mirror of
https://github.com/haiwen/seahub.git
synced 2025-09-24 21:07:17 +00:00
[sysadmin] Change a few ops to POST
This commit is contained in:
zhengxie
@@ -32,7 +32,7 @@ from forms import MessageForm, MessageReplyForm, GroupRecommendForm, \
|
||||
GroupAddForm, GroupJoinMsgForm, WikiCreateForm
|
||||
from signals import grpmsg_added, grpmsg_reply_added, group_join_request
|
||||
from seahub.auth import REDIRECT_FIELD_NAME
|
||||
from seahub.base.decorators import sys_staff_required
|
||||
from seahub.base.decorators import sys_staff_required, require_POST
|
||||
from seahub.base.models import FileDiscuss
|
||||
from seahub.contacts.models import Contact
|
||||
from seahub.contacts.signals import mail_sended
|
||||
@@ -228,6 +228,7 @@ def group_list(request):
|
||||
|
||||
@login_required
|
||||
@sys_staff_required
|
||||
@require_POST
|
||||
def group_remove(request, group_id):
|
||||
"""
|
||||
Remove group from groupadmin page. Only system admin can perform this
|
||||
|
||||
@@ -38,4 +38,9 @@ $('#repo-transfer-form').submit(function() {
|
||||
});
|
||||
|
||||
$('#main-panel').removeClass('ovhd');
|
||||
{% include 'snippets/repo_del_js.html' %}
|
||||
|
||||
addConfirmTo($('.repo-delete-btn'), {
|
||||
'title': "{% trans "Delete Library" %}",
|
||||
'con': "{% trans "Are you sure you want to delete %s ?" %}",
|
||||
'post': true,
|
||||
});
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
</td>
|
||||
<td data-id="{{ repo.props.id }}" data-name="{{ repo.props.name }}">
|
||||
<div>
|
||||
<a href="#" class="repo-delete-btn op vh">{% trans "Delete" %}</a>
|
||||
<a href="#" data-url="{% url "sys_repo_delete" repo.id %}" data-target="{{ repo.name }}" class="repo-delete-btn op vh">{% trans "Delete" %}</a>
|
||||
<a href="#" class="repo-transfer-btn op vh">{% trans "Transfer" %}</a>
|
||||
</div>
|
||||
</td>
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
<td>{{ repo.size|filesizeformat }}</td>
|
||||
<td><a href="{% url 'user_info' repo.user %}">{{ repo.user }}</a></td>
|
||||
<td data-id="{{ repo.id }}" data-name="{{repo.name}}">
|
||||
<div><a href="#" class="repo-delete-btn op-icon vh" title="{% trans "Delete" %}"><img src="{{MEDIA_URL}}img/rm.png" alt="" /></a></div>
|
||||
<div><a href="#" data-url="{% url "sys_repo_delete" repo.id %}" data-target="{{ repo.name }}" class="repo-delete-btn op-icon vh" title="{% trans "Delete" %}"><img src="{{MEDIA_URL}}img/rm.png" alt="" /></a></div>
|
||||
</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
@@ -83,12 +83,15 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{% include 'snippets/repo_del_popup.html' %}
|
||||
{% endblock %}
|
||||
|
||||
|
||||
{% block extra_script %}
|
||||
<script type="text/javascript">
|
||||
{% include 'snippets/repo_del_js.html' %}
|
||||
addConfirmTo($('.repo-delete-btn'), {
|
||||
'title': "{% trans "Delete Library" %}",
|
||||
'con': "{% trans "Are you sure you want to delete %s ?" %}",
|
||||
'post': true,
|
||||
});
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
||||
@@ -42,7 +42,8 @@
|
||||
<script type="text/javascript">
|
||||
addConfirmTo($('.rm-grp'), {
|
||||
'title': "{% trans "Delete Group" %}",
