mirror of
https://github.com/haiwen/seahub.git
synced 2025-09-05 00:43:53 +00:00
[user perm] improvement
This commit is contained in:
llj
@@ -622,7 +622,7 @@
|
|||||||
</tr>
|
</tr>
|
||||||
<tr id="add-user-folder-perm">
|
<tr id="add-user-folder-perm">
|
||||||
<td>
|
<td>
|
||||||
<input name="email" placeholder="{% trans 'Enter emails, or select' %}" class="w100" />
|
<input type="hidden" name="email" class="w100" />
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<select name="permission" class="perm-select w100">
|
<select name="permission" class="perm-select w100">
|
||||||
@@ -644,7 +644,7 @@
|
|||||||
</tr>
|
</tr>
|
||||||
<tr id="add-group-folder-perm">
|
<tr id="add-group-folder-perm">
|
||||||
<td>
|
<td>
|
||||||
<select name="group" placeholder="{% trans 'Select' %}" class="w100" multiple="multiple"></select>
|
<select name="group" class="w100" multiple="multiple"></select>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<select name="permission" class="perm-select w100">
|
<select name="permission" class="perm-select w100">
|
||||||
|
|||||||
@@ -17,63 +17,6 @@ def list_dir_by_path(cmmt, path):
|
|||||||
else:
|
else:
|
||||||
return seafile_api.list_dir_by_commit_and_path(cmmt.repo_id, cmmt.id, path)
|
return seafile_api.list_dir_by_commit_and_path(cmmt.repo_id, cmmt.id, path)
|
||||||
|
|
||||||
def check_user_folder_perm_args(from_user, repo_id, path, to_user, perm=None):
|
|
||||||
if not seafile_api.get_repo(repo_id):
|
|
||||||
return {'error': _(u'Library does not exist'), 'status': 400}
|
|
||||||
|
|
||||||
if from_user != seafile_api.get_repo_owner(repo_id):
|
|
||||||
return {'error': _('Permission denied'), 'status': 403}
|
|
||||||
|
|
||||||
if perm is not None:
|
|
||||||
# add or toggle folder perm
|
|
||||||
if perm != 'r' and perm != 'rw':
|
|
||||||
return {'error': _('Invalid folder permission, should be "rw" or "r"'), 'status': 400}
|
|
||||||
|
|
||||||
if not path.startswith('/'):
|
|
||||||
return {'error': _('Path should start with "/"'), 'status': 400}
|
|
||||||
|
|
||||||
if path != '/' and path.endswith('/'):
|
|
||||||
return {'error': _('Path should NOT ends with "/"'), 'status': 400}
|
|
||||||
|
|
||||||
if seafile_api.get_dir_id_by_path(repo_id, path) is None:
|
|
||||||
return {'error': _('Invalid path'), 'status': 400}
|
|
||||||
|
|
||||||
try:
|
|
||||||
user = User.objects.get(email = to_user)
|
|
||||||
except User.DoesNotExist:
|
|
||||||
user = None
|
|
||||||
|
|
||||||
if user is None:
|
|
||||||
return {'error': _('Invalid username, should be a user already registered'), 'status': 400}
|
|
||||||
|
|
||||||
return {'success': True}
|
|
||||||
|
|
||||||
def check_group_folder_perm_args(from_user, repo_id, path, group_id, perm = None):
|
|
||||||
if not seafile_api.get_repo(repo_id):
|
|
||||||
return {'error': _(u'Library does not exist.'), 'status': 400}
|
|
||||||
|
|
||||||
if from_user != seafile_api.get_repo_owner(repo_id):
|
|
||||||
return {'error': _('Permission denied'), 'status': 403}
|
|
||||||
|
|
||||||
if perm is not None:
|
|
||||||
# add or toggle folder perm
|
|
||||||
if perm != 'r' and perm != 'rw':
|
|
||||||
return {'error': _('Invalid folder permission, should be "rw" or "r"'), 'status': 400}
|
|
||||||
|
|
||||||
if not path.startswith('/'):
|
|
||||||
return {'error': _('Path should start with "/"'), 'status': 400}
|
|
||||||
|
|
||||||
if path != '/' and path.endswith('/'):
|
|
||||||
return {'error': _('Path should NOT ends with "/"'), 'status': 400}
|
|
||||||
|
|
||||||
if seafile_api.get_dir_id_by_path(repo_id, path) is None:
|
|
||||||
return {'error': _('Invalid path'), 'status': 400}
|
|
||||||
|
|
||||||
if not seaserv.get_group(group_id):
|
|
||||||
return {'error': _('Invalid group'), 'status': 400}
|
|
||||||
|
|
||||||
return {'success': True}
|
|
||||||
|
|
||||||
def get_sub_repo_abbrev_origin_path(repo_name, origin_path):
|
def get_sub_repo_abbrev_origin_path(repo_name, origin_path):
|
||||||
"""Return abbrev path for sub repo based on `repo_name` and `origin_path`.
