add admin share/upload links api

1. get share/upload link info by token 1. get dirents of shared dir 1. get download/upload fileserver url of shared file/dir 1. check share/upload link password
2025-09-02 23:48:47 +00:00 · 2017-06-21 14:48:48 +08:00
parent 0fd34dcb57
commit 9750e8baaf
6 changed files with 1090 additions and 0 deletions
--- a/seahub/api2/endpoints/admin/share_links.py
+++ b/seahub/api2/endpoints/admin/share_links.py
@@ -0,0 +1,356 @@
 # Copyright (c) 2012-2016 Seafile Ltd.
 import os
 import json
 import stat
 import logging
 import posixpath
 from rest_framework.authentication import SessionAuthentication
 from rest_framework.permissions import IsAdminUser
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework import status
 from django.contrib.auth.hashers import check_password
 from seaserv import seafile_api
 import seaserv
 from seahub.api2.authentication import TokenAuthentication
 from seahub.api2.throttling import UserRateThrottle
 from seahub.api2.utils import api_error
 from seahub.base.templatetags.seahub_tags import email2nickname
 from seahub.share.models import FileShare
 from seahub.profile.models import Profile
 from seahub.utils import gen_file_get_url, gen_dir_zip_download_url, \
        is_windows_operating_system, gen_shared_link
 from seahub.utils.timeutils import timestamp_to_isoformat_timestr, \
        datetime_to_isoformat_timestr
 from seahub.views.file import send_file_access_msg
 logger = logging.getLogger(__name__)
 def get_share_link_info(fileshare):
    data = {}
    token = fileshare.token
    repo_id = fileshare.repo_id
    try:
        repo = seafile_api.get_repo(repo_id)
    except Exception as e:
        logger.error(e)
        repo = None
    path = fileshare.path
    if path:
        obj_name = '/' if path == '/' else os.path.basename(path.rstrip('/'))
    else:
        obj_name = ''
    if fileshare.expire_date:
        expire_date = datetime_to_isoformat_timestr(fileshare.expire_date)
    else:
        expire_date = ''
    if fileshare.ctime:
        ctime = datetime_to_isoformat_timestr(fileshare.ctime)
    else:
        ctime = ''
    ccnet_email = fileshare.username
    data['creator_email'] = ccnet_email
    data['creator_name'] = email2nickname(ccnet_email)
    data['creator_contact_email'] = \
            Profile.objects.get_contact_email_by_user(ccnet_email)
    data['repo_id'] = repo_id
    data['repo_name'] = repo.repo_name if repo else ''
    data['path'] = path
    data['obj_name'] = obj_name
    data['is_dir'] = True if fileshare.s_type == 'd' else False
    data['token'] = token
    data['link'] = gen_shared_link(token, fileshare.s_type)
    data['view_cnt'] = fileshare.view_cnt
    data['ctime'] = ctime
    data['expire_date'] = expire_date
    data['is_expired'] = fileshare.is_expired()
    data['permissions'] = fileshare.get_permissions()
    return data
 class AdminShareLink(APIView):
    authentication_classes = (TokenAuthentication, SessionAuthentication)
    permission_classes = (IsAdminUser,)
    throttle_classes = (UserRateThrottle,)
    def get(self, request, token):
        """ Get a special share link info.
        Permission checking:
        1. only admin can perform this action.
        """
        try:
            sharelink = FileShare.objects.get(token=token)
        except FileShare.DoesNotExist:
            error_msg = 'Share link %s not found.' % token
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
        link_info = get_share_link_info(sharelink)
        return Response(link_info)
 class AdminShareLinkDirents(APIView):
    authentication_classes = (TokenAuthentication, SessionAuthentication)
    permission_classes = (IsAdminUser,)
    throttle_classes = (UserRateThrottle,)
    def get(self, request, token):
        """ Get dirents of shared download dir.
        Permission checking:
        1. only admin can perform this action.
        """
        try:
            sharelink = FileShare.objects.get(token=token)
        except FileShare.DoesNotExist:
            error_msg = 'Share link %s not found.' % token
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
        repo_id = sharelink.repo_id
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            error_msg = 'Library not found.'
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
        obj_path = sharelink.path
        obj_id = seafile_api.get_dir_id_by_path(repo_id, obj_path)
        if not obj_id:
            error_msg = 'Folder not found.'
