def get(self, request, format=None):
repo_id = request.repo_api_token_obj.repo_id
# recourse check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
parent_dir = request.GET.get('path', '/')
dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
if not dir_id:
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if check_folder_permission_by_repo_api(request, repo_id,
parent_dir) != 'rw':
return api_error(
status.HTTP_403_FORBIDDEN,
'You do not have permission to access this folder.')
if check_quota(repo_id) < 0:
return api_error(HTTP_443_ABOVE_QUOTA, "Out of quota.")
obj_data = {'parent_dir': parent_dir}
if is_pro_version():
obj_data['anonymous_user'] = request.repo_api_token_obj.app_name
obj_id = json.dumps(obj_data)
token = seafile_api.get_fileserver_access_token(repo_id,
obj_id,
'upload',
'',
use_onetime=False)
if not token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
req_from = request.GET.get('from', 'api')
if req_from == 'api':
try:
replace = to_python_boolean(request.GET.get('replace', '0'))
except ValueError:
replace = False
url = gen_file_upload_url(token, 'upload-api', replace)
elif req_from == 'web':
url = gen_file_upload_url(token, 'upload-aj')
else:
error_msg = 'from invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
return Response(url)
def get_upload_url(request, repo_id):
username = request.user.username
if get_user_permission(request, repo_id) == "rw":
token = seafile_api.get_httpserver_access_token(repo_id, "dummy", "upload", username)
return gen_file_upload_url(token, "upload")
else:
return ""
def get_update_url(self):
if get_user_permission(self.request, self.repo_id) == 'rw':
token = web_get_access_token(self.repo_id, 'dummy', 'update',
self.request.user.username)
return gen_file_upload_url(token, 'update')
else:
return ''
def get(self, request, workspace_id):
"""get table file upload link
"""
# argument check
table_name = request.GET.get('name', None)
if not table_name:
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
owner = workspace.owner
if username != owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
token = seafile_api.get_fileserver_access_token(repo_id,
'dummy',
'upload',
'',
use_onetime=False)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
upload_link = gen_file_upload_url(token, 'upload-api')
# create asset dir
asset_dir_path = '/asset/' + str(dtable.uuid)
asset_dir_id = seafile_api.get_dir_id_by_path(repo_id, asset_dir_path)
if not asset_dir_id:
seafile_api.mkdir_with_parents(repo_id, '/', asset_dir_path[1:],
owner)
dtable.modifier = username
dtable.save()
res = dict()
res['upload_link'] = upload_link
res['parent_path'] = asset_dir_path
return Response(res)
def post(self, request, file_id, format=None):
token = request.GET.get('access_token', None)
request_user, repo_id, file_path = get_file_info_by_token(token=token)
try:
file_obj = request.read()
# get file update url
token = seafile_api.get_fileserver_access_token(
repo_id, 'dummy', 'update', request_user)
update_url = gen_file_upload_url(token, 'update-api')
# update file
files = {
'file': file_obj,
'file_name': os.path.basename(file_path),
'target_file': file_path,
}
requests.post(update_url, files=files)
except Exception as e:
logger.error(e)
return HttpResponse(json.dumps({}),
status=500,
content_type=json_content_type)
return HttpResponse(json.dumps({}),
status=200,
content_type=json_content_type)
def get(self, request):
if not request.user.admin_permissions.can_manage_library():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
# argument check
req_from = request.GET.get('from', 'web')
if req_from not in ('web', 'api'):
error_msg = 'from invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
try:
repo_id = seafile_api.get_system_default_repo_id()
repo = seafile_api.get_repo(repo_id)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
parent_dir = request.GET.get('path', '/')
parent_dir = normalize_dir_path(parent_dir)
dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
if not dir_id:
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
obj_id = json.dumps({'parent_dir': parent_dir})
token = seafile_api.get_fileserver_access_token(repo_id,
obj_id, 'upload', 'system', use_onetime=False)
if not token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if req_from == 'api':
url = gen_file_upload_url(token, 'upload-api')
else:
url = gen_file_upload_url(token, 'upload-aj')
result = {}
result['upload_link'] = url
return Response(result)
def get(self, request, token):
# resource check
form_obj = DTableForms.objects.get_form_by_token(token)
if not form_obj:
error_msg = 'Form %s not found.' % token
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
workspace_id = form_obj.workspace_id
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
dtable_uuid = form_obj.dtable_uuid
dtable = DTables.objects.get_dtable_by_uuid(dtable_uuid)
if not dtable:
error_msg = 'Table %s not found.' % dtable_uuid
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if not check_form_submit_permission(request, form_obj):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if not check_user_workspace_quota(workspace):
error_msg = 'Asset quota exceeded.'
