add can publish repo permission (#3402)

add can_publish_repo user role permission

frontend/src/pages/wikis/wikis.js

@@ -2,7 +2,7 @@ import React, { Component, Fragment } from 'react';
 import PropTypes from 'prop-types';
 import { Button } from 'reactstrap';
 import { seafileAPI } from '../../utils/seafile-api';
-import { gettext, loginUrl } from '../../utils/constants';
+import { gettext, loginUrl, canPublishRepo } from '../../utils/constants';
 import toaster from '../../components/toast';
 import ModalPortal from '../../components/modal-portal';
 import CommonToolbar from '../../components/toolbar/common-toolbar';
@@ -128,9 +128,11 @@ class Wikis extends Component {
           <div className="cur-view-toolbar">
             <span className="sf2-icon-menu side-nav-toggle hidden-md-up d-md-none" title="Side Nav Menu" onClick={this.props.onShowSidePanel}></span>
             <div className="operation">
+              {canPublishRepo &&
                 <Button className="btn btn-secondary operation-item" onClick={this.onSelectToggle}>
                   {gettext('Publish a Library')}
                 </Button>
+              }
             </div>
           </div>
           <CommonToolbar onSearchedClick={this.props.onSearchedClick} />

frontend/src/utils/constants.js

@@ -39,6 +39,7 @@ export const shareLinkExpireDaysMin = window.app.pageOptions.shareLinkExpireDays
 export const shareLinkExpireDaysMax = window.app.pageOptions.shareLinkExpireDaysMax;
 export const maxFileName = window.app.pageOptions.maxFileName;
 export const enableWiki = window.app.pageOptions.enableWiki;
+export const canPublishRepo = window.app.pageOptions.canPublishRepo;
 export const enableEncryptedLibrary = window.app.pageOptions.enableEncryptedLibrary;
 export const enableRepoHistorySetting = window.app.pageOptions.enableRepoHistorySetting;
 export const isSystemStaff = window.app.pageOptions.isSystemStaff;

seahub/api2/endpoints/wikis.py

@@ -96,6 +96,10 @@ class WikisView(APIView):
             return api_error(status.HTTP_404_NOT_FOUND, error_msg)
 
         # check perm
+        if not request.user.permissions.can_publish_repo():
+            error_msg = 'Permission denied.'
+            return api_error(status.HTTP_403_FORBIDDEN, error_msg)
+
         is_owner = is_repo_owner(request, repo_id, username)
 
         if not is_owner:

seahub/base/accounts.py

@@ -222,6 +222,12 @@ class UserPermissions(object):
 
         return self._get_perm_by_roles('can_use_wiki')
 
+    def can_publish_repo(self):
+        if not self.can_use_wiki():
+            return False
+
+        return self._get_perm_by_roles('can_publish_repo')
+
 class AdminPermissions(object):
     def __init__(self, user):
         self.user = user

seahub/role_permissions/settings.py

@@ -41,6 +41,7 @@ DEFAULT_ENABLED_ROLE_PERMISSIONS = {
         'storage_ids': [],
         'role_quota': '',
         'can_use_wiki': True,
+        'can_publish_repo': True,
     },
     GUEST_USER: {
         'can_add_repo': False,
@@ -60,6 +61,7 @@ DEFAULT_ENABLED_ROLE_PERMISSIONS = {
         'storage_ids': [],
         'role_quota': '',
         'can_use_wiki': False,
+        'can_publish_repo': False,
     },
 }
 

seahub/templates/base_for_react.html

@@ -77,6 +77,7 @@
             shareLinkExpireDaysMax: "{{ share_link_expire_days_max }}",
             maxFileName: "{{ max_file_name }}",
             enableWiki: {% if user.permissions.can_use_wiki %} true {% else %} false {% endif %},
+            canPublishRepo: {% if user.permissions.can_publish_repo %} true {% else %} false {% endif %},
             enableEncryptedLibrary: {% if enable_encrypted_library %} true {% else %} false {% endif %},
             enableRepoHistorySetting: {% if enable_repo_history_setting %} true {% else %} false {% endif %},
             isSystemStaff: {% if request.user.is_staff %} true {% else %} false {% endif %},

tests/api/endpoints/test_wikis.py

@@ -1,14 +1,26 @@
 import json
+import copy
+from mock import patch
 
 from django.core.urlresolvers import reverse
+from django.test import override_settings
+
 import seaserv
 from seaserv import seafile_api, ccnet_api
 
 from seahub.share.utils import share_dir_to_user
 from seahub.wiki.models import Wiki
+from seahub.role_permissions.settings import ENABLED_ROLE_PERMISSIONS
 from seahub.test_utils import BaseTestCase
 
