diff --git a/seahub/api2/endpoints/admin/library_group_shares.py b/seahub/api2/endpoints/admin/library_group_shares.py deleted file mode 100644 index 982645d4f7..0000000000 --- a/seahub/api2/endpoints/admin/library_group_shares.py +++ /dev/null @@ -1,223 +0,0 @@ -# Copyright (c) 2012-2016 Seafile Ltd. -import logging -from rest_framework import status -from rest_framework.authentication import SessionAuthentication -from rest_framework.permissions import IsAdminUser -from rest_framework.response import Response -from rest_framework.views import APIView - -from seaserv import seafile_api, ccnet_api - -from seahub.api2.authentication import TokenAuthentication -from seahub.api2.throttling import UserRateThrottle -from seahub.api2.utils import api_error - -logger = logging.getLogger(__name__) - -def get_library_group_share_info(share_item): - - group_id = share_item.group_id - group = ccnet_api.get_group(group_id) - - result = {} - result['group_id'] = group_id - result['group_name'] = group.group_name - result['permission'] = share_item.perm - result['repo_id'] = share_item.repo_id - - return result - - -class AdminLibraryGroupShares(APIView): - authentication_classes = (TokenAuthentication, SessionAuthentication) - throttle_classes = (UserRateThrottle,) - permission_classes = (IsAdminUser,) - - def get(self, request, repo_id): - """ List all group shares of a repo - - Permission checking: - 1. admin user. - """ - - # resource check - repo = seafile_api.get_repo(repo_id) - if not repo: - error_msg = 'Library %s not found.' % repo_id - return api_error(status.HTTP_404_NOT_FOUND, error_msg) - - # current `request.user.username` is admin user, - # so need to identify the repo owner specifically. - repo_owner = seafile_api.get_repo_owner(repo_id) - try: - share_items = seafile_api.list_repo_shared_group_by_user(repo_owner, repo_id) - except Exception as e: - logger.error(e) - error_msg = 'Internal Server Error' - return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) - - result = [] - for share_item in share_items: - share_item_info = get_library_group_share_info(share_item) - result.append(share_item_info) - - return Response(result) - - def post(self, request, repo_id): - """ Admin share a library to group. - - Permission checking: - 1. admin user. - """ - - # argument check - permission = request.data.get('permission', None) - if not permission or permission not in ('r', 'rw'): - error_msg = 'permission invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - - # resource check - repo = seafile_api.get_repo(repo_id) - if not repo: - error_msg = 'Library %s not found.' % repo_id - return api_error(status.HTTP_404_NOT_FOUND, error_msg) - - result = {} - result['failed'] = [] - result['success'] = [] - group_ids = request.data.getlist('group_id') - - # current `request.user.username` is admin user, - # so need to identify the repo owner specifically. - repo_owner = seafile_api.get_repo_owner(repo_id) - - for group_id in group_ids: - try: - group_id = int(group_id) - except ValueError as e: - logger.error(e) - result['failed'].append({ - 'group_id': group_id, - 'error_msg': 'group_id %s invalid.' % group_id - }) - - continue - - group = ccnet_api.get_group(group_id) - if not group: - result['failed'].append({ - 'group_id': group_id, - 'error_msg': 'Group %s not found' % group_id - }) - - continue - - try: - seafile_api.set_group_repo(repo_id, group_id, repo_owner, permission) - except Exception as e: - logger.error(e) - result['failed'].append({ - "group_id": group_id, - 'error_msg': 'Internal Server Error' - }) - - continue - - result['success'].append({ - "group_id": group_id, - "group_name": group.group_name, - "permission": permission, - "repo_id": repo_id, - }) - - return Response(result) - -class AdminLibraryGroupShare(APIView): - authentication_classes = (TokenAuthentication, SessionAuthentication) - throttle_classes = (UserRateThrottle,) - permission_classes = (IsAdminUser,) - - def put(self, request, repo_id, format=None): - """ Update library group share permission. - - Permission checking: - 1. admin user. - """ - - # argument check - permission = request.data.get('permission', None) - if not permission or permission not in ('r', 'rw'): - error_msg = 'permission invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - - group_id = request.data.get('group_id', None) - - try: - group_id = int(group_id) - except ValueError: - error_msg = 'group_id %s invalid.' % group_id - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - - # resource check - repo = seafile_api.get_repo(repo_id) - if not repo: - error_msg = 'Library %s not found.' % repo_id - return api_error(status.HTTP_404_NOT_FOUND, error_msg) - - group = ccnet_api.get_group(group_id) - if not group: - error_msg = 'Group %s not found' % group_id - return api_error(status.HTTP_404_NOT_FOUND, error_msg) - - try: - seafile_api.set_group_repo_permission(group_id, repo_id, permission) - except Exception as e: - logger.error(e) - error_msg = 'Internal Server Error' - return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) - - result = {} - result['group_id'] = group_id - result['group_name'] = group.group_name - result['permission'] = permission - result['repo_id'] = repo_id - - return Response(result) - - def delete(self, request, repo_id, format=None): - """ Delete library group share permission. - - Permission checking: - 1. admin user. - """ - - # argument check - permission = request.data.get('permission', None) - if not permission or permission not in ('r', 'rw'): - error_msg = 'permission invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - - # resource check - repo = seafile_api.get_repo(repo_id) - if not repo: - error_msg = 'Library %s not found.' % repo_id - return api_error(status.HTTP_404_NOT_FOUND, error_msg) - - group_id = request.data.get('group_id') - try: - group_id = int(group_id) - except ValueError: - return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id) - - # current `request.user.username` is admin user, - # so need to identify the repo owner specifically. - repo_owner = seafile_api.get_repo_owner(repo_id) - - try: - seafile_api.unset_group_repo(repo_id, group_id, repo_owner) - except Exception as e: - logger.error(e) - error_msg = 'Internal Server Error' - return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) - - return Response({'success': True}) diff --git a/seahub/api2/endpoints/admin/library_user_shares.py b/seahub/api2/endpoints/admin/library_user_shares.py deleted file mode 100644 index 5e74efc9b1..0000000000 --- a/seahub/api2/endpoints/admin/library_user_shares.py +++ /dev/null @@ -1,233 +0,0 @@ -# Copyright (c) 2012-2016 Seafile Ltd. -import logging -from rest_framework import status -from rest_framework.authentication import SessionAuthentication -from rest_framework.permissions import IsAdminUser -from rest_framework.response import Response -from rest_framework.views import APIView -from seaserv import seafile_api - -from seahub.api2.authentication import TokenAuthentication -from seahub.api2.throttling import UserRateThrottle -from seahub.api2.utils import api_error - -from seahub.base.accounts import User -from seahub.base.templatetags.seahub_tags import email2nickname - -from seahub.utils import (is_valid_username) - -logger = logging.getLogger(__name__) - -def get_library_user_share_info(share_item): - result = {} - result['user_email'] = share_item.user - result['user_name'] = email2nickname(share_item.user) - result['permission'] = share_item.perm - result['repo_id'] = share_item.repo_id - - return result - - -class AdminLibraryUserShares(APIView): - authentication_classes = (TokenAuthentication, SessionAuthentication) - throttle_classes = (UserRateThrottle,) - permission_classes = (IsAdminUser,) - - def get(self, request, repo_id): - """ List all user shares of a repo - - Permission checking: - 1. admin user. - """ - - # resource check - repo = seafile_api.get_repo(repo_id) - if not repo: - error_msg = 'Library %s not found.' % repo_id - return api_error(status.HTTP_404_NOT_FOUND, error_msg) - - # current `request.user.username` is admin user, - # so need to identify the repo owner specifically. - repo_owner = seafile_api.get_repo_owner(repo_id) - try: - share_items = seafile_api.list_repo_shared_to(repo_owner, repo_id) - except Exception as e: - logger.error(e) - error_msg = 'Internal Server Error' - return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) - - result = [] - for share_item in share_items: - share_item_info = get_library_user_share_info(share_item) - result.append(share_item_info) - - return Response(result) - - def post(self, request, repo_id): - """ Admin share a library to user. - - Permission checking: - 1. admin user. - """ - - # argument check - permission = request.data.get('permission', None) - if not permission or permission not in ('r', 'rw'): - error_msg = 'permission invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - - # resource check - repo = seafile_api.get_repo(repo_id) - if not repo: - error_msg = 'Library %s not found.' % repo_id - return api_error(status.HTTP_404_NOT_FOUND, error_msg) - - result = {} - result['failed'] = [] - result['success'] = [] - share_to_users = request.data.getlist('email') - - # current `request.user.username` is admin user, - # so need to identify the repo owner specifically. - repo_owner = seafile_api.get_repo_owner(repo_id) - - for to_user in share_to_users: - if repo_owner == to_user: - result['failed'].append({ - 'user_email': to_user, - 'error_msg': 'email %s is library owner.' % to_user - }) - - continue - - if not is_valid_username(to_user): - result['failed'].append({ - 'user_email': to_user, - 'error_msg': 'email %s invalid.' % to_user - }) - - continue - - try: - User.objects.get(email=to_user) - except User.DoesNotExist: - result['failed'].append({ - 'user_email': to_user, - 'error_msg': 'User %s not found.' % to_user - }) - - continue - - try: - seafile_api.share_repo(repo_id, - repo_owner, to_user, permission) - except Exception as e: - logger.error(e) - result['failed'].append({ - 'user_email': to_user, - 'error_msg': 'Internal Server Error' - }) - - continue - - new_perm = seafile_api.check_permission_by_path(repo_id, '/', to_user) - result['success'].append({ - "repo_id": repo_id, - "user_email": to_user, - "user_name": email2nickname(to_user), - "permission": new_perm, - }) - - return Response(result) - -class AdminLibraryUserShare(APIView): - authentication_classes = (TokenAuthentication, SessionAuthentication) - throttle_classes = (UserRateThrottle,) - permission_classes = (IsAdminUser,) - - def put(self, request, repo_id, format=None): - """ Update library user share permission. - - Permission checking: - 1. admin user. - """ - - # argument check - permission = request.data.get('permission', None) - if not permission or permission not in ('r', 'rw'): - error_msg = 'permission invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - - to_user = request.data.get('user_email', None) - if not to_user or not is_valid_username(to_user): - error_msg = 'user_email invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - - # resource check - repo = seafile_api.get_repo(repo_id) - if not repo: - error_msg = 'Library %s not found.' % repo_id - return api_error(status.HTTP_404_NOT_FOUND, error_msg) - - try: - User.objects.get(email=to_user) - except User.DoesNotExist: - error_msg = 'User %s not found.' % to_user - return api_error(status.HTTP_404_NOT_FOUND, error_msg) - - # current `request.user.username` is admin user, - # so need to identify the repo owner specifically. - repo_owner = seafile_api.get_repo_owner(repo_id) - - try: - seafile_api.set_share_permission( - repo_id, repo_owner, to_user, permission) - except Exception as e: - logger.error(e) - error_msg = 'Internal Server Error' - return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) - - new_perm = seafile_api.check_permission_by_path(repo_id, '/', to_user) - result = {} - result['user_email'] = to_user - result['user_name'] = email2nickname(to_user) - result['permission'] = new_perm - result['repo_id'] = repo_id - - return Response(result) - - def delete(self, request, repo_id, format=None): - """ Delete library user share permission. - - Permission checking: - 1. admin user. - """ - - # argument check - permission = request.data.get('permission', None) - if not permission or permission not in ('r', 'rw'): - error_msg = 'permission invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - - to_user = request.data.get('user_email', None) - if not to_user or not is_valid_username(to_user): - error_msg = 'user_email invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - - # resource check - repo = seafile_api.get_repo(repo_id) - if not repo: - error_msg = 'Library %s not found.' % repo_id - return api_error(status.HTTP_404_NOT_FOUND, error_msg) - - # current `request.user.username` is admin user, - # so need to identify the repo owner specifically. - repo_owner = seafile_api.get_repo_owner(repo_id) - try: - seafile_api.remove_share(repo_id, repo_owner, to_user) - except