def list_group_shared_items(self, request, repo_id, path):
repo_owner = seafile_api.get_repo_owner(repo_id)
if path == '/':
share_items = seafile_api.list_repo_shared_group_by_user(repo_owner, repo_id)
else:
share_items = seafile_api.get_shared_groups_for_subdir(repo_id,
path, repo_owner)
ret = []
for item in share_items:
group_id = item.group_id
group = ccnet_api.get_group(group_id)
if not group:
if path == '/':
seafile_api.unset_group_repo(repo_id, group_id,
repo_owner)
else:
seafile_api.unshare_subdir_for_group(
repo_id, path, repo_owner, group_id)
continue
ret.append({
"group_id": group_id,
"group_name": group.group_name,
"permission": item.perm,
})
return ret
def delete(self, request, group_id, repo_id, format=None):
""" Unshare repo from group
Permission checking:
1. only admin can perform this action.
"""
if not request.user.admin_permissions.can_manage_group():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
group_id = int(group_id)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %d not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.del_org_group_repo(repo_id, org_id, group_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
seafile_api.unset_group_repo(repo_id, group_id, repo_owner)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def test_get_with_invalid_repo_permission(self):
user_shared_repos = \
seafile_api.get_share_out_repo_list(self.admin_name, -1, -1)
for repo in user_shared_repos:
seafile_api.remove_share(repo.repo_id, self.admin_name, repo.user)
group_shared_repos = seafile_api.get_group_repos_by_owner(
self.admin_name)
for repo in group_shared_repos:
seafile_api.unset_group_repo(repo.repo_id, repo.group_id,
self.admin_name)
public_shared_repos = seafile_api.list_inner_pub_repos_by_owner(
self.admin_name)
for repo in public_shared_repos:
seafile_api.remove_inner_pub_repo(repo.repo_id)
self.share_repo_to_user()
self.share_repo_to_group()
self.share_repo_to_public()
# login with admin, then get user's share repo info
self.login_as(self.admin)
resp = self.client.get(self.url)
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert len(json_resp) == 0
def tearDown(self):
seafile_api.remove_share(self.repo_id, self.user_name, self.admin_user)
seafile_api.unset_group_repo(self.repo_id, self.group_id,
self.user_name)
seafile_api.remove_inner_pub_repo(self.repo_id)
self.remove_repo()
def list_group_shared_items(self, request, repo_id, path):
if is_org_context(request):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
repo_owner = seafile_api.get_org_repo_owner(repo_id)
org_id = request.user.org.org_id
if path == '/':
share_items = seafile_api.list_org_repo_shared_group(
org_id, repo_owner, repo_id)
else:
share_items = seafile_api.get_org_shared_groups_for_subdir(
org_id, repo_id, path, repo_owner)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if path == '/':
share_items = seafile_api.list_repo_shared_group_by_user(
repo_owner, repo_id)
else:
share_items = seafile_api.get_shared_groups_for_subdir(
repo_id, path, repo_owner)
ret = []
# change is_admin to True if user in admin groups.
admin_groups = ExtraGroupsSharePermission.objects.get_admin_groups_by_repo(
repo_id)
for item in share_items:
if '@seafile_group' in repo_owner and \
repo_owner.split('@')[0] == str(item.group_id):
continue
group_id = item.group_id
group = ccnet_api.get_group(group_id)
if not group:
if is_org_context(request):
if path == '/':
seafile_api.del_org_group_repo(repo_id, org_id,
group_id)
else:
seafile_api.org_unshare_subdir_for_group(
org_id, repo_id, path, repo_owner, group_id)
else:
if path == '/':
seafile_api.unset_group_repo(repo_id, group_id,
repo_owner)
else:
seafile_api.unshare_subdir_for_group(
repo_id, path, repo_owner, group_id)
continue
ret.append({
"share_type": "group",
"group_info": {
"id": group_id,
"name": group.group_name,
},
"permission": item.perm,
"is_admin": group_id in admin_groups,
})
return ret
def repo_remove_share(request):
"""
If repo is shared from one person to another person, only these two peson
can remove share.
If repo is shared from one person to a group, then only the one share the
repo and group staff can remove share.
"""
repo_id = request.GET.get('repo_id', '')
group_id = request.GET.get('gid', '')
from_email = request.GET.get('from', '')
if not is_valid_username(from_email):
return render_error(request, _(u'Argument is not valid'))
username = request.user.username
# if request params don't have 'gid', then remove repos that share to
# to other person; else, remove repos that share to groups
if not group_id:
to_email = request.GET.get('to', '')
if not is_valid_username(to_email):
return render_error(request, _(u'Argument is not valid'))
if username != from_email and username != to_email:
return render_permission_error(request,
_(u'Failed to remove share'))
if is_org_context(request):
org_id = request.user.org.org_id
org_remove_share(org_id, repo_id, from_email, to_email)
else:
seaserv.remove_share(repo_id, from_email, to_email)
else:
try:
group_id = int(group_id)
except:
return render_error(request, _(u'group id is not valid'))
group = seaserv.get_group(group_id)
if not group:
return render_error(
request, _(u"Failed to unshare: the group doesn't exist."))
if not seaserv.check_group_staff(group_id, username) \
and username != from_email:
return render_permission_error(request,
_(u'Failed to remove share'))
if is_org_group(group_id):
org_id = get_org_id_by_group(group_id)
del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, from_email)
messages.success(request, _('Successfully removed share'))
next = request.META.get('HTTP_REFERER', SITE_ROOT)
return HttpResponseRedirect(next)
def delete(self, request, group_id, repo_id):
""" Delete a group library.
Permission checking:
1. is group admin;
1. is repo owner;
1. repo is shared to group with `admin` permission;
"""
group_id = int(group_id)
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
is_org = False
if is_org_context(request):
is_org = True
group_repo = seafile_api.get_group_shared_repo_by_path(
repo_id, None, group_id, is_org)
if not group_repo:
error_msg = 'Group library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# only group admin or repo owner can delete group repo.
