diff --git a/seahub/api2/views.py b/seahub/api2/views.py index b74a6f964e..8be984f2aa 100644 --- a/seahub/api2/views.py +++ b/seahub/api2/views.py @@ -1208,9 +1208,9 @@ class FileBlockDownloadLinkView(APIView): return Response(url) class UploadLinkView(APIView): - authentication_classes = (TokenAuthentication, ) - permission_classes = (IsAuthenticated, ) - throttle_classes = (UserRateThrottle, ) + authentication_classes = (TokenAuthentication, SessionAuthentication) + permission_classes = (IsAuthenticated,) + throttle_classes = (UserRateThrottle,) def get(self, request, repo_id, format=None): # recourse check @@ -1235,13 +1235,22 @@ class UploadLinkView(APIView): token = seafile_api.get_fileserver_access_token( repo_id, 'dummy', 'upload', request.user.username, use_onetime = False) - url = gen_file_upload_url(token, 'upload-api') + + req_from = request.GET.get('from', 'api') + if req_from == 'api': + url = gen_file_upload_url(token, 'upload-api') + elif req_from == 'web': + url = gen_file_upload_url(token, 'upload-aj') + else: + error_msg = 'from invalid.' + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + return Response(url) class UpdateLinkView(APIView): - authentication_classes = (TokenAuthentication, ) - permission_classes = (IsAuthenticated, ) - throttle_classes = (UserRateThrottle, ) + authentication_classes = (TokenAuthentication, SessionAuthentication) + permission_classes = (IsAuthenticated,) + throttle_classes = (UserRateThrottle,) def get(self, request, repo_id, format=None): # recourse check @@ -1266,7 +1275,16 @@ class UpdateLinkView(APIView): token = seafile_api.get_fileserver_access_token( repo_id, 'dummy', 'update', request.user.username) - url = gen_file_upload_url(token, 'update-api') + + req_from = request.GET.get('from', 'api') + if req_from == 'api': + url = gen_file_upload_url(token, 'update-api') + elif req_from == 'web': + url = gen_file_upload_url(token, 'update-aj') + else: + error_msg = 'from invalid.' + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + return Response(url) class UploadBlksLinkView(APIView): diff --git a/seahub/urls.py b/seahub/urls.py index d5e0d1776d..94054e4303 100644 --- a/seahub/urls.py +++ b/seahub/urls.py @@ -144,7 +144,6 @@ urlpatterns = patterns( url(r'^ajax/repo/(?P[-0-9a-f]{36})/current_commit/$', get_current_commit, name='get_current_commit'), url(r'^ajax/repo/(?P[-0-9a-f]{36})/history/changes/$', repo_history_changes, name='repo_history_changes'), url(r'^ajax/repo/(?P[-0-9a-f]{36})/encrypted_file/(?P[0-9a-f]{40})/download/$', download_enc_file, name='download_enc_file'), - url(r'^ajax/repo/(?P[-0-9a-f]{36})/file_op_url/$', get_file_op_url, name='get_file_op_url'), url(r'^ajax/repo/(?P[-0-9a-f]{36})/get-file-uploaded-bytes/$', get_file_uploaded_bytes, name='get_file_uploaded_bytes'), url(r'^ajax/u/d/(?P[-0-9a-f]{10})/upload/$', get_file_upload_url_ul, name='get_file_upload_url_ul'), url(r'^ajax/group/(?P\d+)/repos/$', get_unenc_group_repos, name='get_group_repos'), diff --git a/seahub/views/ajax.py b/seahub/views/ajax.py index 49d69c3eec..abbfbf5e78 100644 --- a/seahub/views/ajax.py +++ b/seahub/views/ajax.py @@ -33,7 +33,7 @@ from seahub.notifications.views import add_notice_from_info from seahub.share.models import UploadLinkShare from seahub.signals import upload_file_successful from seahub.views import get_unencry_rw_repos_by_user, \ - get_system_default_repo_id, get_diff, check_folder_permission + get_diff, check_folder_permission from seahub.group.utils import is_group_member, is_group_admin_or_owner, \ get_group_member_info import seahub.settings as settings @@ -1060,50 +1060,6 @@ def get_file_uploaded_bytes(request, repo_id): return HttpResponse(json.dumps({"uploadedBytes": uploadedBytes}), content_type=content_type) -@login_required_ajax -def get_file_op_url(request, repo_id): - """Get file upload/update url for AJAX. - """ - content_type = 'application/json; charset=utf-8' - - op_type = request.GET.get('op_type') # value can be 'upload', 'update', 'upload-blks', 'update-blks' - path = request.GET.get('path') - if not (op_type and path): - err_msg = _(u'Argument missing') - return HttpResponse(json.dumps({"error": err_msg}), status=400, - content_type=content_type) - - repo = get_repo(repo_id) - if not repo: - err_msg = _(u'Library does not exist') - return