mirror of
https://github.com/haiwen/seahub.git
synced 2025-09-05 17:02:47 +00:00
Fix bugs
* Only repo owner or person who shared this repo can view repo page. * Remove group user even when user is deleted by admin. * Paginator link on admin page.
This commit is contained in:
xiez
@@ -1,3 +1,4 @@
|
|||||||
|
# encoding: utf-8
|
||||||
from django import forms
|
from django import forms
|
||||||
from django.utils.encoding import smart_str
|
from django.utils.encoding import smart_str
|
||||||
from django.utils.hashcompat import md5_constructor, sha_constructor
|
from django.utils.hashcompat import md5_constructor, sha_constructor
|
||||||
@@ -299,7 +300,7 @@ class RegistrationForm(forms.Form):
|
|||||||
if not emailuser:
|
if not emailuser:
|
||||||
return self.cleaned_data['email']
|
return self.cleaned_data['email']
|
||||||
else:
|
else:
|
||||||
raise forms.ValidationError(_("A user with this email already"))
|
raise forms.ValidationError("该邮箱已被注册")
|
||||||
|
|
||||||
def clean_userid(self):
|
def clean_userid(self):
|
||||||
if self.cleaned_data['userid'] and len(self.cleaned_data['userid']) != 40:
|
if self.cleaned_data['userid'] and len(self.cleaned_data['userid']) != 40:
|
||||||
@@ -316,7 +317,7 @@ class RegistrationForm(forms.Form):
|
|||||||
"""
|
"""
|
||||||
if 'password1' in self.cleaned_data and 'password2' in self.cleaned_data:
|
if 'password1' in self.cleaned_data and 'password2' in self.cleaned_data:
|
||||||
if self.cleaned_data['password1'] != self.cleaned_data['password2']:
|
if self.cleaned_data['password1'] != self.cleaned_data['password2']:
|
||||||
raise forms.ValidationError(_("The two password fields didn't match."))
|
raise forms.ValidationError("两次输入的密码不一致")
|
||||||
return self.cleaned_data
|
return self.cleaned_data
|
||||||
|
|
||||||
class OrgRegistrationForm(RegistrationForm):
|
class OrgRegistrationForm(RegistrationForm):
|
||||||
@@ -332,7 +333,7 @@ class OrgRegistrationForm(RegistrationForm):
|
|||||||
label=_("Organization Name"))
|
label=_("Organization Name"))
|
||||||
url_prefix = forms.RegexField(label=_("Url Prefix"), max_length=20,
|
url_prefix = forms.RegexField(label=_("Url Prefix"), max_length=20,
|
||||||
regex=r'^[a-z0-9]+$',
|
regex=r'^[a-z0-9]+$',
|
||||||
error_message=_("This value must contain only letters or numbers."))
|
error_message="域名前缀只能包含字母或数字")
|
||||||
|
|
||||||
def clean_url_prefix(self):
|
def clean_url_prefix(self):
|
||||||
url_prefix = self.cleaned_data['url_prefix']
|
url_prefix = self.cleaned_data['url_prefix']
|
||||||
@@ -340,7 +341,7 @@ class OrgRegistrationForm(RegistrationForm):
|
|||||||
if not org:
|
if not org:
|
||||||
return url_prefix
|
return url_prefix
|
||||||
else:
|
else:
|
||||||
raise forms.ValidationError(_("A organization with this url prefix already"))
|
raise forms.ValidationError("该域名前缀已被注册")
|
||||||
|
|
||||||
class OrgRegistrationBackend(object):
|
class OrgRegistrationBackend(object):
|
||||||
def register(self, request, **kwargs):
|
def register(self, request, **kwargs):
|
||||||
|
|||||||
@@ -397,20 +397,13 @@ def group_remove_member(request, group_id, user_name):
|
|||||||
if not check_group_staff(group_id_int, request.user):
|
if not check_group_staff(group_id_int, request.user):
|
||||||
return go_permission_error(request, u'只有小组管理员有权删除成员')
|
return go_permission_error(request, u'只有小组管理员有权删除成员')
|
||||||
|
|
||||||
if not validate_emailuser(user_name):
|
try:
|
||||||
err_msg = u'用户不存在'
|
ccnet_threaded_rpc.group_remove_member(group_id_int,
|
||||||
return go_error(request, err_msg)
|
request.user.username,
|
||||||
else:
|
user_name)
|
||||||
try:
|
seafserv_threaded_rpc.remove_repo_group(group_id_int, user_name)
|
||||||
group_id_int = int(group_id)
|
except SearpcError, e:
|
||||||
except ValueError:
|
return go_error(request, e.msg)
|
||||||
return go_error(request, u'group id 不是有效参数')
|
|
||||||
try:
|
|
||||||
ccnet_threaded_rpc.group_remove_member(group_id_int, request.user.username,
|
|
||||||
user_name)
|
|
||||||
seafserv_threaded_rpc.remove_repo_group(group_id_int, user_name)
|
|
||||||
except SearpcError, e:
|
|
||||||
return go_error(request, e.msg)
|
|
||||||
|
|
||||||
return HttpResponseRedirect(reverse('group_members', args=[group_id]))
|
return HttpResponseRedirect(reverse('group_members', args=[group_id]))
|
||||||
|
|
||||||
|
|||||||
@@ -25,26 +25,26 @@
|
|||||||
|
|
||||||
<div id="paginator">
|
<div id="paginator">
|
||||||
{% if current_page != 1 %}
|
{% if current_page != 1 %}
|
||||||
<a href="{{ SITE_ROOT }}groupadmin/?page={{ prev_page }}&per_page={{ per_page }}">上一页</a>
|
<a href="{{ SITE_ROOT }}sys/groupadmin/?page={{ prev_page }}&per_page={{ per_page }}">上一页</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if page_next %}
|
{% if page_next %}
|
||||||
<a href="{{ SITE_ROOT }}groupadmin/?page={{ next_page }}&per_page={{ per_page }}">下一页</a>
|
<a href="{{ SITE_ROOT }}sys/groupadmin/?page={{ next_page }}&per_page={{ per_page }}">下一页</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<span>每页:</span>
|
<span>每页:</span>
|
||||||
{% if per_page == 25 %}
|
{% if per_page == 25 %}
|
||||||
<span> 25 </span>
|
<span> 25 </span>
|
||||||
{% else %}
|
{% else %}
|
||||||
<a href="{{ SITE_ROOT }}groupadmin/?per_page=25" class="per-page">25</a>
|
<a href="{{ SITE_ROOT }}sys/groupadmin/?per_page=25" class="per-page">25</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if per_page == 50 %}
|
{% if per_page == 50 %}
|
||||||
<span> 50 </span>
|
<span> 50 </span>
|
||||||
{% else %}
|
{% else %}
|
||||||
<a href="{{ SITE_ROOT }}groupadmin/?per_page=50" class="per-page">50</a>
|
<a href="{{ SITE_ROOT }}sys/groupadmin/?per_page=50" class="per-page">50</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if per_page == 100 %}
|
{% if per_page == 100 %}
|
||||||
<span> 100 </span>
|
<span> 100 </span>
|
||||||
{% else %}
|
{% else %}
|
||||||
<a href="{{ SITE_ROOT }}groupadmin/?per_page=100" class="per-page">100</a>
|
<a href="{{ SITE_ROOT }}sys/groupadmin/?per_page=100" class="per-page">100</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|||||||
@@ -23,26 +23,26 @@
|
|||||||
|
|
||||||
<div id="paginator">
|
<div id="paginator">
|
||||||
{% if current_page != 1 %}
|
{% if current_page != 1 %}
|
||||||
<a href="{{ SITE_ROOT }}seafadmin/?page={{ prev_page }}&per_page={{ per_page }}">上一页</a>
|
<a href="{{ SITE_ROOT }}sys/seafadmin/?page={{ prev_page }}&per_page={{ per_page }}">上一页</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if page_next %}
|
{% if page_next %}
|
||||||
<a href="{{ SITE_ROOT }}seafadmin/?page={{ next_page }}&per_page={{ per_page }}">下一页</a>
|
<a href="{{ SITE_ROOT }}sys/seafadmin/?page={{ next_page }}&per_page={{ per_page }}">下一页</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<span>每页:</span>
|
<span>每页:</span>
|
||||||
{% if per_page == 25 %}
|
{% if per_page == 25 %}
|
||||||
<span> 25 </span>
|
<span> 25 </span>
|
||||||
{% else %}
|
{% else %}
|
||||||
<a href="{{ SITE_ROOT }}seafadmin/?per_page=25" class="per-page">25</a>
|
<a href="{{ SITE_ROOT }}sys/seafadmin/?per_page=25" class="per-page">25</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if per_page == 50 %}
|
{% if per_page == 50 %}
|
||||||
<span> 50 </span>
|
<span> 50 </span>
|
||||||
{% else %}
|
{% else %}
|
||||||
<a href="{{ SITE_ROOT }}seafadmin/?per_page=50" class="per-page">50</a>
|
<a href="{{ SITE_ROOT }}sys/seafadmin/?per_page=50" class="per-page">50</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if per_page == 100 %}
|
{% if per_page == 100 %}
|
||||||
<span> 100 </span>
|
<span> 100 </span>
|
||||||
{% else %}
|
{% else %}
|
||||||
<a href="{{ SITE_ROOT }}seafadmin/?per_page=100" class="per-page">100</a>
|
<a href="{{ SITE_ROOT }}sys/seafadmin/?per_page=100" class="per-page">100</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|||||||
44
views.py
44
views.py
@@ -71,7 +71,16 @@ def validate_owner(request, repo_id):
|
|||||||
Check whether email in the request own the repo
|
Check whether email in the request own the repo
|
||||||
|
|
||||||
"""
|
"""
|
||||||
return seafserv_threaded_rpc.is_repo_owner(request.user.username, repo_id)
|
try:
|
||||||
|
ret = seafserv_threaded_rpc.is_repo_owner(request.user.username,