return api_error(HTTP_443_ABOVE_QUOTA, error_msg)
# create asset dir
asset_dir_path = '/asset/' + str(dtable.uuid)
asset_dir_id = seafile_api.get_dir_id_by_path(repo_id, asset_dir_path)
if not asset_dir_id:
seafile_api.mkdir_with_parents(repo_id, '/', asset_dir_path[1:],
'')
# get token
obj_id = json.dumps({'parent_dir': asset_dir_path})
try:
token = seafile_api.get_fileserver_access_token(repo_id,
obj_id,
'upload',
'',
use_onetime=False)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
upload_link = gen_file_upload_url(token, 'upload-api')
res = dict()
res['upload_link'] = upload_link
res['parent_path'] = asset_dir_path
res['img_relative_path'] = FORM_UPLOAD_IMG_RELATIVE_PATH
res['file_relative_path'] = os.path.join(UPLOAD_FILE_RELATIVE_PATH,
str(datetime.today())[:7])
return Response(res)
def get_upload_url(request, repo_id):
username = request.user.username
if check_repo_access_permission(repo_id, request.user) == 'rw':
token = seafile_api.get_fileserver_access_token(
repo_id, 'dummy', 'upload', username)
return gen_file_upload_url(token, 'upload')
else:
return ''
def get_upload_url(request, repo_id):
username = request.user.username
if check_folder_permission(request, repo_id, '/') == 'rw':
token = seafile_api.get_fileserver_access_token(repo_id, 'dummy',
'upload', username)
return gen_file_upload_url(token, 'upload')
else:
return ''
def get_update_url(self):
if get_user_permission(self.request, self.repo_id) == 'rw':
token = web_get_access_token(self.repo_id,
'dummy', 'update',
self.request.user.username)
return gen_file_upload_url(token, 'update')
else:
return ''
def get_update_url(request, repo_id):
username = request.user.username
if get_user_permission(request, repo_id) == 'rw':
token = seafile_api.get_httpserver_access_token(repo_id, 'dummy',
'update', username)
return gen_file_upload_url(token, 'update')
else:
return ''
def get_api_update_url(request, repo_id):
username = request.user.username
if get_user_permission(request, repo_id) == 'rw':
token = seafile_api.get_httpserver_access_token(
repo_id, 'dummy', 'update', username)
return gen_file_upload_url(token, 'update-api')
else:
return ''
def view_shared_upload_link(request, token):
assert token is not None # Checked by URLconf
uploadlink = UploadLinkShare.objects.get_valid_upload_link_by_token(token)
if uploadlink is None:
raise Http404
if uploadlink.is_encrypted():
if not check_share_link_access(request.user.username, token):
d = {"token": token, "view_name": "view_shared_upload_link"}
if request.method == "POST":
post_values = request.POST.copy()
post_values["enc_password"] = uploadlink.password
form = SharedLinkPasswordForm(post_values)
d["form"] = form
if form.is_valid():
# set cache for non-anonymous user
if request.user.is_authenticated():
set_share_link_access(request.user.username, token)
else:
return render_to_response(
"share_access_validation.html", d, context_instance=RequestContext(request)
)
else:
return render_to_response("share_access_validation.html", d, context_instance=RequestContext(request))
username = uploadlink.username
repo_id = uploadlink.repo_id
path = uploadlink.path
dir_name = os.path.basename(path[:-1])
repo = get_repo(repo_id)
if not repo:
raise Http404
uploadlink.view_cnt = F("view_cnt") + 1
uploadlink.save()
no_quota = True if seaserv.check_quota(repo_id) < 0 else False
token = seafile_api.get_fileserver_access_token(repo_id, "dummy", "upload", request.user.username)
ajax_upload_url = gen_file_upload_url(token, "upload-aj")
return render_to_response(
"view_shared_upload_link.html",
{
"repo": repo,
"token": token,
"path": path,
"username": username,
"dir_name": dir_name,
"max_upload_file_size": seaserv.MAX_UPLOAD_FILE_SIZE,
"no_quota": no_quota,
"ajax_upload_url": ajax_upload_url,
"uploadlink": uploadlink,
},
context_instance=RequestContext(request),
)
def view_shared_upload_link(request, token):
assert token is not None # Checked by URLconf
uploadlink = UploadLinkShare.objects.get_valid_upload_link_by_token(token)
if uploadlink is None:
raise Http404
if uploadlink.is_encrypted():
if not check_share_link_access(request.user.username, token):
d = {'token': token, 'view_name': 'view_shared_upload_link', }
if request.method == 'POST':
post_values = request.POST.copy()
post_values['enc_password'] = uploadlink.password
form = SharedLinkPasswordForm(post_values)
d['form'] = form
if form.is_valid():
# set cache for non-anonymous user
if request.user.is_authenticated():
set_share_link_access(request.user.username, token)
else:
return render_to_response('share_access_validation.html', d,
context_instance=RequestContext(request))
else:
return render_to_response('share_access_validation.html', d,
context_instance=RequestContext(request))
username = uploadlink.username
repo_id = uploadlink.repo_id
path = uploadlink.path
dir_name = os.path.basename(path[:-1])
repo = get_repo(repo_id)
if not repo:
raise Http404
uploadlink.view_cnt = F('view_cnt') + 1
uploadlink.save()
no_quota = True if seaserv.check_quota(repo_id) < 0 else False
token = seafile_api.get_fileserver_access_token(repo_id, 'dummy',
'upload', request.user.username)
ajax_upload_url = gen_file_upload_url(token, 'upload-aj')
return render_to_response('view_shared_upload_link.html', {
'repo': repo,
'token': token,
'path': path,
'username': username,
'dir_name': dir_name,
'max_upload_file_size': seaserv.MAX_UPLOAD_FILE_SIZE,
'no_quota': no_quota,
'ajax_upload_url': ajax_upload_url,
'uploadlink': uploadlink,
'enable_upload_folder': ENABLE_UPLOAD_FOLDER,
}, context_instance=RequestContext(request))
def get_ajax_update_url(request, repo_id):
"""Get file upload url for AJAX.