Exception as e: - logger.error(e) - error_msg = 'Internal Server Error' - return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) - - return Response({'success': True}) diff --git a/seahub/api2/endpoints/admin/shares.py b/seahub/api2/endpoints/admin/shares.py new file mode 100644 index 0000000000..5c54b1fd15 --- /dev/null +++ b/seahub/api2/endpoints/admin/shares.py @@ -0,0 +1,399 @@ +# Copyright (c) 2012-2016 Seafile Ltd. +import logging +from rest_framework import status +from rest_framework.authentication import SessionAuthentication +from rest_framework.permissions import IsAdminUser +from rest_framework.response import Response +from rest_framework.views import APIView + +from django.utils.translation import ugettext as _ + +from seaserv import seafile_api, ccnet_api + +from seahub.api2.authentication import TokenAuthentication +from seahub.api2.throttling import UserRateThrottle +from seahub.api2.utils import api_error + +from seahub.base.accounts import User +from seahub.base.templatetags.seahub_tags import email2nickname +from seahub.utils import is_valid_username + +logger = logging.getLogger(__name__) + +def check_parameter(func): + """ + Decorator for check parameter + """ + def _decorated(view, request, *args, **kwargs): + + # argument check + if request.method == 'GET': + repo_id = request.GET.get('repo_id', None) + path = request.GET.get('path', '/') + share_type = request.GET.get('share_type', None) + else: + repo_id = request.data.get('repo_id', None) + path = request.data.get('path', '/') + share_type = request.data.get('share_type', None) + + if not repo_id: + error_msg = 'repo_id invalid.' + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + + if not share_type or share_type not in ('user', 'group'): + error_msg = 'share_type invalid.' + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + + # resource check + repo = seafile_api.get_repo(repo_id) + if not repo: + error_msg = 'Library %s not found.' % repo_id + return api_error(status.HTTP_404_NOT_FOUND, error_msg) + + if not seafile_api.get_dir_id_by_path(repo_id, path): + error_msg = 'Folder %s not found.' % path + return api_error(status.HTTP_404_NOT_FOUND, error_msg) + + return func(view, request, repo_id, path, share_type, *args, **kwargs) + + return _decorated + +class AdminShares(APIView): + authentication_classes = (TokenAuthentication, SessionAuthentication) + throttle_classes = (UserRateThrottle,) + permission_classes = (IsAdminUser,) + + @check_parameter + def get(self, request, repo_id, path, share_type): + """ List user/group shares + + Permission checking: + 1. admin user. + """ + + result = [] + + # current `request.user.username` is admin user, + # so need to identify the repo owner specifically. + repo_owner = seafile_api.get_repo_owner(repo_id) + if share_type == 'user': + try: + if path == '/': + share_items = seafile_api.list_repo_shared_to( + repo_owner, repo_id) + else: + share_items = seafile_api.get_shared_users_for_subdir( + repo_id, path, repo_owner) + except Exception as e: + logger.error(e) + error_msg = 'Internal Server Error' + return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) + + for share_item in share_items: + + user_email = share_item.user + user_name = email2nickname(user_email) if user_email else '--' + + share_info = {} + share_info['repo_id'] = repo_id + share_info['path'] = path + share_info['share_type'] = share_type + share_info['user_email'] = user_email + share_info['user_name'] = user_name + share_info['permission'] = share_item.perm + + result.append(share_info) + + if share_type == 'group': + try: + if path == '/': + share_items = seafile_api.list_repo_shared_group_by_user( + repo_owner, repo_id) + else: + share_items = seafile_api.get_shared_groups_for_subdir( + repo_id, path, repo_owner) + except Exception as e: + logger.error(e) + error_msg = 'Internal Server Error' + return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) + + for share_item in share_items: + + group_id = share_item.group_id + group = ccnet_api.get_group(group_id) + group_name = group.group_name if group else '--' + + share_info = {} + share_info['repo_id'] = repo_id + share_info['path'] = path + share_info['share_type'] = share_type + share_info['group_id'] = group_id + share_info['group_name'] = group_name + share_info['permission'] = share_item.perm + + result.append(share_info) + + return Response(result) + + @check_parameter + def post(self, request, repo_id, path, share_type): + """ Admin share a library to user/group. + + Permission checking: + 1. admin user. + """ + + # argument check + permission = request.data.get('permission', None) + if not permission or permission not in ('r', 'rw'): + error_msg = 'permission invalid.' + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + + result = {} + result['failed'] = [] + result['success'] = [] + share_to = request.data.getlist('share_to') + + # current `request.user.username` is admin user, + # so need to identify the repo owner specifically. + repo_owner = seafile_api.get_repo_owner(repo_id) + + if share_type == 'user': + for email in share_to: + if repo_owner == email: + result['failed'].append({ + 'user_email': email, + 'error_msg': _(u'User %s is already library owner.') % email + }) + + continue + + if not is_valid_username(email): + result['failed'].append({ + 'user_email': email, + 'error_msg': _('Email %s invalid.') % email + }) + + continue + + try: + User.objects.get(email=email) + except User.DoesNotExist: + result['failed'].append({ + 'user_email': email, + 'error_msg': 'User %s not found.' % email + }) + + continue + + try: + if path == '/': + seafile_api.share_repo( + repo_id, repo_owner, email, permission) + else: + seafile_api.share_subdir_email( + repo_id, path, repo_owner, email, permission) + + except Exception as e: + logger.error(e) + result['failed'].append({ + 'user_email': email, + 'error_msg': 'Internal Server Error' + }) + + continue + + new_perm = seafile_api.check_permission_by_path(repo_id, path, email) + result['success'].append({ + "repo_id": repo_id, + "path": path, + "share_type": share_type, + "user_email": email, + "user_name": email2nickname(email), + "permission": new_perm + }) + + if share_type == 'group': + for group_id in share_to: + try: + group_id = int(group_id) + except ValueError as e: + logger.error(e) + result['failed'].append({ + 'group_id': group_id, + 'error_msg': 'group_id %s invalid.' % group_id + }) + + continue + + group = ccnet_api.get_group(group_id) + if not group: + result['failed'].append({ + 'group_id': group_id, + 'error_msg': 'Group %s not found' % group_id + }) + + continue + + try: + if path == '/': + seafile_api.set_group_repo( + repo_id, group_id, repo_owner, permission) + else: + seafile_api.share_subdir_to_group( + repo_id, path, repo_owner, group_id, permission) + except Exception as e: + logger.error(e) + result['failed'].append({ + "group_id": group_id, + 'error_msg': 'Internal Server Error' + }) + + continue + + result['success'].append({ + "repo_id": repo_id, + "path": path, + "share_type": share_type, + "group_id": group_id, + "group_name": group.group_name, + "permission": permission + }) + + return Response(result) + + @check_parameter + def put(self, request, repo_id, path, share_type): + """ Update user/group share permission. + + Permission checking: + 1. admin user. + """ + + # argument check + permission = request.data.get('permission', None) + if not permission or permission not in ('r', 'rw'): + error_msg = 'permission invalid.' + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + + share_info = {} + share_info['repo_id'] = repo_id + share_info['path'] = path + share_info['share_type'] = share_type + + # current `request.user.username` is admin user, + # so need to identify the repo owner specifically. + repo_owner = seafile_api.get_repo_owner(repo_id) + + share_to = request.data.get('share_to', None) + if share_type == 'user': + email = share_to + if not email or not is_valid_username(email): + error_msg = 'email %s invalid.' % email + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + + try: + User.objects.get(email=email) + except User.DoesNotExist: + error_msg = 'User %s not found.' % email + return api_error(status.HTTP_404_NOT_FOUND, error_msg) + + try: + if path == '/': + seafile_api.set_share_permission( + repo_id, repo_owner, email, permission) + else: + seafile_api.update_share_subdir_perm_for_user( + repo_id, path, repo_owner, email, permission) + except Exception as e: + logger.error(e) + error_msg = 'Internal Server Error' + return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) + + new_perm = seafile_api.check_permission_by_path(repo_id, path, email) + share_info['user_email'] = email + share_info['user_name'] = email2nickname(email) + share_info['permission'] = new_perm + + if share_type == 'group': + group_id = share_to + try: + group_id = int(group_id) + except ValueError: + error_msg = 'group_id %s invalid.' % group_id + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + + group = ccnet_api.get_group(group_id) + if not group: + error_msg = 'Group %s not found' % group_id + return api_error(status.HTTP_404_NOT_FOUND, error_msg) + + try: + if path == '/': + seafile_api.set_group_repo_permission(group_id, + repo_id, permission) + else: + seafile_api.update_share_subdir_perm_for_group( + repo_id, path, repo_owner, group_id, permission) + except Exception as e: + logger.error(e) + error_msg = 'Internal Server Error' + return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) + + share_info['group_id'] = group_id + share_info['group_name'] = group.group_name + share_info['permission'] = permission + + return Response(share_info) + + @check_parameter + def delete(self, request, repo_id, path, share_type): + """ Delete user/group share permission. + + Permission checking: + 1. admin user. + """ + + # current `request.user.username` is admin user, + # so need to identify the repo owner specifically. + repo_owner = seafile_api.get_repo_owner(repo_id) + + share_to = request.data.get('share_to', None) + + if share_type == 'user': + email = share_to + if not email or not is_valid_username(email): + error_msg = 'email %s invalid.' % email + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + + try: + if path == '/': + seafile_api.remove_share(repo_id, repo_owner, email) + else: + seafile_api.unshare_subdir_for_user( + repo_id, path, repo_owner, email) + except Exception as e: + logger.error(e) + error_msg = 'Internal Server Error' + return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) + + if share_type == 'group': + group_id = share_to + try: + group_id = int(group_id) + except ValueError: + error_msg = 'group_id %s invalid' % group_id + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + + try: + if path == '/': + seafile_api.unset_group_repo(repo_id, group_id, repo_owner) + else: + seafile_api.unshare_subdir_for_group( + repo_id, path, repo_owner, group_id) + except Exception as e: + logger.error(e) + error_msg = 'Internal Server Error' + return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) + + return Response({'success': True}) diff --git a/seahub/api2/endpoints/search_group.py b/seahub/api2/endpoints/search_group.py index ff43b469e6..3a584cc00e 100644 --- a/seahub/api2/endpoints/search_group.py +++ b/seahub/api2/endpoints/search_group.py @@ -8,6 +8,7 @@ from rest_framework import status from django.conf import settings +import seaserv from seaserv import ccnet_api from seahub.api2.authentication import TokenAuthentication @@ -17,6 +18,10 @@ from seahub.api2.utils import api_error from seahub.utils import is_org_context from seahub.utils.timeutils import timestamp_to_isoformat_timestr +try: + from seahub.settings import CLOUD_MODE +except ImportError: + CLOUD_MODE = False def get_group_info(group_id): group = ccnet_api.get_group(group_id) @@ -58,13 +63,15 @@ class SearchGroup(APIView): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) - if not settings.ENABLE_GLOBAL_ADDRESSBOOK: - error_msg = 'Feature disabled.' - return api_error(status.HTTP_403_FORBIDDEN, error_msg) - - if is_org_context(request): - org_id = request.user.org.org_id - groups = ccnet_api.get_org_groups(org_id, -1, -1) + if CLOUD_MODE: + if is_org_context(request): + org_id = request.user.org.org_id + groups = ccnet_api.get_org_groups(org_id, -1, -1) + elif settings.ENABLE_GLOBAL_ADDRESSBOOK: + groups = ccnet_api.get_all_groups(-1, -1) + else: + username = request.user.username + groups = seaserv.get_personal_groups_by_user(username) else: groups = ccnet_api.get_all_groups(-1, -1) diff --git a/seahub/test_utils.py b/seahub/test_utils.py index 46baef1f84..4117e5d0ed 100644 --- a/seahub/test_utils.py +++ b/seahub/test_utils.py @@ -142,6 +142,16 @@ class Fixtures(Exam): group_id = self.group.id return ccnet_threaded_rpc.remove_group(group_id, self.user.username) + def share_repo_to_admin_with_r_permission(self): + # share user's repo to admin with 'r' permission + seafile_api.share_repo(self.repo.id, self.user.username, + self.admin.username, 'r') + + def