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
if not is_group_admin(group_id, username) and \
repo_owner != username and \
not is_repo_admin(username, repo_id):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
permission = check_group_share_in_permission(repo_id, group_id, is_org)
if is_org:
org_id = ccnet_api.get_org_id_by_group(group_id)
seafile_api.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, username)
origin_repo_id = group_repo.origin_repo_id or repo_id
origin_path = group_repo.origin_path or '/'
send_perm_audit_msg('delete-repo-perm', username, group_id,
origin_repo_id, origin_path, permission)
# delete extra share permission
ExtraGroupsSharePermission.objects.delete_share_permission(
repo_id, group_id)
return Response({'success': True})
def delete(self, request, group_id, repo_id):
""" Delete a group library.
Permission checking:
1. is repo owner;
2. is repo admin;
3. is group admin;
"""
group_id = int(group_id)
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
is_org = False
if is_org_context(request):
is_org = True
group_repo = seafile_api.get_group_shared_repo_by_path(repo_id,
None, group_id, is_org)
if not group_repo:
error_msg = 'Group library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# only group admin or repo owner can delete group repo.
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
if not is_group_admin(group_id, username) and \
repo_owner != username and \
not is_repo_admin(username, repo_id):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
permission = check_group_share_in_permission(repo_id, group_id, is_org)
if is_org:
org_id = ccnet_api.get_org_id_by_group(group_id)
seafile_api.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, username)
origin_repo_id = group_repo.origin_repo_id or repo_id
origin_path = group_repo.origin_path or '/'
send_perm_audit_msg('delete-repo-perm', username, group_id,
origin_repo_id, origin_path, permission)
# delete extra share permission
ExtraGroupsSharePermission.objects.delete_share_permission(repo_id, group_id)
return Response({'success': True})
def repo_remove_share(request):
"""
If repo is shared from one person to another person, only these two peson
can remove share.
If repo is shared from one person to a group, then only the one share the
repo and group staff can remove share.
"""
repo_id = request.GET.get('repo_id', '')
group_id = request.GET.get('gid', '')
from_email = request.GET.get('from', '')
if not is_valid_username(from_email):
return render_error(request, _(u'Argument is not valid'))
username = request.user.username
# if request params don't have 'gid', then remove repos that share to
# to other person; else, remove repos that share to groups
if not group_id:
to_email = request.GET.get('to', '')
if not is_valid_username(to_email):
return render_error(request, _(u'Argument is not valid'))
if username != from_email and username != to_email:
return render_permission_error(request, _(u'Failed to remove share'))
if is_org_context(request):
org_id = request.user.org.org_id
org_remove_share(org_id, repo_id, from_email, to_email)
else:
seaserv.remove_share(repo_id, from_email, to_email)
else:
try:
group_id = int(group_id)
except:
return render_error(request, _(u'group id is not valid'))
group = seaserv.get_group(group_id)
if not group:
return render_error(request, _(u"Failed to unshare: the group doesn't exist."))
if not seaserv.check_group_staff(group_id, username) \
and username != from_email:
return render_permission_error(request, _(u'Failed to remove share'))
if is_org_group(group_id):
org_id = get_org_id_by_group(group_id)
del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, from_email)
messages.success(request, _('Successfully removed share'))
next = request.META.get('HTTP_REFERER', SITE_ROOT)
return HttpResponseRedirect(next)
def delete(self, request, repo_id, path, share_type):
""" Delete user/group share permission.
Permission checking:
1. admin user.
"""
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo_id)
share_to = request.data.get('share_to', None)
if share_type == 'user':
email = share_to
if not email or not is_valid_username(email):
error_msg = 'email %s invalid.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
if path == '/':
seafile_api.remove_share(repo_id, repo_owner, email)
else:
seafile_api.unshare_subdir_for_user(
repo_id, path, repo_owner, email)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
if share_type == 'group':
group_id = share_to
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id %s invalid' % group_id
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
if path == '/':
seafile_api.unset_group_repo(repo_id, group_id, repo_owner)
else:
seafile_api.unshare_subdir_for_group(
repo_id, path, repo_owner, group_id)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
return Response({'success': True})
def delete_shared_group_by_repo_path(self, repo_id, repo_owner, group_id,
path='/', org_id=None):
if is_valid_org_id(org_id):
if path == '/':
seafile_api.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.org_unshare_subdir_for_group(
org_id, repo_id, path, repo_owner, group_id)
else:
if path == '/':
seafile_api.unset_group_repo(repo_id, group_id,
repo_owner)
else:
seafile_api.unshare_subdir_for_group(
repo_id, path, repo_owner, group_id)
def setUp(self):
self.repo_id = self.repo.id
self.group_id = self.group.id
self.user_name = self.user.username
self.admin_name = self.admin.username
self.url = reverse('api-v2.1-shared-repos')
# make sure this user has not sharing any repos
for x in seafile_api.get_share_out_repo_list(self.user_name, -1, -1):
seafile_api.remove_share(x.repo_id, self.user_name, x.user)
assert len(seafile_api.get_share_out_repo_list(self.user_name, -1, -1)) == 0
for x in seafile_api.get_group_repos_by_owner(self.user_name):
seafile_api.unset_group_repo(x.repo_id, x.group_id, self.user_name)
assert len(seafile_api.get_group_repos_by_user(self.user_name)) == 0
def delete_shared_group_by_repo_path(self,
repo_id,
repo_owner,
group_id,
path='/',
org_id=None):
if is_valid_org_id(org_id):
if path == '/':
seafile_api.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.org_unshare_subdir_for_group(
org_id, repo_id, path, repo_owner, group_id)
else:
if path == '/':
seafile_api.unset_group_repo(repo_id, group_id, repo_owner)
else:
seafile_api.unshare_subdir_for_group(repo_id, path, repo_owner,
group_id)
def delete(self, request, repo_id, format=None):
""" Delete repo group share permission.
Permission checking:
1. is group admin
"""
# parameter check
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
group_id = get_group_id_by_repo_owner(repo_owner)
if not is_group_admin(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
path = request.data.get('path', '/')
if path == '/':
seafile_api.unset_group_repo(repo_id, to_group_id, username)
else:
seafile_api.unshare_subdir_for_group(
repo_id, path, repo_owner, group_id)
permission = check_group_share_out_permission(repo_id, path, group_id, False)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return Response({'success': True})
def delete(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_400_BAD_REQUEST, 'Repo not found.')
