diff --git a/seahub/api2/endpoints/dir_shared_items.py b/seahub/api2/endpoints/dir_shared_items.py index 10d569257e..192840bd73 100644 --- a/seahub/api2/endpoints/dir_shared_items.py +++ b/seahub/api2/endpoints/dir_shared_items.py @@ -12,7 +12,8 @@ from rest_framework.views import APIView from django.utils.translation import ugettext as _ import seaserv -from seaserv import seafile_api +from seaserv import seafile_api, ccnet_api +from constance import config from seahub.api2.authentication import TokenAuthentication from seahub.api2.permissions import IsRepoAccessible @@ -347,11 +348,25 @@ class DirSharedItemsEndpoint(APIView): try: gid = int(gid) except ValueError: - return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid.' % gid) + result['failed'].append({ + 'error_msg': _(u'group_id %s invalid.') % gid + }) + continue - group = seaserv.get_group(gid) + group = ccnet_api.get_group(gid) if not group: - return api_error(status.HTTP_404_NOT_FOUND, 'Group %s not found' % gid) + result['failed'].append({ + 'error_msg': _(u'Group %s not found') % gid + }) + continue + + if not config.ENABLE_SHARE_TO_ALL_GROUPS and \ + not ccnet_api.is_group_user(gid, username): + result['failed'].append({ + 'group_name': group.group_name, + 'error_msg': _(u'Permission denied.') + }) + continue if self.has_shared_to_group(request, repo_id, path, gid): result['failed'].append({ diff --git a/tests/api/endpoints/test_dir_shared_items.py b/tests/api/endpoints/test_dir_shared_items.py index 700316ad8f..e41d0d6969 100644 --- a/tests/api/endpoints/test_dir_shared_items.py +++ b/tests/api/endpoints/test_dir_shared_items.py @@ -1,4 +1,5 @@ import json +from mock import patch from seaserv import seafile_api @@ -196,6 +197,44 @@ class DirSharedItemsTest(BaseTestCase): json_resp = json.loads(resp.content) assert 'has been shared to' in json_resp['failed'][0]['error_msg'] + def test_share_to_group_if_not_group_member(self): + self.login_as(self.user) + + grp = self.create_group(group_name="test-grp2", + username=self.admin.username) + + resp = self.client.put( + '/api2/repos/%s/dir/shared_items/?p=/' % (self.repo.id), + "share_type=group&group_id=%d&permission=rw" % (grp.id), + 'application/x-www-form-urlencoded', + ) + self.assertEqual(200, resp.status_code) + json_resp = json.loads(resp.content) + assert len(json_resp['failed']) == 1 + assert len(json_resp['success']) == 0 + assert json_resp['failed'][0]['error_msg'] == 'Permission denied.' + + @patch('seahub.api2.endpoints.dir_shared_items.config') + def test_share_to_group_if_not_group_member_2(self, mock_settings): + + mock_settings.ENABLE_SHARE_TO_ALL_GROUPS.return_value = True + + self.login_as(self.user) + + grp = self.create_group(group_name="test-grp2", + username=self.admin.username) + + resp = self.client.put( + '/api2/repos/%s/dir/shared_items/?p=/' % (self.repo.id), + "share_type=group&group_id=%d&permission=rw" % (grp.id), + 'application/x-www-form-urlencoded', + ) + self.assertEqual(200, resp.status_code) + json_resp = json.loads(resp.content) + assert len(json_resp['failed']) == 0 + assert len(json_resp['success']) == 1 + assert json_resp['success'][0]['group_info']['id'] == grp.id + def test_share_with_invalid_email(self): self.login_as(self.user) invalid_email = '%s' % randstring(6)