"""
username = request.user.username
if check_repo_access_permission(repo_id, request.user) == 'rw':
token = seafile_api.get_httpserver_access_token(repo_id, 'dummy',
'update', username)
return gen_file_upload_url(token, 'update-aj')
else:
return ''
def get(self, request):
# argument check
req_from = request.GET.get('from', 'web')
if req_from not in ('web', 'api'):
error_msg = 'from invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
try:
repo_id = seafile_api.get_system_default_repo_id()
repo = seafile_api.get_repo(repo_id)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
parent_dir = request.GET.get('path', '/')
parent_dir = normalize_dir_path(parent_dir)
dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
if not dir_id:
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
token = seafile_api.get_fileserver_access_token(repo_id,
'dummy', 'upload', 'system', use_onetime=False)
if not token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if req_from == 'api':
url = gen_file_upload_url(token, 'upload-api')
else:
url = gen_file_upload_url(token, 'upload-aj')
result = {}
result['upload_link'] = url
return Response(result)
def get_api_upload_url(request, repo_id):
"""Get file upload url for web api.
"""
username = request.user.username
if get_user_permission(request, repo_id) == 'rw':
token = seafile_api.get_httpserver_access_token(repo_id, 'dummy',
'upload', username)
return gen_file_upload_url(token, 'upload-api')
else:
return ''
def get_ajax_upload_url(request, repo_id):
"""Get file upload url for AJAX.
"""
username = request.user.username
if get_user_permission(request, repo_id) == 'rw':
token = seafile_api.get_httpserver_access_token(
repo_id, 'dummy', 'upload', username)
return gen_file_upload_url(token, 'upload-aj')
else:
return ''
def get_blks_update_url(request, repo_id):
"""
Get update url for encrypted file (uploaded in blocks)
"""
username = request.user.username
if get_user_permission(request, repo_id) == "rw":
token = seafserv_rpc.web_get_access_token(repo_id, "dummy", "update-blks", request.user.username)
return gen_file_upload_url(token, "update-blks-api").replace("api", "aj")
else:
return ""
def get(self, request, workspace_id):
"""get table file update link
"""
# argument check
table_name = request.GET.get('name', None)
if not table_name:
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
owner = workspace.owner
if '@seafile_group' in owner:
group_id = int(owner.split('@')[0])
if not is_group_member(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
if username != owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
token = seafile_api.get_fileserver_access_token(repo_id,
'dummy',
'update',
username,
use_onetime=False)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
dtable.modifier = username
dtable.save()
url = gen_file_upload_url(token, 'update-api')
return Response(url)
def view_shared_upload_link(request, token):
assert token is not None # Checked by URLconf
uploadlink = UploadLinkShare.objects.get_valid_upload_link_by_token(token)
if uploadlink is None:
raise Http404
if uploadlink.is_encrypted():
if not check_share_link_access(request.user.username, token):
d = {'token': token, 'view_name': 'view_shared_upload_link', }
if request.method == 'POST':
post_values = request.POST.copy()
post_values['enc_password'] = uploadlink.password
form = SharedLinkPasswordForm(post_values)
d['form'] = form
if form.is_valid():
# set cache for non-anonymous user
if request.user.is_authenticated():
set_share_link_access(request.user.username, token)
else:
return render_to_response('share_access_validation.html', d,
context_instance=RequestContext(request))
else:
return render_to_response('share_access_validation.html', d,
context_instance=RequestContext(request))
username = uploadlink.username
repo_id = uploadlink.repo_id
path = uploadlink.path
dir_name = os.path.basename(path[:-1])
repo = get_repo(repo_id)
if not repo:
raise Http404
uploadlink.view_cnt = F('view_cnt') + 1
uploadlink.save()
no_quota = True if seaserv.check_quota(repo_id) < 0 else False
token = seafile_api.get_fileserver_access_token(repo_id, 'dummy',
'upload', request.user.username)
ajax_upload_url = gen_file_upload_url(token, 'upload-aj')
return render_to_response('view_shared_upload_link.html', {
'repo': repo,
'token': token,
'path': path,
'username': username,
'dir_name': dir_name,
'max_upload_file_size': seaserv.MAX_UPLOAD_FILE_SIZE,
'no_quota': no_quota,
'ajax_upload_url': ajax_upload_url,
'uploadlink': uploadlink,
}, context_instance=RequestContext(request))
def get_blks_update_url(request, repo_id):
'''
Get update url for encrypted file (uploaded in blocks)
'''
username = request.user.username
if check_repo_access_permission(repo_id, request.user) == 'rw':
token = seafile_api.get_httpserver_access_token(repo_id, 'dummy',
'update-blks', username)
