mirror of
https://github.com/haiwen/seahub.git
synced 2025-04-27 11:01:14 +00:00
99a9ece04e
* delete thridpart/social_django
* delete social_django in seahub/urls.py
* delete social_django in seahub/settings.py
* delete seahub/notifications/management/commands/send_wxwork_notices.py
* delete social_django in code annotation
* delete seahub/social_core
* delete tests/seahub/social_core
* delete social_core in seahub/urls.py
* delete social_core in seahub/settings.py
* change app_label to auth in SocialAuthUser model
* 2to3 asserts
* 2to3 basestring
* 2to3 dict
* 2to3 except
* 2to3 filter
* 2to3 future
* 2to3 has_key
* 2to3 idioms
* 2to3 import
* 2to3 imports
* 2to3 long
* 2to3 map
* 2to3 next
* 2to3 numliterals
* 2to3 print
* 2to3 raise
* 2to3 raw_input
* 2to3 reduce
* 2to3 reload
* 2to3 set_literal
* 2to3 unicode
* 2to3 urllib
* 2to3 ws_comma
* 2to3 xrange
* 2to3 zip
* add pymysql in __init__.py
* fix encode and decode in seahub/cconvert.py
* fix seafserv_rpc.is_passwd_set in seahub/views/__init__.py
* fix smart_unicode to smart_text
* fix force_unicode to force_text
* delete seaserv.get_session_info
* delete seaserv.ccnet_rpc
* fix indent error in seahub/auth/middleware.py
* update dev-requirements
* update test-requirements
* update requirements
* fix StringIO to BytesIO in thumbnail
* fix seaserv.list_inner_pub_repos to seafile_api.get_inner_pub_repo_list
* fix seaserv.list_org_inner_pub_repos to seafile_api.list_org_inner_pub_repos
* add logger in seahub/utils/__init__.py
* fix sort cmp in seahub/views/__init__.py
* fix sort cmp in seahub/base/management/commands/export_file_access_log.py
* fix sort cmp in seahub/api2/endpoints/repo_trash.py
* fix sort cmp in seahub/api2/endpoints/shared_repos.py
* fix sort cmp in seahub/api2/endpoints/shared_folders.py
* fix sort cmp in seahub/wiki/views.py
* fix sort cmp in seahub/api2/endpoints/wiki_pages.py
* fix sort cmp in seahub/api2/endpoints/group_libraries.py
* fix sort cmp in seahub/base/models.py
* fix sort cmp in seahub/api2/endpoints/upload_links.py
* fix sort cmp in seahub/views/ajax.py
* fix sort cmp in seahub/api2/views.py
* fix sort cmp in seahub/views/wiki.py
* fix sort cmp in seahub/api2/endpoints/repos.py
* fix sort cmp in seahub/api2/endpoints/starred_items.py
* fix sort cmp in seahub/views/file.py
* fix sort cmp in seahub/api2/endpoints/dir.py
* fix sort cmp in seahub/api2/endpoints/share_links.py
* fix cmp to cmp_to_key in seahub/api2/endpoints/admin/device_trusted_ip.py
* fix cmp to cmp_to_key in tests/api/endpoints/admin/test_device_trusted_ip.py
* delete encode('utf-8') in seafile_api.list_dir_by_commit_and_path
* delete encode('utf-8') in is_file_starred
* delete encode('utf-8') in seafile_api.list_dir_by_path
* delete path.encode('utf-8') in seahub/views/file.py
* fix os.write to add encode('utf-8')
* add encode('utf-8') for hashlib
* add encode('utf-8') for hmac
* fix with open(file, 'wb') for binary file
* fix encode and decode in seahub/utils/hasher.py
* fix next in thirdpart/shibboleth/views.py
* fix next in seahub/profile/views.py
* fix next in seahub/notifications/views.py
* fix next in seahub/institutions/views.py
* fix next in seahub/options/views.py
* fix next in seahub/share/views.py
* fix next in seahub/avatar/views.py
* fix next in seahub/views/__init__.py
* fix next in seahub/group/views.py
* fix next in seahub/views/wiki.py
* fix next in seahub/views/sysadmin.py
* fix next in seahub/views/file.py
* fix string.lowercase to string.ascii_lowercase in test
* fix open file add 'rb' in test
* fix self.user.username in test
* add migrations in file_participants
* fix list_org_inner_pub_repos to list_org_inner_pub_repos_by_owner
* fix from seaserv import is_passwd_set to seafile_api.is_password_set
* fix assert bytes resp.content in test
* fix seafile_api.get_inner_pub_repo_list to seafile_api.list_inner_pub_repos_by_owner
* fix seafile_api.is_passwd_set to seafile_api.is_password_set
* fix AccountsApiTest assert length
* rewrite sort_devices cmp to operator.lt
* fix bytes + str in seahub/api2/views.py
