_count': total_count} return Response(result) else: users = ccnet_api.get_emailusers('LDAPImport', start, per_page) data = [] for user in users: profile = Profile.objects.get_profile_by_user(user.email) info = {} info['email'] = user.email info['name'] = email2nickname(user.email) info['contact_email'] = email2contact_email(user.email) info[ 'login_id'] = profile.login_id if profile and profile.login_id else '' info['is_staff'] = user.is_staff info['is_active'] = user.is_active orgs = ccnet_api.get_orgs_by_user(user.email) try: if orgs: org_id = orgs[0].org_id info['org_id'] = org_id info['org_name'] = orgs[0].org_name info['quota_usage'] = seafile_api.get_org_user_quota_usage( org_id, user.email) info['quota_total'] = seafile_api.get_org_user_quota( org_id, user.email) else: info['quota_usage'] = seafile_api.get_user_self_usage( user.email) info['quota_total'] = seafile_api.get_user_quota( user.email) except Exception as e: logger.error(e) info['quota_usage'] = -1 info['quota_total'] = -1 info['create_time'] = timestamp_to_isoformat_timestr(user.ctime) last_login_obj = UserLastLogin.objects.get_by_username(user.email) info['last_login'] = datetime_to_isoformat_timestr( last_login_obj.last_login) if last_login_obj else '' info['role'] = get_user_role(user) if getattr(settings, 'MULTI_INSTITUTION', False): info['institution'] = profile.institution if profile else '' data.append(info) result = {'data': data, 'total_count': total_count} return Response(result)
def get(self, request): """List all admins from database and ldap imported """ if not request.user.admin_permissions.can_manage_user(): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') try: admin_users = ccnet_api.get_superusers() except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) admin_users_info = [] for user in admin_users: user_info = {} profile = Profile.objects.get_profile_by_user(user.email) user_info['email'] = user.email user_info['name'] = email2nickname(user.email) user_info['contact_email'] = email2contact_email(user.email) user_info[ 'login_id'] = profile.login_id if profile and profile.login_id else '' user_info['is_staff'] = user.is_staff user_info['is_active'] = user.is_active orgs = ccnet_api.get_orgs_by_user(user.email) try: if orgs: org_id = orgs[0].org_id user_info['org_id'] = org_id user_info['org_name'] = orgs[0].org_name user_info[ 'quota_usage'] = seafile_api.get_org_user_quota_usage( org_id, user.email) user_info['quota_total'] = seafile_api.get_org_user_quota( org_id, user.email) else: user_info['quota_usage'] = seafile_api.get_user_self_usage( user.email) user_info['quota_total'] = seafile_api.get_user_quota( user.email) except Exception as e: logger.error(e) user_info['quota_usage'] = -1 user_info['quota_total'] = -1 user_info['create_time'] = timestamp_to_isoformat_timestr( user.ctime) last_login_obj = UserLastLogin.objects.get_by_username(user.email) user_info['last_login'] = datetime_to_isoformat_timestr( last_login_obj.last_login) if last_login_obj else '' try: admin_role = AdminRole.objects.get_admin_role(user.email) user_info['admin_role'] = admin_role.role except AdminRole.DoesNotExist: user_info['admin_role'] = DEFAULT_ADMIN admin_users_info.append(user_info) result = { 'admin_user_list': admin_users_info, } return Response(result)
def delete(self): """ When delete user, we should also delete group relationships. """ if self.source == "DB": source = "DB" else: source = "LDAP" username = self.username orgs = [] if is_pro_version(): orgs = ccnet_api.get_orgs_by_user(username) # remove owned repos owned_repos = [] if orgs: for org in orgs: owned_repos += seafile_api.get_org_owned_repo_list( org.org_id, username) else: owned_repos += seafile_api.get_owned_repo_list(username) for r in owned_repos: seafile_api.remove_repo(r.id) # remove shared in repos shared_in_repos = [] if orgs: for org in orgs: org_id = org.org_id shared_in_repos = seafile_api.get_org_share_in_repo_list( org_id, username, -1, -1) for r in shared_in_repos: seafile_api.org_remove_share(org_id, r.repo_id, r.user, username) else: shared_in_repos = seafile_api.get_share_in_repo_list( username, -1, -1) for r in shared_in_repos: seafile_api.remove_share(r.repo_id, r.user, username) ExtraSharePermission.objects.filter(share_to=username).delete() # clear web api and repo sync token # when delete user try: clear_token(self.username) except Exception as e: logger.error(e) # remove current user from joined groups ccnet_api.remove_group_user(username) ccnet_api.remove_emailuser(source, username) signals.user_deleted.send(sender=self.__class__, username=username) Profile.objects.delete_profile_by_user(username) if config.ENABLE_TERMS_AND_CONDITIONS: from termsandconditions.models import UserTermsAndConditions UserTermsAndConditions.objects.filter(username=username).delete() self.delete_user_options(username)
