def get_repo_owner(request, repo_id):
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
# for admin panel
# administrator may get org repo's owner
repo_owner = seafile_api.get_repo_owner(repo_id)
if not repo_owner:
repo_owner = seafile_api.get_org_repo_owner(repo_id)
return repo_owner
def get_repo_owner(request, repo_id):
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
# for admin panel
# administrator may get org repo's owner
repo_owner = seafile_api.get_repo_owner(repo_id)
if not repo_owner:
repo_owner = seafile_api.get_org_repo_owner(repo_id)
return repo_owner
def delete(self, request, repo_id, format=None):
""" delete a library
Permission checking:
1. only admin can perform this action.
"""
if get_system_default_repo_id() == repo_id:
error_msg = _('System library can not be deleted.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
repo = seafile_api.get_repo(repo_id)
if not repo:
# for case of `seafile-data` has been damaged
# no `repo object` will be returned from seafile api
# delete the database record anyway
try:
seafile_api.remove_repo(repo_id)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
return Response({'success': True})
repo_name = repo.name
repo_owner = seafile_api.get_repo_owner(repo_id)
if not repo_owner:
repo_owner = seafile_api.get_org_repo_owner(repo_id)
try:
related_usernames = seaserv.get_related_users_by_repo(repo_id)
seafile_api.remove_repo(repo_id)
# send signal for seafevents
repo_deleted.send(sender=None,
org_id=-1,
operator=request.user.username,
usernames=related_usernames,
repo_owner=repo_owner,
repo_id=repo_id,
repo_name=repo.name)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# send admin operation log signal
admin_op_detail = {
"id": repo_id,
"name": repo_name,
"owner": repo_owner,
}
admin_operation.send(sender=None,
admin_name=request.user.username,
operation=REPO_DELETE,
detail=admin_op_detail)
return Response({'success': True})
def get_org_repo_info(repo):
repo_info = {}
repo_info['repo_name'] = repo.repo_name
repo_info['owner_email'] = seafile_api.get_org_repo_owner(repo.id)
repo_info['repo_id'] = repo.id
return repo_info
def get_group_repos(username, org_id, groups):
"""Get repos shared to groups.
"""
group_repos = []
if org_id:
# For each group I joined...
for grp in groups:
# Get group repos, and for each group repos...
for r_id in seafile_api.get_org_group_repoids(org_id, grp.id):
# No need to list my own repo
repo_owner = seafile_api.get_org_repo_owner(r_id)
if repo_owner == username:
continue
group_repos.append(r_id)
else:
# For each group I joined...
for grp in groups:
# Get group repos, and for each group repos...
for r_id in seafile_api.get_group_repoids(grp.id):
# No need to list my own repo
repo_owner = seafile_api.get_repo_owner(r_id)
if repo_owner == username:
continue
group_repos.append(r_id)
return group_repos
def search_files(repos_map, search_path, keyword, obj_desc, start, size, org_id=None):
# search file
if len(repos_map) > 1:
search_path = None
files_found, total = es_search(repos_map, search_path, keyword, obj_desc, start, size)
result = []
for f in files_found:
repo = repos_map.get(f['repo_id'].encode('UTF-8'), None)
if not repo:
continue
if repo.origin_path:
if not f['fullpath'].startswith(repo.origin_path):
# this operation will reduce the result items, but it will not happen now
continue
else:
f['repo_id'] = repo.repo_id
f['fullpath'] = f['fullpath'].split(repo.origin_path)[-1]
if not repo.owner:
if org_id:
repo.owner = seafile_api.get_org_repo_owner(repo.id)
else:
repo.owner = seafile_api.get_repo_owner(repo.id)
# if match multiple files, keep the lookup only once.
if not hasattr(repo, 'owner_nickname') or not repo.owner_nickname:
repo.owner_nickname = email2nickname(repo.owner)
if not hasattr(repo, 'owner_contact_email') or not repo.owner_contact_email:
repo.owner_contact_email = email2contact_email(repo.owner)
if f['fullpath'] == '/':
f['last_modified_by'] = repo.last_modifier
f['last_modified'] = repo.last_modify
f['size'] = repo.size
else:
try:
dirent = seafile_api.get_dirent_by_path(f['repo_id'], f['fullpath'])
except Exception as e:
logger.error(e)
continue
if not dirent:
continue
f['last_modified_by'] = dirent.modifier
f['last_modified'] = dirent.mtime
f['size'] = dirent.size
f['repo'] = repo
f['repo_name'] = repo.name
f['repo_owner_email'] = repo.owner
f['repo_owner_name'] = repo.owner_nickname
f['repo_owner_contact_email'] = repo.owner_contact_email
result.append(f)
return result, total
def repo_restored_cb(sender, **kwargs):
repo_id = kwargs['repo_id']
operator = kwargs['operator']
repo = seafile_api.get_repo(repo_id)
org_id = get_org_id_by_repo_id(repo_id)
if org_id > 0:
related_users = seafile_api.org_get_shared_users_by_repo(org_id, repo_id)
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
related_users = seafile_api.get_shared_users_by_repo(repo_id)
repo_owner = seafile_api.get_repo_owner(repo_id)
related_users.append(repo_owner)
record = {
'op_type':'recover',
'obj_type':'repo',
'timestamp': datetime.datetime.utcnow(),
'repo_id': repo_id,
'repo_name': repo.repo_name,
'path': '/',
'op_user': operator,
'related_users': [related_users],
'org_id': org_id,
}
from utils import SeafEventsSession
session = SeafEventsSession()
seafevents.save_user_activity(session, record)
session.close()
def format_repo_share_msg(self, notice):
d = json.loads(notice.detail)
repo_id = d['repo_id']
repo = seafile_api.get_repo(repo_id)
path = d['path']
org_id = d.get('org_id', None)
if path == '/':
shared_type = 'library'
else:
shared_type = 'folder'
if org_id:
owner = seafile_api.get_org_repo_owner(repo_id)
repo = seafile_api.get_org_virtual_repo(
org_id, repo_id, path, owner)
else:
owner = seafile_api.get_repo_owner(repo_id)
repo = seafile_api.get_virtual_repo(repo_id, path, owner)
notice.repo_url = HASH_URLS["VIEW_COMMON_LIB_DIR"] % {
'repo_id': repo_id,
'path': ''
}
notice.notice_from = escape(email2nickname(d['share_from']))
notice.repo_name = repo.name
notice.avatar_src = self.get_avatar_src(d['share_from'])
notice.shared_type = shared_type
return notice
def repo_online_gc(request, repo_id):
if request.method != 'POST':
raise Http404
repo = get_repo(repo_id)
if not repo:
raise Http404
referer = request.META.get('HTTP_REFERER', None)
next = settings.SITE_ROOT if referer is None else referer
username = request.user.username
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo.id)
else:
repo_owner = seafile_api.get_repo_owner(repo.id)
is_repo_owner = True if repo_owner == username else False
if not is_repo_owner:
messages.error(request, _('Permission denied'))
return HttpResponseRedirect(next)
day = int(request.POST.get('day'))
try:
seafile_api.clean_up_repo_history(repo.id, day)
except SearpcError as e:
logger.error(e)
messages.error(request, _('Internal server error'))
return HttpResponseRedirect(next)
return HttpResponseRedirect(next)
def delete(self, request, repo_id, format=None):
""" delete a library
Permission checking:
1. only admin can perform this action.
"""
if get_system_default_repo_id() == repo_id:
error_msg = _('System library can not be deleted.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
repo_owner = seafile_api.get_repo_owner(repo_id)
if not repo_owner:
repo_owner = seafile_api.get_org_repo_owner(repo_id)
related_usernames = seaserv.get_related_users_by_repo(repo_id)
try:
seafile_api.remove_repo(repo_id)
repo_deleted.send(sender=None,
org_id=-1,
usernames=related_usernames,
repo_owner=repo_owner,
repo_id=repo_id,
repo_name=repo.name)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def delete(self, request, org_id, repo_id):
"""Remove an organization library
"""
# resource check
org_id = int(org_id)
if not ccnet_api.get_org_by_id(org_id):
error_msg = 'Organization %s not found.' % org_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not is_org_repo(org_id, repo_id):
error_msg = 'Library %s not in org %s.' % (repo_id, org_id)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
usernames = seaserv.get_related_users_by_org_repo(org_id, repo_id)
repo_owner = seafile_api.get_org_repo_owner(repo_id)
seafile_api.remove_repo(repo_id)
repo_deleted.send(sender=None,
operator=request.user.username,
org_id=org_id,
usernames=usernames,
repo_owner=repo_owner,
repo_id=repo_id,
repo_name=repo.name)
return Response({'success': True})
def get_related_users_by_repo(repo_id, org_id=None):
""" Return all users who can view this library.
