Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| ba7fb2def7 | |||
| 4e7c77135c | |||
| 13fd7fc3bd | |||
| 18e6c3eb9b | |||
| a5c24fe73e | |||
| ee5b06b1e7 | |||
| a7895ad394 | |||
| 189e950589 |
35
.gitea/ISSUE_TEMPLATE/bug_report.md
Normal file
35
.gitea/ISSUE_TEMPLATE/bug_report.md
Normal file
@@ -0,0 +1,35 @@
|
||||
---
|
||||
name: "Bug"
|
||||
about: "Report a reproducible defect, regression, or incorrect behavior"
|
||||
title: "[Bug] "
|
||||
labels:
|
||||
- type/bug
|
||||
- status/triage
|
||||
- module/files
|
||||
---
|
||||
|
||||
## Scope
|
||||
|
||||
- Repository:
|
||||
- Area/module:
|
||||
- Affected version or commit:
|
||||
|
||||
## Behavior
|
||||
|
||||
Expected:
|
||||
|
||||
Actual:
|
||||
|
||||
## Reproduction
|
||||
|
||||
1.
|
||||
2.
|
||||
3.
|
||||
|
||||
## Evidence
|
||||
|
||||
Logs, screenshots, traces, or failing test output:
|
||||
|
||||
## Verification Target
|
||||
|
||||
Command or workflow that should pass when fixed:
|
||||
1
.gitea/ISSUE_TEMPLATE/config.yaml
Normal file
1
.gitea/ISSUE_TEMPLATE/config.yaml
Normal file
@@ -0,0 +1 @@
|
||||
blank_issues_enabled: false
|
||||
27
.gitea/ISSUE_TEMPLATE/docs_workflow.md
Normal file
27
.gitea/ISSUE_TEMPLATE/docs_workflow.md
Normal file
@@ -0,0 +1,27 @@
|
||||
---
|
||||
name: "Docs / workflow"
|
||||
about: "Request documentation, process, or developer workflow changes"
|
||||
title: "[Docs] "
|
||||
labels:
|
||||
- type/docs
|
||||
- status/triage
|
||||
- module/files
|
||||
- area/docs
|
||||
---
|
||||
|
||||
## Scope
|
||||
|
||||
- Repository:
|
||||
- Document or workflow:
|
||||
|
||||
## Current State
|
||||
|
||||
What is missing, unclear, duplicated, or stale?
|
||||
|
||||
## Desired State
|
||||
|
||||
What should the docs or workflow make clear?
|
||||
|
||||
## Verification Target
|
||||
|
||||
How should this be checked?
|
||||
32
.gitea/ISSUE_TEMPLATE/feature_request.md
Normal file
32
.gitea/ISSUE_TEMPLATE/feature_request.md
Normal file
@@ -0,0 +1,32 @@
|
||||
---
|
||||
name: "Feature"
|
||||
about: "Propose new user-visible behavior or platform capability"
|
||||
title: "[Feature] "
|
||||
labels:
|
||||
- type/feature
|
||||
- status/triage
|
||||
- module/files
|
||||
---
|
||||
|
||||
## Problem
|
||||
|
||||
What user, operator, or developer problem should this solve?
|
||||
|
||||
## Proposed Capability
|
||||
|
||||
What should exist when this is done?
|
||||
|
||||
## Ownership
|
||||
|
||||
- Owning repository:
|
||||
- Related module repositories:
|
||||
- Extension point or integration boundary:
|
||||
|
||||
## Acceptance Criteria
|
||||
|
||||
- [ ]
|
||||
- [ ]
|
||||
|
||||
## Verification Target
|
||||
|
||||
Command, scenario, or UI flow that should prove completion:
|
||||
28
.gitea/ISSUE_TEMPLATE/task.md
Normal file
28
.gitea/ISSUE_TEMPLATE/task.md
Normal file
@@ -0,0 +1,28 @@
|
||||
---
|
||||
name: "Task"
|
||||
about: "Track implementation, maintenance, or migration work"
|
||||
title: "[Task] "
|
||||
labels:
|
||||
- type/task
|
||||
- status/triage
|
||||
- module/files
|
||||
---
|
||||
|
||||
## Objective
|
||||
|
||||
What needs to be completed?
|
||||
|
||||
## Scope
|
||||
|
||||
- Owning repository:
|
||||
- In-scope:
|
||||
- Out-of-scope:
|
||||
|
||||
## Checklist
|
||||
|
||||
- [ ]
|
||||
- [ ]
|
||||
|
||||
## Verification Target
|
||||
|
||||
Command or manual check:
|
||||
25
.gitea/ISSUE_TEMPLATE/tech_debt.md
Normal file
25
.gitea/ISSUE_TEMPLATE/tech_debt.md
Normal file
@@ -0,0 +1,25 @@
|
||||
---
|
||||
name: "Tech debt"
|
||||
about: "Track cleanup, refactoring, risk reduction, or deferred engineering work"
|
||||
title: "[Debt] "
|
||||
labels:
|
||||
- type/debt
|
||||
- status/triage
|
||||
- module/files
|
||||
---
|
||||
|
||||
## Current Cost
|
||||
|
||||
What does this make harder, riskier, slower, or more fragile?
|
||||
|
||||
## Desired Shape
|
||||
|
||||
What should the code, tests, or architecture look like afterwards?
|
||||
|
||||
## Constraints
|
||||
|
||||
What behavior, compatibility, or module boundary must be preserved?
|
||||
|
||||
## Verification Target
|
||||
|
||||
Focused checks that should pass:
|
||||
15
.gitea/PULL_REQUEST_TEMPLATE.md
Normal file
15
.gitea/PULL_REQUEST_TEMPLATE.md
Normal file
@@ -0,0 +1,15 @@
|
||||
## Issue
|
||||
|
||||
Closes #
|
||||
|
||||
## Summary
|
||||
|
||||
-
|
||||
|
||||
## Verification
|
||||
|
||||
-
|
||||
|
||||
## Notes
|
||||
|
||||
Follow-up issues:
|
||||
18
.gitignore
vendored
18
.gitignore
vendored
@@ -327,3 +327,21 @@ dist
|
||||
# Built Visual Studio Code Extensions
|
||||
*.vsix
|
||||
|
||||
# GovOPlaN shared ignore rules from govoplan-core
|
||||
# Local WebUI test/build scratch directories
|
||||
.component-test-build/
|
||||
.module-test-build/
|
||||
.policy-test-build/
|
||||
.template-preview-test-build/
|
||||
.import-test-build/
|
||||
webui/.component-test-build/
|
||||
webui/.module-test-build/
|
||||
webui/.policy-test-build/
|
||||
webui/.template-preview-test-build/
|
||||
webui/.import-test-build/
|
||||
*.db
|
||||
# GovOPlaN local runtime state
|
||||
runtime/
|
||||
# GovOPlaN WebUI test output
|
||||
webui/.module-test-build/
|
||||
webui/.component-test-build/
|
||||
|
||||
37
AGENTS.md
Normal file
37
AGENTS.md
Normal file
@@ -0,0 +1,37 @@
|
||||
# GovOPlaN Files Codex Guide
|
||||
|
||||
## Scope
|
||||
|
||||
This repository owns the `files` module: managed file storage APIs, file metadata, shares, uploads/downloads, folder and pattern helpers, backend module manifest, and `@govoplan/files-webui`.
|
||||
|
||||
Core owns auth, tenants, RBAC, database/session primitives, CSRF/API helpers, shared components, and shell layout. Campaign integration must remain optional and go through core module metadata or capabilities.
|
||||
|
||||
## Local Commands
|
||||
|
||||
Install and run through core:
|
||||
|
||||
```bash
|
||||
cd /mnt/DATA/git/govoplan-core
|
||||
./.venv/bin/python -m pip install -r requirements-dev.txt
|
||||
```
|
||||
|
||||
For combined checks, run:
|
||||
|
||||
```bash
|
||||
cd /mnt/DATA/git/govoplan-core
|
||||
./scripts/check-focused.sh
|
||||
```
|
||||
|
||||
For WebUI permutation checks that include files:
|
||||
|
||||
```bash
|
||||
cd /mnt/DATA/git/govoplan-core/webui
|
||||
PATH=/mnt/DATA/git/govoplan-core/webui/node_modules/.bin:/home/zemion/.nvm/versions/node/v22.22.3/bin:$PATH /home/zemion/.nvm/versions/node/v22.22.3/bin/npm run test:module-permutations
|
||||
```
|
||||
|
||||
## Working Rules
|
||||
|
||||
- Keep files behavior in this module, not core.
|
||||
- Do not require campaign or mail imports for files-only startup.
|
||||
- Shared WebUI components belong in core; files WebUI should consume them through `@govoplan/core-webui`.
|
||||
- Preserve optional campaign usage tracking through capability/registry boundaries.
|
||||
70
README.md
70
README.md
@@ -46,10 +46,78 @@ Frontend package:
|
||||
@govoplan/files-webui
|
||||
```
|
||||
|
||||
The campaign module can integrate with files when both modules are installed, for example for managed attachment selection and campaign file sharing.
|
||||
The campaign module can integrate with files when both modules are installed,
|
||||
for example for managed attachment selection and campaign file sharing. Files
|
||||
does not import campaign internals; campaign share/existence checks use the core
|
||||
`campaigns.access` capability registered by the campaign module.
|
||||
|
||||
Platform RBAC and governance rules are documented in `govoplan-core/docs/`.
|
||||
|
||||
Managed files can carry source provenance for connector and import workflows.
|
||||
Upload callers may provide `source_provenance_json` and `source_revision`; the
|
||||
module stores those values under file metadata, returns normalized
|
||||
`source_provenance` and `source_revision` fields in file responses, and carries
|
||||
them into managed campaign attachment matches for frozen execution evidence.
|
||||
|
||||
Connector policy preflight is available through
|
||||
`POST /api/v1/files/connector-policy/evaluate`, and provenance-bearing uploads
|
||||
can pass `connector_policy_json` to enforce the same policy before file content
|
||||
is read. Policy payloads contain ordered `sources`; each source has
|
||||
`scope_type`, optional `scope_id`, optional `label`, and a `policy` object. The
|
||||
policy object supports `allow`/`allowlist`/`whitelist` and
|
||||
`deny`/`denylist`/`blacklist` rules for `connectors`, `providers`,
|
||||
`external_ids`, `external_paths`, and `external_urls`. Deny rules win across the
|
||||
hierarchy; allow rules narrow access at each source that defines them.
|
||||
|
||||
Connector endpoint settings are exposed through governed connector profiles.
|
||||
Profiles can be supplied as JSON through
|
||||
`GOVOPLAN_FILES_CONNECTOR_PROFILES_JSON`, or from a JSON file path through
|
||||
`GOVOPLAN_FILES_CONNECTOR_PROFILES_FILE`. Each profile has an `id`, `provider`,
|
||||
`endpoint_url`, governance `scope_type`/`scope_id`, optional `capabilities`, and
|
||||
credential references such as `password_env`, `token_env`, or `secret_ref`.
|
||||
`GET /api/v1/files/connectors/profiles` returns only profiles visible to the
|
||||
current principal (system, tenant, user, group, or accessible campaign scope) and
|
||||
redacts secret values and environment variable names. Use the returned
|
||||
`policy_sources` with connector policy preflight before importing files.
|
||||
`GET /api/v1/files/connectors/providers` exposes provider descriptors for
|
||||
Seafile, Nextcloud, WebDAV, SMB, NFS, and local filesystem connectors. The
|
||||
descriptor declares implementation status, optional dependencies, permission
|
||||
mapping, sync/index strategy, conflict handling, preview behavior, and audit
|
||||
events so provider coverage remains visible without forcing every optional
|
||||
protocol dependency to be installed.
|
||||
`GET /api/v1/files/connectors/profiles/{profile_id}/browse` provides read-only
|
||||
connector browsing. Browse entries use a shared `library`/`folder`/`file` shape,
|
||||
run profile policy with the `browse` operation, and support Seafile,
|
||||
WebDAV/Nextcloud, and SMB when the optional `smb` extra is installed. Seafile
|
||||
profiles browse libraries and directories via Seafile's read-only API; profiles
|
||||
can still opt into WebDAV browsing by setting `metadata.webdav_endpoint_url` or
|
||||
`metadata.browse_protocol` to `webdav`.
|
||||
`POST /api/v1/files/connectors/profiles/{profile_id}/import` imports a Seafile
|
||||
or WebDAV/Nextcloud/SMB file into managed storage through the same governance,
|
||||
conflict handling, source provenance, and connector audit path as direct
|
||||
uploads. The Seafile provider uses account-token auth and the native file
|
||||
download-link API; Nextcloud and generic WebDAV profiles use authenticated `GET`
|
||||
requests against the configured WebDAV endpoint. SMB profiles use
|
||||
`smb://server[:port]/share[/path]` endpoints and environment-backed credentials
|
||||
through `smbprotocol`.
|
||||
|
||||
Local connector development assets live in `dev/connectors/`. The compose stack
|
||||
boots Nextcloud, Seafile, WebDAV, and SMB endpoints for provider development and
|
||||
manual interoperability testing.
|
||||
|
||||
Connector and collaboration ownership boundaries are documented in
|
||||
`docs/CONNECTOR_BOUNDARY.md` and `docs/DOCUMENT_COLLABORATION_BOUNDARY.md`.
|
||||
|
||||
ZIP uploads are processed without buffering the whole archive in memory. The API
|
||||
spools incoming ZIP request bodies to a bounded temporary file, then extracts
|
||||
members with per-file and total extracted-size limits before storing managed
|
||||
files.
|
||||
|
||||
Bulk rename and transfer APIs are owner-scoped: callers must provide the active
|
||||
user or group file space with `owner_type` and `owner_id`. The storage layer
|
||||
keeps a named legacy file-only helper for historical callers that lack owner
|
||||
context, and regression tests cover its write-access checks.
|
||||
|
||||
## Release packaging
|
||||
|
||||
The repository root includes a `package.json` for git-based WebUI installs. It exports the package `@govoplan/files-webui` from `webui/src` so release builds can depend on tagged git refs instead of local `file:` paths.
|
||||
|
||||
19
dev/connectors/.env.example
Normal file
19
dev/connectors/.env.example
Normal file
@@ -0,0 +1,19 @@
|
||||
NEXTCLOUD_HOST_PORT=9081
|
||||
NEXTCLOUD_DB_ROOT_PASSWORD=govoplan-nextcloud-root
|
||||
NEXTCLOUD_DB_PASSWORD=govoplan-nextcloud
|
||||
NEXTCLOUD_ADMIN_USER=admin
|
||||
NEXTCLOUD_ADMIN_PASSWORD=govoplan-nextcloud-admin
|
||||
|
||||
SEAFILE_HOST_PORT=9082
|
||||
SEAFILE_MYSQL_ROOT_PASSWORD=govoplan-seafile-root
|
||||
SEAFILE_ADMIN_EMAIL=admin@example.local
|
||||
SEAFILE_ADMIN_PASSWORD=govoplan-seafile-admin
|
||||
|
||||
WEBDAV_HOST_PORT=9083
|
||||
WEBDAV_USER=govoplan
|
||||
WEBDAV_PASSWORD=govoplan-webdav
|
||||
|
||||
SMB_HOST_PORT=1445
|
||||
SMB_SHARE_NAME=files
|
||||
SMB_USER=govoplan
|
||||
SMB_PASSWORD=govoplan-smb
|
||||
130
dev/connectors/README.md
Normal file
130
dev/connectors/README.md
Normal file
@@ -0,0 +1,130 @@
|
||||
# Connector Dev Stack
|
||||
|
||||
This directory keeps local Docker Compose assets for GovOPlaN file connector
|
||||
development. The stack is intentionally separate from production deployment and
|
||||
binds services to localhost high ports.
|
||||
|
||||
## Start
|
||||
|
||||
```bash
|
||||
cd /mnt/DATA/git/govoplan-files/dev/connectors
|
||||
cp .env.example .env
|
||||
docker compose up -d nextcloud nextcloud-db webdav smb
|
||||
docker compose up -d seafile-db seafile-memcached seafile
|
||||
```
|
||||
|
||||
If the SMB service was already running before a compose change, recreate it so
|
||||
the image and share configuration are applied:
|
||||
|
||||
```bash
|
||||
docker compose rm -sf smb
|
||||
docker compose up -d --build smb
|
||||
```
|
||||
|
||||
Endpoints:
|
||||
|
||||
- Nextcloud: `http://127.0.0.1:9081`, WebDAV root
|
||||
`http://127.0.0.1:9081/remote.php/dav/files/admin/`
|
||||
- Seafile: `http://127.0.0.1:9082`, WebDAV root
|
||||
`http://127.0.0.1:9082/seafdav/`
|
||||
- WebDAV: `http://127.0.0.1:9083`
|
||||
- SMB: `smb://127.0.0.1:1445/files`
|
||||
|
||||
The local fixture data under `data/` is ignored by git.
|
||||
|
||||
## GovOPlaN Profile Config
|
||||
|
||||
Connector profiles are read from `GOVOPLAN_FILES_CONNECTOR_PROFILES_JSON` or
|
||||
`GOVOPLAN_FILES_CONNECTOR_PROFILES_FILE`. Credentials should be referenced by
|
||||
secret refs or environment variables; profile API responses only expose the
|
||||
credential source and configured state.
|
||||
|
||||
Example local profile file:
|
||||
|
||||
```json
|
||||
{
|
||||
"profiles": [
|
||||
{
|
||||
"id": "dev-seafile",
|
||||
"label": "Dev Seafile",
|
||||
"provider": "seafile",
|
||||
"endpoint_url": "http://127.0.0.1:9082",
|
||||
"scope_type": "system",
|
||||
"credential_mode": "basic",
|
||||
"username": "admin@example.local",
|
||||
"password_env": "SEAFILE_ADMIN_PASSWORD",
|
||||
"capabilities": ["browse", "import"],
|
||||
"metadata": { "webdav_endpoint_url": "http://127.0.0.1:9082/seafdav/" },
|
||||
"policy": { "allow": { "providers": ["seafile"] } }
|
||||
},
|
||||
{
|
||||
"id": "dev-nextcloud",
|
||||
"label": "Dev Nextcloud",
|
||||
"provider": "nextcloud",
|
||||
"endpoint_url": "http://127.0.0.1:9081/remote.php/dav/files/admin/",
|
||||
"scope_type": "system",
|
||||
"credential_mode": "basic",
|
||||
"username": "admin",
|
||||
"password_env": "NEXTCLOUD_ADMIN_PASSWORD",
|
||||
"capabilities": ["browse", "import"],
|
||||
"policy": { "allow": { "providers": ["nextcloud", "webdav"] } }
|
||||
},
|
||||
{
|
||||
"id": "dev-webdav",
|
||||
"label": "Dev WebDAV",
|
||||
"provider": "webdav",
|
||||
"endpoint_url": "http://127.0.0.1:9083",
|
||||
"scope_type": "system",
|
||||
"credential_mode": "basic",
|
||||
"username": "govoplan",
|
||||
"password_env": "WEBDAV_PASSWORD",
|
||||
"capabilities": ["browse", "import"],
|
||||
"policy": { "allow": { "providers": ["webdav"] } }
|
||||
},
|
||||
{
|
||||
"id": "dev-smb",
|
||||
"label": "Dev SMB",
|
||||
"provider": "smb",
|
||||
"endpoint_url": "smb://127.0.0.1:1445/files",
|
||||
"scope_type": "system",
|
||||
"credential_mode": "basic",
|
||||
"username": "govoplan",
|
||||
"password_env": "SMB_PASSWORD",
|
||||
"capabilities": ["browse", "import"],
|
||||
"policy": { "allow": { "providers": ["smb"] } }
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
Start GovOPlaN with:
|
||||
|
||||
```bash
|
||||
export GOVOPLAN_FILES_CONNECTOR_PROFILES_FILE=/mnt/DATA/git/govoplan-files/dev/connectors/profiles.local.json
|
||||
```
|
||||
|
||||
## Smoke Test
|
||||
|
||||
Run the connector helper smoke checks from an environment where
|
||||
`govoplan-files` and `httpx` are importable:
|
||||
|
||||
```bash
|
||||
cd /mnt/DATA/git/govoplan-files/dev/connectors
|
||||
/mnt/DATA/git/govoplan-core/.venv/bin/python smoke.py
|
||||
```
|
||||
|
||||
The script reads `.env` from this directory when present, seeds tiny WebDAV,
|
||||
Nextcloud, and SMB fixtures, then browses and imports them through the connector
|
||||
helper layer. Pass `--require-smb` after recreating the SMB container to fail on
|
||||
SMB access errors instead of reporting them as an optional skip.
|
||||
|
||||
SMB smoke checks need the optional Python dependency in the environment running
|
||||
the script:
|
||||
|
||||
```bash
|
||||
/mnt/DATA/git/govoplan-core/.venv/bin/python -m pip install -e /mnt/DATA/git/govoplan-files[smb]
|
||||
```
|
||||
|
||||
The SMB service is built from `dev/connectors/smb/` so the development share is
|
||||
deterministic: one `files` share backed by `data/smb`, with the credentials from
|
||||
`.env`.
|
||||
2
dev/connectors/data/.gitignore
vendored
Normal file
2
dev/connectors/data/.gitignore
vendored
Normal file
@@ -0,0 +1,2 @@
|
||||
*
|
||||
!.gitignore
|
||||
106
dev/connectors/docker-compose.yml
Normal file
106
dev/connectors/docker-compose.yml
Normal file
@@ -0,0 +1,106 @@
|
||||
name: govoplan-files-connectors
|
||||
|
||||
services:
|
||||
nextcloud-db:
|
||||
image: mariadb:10.11
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: ${NEXTCLOUD_DB_ROOT_PASSWORD:-govoplan-nextcloud-root}
|
||||
MYSQL_DATABASE: nextcloud
|
||||
MYSQL_USER: nextcloud
|
||||
MYSQL_PASSWORD: ${NEXTCLOUD_DB_PASSWORD:-govoplan-nextcloud}
|
||||
volumes:
|
||||
- nextcloud-db:/var/lib/mysql
|
||||
|
||||
nextcloud:
|
||||
image: nextcloud:apache
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- nextcloud-db
|
||||
ports:
|
||||
- "127.0.0.1:${NEXTCLOUD_HOST_PORT:-9081}:80"
|
||||
environment:
|
||||
MYSQL_HOST: nextcloud-db
|
||||
MYSQL_DATABASE: nextcloud
|
||||
MYSQL_USER: nextcloud
|
||||
MYSQL_PASSWORD: ${NEXTCLOUD_DB_PASSWORD:-govoplan-nextcloud}
|
||||
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER:-admin}
|
||||
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD:-govoplan-nextcloud-admin}
|
||||
NEXTCLOUD_TRUSTED_DOMAINS: "localhost 127.0.0.1"
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
|
||||
seafile-db:
|
||||
image: mariadb:10.11
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: ${SEAFILE_MYSQL_ROOT_PASSWORD:-govoplan-seafile-root}
|
||||
MARIADB_AUTO_UPGRADE: "1"
|
||||
MYSQL_LOG_CONSOLE: "true"
|
||||
volumes:
|
||||
- seafile-db:/var/lib/mysql
|
||||
|
||||
seafile-memcached:
|
||||
image: memcached:1.6
|
||||
restart: unless-stopped
|
||||
command: memcached -m 256
|
||||
|
||||
seafile:
|
||||
image: seafileltd/seafile-mc:11.0-latest
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- seafile-db
|
||||
- seafile-memcached
|
||||
ports:
|
||||
- "127.0.0.1:${SEAFILE_HOST_PORT:-9082}:80"
|
||||
environment:
|
||||
DB_HOST: seafile-db
|
||||
DB_ROOT_PASSWD: ${SEAFILE_MYSQL_ROOT_PASSWORD:-govoplan-seafile-root}
|
||||
TIME_ZONE: Etc/UTC
|
||||
SEAFILE_ADMIN_EMAIL: ${SEAFILE_ADMIN_EMAIL:-admin@example.local}
|
||||
SEAFILE_ADMIN_PASSWORD: ${SEAFILE_ADMIN_PASSWORD:-govoplan-seafile-admin}
|
||||
SEAFILE_SERVER_LETSENCRYPT: "false"
|
||||
SEAFILE_SERVER_HOSTNAME: "127.0.0.1:${SEAFILE_HOST_PORT:-9082}"
|
||||
volumes:
|
||||
- seafile-data:/shared
|
||||
|
||||
webdav:
|
||||
image: rclone/rclone:latest
|
||||
restart: unless-stopped
|
||||
command:
|
||||
- serve
|
||||
- webdav
|
||||
- /data
|
||||
- --addr
|
||||
- :8080
|
||||
- --user
|
||||
- ${WEBDAV_USER:-govoplan}
|
||||
- --pass
|
||||
- ${WEBDAV_PASSWORD:-govoplan-webdav}
|
||||
ports:
|
||||
- "127.0.0.1:${WEBDAV_HOST_PORT:-9083}:8080"
|
||||
volumes:
|
||||
- ./data/webdav:/data
|
||||
|
||||
smb:
|
||||
build:
|
||||
context: ./smb
|
||||
image: govoplan-files-samba-dev:latest
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
SMB_SHARE_NAME: ${SMB_SHARE_NAME:-files}
|
||||
SMB_USER: ${SMB_USER:-govoplan}
|
||||
SMB_PASSWORD: ${SMB_PASSWORD:-govoplan-smb}
|
||||
SMB_UID: ${SMB_UID:-1000}
|
||||
SMB_GID: ${SMB_GID:-1000}
|
||||
ports:
|
||||
- "127.0.0.1:${SMB_HOST_PORT:-1445}:445"
|
||||
volumes:
|
||||
- ./data/smb:/storage
|
||||
|
||||
volumes:
|
||||
nextcloud-db:
|
||||
nextcloud:
|
||||
seafile-db:
|
||||
seafile-data:
|
||||
10
dev/connectors/smb/Dockerfile
Normal file
10
dev/connectors/smb/Dockerfile
Normal file
@@ -0,0 +1,10 @@
|
||||
FROM alpine:3.20
|
||||
|
||||
RUN apk add --no-cache samba-server samba-common-tools
|
||||
|
||||
COPY entrypoint.sh /usr/local/bin/govoplan-samba-entrypoint
|
||||
RUN chmod +x /usr/local/bin/govoplan-samba-entrypoint
|
||||
|
||||
EXPOSE 445
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/govoplan-samba-entrypoint"]
|
||||
50
dev/connectors/smb/entrypoint.sh
Normal file
50
dev/connectors/smb/entrypoint.sh
Normal file
@@ -0,0 +1,50 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
share_name="${SMB_SHARE_NAME:-files}"
|
||||
user_name="${SMB_USER:-govoplan}"
|
||||
password="${SMB_PASSWORD:-govoplan-smb}"
|
||||
uid="${SMB_UID:-1000}"
|
||||
gid="${SMB_GID:-1000}"
|
||||
|
||||
mkdir -p /storage /var/lib/samba/private /run/samba
|
||||
|
||||
if ! getent group "$user_name" >/dev/null 2>&1; then
|
||||
addgroup -g "$gid" "$user_name"
|
||||
fi
|
||||
|
||||
if ! id "$user_name" >/dev/null 2>&1; then
|
||||
adduser -D -H -s /sbin/nologin -u "$uid" -G "$user_name" "$user_name"
|
||||
fi
|
||||
|
||||
chown -R "$user_name:$user_name" /storage
|
||||
|
||||
cat > /etc/samba/smb.conf <<EOF
|
||||
[global]
|
||||
server role = standalone server
|
||||
workgroup = WORKGROUP
|
||||
security = user
|
||||
map to guest = Never
|
||||
server min protocol = SMB2
|
||||
load printers = no
|
||||
printing = bsd
|
||||
disable spoolss = yes
|
||||
log level = 1
|
||||
passdb backend = tdbsam
|
||||
|
||||
[$share_name]
|
||||
path = /storage
|
||||
browseable = yes
|
||||
read only = no
|
||||
guest ok = no
|
||||
valid users = $user_name
|
||||
force user = $user_name
|
||||
force group = $user_name
|
||||
create mask = 0664
|
||||
directory mask = 0775
|
||||
EOF
|
||||
|
||||
printf '%s\n%s\n' "$password" "$password" | smbpasswd -s -a "$user_name" >/dev/null
|
||||
smbpasswd -e "$user_name" >/dev/null
|
||||
|
||||
exec smbd --foreground --no-process-group --debug-stdout
|
||||
215
dev/connectors/smoke.py
Normal file
215
dev/connectors/smoke.py
Normal file
@@ -0,0 +1,215 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import argparse
|
||||
import os
|
||||
import socket
|
||||
from pathlib import Path
|
||||
|
||||
import httpx
|
||||
|
||||
from govoplan_files.backend.storage.connector_browse import browse_connector_profile
|
||||
from govoplan_files.backend.storage.connector_imports import read_connector_file
|
||||
from govoplan_files.backend.storage.connector_profiles import connector_profiles_from_payload
|
||||
|
||||
|
||||
ROOT = Path(__file__).resolve().parent
|
||||
|
||||
|
||||
def main() -> int:
|
||||
parser = argparse.ArgumentParser(description="Smoke-test GovOPlaN connector helpers against the local dev compose stack.")
|
||||
parser.add_argument("--require-smb", action="store_true", help="Fail if the SMB connector cannot browse/import.")
|
||||
parser.add_argument("--debug-smb", action="store_true", help="Print direct smbclient probes before the connector smoke check.")
|
||||
args = parser.parse_args()
|
||||
|
||||
_load_dotenv()
|
||||
_default_env()
|
||||
preflight_failures = _preflight_services(require_smb=args.require_smb)
|
||||
if preflight_failures:
|
||||
for failure in preflight_failures:
|
||||
print(f"FAIL {failure}")
|
||||
print("Start or recreate the connector stack from this directory with: docker compose up -d nextcloud nextcloud-db webdav smb")
|
||||
return 1
|
||||
_seed_webdav_fixture()
|
||||
_seed_smb_fixture()
|
||||
try:
|
||||
_seed_nextcloud_fixture()
|
||||
except httpx.HTTPError as exc:
|
||||
print(f"FAIL dev-nextcloud seed failed: {exc}")
|
||||
return 1
|
||||
|
||||
profiles = {profile.id: profile for profile in connector_profiles_from_payload({"profiles": _profile_payloads()})}
|
||||
if args.debug_smb:
|
||||
_debug_smb(profiles["dev-smb"])
|
||||
failures: list[str] = []
|
||||
for profile_id, folder, file_path, expected in (
|
||||
("dev-webdav", "GovOPlaN", "GovOPlaN/webdav-live.txt", "webdav live fixture"),
|
||||
("dev-nextcloud", "GovOPlaN", "GovOPlaN/nextcloud-live.txt", "nextcloud live fixture"),
|
||||
):
|
||||
try:
|
||||
_exercise_profile(profiles[profile_id], folder=folder, file_path=file_path, expected=expected)
|
||||
except Exception as exc:
|
||||
failures.append(f"{profile_id}: {exc}")
|
||||
|
||||
try:
|
||||
_exercise_profile(profiles["dev-smb"], folder="GovOPlaN", file_path="GovOPlaN/smb-live.txt", expected="smb live fixture")
|
||||
except Exception as exc:
|
||||
message = f"dev-smb: {exc}"
|
||||
if args.require_smb:
|
||||
failures.append(message)
|
||||
else:
|
||||
print(f"SKIP {message}")
|
||||
|
||||
if failures:
|
||||
for failure in failures:
|
||||
print(f"FAIL {failure}")
|
||||
return 1
|
||||
print("OK connector dev stack smoke checks passed")
|
||||
return 0
|
||||
|
||||
|
||||
def _default_env() -> None:
|
||||
defaults = {
|
||||
"NEXTCLOUD_ADMIN_USER": "admin",
|
||||
"NEXTCLOUD_ADMIN_PASSWORD": "govoplan-nextcloud-admin",
|
||||
"WEBDAV_USER": "govoplan",
|
||||
"WEBDAV_PASSWORD": "govoplan-webdav",
|
||||
"SMB_SHARE_NAME": "files",
|
||||
"SMB_USER": "govoplan",
|
||||
"SMB_PASSWORD": "govoplan-smb",
|
||||
}
|
||||
for key, value in defaults.items():
|
||||
os.environ.setdefault(key, value)
|
||||
|
||||
|
||||
def _load_dotenv() -> None:
|
||||
path = ROOT / ".env"
|
||||
if not path.exists():
|
||||
return
|
||||
for line in path.read_text(encoding="utf-8").splitlines():
|
||||
text = line.strip()
|
||||
if not text or text.startswith("#") or "=" not in text:
|
||||
continue
|
||||
key, value = text.split("=", 1)
|
||||
key = key.strip()
|
||||
if not key or key in os.environ:
|
||||
continue
|
||||
os.environ[key] = value.strip().strip("\"'")
|
||||
|
||||
|
||||
def _preflight_services(*, require_smb: bool) -> list[str]:
|
||||
failures: list[str] = []
|
||||
nextcloud_url = f"http://127.0.0.1:{os.getenv('NEXTCLOUD_HOST_PORT', '9081')}/status.php"
|
||||
try:
|
||||
response = httpx.get(nextcloud_url, timeout=3.0)
|
||||
if response.status_code != 200:
|
||||
failures.append(f"dev-nextcloud expected HTTP 200 at {nextcloud_url}, got HTTP {response.status_code}")
|
||||
except httpx.HTTPError as exc:
|
||||
failures.append(f"dev-nextcloud is not reachable at {nextcloud_url}: {exc}")
|
||||
|
||||
webdav_url = f"http://127.0.0.1:{os.getenv('WEBDAV_HOST_PORT', '9083')}/"
|
||||
try:
|
||||
response = httpx.get(webdav_url, timeout=3.0)
|
||||
if response.status_code not in {200, 401}:
|
||||
failures.append(f"dev-webdav expected HTTP 200/401 at {webdav_url}, got HTTP {response.status_code}")
|
||||
except httpx.HTTPError as exc:
|
||||
failures.append(f"dev-webdav is not reachable at {webdav_url}: {exc}")
|
||||
|
||||
if require_smb:
|
||||
smb_port = int(os.getenv("SMB_HOST_PORT", "1445"))
|
||||
try:
|
||||
with socket.create_connection(("127.0.0.1", smb_port), timeout=3.0):
|
||||
pass
|
||||
except OSError as exc:
|
||||
failures.append(f"dev-smb is not reachable at 127.0.0.1:{smb_port}: {exc}")
|
||||
return failures
|
||||
|
||||
|
||||
def _profile_payloads() -> list[dict[str, object]]:
|
||||
return [
|
||||
{
|
||||
"id": "dev-webdav",
|
||||
"provider": "webdav",
|
||||
"endpoint_url": f"http://127.0.0.1:{os.getenv('WEBDAV_HOST_PORT', '9083')}/",
|
||||
"credential_mode": "basic",
|
||||
"username": os.getenv("WEBDAV_USER", "govoplan"),
|
||||
"password_env": "WEBDAV_PASSWORD",
|
||||
},
|
||||
{
|
||||
"id": "dev-nextcloud",
|
||||
"provider": "nextcloud",
|
||||
"endpoint_url": f"http://127.0.0.1:{os.getenv('NEXTCLOUD_HOST_PORT', '9081')}/remote.php/dav/files/{os.getenv('NEXTCLOUD_ADMIN_USER', 'admin')}/",
|
||||
"credential_mode": "basic",
|
||||
"username": os.getenv("NEXTCLOUD_ADMIN_USER", "admin"),
|
||||
"password_env": "NEXTCLOUD_ADMIN_PASSWORD",
|
||||
},
|
||||
{
|
||||
"id": "dev-smb",
|
||||
"provider": "smb",
|
||||
"endpoint_url": f"smb://127.0.0.1:{os.getenv('SMB_HOST_PORT', '1445')}/{os.getenv('SMB_SHARE_NAME', 'files')}",
|
||||
"credential_mode": "basic",
|
||||
"username": os.getenv("SMB_USER", "govoplan"),
|
||||
"password_env": "SMB_PASSWORD",
|
||||
},
|
||||
]
|
||||
|
||||
|
||||
def _exercise_profile(profile, *, folder: str, file_path: str, expected: str) -> None:
|
||||
items = browse_connector_profile(profile, path=folder)
|
||||
paths = {item.path for item in items}
|
||||
if file_path not in paths:
|
||||
raise RuntimeError(f"{file_path!r} not found; saw {sorted(paths)!r}")
|
||||
downloaded = read_connector_file(profile, library_id="", path=file_path, max_bytes=1024 * 1024)
|
||||
text = downloaded.data.decode("utf-8").strip()
|
||||
if text != expected:
|
||||
raise RuntimeError(f"{file_path!r} content mismatch: {text!r}")
|
||||
print(f"OK {profile.id} browse/import {file_path}")
|
||||
|
||||
|
||||
def _debug_smb(profile) -> None:
|
||||
try:
|
||||
import smbclient
|
||||
except ImportError as exc:
|
||||
print(f"DEBUG smbclient import failed: {exc}")
|
||||
return
|
||||
from govoplan_files.backend.storage.connector_browse import _smb_client_kwargs, _smb_location, _smb_unc_path
|
||||
|
||||
location = _smb_location(profile)
|
||||
kwargs = _smb_client_kwargs(profile, location)
|
||||
print(f"DEBUG SMB endpoint=//{location.server}:{location.port}/{location.share} root_path={location.root_path!r}")
|
||||
print(f"DEBUG SMB user={kwargs.get('username')!r} require_signing={kwargs.get('require_signing')!r} auth_protocol={kwargs.get('auth_protocol')!r}")
|
||||
try:
|
||||
smbclient.reset_connection_cache()
|
||||
except Exception as exc:
|
||||
print(f"DEBUG SMB reset cache failed: {exc}")
|
||||
for path in (_smb_unc_path(location, ""), _smb_unc_path(location, "GovOPlaN")):
|
||||
try:
|
||||
print(f"DEBUG SMB list {path}: {smbclient.listdir(path, **kwargs)}")
|
||||
except Exception as exc:
|
||||
print(f"DEBUG SMB list {path} failed: {type(exc).__name__}: {exc}")
|
||||
|
||||
|
||||
def _seed_webdav_fixture() -> None:
|
||||
path = ROOT / "data" / "webdav" / "GovOPlaN"
|
||||
path.mkdir(parents=True, exist_ok=True)
|
||||
(path / "webdav-live.txt").write_text("webdav live fixture\n", encoding="utf-8")
|
||||
|
||||
|
||||
def _seed_smb_fixture() -> None:
|
||||
path = ROOT / "data" / "smb" / "GovOPlaN"
|
||||
path.mkdir(parents=True, exist_ok=True)
|
||||
(path / "smb-live.txt").write_text("smb live fixture\n", encoding="utf-8")
|
||||
|
||||
|
||||
def _seed_nextcloud_fixture() -> None:
|
||||
base_url = f"http://127.0.0.1:{os.getenv('NEXTCLOUD_HOST_PORT', '9081')}/remote.php/dav/files/{os.getenv('NEXTCLOUD_ADMIN_USER', 'admin')}/GovOPlaN"
|
||||
auth = (os.getenv("NEXTCLOUD_ADMIN_USER", "admin"), os.getenv("NEXTCLOUD_ADMIN_PASSWORD", "govoplan-nextcloud-admin"))
|
||||
response = httpx.request("MKCOL", base_url, auth=auth, timeout=15.0)
|
||||
if response.status_code not in {201, 405}:
|
||||
raise RuntimeError(f"Nextcloud MKCOL failed with HTTP {response.status_code}: {response.text[:200]}")
|
||||
response = httpx.put(f"{base_url}/nextcloud-live.txt", content=b"nextcloud live fixture\n", auth=auth, timeout=15.0)
|
||||
if response.status_code not in {200, 201, 204}:
|
||||
raise RuntimeError(f"Nextcloud PUT failed with HTTP {response.status_code}: {response.text[:200]}")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
raise SystemExit(main())
|
||||
65
docs/CONNECTOR_BOUNDARY.md
Normal file
65
docs/CONNECTOR_BOUNDARY.md
Normal file
@@ -0,0 +1,65 @@
|
||||
# File Connector Boundary
|
||||
|
||||
GovOPlaN Files owns the managed-file boundary: frozen blobs, versions, shares,
|
||||
campaign attachment evidence, provenance, connector policy, connector profiles,
|
||||
and read-only browse/import APIs that turn external files into managed
|
||||
GovOPlaN files.
|
||||
|
||||
The built-in connector layer is intentionally on-demand. It does not run remote
|
||||
indexing, background sync, remote mutation, or upstream permission management.
|
||||
Connectors may browse an external source, import one selected file, freeze it as
|
||||
a managed file, record provenance, and audit the access.
|
||||
|
||||
## Built-In Baseline
|
||||
|
||||
The files module may keep small baseline providers when they are needed for
|
||||
normal product workflows and can share the same governance model:
|
||||
|
||||
- Seafile through the native read/download API
|
||||
- Nextcloud through WebDAV
|
||||
- generic WebDAV
|
||||
- SMB through the optional `smb` extra
|
||||
|
||||
These providers are surfaced through connector descriptors at
|
||||
`GET /api/v1/files/connectors/providers`. Provider descriptors declare whether
|
||||
the provider is implemented, whether its optional dependency is installed, and
|
||||
which browse/import behaviors are available.
|
||||
|
||||
## Separate Connector Module Candidates
|
||||
|
||||
A separate connector module becomes appropriate when integration needs exceed
|
||||
on-demand browse/import:
|
||||
|
||||
- background indexing or synchronization
|
||||
- bidirectional remote mutation
|
||||
- long-running transfer workers
|
||||
- provider-specific credential lifecycle or OAuth flows
|
||||
- DMS/eAkte metadata models, registers, retention, or filing plans
|
||||
- S3-compatible object store administration
|
||||
- NFS host-mount lifecycle or sidecar coordination
|
||||
- provider-specific WebUI administration beyond profile fields
|
||||
|
||||
In that model, `govoplan-files` should keep the managed-file import contract,
|
||||
policy checks, provenance model, and audit events. A connector module should own
|
||||
provider-specific discovery, synchronization, credentials, health checks, and
|
||||
any remote write behavior.
|
||||
|
||||
## Provider Responsibilities
|
||||
|
||||
Every provider must:
|
||||
|
||||
- enforce GovOPlaN profile visibility and connector policy before browse/import
|
||||
- keep credentials as environment variables or secret references, never API
|
||||
response values
|
||||
- import external files into managed storage before they are used in campaigns
|
||||
or workflows
|
||||
- preserve source provenance and revision metadata
|
||||
- emit connector audit events for imported or accessed files
|
||||
- treat remote ACLs as upstream checks, not as a replacement for GovOPlaN policy
|
||||
|
||||
## Non-Goals For Files
|
||||
|
||||
Files does not own collaborative editing, comments, document review workflows,
|
||||
remote lock orchestration, DMS records management, or external system data
|
||||
models. Those belong to future document, workflow, DMS, or connector modules and
|
||||
should integrate through capabilities and managed-file imports.
|
||||
147
docs/CONNECTOR_SPACES.md
Normal file
147
docs/CONNECTOR_SPACES.md
Normal file
@@ -0,0 +1,147 @@
|
||||
# Connector Spaces
|
||||
|
||||
GovOPlaN Files should treat external file shares as two separate product
|
||||
objects:
|
||||
|
||||
1. A governed connection profile defines a reusable remote endpoint such as a
|
||||
WebDAV server, Nextcloud account, Seafile server, or SMB share. Profiles are
|
||||
administered in settings at system or tenant scope, with the same
|
||||
inheritance and limit semantics used by mail-server profiles.
|
||||
2. A governed credential profile defines reusable authentication material for
|
||||
one provider or for any compatible provider. Credentials are administered
|
||||
separately from connection profiles and can carry their own allow/deny
|
||||
policy.
|
||||
3. A linked file space binds one concrete remote folder or library path from an
|
||||
allowed profile to a user or group. Linked spaces appear beside "My files"
|
||||
and group file spaces in the files module.
|
||||
|
||||
This keeps secrets, endpoint governance, and tenant limits in settings, while
|
||||
keeping user/group workspaces and concrete folder choices in the files module.
|
||||
|
||||
## Model
|
||||
|
||||
Connection profile:
|
||||
|
||||
- provider: `seafile`, `nextcloud`, `webdav`, `smb`, or a future provider
|
||||
- endpoint URL and optional base path
|
||||
- scope: `system` or `tenant` for administered profiles; user/group profiles
|
||||
may be allowed later only when policy explicitly permits them
|
||||
- optional credential profile id
|
||||
- capabilities: browse, sync, import, optional write when a provider supports it
|
||||
- profile-local policy for allow/deny rules
|
||||
|
||||
Credential profile:
|
||||
|
||||
- provider: a specific provider or any provider
|
||||
- scope: `system` or `tenant` for administered credentials
|
||||
- credential mode: anonymous, environment reference, secret reference, or
|
||||
encrypted stored password/token
|
||||
- username and redacted secret configuration
|
||||
- credential-local policy for allow/deny rules
|
||||
|
||||
Connector policy:
|
||||
|
||||
- system policy is the baseline
|
||||
- tenant policy inherits system policy and may narrow it unless system allows
|
||||
lower-level relaxation
|
||||
- future user/group policy may narrow tenant policy for self-service links
|
||||
- policies can allow or block providers, profile ids, endpoint URLs, external
|
||||
path prefixes, credential ids, credential inheritance, and local linked-space
|
||||
creation
|
||||
|
||||
Linked connector space:
|
||||
|
||||
- owner type: user or group
|
||||
- display name
|
||||
- connector profile id
|
||||
- remote library id or share id
|
||||
- remote root path
|
||||
- sync mode: manual initially; background sync is future work
|
||||
- read-only flag from provider/policy
|
||||
- active/deleted state
|
||||
|
||||
The linked space should be addressable as a normal file space in the files UI.
|
||||
For the first implementation slice, actions may use the existing connector
|
||||
browse/sync APIs and managed file storage. A linked space can therefore browse
|
||||
the remote folder and sync selected files into managed storage. Later slices can
|
||||
add a native remote listing view or background sync jobs.
|
||||
|
||||
## Policy Semantics
|
||||
|
||||
Use mail-profile terminology because administrators already see it there:
|
||||
|
||||
- must use: lower scopes are restricted to selected profile ids or providers
|
||||
- can use: lower scopes may choose from inherited allowed profiles
|
||||
- shall not use anything outside: endpoint URLs and path prefixes are enforced
|
||||
by deny/allow rules before browse, import, or sync
|
||||
- may create local links: controls whether users/groups can add linked spaces
|
||||
from inherited profiles
|
||||
|
||||
Connector policy should provide an explainable effective policy response with
|
||||
source path entries: system, tenant, user, group, campaign when applicable.
|
||||
|
||||
## Current State
|
||||
|
||||
Implemented:
|
||||
|
||||
- provider descriptors for Seafile, Nextcloud, WebDAV, and SMB
|
||||
- database-backed connector profiles with system and tenant scope
|
||||
- database-backed connector credentials with system and tenant scope
|
||||
- encrypted stored password/token support for database credentials
|
||||
- JSON/environment-defined connector profiles with system, tenant, user, group,
|
||||
and campaign visibility
|
||||
- connector allow/deny policy enforcement before browse/import/sync, including
|
||||
provider, connection profile, credential profile, and path checks
|
||||
- read-only browse endpoints
|
||||
- import and sync into managed files with provenance and revision metadata
|
||||
- audit events for connector import, sync, and access
|
||||
- settings/admin UI sections for system and tenant file connections and
|
||||
credentials
|
||||
- linked connector-space rows owned by users or groups
|
||||
- file-space API responses that include linked connector spaces
|
||||
- Files UI entry point to create linked connector spaces from a browsed remote
|
||||
profile/folder
|
||||
- Files UI sync dialog for choosing a profile, browsing a remote folder, and
|
||||
syncing a selected file into a managed destination folder
|
||||
- Files UI connector-space view with provider/read-only/manual-sync state
|
||||
- Docker dev stack smoke checks for WebDAV, Nextcloud, and SMB
|
||||
|
||||
Missing:
|
||||
|
||||
- explicit connector profile policy rows equivalent to mail-profile policies
|
||||
- effective connector policy/explain UI equivalent to mail-profile policies
|
||||
- edit/manage actions for existing linked connector spaces
|
||||
- optional background sync or remote-write semantics
|
||||
|
||||
## Implementation Phases
|
||||
|
||||
1. Persist governed connector profiles and policies.
|
||||
- `file_connector_profiles` exists for system and tenant profiles.
|
||||
- `file_connector_credentials` exists for system and tenant credentials.
|
||||
- Environment JSON profiles remain bootstrap/compatibility profiles.
|
||||
- Profile and credential CRUD endpoints exist for database-backed records.
|
||||
- Remaining: `file_connector_policies` plus effective policy/explain output.
|
||||
|
||||
2. Add linked connector spaces.
|
||||
- `file_connector_spaces` exists with owner user/group, profile id, library
|
||||
id, remote path, display label, sync mode, and active state.
|
||||
- Connector policy is enforced before creating or using a link.
|
||||
- Linked connector spaces are returned from `/api/v1/files/spaces`.
|
||||
|
||||
3. Surface linked spaces in the Files UI.
|
||||
- Linked spaces appear beside managed user/group spaces.
|
||||
- The add-space dialog browses an allowed profile and links the current
|
||||
remote folder/library root.
|
||||
- The connector browser/sync flow is reused when a linked space is open.
|
||||
- Remaining: edit/manage actions for existing linked spaces.
|
||||
|
||||
4. Add sync orchestration.
|
||||
- Manual sync selected file is already available.
|
||||
- Add folder-level manual sync.
|
||||
- Add optional scheduled/background sync with conflict reporting.
|
||||
|
||||
5. Add provider-specific expansion.
|
||||
- OAuth/secret-store credentials.
|
||||
- Remote write and delete only where policy and provider support it.
|
||||
- DMS/eAkte metadata integrations in a separate connector or documents
|
||||
module.
|
||||
54
docs/DOCUMENT_COLLABORATION_BOUNDARY.md
Normal file
54
docs/DOCUMENT_COLLABORATION_BOUNDARY.md
Normal file
@@ -0,0 +1,54 @@
|
||||
# Document Collaboration Boundary
|
||||
|
||||
GovOPlaN Files is the governed managed-file module. It stores uploaded/imported
|
||||
blobs, versions, shares, provenance, ZIP imports/exports, connector imports, and
|
||||
campaign attachment evidence. It should stay reliable, auditable, and simple.
|
||||
|
||||
Collaborative document behavior should be owned by a future documents module or
|
||||
by provider-specific connector modules when the behavior is delegated to systems
|
||||
such as Nextcloud, Seafile, Collabora, OnlyOffice, OpenDesk, or DMS/eAkte
|
||||
platforms.
|
||||
|
||||
## Files Owns
|
||||
|
||||
- managed blobs and immutable version evidence
|
||||
- owner-scoped user/group file spaces
|
||||
- shares and access checks for managed files
|
||||
- connector browse/import into managed storage
|
||||
- source provenance, source revision, and audit events
|
||||
- freeze-before-send campaign attachment behavior
|
||||
- previews generated from managed file versions
|
||||
|
||||
## Documents Or Connectors Should Own
|
||||
|
||||
- co-editing sessions and editor launch URLs
|
||||
- comments, suggestions, document tasks, and review state
|
||||
- check-in/check-out, remote locks, and lock timeouts
|
||||
- semantic document versions beyond blob versions
|
||||
- template merge flows and generated-document lifecycle
|
||||
- external DMS metadata, filing plans, record categories, and retention classes
|
||||
- provider-specific sync state and conflict resolution
|
||||
- collaborative presence and notification behavior
|
||||
|
||||
## Integration Shape
|
||||
|
||||
The documents layer should integrate with files through stable contracts:
|
||||
|
||||
- create or import a managed file version for evidence points
|
||||
- attach source provenance when a file came from an external editor or DMS
|
||||
- ask files for read/download access rather than importing files internals
|
||||
- emit workflow/audit events when a collaborative document reaches a governed
|
||||
state such as reviewed, approved, frozen, sent, or archived
|
||||
- use connector providers for provider-specific browse/import/write behavior
|
||||
|
||||
Files may expose links to a document or connector module, but it should not own
|
||||
the collaboration state machine. A collaborative document can produce many
|
||||
working states; GovOPlaN Files should persist the governed snapshots that other
|
||||
modules can safely use as evidence.
|
||||
|
||||
## Practical Rule
|
||||
|
||||
If a feature is about storing, sharing, importing, downloading, or freezing a
|
||||
file, it belongs in `govoplan-files`. If a feature is about people jointly
|
||||
editing, reviewing, locking, commenting on, or routing a document through a
|
||||
semantic process, it belongs in a documents/workflow/DMS integration module.
