haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-19 10:26:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #1309 from haiwen/admin-repo-share

Browse Source 
admin manage repo share
This commit is contained in:
llj
2016-08-16 11:14:37 +08:00
committed by GitHub
parent 7c6211efab 1e0d94b694
commit 070d59eb9b
13 changed files with 1400 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

399
seahub/api2/endpoints/admin/shares.py Normal file
View File

@@ -0,0 +1,399 @@
# Copyright (c) 2012-2016 Seafile Ltd.
import logging
from rest_framework import status
from rest_framework.authentication import SessionAuthentication
from rest_framework.permissions import IsAdminUser
from rest_framework.response import Response
from rest_framework.views import APIView
from django.utils.translation import ugettext as _
from seaserv import seafile_api, ccnet_api
from seahub.api2.authentication import TokenAuthentication
from seahub.api2.throttling import UserRateThrottle
from seahub.api2.utils import api_error
from seahub.base.accounts import User
from seahub.base.templatetags.seahub_tags import email2nickname
from seahub.utils import is_valid_username
logger = logging.getLogger(__name__)
def check_parameter(func):
"""
Decorator for check parameter
"""
def _decorated(view, request, *args, **kwargs):
# argument check
if request.method == 'GET':
repo_id = request.GET.get('repo_id', None)
path = request.GET.get('path', '/')
share_type = request.GET.get('share_type', None)
else:
repo_id = request.data.get('repo_id', None)
path = request.data.get('path', '/')
share_type = request.data.get('share_type', None)
if not repo_id:
error_msg = 'repo_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not share_type or share_type not in ('user', 'group'):
error_msg = 'share_type invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if not seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Folder %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
return func(view, request, repo_id, path, share_type, *args, **kwargs)
return _decorated
class AdminShares(APIView):
authentication_classes = (TokenAuthentication, SessionAuthentication)
throttle_classes = (UserRateThrottle,)
permission_classes = (IsAdminUser,)
@check_parameter
def get(self, request, repo_id, path, share_type):
""" List user/group shares
Permission checking:
1. admin user.
"""
result = []
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo_id)
if share_type == 'user':
try:
if path == '/':
share_items = seafile_api.list_repo_shared_to(
repo_owner, repo_id)
else:
share_items = seafile_api.get_shared_users_for_subdir(
repo_id, path, repo_owner)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
for share_item in share_items:
user_email = share_item.user
user_name = email2nickname(user_email) if user_email else '--'
share_info = {}
share_info['repo_id'] = repo_id
share_info['path'] = path
share_info['share_type'] = share_type
share_info['user_email'] = user_email
share_info['user_name'] = user_name
share_info['permission'] = share_item.perm
result.append(share_info)
if share_type == 'group':
try:
if path == '/':
share_items = seafile_api.list_repo_shared_group_by_user(
repo_owner, repo_id)
else:
share_items = seafile_api.get_shared_groups_for_subdir(
repo_id, path, repo_owner)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
for share_item in share_items:
group_id = share_item.group_id
group = ccnet_api.get_group(group_id)
group_name = group.group_name if group else '--'
share_info = {}
share_info['repo_id'] = repo_id
share_info['path'] = path
share_info['share_type'] = share_type
share_info['group_id'] = group_id
share_info['group_name'] = group_name
share_info['permission'] = share_item.perm
result.append(share_info)
return Response(result)
@check_parameter
def post(self, request, repo_id, path, share_type):
""" Admin share a library to user/group.
Permission checking:
1. admin user.
"""
# argument check
permission = request.data.get('permission', None)
if not permission or permission not in ('r', 'rw'):
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
share_to = request.data.getlist('share_to')
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo_id)
if share_type == 'user':
for email in share_to:
if repo_owner == email:
result['failed'].append({
'user_email': email,
'error_msg': _(u'User %s is already library owner.') % email
})
continue
if not is_valid_username(email):
result['failed'].append({
'user_email': email,
'error_msg': _('Email %s invalid.') % email
})
continue
try:
User.objects.get(email=email)
except User.DoesNotExist:
result['failed'].append({
'user_email': email,
'error_msg': 'User %s not found.' % email
})
continue
try:
if path == '/':
seafile_api.share_repo(
repo_id, repo_owner, email, permission)
else:
seafile_api.share_subdir_email(
repo_id, path, repo_owner, email, permission)
except Exception as e:
logger.error(e)
result['failed'].append({
'user_email': email,
'error_msg': 'Internal Server Error'
})
continue
new_perm = seafile_api.check_permission_by_path(repo_id, path, email)
result['success'].append({
"repo_id": repo_id,
"path": path,
"share_type": share_type,
"user_email": email,
"user_name": email2nickname(email),
"permission": new_perm
})
if share_type == 'group':
for group_id in share_to:
try:
group_id = int(group_id)
except ValueError as e:
logger.error(e)
result['failed'].append({
'group_id': group_id,
'error_msg': 'group_id %s invalid.' % group_id
})
continue
group = ccnet_api.get_group(group_id)
if not group:
result['failed'].append({
'group_id': group_id,
'error_msg': 'Group %s not found' % group_id
})
continue
try:
if path == '/':
seafile_api.set_group_repo(
repo_id, group_id, repo_owner, permission)
else:
seafile_api.share_subdir_to_group(
repo_id, path, repo_owner, group_id, permission)
except Exception as e:
logger.error(e)
result['failed'].append({
"group_id": group_id,
'error_msg': 'Internal Server Error'
})
continue
result['success'].append({
"repo_id": repo_id,
"path": path,
"share_type": share_type,
"group_id": group_id,
"group_name": group.group_name,
"permission": permission
})
return Response(result)
@check_parameter
def put(self, request, repo_id, path, share_type):
""" Update user/group share permission.
Permission checking:
1. admin user.
"""
# argument check
permission = request.data.get('permission', None)
if not permission or permission not in ('r', 'rw'):
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
share_info = {}
share_info['repo_id'] = repo_id
share_info['path'] = path
share_info['share_type'] = share_type
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo_id)
share_to = request.data.get('share_to', None)
if share_type == 'user':
email = share_to
if not email or not is_valid_username(email):
error_msg = 'email %s invalid.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
if path == '/':
seafile_api.set_share_permission(
repo_id, repo_owner, email, permission)
else:
seafile_api.update_share_subdir_perm_for_user(
repo_id, path, repo_owner, email, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_perm = seafile_api.check_permission_by_path(repo_id, path, email)
share_info['user_email'] = email
share_info['user_name'] = email2nickname(email)
share_info['permission'] = new_perm
if share_type == 'group':
group_id = share_to
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id %s invalid.' % group_id
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %s not found' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
if path == '/':
seafile_api.set_group_repo_permission(group_id,
repo_id, permission)
else:
seafile_api.update_share_subdir_perm_for_group(
repo_id, path, repo_owner, group_id, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
share_info['group_id'] = group_id
share_info['group_name'] = group.group_name
share_info['permission'] = permission
return Response(share_info)
@check_parameter
def delete(self, request, repo_id, path, share_type):
""" Delete user/group share permission.
Permission checking:
1. admin user.
"""
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo_id)
share_to = request.data.get('share_to', None)
if share_type == 'user':
email = share_to
if not email or not is_valid_username(email):
error_msg = 'email %s invalid.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
if path == '/':
seafile_api.remove_share(repo_id, repo_owner, email)
else:
seafile_api.unshare_subdir_for_user(
repo_id, path, repo_owner, email)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if share_type == 'group':
group_id = share_to
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id %s invalid' % group_id
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
if path == '/':
seafile_api.unset_group_repo(repo_id, group_id, repo_owner)
else:
seafile_api.unshare_subdir_for_group(
repo_id, path, repo_owner, group_id)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})

