def _add_shared_items(self):
# create repo for user
sub_repo_id = seafile_api.create_virtual_repo(self.repo.id,
self.folder,
self.repo.name, '',
self.user.username)
self.sub_repo_id = sub_repo_id
# create group for admin
admin_group_id = seaserv.ccnet_threaded_rpc.create_group('admin-group',
self.admin.email)
self.admin_group_id = admin_group_id
# A user shares a folder to admin with permission 'rw'.
seafile_api.share_repo(sub_repo_id, self.user.username,
self.admin.username, 'rw')
# A user shares a folder to admin group with permission 'rw'.
seafile_api.set_group_repo(sub_repo_id, admin_group_id,
self.user.username, 'rw')
# A user shares a folder to public with permission 'rw'.
seafile_api.add_inner_pub_repo(sub_repo_id, 'rw')
def test_rename_folder_with_invalid_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo_id, self.user_name,
self.admin_name, 'rw')
# set sub-folder permisson as 'r' for admin
seafile_api.add_folder_user_perm(self.repo_id,
self.folder_path, 'r', self.admin_name)
# admin can visit sub-folder with 'r' permission
assert seafile_api.check_permission_by_path(self.repo_id,
self.folder_path, self.admin_name) == 'r'
# login as admin, then rename a 'r' permission folder
self.login_as(self.admin)
new_name = randstring(6)
data = {'operation': 'rename', 'newname': new_name}
resp = self.client.post(self.url + '?p=' + self.folder_path, data)
self.assertEqual(403, resp.status_code)
def test_delete_file_with_invalid_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
# create a file in user repo sub-folder
file_name = randstring(6)
seafile_api.post_empty_file(repo_id=self.repo_id,
parent_dir=self.folder_path, filename=file_name,
username=self.user_name)
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo_id, self.user_name,
self.admin_name, 'rw')
# set sub-folder permisson as 'r' for admin
seafile_api.add_folder_user_perm(self.repo_id,
self.folder_path, 'r', self.admin_name)
# admin can visit file with 'r' permission
file_path = posixpath.join(self.folder_path, file_name)
assert seafile_api.check_permission_by_path(self.repo_id,
file_path, self.admin_name) == 'r'
# login as admin, then delete a 'r' permission file
self.login_as(self.admin)
resp = self.client.delete(self.url + '?p=' + file_path,
{}, 'application/x-www-form-urlencoded')
self.assertEqual(403, resp.status_code)
def share_to_user(request, repo, from_user, to_user, permission):
"""Share repo to a user with given permission.
"""
repo_id = repo.id
if from_user == to_user:
msg = _(u'You can not share libray to yourself.')
messages.error(request, msg)
return
if is_registered_user(to_user):
try:
seafile_api.share_repo(repo_id, from_user, to_user, permission)
except Exception, e:
logger.error(e)
msg = _(u'Failed to share to %s, please try again later.') % to_user
messages.error(request, msg)
else:
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=from_user,
to_user=to_user, repo=repo)
msg = _(u'Shared to %(email)s successfully,go check it at <a href="%(share)s">Shares</a>.') % \
{'email':to_user, 'share':reverse('share_admin')}
messages.success(request, msg)
def setUp(self):
self.login_as(self.admin)
# create group for admin user
self.admin_group_1_name = randstring(6)
self.admin_group_1_id = ccnet_threaded_rpc.create_group(self.admin_group_1_name,
self.admin.email)
# create another group for admin user
self.admin_group_2_name = randstring(6)
self.admin_group_2_id = ccnet_threaded_rpc.create_group(self.admin_group_2_name,
self.admin.email)
# create repo for admin user
self.admin_repo_name = randstring(6)
r = seafile_api.get_repo(self.create_repo(name=self.admin_repo_name,
desc='', username=self.admin.email, passwd=None))
self.admin_repo_id = r.id
# set common user as staff in admin user's group
ccnet_threaded_rpc.group_add_member(self.admin_group_1_id,
self.admin.email, self.user.email)
ccnet_threaded_rpc.group_set_admin(self.admin_group_1_id, self.user.email)
# add common user to admin user's another group
ccnet_threaded_rpc.group_add_member(self.admin_group_2_id,
self.admin.email, self.user.email)
# share admin user's repo to common user
seafile_api.share_repo(self.admin_repo_id, self.admin.email,
self.user.email, 'rw')
def test_reshare_to_user_group_after_transfer_repo(self):
tmp_user = '******'
User.objects.create_user(tmp_user)
# add admin user to group
ccnet_api.group_add_member(self.group_id, self.user_name, self.admin.username)
# share user's repo to tmp_user with 'rw' permission
seafile_api.share_repo(self.user_repo_id, self.user.username,
tmp_user, 'rw')
# share user's repo to group with 'r' permission
seafile_api.set_group_repo(self.user_repo_id, self.group_id,
self.user_name, 'r')
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert group_repos[0].permission == 'r'
assert seafile_api.check_permission_by_path(self.user_repo_id,
'/', tmp_user) == 'rw'
self.login_as(self.user)
url = reverse("api2-repo-owner", args=[self.user_repo_id])
data = 'owner=%s' % self.admin.email
# transfer repo to admin
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert group_repos[0].permission == 'r'
assert seafile_api.check_permission_by_path(self.user_repo_id,
'/', tmp_user) == 'rw'
def test_rename_file_with_invalid_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
# create a file as old file in user repo sub-folder
old_file_name = randstring(6)
seafile_api.post_empty_file(repo_id=self.repo_id,
parent_dir=self.folder_path, filename=old_file_name,
username=self.user_name)
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo_id, self.user_name,
self.admin_name, 'rw')
# set sub-folder permisson as 'r' for admin
seafile_api.add_folder_user_perm(self.repo_id,
self.folder_path, 'r', self.admin_name)
# admin can visit old file with 'r' permission
old_file_path = posixpath.join(self.folder_path, old_file_name)
assert seafile_api.check_permission_by_path(self.repo_id,
old_file_path, self.admin_name) == 'r'
# login as admin, then rename a 'r' permission old file
self.login_as(self.admin)
new_name = randstring(6)
data = {'operation': 'rename', 'newname': new_name}
resp = self.client.post(self.url + '?p=' + old_file_path, data)
self.assertEqual(403, resp.status_code)
def share_dir_to_user(repo, path, owner, share_from, share_to, permission, org_id=None):
