mirror of
https://github.com/haiwen/seahub.git
synced 2025-09-19 18:29:23 +00:00
Change wiki perm (#2269)
This commit is contained in:
C_Q
Daniel Pan
@@ -103,7 +103,7 @@ class Wiki extends Component {
|
||||
})
|
||||
})
|
||||
|
||||
let fileUrl = '/wikis/' + slug + filePath;
|
||||
let fileUrl = siteRoot + 'wikis/' + slug + filePath;
|
||||
window.history.pushState({urlPath: fileUrl, filePath: filePath}, filePath, fileUrl);
|
||||
}
|
||||
|
||||
|
||||
@@ -220,7 +220,7 @@ class WikiPagesDirView(APIView):
|
||||
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
||||
|
||||
# perm check
|
||||
if not wiki.has_read_perm(request.user):
|
||||
if not wiki.check_access_wiki(request):
|
||||
error_msg = "Permission denied"
|
||||
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
|
||||
|
||||
@@ -261,7 +261,7 @@ class WikiPageContentView(APIView):
|
||||
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
||||
|
||||
# perm check
|
||||
if not wiki.has_read_perm(request.user):
|
||||
if not wiki.check_access_wiki(request):
|
||||
error_msg = 'Permission denied.'
|
||||
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
|
||||
|
||||
|
||||
@@ -86,19 +86,13 @@ class WikisView(APIView):
|
||||
msg = _('Name can only contain letters, numbers, blank, hyphen or underscore.')
|
||||
return api_error(status.HTTP_400_BAD_REQUEST, msg)
|
||||
|
||||
permission = request.POST.get('permission', '').lower()
|
||||
if permission not in [x[0] for x in Wiki.PERM_CHOICES]:
|
||||
msg = 'Permission invalid'
|
||||
return api_error(status.HTTP_400_BAD_REQUEST, msg)
|
||||
|
||||
org_id = -1
|
||||
if is_org_context(request):
|
||||
org_id = request.user.org.org_id
|
||||
|
||||
username = request.user.username
|
||||
try:
|
||||
wiki = Wiki.objects.add(name, username, permission=permission,
|
||||
org_id=org_id)
|
||||
wiki = Wiki.objects.add(name, username, org_id=org_id)
|
||||
except DuplicateWikiNameError:
|
||||
msg = _('%s is taken by others, please try another name.') % name
|
||||
return api_error(status.HTTP_400_BAD_REQUEST, msg)
|
||||
|
||||
@@ -15,8 +15,7 @@
|
||||
<table class="wiki-list hide">
|
||||
<thead>
|
||||
<tr>
|
||||
<td width="30%">{% trans "Name" %}</td>
|
||||
<td width="20%">{% trans "Permission" %}</td>
|
||||
<td width="50%">{% trans "Name" %}</td>
|
||||
<td width="20%">{% trans "Owner" %}</td>
|
||||
<td width="20%">{% trans "Last Update" %}</td>
|
||||
<td width="10%"><!-- operation --></td>
|
||||
@@ -34,12 +33,6 @@
|
||||
<h3 id="dialogTitle">{% trans "New Wiki" %}</h3>
|
||||
<label for="wiki-name">{% trans "Name" %}</label><br/>
|
||||
<input type="text" name="name" value="" maxlength="{{max_file_name}}" class="input" id="wiki-name" /><br />
|
||||
<label for="wiki-permission">{% trans "Permission" %}</label><br/>
|
||||
<select name="permission" id="wiki-permission" class="w100">
|
||||
<option value="private" selected="selected">{% trans "private" %}</option>
|
||||
<option value="login-user">{% trans "logged-in users" %}</option>
|
||||
<option value="public">{% trans "public" %}</option>
|
||||
</select><br />
|
||||
<p class="error hide"></p>
|
||||
<button type="submit" class="submit">{% trans "Submit" %}</button>
|
||||
</form>
|
||||
@@ -51,15 +44,6 @@
|
||||
<a href="<%= link %>"><%- name %></a>
|
||||
<span>
|
||||
</td>