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_400_BAD_REQUEST,
'Directory not found.')
if path == '/':
shared_repo = repo
else:
try:
sub_repo = self.get_sub_repo_by_path(request, repo, path)
if sub_repo:
shared_repo = sub_repo
else:
return api_error(status.HTTP_400_BAD_REQUEST,
'No sub repo found')
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Failed to get sub repo')
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad argument.')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, shared_repo.id, username, shared_to)
else:
seaserv.remove_share(shared_repo.id, username, shared_to)
permission = seafile_api.check_permission_by_path(
repo.id, path, shared_to)
send_perm_audit_msg('delete-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
group_id = request.GET.get('group_id')
try:
group_id = int(group_id)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad group id')
# hacky way to get group repo permission
permission = ''
for e in seafile_api.list_repo_shared_group(
username, shared_repo.id):
if e.group_id == group_id:
permission = e.perm
break
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.del_org_group_repo(shared_repo.id, org_id, group_id)
else:
seafile_api.unset_group_repo(shared_repo.id, group_id,
username)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=json_content_type)
def delete(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND,
'Folder %s not found.' % path)
repo_owner = self.get_repo_owner(request, repo_id)
if repo_owner != username and not is_repo_admin(username, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST,
'Email %s invalid.' % shared_to)
permission = check_user_share_out_permission(
repo_id, path, shared_to, is_org_context(request))
if is_org_context(request):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
org_id = request.user.org.org_id
if path == '/':
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, repo_id, repo_owner, shared_to)
else:
seafile_api.org_unshare_subdir_for_user(
org_id, repo_id, path, repo_owner, shared_to)
else:
if path == '/':
seaserv.remove_share(repo_id, repo_owner, shared_to)
else:
seafile_api.unshare_subdir_for_user(
repo_id, path, repo_owner, shared_to)
# Delete share permission at ExtraSharePermission table.
if path == '/':
ExtraSharePermission.objects.delete_share_permission(
repo_id, shared_to)
send_perm_audit_msg('delete-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
group_id = request.GET.get('group_id')
try:
group_id = int(group_id)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST,
'group_id %s invalid' % group_id)
# hacky way to get group repo permission
is_org = is_org_context(request)
permission = check_group_share_out_permission(
repo_id, path, group_id, is_org)
if is_org:
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
org_id = request.user.org.org_id
if path == '/':
seaserv.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.org_unshare_subdir_for_group(
org_id, repo_id, path, repo_owner, group_id)
else:
if path == '/':
seafile_api.unset_group_repo(repo_id, group_id, username)
else:
seafile_api.unshare_subdir_for_group(
repo_id, path, repo_owner, group_id)
# delete share permission if repo is deleted
if path == '/':
ExtraGroupsSharePermission.objects.delete_share_permission(
repo_id, group_id)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=json_content_type)
def delete(self, request, repo_id, format=None):
""" Unshare a repo.
Permission checking:
1. Only repo owner can unshare a library.
"""
# argument check
share_type = request.GET.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('personal', 'group', 'public'):
error_msg = "share_type can only be 'personal' or 'group' or 'public'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
# permission check
username = request.user.username
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# delete share
org_id = None
is_org = False
if is_org_context(request):
org_id = request.user.org.org_id
is_org = True
if share_type == 'personal':
user = request.GET.get('user', None)
if not user or not is_valid_username(user):
error_msg = 'user invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
permission = check_user_share_out_permission(
repo_id, '/', user, is_org)
try:
if org_id:
seafile_api.org_remove_share(org_id, repo_id, username,
user)
else:
seafile_api.remove_share(repo_id, username, user)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
send_perm_audit_msg('delete-repo-perm', username, user, repo_id,
'/', permission)
if share_type == 'group':
group_id = request.GET.get('group_id', None)
if not group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id must be integer.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
permission = check_group_share_out_permission(
repo_id, '/', group_id, is_org)
try:
if is_org:
seaserv.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, '/', permission)
if share_type == 'public':
pub_repos = []
if org_id:
pub_repos = seaserv.list_org_inner_pub_repos(org_id, username)
if not request.cloud_mode:
pub_repos = seaserv.list_inner_pub_repos(username)
try:
if org_id:
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(
org_id, repo_id)
else:
seafile_api.remove_inner_pub_repo(repo_id)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
permission = ''
for repo in pub_repos:
if repo.repo_id == repo_id:
permission = repo.permission
break
if permission:
send_perm_audit_msg('delete-repo-perm', username, 'all',
repo_id, '/', permission)
return Response({'success': True})
def delete(self, request, repo_id, format=None):
if not seafile_api.get_repo(repo_id):
return api_error(status.HTTP_400_BAD_REQUEST,
'Library does not exist')
username = request.user.username
share_type = request.GET.get('share_type', None)
if share_type == 'personal':
from_email = request.GET.get('from', None)
if not is_valid_username(from_email):
return api_error(status.HTTP_400_BAD_REQUEST,
'Invalid argument')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, repo_id, from_email, username)
else:
seaserv.remove_share(repo_id, from_email, username)
elif share_type == 'group':
from_email = request.GET.get('from', None)
if not is_valid_username(from_email):
return api_error(status.HTTP_400_BAD_REQUEST,
'Invalid argument')
group_id = request.GET.get('group_id', None)
group = seaserv.get_group(group_id)
if not group:
return api_error(status.HTTP_400_BAD_REQUEST,
'Group does not exist')
if not seaserv.check_group_staff(group_id, username) and \
not seafile_api.is_repo_owner(username, repo_id):
return api_error(status.HTTP_403_FORBIDDEN,
'Permission denied')
if seaserv.is_org_group(group_id):
org_id = seaserv.get_org_id_by_group(group_id)
seaserv.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, from_email)
elif share_type == 'public':
if is_org_context(request):
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
is_org_repo_owner = True if org_repo_owner == username else False
if not request.user.org.is_staff and not is_org_repo_owner:
return api_error(status.HTTP_403_FORBIDDEN,
'Permission denied')
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(
org_id, repo_id)
else:
if not seafile_api.is_repo_owner(username, repo_id) and \
not request.user.is_staff:
return api_error(status.HTTP_403_FORBIDDEN,
'Permission denied')
seaserv.unset_inner_pub_repo(repo_id)
else:
return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument')
return Response({'success': True}, status=status.HTTP_200_OK)
def ajax_repo_remove_share(request):
"""
Remove repo shared to user/group/public
"""
content_type = 'application/json; charset=utf-8'
repo_id = request.POST.get('repo_id', None)
share_type = request.POST.get('share_type', None)
if not seafile_api.get_repo(repo_id):
return HttpResponse(json.dumps({'error':
_(u'Library does not exist')}),
status=400,
content_type=content_type)
username = request.user.username
if share_type == 'personal':
from_email = request.POST.get('from', None)
if not is_valid_username(from_email):
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}),
status=400,
content_type=content_type)
if is_org_context(request):
org_id = request.user.org.org_id
org_remove_share(org_id, repo_id, from_email, username)
else:
seaserv.remove_share(repo_id, from_email, username)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=content_type)