1. repo owner
2. users repo has been shared to
3. members of groups repo has been shared to
"""
users = []
if org_id:
repo_owner = seafile_api.get_org_repo_owner(repo_id)
user_shared_to = seafile_api.list_org_repo_shared_to(org_id,
repo_owner, repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
user_shared_to = seafile_api.list_repo_shared_to(
repo_owner, repo_id)
# 1. repo owner
users.append(repo_owner)
# 2. users repo has been shared to
for user in user_shared_to:
users.append(user.user)
# 3. members of groups repo has been shared to
groups = get_shared_groups_by_repo(repo_id, org_id)
for group in groups:
members = ccnet_api.get_group_members(group.id)
for member in members:
if member.user_name not in users:
users.append(member.user_name)
return users
def get_repo_info(repo):
repo_owner = seafile_api.get_repo_owner(repo.repo_id)
if not repo_owner:
try:
org_repo_owner = seafile_api.get_org_repo_owner(repo.repo_id)
except Exception:
org_repo_owner = None
owner = repo_owner or org_repo_owner or ''
result = {}
result['id'] = repo.repo_id
result['name'] = repo.repo_name
result['owner'] = owner
result['owner_email'] = owner
result['owner_name'] = email2nickname(owner)
result['owner_contact_email'] = email2contact_email(owner)
result['size'] = repo.size
result['size_formatted'] = filesizeformat(repo.size)
result['encrypted'] = repo.encrypted
result['file_count'] = repo.file_count
if '@seafile_group' in owner:
group_id = get_group_id_by_repo_owner(owner)
result['group_name'] = group_id_to_name(group_id)
return result
def format_repo_share_to_group_msg(self, notice):
d = json.loads(notice.detail)
repo_id = d['repo_id']
repo = seafile_api.get_repo(repo_id)
group_id = d['group_id']
group = ccnet_api.get_group(group_id)
org_id = d.get('org_id', None)
path = d['path']
if path == '/':
shared_type = 'library'
else:
shared_type = 'folder'
if org_id:
owner = seafile_api.get_org_repo_owner(repo_id)
repo = seafile_api.get_org_virtual_repo(
org_id, repo_id, path, owner)
else:
owner = seafile_api.get_repo_owner(repo_id)
repo = seafile_api.get_virtual_repo(repo_id, path, owner)
repo_url = reverse('lib_view', args=[repo.id, repo.name, ''])
notice.repo_url = repo_url
notice.notice_from = escape(email2nickname(d['share_from']))
notice.repo_name = repo.name
notice.avatar_src = self.get_avatar_src(d['share_from'])
notice.group_url = reverse('group', args=[group.id])
notice.group_name = group.group_name
notice.shared_type = shared_type
return notice
def search_files(repo_id_map,
search_path,
keyword,
obj_desc,
start=0,
size=10,
org_id=None):
if search_path is None:
search_path = '/'
files_found = []
for repo_id in repo_id_map:
repo = seafile_api.get_repo(repo_id)
if not repo.owner:
if org_id:
repo.owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo.owner = seafile_api.get_repo_owner(repo_id)
if not hasattr(repo, 'owner_nickname') or not repo.owner_nickname:
repo.owner_nickname = email2nickname(repo.owner)
if not hasattr(repo,
'owner_contact_email') or not repo.owner_contact_email:
repo.owner_contact_email = email2contact_email(repo.owner)
file_list = search_files_in_repo(repo, search_path, keyword, obj_desc)
files_found += file_list
total = len(files_found)
files_found.sort(cmp_items)
return files_found[start:start + size], total
def repo_online_gc(request, repo_id):
if request.method != 'POST':
raise Http404
repo = get_repo(repo_id)
if not repo:
raise Http404
referer = request.META.get('HTTP_REFERER', None)
next = settings.SITE_ROOT if referer is None else referer
username = request.user.username
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo.id)
else:
repo_owner = seafile_api.get_repo_owner(repo.id)
is_repo_owner = True if repo_owner == username else False
if not is_repo_owner:
messages.error(request, _('Permission denied'))
return HttpResponseRedirect(next)
day = int(request.POST.get('day'))
try:
seafile_api.clean_up_repo_history(repo.id, day)
except SearpcError as e:
logger.error(e)
messages.error(request, _('Internal server error'))
return HttpResponseRedirect(next)
return HttpResponseRedirect(next)
def repo_restored_cb(sender, **kwargs):
repo_id = kwargs['repo_id']
operator = kwargs['operator']
repo = seafile_api.get_repo(repo_id)
org_id = get_org_id_by_repo_id(repo_id)
if org_id > 0:
related_users = seafile_api.org_get_shared_users_by_repo(
org_id, repo_id)
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
related_users = seafile_api.get_shared_users_by_repo(repo_id)
repo_owner = seafile_api.get_repo_owner(repo_id)
if repo_owner not in related_users:
related_users.append(repo_owner)
record = {
'op_type': 'recover',
'obj_type': 'repo',
'timestamp': datetime.datetime.utcnow(),
'repo_id': repo_id,
'repo_name': repo.repo_name,
'path': '/',
'op_user': operator,
'related_users': related_users,
'org_id': org_id,
}
from utils import SeafEventsSession
session = SeafEventsSession()
seafevents.save_user_activity(session, record)
session.close()
def get_related_users_by_repo(repo_id, org_id=None):
""" Return all users who can view this library.
1. repo owner
2. users repo has been shared to
3. members of groups repo has been shared to
"""
users = []
# 1. users repo has been shared to
if org_id and org_id > 0:
users.extend(seafile_api.org_get_shared_users_by_repo(org_id, repo_id))
owner = seafile_api.get_org_repo_owner(repo_id)
else:
users.extend(seafile_api.get_shared_users_by_repo(repo_id))
owner = seafile_api.get_repo_owner(repo_id)
# 2. repo owner
if owner not in users:
users.append(owner)
# 3. members of groups repo has been shared to
groups = get_shared_groups_by_repo(repo_id, org_id)
for group in groups:
members = ccnet_api.get_group_members(group.id)
for member in members:
if member.user_name not in users:
users.append(member.user_name)
return users
def get_repo_info(repo):
repo_owner = seafile_api.get_repo_owner(repo.repo_id)
if not repo_owner:
try:
org_repo_owner = seafile_api.get_org_repo_owner(repo.repo_id)
except Exception:
org_repo_owner = None
owner = repo_owner or org_repo_owner or ''
result = {}
result['id'] = repo.repo_id
result['name'] = repo.repo_name
result['owner'] = owner
result['owner_email'] = owner
result['owner_name'] = email2nickname(owner)
result['owner_contact_email'] = email2contact_email(owner)
result['size'] = repo.size
result['size_formatted'] = filesizeformat(repo.size)
result['encrypted'] = repo.encrypted
result['file_count'] = repo.file_count
result['status'] = normalize_repo_status_code(repo.status)
if '@seafile_group' in owner:
group_id = get_group_id_by_repo_owner(owner)
result['group_name'] = group_id_to_name(group_id)
return result
def get_related_users_by_repo(repo_id, org_id=None):
""" Return all users who can view this library.
1. repo owner
2. users repo has been shared to
3. members of groups repo has been shared to
"""
users = []
if org_id:
repo_owner = seafile_api.get_org_repo_owner(repo_id)
user_shared_to = seafile_api.list_org_repo_shared_to(org_id,
repo_owner, repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
user_shared_to = seafile_api.list_repo_shared_to(
repo_owner, repo_id)
# 1. repo owner
users.append(repo_owner)
# 2. users repo has been shared to
for user in user_shared_to:
users.append(user.user)
# 3. members of groups repo has been shared to
groups = get_shared_groups_by_repo(repo_id, org_id)
for group in groups:
members = ccnet_api.get_group_members(group.id)
for member in members:
if member.user_name not in users:
users.append(member.user_name)
return users
def org_repo_delete(request, repo_id):
"""Delete a repo.
"""
if request.method != 'POST':
raise Http404
next = request.META.get('HTTP_REFERER', None)
if not next:
next = reverse("org_repo_admin")
repo = seafile_api.get_repo(repo_id)
if not repo:
raise Http404
repo_name = repo.name
org_id = request.user.org.org_id
if not is_org_repo(org_id, repo_id):
messages.error(request, 'Failed to delete, library does not exist.')
return HttpResponseRedirect(next)
usernames = seaserv.get_related_users_by_org_repo(org_id, repo_id)
repo_owner = seafile_api.get_org_repo_owner(repo_id)
seafile_api.remove_repo(repo_id)
repo_deleted.send(sender=None,
org_id=org_id,
usernames=usernames,
repo_owner=repo_owner,
repo_id=repo_id,
repo_name=repo_name)
messages.success(request, _(u'Successfully deleted.'))
return HttpResponseRedirect(next)
def DraftPublishEventHandler(session, msg):
elements = msg['content'].split('\t')
if len(elements) != 6:
logging.warning("got bad message: %s", elements)
return
record = dict()
record["timestamp"] = datetime.datetime.utcfromtimestamp(msg['ctime'])
record["op_type"] = elements[0]
record["obj_type"] = elements[1]
record["repo_id"] = elements[2]
repo = seafile_api.get_repo(elements[2])
record["repo_name"] = repo.name if repo else ''
record["op_user"] = elements[3]
record["path"] = elements[4]
record["old_path"] = elements[5]
users = []
org_id = get_org_id_by_repo_id(elements[2])
if org_id > 0:
users.extend(seafile_api.org_get_shared_users_by_repo(org_id, elements[2]))
owner = seafile_api.get_org_repo_owner(elements[2])
else:
users.extend(seafile_api.get_shared_users_by_repo(elements[2]))
owner = seafile_api.get_repo_owner(elements[2])
if owner not in users:
users = users + [owner]
if not users:
return
record["related_users"] = users
save_user_activity(session, record)
def list_group_shared_items(self, request, repo_id, path):
if is_org_context(request):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
repo_owner = seafile_api.get_org_repo_owner(repo_id)
org_id = request.user.org.org_id
if path == '/':
share_items = seafile_api.list_org_repo_shared_group(org_id,
repo_owner, repo_id)
else:
share_items = seafile_api.get_org_shared_groups_for_subdir(org_id,
repo_id, path, repo_owner)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if path == '/':
share_items = seafile_api.list_repo_shared_group_by_user(repo_owner, repo_id)
else:
share_items = seafile_api.get_shared_groups_for_subdir(repo_id,
path, repo_owner)
ret = []
# change is_admin to True if user in admin groups.
admin_groups = ExtraGroupsSharePermission.objects.get_admin_groups_by_repo(repo_id)
for item in share_items:
ret.append({
"share_type": "group",
"group_info": {
"id": item.group_id,
"name": seaserv.get_group(item.group_id).group_name,
},
"permission": item.perm,
"is_admin": item.group_id in admin_groups,
})
return ret
def list_user_shared_items(self, request, repo_id, path):
if is_org_context(request):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
repo_owner = seafile_api.get_org_repo_owner(repo_id)
org_id = request.user.org.org_id
if path == '/':
share_items = seafile_api.list_org_repo_shared_to(org_id,
repo_owner, repo_id)
else:
share_items = seafile_api.get_org_shared_users_for_subdir(org_id,
repo_id, path, repo_owner)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if path == '/':
share_items = seafile_api.list_repo_shared_to(repo_owner, repo_id)
else:
share_items = seafile_api.get_shared_users_for_subdir(repo_id,
path, repo_owner)
# change is_admin to True if user is repo admin.
admin_users = ExtraSharePermission.objects.get_admin_users_by_repo(repo_id)
ret = []
for item in share_items:
ret.append({
"share_type": "user",
"user_info": {
"name": item.user,
"nickname": email2nickname(item.user),
},
"permission": item.perm,
"is_admin": item.user in admin_users
})
return ret
def get_group_repos(username, org_id, groups):
"""Get repos shared to groups.