|
||||
'con': "{% trans "Are you sure you want to delete %s ?" %}"
|
||||
'con': "{% trans "Are you sure you want to delete %s ?" %}",
|
||||
'post': true,
|
||||
});
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
||||
@@ -39,7 +39,7 @@
|
||||
</td>
|
||||
<td data-id="{{ repo.id }}" data-name="{{ repo.name }}">
|
||||
<div>
|
||||
<a href="#" class="repo-delete-btn op vh">{% trans "Delete" %}</a>
|
||||
<a href="#" data-url="{% url "sys_repo_delete" repo.id %}" data-target="{{ repo.name }}" class="repo-delete-btn op vh">{% trans "Delete" %}</a>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
@@ -51,7 +51,6 @@
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
{% include 'snippets/repo_del_popup.html' %}
|
||||
{% include 'sysadmin/repo_transfer_form.html' %}
|
||||
|
||||
{% endblock %}
|
||||
@@ -59,7 +58,6 @@
|
||||
{% block extra_script %}
|
||||
<script type="text/javascript">
|
||||
{% include 'sysadmin/sys_org_set_quota_js.html' %}
|
||||
{% include 'snippets/repo_del_js.html' %}
|
||||
{% include 'sysadmin/repoadmin_js.html' %}
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
||||
@@ -93,7 +93,7 @@
|
||||
<td>{{ repo.size|filesizeformat }}</td>
|
||||
<td>{{ repo.last_modify|translate_seahub_time }}</td>
|
||||
<td data-id="{{ repo.props.id }}" data-name="{{repo.name}}">
|
||||
<div><a href="#" class="repo-delete-btn op-icon vh" title="{% trans "Delete" %}"><img src="{{MEDIA_URL}}img/rm.png" alt="" /></a></div>
|
||||
<div><a href="#" data-url="{% url "sys_repo_delete" repo.id %}" data-target="{{ repo.name }}" class="repo-delete-btn op-icon vh" title="{% trans "Delete" %}"><img src="{{MEDIA_URL}}img/rm.png" alt="" /></a></div>
|
||||
</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
@@ -239,6 +239,11 @@ $('#set-quota-form .submit').click(function() {
|
||||
return false;
|
||||
});
|
||||
|
||||
{% include 'snippets/repo_del_js.html' %}
|
||||
addConfirmTo($('.repo-delete-btn'), {
|
||||
'title': "{% trans "Delete Library" %}",
|
||||
'con': "{% trans "Are you sure you want to delete %s ?" %}",
|
||||
'post': true,
|
||||
});
|
||||
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
||||
@@ -213,6 +213,7 @@ urlpatterns = patterns(
|
||||
url(r'^sys/seafadmin/repo-trash/(?P<repo_id>[-0-9a-f]{36})/restore/$', sys_repo_trash_restore, name="sys_repo_trash_restore"),
|
||||
url(r'^sys/seafadmin/search/$', sys_repo_search, name='sys_repo_search'),
|
||||
url(r'^sys/seafadmin/transfer/$', sys_repo_transfer, name='sys_repo_transfer'),
|
||||
url(r'^sys/seafadmin/delete/(?P<repo_id>[-0-9a-f]{36})/$', sys_repo_delete, name='sys_repo_delete'),
|
||||
url(r'^sys/useradmin/$', sys_user_admin, name='sys_useradmin'),
|
||||
url(r'^sys/useradmin/ldap/$', sys_user_admin_ldap, name='sys_useradmin_ldap'),
|
||||
url(r'^sys/useradmin/ldap/imported$', sys_user_admin_ldap_imported, name='sys_useradmin_ldap_imported'),
|
||||
|
||||
@@ -1524,19 +1524,15 @@ def repo_remove(request, repo_id):
|
||||
ct = 'application/json; charset=utf-8'
|
||||
result = {}
|
||||
|
||||
if get_system_default_repo_id() == repo_id:
|
||||
result['error'] = _(u'System library can not be deleted.')
