haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-08-13 04:36:04 +00:00
Code Issues Releases Wiki Activity

fix "SQL query built from user-controlled sources"

Browse Source
This commit is contained in:
lian 2025-03-19 16:55:31 +08:00
parent 2152dca689
commit db0e17b645
2 changed files with 214 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
seahub/utils/ccnet_db.py
View File

@ -28,12 +28,14 @@ class CcnetUsers(object):
self.role = kwargs.get('role') self.role = kwargs.get('role')
self.passwd = kwargs.get('passwd') self.passwd = kwargs.get('passwd')
class CcnetUserRole(object): class CcnetUserRole(object):
def __init__(self, **kwargs): def __init__(self, **kwargs):
self.role = kwargs.get('role') self.role = kwargs.get('role')
self.is_manual_set = kwargs.get('is_manual_set') self.is_manual_set = kwargs.get('is_manual_set')
class CcnetDB: class CcnetDB:
def __init__(self): def __init__(self):
@ -50,11 +52,11 @@ class CcnetDB:
`{self.db_name}`.`Group` g `{self.db_name}`.`Group` g
ON o.group_id=g.group_id ON o.group_id=g.group_id
WHERE WHERE
org_id={org_id} AND parent_group_id<>0; org_id=%s AND parent_group_id<>0;
""" """
groups = [] groups = []
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) cursor.execute(sql, [org_id])
for item in cursor.fetchall(): for item in cursor.fetchall():
group_id = item[0] group_id = item[0]
group_name = item[1] group_name = item[1]
@ -75,60 +77,52 @@ class CcnetDB:
def list_eligible_users(self, start, limit, def list_eligible_users(self, start, limit,
is_active=None, role=None, q=None): is_active=None, role=None, q=None):
def status(is_active): conditions = []
return f'AND t1.is_active={is_active} ' params = []
def is_role(role): if is_active is not None:
if role == 'default': conditions.append("t1.is_active = %s")
return 'AND (t2.role is null or t2.role = "default") ' params.append(is_active)
else:
return f'AND t2.role = "{role}" '
def search(q):
return f'AND t1.email LIKE "%{q}%" '
search_clause = ''
if is_active:
search_clause += status(is_active)
if role: if role:
search_clause += is_role(role) if role == 'default':
conditions.append("(t2.role IS NULL OR t2.role = 'default')")
else:
conditions.append("t2.role = %s")
params.append(role)
if q: if q:
search_clause += search(q) conditions.append("t1.email LIKE %s")
params.append(f"%{q}%")
base_condition = "t1.email NOT LIKE '%%@seafile_group'"
where_clause = f"WHERE {base_condition}"
if conditions:
where_clause += " AND " + " AND ".join(conditions)
count_sql = f""" count_sql = f"""
SELECT count(1) SELECT COUNT(1)
FROM FROM `{self.db_name}`.`EmailUser` t1
`{self.db_name}`.`EmailUser` t1 LEFT JOIN `{self.db_name}`.`UserRole` t2 ON t1.email = t2.email
LEFT JOIN {where_clause}
`{self.db_name}`.`UserRole` t2
ON
t1.email = t2.email
WHERE
t1.email NOT LIKE '%%@seafile_group' %s
ORDER BY t1.id ORDER BY t1.id
""" % search_clause """
sql = f""" sql = f"""
SELECT t1.id, t1.email, t1.is_staff, t1.is_active, t1.ctime, t2.role, t1.passwd SELECT t1.id, t1.email, t1.is_staff, t1.is_active, t1.ctime, t2.role, t1.passwd
FROM FROM `{self.db_name}`.`EmailUser` t1
`{self.db_name}`.`EmailUser` t1 LEFT JOIN `{self.db_name}`.`UserRole` t2 ON t1.email = t2.email
LEFT JOIN {where_clause}
`{self.db_name}`.`UserRole` t2
ON
t1.email = t2.email
WHERE
t1.email NOT LIKE '%%@seafile_group' %s
ORDER BY t1.id ORDER BY t1.id
LIMIT {limit} OFFSET {start}; LIMIT %s OFFSET %s;
""" % search_clause """
users = [] users = []
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(count_sql) cursor.execute(count_sql, params)
cursor.execute(count_sql)
