diff --git a/seahub/api2/endpoints/be_shared_repo.py b/seahub/api2/endpoints/be_shared_repo.py index 0a4311f839..2a51d16c84 100644 --- a/seahub/api2/endpoints/be_shared_repo.py +++ b/seahub/api2/endpoints/be_shared_repo.py @@ -11,8 +11,9 @@ from seaserv import seafile_api from seahub.api2.authentication import TokenAuthentication from seahub.api2.throttling import UserRateThrottle from seahub.api2.utils import api_error -from seahub.utils import is_valid_username, is_org_context +from seahub.utils import is_valid_username, is_org_context, send_perm_audit_msg from seahub.share.models import ExtraSharePermission +from seahub.share.utils import check_user_share_in_permission json_content_type = 'application/json; charset=utf-8' @@ -34,7 +35,10 @@ class BeSharedRepo(APIView): if not is_valid_username(from_email): return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid argument') - if is_org_context(request): + is_org = is_org_context(request) + repo = seafile_api.get_repo(repo_id) + permission = check_user_share_in_permission(repo_id, username, is_org) + if is_org: org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_remove_share(org_id, repo_id, @@ -46,6 +50,13 @@ class BeSharedRepo(APIView): # Delete data of ExtraSharePermission table. ExtraSharePermission.objects.delete_share_permission(repo_id, username) + if repo.is_virtual: + send_perm_audit_msg('delete-repo-perm', username, username, + repo.origin_repo_id, repo.origin_path, permission) + else: + send_perm_audit_msg('delete-repo-perm', username, username, + repo_id, '/', permission) + elif share_type == 'group': diff --git a/seahub/api2/endpoints/dir_shared_items.py b/seahub/api2/endpoints/dir_shared_items.py index fff05a4ca9..7146965521 100644 --- a/seahub/api2/endpoints/dir_shared_items.py +++ b/seahub/api2/endpoints/dir_shared_items.py @@ -24,11 +24,13 @@ from seahub.api2.endpoints.utils import is_org_user from seahub.base.templatetags.seahub_tags import email2nickname from seahub.base.accounts import User from seahub.share.models import ExtraSharePermission, ExtraGroupsSharePermission -from seahub.share.signals import share_repo_to_user_successful, \ - share_repo_to_group_successful -from seahub.share.utils import is_repo_admin +from seahub.share.utils import is_repo_admin, share_dir_to_user, \ + share_dir_to_group, update_user_dir_permission, \ + update_group_dir_permission, check_user_share_out_permission, \ + check_group_share_out_permission from seahub.utils import (is_org_context, is_valid_username, send_perm_audit_msg) +from seahub.share.signals import share_repo_to_user_successful, share_repo_to_group_successful from seahub.constants import PERMISSION_READ, PERMISSION_READ_WRITE, \ PERMISSION_ADMIN @@ -203,12 +205,6 @@ class DirSharedItemsEndpoint(APIView): if repo_owner != username and not is_repo_admin(username, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') - # recorded it if is extra permission - extra_share_permission = '' - if permission == PERMISSION_ADMIN: - extra_share_permission = permission - permission = PERMISSION_READ_WRITE - shared_to_user, shared_to_group = self.handle_shared_to_args(request) if shared_to_user: shared_to = request.GET.get('username') @@ -224,25 +220,13 @@ class DirSharedItemsEndpoint(APIView): # when calling seafile API to share authority related functions, change the uesrname to repo owner. repo_owner = seafile_api.get_org_repo_owner(repo_id) org_id = request.user.org.org_id - if path == '/': - seafile_api.org_set_share_permission( - org_id, repo_id, repo_owner, shared_to, permission) - else: - seafile_api.org_update_share_subdir_perm_for_user( - org_id, repo_id, path, repo_owner, shared_to, permission) + + update_user_dir_permission(repo_id, path, repo_owner, shared_to, permission, org_id) else: repo_owner = seafile_api.get_repo_owner(repo_id) - if path == '/': - seafile_api.set_share_permission( - repo_id, repo_owner, shared_to, permission) - else: - seafile_api.update_share_subdir_perm_for_user( - repo_id, path, repo_owner, shared_to, permission) - if path == '/': - ExtraSharePermission.objects.update_share_permission(repo_id, - shared_to, - extra_share_permission) + update_user_dir_permission(repo_id, path, repo_owner, shared_to, permission) + send_perm_audit_msg('modify-repo-perm', username, shared_to, repo_id, path, permission) @@ -260,25 +244,13 @@ class DirSharedItemsEndpoint(APIView): # when calling seafile API to share authority related functions, change the uesrname to repo owner. repo_owner = seafile_api.get_org_repo_owner(repo_id) org_id = request.user.org.org_id - if path == '/': - seaserv.seafserv_threaded_rpc.set_org_group_repo_permission( - org_id, gid, repo.id, permission) - else: - seafile_api.org_update_share_subdir_perm_for_group( - org_id, repo_id, path, repo_owner, gid, permission) + + update_group_dir_permission(repo_id, path, repo_owner, gid, permission, org_id) else: repo_owner = seafile_api.get_repo_owner(repo_id) - if path == '/': - seafile_api.set_group_repo_permission(gid, repo.id, permission) - else: - seafile_api.update_share_subdir_perm_for_group( - repo_id, path, repo_owner, gid, permission) - # update extra share permission if updated is repo - if path == '/': - ExtraGroupsSharePermission.objects.update_share_permission(repo_id, - gid, - extra_share_permission) + update_group_dir_permission(repo_id, path, repo_owner, gid, permission, None) + send_perm_audit_msg('modify-repo-perm', username, gid, repo_id, path, permission) @@ -310,11 +282,6 @@ class DirSharedItemsEndpoint(APIView): result = {} result['failed'] = [] result['success'] = [] - # recorded it if is extra permission - extra_share_permission = '' - if permission == PERMISSION_ADMIN: - extra_share_permission = permission - permission = PERMISSION_READ_WRITE if share_type == 'user': share_to_users = request.data.getlist('username') @@ -365,13 +332,7 @@ class DirSharedItemsEndpoint(APIView): error_msg = "Library can not be shared to owner" return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - if path == '/': - seaserv.seafserv_threaded_rpc.org_add_share( - org_id, repo_id, repo_owner, to_user, - permission) - else: - seafile_api.org_share_subdir_to_user(org_id, - repo_id, path, repo_owner, to_user, permission) + share_dir_to_user(repo, path, repo_owner, username, to_user, permission, org_id) else: if is_org_user(to_user): error_msg = 'User %s is a member of organization.' % to_user @@ -387,22 +348,7 @@ class DirSharedItemsEndpoint(APIView): error_msg = "Library can not be shared to owner" return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - if path == '/': - seafile_api.share_repo( - repo_id, repo_owner, to_user, permission) - else: - seafile_api.share_subdir_to_user( - repo_id, path, repo_owner, to_user, permission) - - if path == '/' and extra_share_permission == PERMISSION_ADMIN: - ExtraSharePermission.objects.create_share_permission(repo_id, to_user, extra_share_permission) - # send a signal when sharing repo successful - share_repo_to_user_successful.send(sender=None, - from_user=username, - to_user=to_user, - repo=repo, - path=path, - org_id=org_id) + share_dir_to_user(repo, path, repo_owner, username, to_user, permission, None) result['success'].append({ "share_type": "user", @@ -410,10 +356,15 @@ class DirSharedItemsEndpoint(APIView): "name": to_user, "nickname": email2nickname(to_user), }, - "permission": permission, - "is_admin": extra_share_permission == PERMISSION_ADMIN + "permission": PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission, + "is_admin": permission == PERMISSION_ADMIN }) + # send a signal when sharing repo successful + share_repo_to_user_successful.send(sender=None, from_user=username, + to_user=to_user, repo=repo, + path=path, org_id=org_id) + send_perm_audit_msg('add-repo-perm', username, to_user, repo_id, path, permission) except SearpcError as e: @@ -463,30 +414,12 @@ class DirSharedItemsEndpoint(APIView): # when calling seafile API to share authority related functions, change the uesrname to repo owner. repo_owner = seafile_api.get_org_repo_owner(repo_id) org_id = request.user.org.org_id - if path == '/': - seafile_api.add_org_group_repo( - repo_id, org_id, gid, repo_owner, permission) - else: - seafile_api.org_share_subdir_to_group(org_id, - repo_id, path, repo_owner, gid, permission) + + share_dir_to_group(repo, path, repo_owner, username, gid, permission, org_id) else: repo_owner = seafile_api.get_repo_owner(repo_id) - if path == '/': - seafile_api.set_group_repo( - repo_id, gid, repo_owner, permission) - else: - seafile_api.share_subdir_to_group( - repo_id, path, repo_owner, gid, permission) - # add share permission if between is admin and is extra permission. - if