[web-api] update share link api

not use 'type' argument when create share download link
2025-09-25 23:02:26 +00:00 · 2015-07-15 11:30:00 +08:00
parent 986a07d0cf
commit 24ee9fe983
3 changed files with 36 additions and 31 deletions
--- a/seahub/api2/views.py
+++ b/seahub/api2/views.py
@@ -78,7 +78,8 @@ from seahub.utils.file_types import IMAGE, DOCUMENT
 from seahub.utils.timeutils import utc_to_local
 from seahub.views import validate_owner, is_registered_user, \
    group_events_data, get_diff, create_default_library, get_owned_repo_list, \
-    list_inner_pub_repos, get_virtual_repos_by_owner, check_folder_permission
+    list_inner_pub_repos, get_virtual_repos_by_owner, \
+    check_folder_permission, check_file_permission
 from seahub.views.ajax import get_share_in_repo_list, get_groups_by_user, \
    get_group_repos
 from seahub.views.file import get_file_view_path_and_perm, send_file_download_msg
@@ -1961,16 +1962,10 @@ class FileSharedLinkView(APIView):

        if share_type.lower() == 'download':

-            if check_folder_permission(request, repo_id, path) is None:
+            if check_file_permission(request, repo_id, path) is None:
                return api_error(status.HTTP_403_FORBIDDEN, 'permission denied')

-            # generate download link
-            link_type = request.DATA.get('type', 'f')
            expire = request.DATA.get('expire', None)
-
-            if link_type not in ('d', 'f'):
-                return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid type')
-
            if expire:
                try:
                    expire_days = int(expire)
@@ -1981,20 +1976,14 @@ class FileSharedLinkView(APIView):
            else:
                expire_date = None

-            if link_type == 'f':
-                if not seafile_api.get_file_id_by_path(repo_id, path):
-                    return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid path')
+            try:
+                dirent = seafile_api.get_dirent_by_path(repo_id, path)
+            except Exception as e:
+                logger.error(e)
+                return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid path')

-                fs = FileShare.objects.get_file_link_by_path(username, repo_id, path)
-                if fs is None:
-                    fs = FileShare.objects.create_file_link(username, repo_id, path,
-                                                            password, expire_date)
-                    if is_org_context(request):
-                        org_id = request.user.org.org_id
-                        OrgFileShare.objects.set_org_file_share(org_id, fs)
-            else:
-                if not seafile_api.get_dir_id_by_path(repo_id, path):
-                    return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid path')
+            if stat.S_ISDIR(dirent.mode):
+                # generate dir download link

                fs = FileShare.objects.get_dir_link_by_path(username, repo_id, path)
                if fs is None:
@@ -2004,6 +1993,17 @@ class FileSharedLinkView(APIView):
                        org_id = request.user.org.org_id
                        OrgFileShare.objects.set_org_file_share(org_id, fs)

+            else:
+                # generate file download link
+
+                fs = FileShare.objects.get_file_link_by_path(username, repo_id, path)
+                if fs is None:
+                    fs = FileShare.objects.create_file_link(username, repo_id, path,
+                                                            password, expire_date)
+                    if is_org_context(request):
+                        org_id = request.user.org.org_id
+                        OrgFileShare.objects.set_org_file_share(org_id, fs)
+
            token = fs.token
            shared_link = gen_shared_link(token, fs.s_type)

--- a/seahub/views/init.py
+++ b/seahub/views/init.py
@@ -114,6 +114,21 @@ def check_folder_permission(request, repo_id, path):

    return seafile_api.check_permission_by_path(repo_id, path, username)

+def check_file_permission(request, repo_id, path):
+    """Check file access permission of a user, always return 'rw'
+    when repo is system repo and user is admin.
+
+    Arguments:
+    - `request`:
+    - `repo_id`:
+    - `path`:
+    """
+    username = request.user.username
+    if get_system_default_repo_id() == repo_id and request.user.is_staff:
+        return 'rw'
+
+    return seafile_api.check_permission_by_path(repo_id, path, username)
+
 def check_repo_access_permission(repo_id, user):
    """Check repo access permission of a user, always return 'rw' when repo is
    system repo and user is admin.
--- a/tests/api/test_shares.py
+++ b/tests/api/test_shares.py
@@ -36,16 +36,6 @@ class FileSharedLinkApiTest(BaseTestCase):
    def tearDown(self):
        self.remove_repo()

-    def test_create_file_shared_link_with_invalid_type(self):
-        self.login_as(self.user)
-
-        resp = self.client.put(
-            '/api2/repos/%s/file/shared-link/' % (self.repo.id),
-            "p=%s&type=sf" % (self.file),
-            'application/x-www-form-urlencoded',
-        )
-        self.assertEqual(400, resp.status_code)
-
    def test_create_file_shared_link_with_invalid_path(self):
        self.login_as(self.user)