def post(self, request): # argument check operation = request.data.get('operation', None) if not operation: error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # operation could be `share`, `unshare`, `delete`, `transfer` # we now only use `share`, `unshare` if operation not in ('share', 'unshare'): error_msg = 'operation can only be "share", "unshare".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) result = {} result['failed'] = [] result['success'] = [] username = request.user.username repo_id_list = request.data.getlist('repo_id') valid_repo_id_list = [] # filter out invalid repo id for repo_id in repo_id_list: if not seafile_api.get_repo(repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Library %s not found.' % repo_id }) continue repo_owner = get_repo_owner(request, repo_id) if repo_owner != username and not is_repo_admin(username, repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Permission denied.' }) continue valid_repo_id_list.append(repo_id) # share repo if operation == 'share': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) permission = request.data.get('permission', 'rw') if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # share repo to user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=to_username) except User.DoesNotExist: error_msg = 'User %s not found.' % to_username return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check if to_user is an org user try: org_of_to_user = ccnet_api.get_orgs_by_user(to_username) except Exception as e: logger.error(e) org_of_to_user = [] if is_org_context(request): org_id = request.user.org.org_id org_name = request.user.org.org_name if len(org_of_to_user) == 0 or org_id != org_of_to_user[0].org_id: error_msg = 'User %s is not member of organization %s.' \ % (to_username, org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if len(org_of_to_user) >= 1: error_msg = 'User %s is member of organization %s.' \ % (to_username, org_of_to_user[0].org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % to_username }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_add_share(org_id, repo_id, username, to_username, permission) else: seafile_api.share_repo( repo_id, username, to_username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_username, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "username": to_username, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_username, repo_id, '/', permission) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # share repo to group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) if not group: error_msg = 'Group %s not found.' % to_group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) group_name = group.group_name if not is_group_member(to_group_id, username): error_msg = 'User %s is not member of group %s.' % (username, group_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % group_name }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo( repo_id, org_id, to_group_id, username, permission) else: seafile_api.set_group_repo( repo_id, to_group_id, username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=to_group_id, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_group_id, repo_id, '/', permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo if operation == 'unshare': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # unshare repo from user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) for repo_id in valid_repo_id_list: if not self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % to_username }) continue repo_owner = get_repo_owner(request, repo_id) try: # get share permission before unshare operation permission = check_user_share_out_permission(repo_id, '/', to_username, is_org_context(request)) if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. org_id = request.user.org.org_id seafile_api.org_remove_share(org_id, repo_id, repo_owner, to_username) else: seafile_api.remove_share(repo_id, repo_owner, to_username) # Delete share permission at ExtraSharePermission table. ExtraSharePermission.objects.delete_share_permission(repo_id, to_username) # send message send_perm_audit_msg('delete-repo-perm', username, to_username, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "username": to_username, }) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo from group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) group_name = group.group_name if group else '' for repo_id in valid_repo_id_list: if not self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % group_name }) continue try: # get share permission before unshare operation permission = check_group_share_out_permission(repo_id, '/', to_group_id, is_org_context(request)) org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.del_org_group_repo(repo_id, org_id, to_group_id) else: seafile_api.unset_group_repo( repo_id, to_group_id, username) # Delete share permission at ExtraSharePermission table. ExtraGroupsSharePermission.objects.delete_share_permission(repo_id, to_group_id) # send message send_perm_audit_msg('delete-repo-perm', username, to_group_id, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, }) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) return Response(result)