# Share repo or subdir to user with permission(r, rw, admin).
extra_share_permission = ''
if permission == PERMISSION_ADMIN:
extra_share_permission = permission
permission = PERMISSION_READ_WRITE
if is_valid_org_id(org_id):
if path == '/':
seaserv.seafserv_threaded_rpc.org_add_share(org_id, repo.repo_id,
owner, share_to,
permission)
else:
seafile_api.org_share_subdir_to_user(org_id, repo.repo_id,
path, owner,
share_to, permission)
else:
if path == '/':
seafile_api.share_repo(repo.repo_id, owner, share_to, permission)
else:
seafile_api.share_subdir_to_user(repo.repo_id, path,
owner, share_to,
permission)
if path == '/' and extra_share_permission == PERMISSION_ADMIN:
ExtraSharePermission.objects.create_share_permission(repo.repo_id, share_to, extra_share_permission)
def share_to_user(request, repo, to_user, permission):
"""Share repo to a user with given permission.
"""
repo_id = repo.id
from_user = request.user.username
if from_user == to_user:
return False
# permission check
if is_org_context(request):
org_id = request.user.org.org_id
if not seaserv.ccnet_threaded_rpc.org_user_exists(org_id, to_user):
return False
else:
if not is_registered_user(to_user):
return False
try:
if is_org_context(request):
org_id = request.user.org.org_id
org_share_repo(org_id, repo_id, from_user, to_user, permission)
else:
seafile_api.share_repo(repo_id, from_user, to_user, permission)
except SearpcError as e:
return False
logger.error(e)
else:
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=from_user,
to_user=to_user, repo=repo)
return True
def share_repo_to_user_and_group(self):
# share repo to user
seafile_api.share_repo(self.repo_id,
self.user_name, self.admin_name, 'rw')
# share repo to group
seafile_api.set_group_repo(self.repo_id,
self.group_id, self.user_name, 'rw')
def _add_shared_items(self):
sub_repo_id = seafile_api.create_virtual_repo(self.repo.id,
self.folder,
self.repo.name, '',
self.user.username)
# A user shares a folder to admin with permission 'rw'.
seafile_api.share_repo(sub_repo_id, self.user.username,
self.admin.username, 'rw')
# A user shares a folder to group with permission 'rw'.
seafile_api.set_group_repo(sub_repo_id, self.group.id,
self.user.username, 'rw')
def set_user_folder_rw_permission_to_admin(self):
# share user's repo to admin with 'r' permission
seafile_api.share_repo(self.repo.id, self.user.username,
self.admin.username, 'r')
# set user sub-folder 'rw' permisson to admin
seafile_api.add_folder_user_perm(self.repo.id,
self.folder, 'rw', self.admin.username)
# admin can visit user sub-folder with 'rw' permission
assert seafile_api.check_permission_by_path(self.repo.id,
self.folder, self.admin.username) == 'rw'
def test_can_notify_others(self):
assert len(UserNotification.objects.all()) == 0
username = self.user.username
seafile_api.share_repo(self.repo.id, username,
self.admin.username, 'rw')
resp = self.client.post(self.endpoint, {
'comment': 'new comment'
})
self.assertEqual(201, resp.status_code)
assert len(UserNotification.objects.all()) == 1
assert UserNotification.objects.all()[0].to_user == self.admin.username
def test_can_list_personal_shared_repo(self):
self._prepare_repo_and_group()
# A user shares a folder to admin with permission 'rw'.
seafile_api.share_repo(self.sub_repo_id,
self.user.username,
self.admin.username,
'rw')
resp = self.client.get('/api2/beshared-repos/')
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp[0]['repo_id'] == self.sub_repo_id
assert json_resp[0]['share_type'] == 'personal'
def test_can_get(self):
username = self.user.username
owner = get_repo_owner(self.fake_request, self.repo.id)
assert owner == username
assert get_repo_shared_users(self.repo.id, owner) == []
# user share a repo to admin
seafile_api.share_repo(self.repo.id, username,
self.admin.username, 'rw')
assert get_repo_shared_users(self.repo.id, owner) == [self.admin.username]
# user share a repo to group
seafile_api.set_group_repo(self.repo.id, self.group.id,
username, 'rw')
assert get_repo_shared_users(self.repo.id, owner) == [self.admin.username, self.user2.username]
def test_delete_repo_user_share_permission(self):
# user share repo to tmp user
init_permission = 'rw'
seafile_api.share_repo(self.repo_id,
self.user_name, self.tmp_user_email, init_permission)
assert seafile_api.check_permission_by_path(self.repo_id, \
'/', self.tmp_user_email) == init_permission
self.login_as(self.admin)
data = 'repo_id=%s&share_type=%s&share_to=%s' % \
(self.repo_id, 'user', self.tmp_user_email)
resp = self.client.delete(self.url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
assert seafile_api.check_permission_by_path(self.repo_id, \
'/', self.tmp_user_email) is None
def share_to_user(request, repo, to_user, permission):
"""Share repo to a user with given permission.
"""
repo_id = repo.id
from_user = request.user.username
if from_user == to_user:
msg = _(u'You can not share libray to yourself.')
