Merge pull request #1123 from haiwen/repo-tokens

update repo id check in repo-tokens api
2025-09-18 00:00:00 +00:00 · 2016-04-15 10:44:46 +08:00
parent 5460730ed9 46e98b9943
commit aaa51ea460
3 changed files with 29 additions and 9 deletions
--- a/seahub/api2/urls.py
+++ b/seahub/api2/urls.py
@@ -72,7 +72,7 @@ urlpatterns = patterns('',
    url(r'^shared-links/$', SharedLinksView.as_view()),
    url(r'^shared-upload-links/$', SharedUploadLinksView.as_view()),
    url(r'^virtual-repos/$', VirtualRepos.as_view()),
-    url(r'^repo-tokens/$', RepoTokensView.as_view()),
+    url(r'^repo-tokens/$', RepoTokensView.as_view(), name='api2-repo-tokens'),

    url(r'^organization/$', OrganizationView.as_view()),

--- a/seahub/api2/views.py
+++ b/seahub/api2/views.py
@@ -4092,25 +4092,30 @@ class ThumbnailView(APIView):
 _REPO_ID_PATTERN = re.compile(r'[-0-9a-f]{36}')

 class RepoTokensView(APIView):
-    authentication_classes = (TokenAuthentication, )
+    authentication_classes = (TokenAuthentication,)
    permission_classes = (IsAuthenticated,)
-    throttle_classes = (UserRateThrottle, )
+    throttle_classes = (UserRateThrottle,)

    @json_response
    def get(self, request, format=None):
-        repos = request.GET.get('repos', None)
-        if not repos:
+        repos_id_str = request.GET.get('repos', None)
+        if not repos_id_str:
            return api_error(status.HTTP_400_BAD_REQUEST, "You must specify libaries ids")

-        repos = [repo for repo in repos.split(',') if repo]
-        if any([not _REPO_ID_PATTERN.match(repo) for repo in repos]):
+        repos_id = [repo_id for repo_id in repos_id_str.split(',') if repo_id]
+        if any([not _REPO_ID_PATTERN.match(repo_id) for repo_id in repos_id]):
            return api_error(status.HTTP_400_BAD_REQUEST, "Libraries ids are invalid")

        tokens = {}
-        for repo in repos:
+        for repo_id in repos_id:
+            repo = seafile_api.get_repo(repo_id)
+            if not repo:
+                continue
+
            if not check_folder_permission(request, repo.id, '/'):
                continue
-            tokens[repo] = seafile_api.generate_repo_token(repo, request.user.username)
+
+            tokens[repo_id] = seafile_api.generate_repo_token(repo_id, request.user.username)

        return tokens

--- a/tests/api/test_repo_tokens.py
+++ b/tests/api/test_repo_tokens.py
@@ -0,0 +1,15 @@
+import json
+
+from django.core.urlresolvers import reverse
+from tests.api.apitestbase import ApiTestBase
+from tests.common.utils import apiurl
+
+class RepoTokensTest(ApiTestBase):
+
+    def test_can_get(self):
+        with self.get_tmp_repo() as repo:
+            url = apiurl(reverse('api2-repo-tokens')) + '?repos=' + repo.repo_id
+            resp = self.get(url)
+            json_resp = json.loads(resp.content)
+
+            assert repo.repo_id in json_resp