def put(self, request, repo_id, format=None): """ transfer a library, rename a library Permission checking: 1. only admin can perform this action. """ repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) new_repo_name = request.data.get('name', None) if new_repo_name: try: res = seafile_api.edit_repo(repo_id, new_repo_name, '', None) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if res == -1: e = 'Admin rename failed: ID of library is %s, edit_repo api called failed.' % \ repo_id logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) new_owner = request.data.get('owner', None) if new_owner: try: new_owner_obj = User.objects.get(email=new_owner) except User.DoesNotExist: error_msg = 'User %s not found.' % new_owner return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not new_owner_obj.permissions.can_add_repo(): error_msg = _(u'Transfer failed: role of %s is %s, can not add library.') % \ (new_owner, new_owner_obj.role) return api_error(status.HTTP_403_FORBIDDEN, error_msg) if MULTI_TENANCY: try: if seafile_api.get_org_id_by_repo_id(repo_id) > 0: error_msg = 'Can not transfer organization library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if ccnet_api.get_orgs_by_user(new_owner): error_msg = 'Can not transfer library to organization user %s' % new_owner return api_error(status.HTTP_403_FORBIDDEN, error_msg) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) repo_owner = seafile_api.get_repo_owner(repo_id) if new_owner == repo_owner: error_msg = _(u"Library can not be transferred to owner.") return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # get repo shared to user/group list shared_users = seafile_api.list_repo_shared_to( repo_owner, repo_id) shared_groups = seafile_api.list_repo_shared_group_by_user( repo_owner, repo_id) # get all pub repos pub_repos = [] if not request.cloud_mode: pub_repos = seafile_api.list_inner_pub_repos_by_owner(repo_owner) # transfer repo seafile_api.set_repo_owner(repo_id, new_owner) # reshare repo to user for shared_user in shared_users: shared_username = shared_user.user if new_owner == shared_username: continue seafile_api.share_repo(repo_id, new_owner, shared_username, shared_user.perm) # reshare repo to group for shared_group in shared_groups: shared_group_id = shared_group.group_id if not is_group_member(shared_group_id, new_owner): continue seafile_api.set_group_repo(repo_id, shared_group_id, new_owner, shared_group.perm) # reshare repo to links try: UploadLinkShare.objects.filter(username=repo_owner, repo_id=repo_id).update(username=new_owner) FileShare.objects.filter(username=repo_owner, repo_id=repo_id).update(username=new_owner) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # check if current repo is pub-repo # if YES, reshare current repo to public for pub_repo in pub_repos: if repo_id != pub_repo.id: continue seafile_api.add_inner_pub_repo(repo_id, pub_repo.permission) break # send admin operation log signal admin_op_detail = { "id": repo_id, "name": repo.name, "from": repo_owner, "to": new_owner, } admin_operation.send(sender=None, admin_name=request.user.username, operation=REPO_TRANSFER, detail=admin_op_detail) repo = seafile_api.get_repo(repo_id) repo_info = get_repo_info(repo) return Response(repo_info)
def get(self, request): """ Get all file access logs. Permission checking: 1. only admin can perform this action. """ if not request.user.admin_permissions.can_view_user_log(): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') try: current_page = int(request.GET.get('page', '1')) per_page = int(request.GET.get('per_page', '100')) except ValueError: current_page = 1 per_page = 100 user_selected = request.GET.get('email', None) if user_selected and not is_valid_email(user_selected): error_msg = 'email %s invalid.' % user_selected return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo_id_selected = request.GET.get('repo_id', None) if repo_id_selected and not is_valid_repo_id_format(repo_id_selected): error_msg = 'repo_id %s invalid.' % repo_id_selected return api_error(status.HTTP_400_BAD_REQUEST, error_msg) start = per_page * (current_page - 1) limit = per_page + 1 if user_selected: org_id = -1 orgs = ccnet_api.get_orgs_by_user(user_selected) if orgs: org_id = orgs[0].org_id elif repo_id_selected: org_id = seafile_api.get_org_id_by_repo_id(repo_id_selected) else: org_id = 0 # org_id = 0, show all file audit events = get_file_audit_events(user_selected, org_id, repo_id_selected, start, limit) or [] if len(events) > per_page: events = events[:per_page] has_next_page = True else: has_next_page = False # Use dict to reduce memcache fetch cost in large for-loop. nickname_dict = {} contact_email_dict = {} repo_dict = {} user_email_set = set() repo_id_set = set() for event in events: user_email_set.add(event.user) repo_id_set.add(event.repo_id) for e in user_email_set: if e not in nickname_dict: nickname_dict[e] = email2nickname(e) if e not in contact_email_dict: contact_email_dict[e] = email2contact_email(e) for e in repo_id_set: if e not in repo_dict: repo_dict[e] = seafile_api.get_repo(e) events_info = [] for ev in events: data = {} user_email = ev.user data['email'] = user_email data['name'] = nickname_dict.get(user_email, '') data['contact_email'] = contact_email_dict.get(user_email, '') data['ip'] = ev.ip data['event_type'], data[ 'device'] = generate_file_audit_event_type(ev) data['time'] = utc_datetime_to_isoformat_timestr(ev.timestamp) repo_id = ev.repo_id data['repo_id'] = repo_id repo = repo_dict.get(repo_id, None) data['repo_name'] = repo.name if repo else '' if ev.file_path.endswith('/'): data[ 'file_or_dir_name'] = '/' if ev.file_path == '/' else os.path.basename( ev.file_path.rstrip('/')) else: data['file_or_dir_name'] = os.path.basename(ev.file_path) events_info.append(data) resp = { 'file_access_log_list': events_info, 'has_next_page': has_next_page, } return Response(resp)