messages.error(request, msg)
return
# permission check
if is_org_context(request):
org_id = request.user.org.org_id
if not seaserv.ccnet_threaded_rpc.org_user_exists(org_id, to_user):
msg = _(u'Failed to share to %s, user is not found.') % to_user
messages.error(request, msg)
return
else:
if not is_registered_user(to_user):
msg = _(u'Failed to share to %s, as the email is not registered.') % to_user
messages.error(request, msg)
return
try:
if is_org_context(request):
org_id = request.user.org.org_id
org_share_repo(org_id, repo_id, from_user, to_user, permission)
else:
seafile_api.share_repo(repo_id, from_user, to_user, permission)
except SearpcError as e:
logger.error(e)
msg = _(u'Failed to share to %s, please try again later.') % to_user
messages.error(request, msg)
else:
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=from_user,
to_user=to_user, repo=repo)
msg = _(u'Shared to %(email)s successfully, go check it at <a href="%(share)s">Shares</a>.') % \
{'email': to_user, 'share': reverse('share_admin')}
messages.success(request, msg)
def test_reshare_to_user_after_transfer_repo(self):
tmp_user = '******'
User.objects.create_user(tmp_user)
# share user's repo to tmp_user with 'rw' permission
seafile_api.share_repo(self.user_repo_id, self.user.username,
tmp_user, 'rw')
assert seafile_api.check_permission_by_path(self.user_repo_id,
'/', tmp_user) == 'rw'
self.login_as(self.user)
url = reverse("api2-repo-owner", args=[self.user_repo_id])
data = 'owner=%s' % self.admin.email
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
assert seafile_api.check_permission_by_path(self.user_repo_id,
'/', tmp_user) == 'rw'
def test_not_reshare_to_user_after_transfer_repo(self):
# Remove share if repo already shared to new owner
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.user_repo_id, self.user.username,
self.admin.username, 'rw')
# repo in admin's be shared repo list
shared_repos = seafile_api.get_share_in_repo_list(self.admin.username, -1, -1)
assert shared_repos[0].repo_name == self.repo.repo_name
self.login_as(self.user)
url = reverse("api2-repo-owner", args=[self.user_repo_id])
data = 'owner=%s' % self.admin.email
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
# repo NOT in admin's be shared repo list
shared_repos = seafile_api.get_share_in_repo_list(self.admin.username, -1, -1)
assert len(shared_repos) == 0
def test_can_list_priv_shared_folders(self):
repo_id = self.repo.id
username = self.user.username
parent_dir = '/'
dirname = '<img onerror=alert(1) src=a>_"_Ω_%2F_W_#_12_这'
full_dir_path = os.path.join(parent_dir, dirname)
# create folder
self.create_folder(repo_id=repo_id,
parent_dir=parent_dir,
dirname=dirname,
username=username)
sub_repo_id = seafile_api.create_virtual_repo(repo_id, full_dir_path, dirname, dirname, username)
seafile_api.share_repo(sub_repo_id, username, self.admin.username, 'rw')
self.login_as(self.user)
resp = self.client.get(reverse('list_priv_shared_folders'))
self.assertEqual(200, resp.status_code)
href = reverse("view_common_lib_dir", args=[repo_id, urlquote(full_dir_path).strip('/')])
self.assertRegexpMatches(resp.content, href)
def test_delete_folder_with_invalid_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo_id, self.user_name,
self.admin_name, 'rw')
# set sub-folder permisson as 'r' for admin
seafile_api.add_folder_user_perm(self.repo_id,
self.folder_path, 'r', self.admin_name)
# admin can visit sub-folder with 'r' permission
assert seafile_api.check_permission_by_path(self.repo_id,
self.folder_path, self.admin_name) == 'r'
# login as admin, then delete a 'r' permission folder
self.login_as(self.admin)
resp = self.client.delete(self.url + '?p=' + self.folder_path,
{}, 'application/x-www-form-urlencoded')
self.assertEqual(403, resp.status_code)
def test_copy_file_with_invalid_dst_folder_perm(self):
if not LOCAL_PRO_DEV_ENV:
return
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo_id, self.user_name,
self.admin_name, 'rw')
# set sub-folder permisson as 'r' for admin
seafile_api.add_folder_user_perm(self.repo_id,
self.folder_path, 'r', self.admin_name)
# admin can visit sub-folder with 'r' permission
assert seafile_api.check_permission_by_path(self.repo_id,
self.folder_path, self.admin_name) == 'r'
# create a file for admin repo
admin_repo_id = self.admin_create_new_repo()
admin_file_name = randstring(6)
seafile_api.post_empty_file(repo_id=admin_repo_id,
parent_dir='/', filename=admin_file_name,
username=self.admin_name)
# login as admin, then move file to a 'r' permission folder
self.login_as(self.admin)
# create new repo for admin
data = {
'operation': 'copy',
'dst_repo': self.repo_id,
'dst_dir': self.folder_path,
}
url = reverse('api-v2.1-file-view', args=[admin_repo_id])
resp = self.client.post(url + '?p=/' + admin_file_name, data)
self.assertEqual(403, resp.status_code)
def test_can_notify_others_including_group(self):
self.logout()
self.login_as(self.tmp_user)
assert len(UserNotification.objects.all()) == 0
# share repo to tmp_user
username = self.user.username
seafile_api.share_repo(self.repo.id, username,
self.tmp_user.username, 'rw')
# share repo to group(owner, admin)
ccnet_api.group_add_member(self.group.id, username,
self.admin.username)
seafile_api.set_group_repo(self.repo.id, self.group.id,
username, 'rw')
# tmp_user comment a file
resp = self.client.post(self.endpoint, {
'comment': 'new comment'
})
self.assertEqual(201, resp.status_code)
assert len(UserNotification.objects.all()) == 2
def put(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND,
'Folder %s not found.' % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
share_type = request.data.get('share_type')
if share_type != 'user' and share_type != 'group':
return api_error(status.HTTP_400_BAD_REQUEST,
'share_type invalid.')
permission = request.data.get('permission', 'r')
if permission not in ['r', 'rw']:
return api_error(status.HTTP_400_BAD_REQUEST,
'permission invalid.')
result = {}
result['failed'] = []
result['success'] = []
if share_type == 'user':
share_to_users = request.data.getlist('username')
for to_user in share_to_users:
if not is_valid_username(to_user):
result['failed'].append({
'email': to_user,
'error_msg': 'username invalid.'
