def group_add(request, gid):
group_id_int = int(gid) # Checked by URL Conf
if not check_group_staff(group_id_int, request.user):
raise Http404
group = ccnet_threaded_rpc.get_group(group_id_int)
if not group:
return HttpResponseRedirect(reverse('group_list', args=[]))
# change navigator when user in diffent context
org, base_template = check_and_get_org_by_group(group_id_int,
request.user.username)
form = GroupAvatarForm(request.POST or None, request.FILES or None)
if request.method == 'POST' and 'avatar' in request.FILES:
if form.is_valid():
image_file = request.FILES['avatar']
avatar = GroupAvatar()
avatar.group_id = gid
avatar.avatar.save(image_file.name, image_file)
avatar.save()
# invalidate group avatar cache
invalidate_group_cache(gid)
messages.success(request, _("Successfully uploaded a new group avatar."))
else:
messages.error(request, form.errors['avatar'])
return HttpResponseRedirect(_get_next(request))
else:
# Only allow post request to change group avatar.
raise Http404
def group_message_remove(request, group_id, msg_id):
"""
Remove group message and all message replies and attachments.
"""
# Checked by URL Conf
group_id_int = int(group_id)
msg_id = int(msg_id)
group = get_group(group_id_int)
if not group:
raise Http404
# Test whether user is in the group
if not is_group_user(group_id_int, request.user.username):
raise Http404
try:
gm = GroupMessage.objects.get(id=msg_id)
except GroupMessage.DoesNotExist:
return HttpResponse(
json.dumps({"success": False, "err_msg": _(u"The message doesn't exist")}),
content_type="application/json; charset=utf-8",
)
else:
# Test whether user is group admin or message owner.
if seaserv.check_group_staff(group_id, request.user.username) or gm.from_email == request.user.username:
gm.delete()
return HttpResponse(json.dumps({"success": True}), content_type="application/json; charset=utf-8")
else:
return HttpResponse(
json.dumps({"success": False, "err_msg": _(u"You don't have the permission.")}),
content_type="application/json; charset=utf-8",
)
def group_message_remove(request, group_id, msg_id):
"""
Remove group message and all message replies and attachments.
"""
# Checked by URL Conf
group_id_int = int(group_id)
msg_id = int(msg_id)
group = get_group(group_id_int)
if not group:
raise Http404
# Test whether user is in the group
if not is_group_user(group_id_int, request.user.username):
raise Http404
try:
gm = GroupMessage.objects.get(id=msg_id)
except GroupMessage.DoesNotExist:
return HttpResponse(json.dumps({'success': False, 'err_msg':_(u"The message doesn't exist")}),
content_type='application/json; charset=utf-8')
else:
# Test whether user is group admin or message owner.
if seaserv.check_group_staff(group_id, request.user.username) or \
gm.from_email == request.user.username:
gm.delete()
return HttpResponse(json.dumps({'success': True}),
content_type='application/json; charset=utf-8')
else:
return HttpResponse(json.dumps({'success': False, 'err_msg': _(u"You don't have the permission.")}),
content_type='application/json; charset=utf-8')
def get_group_member_info(request,
group_id,
email,
avatar_size=AVATAR_DEFAULT_SIZE):
p = Profile.objects.get_profile_by_user(email)
if p:
login_id = p.login_id if p.login_id else ''
else:
login_id = ''
try:
avatar_url, is_default, date_uploaded = api_avatar_url(
email, avatar_size)
except Exception as e:
logger.error(e)
avatar_url = get_default_avatar_url()
is_admin = seaserv.check_group_staff(group_id, email)
member_info = {
"name": email2nickname(email),
'email': email,
"contact_email": Profile.objects.get_contact_email_by_user(email),
"login_id": login_id,
"avatar_url": request.build_absolute_uri(avatar_url),
"is_admin": is_admin,
}
return member_info
def group_add(request, gid):
group_id_int = int(gid) # Checked by URL Conf
if not check_group_staff(group_id_int, request.user.username):
raise Http404
group = ccnet_threaded_rpc.get_group(group_id_int)
if not group:
return HttpResponseRedirect(reverse('group_list', args=[]))
# change navigator when user in diffent context
org, base_template = check_and_get_org_by_group(group_id_int,
request.user.username)
form = GroupAvatarForm(request.POST or None, request.FILES or None)
if request.method == 'POST' and 'avatar' in request.FILES:
if form.is_valid():
image_file = request.FILES['avatar']
avatar = GroupAvatar()
avatar.group_id = gid
avatar.avatar.save(image_file.name, image_file)
avatar.save()
# invalidate group avatar cache
invalidate_group_cache(gid)
messages.success(request,
_("Successfully uploaded a new group avatar."))
else:
messages.error(request, form.errors['avatar'])
return HttpResponseRedirect(_get_next(request))
else:
# Only allow post request to change group avatar.
raise Http404
def _decorated(request, *args, **kwargs):
try:
group_id = int(kwargs.get('group_id', None))
except TypeError:
raise TypeError("No group_id in url arguments")
if check_group_staff(group_id, request.user.username):
return func(request, *args, **kwargs)
raise Http404
def _decorated(request, *args, **kwargs):
try:
group_id = int(kwargs.get('group_id', None))
except TypeError:
raise TypeError("No group_id in url arguments")
if check_group_staff(group_id, request.user.username):
return func(request, *args, **kwargs)
raise Http404
def repo_remove_share(request):
"""
If repo is shared from one person to another person, only these two peson
can remove share.
