mirror of
https://github.com/haiwen/seahub.git
synced 2025-09-02 15:38:15 +00:00
add can publish repo permission (#3402)
add can_publish_repo user role permission
This commit is contained in:
Leo
lian
@@ -2,7 +2,7 @@ import React, { Component, Fragment } from 'react';
|
||||
import PropTypes from 'prop-types';
|
||||
import { Button } from 'reactstrap';
|
||||
import { seafileAPI } from '../../utils/seafile-api';
|
||||
import { gettext, loginUrl } from '../../utils/constants';
|
||||
import { gettext, loginUrl, canPublishRepo } from '../../utils/constants';
|
||||
import toaster from '../../components/toast';
|
||||
import ModalPortal from '../../components/modal-portal';
|
||||
import CommonToolbar from '../../components/toolbar/common-toolbar';
|
||||
@@ -128,9 +128,11 @@ class Wikis extends Component {
|
||||
<div className="cur-view-toolbar">
|
||||
<span className="sf2-icon-menu side-nav-toggle hidden-md-up d-md-none" title="Side Nav Menu" onClick={this.props.onShowSidePanel}></span>
|
||||
<div className="operation">
|
||||
{canPublishRepo &&
|
||||
<Button className="btn btn-secondary operation-item" onClick={this.onSelectToggle}>
|
||||
{gettext('Publish a Library')}
|
||||
</Button>
|
||||
}
|
||||
</div>
|
||||
</div>
|
||||
<CommonToolbar onSearchedClick={this.props.onSearchedClick} />
|
||||
|
||||
@@ -39,6 +39,7 @@ export const shareLinkExpireDaysMin = window.app.pageOptions.shareLinkExpireDays
|
||||
export const shareLinkExpireDaysMax = window.app.pageOptions.shareLinkExpireDaysMax;
|
||||
export const maxFileName = window.app.pageOptions.maxFileName;
|
||||
export const enableWiki = window.app.pageOptions.enableWiki;
|
||||
export const canPublishRepo = window.app.pageOptions.canPublishRepo;
|
||||
export const enableEncryptedLibrary = window.app.pageOptions.enableEncryptedLibrary;
|
||||
export const enableRepoHistorySetting = window.app.pageOptions.enableRepoHistorySetting;
|
||||
export const isSystemStaff = window.app.pageOptions.isSystemStaff;
|
||||
|
||||
@@ -96,6 +96,10 @@ class WikisView(APIView):
|
||||
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
||||
|
||||
# check perm
|
||||
if not request.user.permissions.can_publish_repo():
|
||||
error_msg = 'Permission denied.'
|
||||
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
|
||||
|
||||
is_owner = is_repo_owner(request, repo_id, username)
|
||||
|
||||
if not is_owner:
|
||||
|
||||
@@ -222,6 +222,12 @@ class UserPermissions(object):
|
||||
|
||||
return self._get_perm_by_roles('can_use_wiki')
|
||||
|
||||
def can_publish_repo(self):
|
||||
if not self.can_use_wiki():
|
||||
return False
|
||||
|
||||
return self._get_perm_by_roles('can_publish_repo')
|
||||
|
||||
class AdminPermissions(object):
|
||||
def __init__(self, user):
|
||||
self.user = user
|
||||
|
||||
@@ -41,6 +41,7 @@ DEFAULT_ENABLED_ROLE_PERMISSIONS = {
|
||||
'storage_ids': [],
|
||||
'role_quota': '',
|
||||
'can_use_wiki': True,
|
||||
'can_publish_repo': True,
|
||||
},
|
||||
GUEST_USER: {
|
||||
'can_add_repo': False,
|
||||
@@ -60,6 +61,7 @@ DEFAULT_ENABLED_ROLE_PERMISSIONS = {
|
||||
'storage_ids': [],
|
||||
'role_quota': '',
|
||||
'can_use_wiki': False,
|
||||
'can_publish_repo': False,
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@@ -77,6 +77,7 @@
|
||||
shareLinkExpireDaysMax: "{{ share_link_expire_days_max }}",
|
||||
maxFileName: "{{ max_file_name }}",
|
||||
enableWiki: {% if user.permissions.can_use_wiki %} true {% else %} false {% endif %},
|
||||
canPublishRepo: {% if user.permissions.can_publish_repo %} true {% else %} false {% endif %},
|
||||
enableEncryptedLibrary: {% if enable_encrypted_library %} true {% else %} false {% endif %},
|
||||
enableRepoHistorySetting: {% if enable_repo_history_setting %} true {% else %} false {% endif %},
|
||||
isSystemStaff: {% if request.user.is_staff %} true {% else %} false {% endif %},
|