elif share_type == 'group':
from_email = request.POST.get('from', None)
if not is_valid_username(from_email):
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}),
status=400,
content_type=content_type)
group_id = request.POST.get('group_id', None)
group = seaserv.get_group(group_id)
if not group:
return HttpResponse(json.dumps(
{'error': _(u"Group does not exist")}),
status=400,
content_type=content_type)
if seaserv.check_group_staff(group_id, username) or \
seafile_api.is_repo_owner(username, repo_id):
if is_org_group(group_id):
org_id = get_org_id_by_group(group_id)
del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, from_email)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Permission denied')}),
status=400,
content_type=content_type)
elif share_type == 'public':
if is_org_context(request):
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
is_org_repo_owner = True if org_repo_owner == username else False
if request.user.org.is_staff or is_org_repo_owner:
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(
org_id, repo_id)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps(
{'error': _(u'Permission denied')}),
status=403,
content_type=content_type)
else:
if seafile_api.is_repo_owner(username, repo_id) or \
request.user.is_staff:
unset_inner_pub_repo(repo_id)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps(
{'error': _(u'Permission denied')}),
status=403,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}),
status=400,
content_type=content_type)
def post(self, request):
# argument check
operation = request.data.get('operation', None)
if not operation:
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# operation could be `share`, `unshare`, `delete`, `transfer`
# we now only use `share`, `unshare`
if operation not in ('share', 'unshare'):
error_msg = 'operation can only be "share", "unshare".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
username = request.user.username
repo_id_list = request.data.getlist('repo_id')
valid_repo_id_list = []
# filter out invalid repo id
for repo_id in repo_id_list:
if not seafile_api.get_repo(repo_id):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Library %s not found.' % repo_id
})
continue
repo_owner = get_repo_owner(request, repo_id)
if repo_owner != username and not is_repo_admin(username, repo_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Permission denied.'
})
continue
valid_repo_id_list.append(repo_id)
# share repo
if operation == 'share':
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('user', 'group'):
error_msg = 'share_type can only be "user", "group".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
permission = request.data.get('permission', 'rw')
if permission not in [
PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN
]:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# share repo to user
if share_type == 'user':
to_username = request.data.get('username', None)
if not to_username:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
User.objects.get(email=to_username)
except User.DoesNotExist:
error_msg = 'User %s not found.' % to_username
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check if to_user is an org user
try:
org_of_to_user = ccnet_api.get_orgs_by_user(to_username)
except Exception as e:
logger.error(e)
org_of_to_user = []
if is_org_context(request):
org_id = request.user.org.org_id
org_name = request.user.org.org_name
if len(org_of_to_user
) == 0 or org_id != org_of_to_user[0].org_id:
error_msg = 'User %s is not member of organization %s.' \
% (to_username, org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
if len(org_of_to_user) >= 1:
error_msg = 'User %s is member of organization %s.' \
% (to_username, org_of_to_user[0].org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_user(request, repo_id, to_username):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has been shared to %s.' % to_username
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(
org_id, repo_id, username, to_username,
permission)
else:
seafile_api.share_repo(repo_id, username,
to_username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_username,
repo=repo,
path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"username": to_username,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username,
to_username, repo_id, '/',
permission)
except Exception as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
# share repo to group
if share_type == 'group':
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(to_group_id)
if not group:
error_msg = 'Group %s not found.' % to_group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
group_name = group.group_name
if not is_group_member(to_group_id, username):
error_msg = 'User %s is not member of group %s.' % (
username, group_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_group(request, repo_id, to_group_id):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has been shared to %s.' % group_name
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(
repo_id, org_id, to_group_id, username,
permission)
else:
seafile_api.set_group_repo(repo_id, to_group_id,
username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_group_successful.send(
sender=None,
from_user=username,
group_id=to_group_id,
repo=repo,
path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"group_id": to_group_id,
"group_name": group_name,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username,
to_group_id, repo_id, '/',
permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
# unshare repo
if operation == 'unshare':
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('user', 'group'):
error_msg = 'share_type can only be "user", "group".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# unshare repo from user
if share_type == 'user':
to_username = request.data.get('username', None)
if not to_username:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
for repo_id in valid_repo_id_list:
if not self.has_shared_to_user(request, repo_id,
to_username):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has not been shared to %s.' %
to_username
})
continue
repo_owner = get_repo_owner(request, repo_id)
try:
# get share permission before unshare operation
permission = check_user_share_out_permission(
repo_id, '/', to_username, is_org_context(request))
if is_org_context(request):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
org_id = request.user.org.org_id
seafile_api.org_remove_share(
org_id, repo_id, repo_owner, to_username)
else:
seafile_api.remove_share(repo_id, repo_owner,
to_username)
# Delete share permission at ExtraSharePermission table.
ExtraSharePermission.objects.delete_share_permission(
repo_id, to_username)
# send message
send_perm_audit_msg('delete-repo-perm', username,
to_username, repo_id, '/',
permission)
result['success'].append({
"repo_id": repo_id,
"username": to_username,
})
except Exception as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
# unshare repo from group
if share_type == 'group':
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(to_group_id)
group_name = group.group_name if group else ''
for repo_id in valid_repo_id_list:
if not self.has_shared_to_group(request, repo_id,
to_group_id):
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'This item has not been shared to %s.' % group_name
})
continue
try:
# get share permission before unshare operation
permission = check_group_share_out_permission(
repo_id, '/', to_group_id, is_org_context(request))
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.del_org_group_repo(
repo_id, org_id, to_group_id)
else:
seafile_api.unset_group_repo(
repo_id, to_group_id, username)
# Delete share permission at ExtraSharePermission table.
ExtraGroupsSharePermission.objects.delete_share_permission(
repo_id, to_group_id)
# send message
send_perm_audit_msg('delete-repo-perm', username,
to_group_id, repo_id, '/',
permission)
result['success'].append({
"repo_id": repo_id,
"group_id": to_group_id,
"group_name": group_name,
})
except SearpcError as e:
logger.error(e)
result['failed'].append({
'repo_id':
repo_id,
'error_msg':
'Internal Server Error'
})
return Response(result)
def delete(self, request, repo_id, format=None):
""" Unshare a repo.