|
||||
<td>
|
||||
<span class="cur-perm"><%= permission_text %></span>
|
||||
<a href="#" title="{% trans "Edit" %}" class="perm-edit-icon sf2-icon-edit op-icon vh"></a>
|
||||
<select class="perm-select select-white hide">
|
||||
<option value="private" <% if (permission == 'private') { %>selected="selected"<% } %>>{% trans "private" %}</option>
|
||||
<option value="login-user" <% if (permission == 'login-user') { %>selected="selected"<% } %>>{% trans "logged-in users" %}</option>
|
||||
<option value="public" <% if (permission == 'public') { %>selected="selected"<% } %>>{% trans "public" %}</option>
|
||||
</select>
|
||||
</td>
|
||||
<td><a href="<%= owner_profile_url %>"><%- owner_nickname %></a></td>
|
||||
<td title="<%= update_time %>"><%= update_time_from_now %></td>
|
||||
<td class="wiki-op">
|
||||
@@ -130,8 +114,7 @@ $('#new-wiki').on('click', function() {
|
||||
$('#new-wiki-form').on('submit', function () {
|
||||
var $form = $(this),
|
||||
$error = $('.error', $form),
|
||||
name = $('[name="name"]', $form).val(),
|
||||
permission = $('[name="permission"]', $form).val();
|
||||
name = $('[name="name"]', $form).val();
|
||||
var $table = $('table'),
|
||||
$tbody = $('tbody'),
|
||||
$emptyTips = $('.empty-tips');
|
||||
@@ -152,7 +135,6 @@ $('#new-wiki-form').on('submit', function () {
|
||||
beforeSend: prepareCSRFToken,
|
||||
data: {
|
||||
'name': name,
|
||||
'permission': permission
|
||||
},
|
||||
success: function(data) {
|
||||
$.modal.close();
|
||||
@@ -193,13 +175,6 @@ var wiki = {
|
||||
tmpl: _.template($('#wiki-tmpl').html()),
|
||||
|
||||
render: function(obj) {
|
||||
var getPermText = function(data) {
|
||||
switch(data) {
|
||||
case 'private': return "{% trans "private" %}";
|
||||
case 'login-user': return "{% trans "logged-in users" %}";
|
||||
case 'public': return "{% trans "public" %}";
|
||||
}
|
||||
};
|
||||
|
||||
var update_time, update_time_from_now;
|
||||
if (obj.updated_at) {
|
||||
@@ -212,7 +187,6 @@ var wiki = {
|
||||
}
|
||||
|
||||
var data = $.extend({}, obj, {
|
||||
'permission_text': getPermText(obj.permission),
|
||||
'owner_profile_url': '{{SITE_ROOT}}profile/' + encodeURIComponent(obj.owner) + '/',
|
||||
'update_time': update_time,
|
||||
'update_time_from_now': update_time_from_now
|
||||
@@ -249,36 +223,6 @@ var wiki = {
|
||||
});
|
||||
},
|
||||
|
||||
editPerm: function(options) {
|
||||
var slug = options.slug,
|
||||
perm = options.perm,
|
||||
$el = options.$el;
|
||||
$.ajax({
|
||||
url: '{{SITE_ROOT}}api/v2.1/wikis/' + encodeURIComponent(slug) + '/',
|
||||
type: 'PUT',
|
||||
cache: false,
|
||||
data: {'permission': perm},
|
||||
beforeSend: prepareCSRFToken,
|
||||
success: function(data) {
|
||||
$el.replaceWith(wiki.render(data));
|
||||
feedback("{% trans "Successfully edited the permission." %}", 'success');
|
||||
},
|
||||
error: function(xhr) {
|
||||
var error_msg;
|
||||
if (xhr.responseText) {
|
||||
try {
|
||||
error_msg = JSON.parse(xhr.responseText).error_msg;
|
||||
} catch(e) {
|
||||
error_msg = "{% trans "Error" %}";
|
||||
}
|
||||
} else {
|
||||
error_msg = "{% trans "Please check the network." %}";
|
||||
}
|
||||
feedback(error_msg, 'error');
|
||||
}
|
||||
});
|
||||
},
|
||||
|
||||
setLocale: function() {
|
||||
var lang_code = '{{LANGUAGE_CODE}}';