def post(self, request): # argument check operation = request.data.get('operation') # operation could be `share`, `delete`, `transfer` # we now only use `share` if not operation or operation not in ('share'): error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) result = {} result['failed'] = [] result['success'] = [] username = request.user.username repo_id_list = request.data.getlist('repo_id') valid_repo_id_list = [] # filter out invalid repo id for repo_id in repo_id_list: if not seafile_api.get_repo(repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Library %s not found.' % repo_id }) continue if is_org_context(request): org_id = request.user.org.org_id org_repo_owner = seafile_api.get_org_repo_owner(repo_id) if not username == org_repo_owner: result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Permission denied.' }) continue else: if not seafile_api.is_repo_owner(username, repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Permission denied.' }) continue valid_repo_id_list.append(repo_id) # share repo if operation == 'share': share_type = request.data.get('share_type') if share_type != 'user' and share_type != 'group': error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) permission = request.data.get('permission', 'rw') if permission not in ('r', 'rw'): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # share repo to user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=to_username) except User.DoesNotExist: error_msg = 'User %s not found.' % to_username return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check if to_user is an org user try: org_of_to_user = ccnet_api.get_orgs_by_user(to_username) except Exception as e: logger.debug(e) org_of_to_user = [] if is_org_context(request): org_id = request.user.org.org_id org_name = request.user.org.org_name if len(org_of_to_user ) == 0 or org_id != org_of_to_user[0].org_id: error_msg = 'User %s is not member of organization %s.' \ % (to_username, org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if len(org_of_to_user) >= 1: error_msg = 'User %s is member of organization %s.' \ % (to_username, org_of_to_user[0].org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % to_username }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_add_share( org_id, repo_id, username, to_username, permission) else: seafile_api.share_repo(repo_id, username, to_username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_username, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "username": to_username, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_username, repo_id, '/', permission) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # share repo to group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) if not group: error_msg = 'Group %s not found.' % to_group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) group_name = group.group_name if not is_group_member(to_group_id, username): error_msg = 'User %s is not member of group %s.' % ( username, group_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % group_name }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo( repo_id, org_id, to_group_id, username, permission) else: seafile_api.set_group_repo(repo_id, to_group_id, username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send( sender=None, from_user=username, group_id=to_group_id, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_group_id, repo_id, '/', permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) return Response(result)
def basic_auth_user(self, realmname, username, password, environ): if "'" in username: return False try: ccnet_email = None session = None if self.session_cls: session = self.session_cls() user = api.get_emailuser(username) if user: ccnet_email = user.email else: if session: profile_profile = seahub_db.Base.classes.profile_profile q = session.query(profile_profile.user).filter(profile_profile.contact_email==username) res = q.first() if res: ccnet_email = res[0] if not ccnet_email: _logger.warning('User %s doesn\'t exist', username) return False enable_webdav_secret = False if hasattr(seahub_settings, 'ENABLE_WEBDAV_SECRET'): enable_webdav_secret = seahub_settings.ENABLE_WEBDAV_SECRET enable_two_factor_auth = False if session and enableTwoFactorAuth(session, ccnet_email): enable_two_factor_auth = True if not enable_webdav_secret and enable_two_factor_auth: _logger.warning("Two factor auth is enabled, no access to webdav.") return False elif enable_webdav_secret and enable_two_factor_auth: if not validateSecret(session, password, ccnet_email): return False elif not enable_webdav_secret and not enable_two_factor_auth: if api.validate_emailuser(ccnet_email, password) != 0: return False else: if not validateSecret(session, password, ccnet_email) and \ api.validate_emailuser(ccnet_email, password) != 0: return False username = ccnet_email except Exception as e: _logger.warning('Failed to login: %s', e) return False finally: if session: session.close() try: user = api.get_emailuser_with_import(username) if user.role == 'guest': environ['seafile.is_guest'] = True else: environ['seafile.is_guest'] = False except Exception as e: _logger.exception('get_emailuser') if multi_tenancy_enabled(): try: orgs = api.get_orgs_by_user(username) if orgs: environ['seafile.org_id'] = orgs[0].org_id except Exception as e: _logger.exception('get_orgs_by_user') pass environ["http_authenticator.username"] = username return True
def basic_auth_user(self, realmname, username, password, environ): if "'" in username: return False try: ccnet_email = None session = None if self.session_cls: session = self.session_cls() user = api.get_emailuser(username) if user: ccnet_email = user.email else: if session: profile_profile = seahub_db.Base.classes.profile_profile q = session.query(profile_profile.user).filter( profile_profile.contact_email == username) res = q.first() if res: ccnet_email = res[0] if not ccnet_email: _logger.warning('User %s doesn\'t exist', username) return False enable_webdav_secret = False if hasattr(seahub_settings, 'ENABLE_WEBDAV_SECRET'): enable_webdav_secret = seahub_settings.ENABLE_WEBDAV_SECRET enable_two_factor_auth = False if session and enableTwoFactorAuth(session, ccnet_email): enable_two_factor_auth = True if not enable_webdav_secret and enable_two_factor_auth: _logger.warning( "Two factor auth is enabled, no access to webdav.") return False if enable_webdav_secret: if not session: return False else: from Crypto.Cipher import AES secret = seahub_settings.SECRET_KEY[:BLOCK_SIZE] cipher = AES.new(secret.encode('utf8'), AES.MODE_ECB) encoded_str = 'aes$' + EncodeAES( cipher, password.encode('utf8')).decode('utf8') options_useroptions = seahub_db.Base.classes.options_useroptions q = session.query(options_useroptions.email) q = q.filter(options_useroptions.email == ccnet_email, options_useroptions.option_val == encoded_str) res = q.first() if not res: return False elif api.validate_emailuser(ccnet_email, password) != 0: return False username = ccnet_email except Exception as e: _logger.warning('Failed to login: %s', e) return False finally: if session: session.close() try: user = api.get_emailuser_with_import(username) if user.role == 'guest': environ['seafile.is_guest'] = True else: environ['seafile.is_guest'] = False except Exception as e: _logger.exception('get_emailuser') if multi_tenancy_enabled(): try: orgs = api.get_orgs_by_user(username) if orgs: environ['seafile.org_id'] = orgs[0].org_id except Exception as e: _logger.exception('get_orgs_by_user') pass environ["http_authenticator.username"] = username return True
def put(self, request, repo_id, format=None): """ transfer a library Permission checking: 1. only admin can perform this action. """ repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) new_owner = request.data.get('owner', None) if not new_owner: error_msg = 'owner invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: new_owner_obj = User.objects.get(email=new_owner) except User.DoesNotExist: error_msg = 'User %s not found.' % new_owner return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not new_owner_obj.permissions.can_add_repo(): error_msg = 'Transfer failed: role of %s is %s, can not add library.' % \ (new_owner, new_owner_obj.role) return api_error(status.HTTP_403_FORBIDDEN, error_msg) if MULTI_TENANCY: try: if seafserv_threaded_rpc.get_org_id_by_repo_id(repo_id) > 0: error_msg = 'Can not transfer organization library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if ccnet_api.get_orgs_by_user(new_owner): error_msg = 'Can not transfer library to organization user %s' % new_owner return api_error(status.HTTP_403_FORBIDDEN, error_msg) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) repo_owner = seafile_api.get_repo_owner(repo_id) # get repo shared to user/group list shared_users = seafile_api.list_repo_shared_to(repo_owner, repo_id) shared_groups = seafile_api.list_repo_shared_group_by_user( repo_owner, repo_id) # get all pub repos pub_repos = [] if not request.cloud_mode: pub_repos = seafile_api.list_inner_pub_repos_by_owner(repo_owner) # transfer repo seafile_api.set_repo_owner(repo_id, new_owner) # reshare repo to user for shared_user in shared_users: shared_username = shared_user.user if new_owner == shared_username: continue seafile_api.share_repo(repo_id, new_owner, shared_username, shared_user.perm) # reshare repo to group for shared_group in shared_groups: shared_group_id = shared_group.group_id if not ccnet_api.is_group_user(shared_group_id, new_owner): continue seafile_api.set_group_repo(repo_id, shared_group_id, new_owner, shared_group.perm) # check if current repo is pub-repo # if YES, reshare current repo to public for pub_repo in pub_repos: if repo_id != pub_repo.id: continue seafile_api.add_inner_pub_repo(repo_id, pub_repo.permission) break # send admin operation log signal admin_op_detail = { "id": repo_id, "name": repo.name, "from": repo_owner, "to": new_owner, } admin_operation.send(sender=None, admin_name=request.user.username, operation=REPO_TRANSFER, detail=admin_op_detail) repo = seafile_api.get_repo(repo_id) repo_info = get_repo_info(repo) return Response(repo_info)