88
seahub/api2/endpoints/search_group.py Normal file
View File

@@ -0,0 +1,88 @@
# Copyright (c) 2012-2016 Seafile Ltd.
from rest_framework.authentication import SessionAuthentication
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework import status
from django.conf import settings
import seaserv
from seaserv import ccnet_api
from seahub.api2.authentication import TokenAuthentication
from seahub.api2.throttling import UserRateThrottle
from seahub.api2.utils import api_error
from seahub.utils import is_org_context
from seahub.utils.timeutils import timestamp_to_isoformat_timestr
try:
from seahub.settings import CLOUD_MODE
except ImportError:
CLOUD_MODE = False
def get_group_info(group_id):
group = ccnet_api.get_group(group_id)
isoformat_timestr = timestamp_to_isoformat_timestr(group.timestamp)
group_info = {
"id": group.id,
"name": group.group_name,
"owner": group.creator_name,
"created_at": isoformat_timestr,
}
return group_info
class SearchGroup(APIView):
authentication_classes = (TokenAuthentication, SessionAuthentication)
permission_classes = (IsAuthenticated,)
throttle_classes = (UserRateThrottle,)
def _can_use_global_address_book(self, request):
return request.user.permissions.can_use_global_address_book()
def get(self, request, format=None):
""" Search group.
Permission checking:
1. default(NOT guest) user;
"""
# argument check
q = request.GET.get('q', None)
if not q:
error_msg = 'q invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
if not self._can_use_global_address_book(request):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if CLOUD_MODE:
if is_org_context(request):
org_id = request.user.org.org_id
groups = ccnet_api.get_org_groups(org_id, -1, -1)
elif settings.ENABLE_GLOBAL_ADDRESSBOOK:
groups = ccnet_api.get_all_groups(-1, -1)
else:
username = request.user.username
groups = seaserv.get_personal_groups_by_user(username)
else:
groups = ccnet_api.get_all_groups(-1, -1)
result = []
for group in groups:
group_name = group.group_name
if not group_name:
continue
if q.lower() in group_name.lower():
group_info = get_group_info(group.id)
result.append(group_info)
return Response(result)