path == '/' and extra_share_permission == PERMISSION_ADMIN: - ExtraGroupsSharePermission.objects.create_share_permission(repo_id, gid, extra_share_permission) - - share_repo_to_group_successful.send(sender=None, - from_user=username, - group_id=gid, - repo=repo, path=path, - org_id=org_id) + share_dir_to_group(repo, path, repo_owner, username, gid, permission, None) result['success'].append({ "share_type": "group", @@ -494,10 +427,15 @@ class DirSharedItemsEndpoint(APIView): "id": gid, "name": group.group_name, }, - "permission": permission, - "is_admin": extra_share_permission == PERMISSION_ADMIN + "permission": PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission, + "is_admin": permission == PERMISSION_ADMIN }) + share_repo_to_group_successful.send(sender=None, + from_user=username, + group_id=gid, repo=repo, + path=path, org_id=org_id) + send_perm_audit_msg('add-repo-perm', username, gid, repo_id, path, permission) except SearpcError as e: @@ -531,13 +469,10 @@ class DirSharedItemsEndpoint(APIView): if shared_to is None or not is_valid_username(shared_to): return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % shared_to) - # if user not found, permission will be None - permission = seafile_api.check_permission_by_path( - repo_id, '/', shared_to) + permission = check_user_share_out_permission(repo_id, path, shared_to, is_org_context(request)) if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. - repo_owner = seafile_api.get_org_repo_owner(repo_id) org_id = request.user.org.org_id if path == '/': seaserv.seafserv_threaded_rpc.org_remove_share( @@ -547,7 +482,6 @@ class DirSharedItemsEndpoint(APIView): org_id, repo_id, path, repo_owner, shared_to) else: - repo_owner = seafile_api.get_repo_owner(repo_id) if path == '/': seaserv.remove_share(repo_id, repo_owner, shared_to) else: @@ -569,23 +503,11 @@ class DirSharedItemsEndpoint(APIView): return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid' % group_id) # hacky way to get group repo permission - permission = '' - if is_org_context(request): - org_id = request.user.org.org_id - shared_groups = seafile_api.list_org_repo_shared_group( - org_id, username, repo_id) - else: - shared_groups = seafile_api.list_repo_shared_group( - username, repo_id) + is_org = is_org_context(request) + permission = check_group_share_out_permission(repo_id, path, group_id, is_org) - for e in shared_groups: - if e.group_id == group_id: - permission = e.perm - break - - if is_org_context(request): + if is_org: # when calling seafile API to share authority related functions, change the uesrname to repo owner. - repo_owner = seafile_api.get_org_repo_owner(repo_id) org_id = request.user.org.org_id if path == '/': seaserv.del_org_group_repo(repo_id, org_id, group_id) @@ -593,7 +515,6 @@ class DirSharedItemsEndpoint(APIView): seafile_api.org_unshare_subdir_for_group( org_id, repo_id, path, repo_owner, group_id) else: - repo_owner = seafile_api.get_repo_owner(repo_id) if path == '/': seafile_api.unset_group_repo(repo_id, group_id, username) else: diff --git a/seahub/api2/endpoints/shared_repos.py b/seahub/api2/endpoints/shared_repos.py index 040deb929f..b5e1ca7184 100644 --- a/seahub/api2/endpoints/shared_repos.py +++ b/seahub/api2/endpoints/shared_repos.py @@ -16,6 +16,10 @@ from seahub.api2.throttling import UserRateThrottle from seahub.profile.models import Profile from seahub.utils import is_org_context, is_valid_username, send_perm_audit_msg from seahub.base.templatetags.seahub_tags import email2nickname, email2contact_email +from seahub.share.models import ExtraSharePermission, ExtraGroupsSharePermission +from seahub.constants import PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN +from seahub.share.utils import update_user_dir_permission, update_group_dir_permission,\ + check_user_share_out_permission, check_group_share_out_permission logger = logging.getLogger(__name__) @@ -52,6 +56,8 @@ class SharedRepos(APIView): returned_result = [] shared_repos.sort(lambda x, y: cmp(x.repo_name, y.repo_name)) + usernames = [] + gids = [] for repo in shared_repos: if repo.is_virtual: continue @@ -69,14 +75,24 @@ class SharedRepos(APIView): result['user_name'] = email2nickname(repo.user) result['user_email'] = repo.user result['contact_email'] = Profile.objects.get_contact_email_by_user(repo.user) + usernames.append((repo.repo_id, repo.user)) if