"""
group_repos = []
if org_id:
# For each group I joined...
for grp in groups:
# Get group repos, and for each group repos...
for r_id in seafile_api.get_org_group_repoids(org_id, grp.id):
# No need to list my own repo
repo_owner = seafile_api.get_org_repo_owner(r_id)
if repo_owner == username:
continue
group_repos.append(r_id)
else:
# For each group I joined...
for grp in groups:
# Get group repos, and for each group repos...
for r_id in seafile_api.get_group_repoids(grp.id):
# No need to list my own repo
repo_owner = seafile_api.get_repo_owner(r_id)
if repo_owner == username:
continue
group_repos.append(r_id)
return group_repos
def format_repo_share_msg(self, notice):
d = json.loads(notice.detail)
repo_id = d['repo_id']
repo = seafile_api.get_repo(repo_id)
path = d['path']
org_id = d.get('org_id', None)
if path == '/':
shared_type = 'library'
else:
shared_type = 'folder'
if org_id:
owner = seafile_api.get_org_repo_owner(repo_id)
repo = seafile_api.get_org_virtual_repo(
org_id, repo_id, path, owner)
else:
owner = seafile_api.get_repo_owner(repo_id)
repo = seafile_api.get_virtual_repo(repo_id, path, owner)
repo_url = reverse('lib_view', args=[repo_id, repo.name, ''])
notice.repo_url = repo_url
notice.notice_from = escape(email2nickname(d['share_from']))
notice.repo_name = repo.name
notice.avatar_src = self.get_avatar_src(d['share_from'])
notice.shared_type = shared_type
return notice
def format_repo_share_to_group_msg(self):
"""
Arguments:
- `self`:
"""
try:
d = json.loads(self.detail)
except Exception as e:
logger.error(e)
return _(u"Internal error")
share_from = email2nickname(d['share_from'])
repo_id = d['repo_id']
group_id = d['group_id']
path = d.get('path', '/')
org_id = d.get('org_id', None)
repo = None
try:
group = ccnet_api.get_group(group_id)
if path == '/':
repo = seafile_api.get_repo(repo_id)
else:
if org_id:
owner = seafile_api.get_org_repo_owner(repo_id)
repo = seafile_api.get_org_virtual_repo(
org_id, repo_id, path, owner)
else:
owner = seafile_api.get_repo_owner(repo_id)
repo = seafile_api.get_virtual_repo(repo_id, path, owner)
except Exception as e:
logger.error(e)
return None
if not repo or not group:
self.delete()
return None
if path == '/':
tmpl = 'notifications/notice_msg/repo_share_to_group_msg.html'
else:
tmpl = 'notifications/notice_msg/folder_share_to_group_msg.html'
msg = render_to_string(
tmpl, {
'user': share_from,
'lib_url': HASH_URLS["VIEW_COMMON_LIB_DIR"] % {
'repo_id': repo.id,
'path': ''
},
'lib_name': repo.name,
'group_url': HASH_URLS['GROUP_INFO'] % {
'group_id': group.id
},
'group_name': group.group_name,
})
return msg
def list_group_shared_items(self, request, repo_id, path):
if is_org_context(request):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
repo_owner = seafile_api.get_org_repo_owner(repo_id)
org_id = request.user.org.org_id
if path == '/':
share_items = seafile_api.list_org_repo_shared_group(
org_id, repo_owner, repo_id)
else:
share_items = seafile_api.get_org_shared_groups_for_subdir(
org_id, repo_id, path, repo_owner)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if path == '/':
share_items = seafile_api.list_repo_shared_group_by_user(
repo_owner, repo_id)
else:
share_items = seafile_api.get_shared_groups_for_subdir(
repo_id, path, repo_owner)
ret = []
# change is_admin to True if user in admin groups.
admin_groups = ExtraGroupsSharePermission.objects.get_admin_groups_by_repo(
repo_id)
for item in share_items:
if '@seafile_group' in repo_owner and \
repo_owner.split('@')[0] == str(item.group_id):
continue
group_id = item.group_id
group = ccnet_api.get_group(group_id)
if not group:
if is_org_context(request):
if path == '/':
seafile_api.del_org_group_repo(repo_id, org_id,
group_id)
else:
seafile_api.org_unshare_subdir_for_group(
org_id, repo_id, path, repo_owner, group_id)
else:
if path == '/':
seafile_api.unset_group_repo(repo_id, group_id,
repo_owner)
else:
seafile_api.unshare_subdir_for_group(
repo_id, path, repo_owner, group_id)
continue
ret.append({
"share_type": "group",
"group_info": {
"id": group_id,
"name": group.group_name,
},
"permission": item.perm,
"is_admin": group_id in admin_groups,
})
return ret
def put(self, request, repo_id, format=None):
""" Update permission in repo share invitation.
"""
# argument check
path = request.data.get('path', None)
if not path:
return api_error(status.HTTP_400_BAD_REQUEST, 'path invalid.')
token = request.data.get('token', None)
if not token:
return api_error(status.HTTP_400_BAD_REQUEST, 'token invalid.')
permission = request.data.get('permission', PERMISSION_READ)
if permission not in (PERMISSION_READ, PERMISSION_READ_WRITE):
return api_error(status.HTTP_400_BAD_REQUEST,
'permission invalid.')
# recourse check
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND,
'Folder %s not found.' % path)
# permission check
username = request.user.username
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if username != repo_owner and not is_repo_admin(username, repo_id):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# mian
try:
shared_obj = RepoShareInvitation.objects.get_by_token_and_path(
token=token, repo_id=repo_id, path=path)
if not shared_obj:
error_msg = 'repo share invitation not found.'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if shared_obj.permission == permission:
error_msg = 'repo share invitation already has %s premission.' % permission
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
shared_obj.permission = permission
shared_obj.save()
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def handle(self, *args, **options):
""" Export file access logs to excel.
"""
if not is_pro_version():
self.stdout.write("Failed to export excel, this feature is only in professional version.")
return
path = options['path']
start = str(options['start_date'])
end = str(options['end_date'])
if not check_time_period_valid(start, end):
self.stdout.write("Failed to export excel, invalid start or end date.")
return
events = get_log_events_by_type_and_time('file_audit', start, end)
head = [_("User"), _("Type"), _("IP"), _("Device"), _("Date"),
_("Library Name"), _("Library ID"), _("Library Owner"), _("File Path"),]
data_list = []
repo_obj_dict = {}
repo_owner_dict = {}
events.sort(key=lambda x: x.timestamp, reverse=True)
for ev in events:
event_type, ev.show_device = generate_file_audit_event_type(ev)
repo_id = ev.repo_id
if repo_id not in repo_obj_dict:
repo = seafile_api.get_repo(repo_id)
repo_obj_dict[repo_id] = repo
else:
repo = repo_obj_dict[repo_id]
if repo:
repo_name = repo.name
if repo_id not in repo_owner_dict:
repo_owner = seafile_api.get_repo_owner(repo_id) or \
seafile_api.get_org_repo_owner(repo_id)
repo_owner_dict[repo_id] = repo_owner
else:
repo_owner = repo_owner_dict[repo_id]
else:
repo_name = _('Deleted')
repo_owner = '--'
username = ev.user if ev.user else _('Anonymous User')
date = utc_to_local(ev.timestamp).strftime('%Y-%m-%d %H:%M:%S') if \
ev.timestamp else ''
row = [username, event_type, ev.ip, ev.show_device,
date, repo_name, ev.repo_id, repo_owner, ev.file_path]
data_list.append(row)
excel_name = 'file-access-logs.xlsx'
wb = write_xls(_('file-access-logs'), head, data_list)
wb.save(posixpath.join(path, excel_name)) if path else wb.save(excel_name)
def format_repo_share_to_group_msg(self):
"""
Arguments:
- `self`:
"""
try:
d = json.loads(self.detail)
except Exception as e:
logger.error(e)
return _("Internal Server Error")
share_from = email2nickname(d['share_from'])
repo_id = d['repo_id']
group_id = d['group_id']
path = d.get('path', '/')
org_id = d.get('org_id', None)
repo = None
try:
group = ccnet_api.get_group(group_id)
if path == '/':
repo = seafile_api.get_repo(repo_id)
else:
if org_id:
owner = seafile_api.get_org_repo_owner(repo_id)
repo = seafile_api.get_org_virtual_repo(
org_id, repo_id, path, owner)
else:
owner = seafile_api.get_repo_owner(repo_id)
repo = seafile_api.get_virtual_repo(repo_id, path, owner)
except Exception as e:
logger.error(e)
return None
if not repo or not group:
self.delete()
return None
if path == '/':
tmpl = 'notifications/notice_msg/repo_share_to_group_msg.html'
else:
tmpl = 'notifications/notice_msg/folder_share_to_group_msg.html'
lib_url = reverse('lib_view', args=[repo.id, repo.name, ''])
group_url = reverse('group', args=[group.id])
msg = render_to_string(
tmpl, {
'user': share_from,
'lib_url': lib_url,
'lib_name': repo.name,
'group_url': group_url,
'group_name': group.group_name,
})
return msg
def format_repo_share_to_group_msg(self):
"""
Arguments:
- `self`:
"""
try:
d = json.loads(self.detail)
except Exception as e:
logger.error(e)
return _(u"Internal error")
share_from = email2nickname(d['share_from'])
repo_id = d['repo_id']
group_id = d['group_id']
path = d.get('path', '/')
org_id = d.get('org_id', None)
repo = None
try:
group = ccnet_api.get_group(group_id)
if path == '/':
repo = seafile_api.get_repo(repo_id)
else:
if org_id:
owner = seafile_api.get_org_repo_owner(repo_id)
repo = seafile_api.get_org_virtual_repo(
org_id, repo_id, path, owner)
else:
owner = seafile_api.get_repo_owner(repo_id)
repo = seafile_api.get_virtual_repo(repo_id, path, owner)
except Exception as e:
logger.error(e)
return None
if not repo or not group:
self.delete()
return None
if path == '/':
tmpl = 'notifications/notice_msg/repo_share_to_group_msg.html'
else:
tmpl = 'notifications/notice_msg/folder_share_to_group_msg.html'
lib_url = reverse('lib_view', args=[repo.id, repo.name, ''])
group_url = reverse('group', args=[group.id])
msg = render_to_string(tmpl, {
'user': share_from,
'lib_url': lib_url,
'lib_name': repo.name,
'group_url': group_url,
'group_name': group.group_name,
})
return msg
def unsetinnerpub(request, repo_id):
"""Unshare repos in organization or in share admin page.