total_count = int(cursor.fetchone()[0]) total_count = int(cursor.fetchone()[0])
cursor.execute(sql) cursor.execute(sql, params + [limit, start])
for item in cursor.fetchall(): for item in cursor.fetchall():
user_id = item[0] user_id = item[0]
email = item[1] email = item[1]
@ -159,10 +153,10 @@ class CcnetDB:
FROM FROM
`{self.db_name}`.`GroupUser` `{self.db_name}`.`GroupUser`
WHERE WHERE
group_id IN ({group_ids_str}) AND is_staff = 1 group_id IN (%s) AND is_staff = 1
""" """
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) cursor.execute(sql, [group_ids_str])
result = cursor.fetchall() result = cursor.fetchall()
for user, group_id in result: for user, group_id in result:
if group_id in group_admins: if group_id in group_admins:
@ -178,16 +172,16 @@ class CcnetDB:
g.creator_name = 'system admin', g.creator_name = 'system admin',
g.parent_group_id = -1 g.parent_group_id = -1
WHERE WHERE
g.group_id = {group_id} g.group_id = %s
""" """
structure_sql = f""" structure_sql = f"""
INSERT INTO `{self.db_name}`.`GroupStructure` (group_id, path) INSERT INTO `{self.db_name}`.`GroupStructure` (group_id, path)
VALUES ('{group_id}', '{group_id}') VALUES (%s, %s)
""" """
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) cursor.execute(sql, [group_id])
cursor.execute(structure_sql) cursor.execute(structure_sql, [group_id, group_id])
def get_active_users_by_user_list(self, user_list): def get_active_users_by_user_list(self, user_list):
if not user_list: if not user_list:
@ -198,10 +192,12 @@ class CcnetDB:
SELECT `email` SELECT `email`
FROM `{self.db_name}`.`EmailUser` FROM `{self.db_name}`.`EmailUser`
WHERE WHERE
email IN ({user_list_str}) AND is_active = 1 AND email NOT LIKE '%%@seafile_group' email IN (%s)
AND is_active = 1
AND email NOT LIKE '%%@seafile_group'
""" """
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) cursor.execute(sql, [user_list_str])
for user in cursor.fetchall(): for user in cursor.fetchall():
active_users.append(user[0]) active_users.append(user[0])
@ -209,21 +205,25 @@ class CcnetDB:
def get_org_user_count(self, org_id): def get_org_user_count(self, org_id):
sql = f""" sql = f"""
SELECT COUNT(1) FROM `{self.db_name}`.`OrgUser` WHERE org_id={org_id} SELECT COUNT(1)
FROM `{self.db_name}`.`OrgUser`
WHERE org_id=%s
""" """
user_count = 0 user_count = 0
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) cursor.execute(sql, [org_id])
user_count = cursor.fetchone()[0] user_count = cursor.fetchone()[0]
return user_count return user_count
def get_user_role_from_db(self, email): def get_user_role_from_db(self, email):
sql = f""" sql = f"""
SELECT `role`, `is_manual_set` FROM `{self.db_name}`.`UserRole` WHERE email = '{email}'; SELECT `role`, `is_manual_set`
FROM `{self.db_name}`.`UserRole`
WHERE email = %s;
""" """
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) cursor.execute(sql, [email])
row = cursor.fetchone() row = cursor.fetchone()
if not row: if not row:
role = None role = None

226
seahub/utils/db_api.py
View File

@ -13,7 +13,9 @@ class RepoTrash(object):
self.size = kwargs.get('size') self.size = kwargs.get('size')
self.del_time = kwargs.get('del_time') self.del_time = kwargs.get('del_time')
class WikiInfo(object): class WikiInfo(object):
def __init__(self, **kwargs): def __init__(self, **kwargs):
self.repo_id = kwargs.get('repo_id') self.repo_id = kwargs.get('repo_id')
self.wiki_name = kwargs.get('wiki_name') self.wiki_name = kwargs.get('wiki_name')
@ -25,7 +27,6 @@ class WikiInfo(object):
self.last_modified = kwargs.get('last_modified') self.last_modified = kwargs.get('last_modified')
class SeafileDB: class SeafileDB:
def __init__(self): def __init__(self):
