def delete(self, request, repo_id, format=None): """ Delete repo user share permission. Permission checking: 1. is group admin """ # parameter check to_user = request.data.get('username', None) if not to_user: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) path = request.data.get('path', '/') if path == '/': seafile_api.remove_share(repo_id, repo_owner, to_user) else: seafile_api.unshare_subdir_for_user( repo_id, path, repo_owner, to_user) permission = check_user_share_out_permission(repo_id, path, to_user, False) send_perm_audit_msg('delete-repo-perm', username, to_user, repo_id, path, permission) return Response({'success': True})
def test_update_share_subdir_perm_for_user(repo, permission_to_share, permission_to_update): v_repo_id = api.share_subdir_to_user(repo.id, '/dir1', USER, USER2, permission_to_share) assert api.check_permission(v_repo_id, USER2) == permission_to_share api.update_share_subdir_perm_for_user(repo.id, '/dir1', USER, USER2, permission_to_update) assert api.check_permission(v_repo_id, USER2) == permission_to_update api.unshare_subdir_for_user(repo.id, '/dir1', USER, USER2) == 0
def delete(self, request, repo_id, path, share_type): """ Delete user/group share permission. Permission checking: 1. admin user. """ # current `request.user.username` is admin user, # so need to identify the repo owner specifically. repo_owner = seafile_api.get_repo_owner(repo_id) share_to = request.data.get('share_to', None) if share_type == 'user': email = share_to if not email or not is_valid_username(email): error_msg = 'email %s invalid.' % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: if path == '/': seafile_api.remove_share(repo_id, repo_owner, email) else: seafile_api.unshare_subdir_for_user( repo_id, path, repo_owner, email) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if share_type == 'group': group_id = share_to try: group_id = int(group_id) except ValueError: error_msg = 'group_id %s invalid' % group_id return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: if path == '/': seafile_api.unset_group_repo(repo_id, group_id, repo_owner) else: seafile_api.unshare_subdir_for_group( repo_id, path, repo_owner, group_id) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'success': True})
def test_subdir_permission_in_virtual_repo(repo, group, permission): api.post_dir(repo.id, '/dir1', 'subdir1', USER) api.post_dir(repo.id, '/dir2', 'subdir2', USER) v_repo_id_1 = api.share_subdir_to_user(repo.id, '/dir1', USER, USER2, permission) v_subdir_repo_id_1 = api.create_virtual_repo(v_repo_id_1, '/subdir1', 'subdir1', 'test_desc', USER, passwd='') assert api.check_permission(v_subdir_repo_id_1, USER2) == permission assert ccnet_api.group_add_member(group.id, USER, USER2) == 0 v_repo_id_2 = api.share_subdir_to_group(repo.id, '/dir2', USER, group.id, permission) v_subdir_repo_id_2 = api.create_virtual_repo(v_repo_id_2, '/subdir2', 'subdir2', 'test_desc', USER, passwd='') assert api.check_permission(v_subdir_repo_id_2, USER2) == permission assert api.unshare_subdir_for_user(repo.id, '/dir1', USER, USER2) == 0 assert api.unshare_subdir_for_group(repo.id, '/dir2', USER, group.id) == 0
def test_share_dir_to_user(repo, permission): v_repo_id_1 = api.share_subdir_to_user(repo.id, '/dir1', USER, USER2, permission) v_repo_id_2 = api.share_subdir_to_user(repo.id, '/dir2', USER, USER2, permission) assert api.check_permission(v_repo_id_1, USER2) == permission assert api.check_permission(v_repo_id_2, USER2) == permission vir_repo_2 = api.get_shared_repo_by_path(repo.id, '/dir2', USER2) assert vir_repo_2.permission == permission assert api.del_file(repo.id, '/', 'dir1', USER) == 0 assert api.unshare_subdir_for_user(repo.id, '/dir2', USER, USER2) == 0 assert api.get_shared_repo_by_path(repo.id, '/dir1', USER2) is None assert api.get_shared_repo_by_path(repo.id, '/dir2', USER2) is None