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
        req_path = request.GET.get('path', '/')
        if req_path == '/':
            real_path = obj_path
        else:
            real_path = posixpath.join(obj_path, req_path.strip('/'))
        if real_path[-1] != '/':
            real_path += '/'
        real_obj_id = seafile_api.get_dir_id_by_path(repo_id, real_path)
        if not real_obj_id:
            error_msg = 'Folder %s not found.' % req_path
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
        try:
            current_commit = seafile_api.get_commit_list(repo_id, 0, 1)[0]
            dirent_list = seafile_api.list_dir_by_commit_and_path(repo_id,
                    current_commit.id, real_path, -1, -1)
        except Exception as e:
            logger.error(e)
            error_msg = 'Internal Server Error'
            return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
        result = []
        for dirent in dirent_list:
            dirent_info = {}
            dirent_info['obj_name'] = dirent.obj_name
            dirent_info['path'] = posixpath.join(req_path, dirent.obj_name)
            dirent_info['size'] = dirent.size
            dirent_info['last_modified'] = timestamp_to_isoformat_timestr(dirent.mtime)
            if stat.S_ISDIR(dirent.mode):
                dirent_info['is_dir'] = True
            else:
                dirent_info['is_dir'] = False
            result.append(dirent_info)
        return Response(result)
 class AdminShareLinkDownload(APIView):
    authentication_classes = (TokenAuthentication, SessionAuthentication)
    permission_classes = (IsAdminUser,)
    throttle_classes = (UserRateThrottle,)
    def get(self, request, token):
        """ Get FileServer download url of the shared file/dir.
        Permission checking:
        1. only admin can perform this action.
        """
        try:
            sharelink = FileShare.objects.get(token=token)
        except FileShare.DoesNotExist:
            error_msg = 'Share link %s not found.' % token
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
        repo_id = sharelink.repo_id
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            error_msg = 'Library not found.'
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
        result = {}
        obj_path = sharelink.path
        if sharelink.s_type == 'f':
            # download shared file
            obj_id = seafile_api.get_file_id_by_path(repo_id, obj_path)
            if not obj_id:
                error_msg = 'File not found.'
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)
            try:
                # `username` parameter only used for encrypted repo
                download_token = seafile_api.get_fileserver_access_token(repo_id,
                        obj_id, 'download', sharelink.username, use_onetime=False)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
            if not download_token:
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
            obj_name = os.path.basename(obj_path.rstrip('/'))
            result['download_link'] = gen_file_get_url(download_token, obj_name)
        else:
            # download (sub) file/folder in shared dir
            obj_id = seafile_api.get_dir_id_by_path(repo_id, obj_path)
            if not obj_id:
                error_msg = 'Folder not found.'
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)
            download_type = request.GET.get('type', None)
            if not download_type or download_type not in ('file', 'folder'):
                error_msg = 'type invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
            req_path = request.GET.get('path', None)
            if not req_path:
                error_msg = 'path invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
            if req_path == '/':
                real_path = obj_path
            else:
                real_path = posixpath.join(obj_path, req_path.strip('/'))
            if download_type == 'file':
                # download sub file in shared dir
                real_obj_id = seafile_api.get_file_id_by_path(repo_id, real_path)
                if not real_obj_id:
                    error_msg = 'File not found.'
