haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-22 11:57:34 +00:00
Code Issues Releases Wiki Activity

rm set repo user/group perm

Browse Source
This commit is contained in:
lian
2016-08-30 11:15:22 +08:00
committed by lian
parent 18c60fd306
commit a862fad836
12 changed files with 687 additions and 1044 deletions
Download Patch File Download Diff File Expand all files Collapse all files

358
seahub/views/ajax.py
View File

@@ -32,20 +32,18 @@ from seahub.notifications.models import UserNotification
from seahub.notifications.views import add_notice_from_info
from seahub.share.models import UploadLinkShare
from seahub.signals import upload_file_successful
from seahub.views import get_unencry_rw_repos_by_user, is_registered_user, \
get_system_default_repo_id, get_diff, \
check_folder_permission
from seahub.views import get_unencry_rw_repos_by_user, \
get_system_default_repo_id, get_diff, check_folder_permission
from seahub.group.utils import is_group_member, is_group_admin_or_owner, \
get_group_member_info
import seahub.settings as settings
from seahub.settings import ENABLE_THUMBNAIL, THUMBNAIL_ROOT, \
THUMBNAIL_DEFAULT_SIZE, ENABLE_FOLDER_PERM, SHOW_TRAFFIC, MEDIA_URL
THUMBNAIL_DEFAULT_SIZE, SHOW_TRAFFIC, MEDIA_URL
from seahub.utils import check_filename_with_rename, EMPTY_SHA1, \
gen_block_get_url, TRAFFIC_STATS_ENABLED, get_user_traffic_stat,\
new_merge_with_no_conflict, get_commit_before_new_merge, \
get_repo_last_modify, gen_file_upload_url, is_org_context, \
get_file_type_and_ext, is_valid_username, send_perm_audit_msg, \
is_pro_version
get_file_type_and_ext, is_pro_version
from seahub.utils.star import get_dir_starred_files
from seahub.base.accounts import User
from seahub.thumbnail.utils import get_thumbnail_src
@@ -1276,354 +1274,6 @@ def ajax_repo_change_passwd(request, repo_id):
return HttpResponse(json.dumps({'success': True}),
content_type=content_type)
@login_required_ajax
def get_folder_perm_by_path(request, repo_id):
"""
Get user/group folder permission by path
"""
result = {}
content_type = 'application/json; charset=utf-8'
if not (is_pro_version() and ENABLE_FOLDER_PERM):
return HttpResponse(json.dumps({"error": True}),
status=403, content_type=content_type)
path = request.GET.get('path', None)
if not path:
return HttpResponse(json.dumps({"error": _('Argument missing')}),
status=400, content_type=content_type)
user_perms = seafile_api.list_folder_user_perm_by_repo(repo_id)
group_perms = seafile_api.list_folder_group_perm_by_repo(repo_id)
user_perms.reverse()
group_perms.reverse()
user_result_perms = []
for user_perm in user_perms:
user_email = user_perm.user
try:
User.objects.get(email=user_email)
except User.DoesNotExist:
continue
if path == user_perm.path:
user_result_perm = {
"perm": user_perm.permission,
"user": user_email,
"user_name": email2nickname(user_email),
}
user_result_perms.append(user_result_perm)
group_result_perms = []
for group_perm in group_perms:
group_id = group_perm.group_id
group = ccnet_api.get_group(group_id)
if not group:
continue
if path == group_perm.path:
group_result_perm = {
"perm": group_perm.permission,
"group_id": group_id,
"group_name": group.group_name,
}
group_result_perms.append(group_result_perm)
result['user_perms'] = user_result_perms
result['group_perms'] = group_result_perms
return HttpResponse(json.dumps(result), content_type=content_type)
@login_required_ajax
def set_user_folder_perm(request, repo_id):
"""
Add or modify or delete folder permission to a user
"""
if request.method != 'POST':
raise Http404
content_type = 'application/json; charset=utf-8'
if not (is_pro_version() and ENABLE_FOLDER_PERM):
return HttpResponse(json.dumps({"error": _(u"Permission denied")}),
status=403, content_type=content_type)
user = request.POST.get('user', None)
path = request.POST.get('path', None)
perm = request.POST.get('perm', None)
op_type = request.POST.get('type', None)
username = request.user.username
## check params
if not user or not path or not perm or \
op_type != 'add' and op_type != 'modify' and op_type != 'delete':
return HttpResponse(json.dumps({"error": _('Argument missing')}),
