haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-08-02 07:47:32 +00:00
Code Issues Releases Wiki Activity

admin manage repo share

Browse Source
This commit is contained in:
lian 2016-08-03 18:17:24 +08:00 committed by lian
parent c4ffca620e
commit 92df1ef8d2
12 changed files with 1523 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

223
seahub/api2/endpoints/admin/library_group_shares.py Normal file
View File

@ -0,0 +1,223 @@
# Copyright (c) 2012-2016 Seafile Ltd.
import logging
from rest_framework import status
from rest_framework.authentication import SessionAuthentication
from rest_framework.permissions import IsAdminUser
from rest_framework.response import Response
from rest_framework.views import APIView
from seaserv import seafile_api, ccnet_api
from seahub.api2.authentication import TokenAuthentication
from seahub.api2.throttling import UserRateThrottle
from seahub.api2.utils import api_error
logger = logging.getLogger(__name__)
def get_library_group_share_info(share_item):
group_id = share_item.group_id
group = ccnet_api.get_group(group_id)
result = {}
result['group_id'] = group_id
result['group_name'] = group.group_name
result['permission'] = share_item.perm
result['repo_id'] = share_item.repo_id
return result
class AdminLibraryGroupShares(APIView):
authentication_classes = (TokenAuthentication, SessionAuthentication)
throttle_classes = (UserRateThrottle,)
permission_classes = (IsAdminUser,)
def get(self, request, repo_id):
""" List all group shares of a repo
Permission checking:
1. admin user.
"""
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo_id)
try:
share_items = seafile_api.list_repo_shared_group_by_user(repo_owner, repo_id)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
result = []
for share_item in share_items:
share_item_info = get_library_group_share_info(share_item)
result.append(share_item_info)
return Response(result)
def post(self, request, repo_id):
""" Admin share a library to group.
Permission checking:
1. admin user.
"""
# argument check
permission = request.data.get('permission', None)
if not permission or permission not in ('r', 'rw'):
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
result = {}
result['failed'] = []
result['success'] = []
group_ids = request.data.getlist('group_id')
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo_id)
for group_id in group_ids:
try:
group_id = int(group_id)
except ValueError as e:
logger.error(e)
result['failed'].append({
'group_id': group_id,
'error_msg': 'group_id %s invalid.' % group_id
})
continue
group = ccnet_api.get_group(group_id)
if not group:
result['failed'].append({
'group_id': group_id,
'error_msg': 'Group %s not found' % group_id
})
continue
try:
seafile_api.set_group_repo(repo_id, group_id, repo_owner, permission)
except Exception as e:
logger.error(e)
result['failed'].append({
"group_id": group_id,
'error_msg': 'Internal Server Error'
})
continue
result['success'].append({
"group_id": group_id,
"group_name": group.group_name,
"permission": permission,
"repo_id": repo_id,
})
return Response(result)
class AdminLibraryGroupShare(APIView):
authentication_classes = (TokenAuthentication, SessionAuthentication)
throttle_classes = (UserRateThrottle,)
permission_classes = (IsAdminUser,)
def put(self, request, repo_id, format=None):
""" Update library group share permission.
Permission checking:
1. admin user.
"""
# argument check
permission = request.data.get('permission', None)
if not permission or permission not in ('r', 'rw'):
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
group_id = request.data.get('group_id', None)
try:
group_id = int(group_id)
except ValueError:
error_msg = 'group_id %s invalid.' % group_id
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %s not found' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
seafile_api.set_group_repo_permission(group_id, repo_id, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
result = {}
result['group_id'] = group_id
result['group_name'] = group.group_name
result['permission'] = permission
result['repo_id'] = repo_id
return Response(result)
def delete(self, request, repo_id, format=None):
""" Delete library group share permission.
Permission checking:
1. admin user.
"""
# argument check
permission = request.data.get('permission', None)
if not permission or permission not in ('r', 'rw'):
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
group_id = request.data.get('group_id')
try:
group_id = int(group_id)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id)
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo_id)
try:
seafile_api.unset_group_repo(repo_id, group_id, repo_owner)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})