106
seahub/templates/js/sysadmin-templates.html
View File

@@ -372,6 +372,9 @@
<td>
<a href="#" class="sf2-icon-delete sf2-x repo-delete-btn op-icon vh" title="{% trans "Delete" %}" aria-label="{% trans "Delete" %}"></a>
<a href="#" class="sf2-icon-move sf2-x repo-transfer-btn op-icon vh" title="{% trans "Transfer" %}" aria-label="{% trans "Transfer" %}"></a>
<% if (!encrypted) { %>
<a href="#" class="sf2-icon-share sf2-x repo-share-btn op-icon vh" title="{% trans "Share" %}" aria-label="{% trans "Share" %}"></a>
<% } %>
</td>
</script>
@@ -559,3 +562,106 @@
<input type="submit" value="{% trans "Submit" %}" />
</form>
</script>
<script type="text/template" id="folder-perm-item-tmpl">
<% if (for_user) { %>
<td>
<a href="{{ SITE_ROOT }}useradmin/info/<% print(encodeURIComponent(user_email)); %>/" target="_blank"><%- user_name %></a>
</td>
<% } else { %>
<td>
<a href="{{ SITE_ROOT }}sys/groupadmin/<%= group_id %>/" target="_blank"><%- group_name %></a>
</td>
<% } %>
<td>
<div class="perm">
<span>
<% if (permission == 'rw') { %>
{% trans "Read-Write" %}
<% } else { %>
{% trans "Read-Only" %}
<% } %>
</span>
<a href="#" title="{% trans "Edit" %}" class="perm-edit-icon sf2-icon-edit op-icon vh"></a>
</div>
<select class="perm-toggle-select hide w100">
<% if (permission == 'rw') { %>
<option value="rw" selected="selected" >{% trans "Read-Write" %}</option>
<option value="r" >{% trans "Read-Only" %}</option>
<% } else { %>
<option value="rw" >{% trans "Read-Write" %}</option>
<option value="r" selected="selected" >{% trans "Read-Only" %}</option>
<% } %>
</select>
</td>
<td>
<a href="#" class="sf2-icon-delete delete-icon op-icon vh" title="{% trans "Delete" %}"></a>
</td>
</script>
<script type="text/template" id="share-popup-tmpl">
<h3 class="hd" id="dialogTitle"><%= title %></h3>
<div id="share-tabs" class="left-right-tabs ovhd">
<ul class="left-right-tabs-nav fleft">
<li class="tab"><a href="#dir-user-share" class="a">{% trans "Share to user" %}</a></li>
<li class="tab"><a href="#dir-group-share" class="a">{% trans "Share to group" %}</a></li>
</ul>
<div class="fright">
<span class="loading-icon loading-tip"></span>
<div id="dir-user-share" class="tabs-panel">
<table>
<thead>
<tr>
<th width="55%">{% trans "User" %}</th>
<th width="30%">{% trans "Permission" %}</th>
<th width="15%"></th>
</tr>
</thead>
<tbody>
<tr id="add-dir-user-share-item">
<td>
<input type="hidden" name="emails" class="w100" />
</td>
<td>
<select name="permission" class="share-permission-select w100">
<option value="rw" selected="selected">{% trans "Read-Write" %}</option>
<option value="r">{% trans "Read-Only" %}</option>
</select>
</td>
<td><input type="submit" value="{% trans "Submit" %}" class="submit" /></td>
</tr>
</tbody>
</table>
<p class="error hide"></p>
</div>
<div id="dir-group-share" class="tabs-panel hide">
<table>
<thead>
<tr>
<th width="55%">{% trans "Group" %}</th>
<th width="30%">{% trans "Permission" %}</th>
<th width="15%"></th>
</tr>
</thead>
<tbody>
<tr id="add-dir-group-share-item">
<td>
<input type="groups" name="groups" class="w100" />
</td>
<td>
<select name="permission" class="share-permission-select w100">
<option value="rw" selected="selected">{% trans "Read-Write" %}</option>
<option value="r">{% trans "Read-Only" %}</option>
</select>
</td>
<td><input type="submit" value="{% trans "Submit" %}" class="submit" /></td>
</tr>
</tbody>
</table>
<p class="error hide"></p>
</div>
</div>
</div>
</script>

10
seahub/test_utils.py
View File

@@ -142,6 +142,16 @@ class Fixtures(Exam):
group_id = self.group.id
return ccnet_threaded_rpc.remove_group(group_id, self.user.username)
def share_repo_to_admin_with_r_permission(self):
# share user's repo to admin with 'r' permission
seafile_api.share_repo(self.repo.id, self.user.username,
self.admin.username, 'r')
def share_repo_to_admin_with_rw_permission(self):
# share user's repo to admin with 'rw' permission
seafile_api.share_repo(self.repo.id, self.user.username,
self.admin.username, 'rw')
def set_user_folder_r_permission_to_admin(self):
# share user's repo to admin with 'rw' permission