share_repo_to_admin_with_rw_permission(self): + # share user's repo to admin with 'rw' permission + seafile_api.share_repo(self.repo.id, self.user.username, + self.admin.username, 'rw') + def set_user_folder_r_permission_to_admin(self): # share user's repo to admin with 'rw' permission diff --git a/seahub/urls.py b/seahub/urls.py index 565ecfe594..4c334ae0d7 100644 --- a/seahub/urls.py +++ b/seahub/urls.py @@ -47,8 +47,7 @@ from seahub.api2.endpoints.admin.library_dirents import AdminLibraryDirents, Adm from seahub.api2.endpoints.admin.system_library import AdminSystemLibrary from seahub.api2.endpoints.admin.trash_libraries import AdminTrashLibraries, AdminTrashLibrary from seahub.api2.endpoints.admin.groups import AdminGroups, AdminGroup -from seahub.api2.endpoints.admin.library_user_shares import AdminLibraryUserShares, AdminLibraryUserShare -from seahub.api2.endpoints.admin.library_group_shares import AdminLibraryGroupShares, AdminLibraryGroupShare +from seahub.api2.endpoints.admin.shares import AdminShares # Uncomment the next two lines to enable the admin: #from django.contrib import admin @@ -218,10 +217,7 @@ urlpatterns = patterns( url(r'^api/v2.1/admin/system-library/$', AdminSystemLibrary.as_view(), name='api-v2.1-admin-system-library'), url(r'^api/v2.1/admin/trash-libraries/$', AdminTrashLibraries.as_view(), name='api-v2.1-admin-trash-libraries'), url(r'^api/v2.1/admin/trash-libraries/(?P[-0-9a-f]{36})/$', AdminTrashLibrary.as_view(), name='api-v2.1-admin-trash-library'), - url(r'^api/v2.1/admin/libraries/(?P[-0-9a-f]{36})/user-shares/$', AdminLibraryUserShares.as_view(), name='api-v2.1-admin-library-user-shares'), - url(r'^api/v2.1/admin/libraries/(?P[-0-9a-f]{36})/user-share/$', AdminLibraryUserShare.as_view(), name='api-v2.1-admin-library-user-share'), - url(r'^api/v2.1/admin/libraries/(?P[-0-9a-f]{36})/group-shares/$', AdminLibraryGroupShares.as_view(), name='api-v2.1-admin-library-group-shares'), - url(r'^api/v2.1/admin/libraries/(?P[-0-9a-f]{36})/group-share/$', AdminLibraryGroupShare.as_view(), name='api-v2.1-admin-library-group-share'), + url(r'^api/v2.1/admin/shares/$', AdminShares.as_view(), name='api-v2.1-admin-shares'), (r'^avatar/', include('seahub.avatar.urls')), (r'^notification/', include('seahub.notifications.urls')), diff --git a/static/scripts/common.js b/static/scripts/common.js index bcf2351357..9d2bba5e96 100644 --- a/static/scripts/common.js +++ b/static/scripts/common.js @@ -181,10 +181,7 @@ define([ case 'admin-system-library': return siteRoot + 'api/v2.1/admin/system-library/'; case 'admin-trash-libraries': return siteRoot + 'api/v2.1/admin/trash-libraries/'; case 'admin-trash-library': return siteRoot + 'api/v2.1/admin/trash-libraries/' + options.repo_id + '/'; - case 'admin_library_user_shares': return siteRoot + 'api/v2.1/admin/libraries/' + options.repo_id + '/user-shares/'; - case 'admin_library_user_share': return siteRoot + 'api/v2.1/admin/libraries/' + options.repo_id + '/user-share/'; - case 'admin_library_group_shares': return siteRoot + 'api/v2.1/admin/libraries/' + options.repo_id + '/group-shares/'; - case 'admin_library_group_share': return siteRoot + 'api/v2.1/admin/libraries/' + options.repo_id + '/group-share/'; + case 'admin_shares': return siteRoot + 'api/v2.1/admin/shares/'; } }, diff --git a/static/scripts/sysadmin-app/views/folder-share-item.js b/static/scripts/sysadmin-app/views/folder-share-item.js index f24360b71f..3448c8e997 100644 --- a/static/scripts/sysadmin-app/views/folder-share-item.js +++ b/static/scripts/sysadmin-app/views/folder-share-item.js @@ -50,14 +50,23 @@ define([ var _this = this; var item_data = this.item_data; var perm = $(e.currentTarget).val(); - var url, data; + var url = Common.getUrl({name: 'admin_shares'}); + var data; if (item_data.for_user) { - url = Common.getUrl({name: 'admin_library_user_share', repo_id: this.repo_id}); - data = {'permission': perm, 'user_email': item_data.user_email}; + data = { + 'repo_id': _this.repo_id, + 'share_type': 'user', + 'permission': perm, + 'share_to': item_data.user_email + }; } else { - url = Common.getUrl({name: 'admin_library_group_share', repo_id: this.repo_id}); - data = {'permission': perm, 'group_id': item_data.group_id}; + data = { + 'repo_id': _this.repo_id, + 'share_type': 'group', + 'permission': perm, + 'share_to': item_data.group_id + }; } $.ajax({ @@ -73,14 +82,16 @@ define([ error: function(xhr) { var err_msg; if (xhr.responseText) { - err_msg = gettext("Edit failed"); + var parsed_resp = $.parseJSON(xhr.responseText); + err_msg = parsed_resp.error||parsed_resp.error_msg; + err_msg = Common.HTMLescape(err_msg); } else { err_msg = gettext("Failed. Please check the network."); } if (item_data.for_user) { $('#dir-user-share .error').html(err_msg).removeClass('hide'); } else { - $('#dir-group-group .error').html(err_msg).removeClass('hide'); + $('#dir-group-share .error').html(err_msg).removeClass('hide'); } } }); @@ -89,14 +100,23 @@ define([ del: function () { var _this = this; var item_data = this.item_data; - var url, data; + var url = Common.getUrl({name: 'admin_shares'}); + var data; if (item_data.for_user) { - url = Common.getUrl({name: 'admin_library_user_share', repo_id: this.repo_id}); - data = {'permission': item_data.permission, 'user_email': item_data.user_email}; + data = { + 'repo_id': _this.repo_id, + 'share_type': 'user', + 'permission': item_data.permission, + 'share_to': item_data.user_email + }; } else { - url = Common.getUrl({name: 'admin_library_group_share', repo_id: this.repo_id}); - data = {'permission': item_data.permission, 'group_id': item_data.group_id}; + data = { + 'repo_id': _this.repo_id, + 'share_type': 'group', + 'permission': item_data.permission, + 'share_to': item_data.group_id + }; } $.ajax({ @@ -111,14 +131,16 @@ define([ error: function (xhr) { var err_msg; if (xhr.responseText) { - err_msg = gettext("Delete failed"); + var parsed_resp = $.parseJSON(xhr.responseText); + err_msg = parsed_resp.error||parsed_resp.error_msg; + err_msg = Common.HTMLescape(err_msg); } else { err_msg = gettext("Failed. Please check the network."); } if (item_data.for_user) { $('#dir-user-share .error').html(err_msg).removeClass('hide'); } else { - $('#dir-group-group .error').html(err_msg).removeClass('hide'); + $('#dir-group-share .error').html(err_msg).removeClass('hide'); } } }); diff --git a/static/scripts/sysadmin-app/views/share.js b/static/scripts/sysadmin-app/views/share.js index 245d80954b..058d3708a2 100644 --- a/static/scripts/sysadmin-app/views/share.js +++ b/static/scripts/sysadmin-app/views/share.js @@ -63,7 +63,11 @@ define([ }, Common.contactInputOptionsForSelect2())); Common.ajaxGet({ - 'get_url': Common.getUrl({name: 'admin_library_user_shares', repo_id: repo_id}), + 'get_url': Common.getUrl({name: 'admin_shares'}), + 'data': { + 'repo_id': repo_id, + 'share_type': 'user' + }, 'after_op_success': function (data) { $(data).each(function(index, item) { var new_item = new FolderShareItemView({ @@ -96,7 +100,11 @@ define([ }, Common.groupInputOptionsForSelect2())); Common.ajaxGet({ - 'get_url': Common.getUrl({name: 'admin_library_group_shares', repo_id: repo_id}), + 'get_url': Common.getUrl({name: 'admin_shares'}), + 'data': { + 'repo_id': repo_id, + 'share_type': 'group' + }, 'after_op_success': function (data) { $(data).each(function(index, item) { var new_item = new FolderShareItemView({ @@ -136,13 +144,15 @@ define([ Common.disableButton($submitBtn); $.ajax({ - url: Common.getUrl({name: 'admin_library_user_shares', repo_id: repo_id}), + url: Common.getUrl({name: 'admin_shares'}), dataType: 'json', method: 'POST', beforeSend: Common.prepareCSRFToken, traditional: true, data: { - 'email': emails.split(','), + 'repo_id': repo_id, + 'share_type': 'user', + 'share_to': emails.split(','), 'permission': perm }, success: function(data) { @@ -177,8 +187,9 @@ define([ if (xhr.responseText) { var parsed_resp = $.parseJSON(xhr.responseText); err_msg = parsed_resp.error||parsed_resp.error_msg; + err_msg = Common.HTMLescape(err_msg); } else { - err_msg = gettext("Failed. Please check the network.") + err_msg = gettext("Failed. Please check the network."); } $error.html(err_msg).removeClass('hide'); }, @@ -209,13 +220,15 @@ define([ Common.disableButton($submitBtn); $.ajax({ - url: Common.getUrl({name: 'admin_library_group_shares',repo_id: repo_id}), + url: Common.getUrl({name: 'admin_shares'}), dataType: 'json', method: 'POST', beforeSend: Common.prepareCSRFToken, traditional: true, data: { - 'group_id': groups.split(','), + 'repo_id': repo_id, + 'share_type': 'group', + 'share_to': groups.split(','), 'permission': perm }, success: function(data) { @@ -250,8 +263,9 @@ define([ if (xhr.responseText) { var parsed_resp = $.parseJSON(xhr.responseText); err_msg = parsed_resp.error||parsed_resp.error_msg; + err_msg = Common.HTMLescape(err_msg); } else { - err_msg = gettext("Failed. Please check the network.") + err_msg = gettext("Failed. Please check the network."); } $error.html(err_msg).removeClass('hide'); }, diff --git a/tests/api/endpoints/admin/test_library_group_shares.py b/tests/api/endpoints/admin/test_library_group_shares.py deleted file mode 100644 index a0f852258d..0000000000 --- a/tests/api/endpoints/admin/test_library_group_shares.py +++ /dev/null @@ -1,167 +0,0 @@ -import json - -from django.core.urlresolvers import reverse - -from seaserv import seafile_api - -from seahub.test_utils import BaseTestCase - -class AdminLibraryUserShare(BaseTestCase): - - def setUp(self): - self.repo_id = self.repo.id - self.group_id = self.group.id - - self.user_name = self.user.username - self.admin_name = self.admin.username - - self.url = reverse('api-v2.1-admin-library-group-shares', args = [self.repo_id]) - - def tearDown(self): - self.remove_repo() - self.remove_group(self.group.id) - - def test_can_get(self): - - self.share_repo_to_group_with_rw_permission() - - self.login_as(self.admin) - - resp = self.client.get(self.url) - self.assertEqual(200, resp.status_code) - - json_resp = json.loads(resp.content) - assert json_resp[0]['repo_id'] == self.repo_id - assert json_resp[0]['group_id'] == self.group_id - - def test_get_with_invalid_user_permission(self): - - self.share_repo_to_group_with_rw_permission() - - self.login_as(self.user) - - resp = self.client.get(self.url) - self.assertEqual(403, resp.status_code) - - def test_admin_share_repo_to_group(self): - - self.login_as(self.admin) - - permission = 'r' - - data = { - 'permission': permission, - 'group_id': [self.group_id] - } - resp = self.client.post(self.url, data) - self.assertEqual(200, resp.status_code) - - json_resp = json.loads(resp.content) - assert json_resp['success'][0]['group_id'] == self.group_id - assert json_resp['success'][0]['permission'] == permission - - def test_share_repo_with_invalid_user_permission(self): - - self.login_as(self.user) - - permission = 'r' - - data = { - 'permission': permission, - 'group_id': [self.group_id] - } - resp = self.client.post(self.url, data) - self.assertEqual(403, resp.status_code) - - def test_admin_modify_repo_group_share_permission(self): - - self.share_repo_to_group_with_rw_permission() - - shared_groups = seafile_api.list_repo_shared_group( - self.user_name, self.repo_id) - - for e in shared_groups: - if e.group_id == self.group_id: - permission = e.perm - break - - assert permission == 'rw' - - self.login_as(self.admin) - - modified_perm = 'r' - url = reverse('api-v2.1-admin-library-group-share', args = [self.repo_id]) - data = 'permission=%s&group_id=%s' % (modified_perm, self.group_id) - resp = self.client.put(url, data, 'application/x-www-form-urlencoded') - self.assertEqual(200, resp.status_code) - - shared_groups = seafile_api.list_repo_shared_group( - self.user_name, self.repo_id) - - for e in shared_groups: - if e.group_id == self.group_id: - permission = e.perm - break - - assert permission == modified_perm - - def test_modify_with_invalid_user_permission(self): - - self.share_repo_to_group_with_rw_permission() - - shared_groups = seafile_api.list_repo_shared_group( - self.user_name, self.repo_id) - for e in shared_groups: - if e.group_id == self.group_id: - permission = e.perm - break - - assert permission == 'rw' - - self.login_as(self.user) - - modified_perm = 'r' - url = reverse('api-v2.1-admin-library-group-share', args = [self.repo_id]) - data = 'permission=%s&group_id=%s' % (modified_perm, self.group_id) - resp = self.client.put(url, data, 'application/x-www-form-urlencoded') - self.assertEqual(403, resp.status_code) - - def test_admin_delete_repo_user_share_permission(self): - - self.share_repo_to_group_with_rw_permission() - - shared_groups = seafile_api.list_repo_shared_group( - self.user_name, self.repo_id) - for e in shared_groups: - if e.group_id == self.group_id: - permission = e.perm - break - - assert permission == 'rw' - - self.login_as(self.admin) - - url = reverse('api-v2.1-admin-library-group-share', args = [self.repo_id]) - data = 'permission=%s&group_id=%s' % (permission, self.group_id) - resp = self.client.delete(url, data, 