def get(self, request): """List all users in DB or LDAPImport Permission checking: 1. only admin can perform this action. """ try: page = int(request.GET.get('page', '1')) per_page = int(request.GET.get('per_page', '25')) except ValueError: page = 1 per_page = 25 start = (page - 1) * per_page # source: 'DB' or 'LDAPImport', default is 'DB' source = request.GET.get('source', 'DB') source = source.lower() if source not in ['db', 'ldapimport']: error_msg = 'source %s invalid.' % source return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if source == 'db': users = ccnet_api.get_emailusers('DB', start, per_page) total_count = ccnet_api.count_emailusers('DB') + \ ccnet_api.count_inactive_emailusers('DB') elif source == 'ldapimport': users = ccnet_api.get_emailusers('LDAPImport', start, per_page) # api param is 'LDAP', but actually get count of 'LDAPImport' users total_count = ccnet_api.count_emailusers('LDAP') + \ ccnet_api.count_inactive_emailusers('LDAP') data = [] for user in users: profile = Profile.objects.get_profile_by_user(user.email) info = {} info['email'] = user.email info['name'] = email2nickname(user.email) info['contact_email'] = email2contact_email(user.email) info[ 'login_id'] = profile.login_id if profile and profile.login_id else '' info['is_staff'] = user.is_staff info['is_active'] = user.is_active orgs = ccnet_api.get_orgs_by_user(user.email) try: if orgs: org_id = orgs[0].org_id info['org_id'] = org_id info['org_name'] = orgs[0].org_name except Exception as e: logger.error(e) info['create_time'] = timestamp_to_isoformat_timestr(user.ctime) last_login_obj = UserLastLogin.objects.get_by_username(user.email) info['last_login'] = datetime_to_isoformat_timestr( last_login_obj.last_login) if last_login_obj else '' info['role'] = get_user_role(user) info['storage_usage'] = Workspaces.objects.get_owner_total_storage( owner=user.email) if getattr(settings, 'MULTI_INSTITUTION', False): info['institution'] = profile.institution if profile else '' data.append(info) result = {'data': data, 'total_count': total_count} return Response(result)
def put(self, request, repo_id, format=None): """ update a library status, transfer a library, rename a library Permission checking: 1. only admin can perform this action. """ # argument check new_status = request.data.get('status', None) if new_status: if new_status not in ('normal', 'read-only'): error_msg = 'status invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) new_repo_name = request.data.get('name', None) if new_repo_name: if not is_valid_dirent_name(new_repo_name): error_msg = 'name invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) new_owner = request.data.get('owner', None) if new_owner: if not is_valid_email(new_owner): error_msg = 'owner invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if new_status: try: seafile_api.set_repo_status(repo_id, normalize_repo_status_str(new_status)) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if new_repo_name: try: res = seafile_api.edit_repo(repo_id, new_repo_name, '', None) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if res == -1: e = 'Admin rename failed: ID of library is %s, edit_repo api called failed.' % \ repo_id logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if new_owner: try: new_owner_obj = User.objects.get(email=new_owner) except User.DoesNotExist: error_msg = 'User %s not found.' % new_owner return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not new_owner_obj.permissions.can_add_repo(): error_msg = _('Transfer failed: role of %s is %s, can not add library.') % \ (new_owner, new_owner_obj.role) return api_error(status.HTTP_403_FORBIDDEN, error_msg) if MULTI_TENANCY: try: if seafile_api.get_org_id_by_repo_id(repo_id) > 0: error_msg = 'Can not transfer organization library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if ccnet_api.get_orgs_by_user(new_owner): error_msg = 'Can not transfer library to organization user %s' % new_owner return api_error(status.HTTP_403_FORBIDDEN, error_msg) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) repo_owner = seafile_api.get_repo_owner(repo_id) if new_owner == repo_owner: error_msg = _("Library can not be transferred to owner.") return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # get repo shared to user/group list shared_users = seafile_api.list_repo_shared_to( repo_owner, repo_id) shared_groups = seafile_api.list_repo_shared_group_by_user( repo_owner, repo_id) # get all pub repos pub_repos = [] if not request.cloud_mode: pub_repos = seafile_api.list_inner_pub_repos_by_owner(repo_owner) # transfer repo