                    return api_error(status.HTTP_404_NOT_FOUND, error_msg)
                try:
                    download_token = seafile_api.get_fileserver_access_token(repo_id,
                            real_obj_id, 'download', sharelink.username, use_onetime=False)
                except Exception as e:
                    logger.error(e)
                    error_msg = 'Internal Server Error'
                    return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
                if not download_token:
                    error_msg = 'Internal Server Error'
                    return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
                file_name = os.path.basename(real_path.rstrip('/'))
                result['download_link'] = gen_file_get_url(download_token, file_name)
            else:
                # download sub folder in shared dir
                if real_path[-1] != '/':
                    real_path += '/'
                real_obj_id = seafile_api.get_dir_id_by_path(repo_id, real_path)
                if not real_obj_id:
                    error_msg = 'Folder %s not found.' % req_path
                    return api_error(status.HTTP_404_NOT_FOUND, error_msg)
                dir_name = repo.name if real_path == '/' else \
                        os.path.basename(real_path.rstrip('/'))
                dir_size = seafile_api.get_dir_size(
                        repo.store_id, repo.version, real_obj_id)
                if dir_size > seaserv.MAX_DOWNLOAD_DIR_SIZE:
                    error_msg = 'Unable to download directory "%s": size is too large.' % dir_name
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
                # get file server access token
                is_windows = 0
                if is_windows_operating_system(request):
                    is_windows = 1
                fake_obj_id = {
                    'obj_id': real_obj_id,
                    'dir_name': dir_name,
                    'is_windows': is_windows
                }
                try:
                    zip_token = seafile_api.get_fileserver_access_token(repo_id,
                            json.dumps(fake_obj_id), 'download-dir',
                            sharelink.username, use_onetime=False)
                except Exception as e:
                    logger.error(e)
                    error_msg = 'Internal Server Error'
                    return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
                try:
                    # used for file audit
                    send_file_access_msg(request, repo, real_path, 'share-link')
                    # used for traffic
                    seaserv.send_message('seahub.stats', 'dir-download\t%s\t%s\t%s\t%s' %
                            (repo_id, sharelink.username, real_obj_id, dir_size))
                except Exception as e:
                    logger.error(e)
                result['download_link'] = gen_dir_zip_download_url(zip_token)
        return Response(result)
 class AdminShareLinkCheckPassword(APIView):
    authentication_classes = (TokenAuthentication, SessionAuthentication)
    permission_classes = (IsAdminUser,)
    throttle_classes = (UserRateThrottle,)
    def post(self, request, token):
        """ Check if password for an encrypted share link is correct.
        Permission checking:
        1. only admin can perform this action.
        """
        try:
            sharelink = FileShare.objects.get(token=token)
        except FileShare.DoesNotExist:
            error_msg = 'Share link %s not found.' % token
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
        if not sharelink.is_encrypted():
            error_msg = 'Share link is not encrypted.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
        password = request.POST.get('password')
        if not password:
            error_msg = 'password invalid.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
        if check_password(password, sharelink.password):
            return Response({'success': True})
        else:
            error_msg = 'Password is not correct.'
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)
--- a/seahub/api2/endpoints/admin/upload_links.py
+++ b/seahub/api2/endpoints/admin/upload_links.py
@@ -0,0 +1,166 @@
 # Copyright (c) 2012-2016 Seafile Ltd.
 import os
 import logging
 from rest_framework.authentication import SessionAuthentication
 from rest_framework.permissions import IsAdminUser
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework import status
 from django.contrib.auth.hashers import check_password
 from seaserv import seafile_api
 from seahub.api2.utils import api_error
 from seahub.api2.authentication import TokenAuthentication
 from seahub.api2.throttling import UserRateThrottle
 from seahub.base.templatetags.seahub_tags import email2nickname
 from seahub.utils import gen_file_upload_url, gen_shared_upload_link
 from seahub.utils.timeutils import datetime_to_isoformat_timestr
 from seahub.share.models import UploadLinkShare
 from seahub.profile.models import Profile
 logger = logging.getLogger(__name__)
 def get_upload_link_info(uls):
    data = {}
    token = uls.token
    repo_id = uls.repo_id
    try:
        repo = seafile_api.get_repo(repo_id)
    except Exception as e:
        logger.error(e)
        repo = None
    path = uls.path
    if path:
        obj_name = '/' if path == '/' else os.path.basename(path.rstrip('/'))
    else:
        obj_name = ''
    if uls.ctime:
        ctime = datetime_to_isoformat_timestr(uls.ctime)
    else:
        ctime = ''
    data['repo_id'] = repo_id
    data['repo_name'] = repo.repo_name if repo else ''
    data['path'] = path
    data['obj_name'] = obj_name
    data['view_cnt'] = uls.view_cnt
    data['ctime'] = ctime
    data['link'] = gen_shared_upload_link(token)
    data['token'] = token
    ccnet_email = uls.username
    data['creator_email'] = ccnet_email
    data['creator_name'] = email2nickname(ccnet_email)
    data['creator_contact_email'] = \
            Profile.objects.get_contact_email_by_user(ccnet_email)
    return data
 class AdminUploadLink(APIView):
    authentication_classes = (TokenAuthentication, SessionAuthentication)
    permission_classes = (IsAdminUser,)
    throttle_classes = (UserRateThrottle,)
    def get(self, request, token):
        """ Get a special upload link info.
        Permission checking:
        1. only admin can perform this action.
