diff --git a/seahub/api2/endpoints/admin/system_library.py b/seahub/api2/endpoints/admin/system_library.py index 8e5ebc37da..dd5f55b65e 100644 --- a/seahub/api2/endpoints/admin/system_library.py +++ b/seahub/api2/endpoints/admin/system_library.py @@ -1,4 +1,5 @@ # Copyright (c) 2012-2016 Seafile Ltd. +import json import logging from rest_framework.authentication import SessionAuthentication @@ -75,8 +76,9 @@ class AdminSystemLibraryUploadLink(APIView): error_msg = 'Folder %s not found.' % parent_dir return api_error(status.HTTP_404_NOT_FOUND, error_msg) + obj_id = json.dumps({'parent_dir': parent_dir}) token = seafile_api.get_fileserver_access_token(repo_id, - 'dummy', 'upload', 'system', use_onetime=False) + obj_id, 'upload', 'system', use_onetime=False) if not token: error_msg = 'Internal Server Error' diff --git a/seahub/api2/endpoints/admin/upload_links.py b/seahub/api2/endpoints/admin/upload_links.py index b88c7af1aa..26415e07c2 100644 --- a/seahub/api2/endpoints/admin/upload_links.py +++ b/seahub/api2/endpoints/admin/upload_links.py @@ -1,5 +1,6 @@ # Copyright (c) 2012-2016 Seafile Ltd. import os +import json import logging from rest_framework.authentication import SessionAuthentication @@ -179,11 +180,12 @@ class AdminUploadLinkUpload(APIView): return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = uploadlink.path - obj_id = seafile_api.get_dir_id_by_path(repo_id, path) - if not obj_id: + dir_id = seafile_api.get_dir_id_by_path(repo_id, path) + if not dir_id: error_msg = 'Folder not found.' return api_error(status.HTTP_404_NOT_FOUND, error_msg) + obj_id = json.dumps({'parent_dir': path}) upload_token = seafile_api.get_fileserver_access_token(repo_id, obj_id, 'upload-link', uploadlink.username, use_onetime=False) diff --git a/seahub/api2/endpoints/upload_links.py b/seahub/api2/endpoints/upload_links.py index 5a84744e6b..db01771d5c 100644 --- a/seahub/api2/endpoints/upload_links.py +++ b/seahub/api2/endpoints/upload_links.py @@ -1,5 +1,6 @@ # Copyright (c) 2012-2016 Seafile Ltd. import os +import json import logging from constance import config from dateutil.relativedelta import relativedelta @@ -282,8 +283,9 @@ class UploadLinkUpload(APIView): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) + obj_id = json.dumps({'parent_dir': path}) token = seafile_api.get_fileserver_access_token(repo_id, - dir_id, 'upload-link', uls.username, use_onetime=False) + obj_id, 'upload-link', uls.username, use_onetime=False) if not token: error_msg = 'Internal Server Error' diff --git a/seahub/api2/endpoints/via_repo_token.py b/seahub/api2/endpoints/via_repo_token.py index 66ebc9e85d..ea4b5a67f9 100644 --- a/seahub/api2/endpoints/via_repo_token.py +++ b/seahub/api2/endpoints/via_repo_token.py @@ -366,7 +366,10 @@ class ViaRepoUploadLinkView(APIView): if check_quota(repo_id) < 0: return api_error(HTTP_443_ABOVE_QUOTA, "Out of quota.") - obj_id = json.dumps({'anonymous_user': request.repo_api_token_obj.app_name}) if is_pro_version() else 'dummy' + obj_data = {'parent_dir': parent_dir} + if is_pro_version(): + obj_data['anonymous_user'] = request.repo_api_token_obj.app_name + obj_id = json.dumps(obj_data) token = seafile_api.get_fileserver_access_token(repo_id, obj_id, 'upload', '', use_onetime=False) diff --git a/seahub/api2/views.py b/seahub/api2/views.py index 71012fdbe1..d4e633cb0c 100644 --- a/seahub/api2/views.py +++ b/seahub/api2/views.py @@ -1784,8 +1784,9 @@ class UploadLinkView(APIView): if check_quota(repo_id) < 0: return api_error(HTTP_443_ABOVE_QUOTA, _("Out of quota.")) + obj_id = json.dumps({'parent_dir': parent_dir}) token = seafile_api.get_fileserver_access_token(repo_id, - 'dummy', 'upload', request.user.username, use_onetime=False) + obj_id, 'upload', request.user.username, use_onetime=False) if not token: error_msg = 'Internal Server Error' @@ -1876,8 +1877,9 @@ class UploadBlksLinkView(APIView): if check_quota(repo_id) < 0: return api_error(HTTP_443_ABOVE_QUOTA, _("Out of quota.")) + obj_id = json.dumps({'parent_dir': parent_dir}) token = seafile_api.get_fileserver_access_token(repo_id, - 'dummy', 'upload-blks-api', request.user.username, use_onetime=False) + obj_id, 'upload-blks-api', request.user.username, use_onetime=False) if not token: error_msg = 'Internal Server Error' @@ -1921,8 +1923,9 @@ class UploadBlksLinkView(APIView): if check_quota(repo_id) < 0: return api_error(HTTP_443_ABOVE_QUOTA, _("Out of quota.")) + obj_id = json.dumps({'parent_dir': parent_dir}) token = seafile_api.get_fileserver_access_token(repo_id, - 'dummy', 'upload', request.user.username, use_onetime=False) + obj_id, 'upload', request.user.username, use_onetime=False) if not token: error_msg = 'Internal Server Error' diff --git a/seahub/views/ajax.py b/seahub/views/ajax.py index acf5e8a9c1..54630cc8a5 100644 --- a/seahub/views/ajax.py +++ b/seahub/views/ajax.py @@ -382,7 +382,12 @@ def get_file_upload_url_ul(request, token): status=403, content_type=content_type) dir_id = seafile_api.get_dir_id_by_path(uls.repo_id, uls.path) - args = [repo_id, dir_id, 'upload-link', shared_by] + if not dir_id: + return HttpResponse(json.dumps({"error": _("Directory does not exist.")