* fix assert bytes resp.content in test
* fix hashlib encode in seahub/thirdpart/registration/models.py
* change app_label to base in SocialAuthUser
* fix base64 encode in seahub/base/database_storage/database_storage.py
* fix assert bytes resp.content
* remove path.decode in def mkstemp()
* remove path.decode in FpathToLinkTest
* remove str decode in FileTagTest
* remove mock_write_xls.assert_called_once() in SysUserAdminExportExcelTest
* fix urllib assert in FilesApiTest
* fix link fields in FileCommentsTest
* fix get_related_users_by_repo()
* fix assert list in GetRepoSharedUsersTest
* fix create user in AccountTest
* fix repeated key in dict seahub/api2/views.py
* add drone.yml
* update nginx conf in test
* update test conf in test
* update dist and push after test success
* update drone conf to dist and push
* fix assert in BeSharedReposTest
* fix seafile_api.list_org_inner_pub_repos_by_owner(org_id, username) to seafile_api.list_org_inner_pub_repos(org_id)
* fix seafile_api.list_inner_pub_repos_by_owner(username) to seafile_api.get_inner_pub_repo_list()
* update pyjwt requirement
* update dist branch in drone
* add SKIP in dist and push
* fix StringIO to BytesIO in seahub/avatar/models.py
* fix if org_id > 0 to if org_id and org_id > 0
* remove payment
* fix StringIO to BytesIO in seahub/base/database_storage/database_storage.py
* fix send_message to seafile_api.publish_event in seahub/drafts/utils.py
* fix send_message to seafile_api.publish_event in seahub/api2/views.py
* fix send_message to seafile_api.publish_event in seahub/api2/endpoints/repos.py
* fix send_message to seafile_api.publish_event in seahub/views/file.py
* fix send_message to seafile_api.publish_event in seahub/utils/__init__.py
* fix image_file.read encode in seahub/base/database_storage/database_storage.py
* fix DatabaseStorageTest
* remove .travis.yml
* drone branch include master
465 lines
18 KiB
Python
465 lines
18 KiB
Python
# Copyright (c) 2012-2016 Seafile Ltd.
|
|
import logging
|
|
from rest_framework import status
|
|
from rest_framework.authentication import SessionAuthentication
|
|
from rest_framework.permissions import IsAdminUser
|
|
from rest_framework.response import Response
|
|
from rest_framework.views import APIView
|
|
|
|
from django.utils.translation import ugettext as _
|
|
|
|
from seaserv import seafile_api, ccnet_api
|
|
|
|
from seahub.api2.authentication import TokenAuthentication
|
|
from seahub.api2.throttling import UserRateThrottle
|
|
from seahub.api2.utils import api_error
|
|
from seahub.share.models import ExtraSharePermission, ExtraGroupsSharePermission
|
|
from seahub.share.utils import update_user_dir_permission, \
|
|
update_group_dir_permission, share_dir_to_user, share_dir_to_group, \
|
|
has_shared_to_user, has_shared_to_group, check_user_share_out_permission, \
|
|
check_group_share_out_permission
|
|
from seahub.share.signals import share_repo_to_user_successful, share_repo_to_group_successful
|
|
|
|
from seahub.base.accounts import User
|
|
from seahub.base.templatetags.seahub_tags import email2nickname
|
|
from seahub.utils import is_valid_username, send_perm_audit_msg
|
|
from seahub.utils.repo import get_available_repo_perms
|
|
from seahub.constants import PERMISSION_READ, PERMISSION_READ_WRITE, \
|
|
PERMISSION_ADMIN
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
def check_parameter(func):
|
|
"""
|
|
Decorator for check parameter
|
|
"""
|
|
def _decorated(view, request, *args, **kwargs):
|
|
|
|
# argument check
|
|
if request.method == 'GET':
|
|
repo_id = request.GET.get('repo_id', None)
|
|
path = request.GET.get('path', '/')
|
|
share_type = request.GET.get('share_type', None)
|
|
else:
|
|
repo_id = request.data.get('repo_id', None)
|
|
path = request.data.get('path', '/')
|
|
share_type = request.data.get('share_type', None)
|
|
|
|
if not repo_id:
|
|
error_msg = 'repo_id invalid.'
|
|
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
|
|
|
|
if not share_type or share_type not in ('user', 'group'):
|
|
error_msg = 'share_type invalid.'