})
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
result['failed'].append({
'email':
to_user,
'error_msg':
'User %s not found.' % to_user
})
continue
try:
if is_org_context(request):
org_id = request.user.org.org_id
if path == '/':
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, repo_id, username, to_user, permission)
else:
seafile_api.org_share_subdir_to_user(
org_id, repo_id, path, username, to_user,
permission)
else:
if path == '/':
seafile_api.share_repo(repo_id, username, to_user,
permission)
else:
seafile_api.share_subdir_to_user(
repo_id, path, username, to_user, permission)
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_user,
repo=repo)
result['success'].append({
"share_type": "user",
"user_info": {
"name": to_user,
"nickname": email2nickname(to_user),
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_user,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'email':
to_user,
'error_msg':
'Internal Server Error'
})
continue
if share_type == 'group':
group_ids = request.data.getlist('group_id')
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST,
'group_id %s invalid.' % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_404_NOT_FOUND,
'Group %s not found' % gid)
try:
if is_org_context(request):
org_id = request.user.org.org_id
if path == '/':
seafile_api.add_org_group_repo(
repo_id, org_id, gid, username, permission)
else:
seafile_api.org_share_subdir_to_group(
org_id, repo_id, path, username, gid,
permission)
else:
if path == '/':
seafile_api.set_group_repo(repo_id, gid, username,
permission)
else:
seafile_api.share_subdir_to_group(
repo_id, path, username, gid, permission)
share_repo_to_group_successful.send(sender=None,
from_user=username,
group_id=gid,
repo=repo)
result['success'].append({
"share_type": "group",
"group_info": {
"id": gid,
"name": group.group_name,
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, gid,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'group_name':
group.group_name,
'error_msg':
'Internal Server Error'
})
continue
return HttpResponse(json.dumps(result),
status=200,
content_type=json_content_type)
def test_copy_dir(self):
if not LOCAL_PRO_DEV_ENV:
return
self.login_as(self.user)
# create two folders in src repo
src_folder_1 = self.get_random_path()
src_folder_2 = self.get_random_path()
for path in [src_folder_1, src_folder_2]:
seafile_api.mkdir_with_parents(self.repo_id, '/', path.strip('/'),
self.user_name)
# share admin's tmp repo to user
tmp_repo_id = self.create_new_repo(self.admin_name)
seafile_api.share_repo(tmp_repo_id, self.admin_name, self.user_name,
'rw')
# create two folders as parent dirs in dst repo for admin user
dst_folder_1 = self.get_random_path()
seafile_api.mkdir_with_parents(tmp_repo_id, '/',
dst_folder_1.strip('/'),
self.admin_name)
dst_folder_2 = '/'
# copy folders
data = {
"src_repo_id":
self.repo_id,
"dst_repo_id":
tmp_repo_id,
"paths": [
{
"src_path": src_folder_1,
"dst_path": dst_folder_1
},
{
"src_path": src_folder_2,
"dst_path": dst_folder_2
},
]
}
resp = self.client.post(self.url, json.dumps(data), 'application/json')
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert len(json_resp['success']) == 2
assert len(json_resp['failed']) == 0
def folder_exist(src_folder, dst_repo_id, dst_folder):
src_obj_name = os.path.basename(src_folder.rstrip('/'))
full_dst_folder_path = posixpath.join(dst_folder.strip('/'),
src_obj_name.strip('/'))
full_dst_folder_path = normalize_dir_path(full_dst_folder_path)
return seafile_api.get_dir_id_by_path(
dst_repo_id, full_dst_folder_path) is not None
assert folder_exist(src_folder_1, tmp_repo_id, dst_folder_1)
assert folder_exist(src_folder_2, tmp_repo_id, dst_folder_2)
self.remove_repo(tmp_repo_id)
def test_user_management(repo):
email1 = '%s@%s.com' % (randstring(6), randstring(6))
email2 = '%s@%s.com' % (randstring(6), randstring(6))
passwd1 = 'randstring(6)'
passwd2 = 'randstring(6)'
ccnet_api.add_emailuser(email1, passwd1, 1, 1)
ccnet_api.add_emailuser(email2, passwd2, 0, 0)
ccnet_email1 = ccnet_api.get_emailuser(email1)
ccnet_email2 = ccnet_api.get_emailuser(email2)
assert ccnet_email1.is_active == True
assert ccnet_email1.is_staff == True
assert ccnet_email2.is_active == False
assert ccnet_email2.is_staff == False
assert ccnet_api.validate_emailuser(email1, passwd1) == 0
assert ccnet_api.validate_emailuser(email2, passwd2) == 0
users = ccnet_api.search_emailusers('DB', email1, -1, -1)
assert len(users) == 1
user_ccnet = users[0]
assert user_ccnet.email == email1
user_counts = ccnet_api.count_emailusers('DB')
user_numbers = ccnet_api.get_emailusers('DB', -1, -1)
ccnet_api.update_emailuser('DB', ccnet_email2.id, passwd2, 1, 1)
email2_new = ccnet_api.get_emailuser(email2)
assert email2_new.is_active == True
assert email2_new.is_staff == True
#test group when update user id
id1 = ccnet_api.create_group('group1', email1, parent_group_id=-1)
assert id1 != -1
group1 = ccnet_api.get_group(id1)
assert group1.parent_group_id == -1
# test shared repo when update user id
api.share_repo(repo.id, USER, email1, "rw")
assert api.repo_has_been_shared(repo.id)
new_email1 = '%s@%s.com' % (randstring(6), randstring(6))
assert ccnet_api.update_emailuser_id(email1, new_email1) == 0
shared_users = api.list_repo_shared_to(USER, repo.id)
assert len(shared_users) == 1
assert shared_users[0].repo_id == repo.id
assert shared_users[0].user == new_email1
assert shared_users[0].perm == "rw"
api.remove_share(repo.id, USER, new_email1)
email1_groups = ccnet_api.get_groups(new_email1)
assert len(email1_groups) == 1
assert email1_groups[0].id == id1
rm1 = ccnet_api.remove_group(id1)
assert rm1 == 0
ccnet_api.remove_emailuser('DB', new_email1)
ccnet_api.remove_emailuser('DB', email2)
def put(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND,
'Folder %s not found.' % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
if path != '/':
try:
sub_repo = self.get_or_create_sub_repo_by_path(
request, repo, path)
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Failed to get sub repo.')
else:
sub_repo = None
share_type = request.data.get('share_type')
if share_type != 'user' and share_type != 'group':
return api_error(status.HTTP_400_BAD_REQUEST,
'share_type invalid.')
permission = request.data.get('permission', 'r')
if permission not in ['r', 'rw']:
return api_error(status.HTTP_400_BAD_REQUEST,
'permission invalid.')
shared_repo = repo if path == '/' else sub_repo
result = {}
result['failed'] = []
result['success'] = []
if share_type == 'user':
share_to_users = request.data.getlist('username')
for to_user in share_to_users:
if not is_valid_username(to_user):
result['failed'].append({
'email':
to_user,
'error_msg':
'Nutzername oder E-Mail-Adresse ungültig.'