+TEST_CAN_USE_WIKI_FALSE = copy.deepcopy(ENABLED_ROLE_PERMISSIONS)
+TEST_CAN_USE_WIKI_FALSE['default']['can_use_wiki'] = False
 
+TEST_CAN_PUBLISH_REPO_FALSE = copy.deepcopy(ENABLED_ROLE_PERMISSIONS)
+TEST_CAN_PUBLISH_REPO_FALSE['default']['can_publish_repo'] = False
+
+
+@override_settings(ENABLE_WIKI=True)
 class WikisViewTest(BaseTestCase):
     def setUp(self):
         self.url = reverse('api-v2.1-wikis')
@@ -68,6 +80,27 @@ class WikisViewTest(BaseTestCase):
         w = Wiki.objects.all()[0]
         assert w.created_at is not None
 
+    def test_403_when_add_wiki_with_can_publish_repo_false(self):
+        with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_CAN_PUBLISH_REPO_FALSE):
+            resp = self.client.post(self.url, {
+                'repo_id': self.repo.id,
+            })
+            self.assertEqual(403, resp.status_code)
+
+    @override_settings(ENABLE_WIKI=False)
+    def test_403_when_add_wiki_with_enable_wiki_false(self):
+        resp = self.client.post(self.url, {
+            'repo_id': self.repo.id,
+        })
+        self.assertEqual(403, resp.status_code)
+
+    def test_403_when_add_wiki_with_can_use_wiki_false(self):
+        with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_CAN_USE_WIKI_FALSE):
+            resp = self.client.post(self.url, {
+                'repo_id': self.repo.id,
+            })
+            self.assertEqual(403, resp.status_code)
+
 
 class WikiViewTest(BaseTestCase):
     def setUp(self):

tests/seahub/base/test_accounts.py

@@ -1,52 +1,20 @@
+import copy
 from seahub.test_utils import BaseTestCase
 from seahub.base.accounts import User, RegistrationForm
 
 from seahub.options.models import UserOptions
+from seahub.role_permissions.settings import ENABLED_ROLE_PERMISSIONS
 from post_office.models import Email
 from django.core.urlresolvers import reverse
+from django.test import override_settings
 from mock import patch
 
 
-TEST_ADD_PUBLIC_ENABLED_ROLE_PERMISSIONS = {
+TEST_CAN_ADD_PUBLICK_REPO_TRUE = copy.deepcopy(ENABLED_ROLE_PERMISSIONS)
-    'default': {
+TEST_CAN_ADD_PUBLICK_REPO_TRUE['default']['can_add_public_repo'] = True
-        'can_add_repo': True,
+
-        'can_add_group': True,
+TEST_PUBLISH_REPO_CAN_USE_WIKI_FALSE = copy.deepcopy(ENABLED_ROLE_PERMISSIONS)
-        'can_view_org': True,
+TEST_PUBLISH_REPO_CAN_USE_WIKI_FALSE['default']['can_use_wiki'] = False
-        'can_add_public_repo': True,
-        'can_use_global_address_book': True,
-        'can_generate_share_link': True,
-        'can_generate_upload_link': True,
-        'can_send_share_link_mail': True,
-        'can_invite_guest': False,
-        'can_drag_drop_folder_to_sync': True,
-        'can_connect_with_android_clients': True,
-        'can_connect_with_ios_clients': True,
-        'can_connect_with_desktop_clients': True,
-        'can_export_files_via_mobile_client': True,
-        'storage_ids': [],
-        'role_quota': '',
-        'can_use_wiki': True,
-    },
-    'guest': {
-        'can_add_repo': False,
-        'can_add_group': False,
-        'can_view_org': False,
-        'can_add_public_repo': False,
-        'can_use_global_address_book': False,
-        'can_generate_share_link': False,
-        'can_generate_upload_link': False,
-        'can_send_share_link_mail': False,
-        'can_invite_guest': False,
-        'can_drag_drop_folder_to_sync': False,
-        'can_connect_with_android_clients': False,
-        'can_connect_with_ios_clients': False,
-        'can_connect_with_desktop_clients': False,
-        'can_export_files_via_mobile_client': False,
-        'storage_ids': [],
-        'role_quota': '',
-        'can_use_wiki': False,
-    },
-}
 