|
"""Return abbrev path for sub repo based on `repo_name` and `origin_path`.
|
||||||
|
|
||||||
|
|||||||
@@ -55,8 +55,7 @@ from seahub.utils import check_filename_with_rename, EMPTY_SHA1, \
|
|||||||
get_repo_last_modify, gen_file_upload_url, is_org_context, \
|
get_repo_last_modify, gen_file_upload_url, is_org_context, \
|
||||||
get_org_user_events, get_user_events, get_file_type_and_ext, \
|
get_org_user_events, get_user_events, get_file_type_and_ext, \
|
||||||
is_valid_username, send_perm_audit_msg, get_origin_repo_info, is_pro_version
|
is_valid_username, send_perm_audit_msg, get_origin_repo_info, is_pro_version
|
||||||
from seahub.utils.repo import check_group_folder_perm_args, \
|
from seahub.utils.repo import get_sub_repo_abbrev_origin_path
|
||||||
check_user_folder_perm_args, get_sub_repo_abbrev_origin_path
|
|
||||||
from seahub.utils.star import star_file, unstar_file
|
from seahub.utils.star import star_file, unstar_file
|
||||||
from seahub.base.accounts import User
|
from seahub.base.accounts import User
|
||||||
from seahub.thumbnail.utils import get_thumbnail_src, allow_generate_thumbnail
|
from seahub.thumbnail.utils import get_thumbnail_src, allow_generate_thumbnail
|
||||||
@@ -2295,18 +2294,47 @@ def set_user_folder_perm(request, repo_id):
|
|||||||
perm = request.POST.get('perm', None)
|
perm = request.POST.get('perm', None)
|
||||||
op_type = request.POST.get('type', None)
|
op_type = request.POST.get('type', None)
|
||||||
|
|
||||||
|
username = request.user.username
|
||||||
|
|
||||||
|
## check params
|
||||||
if not user or not path or not perm or \
|
if not user or not path or not perm or \
|
||||||
op_type != 'add' and op_type != 'modify' and op_type != 'delete':
|
op_type != 'add' and op_type != 'modify' and op_type != 'delete':
|
||||||
return HttpResponse(json.dumps({"error": _('Argument missing')}),
|
return HttpResponse(json.dumps({"error": _('Argument missing')}),
|
||||||
status=400, content_type=content_type)
|
status=400, content_type=content_type)
|
||||||
|
|
||||||
|
if not seafile_api.get_repo(repo_id):
|
||||||
|
return HttpResponse(json.dumps({"error": _('Library does not exist')}),
|
||||||
|
status=400, content_type=content_type)
|
||||||
|
|
||||||
|
if username != seafile_api.get_repo_owner(repo_id):
|
||||||
|
return HttpResponse(json.dumps({"error": _('Permission denied')}),
|
||||||
|
status=403, content_type=content_type)
|
||||||
|
|
||||||
|
if perm is not None:
|
||||||
|
if perm != 'r' and perm != 'rw':
|
||||||
|
return HttpResponse(json.dumps({
|
||||||
|
"error": _('Invalid folder permission, should be "rw" or "r"')
|
||||||
|
}), status=400, content_type=content_type)
|
||||||
|
|
||||||
|
if not path.startswith('/'):
|
||||||
|
return HttpResponse(json.dumps({"error": _('Path should start with "/"')}),
|
||||||
|
status=400, content_type=content_type)
|
||||||
|
|
||||||
|
if path != '/' and path.endswith('/'):
|
||||||
|
return HttpResponse(json.dumps({"error": _('Path should not end with "/"')}),
|
||||||
|
status=400, content_type=content_type)
|
||||||
|
|
||||||
|
if seafile_api.get_dir_id_by_path(repo_id, path) is None:
|
||||||
|
return HttpResponse(json.dumps({"error": _('Invalid path')}),
|
||||||
|
status=400, content_type=content_type)
|
||||||
|
|
||||||
|
## add perm for user(s)
|
||||||
if op_type == 'add':
|
if op_type == 'add':
|
||||||
return add_user_folder_perm(request, repo_id, user, path, perm)