'application/x-www-form-urlencoded') - self.assertEqual(200, resp.status_code) - - def test_delete_with_invalid_user_permission(self): - - self.share_repo_to_group_with_rw_permission() - - shared_groups = seafile_api.list_repo_shared_group( - self.user_name, self.repo_id) - for e in shared_groups: - if e.group_id == self.group_id: - permission = e.perm - break - - assert permission == 'rw' - - self.login_as(self.user) - - url = reverse('api-v2.1-admin-library-group-share', args = [self.repo_id]) - data = 'permission=%s&group_id=%s' % (permission, self.group_id) - resp = self.client.delete(url, data, 'application/x-www-form-urlencoded') - self.assertEqual(403, resp.status_code) diff --git a/tests/api/endpoints/admin/test_library_user_shares.py b/tests/api/endpoints/admin/test_library_user_shares.py deleted file mode 100644 index a0ca252df4..0000000000 --- a/tests/api/endpoints/admin/test_library_user_shares.py +++ /dev/null @@ -1,162 +0,0 @@ -import json - -from django.core.urlresolvers import reverse - -from seaserv import seafile_api - -from seahub.test_utils import BaseTestCase - -class AdminLibraryUserShare(BaseTestCase): - - def share_repo_to_user(self): - - # user share repo to admin - seafile_api.share_repo( - self.repo.id, self.user.username, - self.admin.username, 'rw') - - def setUp(self): - self.repo_id = self.repo.id - self.user_name = self.user.username - self.admin_name = self.admin.username - self.url = reverse('api-v2.1-admin-library-user-shares', args = [self.repo_id]) - - self.tmp_user = self.create_user('tmp@email.com') - self.tmp_user_email = self.tmp_user.username - - def tearDown(self): - self.remove_repo() - self.remove_user(self.tmp_user_email) - - def test_can_get(self): - - self.share_repo_to_user() - - self.login_as(self.admin) - - resp = self.client.get(self.url) - self.assertEqual(200, resp.status_code) - - json_resp = json.loads(resp.content) - assert json_resp[0]['repo_id'] == self.repo_id - - def test_get_with_invalid_user_permission(self): - - self.share_repo_to_user() - - self.login_as(self.user) - - resp = self.client.get(self.url) - self.assertEqual(403, resp.status_code) - - def test_admin_share_repo_to_user(self): - - self.login_as(self.admin) - - invalid_email = 'invalid@email.com' - - data = { - 'permission': 'r', - 'email': [invalid_email, self.tmp_user_email] - } - resp = self.client.post(self.url, data) - self.assertEqual(200, resp.status_code) - - json_resp = json.loads(resp.content) - assert json_resp['failed'][0]['user_email'] == invalid_email - assert json_resp['success'][0]['user_email'] == self.tmp_user_email - - def test_share_repo_with_invalid_user_permission(self): - - self.login_as(self.user) - - invalid_email = 'invalid@email.com' - tmp_user = self.create_user('tmp@email.com') - tmp_user_email = tmp_user.username - - data = { - 'permission': 'r', - 'email': [invalid_email, tmp_user_email] - } - resp = self.client.post(self.url, data) - self.assertEqual(403, resp.status_code) - - def test_admin_modify_repo_user_share_permission(self): - - # user share repo to tmp user - init_permission = 'rw' - seafile_api.share_repo( - self.repo_id, self.user_name, - self.tmp_user_email, init_permission) - - assert seafile_api.check_permission_by_path(self.repo_id, \ - '/', self.tmp_user_email) == init_permission - - self.login_as(self.admin) - - modified_perm = 'r' - url = reverse('api-v2.1-admin-library-user-share', args = [self.repo_id]) - data = 'permission=%s&user_email=%s' % (modified_perm, self.tmp_user_email) - resp = self.client.put(url, data, 'application/x-www-form-urlencoded') - self.assertEqual(200, resp.status_code) - - assert seafile_api.check_permission_by_path(self.repo_id, \ - '/', self.tmp_user_email) == modified_perm - - def test_modify_with_invalid_user_permission(self): - - # user share repo to tmp user - init_permission = 'rw' - seafile_api.share_repo( - self.repo_id, self.user_name, - self.tmp_user_email, init_permission) - - assert seafile_api.check_permission_by_path(self.repo_id, \ - '/', self.tmp_user_email) == init_permission - - self.login_as(self.user) - - modified_perm = 'r' - url = reverse('api-v2.1-admin-library-user-share', args = [self.repo_id]) - data = 'permission=%s&user_email=%s' % (modified_perm, self.tmp_user_email) - resp = self.client.put(url, data, 'application/x-www-form-urlencoded') - self.assertEqual(403, resp.status_code) - - def test_admin_delete_repo_user_share_permission(self): - - # user share repo to tmp user - init_permission = 'rw' - seafile_api.share_repo( - self.repo_id, self.user_name, - self.tmp_user_email, init_permission) - - assert seafile_api.check_permission_by_path(self.repo_id, \ - '/', self.tmp_user_email) == init_permission - - self.login_as(self.admin) - - url = reverse('api-v2.1-admin-library-user-share', args = [self.repo_id]) - data = 'permission=%s&user_email=%s' % (init_permission, self.tmp_user_email) - resp = self.client.delete(url, data, 'application/x-www-form-urlencoded') - self.assertEqual(200, resp.status_code) - - assert seafile_api.check_permission_by_path(self.repo_id, \ - '/', self.tmp_user_email) is None - - def test_delete_with_invalid_user_permission(self): - - # user share repo to tmp user - init_permission = 'rw' - seafile_api.share_repo( - self.repo_id, self.user_name, - self.tmp_user_email, init_permission) - - assert seafile_api.check_permission_by_path(self.repo_id, \ - '/', self.tmp_user_email) == init_permission - - self.login_as(self.user) - - url = reverse('api-v2.1-admin-library-user-share', args = [self.repo_id]) - data = 'permission=%s&user_email=%s' % (init_permission, self.tmp_user_email) - resp = self.client.delete(url, data, 'application/x-www-form-urlencoded') - self.assertEqual(403, resp.status_code) diff --git a/tests/api/endpoints/admin/test_shares.py b/tests/api/endpoints/admin/test_shares.py new file mode 100644 index 0000000000..4f05b5fdfc --- /dev/null +++ b/tests/api/endpoints/admin/test_shares.py @@ -0,0 +1,229 @@ +import json + +from django.core.urlresolvers import reverse + +from seaserv import seafile_api + +from seahub.test_utils import BaseTestCase + +class Shares(BaseTestCase): + + def setUp(self): + self.repo_id = self.repo.id + self.group_id = self.group.id + + self.user_name = self.user.username + self.admin_name = self.admin.username + + self.para = '?repo_id=%s&path=/' % self.repo_id + self.url = reverse('api-v2.1-admin-shares') + + self.tmp_user = self.create_user('tmp@email.com') + self.tmp_user_email = self.tmp_user.username + + def tearDown(self): + self.remove_repo() + self.remove_user(self.tmp_user_email) + + def