return gen_file_upload_url(token, 'update-blks-aj')
else:
return ''
def get_blks_update_url(request, repo_id):
'''
Get update url for encrypted file (uploaded in blocks)
'''
username = request.user.username
if get_user_permission(request, repo_id) == 'rw':
token = seafile_api.get_httpserver_access_token(
repo_id, 'dummy', 'update-blks', username)
return gen_file_upload_url(token, 'update-blks-aj')
else:
return ''
def get_blks_update_url(request, repo_id):
'''
Get update url for encrypted file (uploaded in blocks)
'''
if get_user_permission(request, repo_id) == 'rw':
token = seafserv_rpc.web_get_access_token(repo_id, 'dummy',
'update-blks',
request.user.username)
return gen_file_upload_url(token,
'update-blks-api').replace('api', 'aj')
else:
return ''
def get(self, request, repo_id, format=None):
if check_permission(repo_id, request.user.username) != 'rw':
return api_error(status.HTTP_403_FORBIDDEN, "Can not access repo")
if check_quota(repo_id) < 0:
return api_error(HTTP_520_OPERATION_FAILED, 'Above quota')
token = seafserv_rpc.web_get_access_token(repo_id, 'dummy', 'update',
request.user.username)
url = gen_file_upload_url(token, 'update-api')
return Response(url)
def onlyoffice_editor_callback(request):
#request.body:
# {"key":"Khirz6zTPdfd7","status":1,
# "users":["uid-1488351242769"],
# "actions":[{"type":1,"userid":"uid-1488351242769"}]}
# "key":"Khirz6zTPdfd8","status":2,"url":"https://13.113.111.2/cache/files/Khirz6zTPdfd8_6379/output.docx/output.docx?md5=5oL0qGUqXw72D85f28JaFg==&expires=1488956681&disposition=attachment&ooname=output.docx","changesurl":"https://13.113.111.2/cache/files/Khirz6zTPdfd8_6379/changes.zip/changes.zip?md5=vx3VYwaPEOxtZDA_3yuVrg==&expires=1488956681&disposition=attachment&ooname=output.zip","history":{"serverVersion":"4.2.10","changes":[{"created":"2017-03-01 07:03:11","user":{"id":"uid-1488351774447","name":"Anonymous"}}]},"users":["uid-1488351774447"],"actions":[{"type":0,"userid":"uid-1488351774447"}]}
logger.debug(request.body)
if request.method != 'POST':
return HttpResponse('{"error": 0}')
post_data = json.loads(request.body)
status = int(post_data.get('status', -1))
if status == 2: # document is ready for saving
# the link to the edited document to be saved with the document storage
# service. The link is present when the status value is equal to 2 or 3 only.
url = post_data.get('url')
context = None
if VERIFY_ONLYOFFICE_CERTIFICATE is False:
import ssl
context = ssl._create_unverified_context()
try:
file_content = urllib2.urlopen(url, context=context).read()
except urllib2.URLError as e:
logger.error(e)
else:
# update file
doc_key = post_data.get('key')
doc_info = json.loads(cache.get("ONLYOFFICE_%s" % doc_key))
repo_id = doc_info['repo_id']
file_path = doc_info['file_path']
username = doc_info['username']
update_token = seafile_api.get_fileserver_access_token(repo_id,
'dummy', 'update', username)
if not update_token:
return HttpResponse('{"error": 0}')
update_url = gen_file_upload_url(update_token, 'update-api')
files = {
'file': file_content,
'file_name': os.path.basename(file_path),
'target_file': file_path,
}
requests.post(update_url, files=files)
logger.info('%s updated by %s' % (repo_id + file_path, username))
return HttpResponse('{"error": 0}')
def get_blks_update_url(request, repo_id):
'''
Get update url for encrypted file (uploaded in blocks)
'''
if get_user_permission(request, repo_id) == 'rw':
token = seafserv_rpc.web_get_access_token(repo_id,
'dummy',
'update-blks',
request.user.username)
return gen_file_upload_url(token, 'update-blks-api').replace('api', 'aj')
else:
return ''
def get(self, request, workspace_id):
"""get table file update link
Permission:
1. owner
2. group member
3. shared user with `rw` or `admin` permission
"""
# argument check
table_name = request.GET.get('name', None)
if not table_name:
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
owner = workspace.owner
if not check_dtable_permission(username, owner) and \
check_dtable_share_permission(dtable, username) not in WRITE_PERMISSION_TUPLE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
try:
token = seafile_api.get_fileserver_access_token(repo_id, 'dummy', 'update',
username, use_onetime=False)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
dtable.modifier = username
dtable.save()
url = gen_file_upload_url(token, 'update-api')
return Response(url)
def get(self, request, repo_id, format=None):
if check_permission(repo_id, request.user.username) != 'rw':
return api_error(status.HTTP_403_FORBIDDEN, "Can not access repo")
if check_quota(repo_id) < 0:
return api_error(HTTP_520_OPERATION_FAILED, 'Above quota')
token = seafserv_rpc.web_get_access_token(repo_id,
'dummy',
'update',
request.user.username)
url = gen_file_upload_url(token, 'update-api')
return Response(url)
def get(self, request, token):
""" Get file upload url according to upload link token.