        """
        try:
            uploadlink = UploadLinkShare.objects.get(token=token)
        except UploadLinkShare.DoesNotExist:
            error_msg = 'Upload link %s not found.' % token
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
        link_info = get_upload_link_info(uploadlink)
        return Response(link_info)
 class AdminUploadLinkUpload(APIView):
    authentication_classes = (TokenAuthentication, SessionAuthentication)
    permission_classes = (IsAdminUser,)
    throttle_classes = (UserRateThrottle,)
    def get(self, request, token):
        """ Get FileServer url of the shared file.
        Permission checking:
        1. only admin can perform this action.
        """
        try:
            uploadlink = UploadLinkShare.objects.get(token=token)
        except UploadLinkShare.DoesNotExist:
            error_msg = 'Upload link %s not found.' % token
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
        repo_id = uploadlink.repo_id
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            error_msg = 'Library not found.'
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
        path = uploadlink.path
        obj_id = seafile_api.get_dir_id_by_path(repo_id, path)
        if not obj_id:
            error_msg = 'Folder not found.'
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
        upload_token = seafile_api.get_fileserver_access_token(repo_id,
                obj_id, 'upload', uploadlink.username, use_onetime=False)
        if not upload_token:
            error_msg = 'Internal Server Error'
            return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
        result = {}
        result['upload_link'] = gen_file_upload_url(token, 'upload-api')
        return Response(result)
 class AdminUploadLinkCheckPassword(APIView):
    authentication_classes = (TokenAuthentication, SessionAuthentication)
    permission_classes = (IsAdminUser,)
    throttle_classes = (UserRateThrottle,)
    def post(self, request, token):
        """ Check if password for an encrypted upload link is correct.
        Permission checking:
        1. only admin can perform this action.
        """
        try:
            uploadlink = UploadLinkShare.objects.get(token=token)
        except UploadLinkShare.DoesNotExist:
            error_msg = 'Upload link %s not found.' % token
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
        if not uploadlink.is_encrypted():
            error_msg = 'Upload link is not encrypted.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
        password = request.POST.get('password')
        if not password:
            error_msg = 'password invalid.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
        if check_password(password, uploadlink.password):
            return Response({'success': True})
        else:
            error_msg = 'Password is not correct.'
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)
--- a/seahub/urls.py
+++ b/seahub/urls.py
@@ -42,6 +42,8 @@ from seahub.api2.endpoints.notifications import NotificationsView, NotificationV
 from seahub.api2.endpoints.user_enabled_modules import UserEnabledModulesView
 from seahub.api2.endpoints.repo_file_uploaded_bytes import RepoFileUploadedBytesView
 from seahub.api2.endpoints.user_avatar import UserAvatarView
 # Admin
 from seahub.api2.endpoints.admin.login import Login
 from seahub.api2.endpoints.admin.file_audit import FileAudit
 from seahub.api2.endpoints.admin.file_update import FileUpdate
@@ -58,6 +60,11 @@ from seahub.api2.endpoints.admin.groups import AdminGroups, AdminGroup
 from seahub.api2.endpoints.admin.group_libraries import AdminGroupLibraries, AdminGroupLibrary
 from seahub.api2.endpoints.admin.group_members import AdminGroupMembers, AdminGroupMember
 from seahub.api2.endpoints.admin.shares import AdminShares
 from seahub.api2.endpoints.admin.share_links import AdminShareLink, \
        AdminShareLinkDownload, AdminShareLinkCheckPassword, \
        AdminShareLinkDirents
 from seahub.api2.endpoints.admin.upload_links import AdminUploadLink, \
        AdminUploadLinkUpload, AdminUploadLinkCheckPassword
 from seahub.api2.endpoints.admin.users_batch import AdminUsersBatch
 from seahub.api2.endpoints.admin.logs import AdminLogs
 from seahub.api2.endpoints.admin.org_users import AdminOrgUsers, AdminOrgUser
@@ -260,6 +267,23 @@ urlpatterns = patterns(
    url(r'^api/v2.1/admin/shares/$', AdminShares.as_view(), name='api-v2.1-admin-shares'),
    url(r'^api/v2.1/admin/admin-logs/$', AdminLogs.as_view(), name='api-v2.1-admin-admin-logs'),
    ## admin::share-links
