From 685ee2c21a3ebc6a6131fd67998acde92c20a15a Mon Sep 17 00:00:00 2001 From: lian Date: Tue, 18 Aug 2020 17:33:31 +0800 Subject: [PATCH] fix bug when get repo api token (#4652) Co-authored-by: lian --- seahub/api2/endpoints/repo_api_tokens.py | 8 ++++---- seahub/repo_api_tokens/utils.py | 7 ++++--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/seahub/api2/endpoints/repo_api_tokens.py b/seahub/api2/endpoints/repo_api_tokens.py index 3fa2972050..d0de77b818 100644 --- a/seahub/api2/endpoints/repo_api_tokens.py +++ b/seahub/api2/endpoints/repo_api_tokens.py @@ -45,7 +45,7 @@ class RepoAPITokensView(APIView): # permission check username = request.user.username - if not permission_check_admin_owner(username, repo_id, request): + if not permission_check_admin_owner(request, username, repo_id): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) @@ -73,7 +73,7 @@ class RepoAPITokensView(APIView): # permission check username = request.user.username - if not permission_check_admin_owner(username, repo_id, request): + if not permission_check_admin_owner(request, username, repo_id): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) @@ -108,7 +108,7 @@ class RepoAPITokenView(APIView): username = request.user.username # permission check - if not permission_check_admin_owner(username, repo_id, request): + if not permission_check_admin_owner(request, username, repo_id): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) @@ -139,7 +139,7 @@ class RepoAPITokenView(APIView): # permission check username = request.user.username - if not permission_check_admin_owner(username, repo_id, request): + if not permission_check_admin_owner(request, username, repo_id): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) diff --git a/seahub/repo_api_tokens/utils.py b/seahub/repo_api_tokens/utils.py index c6f3b37aeb..fc5b60d9c9 100644 --- a/seahub/repo_api_tokens/utils.py +++ b/seahub/repo_api_tokens/utils.py @@ -12,14 +12,14 @@ from seahub.settings import ENABLE_VIDEO_THUMBNAIL, THUMBNAIL_ROOT from seahub.thumbnail.utils import get_thumbnail_src from seahub.utils import is_pro_version, FILEEXT_TYPE_MAP, IMAGE, XMIND, VIDEO from seahub.utils.file_tags import get_files_tags_in_dir -from seahub.utils.repo import is_group_repo_staff +from seahub.utils.repo import is_group_repo_staff, is_repo_owner logger = logging.getLogger(__name__) json_content_type = 'application/json; charset=utf-8' HTTP_520_OPERATION_FAILED = 520 -def permission_check_admin_owner(username, repo_id, request=None): # maybe add more complex logic in the future +def permission_check_admin_owner(request, username, repo_id): # maybe add more complex logic in the future """ if repo is owned by user return true or check whether repo is owned by group and whether user is group's staff @@ -28,7 +28,8 @@ def permission_check_admin_owner(username, repo_id, request=None): # maybe add else check user is the such group's staff """ - if username == seafile_api.get_repo_owner(repo_id): + + if is_repo_owner(request, repo_id, username): return True else: return is_group_repo_staff(request, repo_id, username)