If repo is shared from one person to a group, then only the one share the
repo and group staff can remove share.
"""
repo_id = request.GET.get('repo_id', '')
group_id = request.GET.get('gid', '')
from_email = request.GET.get('from', '')
if not is_valid_username(from_email):
return render_error(request, _(u'Argument is not valid'))
username = request.user.username
# if request params don't have 'gid', then remove repos that share to
# to other person; else, remove repos that share to groups
if not group_id:
to_email = request.GET.get('to', '')
if not is_valid_username(to_email):
return render_error(request, _(u'Argument is not valid'))
if username != from_email and username != to_email:
return render_permission_error(request,
_(u'Failed to remove share'))
if is_org_context(request):
org_id = request.user.org.org_id
org_remove_share(org_id, repo_id, from_email, to_email)
else:
seaserv.remove_share(repo_id, from_email, to_email)
else:
try:
group_id = int(group_id)
except:
return render_error(request, _(u'group id is not valid'))
group = seaserv.get_group(group_id)
if not group:
return render_error(
request, _(u"Failed to unshare: the group doesn't exist."))
if not seaserv.check_group_staff(group_id, username) \
and username != from_email:
return render_permission_error(request,
_(u'Failed to remove share'))
if is_org_group(group_id):
org_id = get_org_id_by_group(group_id)
del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, from_email)
messages.success(request, _('Successfully removed share'))
next = request.META.get('HTTP_REFERER', SITE_ROOT)
return HttpResponseRedirect(next)
def is_group_repo_staff(request, repo_id, username):
is_staff = False
repo_owner = get_repo_owner(request, repo_id)
if '@seafile_group' in repo_owner:
group_id = email2nickname(repo_owner)
is_staff = seaserv.check_group_staff(group_id, username)
return is_staff
def is_group_repo_staff(request, repo_id, username):
is_staff = False
repo_owner = get_repo_owner(request, repo_id)
if '@seafile_group' in repo_owner:
group_id = email2nickname(repo_owner)
is_staff = seaserv.check_group_staff(group_id, username)
return is_staff
def put(self, request, group_id):
""" Rename, transfer a specific group
"""
group = seaserv.get_group(group_id)
username = request.user.username
new_group_name = request.data.get('name', None)
if new_group_name:
# rename a group
# Check whether group name is validate.
if not validate_group_name(new_group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, new_group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
seaserv.ccnet_threaded_rpc.set_group_name(group_id, new_group_name)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Internal Server Error')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_creator= request.data.get('creator', None)
if new_creator:
# transfer a group
if not is_valid_username(new_creator):
error_msg = _('Creator %s is not valid.') % new_creator
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if new_creator == group.creator_name:
error_msg = _('%s is already group owner') % new_creator
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
if not seaserv.is_group_user(group_id, new_creator):
seaserv.ccnet_threaded_rpc.group_add_member(group_id, username, new_creator)
if not seaserv.check_group_staff(group_id, new_creator):
seaserv.ccnet_threaded_rpc.group_set_admin(group_id, new_creator)
seaserv.ccnet_threaded_rpc.set_group_creator(group_id, new_creator)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Internal Server Error')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# get new info of this group
group_info = get_group_info(request, group_id, GROUP_AVATAR_DEFAULT_SIZE)
return Response(group_info)
def repo_remove_share(request):
"""
If repo is shared from one person to another person, only these two peson
can remove share.
If repo is shared from one person to a group, then only the one share the
repo and group staff can remove share.
"""
repo_id = request.GET.get('repo_id', '')
group_id = request.GET.get('gid', '')
from_email = request.GET.get('from', '')
if not is_valid_username(from_email):
return render_error(request, _(u'Argument is not valid'))
username = request.user.username
# if request params don't have 'gid', then remove repos that share to
# to other person; else, remove repos that share to groups
if not group_id:
to_email = request.GET.get('to', '')
if not is_valid_username(to_email):
return render_error(request, _(u'Argument is not valid'))
if username != from_email and username != to_email:
return render_permission_error(request, _(u'Failed to remove share'))
if is_org_context(request):
org_id = request.user.org.org_id
org_remove_share(org_id, repo_id, from_email, to_email)
else:
seaserv.remove_share(repo_id, from_email, to_email)
else:
try:
group_id = int(group_id)
except:
return render_error(request, _(u'group id is not valid'))
group = seaserv.get_group(group_id)
if not group:
return render_error(request, _(u"Failed to unshare: the group doesn't exist."))
if not seaserv.check_group_staff(group_id, username) \
and username != from_email:
return render_permission_error(request, _(u'Failed to remove share'))
if is_org_group(group_id):
org_id = get_org_id_by_group(group_id)
del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, from_email)
messages.success(request, _('Successfully removed share'))
next = request.META.get('HTTP_REFERER', SITE_ROOT)
return HttpResponseRedirect(next)
def repo_remove_share(request):
"""
If repo is shared from one person to another person, only these two peson
can remove share.