Only system admin, organization admin or repo owner can perform this op.
"""
repo = get_repo(repo_id)
perm = request.GET.get('permission', None)
if perm is None:
return render_error(request, _(u'Argument is not valid'))
if not repo:
messages.error(
request, _('Failed to unshare the library, as it does not exist.'))
return HttpResponseRedirect(reverse('share_admin'))
# permission check
username = request.user.username
if is_org_context(request):
org_id = request.user.org.org_id
repo_owner = seafile_api.get_org_repo_owner(repo.id)
is_repo_owner = True if repo_owner == username else False
if not (request.user.org.is_staff or is_repo_owner):
raise Http404
else:
repo_owner = seafile_api.get_repo_owner(repo.id)
is_repo_owner = True if repo_owner == username else False
if not (request.user.is_staff or is_repo_owner):
raise Http404
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(
org_id, repo.id)
else:
seaserv.unset_inner_pub_repo(repo.id)
origin_repo_id, origin_path = get_origin_repo_info(repo.id)
if origin_repo_id is not None:
perm_repo_id = origin_repo_id
perm_path = origin_path
else:
perm_repo_id = repo.id
perm_path = '/'
send_perm_audit_msg('delete-repo-perm', username, 'all',
perm_repo_id, perm_path, perm)
messages.success(request, _('Unshare "%s" successfully.') % repo.name)
except SearpcError:
messages.error(request, _('Failed to unshare "%s".') % repo.name)
referer = request.META.get('HTTP_REFERER', None)
next = settings.SITE_ROOT if referer is None else referer
return HttpResponseRedirect(next)
def unsetinnerpub(request, repo_id):
"""Unshare repos in organization or in share admin page.
Only system admin, organization admin or repo owner can perform this op.
"""
repo = get_repo(repo_id)
perm = request.GET.get('permission', None)
if perm is None:
return render_error(request, _(u'Argument is not valid'))
if not repo:
messages.error(request, _('Failed to unshare the library, as it does not exist.'))
return HttpResponseRedirect(reverse('share_admin'))
# permission check
username = request.user.username
if is_org_context(request):
org_id = request.user.org.org_id
repo_owner = seafile_api.get_org_repo_owner(repo.id)
is_repo_owner = True if repo_owner == username else False
if not (request.user.org.is_staff or is_repo_owner):
raise Http404
else:
repo_owner = seafile_api.get_repo_owner(repo.id)
is_repo_owner = True if repo_owner == username else False
if not (request.user.is_staff or is_repo_owner):
raise Http404
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id,
repo.id)
else:
seaserv.unset_inner_pub_repo(repo.id)
origin_repo_id, origin_path = get_origin_repo_info(repo.id)
if origin_repo_id is not None:
perm_repo_id = origin_repo_id
perm_path = origin_path
else:
perm_repo_id = repo.id
perm_path = '/'
send_perm_audit_msg('delete-repo-perm', username, 'all',
perm_repo_id, perm_path, perm)
messages.success(request, _('Unshare "%s" successfully.') % repo.name)
except SearpcError:
messages.error(request, _('Failed to unshare "%s".') % repo.name)
referer = request.META.get('HTTP_REFERER', None)
next = settings.SITE_ROOT if referer is None else referer
return HttpResponseRedirect(next)
def list_org_repos_by_name(org_id, repo_name):
repos = []
repos_all = seafile_api.get_org_repo_list(org_id, -1, -1)
for repo in repos_all:
if repo_name.lower() in repo.name.lower():
try:
repo.owner = seafile_api.get_org_repo_owner(repo.id)
except SearpcError:
repo.owner = "failed to get"
repos.append(repo)
return repos
def get_group_repos(username, org_id, groups):
"""Get repos shared to groups.
"""
group_repos = []
if org_id:
# For each group I joined...
for grp in groups:
# Get group repos, and for each group repos...
for r_id in seafile_api.get_org_group_repoids(org_id, grp.id):
# No need to list my own repo
repo_owner = seafile_api.get_org_repo_owner(r_id)
if repo_owner == username:
continue
# Convert repo properties due to the different collumns in Repo
# and SharedRepo
r = seafile_api.get_repo(r_id)
if not r:
continue
r.repo_id = r.id
r.repo_name = r.name
r.repo_desc = r.desc
r.last_modified = get_repo_last_modify(r)
r.share_type = 'group'
r.user = repo_owner
r.user_perm = seafile_api.check_repo_access_permission(
r_id, username)
r.group = grp
group_repos.append(r)
else:
# For each group I joined...
for grp in groups:
# Get group repos, and for each group repos...
for r_id in seafile_api.get_group_repoids(grp.id):
# No need to list my own repo
repo_owner = seafile_api.get_repo_owner(r_id)
if repo_owner == username:
continue
# Convert repo properties due to the different collumns in Repo
# and SharedRepo
r = seafile_api.get_repo(r_id)
if not r:
continue
r.repo_id = r.id
r.repo_name = r.name
r.repo_desc = r.desc
r.last_modified = get_repo_last_modify(r)
r.share_type = 'group'
r.user = repo_owner
r.user_perm = seafile_api.check_repo_access_permission(
r_id, username)
r.group = grp
group_repos.append(r)
return group_repos
def render_recycle_root(request, repo_id, referer):
repo = get_repo(repo_id)
if not repo:
raise Http404
scan_stat = request.GET.get('scan_stat', None)
try:
deleted_entries = seafile_api.get_deleted(repo_id, 0, '/', scan_stat)
except SearpcError as e:
logger.error(e)
referer = request.META.get('HTTP_REFERER', None)
next = settings.SITE_ROOT if referer is None else referer
return HttpResponseRedirect(next)
if not deleted_entries:
new_scan_stat = None
else:
new_scan_stat = deleted_entries[-1].scan_stat
trash_more = True if new_scan_stat is not None else False
deleted_entries = deleted_entries[0:-1]
for dirent in deleted_entries:
if stat.S_ISDIR(dirent.mode):
dirent.is_dir = True
else:
dirent.is_dir = False
# Entries sort by deletion time in descending order.
deleted_entries.sort(lambda x, y: cmp(y.delete_time, x.delete_time))
username = request.user.username
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo.id)
else:
repo_owner = seafile_api.get_repo_owner(repo.id)
is_repo_owner = True if repo_owner == username else False
enable_clean = False
if is_repo_owner:
enable_clean = True
return render_to_response('repo_dir_recycle_view.html', {
'show_recycle_root': True,
'repo': repo,
'repo_dir_name': repo.name,
'dir_entries': deleted_entries,
'scan_stat': new_scan_stat,
'trash_more': trash_more,
'enable_clean': enable_clean,
'referer': referer,
},
context_instance=RequestContext(request))
def render_recycle_root(request, repo_id):
repo = get_repo(repo_id)
if not repo:
raise Http404
scan_stat = request.GET.get('scan_stat', None)
try:
deleted_entries = seafile_api.get_deleted(repo_id, 0, '/', scan_stat)
except SearpcError as e:
logger.error(e)
referer = request.META.get('HTTP_REFERER', None)
next = settings.SITE_ROOT if referer is None else referer
return HttpResponseRedirect(next)
if not deleted_entries:
new_scan_stat = None
else:
new_scan_stat = deleted_entries[-1].scan_stat
trash_more = True if new_scan_stat is not None else False
deleted_entries = deleted_entries[0:-1]
for dirent in deleted_entries:
if stat.S_ISDIR(dirent.mode):
dirent.is_dir = True
else:
dirent.is_dir = False
# Entries sort by deletion time in descending order.
deleted_entries.sort(lambda x, y : cmp(y.delete_time,
x.delete_time))
username = request.user.username
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo.id)
else:
repo_owner = seafile_api.get_repo_owner(repo.id)
is_repo_owner = True if repo_owner == username else False
enable_clean = False
if is_repo_owner:
enable_clean = True
return render_to_response('repo_dir_recycle_view.html', {
'show_recycle_root': True,
'repo': repo,
'repo_dir_name': repo.name,
'dir_entries': deleted_entries,
'scan_stat': new_scan_stat,
'trash_more': trash_more,
'enable_clean': enable_clean,
}, context_instance=RequestContext(request))
def get(self, request, org_id):
""" Get all repos in an org.
Permission checking:
1. only admin can perform this action.