def delete_shared_user_by_repo_path(self, repo_id, repo_owner, to_user, path='/', org_id=None): """ """ if is_valid_org_id(org_id): if path == '/': return seafile_api.org_remove_share(org_id, repo_id, repo_owner, to_user) else: return seafile_api.org_unshare_subdir_for_user( org_id, repo_id, path, repo_owner, to_user) else: if path == '/': return seafile_api.remove_share(repo_id, repo_owner, to_user) else: return seafile_api.unshare_subdir_for_user( repo_id, path, repo_owner, to_user)
def delete_shared_user_by_repo_path(self, repo_id, repo_owner, to_user, path='/', org_id=None): """ """ if is_valid_org_id(org_id): if path == '/': return seafile_api.org_remove_share(org_id, repo_id, repo_owner, to_user) else: return seafile_api.org_unshare_subdir_for_user( org_id, repo_id, path, repo_owner, to_user) else: if path == '/': return seafile_api.remove_share(repo_id, repo_owner, to_user) else: return seafile_api.unshare_subdir_for_user( repo_id, path, repo_owner, to_user)
def test_share_dir_to_user(repo, permission): v_repo_id_1 = api.share_subdir_to_user(repo.id, '/dir1', USER, USER2, permission) v_repo_id_2 = api.share_subdir_to_user(repo.id, '/dir2', USER, USER2, permission) assert api.check_permission(v_repo_id_1, USER2) == permission assert api.check_permission(v_repo_id_2, USER2) == permission vir_repo_2 = api.get_shared_repo_by_path(repo.id, '/dir2', USER2) assert vir_repo_2.permission == permission users = api.get_shared_users_for_subdir(repo.id, '/dir1', USER) assert len(users) == 1 and users[0].user == USER2 assert api.del_file(repo.id, '/', 'dir1', USER) == 0 assert api.unshare_subdir_for_user(repo.id, '/dir2', USER, USER2) == 0 time.sleep(1) assert api.get_shared_repo_by_path(repo.id, '/dir1', USER2) is None assert api.get_shared_repo_by_path(repo.id, '/dir2', USER2) is None
def delete(self, request, repo, path, share_type): """ Delete user/group share permission. Permission checking: 1. admin user. """ # current `request.user.username` is admin user, # so need to identify the repo owner specifically. repo_owner = seafile_api.get_repo_owner(repo.repo_id) username = request.user.username share_to = request.data.get('share_to', None) if share_type == 'user': email = share_to if not email or not is_valid_username(email): error_msg = 'email %s invalid.' % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not has_shared_to_user(repo.repo_id, path, email): error_msg = 'Shared items not found' return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: permission = check_user_share_out_permission( repo.repo_id, path, email) if path == '/': seafile_api.remove_share(repo.repo_id, repo_owner, email) else: seafile_api.unshare_subdir_for_user( repo.repo_id, path, repo_owner, email) if path == '/': ExtraSharePermission.objects.delete_share_permission( repo.repo_id, email) send_perm_audit_msg('delete-repo-perm', username, email, repo.repo_id, path, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if share_type == 'group': group_id = share_to try: group_id = int(group_id) except ValueError: error_msg = 'group_id %s invalid' % group_id return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not has_shared_to_group(repo.repo_id, path, group_id): error_msg = 'Shared items not found' return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: permission = check_group_share_out_permission( repo.repo_id, path, group_id) if path == '/': seafile_api.unset_group_repo(repo.repo_id, group_id, repo_owner) else: seafile_api.unshare_subdir_for_group( repo.repo_id, path, repo_owner, group_id) if path == '/': ExtraGroupsSharePermission.objects.delete_share_permission( repo.repo_id, group_id) send_perm_audit_msg('delete-repo-perm', username, group_id, repo.repo_id, path, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'success': True})
