Collection table permission

docker/Dockerfile

@@ -38,8 +38,6 @@ COPY src/seatable-thumbnail-server /opt/seatable-thumbnail/seatable-thumbnail-se
 
 RUN ln -sf /opt/seatable-thumbnail/seafile/lib/libsearpc.so.1.0.2 /opt/seatable-thumbnail/seafile/lib/libsearpc.so.1
 RUN ln -sf /opt/seatable-thumbnail/seafile/lib/libsearpc.so.1.0.2 /opt/seatable-thumbnail/seafile/lib/libsearpc.so
-RUN ln -sf /opt/seatable-thumbnail/seafile/lib/libccnet.so.0.0.0 /opt/seatable-thumbnail/seafile/lib/libccnet.so.0
-RUN ln -sf /opt/seatable-thumbnail/seafile/lib/libccnet.so.0.0.0 /opt/seatable-thumbnail/seafile/lib/libccnet.so
 
 
 # scripts

docker/scripts/enterpoint.sh

@@ -38,7 +38,11 @@ fi
 
 # letsencrypt renew cert 86400*30
 if [[ -f /shared/ssl/renew_cert ]]; then
-    ln -sf /shared/ssl/renew_cert /var/spool/cron/crontabs/root
+    env > /opt/dockerenv
+    sed -i '1,3d' /opt/dockerenv
+
+    cp /shared/ssl/renew_cert /var/spool/cron/crontabs/root
+    chmod 600 /var/spool/cron/crontabs/root
 
     openssl x509 -checkend 2592000 -noout -in /opt/ssl/$SEATABLE_THUMBNAIL_SERVER_HOSTNAME.crt
     if [[ $? != "0" ]]; then
@@ -48,6 +52,18 @@ if [[ -f /shared/ssl/renew_cert ]]; then
 fi
 
 
+# autorun
+echo
+echo "Starting SeaTable Thumbnail"
+echo
+
+/scripts/seatable-thumbnail.sh start
+
+wait
+
+sleep 1
+
+
 #
 log "This is a idle script (infinite loop) to keep container running."
 

docker/scripts/init_config.py

@@ -140,19 +140,30 @@ def init_https():
         # crontab letsencrypt renew cert
         with open('/opt/ssl/renew_cert', 'w') as f:
             f.write('0 1 1 * * /scripts/renew_cert.sh 2>> /opt/ssl/letsencrypt.log\n')
-        os.system('ln -s /opt/ssl/renew_cert /var/spool/cron/crontabs/root')
+        os.system('cp /opt/ssl/renew_cert /var/spool/cron/crontabs/root')
+        os.system('chmod 600 /var/spool/cron/crontabs/root')
+        os.system('env > /opt/dockerenv')
+        os.system("sed -i '1,3d' /opt/dockerenv")
 
     #
     nginx_https_config = """
 log_format seatableformat '\$http_x_forwarded_for \$remote_addr [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" \$upstream_response_time';
 
 server {
-    if ($host = %s) {
-        return 301 https://$host$request_uri;
-    }
     listen 80;
     server_name %s;
-    return 404;
+
+    # for letsencrypt
+    location /.well-known/acme-challenge/ {
+        alias /var/www/challenges/;
+        try_files $uri =404;
+    }
+
+    location / {
+        if ($host = %s) {
+            return 301 https://$host$request_uri;
+        }
+    }
 }
 
 server {

docker/scripts/monitor.sh

@@ -29,16 +29,6 @@ function check_process() {
 }
 
 # monitor
-function monitor_ccnet() {
-    process_name="ccnet-server"
-    check_num=$(check_process $process_name)
-    if [ $check_num -eq 0 ]; then
-        log "Start $process_name"
-        ccnet-server -F /opt/seatable-thumbnail/conf -c /opt/seatable-thumbnail/ccnet -f /opt/seatable-thumbnail/logs/ccnet.log -d -L /opt/seatable-thumbnail -P /opt/seatable-thumbnail/pids/ccnet.pid - &
-        sleep 0.2
-    fi
-}
-
 function monitor_seafile() {
     process_name="seaf-server"
     check_num=$(check_process $process_name)
@@ -66,7 +56,6 @@ function monitor_seatable_thumbnail() {
 log "Start Monitor"
 