status=400, content_type=content_type)
repo = seafile_api.get_repo(repo_id)
if not repo:
return HttpResponse(json.dumps({"error": _('Library does not exist')}),
status=400, content_type=content_type)
if repo.is_virtual:
return HttpResponse(json.dumps({"error": _('Permission denied')}),
status=403, content_type=content_type)
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if username != repo_owner:
return HttpResponse(json.dumps({"error": _('Permission denied')}),
status=403, content_type=content_type)
if perm is not None:
if perm != 'r' and perm != 'rw':
return HttpResponse(json.dumps({
"error": _('Invalid folder permission, should be "rw" or "r"')
}), status=400, content_type=content_type)
if not path.startswith('/'):
return HttpResponse(json.dumps({"error": _('Path should start with "/"')}),
status=400, content_type=content_type)
if path != '/' and path.endswith('/'):
return HttpResponse(json.dumps({"error": _('Path should not end with "/"')}),
status=400, content_type=content_type)
if seafile_api.get_dir_id_by_path(repo_id, path) is None:
return HttpResponse(json.dumps({"error": _('Invalid path')}),
status=400, content_type=content_type)
## add perm for user(s)
if op_type == 'add':
return add_user_folder_perm(request, repo_id, user, path, perm)
if not is_registered_user(user):
return HttpResponse(json.dumps({"error": _('Invalid user, should be registered')}),
status=400, content_type=content_type)
user_folder_perm = seafile_api.get_folder_user_perm(repo_id, path, user)
if op_type == 'modify':
if user_folder_perm and user_folder_perm != perm:
try:
seafile_api.set_folder_user_perm(repo_id, path, perm, user)
send_perm_audit_msg('modify-repo-perm', username, user, repo_id, path, perm)
except SearpcError as e:
logger.error(e)
return HttpResponse(json.dumps({"error": _('Operation failed')}),
status=500, content_type=content_type)
else:
return HttpResponse(json.dumps({"error": _('Wrong folder permission')}),
status=400, content_type=content_type)
if op_type == 'delete':
if user_folder_perm:
try:
seafile_api.rm_folder_user_perm(repo_id, path, user)
send_perm_audit_msg('delete-repo-perm', username, user, repo_id, path, perm)
except SearpcError as e:
logger.error(e)
return HttpResponse(json.dumps({"error": _('Operation failed')}),
status=500, content_type=content_type)
else:
return HttpResponse(json.dumps({"error": _('Please add folder permission first')}),
status=400, content_type=content_type)
return HttpResponse(json.dumps({'success': True}), content_type=content_type)
def add_user_folder_perm(request, repo_id, users, path, perm):
"""
Add folder permission for user(s)
"""
content_type = 'application/json; charset=utf-8'
emails = users.split(',')
success, failed = [], []
username = request.user.username
for user in [e.strip() for e in emails if e.strip()]:
if not is_valid_username(user):
failed.append(user)
continue
if not is_registered_user(user):
failed.append(user)
continue
user_folder_perm = seafile_api.get_folder_user_perm(repo_id, path, user)
if user_folder_perm:
# Already add this folder permission
continue
try:
seafile_api.add_folder_user_perm(repo_id, path, perm, user)
send_perm_audit_msg('add-repo-perm', username, user, repo_id, path, perm)
success.append({
'user': user,
'user_name': email2nickname(user)
})
except SearpcError as e:
logger.error(e)
failed.append(user)
if len(success) > 0:
data = json.dumps({"success": success, "failed": failed})
return HttpResponse(data, content_type=content_type)
else:
data = json.dumps({
"error": _("Please check the email(s) you entered and the contacts you selected")
})
return HttpResponse(data, status=400, content_type=content_type)
@login_required_ajax
def set_group_folder_perm(request, repo_id):
"""
Add or modify or delete folder permission to a group
"""
if request.method != 'POST':
raise Http404
content_type = 'application/json; charset=utf-8'
if not (is_pro_version() and ENABLE_FOLDER_PERM):
return HttpResponse(json.dumps({"error": _(u"Permission denied")}),
status=403, content_type=content_type)
group_id = request.POST.get('group_id', None)
path = request.POST.get('path', None)
