mirror of
https://github.com/haiwen/seahub.git
synced 2025-09-25 06:33:48 +00:00
[sysadmin] Change a few ops to POST
This commit is contained in:
zhengxie
@@ -32,7 +32,7 @@ from forms import MessageForm, MessageReplyForm, GroupRecommendForm, \
|
|||||||
GroupAddForm, GroupJoinMsgForm, WikiCreateForm
|
GroupAddForm, GroupJoinMsgForm, WikiCreateForm
|
||||||
from signals import grpmsg_added, grpmsg_reply_added, group_join_request
|
from signals import grpmsg_added, grpmsg_reply_added, group_join_request
|
||||||
from seahub.auth import REDIRECT_FIELD_NAME
|
from seahub.auth import REDIRECT_FIELD_NAME
|
||||||
from seahub.base.decorators import sys_staff_required
|
from seahub.base.decorators import sys_staff_required, require_POST
|
||||||
from seahub.base.models import FileDiscuss
|
from seahub.base.models import FileDiscuss
|
||||||
from seahub.contacts.models import Contact
|
from seahub.contacts.models import Contact
|
||||||
from seahub.contacts.signals import mail_sended
|
from seahub.contacts.signals import mail_sended
|
||||||
@@ -228,6 +228,7 @@ def group_list(request):
|
|||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@sys_staff_required
|
@sys_staff_required
|
||||||
|
@require_POST
|
||||||
def group_remove(request, group_id):
|
def group_remove(request, group_id):
|
||||||
"""
|
"""
|
||||||
Remove group from groupadmin page. Only system admin can perform this
|
Remove group from groupadmin page. Only system admin can perform this
|
||||||
|
|||||||
@@ -38,4 +38,9 @@ $('#repo-transfer-form').submit(function() {
|
|||||||
});
|
});
|
||||||
|
|
||||||
$('#main-panel').removeClass('ovhd');
|
$('#main-panel').removeClass('ovhd');
|
||||||
{% include 'snippets/repo_del_js.html' %}
|
|
||||||
|
addConfirmTo($('.repo-delete-btn'), {
|
||||||
|
'title': "{% trans "Delete Library" %}",
|
||||||
|
'con': "{% trans "Are you sure you want to delete %s ?" %}",
|
||||||
|
'post': true,
|
||||||
|
});
|
||||||
|
|||||||
@@ -25,7 +25,7 @@
|
|||||||
</td>
|
</td>
|
||||||
<td data-id="{{ repo.props.id }}" data-name="{{ repo.props.name }}">
|
<td data-id="{{ repo.props.id }}" data-name="{{ repo.props.name }}">
|
||||||
<div>
|
<div>
|
||||||
<a href="#" class="repo-delete-btn op vh">{% trans "Delete" %}</a>
|
<a href="#" data-url="{% url "sys_repo_delete" repo.id %}" data-target="{{ repo.name }}" class="repo-delete-btn op vh">{% trans "Delete" %}</a>
|
||||||
<a href="#" class="repo-transfer-btn op vh">{% trans "Transfer" %}</a>
|
<a href="#" class="repo-transfer-btn op vh">{% trans "Transfer" %}</a>
|
||||||
</div>
|
</div>
|
||||||
</td>
|
</td>
|
||||||
|
|||||||
@@ -56,7 +56,7 @@
|
|||||||
<td>{{ repo.size|filesizeformat }}</td>
|
<td>{{ repo.size|filesizeformat }}</td>
|
||||||
<td><a href="{% url 'user_info' repo.user %}">{{ repo.user }}</a></td>
|
<td><a href="{% url 'user_info' repo.user %}">{{ repo.user }}</a></td>
|
||||||
<td data-id="{{ repo.id }}" data-name="{{repo.name}}">
|
<td data-id="{{ repo.id }}" data-name="{{repo.name}}">
|
||||||
<div><a href="#" class="repo-delete-btn op-icon vh" title="{% trans "Delete" %}"><img src="{{MEDIA_URL}}img/rm.png" alt="" /></a></div>
|
<div><a href="#" data-url="{% url "sys_repo_delete" repo.id %}" data-target="{{ repo.name }}" class="repo-delete-btn op-icon vh" title="{% trans "Delete" %}"><img src="{{MEDIA_URL}}img/rm.png" alt="" /></a></div>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