"""
if not request.user.admin_permissions.other_permission():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
org_id = int(org_id)
if org_id == 0:
error_msg = 'org_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
org = ccnet_api.get_org_by_id(org_id)
if not org:
error_msg = 'Organization %d not found.' % org_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
repos = seafile_api.get_org_repo_list(org_id, -1, -1)
except Exception as e:
logger.error(e)
error_msg = "Internal Server Error"
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# Use dict to reduce memcache fetch cost in large for-loop.
repo_id_2_email_dict = {repo.id: seafile_api.get_org_repo_owner(repo.id) for repo in repos}
owner_email_set = set(repo_id_2_email_dict.values())
nickname_dict = {}
contact_email_dict = {}
for e in owner_email_set:
if e not in nickname_dict:
nickname_dict[e] = email2nickname(e)
if e not in contact_email_dict:
contact_email_dict[e] = email2contact_email(e)
repos_info = []
for repo in repos:
repo_info = {}
repo_info['repo_name'] = repo.repo_name
owner_email = repo_id_2_email_dict.get(repo.id, '')
repo_info['owner_email'] = owner_email
repo_info['owner_name'] = nickname_dict.get(owner_email, '')
repo_info['owner_contact_email'] = contact_email_dict.get(owner_email, '')
repo_info['repo_id'] = repo.id
repo_info['encrypted'] = repo.encrypted
repos_info.append(repo_info)
return Response({'repo_list': repos_info})
def get(self, request, repo_id, format=None):
""" get all file/folder in a library
"""
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not can_view_sys_admin_repo(repo):
error_msg = 'Feature disabled.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
parent_dir = request.GET.get('parent_dir', '/')
if not parent_dir:
error_msg = 'parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if parent_dir[-1] != '/':
parent_dir = parent_dir + '/'
dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
if not dir_id:
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
try:
dirs = seafserv_threaded_rpc.list_dir_with_perm(repo_id,
parent_dir, dir_id, repo_owner, -1, -1)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return_results = {}
return_results['repo_name'] = repo.repo_name
return_results['repo_id'] = repo.repo_id
return_results['is_system_library'] = True if \
repo.id == get_system_default_repo_id() else False
return_results['dirent_list'] = []
for dirent in dirs:
dirent_info = get_dirent_info(dirent)
return_results['dirent_list'].append(dirent_info)
return Response(return_results)
def get(self, request, repo_id, format=None):
""" get all file/folder in a library
"""
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not can_view_sys_admin_repo(repo):
error_msg = 'Feature disabled.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
parent_dir = request.GET.get('parent_dir', '/')
if not parent_dir:
error_msg = 'parent_dir invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if parent_dir[-1] != '/':
parent_dir = parent_dir + '/'
dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
if not dir_id:
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
try:
dirs = seafserv_threaded_rpc.list_dir_with_perm(
repo_id, parent_dir, dir_id, repo_owner, -1, -1)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return_results = {}
return_results['repo_name'] = repo.repo_name
return_results['repo_id'] = repo.repo_id
return_results['is_system_library'] = True if \
repo.id == get_system_default_repo_id() else False
return_results['dirent_list'] = []
for dirent in dirs:
dirent_info = get_dirent_info(dirent)
return_results['dirent_list'].append(dirent_info)
return Response(return_results)
def format_repo_share_to_group_msg(self):
"""
Arguments:
- `self`:
"""
try:
d = json.loads(self.detail)
except Exception as e:
logger.error(e)
return _(u"Internal error")
share_from = email2nickname(d['share_from'])
repo_id = d['repo_id']
group_id = d['group_id']
path = d.get('path', '/')
org_id = d.get('org_id', None)
repo = None
try:
group = ccnet_api.get_group(group_id)
if path == '/':
repo = seafile_api.get_repo(repo_id)
else:
if org_id:
owner = seafile_api.get_org_repo_owner(repo_id)
repo = seafile_api.get_org_virtual_repo(
org_id, repo_id, path, owner)
else:
owner = seafile_api.get_repo_owner(repo_id)
repo = seafile_api.get_virtual_repo(repo_id, path, owner)
except Exception as e:
logger.error(e)
return None
if not repo or not group:
self.delete()
return None
msg = _(
u"%(user)s has shared a library named <a href='%(repo_href)s'>%(repo_name)s</a> to group <a href='%(group_href)s'>%(group_name)s</a>."
) % {
'user': escape(share_from),
'repo_href': reverse('view_common_lib_dir', args=[repo.id, '']),
'repo_name': escape(repo.name),
'group_href': reverse('group_info', args=[group.id]),
'group_name': escape(group.group_name),
}
return msg
def _decorated(view, request, repo_id, *args, **kwargs):
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check permission
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
username = request.user.username
if repo.is_virtual or username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
return func(view, request, repo_id, *args, **kwargs)
def _decorated(view, request, repo_id, *args, **kwargs):
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check permission
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
username = request.user.username
if repo.is_virtual or username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check arguments
group_id = request.data.get('group_id', None)
path = request.data.get('folder_path', None)
perm = request.data.get('permission', None)
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not seaserv.get_group(group_id):
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if path:
path = path.rstrip('/') if path != '/' else path
if seafile_api.get_dir_id_by_path(repo_id, path) is None:
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if request.method in ('POST', 'PUT') and perm not in ('r', 'rw'):
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
return func(view, request, repo_id, *args, **kwargs)
def has_shared_to_group(repo_id, path, gid, org_id=None):
if is_valid_org_id(org_id):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
repo_owner = seafile_api.get_org_repo_owner(repo_id)
if path == '/':
share_items = seafile_api.list_org_repo_shared_group(org_id,
repo_owner, repo_id)
else:
share_items = seafile_api.get_org_shared_groups_for_subdir(org_id,
repo_id, path, repo_owner)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if path == '/':
share_items = seafile_api.list_repo_shared_group_by_user(repo_owner, repo_id)
else:
share_items = seafile_api.get_shared_groups_for_subdir(repo_id,
path, repo_owner)
return gid in [item.group_id for item in share_items]
def can_access_repo_setting(request, repo_id, username):
repo = seafile_api.get_repo(repo_id)
if not repo:
return (False, None)
# no settings for virtual repo
if ENABLE_SUB_LIBRARY and repo.is_virtual:
return (False, None)
# check permission
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
is_owner = True if username == repo_owner else False
if not is_owner:
return (False, None)
return (True, repo)
def ajax_repo_remove_share(request):
"""
Remove repo shared to user/group/public
"""
content_type = 'application/json; charset=utf-8'
repo_id = request.POST.get('repo_id', None)
share_type = request.POST.get('share_type', None)
if not seafile_api.get_repo(repo_id):
return HttpResponse(json.dumps({'error': _(u'Library does not exist')}), status=400,
content_type=content_type)
username = request.user.username
if share_type == 'personal':
from_email = request.POST.get('from', None)
if not is_valid_username(from_email):
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400,
content_type=content_type)
if is_org_context(request):
org_id = request.user.org.org_id
org_remove_share(org_id, repo_id, from_email, username)
else:
seaserv.remove_share(repo_id, from_email, username)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=content_type)
elif share_type == 'group':
from_email = request.POST.get('from', None)
if not is_valid_username(from_email):
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400,
content_type=content_type)
group_id = request.POST.get('group_id', None)
group = seaserv.get_group(group_id)
if not group:
return HttpResponse(json.dumps({'error': _(u"Group does not exist")}), status=400,
content_type=content_type)
if seaserv.check_group_staff(group_id, username) or \
seafile_api.is_repo_owner(username, repo_id):
if is_org_group(group_id):
org_id = get_org_id_by_group(group_id)
del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, from_email)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=400,
content_type=content_type)
elif share_type == 'public':
if is_org_context(request):
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
is_org_repo_owner = True if org_repo_owner == username else False
if request.user.org.is_staff or is_org_repo_owner:
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id,
repo_id)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=403,
content_type=content_type)
else:
if seafile_api.is_repo_owner(username, repo_id) or \
request.user.is_staff:
unset_inner_pub_repo(repo_id)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=403,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400,
content_type=content_type)
def delete(self, request, repo_id, format=None):
if not seafile_api.get_repo(repo_id):
return api_error(status.HTTP_400_BAD_REQUEST, 'Library does not exist')
username = request.user.username
share_type = request.GET.get('share_type', None)
if share_type == 'personal':
from_email = request.GET.get('from', None)
if not is_valid_username(from_email):
return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_remove_share(org_id,
repo_id,
from_email,
username)
else:
seaserv.remove_share(repo_id, from_email, username)
elif share_type == 'group':
from_email = request.GET.get('from', None)
if not is_valid_username(from_email):
return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument')
group_id = request.GET.get('group_id', None)
group = seaserv.get_group(group_id)
if not group:
return api_error(status.HTTP_400_BAD_REQUEST, 'Group does not exist')
if not seaserv.check_group_staff(group_id, username) and \
not seafile_api.is_repo_owner(username, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied')
if seaserv.is_org_group(group_id):
org_id = seaserv.get_org_id_by_group(group_id)
seaserv.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, from_email)
elif share_type == 'public':
if is_org_context(request):
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
is_org_repo_owner = True if org_repo_owner == username else False
if not request.user.org.is_staff and not is_org_repo_owner:
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied')
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id,
repo_id)
else:
if not seafile_api.is_repo_owner(username, repo_id) and \
not request.user.is_staff:
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied')
seaserv.unset_inner_pub_repo(repo_id)
else:
return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument')
return Response({'success': True}, status=status.HTTP_200_OK)
def render_repo(request, repo):
"""Steps to show repo page:
If user has permission to view repo
If repo is encrypt and password is not set on server
return decrypt repo page
If repo is not encrypt or password is set on server
Show repo direntries based on requested path
If user does not have permission to view repo
return permission deny page
"""
username = request.user.username
path = get_path_from_request(request)
user_perm = check_repo_access_permission(repo.id, request.user)
if user_perm is None:
return render_to_response("repo_access_deny.html", {"repo": repo}, context_instance=RequestContext(request))
sub_lib_enabled = UserOptions.objects.is_sub_lib_enabled(username)
server_crypto = False
if repo.encrypted:
try:
server_crypto = UserOptions.objects.is_server_crypto(username)
except CryptoOptionNotSetError:
return render_to_response("options/set_user_options.html", {}, context_instance=RequestContext(request))
if (repo.enc_version == 1 or (repo.enc_version == 2 and server_crypto)) and not is_password_set(
repo.id, username
):
return render_to_response(
"decrypt_repo_form.html",
{
"repo": repo,
"next": get_next_url_from_request(request) or reverse("repo", args=[repo.id]),
"force_server_crypto": FORCE_SERVER_CRYPTO,
},
context_instance=RequestContext(request),
)
# query context args
fileserver_root = get_fileserver_root()
max_upload_file_size = get_max_upload_file_size()
protocol = request.is_secure() and "https" or "http"
domain = RequestSite(request).domain
for g in request.user.joined_groups:
g.avatar = grp_avatar(g.id, 20)
head_commit = get_commit(repo.id, repo.version, repo.head_cmmt_id)
if not head_commit:
raise Http404
if new_merge_with_no_conflict(head_commit):
info_commit = get_commit_before_new_merge(head_commit)
else:
info_commit = head_commit
repo_size = get_repo_size(repo.id)
no_quota = is_no_quota(repo.id)
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo.id)
else:
repo_owner = seafile_api.get_repo_owner(repo.id)
is_repo_owner = True if repo_owner == username else False
if is_repo_owner and not repo.is_virtual:
show_repo_settings = True
else:
show_repo_settings = False
more_start = None
file_list, dir_list, dirent_more = get_repo_dirents(request, repo, head_commit, path, offset=0, limit=100)
if dirent_more:
more_start = 100
zipped = get_nav_path(path, repo.name)
repo_groups = get_shared_groups_by_repo_and_user(repo.id, username)
if len(repo_groups) > 1:
repo_group_str = render_to_string("snippets/repo_group_list.html", {"groups": repo_groups})
else:
repo_group_str = ""
upload_url = get_upload_url(request, repo.id)
fileshare = get_fileshare(repo.id, username, path)
dir_shared_link = get_dir_share_link(fileshare)
uploadlink = get_uploadlink(repo.id, username, path)
dir_shared_upload_link = get_dir_shared_upload_link(uploadlink)
return render_to_response(
"repo.html",
{
"repo": repo,
"user_perm": user_perm,
"repo_owner": repo_owner,
"is_repo_owner": is_repo_owner,
"show_repo_settings": show_repo_settings,
"current_commit": head_commit,
"info_commit": info_commit,
"password_set": True,
"repo_size": repo_size,
"dir_list": dir_list,
"file_list": file_list,
"dirent_more": dirent_more,
"more_start": more_start,
"path": path,
"zipped": zipped,
"groups": repo_groups,
"repo_group_str": repo_group_str,
"no_quota": no_quota,
"max_upload_file_size": max_upload_file_size,
"upload_url": upload_url,
"fileserver_root": fileserver_root,
"protocol": protocol,
"domain": domain,
"fileshare": fileshare,
"dir_shared_link": dir_shared_link,
"uploadlink": uploadlink,
"dir_shared_upload_link": dir_shared_upload_link,
"ENABLE_SUB_LIBRARY": ENABLE_SUB_LIBRARY,
"server_crypto": server_crypto,
"sub_lib_enabled": sub_lib_enabled,
},
context_instance=RequestContext(request),
)
def delete(self, request, repo_id, format=None):
""" Unshare a repo.