5
seahub/urls.py
View File

@@ -20,6 +20,7 @@ from seahub.views.sysadmin import *
from seahub.views.ajax import *
from seahub.api2.endpoints.groups import Groups, Group
from seahub.api2.endpoints.group_members import GroupMembers, GroupMembersBulk, GroupMember
from seahub.api2.endpoints.search_group import SearchGroup
from seahub.api2.endpoints.share_links import ShareLinks, ShareLink
from seahub.api2.endpoints.shared_folders import SharedFolders
from seahub.api2.endpoints.shared_repos import SharedRepos, SharedRepo
@@ -46,6 +47,7 @@ from seahub.api2.endpoints.admin.library_dirents import AdminLibraryDirents, Adm
from seahub.api2.endpoints.admin.system_library import AdminSystemLibrary
from seahub.api2.endpoints.admin.trash_libraries import AdminTrashLibraries, AdminTrashLibrary
from seahub.api2.endpoints.admin.groups import AdminGroups, AdminGroup
from seahub.api2.endpoints.admin.shares import AdminShares
# Uncomment the next two lines to enable the admin:
#from django.contrib import admin
@@ -186,6 +188,7 @@ urlpatterns = patterns(
url(r'^api/v2.1/groups/(?P<group_id>\d+)/members/$', GroupMembers.as_view(), name='api-v2.1-group-members'),
url(r'^api/v2.1/groups/(?P<group_id>\d+)/members/bulk/$', GroupMembersBulk.as_view(), name='api-v2.1-group-members-bulk'),
url(r'^api/v2.1/groups/(?P<group_id>\d+)/members/(?P<email>[^/]+)/$', GroupMember.as_view(), name='api-v2.1-group-member'),
url(r'^api/v2.1/search-group/$', SearchGroup.as_view(), name='api-v2.1-search-group'),
url(r'^api/v2.1/shared-folders/$', SharedFolders.as_view(), name='api-v2.1-shared-folders'),
url(r'^api/v2.1/shared-repos/$', SharedRepos.as_view(), name='api-v2.1-shared-repos'),
url(r'^api/v2.1/shared-repos/(?P<repo_id>[-0-9a-f]{36})/$', SharedRepo.as_view(), name='api-v2.1-shared-repo'),
@@ -205,7 +208,6 @@ urlpatterns = patterns(
url(r'^api/v2.1/admin/device-errors/$', AdminDeviceErrors.as_view(), name='api-v2.1-admin-device-errors'),
url(r'^api/v2.1/invitations/$', InvitationsView.as_view()),
url(r'^api/v2.1/invitations/(?P<token>[a-f0-9]{32})/$', InvitationView.as_view()),
url(r'^api/v2.1/admin/libraries/$', AdminLibraries.as_view(), name='api-v2.1-admin-libraries'),
url(r'^api/v2.1/admin/libraries/(?P<repo_id>[-0-9a-f]{36})/$', AdminLibrary.as_view(), name='api-v2.1-admin-library'),
url(r'^api/v2.1/admin/libraries/(?P<repo_id>[-0-9a-f]{36})/dirents/$', AdminLibraryDirents.as_view(), name='api-v2.1-admin-library-dirents'),
@@ -215,6 +217,7 @@ urlpatterns = patterns(
url(r'^api/v2.1/admin/system-library/$', AdminSystemLibrary.as_view(), name='api-v2.1-admin-system-library'),
url(r'^api/v2.1/admin/trash-libraries/$', AdminTrashLibraries.as_view(), name='api-v2.1-admin-trash-libraries'),
url(r'^api/v2.1/admin/trash-libraries/(?P<repo_id>[-0-9a-f]{36})/$', AdminTrashLibrary.as_view(), name='api-v2.1-admin-trash-library'),
url(r'^api/v2.1/admin/shares/$', AdminShares.as_view(), name='api-v2.1-admin-shares'),
(r'^avatar/', include('seahub.avatar.urls')),
(r'^notification/', include('seahub.notifications.urls')),

4
static/scripts/app/views/folder-share-item.js
View File

@@ -83,7 +83,7 @@ define([
if (item_data.for_user) {
$('#dir-user-share .error').html(err_msg).removeClass('hide');
} else {
$('#dir-group-group .error').html(err_msg).removeClass('hide');
$('#dir-group-share .error').html(err_msg).removeClass('hide');
}
}
});
@@ -119,7 +119,7 @@ define([
if (item_data.for_user) {
$('#dir-user-share .error').html(err_msg).removeClass('hide');
} else {
$('#dir-group-group .error').html(err_msg).removeClass('hide');
$('#dir-group-share .error').html(err_msg).removeClass('hide');
}
}
});

4
static/scripts/app/views/share.js
View File

@@ -632,7 +632,7 @@ define([
var parsed_resp = $.parseJSON(xhr.responseText);
err_msg = parsed_resp.error||parsed_resp.error_msg;
} else {
err_msg = gettext("Failed. Please check the network.")
err_msg = gettext("Failed. Please check the network.");
}
$error.html(err_msg).removeClass('hide');
},
@@ -710,7 +710,7 @@ define([
var parsed_resp = $.parseJSON(xhr.responseText);
err_msg = parsed_resp.error||parsed_resp.error_msg;
} else {
err_msg = gettext("Failed. Please check the network.")
err_msg = gettext("Failed. Please check the network.");
}
$error.html(err_msg).removeClass('hide');
},

63
static/scripts/common.js
View File

@@ -141,6 +141,7 @@ define([
// Group
case 'groups': return siteRoot + 'api/v2.1/groups/';
case 'search_group': return siteRoot + 'api/v2.1/search-group/';
case 'group': return siteRoot + 'api/v2.1/groups/' + options.group_id + '/';
case 'group_members': return siteRoot + 'api/v2.1/groups/' + options.group_id + '/members/';
case 'group_member': return siteRoot + 'api/v2.1/groups/' + options.group_id + '/members/' + options.email + '/';
@@ -180,6 +181,7 @@ define([
case 'admin-system-library': return siteRoot + 'api/v2.1/admin/system-library/';
case 'admin-trash-libraries': return siteRoot + 'api/v2.1/admin/trash-libraries/';
case 'admin-trash-library': return siteRoot + 'api/v2.1/admin/trash-libraries/' + options.repo_id + '/';
case 'admin_shares': return siteRoot + 'api/v2.1/admin/shares/';
}
},
@@ -634,6 +636,67 @@ define([
}
},
groupInputOptionsForSelect2: function() {
var _this = this;
return {
placeholder: gettext("Search groups"),
// with 'tags', the user can directly enter, not just select
// tags need `<input type="hidden" />`, not `<select>`
tags: [],
minimumInputLength: 1, // input at least 1 character
formatInputTooShort: gettext("Please enter 1 or more character"),
formatNoMatches: gettext("No matches"),
formatSearching: gettext("Searching..."),
formatAjaxError: gettext("Loading failed"),
ajax: {
url: _this.getUrl({name: 'search_group'}),
dataType: 'json',
delay: 250,
cache: true,
data: function(params) {
return {
q: params
};
},
results: function(data) {
var group_list = [], groups = data;
for (var i = 0, len = groups.length; i < len; i++) {
group_list.push({ // 'id' & 'text' are required by the plugin
"id": groups[i].id,
"text": groups[i].name,
"name": groups[i].name
});
}
return {
results: group_list
};
}
},
// format items shown in the drop-down menu
formatResult: function(item) {
if (item.name) {
return '<span class="text ellipsis">' + _this.HTMLescape(item.name) + '</span>';
} else {
return; // if no match, show nothing
}
},
// format selected item shown in the input
formatSelection: function(item) {
return _this.HTMLescape(item.name);
},
escapeMarkup: function(m) { return m; }
}
},
// check if a file is an image
imageCheck: function (filename) {
// no file ext