test_can_get_user_shared(self): + + self.share_repo_to_admin_with_rw_permission() + + self.login_as(self.admin) + + resp = self.client.get(self.url + self.para + '&share_type=user') + json_resp = json.loads(resp.content) + self.assertEqual(200, resp.status_code) + + assert json_resp[0]['repo_id'] == self.repo_id + assert json_resp[0]['path'] == '/' + assert json_resp[0]['share_type'] == 'user' + assert json_resp[0]['user_email'] == self.admin_name + assert json_resp[0]['permission'] == 'rw' + + def test_can_get_group_shared(self): + + self.share_repo_to_group_with_rw_permission() + + self.login_as(self.admin) + + resp = self.client.get(self.url + self.para + '&share_type=group') + json_resp = json.loads(resp.content) + self.assertEqual(200, resp.status_code) + + assert json_resp[0]['repo_id'] == self.repo_id + assert json_resp[0]['path'] == '/' + assert json_resp[0]['share_type'] == 'group' + assert json_resp[0]['group_id'] == self.group_id + assert json_resp[0]['permission'] == 'rw' + + def test_get_with_invalid_permission(self): + + self.login_as(self.user) + + resp = self.client.get(self.url + self.para + '&share_type=group') + self.assertEqual(403, resp.status_code) + + def test_share_repo_to_user(self): + + self.login_as(self.admin) + + invalid_email = 'invalid@email.com' + permission = 'r' + + data = { + 'repo_id': self.repo_id, + 'share_type': 'user', + 'permission': permission, + 'share_to': [invalid_email, self.tmp_user_email] + } + resp = self.client.post(self.url, data) + self.assertEqual(200, resp.status_code) + + json_resp = json.loads(resp.content) + assert json_resp['failed'][0]['user_email'] == invalid_email + assert json_resp['success'][0]['user_email'] == self.tmp_user_email + assert json_resp['success'][0]['permission'] == permission + + def test_share_repo_to_group(self): + + self.login_as(self.admin) + + invalid_group_id = 'invalid_group_id' + permission = 'r' + + data = { + 'repo_id': self.repo_id, + 'share_type': 'group', + 'permission': permission, + 'share_to': [invalid_group_id, self.group_id] + } + resp = self.client.post(self.url, data) + self.assertEqual(200, resp.status_code) + + json_resp = json.loads(resp.content) + assert json_resp['failed'][0]['group_id'] == invalid_group_id + assert json_resp['success'][0]['group_id'] == self.group_id + assert json_resp['success'][0]['permission'] == permission + + def test_share_repo_with_invalid_user_permission(self): + + self.login_as(self.user) + + invalid_group_id = 'invalid_group_id' + permission = 'r' + + data = { + 'repo_id': self.repo_id, + 'share_type': 'group', + 'permission': permission, + 'share_to': [invalid_group_id, self.group_id] + } + resp = self.client.post(self.url, data) + self.assertEqual(403, resp.status_code) + + def test_modify_repo_user_share_permission(self): + + # user share repo to tmp user + init_permission = 'rw' + seafile_api.share_repo(self.repo_id, + self.user_name, self.tmp_user_email, init_permission) + + assert seafile_api.check_permission_by_path(self.repo_id, \ + '/', self.tmp_user_email) == init_permission + + self.login_as(self.admin) + + modified_perm = 'r' + data = 'repo_id=%s&share_type=%s&permission=%s&share_to=%s' % \ + (self.repo_id, 'user', modified_perm, self.tmp_user_email) + resp = self.client.put(self.url, data, 'application/x-www-form-urlencoded') + self.assertEqual(200, resp.status_code) + + assert seafile_api.check_permission_by_path(self.repo_id, \ + '/', self.tmp_user_email) == modified_perm + + def test_modify_repo_group_share_permission(self): + + # user share repo to tmp user + self.share_repo_to_group_with_rw_permission() + + shared_groups = seafile_api.list_repo_shared_group( + self.user_name, self.repo_id) + + for e in shared_groups: + if e.group_id == self.group_id: + permission = e.perm + break + + assert permission == 'rw' + + self.login_as(self.admin) + + modified_perm = 'r' + data = 'repo_id=%s&share_type=%s&permission=%s&share_to=%s' % \ + (self.repo_id, 'group', modified_perm, self.group_id) + resp = self.client.put(self.url, data, 'application/x-www-form-urlencoded') + self.assertEqual(200, resp.status_code) + + shared_groups = seafile_api.list_repo_shared_group( + self.user_name, self.repo_id) + + for e in shared_groups: + if e.group_id == self.group_id: + permission = e.perm + break + + assert permission == modified_perm + + def test_modify_with_invalid_user_permission(self): + self.login_as(self.user) + + resp = self.client.put(self.url, {}, 'application/x-www-form-urlencoded') + self.assertEqual(403, resp.status_code) + + def test_delete_repo_user_share_permission(self): + + # user share repo to tmp user + init_permission = 'rw' + seafile_api.share_repo(self.repo_id, + self.user_name, self.tmp_user_email, init_permission) + + assert seafile_api.check_permission_by_path(self.repo_id, \ + '/', self.tmp_user_email) == init_permission + + self.login_as(self.admin) + + data = 'repo_id=%s&share_type=%s&share_to=%s' % \ + (self.repo_id, 'user', self.tmp_user_email) + resp = self.client.delete(self.url, data, 'application/x-www-form-urlencoded') + self.assertEqual(200, resp.status_code) + + assert seafile_api.check_permission_by_path(self.repo_id, \ + '/', self.tmp_user_email) is None + + def test_delete_repo_group_share_permission(self): + + self.share_repo_to_group_with_rw_permission() + + shared_groups = seafile_api.list_repo_shared_group( + self.user_name, self.repo_id) + for e in shared_groups: + if e.group_id == self.group_id: + permission = e.perm + break + + assert permission == 'rw' + + self.login_as(self.admin) + + data = 'repo_id=%s&share_type=%s&share_to=%s' % \ + (self.repo_id, 'user', self.tmp_user_email) + resp = self.client.delete(self.url, data, 'application/x-www-form-urlencoded') + self.assertEqual(200, resp.status_code) + + def test_delete_with_invalid_user_permission(self): + + self.login_as(self.user) + resp = self.client.delete(self.url, {}, 'application/x-www-form-urlencoded') + self.assertEqual(403, resp.status_code) diff --git a/tests/api/endpoints/test_search_group.py b/tests/api/endpoints/test_search_group.py index c452840882..4aed8aa424 100644 --- a/tests/api/endpoints/test_search_group.py +++ b/tests/api/endpoints/test_search_group.py @@ -46,4 +46,6 @@ class SearchGroupTest(BaseTestCase): self.login_as(self.user) resp = self.client.get(self.endpoint + '?q=' + self.group_name) - self.assertEqual(403, resp.status_code) + json_resp = json.loads(resp.content) + self.assertEqual(200, resp.status_code) + assert len(json_resp) > 0