Permission checking:
1. Only repo owner can unshare a library.
"""
# argument check
share_type = request.GET.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('personal', 'group', 'public'):
error_msg = "share_type can only be 'personal' or 'group' or 'public'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id)
# permission check
username = request.user.username
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# delete share
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
if share_type == 'personal':
user = request.GET.get('user', None)
if not user or not is_valid_username(user):
error_msg = 'user invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# if user not found, permission will be None
permission = seafile_api.check_permission_by_path(
repo_id, '/', user)
try:
if org_id:
seafile_api.org_remove_share(org_id, repo_id,
username, user)
else:
seafile_api.remove_share(repo_id, username, user)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
send_perm_audit_msg('delete-repo-perm', username, user,
repo_id, '/', permission)
if share_type == 'group':
group_id = request.GET.get('group_id', None)
if not group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id must be integer.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# hacky way to get group repo permission
permission = ''
if org_id:
for e in seafile_api.list_org_repo_shared_group(
org_id, username, repo_id):
if e.group_id == group_id:
permission = e.perm
break
else:
for e in seafile_api.list_repo_shared_group_by_user(username, repo_id):
if e.group_id == group_id:
permission = e.perm
break
try:
if org_id:
seaserv.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, '/', permission)
if share_type == 'public':
pub_repos = []
if org_id:
pub_repos = seaserv.list_org_inner_pub_repos(org_id, username)
if not request.cloud_mode:
pub_repos = seaserv.list_inner_pub_repos(username)
try:
if org_id:
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id, repo_id)
else:
seafile_api.remove_inner_pub_repo(repo_id)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
permission = ''
for repo in pub_repos:
if repo.repo_id == repo_id:
permission = repo.permission
break
if permission:
send_perm_audit_msg('delete-repo-perm', username, 'all', repo_id, '/', permission)
return Response({'success': True})
def view_file(request, repo_id):
"""
Steps to view file:
1. Get repo id and file path.
2. Check user's permission.
3. Check whether this file can be viewed online.
4.1 Get file content if file is text file.
4.2 Prepare flash if file is document.
4.3 Prepare or use pdfjs if file is pdf.
4.4 Other file return it's raw path.
"""
username = request.user.username
# check arguments
repo = get_repo(repo_id)
if not repo:
raise Http404
path = request.GET.get('p', '/').rstrip('/')
obj_id = get_file_id_by_path(repo_id, path)
if not obj_id:
return render_error(request, _(u'File does not exist'))
# construct some varibles
u_filename = os.path.basename(path)
current_commit = get_commits(repo_id, 0, 1)[0]
# Check whether user has permission to view file and get file raw path,
# render error page if permission deny.
raw_path, inner_path, user_perm = get_file_view_path_and_perm(request,
repo_id,
obj_id, path)
if not user_perm:
return render_permission_error(request, _(u'Unable to view file'))
# check if the user is the owner or not, for 'private share'
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo.id)
is_repo_owner = True if repo_owner == username else False
else:
is_repo_owner = seafile_api.is_repo_owner(username, repo.id)
# get file type and extension
filetype, fileext = get_file_type_and_ext(u_filename)
img_prev = None
img_next = None
ret_dict = {'err': '', 'file_content': '', 'encoding': '', 'file_enc': '',
'file_encoding_list': [], 'html_exists': False,
'filetype': filetype}
fsize = get_file_size(repo.store_id, repo.version, obj_id)
exceeds_limit, err_msg = file_size_exceeds_preview_limit(fsize, filetype)
if exceeds_limit:
ret_dict['err'] = err_msg
else:
"""Choose different approach when dealing with different type of file."""
if is_textual_file(file_type=filetype):
handle_textual_file(request, filetype, inner_path, ret_dict)
if filetype == MARKDOWN:
c = ret_dict['file_content']
ret_dict['file_content'] = convert_md_link(c, repo_id, username)
elif filetype == DOCUMENT:
handle_document(inner_path, obj_id, fileext, ret_dict)
elif filetype == SPREADSHEET:
handle_spreadsheet(inner_path, obj_id, fileext, ret_dict)
elif filetype == OPENDOCUMENT:
if fsize == 0:
ret_dict['err'] = _(u'Invalid file format.')
elif filetype == PDF:
handle_pdf(inner_path, obj_id, fileext, ret_dict)
elif filetype == IMAGE:
parent_dir = os.path.dirname(path)
dirs = seafile_api.list_dir_by_commit_and_path(current_commit.repo_id,
current_commit.id, parent_dir)
if not dirs:
raise Http404
img_list = []
for dirent in dirs:
if not stat.S_ISDIR(dirent.props.mode):
fltype, flext = get_file_type_and_ext(dirent.obj_name)
if fltype == 'Image':
img_list.append(dirent.obj_name)
if len(img_list) > 1:
img_list.sort(lambda x, y : cmp(x.lower(), y.lower()))
cur_img_index = img_list.index(u_filename)
if cur_img_index != 0:
img_prev = posixpath.join(parent_dir, img_list[cur_img_index - 1])
if cur_img_index != len(img_list) - 1:
img_next = posixpath.join(parent_dir, img_list[cur_img_index + 1])
else:
pass
# generate file path navigator
zipped = gen_path_link(path, repo.name)
# file shared link
l = FileShare.objects.filter(repo_id=repo_id).filter(
username=username).filter(path=path)
fileshare = l[0] if len(l) > 0 else None
http_or_https = request.is_secure() and 'https' or 'http'
domain = RequestSite(request).domain
if fileshare:
file_shared_link = gen_file_share_link(fileshare.token)
else:
file_shared_link = ''
for g in request.user.joined_groups:
g.avatar = grp_avatar(g.id, 20)
"""List repo groups"""
# Get groups this repo is shared.
if request.user.org:
org_id = request.user.org.org_id
repo_shared_groups = get_org_groups_by_repo(org_id, repo_id)
else:
repo_shared_groups = get_shared_groups_by_repo(repo_id)
# Filter out groups that user in joined.
groups = [x for x in repo_shared_groups if is_group_user(x.id, username)]
if len(groups) > 1:
ctx = {}
ctx['groups'] = groups
repogrp_str = render_to_string("snippets/repo_group_list.html", ctx)
else:
repogrp_str = ''
file_path_hash = hashlib.md5(urllib2.quote(path.encode('utf-8'))).hexdigest()[:12]
# fetch file contributors and latest contributor
contributors, last_modified, last_commit_id = \
FileContributors.objects.get_file_contributors(
repo_id, path.encode('utf-8'), file_path_hash, obj_id)
latest_contributor = contributors[0] if contributors else None
# check whether file is starred
is_starred = False
org_id = -1
if request.user.org:
org_id = request.user.org.org_id
is_starred = is_file_starred(username, repo.id, path.encode('utf-8'), org_id)
template = 'view_file_%s.html' % ret_dict['filetype'].lower()
return render_to_response(template, {
'repo': repo,
'is_repo_owner': is_repo_owner,
'obj_id': obj_id,
'filename': u_filename,
'path': path,
'zipped': zipped,
'current_commit': current_commit,
'fileext': fileext,
'raw_path': raw_path,
'fileshare': fileshare,
'protocol': http_or_https,
'domain': domain,
'file_shared_link': file_shared_link,
'err': ret_dict['err'],
'file_content': ret_dict['file_content'],
'file_enc': ret_dict['file_enc'],
'encoding': ret_dict['encoding'],
'file_encoding_list': ret_dict['file_encoding_list'],
'html_exists': ret_dict['html_exists'],
'html_detail': ret_dict.get('html_detail', {}),
'filetype': ret_dict['filetype'],
'groups': groups,
'use_pdfjs': USE_PDFJS,
'contributors': contributors,
'latest_contributor': latest_contributor,
'last_modified': last_modified,
'last_commit_id': last_commit_id,
'repo_group_str': repogrp_str,
'is_starred': is_starred,
'user_perm': user_perm,
'img_prev': img_prev,
'img_next': img_next,
'highlight_keyword': settings.HIGHLIGHT_KEYWORD,
}, context_instance=RequestContext(request))
def put(self, request, repo_id, format=None):
""" Update permission of a shared repo.