@@ -83,12 +83,15 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
{% include 'snippets/repo_del_popup.html' %}
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
|
|
||||||
{% block extra_script %}
|
{% block extra_script %}
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
{% include 'snippets/repo_del_js.html' %}
|
addConfirmTo($('.repo-delete-btn'), {
|
||||||
|
'title': "{% trans "Delete Library" %}",
|
||||||
|
'con': "{% trans "Are you sure you want to delete %s ?" %}",
|
||||||
|
'post': true,
|
||||||
|
});
|
||||||
</script>
|
</script>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|||||||
@@ -42,7 +42,8 @@
|
|||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
addConfirmTo($('.rm-grp'), {
|
addConfirmTo($('.rm-grp'), {
|
||||||
'title': "{% trans "Delete Group" %}",
|
'title': "{% trans "Delete Group" %}",
|
||||||
'con': "{% trans "Are you sure you want to delete %s ?" %}"
|
'con': "{% trans "Are you sure you want to delete %s ?" %}",
|
||||||
|
'post': true,
|
||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|||||||
@@ -39,7 +39,7 @@
|
|||||||
</td>
|
</td>
|
||||||
<td data-id="{{ repo.id }}" data-name="{{ repo.name }}">
|
<td data-id="{{ repo.id }}" data-name="{{ repo.name }}">
|
||||||
<div>
|
<div>
|
||||||
<a href="#" class="repo-delete-btn op vh">{% trans "Delete" %}</a>
|
<a href="#" data-url="{% url "sys_repo_delete" repo.id %}" data-target="{{ repo.name }}" class="repo-delete-btn op vh">{% trans "Delete" %}</a>
|
||||||
</div>
|
</div>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
@@ -51,7 +51,6 @@
|
|||||||
</div>
|
</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% include 'snippets/repo_del_popup.html' %}
|
|
||||||
{% include 'sysadmin/repo_transfer_form.html' %}
|
{% include 'sysadmin/repo_transfer_form.html' %}
|
||||||
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
@@ -59,7 +58,6 @@
|
|||||||
{% block extra_script %}
|
{% block extra_script %}
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
{% include 'sysadmin/sys_org_set_quota_js.html' %}
|
{% include 'sysadmin/sys_org_set_quota_js.html' %}
|
||||||
{% include 'snippets/repo_del_js.html' %}
|
|
||||||
{% include 'sysadmin/repoadmin_js.html' %}
|
{% include 'sysadmin/repoadmin_js.html' %}
|
||||||
</script>
|
</script>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|||||||
@@ -93,7 +93,7 @@
|
|||||||
<td>{{ repo.size|filesizeformat }}</td>
|
<td>{{ repo.size|filesizeformat }}</td>
|
||||||
<td>{{ repo.last_modify|translate_seahub_time }}</td>
|
<td>{{ repo.last_modify|translate_seahub_time }}</td>
|
||||||
<td data-id="{{ repo.props.id }}" data-name="{{repo.name}}">
|
<td data-id="{{ repo.props.id }}" data-name="{{repo.name}}">
|
||||||
<div><a href="#" class="repo-delete-btn op-icon vh" title="{% trans "Delete" %}"><img src="{{MEDIA_URL}}img/rm.png" alt="" /></a></div>
|
<div><a href="#" data-url="{% url "sys_repo_delete" repo.id %}" data-target="{{ repo.name }}" class="repo-delete-btn op-icon vh" title="{% trans "Delete" %}"><img src="{{MEDIA_URL}}img/rm.png" alt="" /></a></div>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
@@ -239,6 +239,11 @@ $('#set-quota-form .submit').click(function() {
|
|||||||
return false;
|
return false;
|
||||||
});
|
});
|
||||||
|
