def test_delete_file_with_invalid_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
# create a file in user repo sub-folder
file_name = randstring(6)
seafile_api.post_empty_file(repo_id=self.repo_id,
parent_dir=self.folder_path, filename=file_name,
username=self.user_name)
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo_id, self.user_name,
self.admin_name, 'rw')
# set sub-folder permisson as 'r' for admin
seafile_api.add_folder_user_perm(self.repo_id,
self.folder_path, 'r', self.admin_name)
# admin can visit file with 'r' permission
file_path = posixpath.join(self.folder_path, file_name)
assert seafile_api.check_permission_by_path(self.repo_id,
file_path, self.admin_name) == 'r'
# login as admin, then delete a 'r' permission file
self.login_as(self.admin)
resp = self.client.delete(self.url + '?p=' + file_path,
{}, 'application/x-www-form-urlencoded')
self.assertEqual(403, resp.status_code)
def test_can_delete_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
seafile_api.add_folder_user_perm(self.user_repo_id,
self.user_folder_path, self.perm_r,
self.admin_email)
self.login_as(self.user)
resp = self.client.get(
reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]))
json_resp = json.loads(resp.content)
assert len(json_resp) == 1
url = reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])
data = 'user_email=%s&folder_path=%s' % (self.admin_email,
self.user_folder_path)
resp = self.client.delete(url, data,
'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
resp = self.client.get(
reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]))
json_resp = json.loads(resp.content)
assert len(json_resp) == 0
def test_rename_file_with_invalid_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
# create a file as old file in user repo sub-folder
old_file_name = randstring(6)
seafile_api.post_empty_file(repo_id=self.repo_id,
parent_dir=self.folder_path,
filename=old_file_name,
username=self.user_name)
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo_id, self.user_name, self.admin_name,
'rw')
# set sub-folder permisson as 'r' for admin
seafile_api.add_folder_user_perm(self.repo_id, self.folder_path, 'r',
self.admin_name)
# admin can visit old file with 'r' permission
old_file_path = posixpath.join(self.folder_path, old_file_name)
assert seafile_api.check_permission_by_path(self.repo_id,
old_file_path,
self.admin_name) == 'r'
# login as admin, then rename a 'r' permission old file
self.login_as(self.admin)
new_name = randstring(6)
data = {'operation': 'rename', 'newname': new_name}
resp = self.client.post(self.url + '?p=' + old_file_path, data)
self.assertEqual(403, resp.status_code)
def test_rename_folder_with_invalid_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo_id, self.user_name, self.admin_name,
'rw')
# set sub-folder permisson as 'r' for admin
seafile_api.add_folder_user_perm(self.repo_id, self.folder_path, 'r',
self.admin_name)
# admin can visit sub-folder with 'r' permission
assert seafile_api.check_permission_by_path(self.repo_id,
self.folder_path,
self.admin_name) == 'r'
# login as admin, then rename a 'r' permission folder
self.login_as(self.admin)
new_name = randstring(6)
data = {'operation': 'rename', 'newname': new_name}
resp = self.client.post(self.url + '?p=' + self.folder_path, data)
self.assertEqual(403, resp.status_code)
def test_rename_file_with_invalid_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
# create a file as old file in user repo sub-folder
old_file_name = randstring(6)
seafile_api.post_empty_file(repo_id=self.repo_id,
parent_dir=self.folder_path, filename=old_file_name,
username=self.user_name)
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo_id, self.user_name,
self.admin_name, 'rw')
# set sub-folder permisson as 'r' for admin
seafile_api.add_folder_user_perm(self.repo_id,
self.folder_path, 'r', self.admin_name)
# admin can visit old file with 'r' permission
old_file_path = posixpath.join(self.folder_path, old_file_name)
assert seafile_api.check_permission_by_path(self.repo_id,
old_file_path, self.admin_name) == 'r'
# login as admin, then rename a 'r' permission old file
self.login_as(self.admin)
new_name = randstring(6)
data = {'operation': 'rename', 'newname': new_name}
resp = self.client.post(self.url + '?p=' + old_file_path, data)
self.assertEqual(403, resp.status_code)