seafile_api.set_repo_owner(repo_id, new_owner) # reshare repo to user for shared_user in shared_users: shared_username = shared_user.user if new_owner == shared_username: continue seafile_api.share_repo(repo_id, new_owner, shared_username, shared_user.perm) # reshare repo to group for shared_group in shared_groups: shared_group_id = shared_group.group_id if not is_group_member(shared_group_id, new_owner): continue seafile_api.set_group_repo(repo_id, shared_group_id, new_owner, shared_group.perm) # reshare repo to links try: UploadLinkShare.objects.filter(username=repo_owner, repo_id=repo_id).update(username=new_owner) FileShare.objects.filter(username=repo_owner, repo_id=repo_id).update(username=new_owner) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # check if current repo is pub-repo # if YES, reshare current repo to public for pub_repo in pub_repos: if repo_id != pub_repo.id: continue seafile_api.add_inner_pub_repo(repo_id, pub_repo.permission) break # send admin operation log signal admin_op_detail = { "id": repo_id, "name": repo.name, "from": repo_owner, "to": new_owner, } admin_operation.send(sender=None, admin_name=request.user.username, operation=REPO_TRANSFER, detail=admin_op_detail) repo = seafile_api.get_repo(repo_id) repo_info = get_repo_info(repo) return Response(repo_info)
def handle(self, *args, **options): self.stdout.write("Export users to '../users.xlsx'.") try: users = ccnet_api.get_emailusers('DB', -1, -1) + \ ccnet_api.get_emailusers('LDAPImport', -1, -1) except Exception as e: self.stdout.write('Error: ' + str(e)) return if is_pro_version(): is_pro = True else: is_pro = False if is_pro: head = [_("Email"), _("Name"), _("Contact Email"), _("Status"), _("Role"), _("Space Usage") + "(MB)", _("Space Quota") + "(MB)", _("Create At"), _("Last Login"), _("Admin"), _("LDAP(imported)"),] else: head = [_("Email"), _("Name"), _("Contact Email"), _("Status"), _("Space Usage") + "(MB)", _("Space Quota") + "(MB)", _("Create At"), _("Last Login"), _("Admin"), _("LDAP(imported)"),] # only operate 100 users for every `for` loop looped = 0 limit = 100 data_list = [] while looped < len(users): current_users = users[looped:looped+limit] last_logins = UserLastLogin.objects.filter(username__in=[x.email \ for x in current_users]) user_profiles = Profile.objects.filter(user__in=[x.email \ for x in current_users]) for user in current_users: # populate name and contact email user.contact_email = '' user.name = '' for profile in user_profiles: if profile.user == user.email: user.contact_email = profile.contact_email user.name = profile.nickname # populate space usage and quota MB = get_file_size_unit('MB') # populate user quota usage orgs = ccnet_api.get_orgs_by_user(user.email) try: if orgs: user.org = orgs[0] org_id = user.org.org_id user.space_usage = seafile_api.get_org_user_quota_usage(org_id, user.email) user.space_quota = seafile_api.get_org_user_quota(org_id, user.email) else: user.space_usage = seafile_api.get_user_self_usage(user.email) user.space_quota = seafile_api.get_user_quota(user.email) except Exception as e: self.stdout.write('Debug: ' + str(e)) user.space_usage = -1 user.space_quota = -1 if user.space_usage > 0: try: space_usage_MB = round(float(user.space_usage) / MB, 2) except Exception as e: self.stdout.write('Debug: ' + str(e)) space_usage_MB = '--' else: space_usage_MB = '' if user.space_quota > 0: try: space_quota_MB = round(float(user.space_quota) / MB, 2) except Exception as e: self.stdout.write('Debug: ' + str(e)) space_quota_MB = '--' else: space_quota_MB = '' # populate user last login time user.last_login = None for last_login in last_logins: if last_login.username == user.email: user.last_login = last_login.last_login if user.is_active: status = _('Active') else: status = _('Inactive') create_at = tsstr_sec(user.ctime) if user.ctime else '' last_login = user.last_login.strftime("%Y-%m-%d %H:%M:%S") if \ user.last_login else '' is_admin = _('Yes') if user.is_staff else '' ldap_import = _('Yes') if user.source == 'LDAPImport' else '' if is_pro: if user.role: if user.role == GUEST_USER: role = _('Guest') elif user.role == DEFAULT_USER: role = _('Default') else: role = user.role else: role = _('Default') row = [user.email, user.name, user.contact_email, status, role, space_usage_MB, space_quota_MB, create_at, last_login, is_admin, ldap_import] else: row = [user.email, user.name, user.contact_email, status, space_usage_MB, space_quota_MB, create_at, last_login, is_admin, ldap_import] data_list.append(row) # update `looped` value when `for` loop finished looped += limit wb = write_xls('users', head, data_list) if not wb: self.stdout.write('Error: please check the log.') return wb.save('../users.xlsx') self.stdout.write('Done.\n')