repo.share_type == 'group': group = ccnet_api.get_group(repo.group_id) result['group_id'] = repo.group_id result['group_name'] = group.group_name + gids.append(repo.group_id) returned_result.append(result) + user_admins = ExtraSharePermission.objects.batch_is_admin(usernames) + group_admins = ExtraGroupsSharePermission.objects.batch_get_repos_with_admin_permission(gids) + for result in returned_result: + if result['share_type'] == 'group': + result['is_admin'] = (result['repo_id'], result['group_id']) in group_admins + elif result['share_type'] == 'personal': + result['is_admin'] = (result['repo_id'], result['user_email']) in user_admins + return Response(returned_result) @@ -94,7 +110,7 @@ class SharedRepo(APIView): # argument check permission = request.data.get('permission', None) - if permission not in ['r', 'rw']: + if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE, PERMISSION_ADMIN]: error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) @@ -134,11 +150,9 @@ class SharedRepo(APIView): try: if is_org_context(request): org_id = request.user.org.org_id - seaserv.seafserv_threaded_rpc.org_set_share_permission( - org_id, repo_id, username, shared_to, permission) + update_user_dir_permission(repo_id, '/', repo_owner, shared_to, permission, org_id) else: - seafile_api.set_share_permission(repo_id, - username, shared_to, permission) + update_user_dir_permission(repo_id, '/', repo_owner, shared_to, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' @@ -167,11 +181,9 @@ class SharedRepo(APIView): try: if is_org_context(request): org_id = request.user.org.org_id - seaserv.seafserv_threaded_rpc.set_org_group_repo_permission( - org_id, group_id, repo_id, permission) + update_group_dir_permission(repo_id, '/', repo_owner, group_id, permission, org_id) else: - seafile_api.set_group_repo_permission( - group_id, repo_id, permission) + update_group_dir_permission(repo_id, '/', repo_owner, group_id, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' @@ -233,8 +245,10 @@ class SharedRepo(APIView): # delete share org_id = None + is_org = False if is_org_context(request): org_id = request.user.org.org_id + is_org = True if share_type == 'personal': user = request.GET.get('user', None) @@ -242,9 +256,7 @@ class SharedRepo(APIView): error_msg = 'user invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - # if user not found, permission will be None - permission = seafile_api.check_permission_by_path( - repo_id, '/', user) + permission = check_user_share_out_permission(repo_id, '/', user, is_org) try: if org_id: @@ -272,22 +284,11 @@ class SharedRepo(APIView): error_msg = 'group_id must be integer.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - # hacky way to get group repo permission - permission = '' - if org_id: - for e in seafile_api.list_org_repo_shared_group( - org_id, username, repo_id): - if e.group_id == group_id: - permission = e.perm - break - else: - for e in seafile_api.list_repo_shared_group_by_user(username, repo_id): - if e.group_id == group_id: - permission = e.perm - break + permission = check_group_share_out_permission(repo_id, '/', group_id, is_org) + try: - if org_id: + if is_org: seaserv.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, username) diff --git a/seahub/api2/urls.py b/seahub/api2/urls.py index 8b948d9ca1..f96a904271 100644 --- a/seahub/api2/urls.py +++ b/seahub/api2/urls.py @@ -82,7 +82,7 @@ urlpatterns = patterns('', url(r'^shared-upload-links/$', SharedUploadLinksView.as_view()), url(r'^repo-tokens/$', RepoTokensView.as_view(), name='api2-repo-tokens'), - url(r'^organization/$', OrganizationView.as_view()), + url(r'^organization/$', OrganizationView.as_view(), name='api2-org'), url(r'^f/(?P[a-f0-9]+)/$', SharedFileView.as_view()), url(r'^f/(?P[a-f0-9]+)/detail/$', SharedFileDetailView.as_view()), diff --git a/seahub/api2/views.py b/seahub/api2/views.py index 8caa187a5b..97e4a410a3 100644 --- a/seahub/api2/views.py +++ b/seahub/api2/views.py @@ -47,7 +47,7 @@ from seahub.avatar.templatetags.group_avatar_tags import api_grp_avatar_url, \ from seahub.base.accounts import User from seahub.base.models import UserStarredFiles, DeviceToken from seahub.share.models import ExtraSharePermission, ExtraGroupsSharePermission -from seahub.share.utils import is_repo_admin +from seahub.share.utils import