Permission checking:
1. anyone has the upload link token can perform this action;
"""
try:
uls = UploadLinkShare.objects.get(token=token)
except UploadLinkShare.DoesNotExist:
error_msg = 'token %s not found.' % token
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# currently not support encrypted upload link
if uls.is_encrypted():
error_msg = 'Upload link %s is encrypted.' % token
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
repo_id = uls.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = uls.path
dir_id = seafile_api.get_dir_id_by_path(repo_id, path)
if not dir_id:
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if repo.encrypted or \
seafile_api.check_permission_by_path(repo_id, '/', uls.username) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
obj_id = json.dumps({'parent_dir': path})
token = seafile_api.get_fileserver_access_token(repo_id,
obj_id,
'upload-link',
uls.username,
use_onetime=False)
if not token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
result = {}
result['upload_link'] = gen_file_upload_url(token, 'upload-api')
return Response(result)
def get(self, request, repo_id, format=None):
repo = get_repo(repo_id)
if check_permission(repo_id, request.user.username) == 'rw':
token = seafserv_rpc.web_get_access_token(repo_id,
'dummy',
'upload',
request.user.username)
else:
return api_error('403')
if request.cloud_mode and seafserv_threaded_rpc.check_quota(repo_id) < 0:
return api_error('413')
upload_url = gen_file_upload_url(token, 'upload')
return Response(upload_url)
def get(self, request, repo_id):
repo = get_repo(repo_id)
if check_permission(repo_id, request.user.username) == 'rw':
token = seafserv_rpc.web_get_access_token(repo_id,
'dummy',
'upload',
request.user.username)
else:
return api_error(request, '403')
if request.cloud_mode and seafserv_threaded_rpc.check_quota(repo_id) < 0:
return api_error(request, '413')
upload_url = gen_file_upload_url(token, 'upload')
return HttpResponse(json.dumps(upload_url), status=200,
content_type=json_content_type)
def get(self, request, token):
""" Get file upload url according to upload link token.
Permission checking:
1. anyone has the upload link token can perform this action;
"""
try:
uls = UploadLinkShare.objects.get(token=token)
except UploadLinkShare.DoesNotExist:
error_msg = 'token %s not found.' % token
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# currently not support encrypted upload link
if uls.is_encrypted():
error_msg = 'Upload link %s is encrypted.' % token
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
repo_id = uls.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = uls.path
dir_id = seafile_api.get_dir_id_by_path(repo_id, path)
if not dir_id:
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if repo.encrypted or \
seafile_api.check_permission_by_path(repo_id, '/', uls.username) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
token = seafile_api.get_fileserver_access_token(repo_id,
dir_id, 'upload-link', uls.username, use_onetime=False)
if not token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
result = {}
result['upload_link'] = gen_file_upload_url(token, 'upload-api')
return Response(result)
def get(self, request, token):
""" Get FileServer url of the shared folder.
Permission checking:
1. only admin can perform this action.
"""
if not request.user.admin_permissions.other_permission():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
try:
uploadlink = UploadLinkShare.objects.get(token=token)
except UploadLinkShare.DoesNotExist:
error_msg = 'Upload link %s not found.' % token
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = uploadlink.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library not found.'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = uploadlink.path
dir_id = seafile_api.get_dir_id_by_path(repo_id, path)
if not dir_id:
error_msg = 'Folder not found.'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
obj_id = json.dumps({'parent_dir': path})
upload_token = seafile_api.get_fileserver_access_token(
repo_id,
obj_id,
'upload-link',
uploadlink.username,
use_onetime=False)
if not upload_token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
result = {}
result['upload_link'] = gen_file_upload_url(upload_token, 'upload-api')
return Response(result)
def get_file_upload_url_ul(request, token):
"""Get file upload url in dir upload link.
