def upload_file_done(request): """Send a message when a file is uploaded. Arguments: - `request`: """ ct = 'application/json; charset=utf-8' result = {} filename = request.GET.get('fn', '') if not filename: result['error'] = _('Argument missing') return HttpResponse(json.dumps(result), status=400, content_type=ct) repo_id = request.GET.get('repo_id', '') if not repo_id: result['error'] = _('Argument missing') return HttpResponse(json.dumps(result), status=400, content_type=ct) path = request.GET.get('p', '') if not path: result['error'] = _('Argument missing') return HttpResponse(json.dumps(result), status=400, content_type=ct) # a few checkings if not seafile_api.get_repo(repo_id): result['error'] = _('Wrong repo id') return HttpResponse(json.dumps(result), status=400, content_type=ct) # get upload link share creator token = request.GET.get('token', '') if not token: result['error'] = _('Argument missing') return HttpResponse(json.dumps(result), status=400, content_type=ct) uls = UploadLinkShare.objects.get_valid_upload_link_by_token(token) if uls is None: result['error'] = _('Bad upload link token.') return HttpResponse(json.dumps(result), status=400, content_type=ct) creator = uls.username file_path = path.rstrip('/') + '/' + filename if seafile_api.get_file_id_by_path(repo_id, file_path) is None: result['error'] = _('File does not exist') return HttpResponse(json.dumps(result), status=400, content_type=ct) # send singal upload_file_successful.send(sender=None, repo_id=repo_id, file_path=file_path, owner=creator) return HttpResponse(json.dumps({'success': True}), content_type=ct)
def upload_file_done(request): """Send a message when a file is uploaded. Arguments: - `request`: """ ct = 'application/json; charset=utf-8' result = {} filename = request.GET.get('fn', '') if not filename: result['error'] = _('Argument missing') return HttpResponse(json.dumps(result), status=400, content_type=ct) repo_id = request.GET.get('repo_id', '') if not repo_id: result['error'] = _('Argument missing') return HttpResponse(json.dumps(result), status=400, content_type=ct) path = request.GET.get('p', '') if not path: result['error'] = _('Argument missing') return HttpResponse(json.dumps(result), status=400, content_type=ct) # a few checkings if not seafile_api.get_repo(repo_id): result['error'] = _('Wrong repo id') return HttpResponse(json.dumps(result), status=400, content_type=ct) owner = seafile_api.get_repo_owner(repo_id) if not owner: result['error'] = _('Wrong repo id') return HttpResponse(json.dumps(result), status=400, content_type=ct) file_path = path.rstrip('/') + '/' + filename if seafile_api.get_file_id_by_path(repo_id, file_path) is None: result['error'] = _('File does not exist') return HttpResponse(json.dumps(result), status=400, content_type=ct) # send singal upload_file_successful.send(sender=None, repo_id=repo_id, file_path=file_path, owner=owner) return HttpResponse(json.dumps({'success': True}), content_type=ct)
def post(self, request, token): """ Only used for saving notification after user upload file via folder share link and upload link. Permission checking: 1, If enable SHARE_LINK_LOGIN_REQUIRED, user must have been authenticated. 2, If enable ENABLE_SHARE_LINK_AUDIT, user must have been authenticated, or have been audited. 3, If share link is encrypted, share link password must have been checked. 4, Share link must be a folder share link and has can_upload permission. """ # resource check share_link = None upload_link = None try: share_link = FileShare.objects.get(token=token) except FileShare.DoesNotExist: upload_link = UploadLinkShare.objects.get(token=token) except UploadLinkShare.DoesNotExist: error_msg = 'token %s not found.' % token return api_error(status.HTTP_404_NOT_FOUND, error_msg) if share_link: # check if login required if SHARE_LINK_LOGIN_REQUIRED and \ not request.user.is_authenticated: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check share link audit if is_pro_version() and ENABLE_SHARE_LINK_AUDIT and \ not request.user.is_authenticated and \ not request.session.get('anonymous_email'): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check share link validation if share_link.is_encrypted() and not check_share_link_access(request, token): error_msg = 'Share link is encrypted.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not share_link.get_permissions()['can_upload']: error_msg = 'Share link has no can_upload permission' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if share_link.is_expired(): error_msg = 'Share link is expired' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not share_link.is_dir_share_link(): error_msg = 'Share link %s is not a folder share link.' % token return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # recourse check repo_id = share_link.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) parent_dir = share_link.path if seafile_api.check_permission_by_path(repo_id, parent_dir, share_link.username) != 'rw': error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) file_path = request.data.get('file_path') if not file_path: error_msg = 'file_path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) file_id = seafile_api.get_file_id_by_path(repo_id, file_path) if not file_id: error_msg = 'File %s not found.' % file_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) # send singal upload_file_successful.send(sender=None, repo_id=repo_id, file_path=file_path, owner=share_link.username) return Response({'success': True}) if upload_link: if upload_link.is_encrypted() and not check_share_link_access(request, token, is_upload_link=True): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if upload_link.is_expired(): error_msg = 'Upload link is expired' return api_error(status.HTTP_403_FORBIDDEN, error_msg) repo_id = upload_link.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) parent_dir = upload_link.path if seafile_api.check_permission_by_path(repo_id, parent_dir, upload_link.username) != 'rw': error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) file_path = request.data.get('file_path') if not file_path: error_msg = 'file_path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) file_id = seafile_api.get_file_id_by_path(repo_id, file_path) if not file_id: error_msg = 'File %s not found.' % file_path return api_error(status.HTTP_404_NOT_FOUND, error_msg) upload_file_successful.send(sender=None, repo_id=repo_id, file_path=file_path, owner=upload_link.username) return Response({'success': True})