diff --git a/frontend/src/pages/wikis/wikis.js b/frontend/src/pages/wikis/wikis.js index 8dc56c481d..64ac1c7f4a 100644 --- a/frontend/src/pages/wikis/wikis.js +++ b/frontend/src/pages/wikis/wikis.js @@ -2,7 +2,7 @@ import React, { Component, Fragment } from 'react'; import PropTypes from 'prop-types'; import { Button } from 'reactstrap'; import { seafileAPI } from '../../utils/seafile-api'; -import { gettext, loginUrl } from '../../utils/constants'; +import { gettext, loginUrl, canPublishRepo } from '../../utils/constants'; import toaster from '../../components/toast'; import ModalPortal from '../../components/modal-portal'; import CommonToolbar from '../../components/toolbar/common-toolbar'; @@ -128,9 +128,11 @@ class Wikis extends Component {
- + {canPublishRepo && + + }
diff --git a/frontend/src/utils/constants.js b/frontend/src/utils/constants.js index fcc07050bb..c597384738 100644 --- a/frontend/src/utils/constants.js +++ b/frontend/src/utils/constants.js @@ -39,6 +39,7 @@ export const shareLinkExpireDaysMin = window.app.pageOptions.shareLinkExpireDays export const shareLinkExpireDaysMax = window.app.pageOptions.shareLinkExpireDaysMax; export const maxFileName = window.app.pageOptions.maxFileName; export const enableWiki = window.app.pageOptions.enableWiki; +export const canPublishRepo = window.app.pageOptions.canPublishRepo; export const enableEncryptedLibrary = window.app.pageOptions.enableEncryptedLibrary; export const enableRepoHistorySetting = window.app.pageOptions.enableRepoHistorySetting; export const isSystemStaff = window.app.pageOptions.isSystemStaff; diff --git a/seahub/api2/endpoints/wikis.py b/seahub/api2/endpoints/wikis.py index 60d3fd67c0..7b137f9502 100644 --- a/seahub/api2/endpoints/wikis.py +++ b/seahub/api2/endpoints/wikis.py @@ -96,6 +96,10 @@ class WikisView(APIView): return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check perm + if not request.user.permissions.can_publish_repo(): + error_msg = 'Permission denied.' + return api_error(status.HTTP_403_FORBIDDEN, error_msg) + is_owner = is_repo_owner(request, repo_id, username) if not is_owner: diff --git a/seahub/base/accounts.py b/seahub/base/accounts.py index b6467cda41..4ebbb98c4d 100644 --- a/seahub/base/accounts.py +++ b/seahub/base/accounts.py @@ -222,6 +222,12 @@ class UserPermissions(object): return self._get_perm_by_roles('can_use_wiki') + def can_publish_repo(self): + if not self.can_use_wiki(): + return False + + return self._get_perm_by_roles('can_publish_repo') + class AdminPermissions(object): def __init__(self, user): self.user = user diff --git a/seahub/role_permissions/settings.py b/seahub/role_permissions/settings.py index f166e627ed..44d981bcbd 100644 --- a/seahub/role_permissions/settings.py +++ b/seahub/role_permissions/settings.py @@ -41,6 +41,7 @@ DEFAULT_ENABLED_ROLE_PERMISSIONS = { 'storage_ids': [], 'role_quota': '', 'can_use_wiki': True, + 'can_publish_repo': True, }, GUEST_USER: { 'can_add_repo': False, @@ -60,6 +61,7 @@ DEFAULT_ENABLED_ROLE_PERMISSIONS = { 'storage_ids': [], 'role_quota': '', 'can_use_wiki': False, + 'can_publish_repo': False, }, } diff --git a/seahub/templates/base_for_react.html b/seahub/templates/base_for_react.html index 0dd23e9f9a..3ffc49ab5d 100644 --- a/seahub/templates/base_for_react.html +++ b/seahub/templates/base_for_react.html @@ -77,6 +77,7 @@ shareLinkExpireDaysMax: "{{ share_link_expire_days_max }}", maxFileName: "{{ max_file_name }}", enableWiki: {% if user.permissions.can_use_wiki %} true {% else %} false {% endif %}, + canPublishRepo: {% if user.permissions.can_publish_repo %} true {% else %} false {% endif %}, enableEncryptedLibrary: {% if enable_encrypted_library %} true {% else %} false {% endif %}, enableRepoHistorySetting: {% if enable_repo_history_setting %} true {% else %} false {% endif %}, isSystemStaff: {% if request.user.is_staff %} true {% else %} false {% endif %}, diff --git a/tests/api/endpoints/test_wikis.py b/tests/api/endpoints/test_wikis.py index 4fb397a2cc..64bc530f10 100644 --- a/tests/api/endpoints/test_wikis.py +++ b/tests/api/endpoints/test_wikis.py @@ -1,14 +1,26 @@ import json +import copy +from mock import patch from django.core.urlresolvers import reverse +from django.test import override_settings + import seaserv from seaserv import seafile_api, ccnet_api from seahub.share.utils import share_dir_to_user from seahub.wiki.models import Wiki +from seahub.role_permissions.settings import ENABLED_ROLE_PERMISSIONS from seahub.test_utils import BaseTestCase +TEST_CAN_USE_WIKI_FALSE = copy.deepcopy(ENABLED_ROLE_PERMISSIONS) +TEST_CAN_USE_WIKI_FALSE['default']['can_use_wiki'] = False +TEST_CAN_PUBLISH_REPO_FALSE = copy.deepcopy(ENABLED_ROLE_PERMISSIONS) +TEST_CAN_PUBLISH_REPO_FALSE['default']['can_publish_repo'] = False + + +@override_settings(ENABLE_WIKI=True) class WikisViewTest(BaseTestCase): def setUp(self): self.url = reverse('api-v2.1-wikis') @@ -68,6 +80,27 @@ class WikisViewTest(BaseTestCase): w = Wiki.objects.all()[0] assert w.created_at is not None + def test_403_when_add_wiki_with_can_publish_repo_false(self): + with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_CAN_PUBLISH_REPO_FALSE): + resp = self.client.post(self.url, { + 'repo_id': self.repo.id, + }) + self.assertEqual(403, resp.status_code) + + @override_settings(ENABLE_WIKI=False) + def test_403_when_add_wiki_with_enable_wiki_false(self): + resp = self.client.post(self.url, { + 'repo_id': self.repo.id, + }) + self.assertEqual(403, resp.status_code) + + def test_403_when_add_wiki_with_can_use_wiki_false(self): + with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_CAN_USE_WIKI_FALSE): + resp = self.client.post(self.url, { + 'repo_id': self.repo.id, + }) + self.assertEqual(403, resp.status_code) + class WikiViewTest(BaseTestCase): def setUp(self): diff --git a/tests/seahub/base/test_accounts.py b/tests/seahub/base/test_accounts.py index 7ae60a0180..591347e2cf 100644 --- a/tests/seahub/base/test_accounts.py +++ b/tests/seahub/base/test_accounts.py @@ -1,52 +1,20 @@ +import copy from seahub.test_utils import BaseTestCase from seahub.base.accounts import User, RegistrationForm from seahub.options.models import UserOptions +from seahub.role_permissions.settings import ENABLED_ROLE_PERMISSIONS from post_office.models import Email from django.core.urlresolvers import reverse +from django.test import override_settings from mock import patch -TEST_ADD_PUBLIC_ENABLED_ROLE_PERMISSIONS = { - 'default': { - 'can_add_repo': True, - 'can_add_group': True, - 'can_view_org': True, - 'can_add_public_repo': True, - 'can_use_global_address_book': True, - 'can_generate_share_link': True, - 'can_generate_upload_link': True, - 'can_send_share_link_mail': True, - 'can_invite_guest': False, - 'can_drag_drop_folder_to_sync': True, - 'can_connect_with_android_clients': True, - 'can_connect_with_ios_clients': True, - 'can_connect_with_desktop_clients': True, - 'can_export_files_via_mobile_client': True, - 'storage_ids': [], - 'role_quota': '', - 'can_use_wiki': True, - }, - 'guest': { - 'can_add_repo': False, - 'can_add_group': False, - 'can_view_org': False, - 'can_add_public_repo': False, - 'can_use_global_address_book': False, - 'can_generate_share_link': False, - 'can_generate_upload_link': False, - 'can_send_share_link_mail': False, - 'can_invite_guest': False, - 'can_drag_drop_folder_to_sync': False, - 'can_connect_with_android_clients': False, - 'can_connect_with_ios_clients': False, - 'can_connect_with_desktop_clients': False, - 