 CLOUD_MODE_TRUE = True
 MULTI_TENANCY_TRUE = True
@@ -80,6 +48,7 @@ class UserTest(BaseTestCase):
         
         assert len(UserOptions.objects.filter(email=test_email)) == 0
 
+@override_settings(ENABLE_WIKI=True)
 class UserPermissionsTest(BaseTestCase):
     def setUp(self):
         from constance import config
@@ -97,7 +66,6 @@ class UserPermissionsTest(BaseTestCase):
         assert self.user.permissions.can_connect_with_ios_clients() is True
         assert self.user.permissions.can_connect_with_desktop_clients() is True
         assert self.user.permissions.can_invite_guest() is False
-
         assert self.user.permissions.can_export_files_via_mobile_client() is True
 
     def test_admin_permissions_can_add_public_repo(self):
@@ -116,14 +84,14 @@ class UserPermissionsTest(BaseTestCase):
         # both have
         self.config.ENABLE_USER_CREATE_ORG_REPO = 1
         assert bool(self.config.ENABLE_USER_CREATE_ORG_REPO) is True
-        with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_ADD_PUBLIC_ENABLED_ROLE_PERMISSIONS):
+        with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_CAN_ADD_PUBLICK_REPO_TRUE):
             assert self.user.permissions._get_perm_by_roles('can_add_public_repo') is True
             assert self.user.permissions.can_add_public_repo() is True
 
         # only have can_add_public_repo
         self.config.ENABLE_USER_CREATE_ORG_REPO = 0
         assert bool(self.config.ENABLE_USER_CREATE_ORG_REPO) is False
-        with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_ADD_PUBLIC_ENABLED_ROLE_PERMISSIONS):
+        with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_CAN_ADD_PUBLICK_REPO_TRUE):
             assert self.user.permissions._get_perm_by_roles('can_add_public_repo') is True
             assert self.user.permissions.can_add_public_repo() is False
 
@@ -139,6 +107,23 @@ class UserPermissionsTest(BaseTestCase):
         assert self.user.permissions._get_perm_by_roles('can_add_public_repo') is False
         assert self.user.permissions.can_add_public_repo() is False
 
+    def test_can_publish_repo_permission(self):
+        # enableWIKI = True, and can_use_wiki = True
+        assert self.user.permissions._get_perm_by_roles('can_publish_repo') is True
+        assert self.user.permissions.can_publish_repo() is True
+
+    @override_settings(ENABLE_WIKI=False)
+    def test_can_publish_repo_permission_with_enable_wiki_False(self):
+        # enableWIKI = False, and can_use_wiki = True
+        assert self.user.permissions._get_perm_by_roles('can_publish_repo') is True
+        assert self.user.permissions.can_publish_repo() is False
+
+    def test_can_publish_repo_permission_with_can_use_wiki_False(self):
+        # enableWIKI = True, and can_use_wiki = False
+        with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_PUBLISH_REPO_CAN_USE_WIKI_FALSE):
+            assert self.user.permissions._get_perm_by_roles('can_publish_repo') is True
+            assert self.user.permissions.can_publish_repo() is False
+
 
 class RegistrationFormTest(BaseTestCase):
     def setUp(self):

tests/seahub/role_permissions/test_utils.py

@@ -11,4 +11,4 @@ class UtilsTest(BaseTestCase):
         assert DEFAULT_USER in get_available_roles()
 
     def test_get_enabled_role_permissions_by_role(self):
-        assert len(get_enabled_role_permissions_by_role(DEFAULT_USER).keys()) == 17
+        assert len(get_enabled_role_permissions_by_role(DEFAULT_USER).keys()) == 18