[api] add delete be shared repo api

2025-09-14 06:11:16 +00:00 · 2015-12-23 18:53:12 +08:00
parent 6dd42d4f7e
commit bbb9e8664e
3 changed files with 161 additions and 0 deletions
--- a/seahub/api2/endpoints/be_shared_repo.py
+++ b/seahub/api2/endpoints/be_shared_repo.py
@@ -0,0 +1,86 @@
 from rest_framework.authentication import SessionAuthentication
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.throttling import UserRateThrottle
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework import status
 import seaserv
 from seaserv import seafile_api
 from seahub.api2.authentication import TokenAuthentication
 from seahub.api2.utils import api_error
 from seahub.utils import is_valid_username, is_org_context
 json_content_type = 'application/json; charset=utf-8'
 class BeSharedReposView(APIView):
    authentication_classes = (TokenAuthentication, SessionAuthentication )
    permission_classes = (IsAuthenticated,)
    throttle_classes = (UserRateThrottle, )
    def delete(self, request, repo_id, format=None):
        if not seafile_api.get_repo(repo_id):
            return api_error(status.HTTP_400_BAD_REQUEST, 'Library does not exist')
        username = request.user.username
        share_type = request.GET.get('share_type', None)
        if share_type == 'personal':
            from_email = request.GET.get('from', None)
            if not is_valid_username(from_email):
                return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument')
            if is_org_context(request):
                org_id = request.user.org.org_id
                seaserv.seafserv_threaded_rpc.org_remove_share(org_id,
                                                               repo_id,
                                                               from_email,
                                                               username)
            else:
                seaserv.remove_share(repo_id, from_email, username)
        elif share_type == 'group':
            from_email = request.GET.get('from', None)
            if not is_valid_username(from_email):
                return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument')
            group_id = request.GET.get('group_id', None)
            group = seaserv.get_group(group_id)
            if not group:
                return api_error(status.HTTP_400_BAD_REQUEST, 'Group does not exist')
            if not seaserv.check_group_staff(group_id, username) and \
                not seafile_api.is_repo_owner(username, repo_id):
                return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied')
            if seaserv.is_org_group(group_id):
                org_id = seaserv.get_org_id_by_group(group_id)
                seaserv.del_org_group_repo(repo_id, org_id, group_id)
            else:
                seafile_api.unset_group_repo(repo_id, group_id, from_email)
        elif share_type == 'public':
            if is_org_context(request):
                org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
                is_org_repo_owner = True if org_repo_owner == username else False
                if not request.user.org.is_staff and not is_org_repo_owner:
                    return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied')
                org_id = request.user.org.org_id
                seaserv.seafserv_threaded_rpc.unset_org_inner_pub_repo(org_id,
                                                                       repo_id)
            else:
                if not seafile_api.is_repo_owner(username, repo_id) and \
                    not request.user.is_staff:
                    return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied')
                seaserv.unset_inner_pub_repo(repo_id)
        else:
            return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument')
        return Response({'success': True}, status=status.HTTP_200_OK)
--- a/seahub/api2/urls.py
+++ b/seahub/api2/urls.py
@@ -6,6 +6,7 @@ from .views_auth import LogoutDeviceView, ClientLoginTokenView
 from .endpoints.dir_shared_items import DirSharedItemsEndpoint
 from .endpoints.account import Account
 from .endpoints.shared_upload_links import SharedUploadLinksView
 from .endpoints.be_shared_repo import BeSharedReposView
 urlpatterns = patterns('',
    url(r'^ping/$', Ping.as_view()),
@@ -49,6 +50,7 @@ urlpatterns = patterns('',
    url(r'^shared-repos/$', SharedRepos.as_view(), name='sharedrepos'),
    url(r'^shared-repos/(?P<repo_id>[-0-9-a-f]{36})/$', SharedRepo.as_view(), name='sharedrepo'),
    url(r'^beshared-repos/$', BeShared.as_view(), name='beshared'),
    url(r'^beshared-repos/(?P<repo_id>[-0-9-a-f]{36})/$', BeSharedReposView.as_view(), name='beshared-repos'),
    url(r'^default-repo/$', DefaultRepoView.as_view(), name='api2-defaultrepo'),
    url(r'^shared-links/$', SharedLinksView.as_view()),
    url(r'^shared-upload-links/$', SharedUploadLinksView.as_view()),
--- a/tests/api/endpoints/test_be_shared_repos.py
+++ b/tests/api/endpoints/test_be_shared_repos.py
@@ -0,0 +1,73 @@
 import json
 import seaserv
 from seaserv import seafile_api
 from seahub.test_utils import BaseTestCase
 class BeSharedReposTest(BaseTestCase):
    def setUp(self):
        self.login_as(self.admin)
    def tearDown(self):
        self.remove_repo()
    def _add_shared_items(self):
        # create repo for user
        sub_repo_id = seafile_api.create_virtual_repo(self.repo.id,
                                                      self.folder,
                                                      self.repo.name, '',
                                                      self.user.username)
        self.sub_repo_id = sub_repo_id
        # create group for admin
        admin_group_id = seaserv.ccnet_threaded_rpc.create_group('admin-group',
                self.admin.email)
        self.admin_group_id = admin_group_id
        # A user shares a folder to admin with permission 'rw'.
        seafile_api.share_repo(sub_repo_id, self.user.username,
                               self.admin.username, 'rw')
        # A user shares a folder to admin group with permission 'rw'.
        seafile_api.set_group_repo(sub_repo_id, admin_group_id,
                                   self.user.username, 'rw')
        # A user shares a folder to public with permission 'rw'.
        seafile_api.add_inner_pub_repo(sub_repo_id, 'rw')
    def test_can_delete_personal_shared_repo(self):
        self._add_shared_items()
        resp = self.client.delete('/api2/beshared-repos/%s/?share_type=personal&from=%s' % (
            self.sub_repo_id,
            self.user.email,
        ))
        self.assertEqual(200, resp.status_code)
        json_resp = json.loads(resp.content)
        assert json_resp['success'] is True
    def test_can_delete_group_repo(self):
        self._add_shared_items()
        resp = self.client.delete('/api2/beshared-repos/%s/?share_type=group&from=%s&group_id=%d' % (
            self.sub_repo_id,
            self.user.email,
            self.admin_group_id,
        ))
        self.assertEqual(200, resp.status_code)
        json_resp = json.loads(resp.content)
        assert json_resp['success'] is True
    def test_can_delete_public_repo(self):
        self._add_shared_items()
        resp = self.client.delete('/api2/beshared-repos/%s/?share_type=public' % (
            self.sub_repo_id,
        ))
        self.assertEqual(200, resp.status_code)
        json_resp = json.loads(resp.content)
        assert json_resp['success'] is True