233
seahub/api2/endpoints/admin/library_user_shares.py Normal file
View File

@ -0,0 +1,233 @@
# Copyright (c) 2012-2016 Seafile Ltd.
import logging
from rest_framework import status
from rest_framework.authentication import SessionAuthentication
from rest_framework.permissions import IsAdminUser
from rest_framework.response import Response
from rest_framework.views import APIView
from seaserv import seafile_api
from seahub.api2.authentication import TokenAuthentication
from seahub.api2.throttling import UserRateThrottle
from seahub.api2.utils import api_error
from seahub.base.accounts import User
from seahub.base.templatetags.seahub_tags import email2nickname
from seahub.utils import (is_valid_username)
logger = logging.getLogger(__name__)
def get_library_user_share_info(share_item):
result = {}
result['user_email'] = share_item.user
result['user_name'] = email2nickname(share_item.user)
result['permission'] = share_item.perm
result['repo_id'] = share_item.repo_id
return result
class AdminLibraryUserShares(APIView):
authentication_classes = (TokenAuthentication, SessionAuthentication)
throttle_classes = (UserRateThrottle,)
permission_classes = (IsAdminUser,)
def get(self, request, repo_id):
""" List all user shares of a repo
Permission checking:
1. admin user.
"""
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo_id)
try:
share_items = seafile_api.list_repo_shared_to(repo_owner, repo_id)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
result = []
for share_item in share_items:
share_item_info = get_library_user_share_info(share_item)
result.append(share_item_info)
return Response(result)
def post(self, request, repo_id):
""" Admin share a library to user.
Permission checking:
1. admin user.
"""
# argument check
permission = request.data.get('permission', None)
if not permission or permission not in ('r', 'rw'):
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
result = {}
result['failed'] = []
result['success'] = []
share_to_users = request.data.getlist('email')
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo_id)
for to_user in share_to_users:
if repo_owner == to_user:
result['failed'].append({
'user_email': to_user,
'error_msg': 'email %s is library owner.' % to_user
})
continue
if not is_valid_username(to_user):
result['failed'].append({
'user_email': to_user,
'error_msg': 'email %s invalid.' % to_user
})
continue
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
result['failed'].append({
'user_email': to_user,
'error_msg': 'User %s not found.' % to_user
})
continue
try:
seafile_api.share_repo(repo_id,
repo_owner, to_user, permission)
except Exception as e:
logger.error(e)
result['failed'].append({
'user_email': to_user,
'error_msg': 'Internal Server Error'
})
continue
new_perm = seafile_api.check_permission_by_path(repo_id, '/', to_user)
result['success'].append({
"repo_id": repo_id,
"user_email": to_user,
"user_name": email2nickname(to_user),
"permission": new_perm,
})
return Response(result)
class AdminLibraryUserShare(APIView):
authentication_classes = (TokenAuthentication, SessionAuthentication)
throttle_classes = (UserRateThrottle,)
permission_classes = (IsAdminUser,)
def put(self, request, repo_id, format=None):
""" Update library user share permission.
Permission checking:
1. admin user.
"""
# argument check
permission = request.data.get('permission', None)
if not permission or permission not in ('r', 'rw'):
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
to_user = request.data.get('user_email', None)
if not to_user or not is_valid_username(to_user):
error_msg = 'user_email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
User.objects.get(email=to_user)
except User.DoesNotExist:
error_msg = 'User %s not found.' % to_user
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo_id)
try:
seafile_api.set_share_permission(
repo_id, repo_owner, to_user, permission)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_perm = seafile_api.check_permission_by_path(repo_id, '/', to_user)
result = {}
result['user_email'] = to_user
result['user_name'] = email2nickname(to_user)
result['permission'] = new_perm
result['repo_id'] = repo_id
return Response(result)
def delete(self, request, repo_id, format=None):
""" Delete library user share permission.
Permission checking:
1. admin user.
"""
# argument check
permission = request.data.get('permission', None)
if not permission or permission not in ('r', 'rw'):
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
to_user = request.data.get('user_email', None)
if not to_user or not is_valid_username(to_user):
error_msg = 'user_email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# current `request.user.username` is admin user,
# so need to identify the repo owner specifically.
repo_owner = seafile_api.get_repo_owner(repo_id)
try:
seafile_api.remove_share(repo_id, repo_owner, to_user)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({'success': True})

81
seahub/api2/endpoints/search_group.py Normal file
View File

@ -0,0 +1,81 @@
# Copyright (c) 2012-2016 Seafile Ltd.
from rest_framework.authentication import SessionAuthentication
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework import status
from django.conf import settings
from seaserv import ccnet_api
from seahub.api2.authentication import TokenAuthentication
from seahub.api2.throttling import UserRateThrottle
from seahub.api2.utils import api_error
from seahub.utils import is_org_context
from seahub.utils.timeutils import timestamp_to_isoformat_timestr
def get_group_info(group_id):
group = ccnet_api.get_group(group_id)
isoformat_timestr = timestamp_to_isoformat_timestr(group.timestamp)
group_info = {
"id": group.id,
"name": group.group_name,
"owner": group.creator_name,
"created_at": isoformat_timestr,
}
return group_info
class SearchGroup(APIView):
authentication_classes = (TokenAuthentication, SessionAuthentication)
permission_classes = (IsAuthenticated,)
throttle_classes = (UserRateThrottle,)
def _can_use_global_address_book(self, request):
return request.user.permissions.can_use_global_address_book()
def get(self, request, format=None):
""" Search group.
Permission checking:
1. default(NOT guest) user;
"""
# argument check
q = request.GET.get('q', None)
if not q:
error_msg = 'q invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
if not self._can_use_global_address_book(request):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if not settings.ENABLE_GLOBAL_ADDRESSBOOK:
error_msg = 'Feature disabled.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if is_org_context(request):
org_id = request.user.org.org_id
groups = ccnet_api.get_org_groups(org_id, -1, -1)
else:
groups = ccnet_api.get_all_groups(-1, -1)
result = []
for group in groups:
group_name = group.group_name
if not group_name:
continue
if q.lower() in group_name.lower():
group_info = get_group_info(group.id)
result.append(group_info)
return Response(result)