|
return add_user_folder_perm(request, repo_id, user, path, perm)
|
||||||
|
|
||||||
result = check_user_folder_perm_args(request.user.username, repo_id, path, user, perm)
|
if not is_registered_user(user):
|
||||||
if 'error' in result:
|
return HttpResponse(json.dumps({"error": _('Invalid user, should be registered')}),
|
||||||
return HttpResponse(json.dumps(result), status=result['status'],
|
status=400, content_type=content_type)
|
||||||
content_type=content_type)
|
|
||||||
|
|
||||||
user_folder_perm = seafile_api.get_folder_user_perm(repo_id, path, user)
|
user_folder_perm = seafile_api.get_folder_user_perm(repo_id, path, user)
|
||||||
|
|
||||||
@@ -2314,8 +2342,7 @@ def set_user_folder_perm(request, repo_id):
|
|||||||
if user_folder_perm and user_folder_perm != perm:
|
if user_folder_perm and user_folder_perm != perm:
|
||||||
try:
|
try:
|
||||||
seafile_api.set_folder_user_perm(repo_id, path, perm, user)
|
seafile_api.set_folder_user_perm(repo_id, path, perm, user)
|
||||||
send_perm_audit_msg('modify-repo-perm', request.user.username,
|
send_perm_audit_msg('modify-repo-perm', username, user, repo_id, path, perm)
|
||||||
user, repo_id, path, perm)
|
|
||||||
except SearpcError as e:
|
except SearpcError as e:
|
||||||
logger.error(e)
|
logger.error(e)
|
||||||
return HttpResponse(json.dumps({"error": _('Operation failed')}),
|
return HttpResponse(json.dumps({"error": _('Operation failed')}),
|
||||||
@@ -2328,8 +2355,7 @@ def set_user_folder_perm(request, repo_id):
|
|||||||
if user_folder_perm:
|
if user_folder_perm:
|
||||||
try:
|
try:
|
||||||
seafile_api.rm_folder_user_perm(repo_id, path, user)
|
seafile_api.rm_folder_user_perm(repo_id, path, user)
|
||||||
send_perm_audit_msg('delete-repo-perm', request.user.username,
|
send_perm_audit_msg('delete-repo-perm', username, user, repo_id, path, perm)
|
||||||
user, repo_id, path, perm)
|
|
||||||
except SearpcError as e:
|
except SearpcError as e:
|
||||||
logger.error(e)
|
logger.error(e)
|
||||||
return HttpResponse(json.dumps({"error": _('Operation failed')}),
|
return HttpResponse(json.dumps({"error": _('Operation failed')}),
|
||||||
@@ -2349,6 +2375,7 @@ def add_user_folder_perm(request, repo_id, users, path, perm):
|
|||||||
emails = users.split(',')
|
emails = users.split(',')
|
||||||
|
|
||||||
success, failed = [], []
|
success, failed = [], []
|
||||||
|
username = request.user.username
|
||||||
|
|
||||||
for user in [e.strip() for e in emails if e.strip()]:
|
for user in [e.strip() for e in emails if e.strip()]:
|
||||||
if not is_valid_username(user):
|
if not is_valid_username(user):
|
||||||
@@ -2359,11 +2386,6 @@ def add_user_folder_perm(request, repo_id, users, path, perm):
|
|||||||
failed.append(user)
|
failed.append(user)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
result = check_user_folder_perm_args(request.user.username, repo_id, path, user, perm)
|
|
||||||
if 'error' in result:
|
|
||||||
return HttpResponse(json.dumps(result), status=result['status'],
|
|
||||||
content_type=content_type)
|
|
||||||
|
|
||||||
user_folder_perm = seafile_api.get_folder_user_perm(repo_id, path, user)
|
user_folder_perm = seafile_api.get_folder_user_perm(repo_id, path, user)
|
||||||
|
|
||||||
if user_folder_perm:
|
if user_folder_perm:
|
||||||
@@ -2372,8 +2394,7 @@ def add_user_folder_perm(request, repo_id, users, path, perm):
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
