mirror of
https://github.com/haiwen/seahub.git
synced 2025-04-27 11:01:14 +00:00
99a9ece04e
* delete thridpart/social_django
* delete social_django in seahub/urls.py
* delete social_django in seahub/settings.py
* delete seahub/notifications/management/commands/send_wxwork_notices.py
* delete social_django in code annotation
* delete seahub/social_core
* delete tests/seahub/social_core
* delete social_core in seahub/urls.py
* delete social_core in seahub/settings.py
* change app_label to auth in SocialAuthUser model
* 2to3 asserts
* 2to3 basestring
* 2to3 dict
* 2to3 except
* 2to3 filter
* 2to3 future
* 2to3 has_key
* 2to3 idioms
* 2to3 import
* 2to3 imports
* 2to3 long
* 2to3 map
* 2to3 next
* 2to3 numliterals
* 2to3 print
* 2to3 raise
* 2to3 raw_input
* 2to3 reduce
* 2to3 reload
* 2to3 set_literal
* 2to3 unicode
* 2to3 urllib
* 2to3 ws_comma
* 2to3 xrange
* 2to3 zip
* add pymysql in __init__.py
* fix encode and decode in seahub/cconvert.py
* fix seafserv_rpc.is_passwd_set in seahub/views/__init__.py
* fix smart_unicode to smart_text
* fix force_unicode to force_text
* delete seaserv.get_session_info
* delete seaserv.ccnet_rpc
* fix indent error in seahub/auth/middleware.py
* update dev-requirements
* update test-requirements
* update requirements
* fix StringIO to BytesIO in thumbnail
* fix seaserv.list_inner_pub_repos to seafile_api.get_inner_pub_repo_list
* fix seaserv.list_org_inner_pub_repos to seafile_api.list_org_inner_pub_repos
* add logger in seahub/utils/__init__.py
* fix sort cmp in seahub/views/__init__.py
* fix sort cmp in seahub/base/management/commands/export_file_access_log.py
* fix sort cmp in seahub/api2/endpoints/repo_trash.py
* fix sort cmp in seahub/api2/endpoints/shared_repos.py
* fix sort cmp in seahub/api2/endpoints/shared_folders.py
* fix sort cmp in seahub/wiki/views.py
* fix sort cmp in seahub/api2/endpoints/wiki_pages.py
* fix sort cmp in seahub/api2/endpoints/group_libraries.py
* fix sort cmp in seahub/base/models.py
* fix sort cmp in seahub/api2/endpoints/upload_links.py
* fix sort cmp in seahub/views/ajax.py
* fix sort cmp in seahub/api2/views.py
* fix sort cmp in seahub/views/wiki.py
* fix sort cmp in seahub/api2/endpoints/repos.py
* fix sort cmp in seahub/api2/endpoints/starred_items.py
* fix sort cmp in seahub/views/file.py
* fix sort cmp in seahub/api2/endpoints/dir.py
* fix sort cmp in seahub/api2/endpoints/share_links.py
* fix cmp to cmp_to_key in seahub/api2/endpoints/admin/device_trusted_ip.py
* fix cmp to cmp_to_key in tests/api/endpoints/admin/test_device_trusted_ip.py
* delete encode('utf-8') in seafile_api.list_dir_by_commit_and_path
* delete encode('utf-8') in is_file_starred
* delete encode('utf-8') in seafile_api.list_dir_by_path
* delete path.encode('utf-8') in seahub/views/file.py
* fix os.write to add encode('utf-8')
* add encode('utf-8') for hashlib
* add encode('utf-8') for hmac
* fix with open(file, 'wb') for binary file
* fix encode and decode in seahub/utils/hasher.py
* fix next in thirdpart/shibboleth/views.py
* fix next in seahub/profile/views.py
* fix next in seahub/notifications/views.py
* fix next in seahub/institutions/views.py
* fix next in seahub/options/views.py
* fix next in seahub/share/views.py
* fix next in seahub/avatar/views.py
* fix next in seahub/views/__init__.py
* fix next in seahub/group/views.py
* fix next in seahub/views/wiki.py
* fix next in seahub/views/sysadmin.py
* fix next in seahub/views/file.py
* fix string.lowercase to string.ascii_lowercase in test
* fix open file add 'rb' in test
* fix self.user.username in test