If repo is shared from one person to a group, then only the one share the
repo and group staff can remove share.
"""
repo_id = request.GET.get('repo_id', '')
group_id = request.GET.get('gid', '')
from_email = request.GET.get('from', '')
if not is_valid_username(from_email):
return render_error(request, _(u'Argument is not valid'))
# if request params don't have 'gid', then remove repos that share to
# to other person; else, remove repos that share to groups
if not group_id:
to_email = request.GET.get('to', '')
if not is_valid_username(to_email):
return render_error(request, _(u'Argument is not valid'))
if request.user.username != from_email and \
request.user.username != to_email:
return render_permission_error(request,
_(u'Failed to remove share'))
remove_share(repo_id, from_email, to_email)
else:
try:
group_id_int = int(group_id)
except:
return render_error(request, _(u'group id is not valid'))
if not check_group_staff(group_id_int, request.user.username) \
and request.user.username != from_email:
return render_permission_error(request,
_(u'Failed to remove share'))
if is_org_group(group_id_int):
org_id = get_org_id_by_group(group_id_int)
del_org_group_repo(repo_id, org_id, group_id_int)
else:
from seahub.group.views import group_unshare_repo
group_unshare_repo(request, repo_id, group_id_int, from_email)
messages.success(request, _('Successfully removed share'))
next = request.META.get('HTTP_REFERER', None)
if not next:
next = SITE_ROOT
return HttpResponseRedirect(next)
def user_info(request, email):
"""Show user info, libraries and groups.
"""
owned_repos = mute_seafile_api.get_owned_repo_list(email,
ret_corrupted=True)
owned_repos = filter(lambda r: not r.is_virtual, owned_repos)
in_repos = mute_seafile_api.get_share_in_repo_list(email, -1, -1)
space_usage = mute_seafile_api.get_user_self_usage(email)
space_quota = mute_seafile_api.get_user_quota(email)
# get user profile
profile = Profile.objects.get_profile_by_user(email)
d_profile = DetailedProfile.objects.get_detailed_profile_by_user(email)
try:
personal_groups = seaserv.get_personal_groups_by_user(email)
except SearpcError as e:
logger.error(e)
personal_groups = []
for g in personal_groups:
try:
is_group_staff = seaserv.check_group_staff(g.id, email)
except SearpcError as e:
logger.error(e)
is_group_staff = False
if email == g.creator_name:
g.role = _('Owner')
elif is_group_staff:
g.role = _('Admin')
else:
g.role = _('Member')
available_quota = get_institution_available_quota(request.user.institution)
return render_to_response('institutions/user_info.html', {
'owned_repos': owned_repos,
'space_quota': space_quota,
'space_usage': space_usage,
'in_repos': in_repos,
'email': email,
'profile': profile,
'd_profile': d_profile,
'personal_groups': personal_groups,
'available_quota': available_quota,
},
context_instance=RequestContext(request))
def group_remove_member(request, group_id, user_name):
try:
group_id_int = int(group_id)
except ValueError:
return render_error(request, _(u"group id is not valid"))
if not check_group_staff(group_id_int, request.user):
raise Http404
try:
ccnet_threaded_rpc.group_remove_member(group_id_int, request.user.username, user_name)
seafserv_threaded_rpc.remove_repo_group(group_id_int, user_name)
messages.success(request, _(u"Operation succeeded."))
except SearpcError, e:
messages.error(request, _(u"Failed:%s") % e.msg)
def repo_remove_share(request):
"""
If repo is shared from one person to another person, only these two peson
can remove share.
If repo is shared from one person to a group, then only the one share the
repo and group staff can remove share.
"""
repo_id = request.GET.get('repo_id', '')
group_id = request.GET.get('gid', '')
from_email = request.GET.get('from', '')
if not is_valid_username(from_email):
return render_error(request, _(u'Argument is not valid'))
# if request params don't have 'gid', then remove repos that share to
# to other person; else, remove repos that share to groups
if not group_id:
to_email = request.GET.get('to', '')
if not is_valid_username(to_email):
return render_error(request, _(u'Argument is not valid'))
if request.user.username != from_email and \
request.user.username != to_email:
return render_permission_error(request, _(u'Failed to remove share'))
remove_share(repo_id, from_email, to_email)
else:
try:
group_id_int = int(group_id)
except:
return render_error(request, _(u'group id is not valid'))
if not check_group_staff(group_id_int, request.user.username) \
and request.user.username != from_email:
return render_permission_error(request, _(u'Failed to remove share'))
if is_org_group(group_id_int):
org_id = get_org_id_by_group(group_id_int)
del_org_group_repo(repo_id, org_id, group_id_int)
else:
from seahub.group.views import group_unshare_repo
group_unshare_repo(request, repo_id, group_id_int, from_email)
messages.success(request, _('Successfully removed share'))
next = request.META.get('HTTP_REFERER', None)
if not next:
next = SITE_ROOT
return HttpResponseRedirect(next)
def user_info(request, email):
"""Show user info, libraries and groups.