})
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
result['failed'].append({
'email':
to_user,
'error_msg':
'Es wurde kein Nutzer mit der E-Mail-Adresse %s gefunden. Benutzen Sie die Option „Download-Link erstellen” bzw. „Upload-Link erstellen”, um Elemente für nicht-registrierte Nutzer freizugeben.'
% to_user
})
continue
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, shared_repo.id, username, to_user,
permission)
else:
seafile_api.share_repo(shared_repo.id, username,
to_user, permission)
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_user,
repo=shared_repo)
result['success'].append({
"share_type": "user",
"user_info": {
"name": to_user,
"nickname": email2nickname(to_user),
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_user,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'email':
to_user,
'error_msg':
'Internal Server Error'
})
continue
if share_type == 'group':
group_ids = request.data.getlist('group_id')
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST,
'group_id %s invalid.' % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_404_NOT_FOUND,
'Group %s not found' % gid)
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(shared_repo.repo_id,
org_id, gid, username,
permission)
else:
seafile_api.set_group_repo(shared_repo.repo_id, gid,
username, permission)
share_repo_to_group_successful.send(sender=None,
from_user=username,
group_id=gid,
repo=shared_repo)
result['success'].append({
"share_type": "group",
"group_info": {
"id": gid,
"name": group.group_name,
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, gid,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'group_name':
group.group_name,
'error_msg':
'Internal Server Error'
})
continue
return HttpResponse(json.dumps(result),
status=200,
content_type=json_content_type)
def share_repo_to_user(self, repo_id):
seafile_api.share_repo(
repo_id, self.user.username,
self.admin.username, 'rw')
def put(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND, "Library %s not found." % repo_id)
path = request.GET.get("p", "/")
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND, "Folder %s not found." % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, "Permission denied.")
if path != "/":
try:
sub_repo = self.get_or_create_sub_repo_by_path(request, repo, path)
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, "Failed to get sub repo.")
else:
sub_repo = None
share_type = request.data.get("share_type")
if share_type != "user" and share_type != "group":
return api_error(status.HTTP_400_BAD_REQUEST, "share_type invalid.")
permission = request.data.get("permission", "r")
if permission not in ["r", "rw"]:
return api_error(status.HTTP_400_BAD_REQUEST, "permission invalid.")
shared_repo = repo if path == "/" else sub_repo
success, failed = [], []
if share_type == "user":
share_to_users = request.data.getlist("username")
for to_user in share_to_users:
if not is_valid_username(to_user):
failed.append(to_user)
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
failed.append(to_user)
continue
if not check_user_share_quota(username, shared_repo, users=[to_user]):
return api_error(status.HTTP_403_FORBIDDEN, "Not enough quota.")
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, shared_repo.id, username, to_user, permission
)
else:
seafile_api.share_repo(shared_repo.id, username, to_user, permission)
# send a signal when sharing repo successful
share_repo_to_user_successful.send(
sender=None, from_user=username, to_user=to_user, repo=shared_repo
)
success.append(
{
"share_type": "user",
"user_info": {"name": to_user, "nickname": email2nickname(to_user)},
"permission": permission,
}
)
send_perm_audit_msg("add-repo-perm", username, to_user, repo_id, path, permission)
except SearpcError as e:
logger.error(e)
failed.append(to_user)
continue
if share_type == "group":
group_ids = request.data.getlist("group_id")
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, "group_id %s invalid." % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_404_NOT_FOUND, "Group %s not found" % gid)
if not check_user_share_quota(username, shared_repo, groups=[group]):
return api_error(status.HTTP_403_FORBIDDEN, "Not enough quota.")
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(shared_repo.repo_id, org_id, gid, username, permission)
else:
seafile_api.set_group_repo(shared_repo.repo_id, gid, username, permission)
success.append(
{
"share_type": "group",
"group_info": {"id": gid, "name": group.group_name},
"permission": permission,
}
)
send_perm_audit_msg("add-repo-perm", username, gid, repo_id, path, permission)
except SearpcError as e:
logger.error(e)
failed.append(group.group_name)
continue
return HttpResponse(
json.dumps({"success": success, "failed": failed}), status=200, content_type=json_content_type
)
def share_repo_to_user(self):
seafile_api.share_repo(self.repo.id, self.user.username,
self.admin.username, 'rw')
def put(self, request, repo_id, format=None):
""" update a library status, transfer a library, rename a library
Permission checking:
1. only admin can perform this action.
"""
# argument check
new_status = request.data.get('status', None)
if new_status:
if new_status not in ('normal', 'read-only'):
error_msg = 'status invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
new_repo_name = request.data.get('name', None)
if new_repo_name:
if not is_valid_dirent_name(new_repo_name):
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
new_owner = request.data.get('owner', None)
if new_owner:
if not is_valid_email(new_owner):
error_msg = 'owner invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if new_status:
try:
seafile_api.set_repo_status(
repo_id, normalize_repo_status_str(new_status))
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
if new_repo_name:
try:
res = seafile_api.edit_repo(repo_id, new_repo_name, '', None)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
if res == -1:
e = 'Admin rename failed: ID of library is %s, edit_repo api called failed.' % \
repo_id
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
if new_owner:
try:
new_owner_obj = User.objects.get(email=new_owner)
except User.DoesNotExist:
error_msg = 'User %s not found.' % new_owner
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not new_owner_obj.permissions.can_add_repo():
error_msg = _(u'Transfer failed: role of %s is %s, can not add library.') % \
(new_owner, new_owner_obj.role)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if MULTI_TENANCY:
try:
if seafile_api.get_org_id_by_repo_id(repo_id) > 0:
error_msg = 'Can not transfer organization library.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if ccnet_api.get_orgs_by_user(new_owner):
error_msg = 'Can not transfer library to organization user %s' % new_owner
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
repo_owner = seafile_api.get_repo_owner(repo_id)
if new_owner == repo_owner:
error_msg = _(u"Library can not be transferred to owner.")