154
static/scripts/sysadmin-app/views/folder-share-item.js Normal file
View File

@@ -0,0 +1,154 @@
define([
'jquery',
'underscore',
'backbone',
'common'
], function($, _, Backbone, Common) {
'use strict';
var FolderShareItemView = Backbone.View.extend({
tagName: 'tr',
template: _.template($('#folder-perm-item-tmpl').html()),
initialize: function(options) {
this.item_data = options.item_data;
this.repo_id = options.repo_id;
this.render();
},
render: function () {
this.$el.html(this.template(this.item_data));
return this;
},
events: {
'mouseenter': 'showOpIcons',
'mouseleave': 'hideOpIcons',
'click .perm-edit-icon': 'editIconClick',
'change .perm-toggle-select': 'editPerm',
'click .delete-icon': 'del'
},
showOpIcons: function () {
this.$el.find('.op-icon').removeClass('vh');
},
hideOpIcons: function () {
this.$el.find('.op-icon').addClass('vh');
},
editIconClick: function (e) {
$(e.currentTarget).closest('td')
.find('.perm').addClass('hide').end()
.find('.perm-toggle-select').removeClass('hide');
return false;
},
editPerm: function (e) {
var _this = this;
var item_data = this.item_data;
var perm = $(e.currentTarget).val();
var url = Common.getUrl({name: 'admin_shares'});
var data;
if (item_data.for_user) {
data = {
'repo_id': _this.repo_id,
'share_type': 'user',
'permission': perm,
'share_to': item_data.user_email
};
} else {
data = {
'repo_id': _this.repo_id,
'share_type': 'group',
'permission': perm,
'share_to': item_data.group_id
};
}
$.ajax({
url: url,
dataType: 'json',
method: 'PUT',
beforeSend: Common.prepareCSRFToken,
data: data,
success: function (data) {
item_data.permission = data.permission;
_this.render();
},
error: function(xhr) {
var err_msg;
if (xhr.responseText) {
var parsed_resp = $.parseJSON(xhr.responseText);
err_msg = parsed_resp.error||parsed_resp.error_msg;
err_msg = Common.HTMLescape(err_msg);
} else {
err_msg = gettext("Failed. Please check the network.");
}
if (item_data.for_user) {
$('#dir-user-share .error').html(err_msg).removeClass('hide');
} else {
$('#dir-group-share .error').html(err_msg).removeClass('hide');
}
}
});
},
del: function () {
var _this = this;
var item_data = this.item_data;
var url = Common.getUrl({name: 'admin_shares'});
var data;
if (item_data.for_user) {
data = {
'repo_id': _this.repo_id,
'share_type': 'user',
'permission': item_data.permission,
'share_to': item_data.user_email
};
} else {
data = {
'repo_id': _this.repo_id,
'share_type': 'group',
'permission': item_data.permission,
'share_to': item_data.group_id
};
}
$.ajax({
url: url,
dataType: 'json',
method: 'DELETE',
beforeSend: Common.prepareCSRFToken,
data: data,
success: function () {
_this.remove();
},
error: function (xhr) {
var err_msg;
if (xhr.responseText) {
var parsed_resp = $.parseJSON(xhr.responseText);
err_msg = parsed_resp.error||parsed_resp.error_msg;
err_msg = Common.HTMLescape(err_msg);
} else {
err_msg = gettext("Failed. Please check the network.");
}
if (item_data.for_user) {
$('#dir-user-share .error').html(err_msg).removeClass('hide');
} else {
$('#dir-group-share .error').html(err_msg).removeClass('hide');
}
}
});
return false;
}
});
return FolderShareItemView;
});

18
static/scripts/sysadmin-app/views/repo.js
View File

@@ -6,8 +6,12 @@ define([
'moment',
'simplemodal',
'select2',
'jquery.ui.tabs',
'sysadmin-app/views/share',
'app/views/widgets/hl-item-view'
], function($, _, Backbone, Common, Moment, Simplemodal, Select2, HLItemView) {
], function($, _, Backbone, Common, Moment, Simplemodal,
Select2, Tabs, ShareView, HLItemView) {
'use strict';
var RepoView = HLItemView.extend({
@@ -17,10 +21,20 @@ define([
transferTemplate: _.template($('#library-transfer-form-tmpl').html()),
events: {
'click .repo-share-btn': 'share',
'click .repo-delete-btn': 'deleteLibrary',
'click .repo-transfer-btn': 'transferLibrary'
},
share: function() {
var options = {
'repo_id': this.model.get('id'),
'repo_name': this.model.get('name')
};
new ShareView(options);
return false;
},
initialize: function() {
HLItemView.prototype.initialize.call(this);
this.listenTo(this.model, "change", this.render);
@@ -31,7 +45,7 @@ define([
var repo_name = this.model.get('name');
var popupTitle = gettext("Delete Library");
var popupContent = gettext("Are you sure you want to delete %s ?").replace('%s', '<span class="op-target ellipsis ellipsis-op-target" title="' + Common.HTMLescape(repo_name) + '">' + Common.HTMLescape(repo_name) + '</span>');
var yesCallback = function() {
var yesCallback = function() {
$.ajax({
url: Common.getUrl({
'name':'admin-library',