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@govoplan/files-webui",
|
||||
"version": "0.1.1",
|
||||
"version": "0.1.6",
|
||||
"private": true,
|
||||
"type": "module",
|
||||
"main": "webui/src/index.ts",
|
||||
@@ -19,8 +19,8 @@
|
||||
"LICENSE"
|
||||
],
|
||||
"peerDependencies": {
|
||||
"@govoplan/core-webui": "^0.1.1",
|
||||
"lucide-react": "^0.555.0",
|
||||
"@govoplan/core-webui": "^0.1.6",
|
||||
"lucide-react": "^1.23.0",
|
||||
"react": "^19.0.0",
|
||||
"react-dom": "^19.0.0",
|
||||
"react-router-dom": "^7.1.1",
|
||||
|
||||
@@ -4,14 +4,20 @@ build-backend = "setuptools.build_meta"
|
||||
|
||||
[project]
|
||||
name = "govoplan-files"
|
||||
version = "0.1.1"
|
||||
version = "0.1.6"
|
||||
description = "GovOPlaN files module with backend and WebUI integration."
|
||||
readme = "README.md"
|
||||
requires-python = ">=3.12"
|
||||
license = { file = "LICENSE" }
|
||||
authors = [{ name = "GovOPlaN" }]
|
||||
dependencies = [
|
||||
"govoplan-core>=0.1.1",
|
||||
"govoplan-core>=0.1.6",
|
||||
"python-multipart>=0.0.31,<1",
|
||||
]
|
||||
|
||||
[project.optional-dependencies]
|
||||
smb = [
|
||||
"smbprotocol>=1.13",
|
||||
]
|
||||
|
||||
[tool.setuptools.packages.find]
|
||||
|
||||
34
src/govoplan_files/backend/capabilities.py
Normal file
34
src/govoplan_files/backend/capabilities.py
Normal file
@@ -0,0 +1,34 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from typing import Any
|
||||
|
||||
from govoplan_core.core.modules import ModuleContext
|
||||
from govoplan_files.backend.runtime import configure_runtime
|
||||
from govoplan_files.backend.storage.campaign_attachments import (
|
||||
annotate_built_messages_with_managed_files,
|
||||
managed_match_payloads,
|
||||
prepared_campaign_snapshot,
|
||||
public_attachment_summary_payload,
|
||||
)
|
||||
from govoplan_files.backend.storage.campaign_usage import record_campaign_attachment_uses_for_jobs
|
||||
from govoplan_files.backend.storage.files import current_version_and_blob
|
||||
|
||||
|
||||
class FilesCampaignCapability:
|
||||
prepared_campaign_snapshot = staticmethod(prepared_campaign_snapshot)
|
||||
managed_match_payloads = staticmethod(managed_match_payloads)
|
||||
public_attachment_summary_payload = staticmethod(public_attachment_summary_payload)
|
||||
annotate_built_messages_with_managed_files = staticmethod(annotate_built_messages_with_managed_files)
|
||||
record_campaign_attachment_uses_for_jobs = staticmethod(record_campaign_attachment_uses_for_jobs)
|
||||
current_version_and_blob = staticmethod(current_version_and_blob)
|
||||
|
||||
@staticmethod
|
||||
def mark_job_attachment_uses_sent(session: Any, job: Any) -> None:
|
||||
from govoplan_files.backend.storage.campaign_usage import mark_job_attachment_uses_sent
|
||||
|
||||
mark_job_attachment_uses_sent(session, job)
|
||||
|
||||
|
||||
def campaign_capability(context: ModuleContext) -> FilesCampaignCapability:
|
||||
configure_runtime(registry=context.registry, settings=context.settings)
|
||||
return FilesCampaignCapability()
|
||||
199
src/govoplan_files/backend/change_tracking.py
Normal file
199
src/govoplan_files/backend/change_tracking.py
Normal file
@@ -0,0 +1,199 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from datetime import datetime
|
||||
from typing import Any
|
||||
|
||||
from sqlalchemy import event, inspect
|
||||
from sqlalchemy.orm import Session as OrmSession
|
||||
|
||||
from govoplan_core.core.change_sequence import record_change
|
||||
from govoplan_files.backend.db.models import FileAsset, FileFolder, FileShare, new_uuid
|
||||
|
||||
FILES_MODULE_ID = "files"
|
||||
FILES_ASSETS_COLLECTION = "files.assets"
|
||||
FILES_FOLDERS_COLLECTION = "files.folders"
|
||||
FILES_CONNECTOR_PROFILES_COLLECTION = "files.connector_profiles"
|
||||
FILES_CONNECTOR_CREDENTIALS_COLLECTION = "files.connector_credentials"
|
||||
FILES_CONNECTOR_POLICIES_COLLECTION = "files.connector_policies"
|
||||
FILES_CONNECTOR_SPACES_COLLECTION = "files.connector_spaces"
|
||||
|
||||
_REGISTERED = False
|
||||
|
||||
|
||||
def register_files_change_tracking() -> None:
|
||||
global _REGISTERED
|
||||
if _REGISTERED:
|
||||
return
|
||||
event.listen(OrmSession, "before_flush", _record_files_changes)
|
||||
_REGISTERED = True
|
||||
|
||||
|
||||
def _record_files_changes(session: OrmSession, _flush_context: object, _instances: object) -> None:
|
||||
for obj in tuple(session.new) + tuple(session.dirty):
|
||||
if isinstance(obj, FileAsset):
|
||||
_record_asset_change(session, obj)
|
||||
elif isinstance(obj, FileFolder):
|
||||
_record_folder_change(session, obj)
|
||||
elif isinstance(obj, FileShare):
|
||||
_record_share_visibility_change(session, obj)
|
||||
|
||||
|
||||
def _record_asset_change(session: OrmSession, asset: FileAsset) -> None:
|
||||
operation = _operation_for_soft_deletable(
|
||||
asset,
|
||||
changed_attrs=(
|
||||
"owner_type",
|
||||
"owner_user_id",
|
||||
"owner_group_id",
|
||||
"current_version_id",
|
||||
"display_path",
|
||||
"filename",
|
||||
"description",
|
||||
"deleted_at",
|
||||
"metadata_",
|
||||
),
|
||||
)
|
||||
if operation is None:
|
||||
return
|
||||
resource_id = _ensure_id(asset)
|
||||
record_change(
|
||||
session,
|
||||
module_id=FILES_MODULE_ID,
|
||||
collection=FILES_ASSETS_COLLECTION,
|
||||
resource_type="file",
|
||||
resource_id=resource_id,
|
||||
operation=operation,
|
||||
tenant_id=asset.tenant_id,
|
||||
actor_type="user" if asset.created_by_user_id else None,
|
||||
actor_id=asset.created_by_user_id,
|
||||
payload={
|
||||
"owner_type": asset.owner_type,
|
||||
"owner_id": _owner_id(asset.owner_type, asset.owner_user_id, asset.owner_group_id),
|
||||
"path": asset.display_path,
|
||||
"previous_path": _previous_value(asset, "display_path"),
|
||||
"filename": asset.filename,
|
||||
"deleted_at": _isoformat(asset.deleted_at),
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
def _record_folder_change(session: OrmSession, folder: FileFolder) -> None:
|
||||
operation = _operation_for_soft_deletable(
|
||||
folder,
|
||||
changed_attrs=("owner_type", "owner_user_id", "owner_group_id", "path", "deleted_at", "metadata_"),
|
||||
)
|
||||
if operation is None:
|
||||
return
|
||||
resource_id = _ensure_id(folder)
|
||||
record_change(
|
||||
session,
|
||||
module_id=FILES_MODULE_ID,
|
||||
collection=FILES_FOLDERS_COLLECTION,
|
||||
resource_type="folder",
|
||||
resource_id=resource_id,
|
||||
operation=operation,
|
||||
tenant_id=folder.tenant_id,
|
||||
actor_type="user" if folder.created_by_user_id else None,
|
||||
actor_id=folder.created_by_user_id,
|
||||
payload={
|
||||
"owner_type": folder.owner_type,
|
||||
"owner_id": _owner_id(folder.owner_type, folder.owner_user_id, folder.owner_group_id),
|
||||
"path": folder.path,
|
||||
"previous_path": _previous_value(folder, "path"),
|
||||
"deleted_at": _isoformat(folder.deleted_at),
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
def _record_share_visibility_change(session: OrmSession, share: FileShare) -> None:
|
||||
state = inspect(share)
|
||||
if not share.file_asset_id:
|
||||
return
|
||||
if not state.pending and not _has_attr_changes(
|
||||
state,
|
||||
("file_asset_id", "target_type", "target_id", "permission", "revoked_at"),
|
||||
):
|
||||
return
|
||||
_ensure_id(share)
|
||||
record_change(
|
||||
session,
|
||||
module_id=FILES_MODULE_ID,
|
||||
collection=FILES_ASSETS_COLLECTION,
|
||||
resource_type="file",
|
||||
resource_id=share.file_asset_id,
|
||||
operation="updated",
|
||||
tenant_id=share.tenant_id,
|
||||
actor_type="user" if share.created_by_user_id else None,
|
||||
actor_id=share.created_by_user_id,
|
||||
payload={
|
||||
"share_id": share.id,
|
||||
"share_target_type": share.target_type,
|
||||
"share_target_id": share.target_id,
|
||||
"share_permission": share.permission,
|
||||
"share_revoked_at": _isoformat(share.revoked_at),
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
def _operation_for_soft_deletable(obj: object, *, changed_attrs: tuple[str, ...]) -> str | None:
|
||||
state = inspect(obj)
|
||||
if state.pending:
|
||||
return "created"
|
||||
if not _has_attr_changes(state, changed_attrs):
|
||||
return None
|
||||
if "deleted_at" in state.attrs:
|
||||
history = state.attrs.deleted_at.history
|
||||
if history.has_changes():
|
||||
if any(value is not None for value in history.added):
|
||||
return "deleted"
|
||||
if any(value is not None for value in history.deleted):
|
||||
return "created"
|
||||
return "updated"
|
||||
|
||||
|
||||
def _has_attr_changes(state: Any, attrs: tuple[str, ...]) -> bool:
|
||||
return any(name in state.attrs and state.attrs[name].history.has_changes() for name in attrs)
|
||||
|
||||
|
||||
def _previous_value(obj: object, attr_name: str) -> str | None:
|
||||
state = inspect(obj)
|
||||
if attr_name not in state.attrs:
|
||||
return None
|
||||
history = state.attrs[attr_name].history
|
||||
if not history.has_changes() or not history.deleted:
|
||||
return None
|
||||
value = history.deleted[0]
|
||||
return str(value) if value is not None else None
|
||||
|
||||
|
||||
def _ensure_id(obj: object) -> str:
|
||||
resource_id = getattr(obj, "id", None)
|
||||
if resource_id:
|
||||
return str(resource_id)
|
||||
resource_id = new_uuid()
|
||||
setattr(obj, "id", resource_id)
|
||||
return resource_id
|
||||
|
||||
|
||||
def _owner_id(owner_type: str, owner_user_id: str | None, owner_group_id: str | None) -> str | None:
|
||||
if owner_type == "user":
|
||||
return owner_user_id
|
||||
if owner_type == "group":
|
||||
return owner_group_id
|
||||
return None
|
||||
|
||||
|
||||
def _isoformat(value: datetime | None) -> str | None:
|
||||
return value.isoformat() if value else None
|
||||
|
||||
|
||||
__all__ = [
|
||||
"FILES_ASSETS_COLLECTION",
|
||||
"FILES_CONNECTOR_CREDENTIALS_COLLECTION",
|
||||
"FILES_CONNECTOR_POLICIES_COLLECTION",
|
||||
"FILES_CONNECTOR_PROFILES_COLLECTION",
|
||||
"FILES_CONNECTOR_SPACES_COLLECTION",
|
||||
"FILES_FOLDERS_COLLECTION",
|
||||
"FILES_MODULE_ID",
|
||||
"register_files_change_tracking",
|
||||
]
|
||||
@@ -4,7 +4,7 @@ import uuid
|
||||
from datetime import datetime
|
||||
from typing import Any
|
||||
|
||||
from sqlalchemy import DateTime, ForeignKey, Index, Integer, JSON, String, Text, UniqueConstraint, text
|
||||
from sqlalchemy import Boolean, DateTime, ForeignKey, Index, Integer, JSON, String, Text, UniqueConstraint, text
|
||||
from sqlalchemy.orm import Mapped, mapped_column
|
||||
|
||||
from govoplan_core.db.base import Base, TimestampMixin
|
||||
@@ -19,7 +19,7 @@ class FileBlob(Base, TimestampMixin):
|
||||
__table_args__ = (UniqueConstraint("tenant_id", "checksum_sha256", "size_bytes", name="uq_file_blobs_tenant_checksum_size"),)
|
||||
|
||||
id: Mapped[str] = mapped_column(String(36), primary_key=True, default=new_uuid)
|
||||
tenant_id: Mapped[str] = mapped_column(ForeignKey("tenants.id", ondelete="CASCADE"), nullable=False, index=True)
|
||||
tenant_id: Mapped[str] = mapped_column(String(36), nullable=False, index=True)
|
||||
storage_backend: Mapped[str] = mapped_column(String(50), nullable=False)
|
||||
storage_bucket: Mapped[str | None] = mapped_column(String(255))
|
||||
storage_key: Mapped[str] = mapped_column(String(1000), nullable=False)
|
||||
@@ -50,12 +50,12 @@ class FileFolder(Base, TimestampMixin):
|
||||
)
|
||||
|
||||
id: Mapped[str] = mapped_column(String(36), primary_key=True, default=new_uuid)
|
||||
tenant_id: Mapped[str] = mapped_column(ForeignKey("tenants.id", ondelete="CASCADE"), nullable=False, index=True)
|
||||
tenant_id: Mapped[str] = mapped_column(String(36), nullable=False, index=True)
|
||||
owner_type: Mapped[str] = mapped_column(String(20), nullable=False, index=True)
|
||||
owner_user_id: Mapped[str | None] = mapped_column(ForeignKey("users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
owner_group_id: Mapped[str | None] = mapped_column(ForeignKey("groups.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
owner_user_id: Mapped[str | None] = mapped_column(ForeignKey("access_users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
owner_group_id: Mapped[str | None] = mapped_column(ForeignKey("access_groups.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
path: Mapped[str] = mapped_column(String(1000), nullable=False, index=True)
|
||||
created_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
created_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("access_users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
deleted_at: Mapped[datetime | None] = mapped_column(DateTime(timezone=True), nullable=True, index=True)
|
||||
metadata_: Mapped[dict[str, Any] | None] = mapped_column("metadata", JSON, nullable=True)
|
||||
|
||||
@@ -64,15 +64,15 @@ class FileAsset(Base, TimestampMixin):
|
||||
__tablename__ = "file_assets"
|
||||
|
||||
id: Mapped[str] = mapped_column(String(36), primary_key=True, default=new_uuid)
|
||||
tenant_id: Mapped[str] = mapped_column(ForeignKey("tenants.id", ondelete="CASCADE"), nullable=False, index=True)
|
||||
tenant_id: Mapped[str] = mapped_column(String(36), nullable=False, index=True)
|
||||
owner_type: Mapped[str] = mapped_column(String(20), nullable=False, index=True)
|
||||
owner_user_id: Mapped[str | None] = mapped_column(ForeignKey("users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
owner_group_id: Mapped[str | None] = mapped_column(ForeignKey("groups.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
owner_user_id: Mapped[str | None] = mapped_column(ForeignKey("access_users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
owner_group_id: Mapped[str | None] = mapped_column(ForeignKey("access_groups.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
current_version_id: Mapped[str | None] = mapped_column(String(36), nullable=True, index=True)
|
||||
display_path: Mapped[str] = mapped_column(String(1000), nullable=False, index=True)
|
||||
filename: Mapped[str] = mapped_column(String(500), nullable=False, index=True)
|
||||
description: Mapped[str | None] = mapped_column(Text)
|
||||
created_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
created_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("access_users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
deleted_at: Mapped[datetime | None] = mapped_column(DateTime(timezone=True), nullable=True, index=True)
|
||||
metadata_: Mapped[dict[str, Any] | None] = mapped_column("metadata", JSON, nullable=True)
|
||||
|
||||
@@ -82,7 +82,7 @@ class FileVersion(Base, TimestampMixin):
|
||||
__table_args__ = (UniqueConstraint("file_asset_id", "version_number", name="uq_file_versions_asset_number"),)
|
||||
|
||||
id: Mapped[str] = mapped_column(String(36), primary_key=True, default=new_uuid)
|
||||
tenant_id: Mapped[str] = mapped_column(ForeignKey("tenants.id", ondelete="CASCADE"), nullable=False, index=True)
|
||||
tenant_id: Mapped[str] = mapped_column(String(36), nullable=False, index=True)
|
||||
file_asset_id: Mapped[str] = mapped_column(ForeignKey("file_assets.id", ondelete="CASCADE"), nullable=False, index=True)
|
||||
blob_id: Mapped[str] = mapped_column(ForeignKey("file_blobs.id", ondelete="RESTRICT"), nullable=False, index=True)
|
||||
version_number: Mapped[int] = mapped_column(Integer, nullable=False)
|
||||
@@ -91,7 +91,7 @@ class FileVersion(Base, TimestampMixin):
|
||||
content_type: Mapped[str | None] = mapped_column(String(255))
|
||||
size_bytes: Mapped[int] = mapped_column(Integer, nullable=False)
|
||||
checksum_sha256: Mapped[str] = mapped_column(String(64), nullable=False, index=True)
|
||||
created_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
created_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("access_users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
|
||||
|
||||
class FileShare(Base, TimestampMixin):
|
||||
@@ -99,21 +99,131 @@ class FileShare(Base, TimestampMixin):
|
||||
__table_args__ = (UniqueConstraint("file_asset_id", "target_type", "target_id", "revoked_at", name="uq_file_shares_active_target"),)
|
||||
|
||||
id: Mapped[str] = mapped_column(String(36), primary_key=True, default=new_uuid)
|
||||
tenant_id: Mapped[str] = mapped_column(ForeignKey("tenants.id", ondelete="CASCADE"), nullable=False, index=True)
|
||||
tenant_id: Mapped[str] = mapped_column(String(36), nullable=False, index=True)
|
||||
file_asset_id: Mapped[str] = mapped_column(ForeignKey("file_assets.id", ondelete="CASCADE"), nullable=False, index=True)
|
||||
target_type: Mapped[str] = mapped_column(String(20), nullable=False, index=True)
|
||||
target_id: Mapped[str] = mapped_column(String(36), nullable=False, index=True)
|
||||
permission: Mapped[str] = mapped_column(String(20), default="read", nullable=False)
|
||||
created_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
created_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("access_users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
revoked_at: Mapped[datetime | None] = mapped_column(DateTime(timezone=True), nullable=True, index=True)
|
||||
|
||||
|
||||
class FileConnectorProfile(Base, TimestampMixin):
|
||||
__tablename__ = "file_connector_profiles"
|
||||
__table_args__ = (
|
||||
Index("ix_file_connector_profiles_scope", "scope_type", "scope_id"),
|
||||
)
|
||||
|
||||
id: Mapped[str] = mapped_column(String(255), primary_key=True)
|
||||
tenant_id: Mapped[str | None] = mapped_column(String(36), nullable=True, index=True)
|
||||
scope_type: Mapped[str] = mapped_column(String(20), default="tenant", nullable=False, index=True)
|
||||
scope_id: Mapped[str | None] = mapped_column(String(36), nullable=True, index=True)
|
||||
label: Mapped[str] = mapped_column(String(255), nullable=False)
|
||||
provider: Mapped[str] = mapped_column(String(50), nullable=False, index=True)
|
||||
endpoint_url: Mapped[str | None] = mapped_column(String(1000), nullable=True)
|
||||
base_path: Mapped[str | None] = mapped_column(String(1000), nullable=True)
|
||||
enabled: Mapped[bool] = mapped_column(Boolean, default=True, nullable=False, index=True)
|
||||
credential_profile_id: Mapped[str | None] = mapped_column(String(255), nullable=True, index=True)
|
||||
credential_mode: Mapped[str] = mapped_column(String(30), default="none", nullable=False)
|
||||
username: Mapped[str | None] = mapped_column(String(320), nullable=True)
|
||||
password_encrypted: Mapped[str | None] = mapped_column(Text, nullable=True)
|
||||
token_encrypted: Mapped[str | None] = mapped_column(Text, nullable=True)
|
||||
password_env: Mapped[str | None] = mapped_column(String(255), nullable=True)
|
||||
token_env: Mapped[str | None] = mapped_column(String(255), nullable=True)
|
||||
secret_ref: Mapped[str | None] = mapped_column(String(1000), nullable=True)
|
||||
capabilities: Mapped[list[str] | None] = mapped_column(JSON, nullable=True)
|
||||
policy: Mapped[dict[str, Any] | None] = mapped_column(JSON, nullable=True)
|
||||
metadata_: Mapped[dict[str, Any] | None] = mapped_column("metadata", JSON, nullable=True)
|
||||
created_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("access_users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
updated_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("access_users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
|
||||
|
||||
class FileConnectorCredential(Base, TimestampMixin):
|
||||
__tablename__ = "file_connector_credentials"
|
||||
__table_args__ = (
|
||||
Index("ix_file_connector_credentials_scope", "scope_type", "scope_id"),
|
||||
)
|
||||
|
||||
id: Mapped[str] = mapped_column(String(255), primary_key=True)
|
||||
tenant_id: Mapped[str | None] = mapped_column(String(36), nullable=True, index=True)
|
||||
scope_type: Mapped[str] = mapped_column(String(20), default="tenant", nullable=False, index=True)
|
||||
scope_id: Mapped[str | None] = mapped_column(String(36), nullable=True, index=True)
|
||||
label: Mapped[str] = mapped_column(String(255), nullable=False)
|
||||
provider: Mapped[str | None] = mapped_column(String(50), nullable=True, index=True)
|
||||
enabled: Mapped[bool] = mapped_column(Boolean, default=True, nullable=False, index=True)
|
||||
credential_mode: Mapped[str] = mapped_column(String(30), default="none", nullable=False)
|
||||
username: Mapped[str | None] = mapped_column(String(320), nullable=True)
|
||||
password_encrypted: Mapped[str | None] = mapped_column(Text, nullable=True)
|
||||
token_encrypted: Mapped[str | None] = mapped_column(Text, nullable=True)
|
||||
password_env: Mapped[str | None] = mapped_column(String(255), nullable=True)
|
||||
token_env: Mapped[str | None] = mapped_column(String(255), nullable=True)
|
||||
secret_ref: Mapped[str | None] = mapped_column(String(1000), nullable=True)
|
||||
policy: Mapped[dict[str, Any] | None] = mapped_column(JSON, nullable=True)
|
||||
metadata_: Mapped[dict[str, Any] | None] = mapped_column("metadata", JSON, nullable=True)
|
||||
created_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("access_users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
updated_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("access_users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
|
||||
|
||||
class FileConnectorPolicy(Base, TimestampMixin):
|
||||
__tablename__ = "file_connector_policies"
|
||||
__table_args__ = (
|
||||
UniqueConstraint("tenant_id", "scope_type", "scope_id", name="uq_file_connector_policies_scope"),
|
||||
Index("ix_file_connector_policies_scope", "scope_type", "scope_id"),
|
||||
)
|
||||
|
||||
id: Mapped[str] = mapped_column(String(36), primary_key=True, default=new_uuid)
|
||||
tenant_id: Mapped[str | None] = mapped_column(String(36), nullable=True, index=True)
|
||||
scope_type: Mapped[str] = mapped_column(String(20), nullable=False, index=True)
|
||||
scope_id: Mapped[str | None] = mapped_column(String(36), nullable=True, index=True)
|
||||
policy: Mapped[dict[str, Any]] = mapped_column(JSON, default=dict, nullable=False)
|
||||
created_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("access_users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
updated_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("access_users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
|
||||
|
||||
class FileConnectorSpace(Base, TimestampMixin):
|
||||
__tablename__ = "file_connector_spaces"
|
||||
__table_args__ = (
|
||||
Index("ix_file_connector_spaces_owner", "tenant_id", "owner_type", "owner_user_id", "owner_group_id"),
|
||||
Index(
|
||||
"uq_file_connector_spaces_active_user_label",
|
||||
"tenant_id", "owner_user_id", "label",
|
||||
unique=True,
|
||||
sqlite_where=text("owner_type = 'user' AND deleted_at IS NULL"),
|
||||
postgresql_where=text("owner_type = 'user' AND deleted_at IS NULL"),
|
||||
),
|
||||
Index(
|
||||
"uq_file_connector_spaces_active_group_label",
|
||||
"tenant_id", "owner_group_id", "label",
|
||||
unique=True,
|
||||
sqlite_where=text("owner_type = 'group' AND deleted_at IS NULL"),
|
||||
postgresql_where=text("owner_type = 'group' AND deleted_at IS NULL"),
|
||||
),
|
||||
)
|
||||
|
||||
id: Mapped[str] = mapped_column(String(36), primary_key=True, default=new_uuid)
|
||||
tenant_id: Mapped[str] = mapped_column(String(36), nullable=False, index=True)
|
||||
owner_type: Mapped[str] = mapped_column(String(20), nullable=False, index=True)
|
||||
owner_user_id: Mapped[str | None] = mapped_column(ForeignKey("access_users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
owner_group_id: Mapped[str | None] = mapped_column(ForeignKey("access_groups.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
label: Mapped[str] = mapped_column(String(255), nullable=False)
|
||||
connector_profile_id: Mapped[str] = mapped_column(String(255), nullable=False, index=True)
|
||||
provider: Mapped[str] = mapped_column(String(50), nullable=False, index=True)
|
||||
library_id: Mapped[str | None] = mapped_column(String(255), nullable=True)
|
||||
remote_path: Mapped[str] = mapped_column(String(1000), default="", nullable=False)
|
||||
sync_mode: Mapped[str] = mapped_column(String(30), default="manual", nullable=False)
|
||||
read_only: Mapped[bool] = mapped_column(Boolean, default=True, nullable=False)
|
||||
is_active: Mapped[bool] = mapped_column(Boolean, default=True, nullable=False, index=True)
|
||||
created_by_user_id: Mapped[str | None] = mapped_column(ForeignKey("access_users.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
deleted_at: Mapped[datetime | None] = mapped_column(DateTime(timezone=True), nullable=True, index=True)
|
||||
metadata_: Mapped[dict[str, Any] | None] = mapped_column("metadata", JSON, nullable=True)
|
||||
|
||||
|
||||
class CampaignAttachmentUse(Base, TimestampMixin):
|
||||
__tablename__ = "campaign_attachment_uses"
|
||||
__table_args__ = (UniqueConstraint("campaign_job_id", "file_version_id", "filename_used", "use_stage", name="uq_campaign_attachment_uses_job_file_stage"),)
|
||||
|
||||
id: Mapped[str] = mapped_column(String(36), primary_key=True, default=new_uuid)
|
||||
tenant_id: Mapped[str] = mapped_column(ForeignKey("tenants.id", ondelete="CASCADE"), nullable=False, index=True)
|
||||
tenant_id: Mapped[str] = mapped_column(String(36), nullable=False, index=True)
|
||||
campaign_id: Mapped[str] = mapped_column(ForeignKey("campaigns.id", ondelete="CASCADE"), nullable=False, index=True)
|
||||
campaign_version_id: Mapped[str] = mapped_column(ForeignKey("campaign_versions.id", ondelete="CASCADE"), nullable=False, index=True)
|
||||
campaign_job_id: Mapped[str | None] = mapped_column(ForeignKey("campaign_jobs.id", ondelete="SET NULL"), nullable=True, index=True)
|
||||
@@ -134,6 +244,10 @@ __all__ = [
|
||||
"CampaignAttachmentUse",
|
||||
"FileAsset",
|
||||
"FileBlob",
|
||||
"FileConnectorCredential",
|
||||
"FileConnectorPolicy",
|
||||
"FileConnectorProfile",
|
||||
"FileConnectorSpace",
|
||||
"FileFolder",
|
||||
"FileShare",
|
||||
"FileVersion",
|
||||
|
||||
@@ -2,10 +2,25 @@ from __future__ import annotations
|
||||
|
||||
from pathlib import Path
|
||||
|
||||
from govoplan_core.core.modules import FrontendModule, MigrationSpec, ModuleContext, ModuleManifest, NavItem, PermissionDefinition, RoleTemplate
|
||||
from govoplan_core.core.access import CAPABILITY_AUTH_PERMISSION_EVALUATOR, CAPABILITY_AUTH_PRINCIPAL_RESOLVER
|
||||
from govoplan_core.core.module_guards import drop_table_retirement_provider, persistent_table_uninstall_guard
|
||||
from govoplan_core.core.modules import (
|
||||
FrontendModule,
|
||||
MigrationSpec,
|
||||
ModuleContext,
|
||||
ModuleInterfaceProvider,
|
||||
ModuleInterfaceRequirement,
|
||||
ModuleManifest,
|
||||
NavItem,
|
||||
PermissionDefinition,
|
||||
RoleTemplate,
|
||||
)
|
||||
from govoplan_core.db.base import Base
|
||||
from govoplan_files.backend.change_tracking import register_files_change_tracking
|
||||
from govoplan_files.backend.db import models as file_models # noqa: F401 - populate Files ORM metadata
|
||||
|
||||
register_files_change_tracking()
|
||||
|
||||
|
||||
def _permission(scope: str, label: str, description: str) -> PermissionDefinition:
|
||||
module_id, resource, action = scope.split(":", 2)
|
||||
@@ -54,10 +69,40 @@ ROLE_TEMPLATES = (
|
||||
)
|
||||
|
||||
|
||||
def _tenant_summary(session, tenant_id: str) -> dict[str, int]:
|
||||
from govoplan_files.backend.db.models import FileAsset, FileConnectorCredential, FileConnectorPolicy, FileConnectorProfile, FileConnectorSpace
|
||||
|
||||
return {
|
||||
"files": session.query(FileAsset).filter(FileAsset.tenant_id == tenant_id).count(),
|
||||
"connector_credentials": session.query(FileConnectorCredential).filter(FileConnectorCredential.tenant_id == tenant_id).count(),
|
||||
"connector_policies": session.query(FileConnectorPolicy).filter(FileConnectorPolicy.tenant_id == tenant_id).count(),
|
||||
"connector_profiles": session.query(FileConnectorProfile).filter(FileConnectorProfile.tenant_id == tenant_id).count(),
|
||||
"connector_spaces": session.query(FileConnectorSpace).filter(FileConnectorSpace.tenant_id == tenant_id).count(),
|
||||
}
|
||||
|
||||
|
||||
def _veto_group_delete(session, tenant_id: str, group_id: str) -> None:
|
||||
from govoplan_files.backend.db.models import FileAsset, FileConnectorSpace, FileFolder, FileShare
|
||||
|
||||
owned_asset_count = session.query(FileAsset).filter(FileAsset.tenant_id == tenant_id, FileAsset.owner_group_id == group_id).count()
|
||||
owned_folder_count = session.query(FileFolder).filter(FileFolder.tenant_id == tenant_id, FileFolder.owner_group_id == group_id).count()
|
||||
owned_connector_space_count = session.query(FileConnectorSpace).filter(
|
||||
FileConnectorSpace.tenant_id == tenant_id,
|
||||
FileConnectorSpace.owner_group_id == group_id,
|
||||
).count()
|
||||
shared_asset_count = session.query(FileShare).filter(
|
||||
FileShare.tenant_id == tenant_id,
|
||||
FileShare.target_type == "group",
|
||||
FileShare.target_id == group_id,
|
||||
).count()
|
||||
if owned_asset_count or owned_folder_count or owned_connector_space_count or shared_asset_count:
|
||||
raise ValueError("Cannot remove the group while it owns files, folders, connector spaces or file shares.")
|
||||
|
||||
|
||||
def _files_router(context: ModuleContext):
|
||||
from govoplan_files.backend.runtime import configure_runtime
|
||||
|
||||
configure_runtime(settings=context.settings)
|
||||
configure_runtime(registry=context.registry, settings=context.settings)
|
||||
from govoplan_files.backend.router import router
|
||||
|
||||
return router
|
||||
@@ -66,12 +111,25 @@ def _files_router(context: ModuleContext):
|
||||
manifest = ModuleManifest(
|
||||
id="files",
|
||||
name="Files",
|
||||
version="1.0.0",
|
||||
dependencies=("access",),
|
||||
optional_dependencies=(),
|
||||
version="0.1.6",
|
||||
required_capabilities=(CAPABILITY_AUTH_PRINCIPAL_RESOLVER, CAPABILITY_AUTH_PERMISSION_EVALUATOR),
|
||||
optional_dependencies=("campaigns",),
|
||||
provides_interfaces=(
|
||||
ModuleInterfaceProvider(name="files.campaign_attachments", version="0.1.6"),
|
||||
),
|
||||
requires_interfaces=(
|
||||
ModuleInterfaceRequirement(
|
||||
name="campaigns.access",
|
||||
version_min="0.1.0",
|
||||
version_max_exclusive="0.2.0",
|
||||
optional=True,
|
||||
),
|
||||
),
|
||||
permissions=PERMISSIONS,
|
||||
route_factory=_files_router,
|
||||
role_templates=ROLE_TEMPLATES,
|
||||
tenant_summary_providers=(_tenant_summary,),
|
||||
delete_veto_providers={"group": (_veto_group_delete,)},
|
||||
nav_items=(NavItem(path="/files", label="Files", icon="folder", required_any=("files:file:read",), order=40),),
|
||||
frontend=FrontendModule(
|
||||
module_id="files",
|
||||
@@ -82,10 +140,42 @@ manifest = ModuleManifest(
|
||||
module_id="files",
|
||||
metadata=Base.metadata,
|
||||
script_location=str(Path(__file__).with_name("migrations") / "versions"),
|
||||
retirement_supported=True,
|
||||
retirement_provider=drop_table_retirement_provider(
|
||||
file_models.FileBlob,
|
||||
file_models.FileFolder,
|
||||
file_models.FileAsset,
|
||||
file_models.FileVersion,
|
||||
file_models.FileShare,
|
||||
file_models.FileConnectorCredential,
|
||||
file_models.FileConnectorPolicy,
|
||||
file_models.FileConnectorProfile,
|
||||
file_models.FileConnectorSpace,
|
||||
file_models.CampaignAttachmentUse,
|
||||
label="Files",
|
||||
),
|
||||
retirement_notes="Destructive retirement drops files-owned database tables after the installer captures a database snapshot.",
|
||||
),
|
||||
uninstall_guard_providers=(
|
||||
persistent_table_uninstall_guard(
|
||||
file_models.FileBlob,
|
||||
file_models.FileFolder,
|
||||
file_models.FileAsset,
|
||||
file_models.FileVersion,
|
||||
file_models.FileShare,
|
||||
file_models.FileConnectorCredential,
|
||||
file_models.FileConnectorPolicy,
|
||||
file_models.FileConnectorProfile,
|
||||
file_models.FileConnectorSpace,
|
||||
file_models.CampaignAttachmentUse,
|
||||
label="Files",
|
||||
),
|
||||
),
|
||||
capability_factories={
|
||||
"files.campaign_attachments": lambda context: __import__("govoplan_files.backend.capabilities", fromlist=["campaign_capability"]).campaign_capability(context),
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
def get_manifest() -> ModuleManifest:
|
||||
return manifest
|
||||
|
||||
|
||||
@@ -0,0 +1,119 @@
|
||||
"""file connector spaces
|
||||
|
||||
Revision ID: 4f5a6b7c8d9e
|
||||
Revises: 2e3f4a5b6c7d
|
||||
Create Date: 2026-07-08 00:00:00.000000
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
|
||||
revision = "4f5a6b7c8d9e"
|
||||
down_revision = "2e3f4a5b6c7d"
|
||||
branch_labels = None
|
||||
depends_on = None
|
||||
|
||||
|
||||
def _scope_fk_target(tables: set[str]) -> str:
|
||||
return "core_scopes.id" if "core_scopes" in tables else "tenancy_tenants.id"
|
||||
|
||||
|
||||
def upgrade() -> None:
|
||||
inspector = sa.inspect(op.get_bind())
|
||||
tables = set(inspector.get_table_names())
|
||||
scope_fk_target = _scope_fk_target(tables)
|
||||
if "file_connector_spaces" not in tables:
|
||||
op.create_table(
|
||||
"file_connector_spaces",
|
||||
sa.Column("id", sa.String(length=36), nullable=False),
|
||||
sa.Column("tenant_id", sa.String(length=36), nullable=False),
|
||||
sa.Column("owner_type", sa.String(length=20), nullable=False),
|
||||
sa.Column("owner_user_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("owner_group_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("label", sa.String(length=255), nullable=False),
|
||||
sa.Column("connector_profile_id", sa.String(length=255), nullable=False),
|
||||
sa.Column("provider", sa.String(length=50), nullable=False),
|
||||
sa.Column("library_id", sa.String(length=255), nullable=True),
|
||||
sa.Column("remote_path", sa.String(length=1000), nullable=False),
|
||||
sa.Column("sync_mode", sa.String(length=30), nullable=False),
|
||||
sa.Column("read_only", sa.Boolean(), nullable=False),
|
||||
sa.Column("is_active", sa.Boolean(), nullable=False),
|
||||
sa.Column("created_by_user_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("deleted_at", sa.DateTime(timezone=True), nullable=True),
|
||||
sa.Column("metadata", sa.JSON(), nullable=True),
|
||||
sa.Column("created_at", sa.DateTime(timezone=True), nullable=False),
|
||||
sa.Column("updated_at", sa.DateTime(timezone=True), nullable=False),
|
||||
sa.ForeignKeyConstraint(["created_by_user_id"], ["access_users.id"], name=op.f("fk_file_connector_spaces_created_by_user_id_users"), ondelete="SET NULL"),
|
||||
sa.ForeignKeyConstraint(["owner_group_id"], ["access_groups.id"], name=op.f("fk_file_connector_spaces_owner_group_id_groups"), ondelete="SET NULL"),
|
||||
sa.ForeignKeyConstraint(["owner_user_id"], ["access_users.id"], name=op.f("fk_file_connector_spaces_owner_user_id_users"), ondelete="SET NULL"),
|
||||
sa.ForeignKeyConstraint(["tenant_id"], [scope_fk_target], name=op.f("fk_file_connector_spaces_tenant_id_scopes"), ondelete="CASCADE"),
|
||||
sa.PrimaryKeyConstraint("id", name=op.f("pk_file_connector_spaces")),
|
||||
)
|
||||
|
||||
inspector = sa.inspect(op.get_bind())
|
||||
indexes = {item["name"] for item in inspector.get_indexes("file_connector_spaces")}
|
||||
for column in (
|
||||
"tenant_id",
|
||||
"owner_type",
|
||||
"owner_user_id",
|
||||
"owner_group_id",
|
||||
"connector_profile_id",
|
||||
"provider",
|
||||
"is_active",
|
||||
"created_by_user_id",
|
||||
"deleted_at",
|
||||
):
|
||||
name = op.f(f"ix_file_connector_spaces_{column}")
|
||||
if name not in indexes:
|
||||
op.create_index(name, "file_connector_spaces", [column], unique=False)
|
||||
if "ix_file_connector_spaces_owner" not in indexes:
|
||||
op.create_index(
|
||||
"ix_file_connector_spaces_owner",
|
||||
"file_connector_spaces",
|
||||
["tenant_id", "owner_type", "owner_user_id", "owner_group_id"],
|
||||
unique=False,
|
||||
)
|
||||
if "uq_file_connector_spaces_active_user_label" not in indexes:
|
||||
op.create_index(
|
||||
"uq_file_connector_spaces_active_user_label",
|
||||
"file_connector_spaces",
|
||||
["tenant_id", "owner_user_id", "label"],
|
||||
unique=True,
|
||||
sqlite_where=sa.text("owner_type = 'user' AND deleted_at IS NULL"),
|
||||
postgresql_where=sa.text("owner_type = 'user' AND deleted_at IS NULL"),
|
||||
)
|
||||
if "uq_file_connector_spaces_active_group_label" not in indexes:
|
||||
op.create_index(
|
||||
"uq_file_connector_spaces_active_group_label",
|
||||
"file_connector_spaces",
|
||||
["tenant_id", "owner_group_id", "label"],
|
||||
unique=True,
|
||||
sqlite_where=sa.text("owner_type = 'group' AND deleted_at IS NULL"),
|
||||
postgresql_where=sa.text("owner_type = 'group' AND deleted_at IS NULL"),
|
||||
)
|
||||
|
||||
|
||||
def downgrade() -> None:
|
||||
inspector = sa.inspect(op.get_bind())
|
||||
if "file_connector_spaces" not in inspector.get_table_names():
|
||||
return
|
||||
indexes = {item["name"] for item in inspector.get_indexes("file_connector_spaces")}
|
||||
for name in (
|
||||
"uq_file_connector_spaces_active_group_label",
|
||||
"uq_file_connector_spaces_active_user_label",
|
||||
"ix_file_connector_spaces_owner",
|
||||
op.f("ix_file_connector_spaces_deleted_at"),
|
||||
op.f("ix_file_connector_spaces_created_by_user_id"),
|
||||
op.f("ix_file_connector_spaces_is_active"),
|
||||
op.f("ix_file_connector_spaces_provider"),
|
||||
op.f("ix_file_connector_spaces_connector_profile_id"),
|
||||
op.f("ix_file_connector_spaces_owner_group_id"),
|
||||
op.f("ix_file_connector_spaces_owner_user_id"),
|
||||
op.f("ix_file_connector_spaces_owner_type"),
|
||||
op.f("ix_file_connector_spaces_tenant_id"),
|
||||
):
|
||||
if name in indexes:
|
||||
op.drop_index(name, table_name="file_connector_spaces")
|
||||
op.drop_table("file_connector_spaces")
|
||||
@@ -0,0 +1,94 @@
|
||||
"""file connector profiles
|
||||
|
||||
Revision ID: 5a6b7c8d9e0f
|
||||
Revises: 4f5a6b7c8d9e
|
||||
Create Date: 2026-07-08 00:00:00.000000
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
|
||||
revision = "5a6b7c8d9e0f"
|
||||
down_revision = "4f5a6b7c8d9e"
|
||||
branch_labels = None
|
||||
depends_on = None
|
||||
|
||||
|
||||
def _scope_fk_target(inspector) -> str:
|
||||
tables = set(inspector.get_table_names())
|
||||
return "core_scopes.id" if "core_scopes" in tables else "tenancy_tenants.id"
|
||||
|
||||
|
||||
def upgrade() -> None:
|
||||
inspector = sa.inspect(op.get_bind())
|
||||
scope_fk_target = _scope_fk_target(inspector)
|
||||
if "file_connector_profiles" not in inspector.get_table_names():
|
||||
op.create_table(
|
||||
"file_connector_profiles",
|
||||
sa.Column("id", sa.String(length=255), nullable=False),
|
||||
sa.Column("tenant_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("scope_type", sa.String(length=20), nullable=False),
|
||||
sa.Column("scope_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("label", sa.String(length=255), nullable=False),
|
||||
sa.Column("provider", sa.String(length=50), nullable=False),
|
||||
sa.Column("endpoint_url", sa.String(length=1000), nullable=True),
|
||||
sa.Column("base_path", sa.String(length=1000), nullable=True),
|
||||
sa.Column("enabled", sa.Boolean(), nullable=False),
|
||||
sa.Column("credential_mode", sa.String(length=30), nullable=False),
|
||||
sa.Column("username", sa.String(length=320), nullable=True),
|
||||
sa.Column("password_encrypted", sa.Text(), nullable=True),
|
||||
sa.Column("token_encrypted", sa.Text(), nullable=True),
|
||||
sa.Column("password_env", sa.String(length=255), nullable=True),
|
||||
sa.Column("token_env", sa.String(length=255), nullable=True),
|
||||
sa.Column("secret_ref", sa.String(length=1000), nullable=True),
|
||||
sa.Column("capabilities", sa.JSON(), nullable=True),
|
||||
sa.Column("policy", sa.JSON(), nullable=True),
|
||||
sa.Column("metadata", sa.JSON(), nullable=True),
|
||||
sa.Column("created_by_user_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("updated_by_user_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("created_at", sa.DateTime(timezone=True), nullable=False),
|
||||
sa.Column("updated_at", sa.DateTime(timezone=True), nullable=False),
|
||||
sa.ForeignKeyConstraint(["created_by_user_id"], ["access_users.id"], name=op.f("fk_file_connector_profiles_created_by_user_id_users"), ondelete="SET NULL"),
|
||||
sa.ForeignKeyConstraint(["tenant_id"], [scope_fk_target], name=op.f("fk_file_connector_profiles_tenant_id_scopes"), ondelete="CASCADE"),
|
||||
sa.ForeignKeyConstraint(["updated_by_user_id"], ["access_users.id"], name=op.f("fk_file_connector_profiles_updated_by_user_id_users"), ondelete="SET NULL"),
|
||||
sa.PrimaryKeyConstraint("id", name=op.f("pk_file_connector_profiles")),
|
||||
)
|
||||
|
||||
inspector = sa.inspect(op.get_bind())
|
||||
indexes = {item["name"] for item in inspector.get_indexes("file_connector_profiles")}
|
||||
for column in (
|
||||
"tenant_id",
|
||||
"scope_type",
|
||||
"scope_id",
|
||||
"provider",
|
||||
"enabled",
|
||||
"created_by_user_id",
|
||||
"updated_by_user_id",
|
||||
):
|
||||
name = op.f(f"ix_file_connector_profiles_{column}")
|
||||
if name not in indexes:
|
||||
op.create_index(name, "file_connector_profiles", [column], unique=False)
|
||||
if "ix_file_connector_profiles_scope" not in indexes:
|
||||
op.create_index("ix_file_connector_profiles_scope", "file_connector_profiles", ["scope_type", "scope_id"], unique=False)
|
||||
|
||||
|
||||
def downgrade() -> None:
|
||||
inspector = sa.inspect(op.get_bind())
|
||||
if "file_connector_profiles" not in inspector.get_table_names():
|
||||
return
|
||||
indexes = {item["name"] for item in inspector.get_indexes("file_connector_profiles")}
|
||||
for name in (
|
||||
"ix_file_connector_profiles_scope",
|
||||
op.f("ix_file_connector_profiles_updated_by_user_id"),
|
||||
op.f("ix_file_connector_profiles_created_by_user_id"),
|
||||
op.f("ix_file_connector_profiles_enabled"),
|
||||
op.f("ix_file_connector_profiles_provider"),
|
||||
op.f("ix_file_connector_profiles_scope_id"),
|
||||
op.f("ix_file_connector_profiles_scope_type"),
|
||||
op.f("ix_file_connector_profiles_tenant_id"),
|
||||
):
|
||||
if name in indexes:
|
||||
op.drop_index(name, table_name="file_connector_profiles")
|
||||
op.drop_table("file_connector_profiles")
|
||||
@@ -0,0 +1,111 @@
|
||||
"""file connector credentials
|
||||
|
||||
Revision ID: 6b7c8d9e0f1a
|
||||
Revises: 5a6b7c8d9e0f
|
||||
Create Date: 2026-07-08 00:00:00.000000
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
|
||||
revision = "6b7c8d9e0f1a"
|
||||
down_revision = "5a6b7c8d9e0f"
|
||||
branch_labels = None
|
||||
depends_on = None
|
||||
|
||||
|
||||
def _scope_fk_target(table_names: set[str]) -> str:
|
||||
return "core_scopes.id" if "core_scopes" in table_names else "tenancy_tenants.id"
|
||||
|
||||
|
||||
def upgrade() -> None:
|
||||
inspector = sa.inspect(op.get_bind())
|
||||
table_names = set(inspector.get_table_names())
|
||||
scope_fk_target = _scope_fk_target(table_names)
|
||||
|
||||
if "file_connector_profiles" in table_names:
|
||||
columns = {item["name"] for item in inspector.get_columns("file_connector_profiles")}
|
||||
if "credential_profile_id" not in columns:
|
||||
op.add_column("file_connector_profiles", sa.Column("credential_profile_id", sa.String(length=255), nullable=True))
|
||||
indexes = {item["name"] for item in inspector.get_indexes("file_connector_profiles")}
|
||||
index_name = op.f("ix_file_connector_profiles_credential_profile_id")
|
||||
if index_name not in indexes:
|
||||
op.create_index(index_name, "file_connector_profiles", ["credential_profile_id"], unique=False)
|
||||
|
||||
if "file_connector_credentials" not in table_names:
|
||||
op.create_table(
|
||||
"file_connector_credentials",
|
||||
sa.Column("id", sa.String(length=255), nullable=False),
|
||||
sa.Column("tenant_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("scope_type", sa.String(length=20), nullable=False),
|
||||
sa.Column("scope_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("label", sa.String(length=255), nullable=False),
|
||||
sa.Column("provider", sa.String(length=50), nullable=True),
|
||||
sa.Column("enabled", sa.Boolean(), nullable=False),
|
||||
sa.Column("credential_mode", sa.String(length=30), nullable=False),
|
||||
sa.Column("username", sa.String(length=320), nullable=True),
|
||||
sa.Column("password_encrypted", sa.Text(), nullable=True),
|
||||
sa.Column("token_encrypted", sa.Text(), nullable=True),
|
||||
sa.Column("password_env", sa.String(length=255), nullable=True),
|
||||
sa.Column("token_env", sa.String(length=255), nullable=True),
|
||||
sa.Column("secret_ref", sa.String(length=1000), nullable=True),
|
||||
sa.Column("policy", sa.JSON(), nullable=True),
|
||||
sa.Column("metadata", sa.JSON(), nullable=True),
|
||||
sa.Column("created_by_user_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("updated_by_user_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("created_at", sa.DateTime(timezone=True), nullable=False),
|
||||
sa.Column("updated_at", sa.DateTime(timezone=True), nullable=False),
|
||||
sa.ForeignKeyConstraint(["created_by_user_id"], ["access_users.id"], name=op.f("fk_file_connector_credentials_created_by_user_id_users"), ondelete="SET NULL"),
|
||||
sa.ForeignKeyConstraint(["tenant_id"], [scope_fk_target], name=op.f("fk_file_connector_credentials_tenant_id_scopes"), ondelete="CASCADE"),
|
||||
sa.ForeignKeyConstraint(["updated_by_user_id"], ["access_users.id"], name=op.f("fk_file_connector_credentials_updated_by_user_id_users"), ondelete="SET NULL"),
|
||||
sa.PrimaryKeyConstraint("id", name=op.f("pk_file_connector_credentials")),
|
||||
)
|
||||
|
||||
inspector = sa.inspect(op.get_bind())
|
||||
indexes = {item["name"] for item in inspector.get_indexes("file_connector_credentials")}
|
||||
for column in (
|
||||
"tenant_id",
|
||||
"scope_type",
|
||||
"scope_id",
|
||||
"provider",
|
||||
"enabled",
|
||||
"created_by_user_id",
|
||||
"updated_by_user_id",
|
||||
):
|
||||
name = op.f(f"ix_file_connector_credentials_{column}")
|
||||
if name not in indexes:
|
||||
op.create_index(name, "file_connector_credentials", [column], unique=False)
|
||||
if "ix_file_connector_credentials_scope" not in indexes:
|
||||
op.create_index("ix_file_connector_credentials_scope", "file_connector_credentials", ["scope_type", "scope_id"], unique=False)
|
||||
|
||||
|
||||
def downgrade() -> None:
|
||||
inspector = sa.inspect(op.get_bind())
|
||||
if "file_connector_credentials" in inspector.get_table_names():
|
||||
indexes = {item["name"] for item in inspector.get_indexes("file_connector_credentials")}
|
||||
for name in (
|
||||
"ix_file_connector_credentials_scope",
|
||||
op.f("ix_file_connector_credentials_updated_by_user_id"),
|
||||
op.f("ix_file_connector_credentials_created_by_user_id"),
|
||||
op.f("ix_file_connector_credentials_enabled"),
|
||||
op.f("ix_file_connector_credentials_provider"),
|
||||
op.f("ix_file_connector_credentials_scope_id"),
|
||||
op.f("ix_file_connector_credentials_scope_type"),
|
||||
op.f("ix_file_connector_credentials_tenant_id"),
|
||||
):
|
||||
if name in indexes:
|
||||
op.drop_index(name, table_name="file_connector_credentials")
|
||||
op.drop_table("file_connector_credentials")
|
||||
|
||||
inspector = sa.inspect(op.get_bind())
|
||||
if "file_connector_profiles" not in inspector.get_table_names():
|
||||
return
|
||||
profile_indexes = {item["name"] for item in inspector.get_indexes("file_connector_profiles")}
|
||||
profile_index_name = op.f("ix_file_connector_profiles_credential_profile_id")
|
||||
if profile_index_name in profile_indexes:
|
||||
op.drop_index(profile_index_name, table_name="file_connector_profiles")
|
||||
profile_columns = {item["name"] for item in inspector.get_columns("file_connector_profiles")}
|
||||
if "credential_profile_id" in profile_columns:
|
||||
op.drop_column("file_connector_profiles", "credential_profile_id")
|
||||
@@ -0,0 +1,77 @@
|
||||
"""file connector policies
|
||||
|
||||
Revision ID: a7b8c9d0e1f3
|
||||
Revises: 6b7c8d9e0f1a
|
||||
Create Date: 2026-07-08 00:00:00.000000
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
|
||||
revision = "a7b8c9d0e1f3"
|
||||
down_revision = "6b7c8d9e0f1a"
|
||||
branch_labels = None
|
||||
depends_on = None
|
||||
|
||||
|
||||
def _scope_fk_target(inspector) -> str:
|
||||
tables = set(inspector.get_table_names())
|
||||
return "core_scopes.id" if "core_scopes" in tables else "tenancy_tenants.id"
|
||||
|
||||
|
||||
def upgrade() -> None:
|
||||
inspector = sa.inspect(op.get_bind())
|
||||
scope_fk_target = _scope_fk_target(inspector)
|
||||
if "file_connector_policies" not in inspector.get_table_names():
|
||||
op.create_table(
|
||||
"file_connector_policies",
|
||||
sa.Column("id", sa.String(length=36), nullable=False),
|
||||
sa.Column("tenant_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("scope_type", sa.String(length=20), nullable=False),
|
||||
sa.Column("scope_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("policy", sa.JSON(), nullable=False),
|
||||
