diff --git a/seahub/views/ajax.py b/seahub/views/ajax.py index 1a91a1f17b..5dd6659dcf 100644 --- a/seahub/views/ajax.py +++ b/seahub/views/ajax.py @@ -43,7 +43,7 @@ from seahub.utils import check_filename_with_rename, EMPTY_SHA1, \ gen_block_get_url, TRAFFIC_STATS_ENABLED, get_user_traffic_stat,\ new_merge_with_no_conflict, get_commit_before_new_merge, \ get_repo_last_modify, gen_file_upload_url, is_org_context, \ - get_file_type_and_ext, is_pro_version + get_file_type_and_ext, is_pro_version, normalize_dir_path from seahub.utils.star import get_dir_starred_files from seahub.utils.file_types import IMAGE, VIDEO from seahub.utils.file_op import check_file_lock, ONLINE_OFFICE_LOCK_OWNER @@ -212,16 +212,68 @@ def list_lib_dir(request, repo_id): status=400, content_type=content_type) username = request.user.username + path = request.GET.get('p', '/') - if path[-1] != '/': - path = path + '/' + path = normalize_dir_path(path) + dir_id = seafile_api.get_dir_id_by_path(repo.id, path) + if not dir_id: + err_msg = 'Folder not found.' + return HttpResponse(json.dumps({'error': err_msg}), + status=404, content_type=content_type) # perm for current dir - user_perm = check_folder_permission(request, repo.id, path) - if user_perm is None: - err_msg = _(u'Permission denied.') - return HttpResponse(json.dumps({'error': err_msg}), - status=403, content_type=content_type) + user_perm = check_folder_permission(request, repo_id, path) + if not user_perm: + + converted_repo_path = seafile_api.convert_repo_path(repo_id, path, username) + if not converted_repo_path: + err_msg = _(u'Permission denied.') + return HttpResponse(json.dumps({'error': err_msg}), + status=403, content_type=content_type) + + converted_repo_path = json.loads(converted_repo_path) + + repo_id = converted_repo_path['repo_id'] + repo = seafile_api.get_repo(repo_id) + if not repo: + err_msg = 'Library not found.' + return HttpResponse(json.dumps({'error': err_msg}), + status=404, content_type=content_type) + + path = converted_repo_path['path'] + path = normalize_dir_path(path) + dir_id = seafile_api.get_dir_id_by_path(repo.id, path) + if not dir_id: + err_msg = 'Folder not found.' + return HttpResponse(json.dumps({'error': err_msg}), + status=404, content_type=content_type) + + group_id = '' + if converted_repo_path.has_key('group_id'): + group_id = converted_repo_path['group_id'] + if not ccnet_api.get_group(group_id): + err_msg = 'Group not found.' + return HttpResponse(json.dumps({'error': err_msg}), + status=404, content_type=content_type) + + if not is_group_member(group_id, username): + err_msg = _(u'Permission denied.') + return HttpResponse(json.dumps({'error': err_msg}), + status=403, content_type=content_type) + + user_perm = check_folder_permission(request, repo_id, path) + if not user_perm: + err_msg = _(u'Permission denied.') + return HttpResponse(json.dumps({'error': err_msg}), + status=403, content_type=content_type) + + if not group_id: + next_url = '#shared-libs/lib/%s/%s' % (repo_id, path.strip('/')) + else: + next_url = '#group/%s/lib/%s/%s' % (group_id, repo_id, path.strip('/')) + + result['next_url'] = next_url + return HttpResponse(json.dumps(result), content_type=content_type) if repo.encrypted \ and not seafile_api.is_password_set(repo.id, username): @@ -238,18 +290,6 @@ def list_lib_dir(request, repo_id): dir_list = [] file_list = [] - try: - dir_id = seafile_api.get_dir_id_by_path(repo.id, path) - except SearpcError as e: - logger.error(e) - err_msg = 'Internal Server Error' - return HttpResponse(json.dumps({'error': err_msg}), - status=500, content_type=content_type) - - if not dir_id: - err_msg = 'Folder not found.' - return