Arguments:
- `request`:
- `token`:
"""
if not request.is_ajax():
raise Http404
content_type = 'application/json; charset=utf-8'
uls = UploadLinkShare.objects.get_valid_upload_link_by_token(token)
if uls is None:
return HttpResponse(json.dumps({"error": _("Bad upload link token.")}),
status=400, content_type=content_type)
repo_id = uls.repo_id
r = request.GET.get('r', '')
if repo_id != r: # perm check
return HttpResponse(json.dumps({"error": _("Bad repo id in upload link.")}),
status=403, content_type=content_type)
username = request.user.username or request.session.get('anonymous_email') or ''
args = [repo_id, json.dumps({'anonymous_user': username}), 'upload', '']
kwargs = {
'use_onetime': False,
}
if (is_pro_version() and dj_settings.ENABLE_UPLOAD_LINK_VIRUS_CHECK):
kwargs.update({'check_virus': True})
try:
acc_token = seafile_api.get_fileserver_access_token(*args, **kwargs)
except SearpcError as e:
logger.error(e)
return HttpResponse(json.dumps({"error": _("Internal Server Error")}),
status=500, content_type=content_type)
url = gen_file_upload_url(acc_token, 'upload-aj')
return HttpResponse(json.dumps({"url": url}), content_type=content_type)
def get(self, request, token):
""" Get FileServer url of the shared folder.
Permission checking:
1. only admin can perform this action.
"""
try:
uploadlink = UploadLinkShare.objects.get(token=token)
except UploadLinkShare.DoesNotExist:
error_msg = 'Upload link %s not found.' % token
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = uploadlink.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library not found.'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = uploadlink.path
obj_id = seafile_api.get_dir_id_by_path(repo_id, path)
if not obj_id:
error_msg = 'Folder not found.'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
upload_token = seafile_api.get_fileserver_access_token(repo_id,
obj_id, 'upload-link', uploadlink.username, use_onetime=False)
if not upload_token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
result = {}
result['upload_link'] = gen_file_upload_url(upload_token, 'upload-api')
return Response(result)
def post(self, request, workspace_id, name):
# arguments check
path = request.data.get('path')
if not path:
error_msg = 'path is invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
angle = request.data.get('angle')
if not angle or angle not in ('90', '180', '270'):
error_msg = 'angle is invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
angle = {'90': 2, '180': 3, '270': 4}[angle]
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % (workspace_id, )
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, name)
if not dtable:
error_msg = 'Table %s not found.' % (name, )
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
parent_dir = os.path.join('/asset', str(dtable.uuid))
asset_path = os.path.join(parent_dir, path.lstrip('/'))
asset_id = seafile_api.get_file_id_by_path(workspace.repo_id,
asset_path)
if not asset_id:
error_msg = 'Picture %s not found.' % (path, )
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
asset_name = os.path.basename(path)
file_type, _ = get_file_type_and_ext(asset_name)
if file_type != file_types.IMAGE:
error_msg = '%s is not a picture.' % (path, )
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
user = request.user
if check_dtable_permission(user.username, workspace,
dtable) != PERMISSION_READ_WRITE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# get token
try:
token = seafile_api.get_fileserver_access_token(workspace.repo_id,
asset_id,
'view',
'',
use_onetime=False)
except Exception as e:
logger.error('get view token error: %s', e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
asset_url = gen_file_get_url(token, asset_name)
# request pic
try:
response = requests.get(asset_url)
if response.status_code != 200:
logger.error('request asset url: %s response code: %s',
asset_url, response.status_code)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
except Exception as e:
logger.error('request: %s error: %s', asset_url, e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
img = response.content
# get upload link
old_img = Image.open(BytesIO(img))
obj_id = json.dumps({'parent_dir': parent_dir})
try:
token = seafile_api.get_fileserver_access_token(workspace.repo_id,
obj_id,
'upload',
'',
use_onetime=False)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
upload_link = gen_file_upload_url(token, 'upload-api')
# upload
try:
# rotate and save to fp
fp = BytesIO()
content_type = response.headers['Content-Type']
old_img.transpose(angle).save(fp, content_type.split('/')[1])
response = requests.post(
upload_link,
data={
'parent_dir': parent_dir,
'relative_path': os.path.dirname(path.strip('/')),
'replace': 1
},
files={'file': (asset_name, fp.getvalue(), content_type)})
if response.status_code != 200:
logger.error('upload: %s status code: %s', upload_link,
response.status_code)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
except Exception as e:
logger.error('upload rotated image error: %s', e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# remove thumbnails
remove_thumbnail_by_id(asset_id)
return Response({'success': True})
def get(self, request):
"""get file upload link by dtable api token
Permission:
1. valid token
"""
# argument check
auth = request.META.get('HTTP_AUTHORIZATION', '').split()
if not auth or auth[0].lower() != 'token' or len(auth) != 2:
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
api_token = auth[1]
# resource check
try:
api_token_obj = DTableAPIToken.objects.get_by_token(api_token)
if not api_token_obj:
return api_error(status.HTTP_404_NOT_FOUND,
'api token not found.')
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
dtable = api_token_obj.dtable
table_name = dtable.name
workspace_id = dtable.workspace_id
error, workspace, dtable = _resource_check(workspace_id, table_name)
if error:
return error
if not check_user_workspace_quota(workspace):
return api_error(HTTP_443_ABOVE_QUOTA, 'Asset quota exceeded.')