sa.Column("created_by_user_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("updated_by_user_id", sa.String(length=36), nullable=True),
|
||||
sa.Column("created_at", sa.DateTime(timezone=True), nullable=False),
|
||||
sa.Column("updated_at", sa.DateTime(timezone=True), nullable=False),
|
||||
sa.ForeignKeyConstraint(["created_by_user_id"], ["access_users.id"], name=op.f("fk_file_connector_policies_created_by_user_id_users"), ondelete="SET NULL"),
|
||||
sa.ForeignKeyConstraint(["tenant_id"], [scope_fk_target], name=op.f("fk_file_connector_policies_tenant_id_scopes"), ondelete="CASCADE"),
|
||||
sa.ForeignKeyConstraint(["updated_by_user_id"], ["access_users.id"], name=op.f("fk_file_connector_policies_updated_by_user_id_users"), ondelete="SET NULL"),
|
||||
sa.PrimaryKeyConstraint("id", name=op.f("pk_file_connector_policies")),
|
||||
sa.UniqueConstraint("tenant_id", "scope_type", "scope_id", name="uq_file_connector_policies_scope"),
|
||||
)
|
||||
|
||||
inspector = sa.inspect(op.get_bind())
|
||||
indexes = {item["name"] for item in inspector.get_indexes("file_connector_policies")}
|
||||
for column in (
|
||||
"tenant_id",
|
||||
"scope_type",
|
||||
"scope_id",
|
||||
"created_by_user_id",
|
||||
"updated_by_user_id",
|
||||
):
|
||||
name = op.f(f"ix_file_connector_policies_{column}")
|
||||
if name not in indexes:
|
||||
op.create_index(name, "file_connector_policies", [column], unique=False)
|
||||
if "ix_file_connector_policies_scope" not in indexes:
|
||||
op.create_index("ix_file_connector_policies_scope", "file_connector_policies", ["scope_type", "scope_id"], unique=False)
|
||||
|
||||
|
||||
def downgrade() -> None:
|
||||
inspector = sa.inspect(op.get_bind())
|
||||
if "file_connector_policies" not in inspector.get_table_names():
|
||||
return
|
||||
indexes = {item["name"] for item in inspector.get_indexes("file_connector_policies")}
|
||||
for name in (
|
||||
"ix_file_connector_policies_scope",
|
||||
op.f("ix_file_connector_policies_updated_by_user_id"),
|
||||
op.f("ix_file_connector_policies_created_by_user_id"),
|
||||
op.f("ix_file_connector_policies_scope_id"),
|
||||
op.f("ix_file_connector_policies_scope_type"),
|
||||
op.f("ix_file_connector_policies_tenant_id"),
|
||||
):
|
||||
if name in indexes:
|
||||
op.drop_index(name, table_name="file_connector_policies")
|
||||
op.drop_table("file_connector_policies")
|
||||
File diff suppressed because it is too large
Load Diff
@@ -2,15 +2,22 @@ from __future__ import annotations
|
||||
|
||||
from typing import Any
|
||||
|
||||
_runtime_registry: object | None = None
|
||||
_runtime_settings: object | None = None
|
||||
|
||||
|
||||
def configure_runtime(*, settings: object | None = None) -> None:
|
||||
global _runtime_settings
|
||||
def configure_runtime(*, registry: object | None = None, settings: object | None = None) -> None:
|
||||
global _runtime_registry, _runtime_settings
|
||||
if registry is not None:
|
||||
_runtime_registry = registry
|
||||
if settings is not None:
|
||||
_runtime_settings = settings
|
||||
|
||||
|
||||
def get_registry() -> object | None:
|
||||
return _runtime_registry
|
||||
|
||||
|
||||
def get_settings() -> object:
|
||||
if _runtime_settings is not None:
|
||||
return _runtime_settings
|
||||
|
||||
@@ -4,6 +4,7 @@ from typing import Any, Literal
|
||||
|
||||
from pydantic import BaseModel, Field
|
||||
|
||||
from govoplan_core.api.v1.schemas import DeltaDeletedItem
|
||||
from govoplan_files.backend.storage.common import FileConflictResolution
|
||||
|
||||
|
||||
@@ -13,12 +14,63 @@ class FileSpaceResponse(BaseModel):
|
||||
owner_type: Literal["user", "group"]
|
||||
owner_id: str
|
||||
description: str | None = None
|
||||
space_type: Literal["managed", "connector"] = "managed"
|
||||
connector_space_id: str | None = None
|
||||
connector_profile_id: str | None = None
|
||||
provider: str | None = None
|
||||
library_id: str | None = None
|
||||
remote_path: str | None = None
|
||||
sync_mode: str | None = None
|
||||
read_only: bool = False
|
||||
|
||||
|
||||
class FileSpacesResponse(BaseModel):
|
||||
spaces: list[FileSpaceResponse]
|
||||
|
||||
|
||||
class FileConnectorSpaceCreateRequest(BaseModel):
|
||||
owner_type: Literal["user", "group"] = "user"
|
||||
owner_id: str | None = None
|
||||
label: str
|
||||
connector_profile_id: str
|
||||
library_id: str | None = None
|
||||
remote_path: str = ""
|
||||
sync_mode: Literal["manual"] = "manual"
|
||||
metadata: dict[str, Any] = Field(default_factory=dict)
|
||||
|
||||
|
||||
class FileConnectorSpaceUpdateRequest(BaseModel):
|
||||
label: str | None = None
|
||||
library_id: str | None = None
|
||||
remote_path: str | None = None
|
||||
sync_mode: Literal["manual"] | None = None
|
||||
is_active: bool | None = None
|
||||
metadata: dict[str, Any] | None = None
|
||||
|
||||
|
||||
class FileConnectorSpaceResponse(BaseModel):
|
||||
id: str
|
||||
tenant_id: str
|
||||
owner_type: Literal["user", "group"]
|
||||
owner_id: str
|
||||
label: str
|
||||
connector_profile_id: str
|
||||
provider: str
|
||||
library_id: str | None = None
|
||||
remote_path: str = ""
|
||||
sync_mode: str
|
||||
read_only: bool
|
||||
is_active: bool
|
||||
created_at: str
|
||||
updated_at: str
|
||||
deleted_at: str | None = None
|
||||
metadata: dict[str, Any] = Field(default_factory=dict)
|
||||
|
||||
|
||||
class FileConnectorSpacesResponse(BaseModel):
|
||||
spaces: list[FileConnectorSpaceResponse] = Field(default_factory=list)
|
||||
|
||||
|
||||
class FileShareResponse(BaseModel):
|
||||
id: str
|
||||
target_type: str
|
||||
@@ -28,6 +80,20 @@ class FileShareResponse(BaseModel):
|
||||
revoked_at: str | None = None
|
||||
|
||||
|
||||
class FileSourceProvenance(BaseModel):
|
||||
source_type: str | None = None
|
||||
connector_id: str | None = None
|
||||
provider: str | None = None
|
||||
external_id: str | None = None
|
||||
external_path: str | None = None
|
||||
external_url: str | None = None
|
||||
revision: str | None = None
|
||||
revision_label: str | None = None
|
||||
observed_at: str | None = None
|
||||
imported_at: str | None = None
|
||||
metadata: dict[str, Any] = Field(default_factory=dict)
|
||||
|
||||
|
||||
class FileAssetResponse(BaseModel):
|
||||
id: str
|
||||
tenant_id: str
|
||||
@@ -45,6 +111,8 @@ class FileAssetResponse(BaseModel):
|
||||
deleted_at: str | None = None
|
||||
audit_relevant: bool = False
|
||||
metadata: dict[str, Any] | None = None
|
||||
source_provenance: FileSourceProvenance | None = None
|
||||
source_revision: str | None = None
|
||||
shares: list[FileShareResponse] = Field(default_factory=list)
|
||||
|
||||
|
||||
@@ -61,6 +129,9 @@ class FileFolderResponse(BaseModel):
|
||||
|
||||
class FileFoldersResponse(BaseModel):
|
||||
folders: list[FileFolderResponse]
|
||||
cursor: str | None = None
|
||||
next_cursor: str | None = None
|
||||
watermark: str | None = None
|
||||
|
||||
|
||||
class FileFolderCreateRequest(BaseModel):
|
||||
@@ -83,12 +154,280 @@ class FileFolderDeleteResponse(BaseModel):
|
||||
|
||||
class FileListResponse(BaseModel):
|
||||
files: list[FileAssetResponse]
|
||||
cursor: str | None = None
|
||||
next_cursor: str | None = None
|
||||
watermark: str | None = None
|
||||
|
||||
|
||||
class FileDeltaResponse(BaseModel):
|
||||
files: list[FileAssetResponse] = Field(default_factory=list)
|
||||
folders: list[FileFolderResponse] = Field(default_factory=list)
|
||||
deleted: list[DeltaDeletedItem] = Field(default_factory=list)
|
||||
watermark: str | None = None
|
||||
has_more: bool = False
|
||||
full: bool = False
|
||||
|
||||
|
||||
class FileUploadResponse(BaseModel):
|
||||
files: list[FileAssetResponse]
|
||||
|
||||
|
||||
class FileConnectorPolicySource(BaseModel):
|
||||
scope_type: Literal["system", "tenant", "user", "group", "campaign"] = "system"
|
||||
scope_id: str | None = None
|
||||
label: str | None = None
|
||||
policy: dict[str, Any] = Field(default_factory=dict)
|
||||
|
||||
|
||||
class FileConnectorPolicyEvaluateRequest(BaseModel):
|
||||
source_provenance: FileSourceProvenance
|
||||
operation: str = "access"
|
||||
policy_sources: list[FileConnectorPolicySource] = Field(default_factory=list)
|
||||
|
||||
|
||||
class FileConnectorPolicyEvaluateResponse(BaseModel):
|
||||
decision: dict[str, Any]
|
||||
|
||||
|
||||
class FileConnectorPolicyUpdateRequest(BaseModel):
|
||||
policy: dict[str, Any] = Field(default_factory=dict)
|
||||
|
||||
|
||||
class FileConnectorPolicyStepResponse(BaseModel):
|
||||
scope_type: str
|
||||
scope_id: str | None = None
|
||||
path: str
|
||||
label: str
|
||||
applied_fields: list[str] = Field(default_factory=list)
|
||||
policy: dict[str, Any] = Field(default_factory=dict)
|
||||
|
||||
|
||||
class FileConnectorPolicyResponse(BaseModel):
|
||||
scope_type: Literal["system", "tenant", "user", "group", "campaign"]
|
||||
scope_id: str | None = None
|
||||
policy: dict[str, Any] = Field(default_factory=dict)
|
||||
effective_policy: dict[str, Any] | None = None
|
||||
parent_policy: dict[str, Any] | None = None
|
||||
effective_policy_sources: list[FileConnectorPolicyStepResponse] = Field(default_factory=list)
|
||||
parent_policy_sources: list[FileConnectorPolicyStepResponse] = Field(default_factory=list)
|
||||
|
||||
|
||||
class FileConnectorProfileResponse(BaseModel):
|
||||
id: str
|
||||
label: str
|
||||
provider: str
|
||||
endpoint_url: str | None = None
|
||||
base_path: str | None = None
|
||||
enabled: bool = True
|
||||
scope_type: Literal["system", "tenant", "user", "group", "campaign"] = "system"
|
||||
scope_id: str | None = None
|
||||
source_path: str
|
||||
credential_profile_id: str | None = None
|
||||
credential_profile_label: str | None = None
|
||||
credential_mode: str = "none"
|
||||
credential_source: str | None = None
|
||||
credentials_configured: bool = False
|
||||
username: str | None = None
|
||||
capabilities: list[str] = Field(default_factory=list)
|
||||
policy_sources: list[FileConnectorPolicySource] = Field(default_factory=list)
|
||||
metadata: dict[str, Any] = Field(default_factory=dict)
|
||||
source_kind: str = "settings"
|
||||
|
||||
|
||||
class FileConnectorProfilesResponse(BaseModel):
|
||||
profiles: list[FileConnectorProfileResponse]
|
||||
|
||||
|
||||
class FileConnectorCredentialResponse(BaseModel):
|
||||
id: str
|
||||
label: str
|
||||
provider: str | None = None
|
||||
enabled: bool = True
|
||||
scope_type: Literal["system", "tenant", "user", "group", "campaign"] = "system"
|
||||
scope_id: str | None = None
|
||||
source_path: str
|
||||
credential_mode: str = "none"
|
||||
credential_secret_source: str | None = None
|
||||
credentials_configured: bool = False
|
||||
username: str | None = None
|
||||
policy_sources: list[FileConnectorPolicySource] = Field(default_factory=list)
|
||||
metadata: dict[str, Any] = Field(default_factory=dict)
|
||||
source_kind: str = "database"
|
||||
|
||||
|
||||
class FileConnectorCredentialsResponse(BaseModel):
|
||||
credentials: list[FileConnectorCredentialResponse]
|
||||
|
||||
|
||||
class FileConnectorSettingsDeltaResponse(BaseModel):
|
||||
profiles: list[FileConnectorProfileResponse] = Field(default_factory=list)
|
||||
credentials: list[FileConnectorCredentialResponse] = Field(default_factory=list)
|
||||
spaces: list[FileConnectorSpaceResponse] = Field(default_factory=list)
|
||||
policy: FileConnectorPolicyResponse | None = None
|
||||
changed_sections: list[str] = Field(default_factory=list)
|
||||
deleted: list[DeltaDeletedItem] = Field(default_factory=list)
|
||||
watermark: str | None = None
|
||||
has_more: bool = False
|
||||
full: bool = False
|
||||
|
||||
|
||||
class FileConnectorProfileCredentialsRequest(BaseModel):
|
||||
username: str | None = None
|
||||
password: str | None = None
|
||||
token: str | None = None
|
||||
password_env: str | None = None
|
||||
token_env: str | None = None
|
||||
secret_ref: str | None = None
|
||||
|
||||
|
||||
class FileConnectorDiscoveryCandidate(BaseModel):
|
||||
endpoint_url: str
|
||||
status: Literal["failed", "usable", "found", "credentials_rejected"]
|
||||
message: str
|
||||
|
||||
|
||||
class FileConnectorDiscoveryRequest(BaseModel):
|
||||
provider: Literal["seafile", "nextcloud", "webdav", "smb", "nfs", "dms", "generic"]
|
||||
endpoint_url: str
|
||||
base_path: str | None = None
|
||||
credential_mode: Literal["none", "anonymous", "basic", "token", "secret_ref"] = "none"
|
||||
credentials: FileConnectorProfileCredentialsRequest = Field(default_factory=FileConnectorProfileCredentialsRequest)
|
||||
metadata: dict[str, Any] = Field(default_factory=dict)
|
||||
require_valid_credentials: bool = False
|
||||
|
||||
|
||||
class FileConnectorDiscoveryResponse(BaseModel):
|
||||
provider: str
|
||||
endpoint_url: str | None = None
|
||||
base_path: str | None = None
|
||||
status: Literal["usable", "found", "credentials_rejected", "not_found", "unsupported"]
|
||||
message: str
|
||||
candidates: list[FileConnectorDiscoveryCandidate] = Field(default_factory=list)
|
||||
metadata: dict[str, Any] = Field(default_factory=dict)
|
||||
|
||||
|
||||
class FileConnectorProfileCreateRequest(BaseModel):
|
||||
id: str
|
||||
label: str
|
||||
provider: Literal["seafile", "nextcloud", "webdav", "smb", "nfs", "dms", "generic"]
|
||||
endpoint_url: str | None = None
|
||||
base_path: str | None = None
|
||||
enabled: bool = True
|
||||
scope_type: Literal["system", "tenant", "user", "group", "campaign"] = "tenant"
|
||||
scope_id: str | None = None
|
||||
credential_profile_id: str | None = None
|
||||
credential_mode: Literal["none", "anonymous", "basic", "token", "secret_ref"] = "none"
|
||||
credentials: FileConnectorProfileCredentialsRequest = Field(default_factory=FileConnectorProfileCredentialsRequest)
|
||||
capabilities: list[str] = Field(default_factory=lambda: ["browse", "import", "sync"])
|
||||
policy: dict[str, Any] = Field(default_factory=dict)
|
||||
metadata: dict[str, Any] = Field(default_factory=dict)
|
||||
|
||||
|
||||
class FileConnectorProfileUpdateRequest(BaseModel):
|
||||
label: str | None = None
|
||||
provider: Literal["seafile", "nextcloud", "webdav", "smb", "nfs", "dms", "generic"] | None = None
|
||||
endpoint_url: str | None = None
|
||||
base_path: str | None = None
|
||||
enabled: bool | None = None
|
||||
credential_profile_id: str | None = None
|
||||
credential_mode: Literal["none", "anonymous", "basic", "token", "secret_ref"] | None = None
|
||||
credentials: FileConnectorProfileCredentialsRequest | None = None
|
||||
clear_password: bool = False
|
||||
clear_token: bool = False
|
||||
capabilities: list[str] | None = None
|
||||
policy: dict[str, Any] | None = None
|
||||
metadata: dict[str, Any] | None = None
|
||||
|
||||
|
||||
class FileConnectorCredentialCreateRequest(BaseModel):
|
||||
id: str
|
||||
label: str
|
||||
provider: Literal["seafile", "nextcloud", "webdav", "smb", "nfs", "dms", "generic"] | None = None
|
||||
enabled: bool = True
|
||||
scope_type: Literal["system", "tenant", "user", "group", "campaign"] = "tenant"
|
||||
scope_id: str | None = None
|
||||
credential_mode: Literal["none", "anonymous", "basic", "token", "secret_ref"] = "none"
|
||||
credentials: FileConnectorProfileCredentialsRequest = Field(default_factory=FileConnectorProfileCredentialsRequest)
|
||||
policy: dict[str, Any] = Field(default_factory=dict)
|
||||
metadata: dict[str, Any] = Field(default_factory=dict)
|
||||
|
||||
|
||||
class FileConnectorCredentialUpdateRequest(BaseModel):
|
||||
label: str | None = None
|
||||
provider: Literal["seafile", "nextcloud", "webdav", "smb", "nfs", "dms", "generic"] | None = None
|
||||
enabled: bool | None = None
|
||||
credential_mode: Literal["none", "anonymous", "basic", "token", "secret_ref"] | None = None
|
||||
credentials: FileConnectorProfileCredentialsRequest | None = None
|
||||
clear_password: bool = False
|
||||
clear_token: bool = False
|
||||
policy: dict[str, Any] | None = None
|
||||
metadata: dict[str, Any] | None = None
|
||||
|
||||
|
||||
class FileConnectorProviderResponse(BaseModel):
|
||||
provider: str
|
||||
label: str
|
||||
protocol: str
|
||||
implemented: bool
|
||||
installed: bool
|
||||
browse_supported: bool
|
||||
import_supported: bool
|
||||
optional_dependency: str | None = None
|
||||
permission_model: str
|
||||
sync_strategy: str
|
||||
conflict_strategy: str
|
||||
preview_strategy: str
|
||||
audit_events: list[str] = Field(default_factory=list)
|
||||
notes: str | None = None
|
||||
|
||||
|
||||
class FileConnectorProvidersResponse(BaseModel):
|
||||
providers: list[FileConnectorProviderResponse]
|
||||
|
||||
|
||||
class FileConnectorBrowseItem(BaseModel):
|
||||
kind: Literal["library", "folder", "file"]
|
||||
name: str
|
||||
path: str
|
||||
external_id: str | None = None
|
||||
external_url: str | None = None
|
||||
size_bytes: int | None = None
|
||||
content_type: str | None = None
|
||||
modified_at: str | None = None
|
||||
etag: str | None = None
|
||||
metadata: dict[str, Any] = Field(default_factory=dict)
|
||||
|
||||
|
||||
class FileConnectorBrowseResponse(BaseModel):
|
||||
profile_id: str
|
||||
provider: str
|
||||
path: str = ""
|
||||
library_id: str | None = None
|
||||
read_only: bool = True
|
||||
decision: dict[str, Any]
|
||||
items: list[FileConnectorBrowseItem]
|
||||
|
||||
|
||||
class FileConnectorImportRequest(BaseModel):
|
||||
library_id: str
|
||||
path: str
|
||||
owner_type: Literal["user", "group"] = "user"
|
||||
owner_id: str | None = None
|
||||
target_folder: str | None = None
|
||||
target_path: str | None = None
|
||||
campaign_id: str | None = None
|
||||
conflict_strategy: Literal["reject", "overwrite", "rename"] = "reject"
|
||||
source_revision: str | None = None
|
||||
metadata: dict[str, Any] = Field(default_factory=dict)
|
||||
|
||||
|
||||
class FileConnectorSyncResponse(BaseModel):
|
||||
file: FileAssetResponse
|
||||
action: Literal["created", "updated", "unchanged"]
|
||||
previous_version_id: str | None = None
|
||||
current_version_id: str
|
||||
|
||||
|
||||
class BulkDeleteRequest(BaseModel):
|
||||
file_ids: list[str]
|
||||
|
||||
@@ -113,11 +452,23 @@ class FileShareRequest(BaseModel):
|
||||
permission: Literal["read", "write", "manage"] = "read"
|
||||
|
||||
|
||||
class BulkFileShareRequest(BaseModel):
|
||||
file_ids: list[str] = Field(default_factory=list, max_length=1000)
|
||||
target_type: Literal["user", "group", "campaign", "tenant"]
|
||||
target_id: str
|
||||
permission: Literal["read", "write", "manage"] = "read"
|
||||
|
||||
|
||||
class BulkFileShareResponse(BaseModel):
|
||||
shares: list[FileShareResponse]
|
||||
shared_count: int
|
||||
|
||||
|
||||
class RenameRequest(BaseModel):
|
||||
file_ids: list[str] = Field(default_factory=list)
|
||||
folder_paths: list[str] = Field(default_factory=list)
|
||||
owner_type: Literal["user", "group"] | None = None
|
||||
owner_id: str | None = None
|
||||
owner_type: Literal["user", "group"]
|
||||
owner_id: str
|
||||
mode: Literal["direct", "prefix", "suffix", "replace"]
|
||||
new_name: str | None = None
|
||||
find: str | None = None
|
||||
|
||||
@@ -2,33 +2,50 @@ from __future__ import annotations
|
||||
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from govoplan_core.db.models import Group, UserGroupMembership
|
||||
from govoplan_core.core.access import (
|
||||
CAPABILITY_ACCESS_DIRECTORY,
|
||||
AccessDirectory,
|
||||
GroupRef,
|
||||
)
|
||||
from govoplan_core.core.runtime import get_registry
|
||||
from govoplan_files.backend.storage.common import FileStorageError
|
||||
|
||||
|
||||
def _access_directory() -> AccessDirectory:
|
||||
registry = get_registry()
|
||||
if registry is None or not hasattr(registry, "has_capability") or not registry.has_capability(CAPABILITY_ACCESS_DIRECTORY):
|
||||
raise FileStorageError("Access directory capability is not configured")
|
||||
capability = registry.require_capability(CAPABILITY_ACCESS_DIRECTORY)
|
||||
if not isinstance(capability, AccessDirectory):
|
||||
raise FileStorageError("Access directory capability is invalid")
|
||||
return capability
|
||||
|
||||
|
||||
def group_refs_for_ids(*, tenant_id: str, group_ids: list[str]) -> list[GroupRef]:
|
||||
if not group_ids:
|
||||
return []
|
||||
groups = _access_directory().get_groups(group_ids)
|
||||
return sorted(
|
||||
[group for group in groups.values() if group.tenant_id == tenant_id],
|
||||
key=lambda group: group.name.casefold(),
|
||||
)
|
||||
|
||||
|
||||
def user_group_ids(session: Session, *, tenant_id: str, user_id: str, include_admin_groups: bool = False) -> list[str]:
|
||||
del session
|
||||
directory = _access_directory()
|
||||
if include_admin_groups:
|
||||
return [row.id for row in session.query(Group).filter(Group.tenant_id == tenant_id).order_by(Group.name.asc()).all()]
|
||||
return [
|
||||
row.group_id
|
||||
for row in session.query(UserGroupMembership)
|
||||
.filter(UserGroupMembership.tenant_id == tenant_id, UserGroupMembership.user_id == user_id)
|
||||
.all()
|
||||
]
|
||||
return [group.id for group in directory.groups_for_tenant(tenant_id)]
|
||||
return [group.id for group in directory.groups_for_user(user_id, tenant_id=tenant_id)]
|
||||
|
||||
|
||||
def ensure_group_access(session: Session, *, tenant_id: str, group_id: str, user_id: str, is_admin: bool = False) -> None:
|
||||
group = session.get(Group, group_id)
|
||||
group = _access_directory().get_group(group_id)
|
||||
if not group or group.tenant_id != tenant_id:
|
||||
raise FileStorageError("Group not found")
|
||||
if is_admin:
|
||||
return
|
||||
membership = (
|
||||
session.query(UserGroupMembership)
|
||||
.filter(UserGroupMembership.tenant_id == tenant_id, UserGroupMembership.user_id == user_id, UserGroupMembership.group_id == group_id)
|
||||
.one_or_none()
|
||||
)
|
||||
if membership is None:
|
||||
if group_id not in user_group_ids(session, tenant_id=tenant_id, user_id=user_id):
|
||||
raise FileStorageError("No access to this group file space")
|
||||
|
||||
|
||||
@@ -42,3 +59,21 @@ def ensure_owner_access(session: Session, *, tenant_id: str, owner_type: str, ow
|
||||
ensure_group_access(session, tenant_id=tenant_id, group_id=owner_id, user_id=user_id, is_admin=is_admin)
|
||||
return
|
||||
raise FileStorageError("Files must be owned by a user or group")
|
||||
|
||||
|
||||
def ensure_share_target_exists(*, tenant_id: str, target_type: str, target_id: str) -> None:
|
||||
target_type = target_type.lower().strip()
|
||||
if target_type == "user":
|
||||
user = _access_directory().get_user(target_id)
|
||||
if not user or user.tenant_id != tenant_id or user.status != "active":
|
||||
raise FileStorageError("User not found")
|
||||
return
|
||||
if target_type == "group":
|
||||
group = _access_directory().get_group(target_id)
|
||||
if not group or group.tenant_id != tenant_id or group.status != "active":
|
||||
raise FileStorageError("Group not found")
|
||||
return
|
||||
if target_type == "tenant":
|
||||
if target_id != tenant_id:
|
||||
raise FileStorageError("Tenant not found")
|
||||
return
|
||||
|
||||
@@ -3,15 +3,16 @@ from __future__ import annotations
|
||||
import mimetypes
|
||||
import zipfile
|
||||
from io import BytesIO
|
||||
from os import PathLike
|
||||
from pathlib import Path
|
||||
from typing import Iterable
|
||||
from typing import Any, Iterable
|
||||
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from govoplan_files.backend.db.models import FileAsset
|
||||
from govoplan_files.backend.storage.common import FileConflictResolution, FileStorageError, UploadedStoredFile
|
||||
from govoplan_files.backend.storage.backends import StorageBackendError, get_storage_backend
|
||||
from govoplan_files.backend.storage.files import create_file_asset, current_version_and_blob
|
||||
from govoplan_files.backend.storage.files import create_file_asset, current_versions_and_blobs
|
||||
from govoplan_files.backend.storage.paths import filename_from_path, normalize_folder, normalize_logical_path
|
||||
|
||||
|
||||
@@ -45,9 +46,11 @@ def _read_zip_member(
|
||||
|
||||
def create_zip_file(session: Session, assets: Iterable[FileAsset], output_path: str | Path) -> None:
|
||||
backend = get_storage_backend()
|
||||
asset_list = list(assets)
|
||||
version_blobs = current_versions_and_blobs(session, asset_list)
|
||||
with zipfile.ZipFile(output_path, mode="w", compression=zipfile.ZIP_DEFLATED) as archive:
|
||||
for asset in assets:
|
||||
_version, blob = current_version_and_blob(session, asset)
|
||||
for asset in asset_list:
|
||||
_version, blob = version_blobs[asset.id]
|
||||
info = zipfile.ZipInfo(asset.display_path)
|
||||
info.compress_type = zipfile.ZIP_DEFLATED
|
||||
with archive.open(info, "w") as member:
|
||||
@@ -66,11 +69,12 @@ def extract_zip_upload(
|
||||
owner_type: str,
|
||||
owner_id: str,
|
||||
user_id: str,
|
||||
zip_data: bytes,
|
||||
zip_data: bytes | str | PathLike[str],
|
||||
folder: str | None,
|
||||
campaign_id: str | None,
|
||||
conflict_strategy: str = "reject",
|
||||
conflict_resolutions: Iterable[FileConflictResolution] | None = None,
|
||||
metadata: dict[str, Any] | None = None,
|
||||
is_admin: bool = False,
|
||||
max_files: int = 1000,
|
||||
max_file_bytes: int = 50 * 1024 * 1024,
|
||||
@@ -80,7 +84,8 @@ def extract_zip_upload(
|
||||
total = 0
|
||||
base_folder = normalize_folder(folder)
|
||||
try:
|
||||
with zipfile.ZipFile(BytesIO(zip_data)) as archive:
|
||||
source = BytesIO(zip_data) if isinstance(zip_data, bytes) else zip_data
|
||||
with zipfile.ZipFile(source) as archive:
|
||||
infos = [info for info in archive.infolist() if not info.is_dir()]
|
||||
if len(infos) > max_files:
|
||||
raise FileStorageError(f"ZIP contains too many files (limit {max_files})")
|
||||
@@ -113,6 +118,7 @@ def extract_zip_upload(
|
||||
data=data,
|
||||
display_path=target_path,
|
||||
content_type=mimetypes.guess_type(inner_path)[0] or "application/octet-stream",
|
||||
metadata=metadata,
|
||||
campaign_id=campaign_id,
|
||||
conflict_strategy=conflict_strategy,
|
||||
conflict_resolutions=conflict_resolutions,
|
||||
|
||||
@@ -4,8 +4,6 @@ from dataclasses import dataclass, field
|
||||
from pathlib import Path
|
||||
from typing import Iterable, Protocol
|
||||
|
||||
import boto3
|
||||
|
||||
from govoplan_files.backend.runtime import settings
|
||||
|
||||
|
||||
@@ -94,6 +92,10 @@ class S3StorageBackend:
|
||||
|
||||
@property
|
||||
def client(self):
|
||||
try:
|
||||
import boto3
|
||||
except ModuleNotFoundError as exc:
|
||||
raise StorageBackendError("boto3 is required for the S3 storage backend") from exc
|
||||
return boto3.client(
|
||||
"s3",
|
||||
endpoint_url=self.endpoint_url,
|
||||
|
||||
@@ -13,8 +13,11 @@ from typing import Any, Iterator
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from govoplan_files.backend.db.models import FileAsset
|
||||
from govoplan_files.backend.storage.files import current_version_and_blob, list_assets_for_user, read_asset_bytes
|
||||
from govoplan_files.backend.storage.backends import StorageBackendError, get_storage_backend
|
||||
from govoplan_files.backend.storage.common import FileStorageError
|
||||
from govoplan_files.backend.storage.files import current_versions_and_blobs, list_assets_for_user
|
||||
from govoplan_files.backend.storage.paths import normalize_folder, normalize_logical_path, safe_storage_component
|
||||
from govoplan_files.backend.storage.provenance import source_provenance_from_metadata, source_revision_from_metadata
|
||||
|
||||
|
||||
MANAGED_SOURCE_PREFIX = "managed:"
|
||||
@@ -34,10 +37,16 @@ class ManagedAttachmentFile:
|
||||
checksum_sha256: str
|
||||
size_bytes: int
|
||||
content_type: str | None
|
||||
source_provenance: dict[str, Any] | None = None
|
||||
source_revision: str | None = None
|
||||
|
||||
def as_dict(self) -> dict[str, Any]:
|
||||
payload = asdict(self)
|
||||
payload.pop("local_path", None)
|
||||
if payload.get("source_provenance") is None:
|
||||
payload.pop("source_provenance", None)
|
||||
if payload.get("source_revision") is None:
|
||||
payload.pop("source_revision", None)
|
||||
return payload
|
||||
|
||||
|
||||
@@ -172,6 +181,8 @@ def prepare_campaign_snapshot(
|
||||
owner_id = _asset_owner_id(asset)
|
||||
if owner_id:
|
||||
assets_by_owner[(asset.owner_type, owner_id)].append(asset)
|
||||
version_blobs = current_versions_and_blobs(session, shared_assets)
|
||||
backend = get_storage_backend() if include_bytes else None
|
||||
|
||||
manifest: dict[str, ManagedAttachmentFile] = {}
|
||||
prepared_by_id: dict[str, tuple[str, str]] = {}
|
||||
@@ -206,11 +217,14 @@ def prepare_campaign_snapshot(
|
||||
continue
|
||||
target = _safe_local_target(local_root, relative_path)
|
||||
target.parent.mkdir(parents=True, exist_ok=True)
|
||||
version, blob = version_blobs[asset.id]
|
||||
if include_bytes:
|
||||
data, version, blob = read_asset_bytes(session, asset)
|
||||
try:
|
||||
data = backend.get_bytes(blob.storage_key) if backend else b""
|
||||
except StorageBackendError as exc:
|
||||
raise FileStorageError(str(exc)) from exc
|
||||
target.write_bytes(data)
|
||||
else:
|
||||
version, blob = current_version_and_blob(session, asset)
|
||||
target.touch()
|
||||
local_key = str(target.resolve())
|
||||
manifest[local_key] = ManagedAttachmentFile(
|
||||
@@ -226,6 +240,8 @@ def prepare_campaign_snapshot(
|
||||
checksum_sha256=blob.checksum_sha256,
|
||||
size_bytes=blob.size_bytes,
|
||||
content_type=blob.content_type,
|
||||
source_provenance=source_provenance_from_metadata(asset.metadata_),
|
||||
source_revision=source_revision_from_metadata(asset.metadata_),
|
||||
)
|
||||
|
||||
for rule in _iter_rule_dicts(attachments, prepared_json):
|
||||
|
||||
@@ -2,14 +2,15 @@ from __future__ import annotations
|
||||
|
||||
from collections import defaultdict
|
||||
from pathlib import PurePosixPath
|
||||
from typing import Iterable
|
||||
from typing import Any, Iterable
|
||||
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from govoplan_campaign.backend.db.models import CampaignJob
|
||||
from govoplan_files.backend.db.models import CampaignAttachmentUse, FileAsset, FileBlob, FileVersion
|
||||
from govoplan_files.backend.storage.common import utcnow
|
||||
from govoplan_files.backend.storage.files import current_version_and_blob, list_assets_for_user
|
||||
from govoplan_files.backend.storage.files import current_versions_and_blobs, list_assets_for_user
|
||||
|
||||
CampaignJobLike = Any
|
||||
|
||||
|
||||
def _candidate_match_keys(raw_match: str) -> set[str]:
|
||||
@@ -27,7 +28,7 @@ def _attachment_use_key(*, job_id: str, file_version_id: str, filename_used: str
|
||||
return job_id, file_version_id, filename_used, stage
|
||||
|
||||
|
||||
def _known_use_keys_for_jobs(session: Session, jobs: Iterable[CampaignJob], *, stage: str) -> set[AttachmentUseKey]:
|
||||
def _known_use_keys_for_jobs(session: Session, jobs: Iterable[CampaignJobLike], *, stage: str) -> set[AttachmentUseKey]:
|
||||
job_ids = {job.id for job in jobs if job.id}
|
||||
if not job_ids:
|
||||
return set()
|
||||
@@ -70,13 +71,13 @@ def _known_use_keys_for_jobs(session: Session, jobs: Iterable[CampaignJob], *, s
|
||||
return keys
|
||||
|
||||
|
||||
def _known_use_keys(session: Session, job: CampaignJob, *, stage: str) -> set[AttachmentUseKey]:
|
||||
def _known_use_keys(session: Session, job: CampaignJobLike, *, stage: str) -> set[AttachmentUseKey]:
|
||||
return _known_use_keys_for_jobs(session, [job], stage=stage)
|
||||
|
||||
|
||||
def _add_use(
|
||||
session: Session,
|
||||
job: CampaignJob,
|
||||
job: CampaignJobLike,
|
||||
*,
|
||||
asset: FileAsset,
|
||||
version: FileVersion,
|
||||
@@ -116,7 +117,7 @@ def _add_use(
|
||||
|
||||
def record_campaign_attachment_uses_for_jobs(
|
||||
session: Session,
|
||||
jobs: Iterable[CampaignJob],
|
||||
jobs: Iterable[CampaignJobLike],
|
||||
*,
|
||||
stage: str = "built",
|
||||
) -> None:
|
||||
@@ -202,6 +203,7 @@ def record_campaign_attachment_uses_for_jobs(
|
||||
)
|
||||
|
||||
assets_by_campaign: dict[tuple[str, str], dict[str, FileAsset]] = {}
|
||||
version_blobs_by_campaign: dict[tuple[str, str], dict[str, tuple[FileVersion, FileBlob]]] = {}
|
||||
for job_id, attachments in fallback_attachments_by_job.items():
|
||||
job = job_by_id[job_id]
|
||||
campaign_key = (job.tenant_id, job.campaign_id)
|
||||
@@ -219,6 +221,8 @@ def record_campaign_attachment_uses_for_jobs(
|
||||
by_key[asset.display_path.strip("/")] = asset
|
||||
by_key.setdefault(asset.filename, asset)
|
||||
assets_by_campaign[campaign_key] = by_key
|
||||
version_blobs_by_campaign[campaign_key] = current_versions_and_blobs(session, assets)
|
||||
version_blobs = version_blobs_by_campaign[campaign_key]
|
||||
|
||||
for attachment in attachments:
|
||||
matches = attachment.get("matches") if isinstance(attachment.get("matches"), list) else []
|
||||
@@ -228,7 +232,10 @@ def record_campaign_attachment_uses_for_jobs(
|
||||
asset = next((by_key[key] for key in _candidate_match_keys(raw) if key in by_key), None)
|
||||
if not asset:
|
||||
continue
|
||||
version, blob = current_version_and_blob(session, asset)
|
||||
version_blob = version_blobs.get(asset.id)
|
||||
if not version_blob:
|
||||
continue
|
||||
version, blob = version_blob
|
||||
_add_use(
|
||||
session,
|
||||
job,
|
||||
@@ -241,13 +248,13 @@ def record_campaign_attachment_uses_for_jobs(
|
||||
)
|
||||
|
||||
|
||||
def record_campaign_attachment_uses_for_job(session: Session, job: CampaignJob, *, stage: str = "built") -> None:
|
||||
def record_campaign_attachment_uses_for_job(session: Session, job: CampaignJobLike, *, stage: str = "built") -> None:
|
||||
"""Record immutable managed file versions used by one built/sent job."""
|
||||
|
||||
record_campaign_attachment_uses_for_jobs(session, [job], stage=stage)
|
||||
|
||||
|
||||
def mark_job_attachment_uses_sent(session: Session, job: CampaignJob) -> None:
|
||||
def mark_job_attachment_uses_sent(session: Session, job: CampaignJobLike) -> None:
|
||||
record_campaign_attachment_uses_for_job(session, job, stage="built")
|
||||
# Sessions use autoflush=False. Flush any compatibility-built evidence so
|
||||
# the following query can copy it to the sent stage in the same call.
|
||||
|
||||
600
src/govoplan_files/backend/storage/connector_browse.py
Normal file
600
src/govoplan_files/backend/storage/connector_browse.py
Normal file
@@ -0,0 +1,600 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import os
|
||||
from collections.abc import Mapping
|
||||
from dataclasses import dataclass, field
|
||||
from datetime import datetime, timezone
|
||||
from email.utils import parsedate_to_datetime
|
||||
from importlib import import_module
|
||||
import mimetypes
|
||||
from typing import Any
|
||||
from urllib.parse import quote, unquote, urljoin, urlsplit
|
||||
import xml.etree.ElementTree as ET
|
||||
|
||||
import httpx
|
||||
|
||||
from govoplan_files.backend.storage.connector_profiles import ConnectorProfile
|
||||
|
||||
|
||||
class ConnectorBrowseError(RuntimeError):
|
||||
pass
|
||||
|
||||
|
||||
class ConnectorBrowseUnsupported(ConnectorBrowseError):
|
||||
pass
|
||||
|
||||
|
||||
@dataclass(frozen=True, slots=True)
|
||||
class ConnectorBrowseItem:
|
||||
kind: str
|
||||
name: str
|
||||
path: str
|
||||
external_id: str | None = None
|
||||
external_url: str | None = None
|
||||
size_bytes: int | None = None
|
||||
content_type: str | None = None
|
||||
modified_at: str | None = None
|
||||
etag: str | None = None
|
||||
metadata: Mapping[str, Any] = field(default_factory=dict)
|
||||
|
||||
def to_response(self) -> dict[str, Any]:
|
||||
return {
|
||||
"kind": self.kind,
|
||||
"name": self.name,
|
||||
"path": self.path,
|
||||
"external_id": self.external_id,
|
||||
"external_url": self.external_url,
|
||||
"size_bytes": self.size_bytes,
|
||||
"content_type": self.content_type,
|
||||
"modified_at": self.modified_at,
|
||||
"etag": self.etag,
|
||||
"metadata": dict(self.metadata),
|
||||
}
|
||||
|
||||
|
||||
def browse_connector_profile(profile: ConnectorProfile, *, path: str | None = None, library_id: str | None = None) -> list[ConnectorBrowseItem]:
|
||||
browse_path = normalize_connector_browse_path(path)
|
||||
static_items = _static_listing(profile, path=browse_path, library_id=library_id)
|
||||
if static_items is not None:
|
||||
return static_items
|
||||
if profile.provider == "seafile":
|
||||
if _metadata_string(profile, "browse_protocol") == "webdav" or _metadata_string(profile, "webdav_endpoint_url"):
|
||||
return _browse_webdav(profile, path=browse_path)
|
||||
return _browse_seafile(profile, path=browse_path, library_id=library_id)
|
||||
if profile.provider in {"webdav", "nextcloud"} or _metadata_string(profile, "browse_protocol") == "webdav":
|
||||
return _browse_webdav(profile, path=browse_path)
|
||||
if profile.provider == "smb":
|
||||
return _browse_smb(profile, path=browse_path)
|
||||
raise ConnectorBrowseUnsupported(f"Read-only browsing is not implemented for {profile.provider} connector profiles yet")
|
||||
|
||||
|
||||
def parse_webdav_multistatus(*, root_url: str, current_path: str, payload: str | bytes) -> list[ConnectorBrowseItem]:
|
||||
try:
|
||||
root = ET.fromstring(payload)
|
||||
except ET.ParseError as exc:
|
||||
raise ConnectorBrowseError("Connector returned invalid WebDAV XML") from exc
|
||||
root_path = _url_path_root(root_url)
|
||||
current = normalize_connector_browse_path(current_path)
|
||||
items: list[ConnectorBrowseItem] = []
|
||||
for response in root.findall("{DAV:}response"):
|
||||
href = response.findtext("{DAV:}href")
|
||||
if not href:
|
||||
continue
|
||||
relative_path = _relative_href_path(root_path, href)
|
||||
if relative_path == current:
|
||||
continue
|
||||
if current and not relative_path.startswith(current.rstrip("/") + "/"):
|
||||
continue
|
||||
parent = relative_path.rsplit("/", 1)[0] if "/" in relative_path else ""
|
||||
if parent != current:
|
||||
continue
|
||||
prop = _webdav_prop(response)
|
||||
is_collection = prop.find("{DAV:}resourcetype/{DAV:}collection") is not None if prop is not None else False
|
||||
name = _webdav_display_name(prop) or _path_name(relative_path)
|
||||
if not name:
|
||||
continue
|
||||
items.append(
|
||||
ConnectorBrowseItem(
|
||||
kind="folder" if is_collection else "file",
|
||||
name=name,
|
||||
path=relative_path,
|
||||
external_id=_text(prop, "{DAV:}getetag") or relative_path,
|
||||
size_bytes=None if is_collection else _int(_text(prop, "{DAV:}getcontentlength")),
|
||||
content_type=None if is_collection else _text(prop, "{DAV:}getcontenttype"),
|
||||
modified_at=_http_date(_text(prop, "{DAV:}getlastmodified")),
|
||||
etag=_text(prop, "{DAV:}getetag"),
|
||||
)
|
||||
)
|
||||
return sorted(items, key=lambda item: (item.kind != "library", item.kind != "folder", item.name.casefold(), item.path.casefold()))
|
||||
|
||||
|
||||
def seafile_libraries_from_payload(payload: object) -> list[ConnectorBrowseItem]:
|
||||
if not isinstance(payload, list):
|
||||
raise ConnectorBrowseError("Seafile library response must be a list")
|
||||
libraries = [_seafile_library_item(item) for item in payload if isinstance(item, Mapping)]
|
||||
return sorted(libraries, key=lambda item: item.name.casefold())
|
||||
|
||||
|
||||
def seafile_directory_items_from_payload(payload: object, *, path: str | None = None) -> list[ConnectorBrowseItem]:
|
||||
if payload == "uptodate":
|
||||
return []
|
||||
if not isinstance(payload, list):
|
||||
raise ConnectorBrowseError("Seafile directory response must be a list")
|
||||
browse_path = normalize_connector_browse_path(path)
|
||||
items = [_seafile_directory_item(item, parent_path=browse_path) for item in payload if isinstance(item, Mapping)]
|
||||
return sorted(items, key=lambda item: (item.kind != "folder", item.name.casefold(), item.path.casefold()))
|
||||
|
||||
|
||||
def _browse_seafile(profile: ConnectorProfile, *, path: str, library_id: str | None) -> list[ConnectorBrowseItem]:
|
||||
repo_id, dir_path = _seafile_repo_and_path(path=path, library_id=library_id)
|
||||
headers = _seafile_headers(profile)
|
||||
if not repo_id:
|
||||
payload = _request_json("GET", _seafile_url(profile, "api2/repos/"), headers=headers)
|
||||
return seafile_libraries_from_payload(payload)
|
||||
payload = _request_json(
|
||||
"GET",
|
||||
_seafile_url(profile, f"api2/repos/{quote(repo_id, safe='')}/dir/"),
|
||||
headers=headers,
|
||||
params={"p": "/" + dir_path if dir_path else "/"},
|
||||
)
|
||||
return seafile_directory_items_from_payload(payload, path=dir_path)
|
||||
|
||||
|
||||
def _browse_webdav(profile: ConnectorProfile, *, path: str) -> list[ConnectorBrowseItem]:
|
||||
root_url = _metadata_string(profile, "webdav_endpoint_url") or profile.endpoint_url
|
||||
if not root_url:
|
||||
raise ConnectorBrowseError("Connector profile does not define an endpoint URL")
|
||||
url = _webdav_url(root_url, path)
|
||||
headers = {"Depth": "1", "Content-Type": "application/xml; charset=utf-8"}
|
||||
auth: tuple[str, str] | None = None
|
||||
password = _profile_password(profile)
|
||||
token = _profile_token(profile)
|
||||
if profile.username and password:
|
||||
auth = (profile.username, password)
|
||||
elif token:
|
||||
headers["Authorization"] = f"Bearer {token}"
|
||||
elif profile.credential_mode.casefold() not in {"", "none", "anonymous"} and profile.secret_ref:
|
||||
raise ConnectorBrowseError("Secret-ref connector credentials need a runtime secret resolver before live browsing")
|
||||
body = """<?xml version="1.0" encoding="utf-8"?>
|
||||
<propfind xmlns="DAV:">
|
||||
<prop>
|
||||
<displayname />
|
||||
<resourcetype />
|
||||
<getcontentlength />
|
||||
<getcontenttype />
|
||||
<getlastmodified />
|
||||
<getetag />
|
||||
</prop>
|
||||
</propfind>"""
|
||||
try:
|
||||
response = httpx.request("PROPFIND", url, headers=headers, content=body, auth=auth, timeout=15.0)
|
||||
except httpx.HTTPError as exc:
|
||||
raise ConnectorBrowseError(f"Connector browse failed: {exc}") from exc
|
||||
if response.status_code in {401, 403}:
|
||||
raise ConnectorBrowseError("Connector credentials were rejected")
|
||||
if response.status_code not in {200, 207}:
|
||||
raise ConnectorBrowseError(f"Connector browse failed with HTTP {response.status_code}")
|
||||
return parse_webdav_multistatus(root_url=root_url, current_path=path, payload=response.text)
|
||||
|
||||
|
||||
def _browse_smb(profile: ConnectorProfile, *, path: str) -> list[ConnectorBrowseItem]:
|
||||
location = _smb_location(profile)
|
||||
unc_path = _smb_unc_path(location, path)
|
||||
smbclient = _smbclient_module()
|
||||
try:
|
||||
entries = smbclient.scandir(unc_path, **_smb_client_kwargs(profile, location))
|
||||
except Exception as exc: # pragma: no cover - concrete exception types are dependency-version specific
|
||||
raise ConnectorBrowseError(f"SMB connector browse failed: {exc}") from exc
|
||||
items: list[ConnectorBrowseItem] = []
|
||||
try:
|
||||
with entries as iterator:
|
||||
for entry in iterator:
|
||||
name = _clean(getattr(entry, "name", None))
|
||||
if not name or name in {".", ".."}:
|
||||
continue
|
||||
try:
|
||||
is_dir = bool(entry.is_dir())
|
||||
except Exception:
|
||||
is_dir = False
|
||||
stat_result = _smb_entry_stat(entry)
|
||||
item_path = _join_browse_path(path, name)
|
||||
items.append(
|
||||
ConnectorBrowseItem(
|
||||
kind="folder" if is_dir else "file",
|
||||
name=name,
|
||||
path=item_path,
|
||||
external_id=f"{location.share}:{item_path}",
|
||||
size_bytes=None if is_dir else _smb_stat_size(stat_result),
|
||||
content_type=None if is_dir else mimetypes.guess_type(name)[0],
|
||||
modified_at=_smb_stat_modified_at(stat_result),
|
||||
etag=_smb_stat_revision(stat_result),
|
||||
metadata={
|
||||
"share": location.share,
|
||||
**({"server": location.server} if _metadata_bool(profile, "expose_server_metadata", default=False) else {}),
|
||||
},
|
||||
)
|
||||
)
|
||||
except ConnectorBrowseError:
|
||||
raise
|
||||
except Exception as exc: # pragma: no cover - concrete exception types are dependency-version specific
|
||||
raise ConnectorBrowseError(f"SMB connector browse failed: {exc}") from exc
|
||||
return sorted(items, key=lambda item: (item.kind != "folder", item.name.casefold(), item.path.casefold()))
|
||||
|
||||
|
||||
def _seafile_headers(profile: ConnectorProfile) -> dict[str, str]:
|
||||
token = _seafile_token(profile)
|
||||
return {"Authorization": f"Token {token}", "Accept": "application/json"}
|
||||
|
||||
|
||||
def _seafile_token(profile: ConnectorProfile) -> str:
|
||||
token = _profile_token(profile)
|
||||
if token:
|
||||
return token
|
||||
password = _profile_password(profile)
|
||||
if profile.username and password:
|
||||
payload = _request_json(
|
||||
"POST",
|
||||
_seafile_url(profile, "api2/auth-token/"),
|
||||
data={"username": profile.username, "password": password},
|
||||
)
|
||||
if not isinstance(payload, Mapping) or not _clean(payload.get("token")):
|
||||
raise ConnectorBrowseError("Seafile did not return an account token")
|
||||
return _clean(payload.get("token")) or ""
|
||||
if profile.secret_ref:
|
||||
raise ConnectorBrowseError("Secret-ref Seafile credentials need a runtime secret resolver before live browsing")
|
||||
raise ConnectorBrowseError("Seafile connector profiles require token credentials or username plus password credentials")
|
||||
|
||||
|
||||
def _seafile_url(profile: ConnectorProfile, suffix: str) -> str:
|
||||
if not profile.endpoint_url:
|
||||
raise ConnectorBrowseError("Seafile connector profile does not define endpoint_url")
|
||||
return urljoin(profile.endpoint_url.rstrip("/") + "/", suffix.lstrip("/"))
|
||||
|
||||
|
||||
def _request_json(
|
||||
method: str,
|
||||
url: str,
|
||||
*,
|
||||
headers: Mapping[str, str] | None = None,
|
||||
params: Mapping[str, str] | None = None,
|
||||
data: Mapping[str, str] | None = None,
|
||||
) -> object:
|
||||
try:
|
||||
response = httpx.request(method, url, headers=dict(headers or {}), params=params, data=data, timeout=15.0)
|
||||
except httpx.HTTPError as exc:
|
||||
raise ConnectorBrowseError(f"Connector browse failed: {exc}") from exc
|
||||
if response.status_code in {401, 403}:
|
||||
raise ConnectorBrowseError("Connector credentials were rejected")
|
||||
if response.status_code not in {200, 201}:
|
||||
raise ConnectorBrowseError(f"Connector browse failed with HTTP {response.status_code}")
|
||||
try:
|
||||
return response.json()
|
||||
except ValueError as exc:
|
||||
raise ConnectorBrowseError("Connector returned invalid JSON") from exc
|
||||
|
||||
|
||||
def _seafile_repo_and_path(*, path: str, library_id: str | None) -> tuple[str | None, str]:
|
||||
repo_id = _clean(library_id)
|
||||
if repo_id:
|
||||
return repo_id, path
|
||||
if not path:
|
||||
return None, ""
|
||||
first, _, rest = path.partition("/")
|
||||
return first, rest
|
||||
|
||||
|
||||
def _seafile_library_item(value: Mapping[str, Any]) -> ConnectorBrowseItem:
|
||||
repo_id = _clean(value.get("id") or value.get("repo_id"))
|
||||
name = _clean(value.get("name") or value.get("repo_name") or repo_id)
|
||||
if not repo_id or not name:
|
||||
raise ConnectorBrowseError("Seafile library entries require id and name")
|
||||
return ConnectorBrowseItem(
|
||||
kind="library",
|
||||
name=name,
|
||||
path=repo_id,
|
||||
external_id=repo_id,
|
||||
size_bytes=_int(value.get("size") or value.get("repo_size")),
|
||||
modified_at=_timestamp(value.get("mtime")),
|
||||
metadata={
|
||||
key: value[key]
|
||||
for key in ("type", "permission", "encrypted", "owner", "file_count")
|
||||
if key in value
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
def _seafile_directory_item(value: Mapping[str, Any], *, parent_path: str) -> ConnectorBrowseItem:
|
||||
name = _clean(value.get("name") or value.get("obj_name"))
|
||||
if not name:
|
||||
raise ConnectorBrowseError("Seafile directory entries require name")
|
||||
item_type = str(value.get("type") or ("dir" if value.get("is_dir") else "file")).casefold()
|
||||
kind = "folder" if item_type in {"dir", "folder"} else "file"
|
||||
path = _join_browse_path(parent_path, name)
|
||||
content_type = None if kind == "folder" else mimetypes.guess_type(name)[0]
|
||||
return ConnectorBrowseItem(
|
||||
kind=kind,
|
||||
name=name,
|
||||
path=path,
|
||||
external_id=_clean(value.get("id") or value.get("obj_id")),
|
||||
size_bytes=None if kind == "folder" else _int(value.get("size")),
|
||||
content_type=content_type,
|
||||
modified_at=_timestamp(value.get("mtime") or value.get("modified")),
|
||||
etag=_clean(value.get("id") or value.get("obj_id")),
|
||||
metadata={
|
||||
key: value[key]
|
||||
for key in ("permission", "modifier_email", "modifier_name")
|
||||
if key in value