def delete(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) repo_owner = self.get_repo_owner(request, repo_id) if repo_owner != username and not is_repo_admin(username, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') shared_to_user, shared_to_group = self.handle_shared_to_args(request) if shared_to_user: shared_to = request.GET.get('username') if shared_to is None or not is_valid_username(shared_to): return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % shared_to) permission = check_user_share_out_permission( repo_id, path, shared_to, is_org_context(request)) if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. org_id = request.user.org.org_id if path == '/': seaserv.seafserv_threaded_rpc.org_remove_share( org_id, repo_id, repo_owner, shared_to) else: seafile_api.org_unshare_subdir_for_user( org_id, repo_id, path, repo_owner, shared_to) else: if path == '/': seaserv.remove_share(repo_id, repo_owner, shared_to) else: seafile_api.unshare_subdir_for_user( repo_id, path, repo_owner, shared_to) # Delete share permission at ExtraSharePermission table. if path == '/': ExtraSharePermission.objects.delete_share_permission( repo_id, shared_to) send_perm_audit_msg('delete-repo-perm', username, shared_to, repo_id, path, permission) if shared_to_group: group_id = request.GET.get('group_id') try: group_id = int(group_id) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id) # hacky way to get group repo permission is_org = is_org_context(request) permission = check_group_share_out_permission( repo_id, path, group_id, is_org) if is_org: # when calling seafile API to share authority related functions, change the uesrname to repo owner. org_id = request.user.org.org_id if path == '/': seaserv.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.org_unshare_subdir_for_group( org_id, repo_id, path, repo_owner, group_id) else: if path == '/': seafile_api.unset_group_repo(repo_id, group_id, username) else: seafile_api.unshare_subdir_for_group( repo_id, path, repo_owner, group_id) # delete share permission if repo is deleted if path == '/': ExtraGroupsSharePermission.objects.delete_share_permission( repo_id, group_id) send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, path, permission) return HttpResponse(json.dumps({'success': True}), status=200, content_type=json_content_type)
def delete(self, request, repo, path, share_type): """ Delete user/group share permission. Permission checking: 1. admin user. """ # current `request.user.username` is admin user, # so need to identify the repo owner specifically. repo_owner = seafile_api.get_repo_owner(repo.repo_id) username = request.user.username share_to = request.data.get('share_to', None) if share_type == 'user': email = share_to if not email or not is_valid_username(email): error_msg = 'email %s invalid.' % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not has_shared_to_user(repo.repo_id, path, email): error_msg = 'Shared items not found' return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: permission = check_user_share_out_permission(repo.repo_id, path, email) if path == '/': seafile_api.remove_share(repo.repo_id, repo_owner, email) else: seafile_api.unshare_subdir_for_user( repo.repo_id, path, repo_owner, email) if path == '/': ExtraSharePermission.objects.delete_share_permission(repo.repo_id, email) send_perm_audit_msg('delete-repo-perm', username, email, repo.repo_id, path, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if share_type == 'group': group_id = share_to try: group_id = int(group_id) except ValueError: error_msg = 'group_id %s invalid' % group_id return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if not has_shared_to_group(repo.repo_id, path, group_id): error_msg = 'Shared items not found' return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: permission = check_group_share_out_permission(repo.repo_id, path, group_id) if path == '/': seafile_api.unset_group_repo(repo.repo_id, group_id, repo_owner) else: seafile_api.unshare_subdir_for_group( repo.repo_id, path, repo_owner, group_id) if path == '/': ExtraGroupsSharePermission.objects.delete_share_permission(repo.repo_id, group_id) send_perm_audit_msg('delete-repo-perm', username, group_id, repo.repo_id, path, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'success': True})