Permission checking:
1. Only repo owner can unshare a library.
"""
# argument check
share_type = request.GET.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('personal', 'group', 'public'):
error_msg = "share_type can only be 'personal' or 'group' or 'public'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id)
# permission check
username = request.user.username
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if username != repo_owner:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# delete share
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
if share_type == 'personal':
user = request.GET.get('user', None)
if not user or not is_valid_username(user):
error_msg = 'user invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# if user not found, permission will be None
permission = seafile_api.check_permission_by_path(
repo_id, '/', user)
try:
if org_id:
seafile_api.org_remove_share(org_id, repo_id,
username, user)
else:
seafile_api.remove_share(repo_id, username, user)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
send_perm_audit_msg('delete-repo-perm', username, user,
repo_id, '/', permission)
if share_type == 'group':
group_id = request.GET.get('group_id', None)
if not group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id must be integer.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# hacky way to get group repo permission
permission = ''
if org_id:
for e in seafile_api.list_org_repo_shared_group(
org_id, username, repo_id):
if e.group_id == group_id:
permission = e.perm
break
else:
for e in seafile_api.list_repo_shared_group_by_user(username, repo_id):
if e.group_id == group_id:
permission = e.perm
break
try:
if org_id:
seaserv.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, '/', permission)
if share_type == 'public':
pub_repos = []
if org_id:
pub_repos = seaserv.list_org_inner_pub_repos(org_id, username)
if not request.cloud_mode:
pub_repos = seaserv.list_inner_pub_repos(username)
try:
if org_id:
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id, repo_id)
else:
seafile_api.remove_inner_pub_repo(repo_id)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
permission = ''
for repo in pub_repos:
if repo.repo_id == repo_id:
permission = repo.permission
break
if permission:
send_perm_audit_msg('delete-repo-perm', username, 'all', repo_id, '/', permission)
return Response({'success': True})
def delete(self, request, repo, path, share_type):
""" Delete user/group share permission.
Permission checking:
1. admin user.
"""
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo.repo_id)
username = request.user.username
share_to = request.data.get('share_to', None)
if share_type == 'user':
email = share_to
if not email or not is_valid_username(email):
error_msg = 'email %s invalid.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not has_shared_to_user(repo.repo_id, path, email):
error_msg = 'Shared items not found'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
permission = check_user_share_out_permission(repo.repo_id, path, email)
if path == '/':
seafile_api.remove_share(repo.repo_id, repo_owner, email)
else:
seafile_api.unshare_subdir_for_user(
repo.repo_id, path, repo_owner, email)
if path == '/':
ExtraSharePermission.objects.delete_share_permission(repo.repo_id,
email)
send_perm_audit_msg('delete-repo-perm', username, email,
repo.repo_id, path, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if share_type == 'group':
group_id = share_to
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id %s invalid' % group_id
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not has_shared_to_group(repo.repo_id, path, group_id):
error_msg = 'Shared items not found'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
permission = check_group_share_out_permission(repo.repo_id, path, group_id)
if path == '/':
seafile_api.unset_group_repo(repo.repo_id, group_id, repo_owner)
else:
seafile_api.unshare_subdir_for_group(
repo.repo_id, path, repo_owner, group_id)
if path == '/':
ExtraGroupsSharePermission.objects.delete_share_permission(repo.repo_id,
group_id)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo.repo_id, path, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})
def ajax_repo_remove_share(request):
"""
Remove repo shared to user/group/public
"""
content_type = 'application/json; charset=utf-8'
repo_id = request.POST.get('repo_id', None)
share_type = request.POST.get('share_type', None)
if not seafile_api.get_repo(repo_id):
return HttpResponse(json.dumps({'error': _(u'Library does not exist')}), status=400,
content_type=content_type)
username = request.user.username
if share_type == 'personal':
from_email = request.POST.get('from', None)
if not is_valid_username(from_email):
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400,
content_type=content_type)
if is_org_context(request):
org_id = request.user.org.org_id
org_remove_share(org_id, repo_id, from_email, username)
else:
seaserv.remove_share(repo_id, from_email, username)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=content_type)
elif share_type == 'group':
from_email = request.POST.get('from', None)
if not is_valid_username(from_email):
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400,
content_type=content_type)
group_id = request.POST.get('group_id', None)
group = seaserv.get_group(group_id)
if not group:
return HttpResponse(json.dumps({'error': _(u"Group does not exist")}), status=400,
content_type=content_type)
if seaserv.check_group_staff(group_id, username) or \
seafile_api.is_repo_owner(username, repo_id):
if is_org_group(group_id):
org_id = get_org_id_by_group(group_id)
del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, from_email)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=400,
content_type=content_type)
elif share_type == 'public':
if is_org_context(request):
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
is_org_repo_owner = True if org_repo_owner == username else False
if request.user.org.is_staff or is_org_repo_owner:
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id,
repo_id)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=403,
content_type=content_type)
else:
if seafile_api.is_repo_owner(username, repo_id) or \
request.user.is_staff:
unset_inner_pub_repo(repo_id)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Permission denied')}), status=403,
content_type=content_type)
else:
return HttpResponse(json.dumps({'error': _(u'Invalid argument')}), status=400,
content_type=content_type)
def delete(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
if path == '/':
shared_repo = repo
else:
try:
sub_repo = self.get_sub_repo_by_path(request, repo, path)
if sub_repo:
shared_repo = sub_repo
else:
return api_error(status.HTTP_404_NOT_FOUND, 'Sub-library not found.')
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub-library.')