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
def _static_listing(profile: ConnectorProfile, *, path: str, library_id: str | None) -> list[ConnectorBrowseItem] | None:
|
||||
listing = profile.metadata.get("static_listing")
|
||||
if listing is None:
|
||||
return None
|
||||
if isinstance(listing, list):
|
||||
raw_items = listing if path == "" else []
|
||||
elif isinstance(listing, Mapping):
|
||||
key = library_id or path
|
||||
raw_items = listing.get(key)
|
||||
if raw_items is None and key == "":
|
||||
raw_items = listing.get("/")
|
||||
else:
|
||||
raise ConnectorBrowseError("Connector static_listing metadata must be a list or object")
|
||||
if raw_items is None:
|
||||
return []
|
||||
if not isinstance(raw_items, list):
|
||||
raise ConnectorBrowseError("Connector static_listing entries must be lists")
|
||||
return sorted(
|
||||
[_static_item(item, parent_path=path) for item in raw_items if isinstance(item, Mapping)],
|
||||
key=lambda item: (item.kind != "library", item.kind != "folder", item.name.casefold(), item.path.casefold()),
|
||||
)
|
||||
|
||||
|
||||
def _static_item(value: Mapping[str, Any], *, parent_path: str) -> ConnectorBrowseItem:
|
||||
kind = str(value.get("kind") or "file").strip().casefold()
|
||||
if kind not in {"library", "folder", "file"}:
|
||||
raise ConnectorBrowseError("Connector browse items must be library, folder or file")
|
||||
name = str(value.get("name") or value.get("path") or "").strip()
|
||||
if not name:
|
||||
raise ConnectorBrowseError("Connector browse items require name")
|
||||
path = normalize_connector_browse_path(value.get("path"))
|
||||
if not path:
|
||||
path = _join_browse_path(parent_path, name)
|
||||
return ConnectorBrowseItem(
|
||||
kind=kind,
|
||||
name=name,
|
||||
path=path,
|
||||
external_id=_clean(value.get("external_id")),
|
||||
external_url=_clean(value.get("external_url")),
|
||||
size_bytes=_int(value.get("size_bytes")),
|
||||
content_type=_clean(value.get("content_type")),
|
||||
modified_at=_clean(value.get("modified_at")),
|
||||
etag=_clean(value.get("etag")),
|
||||
metadata=value.get("metadata") if isinstance(value.get("metadata"), Mapping) else {},
|
||||
)
|
||||
|
||||
|
||||
def _webdav_url(root_url: str, path: str) -> str:
|
||||
base = root_url if root_url.endswith("/") else root_url + "/"
|
||||
if not path:
|
||||
return base
|
||||
quoted = "/".join(quote(part, safe="") for part in path.split("/") if part)
|
||||
return urljoin(base, quoted + "/")
|
||||
|
||||
|
||||
def _url_path_root(root_url: str) -> str:
|
||||
path = unquote(urlsplit(root_url).path or "/")
|
||||
return path if path.endswith("/") else path + "/"
|
||||
|
||||
|
||||
def _relative_href_path(root_path: str, href: str) -> str:
|
||||
href_path = unquote(urlsplit(href).path or href).strip()
|
||||
if href_path.startswith(root_path):
|
||||
return normalize_connector_browse_path(href_path[len(root_path):])
|
||||
return normalize_connector_browse_path(href_path.rsplit("/", 1)[-1])
|
||||
|
||||
|
||||
def _webdav_prop(response: ET.Element) -> ET.Element:
|
||||
prop = response.find("{DAV:}propstat/{DAV:}prop")
|
||||
if prop is not None:
|
||||
return prop
|
||||
prop = response.find(".//{DAV:}prop")
|
||||
return prop if prop is not None else ET.Element("prop")
|
||||
|
||||
|
||||
def _webdav_display_name(prop: ET.Element | None) -> str | None:
|
||||
return _clean(_text(prop, "{DAV:}displayname"))
|
||||
|
||||
|
||||
def _text(prop: ET.Element | None, tag: str) -> str | None:
|
||||
if prop is None:
|
||||
return None
|
||||
child = prop.find(tag)
|
||||
return child.text.strip() if child is not None and child.text else None
|
||||
|
||||
|
||||
def _http_date(value: str | None) -> str | None:
|
||||
if not value:
|
||||
return None
|
||||
try:
|
||||
return parsedate_to_datetime(value).isoformat()
|
||||
except (TypeError, ValueError):
|
||||
return value
|
||||
|
||||
|
||||
def _timestamp(value: object) -> str | None:
|
||||
number = _int(value)
|
||||
if number is None:
|
||||
return _clean(value)
|
||||
return datetime.fromtimestamp(number, tz=timezone.utc).isoformat()
|
||||
|
||||
|
||||
def _metadata_string(profile: ConnectorProfile, key: str) -> str | None:
|
||||
return _clean(profile.metadata.get(key))
|
||||
|
||||
|
||||
def _metadata_bool(profile: ConnectorProfile, key: str, *, default: bool = False) -> bool:
|
||||
value = profile.metadata.get(key)
|
||||
if value is None:
|
||||
return default
|
||||
if isinstance(value, bool):
|
||||
return value
|
||||
return str(value).strip().casefold() in {"1", "true", "yes", "on"}
|
||||
|
||||
|
||||
def _env_required(name: str, profile_id: str) -> str:
|
||||
value = _clean(os.environ.get(name))
|
||||
if not value:
|
||||
raise ConnectorBrowseError(f"Connector profile {profile_id} is missing required credential environment")
|
||||
return value
|
||||
|
||||
|
||||
def normalize_connector_browse_path(value: object) -> str:
|
||||
if value is None:
|
||||
return ""
|
||||
path = str(value).replace("\\", "/").strip().strip("/")
|
||||
parts = [part for part in path.split("/") if part and part not in {"."}]
|
||||
if any(part == ".." for part in parts):
|
||||
raise ConnectorBrowseError("Connector browse paths cannot contain parent directory segments")
|
||||
return "/".join(parts)
|
||||
|
||||
|
||||
def _join_browse_path(parent: str, name: str) -> str:
|
||||
child = normalize_connector_browse_path(name)
|
||||
if not parent:
|
||||
return child
|
||||
return f"{parent.rstrip('/')}/{child}"
|
||||
|
||||
|
||||
def _path_name(path: str) -> str:
|
||||
return path.rstrip("/").rsplit("/", 1)[-1]
|
||||
|
||||
|
||||
def _int(value: object) -> int | None:
|
||||
if value is None or value == "":
|
||||
return None
|
||||
try:
|
||||
return int(value)
|
||||
except (TypeError, ValueError):
|
||||
return None
|
||||
|
||||
|
||||
def _clean(value: object) -> str | None:
|
||||
if value is None:
|
||||
return None
|
||||
text = str(value).strip()
|
||||
return text or None
|
||||
|
||||
|
||||
@dataclass(frozen=True, slots=True)
|
||||
class _SmbLocation:
|
||||
server: str
|
||||
share: str
|
||||
port: int
|
||||
root_path: str = ""
|
||||
|
||||
|
||||
def _smb_location(profile: ConnectorProfile) -> _SmbLocation:
|
||||
if not profile.endpoint_url:
|
||||
raise ConnectorBrowseError("SMB connector profile does not define endpoint_url")
|
||||
parsed = urlsplit(profile.endpoint_url)
|
||||
if parsed.scheme.casefold() != "smb":
|
||||
raise ConnectorBrowseError("SMB connector endpoint_url must use smb://")
|
||||
server = _clean(parsed.hostname)
|
||||
if not server:
|
||||
raise ConnectorBrowseError("SMB connector endpoint_url must include a server")
|
||||
path_parts = [part for part in unquote(parsed.path or "").strip("/").split("/") if part]
|
||||
if not path_parts:
|
||||
raise ConnectorBrowseError("SMB connector endpoint_url must include a share name")
|
||||
root_parts = path_parts[1:]
|
||||
if profile.base_path:
|
||||
root_parts.extend(normalize_connector_browse_path(profile.base_path).split("/"))
|
||||
return _SmbLocation(
|
||||
server=server,
|
||||
share=path_parts[0],
|
||||
port=parsed.port or _int(profile.metadata.get("port")) or 445,
|
||||
root_path=normalize_connector_browse_path("/".join(root_parts)),
|
||||
)
|
||||
|
||||
|
||||
def _smb_unc_path(location: _SmbLocation, path: str) -> str:
|
||||
parts = [part for part in (location.root_path, normalize_connector_browse_path(path)) if part]
|
||||
suffix = "\\".join(part.replace("/", "\\") for part in parts)
|
||||
base = f"\\\\{location.server}\\{location.share}"
|
||||
return f"{base}\\{suffix}" if suffix else base
|
||||
|
||||
|
||||
def _smb_client_kwargs(profile: ConnectorProfile, location: _SmbLocation) -> dict[str, object]:
|
||||
kwargs: dict[str, object] = {
|
||||
"port": location.port,
|
||||
"require_signing": _metadata_bool(profile, "require_signing", default=True),
|
||||
"auth_protocol": _metadata_string(profile, "auth_protocol") or "ntlm",
|
||||
}
|
||||
if "encrypt" in profile.metadata:
|
||||
kwargs["encrypt"] = _metadata_bool(profile, "encrypt", default=False)
|
||||
password = _profile_password(profile)
|
||||
token = _profile_token(profile)
|
||||
if profile.username and password:
|
||||
kwargs["username"] = profile.username
|
||||
kwargs["password"] = password
|
||||
elif token:
|
||||
raise ConnectorBrowseError("SMB connector profiles do not support bearer-token credentials")
|
||||
elif profile.credential_mode.casefold() not in {"", "none", "anonymous"} and profile.secret_ref:
|
||||
raise ConnectorBrowseError("Secret-ref SMB credentials need a runtime secret resolver before live browsing")
|
||||
return kwargs
|
||||
|
||||
|
||||
def _profile_password(profile: ConnectorProfile) -> str | None:
|
||||
if profile.password_value:
|
||||
return profile.password_value
|
||||
if profile.password_env:
|
||||
return _env_required(profile.password_env, profile.id)
|
||||
return None
|
||||
|
||||
|
||||
def _profile_token(profile: ConnectorProfile) -> str | None:
|
||||
if profile.token_value:
|
||||
return profile.token_value
|
||||
if profile.token_env:
|
||||
return _env_required(profile.token_env, profile.id)
|
||||
return None
|
||||
|
||||
|
||||
def _smbclient_module() -> Any:
|
||||
try:
|
||||
return import_module("smbclient")
|
||||
except ImportError as exc:
|
||||
raise ConnectorBrowseUnsupported("SMB connector browsing requires the optional smbprotocol dependency") from exc
|
||||
|
||||
|
||||
def _smb_entry_stat(entry: object) -> object | None:
|
||||
try:
|
||||
return entry.stat() # type: ignore[attr-defined]
|
||||
except Exception:
|
||||
return None
|
||||
|
||||
|
||||
def _smb_stat_size(stat_result: object | None) -> int | None:
|
||||
return _int(getattr(stat_result, "st_size", None))
|
||||
|
||||
|
||||
def _smb_stat_modified_at(stat_result: object | None) -> str | None:
|
||||
value = getattr(stat_result, "st_mtime", None)
|
||||
if value is None:
|
||||
return None
|
||||
try:
|
||||
return datetime.fromtimestamp(float(value), tz=timezone.utc).isoformat()
|
||||
except (TypeError, ValueError, OSError, OverflowError):
|
||||
return None
|
||||
|
||||
|
||||
def _smb_stat_revision(stat_result: object | None) -> str | None:
|
||||
mtime_ns = getattr(stat_result, "st_mtime_ns", None)
|
||||
size = getattr(stat_result, "st_size", None)
|
||||
if mtime_ns is not None:
|
||||
return f"{mtime_ns}:{size or 0}"
|
||||
modified = getattr(stat_result, "st_mtime", None)
|
||||
if modified is not None:
|
||||
return f"{modified}:{size or 0}"
|
||||
return None
|
||||
340
src/govoplan_files/backend/storage/connector_credential_store.py
Normal file
340
src/govoplan_files/backend/storage/connector_credential_store.py
Normal file
@@ -0,0 +1,340 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from collections.abc import Mapping
|
||||
from dataclasses import dataclass
|
||||
from typing import Any
|
||||
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from govoplan_core.core.policy import normalize_policy_scope_type, policy_source_path
|
||||
from govoplan_core.security.secrets import decrypt_secret, encrypt_secret
|
||||
from govoplan_files.backend.db.models import FileConnectorCredential
|
||||
from govoplan_files.backend.storage.common import FileStorageError
|
||||
from govoplan_files.backend.storage.connector_policy import ConnectorPolicySource, connector_policy_sources_from_payload
|
||||
from govoplan_files.backend.storage.connector_profiles import supported_connector_providers
|
||||
|
||||
|
||||
@dataclass(frozen=True, slots=True)
|
||||
class ConnectorCredential:
|
||||
id: str
|
||||
label: str
|
||||
scope_type: str
|
||||
scope_id: str | None = None
|
||||
provider: str | None = None
|
||||
enabled: bool = True
|
||||
credential_mode: str = "none"
|
||||
username: str | None = None
|
||||
password_env: str | None = None
|
||||
token_env: str | None = None
|
||||
secret_ref: str | None = None
|
||||
password_value: str | None = None
|
||||
token_value: str | None = None
|
||||
policy_sources: tuple[ConnectorPolicySource, ...] = ()
|
||||
metadata: Mapping[str, Any] | None = None
|
||||
source_kind: str = "database"
|
||||
|
||||
@property
|
||||
def source_path(self) -> str:
|
||||
return policy_source_path(self.scope_type, self.scope_id)
|
||||
|
||||
@property
|
||||
def credential_secret_source(self) -> str | None:
|
||||
if self.secret_ref:
|
||||
return "secret_ref"
|
||||
if self.password_value or self.token_value:
|
||||
return "stored"
|
||||
if self.token_env:
|
||||
return "token_env"
|
||||
if self.password_env:
|
||||
return "password_env"
|
||||
return None
|
||||
|
||||
@property
|
||||
def credentials_configured(self) -> bool:
|
||||
if self.credential_mode.casefold() in {"", "none", "anonymous"}:
|
||||
return True
|
||||
return bool(self.secret_ref or self.password_value or self.token_value or self.password_env or self.token_env)
|
||||
|
||||
def to_response(self) -> dict[str, Any]:
|
||||
return {
|
||||
"id": self.id,
|
||||
"label": self.label,
|
||||
"provider": self.provider,
|
||||
"enabled": self.enabled,
|
||||
"scope_type": self.scope_type,
|
||||
"scope_id": self.scope_id,
|
||||
"source_path": self.source_path,
|
||||
"credential_mode": self.credential_mode,
|
||||
"credential_secret_source": self.credential_secret_source,
|
||||
"credentials_configured": self.credentials_configured,
|
||||
"username": self.username,
|
||||
"policy_sources": [_policy_source_response(source) for source in self.policy_sources],
|
||||
"metadata": dict(self.metadata or {}),
|
||||
"source_kind": self.source_kind,
|
||||
}
|
||||
|
||||
|
||||
def list_database_connector_credentials(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
include_disabled: bool = False,
|
||||
) -> list[ConnectorCredential]:
|
||||
return [connector_credential_from_row(row) for row in list_connector_credential_rows(session, tenant_id=tenant_id, include_disabled=include_disabled)]
|
||||
|
||||
|
||||
def list_connector_credential_rows(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
include_disabled: bool = False,
|
||||
) -> list[FileConnectorCredential]:
|
||||
query = session.query(FileConnectorCredential).filter(
|
||||
(FileConnectorCredential.scope_type == "system")
|
||||
| (FileConnectorCredential.tenant_id == tenant_id)
|
||||
)
|
||||
if not include_disabled:
|
||||
query = query.filter(FileConnectorCredential.enabled.is_(True))
|
||||
return query.order_by(FileConnectorCredential.scope_type.asc(), FileConnectorCredential.label.asc()).all()
|
||||
|
||||
|
||||
def connector_credential_from_row(row: FileConnectorCredential) -> ConnectorCredential:
|
||||
policy_sources = []
|
||||
if row.policy:
|
||||
policy_sources = connector_policy_sources_from_payload({
|
||||
"scope_type": row.scope_type,
|
||||
"scope_id": row.scope_id,
|
||||
"label": row.label,
|
||||
"policy": row.policy,
|
||||
})
|
||||
return ConnectorCredential(
|
||||
id=row.id,
|
||||
label=row.label,
|
||||
scope_type=row.scope_type,
|
||||
scope_id=row.scope_id,
|
||||
provider=row.provider,
|
||||
enabled=row.enabled,
|
||||
credential_mode=row.credential_mode,
|
||||
username=row.username,
|
||||
password_env=row.password_env,
|
||||
token_env=row.token_env,
|
||||
secret_ref=row.secret_ref,
|
||||
password_value=decrypt_secret(row.password_encrypted),
|
||||
token_value=decrypt_secret(row.token_encrypted),
|
||||
policy_sources=tuple(policy_sources),
|
||||
metadata=dict(row.metadata_ or {}),
|
||||
)
|
||||
|
||||
|
||||
def get_connector_credential_row(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
credential_id: str,
|
||||
include_disabled: bool = False,
|
||||
) -> FileConnectorCredential:
|
||||
row = session.get(FileConnectorCredential, credential_id)
|
||||
if row is None or (row.scope_type != "system" and row.tenant_id != tenant_id):
|
||||
raise FileStorageError("Connector credential not found")
|
||||
if not include_disabled and not row.enabled:
|
||||
raise FileStorageError("Connector credential not found")
|
||||
return row
|
||||
|
||||
|
||||
def credential_rows_by_id(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
credential_ids: set[str],
|
||||
include_disabled: bool = False,
|
||||
) -> dict[str, FileConnectorCredential]:
|
||||
if not credential_ids:
|
||||
return {}
|
||||
rows = session.query(FileConnectorCredential).filter(FileConnectorCredential.id.in_(credential_ids)).all()
|
||||
result: dict[str, FileConnectorCredential] = {}
|
||||
for row in rows:
|
||||
if row.scope_type != "system" and row.tenant_id != tenant_id:
|
||||
continue
|
||||
if not include_disabled and not row.enabled:
|
||||
continue
|
||||
result[row.id] = row
|
||||
return result
|
||||
|
||||
|
||||
def create_connector_credential_row(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
user_id: str | None,
|
||||
credential_id: str,
|
||||
label: str,
|
||||
scope_type: str,
|
||||
scope_id: str | None = None,
|
||||
provider: str | None = None,
|
||||
enabled: bool = True,
|
||||
credential_mode: str = "none",
|
||||
username: str | None = None,
|
||||
password: str | None = None,
|
||||
token: str | None = None,
|
||||
password_env: str | None = None,
|
||||
token_env: str | None = None,
|
||||
secret_ref: str | None = None,
|
||||
policy: Mapping[str, Any] | None = None,
|
||||
metadata: Mapping[str, Any] | None = None,
|
||||
) -> FileConnectorCredential:
|
||||
clean_id = _normalize_id(credential_id)
|
||||
if session.get(FileConnectorCredential, clean_id) is not None:
|
||||
raise FileStorageError(f"Connector credential already exists: {clean_id}")
|
||||
clean_scope_type, clean_scope_id, row_tenant_id = _normalize_scope(tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id)
|
||||
row = FileConnectorCredential(
|
||||
id=clean_id,
|
||||
tenant_id=row_tenant_id,
|
||||
scope_type=clean_scope_type,
|
||||
scope_id=clean_scope_id,
|
||||
label=_normalize_label(label),
|
||||
provider=_normalize_provider(provider),
|
||||
enabled=bool(enabled),
|
||||
credential_mode=_normalize_credential_mode(credential_mode),
|
||||
username=_clean(username),
|
||||
password_encrypted=encrypt_secret(_clean(password)),
|
||||
token_encrypted=encrypt_secret(_clean(token)),
|
||||
password_env=_clean(password_env),
|
||||
token_env=_clean(token_env),
|
||||
secret_ref=_clean(secret_ref),
|
||||
policy=dict(policy or {}),
|
||||
metadata_=dict(metadata or {}),
|
||||
created_by_user_id=user_id,
|
||||
updated_by_user_id=user_id,
|
||||
)
|
||||
session.add(row)
|
||||
session.flush()
|
||||
return row
|
||||
|
||||
|
||||
def update_connector_credential_row(
|
||||
session: Session,
|
||||
row: FileConnectorCredential,
|
||||
*,
|
||||
user_id: str | None,
|
||||
label: str | None = None,
|
||||
provider: str | None = None,
|
||||
enabled: bool | None = None,
|
||||
credential_mode: str | None = None,
|
||||
username: str | None = None,
|
||||
password: str | None = None,
|
||||
token: str | None = None,
|
||||
password_env: str | None = None,
|
||||
token_env: str | None = None,
|
||||
secret_ref: str | None = None,
|
||||
policy: Mapping[str, Any] | None = None,
|
||||
metadata: Mapping[str, Any] | None = None,
|
||||
clear_password: bool = False,
|
||||
clear_token: bool = False,
|
||||
) -> FileConnectorCredential:
|
||||
if label is not None:
|
||||
row.label = _normalize_label(label)
|
||||
if provider is not None:
|
||||
row.provider = _normalize_provider(provider)
|
||||
if enabled is not None:
|
||||
row.enabled = bool(enabled)
|
||||
if credential_mode is not None:
|
||||
row.credential_mode = _normalize_credential_mode(credential_mode)
|
||||
if username is not None:
|
||||
row.username = _clean(username)
|
||||
if password is not None:
|
||||
row.password_encrypted = encrypt_secret(_clean(password))
|
||||
elif clear_password:
|
||||
row.password_encrypted = None
|
||||
if token is not None:
|
||||
row.token_encrypted = encrypt_secret(_clean(token))
|
||||
elif clear_token:
|
||||
row.token_encrypted = None
|
||||
if password_env is not None:
|
||||
row.password_env = _clean(password_env)
|
||||
if token_env is not None:
|
||||
row.token_env = _clean(token_env)
|
||||
if secret_ref is not None:
|
||||
row.secret_ref = _clean(secret_ref)
|
||||
if policy is not None:
|
||||
row.policy = dict(policy)
|
||||
if metadata is not None:
|
||||
row.metadata_ = dict(metadata)
|
||||
row.updated_by_user_id = user_id
|
||||
session.add(row)
|
||||
session.flush()
|
||||
return row
|
||||
|
||||
|
||||
def deactivate_connector_credential_row(session: Session, row: FileConnectorCredential, *, user_id: str | None) -> FileConnectorCredential:
|
||||
row.enabled = False
|
||||
row.updated_by_user_id = user_id
|
||||
session.add(row)
|
||||
session.flush()
|
||||
return row
|
||||
|
||||
|
||||
def _normalize_scope(*, tenant_id: str, scope_type: str, scope_id: str | None) -> tuple[str, str | None, str | None]:
|
||||
clean_scope_type = normalize_policy_scope_type(scope_type)
|
||||
clean_scope_id = _clean(scope_id)
|
||||
if clean_scope_type == "system":
|
||||
return "system", None, None
|
||||
if clean_scope_type == "tenant":
|
||||
return "tenant", tenant_id, tenant_id
|
||||
if clean_scope_type in {"user", "group", "campaign"}:
|
||||
if not clean_scope_id:
|
||||
raise FileStorageError(f"{clean_scope_type.capitalize()} connector credentials require scope_id")
|
||||
return clean_scope_type, clean_scope_id, tenant_id
|
||||
raise FileStorageError("Unsupported connector credential scope")
|
||||
|
||||
|
||||
def _normalize_id(value: str) -> str:
|
||||
clean = _clean(value)
|
||||
if not clean:
|
||||
raise FileStorageError("Connector credential id is required")
|
||||
if len(clean) > 255:
|
||||
raise FileStorageError("Connector credential id is too long")
|
||||
if any(char.isspace() for char in clean):
|
||||
raise FileStorageError("Connector credential id cannot contain whitespace")
|
||||
return clean
|
||||
|
||||
|
||||
def _normalize_label(value: str) -> str:
|
||||
clean = value.strip()
|
||||
if not clean:
|
||||
raise FileStorageError("Connector credential label is required")
|
||||
if len(clean) > 255:
|
||||
raise FileStorageError("Connector credential label is too long")
|
||||
return clean
|
||||
|
||||
|
||||
def _normalize_provider(value: str | None) -> str | None:
|
||||
clean = _clean(value)
|
||||
if clean is None:
|
||||
return None
|
||||
clean = clean.casefold()
|
||||
if clean not in supported_connector_providers():
|
||||
raise FileStorageError(f"Unsupported connector credential provider: {value}")
|
||||
return clean
|
||||
|
||||
|
||||
def _normalize_credential_mode(value: str) -> str:
|
||||
clean = value.strip().casefold() or "none"
|
||||
if clean not in {"none", "anonymous", "basic", "token", "secret_ref"}:
|
||||
raise FileStorageError(f"Unsupported connector credential mode: {value}")
|
||||
return clean
|
||||
|
||||
|
||||
def _policy_source_response(source: ConnectorPolicySource) -> dict[str, Any]:
|
||||
return {
|
||||
"scope_type": source.scope_type,
|
||||
"scope_id": source.scope_id,
|
||||
"label": source.label,
|
||||
"policy": dict(source.policy or {}),
|
||||
}
|
||||
|
||||
|
||||
def _clean(value: object) -> str | None:
|
||||
if value is None:
|
||||
return None
|
||||
text = str(value).strip()
|
||||
return text or None
|
||||
222
src/govoplan_files/backend/storage/connector_imports.py
Normal file
222
src/govoplan_files/backend/storage/connector_imports.py
Normal file
@@ -0,0 +1,222 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from dataclasses import dataclass, field
|
||||
import mimetypes
|
||||
from typing import Any
|
||||
|
||||
import httpx
|
||||
|
||||
from govoplan_files.backend.storage.connector_browse import (
|
||||
ConnectorBrowseError,
|
||||
ConnectorBrowseUnsupported,
|
||||
_clean,
|
||||
_metadata_string,
|
||||
_profile_password,
|
||||
_profile_token,
|
||||
_request_json,
|
||||
_smb_client_kwargs,
|
||||
_smb_location,
|
||||
_smb_stat_modified_at,
|
||||
_smb_stat_revision,
|
||||
_smb_stat_size,
|
||||
_smb_unc_path,
|
||||
_smbclient_module,
|
||||
_seafile_headers,
|
||||
_seafile_url,
|
||||
_webdav_url,
|
||||
normalize_connector_browse_path,
|
||||
)
|
||||
from govoplan_files.backend.storage.connector_profiles import ConnectorProfile
|
||||
from govoplan_files.backend.storage.paths import filename_from_path
|
||||
|
||||
|
||||
class ConnectorImportError(RuntimeError):
|
||||
pass
|
||||
|
||||
|
||||
class ConnectorImportUnsupported(ConnectorImportError):
|
||||
pass
|
||||
|
||||
|
||||
@dataclass(frozen=True, slots=True)
|
||||
class ConnectorDownloadedFile:
|
||||
filename: str
|
||||
data: bytes
|
||||
content_type: str | None = None
|
||||
revision: str | None = None
|
||||
external_id: str | None = None
|
||||
external_url: str | None = None
|
||||
metadata: dict[str, Any] = field(default_factory=dict)
|
||||
|
||||
|
||||
def read_connector_file(
|
||||
profile: ConnectorProfile,
|
||||
*,
|
||||
library_id: str,
|
||||
path: str,
|
||||
max_bytes: int,
|
||||
) -> ConnectorDownloadedFile:
|
||||
if profile.provider == "seafile":
|
||||
if _metadata_string(profile, "browse_protocol") == "webdav" or _metadata_string(profile, "webdav_endpoint_url"):
|
||||
return _read_webdav_file(profile, path=path, max_bytes=max_bytes)
|
||||
return _read_seafile_file(profile, library_id=library_id, path=path, max_bytes=max_bytes)
|
||||
if profile.provider in {"webdav", "nextcloud"}:
|
||||
return _read_webdav_file(profile, path=path, max_bytes=max_bytes)
|
||||
if profile.provider == "smb":
|
||||
return _read_smb_file(profile, path=path, max_bytes=max_bytes)
|
||||
raise ConnectorImportUnsupported(f"Connector file import is not implemented for {profile.provider} profiles yet")
|
||||
|
||||
|
||||
def _read_seafile_file(profile: ConnectorProfile, *, library_id: str, path: str, max_bytes: int) -> ConnectorDownloadedFile:
|
||||
repo_id = _clean(library_id)
|
||||
if not repo_id:
|
||||
raise ConnectorImportError("Seafile import requires library_id")
|
||||
file_path = "/" + normalize_connector_browse_path(path)
|
||||
if file_path == "/":
|
||||
raise ConnectorImportError("Seafile import requires a file path")
|
||||
try:
|
||||
headers = _seafile_headers(profile)
|
||||
detail = _request_json(
|
||||
"GET",
|
||||
_seafile_url(profile, f"api2/repos/{repo_id}/file/detail/"),
|
||||
headers=headers,
|
||||
params={"p": file_path},
|
||||
)
|
||||
if isinstance(detail, dict):
|
||||
size = _int(detail.get("size"))
|
||||
if size is not None and size > max_bytes:
|
||||
raise ConnectorImportError(f"Seafile file exceeds limit of {max_bytes} bytes")
|
||||
download_url = _request_json(
|
||||
"GET",
|
||||
_seafile_url(profile, f"api2/repos/{repo_id}/file/"),
|
||||
headers=headers,
|
||||
params={"p": file_path, "reuse": "1"},
|
||||
)
|
||||
except ConnectorBrowseError as exc:
|
||||
raise ConnectorImportError(str(exc)) from exc
|
||||
if not isinstance(download_url, str) or not download_url.strip():
|
||||
raise ConnectorImportError("Seafile did not return a file download URL")
|
||||
try:
|
||||
response = httpx.request("GET", download_url, timeout=30.0)
|
||||
except httpx.HTTPError as exc:
|
||||
raise ConnectorImportError(f"Seafile file download failed: {exc}") from exc
|
||||
if response.status_code != 200:
|
||||
raise ConnectorImportError(f"Seafile file download failed with HTTP {response.status_code}")
|
||||
data = response.content
|
||||
if len(data) > max_bytes:
|
||||
raise ConnectorImportError(f"Seafile file exceeds limit of {max_bytes} bytes")
|
||||
detail = detail if isinstance(detail, dict) else {}
|
||||
filename = filename_from_path(str(detail.get("name") or path))
|
||||
content_type = response.headers.get("content-type") or mimetypes.guess_type(filename)[0]
|
||||
external_id = f"{repo_id}:{normalize_connector_browse_path(path)}"
|
||||
return ConnectorDownloadedFile(
|
||||
filename=filename,
|
||||
data=data,
|
||||
content_type=content_type,
|
||||
revision=_clean(detail.get("id") or detail.get("mtime") or detail.get("last_modified")),
|
||||
external_id=external_id,
|
||||
external_url=download_url,
|
||||
metadata={
|
||||
"library_id": repo_id,
|
||||
"library_path": normalize_connector_browse_path(path),
|
||||
"size": len(data),
|
||||
**({key: detail[key] for key in ("permission", "last_modified", "mtime", "uploader_email", "last_modifier_email") if key in detail}),
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
def _read_webdav_file(profile: ConnectorProfile, *, path: str, max_bytes: int) -> ConnectorDownloadedFile:
|
||||
root_url = _metadata_string(profile, "webdav_endpoint_url") or profile.endpoint_url
|
||||
if not root_url:
|
||||
raise ConnectorImportError("WebDAV connector profile does not define endpoint_url")
|
||||
file_path = normalize_connector_browse_path(path)
|
||||
if not file_path:
|
||||
raise ConnectorImportError("WebDAV import requires a file path")
|
||||
url = _webdav_url(root_url, file_path).rstrip("/")
|
||||
headers: dict[str, str] = {}
|
||||
auth: tuple[str, str] | None = None
|
||||
password = _profile_password(profile)
|
||||
token = _profile_token(profile)
|
||||
if profile.username and password:
|
||||
auth = (profile.username, password)
|
||||
elif token:
|
||||
headers["Authorization"] = f"Bearer {token}"
|
||||
elif profile.credential_mode.casefold() not in {"", "none", "anonymous"} and profile.secret_ref:
|
||||
raise ConnectorImportError("Secret-ref WebDAV credentials need a runtime secret resolver before live import")
|
||||
try:
|
||||
response = httpx.request("GET", url, headers=headers, auth=auth, timeout=30.0)
|
||||
except httpx.HTTPError as exc:
|
||||
raise ConnectorImportError(f"WebDAV file download failed: {exc}") from exc
|
||||
if response.status_code in {401, 403}:
|
||||
raise ConnectorImportError("Connector credentials were rejected")
|
||||
if response.status_code != 200:
|
||||
raise ConnectorImportError(f"WebDAV file download failed with HTTP {response.status_code}")
|
||||
length = _int(response.headers.get("content-length"))
|
||||
if length is not None and length > max_bytes:
|
||||
raise ConnectorImportError(f"WebDAV file exceeds limit of {max_bytes} bytes")
|
||||
data = response.content
|
||||
if len(data) > max_bytes:
|
||||
raise ConnectorImportError(f"WebDAV file exceeds limit of {max_bytes} bytes")
|
||||
filename = filename_from_path(file_path)
|
||||
revision = _clean(response.headers.get("etag") or response.headers.get("last-modified"))
|
||||
return ConnectorDownloadedFile(
|
||||
filename=filename,
|
||||
data=data,
|
||||
content_type=response.headers.get("content-type") or mimetypes.guess_type(filename)[0],
|
||||
revision=revision,
|
||||
external_id=file_path,
|
||||
external_url=url,
|
||||
metadata={"path": file_path, "size": len(data)},
|
||||
)
|
||||
|
||||
|
||||
def _read_smb_file(profile: ConnectorProfile, *, path: str, max_bytes: int) -> ConnectorDownloadedFile:
|
||||
location = _smb_location(profile)
|
||||
file_path = normalize_connector_browse_path(path)
|
||||
if not file_path:
|
||||
raise ConnectorImportError("SMB import requires a file path")
|
||||
unc_path = _smb_unc_path(location, file_path)
|
||||
try:
|
||||
smbclient = _smbclient_module()
|
||||
kwargs = _smb_client_kwargs(profile, location)
|
||||
stat_result = smbclient.stat(unc_path, **kwargs)
|
||||
size = _smb_stat_size(stat_result)
|
||||
if size is not None and size > max_bytes:
|
||||
raise ConnectorImportError(f"SMB file exceeds limit of {max_bytes} bytes")
|
||||
with smbclient.open_file(unc_path, mode="rb", **kwargs) as handle:
|
||||
data = handle.read(max_bytes + 1)
|
||||
except ConnectorBrowseUnsupported as exc:
|
||||
raise ConnectorImportUnsupported(str(exc)) from exc
|
||||
except ConnectorBrowseError as exc:
|
||||
raise ConnectorImportError(str(exc)) from exc
|
||||
except ConnectorImportError:
|
||||
raise
|
||||
except Exception as exc: # pragma: no cover - concrete exception types are dependency-version specific
|
||||
raise ConnectorImportError(f"SMB file download failed: {exc}") from exc
|
||||
if len(data) > max_bytes:
|
||||
raise ConnectorImportError(f"SMB file exceeds limit of {max_bytes} bytes")
|
||||
filename = filename_from_path(file_path)
|
||||
revision = _smb_stat_revision(stat_result)
|
||||
return ConnectorDownloadedFile(
|
||||
filename=filename,
|
||||
data=data,
|
||||
content_type=mimetypes.guess_type(filename)[0],
|
||||
revision=revision,
|
||||
external_id=f"{location.share}:{file_path}",
|
||||
external_url=f"smb://{location.server}:{location.port}/{location.share}/{file_path}",
|
||||
metadata={
|
||||
"share": location.share,
|
||||
"path": file_path,
|
||||
"size": len(data),
|
||||
"modified_at": _smb_stat_modified_at(stat_result),
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
def _int(value: object) -> int | None:
|
||||
if value is None or value == "":
|
||||
return None
|
||||
try:
|
||||
return int(value)
|
||||
except (TypeError, ValueError):
|
||||
return None
|
||||
310
src/govoplan_files/backend/storage/connector_policy.py
Normal file
310
src/govoplan_files/backend/storage/connector_policy.py
Normal file
@@ -0,0 +1,310 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from collections.abc import Iterable, Mapping
|
||||
from dataclasses import dataclass
|
||||
from fnmatch import fnmatchcase
|
||||
from typing import Any
|
||||
|
||||
from govoplan_core.core.policy import PolicyDecision, PolicySourceStep, normalize_policy_scope_type
|
||||
|
||||
|
||||
_ALLOW_KEYS = ("allow", "allowlist", "whitelist")
|
||||
_DENY_KEYS = ("deny", "denylist", "blacklist")
|
||||
|
||||
_FIELD_ALIASES = {
|
||||
"connectors": ("connectors", "connector_ids", "connector_id"),
|
||||
"credentials": ("credentials", "credential_ids", "credential_id"),
|
||||
"providers": ("providers", "provider"),
|
||||
"external_ids": ("external_ids", "external_id"),
|
||||
"external_paths": ("external_paths", "paths", "path_prefixes", "external_path"),
|
||||
"external_urls": ("external_urls", "urls", "external_url"),
|
||||
}
|
||||
|
||||
CONNECTOR_POLICY_FIELDS = tuple(_FIELD_ALIASES)
|
||||
|
||||
|
||||
class ConnectorPolicyDenied(RuntimeError):
|
||||
def __init__(self, decision: PolicyDecision) -> None:
|
||||
super().__init__(decision.reason or "Connector policy denied")
|
||||
self.decision = decision
|
||||
|
||||
|
||||
@dataclass(frozen=True, slots=True)
|
||||
class ConnectorAccessRequest:
|
||||
connector_id: str | None = None
|
||||
credential_id: str | None = None
|
||||
provider: str | None = None
|
||||
external_id: str | None = None
|
||||
external_path: str | None = None
|
||||
external_url: str | None = None
|
||||
operation: str = "access"
|
||||
|
||||
@classmethod
|
||||
def from_provenance(cls, value: Mapping[str, Any] | None, *, operation: str = "access") -> "ConnectorAccessRequest":
|
||||
payload = value or {}
|
||||
return cls(
|
||||
connector_id=_clean(payload.get("connector_id")),
|
||||
credential_id=_clean(payload.get("credential_id") or payload.get("connector_credential_id")),
|
||||
provider=_clean(payload.get("provider") or payload.get("source_type")),
|
||||
external_id=_clean(payload.get("external_id")),
|
||||
external_path=_clean(payload.get("external_path")),
|
||||
external_url=_clean(payload.get("external_url")),
|
||||
operation=_clean(operation) or "access",
|
||||
)
|
||||
|
||||
def to_dict(self) -> dict[str, str | None]:
|
||||
return {
|
||||
"connector_id": self.connector_id,
|
||||
"credential_id": self.credential_id,
|
||||
"provider": self.provider,
|
||||
"external_id": self.external_id,
|
||||
"external_path": self.external_path,
|
||||
"external_url": self.external_url,
|
||||
"operation": self.operation,
|
||||
}
|
||||
|
||||
|
||||
@dataclass(frozen=True, slots=True)
|
||||
class ConnectorPolicySource:
|
||||
scope_type: str
|
||||
label: str
|
||||
scope_id: str | None = None
|
||||
policy: Mapping[str, Any] | None = None
|
||||
|
||||
def source_step(self, applied_fields: Iterable[str]) -> PolicySourceStep:
|
||||
return PolicySourceStep(
|
||||
scope_type=normalize_policy_scope_type(self.scope_type),
|
||||
scope_id=self.scope_id,
|
||||
label=self.label,
|
||||
applied_fields=tuple(dict.fromkeys(applied_fields)),
|
||||
policy=dict(self.policy or {}),
|
||||
)
|
||||
|
||||
|
||||
def connector_policy_sources_from_payload(value: object) -> list[ConnectorPolicySource]:
|
||||
if value is None or value == "":
|
||||
return []
|
||||
if isinstance(value, Mapping):
|
||||
raw_sources = value.get("sources")
|
||||
if raw_sources is None:
|
||||
raw_sources = [value]
|
||||
elif isinstance(value, list):
|
||||
raw_sources = value
|
||||
else:
|
||||
raise ValueError("connector_policy must be a JSON object or list")
|
||||
if not isinstance(raw_sources, list):
|
||||
raise ValueError("connector_policy.sources must be a list")
|
||||
return [_source_from_mapping(item) for item in raw_sources if isinstance(item, Mapping)]
|
||||
|
||||
|
||||
def connector_policy_applied_fields(policy: Mapping[str, Any] | None) -> tuple[str, ...]:
|
||||
return _applied_fields(_policy_mapping(policy))
|
||||
|
||||
|
||||
def filtered_connector_policy_source(source: ConnectorPolicySource, fields: Iterable[str]) -> ConnectorPolicySource:
|
||||
allowed_fields = {field for field in fields if field in _FIELD_ALIASES}
|
||||
if not allowed_fields:
|
||||
return ConnectorPolicySource(scope_type=source.scope_type, scope_id=source.scope_id, label=source.label, policy={})
|
||||
policy = _policy_mapping(source.policy)
|
||||
filtered: dict[str, Any] = {}
|
||||
for prefix, keys in (("allow", _ALLOW_KEYS), ("deny", _DENY_KEYS)):
|
||||
rules = _merged_rule(policy, keys)
|
||||
selected = {field: _string_list(rules.get(field)) for field in allowed_fields}
|
||||
selected = {field: values for field, values in selected.items() if values}
|
||||
if selected:
|
||||
filtered[prefix] = selected
|
||||
return ConnectorPolicySource(scope_type=source.scope_type, scope_id=source.scope_id, label=source.label, policy=filtered)
|
||||
|
||||
|
||||
def connector_policy_sources_for_fields(
|
||||
sources: Iterable[ConnectorPolicySource],
|
||||
fields: Iterable[str],
|
||||
) -> list[ConnectorPolicySource]:
|
||||
return [filtered_connector_policy_source(source, fields) for source in sources]
|
||||
|
||||
|
||||
def connector_policy_decision(
|
||||
request: ConnectorAccessRequest,
|
||||
sources: Iterable[ConnectorPolicySource],
|
||||
) -> PolicyDecision:
|
||||
source_list = list(sources)
|
||||
source_steps: list[PolicySourceStep] = []
|
||||
deny_matches: list[dict[str, Any]] = []
|
||||
allow_misses: list[dict[str, Any]] = []
|
||||
|
||||
for source in source_list:
|
||||
policy = _policy_mapping(source.policy)
|
||||
applied_fields = _applied_fields(policy)
|
||||
if applied_fields:
|
||||
source_steps.append(source.source_step(applied_fields))
|
||||
|
||||
deny_policy = _merged_rule(policy, _DENY_KEYS)
|
||||
for field, patterns in _rules_by_field(deny_policy).items():
|
||||
if _matches_field(request, field, patterns):
|
||||
deny_matches.append({
|
||||
"scope": source.source_step((f"deny.{field}",)).to_dict(),
|
||||
"field": field,
|
||||
"patterns": patterns,
|
||||
})
|
||||
|
||||
allow_policy = _merged_rule(policy, _ALLOW_KEYS)
|
||||
for field, patterns in _rules_by_field(allow_policy).items():
|
||||
if not _matches_field(request, field, patterns):
|
||||
allow_misses.append({
|
||||
"scope": source.source_step((f"allow.{field}",)).to_dict(),
|
||||
"field": field,
|
||||
"patterns": patterns,
|
||||
})
|
||||
|
||||
details = {
|
||||
"request": request.to_dict(),
|
||||
"deny_matches": deny_matches,
|
||||
"allow_misses": allow_misses,
|
||||
}
|
||||
if deny_matches:
|
||||
return PolicyDecision(
|
||||
allowed=False,
|
||||
reason="Connector access is denied by a blacklist rule.",
|
||||
source_path=tuple(source_steps),
|
||||
requirements=("connector_policy_denylist",),
|
||||
details=details,
|
||||
)
|
||||
if allow_misses:
|
||||
return PolicyDecision(
|
||||
allowed=False,
|
||||
reason="Connector access is not allowed by the configured whitelist.",
|
||||
source_path=tuple(source_steps),
|
||||
requirements=("connector_policy_allowlist",),
|
||||
details=details,
|
||||
)
|
||||
return PolicyDecision(
|
||||
allowed=True,
|
||||
reason=None,
|
||||
source_path=tuple(source_steps),
|
||||
requirements=(),
|
||||
details=details,
|
||||
)
|
||||
|
||||
|
||||
def ensure_connector_policy_allows(
|
||||
request: ConnectorAccessRequest,
|
||||
sources: Iterable[ConnectorPolicySource],
|
||||
) -> PolicyDecision:
|
||||
decision = connector_policy_decision(request, sources)
|
||||
if not decision.allowed:
|
||||
raise ConnectorPolicyDenied(decision)
|
||||
return decision
|
||||
|
||||
|
||||
def _source_from_mapping(value: Mapping[str, Any]) -> ConnectorPolicySource:
|
||||
scope_type = normalize_policy_scope_type(str(value.get("scope_type") or "system"))
|
||||
scope_id = _clean(value.get("scope_id"))
|
||||
if scope_type == "system":
|
||||
scope_id = None
|
||||
elif not scope_id:
|
||||
raise ValueError(f"{scope_type} connector policy sources require scope_id")
|
||||
label = _clean(value.get("label")) or scope_type.capitalize()
|
||||
policy = value.get("policy")
|
||||
if policy is None:
|
||||
policy = {key: value[key] for key in (*_ALLOW_KEYS, *_DENY_KEYS) if key in value}
|
||||
if policy is not None and not isinstance(policy, Mapping):
|
||||
raise ValueError("connector policy source policy must be a JSON object")
|
||||
return ConnectorPolicySource(scope_type=scope_type, scope_id=scope_id, label=label, policy=policy or {})
|
||||
|
||||
|
||||
def _policy_mapping(value: Mapping[str, Any] | None) -> Mapping[str, Any]:
|
||||
return value if isinstance(value, Mapping) else {}
|
||||
|
||||
|
||||
def _merged_rule(policy: Mapping[str, Any], keys: Iterable[str]) -> dict[str, Any]:
|
||||
merged: dict[str, Any] = {}
|
||||
for key in keys:
|
||||
raw = policy.get(key)
|
||||
if isinstance(raw, Mapping):
|
||||
merged.update(raw)
|
||||
return merged
|
||||
|
||||
|
||||
def _rules_by_field(value: Mapping[str, Any]) -> dict[str, list[str]]:
|
||||
result: dict[str, list[str]] = {}
|
||||
for field, aliases in _FIELD_ALIASES.items():
|
||||
items: list[str] = []
|
||||
for alias in aliases:
|
||||
items.extend(_string_list(value.get(alias)))
|
||||
if items:
|
||||
result[field] = list(dict.fromkeys(items))
|
||||
return result
|
||||
|
||||
|
||||
def _applied_fields(policy: Mapping[str, Any]) -> tuple[str, ...]:
|
||||
fields: list[str] = []
|
||||
for prefix, keys in (("allow", _ALLOW_KEYS), ("deny", _DENY_KEYS)):
|
||||
rules = _merged_rule(policy, keys)
|
||||
fields.extend(f"{prefix}.{field}" for field in _rules_by_field(rules))
|
||||
return tuple(dict.fromkeys(fields))
|
||||
|
||||
|
||||
def _matches_field(request: ConnectorAccessRequest, field: str, patterns: list[str]) -> bool:
|
||||
if field == "connectors":
|
||||
return _matches_exact(request.connector_id, patterns)
|
||||
if field == "credentials":
|
||||
return _matches_exact(request.credential_id, patterns)
|
||||
if field == "providers":
|
||||
return _matches_exact(request.provider, patterns)
|
||||
if field == "external_ids":
|
||||
return _matches_glob(request.external_id, patterns)
|
||||
if field == "external_paths":
|
||||
return _matches_path(request.external_path, patterns)
|
||||
if field == "external_urls":
|
||||
return _matches_glob(request.external_url, patterns)
|
||||
return False
|
||||
|
||||
|
||||
def _matches_exact(value: str | None, patterns: list[str]) -> bool:
|
||||
if value is None:
|
||||
return False
|
||||
clean = value.casefold()
|
||||
return any(pattern == "*" or clean == pattern.casefold() for pattern in patterns)
|
||||
|
||||
|
||||
def _matches_glob(value: str | None, patterns: list[str]) -> bool:
|
||||
if value is None:
|
||||
return False
|
||||
clean = value.casefold()
|
||||
return any(fnmatchcase(clean, pattern.casefold()) for pattern in patterns)
|
||||
|
||||
|
||||
def _matches_path(value: str | None, patterns: list[str]) -> bool:
|
||||
if value is None:
|
||||
return False
|
||||
clean = value.replace("\\", "/").strip()
|
||||
for pattern in patterns:
|
||||
normalized = pattern.replace("\\", "/").strip()
|
||||
if normalized == "*":
|
||||
return True
|
||||
if any(token in normalized for token in "*?[]"):
|
||||
if fnmatchcase(clean.casefold(), normalized.casefold()):
|
||||
return True
|
||||
continue
|
||||
if clean.casefold() == normalized.casefold() or clean.casefold().startswith(normalized.rstrip("/").casefold() + "/"):
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
def _string_list(value: object) -> list[str]:
|
||||
if value is None:
|
||||
return []
|
||||
if isinstance(value, str):
|
||||
values = [value]
|
||||
elif isinstance(value, Iterable) and not isinstance(value, (bytes, bytearray, Mapping)):
|
||||
values = [str(item) for item in value]
|
||||
else:
|
||||
values = [str(value)]
|
||||
return [item.strip() for item in values if item.strip()]
|
||||
|
||||
|
||||
def _clean(value: object) -> str | None:
|
||||
if value is None:
|
||||
return None
|
||||
text = str(value).strip()
|
||||
return text or None
|
||||
334
src/govoplan_files/backend/storage/connector_policy_store.py
Normal file
334
src/govoplan_files/backend/storage/connector_policy_store.py
Normal file
@@ -0,0 +1,334 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from collections.abc import Iterable, Mapping
|
||||
from typing import Any
|
||||
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from govoplan_core.core.policy import normalize_policy_scope_type
|
||||
from govoplan_files.backend.db.models import FileConnectorPolicy
|
||||
from govoplan_files.backend.storage.common import FileStorageError
|
||||
from govoplan_files.backend.storage.connector_policy import (
|
||||
CONNECTOR_POLICY_FIELDS,
|
||||
ConnectorPolicySource,
|
||||
connector_policy_applied_fields,
|
||||
)
|
||||
|
||||
_RULE_GROUPS = ("allow", "deny")
|
||||
_FIELD_ALIASES = {
|
||||
"connectors": ("connectors", "connector_ids", "connector_id"),
|
||||
"credentials": ("credentials", "credential_ids", "credential_id"),
|
||||
"providers": ("providers", "provider"),
|
||||
"external_ids": ("external_ids", "external_id"),
|
||||
"external_paths": ("external_paths", "paths", "path_prefixes", "external_path"),
|
||||
"external_urls": ("external_urls", "urls", "external_url"),
|
||||
}
|
||||
|
||||
|
||||
def get_connector_policy(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
scope_type: str,
|
||||
scope_id: str | None = None,
|
||||
) -> dict[str, Any]:
|
||||
row = _connector_policy_row(session, tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id)
|
||||
return _normalize_connector_policy(row.policy if row is not None else None)
|
||||
|
||||
|
||||
def set_connector_policy(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
user_id: str | None,
|
||||
scope_type: str,
|
||||
scope_id: str | None = None,
|
||||
policy: Mapping[str, Any] | None = None,
|
||||
) -> dict[str, Any]:
|
||||
normalized = _normalize_connector_policy(policy)
|
||||
parent = parent_connector_policy(session, tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id)
|
||||
if parent is not None:
|
||||
_validate_lower_level_limits(parent, normalized)
|
||||
row_tenant_id, row_scope_type, row_scope_id = _policy_scope_key(tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id)
|
||||
row = _connector_policy_row(session, tenant_id=tenant_id, scope_type=row_scope_type, scope_id=row_scope_id)
|
||||
if row is None:
|
||||
row = FileConnectorPolicy(
|
||||
tenant_id=row_tenant_id,
|
||||
scope_type=row_scope_type,
|
||||
scope_id=row_scope_id,
|
||||
policy=normalized,
|
||||
created_by_user_id=user_id,
|
||||
updated_by_user_id=user_id,
|
||||
)
|
||||
else:
|
||||
row.policy = normalized
|
||||
row.updated_by_user_id = user_id
|
||||
session.add(row)
|
||||
session.flush()
|
||||
return normalized
|
||||
|
||||
|
||||
def connector_policy_response(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
scope_type: str,
|
||||
scope_id: str | None = None,
|
||||
) -> dict[str, Any]:
|
||||
clean_scope_type, clean_scope_id = _policy_scope_ref(tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id)
|
||||
policy = get_connector_policy(session, tenant_id=tenant_id, scope_type=clean_scope_type, scope_id=clean_scope_id)
|
||||
effective_sources = effective_connector_policy_sources(session, tenant_id=tenant_id, scope_type=clean_scope_type, scope_id=clean_scope_id)
|
||||
parent_policy = parent_connector_policy(session, tenant_id=tenant_id, scope_type=clean_scope_type, scope_id=clean_scope_id)
|
||||
parent_sources = parent_connector_policy_sources(session, tenant_id=tenant_id, scope_type=clean_scope_type, scope_id=clean_scope_id)
|
||||
return {
|
||||
"scope_type": clean_scope_type,
|
||||
"scope_id": clean_scope_id,
|
||||
"policy": policy,
|
||||
