haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-03 07:55:36 +00:00
Code Issues Releases Wiki Activity

Fix bugs

Browse Source 
* Only repo owner or person who shared this repo can view repo page.
* Remove group user even when user is deleted by admin.
* Paginator link on admin page.
This commit is contained in:
xiez
2012-07-09 10:37:42 +08:00
parent 5cc1608d38
commit 402b9ab0ce
5 changed files with 53 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
base/accounts.py
View File

@@ -1,3 +1,4 @@
# encoding: utf-8
from django import forms
from django.utils.encoding import smart_str
from django.utils.hashcompat import md5_constructor, sha_constructor
@@ -299,7 +300,7 @@ class RegistrationForm(forms.Form):
if not emailuser:
return self.cleaned_data['email']
else:
raise forms.ValidationError(_("A user with this email already"))
raise forms.ValidationError("该邮箱已被注册")
def clean_userid(self):
if self.cleaned_data['userid'] and len(self.cleaned_data['userid']) != 40:
@@ -316,7 +317,7 @@ class RegistrationForm(forms.Form):
"""
if 'password1' in self.cleaned_data and 'password2' in self.cleaned_data:
if self.cleaned_data['password1'] != self.cleaned_data['password2']:
raise forms.ValidationError(_("The two password fields didn't match."))
raise forms.ValidationError("两次输入的密码不一致")
return self.cleaned_data
class OrgRegistrationForm(RegistrationForm):
@@ -332,7 +333,7 @@ class OrgRegistrationForm(RegistrationForm):
label=_("Organization Name"))
url_prefix = forms.RegexField(label=_("Url Prefix"), max_length=20,
regex=r'^[a-z0-9]+$',
error_message=_("This value must contain only letters or numbers."))
error_message="域名前缀只能包含字母或数字")
def clean_url_prefix(self):
url_prefix = self.cleaned_data['url_prefix']
@@ -340,7 +341,7 @@ class OrgRegistrationForm(RegistrationForm):
if not org:
return url_prefix
else:
raise forms.ValidationError(_("A organization with this url prefix already"))
raise forms.ValidationError("该域名前缀已被注册")
class OrgRegistrationBackend(object):
def register(self, request, **kwargs):

21
group/views.py
View File

@@ -397,20 +397,13 @@ def group_remove_member(request, group_id, user_name):
if not check_group_staff(group_id_int, request.user):
return go_permission_error(request, u'只有小组管理员有权删除成员')
if not validate_emailuser(user_name):
err_msg = u'用户不存在'
return go_error(request, err_msg)
else:
try:
group_id_int = int(group_id)
except ValueError:
return go_error(request, u'group id 不是有效参数')
try:
ccnet_threaded_rpc.group_remove_member(group_id_int, request.user.username,
user_name)
seafserv_threaded_rpc.remove_repo_group(group_id_int, user_name)
except SearpcError, e:
return go_error(request, e.msg)
try:
ccnet_threaded_rpc.group_remove_member(group_id_int,
request.user.username,
user_name)
seafserv_threaded_rpc.remove_repo_group(group_id_int, user_name)
except SearpcError, e:
return go_error(request, e.msg)
return HttpResponseRedirect(reverse('group_members', args=[group_id]))

10
templates/sys_group_admin.html
View File

@@ -25,26 +25,26 @@
<div id="paginator">
{% if current_page != 1 %}
<a href="{{ SITE_ROOT }}groupadmin/?page={{ prev_page }}&per_page={{ per_page }}">上一页</a>
<a href="{{ SITE_ROOT }}sys/groupadmin/?page={{ prev_page }}&per_page={{ per_page }}">上一页</a>
{% endif %}
{% if page_next %}
<a href="{{ SITE_ROOT }}groupadmin/?page={{ next_page }}&per_page={{ per_page }}">下一页</a>
<a href="{{ SITE_ROOT }}sys/groupadmin/?page={{ next_page }}&per_page={{ per_page }}">下一页</a>
{% endif %}
<span>每页:</span>
{% if per_page == 25 %}
<span> 25 </span>
{% else %}
<a href="{{ SITE_ROOT }}groupadmin/?per_page=25" class="per-page">25</a>
<a href="{{ SITE_ROOT }}sys/groupadmin/?per_page=25" class="per-page">25</a>
{% endif %}
{% if per_page == 50 %}
<span> 50 </span>
{% else %}
<a href="{{ SITE_ROOT }}groupadmin/?per_page=50" class="per-page">50</a>
<a href="{{ SITE_ROOT }}sys/groupadmin/?per_page=50" class="per-page">50</a>
{% endif %}
{% if per_page == 100 %}
<span> 100 </span>
{% else %}
<a href="{{ SITE_ROOT }}groupadmin/?per_page=100" class="per-page">100</a>
<a href="{{ SITE_ROOT }}sys/groupadmin/?per_page=100" class="per-page">100</a>
{% endif %}
</div>
{% else %}