def test_rename_folder_with_invalid_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo_id, self.user_name,
self.admin_name, 'rw')
# set sub-folder permisson as 'r' for admin
seafile_api.add_folder_user_perm(self.repo_id,
self.folder_path, 'r', self.admin_name)
# admin can visit sub-folder with 'r' permission
assert seafile_api.check_permission_by_path(self.repo_id,
self.folder_path, self.admin_name) == 'r'
# login as admin, then rename a 'r' permission folder
self.login_as(self.admin)
new_name = randstring(6)
data = {'operation': 'rename', 'newname': new_name}
resp = self.client.post(self.url + '?p=' + self.folder_path, data)
self.assertEqual(403, resp.status_code)
def test_delete_file_with_invalid_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
# create a file in user repo sub-folder
file_name = randstring(6)
seafile_api.post_empty_file(repo_id=self.repo_id,
parent_dir=self.folder_path,
filename=file_name,
username=self.user_name)
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo_id, self.user_name, self.admin_name,
'rw')
# set sub-folder permisson as 'r' for admin
seafile_api.add_folder_user_perm(self.repo_id, self.folder_path, 'r',
self.admin_name)
# admin can visit file with 'r' permission
file_path = posixpath.join(self.folder_path, file_name)
assert seafile_api.check_permission_by_path(self.repo_id, file_path,
self.admin_name) == 'r'
# login as admin, then delete a 'r' permission file
self.login_as(self.admin)
resp = self.client.delete(self.url + '?p=' + file_path, {},
'application/x-www-form-urlencoded')
self.assertEqual(403, resp.status_code)
def set_user_folder_rw_permission_to_admin(self):
# share user's repo to admin with 'r' permission
seafile_api.share_repo(self.repo.id, self.user.username,
self.admin.username, 'r')
# set user sub-folder 'rw' permisson to admin
seafile_api.add_folder_user_perm(self.repo.id,
self.folder, 'rw', self.admin.username)
# admin can visit user sub-folder with 'rw' permission
assert seafile_api.check_permission_by_path(self.repo.id,
self.folder, self.admin.username) == 'rw'
def set_user_folder_rw_permission_to_admin(self):
# share user's repo to admin with 'r' permission
seafile_api.share_repo(self.repo.id, self.user.username,
self.admin.username, 'r')
# set user sub-folder 'rw' permisson to admin
seafile_api.add_folder_user_perm(self.repo.id, self.folder, 'rw',
self.admin.username)
# admin can visit user sub-folder with 'rw' permission
assert seafile_api.check_permission_by_path(
self.repo.id, self.folder, self.admin.username) == 'rw'
def test_can_get_folder_perm_with_admin(self):
if not LOCAL_PRO_DEV_ENV:
return
self.share_repo_to_admin_with_admin_permission()
self.login_as(self.admin)
seafile_api.add_folder_user_perm(self.user_repo_id,
self.user_folder_path, self.perm_r,
self.admin_email)
resp = self.client.get(
reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]))
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp[0]['user_email'] == self.admin_email
assert json_resp[0]['repo_id'] == self.user_repo_id
assert json_resp[0]['permission'] == self.perm_r
assert json_resp[0]['folder_path'] == self.user_folder_path
def test_can_modify_folder_perm_with_admin(self):
if not LOCAL_PRO_DEV_ENV:
return
self.share_repo_to_admin_with_admin_permission()
self.login_as(self.admin)
seafile_api.add_folder_user_perm(self.user_repo_id,
self.user_folder_path, self.perm_r,
self.admin_email)
url = reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])
data = 'user_email=%s&folder_path=%s&permission=%s' % (
self.admin_email, self.user_folder_path, self.perm_rw)
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
resp = self.client.get(
reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]))
json_resp = json.loads(resp.content)
assert json_resp[0]['permission'] == self.perm_rw
def test_can_get_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
seafile_api.add_folder_user_perm(self.user_repo_id,
self.user_folder_path, self.perm_r, self.admin_email)
self.login_as(self.user)
resp = self.client.get(reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]))
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp[0]['user_email'] == self.admin_email
assert json_resp[0]['repo_id'] == self.user_repo_id
assert json_resp[0]['permission'] == self.perm_r
assert json_resp[0]['folder_path'] == self.user_folder_path
