update customer permission of create (#7404)

2025-09-16 15:19:06 +00:00 · 2025-01-21 16:52:50 +08:00
parent 16b361f932
commit a49b940ae8
2 changed files with 9 additions and 5 deletions
--- a/seahub/api2/endpoints/file.py
+++ b/seahub/api2/endpoints/file.py
@@ -28,7 +28,7 @@ from seahub.utils.file_op import check_file_lock, if_locked_by_online_office
 from seahub.views.file import can_preview_file, can_edit_file
 from seahub.constants import PERMISSION_READ_WRITE
 from seahub.utils.repo import parse_repo_perm, is_repo_admin, is_repo_owner
-from seahub.utils.file_types import MARKDOWN, TEXT, SEADOC, \
+from seahub.utils.file_types import SEADOC, \
        MARKDOWN_SUPPORT_CONVERT_TYPES, SDOC_SUPPORT_CONVERT_TYPES, \
        DOCX_SUPPORT_CONVERT_TYPES
 from seahub.tags.models import FileUUIDMap
@@ -181,7 +181,8 @@ class FileView(APIView):
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            # permission check
-            if parse_repo_perm(check_folder_permission(request, repo_id, parent_dir)).can_edit_on_web is False:
+            if parse_repo_perm(check_folder_permission(request, repo_id,
+                                                       parent_dir)).can_create is False:
                error_msg = 'Permission denied.'
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

--- a/seahub/utils/repo.py
+++ b/seahub/utils/repo.py
@@ -64,8 +64,9 @@ def parse_repo_perm(perm):
            if CUSTOM_PERMISSION_PREFIX in perm:
                perm = perm.split('-')[1]
            custom_perm_obj = CustomSharePermissions.objects.get(id=int(perm)).to_dict()
-            RP.can_download = to_python_boolean(str(custom_perm_obj['permission'].get('download', False)))
            RP.can_upload = to_python_boolean(str(custom_perm_obj['permission'].get('upload', False)))
+            RP.can_download = to_python_boolean(str(custom_perm_obj['permission'].get('download', False)))
+            RP.can_create = to_python_boolean(str(custom_perm_obj['permission'].get('create', False)))
            RP.can_edit_on_web = to_python_boolean(str(custom_perm_obj['permission'].get('modify', False)))
            RP.can_copy = to_python_boolean(str(custom_perm_obj['permission'].get('copy', False)))
            RP.can_delete = to_python_boolean(str(custom_perm_obj['permission'].get('delete', False)))
@@ -76,10 +77,12 @@ def parse_repo_perm(perm):
        except Exception as e:
            logger.warning(e)

-    RP.can_download = True if perm in [
-        PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN] else False
    RP.can_upload = True if perm in [
        PERMISSION_READ_WRITE, PERMISSION_ADMIN, PERMISSION_PREVIEW_EDIT] else False
+    RP.can_download = True if perm in [
+        PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN] else False
+    RP.can_create = True if perm in [
+        PERMISSION_READ_WRITE, PERMISSION_ADMIN] else False
    RP.can_edit_on_web = True if perm in [
        PERMISSION_READ_WRITE, PERMISSION_ADMIN, PERMISSION_PREVIEW_EDIT
    ] else False