HttpResponse(json.dumps({'error': err_msg}), - status=404, content_type=content_type) dirs = seafserv_threaded_rpc.list_dir_with_perm(repo_id, path, dir_id, username, -1, -1) @@ -312,8 +352,6 @@ def list_lib_dir(request, repo_id): if result["is_admin"]: result["has_been_shared_out"] = True - - result["is_virtual"] = repo.is_virtual result["repo_name"] = repo.name result["user_perm"] = user_perm @@ -385,7 +423,6 @@ def list_lib_dir(request, repo_id): return HttpResponse(json.dumps(result), content_type=content_type) - @login_required_ajax def rename_dirent(request, repo_id): """ diff --git a/seahub/views/file.py b/seahub/views/file.py index cd1983cf01..192202839c 100644 --- a/seahub/views/file.py +++ b/seahub/views/file.py @@ -34,7 +34,7 @@ from django.views.decorators.http import require_POST from django.template.defaultfilters import filesizeformat from django.views.decorators.csrf import csrf_exempt -from seaserv import seafile_api +from seaserv import seafile_api, ccnet_api from seaserv import get_repo, send_message, get_commits, \ get_file_id_by_path, get_commit, get_file_size, \ seafserv_threaded_rpc @@ -68,6 +68,7 @@ from seahub.utils.file_op import check_file_lock, \ from seahub.views import check_folder_permission, \ get_unencry_rw_repos_by_user from seahub.utils.repo import is_repo_owner +from seahub.group.utils import is_group_member from seahub.constants import HASH_URLS @@ -370,13 +371,47 @@ def view_lib_file(request, repo_id, path): return render_error(request, _(u'File does not exist')) # permission check + username = request.user.username parent_dir = os.path.dirname(path) + permission = check_folder_permission(request, repo_id, parent_dir) if not permission: - return render_permission_error(request, _(u'Unable to view file')) + + converted_repo_path = seafile_api.convert_repo_path(repo_id, path, username) + if not converted_repo_path: + return render_permission_error(request, _(u'Unable to view file')) + + converted_repo_path = json.loads(converted_repo_path) + + repo_id = converted_repo_path['repo_id'] + repo = seafile_api.get_repo(repo_id) + if not repo: + raise Http404 + + path = converted_repo_path['path'] + path = normalize_file_path(path) + file_id = seafile_api.get_file_id_by_path(repo_id, path) + if not file_id: + return render_error(request, _(u'File does not exist')) + + group_id = '' + if converted_repo_path.has_key('group_id'): + group_id = converted_repo_path['group_id'] + if not ccnet_api.get_group(group_id): + return render_error(request, _(u'Group does not exist')) + + if not is_group_member(group_id, username): + return render_permission_error(request, _(u'Unable to view file')) + + parent_dir = os.path.dirname(path) + permission = check_folder_permission(request, repo_id, path) + if not permission: + return render_permission_error(request, _(u'Unable to view file')) + + next_url = reverse('view_lib_file', args=[repo_id, path]) + return HttpResponseRedirect(next_url) # download file or view raw file - username = request.user.username filename = os.path.basename(path) dl = request.GET.get('dl', '0') == '1' raw = request.GET.get('raw', '0') == '1' diff --git a/static/scripts/app/views/dir.js b/static/scripts/app/views/dir.js index cde2157ed3..9266c7745e 100644 --- a/static/scripts/app/views/dir.js +++ b/static/scripts/app/views/dir.js @@ -448,7 +448,12 @@ define([ 'p': dir.path, 'thumbnail_size': thumbnail_size }, - success: function() { + success: function(collection, response, opts) { + + if (response.next_url) { + window.open(response.next_url, '_self') + } + _this.dir.user_can_set_folder_perm = false; _this.is_address_book_group_admin = false; if (_this.contextOptions &&