HttpResponse(json.dumps({"error": err_msg}), status=400, - content_type=content_type) - - # permission checking - if check_folder_permission(request, repo.id, path) != 'rw': - err_msg = _(u'Permission denied') - return HttpResponse(json.dumps({"error": err_msg}), status=403, - content_type=content_type) - - username = request.user.username - if op_type == 'upload': - if request.user.is_staff and get_system_default_repo_id() == repo.id: - # Set username to 'system' to let fileserver release permission - # check. - username = 'system' - - if op_type.startswith('update'): - token = seafile_api.get_fileserver_access_token(repo_id, 'dummy', - op_type, username) - else: - token = seafile_api.get_fileserver_access_token(repo_id, 'dummy', - op_type, username, - use_onetime=False) - - url = gen_file_upload_url(token, op_type + '-aj') - - return HttpResponse(json.dumps({"url": url}), content_type=content_type) - def get_file_upload_url_ul(request, token): """Get file upload url in dir upload link. diff --git a/static/scripts/app/views/fileupload.js b/static/scripts/app/views/fileupload.js index c2892a19bf..c27c1f27f1 100644 --- a/static/scripts/app/views/fileupload.js +++ b/static/scripts/app/views/fileupload.js @@ -155,16 +155,16 @@ define([ var upload_file = function() { $.ajax({ url: Common.getUrl({ - name: 'get_file_op_url', + name: 'repo_upload_link', repo_id: dirents.repo_id }), data: { - 'op_type': 'upload', + 'from': 'web', 'path': dirents.path }, cache: false, dataType: 'json', - success: function(ret) { + success: function(returned_url) { if (enable_upload_folder && file.relative_path) { // 'add folder' var file_path = file.relative_path, r_path = file_path.substring(0, file_path.lastIndexOf('/') + 1), @@ -173,7 +173,7 @@ define([ popup.fileupload('option', { 'formData': formData }); - data.url = ret['url']; + data.url = returned_url; data.jqXHR = popup.fileupload('send', data); } else { @@ -194,13 +194,13 @@ define([ dataType: 'json', success: function(file_uploaded_data) { popup.fileupload('option', 'uploadedBytes', file_uploaded_data.uploadedBytes); - data.url = ret['url']; + data.url = returned_url; data.jqXHR = popup.fileupload('send', data); } }); } else { - data.url = ret['url']; + data.url = returned_url; data.jqXHR = popup.fileupload('send', data); } } @@ -219,23 +219,23 @@ define([ var update_file = function() { $.ajax({ url: Common.getUrl({ - name: 'get_file_op_url', + name: 'repo_update_link', repo_id: dirents.repo_id }), data: { - 'op_type': 'update', + 'from': 'web', 'path': dirents.path }, cache: false, dataType: 'json', - success: function(ret) { + success: function(returned_url) { var formData = popup.fileupload('option', 'formData'); formData.target_file = formData.parent_dir + file.name; popup.fileupload('option', 'formData', formData); file.to_update = true; - data.url = ret['url']; + data.url = returned_url; data.jqXHR = popup.fileupload('send', data); }, error: function() { diff --git a/static/scripts/common.js b/static/scripts/common.js index 22ab1ff01b..e61fea34be 100644 --- a/static/scripts/common.js +++ b/static/scripts/common.js @@ -94,7 +94,6 @@ define([ case 'del_dirents': return siteRoot + 'ajax/repo/' + options.repo_id + '/dirents/delete/'; case 'mv_dirents': return siteRoot + 'ajax/repo/' + options.repo_id + '/dirents/move/'; case 'cp_dirents': return siteRoot + 'ajax/repo/' + options.repo_id + '/dirents/copy/'; - case 'get_file_op_url': return siteRoot + 'ajax/repo/' + options.repo_id + '/file_op_url/'; case 'get_file_uploaded_bytes': return siteRoot + 'ajax/repo/' + options.repo_id + '/get-file-uploaded-bytes/'; case 'get_dirents': return siteRoot + 'ajax/repo/' + options.repo_id + '/dirents/'; @@ -116,6 +115,8 @@ define([ case 'repo_shared_upload_link': return siteRoot + 'api2/repos/' + options.repo_id + '/upload-shared-links/' + options.token + '/'; case 'repo_user_folder_perm': return siteRoot + 'api2/repos/' + options.repo_id + '/user-folder-perm/'; case 'repo_group_folder_perm': return siteRoot + 'api2/repos/' + options.repo_id + '/group-folder-perm/'; + case 'repo_upload_link': return siteRoot + 'api2/repos/' + options.repo_id + '/upload-link/'; + case 'repo_update_link': return siteRoot + 'api2/repos/' + options.repo_id + '/update-link/'; // Share admin case 'share_admin_repos': return siteRoot + 'api/v2.1/shared-repos/';