||||
|
||||
@@ -1,14 +1,26 @@
|
||||
import json
|
||||
import copy
|
||||
from mock import patch
|
||||
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.test import override_settings
|
||||
|
||||
import seaserv
|
||||
from seaserv import seafile_api, ccnet_api
|
||||
|
||||
from seahub.share.utils import share_dir_to_user
|
||||
from seahub.wiki.models import Wiki
|
||||
from seahub.role_permissions.settings import ENABLED_ROLE_PERMISSIONS
|
||||
from seahub.test_utils import BaseTestCase
|
||||
|
||||
TEST_CAN_USE_WIKI_FALSE = copy.deepcopy(ENABLED_ROLE_PERMISSIONS)
|
||||
TEST_CAN_USE_WIKI_FALSE['default']['can_use_wiki'] = False
|
||||
|
||||
TEST_CAN_PUBLISH_REPO_FALSE = copy.deepcopy(ENABLED_ROLE_PERMISSIONS)
|
||||
TEST_CAN_PUBLISH_REPO_FALSE['default']['can_publish_repo'] = False
|
||||
|
||||
|
||||
@override_settings(ENABLE_WIKI=True)
|
||||
class WikisViewTest(BaseTestCase):
|
||||
def setUp(self):
|
||||
self.url = reverse('api-v2.1-wikis')
|
||||
@@ -68,6 +80,27 @@ class WikisViewTest(BaseTestCase):
|
||||
w = Wiki.objects.all()[0]
|
||||
assert w.created_at is not None
|
||||
|
||||
def test_403_when_add_wiki_with_can_publish_repo_false(self):
|
||||
with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_CAN_PUBLISH_REPO_FALSE):
|
||||
resp = self.client.post(self.url, {
|
||||
'repo_id': self.repo.id,
|
||||
})
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
@override_settings(ENABLE_WIKI=False)
|
||||
def test_403_when_add_wiki_with_enable_wiki_false(self):
|
||||
resp = self.client.post(self.url, {
|
||||
'repo_id': self.repo.id,
|
||||
})
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
def test_403_when_add_wiki_with_can_use_wiki_false(self):
|
||||
with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_CAN_USE_WIKI_FALSE):
|
||||
resp = self.client.post(self.url, {
|
||||
'repo_id': self.repo.id,
|
||||
})
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
|
||||
class WikiViewTest(BaseTestCase):
|
||||
def setUp(self):
|
||||
|
||||
@@ -1,52 +1,20 @@
|
||||
import copy
|
||||
from seahub.test_utils import BaseTestCase
|
||||
from seahub.base.accounts import User, RegistrationForm
|
||||
|
||||
from seahub.options.models import UserOptions
|
||||
from seahub.role_permissions.settings import ENABLED_ROLE_PERMISSIONS
|
||||
from post_office.models import Email
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.test import override_settings
|
||||
from mock import patch
|
||||
|
||||
|
||||
TEST_ADD_PUBLIC_ENABLED_ROLE_PERMISSIONS = {
|
||||
'default': {
|
||||
'can_add_repo': True,
|
||||
'can_add_group': True,
|
||||
'can_view_org': True,
|
||||
'can_add_public_repo': True,
|
||||
'can_use_global_address_book': True,
|
||||
'can_generate_share_link': True,
|
||||
'can_generate_upload_link': True,
|
||||
'can_send_share_link_mail': True,
|
||||
'can_invite_guest': False,
|
||||
'can_drag_drop_folder_to_sync': True,
|
||||
'can_connect_with_android_clients': True,
|
||||
'can_connect_with_ios_clients': True,
|
||||
'can_connect_with_desktop_clients': True,
|
||||
'can_export_files_via_mobile_client': True,
|
||||
'storage_ids': [],
|
||||
'role_quota': '',
|
||||
'can_use_wiki': True,
|
||||
},
|
||||
'guest': {
|
||||
'can_add_repo': False,
|
||||
'can_add_group': False,
|
||||
'can_view_org': False,
|
||||
'can_add_public_repo': False,
|
||||
'can_use_global_address_book': False,
|
||||
'can_generate_share_link': False,
|
||||
'can_generate_upload_link': False,
|
||||
'can_send_share_link_mail': False,
|
||||
'can_invite_guest': False,
|
||||
'can_drag_drop_folder_to_sync': False,
|
||||
'can_connect_with_android_clients': False,
|
||||
'can_connect_with_ios_clients': False,
|
||||
'can_connect_with_desktop_clients': False,
|
||||
'can_export_files_via_mobile_client': False,
|
||||
'storage_ids': [],
|
||||
'role_quota': '',
|
||||
'can_use_wiki': False,
|
||||
},
|