106
seahub/templates/js/sysadmin-templates.html
View File

@ -372,6 +372,9 @@
<td>
<a href="#" class="sf2-icon-delete sf2-x repo-delete-btn op-icon vh" title="{% trans "Delete" %}" aria-label="{% trans "Delete" %}"></a>
<a href="#" class="sf2-icon-move sf2-x repo-transfer-btn op-icon vh" title="{% trans "Transfer" %}" aria-label="{% trans "Transfer" %}"></a>
<% if (!encrypted) { %>
<a href="#" class="sf2-icon-share sf2-x repo-share-btn op-icon vh" title="{% trans "Share" %}" aria-label="{% trans "Share" %}"></a>
<% } %>
</td>
</script>
@ -559,3 +562,106 @@
<input type="submit" value="{% trans "Submit" %}" />
</form>
</script>
<script type="text/template" id="folder-perm-item-tmpl">
<% if (for_user) { %>
<td>
<a href="{{ SITE_ROOT }}useradmin/info/<% print(encodeURIComponent(user_email)); %>/" target="_blank"><%- user_name %></a>
</td>
<% } else { %>
<td>
<a href="{{ SITE_ROOT }}sys/groupadmin/<%= group_id %>/" target="_blank"><%- group_name %></a>
</td>
<% } %>
<td>
<div class="perm">
<span>
<% if (permission == 'rw') { %>
{% trans "Read-Write" %}
<% } else { %>
{% trans "Read-Only" %}
<% } %>
</span>
<a href="#" title="{% trans "Edit" %}" class="perm-edit-icon sf2-icon-edit op-icon vh"></a>
</div>
<select class="perm-toggle-select hide w100">
<% if (permission == 'rw') { %>
<option value="rw" selected="selected" >{% trans "Read-Write" %}</option>
<option value="r" >{% trans "Read-Only" %}</option>
<% } else { %>
<option value="rw" >{% trans "Read-Write" %}</option>
<option value="r" selected="selected" >{% trans "Read-Only" %}</option>
<% } %>
</select>
</td>
<td>
<a href="#" class="sf2-icon-delete delete-icon op-icon vh" title="{% trans "Delete" %}"></a>
</td>
</script>
<script type="text/template" id="share-popup-tmpl">
<h3 class="hd" id="dialogTitle"><%= title %></h3>
<div id="share-tabs" class="left-right-tabs ovhd">
<ul class="left-right-tabs-nav fleft">
<li class="tab"><a href="#dir-user-share" class="a">{% trans "Share to user" %}</a></li>
<li class="tab"><a href="#dir-group-share" class="a">{% trans "Share to group" %}</a></li>
</ul>
<div class="fright">
<span class="loading-icon loading-tip"></span>
<div id="dir-user-share" class="tabs-panel">
<table>
<thead>
<tr>
<th width="55%">{% trans "User" %}</th>
<th width="30%">{% trans "Permission" %}</th>
<th width="15%"></th>
</tr>
</thead>
<tbody>
<tr id="add-dir-user-share-item">
<td>
<input type="hidden" name="emails" class="w100" />
</td>
<td>
<select name="permission" class="share-permission-select w100">
<option value="rw" selected="selected">{% trans "Read-Write" %}</option>
<option value="r">{% trans "Read-Only" %}</option>
</select>
</td>
<td><input type="submit" value="{% trans "Submit" %}" class="submit" /></td>
</tr>
</tbody>
</table>
<p class="error hide"></p>
</div>
<div id="dir-group-share" class="tabs-panel hide">
<table>
<thead>
<tr>
<th width="55%">{% trans "Group" %}</th>
<th width="30%">{% trans "Permission" %}</th>
<th width="15%"></th>
</tr>
</thead>
<tbody>
<tr id="add-dir-group-share-item">
<td>
<input type="groups" name="groups" class="w100" />
</td>
<td>
<select name="permission" class="share-permission-select w100">
<option value="rw" selected="selected">{% trans "Read-Write" %}</option>
<option value="r">{% trans "Read-Only" %}</option>
</select>
</td>
<td><input type="submit" value="{% trans "Submit" %}" class="submit" /></td>
</tr>
</tbody>
</table>
<p class="error hide"></p>
</div>
</div>
</div>
</script>