|
|
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
|
|
|
|
# resource check
|
|
repo = seafile_api.get_repo(repo_id)
|
|
if not repo:
|
|
error_msg = 'Library %s not found.' % repo_id
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
if not seafile_api.get_dir_id_by_path(repo_id, path):
|
|
error_msg = 'Folder %s not found.' % path
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
return func(view, request, repo, path, share_type, *args, **kwargs)
|
|
|
|
return _decorated
|
|
|
|
class AdminShares(APIView):
|
|
authentication_classes = (TokenAuthentication, SessionAuthentication)
|
|
throttle_classes = (UserRateThrottle,)
|
|
permission_classes = (IsAdminUser,)
|
|
|
|
@check_parameter
|
|
def get(self, request, repo, path, share_type):
|
|
""" List user/group shares
|
|
|
|
Permission checking:
|
|
1. admin user.
|
|
"""
|
|
|
|
result = []
|
|
|
|
# current `request.user.username` is admin user,
|
|
# so need to identify the repo owner specifically.
|
|
repo_owner = seafile_api.get_repo_owner(repo.repo_id)
|
|
if share_type == 'user':
|
|
try:
|
|
if path == '/':
|
|
share_items = seafile_api.list_repo_shared_to(
|
|
repo_owner, repo.repo_id)
|
|
else:
|
|
share_items = seafile_api.get_shared_users_for_subdir(
|
|
repo.repo_id, path, repo_owner)
|
|
except Exception as e:
|
|
logger.error(e)
|
|
error_msg = 'Internal Server Error'
|
|
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
|
|
|
|
admin_users = ExtraSharePermission.objects.get_admin_users_by_repo(repo.repo_id)
|
|
for share_item in share_items:
|
|
|
|
user_email = share_item.user
|
|
user_name = email2nickname(user_email) if user_email else '--'
|
|
|
|
share_info = {}
|
|
share_info['repo_id'] = repo.repo_id
|
|
share_info['path'] = path
|
|
share_info['share_type'] = share_type
|
|
share_info['user_email'] = user_email
|
|
share_info['user_name'] = user_name
|
|
share_info['permission'] = share_item.perm
|
|
share_info['is_admin'] = user_email in admin_users
|
|
|
|
result.append(share_info)
|
|
|
|
if share_type == 'group':
|
|
try:
|
|
if path == '/':
|
|
share_items = seafile_api.list_repo_shared_group_by_user(
|
|
repo_owner, repo.repo_id)
|
|
else:
|
|
share_items = seafile_api.get_shared_groups_for_subdir(
|
|
repo.repo_id, path, repo_owner)
|
|
except Exception as e:
|
|
logger.error(e)
|
|
error_msg = 'Internal Server Error'
|
|
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
|
|
|
|
admin_groups = ExtraGroupsSharePermission.objects.get_admin_groups_by_repo(repo.repo_id)
|
|
for share_item in share_items:
|
|
|
|
group_id = share_item.group_id
|
|
group = ccnet_api.get_group(group_id)
|
|
group_name = group.group_name if group else '--'
|
|
|
|
share_info = {}
|
|
share_info['repo_id'] = repo.repo_id
|
|
share_info['path'] = path
|
|
share_info['share_type'] = share_type
|
|
share_info['group_id'] = group_id
|
|
share_info['group_name'] = group_name
|
|
share_info['permission'] = share_item.perm
|
|
share_info['is_admin'] = group_id in admin_groups
|
|
|
|
result.append(share_info)
|
|
|
|
return Response(result)
|
|
|
|
@check_parameter
|
|
def post(self, request, repo, path, share_type):
|
|
""" Admin share a library to user/group.
|
|
|
|
Permission checking:
|
|
1. admin user.
|
|
"""
|
|
|
|
# argument check
|
|
permission = request.data.get('permission', None)
|
|
if not permission or permission not in get_available_repo_perms():
|
|
error_msg = 'permission invalid.'
|
|
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
|
|
|
|
result = {}
|
|
result['failed'] = []
|
|
result['success'] = []
|
|
share_to = request.data.getlist('share_to')
