haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-21 11:27:18 +00:00
Code Issues Releases Wiki Activity

share dtable update user permission

Browse Source
This commit is contained in:
sniper-py
2019-06-29 11:26:02 +08:00
parent d459fec1b3
commit b84bffd400
3 changed files with 78 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
frontend/src/components/dialog/share-table-dialog.js
View File

@@ -40,13 +40,6 @@ class ShareTableDialog extends React.Component {
>{gettext('Share to user')} >{gettext('Share to user')}
</NavLink> </NavLink>
</NavItem> </NavItem>
{/*<NavItem>*/}
{/* <NavLink*/}
{/* className={activeTab === 'shareToGroup' ? 'active' : ''}*/}
{/* onClick={this.toggle.bind(this, 'shareToGroup')}*/}
{/* >{gettext('Share to group')}*/}
{/* </NavLink>*/}
{/*</NavItem>*/}
</Fragment> </Fragment>
</Nav> </Nav>
</div> </div>
@@ -58,8 +51,6 @@ class ShareTableDialog extends React.Component {
currentTable={this.props.currentTable} currentTable={this.props.currentTable}
/> />
</TabPane> </TabPane>
{/*<TabPane tabId="shareToGroup">*/}
{/*</TabPane>*/}
</Fragment> </Fragment>
</TabContent> </TabContent>
</div> </div>

63
frontend/src/pages/dtable/dtable.js
View File

@@ -43,7 +43,6 @@ class Table extends Component {
dropdownOpen: false, dropdownOpen: false,
active: false, active: false,
}; };
this.writePermissionList = ['rw', 'admin'];
} }
onRenameTableCancel = () => { onRenameTableCancel = () => {
@@ -119,10 +118,7 @@ class Table extends Component {
let tableHref = siteRoot + 'workspace/' + this.props.workspaceID + '/dtable/' + table.name + '/'; let tableHref = siteRoot + 'workspace/' + this.props.workspaceID + '/dtable/' + table.name + '/';
let fromShare = this.props.fromShare; let fromShare = this.props.fromShare;
let fromPersonal = this.props.fromPersonal; let fromPersonal = this.props.fromPersonal;
let fromGroup = this.props.fromPersonal; let fromGroup = this.props.fromGroup;
let hasWritePermission = !fromShare ? true:
this.writePermissionList.includes(this.props.table.permission);
return ( return (
<tr onMouseEnter={this.onMouseEnter} onMouseLeave={this.onMouseLeave} className={this.state.active ? 'tr-highlight' : ''}> <tr onMouseEnter={this.onMouseEnter} onMouseLeave={this.onMouseLeave} className={this.state.active ? 'tr-highlight' : ''}>
@@ -154,10 +150,10 @@ class Table extends Component {
> >
</DropdownToggle> </DropdownToggle>
<DropdownMenu className="drop-list" right={true}> <DropdownMenu className="drop-list" right={true}>
{hasWritePermission && {(fromPersonal || fromGroup) &&
<DropdownItem onClick={this.onRenameTableCancel}>{gettext('Rename')}</DropdownItem> <DropdownItem onClick={this.onRenameTableCancel}>{gettext('Rename')}</DropdownItem>
} }
{hasWritePermission && {(fromPersonal || fromGroup) &&
<DropdownItem onClick={this.onDeleteTableCancel}>{gettext('Delete')}</DropdownItem> <DropdownItem onClick={this.onDeleteTableCancel}>{gettext('Delete')}</DropdownItem>
} }
{fromPersonal && {fromPersonal &&
@@ -404,6 +400,14 @@ class DTable extends Component {
} }
render() { render() {
let personalWorkspace = this.state.workspaceList.filter(workspace => {
return workspace.owner_type === 'Personal';
}).pop();
let groupWorkspaceList = this.state.workspaceList.filter(workspace => {
return workspace.owner_type === 'Group';
});
return ( return (
<Fragment> <Fragment>
<div className="main-panel-north border-left-show"> <div className="main-panel-north border-left-show">
@@ -433,25 +437,10 @@ class DTable extends Component {
<p className="error text-center">{this.state.errorMsg}</p> <p className="error text-center">{this.state.errorMsg}</p>
} }
{!this.state.loading && {!this.state.loading &&
<Fragment> <Workspace
{this.state.workspaceList.map((workspace, index) => { workspace={personalWorkspace}
return ( fromShare={false}
<Workspace />
key={index}
workspace={workspace}
fromShare={false}
/>
);
})}
<div className="my-2">
{this.state.isShowAddDTableDialog &&
<CreateTableDialog
createDTable={this.createDTable}
onAddDTable={this.onAddDTable}
/>
}
</div>
</Fragment>
} }
{(!this.state.shareTableLoading && this.state.shareTableList.length > 0) && {(!this.state.shareTableLoading && this.state.shareTableList.length > 0) &&
<Fragment> <Fragment>
@@ -467,6 +456,28 @@ class DTable extends Component {
} }
</Fragment> </Fragment>
} }
{(!this.state.loading && groupWorkspaceList.length > 0) &&
<Fragment>
<div className="sf-heading">{gettext('Shared with groups')}</div>
{groupWorkspaceList.map((workspace, index) => {
return (
<Workspace
key={index}
workspace={workspace}
fromShare={false}
/>
);
})}
</Fragment>
}
{(!this.state.loading && this.state.isShowAddDTableDialog) &&
<div className="my-2">
<CreateTableDialog
createDTable={this.createDTable}
onAddDTable={this.onAddDTable}
/>
</div>
}
</div> </div>
</div> </div>
</div> </div>