9
seahub/urls.py
View File

@ -20,6 +20,7 @@ from seahub.views.sysadmin import *
from seahub.views.ajax import *
from seahub.api2.endpoints.groups import Groups, Group
from seahub.api2.endpoints.group_members import GroupMembers, GroupMembersBulk, GroupMember
from seahub.api2.endpoints.search_group import SearchGroup
from seahub.api2.endpoints.share_links import ShareLinks, ShareLink
from seahub.api2.endpoints.shared_folders import SharedFolders
from seahub.api2.endpoints.shared_repos import SharedRepos, SharedRepo
@ -46,6 +47,8 @@ from seahub.api2.endpoints.admin.library_dirents import AdminLibraryDirents, Adm
from seahub.api2.endpoints.admin.system_library import AdminSystemLibrary
from seahub.api2.endpoints.admin.trash_libraries import AdminTrashLibraries, AdminTrashLibrary
from seahub.api2.endpoints.admin.groups import AdminGroups, AdminGroup
from seahub.api2.endpoints.admin.library_user_shares import AdminLibraryUserShares, AdminLibraryUserShare
from seahub.api2.endpoints.admin.library_group_shares import AdminLibraryGroupShares, AdminLibraryGroupShare
# Uncomment the next two lines to enable the admin:
#from django.contrib import admin
@ -186,6 +189,7 @@ urlpatterns = patterns(
url(r'^api/v2.1/groups/(?P<group_id>\d+)/members/$', GroupMembers.as_view(), name='api-v2.1-group-members'),
url(r'^api/v2.1/groups/(?P<group_id>\d+)/members/bulk/$', GroupMembersBulk.as_view(), name='api-v2.1-group-members-bulk'),
url(r'^api/v2.1/groups/(?P<group_id>\d+)/members/(?P<email>[^/]+)/$', GroupMember.as_view(), name='api-v2.1-group-member'),
url(r'^api/v2.1/search-group/$', SearchGroup.as_view(), name='api-v2.1-search-group'),
url(r'^api/v2.1/shared-folders/$', SharedFolders.as_view(), name='api-v2.1-shared-folders'),
url(r'^api/v2.1/shared-repos/$', SharedRepos.as_view(), name='api-v2.1-shared-repos'),
url(r'^api/v2.1/shared-repos/(?P<repo_id>[-0-9a-f]{36})/$', SharedRepo.as_view(), name='api-v2.1-shared-repo'),
@ -205,7 +209,6 @@ urlpatterns = patterns(
url(r'^api/v2.1/admin/device-errors/$', AdminDeviceErrors.as_view(), name='api-v2.1-admin-device-errors'),
url(r'^api/v2.1/invitations/$', InvitationsView.as_view()),
url(r'^api/v2.1/invitations/(?P<token>[a-f0-9]{32})/$', InvitationView.as_view()),
url(r'^api/v2.1/admin/libraries/$', AdminLibraries.as_view(), name='api-v2.1-admin-libraries'),
url(r'^api/v2.1/admin/libraries/(?P<repo_id>[-0-9a-f]{36})/$', AdminLibrary.as_view(), name='api-v2.1-admin-library'),
url(r'^api/v2.1/admin/libraries/(?P<repo_id>[-0-9a-f]{36})/dirents/$', AdminLibraryDirents.as_view(), name='api-v2.1-admin-library-dirents'),
@ -215,6 +218,10 @@ urlpatterns = patterns(
url(r'^api/v2.1/admin/system-library/$', AdminSystemLibrary.as_view(), name='api-v2.1-admin-system-library'),
url(r'^api/v2.1/admin/trash-libraries/$', AdminTrashLibraries.as_view(), name='api-v2.1-admin-trash-libraries'),
url(r'^api/v2.1/admin/trash-libraries/(?P<repo_id>[-0-9a-f]{36})/$', AdminTrashLibrary.as_view(), name='api-v2.1-admin-trash-library'),
url(r'^api/v2.1/admin/libraries/(?P<repo_id>[-0-9a-f]{36})/user-shares/$', AdminLibraryUserShares.as_view(), name='api-v2.1-admin-library-user-shares'),
url(r'^api/v2.1/admin/libraries/(?P<repo_id>[-0-9a-f]{36})/user-share/$', AdminLibraryUserShare.as_view(), name='api-v2.1-admin-library-user-share'),
url(r'^api/v2.1/admin/libraries/(?P<repo_id>[-0-9a-f]{36})/group-shares/$', AdminLibraryGroupShares.as_view(), name='api-v2.1-admin-library-group-shares'),
url(r'^api/v2.1/admin/libraries/(?P<repo_id>[-0-9a-f]{36})/group-share/$', AdminLibraryGroupShare.as_view(), name='api-v2.1-admin-library-group-share'),
(r'^avatar/', include('seahub.avatar.urls')),
(r'^notification/', include('seahub.notifications.urls')),

72
static/scripts/common.js
View File

@ -141,6 +141,7 @@ define([
// Group
case 'groups': return siteRoot + 'api/v2.1/groups/';
case 'search_group': return siteRoot + 'api/v2.1/search-group/';
case 'group': return siteRoot + 'api/v2.1/groups/' + options.group_id + '/';
case 'group_members': return siteRoot + 'api/v2.1/groups/' + options.group_id + '/members/';
case 'group_member': return siteRoot + 'api/v2.1/groups/' + options.group_id + '/members/' + options.email + '/';
@ -180,6 +181,10 @@ define([
case 'admin-system-library': return siteRoot + 'api/v2.1/admin/system-library/';
case 'admin-trash-libraries': return siteRoot + 'api/v2.1/admin/trash-libraries/';
case 'admin-trash-library': return siteRoot + 'api/v2.1/admin/trash-libraries/' + options.repo_id + '/';
case 'admin_library_user_shares': return siteRoot + 'api/v2.1/admin/libraries/' + options.repo_id + '/user-shares/';
case 'admin_library_user_share': return siteRoot + 'api/v2.1/admin/libraries/' + options.repo_id + '/user-share/';
case 'admin_library_group_shares': return siteRoot + 'api/v2.1/admin/libraries/' + options.repo_id + '/group-shares/';
case 'admin_library_group_share': return siteRoot + 'api/v2.1/admin/libraries/' + options.repo_id + '/group-share/';
}
},
@ -634,6 +639,73 @@ define([
}
},
groupInputOptionsForSelect2: function() {
var _this = this;
return {
placeholder: gettext("Search groups"),
// with 'tags', the user can directly enter, not just select
// tags need `<input type="hidden" />`, not `<select>`
tags: [],
minimumInputLength: 1, // input at least 1 character
formatInputTooShort: gettext("Please enter 1 or more character"),
formatNoMatches: gettext("No matches"),
formatSearching: gettext("Searching..."),
formatAjaxError: gettext("Loading failed"),
ajax: {
url: _this.getUrl({name: 'search_group'}),
dataType: 'json',
delay: 250,
cache: true,
data: function(params) {
return {
q: params
};
},
results: function(data) {
var group_list = [], groups = data;
for (var i = 0, len = groups.length; i < len; i++) {
group_list.push({ // 'id' & 'text' are required by the plugin
"id": groups[i].id,
"text": groups[i].name,
"name": groups[i].name
});
}
return {
results: group_list
};
}
},
// format items shown in the drop-down menu
formatResult: function(item) {
if (item.name) {
return '<span class="text ellipsis">' + _this.HTMLescape(item.name) + '</span>';
} else {
return; // if no match, show nothing
}
},
// format selected item shown in the input
formatSelection: function(item) {
return _this.HTMLescape(item.name || item.id); // if no name, show the email, i.e., when directly input, show the email
},
createSearchChoice: function(term) {
return {
'id': $.trim(term)
};
},
escapeMarkup: function(m) { return m; }
}
},
// check if a file is an image
imageCheck: function (filename) {
// no file ext