276
static/scripts/sysadmin-app/views/share.js Normal file
View File

@@ -0,0 +1,276 @@
define([
'jquery',
'underscore',
'backbone',
'common',
'sysadmin-app/views/folder-share-item'
], function($, _, Backbone, Common, FolderShareItemView) {
'use strict';
var SharePopupView = Backbone.View.extend({
tagName: 'div',
id: 'share-popup',
template: _.template($('#share-popup-tmpl').html()),
initialize: function(options) {
this.repo_id = options.repo_id;
this.repo_name = options.repo_name;
this.render();
this.$el.modal({focus:false});
$('#simplemodal-container').css({'width':'auto', 'height':'auto'});
this.$("#share-tabs").tabs();
this.dirUserSharePanelInit();
this.dirGroupSharePanelInit();
var _this = this;
$(document).on('click', function(e) {
var target = e.target || event.srcElement;
if (!_this.$('.perm-edit-icon, .perm-toggle-select').is(target)) {
_this.$('.perm').removeClass('hide');
_this.$('.perm-toggle-select').addClass('hide');
}
});
},
render: function () {
this.$el.html(this.template({
title: gettext("Share {placeholder}")
.replace('{placeholder}', '<span class="op-target ellipsis ellipsis-op-target" title="' + Common.HTMLescape(this.repo_name) + '">' + Common.HTMLescape(this.repo_name) + '</span>'),
repo_id: this.repo_id
}));
return this;
},
events: {
'click #add-dir-user-share-item .submit': 'dirUserShare',
'click #add-dir-group-share-item .submit': 'dirGroupShare'
},
dirUserSharePanelInit: function() {
var $dir_user_share_panel = this.$('#dir-user-share');
// show existing items
var $add_item = this.$('#add-dir-user-share-item');
var repo_id = this.repo_id;
$('[name="emails"]', $dir_user_share_panel).select2($.extend({
//width: '292px' // the container will copy class 'w100' from the original element to get width
}, Common.contactInputOptionsForSelect2()));
Common.ajaxGet({
'get_url': Common.getUrl({name: 'admin_shares'}),
'data': {
'repo_id': repo_id,
'share_type': 'user'
},
'after_op_success': function(data) {
$(data).each(function(index, item) {
var new_item = new FolderShareItemView({
'repo_id': repo_id,
'item_data': {
"user_email": item.user_email,
"user_name": item.user_name,
"permission": item.permission,
"for_user": true
}
});
$add_item.after(new_item.el);
});
}
});
$dir_user_share_panel.removeClass('hide');
this.$('.loading-tip').hide();
},
dirGroupSharePanelInit: function() {
var $dir_group_share_panel = this.$('#dir-group-share');
// show existing items
var $add_item = this.$('#add-dir-group-share-item');
var repo_id = this.repo_id;
$('[name="groups"]', $dir_group_share_panel).select2($.extend({
//width: '292px' // the container will copy class 'w100' from the original element to get width
}, Common.groupInputOptionsForSelect2()));
Common.ajaxGet({
'get_url': Common.getUrl({name: 'admin_shares'}),
'data': {
'repo_id': repo_id,
'share_type': 'group'
},
'after_op_success': function(data) {
$(data).each(function(index, item) {
var new_item = new FolderShareItemView({
'repo_id': repo_id,
'item_data': {
"group_id": item.group_id,
"group_name": item.group_name,
"permission": item.permission,
'for_user': false
}
});
$add_item.after(new_item.el);
});
}
});
$dir_group_share_panel.removeClass('hide');
this.$('.loading-tip').hide();
},
dirUserShare: function () {
var $user_share_item = this.$('#add-dir-user-share-item');
var $emails_input = $('[name="emails"]', $user_share_item),
emails = $emails_input.val(); // string
var $perm = $('[name="permission"]', $user_share_item),
perm = $perm.val();
if (!emails || !perm) {
return false;
}
var repo_id = this.repo_id;
var $submitBtn = $('[type="submit"]', $user_share_item);
var $error = $('#dir-user-share .error');
Common.disableButton($submitBtn);
$.ajax({
url: Common.getUrl({name: 'admin_shares'}),
dataType: 'json',
method: 'POST',
beforeSend: Common.prepareCSRFToken,
traditional: true,
data: {
'repo_id': repo_id,
'share_type': 'user',
'share_to': emails.split(','),
'permission': perm
},
success: function(data) {
if (data.success.length > 0) {
$(data.success).each(function(index, item) {
var new_item = new FolderShareItemView({
'repo_id': repo_id,
'item_data': {
"user_email": item.user_email,
"user_name": item.user_name,
"permission": item.permission,
'for_user': true
}
});
$user_share_item.after(new_item.el);
});
$emails_input.select2("val", "");
$('[value="rw"]', $perm).attr('selected', 'selected');
$('[value="r"]', $perm).removeAttr('selected');
$error.addClass('hide');
}
if (data.failed.length > 0) {
var err_msg = '';
$(data.failed).each(function(index, item) {
err_msg += Common.HTMLescape(item.user_email) + ': ' + Common.HTMLescape(item.error_msg) + '<br />';
});
$error.html(err_msg).removeClass('hide');
}
},
error: function(xhr) {
var err_msg;
if (xhr.responseText) {
err_msg = Common.HTMLescape($.parseJSON(xhr.responseText).error_msg);
} else {
err_msg = gettext("Failed. Please check the network.");
}
$error.html(err_msg).removeClass('hide');
},
complete: function() {
Common.enableButton($submitBtn);
}
});
},
dirGroupShare: function () {
var $group_share_item= this.$('#add-dir-group-share-item');
var $groups_input = $('[name="groups"]', $group_share_item),
groups = $groups_input.val(); // string
var $perm = $('[name="permission"]', $group_share_item),
perm = $perm.val();
if (!groups || !perm) {
return false;
}
var repo_id = this.repo_id;
var $error = $('#dir-group-share .error');
var $submitBtn = $('[type="submit"]', $group_share_item);
Common.disableButton($submitBtn);
$.ajax({
url: Common.getUrl({name: 'admin_shares'}),
dataType: 'json',
method: 'POST',
beforeSend: Common.prepareCSRFToken,
traditional: true,
data: {
'repo_id': repo_id,
'share_type': 'group',
'share_to': groups.split(','),
'permission': perm
},
success: function(data) {
if (data.success.length > 0) {
$(data.success).each(function(index, item) {
var new_item = new FolderShareItemView({
'repo_id': repo_id,
'item_data': {
"group_id": item.group_id,
"group_name": item.group_name,
"permission": item.permission,
'for_user': false
}
});
$group_share_item.after(new_item.el);
});
$groups_input.select2("val", "");
$('[value="rw"]', $perm).attr('selected', 'selected');
$('[value="r"]', $perm).removeAttr('selected');
$error.addClass('hide');
}
if (data.failed.length > 0) {
var err_msg = '';
$(data.failed).each(function(index, item) {
err_msg += Common.HTMLescape(item.group_id) + ': ' + Common.HTMLescape(item.error_msg) + '<br />';
});
$error.html(err_msg).removeClass('hide');
}
},
error: function(xhr) {
var err_msg;
if (xhr.responseText) {
err_msg = Common.HTMLescape($.parseJSON(xhr.responseText).error_msg);
} else {
err_msg = gettext("Failed. Please check the network.");
}
$error.html(err_msg).removeClass('hide');
},
complete: function() {
Common.enableButton($submitBtn);
}
});
}
});
return SharePopupView;
});