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % shared_to)
try:
User.objects.get(email=shared_to)
except User.DoesNotExist:
return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid user, should be registered')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, shared_repo.id, username, shared_to)
else:
seaserv.remove_share(shared_repo.id, username, shared_to)
permission = seafile_api.check_permission_by_path(repo.id, path,
shared_to)
send_perm_audit_msg('delete-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
group_id = request.GET.get('group_id')
try:
group_id = int(group_id)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id)
# hacky way to get group repo permission
permission = ''
for e in seafile_api.list_repo_shared_group_by_user(username, shared_repo.id):
if e.group_id == group_id:
permission = e.perm
break
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.del_org_group_repo(shared_repo.id, org_id, group_id)
else:
seafile_api.unset_group_repo(shared_repo.id, group_id, username)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=json_content_type)
def delete(self, request, repo_id, format=None):
if not seafile_api.get_repo(repo_id):
return api_error(status.HTTP_400_BAD_REQUEST, 'Library does not exist')
username = request.user.username
share_type = request.GET.get('share_type', None)
if share_type == 'personal':
from_email = request.GET.get('from', None)
if not is_valid_username(from_email):
return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_remove_share(org_id,
repo_id,
from_email,
username)
else:
seaserv.remove_share(repo_id, from_email, username)
elif share_type == 'group':
from_email = request.GET.get('from', None)
if not is_valid_username(from_email):
return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument')
group_id = request.GET.get('group_id', None)
group = seaserv.get_group(group_id)
if not group:
return api_error(status.HTTP_400_BAD_REQUEST, 'Group does not exist')
if not seaserv.check_group_staff(group_id, username) and \
not seafile_api.is_repo_owner(username, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied')
if seaserv.is_org_group(group_id):
org_id = seaserv.get_org_id_by_group(group_id)
seaserv.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, from_email)
elif share_type == 'public':
if is_org_context(request):
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
is_org_repo_owner = True if org_repo_owner == username else False
if not request.user.org.is_staff and not is_org_repo_owner:
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied')
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id,
repo_id)
else:
if not seafile_api.is_repo_owner(username, repo_id) and \
not request.user.is_staff:
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied')
seaserv.unset_inner_pub_repo(repo_id)
else:
return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument')
return Response({'success': True}, status=status.HTTP_200_OK)
def delete(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_400_BAD_REQUEST, 'Repo not found.')
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_400_BAD_REQUEST, 'Directory not found.')
if path == '/':
shared_repo = repo
else:
try:
sub_repo = self.get_sub_repo_by_path(request, repo, path)
if sub_repo:
shared_repo = sub_repo
else:
return api_error(status.HTTP_400_BAD_REQUEST, 'No sub repo found')
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub repo')
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad argument.')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, shared_repo.id, username, shared_to)
else:
seaserv.remove_share(shared_repo.id, username, shared_to)
permission = seafile_api.check_permission_by_path(repo.id, path,
shared_to)
send_perm_audit_msg('delete-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
group_id = request.GET.get('group_id')
try:
group_id = int(group_id)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'Bad group id')
# hacky way to get group repo permission
permission = ''
for e in seafile_api.list_repo_shared_group(username, shared_repo.id):
if e.group_id == group_id:
permission = e.perm
break
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.del_org_group_repo(shared_repo.id, org_id, group_id)
else:
seafile_api.unset_group_repo(shared_repo.id, group_id, username)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=json_content_type)
def delete(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND,
'Folder %s not found.' % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
if path == '/':
shared_repo = repo
else:
try:
sub_repo = self.get_sub_repo_by_path(request, repo, path)
if sub_repo:
shared_repo = sub_repo
else:
return api_error(status.HTTP_404_NOT_FOUND,
'Sub-library not found.')
except SearpcError as e:
logger.error(e)
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
'Failed to get sub-library.')
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST,
'Email %s invalid.' % share_to)
try:
User.objects.get(email=shared_to)
except User.DoesNotExist:
return api_error(status.HTTP_400_BAD_REQUEST,
'Invalid user, should be registered')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, shared_repo.id, username, shared_to)
else:
seaserv.remove_share(shared_repo.id, username, shared_to)
permission = seafile_api.check_permission_by_path(
repo.id, path, shared_to)
send_perm_audit_msg('delete-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
group_id = request.GET.get('group_id')
try:
group_id = int(group_id)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST,
'group_id %s invalid' % group_id)
# hacky way to get group repo permission
permission = ''
for e in seafile_api.list_repo_shared_group(
username, shared_repo.id):
if e.group_id == group_id:
permission = e.perm
break
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.del_org_group_repo(shared_repo.id, org_id, group_id)
else:
seafile_api.unset_group_repo(shared_repo.id, group_id,
username)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=json_content_type)
def delete(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path)
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % shared_to)
# if user not found, permission will be None
permission = seafile_api.check_permission_by_path(
repo_id, '/', shared_to)
if is_org_context(request):
org_id = request.user.org.org_id
if path == '/':
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, repo_id, username, shared_to)
else:
seafile_api.org_unshare_subdir_for_user(
org_id, repo_id, path, username, shared_to)
else:
if path == '/':
seaserv.remove_share(repo_id, username, shared_to)
else:
seafile_api.unshare_subdir_for_user(
repo_id, path, username, shared_to)
send_perm_audit_msg('delete-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
group_id = request.GET.get('group_id')
try:
group_id = int(group_id)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id)
# hacky way to get group repo permission
permission = ''
if is_org_context(request):
org_id = request.user.org.org_id
shared_groups = seafile_api.list_org_repo_shared_group(
org_id, username, repo_id)
else:
shared_groups = seafile_api.list_repo_shared_group(
username, repo_id)
for e in shared_groups:
if e.group_id == group_id:
permission = e.perm
break
if is_org_context(request):
org_id = request.user.org.org_id
if path == '/':
seaserv.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.org_unshare_subdir_for_group(
org_id, repo_id, path, username, group_id)
else:
if path == '/':
seafile_api.unset_group_repo(repo_id, group_id, username)
else:
seafile_api.unshare_subdir_for_group(
repo_id, path, username, group_id)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return HttpResponse(json.dumps({'success': True}), status=200,
content_type=json_content_type)
def delete(self, request, repo_id, format=None):
username = request.user.username
repo = seafile_api.get_repo(repo_id)
if not repo:
return api_error(status.HTTP_404_NOT_FOUND,
'Library %s not found.' % repo_id)
path = request.GET.get('p', '/')
if seafile_api.get_dir_id_by_path(repo.id, path) is None:
return api_error(status.HTTP_404_NOT_FOUND,
'Folder %s not found.' % path)
# check permission
shared_to_user, shared_to_group = self.handle_shared_to_args(request)
if shared_to_user:
shared_to = request.GET.get('username')
if shared_to is None or not is_valid_username(shared_to):
return api_error(status.HTTP_400_BAD_REQUEST,
'Email %s invalid.' % shared_to)
if username != self.get_repo_owner(request, repo_id) and \
ExtraSharePermission.objects.get_user_permission(repo_id, username) != PERMISSION_ADMIN:
return api_error(status.HTTP_403_FORBIDDEN,
'Permission denied.')