* add migrations in file_participants
* fix list_org_inner_pub_repos to list_org_inner_pub_repos_by_owner
* fix from seaserv import is_passwd_set to seafile_api.is_password_set
* fix assert bytes resp.content in test
* fix seafile_api.get_inner_pub_repo_list to seafile_api.list_inner_pub_repos_by_owner
* fix seafile_api.is_passwd_set to seafile_api.is_password_set
* fix AccountsApiTest assert length
* rewrite sort_devices cmp to operator.lt
* fix bytes + str in seahub/api2/views.py
* fix assert bytes resp.content in test
* fix hashlib encode in seahub/thirdpart/registration/models.py
* change app_label to base in SocialAuthUser
* fix base64 encode in seahub/base/database_storage/database_storage.py
* fix assert bytes resp.content
* remove path.decode in def mkstemp()
* remove path.decode in FpathToLinkTest
* remove str decode in FileTagTest
* remove mock_write_xls.assert_called_once() in SysUserAdminExportExcelTest
* fix urllib assert in FilesApiTest
* fix link fields in FileCommentsTest
* fix get_related_users_by_repo()
* fix assert list in GetRepoSharedUsersTest
* fix create user in AccountTest
* fix repeated key in dict seahub/api2/views.py
* add drone.yml
* update nginx conf in test
* update test conf in test
* update dist and push after test success
* update drone conf to dist and push
* fix assert in BeSharedReposTest
* fix seafile_api.list_org_inner_pub_repos_by_owner(org_id, username) to seafile_api.list_org_inner_pub_repos(org_id)
* fix seafile_api.list_inner_pub_repos_by_owner(username) to seafile_api.get_inner_pub_repo_list()
* update pyjwt requirement
* update dist branch in drone
* add SKIP in dist and push
* fix StringIO to BytesIO in seahub/avatar/models.py
* fix if org_id > 0 to if org_id and org_id > 0
* remove payment
* fix StringIO to BytesIO in seahub/base/database_storage/database_storage.py
* fix send_message to seafile_api.publish_event in seahub/drafts/utils.py
* fix send_message to seafile_api.publish_event in seahub/api2/views.py
* fix send_message to seafile_api.publish_event in seahub/api2/endpoints/repos.py
* fix send_message to seafile_api.publish_event in seahub/views/file.py
* fix send_message to seafile_api.publish_event in seahub/utils/__init__.py
* fix image_file.read encode in seahub/base/database_storage/database_storage.py
* fix DatabaseStorageTest
* remove .travis.yml
* drone branch include master
295 lines
9.5 KiB
Python
295 lines
9.5 KiB
Python
# Copyright (c) 2012-2016 Seafile Ltd.
|
|
import os
|
|
import logging
|
|
from constance import config
|
|
from dateutil.relativedelta import relativedelta
|
|
|
|
from rest_framework.authentication import SessionAuthentication
|
|
from rest_framework.permissions import IsAuthenticated
|
|
from rest_framework.response import Response
|
|
from rest_framework.views import APIView
|
|
from rest_framework import status
|
|
|
|
from django.utils import timezone
|
|
from django.utils.translation import ugettext as _
|
|
|
|
from seaserv import seafile_api
|
|
from pysearpc import SearpcError
|
|
|
|
from seahub.api2.utils import api_error
|
|
from seahub.api2.authentication import TokenAuthentication
|
|
from seahub.api2.throttling import AnonRateThrottle, UserRateThrottle
|
|
from seahub.api2.permissions import CanGenerateUploadLink
|
|
|
|
from seahub.share.models import UploadLinkShare
|
|
from seahub.utils import gen_shared_upload_link, gen_file_upload_url
|
|
from seahub.views import check_folder_permission
|
|
from seahub.utils.timeutils import datetime_to_isoformat_timestr
