share dtable update user permission

2025-09-21 03:18:23 +00:00 · 2019-06-29 11:26:02 +08:00
parent d459fec1b3
commit b84bffd400
3 changed files with 78 additions and 39 deletions
--- a/frontend/src/components/dialog/share-table-dialog.js
+++ b/frontend/src/components/dialog/share-table-dialog.js
@@ -40,13 +40,6 @@ class ShareTableDialog extends React.Component {
                >{gettext('Share to user')}
                </NavLink>
              </NavItem>
-              {/*<NavItem>*/}
-              {/*  <NavLink*/}
-              {/*    className={activeTab === 'shareToGroup' ? 'active' : ''}*/}
-              {/*    onClick={this.toggle.bind(this, 'shareToGroup')}*/}
-              {/*  >{gettext('Share to group')}*/}
-              {/*  </NavLink>*/}
-              {/*</NavItem>*/}
            </Fragment>
          </Nav>
        </div>
@@ -58,8 +51,6 @@ class ShareTableDialog extends React.Component {
                  currentTable={this.props.currentTable}
                />
              </TabPane>
-              {/*<TabPane tabId="shareToGroup">*/}
-              {/*</TabPane>*/}
            </Fragment>
          </TabContent>
        </div>
--- a/frontend/src/pages/dtable/dtable.js
+++ b/frontend/src/pages/dtable/dtable.js
@@ -43,7 +43,6 @@ class Table extends Component {
      dropdownOpen: false,
      active: false,
    };
-    this.writePermissionList = ['rw', 'admin'];
  }

  onRenameTableCancel = () => {
@@ -119,10 +118,7 @@ class Table extends Component {
    let tableHref = siteRoot + 'workspace/' + this.props.workspaceID + '/dtable/' + table.name + '/';
    let fromShare = this.props.fromShare;
    let fromPersonal = this.props.fromPersonal;
-    let fromGroup = this.props.fromPersonal;
-
-    let hasWritePermission = !fromShare ? true:
-      this.writePermissionList.includes(this.props.table.permission);
+    let fromGroup = this.props.fromGroup;

    return (
      <tr onMouseEnter={this.onMouseEnter} onMouseLeave={this.onMouseLeave} className={this.state.active ? 'tr-highlight' : ''}>
@@ -154,10 +150,10 @@ class Table extends Component {
              >
              </DropdownToggle>
              <DropdownMenu className="drop-list" right={true}>
-                {hasWritePermission &&
+                {(fromPersonal || fromGroup) &&
                <DropdownItem onClick={this.onRenameTableCancel}>{gettext('Rename')}</DropdownItem>
                }
-                {hasWritePermission &&
+                {(fromPersonal || fromGroup) &&
                <DropdownItem onClick={this.onDeleteTableCancel}>{gettext('Delete')}</DropdownItem>
                }
                {fromPersonal &&
@@ -404,6 +400,14 @@ class DTable extends Component {
  }

  render() {
+    let personalWorkspace = this.state.workspaceList.filter(workspace => {
+      return workspace.owner_type === 'Personal';
+    }).pop();
+
+    let groupWorkspaceList = this.state.workspaceList.filter(workspace => {
+      return workspace.owner_type === 'Group';
+    });
+
    return (
      <Fragment>
        <div className="main-panel-north border-left-show">
@@ -433,25 +437,10 @@ class DTable extends Component {
                <p className="error text-center">{this.state.errorMsg}</p>
              }
              {!this.state.loading &&
-                <Fragment>
-                  {this.state.workspaceList.map((workspace, index) => {
-                    return (
              <Workspace
-                        key={index}
-                        workspace={workspace}
+                workspace={personalWorkspace}
                fromShare={false}
              />
-                    );
-                  })}
-                  <div className="my-2">
-                    {this.state.isShowAddDTableDialog &&
-                      <CreateTableDialog
-                        createDTable={this.createDTable}
-                        onAddDTable={this.onAddDTable}
-                      />
-                    }
-                  </div>
-                </Fragment>
              }
              {(!this.state.shareTableLoading && this.state.shareTableList.length > 0) &&
              <Fragment>
@@ -467,6 +456,28 @@ class DTable extends Component {
                }
              </Fragment>
              }
+              {(!this.state.loading && groupWorkspaceList.length > 0) &&
+              <Fragment>
+                <div className="sf-heading">{gettext('Shared with groups')}</div>
+                {groupWorkspaceList.map((workspace, index) => {
+                  return (
+                    <Workspace
+                      key={index}
+                      workspace={workspace}
+                      fromShare={false}
+                    />
+                  );
+                })}
+              </Fragment>
+              }
+              {(!this.state.loading && this.state.isShowAddDTableDialog) &&
+              <div className="my-2">
+                <CreateTableDialog
+                  createDTable={this.createDTable}
+                  onAddDTable={this.onAddDTable}
+                />
+              </div>
+              }
            </div>
          </div>
        </div>
--- a/seahub/api2/endpoints/dtable.py
+++ b/seahub/api2/endpoints/dtable.py
@@ -139,6 +139,10 @@ class DTablesView(APIView):