 while [ 1 ]; do
-    monitor_ccnet
     monitor_seafile
     monitor_seatable_thumbnail
 

docker/scripts/seatable-thumbnail.sh

@@ -1,7 +1,6 @@
 #!/bin/bash
 
 function stop_server() {
-    pkill -9 -f ccnet-server
     pkill -9 -f seaf-server
     pkill -9 -f uvicorn
     pkill -9 -f multiprocessing
@@ -43,9 +42,6 @@ function start_server() {
 
     set_env
 
-    ccnet-server -F /opt/seatable-thumbnail/conf -c /opt/seatable-thumbnail/ccnet -f /opt/seatable-thumbnail/logs/ccnet.log -d -L /opt/seatable-thumbnail -P /opt/seatable-thumbnail/pids/ccnet.pid - &
-    sleep 0.2
-
     seaf-server -F /opt/seatable-thumbnail/conf -c /opt/seatable-thumbnail/ccnet -d /opt/seatable-thumbnail/seafile-data -l /opt/seatable-thumbnail/logs/seafile.log -L /opt/seatable-thumbnail -P /opt/seatable-thumbnail/pids/seafile.pid - &
     sleep 0.2
 

seatable_thumbnail/models.py

@@ -100,3 +100,14 @@ class DTableSystemPlugins(Base):
     added_time = Column(DateTime)
     info = Column(Text)
     name = Column(String(255), index=True)
+
+
+class DTableCollectionTables(Base):
+    __tablename__ = 'dtable_collection_tables'
+    id = Column(Integer, primary_key=True)
+    username = Column(String(255), index=True)
+    workspace_id = Column(Integer, index=True)
+    dtable_uuid = Column(String(36), index=True)
+    config = Column(Text, nullable=True)
+    token = Column(String(36), unique=True)
+    created_at = Column(DateTime, nullable=True)

seatable_thumbnail/permissions.py

@@ -1,7 +1,7 @@
 from seaserv import ccnet_api
 from seatable_thumbnail.models import DTables, DTableShare, \
     DTableGroupShare, DTableViewUserShare, DTableViewGroupShare, \
-    DTableExternalLinks
+    DTableExternalLinks, DTableCollectionTables
 from seatable_thumbnail.constants import PERMISSION_READ, PERMISSION_READ_WRITE
 
 
@@ -23,6 +23,8 @@ def has_dtable_asset_read_permission(self):
 
         if self.can_access_image_through_external_link():
             return True
+        if self.has_collection_table_permission():
+            return True
         if 'r' in self.check_dtable_permission():
             return True
         if 'r' in self.get_view_share_permission():
@@ -136,3 +138,15 @@ def is_group_member(self, group_id, email, in_structure=None):
             return ccnet_api.is_group_user(group_id, email, in_structure=False)
         else:
             return ccnet_api.is_group_user(group_id, email)
+
+    def has_collection_table_permission(self):
+        if not hasattr(self, 'collection_table'):
+            return False
+
+        token = self.collection_table['token']
+        obj = self.db_session.query(
+                DTableCollectionTables).filter_by(token=token).first()
+        if not obj:
+            return False
+
+        return self.collection_table['dtable_uuid'] == self.dtable_uuid

seatable_thumbnail/serializers.py

@@ -46,10 +46,11 @@ def session_check(self):
 
         username = self.session_data.get('_auth_user_name')
         external_link = self.session_data.get('external_link')
+        collection_table = self.session_data.get('collection_table')
         if username:
             self.session_data['username'] = username
 
-        if not username and not external_link:
+        if not username and not external_link and not collection_table:
             raise AssertionError(400, 'django session invalid.')
 
     def get_enable_file_type(self):