    url(r'^api/v2.1/admin/share-links/(?P<token>[a-f0-9]+)/$', AdminShareLink.as_view(), name='api-v2.1-admin-share-link'),
    url(r'^api/v2.1/admin/share-links/(?P<token>[a-f0-9]+)/download/$',
            AdminShareLinkDownload.as_view(), name='api-v2.1-admin-share-link-download'),
    url(r'^api/v2.1/admin/share-links/(?P<token>[a-f0-9]+)/check-password/$',
            AdminShareLinkCheckPassword.as_view(), name='api-v2.1-admin-share-link-check-password'),
    url(r'^api/v2.1/admin/share-links/(?P<token>[a-f0-9]+)/dirents/$',
            AdminShareLinkDirents.as_view(), name='api-v2.1-admin-share-link-dirents'),
    ## admin::upload-links
    url(r'^api/v2.1/admin/upload-links/(?P<token>[a-f0-9]+)/$', AdminUploadLink.as_view(), name='api-v2.1-admin-upload-link'),
    url(r'^api/v2.1/admin/upload-links/(?P<token>[a-f0-9]+)/upload/$',
            AdminUploadLinkUpload.as_view(), name='api-v2.1-admin-upload-link-upload'),
    url(r'^api/v2.1/admin/upload-links/(?P<token>[a-f0-9]+)/check-password/$',
            AdminUploadLinkCheckPassword.as_view(), name='api-v2.1-admin-upload-link-check-password'),
    ## admin::users
    url(r'^api/v2.1/admin/users/batch/$', AdminUsersBatch.as_view(), name='api-v2.1-admin-users-batch'),
    ## admin::organizations
--- a/seahub/utils/init.py
+++ b/seahub/utils/init.py
@@ -451,6 +451,13 @@ def gen_file_get_url(token, filename):
 def gen_file_upload_url(token, op):
    return '%s/%s/%s' % (get_fileserver_root(), op, token)
 def gen_dir_zip_download_url(token):
    """
    Generate fileserver file url.
    Format: http://<domain:port>/files/<token>/<filename>
    """
    return '%s/zip/%s' % (get_fileserver_root(), token)
 def get_ccnet_server_addr_port():
    """get ccnet server host and port"""
    return seaserv.CCNET_SERVER_ADDR, seaserv.CCNET_SERVER_PORT
--- a/tests/api/endpoints/admin/test_share_links.py
+++ b/tests/api/endpoints/admin/test_share_links.py
@@ -0,0 +1,349 @@
 # -*- coding: utf-8 -*-
 import json
 from tests.common.utils import randstring
 from django.core.urlresolvers import reverse
 from seahub.test_utils import BaseTestCase
 from seahub.share.models import FileShare
 from seaserv import seafile_api
 try:
    from seahub.settings import LOCAL_PRO_DEV_ENV
 except ImportError:
    LOCAL_PRO_DEV_ENV = False
 class AdminShareLinkTest(BaseTestCase):
    def setUp(self):
        self.repo_id = self.repo.id
        self.file_path= self.file
        self.folder_path= self.folder
        self.invalid_token = '00000000000000000000'
    def tearDown(self):
        self.remove_repo()
    def _add_file_share_link(self, password=None):
        fs = FileShare.objects.create_file_link(
                self.user.username, self.repo.id, self.file, password, None)
        return fs.token
    def _add_dir_share_link(self, password=None):
        fs = FileShare.objects.create_dir_link(
                self.user.username, self.repo.id, self.folder, password, None)
        return fs.token
    def _remove_share_link(self, token):
        link = FileShare.objects.get(token=token)
        link.delete()
    def test_get_file_share_link_info_by_token(self):
        self.login_as(self.admin)
        token = self._add_file_share_link()
        url = reverse('api-v2.1-admin-share-link', args=[token])
        resp = self.client.get(url)
        self.assertEqual(200, resp.status_code)
        json_resp = json.loads(resp.content)
        assert json_resp['token'] == token
        assert json_resp['is_dir'] == False
        self._remove_share_link(token)
    def test_get_dir_share_link_info_by_token(self):
        self.login_as(self.admin)
        token = self._add_dir_share_link()
        url = reverse('api-v2.1-admin-share-link', args=[token])
        resp = self.client.get(url)
        self.assertEqual(200, resp.status_code)
        json_resp = json.loads(resp.content)
        assert json_resp['token'] == token
        assert json_resp['is_dir'] == True
        self._remove_share_link(token)
    def test_get_share_link_info_with_invalid_permission(self):
        self.login_as(self.user)
        token = self._add_dir_share_link()
        url = reverse('api-v2.1-admin-share-link', args=[token])
        resp = self.client.get(url)
        self.assertEqual(403, resp.status_code)
        self._remove_share_link(token)
    def test_get_share_link_info_with_invalid_share_token(self):
        self.login_as(self.admin)
        url = reverse('api-v2.1-admin-share-link',
                args=[self.invalid_token])
        resp = self.client.get(url)
        self.assertEqual(404, resp.status_code)
 class AdminShareLinkDirentsTest(BaseTestCase):
    def setUp(self):
        self.repo_id = self.repo.id