Permission checking:
1. Only repo owner can update.
"""
# argument check
permission = request.data.get('permission', None)
if permission not in ['r', 'rw']:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('personal', 'group', 'public'):
error_msg = "share_type can only be 'personal' or 'group' or 'public'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# update share permission
if share_type == 'personal':
shared_to = request.data.get('user', None)
if not shared_to or not is_valid_username(shared_to):
error_msg = 'user invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_set_share_permission(
org_id, repo_id, username, shared_to, permission)
else:
seafile_api.set_share_permission(repo_id,
username, shared_to, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
send_perm_audit_msg('modify-repo-perm', username,
shared_to, repo_id, '/', permission)
if share_type == 'group':
group_id = request.data.get('group_id', None)
if not group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id must be integer.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.set_org_group_repo_permission(
org_id, group_id, repo_id, permission)
else:
seafile_api.set_group_repo_permission(
group_id, repo_id, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
send_perm_audit_msg('modify-repo-perm', username,
group_id, repo_id, '/', permission)
if share_type == 'public':
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.set_org_inner_pub_repo(
org_id, repo_id, permission)
else:
seafile_api.add_inner_pub_repo(repo_id, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
send_perm_audit_msg('modify-repo-perm', username,
'all', repo_id, '/', permission)
return Response({'success': True})
def get(self, request):
# check the date format, should be like '2015-10-10'
start = request.GET.get('start', None)
end = request.GET.get('end', None)
if not check_time_period_valid(start, end):
error_msg = 'start or end date invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
events = get_log_events_by_type_and_time('file_audit', start, end)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
result = []
if events:
# get name/contact_email dict for events user/repo_owner
ev_user_list = []
ev_repo_owner_list = []
for ev in events:
repo_id = ev.repo_id
repo = seafile_api.get_repo(repo_id)
if repo:
ev.repo_name = repo.name
ev.repo_owner = seafile_api.get_repo_owner(repo_id) or \
seafile_api.get_org_repo_owner(repo_id)
else:
ev.repo_name = ''
ev.repo_owner = ''
ev_user_list.append(ev.user)
ev_repo_owner_list.append(ev.repo_owner)
ev_user_name_dict = get_user_name_dict(ev_user_list)
ev_user_contact_email_dict = get_user_contact_email_dict(ev_user_list)
ev_repo_owner_name_dict = get_user_name_dict(ev_repo_owner_list)
ev_repo_owner_contact_email_dict = get_user_contact_email_dict(ev_repo_owner_list)
for ev in events:
result.append({
'repo_id': ev.repo_id,
'repo_name': ev.repo_name,
'repo_owner_email': ev.repo_owner,
'repo_owner_name': ev_repo_owner_name_dict[ev.repo_owner],
'repo_owner_contact_email': ev_repo_owner_contact_email_dict[ev.repo_owner],
'time': datetime_to_isoformat_timestr(ev.timestamp),
'ip': ev.ip,
'file_path': ev.file_path,
'etype': ev.etype,
'user_email': ev.user,
'user_name': ev_user_name_dict[ev.user],
'user_contact_email': ev_user_contact_email_dict[ev.user],
})
return Response(result)
def delete(self, request, repo_id, format=None):
""" delete a library
Permission checking:
1. only admin can perform this action.
"""
if get_system_default_repo_id() == repo_id:
error_msg = _('System library can not be deleted.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
repo = seafile_api.get_repo(repo_id)
if not repo:
# for case of `seafile-data` has been damaged
# no `repo object` will be returned from seafile api
# delete the database record anyway
try:
seafile_api.remove_repo(repo_id)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
repo_name = repo.name
repo_owner = seafile_api.get_repo_owner(repo_id)
if not repo_owner:
repo_owner = seafile_api.get_org_repo_owner(repo_id)
try:
seafile_api.remove_repo(repo_id)
try:
org_id = seafile_api.get_org_id_by_repo_id(repo_id)
related_usernames = get_related_users_by_repo(repo_id,
org_id if org_id > 0 else None)
except Exception as e:
logger.error(e)
org_id = -1
related_usernames = []
# send signal for seafevents
repo_deleted.send(sender=None, org_id=-1, operator=request.user.username,
usernames=related_usernames, repo_owner=repo_owner,
repo_id=repo_id, repo_name=repo.name)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# send admin operation log signal
admin_op_detail = {
"id": repo_id,
"name": repo_name,
"owner": repo_owner,
}
admin_operation.send(sender=None, admin_name=request.user.username,
operation=REPO_DELETE, detail=admin_op_detail)
return Response({'success': True})
def get_repo_owner(self, request, repo_id):
if is_org_context(request):
return seafile_api.get_org_repo_owner(repo_id)
else:
return seafile_api.get_repo_owner(repo_id)
def render_repo(request, repo):
"""Steps to show repo page:
If user has permission to view repo
If repo is encrypt and password is not set on server
return decrypt repo page
If repo is not encrypt or password is set on server
Show repo direntries based on requested path
If user does not have permission to view repo
return permission deny page
"""
username = request.user.username
path = get_path_from_request(request)
user_perm = check_repo_access_permission(repo.id, request.user)
if user_perm is None:
return render_to_response('repo_access_deny.html', {
'repo': repo,
}, context_instance=RequestContext(request))
sub_lib_enabled = UserOptions.objects.is_sub_lib_enabled(username)
server_crypto = False
if repo.encrypted:
try:
server_crypto = UserOptions.objects.is_server_crypto(username)
except CryptoOptionNotSetError:
return render_to_response('options/set_user_options.html', {
}, context_instance=RequestContext(request))
if (repo.enc_version == 1 or (repo.enc_version == 2 and server_crypto)) \
and not is_password_set(repo.id, username):
return render_to_response('decrypt_repo_form.html', {
'repo': repo,
'next': get_next_url_from_request(request) or \
reverse('repo', args=[repo.id]),
'force_server_crypto': FORCE_SERVER_CRYPTO,
}, context_instance=RequestContext(request))
# query context args
fileserver_root = get_fileserver_root()
max_upload_file_size = get_max_upload_file_size()
protocol = request.is_secure() and 'https' or 'http'
domain = RequestSite(request).domain
for g in request.user.joined_groups:
g.avatar = grp_avatar(g.id, 20)
head_commit = get_commit(repo.id, repo.version, repo.head_cmmt_id)
if not head_commit:
raise Http404
if new_merge_with_no_conflict(head_commit):
info_commit = get_commit_before_new_merge(head_commit)
else:
info_commit = head_commit
repo_size = get_repo_size(repo.id)
no_quota = is_no_quota(repo.id)
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo.id)
else:
repo_owner = seafile_api.get_repo_owner(repo.id)
is_repo_owner = True if repo_owner == username else False
if is_repo_owner and not repo.is_virtual:
show_repo_settings = True
else:
show_repo_settings = False
more_start = None
file_list, dir_list, dirent_more = get_repo_dirents(request, repo,
head_commit, path,
offset=0, limit=100)
if dirent_more:
more_start = 100
zipped = get_nav_path(path, repo.name)
repo_groups = get_shared_groups_by_repo_and_user(repo.id, username)
if len(repo_groups) > 1:
repo_group_str = render_to_string("snippets/repo_group_list.html",
{'groups': repo_groups})
else:
repo_group_str = ''
upload_url = get_upload_url(request, repo.id)
fileshare = get_fileshare(repo.id, username, path)
dir_shared_link = get_dir_share_link(fileshare)
uploadlink = get_uploadlink(repo.id, username, path)
dir_shared_upload_link = get_dir_shared_upload_link(uploadlink)
return render_to_response('repo.html', {
'repo': repo,
'user_perm': user_perm,
'repo_owner': repo_owner,
'is_repo_owner': is_repo_owner,
'show_repo_settings': show_repo_settings,
'current_commit': head_commit,
'info_commit': info_commit,
'password_set': True,
'repo_size': repo_size,
'dir_list': dir_list,
'file_list': file_list,
'dirent_more': dirent_more,
'more_start': more_start,
'path': path,
'zipped': zipped,
'groups': repo_groups,
'repo_group_str': repo_group_str,
'no_quota': no_quota,
'max_upload_file_size': max_upload_file_size,
'upload_url': upload_url,
'fileserver_root': fileserver_root,
'protocol': protocol,
'domain': domain,
'fileshare': fileshare,
'dir_shared_link': dir_shared_link,
'uploadlink': uploadlink,
'dir_shared_upload_link': dir_shared_upload_link,
'ENABLE_SUB_LIBRARY': ENABLE_SUB_LIBRARY,
'server_crypto': server_crypto,
"sub_lib_enabled": sub_lib_enabled,
}, context_instance=RequestContext(request))
def update_notice_detail(request, notices):
repo_dict = {}
for notice in notices:
if notice.is_repo_share_msg():
try:
d = json.loads(notice.detail)
repo_id = d['repo_id']
path = d.get('path', '/')
org_id = d.get('org_id', None)
if path == '/':
repo = seafile_api.get_repo(repo_id)
else:
if org_id:
owner = seafile_api.get_org_repo_owner(repo_id)
repo = seafile_api.get_org_virtual_repo(
org_id, repo_id, path, owner)
else:
owner = seafile_api.get_repo_owner(repo_id)
repo = seafile_api.get_virtual_repo(repo_id, path, owner)