229
tests/api/endpoints/admin/test_shares.py Normal file
View File

@@ -0,0 +1,229 @@
import json
from django.core.urlresolvers import reverse
from seaserv import seafile_api
from seahub.test_utils import BaseTestCase
class Shares(BaseTestCase):
def setUp(self):
self.repo_id = self.repo.id
self.group_id = self.group.id
self.user_name = self.user.username
self.admin_name = self.admin.username
self.para = '?repo_id=%s&path=/' % self.repo_id
self.url = reverse('api-v2.1-admin-shares')
self.tmp_user = self.create_user('tmp@email.com')
self.tmp_user_email = self.tmp_user.username
def tearDown(self):
self.remove_repo()
self.remove_user(self.tmp_user_email)
def test_can_get_user_shared(self):
self.share_repo_to_admin_with_rw_permission()
self.login_as(self.admin)
resp = self.client.get(self.url + self.para + '&share_type=user')
json_resp = json.loads(resp.content)
self.assertEqual(200, resp.status_code)
assert json_resp[0]['repo_id'] == self.repo_id
assert json_resp[0]['path'] == '/'
assert json_resp[0]['share_type'] == 'user'
assert json_resp[0]['user_email'] == self.admin_name
assert json_resp[0]['permission'] == 'rw'
def test_can_get_group_shared(self):
self.share_repo_to_group_with_rw_permission()
self.login_as(self.admin)
resp = self.client.get(self.url + self.para + '&share_type=group')
json_resp = json.loads(resp.content)
self.assertEqual(200, resp.status_code)
assert json_resp[0]['repo_id'] == self.repo_id
assert json_resp[0]['path'] == '/'
assert json_resp[0]['share_type'] == 'group'
assert json_resp[0]['group_id'] == self.group_id
assert json_resp[0]['permission'] == 'rw'
def test_get_with_invalid_permission(self):
self.login_as(self.user)
resp = self.client.get(self.url + self.para + '&share_type=group')
self.assertEqual(403, resp.status_code)
def test_share_repo_to_user(self):
self.login_as(self.admin)
invalid_email = 'invalid@email.com'
permission = 'r'
data = {
'repo_id': self.repo_id,
'share_type': 'user',
'permission': permission,
'share_to': [invalid_email, self.tmp_user_email]
}
resp = self.client.post(self.url, data)
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp['failed'][0]['user_email'] == invalid_email
assert json_resp['success'][0]['user_email'] == self.tmp_user_email
assert json_resp['success'][0]['permission'] == permission
def test_share_repo_to_group(self):
self.login_as(self.admin)
invalid_group_id = 'invalid_group_id'
permission = 'r'
data = {
'repo_id': self.repo_id,
'share_type': 'group',
'permission': permission,
'share_to': [invalid_group_id, self.group_id]
}
resp = self.client.post(self.url, data)
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp['failed'][0]['group_id'] == invalid_group_id
assert json_resp['success'][0]['group_id'] == self.group_id
assert json_resp['success'][0]['permission'] == permission
def test_share_repo_with_invalid_user_permission(self):
self.login_as(self.user)
invalid_group_id = 'invalid_group_id'
permission = 'r'
data = {
'repo_id': self.repo_id,
'share_type': 'group',
'permission': permission,
'share_to': [invalid_group_id, self.group_id]
}
resp = self.client.post(self.url, data)
self.assertEqual(403, resp.status_code)
def test_modify_repo_user_share_permission(self):
# user share repo to tmp user
init_permission = 'rw'
seafile_api.share_repo(self.repo_id,
self.user_name, self.tmp_user_email, init_permission)
assert seafile_api.check_permission_by_path(self.repo_id, \
'/', self.tmp_user_email) == init_permission
self.login_as(self.admin)
modified_perm = 'r'
data = 'repo_id=%s&share_type=%s&permission=%s&share_to=%s' % \
(self.repo_id, 'user', modified_perm, self.tmp_user_email)
resp = self.client.put(self.url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
assert seafile_api.check_permission_by_path(self.repo_id, \