seafile_api.add_folder_user_perm(repo_id, path, perm, user)
|
seafile_api.add_folder_user_perm(repo_id, path, perm, user)
|
||||||
send_perm_audit_msg('add-repo-perm', request.user.username,
|
send_perm_audit_msg('add-repo-perm', username, user, repo_id, path, perm)
|
||||||
user, repo_id, path, perm)
|
|
||||||
success.append({
|
success.append({
|
||||||
'user': user,
|
'user': user,
|
||||||
'user_name': email2nickname(user)
|
'user_name': email2nickname(user)
|
||||||
@@ -2386,7 +2407,9 @@ def add_user_folder_perm(request, repo_id, users, path, perm):
|
|||||||
data = json.dumps({"success": success, "failed": failed})
|
data = json.dumps({"success": success, "failed": failed})
|
||||||
return HttpResponse(data, content_type=content_type)
|
return HttpResponse(data, content_type=content_type)
|
||||||
else:
|
else:
|
||||||
data = json.dumps({"error": _("Please check the email(s) you entered")})
|
data = json.dumps({
|
||||||
|
"error": _("Please check the email(s) you entered and the contacts you selected")
|
||||||
|
})
|
||||||
return HttpResponse(data, status=400, content_type=content_type)
|
return HttpResponse(data, status=400, content_type=content_type)
|
||||||
|
|
||||||
@login_required_ajax
|
@login_required_ajax
|
||||||
@@ -2408,19 +2431,48 @@ def set_group_folder_perm(request, repo_id):
|
|||||||
perm = request.POST.get('perm', None)
|
perm = request.POST.get('perm', None)
|
||||||
op_type = request.POST.get('type', None)
|
op_type = request.POST.get('type', None)
|
||||||
|
|
||||||
|
username = request.user.username
|
||||||
|
|
||||||
if not group_id or not path or not perm or \
|
if not group_id or not path or not perm or \
|
||||||
op_type != 'add' and op_type != 'modify' and op_type != 'delete':
|
op_type != 'add' and op_type != 'modify' and op_type != 'delete':
|
||||||
return HttpResponse(json.dumps({"error": _('Argument missing')}),
|
return HttpResponse(json.dumps({"error": _('Argument missing')}),
|
||||||
status=400, content_type=content_type)
|
status=400, content_type=content_type)
|
||||||
|
|
||||||
|
## check params
|
||||||
|
if not seafile_api.get_repo(repo_id):
|
||||||
|
return HttpResponse(json.dumps({"error": _('Library does not exist')}),
|
||||||
|
status=400, content_type=content_type)
|
||||||
|
|
||||||
|
if username != seafile_api.get_repo_owner(repo_id):
|
||||||
|
return HttpResponse(json.dumps({"error": _('Permission denied')}),
|
||||||
|
status=403, content_type=content_type)
|
||||||
|
|
||||||
|
if perm is not None:
|
||||||
|
if perm != 'r' and perm != 'rw':
|
||||||
|
return HttpResponse(json.dumps({
|
||||||
|
"error": _('Invalid folder permission, should be "rw" or "r"')
|
||||||
|
}), status=400, content_type=content_type)
|
||||||
|
|
||||||
|
if not path.startswith('/'):
|
||||||
|
return HttpResponse(json.dumps({"error": _('Path should start with "/"')}),
|
||||||
|
status=400, content_type=content_type)
|
||||||
|
|
||||||
|
if path != '/' and path.endswith('/'):
|
||||||
|
return HttpResponse(json.dumps({"error": _('Path should not end with "/"')}),
|
||||||
|
status=400, content_type=content_type)
|
||||||
|
|
||||||
|
if seafile_api.get_dir_id_by_path(repo_id, path) is None:
|
||||||
|
return HttpResponse(json.dumps({"error": _('Invalid path')}),
|
||||||
|
status=400, content_type=content_type)
|
||||||
|
|
||||||
|
## add perm for group(s)
|
||||||
if op_type == 'add':
|
if op_type == 'add':
|
||||||