45
seahub/api2/endpoints/dtable.py
View File

@@ -139,6 +139,10 @@ class DTablesView(APIView):
def post(self, request): def post(self, request):
"""create a table file """create a table file
Permission:
1. owner
2. group member
""" """
# argument check # argument check
table_owner = request.POST.get('owner') table_owner = request.POST.get('owner')
@@ -245,6 +249,11 @@ class DTableView(APIView):
def get(self, request, workspace_id): def get(self, request, workspace_id):
"""view table file, get table download link """view table file, get table download link
Permission:
1. owner
2. group member
3. shared user
""" """
# argument check # argument check
table_name = request.GET.get('name', None) table_name = request.GET.get('name', None)
@@ -304,6 +313,10 @@ class DTableView(APIView):
def put(self, request, workspace_id): def put(self, request, workspace_id):
"""rename a table """rename a table
Permission:
1. owner
2. group member
""" """
# argument check # argument check
old_table_name = request.data.get('old_name') old_table_name = request.data.get('old_name')
@@ -358,8 +371,7 @@ class DTableView(APIView):
error_msg = 'Permission denied.' error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg) return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else: else:
if username != owner and \ if username != owner:
check_share_dtable_permission(dtable, username) not in WRITE_PERMISSION_TUPLE:
error_msg = 'Permission denied.' error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg) return api_error(status.HTTP_403_FORBIDDEN, error_msg)
@@ -391,6 +403,10 @@ class DTableView(APIView):
def delete(self, request, workspace_id): def delete(self, request, workspace_id):
"""delete a table """delete a table
Permission:
1. owner
2. group member
""" """
# argument check # argument check
table_name = request.data.get('name') table_name = request.data.get('name')
@@ -431,8 +447,7 @@ class DTableView(APIView):
error_msg = 'Permission denied.' error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg) return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else: else:
if username != owner and \ if username != owner:
check_share_dtable_permission(dtable, username) not in WRITE_PERMISSION_TUPLE:
error_msg = 'Permission denied.' error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg) return api_error(status.HTTP_403_FORBIDDEN, error_msg)
@@ -481,6 +496,11 @@ class DTableUpdateLinkView(APIView):
def get(self, request, workspace_id): def get(self, request, workspace_id):
"""get table file update link """get table file update link
Permission:
1. owner
2. group member
3. shared user with `rw` or `admin` permission
""" """
# argument check # argument check
table_name = request.GET.get('name', None) table_name = request.GET.get('name', None)
@@ -542,6 +562,11 @@ class DTableAssetUploadLinkView(APIView):
def get(self, request, workspace_id): def get(self, request, workspace_id):
"""get table file upload link """get table file upload link
Permission:
1. owner
2. group member
3. shared user with `rw` or `admin` permission
""" """
# argument check # argument check
table_name = request.GET.get('name', None) table_name = request.GET.get('name', None)
@@ -601,7 +626,13 @@ class DTableAssetUploadLinkView(APIView):
@login_required @login_required
def dtable_file_view(request, workspace_id, name): def dtable_file_view(request, workspace_id, name):
"""
Permission:
1. owner
2. group member
3. shared user
"""
# resource check # resource check
workspace = Workspaces.objects.get_workspace_by_id(workspace_id) workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace: if not workspace:
@@ -651,7 +682,13 @@ def dtable_file_view(request, workspace_id, name):
def dtable_asset_access(request, workspace_id, dtable_id, path): def dtable_asset_access(request, workspace_id, dtable_id, path):
"""
Permission:
1. owner
2. group member
3. shared user with `rw` or `admin` permission
"""
# asset file type check # asset file type check
asset_name = os.path.basename(normalize_file_path(path)) asset_name = os.path.basename(normalize_file_path(path))
file_type, file_ext = get_file_type_and_ext(asset_name) file_type, file_ext = get_file_type_and_ext(asset_name)