else:
if username != self.get_repo_owner(request, repo_id):
return api_error(status.HTTP_403_FORBIDDEN,
'Permission denied.')
if shared_to_user:
# if user not found, permission will be None
permission = seafile_api.check_permission_by_path(
repo_id, '/', shared_to)
if is_org_context(request):
username = seafile_api.get_org_repo_owner(repo_id)
org_id = request.user.org.org_id
if path == '/':
seaserv.seafserv_threaded_rpc.org_remove_share(
org_id, repo_id, username, shared_to)
else:
seafile_api.org_unshare_subdir_for_user(
org_id, repo_id, path, username, shared_to)
else:
username = seafile_api.get_repo_owner(repo_id)
if path == '/':
seaserv.remove_share(repo_id, username, shared_to)
else:
seafile_api.unshare_subdir_for_user(
repo_id, path, username, shared_to)
# Delete share permission at ExtraSharePermission table.
if path == '/':
ExtraSharePermission.objects.delete_share_permission(
repo_id, shared_to)
send_perm_audit_msg('delete-repo-perm', username, shared_to,
repo_id, path, permission)
if shared_to_group:
group_id = request.GET.get('group_id')
try:
group_id = int(group_id)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST,
'group_id %s invalid' % group_id)
# hacky way to get group repo permission
permission = ''
if is_org_context(request):
org_id = request.user.org.org_id
shared_groups = seafile_api.list_org_repo_shared_group(
org_id, username, repo_id)
else:
shared_groups = seafile_api.list_repo_shared_group(
username, repo_id)
for e in shared_groups:
if e.group_id == group_id:
permission = e.perm
break
if is_org_context(request):
org_id = request.user.org.org_id
if path == '/':
seaserv.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.org_unshare_subdir_for_group(
org_id, repo_id, path, username, group_id)
else:
if path == '/':
seafile_api.unset_group_repo(repo_id, group_id, username)
else:
seafile_api.unshare_subdir_for_group(
repo_id, path, username, group_id)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo_id, path, permission)
return HttpResponse(json.dumps({'success': True}),
status=200,
content_type=json_content_type)
def get(self, request, format=None):
""" List all shared out repos.
Permission checking:
1. all authenticated user can perform this action.
"""
shared_repos = []
username = request.user.username
try:
if is_org_context(request):
org_id = request.user.org.org_id
shared_repos += seafile_api.get_org_share_out_repo_list(
org_id, username, -1, -1)
shared_repos += seaserv.seafserv_threaded_rpc.get_org_group_repos_by_owner(
org_id, username)
shared_repos += seaserv.seafserv_threaded_rpc.list_org_inner_pub_repos_by_owner(
org_id, username)
else:
shared_repos += seafile_api.get_share_out_repo_list(
username, -1, -1)
shared_repos += seafile_api.get_group_repos_by_owner(username)
if not request.cloud_mode:
shared_repos += seafile_api.list_inner_pub_repos_by_owner(
username)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
returned_result = []
shared_repos.sort(lambda x, y: cmp(x.repo_name, y.repo_name))
usernames = []
gids = []
for repo in shared_repos:
if repo.is_virtual:
continue
result = {}
result['repo_id'] = repo.repo_id
result['repo_name'] = repo.repo_name
result['share_type'] = repo.share_type
result['share_permission'] = repo.permission
result['modifier_email'] = repo.last_modifier
result['modifier_name'] = email2nickname(repo.last_modifier)
result['modifier_contact_email'] = email2contact_email(
repo.last_modifier)
if repo.share_type == 'personal':
try:
User.objects.get(email=repo.user)
except User.DoesNotExist:
seafile_api.remove_share(repo.repo_id, username, repo.user)
continue
result['user_name'] = email2nickname(repo.user)
result['user_email'] = repo.user
result[
'contact_email'] = Profile.objects.get_contact_email_by_user(
repo.user)
usernames.append((repo.repo_id, repo.user))
if repo.share_type == 'group':
group = ccnet_api.get_group(repo.group_id)
if not group:
if is_org_context(request):
seafile_api.del_org_group_repo(repo.repo_id, org_id,
repo.group_id)
else:
seafile_api.unset_group_repo(repo.repo_id,
repo.group_id, username)
continue
result['group_id'] = repo.group_id
result['group_name'] = group.group_name
gids.append(repo.group_id)
returned_result.append(result)
user_admins = ExtraSharePermission.objects.batch_is_admin(usernames)
group_admins = ExtraGroupsSharePermission.objects.batch_get_repos_with_admin_permission(
gids)
for result in returned_result:
if result['share_type'] == 'group':
result['is_admin'] = (result['repo_id'],
result['group_id']) in group_admins
elif result['share_type'] == 'personal':
result['is_admin'] = (result['repo_id'],
result['user_email']) in user_admins
return Response(returned_result)
def delete(self, request, repo, path, share_type):
""" Delete user/group share permission.
Permission checking:
1. admin user.