        self.folder_path= self.folder
        self.invalid_token = '00000000000000000000'
    def tearDown(self):
        self.remove_repo()
    def _add_dir_share_link(self, password=None):
        fs = FileShare.objects.create_dir_link(
                self.user.username, self.repo.id, self.folder, password, None)
        return fs.token
    def _remove_share_link(self, token):
        link = FileShare.objects.get(token=token)
        link.delete()
    def test_get_dirents(self):
        username = self.user.username
        dir_name = randstring(6)
        file_name = randstring(6)
        seafile_api.post_dir(self.repo_id,
                self.folder_path, dir_name, username)
        seafile_api.post_empty_file(self.repo_id,
                self.folder_path, file_name, username)
        self.login_as(self.admin)
        token = self._add_dir_share_link()
        url = reverse('api-v2.1-admin-share-link-dirents', args=[token])
        resp = self.client.get(url)
        self.assertEqual(200, resp.status_code)
        json_resp = json.loads(resp.content)
        assert json_resp[0]['is_dir'] == True
        assert dir_name in json_resp[0]['obj_name']
        assert json_resp[1]['is_dir'] == False
        assert file_name in json_resp[1]['obj_name']
        self._remove_share_link(token)
    def test_get_dirents_with_invalid_permission(self):
        self.login_as(self.user)
        token = self._add_dir_share_link()
        url = reverse('api-v2.1-admin-share-link-dirents', args=[token])
        resp = self.client.get(url)
        self.assertEqual(403, resp.status_code)
        self._remove_share_link(token)
    def test_get_dirents_with_invalid_share_token(self):
        self.login_as(self.admin)
        url = reverse('api-v2.1-admin-share-link-dirents',
                args=[self.invalid_token])
        resp = self.client.get(url)
        self.assertEqual(404, resp.status_code)
 class AdminShareLinkDownloadTest(BaseTestCase):
    def setUp(self):
        self.repo_id = self.repo.id
        self.file_path= self.file
        self.folder_path= self.folder
        self.invalid_token = '00000000000000000000'
    def tearDown(self):
        self.remove_repo()
    def _add_dir_share_link(self, password=None):
        fs = FileShare.objects.create_dir_link(
                self.user.username, self.repo.id, self.folder, password, None)
        return fs.token
    def _add_file_share_link(self, password=None):
        fs = FileShare.objects.create_file_link(
                self.user.username, self.repo.id, self.file, password, None)
        return fs.token
    def _remove_share_link(self, token):
        link = FileShare.objects.get(token=token)
        link.delete()
    def test_download_shared_file(self):
        self.login_as(self.admin)
        token = self._add_file_share_link()
        url = reverse('api-v2.1-admin-share-link-download', args=[token])
        resp = self.client.get(url)
        self.assertEqual(200, resp.status_code)
        json_resp = json.loads(resp.content)
        assert '8082' in json_resp['download_link']
        assert 'files' in json_resp['download_link']
        self._remove_share_link(token)
    def test_download_sub_file_in_shared_dir(self):
        username = self.user.username
        file_name = randstring(6)
        seafile_api.post_empty_file(self.repo_id,
                self.folder_path, file_name, username)
        self.login_as(self.admin)
        token = self._add_dir_share_link()
        url = reverse('api-v2.1-admin-share-link-download', args=[token])
        resp = self.client.get(url + '?path=/%s&type=file' % file_name)
        self.assertEqual(200, resp.status_code)
        json_resp = json.loads(resp.content)
        assert '8082' in json_resp['download_link']
        assert 'files' in json_resp['download_link']
        self._remove_share_link(token)
    def test_download_sub_dir_in_shared_dir(self):
        username = self.user.username
        dir_name = randstring(6)
        seafile_api.post_dir(self.repo_id,
                self.folder_path, dir_name, username)
        self.login_as(self.admin)
        token = self._add_dir_share_link()
        url = reverse('api-v2.1-admin-share-link-download', args=[token])
        resp = self.client.get(url + '?path=/%s&type=folder' % dir_name)
        self.assertEqual(200, resp.status_code)
        json_resp = json.loads(resp.content)
        assert '8082' in json_resp['download_link']
        assert 'zip' in json_resp['download_link']
        self._remove_share_link(token)
    def test_download_with_invalid_permission(self):
        self.login_as(self.user)
        token = self._add_dir_share_link()