def handle(self, *args, **options): self.stdout.write("Export users to '../users.xlsx'.") try: users = ccnet_api.get_emailusers('DB', -1, -1) + \ ccnet_api.get_emailusers('LDAPImport', -1, -1) except Exception as e: self.stdout.write('Error: ' + str(e)) return if is_pro_version(): is_pro = True else: is_pro = False if is_pro: head = [ _("Email"), _("Name"), _("Contact Email"), _("Status"), _("Role"), _("Space Usage") + "(MB)", _("Space Quota") + "(MB)", _("Create At"), _("Last Login"), _("Admin"), _("LDAP(imported)"), ] else: head = [ _("Email"), _("Name"), _("Contact Email"), _("Status"), _("Space Usage") + "(MB)", _("Space Quota") + "(MB)", _("Create At"), _("Last Login"), _("Admin"), _("LDAP(imported)"), ] # only operate 100 users for every `for` loop looped = 0 limit = 100 data_list = [] while looped < len(users): current_users = users[looped:looped + limit] last_logins = UserLastLogin.objects.filter(username__in=[x.email \ for x in current_users]) user_profiles = Profile.objects.filter(user__in=[x.email \ for x in current_users]) for user in current_users: # populate name and contact email user.contact_email = '' user.name = '' for profile in user_profiles: if profile.user == user.email: user.contact_email = profile.contact_email user.name = profile.nickname # populate space usage and quota MB = get_file_size_unit('MB') # populate user quota usage orgs = ccnet_api.get_orgs_by_user(user.email) try: if orgs: user.org = orgs[0] org_id = user.org.org_id user.space_usage = seafile_api.get_org_user_quota_usage( org_id, user.email) user.space_quota = seafile_api.get_org_user_quota( org_id, user.email) else: user.space_usage = seafile_api.get_user_self_usage( user.email) user.space_quota = seafile_api.get_user_quota( user.email) except Exception as e: self.stdout.write('Debug: ' + str(e)) user.space_usage = -1 user.space_quota = -1 if user.space_usage > 0: try: space_usage_MB = round(float(user.space_usage) / MB, 2) except Exception as e: self.stdout.write('Debug: ' + str(e)) space_usage_MB = '--' else: space_usage_MB = '' if user.space_quota > 0: try: space_quota_MB = round(float(user.space_quota) / MB, 2) except Exception as e: self.stdout.write('Debug: ' + str(e)) space_quota_MB = '--' else: space_quota_MB = '' # populate user last login time user.last_login = None for last_login in last_logins: if last_login.username == user.email: user.last_login = last_login.last_login if user.is_active: status = _('Active') else: status = _('Inactive') create_at = tsstr_sec(user.ctime) if user.ctime else '' last_login = user.last_login.strftime("%Y-%m-%d %H:%M:%S") if \ user.last_login else '' is_admin = _('Yes') if user.is_staff else '' ldap_import = _('Yes') if user.source == 'LDAPImport' else '' if is_pro: if user.role: if user.role == GUEST_USER: role = _('Guest') elif user.role == DEFAULT_USER: role = _('Default') else: role = user.role else: role = _('Default') row = [ user.email, user.name, user.contact_email, status, role, space_usage_MB, space_quota_MB, create_at, last_login, is_admin, ldap_import ] else: row = [ user.email, user.name, user.contact_email, status, space_usage_MB, space_quota_MB, create_at, last_login, is_admin, ldap_import ] data_list.append(row) # update `looped` value when `for` loop finished looped += limit wb = write_xls('users', head, data_list) if not wb: self.stdout.write('Error: please check the log.') return wb.save('../users.xlsx') self.stdout.write('Done.\n')
def put(self, request, repo_id, format=None): """ transfer a library Permission checking: 1. only admin can perform this action. """ repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) new_owner = request.data.get('owner', None) if not new_owner: error_msg = 'owner invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=new_owner) except User.DoesNotExist: error_msg = 'User %s not found.' % new_owner return api_error(status.HTTP_404_NOT_FOUND, error_msg) if MULTI_TENANCY: try: if seafserv_threaded_rpc.get_org_id_by_repo_id(repo_id) > 0: error_msg = 'Can not transfer organization library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if ccnet_api.get_orgs_by_user(new_owner): error_msg = 'Can not transfer library to organization user %s' % new_owner return api_error(status.HTTP_403_FORBIDDEN, error_msg) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) repo_owner = seafile_api.get_repo_owner(repo_id) # get repo shared to user/group list shared_users = seafile_api.list_repo_shared_to( repo_owner, repo_id) shared_groups = seafile_api.list_repo_shared_group_by_user( repo_owner, repo_id) # get all pub repos pub_repos = [] if not request.cloud_mode: pub_repos = seafile_api.list_inner_pub_repos_by_owner(repo_owner) # transfer repo seafile_api.set_repo_owner(repo_id, new_owner) # reshare repo to user for shared_user in shared_users: shared_username = shared_user.user if new_owner == shared_username: continue seafile_api.share_repo(repo_id, new_owner, shared_username, shared_user.perm) # reshare repo to group for shared_group in shared_groups: shared_group_id = shared_group.group_id if not ccnet_api.is_group_user(shared_group_id, new_owner): continue seafile_api.set_group_repo(repo_id, shared_group_id, new_owner, shared_group.perm) # check if current repo is pub-repo # if YES, reshare current repo to public for pub_repo in pub_repos: if repo_id != pub_repo.id: continue seafile_api.add_inner_pub_repo(repo_id, pub_repo.permission) break repo = seafile_api.get_repo(repo_id) repo_info = get_repo_info(repo) return Response(repo_info)