|
||||||
{% include 'snippets/repo_del_js.html' %}
|
addConfirmTo($('.repo-delete-btn'), {
|
||||||
|
'title': "{% trans "Delete Library" %}",
|
||||||
|
'con': "{% trans "Are you sure you want to delete %s ?" %}",
|
||||||
|
'post': true,
|
||||||
|
});
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|||||||
@@ -213,6 +213,7 @@ urlpatterns = patterns(
|
|||||||
url(r'^sys/seafadmin/repo-trash/(?P<repo_id>[-0-9a-f]{36})/restore/$', sys_repo_trash_restore, name="sys_repo_trash_restore"),
|
url(r'^sys/seafadmin/repo-trash/(?P<repo_id>[-0-9a-f]{36})/restore/$', sys_repo_trash_restore, name="sys_repo_trash_restore"),
|
||||||
url(r'^sys/seafadmin/search/$', sys_repo_search, name='sys_repo_search'),
|
url(r'^sys/seafadmin/search/$', sys_repo_search, name='sys_repo_search'),
|
||||||
url(r'^sys/seafadmin/transfer/$', sys_repo_transfer, name='sys_repo_transfer'),
|
url(r'^sys/seafadmin/transfer/$', sys_repo_transfer, name='sys_repo_transfer'),
|
||||||
|
url(r'^sys/seafadmin/delete/(?P<repo_id>[-0-9a-f]{36})/$', sys_repo_delete, name='sys_repo_delete'),
|
||||||
url(r'^sys/useradmin/$', sys_user_admin, name='sys_useradmin'),
|
url(r'^sys/useradmin/$', sys_user_admin, name='sys_useradmin'),
|
||||||
url(r'^sys/useradmin/ldap/$', sys_user_admin_ldap, name='sys_useradmin_ldap'),
|
url(r'^sys/useradmin/ldap/$', sys_user_admin_ldap, name='sys_useradmin_ldap'),
|
||||||
url(r'^sys/useradmin/ldap/imported$', sys_user_admin_ldap_imported, name='sys_useradmin_ldap_imported'),
|
url(r'^sys/useradmin/ldap/imported$', sys_user_admin_ldap_imported, name='sys_useradmin_ldap_imported'),
|
||||||
|
|||||||
@@ -1524,19 +1524,15 @@ def repo_remove(request, repo_id):
|
|||||||
ct = 'application/json; charset=utf-8'
|
ct = 'application/json; charset=utf-8'
|
||||||
result = {}
|
result = {}
|
||||||
|
|
||||||
if get_system_default_repo_id() == repo_id:
|
|
||||||
result['error'] = _(u'System library can not be deleted.')
|
|
||||||
return HttpResponse(json.dumps(result), status=403, content_type=ct)
|
|
||||||
|
|
||||||
repo = get_repo(repo_id)
|
repo = get_repo(repo_id)
|
||||||
username = request.user.username
|
username = request.user.username
|
||||||
if is_org_context(request):
|
if is_org_context(request):
|
||||||
# Remove repo in org context, only (sys admin/repo owner/org staff) can
|
# Remove repo in org context, only (repo owner/org staff) can perform
|
||||||
# perform this operation.
|
# this operation.
|
||||||
org_id = request.user.org.org_id
|
org_id = request.user.org.org_id
|
||||||
is_org_staff = request.user.org.is_staff
|
is_org_staff = request.user.org.is_staff
|
||||||
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
|
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
|
||||||
if request.user.is_staff or is_org_staff or org_repo_owner == username:
|
if is_org_staff or org_repo_owner == username:
|
||||||
# Must get related useres before remove the repo
|
# Must get related useres before remove the repo
|
||||||
usernames = get_related_users_by_org_repo(org_id, repo_id)
|
usernames = get_related_users_by_org_repo(org_id, repo_id)
|
||||||
seafile_api.remove_repo(repo_id)
|
seafile_api.remove_repo(repo_id)
|
||||||
@@ -1553,9 +1549,9 @@ def repo_remove(request, repo_id):
|
|||||||
result['error'] = _(u'Permission denied.')
|
result['error'] = _(u'Permission denied.')