"""
owned_repos = mute_seafile_api.get_owned_repo_list(email,
ret_corrupted=True)
owned_repos = filter(lambda r: not r.is_virtual, owned_repos)
in_repos = mute_seafile_api.get_share_in_repo_list(email, -1, -1)
space_usage = mute_seafile_api.get_user_self_usage(email)
space_quota = mute_seafile_api.get_user_quota(email)
# get user profile
profile = Profile.objects.get_profile_by_user(email)
d_profile = DetailedProfile.objects.get_detailed_profile_by_user(email)
try:
personal_groups = seaserv.get_personal_groups_by_user(email)
except SearpcError as e:
logger.error(e)
personal_groups = []
for g in personal_groups:
try:
is_group_staff = seaserv.check_group_staff(g.id, email)
except SearpcError as e:
logger.error(e)
is_group_staff = False
if email == g.creator_name:
g.role = _('Owner')
elif is_group_staff:
g.role = _('Admin')
else:
g.role = _('Member')
return render_to_response(
'institutions/user_info.html', {
'owned_repos': owned_repos,
'space_quota': space_quota,
'space_usage': space_usage,
'in_repos': in_repos,
'email': email,
'profile': profile,
'd_profile': d_profile,
'personal_groups': personal_groups,
}, context_instance=RequestContext(request))
def group_unshare_repo(request, repo_id, group_id, from_email):
"""
Unshare a repo in group.
"""
# Check whether group exists
group = get_group(group_id)
if not group:
return render_error(request, _(u"Failed to unshare: the group doesn't exist."))
# Check whether user is group staff or the one share the repo
if not check_group_staff(group_id, from_email) and \
seafserv_threaded_rpc.get_group_repo_owner(repo_id) != from_email:
return render_permission_error(request, _(u"Operation failed: only administrators and the owner of the library can unshare it."))
if seafserv_threaded_rpc.group_unshare_repo(repo_id, group_id, from_email) != 0:
return render_error(request, _(u"Failed to unshare: internal error."))
def group_wiki(request, group, page_name="home"):
is_staff = True if check_group_staff(group.id, request.user) else False
username = request.user.username
content = ''
wiki_exists = True
last_modified, latest_contributor = None, None
try:
content, repo_id, obj_id = get_wiki_page(request, group, page_name)
except WikiDoesNotExist:
wiki_exists = False
except WikiPageMissing:
'''create that page for user'''
repo = find_wiki_repo(request, group)
# No need to check whether repo is none, since repo is already created
filename = normalize_page_name(page_name) + '.md'
if not post_empty_file(repo.id, "/", filename, username):
return render_error(request, _("Faied to create wiki page. Please retry later."))
return HttpResponseRedirect(reverse('group_wiki', args=[group.id, page_name]))
else:
content = convert_wiki_link(content, group, repo_id, username)
# fetch file latest contributor and last modified
path = '/' + page_name + '.md'
file_path_hash = md5_constructor(urllib2.quote(path.encode('utf-8'))).hexdigest()[:12]
contributors, last_modified, last_commit_id = get_file_contributors(\
repo_id, path.encode('utf-8'), file_path_hash, obj_id)
latest_contributor = contributors[0] if contributors else None
return render_to_response("group/group_wiki.html", {
"group_id": group.id,
"group" : group,
"is_staff": is_staff,
"content": content,
"page": page_name,
"wiki_exists": wiki_exists,
"last_modified": last_modified,
"latest_contributor": latest_contributor,
}, context_instance=RequestContext(request))
def _decorated(view, request, group_id, *args, **kwargs):
group_id = int(group_id) # Checked by URL Conf
try:
group = seaserv.get_group(group_id)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Internal Server Error')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not group:
error_msg = _(u'Group does not exist.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
username = request.user.username
try:
is_group_member = seaserv.is_group_user(group_id,
username)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Internal Server Error')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not is_group_member:
error_msg = _(u'Permission denied')
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
is_group_staff = seaserv.check_group_staff(group_id, username)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Internal Server Error')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not is_group_staff:
error_msg = _(u'Permission denied')
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
return func(view, request, group_id, *args, **kwargs)
def _decorated(view, request, group_id, *args, **kwargs):
group_id = int(group_id) # Checked by URL Conf
try:
group = seaserv.get_group(group_id)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Internal Server Error')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not group:
error_msg = _(u'Group does not exist.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
username = request.user.username
try:
is_group_member = seaserv.is_group_user(group_id, username)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Internal Server Error')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not is_group_member:
error_msg = _(u'Permission denied')
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
is_group_staff = seaserv.check_group_staff(group_id, username)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Internal Server Error')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not is_group_staff:
error_msg = _(u'Permission denied')
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
return func(view, request, group_id, *args, **kwargs)
def get_group_member_info(request, group_id, email, avatar_size=AVATAR_DEFAULT_SIZE):
p = Profile.objects.get_profile_by_user(email)
if p:
login_id = p.login_id if p.login_id else ''
else:
login_id = ''
try:
avatar_url, is_default, date_uploaded = api_avatar_url(email, avatar_size)
except Exception as e:
logger.error(e)
avatar_url = get_default_avatar_url()
is_admin = seaserv.check_group_staff(group_id, email)
member_info = {
"name": email2nickname(email),
'email': email,
"contact_email": Profile.objects.get_contact_email_by_user(email),
"login_id": login_id,
"avatar_url": request.build_absolute_uri(avatar_url),
"is_admin": is_admin,
}
return member_info
def group_discuss(request, group_id):
if request.method == 'POST':
form = MessageForm(request.POST)
if form.is_valid():
msg = form.cleaned_data['message']
message = GroupMessage()
message.group_id = group_id
message.from_email = request.user.username
message.message = msg
message.save()
# send signal
grpmsg_added.send(sender=GroupMessage, group_id=group_id,
from_email=request.user.username)
# Always return an HttpResponseRedirect after successfully dealing
# with POST data.
return HttpResponseRedirect(reverse('group_discuss', args=[group_id]))
else:
form = MessageForm()
op = request.GET.get('op', '')
if op == 'delete':
return group_remove(request, group_id)
elif op == 'dismiss':
return group_dismiss(request, group_id)
elif op == 'quit':
return group_quit(request, group_id)
group_id_int = int(group_id) # Checkeb by URL Conf
# remove user notifications
UserNotification.objects.filter(to_user=request.user.username,
msg_type='group_msg',
detail=str(group_id)).delete()
group = get_group(group_id_int)
if not group:
return HttpResponseRedirect(reverse('group_list', args=[]))
# Check whether user belongs to the group.
joined = is_group_user(group_id_int, request.user.username)
if not joined and not request.user.is_staff:
# Return group public info page.
return render_to_response('group/group_pubinfo.html', {
'members': members,
'group': group,
}, context_instance=RequestContext(request))
# Get all group members.
members = get_group_members(group_id_int)
is_staff = True if check_group_staff(group.id, request.user) else False
"""group messages"""
# Show 15 group messages per page.
paginator = Paginator(GroupMessage.objects.filter(
group_id=group_id).order_by('-timestamp'), 15)
# Make sure page request is an int. If not, deliver first page.
try:
page = int(request.GET.get('page', '1'))
except ValueError:
page = 1
# If page request (9999) is out of range, deliver last page of results.
try:
group_msgs = paginator.page(page)
except (EmptyPage, InvalidPage):
group_msgs = paginator.page(paginator.num_pages)
group_msgs.page_range = paginator.get_page_range(group_msgs.number)
# Force evaluate queryset to fix some database error for mysql.
group_msgs.object_list = list(group_msgs.object_list)
attachments = MessageAttachment.objects.filter(group_message__in=group_msgs.object_list)
msg_replies = MessageReply.objects.filter(reply_to__in=group_msgs.object_list)
reply_to_list = [ r.reply_to_id for r in msg_replies ]
for msg in group_msgs.object_list:
msg.reply_cnt = reply_to_list.count(msg.id)
msg.replies = []
for r in msg_replies:
if msg.id == r.reply_to_id:
msg.replies.append(r)
msg.replies = msg.replies[-3:]
for att in attachments:
if msg.id == att.group_message_id:
# Attachment name is file name or directory name.
# If is top directory, use repo name instead.
path = att.path
if path == '/':
repo = get_repo(att.repo_id)
if not repo:
# TODO: what should we do here, tell user the repo
# is no longer exists?
continue
att.name = repo.name
else:
# cut out last '/'
if path[-1] == '/':
path = path[:-1]
att.name = os.path.basename(path)
msg.attachment = att
return render_to_response("group/group_discuss.html", {
"members": members,
"group_id": group_id,
"group" : group,
"is_staff": is_staff,
"group_msgs": group_msgs,
"form": form,
'group_members_default_display': GROUP_MEMBERS_DEFAULT_DISPLAY,
}, context_instance=RequestContext(request));
def _decorated(request, *args, **kwargs):
group_id = int(kwargs.get('group_id', '0')) # Checked by URL Conf
if check_group_staff(group_id, request.user):
return func(request, *args, **kwargs)
raise Http404
def put(self, request, group_id):
""" Rename, transfer a specific group
"""
group = seaserv.get_group(group_id)
username = request.user.username
new_group_name = request.data.get('name', None)
if new_group_name:
# rename a group
# Check whether group name is validate.
if not validate_group_name(new_group_name):
error_msg = _(
u'Group name can only contain letters, numbers, blank, hyphen or underscore'
)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, new_group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
seaserv.ccnet_threaded_rpc.set_group_name(
group_id, new_group_name)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Internal Server Error')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
new_creator = request.data.get('creator', None)
if new_creator:
# transfer a group
if not is_valid_username(new_creator):
error_msg = _('Creator %s is not valid.') % new_creator
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if new_creator == group.creator_name:
error_msg = _('%s is already group owner') % new_creator
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
if not seaserv.is_group_user(group_id, new_creator):
seaserv.ccnet_threaded_rpc.group_add_member(
group_id, username, new_creator)
if not seaserv.check_group_staff(group_id, new_creator):
seaserv.ccnet_threaded_rpc.group_set_admin(
group_id, new_creator)
seaserv.ccnet_threaded_rpc.set_group_creator(
group_id, new_creator)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Internal Server Error')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
# get new info of this group
group_info = get_group_info(request, group_id,
GROUP_AVATAR_DEFAULT_SIZE)
return Response(group_info)
def is_group_staff(group, user):
if user.is_anonymous():
return False
return seaserv.check_group_staff(group.id, user.username)
def is_group_admin(group_id, email):
return seaserv.check_group_staff(group_id, email)
def ajax_repo_remove_share(request):
"""
Remove repo shared to user/group/public
"""
content_type = 'application/json; charset=utf-8'
repo_id = request.POST.get('repo_id', None)
share_type = request.POST.get('share_type', None)
if not seafile_api.get_repo(repo_id):
return HttpResponse(json.dumps({'error': _(u'Library does not exist')}), status=400,
content_type=content_type)
username = request.user.username
if share_type == 'personal':
from_email = request.POST.get('from', None)
if not is_valid_username(from_email):
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400,
content_type=content_type)
if is_org_context(request):
org_id = request.user.org.org_id
org_remove_share(org_id, repo_id, from_email, username)
else:
seaserv.remove_share(repo_id, from_email, username)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=content_type)
elif share_type == 'group':
from_email = request.POST.get('from', None)
if not is_valid_username(from_email):
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400,
content_type=content_type)
group_id = request.POST.get('group_id', None)
group = seaserv.get_group(group_id)
if not group:
return HttpResponse(json.dumps({'error': _(u"Group does not exist")}), status=400,
content_type=content_type)
if seaserv.check_group_staff(group_id, username) or \
seafile_api.is_repo_owner(username, repo_id):
if is_org_group(group_id):
org_id = get_org_id_by_group(group_id)
del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, from_email)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=400,
content_type=content_type)
elif share_type == 'public':
if is_org_context(request):
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
is_org_repo_owner = True if org_repo_owner == username else False
if request.user.org.is_staff or is_org_repo_owner:
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id,
repo_id)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=403,
content_type=content_type)
else:
if seafile_api.is_repo_owner(username, repo_id) or \
request.user.is_staff:
unset_inner_pub_repo(repo_id)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=403,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400,
content_type=content_type)
def ajax_repo_remove_share(request):
"""
Remove repo shared to user/group/public
"""
content_type = 'application/json; charset=utf-8'
repo_id = request.POST.get('repo_id', None)
share_type = request.POST.get('share_type', None)
if not seafile_api.get_repo(repo_id):
return HttpResponse(json.dumps({'error':
_(u'Library does not exist')}),
status=400,
content_type=content_type)
username = request.user.username
if share_type == 'personal':
from_email = request.POST.get('from', None)
if not is_valid_username(from_email):
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}),
status=400,
content_type=content_type)
if is_org_context(request):
org_id = request.user.org.org_id
org_remove_share(org_id, repo_id, from_email, username)
else:
seaserv.remove_share(repo_id, from_email, username)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=content_type)
elif share_type == 'group':
from_email = request.POST.get('from', None)
if not is_valid_username(from_email):
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}),
status=400,
content_type=content_type)
group_id = request.POST.get('group_id', None)
group = seaserv.get_group(group_id)
if not group:
return HttpResponse(json.dumps(
{'error': _(u"Group does not exist")}),
status=400,
content_type=content_type)
if seaserv.check_group_staff(group_id, username) or \
seafile_api.is_repo_owner(username, repo_id):
if is_org_group(group_id):
org_id = get_org_id_by_group(group_id)
del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, from_email)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Permission denied')}),
status=400,
content_type=content_type)
elif share_type == 'public':
if is_org_context(request):
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
is_org_repo_owner = True if org_repo_owner == username else False
if request.user.org.is_staff or is_org_repo_owner:
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(
org_id, repo_id)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps(
{'error': _(u'Permission denied')}),
status=403,
content_type=content_type)
else:
if seafile_api.is_repo_owner(username, repo_id) or \
request.user.is_staff:
unset_inner_pub_repo(repo_id)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps(
{'error': _(u'Permission denied')}),
status=403,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}),
status=400,
content_type=content_type)
def render_group_info(request, group_id, form):
group_id_int = int(group_id) # Checkeb by URL Conf
# remove user notifications
UserNotification.objects.filter(to_user=request.user.username,
msg_type='group_msg',
detail=str(group_id)).delete()
group = get_group(group_id_int)
if not group:
return HttpResponseRedirect(reverse('group_list', args=[]))