|
|
|
|
# current `request.user.username` is admin user,
|
|
# so need to identify the repo owner specifically.
|
|
repo_owner = seafile_api.get_repo_owner(repo.repo_id)
|
|
username = request.user.username
|
|
|
|
if share_type == 'user':
|
|
for email in share_to:
|
|
if repo_owner == email:
|
|
result['failed'].append({
|
|
'user_email': email,
|
|
'error_msg': _('User %s is already library owner.') % email
|
|
})
|
|
|
|
continue
|
|
|
|
if not is_valid_username(email):
|
|
result['failed'].append({
|
|
'user_email': email,
|
|
'error_msg': _('Email %s invalid.') % email
|
|
})
|
|
|
|
continue
|
|
|
|
try:
|
|
User.objects.get(email=email)
|
|
except User.DoesNotExist:
|
|
result['failed'].append({
|
|
'user_email': email,
|
|
'error_msg': 'User %s not found.' % email
|
|
})
|
|
|
|
continue
|
|
|
|
if has_shared_to_user(repo.repo_id, path, email):
|
|
result['failed'].append({
|
|
'email': email,
|
|
'error_msg': _('This item has been shared to %s.') % email
|
|
})
|
|
continue
|
|
|
|
try:
|
|
|
|
share_dir_to_user(repo, path, repo_owner, username, email, permission)
|
|
share_repo_to_user_successful.send(sender=None, from_user=username,
|
|
to_user=email, repo=repo,
|
|
path=path, org_id=None)
|
|
send_perm_audit_msg('add-repo-perm', username, email,
|
|
repo.repo_id, path, permission)
|
|
|
|
except Exception as e:
|
|
logger.error(e)
|
|
result['failed'].append({
|
|
'user_email': email,
|
|
'error_msg': 'Internal Server Error'
|
|
})
|
|
|
|
continue
|
|
|
|
result['success'].append({
|
|
"repo_id": repo.repo_id,
|
|
"path": path,
|
|
"share_type": share_type,
|
|
"user_email": email,
|
|
"user_name": email2nickname(email),
|
|
"permission": PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission,
|
|
"is_admin": permission == PERMISSION_ADMIN
|
|
})
|
|
|
|
if share_type == 'group':
|
|
for group_id in share_to:
|
|
try:
|
|
group_id = int(group_id)
|
|
except ValueError as e:
|
|
logger.error(e)
|
|
result['failed'].append({
|
|
'group_id': group_id,
|
|
'error_msg': 'group_id %s invalid.' % group_id
|
|
})
|
|
|
|
continue
|
|
|
|
group = ccnet_api.get_group(group_id)
|
|
if not group:
|
|
result['failed'].append({
|
|
'group_id': group_id,
|
|
'error_msg': 'Group %s not found' % group_id
|
|
})
|
|
|
|
continue
|
|
|
|
if has_shared_to_group(repo.repo_id, path, group_id):
|
|
result['failed'].append({
|
|
'group_name': group.group_name,
|
|
'error_msg': _('This item has been shared to %s.') % group.group_name
|
|
})
|
|
continue
|
|
|
|
try:
|
|
share_dir_to_group(repo, path, repo_owner, username, group_id, permission)
|
|
|
|
share_repo_to_group_successful.send(sender=None,
|
|
from_user=username,
|
|
group_id=group_id, repo=repo,
|
|
path=path, org_id=None)
|
|
|
|
send_perm_audit_msg('add-repo-perm', username, group_id,
|
|
repo.repo_id, path, permission)
|
|
except Exception as e:
|
|
logger.error(e)
|
|
result['failed'].append({
|
|
"group_id": group_id,
|
|
'error_msg': 'Internal Server Error'
|
|
})
|
|
|
|
continue
|
|
|
|
result['success'].append({
|
|
"repo_id": repo.repo_id,
|
|
"path": path,
|
|
"share_type": share_type,
|
|
"group_id": group_id,
|
|
"group_name": group.group_name,
|
|
"permission": PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission,
|
|
"is_admin": permission == PERMISSION_ADMIN
|
|
})
|
|
|
|
return Response(result)
|
|
|
|
@check_parameter
|
|
def put(self, request, repo, path, share_type):
|
|
""" Update user/group share permission.
|
|
|
|
Permission checking:
|
|
1. admin user.
|
|
"""
|
|
|
|
# argument check
|
|
permission = request.data.get('permission', None)
|
|
if not permission or permission not in get_available_repo_perms():
|
|
error_msg = 'permission invalid.'