return add_group_folder_perm(request, repo_id, group_id, path, perm)
|
return add_group_folder_perm(request, repo_id, group_id, path, perm)
|
||||||
|
|
||||||
group_id = int(group_id)
|
group_id = int(group_id)
|
||||||
result = check_group_folder_perm_args(request.user.username, repo_id, path, group_id, perm)
|
if not seaserv.get_group(group_id):
|
||||||
if 'error' in result:
|
return HttpResponse(json.dumps({"error": _('Invalid group')}),
|
||||||
return HttpResponse(json.dumps(result), status=result['status'],
|
status=400, content_type=content_type)
|
||||||
content_type=content_type)
|
|
||||||
|
|
||||||
group_folder_perm = seafile_api.get_folder_group_perm(repo_id, path, group_id)
|
group_folder_perm = seafile_api.get_folder_group_perm(repo_id, path, group_id)
|
||||||
|
|
||||||
@@ -2428,8 +2480,7 @@ def set_group_folder_perm(request, repo_id):
|
|||||||
if group_folder_perm and group_folder_perm != perm:
|
if group_folder_perm and group_folder_perm != perm:
|
||||||
try:
|
try:
|
||||||
seafile_api.set_folder_group_perm(repo_id, path, perm, group_id)
|
seafile_api.set_folder_group_perm(repo_id, path, perm, group_id)
|
||||||
send_perm_audit_msg('modify-repo-perm', request.user.username,
|
send_perm_audit_msg('modify-repo-perm', username, group_id, repo_id, path, perm)
|
||||||
group_id, repo_id, path, perm)
|
|
||||||
except SearpcError as e:
|
except SearpcError as e:
|
||||||
logger.error(e)
|
logger.error(e)
|
||||||
return HttpResponse(json.dumps({"error": _('Operation failed')}),
|
return HttpResponse(json.dumps({"error": _('Operation failed')}),
|
||||||
@@ -2442,8 +2493,7 @@ def set_group_folder_perm(request, repo_id):
|
|||||||
if group_folder_perm:
|
if group_folder_perm:
|
||||||
try:
|
try:
|
||||||
seafile_api.rm_folder_group_perm(repo_id, path, group_id)
|
seafile_api.rm_folder_group_perm(repo_id, path, group_id)
|
||||||
send_perm_audit_msg('delete-repo-perm', request.user.username,
|
send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, path, perm)
|
||||||
group_id, repo_id, path, perm)
|
|
||||||
except SearpcError as e:
|
except SearpcError as e:
|
||||||
logger.error(e)
|
logger.error(e)
|
||||||
return HttpResponse(json.dumps({"error": _('Operation failed')}),
|
return HttpResponse(json.dumps({"error": _('Operation failed')}),
|
||||||
@@ -2467,10 +2517,8 @@ def add_group_folder_perm(request, repo_id, group_ids, path, perm):
|
|||||||
|
|
||||||
for group_id in group_id_list:
|
for group_id in group_id_list:
|
||||||
group_id = int(group_id)
|
group_id = int(group_id)
|
||||||
result = check_group_folder_perm_args(username, repo_id, path, group_id, perm)
|
if not seaserv.get_group(group_id):
|
||||||
if 'error' in result:
|
failed.append(group_id)
|
||||||
return HttpResponse(json.dumps(result), status=result['status'],
|
|
||||||
content_type=content_type)
|
|
||||||
|
|
||||||
group_folder_perm = seafile_api.get_folder_group_perm(repo_id, path, group_id)
|
group_folder_perm = seafile_api.get_folder_group_perm(repo_id, path, group_id)
|
||||||
|
|
||||||
@@ -2480,8 +2528,7 @@ def add_group_folder_perm(request, repo_id, group_ids, path, perm):
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
seafile_api.add_folder_group_perm(repo_id, path, perm, group_id)
|
seafile_api.add_folder_group_perm(repo_id, path, perm, group_id)
|
||||||
send_perm_audit_msg('add-repo-perm', request.user.username,
|
send_perm_audit_msg('add-repo-perm', username, group_id, repo_id, path, perm)