132
static/scripts/sysadmin-app/views/folder-share-item.js Normal file
View File

@ -0,0 +1,132 @@
define([
'jquery',
'underscore',
'backbone',
'common'
], function($, _, Backbone, Common) {
'use strict';
var FolderShareItemView = Backbone.View.extend({
tagName: 'tr',
template: _.template($('#folder-perm-item-tmpl').html()),
initialize: function(options) {
this.item_data = options.item_data;
this.repo_id = options.repo_id;
this.render();
},
render: function () {
this.$el.html(this.template(this.item_data));
return this;
},
events: {
'mouseenter': 'showOpIcons',
'mouseleave': 'hideOpIcons',
'click .perm-edit-icon': 'editIconClick',
'change .perm-toggle-select': 'editPerm',
'click .delete-icon': 'del'
},
showOpIcons: function () {
this.$el.find('.op-icon').removeClass('vh');
},
hideOpIcons: function () {
this.$el.find('.op-icon').addClass('vh');
},
editIconClick: function (e) {
$(e.currentTarget).closest('td')
.find('.perm').addClass('hide').end()
.find('.perm-toggle-select').removeClass('hide');
return false;
},
editPerm: function (e) {
var _this = this;
var item_data = this.item_data;
var perm = $(e.currentTarget).val();
var url, data;
if (item_data.for_user) {
url = Common.getUrl({name: 'admin_library_user_share', repo_id: this.repo_id});
data = {'permission': perm, 'user_email': item_data.user_email};
} else {
url = Common.getUrl({name: 'admin_library_group_share', repo_id: this.repo_id});
data = {'permission': perm, 'group_id': item_data.group_id};
}
$.ajax({
url: url,
dataType: 'json',
method: 'PUT',
beforeSend: Common.prepareCSRFToken,
data: data,
success: function (data) {
item_data.permission = data.permission;
_this.render();
},
error: function(xhr) {
var err_msg;
if (xhr.responseText) {
err_msg = gettext("Edit failed");
} else {
err_msg = gettext("Failed. Please check the network.");
}
if (item_data.for_user) {
$('#dir-user-share .error').html(err_msg).removeClass('hide');
} else {
$('#dir-group-group .error').html(err_msg).removeClass('hide');
}
}
});
},
del: function () {
var _this = this;
var item_data = this.item_data;
var url, data;
if (item_data.for_user) {
url = Common.getUrl({name: 'admin_library_user_share', repo_id: this.repo_id});
data = {'permission': item_data.permission, 'user_email': item_data.user_email};
} else {
url = Common.getUrl({name: 'admin_library_group_share', repo_id: this.repo_id});
data = {'permission': item_data.permission, 'group_id': item_data.group_id};
}
$.ajax({
url: url,
dataType: 'json',
method: 'DELETE',
beforeSend: Common.prepareCSRFToken,
data: data,
success: function () {
_this.remove();
},
error: function (xhr) {
var err_msg;
if (xhr.responseText) {
err_msg = gettext("Delete failed");
} else {
err_msg = gettext("Failed. Please check the network.");
}
if (item_data.for_user) {
$('#dir-user-share .error').html(err_msg).removeClass('hide');
} else {
$('#dir-group-group .error').html(err_msg).removeClass('hide');
}
}
});
return false;
}
});
return FolderShareItemView;
});

18
static/scripts/sysadmin-app/views/repo.js
View File

@ -6,8 +6,12 @@ define([
'moment',
'simplemodal',
'select2',
'jquery.ui.tabs',
'sysadmin-app/views/share',
'app/views/widgets/hl-item-view'
], function($, _, Backbone, Common, Moment, Simplemodal, Select2, HLItemView) {
], function($, _, Backbone, Common, Moment, Simplemodal,
Select2, Tabs, ShareView, HLItemView) {
'use strict';
var RepoView = HLItemView.extend({
@ -17,10 +21,20 @@ define([
transferTemplate: _.template($('#library-transfer-form-tmpl').html()),
events: {
'click .repo-share-btn': 'share',
'click .repo-delete-btn': 'deleteLibrary',
'click .repo-transfer-btn': 'transferLibrary'
},
share: function() {
var options = {
'repo_id': this.model.get('id'),
'repo_name': this.model.get('name')
};
new ShareView(options);
return false;
},
initialize: function() {
HLItemView.prototype.initialize.call(this);
this.listenTo(this.model, "change", this.render);
@ -31,7 +45,7 @@ define([
var repo_name = this.model.get('name');
var popupTitle = gettext("Delete Library");
var popupContent = gettext("Are you sure you want to delete %s ?").replace('%s', '<span class="op-target ellipsis ellipsis-op-target" title="' + Common.HTMLescape(repo_name) + '">' + Common.HTMLescape(repo_name) + '</span>');
var yesCallback = function() {
var yesCallback = function() {
$.ajax({
url: Common.getUrl({
'name':'admin-library',