def test_can_not_add_if_folder_perm_already_exist(self):
if not LOCAL_PRO_DEV_ENV:
return
seafile_api.add_folder_user_perm(self.user_repo_id,
self.user_folder_path, self.perm_r, self.admin_email)
self.login_as(self.user)
url = reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])
data = {
"user": self.admin_email,
"path": self.user_folder_path,
"perm": self.perm_r
}
resp = self.client.post(url, data)
self.assertEqual(409, resp.status_code)
def test_can_modify_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
seafile_api.add_folder_user_perm(self.user_repo_id,
self.user_folder_path, self.perm_r, self.admin_email)
self.login_as(self.user)
url = reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])
data = 'user=%s&path=%s&perm=%s' % (self.admin_email,
self.user_folder_path, self.perm_rw)
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
resp = self.client.get(reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]))
json_resp = json.loads(resp.content)
assert json_resp[0]['permission'] == self.perm_rw
def test_can_not_add_if_folder_perm_already_exist(self):
if not LOCAL_PRO_DEV_ENV:
return
seafile_api.add_folder_user_perm(self.user_repo_id,
self.user_folder_path, self.perm_r,
self.admin_email)
self.login_as(self.user)
url = reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])
data = {
"user_email": self.admin_email,
"folder_path": self.user_folder_path,
"permission": self.perm_r
}
resp = self.client.post(url, data)
self.assertEqual(409, resp.status_code)
def test_copy_file_with_invalid_dst_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo_id, self.user_name, self.admin_name,
'rw')
# set sub-folder permisson as 'r' for admin
seafile_api.add_folder_user_perm(self.repo_id, self.folder_path, 'r',
self.admin_name)
# admin can visit sub-folder with 'r' permission
assert seafile_api.check_permission_by_path(self.repo_id,
self.folder_path,
self.admin_name) == 'r'
# create a file for admin repo
admin_repo_id = self.admin_create_new_repo()
admin_file_name = randstring(6)
seafile_api.post_empty_file(repo_id=admin_repo_id,
parent_dir='/',
filename=admin_file_name,
username=self.admin_name)
# login as admin, then move file to a 'r' permission folder
self.login_as(self.admin)
# create new repo for admin
data = {
'operation': 'copy',
'dst_repo': self.repo_id,
'dst_dir': self.folder_path,
}
url = reverse('api-v2.1-file-view', args=[admin_repo_id])
resp = self.client.post(url + '?p=/' + admin_file_name, data)
self.assertEqual(403, resp.status_code)
def test_can_delete_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
seafile_api.add_folder_user_perm(self.user_repo_id,
self.user_folder_path, self.perm_r, self.admin_email)
self.login_as(self.user)
resp = self.client.get(reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]))
json_resp = json.loads(resp.content)
assert len(json_resp) == 1
url = reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])
data = 'user_email=%s&folder_path=%s' % (self.admin_email, self.user_folder_path)
resp = self.client.delete(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
resp = self.client.get(reverse("api2-repo-user-folder-perm", args=[self.user_repo_id]))
json_resp = json.loads(resp.content)
assert len(json_resp) == 0
def test_can_not_add_if_folder_perm_already_exist(self):
if not LOCAL_PRO_DEV_ENV:
return
seafile_api.add_folder_user_perm(self.user_repo_id,
self.user_folder_path, self.perm_r, self.admin_email)
self.login_as(self.user)
url = reverse("api2-repo-user-folder-perm", args=[self.user_repo_id])
data = {
"user_email": self.admin_email,
"folder_path": self.user_folder_path,
"permission": self.perm_r
}
resp = self.client.post(url, data)
json_resp = json.loads(resp.content)
assert len(json_resp['failed']) == 1
assert len(json_resp['success']) == 0
assert json_resp['failed'][0]['user_email'] == self.admin_email
def test_delete_folder_with_invalid_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo_id, self.user_name,
self.admin_name, 'rw')
# set sub-folder permisson as 'r' for admin
seafile_api.add_folder_user_perm(self.repo_id,
self.folder_path, 'r', self.admin_name)
# admin can visit sub-folder with 'r' permission
assert seafile_api.check_permission_by_path(self.repo_id,
self.folder_path, self.admin_name) == 'r'
# login as admin, then delete a 'r' permission folder
self.login_as(self.admin)
