haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-03 07:55:36 +00:00
Code Issues Releases Wiki Activity

check if is group member when share repo to group

Browse Source
This commit is contained in:
lian
2017-08-11 15:28:48 +08:00
parent 8ddaa34863
commit 057b6960be
2 changed files with 58 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
seahub/api2/endpoints/dir_shared_items.py
View File

@@ -12,7 +12,8 @@ from rest_framework.views import APIView
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
import seaserv import seaserv
from seaserv import seafile_api from seaserv import seafile_api, ccnet_api
from constance import config
from seahub.api2.authentication import TokenAuthentication from seahub.api2.authentication import TokenAuthentication
from seahub.api2.permissions import IsRepoAccessible from seahub.api2.permissions import IsRepoAccessible
@@ -347,11 +348,25 @@ class DirSharedItemsEndpoint(APIView):
try: try:
gid = int(gid) gid = int(gid)
except ValueError: except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid.' % gid) result['failed'].append({
'error_msg': _(u'group_id %s invalid.') % gid
})
continue
group = seaserv.get_group(gid) group = ccnet_api.get_group(gid)
if not group: if not group:
return api_error(status.HTTP_404_NOT_FOUND, 'Group %s not found' % gid) result['failed'].append({
'error_msg': _(u'Group %s not found') % gid
})
continue
if not config.ENABLE_SHARE_TO_ALL_GROUPS and \
not ccnet_api.is_group_user(gid, username):
result['failed'].append({
'group_name': group.group_name,
'error_msg': _(u'Permission denied.')
})
continue
if self.has_shared_to_group(request, repo_id, path, gid): if self.has_shared_to_group(request, repo_id, path, gid):
result['failed'].append({ result['failed'].append({

39
tests/api/endpoints/test_dir_shared_items.py
View File

@@ -1,4 +1,5 @@
import json import json
from mock import patch
from seaserv import seafile_api from seaserv import seafile_api
@@ -196,6 +197,44 @@ class DirSharedItemsTest(BaseTestCase):
json_resp = json.loads(resp.content) json_resp = json.loads(resp.content)
assert 'has been shared to' in json_resp['failed'][0]['error_msg'] assert 'has been shared to' in json_resp['failed'][0]['error_msg']
def test_share_to_group_if_not_group_member(self):
self.login_as(self.user)
grp = self.create_group(group_name="test-grp2",
username=self.admin.username)
resp = self.client.put(
'/api2/repos/%s/dir/shared_items/?p=/' % (self.repo.id),
"share_type=group&group_id=%d&permission=rw" % (grp.id),
'application/x-www-form-urlencoded',
)
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert len(json_resp['failed']) == 1
assert len(json_resp['success']) == 0
assert json_resp['failed'][0]['error_msg'] == 'Permission denied.'
@patch('seahub.api2.endpoints.dir_shared_items.config')
def test_share_to_group_if_not_group_member_2(self, mock_settings):
mock_settings.ENABLE_SHARE_TO_ALL_GROUPS.return_value = True
self.login_as(self.user)
grp = self.create_group(group_name="test-grp2",
username=self.admin.username)
resp = self.client.put(
'/api2/repos/%s/dir/shared_items/?p=/' % (self.repo.id),
"share_type=group&group_id=%d&permission=rw" % (grp.id),
'application/x-www-form-urlencoded',
)
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert len(json_resp['failed']) == 0
assert len(json_resp['success']) == 1
assert json_resp['success'][0]['group_info']['id'] == grp.id
def test_share_with_invalid_email(self): def test_share_with_invalid_email(self):
self.login_as(self.user) self.login_as(self.user)
invalid_email = '%s' % randstring(6) invalid_email = '%s' % randstring(6)