274
static/scripts/sysadmin-app/views/share.js Normal file
View File

@ -0,0 +1,274 @@
define([
'jquery',
'underscore',
'backbone',
'common',
'sysadmin-app/views/folder-share-item'
], function($, _, Backbone, Common, FolderShareItemView) {
'use strict';
var SharePopupView = Backbone.View.extend({
tagName: 'div',
id: 'admin-library-share-popup',
template: _.template($('#share-popup-tmpl').html()),
initialize: function(options) {
this.repo_id = options.repo_id;
this.repo_name = options.repo_name;
this.render();
this.$el.modal();
$('#simplemodal-container').css({'width':'auto', 'height':'auto'});
this.$("#share-tabs").tabs();
this.dirUserSharePanelInit();
this.dirGroupSharePanelInit();
var _this = this;
$(document).on('click', function(e) {
var target = e.target || event.srcElement;
if (!_this.$('.perm-edit-icon, .perm-toggle-select').is(target)) {
_this.$('.perm').removeClass('hide');
_this.$('.perm-toggle-select').addClass('hide');
}
});
},
render: function () {
this.$el.html(this.template({
title: gettext("Share {placeholder}")
.replace('{placeholder}', '<span class="op-target ellipsis ellipsis-op-target" title="' + Common.HTMLescape(this.repo_name) + '">' + Common.HTMLescape(this.repo_name) + '</span>'),
repo_id: this.repo_id,
}));
return this;
},
events: {
'click [type="checkbox"]': 'clickCheckbox',
'click #add-dir-user-share-item .submit': 'dirUserShare',
'click #add-dir-group-share-item .submit': 'dirGroupShare'
},
clickCheckbox: function(e) {
var $el = $(e.currentTarget);
// for link options such as 'password', 'expire'
$el.closest('.checkbox-label').next().toggleClass('hide');
},
dirUserSharePanelInit: function() {
var $dir_user_share_panel = this.$('#dir-user-share');
// show existing items
var $add_item = this.$('#add-dir-user-share-item');
var repo_id = this.repo_id;
$('[name="emails"]', $dir_user_share_panel).select2($.extend({
//width: '292px' // the container will copy class 'w100' from the original element to get width
}, Common.contactInputOptionsForSelect2()));
Common.ajaxGet({
'get_url': Common.getUrl({name: 'admin_library_user_shares', repo_id: repo_id}),
'after_op_success': function (data) {
$(data).each(function(index, item) {
var new_item = new FolderShareItemView({
'repo_id': repo_id,
'item_data': {
"user_email": item.user_email,
"user_name": item.user_name,
"permission": item.permission,
"for_user": true
}
});
$add_item.after(new_item.el);
});
}
});
$dir_user_share_panel.removeClass('hide');
this.$('.loading-tip').hide();
},
dirGroupSharePanelInit: function() {
var $dir_group_share_panel = this.$('#dir-group-share');
// show existing items
var $add_item = this.$('#add-dir-group-share-item');
var repo_id = this.repo_id;
$('[name="groups"]', $dir_group_share_panel).select2($.extend({
//width: '292px' // the container will copy class 'w100' from the original element to get width
}, Common.groupInputOptionsForSelect2()));
Common.ajaxGet({
'get_url': Common.getUrl({name: 'admin_library_group_shares', repo_id: repo_id}),
'after_op_success': function (data) {
$(data).each(function(index, item) {
var new_item = new FolderShareItemView({
'repo_id': repo_id,
'item_data': {
"group_id": item.group_id,
"group_name": item.group_name,
"permission": item.permission,
'for_user': false
}
});
$add_item.after(new_item.el);
});
}
});
$dir_group_share_panel.removeClass('hide');
this.$('.loading-tip').hide();
},
dirUserShare: function () {
var $user_share_item = this.$('#add-dir-user-share-item');
var $emails_input = $('[name="emails"]', $user_share_item),
emails = $emails_input.val(); // string
var $perm = $('[name="permission"]', $user_share_item),
perm = $perm.val();
if (!emails || !perm) {
return false;
}
var repo_id = this.repo_id;
var $submitBtn = $('[type="submit"]', $user_share_item);
var $error = $('#dir-user-share .error');
Common.disableButton($submitBtn);
$.ajax({
url: Common.getUrl({name: 'admin_library_user_shares', repo_id: repo_id}),
dataType: 'json',
method: 'POST',
beforeSend: Common.prepareCSRFToken,
traditional: true,
data: {
'email': emails.split(','),
'permission': perm
},
success: function(data) {
if (data.success.length > 0) {
$(data.success).each(function(index, item) {
var new_item = new FolderShareItemView({
'repo_id': repo_id,
'item_data': {
"user_email": item.user_email,
"user_name": item.user_name,
"permission": item.permission,
'for_user': true
}
});
$user_share_item.after(new_item.el);
});
$emails_input.select2("val", "");
$('[value="rw"]', $perm).attr('selected', 'selected');
$('[value="r"]', $perm).removeAttr('selected');
$error.addClass('hide');
}
if (data.failed.length > 0) {
var err_msg = '';
$(data.failed).each(function(index, item) {
err_msg += Common.HTMLescape(item.user_email) + ': ' + item.error_msg + '<br />';
});
$error.html(err_msg).removeClass('hide');
}
},
error: function(xhr) {
var err_msg;
if (xhr.responseText) {
var parsed_resp = $.parseJSON(xhr.responseText);
err_msg = parsed_resp.error||parsed_resp.error_msg;
} else {
err_msg = gettext("Failed. Please check the network.")
}
$error.html(err_msg).removeClass('hide');
},
complete: function() {
Common.enableButton($submitBtn);
}
});
},
dirGroupShare: function () {
var $group_share_item= this.$('#add-dir-group-share-item');
var $groups_input = $('[name="groups"]', $group_share_item),
groups = $groups_input.val(); // string
var $perm = $('[name="permission"]', $group_share_item),
perm = $perm.val();
if (!groups || !perm) {
return false;
}
var repo_id = this.repo_id;
var $error = $('#dir-group-share .error');
var $submitBtn = $('[type="submit"]', $group_share_item);
Common.disableButton($submitBtn);
$.ajax({
url: Common.getUrl({name: 'admin_library_group_shares',repo_id: repo_id}),
dataType: 'json',
method: 'POST',
beforeSend: Common.prepareCSRFToken,
traditional: true,
data: {
'group_id': groups.split(','),
'permission': perm
},
success: function(data) {
if (data.success.length > 0) {
$(data.success).each(function(index, item) {
var new_item = new FolderShareItemView({
'repo_id': repo_id,
'item_data': {
"group_id": item.group_id,
"group_name": item.group_name,
"permission": item.permission,
'for_user': false
}
});
$group_share_item.after(new_item.el);
});
$groups_input.select2("val", "");
$('[value="rw"]', $perm).attr('selected', 'selected');
$('[value="r"]', $perm).removeAttr('selected');
$error.addClass('hide');
}
if (data.failed.length > 0) {
var err_msg = '';
$(data.failed).each(function(index, item) {
err_msg += Common.HTMLescape(item.group_id) + ': ' + item.error_msg + '<br />';
});
$error.html(err_msg).removeClass('hide');
}
},
error: function(xhr) {
var err_msg;
if (xhr.responseText) {
var parsed_resp = $.parseJSON(xhr.responseText);
err_msg = parsed_resp.error||parsed_resp.error_msg;
} else {
err_msg = gettext("Failed. Please check the network.")
}
$error.html(err_msg).removeClass('hide');
},
complete: function() {
Common.enableButton($submitBtn);
}
});
}
});
return SharePopupView;
});