resp = self.client.delete(self.url + '?p=' + self.folder_path,
{}, 'application/x-www-form-urlencoded')
self.assertEqual(403, resp.status_code)
def test_copy_file_with_invalid_dst_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo_id, self.user_name,
self.admin_name, 'rw')
# set sub-folder permisson as 'r' for admin
seafile_api.add_folder_user_perm(self.repo_id,
self.folder_path, 'r', self.admin_name)
# admin can visit sub-folder with 'r' permission
assert seafile_api.check_permission_by_path(self.repo_id,
self.folder_path, self.admin_name) == 'r'
# create a file for admin repo
admin_repo_id = self.admin_create_new_repo()
admin_file_name = randstring(6)
seafile_api.post_empty_file(repo_id=admin_repo_id,
parent_dir='/', filename=admin_file_name,
username=self.admin_name)
# login as admin, then move file to a 'r' permission folder
self.login_as(self.admin)
# create new repo for admin
data = {
'operation': 'copy',
'dst_repo': self.repo_id,
'dst_dir': self.folder_path,
}
url = reverse('api-v2.1-file-view', args=[admin_repo_id])
resp = self.client.post(url + '?p=/' + admin_file_name, data)
self.assertEqual(403, resp.status_code)
def post(self, request, repo_id, format=None):
""" Add repo user folder perm.
Permission checking:
1. is group admin
"""
# argument check
path = request.data.get('folder_path', None)
if not path:
error_msg = 'folder_path invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
perm = request.data.get('permission', None)
if not perm or perm not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = normalize_dir_path(path)
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# add repo user folder perm
result = {}
result['failed'] = []
result['success'] = []
users = request.data.getlist('user_email')
for user in users:
if not is_valid_username(user):
result['failed'].append({
'user_email': user,
'error_msg': 'user_email invalid.'
})
continue
try:
User.objects.get(email=user)
except User.DoesNotExist:
result['failed'].append({
'user_email': user,
'error_msg': 'User %s not found.' % user
})
continue
permission = seafile_api.get_folder_user_perm(repo_id, path, user)
if permission:
result['failed'].append({
'user_email': user,
'error_msg': _(u'Permission already exists.')
})
continue
try:
seafile_api.add_folder_user_perm(repo_id, path, perm, user)
send_perm_audit_msg('add-repo-perm', username, user, repo_id, path, perm)
except Exception as e:
logger.error(e)
result['failed'].append({
'user_email': user,
'error_msg': 'Internal Server Error'
})
new_perm = seafile_api.get_folder_user_perm(repo_id, path, user)
new_perm_info = self._get_user_folder_perm_info(
user, repo_id, path, new_perm)
result['success'].append(new_perm_info)
return Response(result)
def post(self, request, repo_id, format=None):
""" Add repo user folder perm.
Permission checking:
1. is group admin
"""
# argument check
path = request.data.get('folder_path', None)
if not path:
error_msg = 'folder_path invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
perm = request.data.get('permission', None)
if not perm or perm not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = normalize_dir_path(path)
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not ccnet_api.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# add repo user folder perm
result = {}
result['failed'] = []
result['success'] = []
users = request.data.getlist('user_email')
for user in users:
if not is_valid_username(user):
result['failed'].append({
'user_email': user,
'error_msg': 'user_email invalid.'
})
continue
try:
User.objects.get(email=user)
except User.DoesNotExist:
result['failed'].append({
'user_email': user,
'error_msg': 'User %s not found.' % user
})
continue
permission = seafile_api.get_folder_user_perm(repo_id, path, user)
if permission:
result['failed'].append({
'user_email': user,
'error_msg': _(u'Permission already exists.')
})
continue
try:
seafile_api.add_folder_user_perm(repo_id, path, perm, user)
send_perm_audit_msg('add-repo-perm', username, user, repo_id, path, perm)
except Exception as e:
logger.error(e)
result['failed'].append({
'user_email': user,
'error_msg': 'Internal Server Error'
})
new_perm = seafile_api.get_folder_user_perm(repo_id, path, user)
new_perm_info = self._get_user_folder_perm_info(
user, repo_id, path, new_perm)
result['success'].append(new_perm_info)
return Response(result)