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# get repo shared to user/group list
shared_users = seafile_api.list_repo_shared_to(repo_owner, repo_id)
shared_groups = seafile_api.list_repo_shared_group_by_user(
repo_owner, repo_id)
# get all pub repos
pub_repos = []
if not request.cloud_mode:
pub_repos = seafile_api.list_inner_pub_repos_by_owner(
repo_owner)
# transfer repo
seafile_api.set_repo_owner(repo_id, new_owner)
# reshare repo to user
for shared_user in shared_users:
shared_username = shared_user.user
if new_owner == shared_username:
continue
seafile_api.share_repo(repo_id, new_owner, shared_username,
shared_user.perm)
# reshare repo to group
for shared_group in shared_groups:
shared_group_id = shared_group.group_id
if not is_group_member(shared_group_id, new_owner):
continue
seafile_api.set_group_repo(repo_id, shared_group_id, new_owner,
shared_group.perm)
# reshare repo to links
try:
UploadLinkShare.objects.filter(
username=repo_owner,
repo_id=repo_id).update(username=new_owner)
FileShare.objects.filter(
username=repo_owner,
repo_id=repo_id).update(username=new_owner)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
# check if current repo is pub-repo
# if YES, reshare current repo to public
for pub_repo in pub_repos:
if repo_id != pub_repo.id:
continue
seafile_api.add_inner_pub_repo(repo_id, pub_repo.permission)
break
# send admin operation log signal
admin_op_detail = {
"id": repo_id,
"name": repo.name,
"from": repo_owner,
"to": new_owner,
}
admin_operation.send(sender=None,
admin_name=request.user.username,
operation=REPO_TRANSFER,
detail=admin_op_detail)
repo = seafile_api.get_repo(repo_id)
repo_info = get_repo_info(repo)
return Response(repo_info)
def put(self, request, repo_id, format=None):
""" transfer a library, rename a library
Permission checking:
1. only admin can perform this action.
"""
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
new_repo_name = request.data.get('name', None)
if new_repo_name:
try:
res = seafile_api.edit_repo(repo_id, new_repo_name, '', None)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if res == -1:
e = 'Admin rename failed: ID of library is %s, edit_repo api called failed.' % \
repo_id
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_owner = request.data.get('owner', None)
if new_owner:
try:
new_owner_obj = User.objects.get(email=new_owner)
except User.DoesNotExist:
error_msg = 'User %s not found.' % new_owner
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not new_owner_obj.permissions.can_add_repo():
error_msg = _(u'Transfer failed: role of %s is %s, can not add library.') % \
(new_owner, new_owner_obj.role)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if MULTI_TENANCY:
try:
if seafile_api.get_org_id_by_repo_id(repo_id) > 0:
error_msg = 'Can not transfer organization library.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if ccnet_api.get_orgs_by_user(new_owner):
error_msg = 'Can not transfer library to organization user %s' % new_owner
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
repo_owner = seafile_api.get_repo_owner(repo_id)
if new_owner == repo_owner:
error_msg = _(u"Library can not be transferred to owner.")
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# get repo shared to user/group list
shared_users = seafile_api.list_repo_shared_to(
repo_owner, repo_id)
shared_groups = seafile_api.list_repo_shared_group_by_user(
repo_owner, repo_id)
# get all pub repos
pub_repos = []
if not request.cloud_mode:
pub_repos = seafile_api.list_inner_pub_repos_by_owner(repo_owner)
# transfer repo
seafile_api.set_repo_owner(repo_id, new_owner)
# reshare repo to user
for shared_user in shared_users:
shared_username = shared_user.user
if new_owner == shared_username:
continue
seafile_api.share_repo(repo_id, new_owner,
shared_username, shared_user.perm)
# reshare repo to group
for shared_group in shared_groups:
shared_group_id = shared_group.group_id
if not is_group_member(shared_group_id, new_owner):
continue
seafile_api.set_group_repo(repo_id, shared_group_id,
new_owner, shared_group.perm)
# reshare repo to links
try:
UploadLinkShare.objects.filter(username=repo_owner, repo_id=repo_id).update(username=new_owner)
FileShare.objects.filter(username=repo_owner, repo_id=repo_id).update(username=new_owner)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# check if current repo is pub-repo
# if YES, reshare current repo to public
for pub_repo in pub_repos:
if repo_id != pub_repo.id:
continue
seafile_api.add_inner_pub_repo(repo_id, pub_repo.permission)
break
# send admin operation log signal
admin_op_detail = {
"id": repo_id,
"name": repo.name,
"from": repo_owner,
"to": new_owner,
}
admin_operation.send(sender=None, admin_name=request.user.username,
operation=REPO_TRANSFER, detail=admin_op_detail)
repo = seafile_api.get_repo(repo_id)
repo_info = get_repo_info(repo)
return Response(repo_info)
def post(self, request, repo_id, path, share_type):
""" Admin share a library to user/group.
Permission checking:
1. admin user.
"""
# argument check
permission = request.data.get('permission', None)
if not permission or permission not in ('r', 'rw'):
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
share_to = request.data.getlist('share_to')
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo_id)
if share_type == 'user':
for email in share_to:
if repo_owner == email:
result['failed'].append({
'user_email':
email,
'error_msg':
_(u'User %s is already library owner.') % email
})
continue
if not is_valid_username(email):
result['failed'].append({
'user_email':
email,
'error_msg':
_('Email %s invalid.') % email
})
continue
try:
User.objects.get(email=email)
except User.DoesNotExist:
result['failed'].append({
'user_email':
email,
'error_msg':
'User %s not found.' % email
})
continue
try:
if path == '/':
seafile_api.share_repo(repo_id, repo_owner, email,
permission)
else:
seafile_api.share_subdir_to_user(
repo_id, path, repo_owner, email, permission)
except Exception as e:
logger.error(e)
result['failed'].append({
'user_email':
email,
'error_msg':
'Internal Server Error'
})
continue
new_perm = seafile_api.check_permission_by_path(
repo_id, path, email)
result['success'].append({
"repo_id": repo_id,
"path": path,
"share_type": share_type,
"user_email": email,
"user_name": email2nickname(email),
"permission": new_perm
})
if share_type == 'group':
for group_id in share_to:
try:
group_id = int(group_id)
except ValueError as e:
logger.error(e)
result['failed'].append({
'group_id':
group_id,
'error_msg':
'group_id %s invalid.' % group_id
})
continue
group = ccnet_api.get_group(group_id)
if not group:
result['failed'].append({
'group_id':
group_id,
'error_msg':
'Group %s not found' % group_id
})
continue
try:
if path == '/':
seafile_api.set_group_repo(repo_id, group_id,
repo_owner, permission)
else:
seafile_api.share_subdir_to_group(
repo_id, path, repo_owner, group_id, permission)
except Exception as e:
logger.error(e)
result['failed'].append({
"group_id":
group_id,
'error_msg':
'Internal Server Error'
})
continue
result['success'].append({
"repo_id": repo_id,
"path": path,
"share_type": share_type,
"group_id": group_id,
"group_name": group.group_name,
"permission": permission
})
return Response(result)
def share_repo_to_user(self, repo_id):
seafile_api.share_repo(repo_id, self.user.username,
self.admin.username, 'rw')
def put(self, request, repo_id, format=None):
""" transfer a library
Permission checking:
1. only admin can perform this action.