|
|
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
|
|
|
|
share_info = {}
|
|
share_info['repo_id'] = repo.repo_id
|
|
share_info['path'] = path
|
|
share_info['share_type'] = share_type
|
|
|
|
# current `request.user.username` is admin user,
|
|
# so need to identify the repo owner specifically.
|
|
repo_owner = seafile_api.get_repo_owner(repo.repo_id)
|
|
username = request.user.username
|
|
|
|
share_to = request.data.get('share_to', None)
|
|
if share_type == 'user':
|
|
email = share_to
|
|
if not email or not is_valid_username(email):
|
|
error_msg = 'email %s invalid.' % email
|
|
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
|
|
|
|
try:
|
|
User.objects.get(email=email)
|
|
except User.DoesNotExist:
|
|
error_msg = 'User %s not found.' % email
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
if not has_shared_to_user(repo.repo_id, path, email):
|
|
error_msg = 'Shared items not found'
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
try:
|
|
update_user_dir_permission(repo.repo_id, path, repo_owner, email, permission)
|
|
|
|
send_perm_audit_msg('modify-repo-perm', username, email,
|
|
repo.repo_id, path, permission)
|
|
except Exception as e:
|
|
logger.error(e)
|
|
error_msg = 'Internal Server Error'
|
|
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
|
|
|
|
share_info['user_email'] = email
|
|
share_info['user_name'] = email2nickname(email)
|
|
share_info['permission'] = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission
|
|
share_info['is_admin'] = permission == PERMISSION_ADMIN
|
|
|
|
if share_type == 'group':
|
|
group_id = share_to
|
|
try:
|
|
group_id = int(group_id)
|
|
except ValueError:
|
|
error_msg = 'group_id %s invalid.' % group_id
|
|
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
|
|
|
|
group = ccnet_api.get_group(group_id)
|
|
if not group:
|
|
error_msg = 'Group %s not found' % group_id
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
if not has_shared_to_group(repo.repo_id, path, group_id):
|
|
error_msg = 'Shared items not found'
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
try:
|
|
update_group_dir_permission(repo.repo_id, path, repo_owner, group_id, permission)
|
|
send_perm_audit_msg('modify-repo-perm', username, group_id,
|
|
repo.repo_id, path, permission)
|
|
except Exception as e:
|
|
logger.error(e)
|
|
error_msg = 'Internal Server Error'
|
|
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
|
|
|
|
share_info['group_id'] = group_id
|
|
share_info['group_name'] = group.group_name
|
|
share_info['permission'] = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission
|
|
share_info['is_admin'] = permission == PERMISSION_ADMIN
|
|
|
|
return Response(share_info)
|
|
|
|
@check_parameter
|
|
def delete(self, request, repo, path, share_type):
|
|
""" Delete user/group share permission.
|
|
|
|
Permission checking:
|
|
1. admin user.
|
|
"""
|
|
|
|
# current `request.user.username` is admin user,
|
|
# so need to identify the repo owner specifically.
|
|
repo_owner = seafile_api.get_repo_owner(repo.repo_id)
|
|
username = request.user.username
|
|
|
|
share_to = request.data.get('share_to', None)
|
|
|
|
if share_type == 'user':
|
|
email = share_to
|
|
if not email or not is_valid_username(email):
|
|
error_msg = 'email %s invalid.' % email
|
|
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
|
|
|
|
if not has_shared_to_user(repo.repo_id, path, email):
|
|
error_msg = 'Shared items not found'
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
try:
|
|
permission = check_user_share_out_permission(repo.repo_id, path, email)
|
|
|
|
if path == '/':
|
|
seafile_api.remove_share(repo.repo_id, repo_owner, email)
|
|
else:
|
|
seafile_api.unshare_subdir_for_user(
|
|
repo.repo_id, path, repo_owner, email)
|
|
|
|
if path == '/':
|
|
ExtraSharePermission.objects.delete_share_permission(repo.repo_id,
|
|
email)
|
|
send_perm_audit_msg('delete-repo-perm', username, email,
|
|
repo.repo_id, path, permission)
|
|
except Exception as e:
|
|
logger.error(e)
|
|
error_msg = 'Internal Server Error'
|
|
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
|
|
|
|
if share_type == 'group':
|
|
group_id = share_to
|
|
try:
|
|
group_id = int(group_id)
|
|
except ValueError:
|
|
error_msg = 'group_id %s invalid' % group_id
|
|
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
|
|
|
|
if not has_shared_to_group(repo.repo_id, path, group_id):
|
|
error_msg = 'Shared items not found'
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
try:
|
|
|
|
permission = check_group_share_out_permission(repo.repo_id, path, group_id)
|
|
|
|
if path == '/':
|
|
seafile_api.unset_group_repo(repo.repo_id, group_id, repo_owner)
|
|
else:
|
|
seafile_api.unshare_subdir_for_group(
|
|
repo.repo_id, path, repo_owner, group_id)
|
|
|
|
if path == '/':
|
|
ExtraGroupsSharePermission.objects.delete_share_permission(repo.repo_id,
|
|
group_id)
|
|
|
|
send_perm_audit_msg('delete-repo-perm', username, group_id,
|
|
repo.repo_id, path, permission)
|
|
except Exception as e:
|
|
logger.error(e)
|
|
error_msg = 'Internal Server Error'
|
|
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
|
|
|
|
return Response({'success': True})
|