167
tests/api/endpoints/admin/test_library_group_shares.py Normal file
View File

@ -0,0 +1,167 @@
import json
from django.core.urlresolvers import reverse
from seaserv import seafile_api
from seahub.test_utils import BaseTestCase
class AdminLibraryUserShare(BaseTestCase):
def setUp(self):
self.repo_id = self.repo.id
self.group_id = self.group.id
self.user_name = self.user.username
self.admin_name = self.admin.username
self.url = reverse('api-v2.1-admin-library-group-shares', args = [self.repo_id])
def tearDown(self):
self.remove_repo()
self.remove_group(self.group.id)
def test_can_get(self):
self.share_repo_to_group_with_rw_permission()
self.login_as(self.admin)
resp = self.client.get(self.url)
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp[0]['repo_id'] == self.repo_id
assert json_resp[0]['group_id'] == self.group_id
def test_get_with_invalid_user_permission(self):
self.share_repo_to_group_with_rw_permission()
self.login_as(self.user)
resp = self.client.get(self.url)
self.assertEqual(403, resp.status_code)
def test_admin_share_repo_to_group(self):
self.login_as(self.admin)
permission = 'r'
data = {
'permission': permission,
'group_id': [self.group_id]
}
resp = self.client.post(self.url, data)
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp['success'][0]['group_id'] == self.group_id
assert json_resp['success'][0]['permission'] == permission
def test_share_repo_with_invalid_user_permission(self):
self.login_as(self.user)
permission = 'r'
data = {
'permission': permission,
'group_id': [self.group_id]
}
resp = self.client.post(self.url, data)
self.assertEqual(403, resp.status_code)
def test_admin_modify_repo_group_share_permission(self):
self.share_repo_to_group_with_rw_permission()
shared_groups = seafile_api.list_repo_shared_group(
self.user_name, self.repo_id)
for e in shared_groups:
if e.group_id == self.group_id:
permission = e.perm
break
assert permission == 'rw'
self.login_as(self.admin)
modified_perm = 'r'
url = reverse('api-v2.1-admin-library-group-share', args = [self.repo_id])
data = 'permission=%s&group_id=%s' % (modified_perm, self.group_id)
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
shared_groups = seafile_api.list_repo_shared_group(
self.user_name, self.repo_id)
for e in shared_groups:
if e.group_id == self.group_id:
permission = e.perm
break
assert permission == modified_perm
def test_modify_with_invalid_user_permission(self):
self.share_repo_to_group_with_rw_permission()
shared_groups = seafile_api.list_repo_shared_group(
self.user_name, self.repo_id)
for e in shared_groups:
if e.group_id == self.group_id:
permission = e.perm
break
assert permission == 'rw'
self.login_as(self.user)
modified_perm = 'r'
url = reverse('api-v2.1-admin-library-group-share', args = [self.repo_id])
data = 'permission=%s&group_id=%s' % (modified_perm, self.group_id)
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(403, resp.status_code)
def test_admin_delete_repo_user_share_permission(self):
self.share_repo_to_group_with_rw_permission()
shared_groups = seafile_api.list_repo_shared_group(
self.user_name, self.repo_id)
for e in shared_groups:
if e.group_id == self.group_id:
permission = e.perm
break
assert permission == 'rw'
self.login_as(self.admin)
url = reverse('api-v2.1-admin-library-group-share', args = [self.repo_id])
data = 'permission=%s&group_id=%s' % (permission, self.group_id)
resp = self.client.delete(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
def test_delete_with_invalid_user_permission(self):
self.share_repo_to_group_with_rw_permission()
shared_groups = seafile_api.list_repo_shared_group(
self.user_name, self.repo_id)
for e in shared_groups:
if e.group_id == self.group_id:
permission = e.perm
break
assert permission == 'rw'
self.login_as(self.user)
url = reverse('api-v2.1-admin-library-group-share', args = [self.repo_id])
data = 'permission=%s&group_id=%s' % (permission, self.group_id)
resp = self.client.delete(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(403, resp.status_code)