perm = request.POST.get('perm', None)
op_type = request.POST.get('type', None)
username = request.user.username
if not group_id or not path or not perm or \
op_type != 'add' and op_type != 'modify' and op_type != 'delete':
return HttpResponse(json.dumps({"error": _('Argument missing')}),
status=400, content_type=content_type)
## check params
repo = seafile_api.get_repo(repo_id)
if not repo:
return HttpResponse(json.dumps({"error": _('Library does not exist')}),
status=400, content_type=content_type)
if repo.is_virtual:
return HttpResponse(json.dumps({"error": _('Permission denied')}),
status=403, content_type=content_type)
if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id)
else:
repo_owner = seafile_api.get_repo_owner(repo_id)
if username != repo_owner:
return HttpResponse(json.dumps({"error": _('Permission denied')}),
status=403, content_type=content_type)
if perm is not None:
if perm != 'r' and perm != 'rw':
return HttpResponse(json.dumps({
"error": _('Invalid folder permission, should be "rw" or "r"')
}), status=400, content_type=content_type)
if not path.startswith('/'):
return HttpResponse(json.dumps({"error": _('Path should start with "/"')}),
status=400, content_type=content_type)
if path != '/' and path.endswith('/'):
return HttpResponse(json.dumps({"error": _('Path should not end with "/"')}),
status=400, content_type=content_type)
if seafile_api.get_dir_id_by_path(repo_id, path) is None:
return HttpResponse(json.dumps({"error": _('Invalid path')}),
status=400, content_type=content_type)
## add perm for group(s)
if op_type == 'add':
return add_group_folder_perm(request, repo_id, group_id, path, perm)
group_id = int(group_id)
if not seaserv.get_group(group_id):
return HttpResponse(json.dumps({"error": _('Invalid group')}),
status=400, content_type=content_type)
group_folder_perm = seafile_api.get_folder_group_perm(repo_id, path, group_id)
if op_type == 'modify':
if group_folder_perm and group_folder_perm != perm:
try:
seafile_api.set_folder_group_perm(repo_id, path, perm, group_id)
send_perm_audit_msg('modify-repo-perm', username, group_id, repo_id, path, perm)
except SearpcError as e:
logger.error(e)
return HttpResponse(json.dumps({"error": _('Operation failed')}),
status=500, content_type=content_type)
else:
return HttpResponse(json.dumps({"error": _('Wrong folder permission')}),
status=400, content_type=content_type)
if op_type == 'delete':
if group_folder_perm:
try:
seafile_api.rm_folder_group_perm(repo_id, path, group_id)
send_perm_audit_msg('delete-repo-perm', username, group_id, repo_id, path, perm)
except SearpcError as e:
logger.error(e)
return HttpResponse(json.dumps({"error": _('Operation failed')}),
status=500, content_type=content_type)
else:
return HttpResponse(json.dumps({"error": _('Please add folder permission first')}),
status=400, content_type=content_type)
return HttpResponse(json.dumps({'success': True}), content_type=content_type)
def add_group_folder_perm(request, repo_id, group_ids, path, perm):
"""
Add folder permission for group(s)
"""
content_type = 'application/json; charset=utf-8'
group_id_list = group_ids.split(',') # 'user'
success, failed = [], []
username = request.user.username
for group_id in group_id_list:
group_id = int(group_id)
if not seaserv.get_group(group_id):
failed.append(group_id)
group_folder_perm = seafile_api.get_folder_group_perm(repo_id, path, group_id)
if group_folder_perm:
#Already add this folder permission
continue
try:
seafile_api.add_folder_group_perm(repo_id, path, perm, group_id)
send_perm_audit_msg('add-repo-perm', username, group_id, repo_id, path, perm)
success.append({
'group_id': group_id,
"group_name": get_group(group_id).group_name,
})
except SearpcError as e:
logger.error(e)
failed.append(group_id)
if len(success) > 0:
data = json.dumps({"success": success, "failed": failed})
return HttpResponse(data, content_type=content_type)
else:
data = json.dumps({"error": _("Failed")})
return HttpResponse(data, status=400, content_type=content_type)
@login_required_ajax
def ajax_group_members_import(request, group_id):
"""Import users to group.