|
||||||
return HttpResponse(json.dumps(result), status=403, content_type=ct)
|
return HttpResponse(json.dumps(result), status=403, content_type=ct)
|
||||||
else:
|
else:
|
||||||
# Remove repo in personal context, only (repo owner/sys admin) can
|
# Remove repo in personal context, only (repo owner) can perform this
|
||||||
# perform this operation.
|
# operation.
|
||||||
if validate_owner(request, repo_id) or request.user.is_staff:
|
if validate_owner(request, repo_id):
|
||||||
usernames = get_related_users_by_repo(repo_id)
|
usernames = get_related_users_by_repo(repo_id)
|
||||||
seafile_api.remove_repo(repo_id)
|
seafile_api.remove_repo(repo_id)
|
||||||
if repo: # send delete signal only repo is valid
|
if repo: # send delete signal only repo is valid
|
||||||
|
|||||||
@@ -31,8 +31,11 @@ from seahub.utils import IS_EMAIL_CONFIGURED, string2list, is_valid_username, \
|
|||||||
is_pro_version
|
is_pro_version
|
||||||
from seahub.utils.licenseparse import parse_license
|
from seahub.utils.licenseparse import parse_license
|
||||||
from seahub.views import get_system_default_repo_id
|
from seahub.views import get_system_default_repo_id
|
||||||
|
from seahub.views.ajax import (get_related_users_by_org_repo,
|
||||||
|
get_related_users_by_repo)
|
||||||
from seahub.forms import SetUserQuotaForm, AddUserForm, BatchAddUserForm
|
from seahub.forms import SetUserQuotaForm, AddUserForm, BatchAddUserForm
|
||||||
from seahub.profile.models import Profile, DetailedProfile
|
from seahub.profile.models import Profile, DetailedProfile
|
||||||
|
from seahub.signals import repo_deleted
|
||||||
from seahub.share.models import FileShare, UploadLinkShare
|
from seahub.share.models import FileShare, UploadLinkShare
|
||||||
import seahub.settings as settings
|
import seahub.settings as settings
|
||||||
from seahub.settings import INIT_PASSWD, SITE_NAME, \
|
from seahub.settings import INIT_PASSWD, SITE_NAME, \
|
||||||
@@ -1592,9 +1595,43 @@ def sys_repo_transfer(request):
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
seafile_api.set_repo_owner(repo_id, new_owner)
|
seafile_api.set_repo_owner(repo_id, new_owner)
|
||||||
|
|
||||||
messages.success(request, _(u'Successfully transfered.'))
|
messages.success(request, _(u'Successfully transfered.'))
|
||||||
return HttpResponseRedirect(next)
|
return HttpResponseRedirect(next)
|
||||||
|
|
||||||
|
@login_required
|
||||||
|
@sys_staff_required
|
||||||
|
@require_POST
|
||||||
|
def sys_repo_delete(request, repo_id):
|
||||||
|
"""Delete a repo.
|
||||||
|
"""
|
||||||
|
next = request.META.get('HTTP_REFERER', None)
|
||||||
|
if not next:
|
||||||
|
next = reverse(sys_repo_admin)
|
||||||
|
|
||||||
|
if get_system_default_repo_id() == repo_id:
|
||||||
|
messages.error(request, _('System library can not be deleted.'))
|
||||||
|
return HttpResponseRedirect(next)
|
||||||
|
|
||||||
|
repo = seafile_api.get_repo(repo_id)
|
||||||
|
repo_name = repo.name
|
||||||
|
|
||||||
|
org_id = seafserv_threaded_rpc.get_org_id_by_repo_id(repo_id)
|
||||||
|
if org_id > 0:
|
||||||
|
usernames = get_related_users_by_org_repo(org_id, repo_id)
|
||||||
|
repo_owner = seafile_api.get_org_repo_owner(repo_id)
|
||||||
|
else:
|
||||||
|
usernames = get_related_users_by_repo(repo_id)
|
||||||
|
repo_owner = seafile_api.get_repo_owner(repo_id)
|
||||||
|
|
||||||
|
seafile_api.remove_repo(repo_id)
|
||||||
|
repo_deleted.send(sender=None, org_id=org_id, usernames=usernames,
|
||||||
|
repo_owner=repo_owner, repo_id=repo_id,
|
||||||
|
repo_name=repo_name)
|
||||||
|
|
||||||
|
messages.success(request, _(u'Successfully deleted.'))
|
||||||
|
return HttpResponseRedirect(next)
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@sys_staff_required
|
@sys_staff_required
|
||||||
def sys_traffic_admin(request):
|
def sys_traffic_admin(request):
|
||||||
|
|||||||
Reference in New Issue
Block a user