if repo is None:
notice.detail = None
else:
d.pop('org_id')
share_from_user_email = d.pop('share_from')
url, is_default, date_uploaded = api_avatar_url(share_from_user_email, 32)
d['repo_name'] = repo.name
d['repo_id'] = repo.id
d['share_from_user_name'] = email2nickname(share_from_user_email)
d['share_from_user_email'] = share_from_user_email
d['share_from_user_contact_email'] = email2contact_email(share_from_user_email)
d['share_from_user_avatar_url'] = request.build_absolute_uri(url)
notice.detail = d
except Exception as e:
logger.error(e)
elif notice.is_repo_share_to_group_msg():
try:
d = json.loads(notice.detail)
group_id = d['group_id']
path = d.get('path', '/')
org_id = d.get('org_id', None)
repo_id = d['repo_id']
group = ccnet_api.get_group(group_id)
if path == '/':
repo = seafile_api.get_repo(repo_id)
else:
if org_id:
owner = seafile_api.get_org_repo_owner(repo_id)
repo = seafile_api.get_org_virtual_repo(
org_id, repo_id, path, owner)
else:
owner = seafile_api.get_repo_owner(repo_id)
repo = seafile_api.get_virtual_repo(repo_id, path, owner)
if not repo or not group:
notice.detail = None
else:
d.pop('org_id')
share_from_user_email = d.pop('share_from')
url, is_default, date_uploaded = api_avatar_url(share_from_user_email, 32)
d['share_from_user_name'] = email2nickname(share_from_user_email)
d['share_from_user_email'] = share_from_user_email
d['share_from_user_contact_email'] = email2contact_email(share_from_user_email)
d['share_from_user_avatar_url'] = request.build_absolute_uri(url)
d['repo_name'] = repo.name
d['repo_id'] = repo.id
d['group_name'] = group.group_name
notice.detail = d
except Exception as e:
logger.error(e)
elif notice.is_add_user_to_group():
try:
d = json.loads(notice.detail)
group_id = d['group_id']
group = ccnet_api.get_group(group_id)
if group is None:
notice.detail = None
else:
group_staff_email = d.pop('group_staff')
url, is_default, date_uploaded = api_avatar_url(group_staff_email, 32)
d['group_staff_name'] = email2nickname(group_staff_email)
d['group_staff_email'] = group_staff_email
d['group_staff_contact_email'] = email2contact_email(group_staff_email)
d['group_staff_avatar_url'] = request.build_absolute_uri(url)
d['group_name'] = group.group_name
notice.detail = d
except Exception as e:
logger.error(e)
elif notice.is_draft_comment_msg():
try:
d = json.loads(notice.detail)
author_email = d.pop('author')
url, is_default, date_uploaded = api_avatar_url(author_email, 32)
d['author_name'] = email2nickname(author_email)
d['author_email'] = author_email
d['author_context_email'] = email2contact_email(author_email)
d['author_avatar_url'] = request.build_absolute_uri(url)
notice.detail = d
except Exception as e:
logger.error(e)
elif notice.is_repo_transfer_msg():
try:
d = json.loads(notice.detail)
repo_id = d['repo_id']
repo = seafile_api.get_repo(repo_id)
if not repo:
notice.detail = None
else:
d.pop('org_id')
repo_owner_email = d.pop('repo_owner')
d['transfer_from_user_name'] = email2nickname(repo_owner_email)
d['transfer_from_user_email'] = repo_owner_email
d['transfer_from_user_contact_email'] = email2contact_email(repo_owner_email)
url, is_default, date_uploaded = api_avatar_url(repo_owner_email, 32)
d['transfer_from_user_avatar_url'] = request.build_absolute_uri(url)
notice.detail = d
except Exception as e:
logger.error(e)
elif notice.is_draft_reviewer_msg():
try:
d = json.loads(notice.detail)
d.pop('to_user')
request_user_email = d.pop('from_user')
url, is_default, date_uploaded = api_avatar_url(request_user_email, 32)
d['request_user_name'] = email2nickname(request_user_email)
d['request_user_email'] = request_user_email
d['request_user_contact_email'] = email2contact_email(request_user_email)
d['request_user_avatat_url'] = request.build_absolute_uri(url)
notice.detail = d
except Exception as e:
logger.error(e)
elif notice.is_file_uploaded_msg():
try:
d = json.loads(notice.detail)
filename = d['file_name']
repo_id = d['repo_id']
if repo_id in repo_dict:
repo = repo_dict[repo_id]
else:
repo = seafile_api.get_repo(repo_id)
repo_dict[repo_id] = repo
if repo:
if d['uploaded_to'] == '/':
# current upload path is '/'
file_path = '/' + filename
name = repo.name
else:
uploaded_to = d['uploaded_to'].rstrip('/')
file_path = uploaded_to + '/' + filename
name = os.path.basename(uploaded_to)
d['repo_name'] = repo.name
d['folder_path'] = d.pop('uploaded_to')
d['folder_name'] = name
d['file_path'] = file_path
url, is_default, date_uploaded = api_avatar_url('', 32)
d['uploaded_user_avatar_url'] = request.build_absolute_uri(url)
notice.detail = d
else:
notice.detail = None
except Exception as e:
logger.error(e)
elif notice.is_file_comment_msg():
try:
d = json.loads(notice.detail)
repo_id = d['repo_id']
file_path = d['file_path']
if repo_id in repo_dict:
repo = repo_dict[repo_id]
else:
repo = seafile_api.get_repo(repo_id)
repo_dict[repo_id] = repo
if repo is None or not seafile_api.get_file_id_by_path(repo.id, file_path):
notice.detail = None
else:
author_email = d.pop('author')
file_name = os.path.basename(file_path)
url, is_default, date_uploaded = api_avatar_url(author_email, 32)
d['author_avatar_url'] = request.build_absolute_uri(url)
d['author_name'] = email2nickname(author_email)
d['author_email'] = author_email
d['author_contact_email'] = email2contact_email(author_email)
d['file_name'] = file_name
notice.detail = d
except Exception as e:
logger.error(e)
return notices
def render_repo(request, repo):
"""Steps to show repo page:
If user has permission to view repo
If repo is encrypt and password is not set on server
return decrypt repo page
If repo is not encrypt or password is set on server
Show repo direntries based on requested path
If user does not have permission to view repo
return permission deny page
"""
username = request.user.username
path = get_path_from_request(request)
user_perm = check_folder_permission(request, repo.id, '/')
if user_perm is None:
return render_error(request, _(u'Permission denied'))
sub_lib_enabled = UserOptions.objects.is_sub_lib_enabled(username)
server_crypto = False
if repo.encrypted:
try:
server_crypto = UserOptions.objects.is_server_crypto(username)
except CryptoOptionNotSetError:
return render_to_response(
'options/set_user_options.html', {},
context_instance=RequestContext(request))
if (repo.enc_version == 1 or (repo.enc_version == 2 and server_crypto)) \
and not is_password_set(repo.id, username):
return render_to_response(
'decrypt_repo_form.html', {
'repo':
repo,
'next':
get_next_url_from_request(request)
or reverse('repo', args=[repo.id]),
'force_server_crypto':
FORCE_SERVER_CRYPTO,
},
context_instance=RequestContext(request))
# query context args
fileserver_root = get_fileserver_root()
max_upload_file_size = get_max_upload_file_size()
protocol = request.is_secure() and 'https' or 'http'
domain = RequestSite(request).domain
for g in request.user.joined_groups:
g.avatar = grp_avatar(g.id, 20)
head_commit = get_commit(repo.id, repo.version, repo.head_cmmt_id)
if not head_commit:
raise Http404
if new_merge_with_no_conflict(head_commit):
info_commit = get_commit_before_new_merge(head_commit)
else:
info_commit = head_commit
repo_size = get_repo_size(repo.id)
no_quota = is_no_quota(repo.id)
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo.id)
else:
repo_owner = seafile_api.get_repo_owner(repo.id)
is_repo_owner = True if repo_owner == username else False
if is_repo_owner and not repo.is_virtual:
show_repo_settings = True
else:
show_repo_settings = False
file_list, dir_list, dirent_more = get_repo_dirents_with_perm(
request, repo, head_commit, path, offset=0, limit=100)
more_start = None
if dirent_more:
more_start = 100
zipped = get_nav_path(path, repo.name)
fileshare = get_fileshare(repo.id, username, path)
dir_shared_link = get_dir_share_link(fileshare)
uploadlink = get_uploadlink(repo.id, username, path)
dir_shared_upload_link = get_dir_shared_upload_link(uploadlink)
for f in file_list:
file_type, file_ext = get_file_type_and_ext(f.obj_name)
if file_type == IMAGE:
f.is_img = True
file_path = posixpath.join(path, f.obj_name)
if os.path.exists(
os.path.join(THUMBNAIL_ROOT, str(THUMBNAIL_DEFAULT_SIZE),
f.obj_id)):
src = get_thumbnail_src(repo.id, THUMBNAIL_DEFAULT_SIZE,
file_path)
f.encoded_thumbnail_src = urlquote(src)
return render_to_response(
'repo.html', {
'repo': repo,
'user_perm': user_perm,
'repo_owner': repo_owner,
'is_repo_owner': is_repo_owner,
'show_repo_settings': show_repo_settings,
'current_commit': head_commit,
'info_commit': info_commit,
'password_set': True,
'repo_size': repo_size,
'dir_list': dir_list,
'file_list': file_list,
'dirent_more': dirent_more,
'more_start': more_start,
'path': path,
'zipped': zipped,
'no_quota': no_quota,
'max_upload_file_size': max_upload_file_size,
'fileserver_root': fileserver_root,
'protocol': protocol,
'domain': domain,
'fileshare': fileshare,
'dir_shared_link': dir_shared_link,
'uploadlink': uploadlink,
'dir_shared_upload_link': dir_shared_upload_link,
'ENABLE_SUB_LIBRARY': ENABLE_SUB_LIBRARY,
'server_crypto': server_crypto,
'sub_lib_enabled': sub_lib_enabled,
'enable_upload_folder': ENABLE_UPLOAD_FOLDER,
'ENABLE_THUMBNAIL': ENABLE_THUMBNAIL,
},
context_instance=RequestContext(request))
