From d7cac0d24cb0c9d18c09178fb1dd06d1adf1da7c Mon Sep 17 00:00:00 2001
From: lian <imwhatiam123@gmail.com>
Date: Fri, 12 Jun 2015 16:04:10 +0800
Subject: [PATCH] [guest-user] add permission for guest user

disable generate shared link when user's role is GUEST
---
 seahub/api2/authentication.py      |  1 +
 seahub/api2/views.py               |  6 ++++++
 seahub/base/accounts.py            |  3 +++
 seahub/share/views.py              | 12 ++++++++++++
 seahub/templates/js/templates.html |  6 +++---
 seahub/templates/libraries.html    |  3 +++
 static/scripts/app/router.js       | 11 ++++++++++-
 static/scripts/app/views/dir.js    |  1 +
 static/scripts/app/views/dirent.js |  1 +
 9 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/seahub/api2/authentication.py b/seahub/api2/authentication.py
index 28997f7f57..18fe244787 100644
--- a/seahub/api2/authentication.py
+++ b/seahub/api2/authentication.py
@@ -70,6 +70,7 @@ class TokenAuthentication(BaseAuthentication):
             user.permissions.can_add_repo = lambda: False
             user.permissions.can_add_group = lambda: False
             user.permissions.can_view_org = lambda: False
+            user.permissions.can_generate_shared_link = lambda: False
 
     def authenticate_v1(self, request, key):
         try:
diff --git a/seahub/api2/views.py b/seahub/api2/views.py
index 6c7e0e7475..6ceaf9fdd3 100644
--- a/seahub/api2/views.py
+++ b/seahub/api2/views.py
@@ -787,6 +787,7 @@ class Repos(APIView):
         return Response(repos_json)
 
     def post(self, request, format=None):
+
         if not request.user.permissions.can_add_repo():
             return api_error(status.HTTP_403_FORBIDDEN,
                              'You do not have permission to create library.')
@@ -1938,6 +1939,11 @@ class FileSharedLinkView(APIView):
     throttle_classes = (UserRateThrottle, )
 
     def put(self, request, repo_id, format=None):
+
+        if not request.user.permissions.can_generate_shared_link():
+            return api_error(status.HTTP_403_FORBIDDEN,
+                             'You do not have permission to generate shared link.')
+
         # generate file shared link
         username = request.user.username
         path = unquote(request.DATA.get('p', '').encode('utf-8'))
diff --git a/seahub/base/accounts.py b/seahub/base/accounts.py
index 378a44c02a..01a4c7eca6 100644
--- a/seahub/base/accounts.py
+++ b/seahub/base/accounts.py
@@ -104,6 +104,9 @@ class UserPermissions(object):
     def can_add_group(self):
         return True
 
+    def can_generate_shared_link(self):
+        return True
+
     def can_view_org(self):
         if MULTI_TENANCY:
             return True if self.user.org is not None else False
diff --git a/seahub/share/views.py b/seahub/share/views.py
index 7893bc6777..10de0d903b 100644
--- a/seahub/share/views.py
+++ b/seahub/share/views.py
@@ -1367,6 +1367,12 @@ def ajax_get_upload_link(request):
         return HttpResponse(json.dumps(data), content_type=content_type)
 
     elif request.method == 'POST':
+
+        if not request.user.permissions.can_generate_shared_link():
+            err = _('You do not have permission to generate shared link')
+            data = json.dumps({'error': err})
+            return HttpResponse(data, status=403, content_type=content_type)
+
         repo_id = request.POST.get('repo_id', '')
         path = request.POST.get('p', '')
         use_passwd = True if int(request.POST.get('use_passwd', '0')) == 1 else False
@@ -1433,6 +1439,12 @@ def ajax_get_download_link(request):
         return HttpResponse(json.dumps(data), content_type=content_type)
 