}), + status=404, content_type=content_type) + + obj_id = json.dumps({'parent_dir': uls.path}) + args = [repo_id, obj_id, 'upload-link', shared_by] kwargs = { 'use_onetime': False, } diff --git a/tests/api/endpoints/admin/test_upload_links.py b/tests/api/endpoints/admin/test_upload_links.py index 17f45c9786..4dc7811fae 100644 --- a/tests/api/endpoints/admin/test_upload_links.py +++ b/tests/api/endpoints/admin/test_upload_links.py @@ -16,7 +16,7 @@ class AdminUploadLinksTest(BaseTestCase): def setUp(self): self.repo_id = self.repo.id - self.folder_path= self.folder + self.folder_path = self.folder self.invalid_token = '00000000000000000000' def tearDown(self): @@ -157,7 +157,7 @@ class AdminUploadLinkUploadTest(BaseTestCase): assert 'upload' in json_resp['upload_link'] # test upload file via `upload_link` - upload_file_test(json_resp['upload_link']) + upload_file_test(json_resp['upload_link'], parent_dir=self.folder_path) self._remove_upload_link(token) diff --git a/tests/api/endpoints/test_upload_links.py b/tests/api/endpoints/test_upload_links.py index e2337830f3..3007eed076 100644 --- a/tests/api/endpoints/test_upload_links.py +++ b/tests/api/endpoints/test_upload_links.py @@ -225,7 +225,7 @@ class UploadLinkUploadTest(BaseTestCase): assert 'upload' in json_resp['upload_link'] # test upload file via `upload_link` - upload_file_test(json_resp['upload_link']) + upload_file_test(json_resp['upload_link'], parent_dir=self.folder_path) self._remove_upload_link(token) diff --git a/tests/common/utils.py b/tests/common/utils.py index 4ae2e408ff..90660d392d 100644 --- a/tests/common/utils.py +++ b/tests/common/utils.py @@ -21,11 +21,11 @@ def urljoin(base, *args): def apiurl(*parts): return urljoin(BASE_URL, *parts) -def upload_file_test(upload_link): +def upload_file_test(upload_link, parent_dir='/'): file_name = randstring(6) files = { 'file': (file_name, 'Some lines in this file'), - 'parent_dir': '/', + 'parent_dir': parent_dir, } resp = requests.post(upload_link, files=files) diff --git a/tests/seahub/views/ajax/test_get_file_upload_url_ul.py b/tests/seahub/views/ajax/test_get_file_upload_url_ul.py index b1bb993959..33f8bf3fb1 100644 --- a/tests/seahub/views/ajax/test_get_file_upload_url_ul.py +++ b/tests/seahub/views/ajax/test_get_file_upload_url_ul.py @@ -4,7 +4,7 @@ from django.core.urlresolvers import reverse from django.test import override_settings from seahub.share.models import UploadLinkShare -from seahub.utils import EMPTY_SHA1 +from seahub.utils import normalize_dir_path from seahub.test_utils import BaseTestCase @@ -13,6 +13,8 @@ class GetFileUploadUrlULTest(BaseTestCase): upload_link = UploadLinkShare.objects.create_upload_link_share( self.user.username, self.repo.id, self.folder, None, None) + self.obj_id = json.dumps({'parent_dir': normalize_dir_path(self.folder)}) + self.url = reverse('get_file_upload_url_ul', args=[ upload_link.token]) + '?r=' + self.repo.id @@ -28,7 +30,7 @@ class GetFileUploadUrlULTest(BaseTestCase): self.login_as(self.user) resp = self.client.get(self.url, HTTP_X_REQUESTED_WITH='XMLHttpRequest') mock_get_fileserver_access_token.assert_called_with( - self.repo.id, EMPTY_SHA1, + self.repo.id, self.obj_id, 'upload-link', self.user.username, use_onetime=False) json_resp = json.loads(resp.content) assert 'test_token' in json_resp['url'] @@ -40,7 +42,7 @@ class GetFileUploadUrlULTest(BaseTestCase): resp = self.client.get(self.url, HTTP_X_REQUESTED_WITH='XMLHttpRequest') mock_get_fileserver_access_token.assert_called_with( - self.repo.id, EMPTY_SHA1, + self.repo.id, self.obj_id, 'upload-link', self.user.username, use_onetime=False) json_resp = json.loads(resp.content) assert 'test_token' in json_resp['url'] @@ -55,7 +57,7 @@ class GetFileUploadUrlULTest(BaseTestCase): session.save() resp = self.client.get(self.url, HTTP_X_REQUESTED_WITH='XMLHttpRequest') mock_get_fileserver_access_token.assert_called_with( - self.repo.id, EMPTY_SHA1, + self.repo.id, self.obj_id, 'upload-link', self.user.username, use_onetime=False) json_resp = json.loads(resp.content) assert 'test_token' in json_resp['url'] @@ -70,7 +72,7 @@ class GetFileUploadUrlULTest(BaseTestCase): resp = self.client.get(self.url, HTTP_X_REQUESTED_WITH='XMLHttpRequest') mock_get_fileserver_access_token.assert_called_with( - self.repo.id, EMPTY_SHA1, + self.repo.id, self.obj_id, 'upload-link', self.user.username, use_onetime=False, check_virus=True) json_resp = json.loads(resp.content) assert 'test_token' in json_resp['url']