"effective_policy": merge_connector_policies(source.policy for source in effective_sources),
|
||||
"parent_policy": parent_policy,
|
||||
"effective_policy_sources": [_source_step(source) for source in effective_sources],
|
||||
"parent_policy_sources": [_source_step(source) for source in parent_sources],
|
||||
}
|
||||
|
||||
|
||||
def effective_connector_policy_sources(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
scope_type: str,
|
||||
scope_id: str | None = None,
|
||||
) -> list[ConnectorPolicySource]:
|
||||
clean_scope_type, clean_scope_id = _policy_scope_ref(tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id)
|
||||
sources: list[ConnectorPolicySource] = []
|
||||
for source_scope_type, source_scope_id in _policy_source_chain(tenant_id=tenant_id, scope_type=clean_scope_type, scope_id=clean_scope_id):
|
||||
row = _connector_policy_row(session, tenant_id=tenant_id, scope_type=source_scope_type, scope_id=source_scope_id)
|
||||
if row is None:
|
||||
continue
|
||||
policy = _normalize_connector_policy(row.policy)
|
||||
if _policy_is_empty(policy):
|
||||
continue
|
||||
sources.append(
|
||||
ConnectorPolicySource(
|
||||
scope_type=source_scope_type,
|
||||
scope_id=source_scope_id,
|
||||
label=_policy_source_label(source_scope_type),
|
||||
policy=policy,
|
||||
)
|
||||
)
|
||||
return sources
|
||||
|
||||
|
||||
def parent_connector_policy_sources(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
scope_type: str,
|
||||
scope_id: str | None = None,
|
||||
) -> list[ConnectorPolicySource]:
|
||||
clean_scope_type, clean_scope_id = _policy_scope_ref(tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id)
|
||||
chain = _policy_source_chain(tenant_id=tenant_id, scope_type=clean_scope_type, scope_id=clean_scope_id)
|
||||
parent_chain = chain[:-1] if chain else []
|
||||
sources: list[ConnectorPolicySource] = []
|
||||
for source_scope_type, source_scope_id in parent_chain:
|
||||
row = _connector_policy_row(session, tenant_id=tenant_id, scope_type=source_scope_type, scope_id=source_scope_id)
|
||||
if row is None:
|
||||
continue
|
||||
policy = _normalize_connector_policy(row.policy)
|
||||
if _policy_is_empty(policy):
|
||||
continue
|
||||
sources.append(
|
||||
ConnectorPolicySource(
|
||||
scope_type=source_scope_type,
|
||||
scope_id=source_scope_id,
|
||||
label=_policy_source_label(source_scope_type),
|
||||
policy=policy,
|
||||
)
|
||||
)
|
||||
return sources
|
||||
|
||||
|
||||
def parent_connector_policy(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
scope_type: str,
|
||||
scope_id: str | None = None,
|
||||
) -> dict[str, Any] | None:
|
||||
sources = parent_connector_policy_sources(session, tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id)
|
||||
if not sources:
|
||||
return None
|
||||
return merge_connector_policies(source.policy for source in sources)
|
||||
|
||||
|
||||
def validate_connector_policy_allowed_by_parent(parent_policy: Mapping[str, Any] | None, local_policy: Mapping[str, Any] | None) -> None:
|
||||
if parent_policy is None:
|
||||
return
|
||||
_validate_lower_level_limits(_normalize_connector_policy(parent_policy), _normalize_connector_policy(local_policy))
|
||||
|
||||
|
||||
def merge_connector_policies(policies: Iterable[Mapping[str, Any] | None]) -> dict[str, Any]:
|
||||
result = _empty_connector_policy()
|
||||
for policy in policies:
|
||||
normalized = _normalize_connector_policy(policy)
|
||||
for group in _RULE_GROUPS:
|
||||
rules = normalized.get(group) or {}
|
||||
if not isinstance(rules, Mapping):
|
||||
continue
|
||||
target = result[group]
|
||||
for field in CONNECTOR_POLICY_FIELDS:
|
||||
values = _string_list(rules.get(field))
|
||||
if values:
|
||||
target[field] = _unique([*target.get(field, []), *values])
|
||||
lower = normalized.get("allow_lower_level_limits") or {}
|
||||
if isinstance(lower, Mapping):
|
||||
for key, value in lower.items():
|
||||
if isinstance(value, bool):
|
||||
result["allow_lower_level_limits"][str(key)] = value
|
||||
return _compact_connector_policy(result, keep_lower=True)
|
||||
|
||||
|
||||
def _connector_policy_row(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
scope_type: str,
|
||||
scope_id: str | None = None,
|
||||
) -> FileConnectorPolicy | None:
|
||||
row_tenant_id, row_scope_type, row_scope_id = _policy_scope_key(tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id)
|
||||
query = session.query(FileConnectorPolicy).filter(FileConnectorPolicy.scope_type == row_scope_type)
|
||||
query = query.filter(FileConnectorPolicy.tenant_id.is_(None) if row_tenant_id is None else FileConnectorPolicy.tenant_id == row_tenant_id)
|
||||
query = query.filter(FileConnectorPolicy.scope_id.is_(None) if row_scope_id is None else FileConnectorPolicy.scope_id == row_scope_id)
|
||||
return query.order_by(FileConnectorPolicy.created_at.asc()).first()
|
||||
|
||||
|
||||
def _policy_scope_key(*, tenant_id: str, scope_type: str, scope_id: str | None) -> tuple[str | None, str, str | None]:
|
||||
clean_scope_type, clean_scope_id = _policy_scope_ref(tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id)
|
||||
if clean_scope_type == "system":
|
||||
return None, "system", None
|
||||
return tenant_id, clean_scope_type, clean_scope_id
|
||||
|
||||
|
||||
def _policy_scope_ref(*, tenant_id: str, scope_type: str, scope_id: str | None) -> tuple[str, str | None]:
|
||||
clean_scope_type = normalize_policy_scope_type(scope_type)
|
||||
clean_scope_id = _clean(scope_id)
|
||||
if clean_scope_type == "system":
|
||||
return "system", None
|
||||
if clean_scope_type == "tenant":
|
||||
if clean_scope_id and clean_scope_id != tenant_id:
|
||||
raise FileStorageError("Tenant connector policy scope does not belong to the active tenant")
|
||||
return "tenant", tenant_id
|
||||
if clean_scope_type in {"user", "group", "campaign"}:
|
||||
if not clean_scope_id:
|
||||
raise FileStorageError(f"{clean_scope_type.capitalize()} connector policy requires scope_id")
|
||||
return clean_scope_type, clean_scope_id
|
||||
raise FileStorageError("Unsupported connector policy scope")
|
||||
|
||||
|
||||
def _policy_source_chain(*, tenant_id: str, scope_type: str, scope_id: str | None) -> list[tuple[str, str | None]]:
|
||||
chain: list[tuple[str, str | None]] = [("system", None)]
|
||||
if scope_type == "system":
|
||||
return chain
|
||||
chain.append(("tenant", tenant_id))
|
||||
if scope_type == "tenant":
|
||||
return chain
|
||||
chain.append((scope_type, scope_id))
|
||||
return chain
|
||||
|
||||
|
||||
def _normalize_connector_policy(policy: Mapping[str, Any] | None) -> dict[str, Any]:
|
||||
if policy is None:
|
||||
return {}
|
||||
if not isinstance(policy, Mapping):
|
||||
raise FileStorageError("Connector policy must be a JSON object")
|
||||
normalized = _empty_connector_policy()
|
||||
for group in _RULE_GROUPS:
|
||||
raw = policy.get(group)
|
||||
if raw is None:
|
||||
raw = policy.get(f"{group}list")
|
||||
if raw is None:
|
||||
raw = policy.get("whitelist" if group == "allow" else "blacklist")
|
||||
if raw is not None and not isinstance(raw, Mapping):
|
||||
raise FileStorageError(f"Connector policy {group} rules must be an object")
|
||||
for field, aliases in _FIELD_ALIASES.items():
|
||||
values: list[str] = []
|
||||
if isinstance(raw, Mapping):
|
||||
for alias in aliases:
|
||||
values.extend(_string_list(raw.get(alias)))
|
||||
if values:
|
||||
normalized[group][field] = _unique(values)
|
||||
lower = policy.get("allow_lower_level_limits")
|
||||
if lower is not None:
|
||||
if not isinstance(lower, Mapping):
|
||||
raise FileStorageError("Connector policy allow_lower_level_limits must be an object")
|
||||
for key, value in lower.items():
|
||||
clean_key = str(key).strip()
|
||||
if clean_key and isinstance(value, bool):
|
||||
normalized["allow_lower_level_limits"][clean_key] = value
|
||||
return _compact_connector_policy(normalized, keep_lower=True)
|
||||
|
||||
|
||||
def _empty_connector_policy() -> dict[str, Any]:
|
||||
return {"allow": {}, "deny": {}, "allow_lower_level_limits": {}}
|
||||
|
||||
|
||||
def _compact_connector_policy(policy: dict[str, Any], *, keep_lower: bool = False) -> dict[str, Any]:
|
||||
compact: dict[str, Any] = {}
|
||||
for group in _RULE_GROUPS:
|
||||
rules = {field: _unique(_string_list(values)) for field, values in (policy.get(group) or {}).items()}
|
||||
rules = {field: values for field, values in rules.items() if values}
|
||||
if rules:
|
||||
compact[group] = rules
|
||||
lower = policy.get("allow_lower_level_limits") or {}
|
||||
if isinstance(lower, Mapping):
|
||||
lower_compact = {str(key): bool(value) for key, value in lower.items() if isinstance(value, bool)}
|
||||
if lower_compact or keep_lower:
|
||||
compact["allow_lower_level_limits"] = lower_compact
|
||||
return compact
|
||||
|
||||
|
||||
def _policy_is_empty(policy: Mapping[str, Any]) -> bool:
|
||||
return not connector_policy_applied_fields(policy) and not bool(policy.get("allow_lower_level_limits"))
|
||||
|
||||
|
||||
def _source_step(source: ConnectorPolicySource) -> dict[str, Any]:
|
||||
return source.source_step(connector_policy_applied_fields(source.policy)).to_dict()
|
||||
|
||||
|
||||
def _policy_source_label(scope_type: str) -> str:
|
||||
if scope_type == "system":
|
||||
return "System connector policy"
|
||||
if scope_type == "tenant":
|
||||
return "Tenant connector policy"
|
||||
return f"{scope_type.capitalize()} connector policy"
|
||||
|
||||
|
||||
def _validate_lower_level_limits(parent_policy: Mapping[str, Any], local_policy: Mapping[str, Any]) -> None:
|
||||
limits = parent_policy.get("allow_lower_level_limits")
|
||||
if not isinstance(limits, Mapping):
|
||||
return
|
||||
for field in connector_policy_applied_fields(local_policy):
|
||||
allowed = limits.get(field)
|
||||
if allowed is False:
|
||||
raise FileStorageError(f"Parent connector policy does not allow lower-level {field} limits")
|
||||
|
||||
|
||||
def _string_list(value: object) -> list[str]:
|
||||
if value is None:
|
||||
return []
|
||||
if isinstance(value, str):
|
||||
clean = value.strip()
|
||||
return [clean] if clean else []
|
||||
if isinstance(value, Iterable) and not isinstance(value, (str, bytes, bytearray, Mapping)):
|
||||
return [str(item).strip() for item in value if str(item).strip()]
|
||||
return [str(value).strip()] if str(value).strip() else []
|
||||
|
||||
|
||||
def _unique(values: Iterable[str]) -> list[str]:
|
||||
return list(dict.fromkeys(value for value in values if value))
|
||||
|
||||
|
||||
def _clean(value: object) -> str | None:
|
||||
if value is None:
|
||||
return None
|
||||
text = str(value).strip()
|
||||
return text or None
|
||||
298
src/govoplan_files/backend/storage/connector_profile_store.py
Normal file
298
src/govoplan_files/backend/storage/connector_profile_store.py
Normal file
@@ -0,0 +1,298 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from collections.abc import Mapping
|
||||
from typing import Any
|
||||
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from govoplan_core.core.policy import normalize_policy_scope_type
|
||||
from govoplan_core.security.secrets import decrypt_secret, encrypt_secret
|
||||
from govoplan_files.backend.db.models import FileConnectorCredential, FileConnectorProfile
|
||||
from govoplan_files.backend.storage.common import FileStorageError
|
||||
from govoplan_files.backend.storage.connector_credential_store import connector_credential_from_row, credential_rows_by_id
|
||||
from govoplan_files.backend.storage.connector_policy import connector_policy_sources_from_payload
|
||||
from govoplan_files.backend.storage.connector_profiles import ConnectorProfile, supported_connector_providers
|
||||
|
||||
|
||||
def list_database_connector_profiles(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
include_disabled: bool = False,
|
||||
) -> list[ConnectorProfile]:
|
||||
query = session.query(FileConnectorProfile).filter(
|
||||
(FileConnectorProfile.scope_type == "system")
|
||||
| (FileConnectorProfile.tenant_id == tenant_id)
|
||||
)
|
||||
if not include_disabled:
|
||||
query = query.filter(FileConnectorProfile.enabled.is_(True))
|
||||
rows = query.order_by(FileConnectorProfile.scope_type.asc(), FileConnectorProfile.label.asc()).all()
|
||||
credential_ids = {_clean(row.credential_profile_id) for row in rows if _clean(row.credential_profile_id)}
|
||||
credentials = credential_rows_by_id(session, tenant_id=tenant_id, credential_ids={item for item in credential_ids if item}, include_disabled=include_disabled)
|
||||
return [connector_profile_from_row(row, credential_row=credentials.get(row.credential_profile_id or "")) for row in rows]
|
||||
|
||||
|
||||
def list_connector_profile_rows(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
include_disabled: bool = False,
|
||||
) -> list[FileConnectorProfile]:
|
||||
query = session.query(FileConnectorProfile).filter(
|
||||
(FileConnectorProfile.scope_type == "system")
|
||||
| (FileConnectorProfile.tenant_id == tenant_id)
|
||||
)
|
||||
if not include_disabled:
|
||||
query = query.filter(FileConnectorProfile.enabled.is_(True))
|
||||
return query.order_by(FileConnectorProfile.scope_type.asc(), FileConnectorProfile.label.asc()).all()
|
||||
|
||||
|
||||
def connector_profile_from_row(row: FileConnectorProfile, credential_row: FileConnectorCredential | None = None) -> ConnectorProfile:
|
||||
policy_sources = []
|
||||
if row.policy:
|
||||
policy_sources = connector_policy_sources_from_payload({
|
||||
"scope_type": row.scope_type,
|
||||
"scope_id": row.scope_id,
|
||||
"label": row.label,
|
||||
"policy": row.policy,
|
||||
})
|
||||
credential = connector_credential_from_row(credential_row) if credential_row is not None else None
|
||||
if credential:
|
||||
policy_sources.extend(credential.policy_sources)
|
||||
return ConnectorProfile(
|
||||
id=row.id,
|
||||
label=row.label,
|
||||
provider=row.provider,
|
||||
scope_type=row.scope_type,
|
||||
scope_id=row.scope_id,
|
||||
endpoint_url=row.endpoint_url,
|
||||
base_path=row.base_path,
|
||||
enabled=row.enabled,
|
||||
credential_profile_id=row.credential_profile_id,
|
||||
credential_profile_label=credential.label if credential else None,
|
||||
credential_mode=credential.credential_mode if credential else row.credential_mode,
|
||||
username=credential.username if credential else row.username,
|
||||
password_env=credential.password_env if credential else row.password_env,
|
||||
token_env=credential.token_env if credential else row.token_env,
|
||||
secret_ref=credential.secret_ref if credential else row.secret_ref,
|
||||
password_value=credential.password_value if credential else decrypt_secret(row.password_encrypted),
|
||||
token_value=credential.token_value if credential else decrypt_secret(row.token_encrypted),
|
||||
capabilities=tuple(_string_list(row.capabilities)),
|
||||
policy_sources=tuple(policy_sources),
|
||||
metadata=dict(row.metadata_ or {}),
|
||||
source_kind="database",
|
||||
)
|
||||
|
||||
|
||||
def get_connector_profile_row(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
profile_id: str,
|
||||
include_disabled: bool = False,
|
||||
) -> FileConnectorProfile:
|
||||
row = session.get(FileConnectorProfile, profile_id)
|
||||
if row is None or (row.scope_type != "system" and row.tenant_id != tenant_id):
|
||||
raise FileStorageError("Connector profile not found")
|
||||
if not include_disabled and not row.enabled:
|
||||
raise FileStorageError("Connector profile not found")
|
||||
return row
|
||||
|
||||
|
||||
def create_connector_profile_row(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
user_id: str | None,
|
||||
profile_id: str,
|
||||
label: str,
|
||||
provider: str,
|
||||
scope_type: str,
|
||||
scope_id: str | None = None,
|
||||
endpoint_url: str | None = None,
|
||||
base_path: str | None = None,
|
||||
enabled: bool = True,
|
||||
credential_profile_id: str | None = None,
|
||||
credential_mode: str = "none",
|
||||
username: str | None = None,
|
||||
password: str | None = None,
|
||||
token: str | None = None,
|
||||
password_env: str | None = None,
|
||||
token_env: str | None = None,
|
||||
secret_ref: str | None = None,
|
||||
capabilities: list[str] | None = None,
|
||||
policy: Mapping[str, Any] | None = None,
|
||||
metadata: Mapping[str, Any] | None = None,
|
||||
) -> FileConnectorProfile:
|
||||
clean_id = _normalize_profile_id(profile_id)
|
||||
if session.get(FileConnectorProfile, clean_id) is not None:
|
||||
raise FileStorageError(f"Connector profile already exists: {clean_id}")
|
||||
clean_scope_type, clean_scope_id, row_tenant_id = _normalize_scope(tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id)
|
||||
row = FileConnectorProfile(
|
||||
id=clean_id,
|
||||
tenant_id=row_tenant_id,
|
||||
scope_type=clean_scope_type,
|
||||
scope_id=clean_scope_id,
|
||||
label=_normalize_label(label),
|
||||
provider=_normalize_provider(provider),
|
||||
endpoint_url=_clean(endpoint_url),
|
||||
base_path=_clean(base_path),
|
||||
enabled=bool(enabled),
|
||||
credential_profile_id=_clean(credential_profile_id),
|
||||
credential_mode=_normalize_credential_mode(credential_mode),
|
||||
username=_clean(username),
|
||||
password_encrypted=encrypt_secret(_clean(password)),
|
||||
token_encrypted=encrypt_secret(_clean(token)),
|
||||
password_env=_clean(password_env),
|
||||
token_env=_clean(token_env),
|
||||
secret_ref=_clean(secret_ref),
|
||||
capabilities=_string_list(capabilities),
|
||||
policy=dict(policy or {}),
|
||||
metadata_=dict(metadata or {}),
|
||||
created_by_user_id=user_id,
|
||||
updated_by_user_id=user_id,
|
||||
)
|
||||
session.add(row)
|
||||
session.flush()
|
||||
return row
|
||||
|
||||
|
||||
def update_connector_profile_row(
|
||||
session: Session,
|
||||
row: FileConnectorProfile,
|
||||
*,
|
||||
user_id: str | None,
|
||||
label: str | None = None,
|
||||
provider: str | None = None,
|
||||
endpoint_url: str | None = None,
|
||||
base_path: str | None = None,
|
||||
enabled: bool | None = None,
|
||||
credential_profile_id: str | None = None,
|
||||
credential_mode: str | None = None,
|
||||
username: str | None = None,
|
||||
password: str | None = None,
|
||||
token: str | None = None,
|
||||
password_env: str | None = None,
|
||||
token_env: str | None = None,
|
||||
secret_ref: str | None = None,
|
||||
capabilities: list[str] | None = None,
|
||||
policy: Mapping[str, Any] | None = None,
|
||||
metadata: Mapping[str, Any] | None = None,
|
||||
clear_password: bool = False,
|
||||
clear_token: bool = False,
|
||||
) -> FileConnectorProfile:
|
||||
if label is not None:
|
||||
row.label = _normalize_label(label)
|
||||
if provider is not None:
|
||||
row.provider = _normalize_provider(provider)
|
||||
if endpoint_url is not None:
|
||||
row.endpoint_url = _clean(endpoint_url)
|
||||
if base_path is not None:
|
||||
row.base_path = _clean(base_path)
|
||||
if enabled is not None:
|
||||
row.enabled = bool(enabled)
|
||||
if credential_profile_id is not None:
|
||||
row.credential_profile_id = _clean(credential_profile_id)
|
||||
if credential_mode is not None:
|
||||
row.credential_mode = _normalize_credential_mode(credential_mode)
|
||||
if username is not None:
|
||||
row.username = _clean(username)
|
||||
if password is not None:
|
||||
row.password_encrypted = encrypt_secret(_clean(password))
|
||||
elif clear_password:
|
||||
row.password_encrypted = None
|
||||
if token is not None:
|
||||
row.token_encrypted = encrypt_secret(_clean(token))
|
||||
elif clear_token:
|
||||
row.token_encrypted = None
|
||||
if password_env is not None:
|
||||
row.password_env = _clean(password_env)
|
||||
if token_env is not None:
|
||||
row.token_env = _clean(token_env)
|
||||
if secret_ref is not None:
|
||||
row.secret_ref = _clean(secret_ref)
|
||||
if capabilities is not None:
|
||||
row.capabilities = _string_list(capabilities)
|
||||
if policy is not None:
|
||||
row.policy = dict(policy)
|
||||
if metadata is not None:
|
||||
row.metadata_ = dict(metadata)
|
||||
row.updated_by_user_id = user_id
|
||||
session.add(row)
|
||||
session.flush()
|
||||
return row
|
||||
|
||||
|
||||
def deactivate_connector_profile_row(session: Session, row: FileConnectorProfile, *, user_id: str | None) -> FileConnectorProfile:
|
||||
row.enabled = False
|
||||
row.updated_by_user_id = user_id
|
||||
session.add(row)
|
||||
session.flush()
|
||||
return row
|
||||
|
||||
|
||||
def _normalize_scope(*, tenant_id: str, scope_type: str, scope_id: str | None) -> tuple[str, str | None, str | None]:
|
||||
clean_scope_type = normalize_policy_scope_type(scope_type)
|
||||
clean_scope_id = _clean(scope_id)
|
||||
if clean_scope_type == "system":
|
||||
return "system", None, None
|
||||
if clean_scope_type == "tenant":
|
||||
return "tenant", tenant_id, tenant_id
|
||||
if clean_scope_type in {"user", "group", "campaign"}:
|
||||
if not clean_scope_id:
|
||||
raise FileStorageError(f"{clean_scope_type.capitalize()} connector profiles require scope_id")
|
||||
return clean_scope_type, clean_scope_id, tenant_id
|
||||
raise FileStorageError("Unsupported connector profile scope")
|
||||
|
||||
|
||||
def _normalize_profile_id(value: str) -> str:
|
||||
clean = _clean(value)
|
||||
if not clean:
|
||||
raise FileStorageError("Connector profile id is required")
|
||||
if len(clean) > 255:
|
||||
raise FileStorageError("Connector profile id is too long")
|
||||
if any(char.isspace() for char in clean):
|
||||
raise FileStorageError("Connector profile id cannot contain whitespace")
|
||||
return clean
|
||||
|
||||
|
||||
def _normalize_label(value: str) -> str:
|
||||
clean = value.strip()
|
||||
if not clean:
|
||||
raise FileStorageError("Connector profile label is required")
|
||||
if len(clean) > 255:
|
||||
raise FileStorageError("Connector profile label is too long")
|
||||
return clean
|
||||
|
||||
|
||||
def _normalize_provider(value: str) -> str:
|
||||
clean = value.strip().casefold()
|
||||
if clean not in supported_connector_providers():
|
||||
raise FileStorageError(f"Unsupported connector provider: {value}")
|
||||
return clean
|
||||
|
||||
|
||||
def _normalize_credential_mode(value: str) -> str:
|
||||
clean = value.strip().casefold() or "none"
|
||||
if clean not in {"none", "anonymous", "basic", "token", "secret_ref"}:
|
||||
raise FileStorageError(f"Unsupported connector credential mode: {value}")
|
||||
return clean
|
||||
|
||||
|
||||
def _string_list(value: object) -> list[str]:
|
||||
if value is None:
|
||||
return []
|
||||
if isinstance(value, str):
|
||||
values = value.split(",")
|
||||
elif isinstance(value, (list, tuple, set)):
|
||||
values = value
|
||||
else:
|
||||
values = [value]
|
||||
return [str(item).strip() for item in values if str(item).strip()]
|
||||
|
||||
|
||||
def _clean(value: object) -> str | None:
|
||||
if value is None:
|
||||
return None
|
||||
text = str(value).strip()
|
||||
return text or None
|
||||
272
src/govoplan_files/backend/storage/connector_profiles.py
Normal file
272
src/govoplan_files/backend/storage/connector_profiles.py
Normal file
@@ -0,0 +1,272 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import json
|
||||
import os
|
||||
from collections.abc import Iterable, Mapping
|
||||
from dataclasses import dataclass, field
|
||||
from typing import Any
|
||||
|
||||
from govoplan_core.core.policy import normalize_policy_scope_type, policy_source_path
|
||||
from govoplan_files.backend.storage.connector_policy import ConnectorPolicySource, connector_policy_sources_from_payload
|
||||
|
||||
|
||||
_ENV_JSON_KEYS = ("GOVOPLAN_FILES_CONNECTOR_PROFILES_JSON", "FILES_CONNECTOR_PROFILES_JSON")
|
||||
_ENV_FILE_KEYS = ("GOVOPLAN_FILES_CONNECTOR_PROFILES_FILE", "FILES_CONNECTOR_PROFILES_FILE")
|
||||
_SUPPORTED_PROVIDERS = {"seafile", "nextcloud", "webdav", "smb", "nfs", "dms", "generic"}
|
||||
_INLINE_SECRET_FIELDS = ("password", "token", "api_key", "access_key", "secret_key")
|
||||
|
||||
|
||||
def supported_connector_providers() -> set[str]:
|
||||
return set(_SUPPORTED_PROVIDERS)
|
||||
|
||||
|
||||
@dataclass(frozen=True, slots=True)
|
||||
class ConnectorProfile:
|
||||
id: str
|
||||
label: str
|
||||
provider: str
|
||||
scope_type: str = "system"
|
||||
scope_id: str | None = None
|
||||
endpoint_url: str | None = None
|
||||
base_path: str | None = None
|
||||
enabled: bool = True
|
||||
credential_profile_id: str | None = None
|
||||
credential_profile_label: str | None = None
|
||||
credential_mode: str = "none"
|
||||
username: str | None = None
|
||||
password_env: str | None = None
|
||||
token_env: str | None = None
|
||||
secret_ref: str | None = None
|
||||
password_value: str | None = field(default=None, repr=False)
|
||||
token_value: str | None = field(default=None, repr=False)
|
||||
has_inline_secret: bool = False
|
||||
capabilities: tuple[str, ...] = ()
|
||||
policy_sources: tuple[ConnectorPolicySource, ...] = ()
|
||||
metadata: Mapping[str, Any] = field(default_factory=dict)
|
||||
source_kind: str = "settings"
|
||||
|
||||
@property
|
||||
def source_path(self) -> str:
|
||||
return policy_source_path(self.scope_type, self.scope_id)
|
||||
|
||||
@property
|
||||
def credential_source(self) -> str | None:
|
||||
if self.credential_profile_id:
|
||||
return "credential_profile"
|
||||
if self.secret_ref:
|
||||
return "secret_ref"
|
||||
if self.token_value or self.password_value:
|
||||
return "stored"
|
||||
if self.token_env:
|
||||
return "token_env"
|
||||
if self.password_env:
|
||||
return "password_env"
|
||||
if self.has_inline_secret:
|
||||
return "inline"
|
||||
return None
|
||||
|
||||
@property
|
||||
def credentials_configured(self) -> bool:
|
||||
mode = self.credential_mode.casefold()
|
||||
if mode in {"", "none", "anonymous"}:
|
||||
return True
|
||||
if self.secret_ref or self.has_inline_secret or self.password_value or self.token_value:
|
||||
return True
|
||||
if self.token_env:
|
||||
return bool(os.environ.get(self.token_env))
|
||||
if self.password_env:
|
||||
return bool(os.environ.get(self.password_env))
|
||||
return False
|
||||
|
||||
def to_response(self) -> dict[str, Any]:
|
||||
return {
|
||||
"id": self.id,
|
||||
"label": self.label,
|
||||
"provider": self.provider,
|
||||
"endpoint_url": self.endpoint_url,
|
||||
"base_path": self.base_path,
|
||||
"enabled": self.enabled,
|
||||
"scope_type": self.scope_type,
|
||||
"scope_id": self.scope_id,
|
||||
"source_path": self.source_path,
|
||||
"credential_profile_id": self.credential_profile_id,
|
||||
"credential_profile_label": self.credential_profile_label,
|
||||
"credential_mode": self.credential_mode,
|
||||
"credential_source": self.credential_source,
|
||||
"credentials_configured": self.credentials_configured,
|
||||
"username": self.username,
|
||||
"capabilities": list(self.capabilities),
|
||||
"policy_sources": [_policy_source_response(source) for source in self.policy_sources],
|
||||
"metadata": dict(self.metadata),
|
||||
"source_kind": self.source_kind,
|
||||
}
|
||||
|
||||
|
||||
def connector_profiles_from_settings(settings: object | None = None) -> list[ConnectorProfile]:
|
||||
raw = _raw_profiles_payload(settings)
|
||||
if raw in (None, ""):
|
||||
return []
|
||||
payload = json.loads(raw) if isinstance(raw, str) else raw
|
||||
return connector_profiles_from_payload(payload)
|
||||
|
||||
|
||||
def connector_profiles_from_payload(value: object) -> list[ConnectorProfile]:
|
||||
if isinstance(value, Mapping):
|
||||
raw_profiles = value.get("profiles", [])
|
||||
elif isinstance(value, list):
|
||||
raw_profiles = value
|
||||
else:
|
||||
raise ValueError("Connector profiles must be a JSON object with profiles or a list")
|
||||
if not isinstance(raw_profiles, list):
|
||||
raise ValueError("Connector profiles payload requires a profiles list")
|
||||
return [_profile_from_mapping(item) for item in raw_profiles if isinstance(item, Mapping)]
|
||||
|
||||
|
||||
def _profile_from_mapping(value: Mapping[str, Any]) -> ConnectorProfile:
|
||||
profile_id = _clean(value.get("id") or value.get("connector_id") or value.get("name"))
|
||||
if not profile_id:
|
||||
raise ValueError("Connector profiles require id")
|
||||
provider = (_clean(value.get("provider") or value.get("type")) or "generic").casefold()
|
||||
if provider not in _SUPPORTED_PROVIDERS:
|
||||
raise ValueError(f"Unsupported connector provider: {provider}")
|
||||
scope_type = normalize_policy_scope_type(str(value.get("scope_type") or "system"))
|
||||
scope_id = _clean(value.get("scope_id"))
|
||||
if scope_type == "system":
|
||||
scope_id = None
|
||||
elif not scope_id:
|
||||
raise ValueError(f"{scope_type} connector profiles require scope_id")
|
||||
|
||||
credentials = value.get("credentials")
|
||||
credentials = credentials if isinstance(credentials, Mapping) else {}
|
||||
mode = _clean(value.get("credential_mode") or value.get("auth_type") or credentials.get("mode") or credentials.get("type")) or "none"
|
||||
profile = ConnectorProfile(
|
||||
id=profile_id,
|
||||
label=_clean(value.get("label") or value.get("name")) or profile_id,
|
||||
provider=provider,
|
||||
endpoint_url=_clean(value.get("endpoint_url") or value.get("base_url") or value.get("url")),
|
||||
base_path=_clean(value.get("base_path") or value.get("path") or value.get("root")),
|
||||
enabled=_bool(value.get("enabled"), default=True),
|
||||
scope_type=scope_type,
|
||||
scope_id=scope_id,
|
||||
credential_profile_id=_clean(value.get("credential_profile_id") or value.get("credential_id")),
|
||||
credential_profile_label=_clean(value.get("credential_profile_label") or value.get("credential_label")),
|
||||
credential_mode=mode,
|
||||
username=_clean(value.get("username") or credentials.get("username")),
|
||||
password_env=_clean(value.get("password_env") or credentials.get("password_env")),
|
||||
token_env=_clean(value.get("token_env") or credentials.get("token_env")),
|
||||
secret_ref=_clean(value.get("secret_ref") or credentials.get("secret_ref")),
|
||||
password_value=_clean(value.get("password") or credentials.get("password")),
|
||||
token_value=_clean(value.get("token") or credentials.get("token")),
|
||||
has_inline_secret=any(_clean(value.get(field) or credentials.get(field)) for field in _INLINE_SECRET_FIELDS),
|
||||
capabilities=tuple(_string_list(value.get("capabilities"))),
|
||||
metadata=_public_metadata(value.get("metadata")),
|
||||
)
|
||||
return ConnectorProfile(
|
||||
id=profile.id,
|
||||
label=profile.label,
|
||||
provider=profile.provider,
|
||||
scope_type=profile.scope_type,
|
||||
scope_id=profile.scope_id,
|
||||
endpoint_url=profile.endpoint_url,
|
||||
base_path=profile.base_path,
|
||||
enabled=profile.enabled,
|
||||
credential_profile_id=profile.credential_profile_id,
|
||||
credential_profile_label=profile.credential_profile_label,
|
||||
credential_mode=profile.credential_mode,
|
||||
username=profile.username,
|
||||
password_env=profile.password_env,
|
||||
token_env=profile.token_env,
|
||||
secret_ref=profile.secret_ref,
|
||||
password_value=profile.password_value,
|
||||
token_value=profile.token_value,
|
||||
has_inline_secret=profile.has_inline_secret,
|
||||
capabilities=profile.capabilities,
|
||||
policy_sources=tuple(_policy_sources_from_profile(value, profile)),
|
||||
metadata=profile.metadata,
|
||||
source_kind="settings",
|
||||
)
|
||||
|
||||
|
||||
def _raw_profiles_payload(settings: object | None) -> object:
|
||||
for key in _ENV_JSON_KEYS:
|
||||
value = os.environ.get(key)
|
||||
if value:
|
||||
return value
|
||||
for key in _ENV_FILE_KEYS:
|
||||
path = os.environ.get(key)
|
||||
if path:
|
||||
with open(path, encoding="utf-8") as handle:
|
||||
return handle.read()
|
||||
if settings is not None:
|
||||
value = getattr(settings, "files_connector_profiles_json", None)
|
||||
if value:
|
||||
return value
|
||||
value = getattr(settings, "files_connector_profiles", None)
|
||||
if value:
|
||||
return value
|
||||
return None
|
||||
|
||||
|
||||
def _policy_sources_from_profile(value: Mapping[str, Any], profile: ConnectorProfile) -> list[ConnectorPolicySource]:
|
||||
raw_sources: list[Mapping[str, Any]] = []
|
||||
policy = value.get("policy")
|
||||
if isinstance(policy, Mapping):
|
||||
raw_sources.append({
|
||||
"scope_type": profile.scope_type,
|
||||
"scope_id": profile.scope_id,
|
||||
"label": profile.label,
|
||||
"policy": policy,
|
||||
})
|
||||
configured_sources = value.get("policy_sources") or value.get("connector_policy_sources")
|
||||
if configured_sources is not None:
|
||||
raw = connector_policy_sources_from_payload(configured_sources)
|
||||
raw_sources.extend(_policy_source_response(source) for source in raw)
|
||||
return connector_policy_sources_from_payload(raw_sources)
|
||||
|
||||
|
||||
def _policy_source_response(source: ConnectorPolicySource) -> dict[str, Any]:
|
||||
return {
|
||||
"scope_type": source.scope_type,
|
||||
"scope_id": source.scope_id,
|
||||
"label": source.label,
|
||||
"policy": dict(source.policy or {}),
|
||||
}
|
||||
|
||||
|
||||
def _public_metadata(value: object) -> Mapping[str, Any]:
|
||||
if not isinstance(value, Mapping):
|
||||
return {}
|
||||
return {
|
||||
str(key): item
|
||||
for key, item in value.items()
|
||||
if str(key).strip().casefold() not in _INLINE_SECRET_FIELDS
|
||||
}
|
||||
|
||||
|
||||
def _string_list(value: object) -> list[str]:
|
||||
if value is None:
|
||||
return []
|
||||
if isinstance(value, str):
|
||||
values: Iterable[object] = value.split(",")
|
||||
elif isinstance(value, Iterable) and not isinstance(value, (bytes, bytearray, Mapping)):
|
||||
values = value
|
||||
else:
|
||||
values = (value,)
|
||||
return [str(item).strip() for item in values if str(item).strip()]
|
||||
|
||||
|
||||
def _bool(value: object, *, default: bool) -> bool:
|
||||
if value is None:
|
||||
return default
|
||||
if isinstance(value, bool):
|
||||
return value
|
||||
if isinstance(value, str):
|
||||
return value.strip().casefold() not in {"0", "false", "no", "off"}
|
||||
return bool(value)
|
||||
|
||||
|
||||
def _clean(value: object) -> str | None:
|
||||
if value is None:
|
||||
return None
|
||||
text = str(value).strip()
|
||||
return text or None
|
||||
145
src/govoplan_files/backend/storage/connector_providers.py
Normal file
145
src/govoplan_files/backend/storage/connector_providers.py
Normal file
@@ -0,0 +1,145 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from dataclasses import dataclass
|
||||
from importlib.util import find_spec
|
||||
|
||||
|
||||
CONNECTOR_PROVIDER_CAPABILITY = "files.connector.providers"
|
||||
|
||||
|
||||
@dataclass(frozen=True, slots=True)
|
||||
class ConnectorProviderDescriptor:
|
||||
provider: str
|
||||
label: str
|
||||
protocol: str
|
||||
implemented: bool
|
||||
browse_supported: bool
|
||||
import_supported: bool
|
||||
optional_dependency: str | None
|
||||
permission_model: str
|
||||
sync_strategy: str
|
||||
conflict_strategy: str
|
||||
preview_strategy: str
|
||||
audit_events: tuple[str, ...]
|
||||
notes: str | None = None
|
||||
|
||||
def to_response(self) -> dict[str, object]:
|
||||
return {
|
||||
"provider": self.provider,
|
||||
"label": self.label,
|
||||
"protocol": self.protocol,
|
||||
"implemented": self.implemented,
|
||||
"installed": self.installed,
|
||||
"browse_supported": self.browse_supported,
|
||||
"import_supported": self.import_supported,
|
||||
"optional_dependency": self.optional_dependency,
|
||||
"permission_model": self.permission_model,
|
||||
"sync_strategy": self.sync_strategy,
|
||||
"conflict_strategy": self.conflict_strategy,
|
||||
"preview_strategy": self.preview_strategy,
|
||||
"audit_events": list(self.audit_events),
|
||||
"notes": self.notes,
|
||||
}
|
||||
|
||||
@property
|
||||
def installed(self) -> bool:
|
||||
if self.optional_dependency is None:
|
||||
return self.implemented
|
||||
return find_spec(self.optional_dependency) is not None
|
||||
|
||||
|
||||
def connector_provider_descriptors() -> tuple[ConnectorProviderDescriptor, ...]:
|
||||
freeze_model = "Imported or synced connector files become managed GovOPlaN files with frozen blob/version provenance."
|
||||
governed_permissions = "GovOPlaN profile scope and connector policy are enforced before browse/import/sync; remote ACLs are still evaluated by the upstream service."
|
||||
return (
|
||||
ConnectorProviderDescriptor(
|
||||
provider="seafile",
|
||||
label="Seafile",
|
||||
protocol="seafile-api",
|
||||
implemented=True,
|
||||
browse_supported=True,
|
||||
import_supported=True,
|
||||
optional_dependency=None,
|
||||
permission_model=governed_permissions,
|
||||
sync_strategy="On-demand browse/import/sync; sync updates the managed file version when source content changes and never mutates the remote source.",
|
||||
conflict_strategy="Managed import/sync uses existing files conflict_strategy handling: reject, overwrite, or rename.",
|
||||
preview_strategy="Previews are generated from the frozen managed file after import or sync.",
|
||||
audit_events=("files.connector.imported", "files.connector.synced", "files.connector.accessed"),
|
||||
notes="Native account-token API for libraries, directories, file detail, and download-link import; WebDAV opt-in remains available.",
|
||||
),
|
||||
ConnectorProviderDescriptor(
|
||||
provider="nextcloud",
|
||||
label="Nextcloud",
|
||||
protocol="webdav",
|
||||
implemented=True,
|
||||
browse_supported=True,
|
||||
import_supported=True,
|
||||
optional_dependency=None,
|
||||
permission_model=governed_permissions,
|
||||
sync_strategy="On-demand WebDAV browse/import/sync; sync updates the managed file version when source content changes and never mutates the remote source.",
|
||||
conflict_strategy="Managed import/sync uses existing files conflict_strategy handling: reject, overwrite, or rename.",
|
||||
preview_strategy="Previews are generated from the frozen managed file after import or sync.",
|
||||
audit_events=("files.connector.imported", "files.connector.synced", "files.connector.accessed"),
|
||||
notes="Uses the configured Nextcloud WebDAV endpoint, basic auth, or bearer token profile credentials.",
|
||||
),
|
||||
ConnectorProviderDescriptor(
|
||||
provider="webdav",
|
||||
label="WebDAV",
|
||||
protocol="webdav",
|
||||
implemented=True,
|
||||
browse_supported=True,
|
||||
import_supported=True,
|
||||
optional_dependency=None,
|
||||
permission_model=governed_permissions,
|
||||
sync_strategy="On-demand WebDAV browse/import/sync; sync updates the managed file version when source content changes and never mutates the remote source.",
|
||||
conflict_strategy="Managed import/sync uses existing files conflict_strategy handling: reject, overwrite, or rename.",
|
||||
preview_strategy="Previews are generated from the frozen managed file after import or sync.",
|
||||
audit_events=("files.connector.imported", "files.connector.synced", "files.connector.accessed"),
|
||||
notes="Generic WebDAV provider for standards-compatible stores.",
|
||||
),
|
||||
ConnectorProviderDescriptor(
|
||||
provider="smb",
|
||||
label="SMB",
|
||||
protocol="smb",
|
||||
implemented=True,
|
||||
browse_supported=True,
|
||||
import_supported=True,
|
||||
optional_dependency="smbprotocol",
|
||||
permission_model=governed_permissions,
|
||||
sync_strategy="On-demand browse/import/sync over administrator-declared shares; sync updates managed versions and never mutates the remote share.",
|
||||
conflict_strategy="Managed import/sync uses existing files conflict_strategy handling after download.",
|
||||
preview_strategy="Previews are generated from the frozen managed file after import or sync, not directly from the share.",
|
||||
audit_events=("files.connector.imported", "files.connector.synced", "files.connector.accessed"),
|
||||
notes="Requires the optional smbprotocol dependency and an smb://server[:port]/share[/path] profile endpoint.",
|
||||
),
|
||||
ConnectorProviderDescriptor(
|
||||
provider="nfs",
|
||||
label="NFS",
|
||||
protocol="nfs",
|
||||
implemented=False,
|
||||
browse_supported=False,
|
||||
import_supported=False,
|
||||
optional_dependency=None,
|
||||
permission_model=governed_permissions,
|
||||
sync_strategy="Planned optional provider over administrator-mounted paths or a sidecar service.",
|
||||
conflict_strategy="Will use managed import conflict_strategy handling after download.",
|
||||
preview_strategy="Will preview from frozen managed file after import, not directly from the mount.",
|
||||
audit_events=("files.connector.imported", "files.connector.synced", "files.connector.accessed"),
|
||||
notes="Kept optional because NFS availability is deployment and host-kernel dependent.",
|
||||
),
|
||||
ConnectorProviderDescriptor(
|
||||
provider="local",
|
||||
label="Local filesystem",
|
||||
protocol="file",
|
||||
implemented=False,
|
||||
browse_supported=False,
|
||||
import_supported=False,
|
||||
optional_dependency=None,
|
||||
permission_model="Local connector access should be restricted to administrator-declared roots plus GovOPlaN profile and policy checks.",
|
||||
sync_strategy="Planned optional provider; managed storage local backend already exists separately.",
|
||||
conflict_strategy=freeze_model,
|
||||
preview_strategy="Will preview from frozen managed file after import or sync.",
|
||||
audit_events=("files.connector.imported", "files.connector.synced", "files.connector.accessed"),
|
||||
notes="Separate from the existing managed-file local storage backend.",
|
||||
),
|
||||
)
|
||||
248
src/govoplan_files/backend/storage/connector_spaces.py
Normal file
248
src/govoplan_files/backend/storage/connector_spaces.py
Normal file
@@ -0,0 +1,248 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from collections.abc import Mapping
|
||||
from typing import Any
|
||||
|
||||
from sqlalchemy import false, or_
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from govoplan_files.backend.db.models import FileConnectorSpace
|
||||
from govoplan_files.backend.storage.access import ensure_owner_access, user_group_ids
|
||||
from govoplan_files.backend.storage.common import FileStorageError, utcnow
|
||||
from govoplan_files.backend.storage.connector_browse import normalize_connector_browse_path
|
||||
from govoplan_files.backend.storage.connector_profiles import ConnectorProfile
|
||||
|
||||
|
||||
SYNC_MODES = {"manual"}
|
||||
|
||||
|
||||
def connector_space_owner_id(space: FileConnectorSpace) -> str:
|
||||
return space.owner_user_id if space.owner_type == "user" else space.owner_group_id # type: ignore[return-value]
|
||||
|
||||
|
||||
def create_connector_space(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
owner_type: str,
|
||||
owner_id: str,
|
||||
user_id: str,
|
||||
label: str,
|
||||
profile: ConnectorProfile,
|
||||
library_id: str | None = None,
|
||||
remote_path: str | None = None,
|
||||
sync_mode: str = "manual",
|
||||
read_only: bool = True,
|
||||
metadata: Mapping[str, Any] | None = None,
|
||||
is_admin: bool = False,
|
||||
) -> FileConnectorSpace:
|
||||
owner_type = owner_type.lower().strip()
|
||||
ensure_owner_access(session, tenant_id=tenant_id, owner_type=owner_type, owner_id=owner_id, user_id=user_id, is_admin=is_admin)
|
||||
label = _normalize_label(label)
|
||||
sync_mode = _normalize_sync_mode(sync_mode)
|
||||
remote_path = normalize_connector_browse_path(remote_path)
|
||||
library_id = _clean_optional(library_id)
|
||||
|
||||
existing = _owned_query(session, tenant_id=tenant_id, owner_type=owner_type, owner_id=owner_id).filter(
|
||||
FileConnectorSpace.label == label,
|
||||
FileConnectorSpace.deleted_at.is_(None),
|
||||
).first()
|
||||
if existing is not None:
|
||||
raise FileStorageError(f"Connector space already exists: {label}")
|
||||
|
||||
space = FileConnectorSpace(
|
||||
tenant_id=tenant_id,
|
||||
owner_type=owner_type,
|
||||
owner_user_id=owner_id if owner_type == "user" else None,
|
||||
owner_group_id=owner_id if owner_type == "group" else None,
|
||||
label=label,
|
||||
connector_profile_id=profile.id,
|
||||
provider=profile.provider,
|
||||
library_id=library_id,
|
||||
remote_path=remote_path,
|
||||
sync_mode=sync_mode,
|
||||
read_only=read_only,
|
||||
is_active=True,
|
||||
created_by_user_id=user_id,
|
||||
metadata_=dict(metadata or {}),
|
||||
)
|
||||
session.add(space)
|
||||
session.flush()
|
||||
return space
|
||||
|
||||
|
||||
def list_connector_spaces_for_user(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
user_id: str,
|
||||
owner_type: str | None = None,
|
||||
owner_id: str | None = None,
|
||||
include_inactive: bool = False,
|
||||
is_admin: bool = False,
|
||||
) -> list[FileConnectorSpace]:
|
||||
query = session.query(FileConnectorSpace).filter(
|
||||
FileConnectorSpace.tenant_id == tenant_id,
|
||||
FileConnectorSpace.deleted_at.is_(None),
|
||||
)
|
||||
if not include_inactive:
|
||||
query = query.filter(FileConnectorSpace.is_active.is_(True))
|
||||
|
||||
if owner_type:
|
||||
if not owner_id:
|
||||
raise FileStorageError("owner_id is required when owner_type is set")
|
||||
owner_type = owner_type.lower().strip()
|
||||
ensure_owner_access(session, tenant_id=tenant_id, owner_type=owner_type, owner_id=owner_id, user_id=user_id, is_admin=is_admin)
|
||||
query = _owner_filter(query, owner_type, owner_id)
|
||||
elif not is_admin:
|
||||
group_ids = user_group_ids(session, tenant_id=tenant_id, user_id=user_id)
|
||||
query = query.filter(
|
||||
or_(
|
||||
FileConnectorSpace.owner_user_id == user_id,
|
||||
FileConnectorSpace.owner_group_id.in_(group_ids) if group_ids else false(),
|
||||
)
|
||||
)
|
||||
|
||||
return query.order_by(FileConnectorSpace.owner_type.asc(), FileConnectorSpace.label.asc()).all()
|
||||
|
||||
|
||||
def get_connector_space_for_user(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
user_id: str,
|
||||
space_id: str,
|
||||
include_inactive: bool = False,
|
||||
is_admin: bool = False,
|
||||
) -> FileConnectorSpace:
|
||||
query = session.query(FileConnectorSpace).filter(
|
||||
FileConnectorSpace.id == space_id,
|
||||
FileConnectorSpace.tenant_id == tenant_id,
|
||||
FileConnectorSpace.deleted_at.is_(None),
|
||||
)
|
||||
if not include_inactive:
|
||||
query = query.filter(FileConnectorSpace.is_active.is_(True))
|
||||
space = query.one_or_none()
|
||||
if space is None:
|
||||
raise FileStorageError("Connector space not found")
|
||||
ensure_owner_access(
|
||||
session,
|
||||
tenant_id=tenant_id,
|
||||
owner_type=space.owner_type,
|
||||
owner_id=connector_space_owner_id(space),
|
||||
user_id=user_id,
|
||||
is_admin=is_admin,
|
||||
)
|
||||
return space
|
||||
|
||||
|
||||
def update_connector_space(
|
||||
session: Session,
|
||||
space: FileConnectorSpace,
|
||||
*,
|
||||
user_id: str,
|
||||
label: str | None = None,
|
||||
library_id: str | None = None,
|
||||
remote_path: str | None = None,
|
||||
sync_mode: str | None = None,
|
||||
is_active: bool | None = None,
|
||||
metadata: Mapping[str, Any] | None = None,
|
||||
is_admin: bool = False,
|
||||
) -> FileConnectorSpace:
|
||||
ensure_owner_access(
|
||||
session,
|
||||
tenant_id=space.tenant_id,
|
||||
owner_type=space.owner_type,
|
||||
owner_id=connector_space_owner_id(space),
|
||||
user_id=user_id,
|
||||
is_admin=is_admin,
|
||||
)
|
||||
if label is not None:
|
||||
new_label = _normalize_label(label)
|
||||
existing = _owned_query(
|
||||
session,
|
||||
tenant_id=space.tenant_id,
|
||||
owner_type=space.owner_type,
|
||||
owner_id=connector_space_owner_id(space),
|
||||
).filter(
|
||||
FileConnectorSpace.id != space.id,
|
||||
FileConnectorSpace.label == new_label,
|
||||
FileConnectorSpace.deleted_at.is_(None),
|
||||
).first()
|
||||
if existing is not None:
|
||||
raise FileStorageError(f"Connector space already exists: {new_label}")
|
||||
space.label = new_label
|
||||
if library_id is not None:
|
||||
space.library_id = _clean_optional(library_id)
|
||||
if remote_path is not None:
|
||||
space.remote_path = normalize_connector_browse_path(remote_path)
|
||||
if sync_mode is not None:
|
||||
space.sync_mode = _normalize_sync_mode(sync_mode)
|
||||
if is_active is not None:
|
||||
space.is_active = bool(is_active)
|
||||
if metadata is not None:
|
||||
space.metadata_ = dict(metadata)
|
||||
session.add(space)
|
||||
session.flush()
|
||||
return space
|
||||
|
||||
|
||||
def soft_delete_connector_space(
|
||||
session: Session,
|
||||
space: FileConnectorSpace,
|
||||
*,
|
||||
user_id: str,
|
||||
is_admin: bool = False,
|
||||
) -> FileConnectorSpace:
|
||||
ensure_owner_access(
|
||||
session,
|
||||
tenant_id=space.tenant_id,
|
||||
owner_type=space.owner_type,
|
||||
owner_id=connector_space_owner_id(space),
|
||||
user_id=user_id,
|
||||
is_admin=is_admin,
|
||||
)
|
||||
space.deleted_at = utcnow()
|
||||
space.is_active = False
|
||||
session.add(space)