||||
}
|
||||
TEST_CAN_ADD_PUBLICK_REPO_TRUE = copy.deepcopy(ENABLED_ROLE_PERMISSIONS)
|
||||
TEST_CAN_ADD_PUBLICK_REPO_TRUE['default']['can_add_public_repo'] = True
|
||||
|
||||
TEST_PUBLISH_REPO_CAN_USE_WIKI_FALSE = copy.deepcopy(ENABLED_ROLE_PERMISSIONS)
|
||||
TEST_PUBLISH_REPO_CAN_USE_WIKI_FALSE['default']['can_use_wiki'] = False
|
||||
|
||||
CLOUD_MODE_TRUE = True
|
||||
MULTI_TENANCY_TRUE = True
|
||||
@@ -80,6 +48,7 @@ class UserTest(BaseTestCase):
|
||||
|
||||
assert len(UserOptions.objects.filter(email=test_email)) == 0
|
||||
|
||||
@override_settings(ENABLE_WIKI=True)
|
||||
class UserPermissionsTest(BaseTestCase):
|
||||
def setUp(self):
|
||||
from constance import config
|
||||
@@ -97,7 +66,6 @@ class UserPermissionsTest(BaseTestCase):
|
||||
assert self.user.permissions.can_connect_with_ios_clients() is True
|
||||
assert self.user.permissions.can_connect_with_desktop_clients() is True
|
||||
assert self.user.permissions.can_invite_guest() is False
|
||||
|
||||
assert self.user.permissions.can_export_files_via_mobile_client() is True
|
||||
|
||||
def test_admin_permissions_can_add_public_repo(self):
|
||||
@@ -116,14 +84,14 @@ class UserPermissionsTest(BaseTestCase):
|
||||
# both have
|
||||
self.config.ENABLE_USER_CREATE_ORG_REPO = 1
|
||||
assert bool(self.config.ENABLE_USER_CREATE_ORG_REPO) is True
|
||||
with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_ADD_PUBLIC_ENABLED_ROLE_PERMISSIONS):
|
||||
with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_CAN_ADD_PUBLICK_REPO_TRUE):
|
||||
assert self.user.permissions._get_perm_by_roles('can_add_public_repo') is True
|
||||
assert self.user.permissions.can_add_public_repo() is True
|
||||
|
||||
# only have can_add_public_repo
|
||||
self.config.ENABLE_USER_CREATE_ORG_REPO = 0
|
||||
assert bool(self.config.ENABLE_USER_CREATE_ORG_REPO) is False
|
||||
with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_ADD_PUBLIC_ENABLED_ROLE_PERMISSIONS):
|
||||
with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_CAN_ADD_PUBLICK_REPO_TRUE):
|
||||
assert self.user.permissions._get_perm_by_roles('can_add_public_repo') is True
|
||||
assert self.user.permissions.can_add_public_repo() is False
|
||||
|
||||
@@ -139,6 +107,23 @@ class UserPermissionsTest(BaseTestCase):
|
||||
assert self.user.permissions._get_perm_by_roles('can_add_public_repo') is False
|
||||
assert self.user.permissions.can_add_public_repo() is False
|
||||
|
||||
def test_can_publish_repo_permission(self):
|
||||
# enableWIKI = True, and can_use_wiki = True
|
||||
assert self.user.permissions._get_perm_by_roles('can_publish_repo') is True
|
||||
assert self.user.permissions.can_publish_repo() is True
|
||||
|
||||
@override_settings(ENABLE_WIKI=False)
|
||||
def test_can_publish_repo_permission_with_enable_wiki_False(self):
|
||||
# enableWIKI = False, and can_use_wiki = True
|
||||
assert self.user.permissions._get_perm_by_roles('can_publish_repo') is True
|
||||
assert self.user.permissions.can_publish_repo() is False
|
||||
|
||||
def test_can_publish_repo_permission_with_can_use_wiki_False(self):
|
||||
# enableWIKI = True, and can_use_wiki = False
|
||||
with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_PUBLISH_REPO_CAN_USE_WIKI_FALSE):
|
||||
assert self.user.permissions._get_perm_by_roles('can_publish_repo') is True
|
||||
assert self.user.permissions.can_publish_repo() is False
|
||||
|
||||
|
||||
class RegistrationFormTest(BaseTestCase):
|
||||
def setUp(self):
|
||||
|
||||
@@ -11,4 +11,4 @@ class UtilsTest(BaseTestCase):
|
||||
assert DEFAULT_USER in get_available_roles()
|
||||
|
||||
def test_get_enabled_role_permissions_by_role(self):
|
||||
assert len(get_enabled_role_permissions_by_role(DEFAULT_USER).keys()) == 17
|
||||
assert len(get_enabled_role_permissions_by_role(DEFAULT_USER).keys()) == 18
|
||||
|
||||
Reference in New Issue
Block a user