"""
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
new_owner = request.data.get('owner', None)
if not new_owner:
error_msg = 'owner invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
User.objects.get(email=new_owner)
except User.DoesNotExist:
error_msg = 'User %s not found.' % new_owner
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if MULTI_TENANCY:
try:
if seafserv_threaded_rpc.get_org_id_by_repo_id(repo_id) > 0:
error_msg = 'Can not transfer organization library.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if ccnet_api.get_orgs_by_user(new_owner):
error_msg = 'Can not transfer library to organization user %s' % new_owner
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
repo_owner = seafile_api.get_repo_owner(repo_id)
# get repo shared to user/group list
shared_users = seafile_api.list_repo_shared_to(
repo_owner, repo_id)
shared_groups = seafile_api.list_repo_shared_group_by_user(
repo_owner, repo_id)
# get all pub repos
pub_repos = []
if not request.cloud_mode:
pub_repos = seafile_api.list_inner_pub_repos_by_owner(repo_owner)
# transfer repo
seafile_api.set_repo_owner(repo_id, new_owner)
# reshare repo to user
for shared_user in shared_users:
shared_username = shared_user.user
if new_owner == shared_username:
continue
seafile_api.share_repo(repo_id, new_owner,
shared_username, shared_user.perm)
# reshare repo to group
for shared_group in shared_groups:
shared_group_id = shared_group.group_id
if not ccnet_api.is_group_user(shared_group_id, new_owner):
continue
seafile_api.set_group_repo(repo_id, shared_group_id,
new_owner, shared_group.perm)
# check if current repo is pub-repo
# if YES, reshare current repo to public
for pub_repo in pub_repos:
if repo_id != pub_repo.id:
continue
seafile_api.add_inner_pub_repo(repo_id, pub_repo.permission)
break
repo = seafile_api.get_repo(repo_id)
repo_info = get_repo_info(repo)
return Response(repo_info)
def put(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_400_BAD_REQUEST, 'Repo not found.')
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_400_BAD_REQUEST, 'Directory not found.')
if path != '/':
try:
sub_repo = self.get_or_create_sub_repo_by_path(request, repo, path)
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub repo')
else:
sub_repo = None
share_type = request.DATA.get('share_type')
if share_type != 'user' and share_type != 'group':
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad share type')
permission = request.DATA.get('permission', 'r')
if permission not in ['r', 'rw']:
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad permission')
shared_repo = repo if path == '/' else sub_repo
success, failed = [], []
if share_type == 'user':
share_to_users = request.DATA.getlist('username')
for to_user in share_to_users:
if not is_valid_username(to_user):
return api_error(status.HTTP_400_BAD_REQUEST,
'Username must be a valid email address.')
if not check_user_share_quota(username, shared_repo, users=[to_user]):
return api_error(status.HTTP_403_FORBIDDEN,
'Failed to share: No enough quota.')
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, shared_repo.id, username, to_user,
permission)
else:
seafile_api.share_repo(shared_repo.id, username,
to_user, permission)
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_user,
repo=shared_repo)
success.append({
"share_type": "user",
"user_info": {
"name": to_user,
"nickname": email2nickname(to_user),
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_user,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
failed.append(to_user)
continue
if share_type == 'group':
group_ids = request.DATA.getlist('group_id')
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad group id: %s' % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_400_BAD_REQUEST, 'Group not found: %s' % gid)
if not check_user_share_quota(username, shared_repo, groups=[group]):
return api_error(status.HTTP_403_FORBIDDEN,
'Failed to share: No enough quota.')
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(shared_repo.repo_id,
org_id, gid, username,
permission)
else:
seafile_api.set_group_repo(shared_repo.repo_id, gid,
username, permission)
success.append({
"share_type": "group",
"group_info": {
"id": gid,
"name": group.group_name,
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, gid,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
failed.append(group.group_name)
continue
return HttpResponse(json.dumps({
"success": success,
"failed": failed
}), status=200, content_type=json_content_type)
def share_repo_to_admin_with_rw_permission(self):
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo.id, self.user.username,
self.admin.username, 'rw')
def share_repo_to_admin_with_admin_permission(self):
# share user's repo to admin with 'admin' permission
seafile_api.share_repo(self.repo.id, self.user.username,
self.admin.username, 'rw')
ExtraSharePermission.objects.create_share_permission(
self.repo.id, self.admin.username, 'admin')
def share_repo_to_admin_with_rw_permission(self):
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo.id, self.user.username,
self.admin.username, 'rw')
def put(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
if path != '/':
try:
sub_repo = self.get_or_create_sub_repo_by_path(request, repo, path)
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub repo.')
else:
sub_repo = None
share_type = request.data.get('share_type')
if share_type != 'user' and share_type != 'group':
return api_error(status.HTTP_400_BAD_REQUEST, 'share_type invalid.')
permission = request.data.get('permission', 'r')
if permission not in ['r', 'rw']:
return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.')
shared_repo = repo if path == '/' else sub_repo
result = {}
result['failed'] = []
result['success'] = []
if share_type == 'user':
share_to_users = request.data.getlist('username')
for to_user in share_to_users:
if not is_valid_username(to_user):
result['failed'].append({
'email': to_user,
'error_msg': 'username invalid.'