10
templates/sys_seafadmin.html
View File

@@ -23,26 +23,26 @@
<div id="paginator">
{% if current_page != 1 %}
<a href="{{ SITE_ROOT }}seafadmin/?page={{ prev_page }}&per_page={{ per_page }}">上一页</a>
<a href="{{ SITE_ROOT }}sys/seafadmin/?page={{ prev_page }}&per_page={{ per_page }}">上一页</a>
{% endif %}
{% if page_next %}
<a href="{{ SITE_ROOT }}seafadmin/?page={{ next_page }}&per_page={{ per_page }}">下一页</a>
<a href="{{ SITE_ROOT }}sys/seafadmin/?page={{ next_page }}&per_page={{ per_page }}">下一页</a>
{% endif %}
<span>每页:</span>
{% if per_page == 25 %}
<span> 25 </span>
{% else %}
<a href="{{ SITE_ROOT }}seafadmin/?per_page=25" class="per-page">25</a>
<a href="{{ SITE_ROOT }}sys/seafadmin/?per_page=25" class="per-page">25</a>
{% endif %}
{% if per_page == 50 %}
<span> 50 </span>
{% else %}
<a href="{{ SITE_ROOT }}seafadmin/?per_page=50" class="per-page">50</a>
<a href="{{ SITE_ROOT }}sys/seafadmin/?per_page=50" class="per-page">50</a>
{% endif %}
{% if per_page == 100 %}
<span> 100 </span>
{% else %}
<a href="{{ SITE_ROOT }}seafadmin/?per_page=100" class="per-page">100</a>
<a href="{{ SITE_ROOT }}sys/seafadmin/?per_page=100" class="per-page">100</a>
{% endif %}
</div>
{% else %}

44
views.py
View File

@@ -71,7 +71,16 @@ def validate_owner(request, repo_id):
Check whether email in the request own the repo
"""
return seafserv_threaded_rpc.is_repo_owner(request.user.username, repo_id)
try:
ret = seafserv_threaded_rpc.is_repo_owner(request.user.username,
repo_id)
except:
ret = 0
if ret == 0:
return False
else:
return True
def validate_emailuser(emailuser):
"""
@@ -95,6 +104,7 @@ def check_shared_repo(request, repo_id):
got token if user is not logged in
"""
# Not logged-in user
if not request.user.is_authenticated():
token = request.COOKIES.get('anontoken', None)
if token:
@@ -102,6 +112,7 @@ def check_shared_repo(request, repo_id):
else:
return False
# Logged-in user
repos = seafserv_threaded_rpc.list_share_repos(request.user.username, 'to_email', -1, -1)
for repo in repos:
if repo.props.id == repo_id:
@@ -120,11 +131,12 @@ def check_shared_repo(request, repo_id):
def access_to_repo(request, repo_id, repo_ap):
"""
Check whether user in the request can access to repo, which means user can
view directory entries on repo page.
view directory entries on repo page. Only repo owner or person who is shared
can access to repo.
"""
if repo_ap == 'own' and not validate_owner(request, repo_id) \
and not check_shared_repo(request, repo_id) and not request.user.is_staff:
and not check_shared_repo(request, repo_id):
return False
else:
return True
@@ -154,17 +166,20 @@ def gen_path_link(path, repo_name):
def render_repo(request, repo_id, error=''):
# get repo web access property, if no repo access property in db, then
# assume repo ap is 'own'
repo_ap = seafserv_threaded_rpc.repo_query_access_property(repo_id)
if not repo_ap:
repo_ap = 'own'
# repo_ap = seafserv_threaded_rpc.repo_query_access_property(repo_id)
# if not repo_ap:
# repo_ap = 'own'
# check whether user can view repo
if access_to_repo(request, repo_id, repo_ap):
can_access = True
else:
can_access = False
# Since repo web access property is removed since 0.9.4, we assume all repo
# is 'own' for compatibility
repo_ap = 'own'
# Check whether user can view repo page
can_access = access_to_repo(request, repo_id, repo_ap)
if not can_access:
return go_permission_error(request, '无法访问该同步目录')
# check whether use is repo owner
# Check whether use is repo owner
if validate_owner(request, repo_id):
is_owner = True
else:
@@ -1304,7 +1319,10 @@ def sys_org_admin(request):
if not request.user.is_staff:
raise Http404
orgs = ccnet_threaded_rpc.get_all_orgs(0, sys.maxint)
try:
orgs = ccnet_threaded_rpc.get_all_orgs(0, sys.maxint)
except:
orgs = []
return render_to_response('sys_org_admin.html', {
'orgs': orgs,