        url = reverse('api-v2.1-admin-share-link-download', args=[token])
        resp = self.client.get(url)
        self.assertEqual(403, resp.status_code)
        self._remove_share_link(token)
    def test_download_with_invalid_share_token(self):
        self.login_as(self.admin)
        url = reverse('api-v2.1-admin-share-link-download',
                args=[self.invalid_token])
        resp = self.client.get(url)
        self.assertEqual(404, resp.status_code)
 class ShareLinkCheckPasswordTest(BaseTestCase):
    def setUp(self):
        self.repo_id = self.repo.id
        self.file_path= self.file
        self.folder_path= self.folder
        self.invalid_token = '00000000000000000000'
    def tearDown(self):
        self.remove_repo()
    def _add_file_share_link(self, password=None):
        fs = FileShare.objects.create_file_link(
                self.user.username, self.repo.id, self.file, password, None)
        return fs.token
    def _add_dir_share_link(self, password=None):
        fs = FileShare.objects.create_dir_link(
                self.user.username, self.repo.id, self.folder, password, None)
        return fs.token
    def _remove_share_link(self, token):
        link = FileShare.objects.get(token=token)
        link.delete()
    def test_check_password(self):
        self.login_as(self.admin)
        #### create file share link ####
        password = randstring(10)
        token = self._add_file_share_link(password)
        url = reverse('api-v2.1-admin-share-link-check-password', args=[token])
        # check password for file share link
        resp = self.client.post(url, {'password': password})
        self.assertEqual(200, resp.status_code)
        # remove file share link
        self._remove_share_link(token)
        #### create dir share link ####
        password = randstring(10)
        token = self._add_dir_share_link(password)
        url = reverse('api-v2.1-admin-share-link-check-password', args=[token])
        # check password for dir share link
        resp = self.client.post(url, {'password': password})
        self.assertEqual(200, resp.status_code)
        # remove dir share link
        self._remove_share_link(token)
    def test_invalid_password(self):
        self.login_as(self.admin)
        password = randstring(10)
        token = self._add_file_share_link(password)
        url = reverse('api-v2.1-admin-share-link-check-password', args=[token])
        # assert password is valid
        resp = self.client.post(url, {'password': password})
        self.assertEqual(200, resp.status_code)
        # assert password is invalid
        resp = self.client.post(url, {'password': 'invalid_password'})
        self.assertEqual(403, resp.status_code)
        self._remove_share_link(token)
    def test_check_password_with_invalid_permission(self):
        self.login_as(self.user)
        token = self._add_dir_share_link()
        url = reverse('api-v2.1-admin-share-link-check-password', args=[token])
        resp = self.client.post(url)
        self.assertEqual(403, resp.status_code)
        self._remove_share_link(token)
    def test_check_password_with_invalid_share_token(self):
        self.login_as(self.admin)
        url = reverse('api-v2.1-admin-share-link-check-password',
                args=[self.invalid_token])
        resp = self.client.post(url, {'password': 'invalid_password'})
        self.assertEqual(404, resp.status_code)
--- a/tests/api/endpoints/admin/test_upload_links.py
+++ b/tests/api/endpoints/admin/test_upload_links.py
@@ -0,0 +1,188 @@
 # -*- coding: utf-8 -*-
 import json
 from tests.common.utils import randstring
 from django.core.urlresolvers import reverse
 from seahub.test_utils import BaseTestCase
 from seahub.share.models import UploadLinkShare
 try:
    from seahub.settings import LOCAL_PRO_DEV_ENV
 except ImportError:
    LOCAL_PRO_DEV_ENV = False
 class AdminUploadLinkTest(BaseTestCase):
    def setUp(self):
        self.repo_id = self.repo.id
        self.folder_path= self.folder
        self.invalid_token = '00000000000000000000'
    def tearDown(self):
        self.remove_repo()
    def _add_upload_link(self, password=None):
        fs = UploadLinkShare.objects.create_upload_link_share(
                self.user.username, self.repo.id, self.folder_path, password, None)
        return fs.token
    def _remove_upload_link(self, token):
        link = UploadLinkShare.objects.get(token=token)
        link.delete()
    def test_get_upload_link_info(self):
        self.login_as(self.admin)
        token = self._add_upload_link()
        url = reverse('api-v2.1-admin-upload-link', args=[token])
