haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-10-21 10:51:17 +00:00
Code Issues Releases Wiki Activity

Update share file permissions

Browse Source
This commit is contained in:
zhengxie
2017-06-17 15:49:45 +08:00
parent 47f811cd78
commit 5e20cd58fa
3 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
seahub/views/file.py
View File

@@ -831,6 +831,9 @@ def view_shared_file(request, fileshare):
# send statistic messages # send statistic messages
file_size = seafile_api.get_file_size(repo.store_id, repo.version, obj_id) file_size = seafile_api.get_file_size(repo.store_id, repo.version, obj_id)
if request.GET.get('dl', '') == '1': if request.GET.get('dl', '') == '1':
if fileshare.get_permissions()['can_download'] is False:
raise Http404
# download shared file # download shared file
return _download_file_from_share_link(request, fileshare) return _download_file_from_share_link(request, fileshare)
@@ -839,6 +842,9 @@ def view_shared_file(request, fileshare):
use_onetime=False) use_onetime=False)
raw_path = gen_file_get_url(access_token, filename) raw_path = gen_file_get_url(access_token, filename)
if request.GET.get('raw', '') == '1': if request.GET.get('raw', '') == '1':
if fileshare.get_permissions()['can_download'] is False:
raise Http404
# check whether owner's traffic over the limit # check whether owner's traffic over the limit
if user_traffic_over_limit(shared_by): if user_traffic_over_limit(shared_by):
messages.error(request, _(u'Unable to view raw file, share link traffic is used up.')) messages.error(request, _(u'Unable to view raw file, share link traffic is used up.'))
@@ -974,6 +980,9 @@ def view_file_via_shared_dir(request, fileshare):
context_instance=RequestContext(request)) context_instance=RequestContext(request))
if request.GET.get('dl', '') == '1': if request.GET.get('dl', '') == '1':
if fileshare.get_permissions()['can_download'] is False:
raise Http404
# download shared file # download shared file
return _download_file_from_share_link(request, fileshare) return _download_file_from_share_link(request, fileshare)
@@ -999,6 +1008,9 @@ def view_file_via_shared_dir(request, fileshare):
filename = os.path.basename(req_path) filename = os.path.basename(req_path)
if request.GET.get('raw', '0') == '1': if request.GET.get('raw', '0') == '1':
if fileshare.get_permissions()['can_download'] is False:
raise Http404
username = request.user.username username = request.user.username
token = seafile_api.get_fileserver_access_token(repo_id, token = seafile_api.get_fileserver_access_token(repo_id,
obj_id, 'view', username, use_onetime=True) obj_id, 'view', username, use_onetime=True)

11
tests/seahub/views/file/test_view_file_via_shared_dir.py
View File

@@ -82,3 +82,14 @@ class ViewFileViaSharedDirTest(TestCase, Fixtures):
resp = self.client.get(dl_url) resp = self.client.get(dl_url)
self.assertEqual(302, resp.status_code) self.assertEqual(302, resp.status_code)
assert '8082/files/' in resp.get('location') assert '8082/files/' in resp.get('location')
def test_can_not_download_viewonly(self):
assert self.fs.get_permissions()['can_download'] is True
self.fs.permission = FileShare.PERM_VIEW_ONLY
self.fs.save()
assert self.fs.get_permissions()['can_download'] is False
dl_url = reverse('view_file_via_shared_dir', args=[self.fs.token]) + \
'?p=%s&dl=1' % self.file
resp = self.client.get(dl_url)
self.assertEqual(404, resp.status_code)

18
tests/seahub/views/file/test_view_shared_file.py
View File

@@ -46,6 +46,15 @@ class ViewSharedFileTest(TestCase, Fixtures):
self.assertEqual(302, resp.status_code) self.assertEqual(302, resp.status_code)
assert '8082/files/' in resp.get('location') assert '8082/files/' in resp.get('location')
def test_can_not_download_viewonly(self):
assert self.fs.get_permissions()['can_download'] is True
self.fs.permission = FileShare.PERM_VIEW_ONLY
self.fs.save()
assert self.fs.get_permissions()['can_download'] is False
dl_url = reverse('view_shared_file', args=[self.fs.token]) + '?dl=1'
resp = self.client.get(dl_url)
self.assertEqual(404, resp.status_code)
def test_dl_link_can_use_more_times(self): def test_dl_link_can_use_more_times(self):
dl_url = reverse('view_shared_file', args=[self.fs.token]) + '?dl=1' dl_url = reverse('view_shared_file', args=[self.fs.token]) + '?dl=1'
resp = self.client.get(dl_url) resp = self.client.get(dl_url)
@@ -64,6 +73,15 @@ class ViewSharedFileTest(TestCase, Fixtures):
self.assertEqual(302, resp.status_code) self.assertEqual(302, resp.status_code)
assert '8082/files/' in resp.get('location') assert '8082/files/' in resp.get('location')
def test_can_not_view_raw_viewonly(self):
assert self.fs.get_permissions()['can_download'] is True
self.fs.permission = FileShare.PERM_VIEW_ONLY
self.fs.save()
assert self.fs.get_permissions()['can_download'] is False
dl_url = reverse('view_shared_file', args=[self.fs.token]) + '?raw=1'
resp = self.client.get(dl_url)
self.assertEqual(404, resp.status_code)
def test_view_count(self): def test_view_count(self):
"""Issue https://github.com/haiwen/seahub/issues/742 """Issue https://github.com/haiwen/seahub/issues/742
""" """