|
||||
session.flush()
|
||||
return space
|
||||
|
||||
|
||||
def _owned_query(session: Session, *, tenant_id: str, owner_type: str, owner_id: str):
|
||||
query = session.query(FileConnectorSpace).filter(
|
||||
FileConnectorSpace.tenant_id == tenant_id,
|
||||
FileConnectorSpace.owner_type == owner_type,
|
||||
)
|
||||
return _owner_filter(query, owner_type, owner_id)
|
||||
|
||||
|
||||
def _owner_filter(query, owner_type: str, owner_id: str):
|
||||
if owner_type == "user":
|
||||
return query.filter(FileConnectorSpace.owner_user_id == owner_id)
|
||||
if owner_type == "group":
|
||||
return query.filter(FileConnectorSpace.owner_group_id == owner_id)
|
||||
raise FileStorageError("Files must be owned by a user or group")
|
||||
|
||||
|
||||
def _normalize_label(value: str) -> str:
|
||||
label = value.strip()
|
||||
if not label:
|
||||
raise FileStorageError("Connector space label is required")
|
||||
if len(label) > 255:
|
||||
raise FileStorageError("Connector space label is too long")
|
||||
return label
|
||||
|
||||
|
||||
def _normalize_sync_mode(value: str) -> str:
|
||||
mode = value.strip().casefold()
|
||||
if mode not in SYNC_MODES:
|
||||
raise FileStorageError(f"Unsupported connector space sync mode: {value}")
|
||||
return mode
|
||||
|
||||
|
||||
def _clean_optional(value: object) -> str | None:
|
||||
if value is None:
|
||||
return None
|
||||
text = str(value).strip()
|
||||
return text or None
|
||||
@@ -6,17 +6,32 @@ from pathlib import PurePosixPath
|
||||
from typing import Any, Iterable
|
||||
from uuid import uuid4
|
||||
|
||||
from sqlalchemy import or_
|
||||
from sqlalchemy import and_, or_
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from govoplan_core.db.models import Group, Tenant, User
|
||||
from govoplan_campaign.backend.db.models import Campaign
|
||||
from govoplan_core.core.campaigns import CAPABILITY_CAMPAIGNS_ACCESS, CampaignAccessProvider
|
||||
from govoplan_files.backend.db.models import CampaignAttachmentUse, FileAsset, FileBlob, FileShare, FileVersion
|
||||
from govoplan_files.backend.runtime import settings
|
||||
from govoplan_files.backend.storage.access import ensure_owner_access, user_group_ids
|
||||
from govoplan_files.backend.runtime import get_registry, settings
|
||||
from govoplan_files.backend.storage.access import ensure_owner_access, ensure_share_target_exists, user_group_ids
|
||||
from govoplan_files.backend.storage.backends import StorageBackendError, get_storage_backend
|
||||
from govoplan_files.backend.storage.common import FileConflictResolution, FileStorageError, UploadedStoredFile, utcnow
|
||||
from govoplan_files.backend.storage.paths import filename_from_path, join_folder_filename, normalize_folder, normalize_logical_path, safe_storage_component
|
||||
from govoplan_files.backend.storage.provenance import source_provenance_from_metadata
|
||||
|
||||
|
||||
def _campaign_access_provider() -> CampaignAccessProvider:
|
||||
registry = get_registry()
|
||||
if registry is None or not hasattr(registry, "has_capability") or not registry.has_capability(CAPABILITY_CAMPAIGNS_ACCESS):
|
||||
raise FileStorageError("Campaign module is not installed")
|
||||
capability = registry.require_capability(CAPABILITY_CAMPAIGNS_ACCESS)
|
||||
if not isinstance(capability, CampaignAccessProvider):
|
||||
raise FileStorageError("Campaign access capability is invalid")
|
||||
return capability
|
||||
|
||||
|
||||
def _ensure_campaign_exists(session: Session, *, tenant_id: str, campaign_id: str) -> None:
|
||||
if not _campaign_access_provider().campaign_exists(session, tenant_id=tenant_id, campaign_id=campaign_id):
|
||||
raise FileStorageError("Campaign not found")
|
||||
|
||||
|
||||
def _asset_query_for_owner(session: Session, *, tenant_id: str, owner_type: str, owner_id: str):
|
||||
@@ -167,6 +182,136 @@ def create_file_asset(
|
||||
return UploadedStoredFile(asset=asset, version=version, blob=blob)
|
||||
|
||||
|
||||
def sync_file_asset_from_source(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
owner_type: str,
|
||||
owner_id: str,
|
||||
user_id: str,
|
||||
filename: str,
|
||||
data: bytes,
|
||||
metadata: dict[str, Any],
|
||||
folder: str | None = None,
|
||||
display_path: str | None = None,
|
||||
content_type: str | None = None,
|
||||
campaign_id: str | None = None,
|
||||
conflict_strategy: str = "rename",
|
||||
is_admin: bool = False,
|
||||
) -> tuple[UploadedStoredFile, str, str | None]:
|
||||
owner_type = owner_type.lower().strip()
|
||||
ensure_owner_access(session, tenant_id=tenant_id, owner_type=owner_type, owner_id=owner_id, user_id=user_id, is_admin=is_admin)
|
||||
provenance = source_provenance_from_metadata(metadata)
|
||||
if not provenance:
|
||||
raise FileStorageError("Connector sync requires source provenance")
|
||||
existing = find_asset_by_source(
|
||||
session,
|
||||
tenant_id=tenant_id,
|
||||
owner_type=owner_type,
|
||||
owner_id=owner_id,
|
||||
source_provenance=provenance,
|
||||
)
|
||||
if existing is None:
|
||||
stored = create_file_asset(
|
||||
session,
|
||||
tenant_id=tenant_id,
|
||||
owner_type=owner_type,
|
||||
owner_id=owner_id,
|
||||
user_id=user_id,
|
||||
filename=filename,
|
||||
data=data,
|
||||
folder=folder,
|
||||
display_path=display_path,
|
||||
content_type=content_type,
|
||||
metadata=metadata,
|
||||
campaign_id=campaign_id,
|
||||
conflict_strategy=conflict_strategy,
|
||||
is_admin=is_admin,
|
||||
)
|
||||
return stored, "created", None
|
||||
|
||||
previous_version_id = existing.current_version_id
|
||||
stored, action = update_file_asset_content(
|
||||
session,
|
||||
existing,
|
||||
tenant_id=tenant_id,
|
||||
user_id=user_id,
|
||||
filename=filename,
|
||||
data=data,
|
||||
content_type=content_type,
|
||||
metadata=metadata,
|
||||
)
|
||||
if campaign_id:
|
||||
share_file(session, tenant_id=tenant_id, asset=existing, target_type="campaign", target_id=campaign_id, permission="read", user_id=user_id)
|
||||
return stored, action, previous_version_id
|
||||
|
||||
|
||||
def find_asset_by_source(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
owner_type: str,
|
||||
owner_id: str,
|
||||
source_provenance: dict[str, Any],
|
||||
) -> FileAsset | None:
|
||||
wanted = _source_identity(source_provenance)
|
||||
if wanted is None:
|
||||
return None
|
||||
assets = (
|
||||
_asset_query_for_owner(session, tenant_id=tenant_id, owner_type=owner_type, owner_id=owner_id)
|
||||
.filter(FileAsset.deleted_at.is_(None))
|
||||
.order_by(FileAsset.updated_at.desc())
|
||||
.all()
|
||||
)
|
||||
for asset in assets:
|
||||
if _source_identity(source_provenance_from_metadata(asset.metadata_ or {})) == wanted:
|
||||
return asset
|
||||
return None
|
||||
|
||||
|
||||
def update_file_asset_content(
|
||||
session: Session,
|
||||
asset: FileAsset,
|
||||
*,
|
||||
tenant_id: str,
|
||||
user_id: str,
|
||||
filename: str,
|
||||
data: bytes,
|
||||
content_type: str | None,
|
||||
metadata: dict[str, Any],
|
||||
) -> tuple[UploadedStoredFile, str]:
|
||||
if asset.tenant_id != tenant_id or asset.deleted_at is not None:
|
||||
raise FileStorageError("File not found")
|
||||
safe_filename = filename_from_path(normalize_logical_path(filename, fallback_filename="file"))
|
||||
if not content_type:
|
||||
content_type = mimetypes.guess_type(safe_filename)[0] or "application/octet-stream"
|
||||
current_version, current_blob = current_version_and_blob(session, asset)
|
||||
checksum = hashlib.sha256(data).hexdigest()
|
||||
asset.metadata_ = metadata
|
||||
session.add(asset)
|
||||
if current_blob.checksum_sha256 == checksum and current_blob.size_bytes == len(data):
|
||||
return UploadedStoredFile(asset=asset, version=current_version, blob=current_blob), "unchanged"
|
||||
|
||||
blob = _get_or_create_blob(session, tenant_id=tenant_id, data=data, filename=safe_filename, content_type=content_type)
|
||||
version = FileVersion(
|
||||
tenant_id=tenant_id,
|
||||
file_asset_id=asset.id,
|
||||
blob_id=blob.id,
|
||||
version_number=_next_version_number(session, asset.id),
|
||||
filename_at_upload=safe_filename,
|
||||
display_path_at_upload=asset.display_path,
|
||||
content_type=content_type,
|
||||
size_bytes=blob.size_bytes,
|
||||
checksum_sha256=blob.checksum_sha256,
|
||||
created_by_user_id=user_id,
|
||||
)
|
||||
session.add(version)
|
||||
session.flush()
|
||||
asset.current_version_id = version.id
|
||||
session.add(asset)
|
||||
return UploadedStoredFile(asset=asset, version=version, blob=blob), "updated"
|
||||
|
||||
|
||||
def get_asset_for_user(session: Session, *, tenant_id: str, user_id: str, asset_id: str, require_write: bool = False, is_admin: bool = False) -> FileAsset:
|
||||
asset = session.get(FileAsset, asset_id)
|
||||
if not asset or asset.tenant_id != tenant_id or asset.deleted_at is not None:
|
||||
@@ -210,6 +355,71 @@ def list_assets_for_user(
|
||||
include_deleted: bool = False,
|
||||
is_admin: bool = False,
|
||||
) -> list[FileAsset]:
|
||||
query = _asset_visibility_query_for_user(
|
||||
session,
|
||||
tenant_id=tenant_id,
|
||||
user_id=user_id,
|
||||
owner_type=owner_type,
|
||||
owner_id=owner_id,
|
||||
campaign_id=campaign_id,
|
||||
path_prefix=path_prefix,
|
||||
include_deleted=include_deleted,
|
||||
is_admin=is_admin,
|
||||
)
|
||||
return query.order_by(FileAsset.display_path.asc(), FileAsset.updated_at.desc(), FileAsset.id.asc()).all()
|
||||
|
||||
|
||||
def list_assets_for_user_window(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
user_id: str,
|
||||
owner_type: str | None = None,
|
||||
owner_id: str | None = None,
|
||||
campaign_id: str | None = None,
|
||||
path_prefix: str | None = None,
|
||||
include_deleted: bool = False,
|
||||
is_admin: bool = False,
|
||||
page_size: int,
|
||||
after_display_path: str | None = None,
|
||||
after_updated_at=None,
|
||||
after_id: str | None = None,
|
||||
) -> tuple[list[FileAsset], bool]:
|
||||
query = _asset_visibility_query_for_user(
|
||||
session,
|
||||
tenant_id=tenant_id,
|
||||
user_id=user_id,
|
||||
owner_type=owner_type,
|
||||
owner_id=owner_id,
|
||||
campaign_id=campaign_id,
|
||||
path_prefix=path_prefix,
|
||||
include_deleted=include_deleted,
|
||||
is_admin=is_admin,
|
||||
)
|
||||
if after_display_path is not None and after_updated_at is not None and after_id:
|
||||
query = query.filter(
|
||||
or_(
|
||||
FileAsset.display_path > after_display_path,
|
||||
and_(FileAsset.display_path == after_display_path, FileAsset.updated_at < after_updated_at),
|
||||
and_(FileAsset.display_path == after_display_path, FileAsset.updated_at == after_updated_at, FileAsset.id > after_id),
|
||||
)
|
||||
)
|
||||
rows = query.order_by(FileAsset.display_path.asc(), FileAsset.updated_at.desc(), FileAsset.id.asc()).limit(page_size + 1).all()
|
||||
return rows[:page_size], len(rows) > page_size
|
||||
|
||||
|
||||
def _asset_visibility_query_for_user(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
user_id: str,
|
||||
owner_type: str | None = None,
|
||||
owner_id: str | None = None,
|
||||
campaign_id: str | None = None,
|
||||
path_prefix: str | None = None,
|
||||
include_deleted: bool = False,
|
||||
is_admin: bool = False,
|
||||
):
|
||||
query = session.query(FileAsset).filter(FileAsset.tenant_id == tenant_id)
|
||||
if not include_deleted:
|
||||
query = query.filter(FileAsset.deleted_at.is_(None))
|
||||
@@ -241,7 +451,7 @@ def list_assets_for_user(
|
||||
prefix = normalize_folder(path_prefix)
|
||||
if prefix:
|
||||
query = query.filter(FileAsset.display_path.like(f"{prefix}/%"))
|
||||
return query.order_by(FileAsset.display_path.asc(), FileAsset.updated_at.desc()).all()
|
||||
return query
|
||||
|
||||
|
||||
def current_version_and_blob(session: Session, asset: FileAsset) -> tuple[FileVersion, FileBlob]:
|
||||
@@ -256,6 +466,32 @@ def current_version_and_blob(session: Session, asset: FileAsset) -> tuple[FileVe
|
||||
return version, blob
|
||||
|
||||
|
||||
def current_versions_and_blobs(session: Session, assets: Iterable[FileAsset]) -> dict[str, tuple[FileVersion, FileBlob]]:
|
||||
asset_list = list(assets)
|
||||
if not asset_list:
|
||||
return {}
|
||||
version_ids = [asset.current_version_id for asset in asset_list if asset.current_version_id]
|
||||
if len(version_ids) != len(asset_list):
|
||||
raise FileStorageError("File has no current version")
|
||||
|
||||
rows: list[tuple[FileVersion, FileBlob]] = []
|
||||
for chunk in _chunks(version_ids):
|
||||
rows.extend(
|
||||
session.query(FileVersion, FileBlob)
|
||||
.join(FileBlob, FileBlob.id == FileVersion.blob_id)
|
||||
.filter(FileVersion.id.in_(chunk))
|
||||
.all()
|
||||
)
|
||||
by_version_id = {version.id: (version, blob) for version, blob in rows}
|
||||
result: dict[str, tuple[FileVersion, FileBlob]] = {}
|
||||
for asset in asset_list:
|
||||
version_blob = by_version_id.get(asset.current_version_id or "")
|
||||
if not version_blob:
|
||||
raise FileStorageError("File version not found")
|
||||
result[asset.id] = version_blob
|
||||
return result
|
||||
|
||||
|
||||
def read_asset_bytes(session: Session, asset: FileAsset) -> tuple[bytes, FileVersion, FileBlob]:
|
||||
version, blob = current_version_and_blob(session, asset)
|
||||
backend = get_storage_backend()
|
||||
@@ -283,22 +519,10 @@ def share_file(
|
||||
raise FileStorageError("Unsupported share target")
|
||||
if permission not in {"read", "write", "manage"}:
|
||||
raise FileStorageError("Unsupported file permission")
|
||||
if target_type == "user":
|
||||
target_user = session.get(User, target_id)
|
||||
if not target_user or target_user.tenant_id != tenant_id or not target_user.is_active:
|
||||
raise FileStorageError("User not found")
|
||||
if target_type == "group":
|
||||
group = session.get(Group, target_id)
|
||||
if not group or group.tenant_id != tenant_id or not group.is_active:
|
||||
raise FileStorageError("Group not found")
|
||||
if target_type == "tenant":
|
||||
tenant = session.get(Tenant, target_id)
|
||||
if target_id != tenant_id or not tenant or not tenant.is_active:
|
||||
raise FileStorageError("Tenant not found")
|
||||
if target_type in {"user", "group", "tenant"}:
|
||||
ensure_share_target_exists(tenant_id=tenant_id, target_type=target_type, target_id=target_id)
|
||||
if target_type == "campaign":
|
||||
campaign = session.get(Campaign, target_id)
|
||||
if not campaign or campaign.tenant_id != tenant_id:
|
||||
raise FileStorageError("Campaign not found")
|
||||
_ensure_campaign_exists(session, tenant_id=tenant_id, campaign_id=target_id)
|
||||
existing = (
|
||||
session.query(FileShare)
|
||||
.filter(
|
||||
@@ -326,6 +550,66 @@ def share_file(
|
||||
return share
|
||||
|
||||
|
||||
def share_files(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
assets: Iterable[FileAsset],
|
||||
target_type: str,
|
||||
target_id: str,
|
||||
permission: str,
|
||||
user_id: str,
|
||||
) -> list[FileShare]:
|
||||
target_type = target_type.lower().strip()
|
||||
permission = permission.lower().strip()
|
||||
if target_type not in {"user", "group", "campaign", "tenant"}:
|
||||
raise FileStorageError("Unsupported share target")
|
||||
if permission not in {"read", "write", "manage"}:
|
||||
raise FileStorageError("Unsupported file permission")
|
||||
if target_type in {"user", "group", "tenant"}:
|
||||
ensure_share_target_exists(tenant_id=tenant_id, target_type=target_type, target_id=target_id)
|
||||
if target_type == "campaign":
|
||||
_ensure_campaign_exists(session, tenant_id=tenant_id, campaign_id=target_id)
|
||||
|
||||
asset_list = list(assets)
|
||||
if not asset_list:
|
||||
return []
|
||||
for asset in asset_list:
|
||||
if asset.tenant_id != tenant_id:
|
||||
raise FileStorageError("File not found")
|
||||
|
||||
existing_by_asset: dict[str, FileShare] = {}
|
||||
for share in session.query(FileShare).filter(
|
||||
FileShare.tenant_id == tenant_id,
|
||||
FileShare.file_asset_id.in_([asset.id for asset in asset_list]),
|
||||
FileShare.target_type == target_type,
|
||||
FileShare.target_id == target_id,
|
||||
FileShare.revoked_at.is_(None),
|
||||
).all():
|
||||
existing_by_asset.setdefault(share.file_asset_id, share)
|
||||
|
||||
shares: list[FileShare] = []
|
||||
for asset in asset_list:
|
||||
existing = existing_by_asset.get(asset.id)
|
||||
if existing:
|
||||
existing.permission = permission
|
||||
session.add(existing)
|
||||
shares.append(existing)
|
||||
continue
|
||||
share = FileShare(
|
||||
tenant_id=tenant_id,
|
||||
file_asset_id=asset.id,
|
||||
target_type=target_type,
|
||||
target_id=target_id,
|
||||
permission=permission,
|
||||
created_by_user_id=user_id,
|
||||
)
|
||||
session.add(share)
|
||||
shares.append(share)
|
||||
return shares
|
||||
|
||||
|
||||
|
||||
def soft_delete_assets(session: Session, assets: Iterable[FileAsset]) -> int:
|
||||
count = 0
|
||||
now = utcnow()
|
||||
@@ -354,6 +638,11 @@ def _asset_owner_id(asset: FileAsset) -> str:
|
||||
raise FileStorageError("File has no valid owner")
|
||||
|
||||
|
||||
def _chunks(values: list[str], size: int = 900):
|
||||
for index in range(0, len(values), size):
|
||||
yield values[index:index + size]
|
||||
|
||||
|
||||
def _active_asset_exists(session: Session, *, tenant_id: str, owner_type: str, owner_id: str, path: str, exclude_asset_id: str | None = None) -> bool:
|
||||
return _active_asset_at_path(
|
||||
session,
|
||||
@@ -460,6 +749,39 @@ def _normalize_conflict_strategy(strategy: str | None) -> str:
|
||||
return normalized
|
||||
|
||||
|
||||
def _next_version_number(session: Session, asset_id: str) -> int:
|
||||
row = (
|
||||
session.query(FileVersion.version_number)
|
||||
.filter(FileVersion.file_asset_id == asset_id)
|
||||
.order_by(FileVersion.version_number.desc())
|
||||
.first()
|
||||
)
|
||||
return (int(row[0]) if row else 0) + 1
|
||||
|
||||
|
||||
def _source_identity(provenance: dict[str, Any] | None) -> tuple[object, ...] | None:
|
||||
if not provenance:
|
||||
return None
|
||||
connector_id = _clean_identity(provenance.get("connector_id"))
|
||||
provider = _clean_identity(provenance.get("provider"))
|
||||
external_id = _clean_identity(provenance.get("external_id"))
|
||||
if connector_id and external_id:
|
||||
return ("external_id", connector_id, provider, external_id)
|
||||
external_path = _clean_identity(provenance.get("external_path"))
|
||||
metadata = provenance.get("metadata") if isinstance(provenance.get("metadata"), dict) else {}
|
||||
library_id = _clean_identity(metadata.get("library_id") or metadata.get("profile_id") or metadata.get("share"))
|
||||
if connector_id and external_path:
|
||||
return ("external_path", connector_id, provider, library_id, external_path)
|
||||
return None
|
||||
|
||||
|
||||
def _clean_identity(value: object) -> str | None:
|
||||
if value is None:
|
||||
return None
|
||||
text = str(value).strip()
|
||||
return text or None
|
||||
|
||||
|
||||
def _copy_asset_to_path(
|
||||
session: Session,
|
||||
asset: FileAsset,
|
||||
|
||||
@@ -68,13 +68,63 @@ def list_folders_for_user(
|
||||
include_deleted: bool = False,
|
||||
is_admin: bool = False,
|
||||
) -> list[FileFolder]:
|
||||
query = _folder_visibility_query_for_user(
|
||||
session,
|
||||
tenant_id=tenant_id,
|
||||
user_id=user_id,
|
||||
owner_type=owner_type,
|
||||
owner_id=owner_id,
|
||||
include_deleted=include_deleted,
|
||||
is_admin=is_admin,
|
||||
)
|
||||
return query.order_by(FileFolder.path.asc(), FileFolder.id.asc()).all()
|
||||
|
||||
|
||||
def list_folders_for_user_window(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
user_id: str,
|
||||
owner_type: str,
|
||||
owner_id: str,
|
||||
include_deleted: bool = False,
|
||||
is_admin: bool = False,
|
||||
page_size: int,
|
||||
after_path: str | None = None,
|
||||
after_id: str | None = None,
|
||||
) -> tuple[list[FileFolder], bool]:
|
||||
query = _folder_visibility_query_for_user(
|
||||
session,
|
||||
tenant_id=tenant_id,
|
||||
user_id=user_id,
|
||||
owner_type=owner_type,
|
||||
owner_id=owner_id,
|
||||
include_deleted=include_deleted,
|
||||
is_admin=is_admin,
|
||||
)
|
||||
if after_path is not None and after_id:
|
||||
query = query.filter(or_(FileFolder.path > after_path, (FileFolder.path == after_path) & (FileFolder.id > after_id)))
|
||||
rows = query.order_by(FileFolder.path.asc(), FileFolder.id.asc()).limit(page_size + 1).all()
|
||||
return rows[:page_size], len(rows) > page_size
|
||||
|
||||
|
||||
def _folder_visibility_query_for_user(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
user_id: str,
|
||||
owner_type: str,
|
||||
owner_id: str,
|
||||
include_deleted: bool = False,
|
||||
is_admin: bool = False,
|
||||
):
|
||||
owner_type = owner_type.lower().strip()
|
||||
ensure_owner_access(session, tenant_id=tenant_id, owner_type=owner_type, owner_id=owner_id, user_id=user_id, is_admin=is_admin)
|
||||
query = session.query(FileFolder).filter(FileFolder.tenant_id == tenant_id, FileFolder.owner_type == owner_type)
|
||||
query = _owner_filter(query, owner_type, owner_id)
|
||||
if not include_deleted:
|
||||
query = query.filter(FileFolder.deleted_at.is_(None))
|
||||
return query.order_by(FileFolder.path.asc()).all()
|
||||
return query
|
||||
|
||||
|
||||
def soft_delete_folder(
|
||||
|
||||
90
src/govoplan_files/backend/storage/provenance.py
Normal file
90
src/govoplan_files/backend/storage/provenance.py
Normal file
@@ -0,0 +1,90 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from collections.abc import Mapping
|
||||
from typing import Any
|
||||
|
||||
|
||||
SOURCE_PROVENANCE_METADATA_KEY = "source_provenance"
|
||||
SOURCE_REVISION_METADATA_KEY = "source_revision"
|
||||
|
||||
_PROVENANCE_STRING_FIELDS = {
|
||||
"source_type",
|
||||
"connector_id",
|
||||
"provider",
|
||||
"external_id",
|
||||
"external_path",
|
||||
"external_url",
|
||||
"revision",
|
||||
"revision_label",
|
||||
"observed_at",
|
||||
"imported_at",
|
||||
}
|
||||
|
||||
|
||||
def normalize_source_revision(value: object) -> str | None:
|
||||
if value is None:
|
||||
return None
|
||||
text = str(value).strip()
|
||||
return text or None
|
||||
|
||||
|
||||
def normalize_source_provenance(value: object, *, source_revision: object = None) -> dict[str, Any] | None:
|
||||
if value is None:
|
||||
revision = normalize_source_revision(source_revision)
|
||||
return {"revision": revision} if revision else None
|
||||
if not isinstance(value, Mapping):
|
||||
raise ValueError("source_provenance must be a JSON object")
|
||||
|
||||
payload: dict[str, Any] = {}
|
||||
for field in _PROVENANCE_STRING_FIELDS:
|
||||
normalized = normalize_source_revision(value.get(field))
|
||||
if normalized:
|
||||
payload[field] = normalized
|
||||
|
||||
extra = value.get("metadata")
|
||||
if isinstance(extra, Mapping) and extra:
|
||||
payload["metadata"] = dict(extra)
|
||||
elif extra is not None and extra != "":
|
||||
raise ValueError("source_provenance.metadata must be a JSON object")
|
||||
|
||||
revision = normalize_source_revision(source_revision)
|
||||
if revision:
|
||||
payload["revision"] = revision
|
||||
return payload or None
|
||||
|
||||
|
||||
def source_metadata(
|
||||
*,
|
||||
existing: Mapping[str, Any] | None = None,
|
||||
source_provenance: object = None,
|
||||
source_revision: object = None,
|
||||
) -> dict[str, Any] | None:
|
||||
payload = dict(existing or {})
|
||||
normalized_provenance = normalize_source_provenance(source_provenance, source_revision=source_revision)
|
||||
normalized_revision = normalize_source_revision(source_revision)
|
||||
if normalized_provenance:
|
||||
payload[SOURCE_PROVENANCE_METADATA_KEY] = normalized_provenance
|
||||
if normalized_revision:
|
||||
payload[SOURCE_REVISION_METADATA_KEY] = normalized_revision
|
||||
elif normalized_provenance and normalized_provenance.get("revision"):
|
||||
payload[SOURCE_REVISION_METADATA_KEY] = str(normalized_provenance["revision"])
|
||||
return payload or None
|
||||
|
||||
|
||||
def source_provenance_from_metadata(metadata: Mapping[str, Any] | None) -> dict[str, Any] | None:
|
||||
if not isinstance(metadata, Mapping):
|
||||
return None
|
||||
value = metadata.get(SOURCE_PROVENANCE_METADATA_KEY)
|
||||
if isinstance(value, Mapping):
|
||||
return dict(value)
|
||||
return None
|
||||
|
||||
|
||||
def source_revision_from_metadata(metadata: Mapping[str, Any] | None) -> str | None:
|
||||
if not isinstance(metadata, Mapping):
|
||||
return None
|
||||
revision = normalize_source_revision(metadata.get(SOURCE_REVISION_METADATA_KEY))
|
||||
if revision:
|
||||
return revision
|
||||
provenance = source_provenance_from_metadata(metadata)
|
||||
return normalize_source_revision(provenance.get("revision") if provenance else None)
|
||||
@@ -33,6 +33,7 @@ from govoplan_files.backend.storage.files import (
|
||||
asset_is_audit_relevant,
|
||||
create_file_asset,
|
||||
current_version_and_blob,
|
||||
current_versions_and_blobs,
|
||||
get_asset_for_user,
|
||||
list_assets_for_user,
|
||||
read_asset_bytes,
|
||||
@@ -50,7 +51,7 @@ from govoplan_files.backend.storage.folders import (
|
||||
soft_delete_folder,
|
||||
)
|
||||
from govoplan_files.backend.storage.search import match_assets, resolve_patterns
|
||||
from govoplan_files.backend.storage.transfers import build_rename_preview, rename_selection, transfer_selection
|
||||
from govoplan_files.backend.storage.transfers import build_rename_preview, legacy_rename_selection_without_owner_context, rename_selection, transfer_selection
|
||||
|
||||
__all__ = [
|
||||
"FileConflictResolution",
|
||||
@@ -64,6 +65,7 @@ __all__ = [
|
||||
"create_folder",
|
||||
"create_zip_file",
|
||||
"current_version_and_blob",
|
||||
"current_versions_and_blobs",
|
||||
"ensure_group_access",
|
||||
"ensure_owner_access",
|
||||
"extract_zip_upload",
|
||||
@@ -74,6 +76,7 @@ __all__ = [
|
||||
"match_assets",
|
||||
"read_asset_bytes",
|
||||
"record_campaign_attachment_uses_for_job",
|
||||
"legacy_rename_selection_without_owner_context",
|
||||
"rename_asset",
|
||||
"rename_selection",
|
||||
"resolve_patterns",
|
||||
|
||||
@@ -69,17 +69,13 @@ def transfer_selection(
|
||||
if target_folder == folder_path or target_folder.startswith(f"{folder_path}/"):
|
||||
raise FileStorageError("Cannot move a folder into itself or one of its child folders")
|
||||
|
||||
assets_by_id: dict[str, FileAsset] = {}
|
||||
for file_id in file_ids:
|
||||
asset = get_asset_for_user(
|
||||
session,
|
||||
tenant_id=tenant_id,
|
||||
user_id=user_id,
|
||||
asset_id=file_id,
|
||||
require_write=operation == "move",
|
||||
is_admin=is_admin,
|
||||
)
|
||||
assets_by_id[asset.id] = asset
|
||||
assets_by_id = _selected_assets_for_owner(
|
||||
session,
|
||||
tenant_id=tenant_id,
|
||||
owner_type=source_owner_type,
|
||||
owner_id=source_owner_id,
|
||||
file_ids=file_ids,
|
||||
)
|
||||
|
||||
folder_asset_targets: dict[str, str] = {}
|
||||
folder_target_paths: dict[str, str] = {}
|
||||
@@ -297,6 +293,33 @@ def _collapse_folder_roots(folder_paths: list[str]) -> list[str]:
|
||||
return collapsed
|
||||
|
||||
|
||||
def _selected_assets_for_owner(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
owner_type: str,
|
||||
owner_id: str,
|
||||
file_ids: list[str],
|
||||
) -> dict[str, FileAsset]:
|
||||
selected_file_ids = list(dict.fromkeys(file_ids))
|
||||
if not selected_file_ids:
|
||||
return {}
|
||||
assets = {
|
||||
asset.id: asset
|
||||
for asset in _asset_query_for_owner(
|
||||
session,
|
||||
tenant_id=tenant_id,
|
||||
owner_type=owner_type,
|
||||
owner_id=owner_id,
|
||||
)
|
||||
.filter(FileAsset.id.in_(selected_file_ids), FileAsset.deleted_at.is_(None))
|
||||
.all()
|
||||
}
|
||||
if len(assets) != len(selected_file_ids):
|
||||
raise FileStorageError("File not found")
|
||||
return assets
|
||||
|
||||
|
||||
def _path_under_root(path: str, root: str) -> bool:
|
||||
normalized = normalize_logical_path(path)
|
||||
return normalized == root or normalized.startswith(f"{root}/")
|
||||
@@ -318,7 +341,7 @@ def _file_new_path_for_root(path: str, root: str, new_root: str, *, recursive: b
|
||||
return normalize_logical_path(f"{new_root}/{relative}")
|
||||
|
||||
|
||||
def rename_selection(
|
||||
def _rename_selection(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
@@ -336,6 +359,7 @@ def rename_selection(
|
||||
recursive: bool = False,
|
||||
dry_run: bool = True,
|
||||
is_admin: bool = False,
|
||||
allow_legacy_without_owner_context: bool = False,
|
||||
) -> list[RenamePlanItem]:
|
||||
mode = mode.lower().strip()
|
||||
if mode not in {"direct", "prefix", "suffix", "replace"}:
|
||||
@@ -349,13 +373,28 @@ def rename_selection(
|
||||
if mode == "direct" and (len(selected_file_ids) + len(selected_folder_roots)) != 1:
|
||||
raise FileStorageError("Direct rename requires exactly one selected item")
|
||||
|
||||
assets: dict[str, FileAsset] = {}
|
||||
for file_id in selected_file_ids:
|
||||
asset = get_asset_for_user(session, tenant_id=tenant_id, user_id=user_id, asset_id=file_id, require_write=True, is_admin=is_admin)
|
||||
assets[asset.id] = asset
|
||||
|
||||
owner_type_norm = owner_type.lower().strip() if owner_type else None
|
||||
owner_id_norm = owner_id
|
||||
assets: dict[str, FileAsset] = {}
|
||||
if selected_file_ids:
|
||||
if owner_type_norm and owner_id_norm:
|
||||
ensure_owner_access(session, tenant_id=tenant_id, owner_type=owner_type_norm, owner_id=owner_id_norm, user_id=user_id, is_admin=is_admin)
|
||||
assets.update(
|
||||
_selected_assets_for_owner(
|
||||
session,
|
||||
tenant_id=tenant_id,
|
||||
owner_type=owner_type_norm,
|
||||
owner_id=owner_id_norm,
|
||||
file_ids=selected_file_ids,
|
||||
)
|
||||
)
|
||||
elif allow_legacy_without_owner_context:
|
||||
for file_id in selected_file_ids:
|
||||
asset = get_asset_for_user(session, tenant_id=tenant_id, user_id=user_id, asset_id=file_id, require_write=True, is_admin=is_admin)
|
||||
assets[asset.id] = asset
|
||||
else:
|
||||
raise FileStorageError("Bulk rename requires an owner file space")
|
||||
|
||||
folder_rows_by_path: dict[str, FileFolder] = {}
|
||||
affected_folder_paths: set[str] = set()
|
||||
if selected_folder_roots and owner_type_norm and owner_id_norm:
|
||||
@@ -444,3 +483,80 @@ def rename_selection(
|
||||
rename_asset(assets[asset_id], new_path=new_path)
|
||||
session.add(assets[asset_id])
|
||||
return plan
|
||||
|
||||
|
||||
def rename_selection(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
user_id: str,
|
||||
file_ids: list[str],
|
||||
folder_paths: list[str],
|
||||
owner_type: str,
|
||||
owner_id: str,
|
||||
mode: str,
|
||||
new_name: str | None = None,
|
||||
find: str | None = None,
|
||||
replacement: str = "",
|
||||
prefix: str = "",
|
||||
suffix: str = "",
|
||||
recursive: bool = False,
|
||||
dry_run: bool = True,
|
||||
is_admin: bool = False,
|
||||
) -> list[RenamePlanItem]:
|
||||
return _rename_selection(
|
||||
session,
|
||||
tenant_id=tenant_id,
|
||||
user_id=user_id,
|
||||
file_ids=file_ids,
|
||||
folder_paths=folder_paths,
|
||||
owner_type=owner_type,
|
||||
owner_id=owner_id,
|
||||
mode=mode,
|
||||
new_name=new_name,
|
||||
find=find,
|
||||
replacement=replacement,
|
||||
prefix=prefix,
|
||||
suffix=suffix,
|
||||
recursive=recursive,
|
||||
dry_run=dry_run,
|
||||
is_admin=is_admin,
|
||||
)
|
||||
|
||||
|
||||
def legacy_rename_selection_without_owner_context(
|
||||
session: Session,
|
||||
*,
|
||||
tenant_id: str,
|
||||
user_id: str,
|
||||
file_ids: list[str],
|
||||
mode: str,
|
||||
new_name: str | None = None,
|
||||
find: str | None = None,
|
||||
replacement: str = "",
|
||||
prefix: str = "",
|
||||
suffix: str = "",
|
||||
dry_run: bool = True,
|
||||
is_admin: bool = False,
|
||||
) -> list[RenamePlanItem]:
|
||||
"""Compatibility path for historical file-only callers that lack owner scope."""
|
||||
|
||||
return _rename_selection(
|
||||
session,
|
||||
tenant_id=tenant_id,
|
||||
user_id=user_id,
|
||||
file_ids=file_ids,
|
||||
folder_paths=[],
|
||||
owner_type=None,
|
||||
owner_id=None,
|
||||
mode=mode,
|
||||
new_name=new_name,
|
||||
find=find,
|
||||
replacement=replacement,
|
||||
prefix=prefix,
|
||||
suffix=suffix,
|
||||
recursive=False,
|
||||
dry_run=dry_run,
|
||||
is_admin=is_admin,
|
||||
allow_legacy_without_owner_context=True,
|
||||
)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@govoplan/files-webui",
|
||||
"version": "0.1.1",
|
||||
"version": "0.1.6",
|
||||
"private": true,
|
||||
"type": "module",
|
||||
"main": "src/index.ts",
|
||||
@@ -20,8 +20,8 @@
|
||||
"react": "^19.0.0",
|
||||
"react-dom": "^19.0.0",
|
||||
"react-router-dom": "^7.1.1",
|
||||
"lucide-react": "^0.555.0",
|
||||
"@govoplan/core-webui": "^0.1.1"
|
||||
"lucide-react": "^1.23.0",
|
||||
"@govoplan/core-webui": "^0.1.6"
|
||||
},
|
||||
"peerDependenciesMeta": {
|
||||
"@govoplan/core-webui": {
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
import { apiFetch, apiUrl, authHeaders, csrfToken, type ApiSettings } from "@govoplan/core-webui";
|
||||
import { ApiError, apiFetch, apiUrl, authHeaders, csrfToken, type ApiSettings, type DeltaDeletedItem, type FilesManagedFileLinkTarget } from "@govoplan/core-webui";
|
||||
|
||||
export type FileSpace = {
|
||||
id: string;
|
||||
@@ -6,6 +6,14 @@ export type FileSpace = {
|
||||
owner_type: "user" | "group";
|
||||
owner_id: string;
|
||||
description?: string | null;
|
||||
space_type?: "managed" | "connector";
|
||||
connector_space_id?: string | null;
|
||||
connector_profile_id?: string | null;
|
||||
provider?: string | null;
|
||||
library_id?: string | null;
|
||||
remote_path?: string | null;
|
||||
sync_mode?: string | null;
|
||||
read_only?: boolean;
|
||||
};
|
||||
|
||||
export type FileShare = {
|
||||
@@ -17,6 +25,250 @@ export type FileShare = {
|
||||
revoked_at?: string | null;
|
||||
};
|
||||
|
||||
export type FileSourceProvenance = {
|
||||
source_type?: string | null;
|
||||
connector_id?: string | null;
|
||||
provider?: string | null;
|
||||
external_id?: string | null;
|
||||
external_path?: string | null;
|
||||
external_url?: string | null;
|
||||
revision?: string | null;
|
||||
revision_label?: string | null;
|
||||
observed_at?: string | null;
|
||||
imported_at?: string | null;
|
||||
metadata?: Record<string, unknown>;
|
||||
};
|
||||
|
||||
export type FileConnectorPolicySource = {
|
||||
scope_type: "system" | "tenant" | "user" | "group" | "campaign";
|
||||
scope_id?: string | null;
|
||||
label?: string | null;
|
||||
policy: Record<string, unknown>;
|
||||
};
|
||||
|
||||
export type FileConnectorPolicyDecision = {
|
||||
allowed: boolean;
|
||||
reason?: string | null;
|
||||
source_path: unknown[];
|
||||
requirements: string[];
|
||||
details: Record<string, unknown>;
|
||||
};
|
||||
|
||||
export type FileConnectorPolicyStep = {
|
||||
scope_type: "system" | "tenant" | "user" | "group" | "campaign";
|
||||
scope_id?: string | null;
|
||||
path: string;
|
||||
label: string;
|
||||
applied_fields: string[];
|
||||
policy: Record<string, unknown>;
|
||||
};
|
||||
|
||||
export type FileConnectorPolicyResponse = {
|
||||
scope_type: "system" | "tenant" | "user" | "group" | "campaign";
|
||||
scope_id?: string | null;
|
||||
policy: Record<string, unknown>;
|
||||
effective_policy?: Record<string, unknown> | null;
|
||||
parent_policy?: Record<string, unknown> | null;
|
||||
effective_policy_sources?: FileConnectorPolicyStep[];
|
||||
parent_policy_sources?: FileConnectorPolicyStep[];
|
||||
};
|
||||
|
||||
export type FileConnectorProfile = {
|
||||
id: string;
|
||||
label: string;
|
||||
provider: string;
|
||||
endpoint_url?: string | null;
|
||||
base_path?: string | null;
|
||||
enabled: boolean;
|
||||
scope_type: "system" | "tenant" | "user" | "group" | "campaign";
|
||||
scope_id?: string | null;
|
||||
source_path: string;
|
||||
credential_profile_id?: string | null;
|
||||
credential_profile_label?: string | null;
|
||||
credential_mode: string;
|
||||
credential_source?: string | null;
|
||||
credentials_configured: boolean;
|
||||
username?: string | null;
|
||||
capabilities: string[];
|
||||
policy_sources: FileConnectorPolicySource[];
|
||||
metadata: Record<string, unknown>;
|
||||
source_kind?: string;
|
||||
};
|
||||
|
||||
export type FileConnectorCredential = {
|
||||
id: string;
|
||||
label: string;
|
||||
provider?: string | null;
|
||||
enabled: boolean;
|
||||
scope_type: "system" | "tenant" | "user" | "group" | "campaign";
|
||||
scope_id?: string | null;
|
||||
source_path: string;
|
||||
credential_mode: string;
|
||||
credential_secret_source?: string | null;
|
||||
credentials_configured: boolean;
|
||||
username?: string | null;
|
||||
policy_sources: FileConnectorPolicySource[];
|
||||
metadata: Record<string, unknown>;
|
||||
source_kind?: string;
|
||||
};
|
||||
|
||||
export type FileConnectorCredentialsPayload = {
|
||||
username?: string | null;
|
||||
password?: string | null;
|
||||
token?: string | null;
|
||||
password_env?: string | null;
|
||||
token_env?: string | null;
|
||||
secret_ref?: string | null;
|
||||
};
|
||||
|
||||
export type FileConnectorDiscoveryCandidate = {
|
||||
endpoint_url: string;
|
||||
status: "failed" | "usable" | "found" | "credentials_rejected";
|
||||
message: string;
|
||||
};
|
||||
|
||||
export type FileConnectorDiscoveryPayload = {
|
||||
provider: FileConnectorProfilePayload["provider"];
|
||||
endpoint_url: string;
|
||||
base_path?: string | null;
|
||||
credential_mode?: FileConnectorProfilePayload["credential_mode"];
|
||||
credentials?: FileConnectorCredentialsPayload;
|
||||
metadata?: Record<string, unknown>;
|
||||
require_valid_credentials?: boolean;
|
||||
};
|
||||
|
||||
export type FileConnectorDiscoveryResponse = {
|
||||
provider: string;
|
||||
endpoint_url?: string | null;
|
||||
base_path?: string | null;
|
||||
status: "usable" | "found" | "credentials_rejected" | "not_found" | "unsupported";
|
||||
message: string;
|
||||
candidates: FileConnectorDiscoveryCandidate[];
|
||||
metadata: Record<string, unknown>;
|
||||
};
|
||||
|
||||
export type FileConnectorProfilePayload = {
|
||||
id: string;
|
||||
label: string;
|
||||
provider: "seafile" | "nextcloud" | "webdav" | "smb" | "nfs" | "dms" | "generic";
|
||||
endpoint_url?: string | null;
|
||||
base_path?: string | null;
|
||||
enabled?: boolean;
|
||||
scope_type?: "system" | "tenant" | "user" | "group" | "campaign";
|
||||
scope_id?: string | null;
|
||||
credential_profile_id?: string | null;
|
||||
credential_mode?: "none" | "anonymous" | "basic" | "token" | "secret_ref";
|
||||
credentials?: FileConnectorCredentialsPayload;
|
||||
capabilities?: string[];
|
||||
policy?: Record<string, unknown>;
|
||||
metadata?: Record<string, unknown>;
|
||||
};
|
||||
|
||||
export type FileConnectorProfileUpdatePayload = Partial<Omit<FileConnectorProfilePayload, "id" | "scope_type" | "scope_id">> & {
|
||||
clear_password?: boolean;
|
||||
clear_token?: boolean;
|
||||
};
|
||||
|
||||
export type FileConnectorCredentialPayload = {
|
||||
id: string;
|
||||
label: string;
|
||||
provider?: "seafile" | "nextcloud" | "webdav" | "smb" | "nfs" | "dms" | "generic" | null;
|
||||
enabled?: boolean;
|
||||
scope_type?: "system" | "tenant" | "user" | "group" | "campaign";
|
||||
scope_id?: string | null;
|
||||
credential_mode?: "none" | "anonymous" | "basic" | "token" | "secret_ref";
|
||||
credentials?: FileConnectorCredentialsPayload;
|
||||
policy?: Record<string, unknown>;
|
||||
metadata?: Record<string, unknown>;
|
||||
};
|
||||
|
||||
export type FileConnectorCredentialUpdatePayload = Partial<Omit<FileConnectorCredentialPayload, "id" | "scope_type" | "scope_id">> & {
|
||||
clear_password?: boolean;
|
||||
clear_token?: boolean;
|
||||
};
|
||||
|
||||
export type FileConnectorBrowseItem = {
|
||||
kind: "library" | "folder" | "file";
|
||||
name: string;
|
||||
path: string;
|
||||
external_id?: string | null;
|
||||
external_url?: string | null;
|
||||
size_bytes?: number | null;
|
||||
content_type?: string | null;
|
||||
modified_at?: string | null;
|
||||
etag?: string | null;
|
||||
metadata: Record<string, unknown>;
|
||||
};
|
||||
|
||||
export type FileConnectorBrowseResponse = {
|
||||
profile_id: string;
|
||||
provider: string;
|
||||
path: string;
|
||||
library_id?: string | null;
|
||||
read_only: boolean;
|
||||
decision: FileConnectorPolicyDecision;
|
||||
items: FileConnectorBrowseItem[];
|
||||
};
|
||||
|
||||
export type FileConnectorProvider = {
|
||||
provider: string;
|
||||
label: string;
|
||||
protocol: string;
|
||||
implemented: boolean;
|
||||
installed: boolean;
|
||||
browse_supported: boolean;
|
||||
import_supported: boolean;
|
||||
optional_dependency?: string | null;
|
||||
permission_model: string;
|
||||
sync_strategy: string;
|
||||
conflict_strategy: string;
|
||||
preview_strategy: string;
|
||||
audit_events: string[];
|
||||
notes?: string | null;
|
||||
};
|
||||
|
||||
export type FileConnectorSpace = {
|
||||
id: string;
|
||||
tenant_id: string;
|
||||
owner_type: "user" | "group";
|
||||
owner_id: string;
|
||||
label: string;
|
||||
connector_profile_id: string;
|
||||
provider: string;
|
||||
library_id?: string | null;
|
||||
remote_path: string;
|
||||
sync_mode: string;
|
||||
read_only: boolean;
|
||||
is_active: boolean;
|
||||
created_at: string;
|
||||
updated_at: string;
|
||||
deleted_at?: string | null;
|
||||
metadata: Record<string, unknown>;
|
||||
};
|
||||
|
||||
export type FileConnectorSettingsDeltaResponse = {
|
||||
profiles: FileConnectorProfile[];
|
||||
credentials: FileConnectorCredential[];
|
||||
spaces: FileConnectorSpace[];
|
||||
policy?: FileConnectorPolicyResponse | null;
|
||||
changed_sections?: string[];
|
||||
deleted: DeltaDeletedItem[];
|
||||
watermark?: string | null;
|
||||
has_more: boolean;
|
||||
full: boolean;
|
||||
};
|
||||
|
||||
export type FileConnectorSpacePayload = {
|
||||
owner_type?: "user" | "group";
|
||||
owner_id?: string | null;
|
||||
label: string;
|
||||
connector_profile_id: string;
|
||||
library_id?: string | null;
|
||||
remote_path?: string;
|
||||
sync_mode?: "manual";
|
||||
metadata?: Record<string, unknown>;
|
||||
};
|
||||
|
||||
export type ManagedFile = {
|
||||
id: string;
|
||||
tenant_id: string;
|
||||
@@ -34,12 +286,43 @@ export type ManagedFile = {
|
||||
deleted_at?: string | null;
|
||||
audit_relevant: boolean;
|
||||
metadata?: Record<string, unknown> | null;
|
||||
source_provenance?: FileSourceProvenance | null;
|
||||
source_revision?: string | null;
|
||||
shares?: FileShare[];
|
||||
};
|
||||
|
||||
export type FileListResponse = { files: ManagedFile[] };
|
||||
export type FileSpacesResponse = { spaces: FileSpace[] };
|
||||
export type FileUploadResponse = { files: ManagedFile[] };
|
||||
export type FileListResponse = {files: ManagedFile[];cursor?: string | null;next_cursor?: string | null;watermark?: string | null;};
|
||||
export type FileDeltaDeletedItem = {id: string;resource_type?: string | null;revision?: string | null;deleted_at?: string | null;};
|
||||
export type FileDeltaResponse = {
|
||||
files: ManagedFile[];
|
||||
folders: FileFolder[];
|
||||
deleted: FileDeltaDeletedItem[];
|
||||
watermark?: string | null;
|
||||
has_more: boolean;
|
||||
full: boolean;
|
||||
};
|
||||
export type ManagedFileSnapshotResponse = {files: ManagedFile[];folders: FileFolder[];watermark?: string | null;};
|
||||
export type FileSpacesResponse = {spaces: FileSpace[];};
|
||||
export type FileUploadResponse = {files: ManagedFile[];};
|
||||
export type FileUploadProgress = {loaded: number;total?: number;percentage: number | null;};
|
||||
export type FileConnectorFilePayload = {
|
||||
library_id: string;
|
||||
path: string;
|
||||
owner_type: "user" | "group";
|
||||
owner_id?: string | null;
|
||||
target_folder?: string | null;
|
||||
target_path?: string | null;
|
||||
campaign_id?: string | null;
|
||||
conflict_strategy?: ConflictStrategy;
|
||||
source_revision?: string | null;
|
||||
metadata?: Record<string, unknown>;
|
||||
};
|
||||
export type FileConnectorSyncResponse = {
|
||||
file: ManagedFile;
|
||||
action: "created" | "updated" | "unchanged";
|
||||
previous_version_id?: string | null;
|
||||
current_version_id: string;
|
||||
};
|
||||
export type FileFolder = {
|
||||
id: string;
|
||||
tenant_id: string;
|
||||
@@ -50,16 +333,18 @@ export type FileFolder = {
|
||||
updated_at: string;
|
||||
deleted_at?: string | null;
|
||||
};
|
||||
export type FileFoldersResponse = { folders: FileFolder[] };
|
||||
export type FolderDeleteResponse = { deleted_folders: number; deleted_files: number };
|
||||
export type BulkDeleteResponse = { deleted_count: number };
|
||||
export type RenameResponse = { dry_run: boolean; items: { kind: "file" | "folder"; id: string; file_id?: string | null; folder_path?: string | null; old_path: string; new_path: string }[] };
|
||||
export type TransferResponse = { operation: "move" | "copy"; files: number; folders: number };
|
||||
export type FileFoldersResponse = {folders: FileFolder[];cursor?: string | null;next_cursor?: string | null;watermark?: string | null;};
|
||||
|
||||
const DEFAULT_MANAGED_FILE_WINDOW_SIZE = 500;
|
||||
export type FolderDeleteResponse = {deleted_folders: number;deleted_files: number;};
|
||||
export type BulkDeleteResponse = {deleted_count: number;};
|
||||
export type RenameResponse = {dry_run: boolean;items: {kind: "file" | "folder";id: string;file_id?: string | null;folder_path?: string | null;old_path: string;new_path: string;}[];};
|
||||
export type TransferResponse = {operation: "move" | "copy";files: number;folders: number;};
|
||||
export type ConflictAction = "overwrite" | "rename" | "skip";
|
||||
export type ConflictStrategy = "reject" | "overwrite" | "rename";
|
||||
export type ConflictResolution = { target_path: string; action: ConflictAction; new_path?: string };
|
||||
export type ConflictResolution = {target_path: string;action: ConflictAction;new_path?: string;};
|
||||
export type PatternResolveResponse = {
|
||||
patterns: { pattern: string; matches: ManagedFile[] }[];
|
||||
patterns: {pattern: string;matches: ManagedFile[];}[];
|
||||
unmatched: ManagedFile[];
|
||||
};
|
||||
|
||||
@@ -69,41 +354,141 @@ export function listFileSpaces(settings: ApiSettings): Promise<FileSpacesRespons
|
||||
}
|
||||
|
||||
|
||||
export function listFolders(settings: ApiSettings, params: { owner_type: "user" | "group"; owner_id: string }): Promise<FileFoldersResponse> {
|
||||
export function listFolders(settings: ApiSettings, params: {owner_type: "user" | "group";owner_id: string;page_size?: number;cursor?: string | null;}): Promise<FileFoldersResponse> {
|
||||
const search = new URLSearchParams();
|
||||
search.set("owner_type", params.owner_type);
|
||||
search.set("owner_id", params.owner_id);
|
||||
if (params.page_size) search.set("page_size", String(params.page_size));
|
||||
if (params.cursor) search.set("cursor", params.cursor);
|
||||
return apiFetch<FileFoldersResponse>(settings, `/api/v1/files/folders?${search.toString()}`);
|
||||
}
|
||||
|
||||
export function createFolder(
|
||||
settings: ApiSettings,
|
||||
payload: { owner_type: "user" | "group"; owner_id: string; path: string }
|
||||
): Promise<FileFolder> {
|
||||
settings: ApiSettings,
|
||||
payload: {owner_type: "user" | "group";owner_id: string;path: string;})
|
||||
: Promise<FileFolder> {
|
||||
return apiFetch<FileFolder>(settings, "/api/v1/files/folders", { method: "POST", body: JSON.stringify(payload) });
|
||||
}
|
||||
|
||||
export function deleteFolder(
|
||||
settings: ApiSettings,
|
||||
payload: { owner_type: "user" | "group"; owner_id: string; path: string; recursive?: boolean }
|
||||
): Promise<FolderDeleteResponse> {
|
||||
settings: ApiSettings,
|
||||
payload: {owner_type: "user" | "group";owner_id: string;path: string;recursive?: boolean;})
|
||||
: Promise<FolderDeleteResponse> {
|
||||
return apiFetch<FolderDeleteResponse>(settings, "/api/v1/files/folders/delete", { method: "POST", body: JSON.stringify({ recursive: true, ...payload }) });
|
||||
}
|
||||
|
||||
export function listFiles(settings: ApiSettings, params: { owner_type?: string; owner_id?: string; campaign_id?: string; path_prefix?: string } = {}): Promise<FileListResponse> {
|
||||
export function listFiles(settings: ApiSettings, params: {owner_type?: string;owner_id?: string;campaign_id?: string;path_prefix?: string;page_size?: number;cursor?: string | null;} = {}): Promise<FileListResponse> {
|
||||
const search = new URLSearchParams();
|
||||
for (const [key, value] of Object.entries(params)) {
|
||||
if (value) search.set(key, value);
|
||||
if (value) search.set(key, String(value));
|
||||
}
|
||||
const suffix = search.toString() ? `?${search.toString()}` : "";
|
||||
return apiFetch<FileListResponse>(settings, `/api/v1/files${suffix}`);
|