is_repo_admin, check_group_share_in_permission from seahub.base.templatetags.seahub_tags import email2nickname, \ translate_seahub_time, translate_commit_desc_escape, \ email2contact_email @@ -4083,14 +4083,24 @@ class GroupRepo(APIView): if not group.is_staff and repo_owner != username and not is_repo_admin(username, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') - if seaserv.is_org_group(group_id): + is_org = seaserv.is_org_group(group_id) + repo = seafile_api.get_group_shared_repo_by_path(repo_id, None, group_id, is_org) + permission = check_group_share_in_permission(repo_id, group_id, is_org) + + if is_org: org_id = seaserv.get_org_id_by_group(group_id) seaserv.del_org_group_repo(repo_id, org_id, group_id) else: seafile_api.unset_group_repo(repo_id, group_id, username) + # delete extra share permission ExtraGroupsSharePermission.objects.delete_share_permission(repo_id, group_id) - + if repo.is_virtual: + send_perm_audit_msg('delete-repo-perm', username, group_id, + repo.origin_repo_id, repo.origin_path, permission) + else: + send_perm_audit_msg('delete-repo-perm', username, group_id, + repo_id, '/', permission) return HttpResponse(json.dumps({'success': True}), status=200, content_type=json_content_type) diff --git a/seahub/base/registration_urls.py b/seahub/base/registration_urls.py index 4b11d7d29e..c5589c3fc0 100644 --- a/seahub/base/registration_urls.py +++ b/seahub/base/registration_urls.py @@ -37,8 +37,7 @@ except ImportError: CLOUD_MODE = False urlpatterns += patterns('', - url(r'^register/$', - register, + url(r'^register/$', register, reg_dict, name='registration_register'), url(r'^register/complete/$', diff --git a/seahub/share/models.py b/seahub/share/models.py index 5b8ee8564e..76c36a0c1c 100644 --- a/seahub/share/models.py +++ b/seahub/share/models.py @@ -220,6 +220,16 @@ class ExtraSharePermissionManager(models.Manager): class ExtraGroupsSharePermissionManager(models.Manager): + def get_group_permission(self, repo_id, gid): + record_list = super(ExtraGroupsSharePermissionManager, self).filter( + repo_id=repo_id, group_id=gid + ) + if len(record_list) > 0: + return record_list[0].permission + else: + return None + + def get_repos_with_admin_permission(self, gid): """ return admin repo in specific group e.g: ['repo_id1', 'repo_id2'] diff --git a/seahub/share/utils.py b/seahub/share/utils.py index 39a603d696..77135a5830 100644 --- a/seahub/share/utils.py +++ b/seahub/share/utils.py @@ -1,7 +1,10 @@ from seahub.group.utils import is_group_member -from seahub.constants import PERMISSION_ADMIN +from seahub.constants import PERMISSION_ADMIN, PERMISSION_READ_WRITE from seahub.share.models import ExtraSharePermission, ExtraGroupsSharePermission +import seaserv +from seaserv import seafile_api + def is_repo_admin(username, repo_id): is_administrator = ExtraSharePermission.objects.\ get_user_permission(repo_id, username) == PERMISSION_ADMIN @@ -13,3 +16,159 @@ def is_repo_admin(username, repo_id): break return is_administrator or belong_to_admin_group + +def share_dir_to_user(repo, path, owner, share_from, share_to, permission, org_id=None): + # Share repo or subdir to user with permission(r, rw, admin). + extra_share_permission = '' + if permission == PERMISSION_ADMIN: + extra_share_permission = permission + permission = PERMISSION_READ_WRITE + + if org_id: + if path == '/': + seaserv.seafserv_threaded_rpc.org_add_share(org_id, repo.repo_id, + owner, share_to, + permission) + else: + seafile_api.org_share_subdir_to_user(org_id, repo.repo_id, + path, owner, + share_to, permission) + else: + if path == '/': + seafile_api.share_repo(repo.repo_id, owner, share_to, permission) + else: + seafile_api.share_subdir_to_user(repo.repo_id, path, + owner, share_to, + permission) + if path == '/' and extra_share_permission == PERMISSION_ADMIN: + ExtraSharePermission.objects.create_share_permission(repo.repo_id, share_to, extra_share_permission) + +def share_dir_to_group(repo, path, owner, share_from, gid, permission, org_id=None): + # Share repo or subdir to group with permission(r, rw, admin). + extra_share_permission = '' + if permission == PERMISSION_ADMIN: + extra_share_permission = permission + permission = PERMISSION_READ_WRITE + + if org_id: + if path == '/': + seafile_api.add_org_group_repo(repo.repo_id, org_id, gid, + owner, permission) + else: + seafile_api.org_share_subdir_to_group(org_id, repo.repo_id, + path, owner, + gid, permission) + else: + if path == '/': + seafile_api.set_group_repo(repo.repo_id, gid, owner, + permission) + else: + seafile_api.share_subdir_to_group(repo.repo_id, path, + owner, gid, + permission) + + # add share permission if between is admin and is extra permission. + if path == '/' and extra_share_permission == PERMISSION_ADMIN: + ExtraGroupsSharePermission.objects.create_share_permission(repo.repo_id, gid, extra_share_permission) + +def update_user_dir_permission(repo_id, path, owner, share_to, permission, org_id=None): + # Update the user's permission(r, rw, admin) in the repo or subdir. + extra_share_permission = '' + if permission == PERMISSION_ADMIN: + extra_share_permission = permission + permission = PERMISSION_READ_WRITE + + if org_id: + if path == '/': + seafile_api.org_set_share_permission( + org_id, repo_id, owner, share_to, permission) + else: + seafile_api.org_update_share_subdir_perm_for_user( + org_id, repo_id, path, owner, share_to, permission) + else: + if path == '/': + seafile_api.set_share_permission( + repo_id, owner, share_to, permission) + else: + seafile_api.update_share_subdir_perm_for_user( + repo_id, path, owner, share_to, permission) + + if path == '/': + ExtraSharePermission.objects.update_share_permission(repo_id, + share_to, + extra_share_permission) + +def update_group_dir_permission(repo_id, path, owner, gid, permission, org_id=None): + # Update the group's permission(r, rw, admin) in the repo or subdir. + extra_share_permission = '' + if permission == PERMISSION_ADMIN: + extra_share_permission = permission + permission = PERMISSION_READ_WRITE + + if org_id: + if path == '/': + seaserv.seafserv_threaded_rpc.set_org_group_repo_permission( + org_id, gid, repo_id, permission) + else: + seafile_api.org_update_share_subdir_perm_for_group( + org_id, repo_id, path, owner, gid, permission) + else: + if path == '/': + seafile_api.set_group_repo_permission(gid, repo_id, permission) + else: + seafile_api.update_share_subdir_perm_for_group( + repo_id, path, owner, gid, permission) + + # update extra share permission if updated is repo + if path == '/': + ExtraGroupsSharePermission.objects.update_share_permission(repo_id, + gid, + extra_share_permission) + +def check_user_share_out_permission(repo_id, path, share_to, is_org=False): + # Return the permission you share to others. + path = None if path == '/' else path + repo = seafile_api.get_shared_repo_by_path(repo_id, path, share_to, is_org) + if not repo: + return None + + permission = repo.permission + if path is None: + extra_permission = ExtraSharePermission.objects.get_user_permission(repo_id, share_to) + permission = extra_permission if extra_permission else repo.permission + + return permission + +def check_user_share_in_permission(repo_id, share_to, is_org=False): + # Return the permission to share to you. + repo = seafile_api.get_shared_repo_by_path(repo_id, None, share_to, is_org) + if not repo: + return None + + extra_permission = ExtraSharePermission.objects.get_user_permission(repo_id, share_to) + return extra_permission if extra_permission else repo.permission + +def check_group_share_out_permission(repo_id, path, group_id, is_org=False): + # Return the permission that share to other's group. + path = None if path == '/' else path + repo = seafile_api.get_group_shared_repo_by_path(repo_id, path, group_id, is_org) + + if not repo: + return None + + permission = repo.permission + if path is None: + extra_permission = ExtraGroupsSharePermission.objects.get_group_permission(repo_id, group_id) + permission = extra_permission if extra_permission else repo.permission + + return permission + +def check_group_share_in_permission(repo_id, group_id, is_org=False): + # Returns the permission to share the group you joined. + repo = seafile_api.get_group_shared_repo_by_path(repo_id, None, group_id, is_org) + + if not repo: + return None + + extra_permission = ExtraGroupsSharePermission.objects.get_group_permission(repo_id, group_id) + return extra_permission if extra_permission else repo.permission diff --git a/seahub/templates/js/templates.html b/seahub/templates/js/templates.html index 3e86cb1a8f..305f58f8f9 100644 --- a/seahub/templates/js/templates.html +++ b/seahub/templates/js/templates.html @@ -2217,6 +2217,68 @@

+ +