haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-05 00:43:53 +00:00
Code Issues Releases Wiki Activity

add file lock check when move dirent

Browse Source
This commit is contained in:
lian
2019-06-17 15:04:20 +08:00
parent f177aa882f
commit 2e3b68f947
2 changed files with 82 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
seahub/api2/endpoints/repos_batch.py
View File

@@ -29,7 +29,7 @@ from seahub.utils import is_org_context, send_perm_audit_msg, \
normalize_dir_path, get_folder_permission_recursively, \ normalize_dir_path, get_folder_permission_recursively, \
normalize_file_path, check_filename_with_rename normalize_file_path, check_filename_with_rename
from seahub.utils.repo import get_repo_owner, get_available_repo_perms, \ from seahub.utils.repo import get_repo_owner, get_available_repo_perms, \
parse_repo_perm parse_repo_perm, get_locked_files_by_dir
from seahub.views import check_folder_permission from seahub.views import check_folder_permission
from seahub.settings import MAX_PATH from seahub.settings import MAX_PATH
@@ -1244,9 +1244,18 @@ class ReposAsyncBatchMoveItemView(APIView):
error_msg = 'Permission denied.' error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg) return api_error(status.HTTP_403_FORBIDDEN, error_msg)
result = {} # check locked files
username = request.user.username username = request.user.username
locked_files = get_locked_files_by_dir(request, src_repo_id, src_parent_dir)
for dirent in src_dirents:
# file is locked and lock owner is not current user
if dirent in locked_files.keys() and \
locked_files[dirent] != username:
error_msg = _(u'File %s is locked.') % dirent
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# move file
result = {}
formated_src_dirents = [dirent.strip('/') for dirent in src_dirents] formated_src_dirents = [dirent.strip('/') for dirent in src_dirents]
src_multi = "\t".join(formated_src_dirents) src_multi = "\t".join(formated_src_dirents)
dst_multi = "\t".join(formated_src_dirents) dst_multi = "\t".join(formated_src_dirents)
@@ -1445,9 +1454,18 @@ class ReposSyncBatchMoveItemView(APIView):
error_msg = 'Permission denied.' error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg) return api_error(status.HTTP_403_FORBIDDEN, error_msg)
result = {} # check locked files
username = request.user.username username = request.user.username
locked_files = get_locked_files_by_dir(request, src_repo_id, src_parent_dir)
for dirent in src_dirents:
# file is locked and lock owner is not current user
if dirent in locked_files.keys() and \
locked_files[dirent] != username:
error_msg = _(u'File %s is locked.') % dirent
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# move file
result = {}
formated_src_dirents = [dirent.strip('/') for dirent in src_dirents] formated_src_dirents = [dirent.strip('/') for dirent in src_dirents]
src_multi = "\t".join(formated_src_dirents) src_multi = "\t".join(formated_src_dirents)
dst_multi = "\t".join(formated_src_dirents) dst_multi = "\t".join(formated_src_dirents)

61
tests/api/endpoints/test_repos_batch.py
View File

@@ -994,6 +994,36 @@ class ReposAsyncBatchMoveItemView(BaseTestCase):
resp = self.client.post(self.url, json.dumps(data), 'application/json') resp = self.client.post(self.url, json.dumps(data), 'application/json')
self.assertEqual(403, resp.status_code) self.assertEqual(403, resp.status_code)
def test_move_with_locked_file(self):
if not LOCAL_PRO_DEV_ENV:
return
self.login_as(self.user)
# share admin's tmp repo to user with 'r' permission
admin_repo_id = self.create_new_repo(self.admin_name)
seafile_api.share_repo(admin_repo_id, self.admin_name,
self.user_name, 'rw')
# admin lock file
admin_file_name = randstring(6)
seafile_api.post_empty_file(admin_repo_id, '/', admin_file_name,
self.admin_name)
seafile_api.lock_file(admin_repo_id, admin_file_name, self.admin_name, 0)
# user move locked file
data = {
"src_repo_id": admin_repo_id,
"src_parent_dir": '/',
"src_dirents":[admin_file_name],
"dst_repo_id": self.dst_repo_id,
"dst_parent_dir": '/',
}
resp = self.client.post(self.url, json.dumps(data), 'application/json')
self.assertEqual(403, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp['error_msg'] == 'File %s is locked.' % admin_file_name
class ReposSyncBatchCopyItemView(BaseTestCase): class ReposSyncBatchCopyItemView(BaseTestCase):
@@ -1539,3 +1569,34 @@ class ReposSyncBatchMoveItemView(BaseTestCase):
} }
resp = self.client.post(self.url, json.dumps(data), 'application/json') resp = self.client.post(self.url, json.dumps(data), 'application/json')
self.assertEqual(403, resp.status_code) self.assertEqual(403, resp.status_code)
def test_move_with_locked_file(self):
if not LOCAL_PRO_DEV_ENV:
return
self.login_as(self.user)
# share admin's tmp repo to user with 'r' permission
admin_repo_id = self.create_new_repo(self.admin_name)
seafile_api.share_repo(admin_repo_id, self.admin_name,
self.user_name, 'rw')
# admin lock file
admin_file_name = randstring(6)
seafile_api.post_empty_file(admin_repo_id, '/', admin_file_name,
self.admin_name)
seafile_api.lock_file(admin_repo_id, admin_file_name, self.admin_name, 0)
# user move locked file
data = {
"src_repo_id": admin_repo_id,
"src_parent_dir": '/',
"src_dirents":[admin_file_name],
"dst_repo_id": self.dst_repo_id,
"dst_parent_dir": '/',
}
resp = self.client.post(self.url, json.dumps(data), 'application/json')
self.assertEqual(403, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp['error_msg'] == 'File %s is locked.' % admin_file_name