def delete(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) # check permission shared_to_user, shared_to_group = self.handle_shared_to_args(request) if shared_to_user: shared_to = request.GET.get('username') if shared_to is None or not is_valid_username(shared_to): return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % shared_to) if username != self.get_repo_owner(request, repo_id) and \ ExtraSharePermission.objects.get_user_permission(repo_id, username) != PERMISSION_ADMIN: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') else: if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') if shared_to_user: # if user not found, permission will be None permission = seafile_api.check_permission_by_path( repo_id, '/', shared_to) if is_org_context(request): username = seafile_api.get_org_repo_owner(repo_id) org_id = request.user.org.org_id if path == '/': seaserv.seafserv_threaded_rpc.org_remove_share( org_id, repo_id, username, shared_to) else: seafile_api.org_unshare_subdir_for_user( org_id, repo_id, path, username, shared_to) else: username = seafile_api.get_repo_owner(repo_id) if path == '/': seaserv.remove_share(repo_id, username, shared_to) else: seafile_api.unshare_subdir_for_user( repo_id, path, username, shared_to) # Delete share permission at ExtraSharePermission table. if path == '/': ExtraSharePermission.objects.delete_share_permission( repo_id, shared_to) send_perm_audit_msg('delete-repo-perm', username, shared_to, repo_id, path, permission) if shared_to_group: group_id = request.GET.get('group_id') try: group_id = int(group_id) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id) # hacky way to get group repo permission permission = '' if is_org_context(request): org_id = request.user.org.org_id shared_groups = seafile_api.list_org_repo_shared_group( org_id, username, repo_id) else: shared_groups = seafile_api.list_repo_shared_group( username, repo_id) for e in shared_groups: if e.group_id == group_id: permission = e.perm break if is_org_context(request): org_id = request.user.org.org_id if path == '/': seaserv.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.org_unshare_subdir_for_group( org_id, repo_id, path, username, group_id) else: if path == '/': seafile_api.unset_group_repo(repo_id, group_id, username) else: seafile_api.unshare_subdir_for_group( repo_id, path, username, group_id) send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, path, permission) return HttpResponse(json.dumps({'success': True}), status=200, content_type=json_content_type)
def delete(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) if username != self.get_repo_owner(request, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') shared_to_user, shared_to_group = self.handle_shared_to_args(request) if shared_to_user: shared_to = request.GET.get('username') if shared_to is None or not is_valid_username(shared_to): return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % shared_to) # if user not found, permission will be None permission = seafile_api.check_permission_by_path( repo_id, '/', shared_to) if is_org_context(request): org_id = request.user.org.org_id if path == '/': seaserv.seafserv_threaded_rpc.org_remove_share( org_id, repo_id, username, shared_to) else: seafile_api.org_unshare_subdir_for_user( org_id, repo_id, path, username, shared_to) else: if path == '/': seaserv.remove_share(repo_id, username, shared_to) else: seafile_api.unshare_subdir_for_user( repo_id, path, username, shared_to) send_perm_audit_msg('delete-repo-perm', username, shared_to, repo_id, path, permission) if shared_to_group: group_id = request.GET.get('group_id') try: group_id = int(group_id) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id) # hacky way to get group repo permission permission = '' if is_org_context(request): org_id = request.user.org.org_id shared_groups = seafile_api.list_org_repo_shared_group( org_id, username, repo_id) else: shared_groups = seafile_api.list_repo_shared_group( username, repo_id) for e in shared_groups: if e.group_id == group_id: permission = e.perm break if is_org_context(request): org_id = request.user.org.org_id if path == '/': seaserv.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.org_unshare_subdir_for_group( org_id, repo_id, path, username, group_id) else: if path == '/': seafile_api.unset_group_repo(repo_id, group_id, username) else: seafile_api.unshare_subdir_for_group( repo_id, path, username, group_id) send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, path, permission) return HttpResponse(json.dumps({'success': True}), status=200, content_type=json_content_type)