|
||||||
|
repo_id)
|
||||||
|
except:
|
||||||
|
ret = 0
|
||||||
|
|
||||||
|
if ret == 0:
|
||||||
|
return False
|
||||||
|
else:
|
||||||
|
return True
|
||||||
|
|
||||||
def validate_emailuser(emailuser):
|
def validate_emailuser(emailuser):
|
||||||
"""
|
"""
|
||||||
@@ -95,6 +104,7 @@ def check_shared_repo(request, repo_id):
|
|||||||
got token if user is not logged in
|
got token if user is not logged in
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
# Not logged-in user
|
||||||
if not request.user.is_authenticated():
|
if not request.user.is_authenticated():
|
||||||
token = request.COOKIES.get('anontoken', None)
|
token = request.COOKIES.get('anontoken', None)
|
||||||
if token:
|
if token:
|
||||||
@@ -102,6 +112,7 @@ def check_shared_repo(request, repo_id):
|
|||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
# Logged-in user
|
||||||
repos = seafserv_threaded_rpc.list_share_repos(request.user.username, 'to_email', -1, -1)
|
repos = seafserv_threaded_rpc.list_share_repos(request.user.username, 'to_email', -1, -1)
|
||||||
for repo in repos:
|
for repo in repos:
|
||||||
if repo.props.id == repo_id:
|
if repo.props.id == repo_id:
|
||||||
@@ -120,11 +131,12 @@ def check_shared_repo(request, repo_id):
|
|||||||
def access_to_repo(request, repo_id, repo_ap):
|
def access_to_repo(request, repo_id, repo_ap):
|
||||||
"""
|
"""
|
||||||
Check whether user in the request can access to repo, which means user can
|
Check whether user in the request can access to repo, which means user can
|
||||||
view directory entries on repo page.
|
view directory entries on repo page. Only repo owner or person who is shared
|
||||||
|
can access to repo.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
if repo_ap == 'own' and not validate_owner(request, repo_id) \
|
if repo_ap == 'own' and not validate_owner(request, repo_id) \
|
||||||
and not check_shared_repo(request, repo_id) and not request.user.is_staff:
|
and not check_shared_repo(request, repo_id):
|
||||||
return False
|
return False
|
||||||
else:
|
else:
|
||||||
return True
|
return True
|
||||||
@@ -154,17 +166,20 @@ def gen_path_link(path, repo_name):
|
|||||||
def render_repo(request, repo_id, error=''):
|
def render_repo(request, repo_id, error=''):
|
||||||
# get repo web access property, if no repo access property in db, then
|
# get repo web access property, if no repo access property in db, then
|
||||||
# assume repo ap is 'own'
|
# assume repo ap is 'own'
|
||||||
repo_ap = seafserv_threaded_rpc.repo_query_access_property(repo_id)
|
# repo_ap = seafserv_threaded_rpc.repo_query_access_property(repo_id)
|
||||||
if not repo_ap:
|
# if not repo_ap:
|
||||||
repo_ap = 'own'
|
# repo_ap = 'own'
|
||||||
|
|
||||||
# check whether user can view repo
|
# Since repo web access property is removed since 0.9.4, we assume all repo
|
||||||
if access_to_repo(request, repo_id, repo_ap):
|
# is 'own' for compatibility
|
||||||
can_access = True
|
repo_ap = 'own'
|
||||||
else:
|
|
||||||
can_access = False
|
|
||||||
|
|
||||||
# check whether use is repo owner
|
# Check whether user can view repo page
|
||||||
|
can_access = access_to_repo(request, repo_id, repo_ap)
|
||||||
|
if not can_access:
|
||||||
|
return go_permission_error(request, '无法访问该同步目录')
|
||||||
|
|
||||||
|
# Check whether use is repo owner
|
||||||
if validate_owner(request, repo_id):
|
if validate_owner(request, repo_id):
|
||||||
is_owner = True
|
is_owner = True
|
||||||
else:
|
else:
|
||||||
@@ -1304,7 +1319,10 @@ def sys_org_admin(request):
|
|||||||
if not request.user.is_staff:
|
if not request.user.is_staff:
|
||||||
raise Http404
|
raise Http404
|
||||||
|
|
||||||
orgs = ccnet_threaded_rpc.get_all_orgs(0, sys.maxint)
|
try:
|
||||||
|
orgs = ccnet_threaded_rpc.get_all_orgs(0, sys.maxint)
|
||||||
|
except:
|
||||||
|
orgs = []
|
||||||
|
|
||||||
return render_to_response('sys_org_admin.html', {
|
return render_to_response('sys_org_admin.html', {
|
||||||
'orgs': orgs,
|
'orgs': orgs,
|
||||||
|
|||||||
Reference in New Issue
Block a user