@ -67,7 +68,7 @@ class SeafileDB:
FROM FROM
`{self.db_name}`.`SharedRepo` s `{self.db_name}`.`SharedRepo` s
WHERE WHERE
repo_id = '{repo_id}'; repo_id = %s;
""" """
else: else:
sql = f""" sql = f"""
@ -76,13 +77,13 @@ class SeafileDB:
FROM FROM
`{self.db_name}`.`OrgSharedRepo` s `{self.db_name}`.`OrgSharedRepo` s
WHERE WHERE
repo_id = '{repo_id}'; repo_id = %s;
""" """
share_info_list = [] share_info_list = []
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) cursor.execute(sql, [repo_id])
for item in cursor.fetchall(): for item in cursor.fetchall():
info = {} info = {}
@ -108,7 +109,7 @@ class SeafileDB:
FROM FROM
`{self.db_name}`.`RepoGroup` s `{self.db_name}`.`RepoGroup` s
WHERE WHERE
repo_id = '{repo_id}'; repo_id = %s;
""" """
else: else:
sql = f""" sql = f"""
@ -117,13 +118,13 @@ class SeafileDB:
FROM FROM
`{self.db_name}`.`OrgGroupRepo` s `{self.db_name}`.`OrgGroupRepo` s
WHERE WHERE
repo_id = '{repo_id}'; repo_id = %s;
""" """
share_info_list = [] share_info_list = []
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) cursor.execute(sql, [repo_id])
for item in cursor.fetchall(): for item in cursor.fetchall():
info = {} info = {}
@ -150,7 +151,7 @@ class SeafileDB:
ON ON
s.repo_id=v.repo_id s.repo_id=v.repo_id
WHERE WHERE
v.origin_repo = '{repo_id}'; v.origin_repo = %s;
""" """
else: else:
sql = f""" sql = f"""
@ -161,13 +162,13 @@ class SeafileDB:
ON ON
s.repo_id=v.repo_id s.repo_id=v.repo_id
WHERE WHERE
v.origin_repo = '{repo_id}'; v.origin_repo = %s;
""" """
share_info_list = [] share_info_list = []
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) cursor.execute(sql, [repo_id])
for item in cursor.fetchall(): for item in cursor.fetchall():
info = {} info = {}
@ -195,7 +196,7 @@ class SeafileDB:
ON ON
r.repo_id=v.repo_id r.repo_id=v.repo_id
WHERE WHERE
v.origin_repo = '{repo_id}'; v.origin_repo = %s;
""" """
else: else:
sql = f""" sql = f"""
@ -206,13 +207,13 @@ class SeafileDB:
ON ON
r.repo_id=v.repo_id r.repo_id=v.repo_id
WHERE WHERE
v.origin_repo = '{repo_id}'; v.origin_repo = %s;
""" """
share_info_list = [] share_info_list = []
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) cursor.execute(sql, [repo_id])
for item in cursor.fetchall(): for item in cursor.fetchall():
info = {} info = {}
@ -260,12 +261,17 @@ class SeafileDB:
u.repo_id = o.repo_id u.repo_id = o.repo_id
ORDER BY ORDER BY
e.error_time DESC e.error_time DESC
LIMIT {limit} OFFSET {start} LIMIT %s OFFSET %s
""" """
device_errors = [] device_errors = []
with connection.cursor() as cursor: with connection.cursor() as cursor:
if start == -1 and limit == -1:
cursor.execute(sql) cursor.execute(sql)
else:
cursor.execute(sql, [limit, start])
for item in cursor.fetchall(): for item in cursor.fetchall():
info = {} info = {}
info['repo_id'] = item[0] info['repo_id'] = item[0]
@ -287,13 +293,13 @@ class SeafileDB:
sql = f""" sql = f"""
SELECT repo_id, repo_name, head_id, owner_id, `size`, del_time SELECT repo_id, repo_name, head_id, owner_id, `size`, del_time
FROM `{self.db_name}`.`RepoTrash` FROM `{self.db_name}`.`RepoTrash`
WHERE org_id = {org_id} WHERE org_id = %s
ORDER BY del_time DESC ORDER BY del_time DESC
LIMIT {limit} OFFSET {start} LIMIT %s OFFSET %s
""" """
trash_repo_list = [] trash_repo_list = []
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) cursor.execute(sql, [org_id, limit, start])
for item in cursor.fetchall(): for item in cursor.fetchall():
repo_id = item[0] repo_id = item[0]
repo_name = item[1] repo_name = item[1]
@ -319,29 +325,30 @@ class SeafileDB:
empty org repo trash empty org repo trash
""" """
