haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-03 16:10:26 +00:00
Code Issues Releases Wiki Activity

Disable share encrypt repo to unregistered email. Move out repo decrypt form.

Browse Source
This commit is contained in:
xiez
2012-09-17 18:01:51 +08:00
parent b005709194
commit fd0dad1c7c
5 changed files with 85 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
share/views.py
View File

@@ -40,7 +40,13 @@ def share_repo(request):
repo_id = form.cleaned_data['repo_id']
from_email = request.user.username
# Test whether user is the repo owner
repo = get_repo(repo_id)
if not repo:
raise Http404
is_encrypted = True if repo.encrypted else False
# Test whether user is the repo owner.
if not validate_owner(request, repo_id):
return render_permission_error(request, u'只有目录拥有者有权共享目录')
@@ -97,7 +103,8 @@ def share_repo(request):
# Generate shared link and send mail if user has not registered.
kwargs = {'repo_id': repo_id,
'repo_owner': from_email,
'anon_email': to_email
'anon_email': to_email,
'is_encrypted': is_encrypted,
}
anonymous_share(request, **kwargs)
else:
@@ -169,6 +176,14 @@ def anonymous_share(request, email_template_name='repo/anonymous_share_email.htm
repo_id = kwargs['repo_id']
repo_owner = kwargs['repo_owner']
anon_email = kwargs['anon_email']
is_encrypted = kwargs['is_encrypted']
# Encrypt repo can not be shared to unregistered user.
if is_encrypted:
msg = u'共享给 %s 失败,加密目录无法共享给站外邮箱。' % anon_email
messages.error(request, msg)
return
token = anon_share_token_generator.make_token()
anon_share = AnonymousShare()

26
templates/decrypt_repo_form.html Normal file
View File

@@ -0,0 +1,26 @@
{% extends base_template %}
{% load url from future %}
{% block main_panel %}
<div class="repo-file-list-outer-container">
<div class="repo-file-list-inner-container">
<div class="repo-file-list-not-show">
<p class="access-notice">该目录已加密。如需在线查看里面的内容请输入解密密码。密码只会在服务器上暂存1小时。</p>
<form action="{{ SITE_ROOT }}repo/{{ repo.id }}/" method="post">
<label>密码:</label>
<input type="hidden" name="repo_id" value="{{ repo.id }}" />
<input type="hidden" name="username" value="{{ request.user.username }}" />
<input id="id_password" type="password" name="password" maxlength="64" />
{% for error in form.errors.values %}
<p class="error">{{ error|escape }}</p>
{% endfor %}
<input type="submit" value="提交" />
</form>
</div>
</div>
</div>
{% endblock %}
{% block extra_script %}
{% endblock %}