# create asset dir
repo_id = workspace.repo_id
asset_dir_path = '/asset/' + str(dtable.uuid)
asset_dir_id = seafile_api.get_dir_id_by_path(repo_id, asset_dir_path)
if not asset_dir_id:
try:
seafile_api.mkdir_with_parents(repo_id, '/',
asset_dir_path[1:],
api_token_obj.generated_by)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
# get token
obj_id = json.dumps({'parent_dir': asset_dir_path})
try:
token = seafile_api.get_fileserver_access_token(repo_id,
obj_id,
'upload',
'',
use_onetime=False)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
upload_link = gen_file_upload_url(token, 'upload-api')
api_token_obj.update_last_access()
res = dict()
res['upload_link'] = upload_link
res['parent_path'] = asset_dir_path
return Response(res)
def get(self, request, workspace_id):
"""get table file upload link
Permission:
1. owner
2. group member
3. shared user with `rw` or `admin` permission
"""
# argument check
table_name = request.GET.get('name', None)
if not table_name:
error_msg = 'name invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if check_dtable_permission(username, workspace,
dtable) not in WRITE_PERMISSION_TUPLE:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# quota check
if not check_user_workspace_quota(workspace):
error_msg = 'Asset quota exceeded.'
return api_error(HTTP_443_ABOVE_QUOTA, error_msg)
# create asset dir
asset_dir_path = os.path.join('/asset', str(dtable.uuid))
asset_dir_id = seafile_api.get_dir_id_by_path(repo_id, asset_dir_path)
if not asset_dir_id:
seafile_api.mkdir_with_parents(repo_id, '/', asset_dir_path[1:],
username)
# get token
obj_id = json.dumps({'parent_dir': asset_dir_path})
try:
token = seafile_api.get_fileserver_access_token(repo_id,
obj_id,
'upload',
'',
use_onetime=False)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
upload_link = gen_file_upload_url(token, 'upload-api')
dtable.modifier = username
dtable.save()
res = dict()
res['upload_link'] = upload_link
res['parent_path'] = asset_dir_path
res['img_relative_path'] = os.path.join(UPLOAD_IMG_RELATIVE_PATH,
str(datetime.today())[:7])
res['file_relative_path'] = os.path.join(UPLOAD_FILE_RELATIVE_PATH,
str(datetime.today())[:7])
return Response(res)
def post(self, request, repo_id, format=None):
""" Create, rename, move, copy, revert file
Permission checking:
1. create: user with 'rw' permission for current parent dir;
2. rename: user with 'rw' permission for current file;
3. move : user with 'rw' permission for current file, 'rw' permission for dst parent dir;
4. copy : user with 'r' permission for current file, 'rw' permission for dst parent dir;
4. revert: user with 'rw' permission for current file's parent dir;
"""
# argument check
path = request.GET.get('p', None)
if not path or path[0] != '/':
error_msg = 'p invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
operation = request.data.get('operation', None)
if not operation:
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
operation = operation.lower()
if operation not in ('create', 'rename', 'move', 'copy', 'revert'):
error_msg = "operation can only be 'create', 'rename', 'move', 'copy' or 'revert'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
username = request.user.username
parent_dir = os.path.dirname(path)
if operation == 'create':
# resource check
try:
parent_dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if not parent_dir_id:
error_msg = 'Folder %s not found.' % parent_dir
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
if check_folder_permission(request, repo_id, parent_dir) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# create new empty file
new_file_name = os.path.basename(path)
if not is_valid_dirent_name(new_file_name):
return api_error(status.HTTP_400_BAD_REQUEST,
'name invalid.')
new_file_name = check_filename_with_rename(repo_id, parent_dir, new_file_name)
try:
seafile_api.post_empty_file(repo_id, parent_dir, new_file_name, username)
except SearpcError, e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# update office file by template
if new_file_name.endswith('.xlsx'):
empty_file_path = os.path.join(OFFICE_TEMPLATE_ROOT, 'empty.xlsx')
elif new_file_name.endswith('.pptx'):
empty_file_path = os.path.join(OFFICE_TEMPLATE_ROOT, 'empty.pptx')
elif new_file_name.endswith('.docx'):
empty_file_path = os.path.join(OFFICE_TEMPLATE_ROOT, 'empty.docx')
else:
empty_file_path = ''
if empty_file_path:
# get file server update url
update_token = seafile_api.get_fileserver_access_token(
repo_id, 'dummy', 'update', username)
update_url = gen_file_upload_url(update_token, 'update-api')
# update file
try:
requests.post(
update_url,
data={'filename': new_file_name, 'target_file': path},
files={'file': open(empty_file_path, 'rb')}
)
except Exception as e:
logger.error(e)
new_file_path = posixpath.join(parent_dir, new_file_name)
file_info = self.get_file_info(username, repo_id, new_file_path)
return Response(file_info)
def get(self, request, token):
""" Only used for get seafhttp upload link for a folder share link.
Permission checking:
1, If enable SHARE_LINK_LOGIN_REQUIRED, user must have been authenticated.
2, If enable ENABLE_SHARE_LINK_AUDIT, user must have been authenticated, or have been audited.