# Get all group members.
members = get_group_members(group_id_int)
# Check whether user belongs to the group.
joined = is_group_user(group_id_int, request.user.username)
if not joined and not request.user.is_staff:
# Return group public info page.
return render_to_response('group/group_pubinfo.html', {
'members': members,
'group': group,
}, context_instance=RequestContext(request))
is_staff = True if check_group_staff(group.id, request.user) else False
managers = []
common_members = []
for member in members:
if member.is_staff == 1:
managers.append(member)
else:
common_members.append(member)
org = request.user.org
if org:
repos = get_org_group_repos(org['org_id'], group_id_int,
request.user.username)
else:
repos = get_group_repos(group_id_int, request.user.username)
for repo in repos:
repo.user_perm = check_permission(repo.props.id, request.user.username)
"""group messages"""
# Make sure page request is an int. If not, deliver first page.
try:
current_page = int(request.GET.get('page', '1'))
per_page= int(request.GET.get('per_page', '15'))
except ValueError:
current_page = 1
per_page = 15
msgs_plus_one = GroupMessage.objects.filter(
group_id=group_id).order_by(
'-timestamp')[per_page*(current_page-1) : per_page*current_page+1]
if len(msgs_plus_one) == per_page + 1:
page_next = True
else:
page_next = False
group_msgs = msgs_plus_one[:per_page]
attachments = MessageAttachment.objects.filter(group_message__in=group_msgs)
msg_replies = MessageReply.objects.filter(reply_to__in=group_msgs)
reply_to_list = [ r.reply_to_id for r in msg_replies ]
for msg in group_msgs:
msg.reply_cnt = reply_to_list.count(msg.id)
for att in attachments:
if msg.id == att.group_message_id:
# Attachment name is file name or directory name.
# If is top directory, use repo name instead.
path = att.path
if path == '/':
repo = get_repo(att.repo_id)
if not repo:
# TODO: what should we do here, tell user the repo
# is no longer exists?
continue
att.name = repo.name
else:
# cut out last '/'
if path[-1] == '/':
path = path[:-1]
att.name = os.path.basename(path)
msg.attachment = att
contacts = Contact.objects.filter(user_email=request.user.username)
return render_to_response("group/group_info.html", {
"managers": managers,
"common_members": common_members,
"members": members,
"repos": repos,
"group_id": group_id,
"group" : group,
"is_staff": is_staff,
"is_join": joined,
"group_msgs": group_msgs,
"form": form,
'current_page': current_page,
'prev_page': current_page-1,
'next_page': current_page+1,
'per_page': per_page,
'page_next': page_next,
'create_shared_repo': True,
'contacts': contacts,
'group_members_default_display': GROUP_MEMBERS_DEFAULT_DISPLAY,
}, context_instance=RequestContext(request));
def is_group_staff(group, user):
if user.is_anonymous():
return False
return seaserv.check_group_staff(group.id, user.username)
def _decorated(request, *args, **kwargs):
group_id = int(kwargs.get('group_id', '0')) # Checked by URL Conf
if check_group_staff(group_id, request.user.username):
return func(request, *args, **kwargs)
raise Http404
def is_group_admin(group_id, email):
return seaserv.check_group_staff(group_id, email)
def render_group_info(request, group_id, form):
group_id_int = int(group_id) # Checkeb by URL Conf
# remove user notifications
UserNotification.objects.filter(to_user=request.user.username,
msg_type='group_msg',
detail=str(group_id)).delete()
group = get_group(group_id_int)
if not group:
return HttpResponseRedirect(reverse('group_list', args=[]))
# Get all group members.
members = get_group_members(group_id_int)
# Check whether user belongs to the group.
joined = is_group_user(group_id_int, request.user.username)
if not joined and not request.user.is_staff:
# Return group public info page.
return render_to_response('group/group_pubinfo.html', {
'members': members,
'group': group,
}, context_instance=RequestContext(request))
is_staff = True if check_group_staff(group.id, request.user) else False
org = request.user.org
if org:
repos = get_org_group_repos(org['org_id'], group_id_int,
request.user.username)
else:
repos = get_group_repos(group_id_int, request.user.username)
recent_commits = []
cmt_repo_dict = {}
for repo in repos:
repo.user_perm = check_permission(repo.props.id, request.user.username)
cmmts = get_commits(repo.props.id, 0, 10)
for c in cmmts:
cmt_repo_dict[c.id] = repo
recent_commits += cmmts
recent_commits.sort(lambda x, y : cmp(y.props.ctime, x.props.ctime))
recent_commits = recent_commits[:15]
for cmt in recent_commits:
cmt.repo = cmt_repo_dict[cmt.id]
cmt.repo.password_set = is_passwd_set(cmt.props.repo_id,
request.user.username)
cmt.tp = cmt.props.desc.split(' ')[0]
return render_to_response("group/group_info.html", {
"members": members,
"repos": repos,
"recent_commits": recent_commits,
"group_id": group_id,
"group" : group,
"is_staff": is_staff,
"is_join": joined,
"form": form,
'create_shared_repo': True,
'group_members_default_display': GROUP_MEMBERS_DEFAULT_DISPLAY,
}, context_instance=RequestContext(request));
def delete(self, request, repo_id, format=None):
if not seafile_api.get_repo(repo_id):
return api_error(status.HTTP_400_BAD_REQUEST,
'Library does not exist')
username = request.user.username
share_type = request.GET.get('share_type', None)
if share_type == 'personal':
from_email = request.GET.get('from', None)
if not is_valid_username(from_email):
return api_error(status.HTTP_400_BAD_REQUEST,
'Invalid argument')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, repo_id, from_email, username)
else:
seaserv.remove_share(repo_id, from_email, username)
elif share_type == 'group':
from_email = request.GET.get('from', None)
if not is_valid_username(from_email):
return api_error(status.HTTP_400_BAD_REQUEST,
'Invalid argument')
group_id = request.GET.get('group_id', None)
group = seaserv.get_group(group_id)
if not group:
return api_error(status.HTTP_400_BAD_REQUEST,
'Group does not exist')
if not seaserv.check_group_staff(group_id, username) and \
not seafile_api.is_repo_owner(username, repo_id):
return api_error(status.HTTP_403_FORBIDDEN,
'Permission denied')
if seaserv.is_org_group(group_id):
org_id = seaserv.get_org_id_by_group(group_id)
seaserv.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, from_email)
elif share_type == 'public':
if is_org_context(request):
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
is_org_repo_owner = True if org_repo_owner == username else False
if not request.user.org.is_staff and not is_org_repo_owner:
return api_error(status.HTTP_403_FORBIDDEN,
'Permission denied')
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(
org_id, repo_id)
else:
if not seafile_api.is_repo_owner(username, repo_id) and \
not request.user.is_staff:
return api_error(status.HTTP_403_FORBIDDEN,
'Permission denied')
seaserv.unset_inner_pub_repo(repo_id)
else:
return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument')
return Response({'success': True}, status=status.HTTP_200_OK)
return render_error(request, _('Wiki root path is missing.'))
try:
dirs = seafserv_threaded_rpc.list_dir(dir_id)
except SearpcError, e:
return render_error(request, _('Failed to list wiki directories.'))
pages = []
for e in dirs:
if stat.S_ISDIR(e.mode):
continue # skip directories
name, ext = os.path.splitext(e.obj_name)
if ext == '.md':
pages.append(name)
is_staff = True if check_group_staff(group.id, request.user) else False
return render_to_response("group/group_wiki_pages.html", {
"group": group,
"pages": pages,
"is_staff": is_staff,
}, context_instance=RequestContext(request))
@login_required
@group_check
def group_wiki_create(request, group):
if request.method != 'POST':
raise Http404
content_type = 'application/json; charset=utf-8'
def delete(self, request, repo_id, format=None):
if not seafile_api.get_repo(repo_id):
return api_error(status.HTTP_400_BAD_REQUEST, 'Library does not exist')
username = request.user.username
share_type = request.GET.get('share_type', None)
if share_type == 'personal':
from_email = request.GET.get('from', None)
if not is_valid_username(from_email):
return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_remove_share(org_id,
repo_id,
from_email,
username)
else:
seaserv.remove_share(repo_id, from_email, username)
elif share_type == 'group':
from_email = request.GET.get('from', None)
if not is_valid_username(from_email):
return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument')
group_id = request.GET.get('group_id', None)
group = seaserv.get_group(group_id)
if not group:
return api_error(status.HTTP_400_BAD_REQUEST, 'Group does not exist')
if not seaserv.check_group_staff(group_id, username) and \
not seafile_api.is_repo_owner(username, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied')
if seaserv.is_org_group(group_id):
org_id = seaserv.get_org_id_by_group(group_id)
seaserv.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, from_email)
elif share_type == 'public':
if is_org_context(request):
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
is_org_repo_owner = True if org_repo_owner == username else False
if not request.user.org.is_staff and not is_org_repo_owner:
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied')
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id,
repo_id)
else:
if not seafile_api.is_repo_owner(username, repo_id) and \
not request.user.is_staff:
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied')
seaserv.unset_inner_pub_repo(repo_id)
else:
return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument')
return Response({'success': True}, status=status.HTTP_200_OK)