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
def get_upload_link_info(uls):
|
|
data = {}
|
|
token = uls.token
|
|
|
|
repo_id = uls.repo_id
|
|
try:
|
|
repo = seafile_api.get_repo(repo_id)
|
|
except Exception as e:
|
|
logger.error(e)
|
|
repo = None
|
|
|
|
path = uls.path
|
|
if path:
|
|
obj_name = '/' if path == '/' else os.path.basename(path.rstrip('/'))
|
|
else:
|
|
obj_name = ''
|
|
|
|
if uls.ctime:
|
|
ctime = datetime_to_isoformat_timestr(uls.ctime)
|
|
else:
|
|
ctime = ''
|
|
|
|
if uls.expire_date:
|
|
expire_date = datetime_to_isoformat_timestr(uls.expire_date)
|
|
else:
|
|
expire_date = ''
|
|
|
|
data['repo_id'] = repo_id
|
|
data['repo_name'] = repo.repo_name if repo else ''
|
|
data['path'] = path
|
|
data['obj_name'] = obj_name
|
|
data['view_cnt'] = uls.view_cnt
|
|
data['ctime'] = ctime
|
|
data['link'] = gen_shared_upload_link(token)
|
|
data['token'] = token
|
|
data['username'] = uls.username
|
|
data['expire_date'] = expire_date
|
|
data['is_expired'] = uls.is_expired()
|
|
|
|
return data
|
|
|
|
|
|
class UploadLinks(APIView):
|
|
|
|
authentication_classes = (TokenAuthentication, SessionAuthentication)
|
|
permission_classes = (IsAuthenticated, CanGenerateUploadLink)
|
|
throttle_classes = (UserRateThrottle, )
|
|
|
|
def get(self, request):
|
|
""" Get all upload links of a user.
|
|
|
|
Permission checking:
|
|
1. default(NOT guest) user;
|
|
"""
|
|
|
|
# get all upload links
|
|
username = request.user.username
|
|
upload_link_shares = UploadLinkShare.objects.filter(username=username)
|
|
|
|
repo_id = request.GET.get('repo_id', None)
|
|
if repo_id:
|
|
repo = seafile_api.get_repo(repo_id)
|
|
if not repo:
|
|
error_msg = 'Library %s not found.' % repo_id
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
# filter share links by repo
|
|
upload_link_shares = [ufs for ufs in upload_link_shares if ufs.repo_id==repo_id]
|
|
|
|
path = request.GET.get('path', None)
|
|
if path:
|
|
try:
|
|
dir_id = seafile_api.get_dir_id_by_path(repo_id, path)
|
|
except SearpcError as e:
|
|
logger.error(e)
|
|
error_msg = 'Internal Server Error'
|
|
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
|
|
|
|
if not dir_id:
|
|
error_msg = 'folder %s not found.' % path
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
if path[-1] != '/':
|
|
path = path + '/'
|
|
|
|
# filter share links by path
|
|
upload_link_shares = [ufs for ufs in upload_link_shares if ufs.path==path]
|
|
|
|
result = []
|
|
for uls in upload_link_shares:
|
|
link_info = get_upload_link_info(uls)
|
|
result.append(link_info)
|
|
|
|
if len(result) == 1:
|
|
result = result
|
|
else:
|
|
result.sort(key=lambda x: x['obj_name'])
|
|
|
|
return Response(result)
|
|
|
|
def post(self, request):
|
|
""" Create upload link.
|
|
|
|
Permission checking:
|
|
1. default(NOT guest) user;
|
|
2. user with 'rw' permission;
|
|
"""
|
|
|
|
# argument check
|
|
repo_id = request.data.get('repo_id', None)
|
|
if not repo_id:
|
|
error_msg = 'repo_id invalid.'
|
|
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
|
|
|
|
path = request.data.get('path', None)
|
|
if not path:
|
|
error_msg = 'path invalid.'
|
|
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
|
|
|
|
password = request.data.get('password', None)
|
|
if password and len(password) < config.SHARE_LINK_PASSWORD_MIN_LENGTH:
|
|
error_msg = _('Password is too short')
|
|
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
|
|
|
|
try:
|
|
expire_days = int(request.data.get('expire_days', 0))
|
|
except ValueError:
|
|
error_msg = 'expire_days invalid.'