'/', self.tmp_user_email) == modified_perm
def test_modify_repo_group_share_permission(self):
# user share repo to tmp user
self.share_repo_to_group_with_rw_permission()
shared_groups = seafile_api.list_repo_shared_group(
self.user_name, self.repo_id)
for e in shared_groups:
if e.group_id == self.group_id:
permission = e.perm
break
assert permission == 'rw'
self.login_as(self.admin)
modified_perm = 'r'
data = 'repo_id=%s&share_type=%s&permission=%s&share_to=%s' % \
(self.repo_id, 'group', modified_perm, self.group_id)
resp = self.client.put(self.url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
shared_groups = seafile_api.list_repo_shared_group(
self.user_name, self.repo_id)
for e in shared_groups:
if e.group_id == self.group_id:
permission = e.perm
break
assert permission == modified_perm
def test_modify_with_invalid_user_permission(self):
self.login_as(self.user)
resp = self.client.put(self.url, {}, 'application/x-www-form-urlencoded')
self.assertEqual(403, resp.status_code)
def test_delete_repo_user_share_permission(self):
# user share repo to tmp user
init_permission = 'rw'
seafile_api.share_repo(self.repo_id,
self.user_name, self.tmp_user_email, init_permission)
assert seafile_api.check_permission_by_path(self.repo_id, \
'/', self.tmp_user_email) == init_permission
self.login_as(self.admin)
data = 'repo_id=%s&share_type=%s&share_to=%s' % \
(self.repo_id, 'user', self.tmp_user_email)
resp = self.client.delete(self.url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
assert seafile_api.check_permission_by_path(self.repo_id, \
'/', self.tmp_user_email) is None
def test_delete_repo_group_share_permission(self):
self.share_repo_to_group_with_rw_permission()
shared_groups = seafile_api.list_repo_shared_group(
self.user_name, self.repo_id)
for e in shared_groups:
if e.group_id == self.group_id:
permission = e.perm
break
assert permission == 'rw'
self.login_as(self.admin)
data = 'repo_id=%s&share_type=%s&share_to=%s' % \
(self.repo_id, 'user', self.tmp_user_email)
resp = self.client.delete(self.url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
def test_delete_with_invalid_user_permission(self):
self.login_as(self.user)
resp = self.client.delete(self.url, {}, 'application/x-www-form-urlencoded')
self.assertEqual(403, resp.status_code)

51
tests/api/endpoints/test_search_group.py Normal file
View File

@@ -0,0 +1,51 @@
# Copyright (c) 2012-2016 Seafile Ltd.
import json
from mock import patch
from django.core.urlresolvers import reverse
from django.test import override_settings
from seahub.test_utils import BaseTestCase
from seahub.api2.endpoints.search_group import SearchGroup
class SearchGroupTest(BaseTestCase):
def setUp(self):
self.endpoint = reverse('api-v2.1-search-group')
self.group_name = self.group.group_name
def test_can_search(self):
self.login_as(self.user)
resp = self.client.get(self.endpoint + '?q=' + self.group_name)
json_resp = json.loads(resp.content)
self.assertEqual(200, resp.status_code)
assert len(json_resp) > 0
def test_search_with_unlogin_user(self):
resp = self.client.get(self.endpoint + '?q=' + self.group_name)
self.assertEqual(403, resp.status_code)
@patch.object(SearchGroup, '_can_use_global_address_book')
def test_search_with_can_not_use_global_address_book(self, mock_can_use_global_address_book):
mock_can_use_global_address_book.return_value = False
self.login_as(self.user)
resp = self.client.get(self.endpoint + '?q=' + self.group_name)
self.assertEqual(403, resp.status_code)
@override_settings(ENABLE_GLOBAL_ADDRESSBOOK=False)
def test_search_with_not_enable_global_addressbook(self):
self.login_as(self.user)
resp = self.client.get(self.endpoint + '?q=' + self.group_name)
json_resp = json.loads(resp.content)
self.assertEqual(200, resp.status_code)
assert len(json_resp) > 0