|
||||||
group_id, repo_id, path, perm)
|
|
||||||
success.append({
|
success.append({
|
||||||
'group_id': group_id,
|
'group_id': group_id,
|
||||||
"group_name": get_group(group_id).group_name,
|
"group_name": get_group(group_id).group_name,
|
||||||
@@ -2494,8 +2541,8 @@ def add_group_folder_perm(request, repo_id, group_ids, path, perm):
|
|||||||
data = json.dumps({"success": success, "failed": failed})
|
data = json.dumps({"success": success, "failed": failed})
|
||||||
return HttpResponse(data, content_type=content_type)
|
return HttpResponse(data, content_type=content_type)
|
||||||
else:
|
else:
|
||||||
data = json.dumps({"error": _("Internal server error")})
|
data = json.dumps({"error": _("Failed")})
|
||||||
return HttpResponse(data, status=500, content_type=content_type)
|
return HttpResponse(data, status=400, content_type=content_type)
|
||||||
|
|
||||||
@login_required_ajax
|
@login_required_ajax
|
||||||
def get_group_basic_info(request, group_id):
|
def get_group_basic_info(request, group_id):
|
||||||
|
|||||||
@@ -19,11 +19,7 @@ define([
|
|||||||
this.repo_id = options.repo_id;
|
this.repo_id = options.repo_id;
|
||||||
this.obj_name = options.obj_name;
|
this.obj_name = options.obj_name;
|
||||||
this.dir_path = options.dir_path;
|
this.dir_path = options.dir_path;
|
||||||
if (this.dir_path === '/') {
|
this.path = Common.pathJoin([this.dir_path, this.obj_name])
|
||||||
this.path = this.dir_path + this.obj_name;
|
|
||||||
} else {
|
|
||||||
this.path = this.dir_path + '/' + this.obj_name;
|
|
||||||
}
|
|
||||||
|
|
||||||
this.render();
|
this.render();
|
||||||
|
|
||||||
@@ -94,6 +90,7 @@ define([
|
|||||||
|
|
||||||
// use select2 to 'user' input in 'add user perm'
|
// use select2 to 'user' input in 'add user perm'
|
||||||
$('[name="email"]', $add_user_perm).select2({
|
$('[name="email"]', $add_user_perm).select2({
|
||||||
|
placeholder: gettext("Enter emails or select contacts"),
|
||||||
tags: function () {
|
tags: function () {
|
||||||
var contacts = app.pageOptions.contacts || [];
|
var contacts = app.pageOptions.contacts || [];
|
||||||
var contact_list = [];
|
var contact_list = [];
|
||||||
@@ -128,6 +125,7 @@ define([
|
|||||||
g_opts += '<option value="' + groups[i].id + '" data-index="' + i + '">' + groups[i].name + '</option>';
|
g_opts += '<option value="' + groups[i].id + '" data-index="' + i + '">' + groups[i].name + '</option>';
|
||||||
}
|
}
|
||||||
$('[name="group"]', $add_group_perm).html(g_opts).select2({
|
$('[name="group"]', $add_group_perm).html(g_opts).select2({
|
||||||
|
placeholder: gettext("Select groups"),
|
||||||
escapeMarkup: function(m) { return m; }
|
escapeMarkup: function(m) { return m; }
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -410,7 +410,7 @@ define([
|
|||||||
loading_tip.show();
|
loading_tip.show();
|
||||||
|
|
||||||
$('[name="emails"]', form).select2({
|
$('[name="emails"]', form).select2({
|
||||||
placeholder: gettext("Select contacts or input"),
|
placeholder: gettext("Enter emails or select contacts"),
|
||||||
width: '400px',
|
width: '400px',
|
||||||
// with 'tags', the user can directly enter, not just select
|
// with 'tags', the user can directly enter, not just select
|
||||||
// tags need `<input type="hidden" />`, not `<select>`
|
// tags need `<input type="hidden" />`, not `<select>`
|
||||||
|
|||||||
Reference in New Issue
Block a user