'can_export_files_via_mobile_client': False, - 'storage_ids': [], - 'role_quota': '', - 'can_use_wiki': False, - }, -} +TEST_CAN_ADD_PUBLICK_REPO_TRUE = copy.deepcopy(ENABLED_ROLE_PERMISSIONS) +TEST_CAN_ADD_PUBLICK_REPO_TRUE['default']['can_add_public_repo'] = True + +TEST_PUBLISH_REPO_CAN_USE_WIKI_FALSE = copy.deepcopy(ENABLED_ROLE_PERMISSIONS) +TEST_PUBLISH_REPO_CAN_USE_WIKI_FALSE['default']['can_use_wiki'] = False CLOUD_MODE_TRUE = True MULTI_TENANCY_TRUE = True @@ -80,6 +48,7 @@ class UserTest(BaseTestCase): assert len(UserOptions.objects.filter(email=test_email)) == 0 +@override_settings(ENABLE_WIKI=True) class UserPermissionsTest(BaseTestCase): def setUp(self): from constance import config @@ -97,7 +66,6 @@ class UserPermissionsTest(BaseTestCase): assert self.user.permissions.can_connect_with_ios_clients() is True assert self.user.permissions.can_connect_with_desktop_clients() is True assert self.user.permissions.can_invite_guest() is False - assert self.user.permissions.can_export_files_via_mobile_client() is True def test_admin_permissions_can_add_public_repo(self): @@ -116,14 +84,14 @@ class UserPermissionsTest(BaseTestCase): # both have self.config.ENABLE_USER_CREATE_ORG_REPO = 1 assert bool(self.config.ENABLE_USER_CREATE_ORG_REPO) is True - with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_ADD_PUBLIC_ENABLED_ROLE_PERMISSIONS): + with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_CAN_ADD_PUBLICK_REPO_TRUE): assert self.user.permissions._get_perm_by_roles('can_add_public_repo') is True assert self.user.permissions.can_add_public_repo() is True # only have can_add_public_repo self.config.ENABLE_USER_CREATE_ORG_REPO = 0 assert bool(self.config.ENABLE_USER_CREATE_ORG_REPO) is False - with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_ADD_PUBLIC_ENABLED_ROLE_PERMISSIONS): + with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_CAN_ADD_PUBLICK_REPO_TRUE): assert self.user.permissions._get_perm_by_roles('can_add_public_repo') is True assert self.user.permissions.can_add_public_repo() is False @@ -139,6 +107,23 @@ class UserPermissionsTest(BaseTestCase): assert self.user.permissions._get_perm_by_roles('can_add_public_repo') is False assert self.user.permissions.can_add_public_repo() is False + def test_can_publish_repo_permission(self): + # enableWIKI = True, and can_use_wiki = True + assert self.user.permissions._get_perm_by_roles('can_publish_repo') is True + assert self.user.permissions.can_publish_repo() is True + + @override_settings(ENABLE_WIKI=False) + def test_can_publish_repo_permission_with_enable_wiki_False(self): + # enableWIKI = False, and can_use_wiki = True + assert self.user.permissions._get_perm_by_roles('can_publish_repo') is True + assert self.user.permissions.can_publish_repo() is False + + def test_can_publish_repo_permission_with_can_use_wiki_False(self): + # enableWIKI = True, and can_use_wiki = False + with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_PUBLISH_REPO_CAN_USE_WIKI_FALSE): + assert self.user.permissions._get_perm_by_roles('can_publish_repo') is True + assert self.user.permissions.can_publish_repo() is False + class RegistrationFormTest(BaseTestCase): def setUp(self): diff --git a/tests/seahub/role_permissions/test_utils.py b/tests/seahub/role_permissions/test_utils.py index 597c178474..54ea696ffd 100644 --- a/tests/seahub/role_permissions/test_utils.py +++ b/tests/seahub/role_permissions/test_utils.py @@ -11,4 +11,4 @@ class UtilsTest(BaseTestCase): assert DEFAULT_USER in get_available_roles() def test_get_enabled_role_permissions_by_role(self): - assert len(get_enabled_role_permissions_by_role(DEFAULT_USER).keys()) == 17 + assert len(get_enabled_role_permissions_by_role(DEFAULT_USER).keys()) == 18