    def post(self, request):
        """create a table file
+
+        Permission:
+        1. owner
+        2. group member
        """
        # argument check
        table_owner = request.POST.get('owner')
@@ -245,6 +249,11 @@ class DTableView(APIView):

    def get(self, request, workspace_id):
        """view table file, get table download link
+
+        Permission:
+        1. owner
+        2. group member
+        3. shared user
        """
        # argument check
        table_name = request.GET.get('name', None)
@@ -304,6 +313,10 @@ class DTableView(APIView):

    def put(self, request, workspace_id):
        """rename a table
+
+        Permission:
+        1. owner
+        2. group member
        """
        # argument check
        old_table_name = request.data.get('old_name')
@@ -358,8 +371,7 @@ class DTableView(APIView):
                error_msg = 'Permission denied.'
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)
        else:
-            if username != owner and \
-                    check_share_dtable_permission(dtable, username) not in WRITE_PERMISSION_TUPLE:
+            if username != owner:
                error_msg = 'Permission denied.'
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

@@ -391,6 +403,10 @@ class DTableView(APIView):

    def delete(self, request, workspace_id):
        """delete a table
+
+        Permission:
+        1. owner
+        2. group member
        """
        # argument check
        table_name = request.data.get('name')
@@ -431,8 +447,7 @@ class DTableView(APIView):
                error_msg = 'Permission denied.'
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)
        else:
-            if username != owner and \
-                    check_share_dtable_permission(dtable, username) not in WRITE_PERMISSION_TUPLE:
+            if username != owner:
                error_msg = 'Permission denied.'
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

@@ -481,6 +496,11 @@ class DTableUpdateLinkView(APIView):

    def get(self, request, workspace_id):
        """get table file update link
+
+        Permission:
+        1. owner
+        2. group member
+        3. shared user with `rw` or `admin` permission
        """
        # argument check
        table_name = request.GET.get('name', None)
@@ -542,6 +562,11 @@ class DTableAssetUploadLinkView(APIView):

    def get(self, request, workspace_id):
        """get table file upload link
+
+        Permission:
+        1. owner
+        2. group member
+        3. shared user with `rw` or `admin` permission
        """
        # argument check
        table_name = request.GET.get('name', None)
@@ -601,7 +626,13 @@ class DTableAssetUploadLinkView(APIView):

@login_required
 def dtable_file_view(request, workspace_id, name):
+    """

+    Permission:
+    1. owner
+    2. group member
+    3. shared user
+    """
    # resource check
    workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
    if not workspace:
@@ -651,7 +682,13 @@ def dtable_file_view(request, workspace_id, name):


 def dtable_asset_access(request, workspace_id, dtable_id, path):
+    """

+    Permission:
+    1. owner
+    2. group member
+    3. shared user with `rw` or `admin` permission
+    """
    # asset file type check
    asset_name = os.path.basename(normalize_file_path(path))
    file_type, file_ext = get_file_type_and_ext(asset_name)