From fcf2c992ec6c703ea5225f82832178178c76f403 Mon Sep 17 00:00:00 2001 From: Shuai Lin Date: Thu, 16 Jul 2015 15:31:01 +0800 Subject: [PATCH] handle office preview perm check in file revisions --- seahub/templates/snippets/office_convert_js.html | 16 ++++++++++++---- .../snippets/spreadsheet_convert_js.html | 6 +++++- seahub/urls.py | 2 +- seahub/views/file.py | 10 ++++++---- 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/seahub/templates/snippets/office_convert_js.html b/seahub/templates/snippets/office_convert_js.html index 158ce38016..fdf3e247ef 100644 --- a/seahub/templates/snippets/office_convert_js.html +++ b/seahub/templates/snippets/office_convert_js.html @@ -1,10 +1,12 @@ {% load i18n %} -var OfficePreviewer = function(repo_id, path, token) { +var OfficePreviewer = function(repo_id, path, token, commit_id) { this.repo_id = repo_id; this.path = path; this.total_pages = null; + // only non-null when viewing in shared links this.token = token; + this.commit_id = commit_id; this.orig_page_width = null; this.orig_page_height = null; @@ -15,11 +17,12 @@ var OfficePreviewer = function(repo_id, path, token) { this.FIT_TO_WIDTH = 850; // hardcoded in seafevents this.scale_ratio = 1; - this.static_prefix = '{{ SITE_ROOT}}office-convert/static/{{ repo.id }}{{ path|urlencode }}/'; + this.static_prefix = '{{ SITE_ROOT}}office-convert/static/{{ repo.id }}/' + this.commit_id + '{{ path|urlencode }}/'; this.page_status_url = function(page) { var params = { repo_id: repo_id, + commit_id: this.commit_id, path: path, page: page }; @@ -30,7 +33,11 @@ var OfficePreviewer = function(repo_id, path, token) { } this.page_content_url = function(page) { var url = this.static_prefix + page + '.page'; - return this.token ? url + '?token=' + this.token : url; + var params = {}; + if (this.token) { + params['token'] = token; + } + return params ? url + '?' + $.param(params) : url; } var url = window.location.href; @@ -164,5 +171,6 @@ OfficePreviewer.prototype.load_page = function(index) { }; $(function() { - new OfficePreviewer('{{ repo.id }}', '{{ path }}', '{{ shared_token }}').start(); + var commit_id = '{{ current_commit.id }}' || '{{ repo.head_cmmt_id }}'; + new OfficePreviewer('{{ repo.id }}', '{{ path }}', '{{ shared_token }}', commit_id).start(); }); diff --git a/seahub/templates/snippets/spreadsheet_convert_js.html b/seahub/templates/snippets/spreadsheet_convert_js.html index 6a6741a780..6b7a01c5d0 100644 --- a/seahub/templates/snippets/spreadsheet_convert_js.html +++ b/seahub/templates/snippets/spreadsheet_convert_js.html @@ -1,8 +1,10 @@ {% load i18n %} +$(function() { + var commit_id = '{{ current_commit.id }}' || '{{ repo.head_cmmt_id }}'; function load_excel() { $('#convert-loading').remove(); var iframe = document.createElement('iframe'); - iframe.src = '{{ SITE_ROOT}}office-convert/static/{{ repo.id }}{{ path|urlencode }}/index.html?token=' + '{{ shared_token }}'; + iframe.src = '{{ SITE_ROOT}}office-convert/static/{{ repo.id }}/' + commit_id + '{{ path|urlencode }}/index.html?token=' + '{{ shared_token }}'; $('#spreadsheet-container').append(iframe); } @@ -11,6 +13,7 @@ repo_id: '{{ repo.id }}', path: '{{ path }}', token: '{{ shared_token }}', + commit_id: commit_id, doctype: 'spreadsheet' }); $.ajax({ @@ -38,3 +41,4 @@ } check_status(); +}); diff --git a/seahub/urls.py b/seahub/urls.py index 1df5fc4302..5ae3472916 100644 --- a/seahub/urls.py +++ b/seahub/urls.py @@ -302,7 +302,7 @@ if HAS_OFFICE_CONVERTER: office_convert_query_status, office_convert_get_page, office_convert_add_task ) urlpatterns += patterns('', - url(r'^office-convert/static/(?P[-0-9a-f]{36})/(?P.+)/(?P[^/].+)$', + url(r'^office-convert/static/(?P[-0-9a-f]{36})/(?P[0-9a-f]{40})/(?P.+)/(?P[^/].+)$', office_convert_get_page, name='office_convert_get_page'), url(r'^office-convert/status/$', office_convert_query_status, name='office_convert_query_status'), diff --git a/seahub/views/file.py b/seahub/views/file.py index 56f886ce8e..154634637a 100644 --- a/seahub/views/file.py +++ b/seahub/views/file.py @@ -1333,8 +1333,9 @@ def office_convert_query_status(request, internal=False): raise Http404 repo_id = request.GET.get('repo_id', '') + commit_id = request.GET.get('commit_id', '') path = request.GET.get('path', '') - if not (repo_id and path): + if not (repo_id and path and commit_id): return HttpResponseBadRequest('invalid params') page = request.GET.get('page', '') @@ -1350,7 +1351,8 @@ def office_convert_query_status(request, internal=False): if not _check_office_convert_perm(request, repo_id, path): return HttpResponseForbidden() - file_id = get_file_id_by_path(repo_id, path) + file_id = seafserv_threaded_rpc.get_file_id_by_commit_and_path(repo_id, commit_id, path) + ret = {'success': False} try: ret = query_office_convert_status(file_id, page, internal=internal) @@ -1365,7 +1367,7 @@ def office_convert_query_status(request, internal=False): # * 1.page 2.page for pdf/doc/ppt # * index.html for spreadsheets and index_html_xxx.png for images embedded in spreadsheets _OFFICE_PAGE_PATTERN = re.compile(r'^[\d]+\.page|file\.css|file\.outline|index.html|index_html_.*.png$') -def office_convert_get_page(request, repo_id, path, filename, internal=False): +def office_convert_get_page(request, repo_id, commit_id, path, filename, internal=False): if not HAS_OFFICE_CONVERTER: raise Http404 @@ -1376,7 +1378,7 @@ def office_convert_get_page(request, repo_id, path, filename, internal=False): if not _check_office_convert_perm(request, repo_id, path): return HttpResponseForbidden() - file_id = get_file_id_by_path(repo_id, path) + file_id = seafserv_threaded_rpc.get_file_id_by_commit_and_path(repo_id, commit_id, path) resp = get_office_converted_page(request, filename, file_id, internal=internal) if filename.endswith('.page'): content_type = 'text/html'