41
templates/repo.html
View File

@@ -16,26 +16,22 @@
{% block main_panel %}
<div class="w100 ovhd">
<h2 class="fleft">{{repo.props.name}}</h2>
{% if not repo.props.encrypted or password_set %}
{% if can_access %}
{% if user_perm == 'rw' %}
<button id="repo-download-btn" class="fright">同步到本地</button>
{% endif %}
{% endif %}
</div>
<div id="repo-basic-info">
<p class="desc">{{repo.props.desc}}</p>
<p class="size">大小:{{ repo_size|filesizeformat }}</p>
</div>
{% if not repo.props.encrypted or password_set %}
{% if can_access %}
<div id="repo-latest-commit">
<p class="commit-msg ovhd">
<span class="fleft">
{{ current_commit.props.desc|translate_commit_desc }}
<a class="lsch" href="{{ SITE_ROOT }}repo/history/changes/{{ repo.id }}/?commit_id={{ current_commit.id }}" data="{{ current_commit.props.ctime|tsstr_sec }}">详情</a>
</span>
{% if request.user.is_authenticated %}
{% if user_perm == 'rw' %}
<a href="{% url 'seahub.views.repo_history' repo.id %}" class="more fright">更多历史</a>
{% endif %}
</p>
@@ -52,28 +48,10 @@
</p>
<div id="ls-ch" class="hide"></div><!--list modification details of a commit-->
</div>
{% endif %}
{% endif %}
<div class="repo-file-list-outer-container">
<div class="repo-file-list-inner-container">
{% if repo.props.encrypted and not password_set %}
<div class="repo-file-list-not-show">
<p class="access-notice">该目录已加密。如需在线查看里面的内容请输入解密密码。密码只会在服务器上暂存1小时。</p>
<form action="{{ SITE_ROOT }}repo/{{ repo.id }}/" method="post">
<label>密码:</label>
<input type="hidden" name="repo_id" value="{{ repo.id }}" />
<input type="hidden" name="username" value="{{ request.user.username }}" />
<input id="id_password" type="password" name="password" maxlength="64" />
{% for error in form.errors.values %}
<p class="error">{{ error|escape }}</p>
{% endfor %}
<input type="submit" value="提交" />
</form>
</div>
{% else %}
{% if not can_access %}
{% if not user_perm %}
<div class="repo-file-list-not-show">
<p class="access-notice">无法在线查看该同步目录。</p>
</div>
@@ -89,7 +67,7 @@
{% endif %}
{% endfor %}
</p>
{% if request.user.is_authenticated %}
{% if user_perm == 'rw' %}
<div class="repo-op fright">
<button data="{{ SITE_ROOT }}repo/upload_file/{{repo.id}}/?p={{ path|urlencode }}" id="upload-file" class="op-btn">上传</button>
<button id="add-new-dir" class="op-btn">新建目录</button>
@@ -97,6 +75,7 @@
</div>
{% endif %}
</div>
<!-- /.repo-file-list-topbar -->
<table class="repo-file-list">
<tr>
<th width="5%"></th>
@@ -114,7 +93,7 @@
<td></td>
<td>
{% if request.user.is_authenticated %}
{% if user_perm == 'rw' %}
<div class="repo-file-op vh">
<div class="displayed-op">
<a class="op dir-rename" href="#" data="{{ dirent.obj_name }}">重命名</a>
@@ -127,7 +106,7 @@
<li><a class="op dir-cp" href="#" data="{{ dirent.obj_name }}">复制</a></li>
</ul>
</div>
{% endif %}
{% endif %}
</td>
</tr>
{% endfor %}
@@ -141,6 +120,7 @@
<td>{{ dirent.file_size|filesizeformat }}</td>
<td>
{% if user_perm == 'rw' %}
<div class="repo-file-op vh">
<div class="displayed-op">
<a class="op" href="{{ SITE_ROOT }}repo/{{ repo.props.id }}/{{ dirent.props.obj_id }}/?file_name={{ dirent.props.obj_name }}&op=download">下载</a>
@@ -150,21 +130,20 @@
<img src="{{ MEDIA_URL }}img/dropdown-arrow.png" title="更多操作" alt="更多操作" class="more-op-icon" data="no-popup" />
<ul class="hidden-op hide">
<!--li><a class="op" href="{{ SITE_ROOT }}repo/{{ repo.props.id }}/{{ dirent.props.obj_id }}/?file_name={{ dirent.props.obj_name }}&op=download">下载</a></li-->
{% if request.user.is_authenticated %}
<li><a class="op" href="{{ SITE_ROOT }}repo/{{ repo.props.id }}/{{ dirent.props.obj_id }}/?p={{ path|urlencode }}&file_name={{ dirent.props.obj_name|urlencode }}&op=del">删除</a></li>
<!--li><a class="op file-rename" href="#" data="{{ dirent.obj_name }}">重命名</a></li-->
<li><a class="op file-mv" href="#" data="{{ dirent.obj_name }}">移动</a></li>
<li><a class="op file-cp" href="#" data="{{ dirent.obj_name }}">复制</a></li>
<!--li><a class="op file-update" href="{{ SITE_ROOT }}repo/update_file/{{repo.id}}/?p={{ path|urlencode }}{{dirent.obj_name|urlencode}}">更新</a></li-->
<li><a href="{{ SITE_ROOT }}repo/revert_file/{{ repo.id }}/?commit={{ current_commit.id }}&p={{path|urlencode}}{{ dirent.obj_name|urlencode }}&from=repo_history" class="op file-revert">还原</a></li>
{% endif %}
</ul>
</div>
{% endif %}
</td>
</tr>
{% endfor %}
</table>
{% endif %}
<!-- /.repo-file-list -->
{% endif %}
</div>
</div>