})
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
result['failed'].append({
'email': to_user,
'error_msg': 'User %s not found.' % to_user
})
continue
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, shared_repo.id, username, to_user,
permission)
else:
seafile_api.share_repo(shared_repo.id, username,
to_user, permission)
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_user,
repo=shared_repo)
result['success'].append({
"share_type": "user",
"user_info": {
"name": to_user,
"nickname": email2nickname(to_user),
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_user,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'email': to_user,
'error_msg': 'Internal Server Error'
})
continue
if share_type == 'group':
group_ids = request.data.getlist('group_id')
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid.' % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_404_NOT_FOUND, 'Group %s not found' % gid)
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(shared_repo.repo_id,
org_id, gid, username,
permission)
else:
seafile_api.set_group_repo(shared_repo.repo_id, gid,
username, permission)
share_repo_to_group_successful.send(sender=None,
from_user=username, group_id=gid, repo=shared_repo)
result['success'].append({
"share_type": "group",
"group_info": {
"id": gid,
"name": group.group_name,
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, gid,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'group_name': group.group_name,
'error_msg': 'Internal Server Error'
})
continue
return HttpResponse(json.dumps(result),
status=200, content_type=json_content_type)
def share_repo_to_admin_with_admin_permission(self):
# share user's repo to admin with 'admin' permission
seafile_api.share_repo(self.repo.id, self.user.username,
self.admin.username, 'rw')
ExtraSharePermission.objects.create_share_permission(self.repo.id, self.admin.username, 'admin')
def put(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_400_BAD_REQUEST, 'Repo not found.')
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_400_BAD_REQUEST,
'Directory not found.')
if path != '/':
try:
sub_repo = self.get_or_create_sub_repo_by_path(
request, repo, path)
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Failed to get sub repo')
else:
sub_repo = None
share_type = request.data.get('share_type')
if share_type != 'user' and share_type != 'group':
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad share type')
permission = request.data.get('permission', 'r')
if permission not in ['r', 'rw']:
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad permission')
shared_repo = repo if path == '/' else sub_repo
success, failed = [], []
if share_type == 'user':
share_to_users = request.data.getlist('username')
for to_user in share_to_users:
if not is_valid_username(to_user):
return api_error(
status.HTTP_400_BAD_REQUEST,
'Username must be a valid email address.')
if not check_user_share_quota(
username, shared_repo, users=[to_user]):
return api_error(status.HTTP_403_FORBIDDEN,
'Failed to share: No enough quota.')
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, shared_repo.id, username, to_user,
permission)
else:
seafile_api.share_repo(shared_repo.id, username,
to_user, permission)
# send a signal when sharing repo successful
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_user,
repo=shared_repo)
success.append({
"share_type": "user",
"user_info": {
"name": to_user,
"nickname": email2nickname(to_user),
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_user,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
failed.append(to_user)
continue
if share_type == 'group':
group_ids = request.data.getlist('group_id')
for gid in group_ids:
try:
gid = int(gid)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST,
'Bad group id: %s' % gid)
group = seaserv.get_group(gid)
if not group:
return api_error(status.HTTP_400_BAD_REQUEST,
'Group not found: %s' % gid)
if not check_user_share_quota(
username, shared_repo, groups=[group]):
return api_error(status.HTTP_403_FORBIDDEN,
'Failed to share: No enough quota.')
try:
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(shared_repo.repo_id,
org_id, gid, username,
permission)
else:
seafile_api.set_group_repo(shared_repo.repo_id, gid,
username, permission)
success.append({
"share_type": "group",
"group_info": {
"id": gid,
"name": group.group_name,
},
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, gid,
repo_id, path, permission)
except SearpcError as e:
logger.error(e)
failed.append(group.group_name)
continue
return HttpResponse(json.dumps({
"success": success,
"failed": failed
}),
status=200,
content_type=json_content_type)
def post(self, request):
# argument check
operation = request.data.get('operation')
# operation could be `share`, `delete`, `transfer`
# we now only use `share`
if not operation or operation not in ('share'):
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
username = request.user.username
repo_id_list = request.data.getlist('repo_id')
valid_repo_id_list = []
# filter out invalid repo id
for repo_id in repo_id_list:
if not seafile_api.get_repo(repo_id):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Library %s not found.' % repo_id
})
continue
if is_org_context(request):
org_id = request.user.org.org_id
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
if not username == org_repo_owner:
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Permission denied.'
})
continue
else:
if not seafile_api.is_repo_owner(username, repo_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Permission denied.'
})
continue
valid_repo_id_list.append(repo_id)
# share repo
if operation == 'share':
share_type = request.data.get('share_type')
if share_type != 'user' and share_type != 'group':
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
permission = request.data.get('permission', 'rw')
if permission not in ('r', 'rw'):
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# share repo to user
if share_type == 'user':
to_username = request.data.get('username', None)
if not to_username:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
User.objects.get(email=to_username)
except User.DoesNotExist:
error_msg = 'User %s not found.' % to_username
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check if to_user is an org user
try:
org_of_to_user = ccnet_api.get_orgs_by_user(to_username)
except Exception as e:
logger.debug(e)
org_of_to_user = []
if is_org_context(request):
org_id = request.user.org.org_id
org_name = request.user.org.org_name
if len(org_of_to_user
) == 0 or org_id != org_of_to_user[0].org_id:
error_msg = 'User %s is not member of organization %s.' \
% (to_username, org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
if len(org_of_to_user) >= 1:
error_msg = 'User %s is member of organization %s.' \
% (to_username, org_of_to_user[0].org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_user(request, repo_id, to_username):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has been shared to %s.' % to_username
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, repo_id, username, to_username,
permission)
else:
seafile_api.share_repo(repo_id, username,
to_username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_username,
repo=repo,
path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"username": to_username,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username,
to_username, repo_id, '/',
permission)
except Exception as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
# share repo to group
if share_type == 'group':
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(to_group_id)
if not group:
error_msg = 'Group %s not found.' % to_group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
group_name = group.group_name
if not is_group_member(to_group_id, username):
error_msg = 'User %s is not member of group %s.' % (
username, group_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_group(request, repo_id, to_group_id):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has been shared to %s.' % group_name
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(
repo_id, org_id, to_group_id, username,
permission)
else:
seafile_api.set_group_repo(repo_id, to_group_id,
username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_group_successful.send(
sender=None,
from_user=username,
group_id=to_group_id,
repo=repo,
path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"group_id": to_group_id,
"group_name": group_name,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username,
to_group_id, repo_id, '/',
permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
return Response(result)
