1
0
mirror of https://github.com/haiwen/seahub.git synced 2025-07-16 00:06:11 +00:00
seahub/seahub/api2/endpoints/invitations.py
2017-12-25 12:09:26 +08:00

139 lines
4.9 KiB
Python

# Copyright (c) 2012-2016 Seafile Ltd.
from django.utils.translation import ugettext as _
from rest_framework import status
from rest_framework.authentication import SessionAuthentication
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from rest_framework.views import APIView
from seahub.api2.authentication import TokenAuthentication
from seahub.api2.permissions import CanInviteGuest
from seahub.api2.throttling import UserRateThrottle
from seahub.api2.utils import api_error
from seahub.base.accounts import User
from seahub.utils import is_valid_email
from seahub.invitations.models import Invitation
from seahub.invitations.utils import block_accepter
json_content_type = 'application/json; charset=utf-8'
class InvitationsView(APIView):
authentication_classes = (TokenAuthentication, SessionAuthentication)
permission_classes = (IsAuthenticated, CanInviteGuest)
throttle_classes = (UserRateThrottle,)
def get(self, request, format=None):
# List invitations sent by user.
username = request.user.username
invitations = []
for e in Invitation.objects.get_by_inviter(username):
invitations.append(e.to_dict())
return Response(invitations)
def post(self, request, format=None):
# Send invitation.
itype = request.data.get('type', '').lower()
if not itype or itype != 'guest':
return api_error(status.HTTP_400_BAD_REQUEST, 'type invalid.')
accepter = request.data.get('accepter', '').lower()
if not accepter:
return api_error(status.HTTP_400_BAD_REQUEST, 'accepter invalid.')
if not is_valid_email(accepter):
return api_error(status.HTTP_400_BAD_REQUEST,
_('Email %s invalid.') % accepter)
if block_accepter(accepter):
return api_error(status.HTTP_400_BAD_REQUEST,
_('The email address is not allowed to be invited as a guest.'))
if Invitation.objects.filter(inviter=request.user.username,
accepter=accepter).count() > 0:
return api_error(status.HTTP_400_BAD_REQUEST,
_('%s is already invited.') % accepter)
try:
User.objects.get(accepter)
user_exists = True
except User.DoesNotExist:
user_exists = False
if user_exists:
return api_error(status.HTTP_400_BAD_REQUEST,
_('User %s already exists.') % accepter)
i = Invitation.objects.add(inviter=request.user.username,
accepter=accepter)
i.send_to(email=accepter)
return Response(i.to_dict(), status=201)
class InvitationsBatchView(APIView):
authentication_classes = (TokenAuthentication, SessionAuthentication)
permission_classes = (IsAuthenticated, CanInviteGuest)
throttle_classes = (UserRateThrottle,)
def post(self, request):
itype = request.data.get('type', '').lower()
if not itype or itype != 'guest':
return api_error(status.HTTP_400_BAD_REQUEST, 'type invalid.')
accepters = request.data.getlist('accepter', None)
if not accepters:
return api_error(status.HTTP_400_BAD_REQUEST, 'accepters invalid.')
result = {}
result['failed'] = []
result['success'] = []
for accepter in accepters:
if not accepter.strip():
continue
accepter = accepter.lower()
if not is_valid_email(accepter):
result['failed'].append({
'email': accepter,
'error_msg': _('Email %s invalid.') % accepter
})
continue
if block_accepter(accepter):
result['failed'].append({
'email': accepter,
'error_msg': _('The email address is not allowed to be invited as a guest.')
})
continue
if Invitation.objects.filter(inviter=request.user.username,
accepter=accepter).count() > 0:
result['failed'].append({
'email': accepter,
'error_msg': _('%s is already invited.') % accepter
})
continue
try:
User.objects.get(accepter)
result['failed'].append({
'email': accepter,
'error_msg': _('User %s already exists.') % accepter
})
continue
except User.DoesNotExist:
i = Invitation.objects.add(inviter=request.user.username,
accepter=accepter)
i.send_to(email=accepter)
result['success'].append(i.to_dict())
return Response(result)