def del_repo_trash(cursor, repo_ids): def del_repo_trash(cursor, repo_ids):
del_file_count_sql = """
DELETE FROM
`%s`.`RepoFileCount`
WHERE
repo_id in %%s;
""" % self.db_name
cursor.execute(del_file_count_sql, (repo_ids, ))
del_repo_info_sql = """ del_file_count_sql = f"""
DELETE FROM DELETE FROM
`%s`.`RepoInfo` `{self.db_name}`.`RepoFileCount`
WHERE WHERE
repo_id in %%s; repo_id in %s;
""" % self.db_name """
cursor.execute(del_repo_info_sql, (repo_ids, )) cursor.execute(del_file_count_sql, [repo_ids])
del_trash_sql = """ del_repo_info_sql = f"""
DELETE FROM DELETE FROM
`%s`.`RepoTrash` `{self.db_name}`.`RepoInfo`
WHERE WHERE
repo_id in %%s; repo_id in %s;
""" % self.db_name """
cursor.execute(del_trash_sql, (repo_ids,)) cursor.execute(del_repo_info_sql, [repo_ids])
del_trash_sql = f"""
DELETE FROM
`{self.db_name}`.`RepoTrash`
WHERE
repo_id in %s;
"""
cursor.execute(del_trash_sql, [repo_ids])
sql_list_repo_id = f""" sql_list_repo_id = f"""
SELECT SELECT
@ -349,10 +356,10 @@ class SeafileDB:
FROM FROM
`{self.db_name}`.`RepoTrash` t `{self.db_name}`.`RepoTrash` t
WHERE WHERE
org_id={org_id}; org_id = %s;
""" """
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql_list_repo_id) cursor.execute(sql_list_repo_id, [org_id])
repo_ids = [] repo_ids = []
for item in cursor.fetchall(): for item in cursor.fetchall():
repo_id = item[0] repo_id = item[0]
@ -361,81 +368,123 @@ class SeafileDB:
cursor.close() cursor.close()
def add_repos_to_org_user(self, org_id, username, repo_ids): def add_repos_to_org_user(self, org_id, username, repo_ids):
for repo_id in repo_ids:
sql = f""" sql = f"""
INSERT INTO `{self.db_name}`.`OrgRepo` (org_id, repo_id, user) INSERT INTO `{self.db_name}`.`OrgRepo` (org_id, repo_id, user)
VALUES ({org_id}, "{repo_id}", "{username}"); VALUES (%s, %s, %s);
""" """
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) for repo_id in repo_ids:
cursor.execute(sql, [org_id, repo_id, username])
def set_repo_type(self, repo_id, repo_type): def set_repo_type(self, repo_id, repo_type):
sql = f"""
UPDATE `{self.db_name}`. `RepoInfo`
SET `type`= '%s'
WHERE `repo_id`='%s'
""" % (repo_type, repo_id)
sql = f"""
UPDATE `{self.db_name}`.`RepoInfo`
SET `type` = %s
WHERE `repo_id` = %s;
"""
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) cursor.execute(sql, [repo_type, repo_id])
def get_repo_ids_in_repo(self, repo_id): def get_repo_ids_in_repo(self, repo_id):
repo_ids_sql = f""" repo_ids_sql = f"""
SELECT repo_id from `{self.db_name}`.`VirtualRepo` where origin_repo="{repo_id}" SELECT repo_id
FROM `{self.db_name}`.`VirtualRepo`
WHERE origin_repo = %s;
""" """
repo_ids = [repo_id, ] repo_ids = [repo_id, ]
with connection.cursor() as cursor: with connection.cursor() as cursor:
try: try:
cursor.execute(repo_ids_sql) cursor.execute(repo_ids_sql, [repo_id])
for item in cursor.fetchall(): for item in cursor.fetchall():
repo_id = item[0] repo_id = item[0]
repo_ids.append(repo_id) repo_ids.append(repo_id)
except: except Exception:
return repo_ids return repo_ids
return repo_ids return repo_ids
def set_repo_owner(self, repo_id, new_owner, org_id=None): def set_repo_owner(self, repo_id, new_owner, org_id=None):
# transfert repo to user # transfert repo to user
repo_ids = self.get_repo_ids_in_repo(repo_id)
repo_ids_str = ','.join(["'%s'" % str(rid) for rid in repo_ids])
if org_id: if org_id:
sql = f""" sql = f"""
UPDATE `{self.db_name}`.`OrgRepo` SET user="{new_owner}" WHERE org_id ={org_id} AND repo_id IN ({repo_ids_str}) UPDATE `{self.db_name}`.`OrgRepo`
SET user= %s
WHERE org_id =%s AND repo_id IN (%s)
""" """
else: else:
sql = f""" sql = f"""