|
||||
return HttpResponse(json.dumps(result), status=403, content_type=ct)
|
||||
|
||||
repo = get_repo(repo_id)
|
||||
username = request.user.username
|
||||
if is_org_context(request):
|
||||
# Remove repo in org context, only (sys admin/repo owner/org staff) can
|
||||
# perform this operation.
|
||||
# Remove repo in org context, only (repo owner/org staff) can perform
|
||||
# this operation.
|
||||
org_id = request.user.org.org_id
|
||||
is_org_staff = request.user.org.is_staff
|
||||
org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
|
||||
if request.user.is_staff or is_org_staff or org_repo_owner == username:
|
||||
if is_org_staff or org_repo_owner == username:
|
||||
# Must get related useres before remove the repo
|
||||
usernames = get_related_users_by_org_repo(org_id, repo_id)
|
||||
seafile_api.remove_repo(repo_id)
|
||||
@@ -1553,9 +1549,9 @@ def repo_remove(request, repo_id):
|
||||
result['error'] = _(u'Permission denied.')
|
||||
return HttpResponse(json.dumps(result), status=403, content_type=ct)
|
||||
else:
|
||||
# Remove repo in personal context, only (repo owner/sys admin) can
|
||||
# perform this operation.
|
||||
if validate_owner(request, repo_id) or request.user.is_staff:
|
||||
# Remove repo in personal context, only (repo owner) can perform this
|
||||
# operation.
|
||||
if validate_owner(request, repo_id):
|
||||
usernames = get_related_users_by_repo(repo_id)
|
||||
seafile_api.remove_repo(repo_id)
|
||||
if repo: # send delete signal only repo is valid
|
||||
|
||||
@@ -31,8 +31,11 @@ from seahub.utils import IS_EMAIL_CONFIGURED, string2list, is_valid_username, \
|
||||
is_pro_version
|
||||
from seahub.utils.licenseparse import parse_license
|
||||
from seahub.views import get_system_default_repo_id
|
||||
from seahub.views.ajax import (get_related_users_by_org_repo,
|
||||
get_related_users_by_repo)
|
||||
from seahub.forms import SetUserQuotaForm, AddUserForm, BatchAddUserForm
|
||||
from seahub.profile.models import Profile, DetailedProfile
|
||||
from seahub.signals import repo_deleted
|
||||
from seahub.share.models import FileShare, UploadLinkShare
|
||||
import seahub.settings as settings
|
||||
from seahub.settings import INIT_PASSWD, SITE_NAME, \
|
||||
@@ -1592,9 +1595,43 @@ def sys_repo_transfer(request):
|
||||
pass
|
||||
|
||||
seafile_api.set_repo_owner(repo_id, new_owner)
|
||||
|
||||
messages.success(request, _(u'Successfully transfered.'))
|
||||
return HttpResponseRedirect(next)
|
||||
|
||||
@login_required
|
||||
@sys_staff_required
|
||||
@require_POST
|
||||
def sys_repo_delete(request, repo_id):
|
||||
"""Delete a repo.
|
||||
"""
|
||||
next = request.META.get('HTTP_REFERER', None)
|
||||
if not next:
|
||||
next = reverse(sys_repo_admin)
|
||||
|
||||
if get_system_default_repo_id() == repo_id:
|
||||
messages.error(request, _('System library can not be deleted.'))
|
||||
return HttpResponseRedirect(next)
|
||||
|
||||
repo = seafile_api.get_repo(repo_id)
|
||||
repo_name = repo.name
|
||||
|
||||
org_id = seafserv_threaded_rpc.get_org_id_by_repo_id(repo_id)
|
||||
if org_id > 0:
|
||||
usernames = get_related_users_by_org_repo(org_id, repo_id)
|
||||
repo_owner = seafile_api.get_org_repo_owner(repo_id)
|
||||
else:
|
||||
usernames = get_related_users_by_repo(repo_id)
|
||||
repo_owner = seafile_api.get_repo_owner(repo_id)
|
||||
|
||||
seafile_api.remove_repo(repo_id)
|
||||
repo_deleted.send(sender=None, org_id=org_id, usernames=usernames,
|
||||
repo_owner=repo_owner, repo_id=repo_id,
|
||||
repo_name=repo_name)
|
||||
|
||||
messages.success(request, _(u'Successfully deleted.'))
|
||||
return HttpResponseRedirect(next)
|
||||
|
||||
@login_required
|
||||
@sys_staff_required
|
||||
def sys_traffic_admin(request):
|
||||
|
||||
Reference in New Issue
Block a user