|
||||
var m_lang_code;
|
||||
@@ -316,8 +260,6 @@ var wikiListController = {
|
||||
$wikiList.on('click', '.wiki-dropdown-toggle', $.proxy(_this.showWikiMenu, _this));
|
||||
$wikiList.on('click', '.delete-wiki', $.proxy(_this.deleteCurrentWiki, _this));
|
||||
$wikiList.on('click', '.rename-wiki', $.proxy(_this.showRenameTmpl, _this));
|
||||
$wikiList.on('click', '.perm-edit-icon', $.proxy(_this.showPremSelection, _this));
|
||||
$wikiList.on('change', '.perm-select', $.proxy(_this.changePermSelected, _this));
|
||||
|
||||
//handle menu event;
|
||||
$(document).on('click', function(event){
|
||||
@@ -333,41 +275,10 @@ var wikiListController = {
|
||||
}
|
||||
return true;
|
||||
})
|
||||
//handle perm event
|
||||
$(document).on('click', function(e) {
|
||||
var target = e.target || event.srcElement;
|
||||
if (!$('.perm-edit-icon, .perm-select', $wikiList).is(target)) {
|
||||
$('.cur-perm, .perm-edit-icon', $wikiList).show();
|
||||
$('.perm-select', $wikiList).hide();
|
||||
}
|
||||
});
|
||||
},
|
||||
|
||||
showOwnerInfo: function(){},
|
||||
|
||||
showPremSelection: function(event) {
|
||||
var target = event.target || event.srcElement;
|
||||
var $el = $(target).closest('tr');
|
||||
|
||||
$('.cur-perm, .perm-edit-icon', $el).hide();
|
||||
$('.perm-select', $el).show();
|
||||
|
||||
return false;
|
||||
},
|
||||
|
||||
changePermSelected: function(event) {
|
||||
var target = event.target || event.srcElement;
|
||||
var perm = $(target).val();
|
||||
var $el = $(target).closest('tr');
|
||||
var slug = $el.attr('data-slug');
|
||||
|
||||
wiki.editPerm({
|
||||
$el: $el,
|
||||
slug: slug,
|
||||
perm: perm
|
||||
});
|
||||
},
|
||||
|
||||
showWikiMenu: function(event) {
|
||||
var target = event.target || event.srcElement;
|
||||
var $wikiMenu = $(target).parent().find('.sf-dropdown-menu');
|
||||
|
||||
@@ -11,7 +11,6 @@ from seahub.utils import get_site_scheme_and_netloc
|
||||
from seahub.utils.timeutils import (timestamp_to_isoformat_timestr,
|
||||
datetime_to_isoformat_timestr)
|
||||
|
||||
|
||||
class WikiDoesNotExist(Exception):
|
||||
pass
|
||||
|
||||
@@ -134,6 +133,16 @@ class Wiki(models.Model):
|
||||
else: # private
|
||||
return True if user.username == self.username else False
|
||||
|
||||
def check_access_wiki(self, request):
|
||||
from seahub.views import check_folder_permission
|
||||
|
||||
if request.user.is_authenticated() and check_folder_permission(
|
||||
request, self.repo_id, '/') is not None:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
|
||||
def to_dict(self):
|
||||
return {
|
||||
'id': self.pk,
|
||||
|
||||
@@ -48,11 +48,12 @@ def slug(request, slug, file_path="home.md"):
|
||||
|
||||
# perm check
|
||||
req_user = request.user.username
|
||||
if not req_user and not wiki.has_read_perm(request.user):
|
||||
|
||||
if not req_user:
|
||||
return redirect('auth_login')
|
||||
else:
|
||||
if not wiki.has_read_perm(request.user):
|
||||
return render_permission_error(request, _(u'Unable to view wiki'))
|
||||
|
||||
if not wiki.check_access_wiki(request):
|
||||
return render_permission_error(request, _(u'Unable to view wiki'))
|
||||
|
||||
file_type, ext = get_file_type_and_ext(posixpath.basename(file_path))
|
||||
if file_type == IMAGE:
|
||||
|
||||
Reference in New Issue
Block a user