     elif request.method == 'POST':
+
+        if not request.user.permissions.can_generate_shared_link():
+            err = _('You do not have permission to generate shared link')
+            data = json.dumps({'error': err})
+            return HttpResponse(data, status=403, content_type=content_type)
+
         repo_id = request.POST.get('repo_id', '')
         share_type = request.POST.get('type', 'f')  # `f` or `d`
         path = request.POST.get('p', '')
diff --git a/seahub/templates/js/templates.html b/seahub/templates/js/templates.html
index f166f6a284..13985f9600 100644
--- a/seahub/templates/js/templates.html
+++ b/seahub/templates/js/templates.html
@@ -132,7 +132,7 @@
     <button id="add-new-dir" class="op-btn">{% trans "New Folder" %}</button>
     <button id="add-new-file" class="op-btn">{% trans "New File" %}</button>
     <% } %>
-    <% if (!encrypted) { %>
+    <% if (!encrypted && can_generate_shared_link) { %>
     <button class="op-btn" id="share-cur-dir">{% trans "Share" %}</button>
     <% } %>
     <% if (path == '/') { %>
@@ -205,7 +205,7 @@
         <div class="repo-file-op vh">
             <div class="displayed-op">
                 <a class="op download" href="{{ SITE_ROOT }}repo/download_dir/<%= repo_id %>/?p=<% print(encodeURIComponent(dirent_path)); %>" title="{% trans "Download" %}"><img src="{{ MEDIA_URL }}img/download-orange.png" alt="" /></a>
-                <% if (!repo_encrypted) { %>
+                <% if (!repo_encrypted && can_generate_shared_link) { %>
                 <a class="op share" href="#" title="{% trans "Share" %}"><img src="{{ MEDIA_URL }}img/share-orange.png" alt="" /></a>
                 <% } %>
                 <% if (dirent.perm == 'rw') { %>
@@ -272,7 +272,7 @@
         <div class="repo-file-op vh">
             <div class="displayed-op">
                 <a class="op download" href="{{ SITE_ROOT }}repo/<%= repo_id %>/<%= dirent.obj_id %>/download/?p=<% print(encodeURIComponent(dirent_path)); %>" title="{% trans "Download" %}"><img src="{{ MEDIA_URL }}img/download-orange.png" alt="" /></a>
-                <% if (!repo_encrypted) { %>
+                <% if (!repo_encrypted && can_generate_shared_link) { %>
                 <a class="op share" href="#" title="{% trans "Share" %}"><img src="{{ MEDIA_URL }}img/share-orange.png" alt="" /></a>
                 <% } %>
                 <% if (dirent.perm == 'rw') { %>
diff --git a/seahub/templates/libraries.html b/seahub/templates/libraries.html
index c6cf378a9e..4f29497585 100644
--- a/seahub/templates/libraries.html
+++ b/seahub/templates/libraries.html
@@ -56,7 +56,9 @@
             <li class="tab"><a href="#shared-libs/" class="a" id="shared-lib-tab">{% trans "Shared" %}</a></li>
         </ul>
         <div class="fright">
+            {% if user.permissions.can_add_repo %}
             <button class="repo-create"><img src="{{ MEDIA_URL }}img/add.png" alt="" class="add vam" /><span class="vam">{% trans "New Library" %}</span></button>
+            {% endif %}
             {% if sub_lib_enabled %}
             <button id="sub-lib-create" class="hide" title="{% trans "New Sub-library" %}"><img src="{{ MEDIA_URL }}img/add.png" alt="" class="add vam" /><span class="vam">{% trans "New Sub-library" %}</span></button>
             {% endif %}
@@ -251,6 +253,7 @@ app["pageOptions"] = {
     username: "{{request.user.username}}",
     events_enabled: {% if events_enabled %} true {% else %} false {% endif %},
     can_add_repo: {% if user.permissions.can_add_repo %} true {% else %} false {% endif %},
+    can_generate_shared_link: {% if user.permissions.can_generate_shared_link %} true {% else %} false {% endif %},
     is_staff: {% if request.user.is_staff %} true {% else %} false {% endif %},
     repo_password_min_length: {{ repo_password_min_length }},
     guide_enabled: {% if guide_enabled %} true {% else %} false {% endif %},
diff --git a/static/scripts/app/router.js b/static/scripts/app/router.js
index a59bfa9222..3a8d524602 100644
--- a/static/scripts/app/router.js
+++ b/static/scripts/app/router.js
@@ -14,7 +14,7 @@ define([
 
     var Router = Backbone.Router.extend({
         routes: {
-            '': 'showMyRepos',
+            '': 'showRepos',
             'my-libs/': 'showMyRepos',
             'my-libs/lib/:repo_id(/*path)': 'showMyRepoDir',
             'my-sub-libs/': 'showMySubRepos',
@@ -61,6 +61,15 @@ define([
             }
         },
 
+        showRepos: function() {
+            this.switchCurrentView(this.myHomeView);
+            if (app.pageOptions.can_add_repo) {
+                this.myHomeView.showMyRepos();
+            } else {
+                this.myHomeView.showSharedRepos();
+            }
+        },
+
         showMyRepos: function() {
             this.switchCurrentView(this.myHomeView);
             this.myHomeView.showMyRepos();
diff --git a/static/scripts/app/views/dir.js b/static/scripts/app/views/dir.js
index 111a5a6e81..02a2d16d6b 100644
--- a/static/scripts/app/views/dir.js
+++ b/static/scripts/app/views/dir.js
@@ -273,6 +273,7 @@ define([
                     site_root: app.pageOptions.site_root,
                     is_repo_owner: dir.is_repo_owner,
                     is_virtual: dir.is_virtual,
+                    can_generate_shared_link: app.pageOptions.can_generate_shared_link,
                     enable_upload_folder: app.pageOptions.enable_upload_folder
                 })));
             },
diff --git a/static/scripts/app/views/dirent.js b/static/scripts/app/views/dirent.js
index ddfad60101..eaa13d3ee2 100644
--- a/static/scripts/app/views/dirent.js
+++ b/static/scripts/app/views/dirent.js
@@ -38,6 +38,7 @@ define([
                 category: dir.category,
                 repo_id: dir.repo_id,
                 is_repo_owner: dir.is_repo_owner,
+                can_generate_shared_link: app.pageOptions.can_generate_shared_link,
                 repo_encrypted: dir.encrypted
             }));
             return this;