def test_merge_virtual_repo(repo): api.post_dir(repo.id, '/dir1', 'subdir1', USER) api.post_dir(repo.id, '/dir2', 'subdir2', USER) v_repo_id = api.share_subdir_to_user(repo.id, '/dir1', USER, USER2, 'rw') create_test_file() params = {'ret-json': '1'} obj_id = '{"parent_dir":"/"}' create_test_dir(repo, 'test') #test upload file to vritual repo root dir. token = api.get_fileserver_access_token(v_repo_id, obj_id, 'upload', USER2, False) upload_url_base = 'http://127.0.0.1:8082/upload-api/' + token m = MultipartEncoder( fields={ 'parent_dir': '/', 'file': (file_name, open(file_path, 'rb'), 'application/octet-stream') }) response = requests.post(upload_url_base, params=params, data=m, headers={'Content-Type': m.content_type}) assert_upload_response(response, False, False) time.sleep(1.5) repo_size = api.get_repo_size(v_repo_id) assert repo_size == 0 time.sleep(1.5) repo_size = api.get_repo_size(repo.id) assert repo_size == 0 #test resumable upload file to virtual repo root dir parent_dir = '/' headers = { 'Content-Range': 'bytes 0-{}/{}'.format(str(len(chunked_part1_content) - 1), str(total_size)), 'Content-Disposition': 'attachment; filename=\"{}\"'.format(resumable_file_name) } response = request_resumable_upload(chunked_part1_path, headers, upload_url_base, parent_dir, False) assert_resumable_upload_response(response, v_repo_id, resumable_file_name, False) time.sleep(1.5) v_repo_size = api.get_repo_size(v_repo_id) assert v_repo_size == 0 time.sleep(1.5) repo_size = api.get_repo_size(repo.id) assert repo_size == 0 headers = { 'Content-Range': 'bytes {}-{}/{}'.format(str(len(chunked_part1_content)), str(total_size - 1), str(total_size)), 'Content-Disposition': 'attachment; filename=\"{}\"'.format(resumable_file_name) } response = request_resumable_upload(chunked_part2_path, headers, upload_url_base, parent_dir, False) assert_resumable_upload_response(response, v_repo_id, resumable_file_name, True) time.sleep(2.5) v_repo_size = api.get_repo_size(v_repo_id) assert v_repo_size == total_size time.sleep(1.5) repo_size = api.get_repo_size(repo.id) assert repo_size == total_size #test update file to virtual repo. write_file(file_path, file_content) token = api.get_fileserver_access_token(v_repo_id, obj_id, 'update', USER2, False) update_url_base = 'http://127.0.0.1:8082/update-api/' + token m = MultipartEncoder( fields={ 'target_file': '/' + file_name, 'file': (file_name, open(file_path, 'rb'), 'application/octet-stream') }) response = requests.post(update_url_base, data=m, headers={'Content-Type': m.content_type}) assert_update_response(response, False) time.sleep(1.5) v_repo_size = api.get_repo_size(v_repo_id) assert v_repo_size == total_size + file_size time.sleep(1.5) repo_size = api.get_repo_size(repo.id) assert repo_size == total_size + file_size api.del_file(v_repo_id, '/', file_name, USER2) time.sleep(1.5) v_repo_size = api.get_repo_size(v_repo_id) assert v_repo_size == total_size time.sleep(1.5) repo_size = api.get_repo_size(repo.id) assert repo_size == total_size api.del_file(v_repo_id, '/', resumable_file_name, USER2) time.sleep(1.5) v_repo_size = api.get_repo_size(v_repo_id) assert v_repo_size == 0 time.sleep(1.5) repo_size = api.get_repo_size(repo.id) assert repo_size == 0 api.del_file(repo.id, '/dir1', 'subdir1', USER) api.del_file(repo.id, '/dir2', 'subdir1', USER) assert api.unshare_subdir_for_user(repo.id, '/dir1', USER, USER2) == 0 del_local_files()