21
templates/repo_history_view.html
View File

@@ -9,7 +9,6 @@
<button data="{{ SITE_ROOT }}repo/history/{{ repo.id }}/" class="fright" id="back-to-history-list">返回历史列表</button>
</div>
{% if can_access %}
<div id="repo-latest-commit">
<p class="commit-msg">{{ current_commit.props.desc|translate_commit_desc }}</p>
<p class="meta-info">
@@ -24,25 +23,10 @@
<span class="time">{{ current_commit.props.ctime|translate_commit_time }}</span>
</p>
</div>
{% endif %}
<div class="repo-file-list-outer-container">
<div class="repo-file-list-inner-container">
{% if repo.props.encrypted and not password_set %}
<div class="repo-file-list-not-show">
<p class="access-notice">该目录已加密。如需在线查看里面的内容请输入解密密码。密码只会在服务器上暂存1小时。</p>
<form action="{{ SITE_ROOT }}repo/{{ repo.id }}/" method="post">
<label>密码:</label>
<input id="id_password" type="password" name="password" maxlength="64" /><br />
{% if error %}
<p class="error">{{ error }}</p>
{% endif %}
<input type="submit" value="提交" />
</form>
</div>
{% else %}
{% if not can_access %}
{% if not user_perm %}
<div class="repo-file-list-not-show">
<p class="access-notice">无法在线查看该同步目录。</p>
</div>
@@ -59,6 +43,7 @@
{% endfor %}
</p>
</div>
<!-- /.repo-file-list-topbar -->
<table class="repo-file-list">
<tr>
<th width="5%"></th>
@@ -93,7 +78,7 @@
</tr>
{% endfor %}
</table>
{% endif %}
<!-- /.repo-file-list -->
{% endif %}
</div>
</div>

32
views.py
View File

@@ -110,6 +110,14 @@ def access_to_repo(request, repo_id, repo_ap=None):
else:
return check_permission(repo_id, request.user.username)
def get_user_permission(request, repo_id):
if request.user.is_authenticated():
return 'rw' if check_permission(repo_id, request.user.username) else \
''
else:
token = request.COOKIES.get('anontoken', None)
return 'r' if token else ''
def gen_path_link(path, repo_name):
"""
Generate navigate paths and links in repo page.
@@ -210,7 +218,8 @@ class RepoMixin(object):
self.path = self.get_path()
self.repo = self.get_repo(self.repo_id)
self.repo_size = self.get_repo_size()
self.can_access = access_to_repo(self.request, self.repo_id)
# self.can_access = access_to_repo(self.request, self.repo_id)
self.user_perm = get_user_permission(self.request, self.repo_id)
self.current_commit = self.get_current_commit()
self.password_set = self.is_password_set()
@@ -239,7 +248,13 @@ class RepoView(CtxSwitchRequiredMixin, RepoMixin, TemplateResponseMixin,
View to show repo page and handle post request to decrypt repo.
"""
form_class = RepoPassowrdForm
template_name = 'repo.html'
def get_template_names(self):
if self.repo.encrypted and not self.password_set:
template_name = 'decrypt_repo_form.html'
else:
template_name = 'repo.html'
return template_name
def get_accessible_repos(self):
if self.user.is_authenticated():
@@ -266,7 +281,8 @@ class RepoView(CtxSwitchRequiredMixin, RepoMixin, TemplateResponseMixin,
def get_context_data(self, **kwargs):
kwargs['repo'] = self.repo
kwargs['can_access'] = self.can_access
# kwargs['can_access'] = self.can_access
kwargs['user_perm'] = self.user_perm
kwargs['current_commit'] = self.get_current_commit()
kwargs['password_set'] = self.password_set
kwargs['repo_size'] = self.repo_size
@@ -284,7 +300,12 @@ class RepoHistoryView(LoginRequiredMixin, CtxSwitchRequiredMixin, RepoMixin,
"""
View to show repo page in history.
"""
template_name = 'repo_history_view.html'
def get_template_names(self):
if self.repo.encrypted and not self.password_set:
template_name = 'decrypt_repo_form.html'
else:
template_name = 'repo_history_view.html'
return template_name
def get_current_commit(self):
commit_id = self.request.GET.get('commit_id', '')
@@ -297,7 +318,8 @@ class RepoHistoryView(LoginRequiredMixin, CtxSwitchRequiredMixin, RepoMixin,
def get_context_data(self, **kwargs):
kwargs['repo'] = self.repo
kwargs['can_access'] = self.can_access
# kwargs['can_access'] = self.can_access
kwargs['user_perm'] = self.user_perm
kwargs['current_commit'] = self.get_current_commit()
kwargs['password_set'] = self.password_set
kwargs['repo_size'] = self.repo_size