"""
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo.repo_id)
username = request.user.username
share_to = request.data.get('share_to', None)
if share_type == 'user':
email = share_to
if not email or not is_valid_username(email):
error_msg = 'email %s invalid.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not has_shared_to_user(repo.repo_id, path, email):
error_msg = 'Shared items not found'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
permission = check_user_share_out_permission(
repo.repo_id, path, email)
if path == '/':
seafile_api.remove_share(repo.repo_id, repo_owner, email)
else:
seafile_api.unshare_subdir_for_user(
repo.repo_id, path, repo_owner, email)
if path == '/':
ExtraSharePermission.objects.delete_share_permission(
repo.repo_id, email)
send_perm_audit_msg('delete-repo-perm', username, email,
repo.repo_id, path, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
if share_type == 'group':
group_id = share_to
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id %s invalid' % group_id
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not has_shared_to_group(repo.repo_id, path, group_id):
error_msg = 'Shared items not found'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
permission = check_group_share_out_permission(
repo.repo_id, path, group_id)
if path == '/':
seafile_api.unset_group_repo(repo.repo_id, group_id,
repo_owner)
else:
seafile_api.unshare_subdir_for_group(
repo.repo_id, path, repo_owner, group_id)
if path == '/':
ExtraGroupsSharePermission.objects.delete_share_permission(
repo.repo_id, group_id)
send_perm_audit_msg('delete-repo-perm', username, group_id,
repo.repo_id, path, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
return Response({'success': True})
def post(self, request):
# argument check
operation = request.data.get('operation', None)
if not operation:
error_msg = 'operation invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# operation could be `share`, `unshare`, `delete`, `transfer`
# we now only use `share`, `unshare`
if operation not in ('share', 'unshare'):
error_msg = 'operation can only be "share", "unshare".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
username = request.user.username
repo_id_list = request.data.getlist('repo_id')
valid_repo_id_list = []
# filter out invalid repo id
for repo_id in repo_id_list:
if not seafile_api.get_repo(repo_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Library %s not found.' % repo_id
})
continue
repo_owner = get_repo_owner(request, repo_id)
if repo_owner != username and not is_repo_admin(username, repo_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Permission denied.'
})
continue
valid_repo_id_list.append(repo_id)
# share repo
if operation == 'share':
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('user', 'group'):
error_msg = 'share_type can only be "user", "group".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
permission = request.data.get('permission', 'rw')
if permission not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# share repo to user
if share_type == 'user':
to_username = request.data.get('username', None)
if not to_username:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
User.objects.get(email=to_username)
except User.DoesNotExist:
error_msg = 'User %s not found.' % to_username
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check if to_user is an org user
try:
org_of_to_user = ccnet_api.get_orgs_by_user(to_username)
except Exception as e:
logger.error(e)
org_of_to_user = []
if is_org_context(request):
org_id = request.user.org.org_id
org_name = request.user.org.org_name
if len(org_of_to_user) == 0 or org_id != org_of_to_user[0].org_id:
error_msg = 'User %s is not member of organization %s.' \
% (to_username, org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
if len(org_of_to_user) >= 1:
error_msg = 'User %s is member of organization %s.' \
% (to_username, org_of_to_user[0].org_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_user(request, repo_id, to_username):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'This item has been shared to %s.' % to_username
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.org_add_share(org_id,
repo_id, username, to_username, permission)
else:
seafile_api.share_repo(
repo_id, username, to_username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_user_successful.send(sender=None,
from_user=username,
to_user=to_username,
repo=repo, path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"username": to_username,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_username,
repo_id, '/', permission)
except Exception as e:
logger.error(e)
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Internal Server Error'
})
# share repo to group
if share_type == 'group':
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(to_group_id)
if not group:
error_msg = 'Group %s not found.' % to_group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
group_name = group.group_name
if not is_group_member(to_group_id, username):
error_msg = 'User %s is not member of group %s.' % (username, group_name)
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
for repo_id in valid_repo_id_list:
if self.has_shared_to_group(request, repo_id, to_group_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'This item has been shared to %s.' % group_name
})
continue
try:
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.add_org_group_repo(
repo_id, org_id, to_group_id, username, permission)
else:
seafile_api.set_group_repo(
repo_id, to_group_id, username, permission)
# send a signal when sharing repo successful
repo = seafile_api.get_repo(repo_id)
share_repo_to_group_successful.send(sender=None,
from_user=username,
group_id=to_group_id,
repo=repo, path='/',
org_id=org_id)
result['success'].append({
"repo_id": repo_id,
"group_id": to_group_id,
"group_name": group_name,
"permission": permission
})
send_perm_audit_msg('add-repo-perm', username, to_group_id,
repo_id, '/', permission)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Internal Server Error'
})
# unshare repo
if operation == 'unshare':
share_type = request.data.get('share_type', None)
if not share_type:
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if share_type not in ('user', 'group'):
error_msg = 'share_type can only be "user", "group".'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# unshare repo from user
if share_type == 'user':
to_username = request.data.get('username', None)
if not to_username:
error_msg = 'username invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
for repo_id in valid_repo_id_list:
if not self.has_shared_to_user(request, repo_id, to_username):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'This item has not been shared to %s.' % to_username
})
continue
repo_owner = get_repo_owner(request, repo_id)
try:
# get share permission before unshare operation
permission = check_user_share_out_permission(repo_id,
'/', to_username, is_org_context(request))
if is_org_context(request):
# when calling seafile API to share authority related functions, change the uesrname to repo owner.
org_id = request.user.org.org_id
seafile_api.org_remove_share(org_id, repo_id, repo_owner, to_username)
else:
seafile_api.remove_share(repo_id, repo_owner, to_username)
# Delete share permission at ExtraSharePermission table.
ExtraSharePermission.objects.delete_share_permission(repo_id,
to_username)
# send message
send_perm_audit_msg('delete-repo-perm', username,
to_username, repo_id, '/', permission)
result['success'].append({
"repo_id": repo_id,
"username": to_username,
})
except Exception as e:
logger.error(e)
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Internal Server Error'
})
# unshare repo from group
if share_type == 'group':
to_group_id = request.data.get('group_id', None)
if not to_group_id:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
to_group_id = int(to_group_id)
except ValueError:
error_msg = 'group_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(to_group_id)
group_name = group.group_name if group else ''
for repo_id in valid_repo_id_list:
if not self.has_shared_to_group(request, repo_id, to_group_id):
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'This item has not been shared to %s.' % group_name
})
continue
try:
# get share permission before unshare operation
permission = check_group_share_out_permission(repo_id,
'/', to_group_id, is_org_context(request))
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.del_org_group_repo(repo_id, org_id, to_group_id)
else:
seafile_api.unset_group_repo(
repo_id, to_group_id, username)
# Delete share permission at ExtraSharePermission table.
ExtraGroupsSharePermission.objects.delete_share_permission(repo_id,
to_group_id)
# send message
send_perm_audit_msg('delete-repo-perm', username,
to_group_id, repo_id, '/', permission)
result['success'].append({
"repo_id": repo_id,
"group_id": to_group_id,
"group_name": group_name,
})
except SearpcError as e:
logger.error(e)
result['failed'].append({
'repo_id': repo_id,
'error_msg': 'Internal Server Error'
})
return Response(result)