|
|
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
|
|
|
|
# resource check
|
|
repo = seafile_api.get_repo(repo_id)
|
|
if not repo:
|
|
error_msg = 'Library %s not found.' % repo_id
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
try:
|
|
dir_id = seafile_api.get_dir_id_by_path(repo_id, path)
|
|
except SearpcError as e:
|
|
logger.error(e)
|
|
error_msg = 'Internal Server Error'
|
|
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
|
|
|
|
if not dir_id:
|
|
error_msg = 'folder %s not found.' % path
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
if check_folder_permission(request, repo_id, path) != 'rw':
|
|
error_msg = 'Permission denied.'
|
|
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
|
|
|
|
if expire_days <= 0:
|
|
expire_date = None
|
|
else:
|
|
expire_date = timezone.now() + relativedelta(days=expire_days)
|
|
|
|
username = request.user.username
|
|
uls = UploadLinkShare.objects.get_upload_link_by_path(username, repo_id, path)
|
|
if not uls:
|
|
uls = UploadLinkShare.objects.create_upload_link_share(username,
|
|
repo_id, path, password, expire_date)
|
|
|
|
link_info = get_upload_link_info(uls)
|
|
return Response(link_info)
|
|
|
|
class UploadLink(APIView):
|
|
|
|
authentication_classes = (TokenAuthentication, SessionAuthentication)
|
|
permission_classes = (IsAuthenticated, CanGenerateUploadLink)
|
|
throttle_classes = (UserRateThrottle, )
|
|
|
|
def get(self, request, token):
|
|
""" Get upload link info.
|
|
|
|
Permission checking:
|
|
1. default(NOT guest) user;
|
|
"""
|
|
|
|
try:
|
|
uls = UploadLinkShare.objects.get(token=token)
|
|
except UploadLinkShare.DoesNotExist:
|
|
error_msg = 'token %s not found.' % token
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
link_info = get_upload_link_info(uls)
|
|
return Response(link_info)
|
|
|
|
def delete(self, request, token):
|
|
""" Delete upload link.
|
|
|
|
Permission checking:
|
|
1. default(NOT guest) user;
|
|
2. link owner;
|
|
"""
|
|
|
|
try:
|
|
uls = UploadLinkShare.objects.get(token=token)
|
|
except UploadLinkShare.DoesNotExist:
|
|
return Response({'success': True})
|
|
|
|
username = request.user.username
|
|
if not uls.is_owner(username):
|
|
error_msg = 'Permission denied.'
|
|
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
|
|
|
|
try:
|
|
uls.delete()
|
|
except Exception as e:
|
|
logger.error(e)
|
|
error_msg = 'Internal Server Error'
|
|
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
|
|
|
|
return Response({'success': True})
|
|
|
|
|
|
class UploadLinkUpload(APIView):
|
|
|
|
throttle_classes = (AnonRateThrottle, )
|
|
|
|
def get(self, request, token):
|
|
""" Get file upload url according to upload link token.
|
|
|
|
Permission checking:
|
|
1. anyone has the upload link token can perform this action;
|
|
"""
|
|
|
|
try:
|
|
uls = UploadLinkShare.objects.get(token=token)
|
|
except UploadLinkShare.DoesNotExist:
|
|
error_msg = 'token %s not found.' % token
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
# currently not support encrypted upload link
|
|
if uls.is_encrypted():
|
|
error_msg = 'Upload link %s is encrypted.' % token
|
|
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
|
|
|
|
repo_id = uls.repo_id
|
|
repo = seafile_api.get_repo(repo_id)
|
|
if not repo:
|
|
error_msg = 'Library %s not found.' % repo_id
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
path = uls.path
|
|
dir_id = seafile_api.get_dir_id_by_path(repo_id, path)
|
|
if not dir_id:
|
|
error_msg = 'Folder %s not found.' % path
|
|
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
|
|
|
|
if repo.encrypted or \
|
|
seafile_api.check_permission_by_path(repo_id, '/', uls.username) != 'rw':
|
|
error_msg = 'Permission denied.'
|
|
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
|
|
|
|
token = seafile_api.get_fileserver_access_token(repo_id,
|
|
dir_id, 'upload-link', uls.username, use_onetime=False)
|
|
|
|
if not token:
|
|
error_msg = 'Internal Server Error'
|
|
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
|
|
|
|
result = {}
|
|
result['upload_link'] = gen_file_upload_url(token, 'upload-api')
|
|
return Response(result)
|