        resp = self.client.get(url)
        self.assertEqual(200, resp.status_code)
        json_resp = json.loads(resp.content)
        assert json_resp['token'] == token
        self._remove_upload_link(token)
    def test_get_upload_link_info_with_invalid_permission(self):
        self.login_as(self.user)
        token = self._add_upload_link()
        url = reverse('api-v2.1-admin-upload-link', args=[token])
        resp = self.client.get(url)
        self.assertEqual(403, resp.status_code)
        self._remove_upload_link(token)
    def test_get_upload_link_info_with_invalid_token(self):
        self.login_as(self.admin)
        url = reverse('api-v2.1-admin-upload-link',
                args=[self.invalid_token])
        resp = self.client.get(url)
        self.assertEqual(404, resp.status_code)
 class AdminUploadLinkUploadTest(BaseTestCase):
    def setUp(self):
        self.repo_id = self.repo.id
        self.folder_path= self.folder
        self.invalid_token = '00000000000000000000'
    def tearDown(self):
        self.remove_repo()
    def _add_upload_link(self, password=None):
        fs = UploadLinkShare.objects.create_upload_link_share(
                self.user.username, self.repo.id, self.folder_path, password, None)
        return fs.token
    def _remove_upload_link(self, token):
        link = UploadLinkShare.objects.get(token=token)
        link.delete()
    def test_upload(self):
        self.login_as(self.admin)
        token = self._add_upload_link()
        url = reverse('api-v2.1-admin-upload-link-upload', args=[token])
        resp = self.client.get(url)
        self.assertEqual(200, resp.status_code)
        json_resp = json.loads(resp.content)
        assert '8082' in json_resp['upload_link']
        assert 'upload' in json_resp['upload_link']
        self._remove_upload_link(token)
    def test_upload_with_invalid_permission(self):
        self.login_as(self.user)
        token = self._add_upload_link()
        url = reverse('api-v2.1-admin-upload-link-upload', args=[token])
        resp = self.client.get(url)
        self.assertEqual(403, resp.status_code)
        self._remove_upload_link(token)
    def test_get_upload_link_info_with_invalid_token(self):
        self.login_as(self.admin)
        url = reverse('api-v2.1-admin-upload-link-upload',
                args=[self.invalid_token])
        resp = self.client.get(url)
        self.assertEqual(404, resp.status_code)
 class AdminUploadLinkCheckPasswordTest(BaseTestCase):
    def setUp(self):
        self.repo_id = self.repo.id
        self.folder_path= self.folder
        self.invalid_token = '00000000000000000000'
    def tearDown(self):
        self.remove_repo()
    def _add_upload_link(self, password=None):
        fs = UploadLinkShare.objects.create_upload_link_share(
                self.user.username, self.repo.id, self.folder_path, password, None)
        return fs.token
    def _remove_upload_link(self, token):
        link = UploadLinkShare.objects.get(token=token)
        link.delete()
    def test_check_password(self):
        self.login_as(self.admin)
        password = randstring(10)
        token = self._add_upload_link(password)
        url = reverse('api-v2.1-admin-upload-link-check-password', args=[token])
        resp = self.client.post(url, {'password': password})
        self.assertEqual(200, resp.status_code)
        self._remove_upload_link(token)
    def test_invalid_password(self):
        self.login_as(self.admin)
        password = randstring(10)
        token = self._add_upload_link(password)
        url = reverse('api-v2.1-admin-upload-link-check-password', args=[token])
        # assert password is valid
        resp = self.client.post(url, {'password': password})
        self.assertEqual(200, resp.status_code)
        # assert password is invalid
        resp = self.client.post(url, {'password': 'invalid_password'})
        self.assertEqual(403, resp.status_code)
        self._remove_upload_link(token)
    def test_check_password_with_invalid_permission(self):
        self.login_as(self.user)
        token = self._add_upload_link()
        url = reverse('api-v2.1-admin-upload-link-check-password', args=[token])
        resp = self.client.post(url, {'password': 'invalid_password'})
        self.assertEqual(403, resp.status_code)
        self._remove_upload_link(token)
    def test_check_password_with_invalid_token(self):
        self.login_as(self.admin)
        url = reverse('api-v2.1-admin-upload-link-check-password',
                args=[self.invalid_token])
        resp = self.client.post(url, {'password': 'invalid_password'})
        self.assertEqual(404, resp.status_code)