haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-08-30 04:25:47 +00:00
Code Issues Releases Wiki Activity

update permission check logic when view lib (#4685)

Browse Source 
Co-authored-by: lian <lian@seafile.com>
This commit is contained in:
lian 2020-09-29 11:23:56 +08:00 committed by GitHub
parent 0c10f4a9f7
commit 3474e0f6fa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 42 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
seahub/views/__init__.py
View File

@ -9,7 +9,7 @@ import logging
import posixpath import posixpath
from django.core.cache import cache from django.core.cache import cache
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse, resolve
from django.contrib import messages from django.contrib import messages
from django.http import HttpResponse, Http404, \ from django.http import HttpResponse, Http404, \
HttpResponseRedirect HttpResponseRedirect
@ -1119,10 +1119,47 @@ def choose_register(request):
'login_bg_image_path': login_bg_image_path 'login_bg_image_path': login_bg_image_path
}) })
@login_required @login_required
def react_fake_view(request, **kwargs): def react_fake_view(request, **kwargs):
username = request.user.username username = request.user.username
if resolve(request.path).url_name == 'lib_view':
repo_id = kwargs.get('repo_id', '')
path = kwargs.get('path', '')
if repo_id and path and \
not check_folder_permission(request, repo_id, path):
converted_repo_path = seafile_api.convert_repo_path(repo_id, path, username)
if not converted_repo_path:
error_msg = 'Permission denied.'
return render_error(request, error_msg)
repo_path_dict = json.loads(converted_repo_path)
converted_repo_id = repo_path_dict['repo_id']
converted_repo = seafile_api.get_repo(converted_repo_id)
if not converted_repo:
error_msg = 'Library %s not found.' % converted_repo_id
return render_error(request, error_msg)
converted_path = repo_path_dict['path']
if not seafile_api.get_dirent_by_path(converted_repo_id, converted_path):
error_msg = 'Dirent %s not found.' % converted_path
return render_error(request, error_msg)
if not check_folder_permission(request, converted_repo_id, converted_path):
error_msg = 'Permission denied.'
return render_error(request, error_msg)
next_url = reverse('lib_view', args=[converted_repo_id,
converted_repo.repo_name,
converted_path.strip('/')])
return HttpResponseRedirect(next_url)
guide_enabled = UserOptions.objects.is_user_guide_enabled(username) guide_enabled = UserOptions.objects.is_user_guide_enabled(username)
if guide_enabled: if guide_enabled:
create_default_library(request) create_default_library(request)
@ -1164,9 +1201,9 @@ def react_fake_view(request, **kwargs):
'is_email_configured': IS_EMAIL_CONFIGURED, 'is_email_configured': IS_EMAIL_CONFIGURED,
'can_add_public_repo': request.user.permissions.can_add_public_repo(), 'can_add_public_repo': request.user.permissions.can_add_public_repo(),
'folder_perm_enabled': folder_perm_enabled, 'folder_perm_enabled': folder_perm_enabled,
'file_audit_enabled' : FILE_AUDIT_ENABLED, 'file_audit_enabled': FILE_AUDIT_ENABLED,
'custom_nav_items' : json.dumps(CUSTOM_NAV_ITEMS), 'custom_nav_items': json.dumps(CUSTOM_NAV_ITEMS),
'enable_show_contact_email_when_search_user' : settings.ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER, 'enable_show_contact_email_when_search_user': settings.ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER,
'additional_share_dialog_note': ADDITIONAL_SHARE_DIALOG_NOTE, 'additional_share_dialog_note': ADDITIONAL_SHARE_DIALOG_NOTE,
'additional_app_bottom_links': ADDITIONAL_APP_BOTTOM_LINKS, 'additional_app_bottom_links': ADDITIONAL_APP_BOTTOM_LINKS,
'additional_about_dialog_links': ADDITIONAL_ABOUT_DIALOG_LINKS 'additional_about_dialog_links': ADDITIONAL_ABOUT_DIALOG_LINKS