3, If share link is encrypted, share link password must have been checked.
4, Share link must be a folder share link and has can_upload permission.
"""
# check if login required
if SHARE_LINK_LOGIN_REQUIRED and \
not request.user.is_authenticated():
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check share link audit
if is_pro_version() and ENABLE_SHARE_LINK_AUDIT and \
not request.user.is_authenticated() and \
not request.session.get('anonymous_email'):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# resource check
try:
share_link = FileShare.objects.get(token=token)
except FileShare.DoesNotExist:
error_msg = 'Share link %s not found.' % token
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if share_link.s_type != 'd':
error_msg = 'Share link %s is not a folder share link.' % token
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
repo_id = share_link.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
share_link_path = share_link.path
request_path = request.GET.get('path', '/')
if request_path == '/':
path = share_link_path
else:
path = posixpath.join(share_link_path, request_path.strip('/'))
path = normalize_dir_path(path)
dir_id = seafile_api.get_dir_id_by_path(repo_id, path)
if not dir_id:
error_msg = 'Folder %s not found.' % request_path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if share_link.is_encrypted() and not check_share_link_access(request, token):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if not share_link.get_permissions()['can_upload']:
error_msg = 'Permission denied.'
# generate token
obj_id = json.dumps({'parent_dir': path})
token = seafile_api.get_fileserver_access_token(repo_id,
obj_id, 'upload-link', share_link.username, use_onetime=False)
if not token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
result = {}
result['upload_link'] = gen_file_upload_url(token, 'upload-api')
return Response(result)
def get(self, request, token):
""" Get file upload url according to upload link token.
Permission checking:
1. anyone has the upload link token can perform this action;
"""
try:
uls = UploadLinkShare.objects.get(token=token)
except UploadLinkShare.DoesNotExist:
error_msg = 'token %s not found.' % token
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
password_check_passed, error_msg = check_share_link_common(
request, uls, is_upload_link=True)
if not password_check_passed:
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
repo_id = uls.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
path = uls.path
dir_id = seafile_api.get_dir_id_by_path(repo_id, path)
if not dir_id:
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if repo.encrypted or \
seafile_api.check_permission_by_path(repo_id, '/', uls.username) != 'rw':
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
obj_id = json.dumps({'parent_dir': path})
check_virus = False
if is_pro_version() and ENABLE_UPLOAD_LINK_VIRUS_CHECK:
check_virus = True
if check_virus:
token = seafile_api.get_fileserver_access_token(
repo_id,
obj_id,
'upload-link',
uls.username,
use_onetime=False,
check_virus=check_virus)
else:
token = seafile_api.get_fileserver_access_token(repo_id,
obj_id,
'upload-link',
uls.username,
use_onetime=False)
if not token:
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
result = {}
result['upload_link'] = gen_file_upload_url(token, 'upload-api')
return Response(result)
def get_file_upload_url_ul(request, token):
"""Get file upload url in dir upload link.
Arguments:
- `request`:
- `token`:
"""
if not request.is_ajax():
raise Http404
content_type = 'application/json; charset=utf-8'
uls = UploadLinkShare.objects.get_valid_upload_link_by_token(token)
if uls is None:
return HttpResponse(json.dumps({"error": _("Bad upload link token.")}),
status=400,
content_type=content_type)
shared_by = uls.username
repo_id = uls.repo_id
r = request.GET.get('r', '')
if repo_id != r: # perm check
return HttpResponse(json.dumps(
{"error": _("Bad repo id in upload link.")}),
status=403,
content_type=content_type)
repo = get_repo(repo_id)
if not repo:
return HttpResponse(json.dumps({"error": _("Library does not exist")}),
status=404,
content_type=content_type)
if repo.encrypted or \
seafile_api.check_permission_by_path(repo_id, '/', shared_by) != 'rw':
return HttpResponse(json.dumps({"error": _("Permission denied")}),
status=403,
content_type=content_type)
dir_id = seafile_api.get_dir_id_by_path(uls.repo_id, uls.path)
if not dir_id:
return HttpResponse(json.dumps(
{"error": _("Directory does not exist.")}),
status=404,
content_type=content_type)
obj_id = json.dumps({'parent_dir': uls.path})
args = [repo_id, obj_id, 'upload-link', shared_by]
kwargs = {
'use_onetime': False,
}
if (is_pro_version() and dj_settings.ENABLE_UPLOAD_LINK_VIRUS_CHECK):
kwargs.update({'check_virus': True})
try:
acc_token = seafile_api.get_fileserver_access_token(*args, **kwargs)
except SearpcError as e:
logger.error(e)
return HttpResponse(json.dumps({"error": _("Internal Server Error")}),
status=500,
content_type=content_type)
if not acc_token:
return HttpResponse(json.dumps({"error": _("Internal Server Error")}),
status=500,
content_type=content_type)
url = gen_file_upload_url(acc_token, 'upload-aj')
return HttpResponse(json.dumps({"url": url}), content_type=content_type)