UPDATE `{self.db_name}`.`RepoOwner` SET owner_id="{new_owner}" WHERE repo_id IN ({repo_ids_str}) UPDATE `{self.db_name}`.`RepoOwner`
SET owner_id= %s
WHERE repo_id IN (%s)
""" """
repo_ids = self.get_repo_ids_in_repo(repo_id)
repo_ids_str = ','.join(["'%s'" % str(rid) for rid in repo_ids])
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) if org_id:
cursor.execute(sql, [new_owner, org_id, repo_ids_str])
else:
cursor.execute(sql, [new_owner, repo_ids_str])
def set_repo_group_owner(self, repo_id, group_id, current_group_id=None, org_id=None): def set_repo_group_owner(self, repo_id, group_id, current_group_id=None, org_id=None):
# transfer repo to department # transfer repo to department
group_username = "%s@seafile_group" % group_id group_username = "%s@seafile_group" % group_id
current_group_username = None current_group_username = None
if current_group_id: if current_group_id:
current_group_username = "%s@seafile_group" % current_group_id current_group_username = "%s@seafile_group" % current_group_id
if org_id: if org_id:
sql1 = f""" delete_sql = f"""
DELETE From `{self.db_name}`.`OrgGroupRepo` where owner="{current_group_username}" AND repo_id="{repo_id}" AND org_id="{org_id}" AND group_id="{current_group_id}" DELETE From `{self.db_name}`.`OrgGroupRepo`
WHERE owner=%s
AND repo_id=%s
AND org_id=%s
AND group_id=%s
""" """
sql = f""" sql = f"""
INSERT INTO `{self.db_name}`.`OrgGroupRepo` (org_id, repo_id, group_id, owner, permission) VALUES ({org_id}, "{repo_id}", {group_id}, "{group_username}", "rw") INSERT INTO `{self.db_name}`.`OrgGroupRepo` (org_id, repo_id, group_id, owner, permission)
ON DUPLICATE KEY UPDATE owner="{group_username}" VALUES (%s, %s, %s, %s, "rw")
ON DUPLICATE KEY UPDATE owner=%s
""" """
else: else:
sql1 = f""" delete_sql = f"""
DELETE From `{self.db_name}`.`RepoGroup` where user_name="{current_group_username}" AND repo_id="{repo_id}" AND group_id="{current_group_id}" DELETE FROM `{self.db_name}`.`RepoGroup`
WHERE user_name=%s
AND repo_id=%s
AND group_id=%s
""" """
sql = f""" sql = f"""
INSERT INTO `{self.db_name}`.`RepoGroup` (repo_id, group_id, user_name, permission) VALUES ("{repo_id}", {group_id}, "{group_username}", "rw") INSERT INTO `{self.db_name}`.`RepoGroup` (repo_id, group_id, user_name, permission)
ON DUPLICATE KEY UPDATE user_name="{group_username}" VALUES (%s, %s, %s, "rw")
ON DUPLICATE KEY UPDATE user_name=%s
""" """
with connection.cursor() as cursor: with connection.cursor() as cursor:
if org_id:
if current_group_id: if current_group_id:
cursor.execute(sql1) cursor.execute(delete_sql, [current_group_username,
cursor.execute(sql) repo_id, org_id, current_group_id])
cursor.execute(sql, [org_id, repo_id, group_id,
group_username, group_username])
else:
if current_group_id:
cursor.execute(delete_sql, [current_group_username,
repo_id, current_group_id])
cursor.execute(sql, [repo_id, group_id,
group_username, group_username])
self.set_repo_owner(repo_id, group_username, org_id) self.set_repo_owner(repo_id, group_username, org_id)
def update_repo_user_shares(self, repo_id, new_owner, org_id=None): def update_repo_user_shares(self, repo_id, new_owner, org_id=None):
@ -443,37 +492,53 @@ class SeafileDB:
repo_ids_str = ','.join(["'%s'" % str(rid) for rid in repo_ids]) repo_ids_str = ','.join(["'%s'" % str(rid) for rid in repo_ids])
if org_id: if org_id:
sql = f""" sql = f"""
UPDATE `{self.db_name}`.`OrgSharedRepo` SET from_email="{new_owner}" WHERE org_id={org_id} AND repo_id IN ({repo_ids_str}) UPDATE `{self.db_name}`.`OrgSharedRepo`
SET from_email=%s
WHERE org_id=%s
AND repo_id IN (%s)
""" """
else: else:
sql = f""" sql = f"""