||||
}
|
||||
|
||||
export function listFilesDelta(
|
||||
settings: ApiSettings,
|
||||
params: {owner_type?: string;owner_id?: string;campaign_id?: string;path_prefix?: string;since?: string;limit?: number;} = {})
|
||||
: Promise<FileDeltaResponse> {
|
||||
const search = new URLSearchParams();
|
||||
for (const [key, value] of Object.entries(params)) {
|
||||
if (value !== undefined && value !== null && value !== "") search.set(key, String(value));
|
||||
}
|
||||
const suffix = search.toString() ? `?${search.toString()}` : "";
|
||||
return apiFetch<FileDeltaResponse>(settings, `/api/v1/files/delta${suffix}`);
|
||||
}
|
||||
|
||||
function applyDeltaToSnapshot(
|
||||
files: ManagedFile[],
|
||||
folders: FileFolder[],
|
||||
response: FileDeltaResponse)
|
||||
: {files: ManagedFile[];folders: FileFolder[];} {
|
||||
if (response.full) return { files: response.files, folders: response.folders };
|
||||
const deletedFileIds = new Set(response.deleted.filter((item) => !item.resource_type || item.resource_type === "file").map((item) => item.id));
|
||||
const deletedFolderIds = new Set(response.deleted.filter((item) => item.resource_type === "folder").map((item) => item.id));
|
||||
const filesById = new Map(files.map((file) => [file.id, file]));
|
||||
const foldersById = new Map(folders.map((folder) => [folder.id, folder]));
|
||||
deletedFileIds.forEach((id) => filesById.delete(id));
|
||||
deletedFolderIds.forEach((id) => foldersById.delete(id));
|
||||
response.files.forEach((file) => filesById.set(file.id, file));
|
||||
response.folders.forEach((folder) => foldersById.set(folder.id, folder));
|
||||
return { files: Array.from(filesById.values()), folders: Array.from(foldersById.values()) };
|
||||
}
|
||||
|
||||
export async function listManagedFileSnapshot(
|
||||
settings: ApiSettings,
|
||||
params: {owner_type: "user" | "group";owner_id: string;path_prefix?: string;page_size?: number;})
|
||||
: Promise<ManagedFileSnapshotResponse> {
|
||||
const pageSize = params.page_size ?? DEFAULT_MANAGED_FILE_WINDOW_SIZE;
|
||||
let watermark: string | null | undefined = null;
|
||||
let folderCursor: string | null | undefined = null;
|
||||
let folders: FileFolder[] = [];
|
||||
do {
|
||||
const response = await listFolders(settings, {
|
||||
owner_type: params.owner_type,
|
||||
owner_id: params.owner_id,
|
||||
page_size: pageSize,
|
||||
cursor: folderCursor
|
||||
});
|
||||
watermark = watermark || response.watermark;
|
||||
folders = folders.concat(response.folders);
|
||||
folderCursor = response.next_cursor;
|
||||
} while (folderCursor);
|
||||
|
||||
let fileCursor: string | null | undefined = null;
|
||||
let files: ManagedFile[] = [];
|
||||
do {
|
||||
const response = await listFiles(settings, {
|
||||
owner_type: params.owner_type,
|
||||
owner_id: params.owner_id,
|
||||
path_prefix: params.path_prefix,
|
||||
page_size: pageSize,
|
||||
cursor: fileCursor
|
||||
});
|
||||
watermark = watermark || response.watermark;
|
||||
files = files.concat(response.files);
|
||||
fileCursor = response.next_cursor;
|
||||
} while (fileCursor);
|
||||
|
||||
if (watermark) {
|
||||
let since = watermark;
|
||||
let response: FileDeltaResponse | null = null;
|
||||
do {
|
||||
response = await listFilesDelta(settings, {
|
||||
owner_type: params.owner_type,
|
||||
owner_id: params.owner_id,
|
||||
path_prefix: params.path_prefix,
|
||||
since,
|
||||
limit: pageSize
|
||||
});
|
||||
const snapshot = applyDeltaToSnapshot(files, folders, response);
|
||||
files = snapshot.files;
|
||||
folders = snapshot.folders;
|
||||
since = response.watermark || "";
|
||||
} while (response.has_more && response.watermark);
|
||||
watermark = since || watermark;
|
||||
}
|
||||
|
||||
return { files, folders, watermark };
|
||||
}
|
||||
|
||||
export async function uploadFiles(
|
||||
settings: ApiSettings,
|
||||
files: File[],
|
||||
options: { owner_type: "user" | "group"; owner_id: string; path?: string; campaign_id?: string; unpack_zip?: boolean; conflict_strategy?: ConflictStrategy; conflict_resolutions?: ConflictResolution[] }
|
||||
): Promise<FileUploadResponse> {
|
||||
settings: ApiSettings,
|
||||
files: File[],
|
||||
options: {
|
||||
owner_type: "user" | "group";
|
||||
owner_id: string;
|
||||
path?: string;
|
||||
campaign_id?: string;
|
||||
unpack_zip?: boolean;
|
||||
conflict_strategy?: ConflictStrategy;
|
||||
conflict_resolutions?: ConflictResolution[];
|
||||
source_provenance?: FileSourceProvenance;
|
||||
source_revision?: string;
|
||||
connector_policy_sources?: FileConnectorPolicySource[];
|
||||
onProgress?: (progress: FileUploadProgress) => void;
|
||||
})
|
||||
: Promise<FileUploadResponse> {
|
||||
const form = new FormData();
|
||||
files.forEach((file) => form.append("files", file));
|
||||
form.append("owner_type", options.owner_type);
|
||||
@@ -113,9 +498,57 @@ export async function uploadFiles(
|
||||
if (options.unpack_zip) form.append("unpack_zip", "true");
|
||||
if (options.conflict_strategy) form.append("conflict_strategy", options.conflict_strategy);
|
||||
if (options.conflict_resolutions?.length) form.append("conflict_resolutions_json", JSON.stringify(options.conflict_resolutions));
|
||||
if (options.source_provenance) form.append("source_provenance_json", JSON.stringify(options.source_provenance));
|
||||
if (options.source_revision) form.append("source_revision", options.source_revision);
|
||||
if (options.connector_policy_sources?.length) form.append("connector_policy_json", JSON.stringify({ sources: options.connector_policy_sources }));
|
||||
if (options.onProgress) return uploadFilesWithProgress(settings, form, options.onProgress);
|
||||
return apiFetch<FileUploadResponse>(settings, "/api/v1/files/upload", { method: "POST", body: form });
|
||||
}
|
||||
|
||||
function uploadFilesWithProgress(
|
||||
settings: ApiSettings,
|
||||
form: FormData,
|
||||
onProgress: (progress: FileUploadProgress) => void)
|
||||
: Promise<FileUploadResponse> {
|
||||
return new Promise((resolve, reject) => {
|
||||
const xhr = new XMLHttpRequest();
|
||||
xhr.open("POST", apiUrl(settings, "/api/v1/files/upload"));
|
||||
xhr.withCredentials = true;
|
||||
for (const [key, value] of authHeaders(settings)) xhr.setRequestHeader(key, value);
|
||||
const csrf = csrfToken();
|
||||
if (csrf) xhr.setRequestHeader("X-CSRF-Token", csrf);
|
||||
|
||||
xhr.upload.onprogress = (event) => {
|
||||
const total = event.lengthComputable ? event.total : undefined;
|
||||
onProgress({
|
||||
loaded: event.loaded,
|
||||
total,
|
||||
percentage: total && total > 0 ? Math.round(event.loaded / total * 100) : null
|
||||
});
|
||||
};
|
||||
|
||||
xhr.onerror = () => reject(new Error("i18n:govoplan-files.upload_failed_because_the_network_request_could_.360a5ab3"));
|
||||
xhr.onabort = () => reject(new Error("i18n:govoplan-files.upload_was_cancelled.5bab0f9b"));
|
||||
xhr.onload = () => {
|
||||
const responseText = xhr.responseText || "";
|
||||
if (xhr.status < 200 || xhr.status >= 300) {
|
||||
reject(new ApiError(xhr.status, xhr.statusText, responseText));
|
||||
return;
|
||||
}
|
||||
onProgress({ loaded: 1, total: 1, percentage: 100 });
|
||||
if (xhr.status === 204 || !responseText) {
|
||||
resolve({ files: [] });
|
||||
return;
|
||||
}
|
||||
const contentType = xhr.getResponseHeader("content-type") || "";
|
||||
resolve(contentType.includes("application/json") ? JSON.parse(responseText) as FileUploadResponse : { files: [] });
|
||||
};
|
||||
|
||||
onProgress({ loaded: 0, total: undefined, percentage: 0 });
|
||||
xhr.send(form);
|
||||
});
|
||||
}
|
||||
|
||||
export function deleteFile(settings: ApiSettings, fileId: string): Promise<BulkDeleteResponse> {
|
||||
return apiFetch<BulkDeleteResponse>(settings, `/api/v1/files/${fileId}`, { method: "DELETE" });
|
||||
}
|
||||
@@ -124,17 +557,255 @@ export function bulkDeleteFiles(settings: ApiSettings, fileIds: string[]): Promi
|
||||
return apiFetch<BulkDeleteResponse>(settings, "/api/v1/files/bulk-delete", { method: "POST", body: JSON.stringify({ file_ids: fileIds }) });
|
||||
}
|
||||
|
||||
export function shareFileWithCampaign(settings: ApiSettings, fileId: string, campaignId: string): Promise<FileShare> {
|
||||
return apiFetch<FileShare>(settings, `/api/v1/files/${fileId}/shares`, {
|
||||
export type FileBulkShareResponse = {shares: FileShare[];shared_count: number;};
|
||||
|
||||
export function shareFilesWithTarget(settings: ApiSettings, fileIds: string[], target: FilesManagedFileLinkTarget): Promise<FileBulkShareResponse> {
|
||||
return apiFetch<FileBulkShareResponse>(settings, "/api/v1/files/bulk-shares", {
|
||||
method: "POST",
|
||||
body: JSON.stringify({ target_type: "campaign", target_id: campaignId, permission: "read" })
|
||||
body: JSON.stringify({ file_ids: fileIds, target_type: target.type, target_id: target.id, permission: target.permission ?? "read" })
|
||||
});
|
||||
}
|
||||
|
||||
export function evaluateFileConnectorPolicy(
|
||||
settings: ApiSettings,
|
||||
payload: {source_provenance: FileSourceProvenance;operation?: string;policy_sources?: FileConnectorPolicySource[];})
|
||||
: Promise<{decision: FileConnectorPolicyDecision;}> {
|
||||
return apiFetch<{decision: FileConnectorPolicyDecision;}>(settings, "/api/v1/files/connector-policy/evaluate", {
|
||||
method: "POST",
|
||||
body: JSON.stringify({ operation: "access", policy_sources: [], ...payload })
|
||||
});
|
||||
}
|
||||
|
||||
export function getFileConnectorPolicy(
|
||||
settings: ApiSettings,
|
||||
scopeType: "system" | "tenant" | "user" | "group" | "campaign",
|
||||
scopeId?: string | null)
|
||||
: Promise<FileConnectorPolicyResponse> {
|
||||
const search = new URLSearchParams();
|
||||
if (scopeId) search.set("scope_id", scopeId);
|
||||
const suffix = search.toString() ? `?${search.toString()}` : "";
|
||||
return apiFetch<FileConnectorPolicyResponse>(settings, `/api/v1/files/connectors/policies/${encodeURIComponent(scopeType)}${suffix}`);
|
||||
}
|
||||
|
||||
export function fetchFileConnectorSettingsDelta(
|
||||
settings: ApiSettings,
|
||||
params: {
|
||||
scope_type?: "system" | "tenant" | "user" | "group" | "campaign";
|
||||
scope_id?: string | null;
|
||||
provider?: string;
|
||||
campaign_id?: string | null;
|
||||
include_disabled?: boolean;
|
||||
include_inactive?: boolean;
|
||||
owner_type?: "user" | "group";
|
||||
owner_id?: string;
|
||||
since?: string | null;
|
||||
limit?: number;
|
||||
} = {})
|
||||
: Promise<FileConnectorSettingsDeltaResponse> {
|
||||
const search = new URLSearchParams();
|
||||
if (params.scope_type) search.set("scope_type", params.scope_type);
|
||||
if (params.scope_id) search.set("scope_id", params.scope_id);
|
||||
if (params.provider) search.set("provider", params.provider);
|
||||
if (params.campaign_id) search.set("campaign_id", params.campaign_id);
|
||||
if (params.include_disabled) search.set("include_disabled", "true");
|
||||
if (params.include_inactive) search.set("include_inactive", "true");
|
||||
if (params.owner_type) search.set("owner_type", params.owner_type);
|
||||
if (params.owner_id) search.set("owner_id", params.owner_id);
|
||||
if (params.since) search.set("since", params.since);
|
||||
if (params.limit) search.set("limit", String(params.limit));
|
||||
const suffix = search.toString() ? `?${search.toString()}` : "";
|
||||
return apiFetch<FileConnectorSettingsDeltaResponse>(settings, `/api/v1/files/connectors/settings/delta${suffix}`);
|
||||
}
|
||||
|
||||
export function updateFileConnectorPolicy(
|
||||
settings: ApiSettings,
|
||||
scopeType: "system" | "tenant" | "user" | "group" | "campaign",
|
||||
policy: Record<string, unknown>,
|
||||
scopeId?: string | null)
|
||||
: Promise<FileConnectorPolicyResponse> {
|
||||
const search = new URLSearchParams();
|
||||
if (scopeId) search.set("scope_id", scopeId);
|
||||
const suffix = search.toString() ? `?${search.toString()}` : "";
|
||||
return apiFetch<FileConnectorPolicyResponse>(settings, `/api/v1/files/connectors/policies/${encodeURIComponent(scopeType)}${suffix}`, {
|
||||
method: "PUT",
|
||||
body: JSON.stringify({ policy })
|
||||
});
|
||||
}
|
||||
|
||||
export function listFileConnectorProfiles(
|
||||
settings: ApiSettings,
|
||||
params: {provider?: string;campaign_id?: string;include_disabled?: boolean;} = {})
|
||||
: Promise<{profiles: FileConnectorProfile[];}> {
|
||||
const search = new URLSearchParams();
|
||||
if (params.provider) search.set("provider", params.provider);
|
||||
if (params.campaign_id) search.set("campaign_id", params.campaign_id);
|
||||
if (params.include_disabled) search.set("include_disabled", "true");
|
||||
const suffix = search.toString() ? `?${search.toString()}` : "";
|
||||
return apiFetch<{profiles: FileConnectorProfile[];}>(settings, `/api/v1/files/connectors/profiles${suffix}`);
|
||||
}
|
||||
|
||||
export function listFileConnectorProviders(settings: ApiSettings): Promise<{providers: FileConnectorProvider[];}> {
|
||||
return apiFetch<{providers: FileConnectorProvider[];}>(settings, "/api/v1/files/connectors/providers");
|
||||
}
|
||||
|
||||
export function discoverFileConnectorEndpoint(settings: ApiSettings, payload: FileConnectorDiscoveryPayload): Promise<FileConnectorDiscoveryResponse> {
|
||||
return apiFetch<FileConnectorDiscoveryResponse>(settings, "/api/v1/files/connectors/discover", {
|
||||
method: "POST",
|
||||
body: JSON.stringify(payload)
|
||||
});
|
||||
}
|
||||
|
||||
export function listFileConnectorCredentials(
|
||||
settings: ApiSettings,
|
||||
params: {provider?: string;include_disabled?: boolean;} = {})
|
||||
: Promise<{credentials: FileConnectorCredential[];}> {
|
||||
const search = new URLSearchParams();
|
||||
if (params.provider) search.set("provider", params.provider);
|
||||
if (params.include_disabled) search.set("include_disabled", "true");
|
||||
const suffix = search.toString() ? `?${search.toString()}` : "";
|
||||
return apiFetch<{credentials: FileConnectorCredential[];}>(settings, `/api/v1/files/connectors/credentials${suffix}`);
|
||||
}
|
||||
|
||||
export function createFileConnectorCredential(settings: ApiSettings, payload: FileConnectorCredentialPayload): Promise<FileConnectorCredential> {
|
||||
return apiFetch<FileConnectorCredential>(settings, "/api/v1/files/connectors/credentials", {
|
||||
method: "POST",
|
||||
body: JSON.stringify(payload)
|
||||
});
|
||||
}
|
||||
|
||||
export function updateFileConnectorCredential(
|
||||
settings: ApiSettings,
|
||||
credentialId: string,
|
||||
payload: FileConnectorCredentialUpdatePayload)
|
||||
: Promise<FileConnectorCredential> {
|
||||
return apiFetch<FileConnectorCredential>(settings, `/api/v1/files/connectors/credentials/${encodeURIComponent(credentialId)}`, {
|
||||
method: "PATCH",
|
||||
body: JSON.stringify(payload)
|
||||
});
|
||||
}
|
||||
|
||||
export function deactivateFileConnectorCredential(settings: ApiSettings, credentialId: string): Promise<FileConnectorCredential> {
|
||||
return apiFetch<FileConnectorCredential>(settings, `/api/v1/files/connectors/credentials/${encodeURIComponent(credentialId)}`, { method: "DELETE" });
|
||||
}
|
||||
|
||||
export function listFileConnectorSpaces(
|
||||
settings: ApiSettings,
|
||||
params: {owner_type?: "user" | "group";owner_id?: string;include_inactive?: boolean;} = {})
|
||||
: Promise<{spaces: FileConnectorSpace[];}> {
|
||||
const search = new URLSearchParams();
|
||||
if (params.owner_type) search.set("owner_type", params.owner_type);
|
||||
if (params.owner_id) search.set("owner_id", params.owner_id);
|
||||
if (params.include_inactive) search.set("include_inactive", "true");
|
||||
const suffix = search.toString() ? `?${search.toString()}` : "";
|
||||
return apiFetch<{spaces: FileConnectorSpace[];}>(settings, `/api/v1/files/connector-spaces${suffix}`);
|
||||
}
|
||||
|
||||
export function createFileConnectorSpace(settings: ApiSettings, payload: FileConnectorSpacePayload): Promise<FileConnectorSpace> {
|
||||
return apiFetch<FileConnectorSpace>(settings, "/api/v1/files/connector-spaces", {
|
||||
method: "POST",
|
||||
body: JSON.stringify({ owner_type: "user", remote_path: "", sync_mode: "manual", metadata: {}, ...payload })
|
||||
});
|
||||
}
|
||||
|
||||
export function updateFileConnectorSpace(
|
||||
settings: ApiSettings,
|
||||
spaceId: string,
|
||||
payload: Partial<Omit<FileConnectorSpacePayload, "connector_profile_id" | "owner_type" | "owner_id">> & {is_active?: boolean;})
|
||||
: Promise<FileConnectorSpace> {
|
||||
return apiFetch<FileConnectorSpace>(settings, `/api/v1/files/connector-spaces/${encodeURIComponent(spaceId)}`, {
|
||||
method: "PATCH",
|
||||
body: JSON.stringify(payload)
|
||||
});
|
||||
}
|
||||
|
||||
export function deleteFileConnectorSpace(settings: ApiSettings, spaceId: string): Promise<FileConnectorSpace> {
|
||||
return apiFetch<FileConnectorSpace>(settings, `/api/v1/files/connector-spaces/${encodeURIComponent(spaceId)}`, { method: "DELETE" });
|
||||
}
|
||||
|
||||
export function getFileConnectorProfile(
|
||||
settings: ApiSettings,
|
||||
profileId: string,
|
||||
params: {campaign_id?: string;include_disabled?: boolean;} = {})
|
||||
: Promise<FileConnectorProfile> {
|
||||
const search = new URLSearchParams();
|
||||
if (params.campaign_id) search.set("campaign_id", params.campaign_id);
|
||||
if (params.include_disabled) search.set("include_disabled", "true");
|
||||
const suffix = search.toString() ? `?${search.toString()}` : "";
|
||||
return apiFetch<FileConnectorProfile>(settings, `/api/v1/files/connectors/profiles/${encodeURIComponent(profileId)}${suffix}`);
|
||||
}
|
||||
|
||||
export function createFileConnectorProfile(settings: ApiSettings, payload: FileConnectorProfilePayload): Promise<FileConnectorProfile> {
|
||||
return apiFetch<FileConnectorProfile>(settings, "/api/v1/files/connectors/profiles", {
|
||||
method: "POST",
|
||||
body: JSON.stringify(payload)
|
||||
});
|
||||
}
|
||||
|
||||
export function updateFileConnectorProfile(
|
||||
settings: ApiSettings,
|
||||
profileId: string,
|
||||
payload: FileConnectorProfileUpdatePayload)
|
||||
: Promise<FileConnectorProfile> {
|
||||
return apiFetch<FileConnectorProfile>(settings, `/api/v1/files/connectors/profiles/${encodeURIComponent(profileId)}`, {
|
||||
method: "PATCH",
|
||||
body: JSON.stringify(payload)
|
||||
});
|
||||
}
|
||||
|
||||
export function deactivateFileConnectorProfile(settings: ApiSettings, profileId: string): Promise<FileConnectorProfile> {
|
||||
return apiFetch<FileConnectorProfile>(settings, `/api/v1/files/connectors/profiles/${encodeURIComponent(profileId)}`, { method: "DELETE" });
|
||||
}
|
||||
|
||||
export function browseFileConnectorProfile(
|
||||
settings: ApiSettings,
|
||||
profileId: string,
|
||||
params: {path?: string;library_id?: string;campaign_id?: string;} = {})
|
||||
: Promise<FileConnectorBrowseResponse> {
|
||||
const search = new URLSearchParams();
|
||||
if (params.path) search.set("path", params.path);
|
||||
if (params.library_id) search.set("library_id", params.library_id);
|
||||
if (params.campaign_id) search.set("campaign_id", params.campaign_id);
|
||||
const suffix = search.toString() ? `?${search.toString()}` : "";
|
||||
return apiFetch<FileConnectorBrowseResponse>(settings, `/api/v1/files/connectors/profiles/${encodeURIComponent(profileId)}/browse${suffix}`);
|
||||
}
|
||||
|
||||
export function importFileConnectorFile(
|
||||
settings: ApiSettings,
|
||||
profileId: string,
|
||||
payload: FileConnectorFilePayload)
|
||||
: Promise<FileUploadResponse> {
|
||||
return apiFetch<FileUploadResponse>(settings, `/api/v1/files/connectors/profiles/${encodeURIComponent(profileId)}/import`, {
|
||||
method: "POST",
|
||||
body: JSON.stringify({ conflict_strategy: "reject", metadata: {}, ...payload })
|
||||
});
|
||||
}
|
||||
|
||||
export function syncFileConnectorFile(
|
||||
settings: ApiSettings,
|
||||
profileId: string,
|
||||
payload: FileConnectorFilePayload)
|
||||
: Promise<FileConnectorSyncResponse> {
|
||||
return apiFetch<FileConnectorSyncResponse>(settings, `/api/v1/files/connectors/profiles/${encodeURIComponent(profileId)}/sync`, {
|
||||
method: "POST",
|
||||
body: JSON.stringify({ conflict_strategy: "rename", metadata: {}, ...payload })
|
||||
});
|
||||
}
|
||||
|
||||
export function shareFilesWithCampaign(settings: ApiSettings, fileIds: string[], campaignId: string): Promise<FileBulkShareResponse> {
|
||||
return shareFilesWithTarget(settings, fileIds, { type: "campaign", id: campaignId, label: "campaign" });
|
||||
}
|
||||
|
||||
export async function shareFileWithCampaign(settings: ApiSettings, fileId: string, campaignId: string): Promise<FileShare> {
|
||||
const response = await shareFilesWithCampaign(settings, [fileId], campaignId);
|
||||
const share = response.shares[0];
|
||||
if (!share) throw new Error("i18n:govoplan-files.file_share_was_not_created.033ac476");
|
||||
return share;
|
||||
}
|
||||
|
||||
export function bulkRenameFiles(
|
||||
settings: ApiSettings,
|
||||
payload: { file_ids: string[]; folder_paths?: string[]; owner_type?: "user" | "group"; owner_id?: string; mode: "direct" | "prefix" | "suffix" | "replace"; new_name?: string; find?: string; replacement?: string; prefix?: string; suffix?: string; recursive?: boolean; dry_run?: boolean }
|
||||
): Promise<RenameResponse> {
|
||||
settings: ApiSettings,
|
||||
payload: {file_ids: string[];folder_paths?: string[];owner_type: "user" | "group";owner_id: string;mode: "direct" | "prefix" | "suffix" | "replace";new_name?: string;find?: string;replacement?: string;prefix?: string;suffix?: string;recursive?: boolean;dry_run?: boolean;})
|
||||
: Promise<RenameResponse> {
|
||||
return apiFetch<RenameResponse>(settings, "/api/v1/files/bulk-rename", {
|
||||
method: "POST",
|
||||
body: JSON.stringify({ replacement: "", prefix: "", suffix: "", dry_run: true, ...payload })
|
||||
@@ -142,27 +813,27 @@ export function bulkRenameFiles(
|
||||
}
|
||||
|
||||
export function resolveFilePatterns(
|
||||
settings: ApiSettings,
|
||||
payload: { patterns: string[]; owner_type?: "user" | "group"; owner_id?: string; campaign_id?: string; path_prefix?: string; include_unmatched?: boolean; case_sensitive?: boolean }
|
||||
): Promise<PatternResolveResponse> {
|
||||
settings: ApiSettings,
|
||||
payload: {patterns: string[];owner_type?: "user" | "group";owner_id?: string;campaign_id?: string;path_prefix?: string;include_unmatched?: boolean;case_sensitive?: boolean;})
|
||||
: Promise<PatternResolveResponse> {
|
||||
return apiFetch<PatternResolveResponse>(settings, "/api/v1/files/resolve-patterns", { method: "POST", body: JSON.stringify(payload) });
|
||||
}
|
||||
|
||||
export function transferFiles(
|
||||
settings: ApiSettings,
|
||||
payload: {
|
||||
operation: "move" | "copy";
|
||||
file_ids: string[];
|
||||
folder_paths: string[];
|
||||
source_owner_type: "user" | "group";
|
||||
source_owner_id: string;
|
||||
target_owner_type: "user" | "group";
|
||||
target_owner_id: string;
|
||||
target_folder: string;
|
||||
conflict_strategy?: ConflictStrategy;
|
||||
conflict_resolutions?: ConflictResolution[];
|
||||
}
|
||||
): Promise<TransferResponse> {
|
||||
settings: ApiSettings,
|
||||
payload: {
|
||||
operation: "move" | "copy";
|
||||
file_ids: string[];
|
||||
folder_paths: string[];
|
||||
source_owner_type: "user" | "group";
|
||||
source_owner_id: string;
|
||||
target_owner_type: "user" | "group";
|
||||
target_owner_id: string;
|
||||
target_folder: string;
|
||||
conflict_strategy?: ConflictStrategy;
|
||||
conflict_resolutions?: ConflictResolution[];
|
||||
})
|
||||
: Promise<TransferResponse> {
|
||||
return apiFetch<TransferResponse>(settings, "/api/v1/files/transfer", { method: "POST", body: JSON.stringify(payload) });
|
||||
}
|
||||
|
||||
|
||||
1717
webui/src/features/files/FileConnectorSettingsPanel.tsx
Normal file
1717
webui/src/features/files/FileConnectorSettingsPanel.tsx
Normal file
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,6 +1,6 @@
|
||||
import type { CSSProperties, DragEvent as ReactDragEvent, MouseEvent as ReactMouseEvent, ReactNode } from "react";
|
||||
import { Copy, Download, FolderOpen, Home, MoveRight, Plus, Trash2, UploadCloud } from "lucide-react";
|
||||
import { Button, Dialog, ExplorerTree, type ExplorerTreeNodeContext } from "@govoplan/core-webui";
|
||||
import { Button, Dialog, ExplorerTree, type ExplorerTreeNodeContext, i18nMessage } from "@govoplan/core-webui";
|
||||
import type { ConflictAction, FileSpace, RenameResponse } from "../../../api/files";
|
||||
import type { ConflictDialogState, FileActionTarget, FileConflictItem, FolderNode, ContextMenuState } from "../types";
|
||||
import { isPathUnderOrSame, normalizeFolder, treeNodeKey } from "../utils/fileManagerUtils";
|
||||
@@ -11,28 +11,28 @@ export function TransferFolderSelector({
|
||||
selectedFolder,
|
||||
onSelect,
|
||||
disabled
|
||||
}: {
|
||||
space: FileSpace | null;
|
||||
nodes: FolderNode[];
|
||||
selectedFolder: string;
|
||||
onSelect: (folderPath: string) => void;
|
||||
disabled?: boolean;
|
||||
}) {
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}: {space: FileSpace | null;nodes: FolderNode[];selectedFolder: string;onSelect: (folderPath: string) => void;disabled?: boolean;}) {
|
||||
return (
|
||||
<div className="file-folder-selector" role="tree" aria-label="Destination folder">
|
||||
<div className="file-folder-selector" role="tree" aria-label="i18n:govoplan-files.destination_folder.f8ccb63b">
|
||||
<button
|
||||
type="button"
|
||||
className={`file-folder-selector-node ${selectedFolder === "" ? "is-selected" : ""}`}
|
||||
onClick={() => onSelect("")}
|
||||
disabled={disabled || !space}
|
||||
>
|
||||
disabled={disabled || !space}>
|
||||
|
||||
<Home size={15} aria-hidden="true" />
|
||||
<span>{space?.label || "Root"}</span>
|
||||
<span>{space?.label || "i18n:govoplan-files.root.e96857c5"}</span>
|
||||
</button>
|
||||
{nodes.length === 0 && <span className="muted small-text file-folder-selector-empty">No folders yet. Choose the root folder.</span>}
|
||||
{nodes.length === 0 && <span className="muted small-text file-folder-selector-empty">i18n:govoplan-files.no_folders_yet_choose_the_root_folder.6430304d</span>}
|
||||
<TransferFolderSelectorNodes nodes={nodes} selectedFolder={selectedFolder} onSelect={onSelect} disabled={disabled} />
|
||||
</div>
|
||||
);
|
||||
</div>);
|
||||
|
||||
}
|
||||
|
||||
export function TransferFolderSelectorNodes({
|
||||
@@ -41,33 +41,33 @@ export function TransferFolderSelectorNodes({
|
||||
onSelect,
|
||||
disabled,
|
||||
depth = 1
|
||||
}: {
|
||||
nodes: FolderNode[];
|
||||
selectedFolder: string;
|
||||
onSelect: (folderPath: string) => void;
|
||||
disabled?: boolean;
|
||||
depth?: number;
|
||||
}) {
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}: {nodes: FolderNode[];selectedFolder: string;onSelect: (folderPath: string) => void;disabled?: boolean;depth?: number;}) {
|
||||
if (nodes.length === 0) return null;
|
||||
return (
|
||||
<div className="file-folder-selector-children">
|
||||
{nodes.map((node) => (
|
||||
<div key={node.path}>
|
||||
{nodes.map((node) =>
|
||||
<div key={node.path}>
|
||||
<button
|
||||
type="button"
|
||||
className={`file-folder-selector-node ${selectedFolder === node.path ? "is-selected" : ""}`}
|
||||
style={{ paddingLeft: `${Math.min(depth * 16 + 10, 74)}px` }}
|
||||
onClick={() => onSelect(node.path)}
|
||||
disabled={disabled}
|
||||
>
|
||||
type="button"
|
||||
className={`file-folder-selector-node ${selectedFolder === node.path ? "is-selected" : ""}`}
|
||||
style={{ paddingLeft: `${Math.min(depth * 16 + 10, 74)}px` }}
|
||||
onClick={() => onSelect(node.path)}
|
||||
disabled={disabled}>
|
||||
|
||||
<FolderOpen size={15} aria-hidden="true" />
|
||||
<span>{node.name}</span>
|
||||
</button>
|
||||
<TransferFolderSelectorNodes nodes={node.children} selectedFolder={selectedFolder} onSelect={onSelect} disabled={disabled} depth={depth + 1} />
|
||||
</div>
|
||||
))}
|
||||
</div>
|
||||
);
|
||||
)}
|
||||
</div>);
|
||||
|
||||
}
|
||||
|
||||
export function FolderTree({
|
||||
@@ -90,27 +90,27 @@ export function FolderTree({
|
||||
contextMenuEnabled = true,
|
||||
disabled,
|
||||
depth = 1
|
||||
}: {
|
||||
nodes: FolderNode[];
|
||||
activeSpaceId: string;
|
||||
spaceId: string;
|
||||
currentFolder: string;
|
||||
dropTargetKey?: string;
|
||||
expandedKeys: Set<string>;
|
||||
onOpen: (spaceId: string, path: string) => void;
|
||||
onToggle: (spaceId: string, path: string) => void;
|
||||
onContextMenu?: (event: ReactMouseEvent<HTMLElement>, spaceId: string, path: string) => void;
|
||||
onDragOverTarget?: (event: ReactDragEvent<HTMLElement>, target: FileActionTarget) => void;
|
||||
onDropOnTarget?: (event: ReactDragEvent<HTMLElement>, target: FileActionTarget) => Promise<void>;
|
||||
onClearDropState?: () => void;
|
||||
onRequestDragExpand?: (spaceId: string, path: string) => void;
|
||||
onDragStartFolder?: (spaceId: string, path: string, event: ReactDragEvent<HTMLElement>) => void;
|
||||
onDragEndFolder?: () => void;
|
||||
dragDropEnabled?: boolean;
|
||||
contextMenuEnabled?: boolean;
|
||||
disabled?: boolean;
|
||||
depth?: number;
|
||||
}) {
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}: {nodes: FolderNode[];activeSpaceId: string;spaceId: string;currentFolder: string;dropTargetKey?: string;expandedKeys: Set<string>;onOpen: (spaceId: string, path: string) => void;onToggle: (spaceId: string, path: string) => void;onContextMenu?: (event: ReactMouseEvent<HTMLElement>, spaceId: string, path: string) => void;onDragOverTarget?: (event: ReactDragEvent<HTMLElement>, target: FileActionTarget) => void;onDropOnTarget?: (event: ReactDragEvent<HTMLElement>, target: FileActionTarget) => Promise<void>;onClearDropState?: () => void;onRequestDragExpand?: (spaceId: string, path: string) => void;onDragStartFolder?: (spaceId: string, path: string, event: ReactDragEvent<HTMLElement>) => void;onDragEndFolder?: () => void;dragDropEnabled?: boolean;contextMenuEnabled?: boolean;disabled?: boolean;depth?: number;}) {
|
||||
return (
|
||||
<ExplorerTree
|
||||
nodes={nodes}
|
||||
@@ -138,9 +138,9 @@ export function FolderTree({
|
||||
if (context.hasChildren && !context.expanded) onRequestDragExpand?.(spaceId, node.path);
|
||||
} : undefined}
|
||||
onDragLeave={dragDropEnabled && onClearDropState ? () => onClearDropState() : undefined}
|
||||
onDrop={dragDropEnabled && onDropOnTarget ? (event, node) => void onDropOnTarget(event, { spaceId, folderPath: node.path }) : undefined}
|
||||
/>
|
||||
);
|
||||
onDrop={dragDropEnabled && onDropOnTarget ? (event, node) => void onDropOnTarget(event, { spaceId, folderPath: node.path }) : undefined} />);
|
||||
|
||||
|
||||
}
|
||||
|
||||
export function RenamePreviewList({
|
||||
@@ -151,23 +151,23 @@ export function RenamePreviewList({
|
||||
visibleCount,
|
||||
onShowMore,
|
||||
onShowFewer
|
||||
}: {
|
||||
response: RenameResponse;
|
||||
selectedFileIds: Set<string>;
|
||||
selectedFolderPaths: Set<string>;
|
||||
recursive: boolean;
|
||||
visibleCount: number;
|
||||
onShowMore: () => void;
|
||||
onShowFewer: () => void;
|
||||
}) {
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}: {response: RenameResponse;selectedFileIds: Set<string>;selectedFolderPaths: Set<string>;recursive: boolean;visibleCount: number;onShowMore: () => void;onShowFewer: () => void;}) {
|
||||
const selectedFolderRoots = Array.from(selectedFolderPaths).map(normalizeFolder);
|
||||
const hiddenNonRecursiveItems = !recursive
|
||||
? response.items.filter((item) => {
|
||||
if (item.kind === "file" && selectedFileIds.has(item.id)) return false;
|
||||
if (item.kind === "folder" && selectedFolderRoots.includes(normalizeFolder(item.old_path))) return false;
|
||||
return selectedFolderRoots.some((folder) => isPathUnderOrSame(item.old_path, folder));
|
||||
}).length
|
||||
: 0;
|
||||
const hiddenNonRecursiveItems = !recursive ?
|
||||
response.items.filter((item) => {
|
||||
if (item.kind === "file" && selectedFileIds.has(item.id)) return false;
|
||||
if (item.kind === "folder" && selectedFolderRoots.includes(normalizeFolder(item.old_path))) return false;
|
||||
return selectedFolderRoots.some((folder) => isPathUnderOrSame(item.old_path, folder));
|
||||
}).length :
|
||||
0;
|
||||
const visibleItems = response.items.filter((item) => {
|
||||
if (recursive) return true;
|
||||
if (item.kind === "file") {
|
||||
@@ -182,20 +182,20 @@ export function RenamePreviewList({
|
||||
return (
|
||||
<div className="rename-preview-panel">
|
||||
<div className="placeholder-stack rename-preview-list">
|
||||
{hiddenNonRecursiveItems > 0 && <span className="muted">{hiddenNonRecursiveItems} contained path(s) will move with the selected folder(s), but their own names will stay unchanged.</span>}
|
||||
{hiddenNonRecursiveItems > 0 && <span className="muted">{hiddenNonRecursiveItems} i18n:govoplan-files.contained_path_s_will_move_with_the_selected_fol.b786f1a1</span>}
|
||||
{shownItems.map((item) => <span key={`${item.kind}:${item.id}:${item.old_path}`}><code>{item.old_path}</code> → <code>{item.new_path}</code></span>)}
|
||||
{remaining > 0 && (
|
||||
<button type="button" className="rename-preview-more" onClick={onShowMore}>… and {remaining} more — show next {Math.min(20, remaining)}</button>
|
||||
)}
|
||||
{shownItems.length > 20 && (
|
||||
<button type="button" className="rename-preview-more" onClick={onShowFewer}>Show fewer</button>
|
||||
)}
|
||||
{remaining > 0 &&
|
||||
<button type="button" className="rename-preview-more" onClick={onShowMore}>i18n:govoplan-files.and.a0d93385 {remaining} i18n:govoplan-files.more_show_next.f1912318 {Math.min(20, remaining)}</button>
|
||||
}
|
||||
{shownItems.length > 20 &&
|
||||
<button type="button" className="rename-preview-more" onClick={onShowFewer}>i18n:govoplan-files.show_fewer.d94dfbe5</button>
|
||||
}
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
</div>);
|
||||
|
||||
}
|
||||
|
||||
export function FileDialog({ title, onClose, children }: { title: string; onClose: () => void; children: ReactNode }) {
|
||||
export function FileDialog({ title, onClose, children }: {title: string;onClose: () => void;children: ReactNode;}) {
|
||||
return (
|
||||
<Dialog
|
||||
open
|
||||
@@ -205,11 +205,11 @@ export function FileDialog({ title, onClose, children }: { title: string; onClos
|
||||
className="file-dialog"
|
||||
headerClassName="file-dialog-header"
|
||||
titleClassName="file-dialog-title"
|
||||
bodyClassName="file-dialog-body"
|
||||
>
|
||||
bodyClassName="file-dialog-body">
|
||||
|
||||
{children}
|
||||
</Dialog>
|
||||
);
|
||||
</Dialog>);
|
||||
|
||||
}
|
||||
|
||||
export function FileContextMenu({
|
||||
@@ -227,22 +227,22 @@ export function FileContextMenu({
|
||||
onMove,
|
||||
onCopy,
|
||||
onDelete
|
||||
}: {
|
||||
menu: ContextMenuState;
|
||||
hasSelection: boolean;
|
||||
canCreateFolder: boolean;
|
||||
canUpload: boolean;
|
||||
canDownload: boolean;
|
||||
canOrganize: boolean;
|
||||
canDelete: boolean;
|
||||
downloadLabel: string;
|
||||
onCreateFolder: () => void;
|
||||
onUpload: () => void;
|
||||
onDownload: () => void;
|
||||
onMove: () => void;
|
||||
onCopy: () => void;
|
||||
onDelete: () => void;
|
||||
}) {
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}: {menu: ContextMenuState;hasSelection: boolean;canCreateFolder: boolean;canUpload: boolean;canDownload: boolean;canOrganize: boolean;canDelete: boolean;downloadLabel: string;onCreateFolder: () => void;onUpload: () => void;onDownload: () => void;onMove: () => void;onCopy: () => void;onDelete: () => void;}) {
|
||||
const showNewFolder = true;
|
||||
const showDelete = menu.target !== "empty";
|
||||
const viewportWidth = typeof window === "undefined" ? 1024 : window.innerWidth;
|
||||
@@ -251,19 +251,19 @@ export function FileContextMenu({
|
||||
const estimatedHeight = 260;
|
||||
const left = Math.max(8, Math.min(menu.x, viewportWidth - estimatedWidth - 8));
|
||||
const openUp = menu.y + estimatedHeight > viewportHeight;
|
||||
const style: CSSProperties = openUp
|
||||
? { left, bottom: Math.max(8, viewportHeight - menu.y) }
|
||||
: { left, top: Math.max(8, menu.y) };
|
||||
const style: CSSProperties = openUp ?
|
||||
{ left, bottom: Math.max(8, viewportHeight - menu.y) } :
|
||||
{ left, top: Math.max(8, menu.y) };
|
||||
return (
|
||||
<div className="file-context-menu" style={style} role="menu" onClick={(event) => event.stopPropagation()}>
|
||||
{showNewFolder && <button type="button" role="menuitem" onClick={onCreateFolder} disabled={!canCreateFolder}><Plus size={15} aria-hidden="true" /> New folder</button>}
|
||||
<button type="button" role="menuitem" onClick={onUpload} disabled={!canUpload}><UploadCloud size={15} aria-hidden="true" /> Upload</button>
|
||||
{showNewFolder && <button type="button" role="menuitem" onClick={onCreateFolder} disabled={!canCreateFolder}><Plus size={15} aria-hidden="true" /> i18n:govoplan-files.new_folder.a711999b</button>}
|
||||
<button type="button" role="menuitem" onClick={onUpload} disabled={!canUpload}><UploadCloud size={15} aria-hidden="true" /> i18n:govoplan-files.upload.8bdf057f</button>
|
||||
<button type="button" role="menuitem" onClick={onDownload} disabled={!hasSelection || !canDownload}><Download size={15} aria-hidden="true" /> {downloadLabel}</button>
|
||||
<button type="button" role="menuitem" onClick={onMove} disabled={!hasSelection || !canOrganize}><MoveRight size={15} aria-hidden="true" /> Move…</button>
|
||||
<button type="button" role="menuitem" onClick={onCopy} disabled={!hasSelection || !canOrganize}><Copy size={15} aria-hidden="true" /> Copy…</button>
|
||||
{showDelete && <button type="button" role="menuitem" className="danger" onClick={onDelete} disabled={!canDelete}><Trash2 size={15} aria-hidden="true" /> Delete</button>}
|
||||
</div>
|
||||
);
|
||||
<button type="button" role="menuitem" onClick={onMove} disabled={!hasSelection || !canOrganize}><MoveRight size={15} aria-hidden="true" /> i18n:govoplan-files.move.8a74a26e</button>
|
||||
<button type="button" role="menuitem" onClick={onCopy} disabled={!hasSelection || !canOrganize}><Copy size={15} aria-hidden="true" /> i18n:govoplan-files.copy.92556c6d</button>
|
||||
{showDelete && <button type="button" role="menuitem" className="danger" onClick={onDelete} disabled={!canDelete}><Trash2 size={15} aria-hidden="true" /> i18n:govoplan-files.delete.f6fdbe48</button>}
|
||||
</div>);
|
||||
|
||||
}
|
||||
|
||||
export function FileConflictDialog({
|
||||
@@ -276,60 +276,60 @@ export function FileConflictDialog({
|
||||
onReview,
|
||||
onApplyReview,
|
||||
onUpdateItem
|
||||
}: {
|
||||
state: ConflictDialogState;
|
||||
busy: boolean;
|
||||
onClose: () => void;
|
||||
onCancel: () => void;
|
||||
onOverwrite: () => void;
|
||||
onRename: () => void;
|
||||
onReview: () => void;
|
||||
onApplyReview: () => void;
|
||||
onUpdateItem: (id: string, patch: Partial<FileConflictItem>) => void;
|
||||
}) {
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}: {state: ConflictDialogState;busy: boolean;onClose: () => void;onCancel: () => void;onOverwrite: () => void;onRename: () => void;onReview: () => void;onApplyReview: () => void;onUpdateItem: (id: string, patch: Partial<FileConflictItem>) => void;}) {
|
||||
return (
|
||||
<FileDialog title={state.title} onClose={onClose}>
|
||||
<p className="muted">{state.message}</p>
|
||||
<div className="file-conflict-summary">
|
||||
<strong>{state.items.length} conflict(s)</strong>
|
||||
<span>{state.items.length > 1 ? "Choose the same action for all conflicts or review the target names individually." : "Choose how to resolve this conflict."}</span>
|
||||
<strong>{state.items.length} i18n:govoplan-files.conflict_s.60cea6d5</strong>
|
||||
<span>{state.items.length > 1 ? "i18n:govoplan-files.choose_the_same_action_for_all_conflicts_or_revi.319cfe5f" : "i18n:govoplan-files.choose_how_to_resolve_this_conflict.c303fcc6"}</span>
|
||||
</div>
|
||||
{state.review && (
|
||||
<div className="file-conflict-list">
|
||||
{state.items.map((item) => (
|
||||
<div className="file-conflict-row" key={item.id}>
|
||||
{state.review &&
|
||||
<div className="file-conflict-list">
|
||||
{state.items.map((item) =>
|
||||
<div className="file-conflict-row" key={item.id}>
|
||||
<div>
|
||||
<strong>{item.label}</strong>
|
||||
<small>{item.kind === "folder" ? "Folder" : "File"} conflict at <code>{item.targetPath}</code></small>
|
||||
<small>{item.kind === "folder" ? "i18n:govoplan-files.folder.30baa249" : "i18n:govoplan-files.file.2c3cafa4"} i18n:govoplan-files.conflict_at.0a91052f <code>{item.targetPath}</code></small>
|
||||
</div>
|
||||
<select value={item.action} onChange={(event) => onUpdateItem(item.id, { action: event.target.value as ConflictAction })} disabled={busy}>
|
||||
<option value="overwrite">Overwrite</option>
|
||||
<option value="rename">Rename</option>
|
||||
<option value="skip">Skip</option>
|
||||
<option value="overwrite">i18n:govoplan-files.overwrite.0625c54e</option>
|
||||
<option value="rename">i18n:govoplan-files.rename.d3f4cb89</option>
|
||||
<option value="skip">i18n:govoplan-files.skip.3da47453</option>
|
||||
</select>
|
||||
<input
|
||||
value={item.newPath}
|
||||
onChange={(event) => onUpdateItem(item.id, { newPath: event.target.value })}
|
||||
disabled={busy || item.action !== "rename"}
|
||||
aria-label={`New path for ${item.label}`}
|
||||
/>
|
||||
value={item.newPath}
|
||||
onChange={(event) => onUpdateItem(item.id, { newPath: event.target.value })}
|
||||
disabled={busy || item.action !== "rename"}
|
||||
aria-label={i18nMessage("i18n:govoplan-files.new_path_for_value.a9a30c1c", { value0: item.label })} />
|
||||
|
||||
</div>
|
||||
))}
|
||||
)}
|
||||
</div>
|
||||
)}
|
||||
{!state.review && (
|
||||
<div className="placeholder-stack">
|
||||
}
|
||||
{!state.review &&
|
||||
<div className="placeholder-stack">
|
||||
{state.items.slice(0, 8).map((item) => <span key={item.id}><code>{item.targetPath}</code></span>)}
|
||||
{state.items.length > 8 && <span>… and {state.items.length - 8} more</span>}
|
||||
{state.items.length > 8 && <span>i18n:govoplan-files.and.a0d93385 {state.items.length - 8} more</span>}
|
||||
</div>
|
||||
)}
|
||||
}
|
||||
<div className="button-row compact-actions align-end">
|
||||
<Button onClick={onCancel} disabled={busy}>Cancel</Button>
|
||||
<Button onClick={onOverwrite} disabled={busy}>Overwrite all</Button>
|
||||
<Button onClick={onRename} disabled={busy}>Rename all</Button>
|
||||
{!state.review && state.items.length > 1 && <Button onClick={onReview} disabled={busy}>Review individually</Button>}
|
||||
{state.review && <Button variant="primary" onClick={onApplyReview} disabled={busy}>Apply reviewed choices</Button>}
|
||||
<Button onClick={onCancel} disabled={busy}>i18n:govoplan-files.cancel.77dfd213</Button>
|
||||
<Button onClick={onOverwrite} disabled={busy}>i18n:govoplan-files.overwrite_all.a76f2d04</Button>
|
||||
<Button onClick={onRename} disabled={busy}>i18n:govoplan-files.rename_all.1d6b24dc</Button>
|
||||
{!state.review && state.items.length > 1 && <Button onClick={onReview} disabled={busy}>i18n:govoplan-files.review_individually.19abbe58</Button>}
|
||||
{state.review && <Button variant="primary" onClick={onApplyReview} disabled={busy}>i18n:govoplan-files.apply_reviewed_choices.bb55f7b3</Button>}
|
||||
</div>
|
||||
</FileDialog>
|
||||
);
|
||||
</FileDialog>);
|
||||
|
||||
}
|
||||
1051
webui/src/features/files/components/ManagedFileChooser.tsx
Normal file
1051
webui/src/features/files/components/ManagedFileChooser.tsx
Normal file
File diff suppressed because it is too large
Load Diff
@@ -4,7 +4,7 @@ export type RenameMode = "prefix" | "suffix" | "replace";
|
||||
export type SortColumn = "name" | "size" | "modified";
|
||||
export type SortDirection = "asc" | "desc";
|
||||
export type TransferMode = "move" | "copy";
|
||||
export type DialogKind = "upload" | "create-folder" | "rename" | "single-rename" | "transfer" | null;
|
||||
export type DialogKind = "upload" | "connector-sync" | "connector-space" | "create-folder" | "rename" | "single-rename" | "transfer" | null;
|
||||
export type EntrySelectionKey = `file:${string}` | `folder:${string}`;
|
||||
export type ContextMenuState = {
|
||||
x: number;
|
||||
|
||||
@@ -1,7 +1,14 @@
|
||||
import { formatDateTime as formatPlatformDateTime } from "@govoplan/core-webui";
|
||||
import { formatDateTime as formatPlatformDateTime, i18nMessage } from "@govoplan/core-webui";
|
||||
import type { FileFolder, ManagedFile } from "../../../api/files";
|
||||
import type { DragSelectionState, EntrySelectionKey, ExplorerEntry, FileEntry, FolderEntry, FolderNode, SortColumn, SortDirection } from "../types";
|
||||
|
||||
type FolderStats = {
|
||||
directFiles: number;
|
||||
childFolders: Set<string>;
|
||||
totalSize: number;
|
||||
updatedAt: string;
|
||||
};
|
||||
|
||||
export function buildFolderTree(files: ManagedFile[], folders: FileFolder[]): FolderNode[] {
|
||||
const byPath = new Map<string, FolderNode>();
|
||||
const ensureNode = (path: string, persisted: boolean): FolderNode | null => {
|
||||
@@ -48,7 +55,7 @@ export function treeNodeKey(spaceId: string, folderPath: string): string {
|
||||
return `${spaceId}:${normalizeFolder(folderPath)}`;
|
||||
}
|
||||
|
||||
export function folderAncestorPaths(folderPath: string, options: { includeSelf?: boolean } = {}): string[] {
|
||||
export function folderAncestorPaths(folderPath: string, options: {includeSelf?: boolean;} = {}): string[] {
|
||||
const parts = normalizeFolder(folderPath).split("/").filter(Boolean);
|
||||
const limit = options.includeSelf ? parts.length : Math.max(parts.length - 1, 0);
|
||||
const result: string[] = [];
|
||||
@@ -71,21 +78,23 @@ export function buildExplorerEntries(files: ManagedFile[], folders: FileFolder[]
|
||||
const prefix = folder ? `${folder}/` : "";
|
||||
const folderMap = new Map<string, FolderEntry>();
|
||||
const directFiles: FileEntry[] = [];
|
||||
const folderStats = buildFolderStats(files, folders);
|
||||
|
||||
for (const persisted of folders) {
|
||||
const path = normalizeFolder(persisted.path);
|
||||
if (!path.startsWith(prefix) || path === folder) continue;
|
||||
const relative = prefix ? path.slice(prefix.length) : path;
|
||||
if (!relative || relative.includes("/")) continue;
|
||||
const stats = folderStats.get(path);
|
||||
folderMap.set(path, {
|
||||
kind: "folder",
|
||||
id: `folder:${path}`,
|
||||
name: relative,
|
||||
path,
|
||||
fileCount: 0,
|
||||
folderCount: 0,
|
||||
totalSize: 0,
|
||||
updatedAt: persisted.updated_at,
|
||||
fileCount: stats?.directFiles ?? 0,
|
||||
folderCount: stats?.childFolders.size ?? 0,
|
||||
totalSize: stats?.totalSize ?? 0,
|
||||
updatedAt: latestTimestamp(persisted.updated_at, stats?.updatedAt),
|
||||
persisted: true
|
||||
});
|
||||
}
|
||||
@@ -102,31 +111,22 @@ export function buildExplorerEntries(files: ManagedFile[], folders: FileFolder[]
|
||||
}
|
||||
const folderName = relativePath.slice(0, slashIndex);
|
||||
const folderPath = prefix ? `${folder}/${folderName}` : folderName;
|
||||
const existing = folderMap.get(folderPath);
|
||||
if (existing) {
|
||||
existing.totalSize += file.size_bytes;
|
||||
if (file.updated_at > existing.updatedAt) existing.updatedAt = file.updated_at;
|
||||
} else {
|
||||
if (!folderMap.has(folderPath)) {
|
||||
const stats = folderStats.get(folderPath);
|
||||
folderMap.set(folderPath, {
|
||||
kind: "folder",
|
||||
id: `folder:${folderPath}`,
|
||||
name: folderName,
|
||||
path: folderPath,
|
||||
fileCount: 0,
|
||||
folderCount: 0,
|
||||
totalSize: file.size_bytes,
|
||||
updatedAt: file.updated_at,
|
||||
fileCount: stats?.directFiles ?? 0,
|
||||
folderCount: stats?.childFolders.size ?? 0,
|
||||
totalSize: stats?.totalSize ?? file.size_bytes,
|
||||
updatedAt: stats?.updatedAt || file.updated_at,
|
||||
persisted: false
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
for (const entry of folderMap.values()) {
|
||||
const counts = directFolderCounts(files, folders, entry.path);
|
||||
entry.fileCount = counts.files;
|
||||
entry.folderCount = counts.folders;
|
||||
}
|
||||
|
||||
return [...Array.from(folderMap.values()), ...directFiles];
|
||||
}
|
||||
|
||||
@@ -134,7 +134,7 @@ export function sortExplorerEntries(entries: ExplorerEntry[], column: SortColumn
|
||||
const factor = direction === "asc" ? 1 : -1;
|
||||
return [...entries].sort((a, b) => {
|
||||
if (column === "name") {
|
||||
if (a.kind !== b.kind) return a.kind === "folder" ? (direction === "asc" ? -1 : 1) : (direction === "asc" ? 1 : -1);
|
||||
if (a.kind !== b.kind) return a.kind === "folder" ? direction === "asc" ? -1 : 1 : direction === "asc" ? 1 : -1;
|
||||