162
tests/api/endpoints/admin/test_library_user_shares.py Normal file
View File

@ -0,0 +1,162 @@
import json
from django.core.urlresolvers import reverse
from seaserv import seafile_api
from seahub.test_utils import BaseTestCase
class AdminLibraryUserShare(BaseTestCase):
def share_repo_to_user(self):
# user share repo to admin
seafile_api.share_repo(
self.repo.id, self.user.username,
self.admin.username, 'rw')
def setUp(self):
self.repo_id = self.repo.id
self.user_name = self.user.username
self.admin_name = self.admin.username
self.url = reverse('api-v2.1-admin-library-user-shares', args = [self.repo_id])
self.tmp_user = self.create_user('tmp@email.com')
self.tmp_user_email = self.tmp_user.username
def tearDown(self):
self.remove_repo()
self.remove_user(self.tmp_user_email)
def test_can_get(self):
self.share_repo_to_user()
self.login_as(self.admin)
resp = self.client.get(self.url)
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp[0]['repo_id'] == self.repo_id
def test_get_with_invalid_user_permission(self):
self.share_repo_to_user()
self.login_as(self.user)
resp = self.client.get(self.url)
self.assertEqual(403, resp.status_code)
def test_admin_share_repo_to_user(self):
self.login_as(self.admin)
invalid_email = 'invalid@email.com'
data = {
'permission': 'r',
'email': [invalid_email, self.tmp_user_email]
}
resp = self.client.post(self.url, data)
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp['failed'][0]['user_email'] == invalid_email
assert json_resp['success'][0]['user_email'] == self.tmp_user_email
def test_share_repo_with_invalid_user_permission(self):
self.login_as(self.user)
invalid_email = 'invalid@email.com'
tmp_user = self.create_user('tmp@email.com')
tmp_user_email = tmp_user.username
data = {
'permission': 'r',
'email': [invalid_email, tmp_user_email]
}
resp = self.client.post(self.url, data)
self.assertEqual(403, resp.status_code)
def test_admin_modify_repo_user_share_permission(self):
# user share repo to tmp user
init_permission = 'rw'
seafile_api.share_repo(
self.repo_id, self.user_name,
self.tmp_user_email, init_permission)
assert seafile_api.check_permission_by_path(self.repo_id, \
'/', self.tmp_user_email) == init_permission
self.login_as(self.admin)
modified_perm = 'r'
url = reverse('api-v2.1-admin-library-user-share', args = [self.repo_id])
data = 'permission=%s&user_email=%s' % (modified_perm, self.tmp_user_email)
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
assert seafile_api.check_permission_by_path(self.repo_id, \
'/', self.tmp_user_email) == modified_perm
def test_modify_with_invalid_user_permission(self):
# user share repo to tmp user
init_permission = 'rw'
seafile_api.share_repo(
self.repo_id, self.user_name,
self.tmp_user_email, init_permission)
assert seafile_api.check_permission_by_path(self.repo_id, \
'/', self.tmp_user_email) == init_permission
self.login_as(self.user)
modified_perm = 'r'
url = reverse('api-v2.1-admin-library-user-share', args = [self.repo_id])
data = 'permission=%s&user_email=%s' % (modified_perm, self.tmp_user_email)
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(403, resp.status_code)
def test_admin_delete_repo_user_share_permission(self):
# user share repo to tmp user
init_permission = 'rw'
seafile_api.share_repo(
self.repo_id, self.user_name,
self.tmp_user_email, init_permission)
assert seafile_api.check_permission_by_path(self.repo_id, \
'/', self.tmp_user_email) == init_permission
self.login_as(self.admin)
url = reverse('api-v2.1-admin-library-user-share', args = [self.repo_id])
data = 'permission=%s&user_email=%s' % (init_permission, self.tmp_user_email)
resp = self.client.delete(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
assert seafile_api.check_permission_by_path(self.repo_id, \
'/', self.tmp_user_email) is None
def test_delete_with_invalid_user_permission(self):
# user share repo to tmp user
init_permission = 'rw'
seafile_api.share_repo(
self.repo_id, self.user_name,
self.tmp_user_email, init_permission)
assert seafile_api.check_permission_by_path(self.repo_id, \
'/', self.tmp_user_email) == init_permission
self.login_as(self.user)
url = reverse('api-v2.1-admin-library-user-share', args = [self.repo_id])
data = 'permission=%s&user_email=%s' % (init_permission, self.tmp_user_email)
resp = self.client.delete(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(403, resp.status_code)

49
tests/api/endpoints/test_search_group.py Normal file
View File

@ -0,0 +1,49 @@
# Copyright (c) 2012-2016 Seafile Ltd.
import json
from mock import patch
from django.core.urlresolvers import reverse
from django.test import override_settings
from seahub.test_utils import BaseTestCase
from seahub.api2.endpoints.search_group import SearchGroup
class SearchGroupTest(BaseTestCase):
def setUp(self):
self.endpoint = reverse('api-v2.1-search-group')
self.group_name = self.group.group_name
def test_can_search(self):
self.login_as(self.user)
resp = self.client.get(self.endpoint + '?q=' + self.group_name)
json_resp = json.loads(resp.content)
self.assertEqual(200, resp.status_code)
assert len(json_resp) > 0
def test_search_with_unlogin_user(self):
resp = self.client.get(self.endpoint + '?q=' + self.group_name)
self.assertEqual(403, resp.status_code)
@patch.object(SearchGroup, '_can_use_global_address_book')
def test_search_with_can_not_use_global_address_book(self, mock_can_use_global_address_book):
mock_can_use_global_address_book.return_value = False
self.login_as(self.user)
resp = self.client.get(self.endpoint + '?q=' + self.group_name)
self.assertEqual(403, resp.status_code)
@override_settings(ENABLE_GLOBAL_ADDRESSBOOK=False)
def test_search_with_not_enable_global_addressbook(self):
self.login_as(self.user)
resp = self.client.get(self.endpoint + '?q=' + self.group_name)
self.assertEqual(403, resp.status_code)