UPDATE `{self.db_name}`.`SharedRepo` SET from_email="{new_owner}" WHERE repo_id IN ({repo_ids_str}) UPDATE `{self.db_name}`.`SharedRepo`
SET from_email=%s
WHERE repo_id IN (%s)
""" """
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) if org_id:
cursor.execute(sql, [new_owner, org_id, repo_ids_str])
else:
cursor.execute(sql, [new_owner, repo_ids_str])
def update_repo_group_shares(self, repo_id, new_owner, org_id=None): def update_repo_group_shares(self, repo_id, new_owner, org_id=None):
repo_ids = self.get_repo_ids_in_repo(repo_id) repo_ids = self.get_repo_ids_in_repo(repo_id)
repo_ids_str = ','.join(["'%s'" % str(rid) for rid in repo_ids]) repo_ids_str = ','.join(["'%s'" % str(rid) for rid in repo_ids])
if org_id: if org_id:
sql = f""" sql = f"""
UPDATE `{self.db_name}`.`OrgGroupRepo` SET owner="{new_owner}" WHERE org_id={org_id} AND repo_id IN ({repo_ids_str}) UPDATE `{self.db_name}`.`OrgGroupRepo`
SET owner=%s
WHERE org_id=%s
AND repo_id IN (%s)
""" """
else: else:
sql = f""" sql = f"""
UPDATE `{self.db_name}`.`RepoGroup` SET user_name="{new_owner}" WHERE repo_id IN ({repo_ids_str}) UPDATE `{self.db_name}`.`RepoGroup`
SET user_name=%s
WHERE repo_id IN (%s)
""" """
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) if org_id:
cursor.execute(sql, [new_owner, org_id, repo_ids_str])
else:
cursor.execute(sql, [new_owner, repo_ids_str])
def delete_repo_user_token(self, repo_id, owner): def delete_repo_user_token(self, repo_id, owner):
sql = f""" sql = f"""
DELETE FROM `{self.db_name}`.`RepoUserToken` where repo_id="{repo_id}" AND email="{owner}" DELETE FROM `{self.db_name}`.`RepoUserToken`
WHERE repo_id=%s
AND email=%s
""" """
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute(sql) cursor.execute(sql, [repo_id, owner])
def get_all_wikis(self, start, limit, order_by): def get_all_wikis(self, start, limit, order_by):
order_by_size_sql = f""" order_by_size_sql = f"""
@ -488,7 +553,7 @@ class SeafileDB:
i.type = 'wiki' i.type = 'wiki'
ORDER BY ORDER BY
s.size DESC s.size DESC
LIMIT {limit} OFFSET {start} LIMIT %s OFFSET %s
""" """
order_by_filecount_sql = f""" order_by_filecount_sql = f"""
SELECT r.repo_id, i.name, o.owner_id, i.is_encrypted, s.size, i.status, c.file_count, i.update_time SELECT r.repo_id, i.name, o.owner_id, i.is_encrypted, s.size, i.status, c.file_count, i.update_time
@ -502,7 +567,7 @@ class SeafileDB:
i.type = 'wiki' i.type = 'wiki'
ORDER BY ORDER BY
c.file_count DESC c.file_count DESC
LIMIT {limit} OFFSET {start} LIMIT %s OFFSET %s
""" """
sql = f""" sql = f"""
SELECT r.repo_id, i.name, o.owner_id, i.is_encrypted, s.size, i.status, c.file_count, i.update_time SELECT r.repo_id, i.name, o.owner_id, i.is_encrypted, s.size, i.status, c.file_count, i.update_time
@ -514,18 +579,21 @@ class SeafileDB:
LEFT JOIN `{self.db_name}`.`RepoFileCount` c ON r.repo_id = c.repo_id LEFT JOIN `{self.db_name}`.`RepoFileCount` c ON r.repo_id = c.repo_id
WHERE WHERE
i.type = 'wiki' i.type = 'wiki'
LIMIT {limit} OFFSET {start} LIMIT %s OFFSET %s
""" """
with connection.cursor() as cursor: with connection.cursor() as cursor:
wikis = [] wikis = []
if order_by == 'size': if order_by == 'size':
cursor.execute(order_by_size_sql) cursor.execute(order_by_size_sql, [limit, start])
elif order_by == 'file_count': elif order_by == 'file_count':
cursor.execute(order_by_filecount_sql) cursor.execute(order_by_filecount_sql, [limit, start])
else: else:
cursor.execute(sql) cursor.execute(sql, [limit, start])
for item in cursor.fetchall(): for item in cursor.fetchall():
repo_id = item[0] repo_id = item[0]
wiki_name = item[1] wiki_name = item[1]