return factor * entryName(a).localeCompare(entryName(b), undefined, { numeric: true, sensitivity: "base" });
|
||||
}
|
||||
if (column === "size") {
|
||||
@@ -163,26 +163,56 @@ export function entryModifiedTime(entry: ExplorerEntry): number {
|
||||
return Number.isNaN(parsed) ? 0 : parsed;
|
||||
}
|
||||
|
||||
export function directFolderCounts(files: ManagedFile[], folders: FileFolder[], folderPath: string): { files: number; folders: number } {
|
||||
const normalized = normalizeFolder(folderPath);
|
||||
const prefix = normalized ? `${normalized}/` : "";
|
||||
const directFiles = files.filter((file) => parentFolderPath(file.display_path) === normalized).length;
|
||||
const childFolders = new Set<string>();
|
||||
export function directFolderCounts(files: ManagedFile[], folders: FileFolder[], folderPath: string): {files: number;folders: number;} {
|
||||
const stats = buildFolderStats(files, folders).get(normalizeFolder(folderPath));
|
||||
return { files: stats?.directFiles ?? 0, folders: stats?.childFolders.size ?? 0 };
|
||||
}
|
||||
|
||||
function buildFolderStats(files: ManagedFile[], folders: FileFolder[]): Map<string, FolderStats> {
|
||||
const statsByPath = new Map<string, FolderStats>();
|
||||
const ensureStats = (path: string): FolderStats => {
|
||||
const normalized = normalizeFolder(path);
|
||||
const existing = statsByPath.get(normalized);
|
||||
if (existing) return existing;
|
||||
const stats: FolderStats = { directFiles: 0, childFolders: new Set(), totalSize: 0, updatedAt: "" };
|
||||
statsByPath.set(normalized, stats);
|
||||
return stats;
|
||||
};
|
||||
|
||||
for (const folder of folders) {
|
||||
const path = normalizeFolder(folder.path);
|
||||
if (!path.startsWith(prefix) || path === normalized) continue;
|
||||
const relative = prefix ? path.slice(prefix.length) : path;
|
||||
if (!relative) continue;
|
||||
childFolders.add(relative.split("/")[0]);
|
||||
if (!path) continue;
|
||||
const parts = path.split("/");
|
||||
const parentPath = normalizeFolder(parts.slice(0, -1).join("/"));
|
||||
const name = parts[parts.length - 1];
|
||||
if (name) ensureStats(parentPath).childFolders.add(name);
|
||||
ensureStats(path);
|
||||
}
|
||||
|
||||
for (const file of files) {
|
||||
const path = normalizeFilePath(file.display_path);
|
||||
if (!path.startsWith(prefix)) continue;
|
||||
const relative = prefix ? path.slice(prefix.length) : path;
|
||||
if (!relative || !relative.includes("/")) continue;
|
||||
childFolders.add(relative.split("/")[0]);
|
||||
const parts = normalizeFilePath(file.display_path || file.filename).split("/").filter(Boolean);
|
||||
if (parts.length === 0) continue;
|
||||
const directParentPath = normalizeFolder(parts.slice(0, -1).join("/"));
|
||||
ensureStats(directParentPath).directFiles += 1;
|
||||
|
||||
for (let index = 0; index < parts.length - 1; index += 1) {
|
||||
const folderPath = parts.slice(0, index + 1).join("/");
|
||||
const stats = ensureStats(folderPath);
|
||||
stats.totalSize += file.size_bytes;
|
||||
stats.updatedAt = latestTimestamp(stats.updatedAt, file.updated_at);
|
||||
|
||||
const parentPath = normalizeFolder(parts.slice(0, index).join("/"));
|
||||
ensureStats(parentPath).childFolders.add(parts[index]);
|
||||
}
|
||||
}
|
||||
return { files: directFiles, folders: childFolders.size };
|
||||
|
||||
return statsByPath;
|
||||
}
|
||||
|
||||
function latestTimestamp(current: string, candidate?: string): string {
|
||||
if (!candidate) return current;
|
||||
if (!current) return candidate;
|
||||
return candidate > current ? candidate : current;
|
||||
}
|
||||
|
||||
export function folderContentLabel(entry: FolderEntry): string {
|
||||
@@ -209,13 +239,14 @@ export function buildFolderEntryFromSources(files: ManagedFile[], folders: FileF
|
||||
const sortedDates = childFiles.map((file) => file.updated_at).sort();
|
||||
const latestFileDate = sortedDates.length > 0 ? sortedDates[sortedDates.length - 1] : undefined;
|
||||
const updatedAt = latestFileDate || persistedFolder?.updated_at || new Date().toISOString();
|
||||
const counts = directFolderCounts(files, folders, normalizedPath);
|
||||
return {
|
||||
kind: "folder",
|
||||
id: `folder:${normalizedPath}`,
|
||||
name: lastPathSegment(normalizedPath) || "Root",
|
||||
name: lastPathSegment(normalizedPath) || "i18n:govoplan-files.root.e96857c5",
|
||||
path: normalizedPath,
|
||||
fileCount: directFolderCounts(files, folders, normalizedPath).files,
|
||||
folderCount: directFolderCounts(files, folders, normalizedPath).folders,
|
||||
fileCount: counts.files,
|
||||
folderCount: counts.folders,
|
||||
totalSize: childFiles.reduce((total, file) => total + file.size_bytes, 0),
|
||||
updatedAt,
|
||||
persisted: Boolean(persistedFolder)
|
||||
@@ -240,7 +271,7 @@ export function fileIdsForSelection(files: ManagedFile[], selectedFileIds: Set<s
|
||||
return Array.from(ids);
|
||||
}
|
||||
|
||||
export function folderBreadcrumbs(folder: string): { name: string; path: string }[] {
|
||||
export function folderBreadcrumbs(folder: string): {name: string;path: string;}[] {
|
||||
const parts = normalizeFolder(folder).split("/").filter(Boolean);
|
||||
return parts.map((name, index) => ({ name, path: parts.slice(0, index + 1).join("/") }));
|
||||
}
|
||||
@@ -287,14 +318,19 @@ export function parseDragState(value: string): DragSelectionState | null {
|
||||
}
|
||||
|
||||
export function formatBytes(value: number): string {
|
||||
if (value < 1024) return `${value} B`;
|
||||
const units = ["KB", "MB", "GB", "TB"];
|
||||
if (value < 1024) return i18nMessage("i18n:govoplan-files.bytes_b", { value0: value });
|
||||
const units = [
|
||||
"i18n:govoplan-files.bytes_kb",
|
||||
"i18n:govoplan-files.bytes_mb",
|
||||
"i18n:govoplan-files.bytes_gb",
|
||||
"i18n:govoplan-files.bytes_tb"
|
||||
];
|
||||
let size = value / 1024;
|
||||
for (const unit of units) {
|
||||
if (size < 1024) return `${size.toFixed(size >= 10 ? 0 : 1)} ${unit}`;
|
||||
if (size < 1024) return i18nMessage(unit, { value0: size.toFixed(size >= 10 ? 0 : 1) });
|
||||
size /= 1024;
|
||||
}
|
||||
return `${size.toFixed(1)} PB`;
|
||||
return i18nMessage("i18n:govoplan-files.bytes_pb", { value0: size.toFixed(1) });
|
||||
}
|
||||
|
||||
export function formatDate(value: string): string {
|
||||
|
||||
690
webui/src/i18n/generatedTranslations.ts
Normal file
690
webui/src/i18n/generatedTranslations.ts
Normal file
@@ -0,0 +1,690 @@
|
||||
import type { PlatformTranslations } from "@govoplan/core-webui";
|
||||
|
||||
export const generatedTranslations: PlatformTranslations = {
|
||||
"en": {
|
||||
"i18n:govoplan-files.add_connector_space.aa6bdbd6": "Add connector space",
|
||||
"i18n:govoplan-files.add_credential_for_value.0fa9c1fe": "Add credential for {value0}",
|
||||
"i18n:govoplan-files.add_prefix.672452bc": "Add prefix",
|
||||
"i18n:govoplan-files.add_space.e4d674d4": "Add Space",
|
||||
"i18n:govoplan-files.add_suffix_before_extension.784381fe": "Add suffix before extension",
|
||||
"i18n:govoplan-files.added_connector_space_value.a24725b8": "Added connector space {value0}.",
|
||||
"i18n:govoplan-files.allowed_connection_ids.0df854c8": "Allowed connection IDs",
|
||||
"i18n:govoplan-files.allowed_credential_ids.efcaba2d": "Allowed credential IDs",
|
||||
"i18n:govoplan-files.allowed_endpoint_urls.34cfa8e9": "Allowed endpoint URLs",
|
||||
"i18n:govoplan-files.allowed_paths.c953b4be": "Allowed paths",
|
||||
"i18n:govoplan-files.allowed_providers.82a9c23e": "Allowed providers",
|
||||
"i18n:govoplan-files.allowed.77c7b490": "Allowed",
|
||||
"i18n:govoplan-files.already_at_the_root_folder.1238f110": "Already at the root folder",
|
||||
"i18n:govoplan-files.and.a0d93385": "… and",
|
||||
"i18n:govoplan-files.anonymous.9bed5104": "Anonymous",
|
||||
"i18n:govoplan-files.any_provider.b3fc542f": "Any provider",
|
||||
"i18n:govoplan-files.apply_preview.8692d5eb": "Apply preview",
|
||||
"i18n:govoplan-files.apply_recursively_to_folder_contents.c7076984": "Apply recursively to folder contents",
|
||||
"i18n:govoplan-files.apply_reviewed_choices.bb55f7b3": "Apply reviewed choices",
|
||||
"i18n:govoplan-files.attachments_attachment_sources.87d92d5b": "Attachments → Attachment sources",
|
||||
"i18n:govoplan-files.audit_relevant_files_stay_retained_when_deleted_.2b7b4543": "Audit-relevant files stay retained when deleted from active browsing.",
|
||||
"i18n:govoplan-files.available.974948f2": " · Available",
|
||||
"i18n:govoplan-files.back_to_folder.34ba1ed1": "Back to folder",
|
||||
"i18n:govoplan-files.base_path.6a4867ca": "Base path",
|
||||
"i18n:govoplan-files.blocked_by_policy.8d971f86": "Blocked by policy",
|
||||
"i18n:govoplan-files.blocked.99613c74": "Blocked",
|
||||
"i18n:govoplan-files.bootstrap_settings.05e3df38": " · Bootstrap settings",
|
||||
"i18n:govoplan-files.browse_ok_value_item_value.921906fd": "Browse OK ({value0} item{value1}).",
|
||||
"i18n:govoplan-files.browse_protocol.d1f27c90": "Browse protocol",
|
||||
"i18n:govoplan-files.browse.2f3b5c55": "Browse",
|
||||
"i18n:govoplan-files.bulk_rename_changes_managed_display_paths_only_i.8cf34a6b": "Bulk rename changes managed display paths only. Immutable blobs stay stable for audit.",
|
||||
"i18n:govoplan-files.bulk_rename_selected_items.5e79d694": "Bulk rename selected items",
|
||||
"i18n:govoplan-files.bulk_rename.7dcaa624": "Bulk rename",
|
||||
"i18n:govoplan-files.bytes_b": "{value0} B",
|
||||
"i18n:govoplan-files.bytes_gb": "{value0} GB",
|
||||
"i18n:govoplan-files.bytes_kb": "{value0} KB",
|
||||
"i18n:govoplan-files.bytes_mb": "{value0} MB",
|
||||
"i18n:govoplan-files.bytes_pb": "{value0} PB",
|
||||
"i18n:govoplan-files.bytes_tb": "{value0} TB",
|
||||
"i18n:govoplan-files.can_use_this_connection.5091a74c": "Can use this connection",
|
||||
"i18n:govoplan-files.can_use_this_credential.f4a41971": "Can use this credential",
|
||||
"i18n:govoplan-files.cancel.77dfd213": "Cancel",
|
||||
"i18n:govoplan-files.cannot_move_or_copy_a_folder_into_itself_or_one_.4adbd5ea": "Cannot move or copy a folder into itself or one of its child folders.",
|
||||
"i18n:govoplan-files.case_sensitive.c73af7bd": "Case sensitive",
|
||||
"i18n:govoplan-files.checking.494d0f68": "Checking...",
|
||||
"i18n:govoplan-files.choose_a_connector_file_and_destination_folder.3c6f3ffb": "Choose a connector file and destination folder.",
|
||||
"i18n:govoplan-files.choose_a_connector_profile_and_owner_space.4c386b00": "Choose a connector profile and owner space.",
|
||||
"i18n:govoplan-files.choose_a_destination_space_and_folder_folders_ar.45158643": "Choose a destination space and folder. Folders are transferred recursively.",
|
||||
"i18n:govoplan-files.choose_how_the_selected_names_should_be_changed.0231854f": "Choose how the selected names should be changed.",
|
||||
"i18n:govoplan-files.choose_how_to_resolve_this_conflict.c303fcc6": "Choose how to resolve this conflict.",
|
||||
"i18n:govoplan-files.choose_managed_attachment_source.b3709493": "Choose managed attachment source",
|
||||
"i18n:govoplan-files.choose_managed_file_or_pattern.bcf8e183": "Choose managed file or pattern",
|
||||
"i18n:govoplan-files.choose_the_destination_folder_before_selecting_o.a4922d75": "Choose the destination folder before selecting or dropping files.",
|
||||
"i18n:govoplan-files.campaigns": "Campaigns",
|
||||
"i18n:govoplan-files.choose_the_folder_that_should_act_as_this_campai.9d0b7ef7": "Choose the folder that should act as this campaign attachment source.",
|
||||
"i18n:govoplan-files.choose_the_parent_folder_for_the_new_subfolder.2fcb6580": "Choose the parent folder for the new subfolder.",
|
||||
"i18n:govoplan-files.choose_the_same_action_for_all_conflicts_or_revi.319cfe5f": "Choose the same action for all conflicts or review the target names individually.",
|
||||
"i18n:govoplan-files.choose_the_target_folder_folders_are_transferred.f7ab8e9e": "Choose the target folder. Folders are transferred recursively.",
|
||||
"i18n:govoplan-files.clear_saved_password.7442260d": "Clear saved password",
|
||||
"i18n:govoplan-files.clear_saved_token.a9c670aa": "Clear saved token",
|
||||
"i18n:govoplan-files.clear.719ea396": "Clear",
|
||||
"i18n:govoplan-files.clicking_a_file_sets_its_exact_relative_path_as_.590abd24": "Clicking a file sets its exact relative path as the pattern. Preview resolves the pattern against the current managed file space.",
|
||||
"i18n:govoplan-files.collapse.9cf188d3": "Collapse",
|
||||
"i18n:govoplan-files.conflict_at.0a91052f": "conflict at",
|
||||
"i18n:govoplan-files.conflict_s.60cea6d5": "conflict(s)",
|
||||
"i18n:govoplan-files.connection_credential.178babe0": "Connection / credential",
|
||||
"i18n:govoplan-files.connector_files.8f351f5d": "Connector files",
|
||||
"i18n:govoplan-files.connector_folders.960cbb03": "Connector folders",
|
||||
"i18n:govoplan-files.connector_profile_is_not_configured_for_this_spa.669f57b5": "Connector profile is not configured for this space.",
|
||||
"i18n:govoplan-files.connector_profile.9e9cd317": "Connector profile",
|
||||
"i18n:govoplan-files.connector_root.9027235c": "Connector root",
|
||||
"i18n:govoplan-files.connector_source_already_matched.7eaf5be1": "Connector source already matched",
|
||||
"i18n:govoplan-files.connector_space_files.dbb0ab24": "Connector space files",
|
||||
"i18n:govoplan-files.connector.ba358306": "Connector",
|
||||
"i18n:govoplan-files.contained_path_s_will_move_with_the_selected_fol.b786f1a1": "contained path(s) will move with the selected folder(s), but their own names will stay unchanged.",
|
||||
"i18n:govoplan-files.copied.8e3df45a": "Copied",
|
||||
"i18n:govoplan-files.copy.92556c6d": "Copy…",
|
||||
"i18n:govoplan-files.copy.a69c71d0": " copy",
|
||||
"i18n:govoplan-files.copy.af74f7c5": "Copy",
|
||||
"i18n:govoplan-files.copying.43b7de98": "Copying",
|
||||
"i18n:govoplan-files.copymove.d0fa5904": "copyMove",
|
||||
"i18n:govoplan-files.create_a_folder_below_the_selected_destination.9041ee76": "Create a folder below the selected destination.",
|
||||
"i18n:govoplan-files.create_folder.97bafaba": "Create Folder",
|
||||
"i18n:govoplan-files.create_folder.e59f63fa": "Create folder",
|
||||
"i18n:govoplan-files.create_space.b50606b4": "Create Space",
|
||||
"i18n:govoplan-files.created_folder_value.6c3002f9": "Created folder {value0}.",
|
||||
"i18n:govoplan-files.created_inside.3426a815": "Created inside",
|
||||
"i18n:govoplan-files.credential_id_and_label_are_required.4cfd1ffd": "Credential id and label are required.",
|
||||
"i18n:govoplan-files.credential_id.9432a6e1": "Credential id",
|
||||
"i18n:govoplan-files.credential_mode.23fdd899": "Credential mode",
|
||||
"i18n:govoplan-files.credential.8bede3ea": "Credential",
|
||||
"i18n:govoplan-files.current_file.1fbfcf3d": "current file",
|
||||
"i18n:govoplan-files.current_folder_contents.f9a24fa8": "Current folder contents",
|
||||
"i18n:govoplan-files.current_folder.5aeab2f0": "Current folder",
|
||||
"i18n:govoplan-files.delete_selected_item_s.4b6a0023": "Delete selected item(s)?",
|
||||
"i18n:govoplan-files.delete_value_audit_relevant_blobs_remain_retaine.290af88f": "Delete {value0}? Audit-relevant blobs remain retained.",
|
||||
"i18n:govoplan-files.delete.f6fdbe48": "Delete",
|
||||
"i18n:govoplan-files.denied_connection_ids.a95218b4": "Denied connection IDs",
|
||||
"i18n:govoplan-files.denied_credential_ids.b6838bc2": "Denied credential IDs",
|
||||
"i18n:govoplan-files.denied_endpoint_urls.1d8d4369": "Denied endpoint URLs",
|
||||
"i18n:govoplan-files.denied_paths.d25e4315": "Denied paths",
|
||||
"i18n:govoplan-files.denied_providers.149b29f4": "Denied providers",
|
||||
"i18n:govoplan-files.deny_listed_paths.fcde62cc": "Deny-listed paths",
|
||||
"i18n:govoplan-files.destination_folder.f8ccb63b": "Destination folder",
|
||||
"i18n:govoplan-files.destination_space.92b63970": "Destination space",
|
||||
"i18n:govoplan-files.disable_file_connection.3fd940ae": "Disable file connection",
|
||||
"i18n:govoplan-files.disable_file_credential.49bff614": "Disable file credential",
|
||||
"i18n:govoplan-files.disable_value_connections_using_it_will_stop_aut.fc3a1708": "Disable {value0}? Connections using it will stop authenticating until another credential is selected.",
|
||||
"i18n:govoplan-files.disable_value_existing_linked_spaces_will_stop_b.8c1b0ac6": "Disable {value0}? Existing linked spaces will stop browsing until the connection is enabled again.",
|
||||
"i18n:govoplan-files.disable_value.09485f7f": "Disable {value0}",
|
||||
"i18n:govoplan-files.disable.9a7d4e06": "Disable",
|
||||
"i18n:govoplan-files.disabled.f4f4473d": "Disabled",
|
||||
"i18n:govoplan-files.dms.477e5652": "DMS",
|
||||
"i18n:govoplan-files.download_zip.7bd0e4b0": "Download ZIP",
|
||||
"i18n:govoplan-files.download.a479c9c3": "Download",
|
||||
"i18n:govoplan-files.e_g_invoices.77a73bd1": "e.g. invoices",
|
||||
"i18n:govoplan-files.edit_file_connection.78698154": "Edit file connection",
|
||||
"i18n:govoplan-files.edit_file_credential.bc49d44f": "Edit file credential",
|
||||
"i18n:govoplan-files.edit_value.fad75899": "Edit {value0}",
|
||||
"i18n:govoplan-files.effective_sources_none.9a7c407f": "Effective sources: none",
|
||||
"i18n:govoplan-files.effective_sources.9a576802": "Effective sources:",
|
||||
"i18n:govoplan-files.enabled.df174a3f": "Enabled",
|
||||
"i18n:govoplan-files.endpoint_url.65aaaa45": "Endpoint URL",
|
||||
"i18n:govoplan-files.endpoint.92ec6350": "Endpoint",
|
||||
"i18n:govoplan-files.expand.9869e506": "Expand",
|
||||
"i18n:govoplan-files.extracting_files_on_the_server.845a3c1a": "Extracting files on the server…",
|
||||
"i18n:govoplan-files.file_actions.9e1b94c5": "File actions",
|
||||
"i18n:govoplan-files.file_connection_created.bdf6e1f6": "File connection created.",
|
||||
"i18n:govoplan-files.file_connection_disabled_value.059a7de9": "File connection disabled: {value0}.",
|
||||
"i18n:govoplan-files.file_connection_saved.68c16ee9": "File connection saved.",
|
||||
"i18n:govoplan-files.file_connections.1e362326": "File connections",
|
||||
"i18n:govoplan-files.file_credential_created.87c31882": "File credential created.",
|
||||
"i18n:govoplan-files.file_credential_disabled_value.947538fd": "File credential disabled: {value0}.",
|
||||
"i18n:govoplan-files.file_credential_saved.d6a1eef8": "File credential saved.",
|
||||
"i18n:govoplan-files.file_or_pattern_relative_to.0ab4d831": "File or pattern relative to",
|
||||
"i18n:govoplan-files.file_s.ca61e97f": "file(s),",
|
||||
"i18n:govoplan-files.file_share_was_not_created.033ac476": "File share was not created.",
|
||||
"i18n:govoplan-files.file_spaces_and_folders.443d2056": "File spaces and folders",
|
||||
"i18n:govoplan-files.file.2c3cafa4": "File",
|
||||
"i18n:govoplan-files.files_with_the_same_visible_name_already_exist_i.1bb487b0": "Files with the same visible name already exist in this folder.",
|
||||
"i18n:govoplan-files.files.6ce6c512": "Files",
|
||||
"i18n:govoplan-files.finalizing_upload.bcce936d": "Finalizing upload…",
|
||||
"i18n:govoplan-files.find_and_replace.2c6b404b": "Find and replace",
|
||||
"i18n:govoplan-files.find.df251b06": "Find",
|
||||
"i18n:govoplan-files.first.49ec0838": "first.",
|
||||
"i18n:govoplan-files.folder_name.b2ce023b": "Folder name",
|
||||
"i18n:govoplan-files.folder_s.10e54730": "folder(s)",
|
||||
"i18n:govoplan-files.folder.30baa249": "Folder",
|
||||
"i18n:govoplan-files.folders_and_files.d107ac99": "Folders and files",
|
||||
"i18n:govoplan-files.folders.19adc47b": "Folders",
|
||||
"i18n:govoplan-files.gb.505a44fa": "GB",
|
||||
"i18n:govoplan-files.generic.ff7613e5": "Generic",
|
||||
"i18n:govoplan-files.govoplan_files.b20752ed": "GovOPlaN files",
|
||||
"i18n:govoplan-files.govoplan_webdav_credentials.bc696d69": "GovOPlaN WebDAV credentials",
|
||||
"i18n:govoplan-files.group.171a0606": "Group",
|
||||
"i18n:govoplan-files.groups": "Groups",
|
||||
"i18n:govoplan-files.import.d6fbc9d2": "Import",
|
||||
"i18n:govoplan-files.inherited.58823af0": "Inherited",
|
||||
"i18n:govoplan-files.kb.315b39a0": "KB",
|
||||
"i18n:govoplan-files.kerberos.53c35fb7": "Kerberos",
|
||||
"i18n:govoplan-files.label.74341e3c": "Label",
|
||||
"i18n:govoplan-files.leave_empty_to_keep_saved_password.6ec39f5e": "Leave empty to keep saved password",
|
||||
"i18n:govoplan-files.leave_empty_to_keep_saved_token.e725857b": "Leave empty to keep saved token",
|
||||
"i18n:govoplan-files.library.b8100f5b": "Library",
|
||||
"i18n:govoplan-files.linked_file_space.1a614c7d": "Linked file space",
|
||||
"i18n:govoplan-files.linked_to_1_campaign.5349694f": "Linked to 1 campaign",
|
||||
"i18n:govoplan-files.linked_to_value_campaigns.1ad7be94": "Linked to {value0} campaigns",
|
||||
"i18n:govoplan-files.linked_to.ca188768": "linked to",
|
||||
"i18n:govoplan-files.linked_to.e7ca9e02": "Linked to",
|
||||
"i18n:govoplan-files.linking.6f640897": "Linking…",
|
||||
"i18n:govoplan-files.loading_connector_files.02c876e0": "Loading connector files…",
|
||||
"i18n:govoplan-files.loading_connector_files.e5b0871d": "Loading connector files",
|
||||
"i18n:govoplan-files.loading_connector_folders.426de3b6": "Loading connector folders",
|
||||
"i18n:govoplan-files.loading_connector_folders.dde26f3e": "Loading connector folders...",
|
||||
"i18n:govoplan-files.loading_connector_policy.2b984eec": "Loading connector policy...",
|
||||
"i18n:govoplan-files.loading_connector_policy.f12ab285": "Loading connector policy",
|
||||
"i18n:govoplan-files.loading_connector_space.356d83c6": "Loading connector space…",
|
||||
"i18n:govoplan-files.loading_connector_space.c176e6b8": "Loading connector space",
|
||||
"i18n:govoplan-files.loading_file_connections.bd68f224": "Loading file connections",
|
||||
"i18n:govoplan-files.loading_file_connections.ef22dc81": "Loading file connections...",
|
||||
"i18n:govoplan-files.loading_files.3b142382": "Loading files",
|
||||
"i18n:govoplan-files.loading_files.bfd27a7e": "Loading files…",
|
||||
"i18n:govoplan-files.loading.b04ba49f": "Loading...",
|
||||
"i18n:govoplan-files.lower_connection_limits.4f9838bc": "Lower connection limits",
|
||||
"i18n:govoplan-files.lower_credential_limits.ec2b72bc": "Lower credential limits",
|
||||
"i18n:govoplan-files.lower_endpoint_limits.3fd781d5": "Lower endpoint limits",
|
||||
"i18n:govoplan-files.lower_path_limits.1abcccb1": "Lower path limits",
|
||||
"i18n:govoplan-files.lower_provider_limits.5816270a": "Lower provider limits",
|
||||
"i18n:govoplan-files.managed_files.4dd6ad11": "Managed files",
|
||||
"i18n:govoplan-files.match.c79af5c2": "match.",
|
||||
"i18n:govoplan-files.mb.6e979f42": "MB",
|
||||
"i18n:govoplan-files.metadata_json_must_be_an_object.48629f13": "Metadata JSON must be an object.",
|
||||
"i18n:govoplan-files.metadata_json.b0e4c283": "Metadata JSON",
|
||||
"i18n:govoplan-files.mode.a7b93d21": "Mode",
|
||||
"i18n:govoplan-files.modified.19a532c8": "Modified",
|
||||
"i18n:govoplan-files.more_show_next.f1912318": "more — show next",
|
||||
"i18n:govoplan-files.move.76cdb950": "Move",
|
||||
"i18n:govoplan-files.move.8a74a26e": "Move…",
|
||||
"i18n:govoplan-files.moved.0fc28db0": "Moved",
|
||||
"i18n:govoplan-files.moving.65cd4dd8": "Moving",
|
||||
"i18n:govoplan-files.must_stay_in_allowed_paths.dc5b4eb4": "Must stay in allowed paths",
|
||||
"i18n:govoplan-files.name.709a2322": "Name",
|
||||
"i18n:govoplan-files.native_default.ba32f7b6": "Native/default",
|
||||
"i18n:govoplan-files.new_connection.ac979fe4": "New connection",
|
||||
"i18n:govoplan-files.new_credential.65b2a9b1": "New credential",
|
||||
"i18n:govoplan-files.new_file_connection.2ec6eb56": "New file connection",
|
||||
"i18n:govoplan-files.new_file_credential.4c061082": "New file credential",
|
||||
"i18n:govoplan-files.new_folder.a711999b": "New folder",
|
||||
"i18n:govoplan-files.new_name.9e627c7b": "New name",
|
||||
"i18n:govoplan-files.new_path_for_value.a9a30c1c": "New path for {value0}",
|
||||
"i18n:govoplan-files.nextcloud.aab73a3d": "Nextcloud",
|
||||
"i18n:govoplan-files.nfs.db121865": "NFS",
|
||||
"i18n:govoplan-files.no_accessible_file_spaces_were_found.abcf5003": "No accessible file spaces were found.",
|
||||
"i18n:govoplan-files.no_campaign_links.4203c2be": "No campaign links",
|
||||
"i18n:govoplan-files.no_connector_items.d634e023": "No connector items.",
|
||||
"i18n:govoplan-files.no_connector_profiles_are_available.9be3be28": "No connector profiles are available.",
|
||||
"i18n:govoplan-files.no_connector_profiles.03c730ee": "No connector profiles",
|
||||
"i18n:govoplan-files.no_current_files_match_this_pattern.b84c5836": "No current files match this pattern.",
|
||||
"i18n:govoplan-files.no_endpoint.d0ea68c4": "No endpoint",
|
||||
"i18n:govoplan-files.no_file_connections_configured.3ef02049": "No file connections configured.",
|
||||
"i18n:govoplan-files.no_file_selected.f76f1c1c": "No file selected",
|
||||
"i18n:govoplan-files.no_file_spaces_available.a81fa3d0": "No file spaces available.",
|
||||
"i18n:govoplan-files.no_value_available": "No {value0} available.",
|
||||
"i18n:govoplan-files.no_files_uploaded_all_conflicts_were_skipped.1166f3b5": "No files uploaded; all conflicts were skipped.",
|
||||
"i18n:govoplan-files.no_folders_yet_choose_the_root_folder.6430304d": "No folders yet. Choose the root folder.",
|
||||
"i18n:govoplan-files.no_saved_credential.30a5a951": "No saved credential",
|
||||
"i18n:govoplan-files.no_secret.33c1a339": "No secret",
|
||||
"i18n:govoplan-files.none.6eef6648": "None",
|
||||
"i18n:govoplan-files.not_sorted.0abc03c5": "not sorted",
|
||||
"i18n:govoplan-files.ntlm.026eac85": "NTLM",
|
||||
"i18n:govoplan-files.only_the_visible_name_changes_immutable_blobs_st.01557e71": "Only the visible name changes. Immutable blobs stay stable for audit.",
|
||||
"i18n:govoplan-files.open_parent_folder_value.8030a7c7": "Open parent folder {value0}",
|
||||
"i18n:govoplan-files.overwrite_all.a76f2d04": "Overwrite all",
|
||||
"i18n:govoplan-files.overwrite.0625c54e": "Overwrite",
|
||||
"i18n:govoplan-files.owner_space.364c4b62": "Owner space",
|
||||
"i18n:govoplan-files.parent_folder.d8ed4c2a": "Parent folder",
|
||||
"i18n:govoplan-files.password_environment_variable.0e77673f": "Password environment variable",
|
||||
"i18n:govoplan-files.password.8be3c943": "Password",
|
||||
"i18n:govoplan-files.path_limited.d32cbef0": "Path-limited",
|
||||
"i18n:govoplan-files.pattern_preview_results.56cea56c": "Pattern preview results",
|
||||
"i18n:govoplan-files.policy.bb9cf141": "Policy",
|
||||
"i18n:govoplan-files.prefix.90eceb01": "Prefix",
|
||||
"i18n:govoplan-files.preview_rename.bb890b24": "Preview rename",
|
||||
"i18n:govoplan-files.preview_resolves_to.a8d99432": "Preview resolves to",
|
||||
"i18n:govoplan-files.preview.f1fbb2b4": "Preview",
|
||||
"i18n:govoplan-files.profile_id_and_label_are_required.6ad85df1": "Profile id and label are required.",
|
||||
"i18n:govoplan-files.profile_id.25961d68": "Profile id",
|
||||
"i18n:govoplan-files.provider.7ceee3f3": "Provider",
|
||||
"i18n:govoplan-files.read_only.9b19a5a2": "Read-only",
|
||||
"i18n:govoplan-files.refresh.56e3badc": "Refresh",
|
||||
"i18n:govoplan-files.reload.cce71553": "Reload",
|
||||
"i18n:govoplan-files.remote_connector_space.d8956863": "Remote connector space",
|
||||
"i18n:govoplan-files.rename_all.1d6b24dc": "Rename all",
|
||||
"i18n:govoplan-files.rename_item.3d21d6ca": "Rename item",
|
||||
"i18n:govoplan-files.rename.d3f4cb89": "Rename",
|
||||
"i18n:govoplan-files.renamed_value_item_s.3c4a40fe": "Renamed {value0} item(s).",
|
||||
"i18n:govoplan-files.replace_pattern.d98e4c92": "Replace pattern",
|
||||
"i18n:govoplan-files.replace_the_current_pattern.96f80707": "Replace the current pattern?",
|
||||
"i18n:govoplan-files.replace_value_with_the_exact_file_value.4a63236f": "Replace \"{value0}\" with the exact file \"{value1}\"?",
|
||||
"i18n:govoplan-files.replacement.c385e347": "Replacement",
|
||||
"i18n:govoplan-files.require_smb_signing.5168a83d": "Require SMB signing",
|
||||
"i18n:govoplan-files.review_individually.19abbe58": "Review individually",
|
||||
"i18n:govoplan-files.root.e96857c5": "Root",
|
||||
"i18n:govoplan-files.save_connection.07796d38": "Save connection",
|
||||
"i18n:govoplan-files.save_credential.2c02a6d2": "Save credential",
|
||||
"i18n:govoplan-files.save_policy.77d67ce3": "Save policy",
|
||||
"i18n:govoplan-files.saving.56a2285c": "Saving…",
|
||||
"i18n:govoplan-files.saving.ae7e8875": "Saving...",
|
||||
"i18n:govoplan-files.seafile.600192cc": "Seafile",
|
||||
"i18n:govoplan-files.search_this_folder_pdf_pdf_or_2026_pdf.74dec36a": "Search this folder: *.pdf, **/*.pdf or 2026-??-*.pdf",
|
||||
"i18n:govoplan-files.search.bce06414": "Search",
|
||||
"i18n:govoplan-files.secret_configured.4dc0f095": "Secret configured",
|
||||
"i18n:govoplan-files.secret_reference.04ed2221": "Secret reference",
|
||||
"i18n:govoplan-files.select_a_remote_file_to_sync_into_the_destinatio.80477a47": "Select a remote file to sync into the destination folder.",
|
||||
"i18n:govoplan-files.select_a_remote_file_to_sync_it_into_this_space_.8e58a5ae": "Select a remote file to sync it into this space owner.",
|
||||
"i18n:govoplan-files.select_the_space_that_will_receive_the_selected_.0a8bea8f": "Select the space that will receive the selected file(s) or folder(s).",
|
||||
"i18n:govoplan-files.selected.840fac38": " · Selected",
|
||||
"i18n:govoplan-files.show_fewer.d94dfbe5": "Show fewer",
|
||||
"i18n:govoplan-files.size.b7152342": "Size",
|
||||
"i18n:govoplan-files.skip.3da47453": "Skip",
|
||||
"i18n:govoplan-files.smb_authentication.96f7cb83": "SMB authentication",
|
||||
"i18n:govoplan-files.smb.515d2f88": "SMB",
|
||||
"i18n:govoplan-files.space_label.ec892726": "Space label",
|
||||
"i18n:govoplan-files.spaces.9b584b52": "Spaces",
|
||||
"i18n:govoplan-files.status.bae7d5be": "Status",
|
||||
"i18n:govoplan-files.suffix.885db975": "Suffix",
|
||||
"i18n:govoplan-files.sync_to_value_value.29c362ea": "Sync to {value0} / {value1}",
|
||||
"i18n:govoplan-files.sync.905f6309": "Sync",
|
||||
"i18n:govoplan-files.synced_new_file.d5e8243d": "Synced new file",
|
||||
"i18n:govoplan-files.synced_new_version.83784264": "Synced new version",
|
||||
"i18n:govoplan-files.system.bc0792d8": "System",
|
||||
"i18n:govoplan-files.target.61ad50a9": "Target",
|
||||
"i18n:govoplan-files.tb.f8a902b0": "TB",
|
||||
"i18n:govoplan-files.tenant.3ca93c78": "Tenant",
|
||||
"i18n:govoplan-files.test_value.6a5d10a5": "Test {value0}",
|
||||
"i18n:govoplan-files.testing.15ccc832": "Testing...",
|
||||
"i18n:govoplan-files.the_configured_managed_file_space_is_no_longer_a.5e93b729": "The configured managed file space is no longer available to this user.",
|
||||
"i18n:govoplan-files.this_attachment_base_path_is_not_connected_to_a_.3962b48f": "This attachment base path is not connected to a managed file space. Choose its folder under",
|
||||
"i18n:govoplan-files.this_file_connection.edcde997": "this file connection",
|
||||
"i18n:govoplan-files.this_file_credential.695efb90": "this file credential",
|
||||
"i18n:govoplan-files.this_folder_is_empty_upload_files_in_the_top_lev.cb6c3a1a": "This folder is empty. Upload files in the top-level Files module.",
|
||||
"i18n:govoplan-files.this_folder_is_empty_use_upload_or_create_folder.5977d784": "This folder is empty. Use Upload or Create Folder to add content.",
|
||||
"i18n:govoplan-files.token_environment_variable.5af4a79e": "Token environment variable",
|
||||
"i18n:govoplan-files.token.a1141eb9": "Token",
|
||||
"i18n:govoplan-files.unpack_zip_uploads.256fead4": "Unpack ZIP uploads",
|
||||
"i18n:govoplan-files.unpacking_zip_archive.698095f4": "Unpacking ZIP archive",
|
||||
"i18n:govoplan-files.unpacking_zip_upload.35019691": "Unpacking ZIP upload…",
|
||||
"i18n:govoplan-files.up.2038bdec": "Up",
|
||||
"i18n:govoplan-files.upload_failed_because_the_network_request_could_.360a5ab3": "Upload failed because the network request could not be completed.",
|
||||
"i18n:govoplan-files.upload_to_value_value.b83a34b4": "Upload to {value0} / {value1}",
|
||||
"i18n:govoplan-files.upload_was_cancelled.5bab0f9b": "Upload was cancelled.",
|
||||
"i18n:govoplan-files.upload.8bdf057f": "Upload",
|
||||
"i18n:govoplan-files.uploaded_value_file_s_into_value.d0fa052b": "Uploaded {value0} file(s) into {value1}.",
|
||||
"i18n:govoplan-files.uploading_files.6536791d": "Uploading files",
|
||||
"i18n:govoplan-files.uploading_value_file_s.715ba963": "Uploading {value0} file(s)…",
|
||||
"i18n:govoplan-files.use_pattern.ce54ba3e": "Use pattern",
|
||||
"i18n:govoplan-files.use_this_folder.0e77d6d1": "Use this folder",
|
||||
"i18n:govoplan-files.user.9f8a2389": "User",
|
||||
"i18n:govoplan-files.users": "Users",
|
||||
"i18n:govoplan-files.username_password.e8ba8896": "Username/password",
|
||||
"i18n:govoplan-files.username.84c29015": "Username",
|
||||
"i18n:govoplan-files.value_conflict_s.b3872a48": "{value0} conflict(s)",
|
||||
"i18n:govoplan-files.value_connector_policy_saved.430d4eca": "{value0} connector policy saved.",
|
||||
"i18n:govoplan-files.value_connector_policy.0bf7f53b": "{value0} connector policy",
|
||||
"i18n:govoplan-files.value_file_shown_for_context.3d6e0acb": "{value0}, file shown for context",
|
||||
"i18n:govoplan-files.value_folder_s_value_file_s.76b92c8c": "{value0} folder(s) · {value1} file(s)",
|
||||
"i18n:govoplan-files.value_this_selection_would_create_duplicate_visi.26ae34d4": "{value0} this selection would create duplicate visible names in the destination.",
|
||||
"i18n:govoplan-files.value_upload_conflict_s.3a04f117": "{value0} upload conflict(s)",
|
||||
"i18n:govoplan-files.value_value_activate_to_sort.3953ba71": "{value0}: {value1}. Activate to sort.",
|
||||
"i18n:govoplan-files.value_value_file_s_and_value_folder_s.c160e725": "{value0} {value1} file(s) and {value2} folder(s).",
|
||||
"i18n:govoplan-files.value_value.36bc3a40": "{value0}: {value1}.",
|
||||
"i18n:govoplan-files.value_value.598aab59": "{value0} -> {value1}",
|
||||
"i18n:govoplan-files.value_value.c189e8bc": "{value0} ({value1})",
|
||||
"i18n:govoplan-files.value_value.dca59cc0": "{value0} {value1}",
|
||||
"i18n:govoplan-files.value.48afe802": "· {value0}",
|
||||
"i18n:govoplan-files.value_file_connections": "{value0} file connections",
|
||||
"i18n:govoplan-files.value_scope": "{value0} scope",
|
||||
"i18n:govoplan-files.visible_file_s_were_not_matched.dc497e90": "visible file(s) were not matched.",
|
||||
"i18n:govoplan-files.webdav.521b4c8b": "WebDAV",
|
||||
"i18n:govoplan-files.working.13b7bfca": "Working…",
|
||||
"i18n:govoplan-files.writable.dd35487a": "Writable"
|
||||
},
|
||||
"de": {
|
||||
"i18n:govoplan-files.add_connector_space.aa6bdbd6": "Add connector space",
|
||||
"i18n:govoplan-files.add_credential_for_value.0fa9c1fe": "Add credential for {value0}",
|
||||
"i18n:govoplan-files.add_prefix.672452bc": "Add prefix",
|
||||
"i18n:govoplan-files.add_space.e4d674d4": "Add Space",
|
||||
"i18n:govoplan-files.add_suffix_before_extension.784381fe": "Add suffix before extension",
|
||||
"i18n:govoplan-files.added_connector_space_value.a24725b8": "Added connector space {value0}.",
|
||||
"i18n:govoplan-files.allowed_connection_ids.0df854c8": "Allowed connection IDs",
|
||||
"i18n:govoplan-files.allowed_credential_ids.efcaba2d": "Allowed credential IDs",
|
||||
"i18n:govoplan-files.allowed_endpoint_urls.34cfa8e9": "Allowed endpoint URLs",
|
||||
"i18n:govoplan-files.allowed_paths.c953b4be": "Allowed paths",
|
||||
"i18n:govoplan-files.allowed_providers.82a9c23e": "Allowed providers",
|
||||
"i18n:govoplan-files.allowed.77c7b490": "Allowed",
|
||||
"i18n:govoplan-files.already_at_the_root_folder.1238f110": "Already at the root folder",
|
||||
"i18n:govoplan-files.and.a0d93385": "… and",
|
||||
"i18n:govoplan-files.anonymous.9bed5104": "Anonymous",
|
||||
"i18n:govoplan-files.any_provider.b3fc542f": "Any provider",
|
||||
"i18n:govoplan-files.apply_preview.8692d5eb": "Apply preview",
|
||||
"i18n:govoplan-files.apply_recursively_to_folder_contents.c7076984": "Apply recursively to folder contents",
|
||||
"i18n:govoplan-files.apply_reviewed_choices.bb55f7b3": "Apply reviewed choices",
|
||||
"i18n:govoplan-files.attachments_attachment_sources.87d92d5b": "Attachments → Attachment sources",
|
||||
"i18n:govoplan-files.audit_relevant_files_stay_retained_when_deleted_.2b7b4543": "Audit-relevant files stay retained when deleted from active browsing.",
|
||||
"i18n:govoplan-files.available.974948f2": " · Available",
|
||||
"i18n:govoplan-files.back_to_folder.34ba1ed1": "Back to folder",
|
||||
"i18n:govoplan-files.base_path.6a4867ca": "Base path",
|
||||
"i18n:govoplan-files.blocked_by_policy.8d971f86": "Blocked by policy",
|
||||
"i18n:govoplan-files.blocked.99613c74": "Blocked",
|
||||
"i18n:govoplan-files.bootstrap_settings.05e3df38": " · Bootstrap settings",
|
||||
"i18n:govoplan-files.browse_ok_value_item_value.921906fd": "Browse OK ({value0} item{value1}).",
|
||||
"i18n:govoplan-files.browse_protocol.d1f27c90": "Browse protocol",
|
||||
"i18n:govoplan-files.browse.2f3b5c55": "Durchsuchen",
|
||||
"i18n:govoplan-files.bulk_rename_changes_managed_display_paths_only_i.8cf34a6b": "Bulk rename changes managed display paths only. Immutable blobs stay stable for audit.",
|
||||
"i18n:govoplan-files.bulk_rename_selected_items.5e79d694": "Bulk rename selected items",
|
||||
"i18n:govoplan-files.bulk_rename.7dcaa624": "Bulk rename",
|
||||
"i18n:govoplan-files.bytes_b": "{value0} B",
|
||||
"i18n:govoplan-files.bytes_gb": "{value0} GB",
|
||||
"i18n:govoplan-files.bytes_kb": "{value0} KB",
|
||||
"i18n:govoplan-files.bytes_mb": "{value0} MB",
|
||||
"i18n:govoplan-files.bytes_pb": "{value0} PB",
|
||||
"i18n:govoplan-files.bytes_tb": "{value0} TB",
|
||||
"i18n:govoplan-files.can_use_this_connection.5091a74c": "Can use this connection",
|
||||
"i18n:govoplan-files.can_use_this_credential.f4a41971": "Can use this credential",
|
||||
"i18n:govoplan-files.cancel.77dfd213": "Abbrechen",
|
||||
"i18n:govoplan-files.cannot_move_or_copy_a_folder_into_itself_or_one_.4adbd5ea": "Cannot move or copy a folder into itself or one of its child folders.",
|
||||
"i18n:govoplan-files.case_sensitive.c73af7bd": "Case sensitive",
|
||||
"i18n:govoplan-files.checking.494d0f68": "Checking...",
|
||||
"i18n:govoplan-files.choose_a_connector_file_and_destination_folder.3c6f3ffb": "Choose a connector file and destination folder.",
|
||||
"i18n:govoplan-files.choose_a_connector_profile_and_owner_space.4c386b00": "Choose a connector profile and owner space.",
|
||||
"i18n:govoplan-files.choose_a_destination_space_and_folder_folders_ar.45158643": "Choose a destination space and folder. Folders are transferred recursively.",
|
||||
"i18n:govoplan-files.choose_how_the_selected_names_should_be_changed.0231854f": "Choose how the selected names should be changed.",
|
||||
"i18n:govoplan-files.choose_how_to_resolve_this_conflict.c303fcc6": "Choose how to resolve this conflict.",
|
||||
"i18n:govoplan-files.choose_managed_attachment_source.b3709493": "Choose managed attachment source",
|
||||
"i18n:govoplan-files.choose_managed_file_or_pattern.bcf8e183": "Choose managed file or pattern",
|
||||
"i18n:govoplan-files.choose_the_destination_folder_before_selecting_o.a4922d75": "Choose the destination folder before selecting or dropping files.",
|
||||
"i18n:govoplan-files.campaigns": "Kampagnen",
|
||||
"i18n:govoplan-files.choose_the_folder_that_should_act_as_this_campai.9d0b7ef7": "Choose the folder that should act as this campaign attachment source.",
|
||||
"i18n:govoplan-files.choose_the_parent_folder_for_the_new_subfolder.2fcb6580": "Choose the parent folder for the new subfolder.",
|
||||
"i18n:govoplan-files.choose_the_same_action_for_all_conflicts_or_revi.319cfe5f": "Choose the same action for all conflicts or review the target names individually.",
|
||||
"i18n:govoplan-files.choose_the_target_folder_folders_are_transferred.f7ab8e9e": "Choose the target folder. Folders are transferred recursively.",
|
||||
"i18n:govoplan-files.clear_saved_password.7442260d": "Clear saved password",
|
||||
"i18n:govoplan-files.clear_saved_token.a9c670aa": "Clear saved token",
|
||||
"i18n:govoplan-files.clear.719ea396": "Leeren",
|
||||
"i18n:govoplan-files.clicking_a_file_sets_its_exact_relative_path_as_.590abd24": "Clicking a file sets its exact relative path as the pattern. Preview resolves the pattern against the current managed file space.",
|
||||
"i18n:govoplan-files.collapse.9cf188d3": "Collapse",
|
||||
"i18n:govoplan-files.conflict_at.0a91052f": "conflict at",
|
||||
"i18n:govoplan-files.conflict_s.60cea6d5": "conflict(s)",
|
||||
"i18n:govoplan-files.connection_credential.178babe0": "Connection / credential",
|
||||
"i18n:govoplan-files.connector_files.8f351f5d": "Connector files",
|
||||
"i18n:govoplan-files.connector_folders.960cbb03": "Connector folders",
|
||||
"i18n:govoplan-files.connector_profile_is_not_configured_for_this_spa.669f57b5": "Connector profile is not configured for this space.",
|
||||
"i18n:govoplan-files.connector_profile.9e9cd317": "Connector profile",
|
||||
"i18n:govoplan-files.connector_root.9027235c": "Connector root",
|
||||
"i18n:govoplan-files.connector_source_already_matched.7eaf5be1": "Connector source already matched",
|
||||
"i18n:govoplan-files.connector_space_files.dbb0ab24": "Connector space files",
|
||||
"i18n:govoplan-files.connector.ba358306": "Verbindung",
|
||||
"i18n:govoplan-files.contained_path_s_will_move_with_the_selected_fol.b786f1a1": "contained path(s) will move with the selected folder(s), but their own names will stay unchanged.",
|
||||
"i18n:govoplan-files.copied.8e3df45a": "Copied",
|
||||
"i18n:govoplan-files.copy.92556c6d": "Copy…",
|
||||
"i18n:govoplan-files.copy.a69c71d0": " copy",
|
||||
"i18n:govoplan-files.copy.af74f7c5": "Copy",
|
||||
"i18n:govoplan-files.copying.43b7de98": "Copying",
|
||||
"i18n:govoplan-files.copymove.d0fa5904": "copyMove",
|
||||
"i18n:govoplan-files.create_a_folder_below_the_selected_destination.9041ee76": "Create a folder below the selected destination.",
|
||||
"i18n:govoplan-files.create_folder.97bafaba": "Create Folder",
|
||||
"i18n:govoplan-files.create_folder.e59f63fa": "Ordner erstellen",
|
||||
"i18n:govoplan-files.create_space.b50606b4": "Create Space",
|
||||
"i18n:govoplan-files.created_folder_value.6c3002f9": "Created folder {value0}.",
|
||||
"i18n:govoplan-files.created_inside.3426a815": "Created inside",
|
||||
"i18n:govoplan-files.credential_id_and_label_are_required.4cfd1ffd": "Credential id and label are required.",
|
||||
"i18n:govoplan-files.credential_id.9432a6e1": "Credential id",
|
||||
"i18n:govoplan-files.credential_mode.23fdd899": "Credential mode",
|
||||
"i18n:govoplan-files.credential.8bede3ea": "Credential",
|
||||
"i18n:govoplan-files.current_file.1fbfcf3d": "current file",
|
||||
"i18n:govoplan-files.current_folder_contents.f9a24fa8": "Current folder contents",
|
||||
"i18n:govoplan-files.current_folder.5aeab2f0": "Current folder",
|
||||
"i18n:govoplan-files.delete_selected_item_s.4b6a0023": "Delete selected item(s)?",
|
||||
"i18n:govoplan-files.delete_value_audit_relevant_blobs_remain_retaine.290af88f": "Delete {value0}? Audit-relevant blobs remain retained.",
|
||||
"i18n:govoplan-files.delete.f6fdbe48": "Löschen",
|
||||
"i18n:govoplan-files.denied_connection_ids.a95218b4": "Denied connection IDs",
|
||||
"i18n:govoplan-files.denied_credential_ids.b6838bc2": "Denied credential IDs",
|
||||
"i18n:govoplan-files.denied_endpoint_urls.1d8d4369": "Denied endpoint URLs",
|
||||
"i18n:govoplan-files.denied_paths.d25e4315": "Denied paths",
|
||||
"i18n:govoplan-files.denied_providers.149b29f4": "Denied providers",
|
||||
"i18n:govoplan-files.deny_listed_paths.fcde62cc": "Deny-listed paths",
|
||||
"i18n:govoplan-files.destination_folder.f8ccb63b": "Destination folder",
|
||||
"i18n:govoplan-files.destination_space.92b63970": "Destination space",
|
||||
"i18n:govoplan-files.disable_file_connection.3fd940ae": "Disable file connection",
|
||||
"i18n:govoplan-files.disable_file_credential.49bff614": "Disable file credential",
|
||||
"i18n:govoplan-files.disable_value_connections_using_it_will_stop_aut.fc3a1708": "Disable {value0}? Connections using it will stop authenticating until another credential is selected.",
|
||||
"i18n:govoplan-files.disable_value_existing_linked_spaces_will_stop_b.8c1b0ac6": "Disable {value0}? Existing linked spaces will stop browsing until the connection is enabled again.",
|
||||
"i18n:govoplan-files.disable_value.09485f7f": "Disable {value0}",
|
||||
"i18n:govoplan-files.disable.9a7d4e06": "Disable",
|
||||
"i18n:govoplan-files.disabled.f4f4473d": "Disabled",
|
||||
"i18n:govoplan-files.dms.477e5652": "DMS",
|
||||
"i18n:govoplan-files.download_zip.7bd0e4b0": "Download ZIP",
|
||||
"i18n:govoplan-files.download.a479c9c3": "Download",
|
||||
"i18n:govoplan-files.e_g_invoices.77a73bd1": "e.g. invoices",
|
||||
"i18n:govoplan-files.edit_file_connection.78698154": "Edit file connection",
|
||||
"i18n:govoplan-files.edit_file_credential.bc49d44f": "Edit file credential",
|
||||
"i18n:govoplan-files.edit_value.fad75899": "Edit {value0}",
|
||||
"i18n:govoplan-files.effective_sources_none.9a7c407f": "Effective sources: none",
|
||||
"i18n:govoplan-files.effective_sources.9a576802": "Effective sources:",
|
||||
"i18n:govoplan-files.enabled.df174a3f": "Aktiviert",
|
||||
"i18n:govoplan-files.endpoint_url.65aaaa45": "Endpoint URL",
|
||||
"i18n:govoplan-files.endpoint.92ec6350": "Endpoint",
|
||||
"i18n:govoplan-files.expand.9869e506": "Expand",
|
||||
"i18n:govoplan-files.extracting_files_on_the_server.845a3c1a": "Extracting files on the server…",
|
||||
"i18n:govoplan-files.file_actions.9e1b94c5": "File actions",
|
||||
"i18n:govoplan-files.file_connection_created.bdf6e1f6": "File connection created.",
|
||||
"i18n:govoplan-files.file_connection_disabled_value.059a7de9": "File connection disabled: {value0}.",
|
||||
"i18n:govoplan-files.file_connection_saved.68c16ee9": "File connection saved.",
|
||||
"i18n:govoplan-files.file_connections.1e362326": "Dateiverbindungen",
|
||||
"i18n:govoplan-files.file_credential_created.87c31882": "File credential created.",
|
||||
"i18n:govoplan-files.file_credential_disabled_value.947538fd": "File credential disabled: {value0}.",
|
||||
"i18n:govoplan-files.file_credential_saved.d6a1eef8": "File credential saved.",
|
||||
"i18n:govoplan-files.file_or_pattern_relative_to.0ab4d831": "File or pattern relative to",
|
||||
"i18n:govoplan-files.file_s.ca61e97f": "file(s),",
|
||||
"i18n:govoplan-files.file_share_was_not_created.033ac476": "File share was not created.",
|
||||
"i18n:govoplan-files.file_spaces_and_folders.443d2056": "File spaces and folders",
|
||||
"i18n:govoplan-files.file.2c3cafa4": "Datei",
|
||||
"i18n:govoplan-files.files_with_the_same_visible_name_already_exist_i.1bb487b0": "Files with the same visible name already exist in this folder.",
|
||||
"i18n:govoplan-files.files.6ce6c512": "Dateien",
|
||||
"i18n:govoplan-files.finalizing_upload.bcce936d": "Finalizing upload…",
|
||||
"i18n:govoplan-files.find_and_replace.2c6b404b": "Find and replace",
|
||||
"i18n:govoplan-files.find.df251b06": "Find",
|
||||
"i18n:govoplan-files.first.49ec0838": "first.",
|
||||
"i18n:govoplan-files.folder_name.b2ce023b": "Ordnername",
|
||||
"i18n:govoplan-files.folder_s.10e54730": "folder(s)",
|
||||
"i18n:govoplan-files.folder.30baa249": "Ordner",
|
||||
"i18n:govoplan-files.folders_and_files.d107ac99": "Folders and files",
|
||||
"i18n:govoplan-files.folders.19adc47b": "Ordner",
|
||||
"i18n:govoplan-files.gb.505a44fa": "GB",
|
||||
"i18n:govoplan-files.generic.ff7613e5": "Generic",
|
||||
"i18n:govoplan-files.govoplan_files.b20752ed": "GovOPlaN files",
|
||||
"i18n:govoplan-files.govoplan_webdav_credentials.bc696d69": "GovOPlaN WebDAV credentials",
|
||||
"i18n:govoplan-files.group.171a0606": "Group",
|
||||
"i18n:govoplan-files.groups": "Gruppen",
|
||||
"i18n:govoplan-files.import.d6fbc9d2": "Import",
|
||||
"i18n:govoplan-files.inherited.58823af0": "Inherited",
|
||||
"i18n:govoplan-files.kb.315b39a0": "KB",
|
||||
"i18n:govoplan-files.kerberos.53c35fb7": "Kerberos",
|
||||
"i18n:govoplan-files.label.74341e3c": "Label",
|
||||
"i18n:govoplan-files.leave_empty_to_keep_saved_password.6ec39f5e": "Leave empty to keep saved password",
|
||||
"i18n:govoplan-files.leave_empty_to_keep_saved_token.e725857b": "Leave empty to keep saved token",
|
||||
"i18n:govoplan-files.library.b8100f5b": "Library",
|
||||
"i18n:govoplan-files.linked_file_space.1a614c7d": "Linked file space",
|
||||
"i18n:govoplan-files.linked_to_1_campaign.5349694f": "Linked to 1 campaign",
|
||||
"i18n:govoplan-files.linked_to_value_campaigns.1ad7be94": "Linked to {value0} campaigns",
|
||||
"i18n:govoplan-files.linked_to.ca188768": "linked to",
|
||||
"i18n:govoplan-files.linked_to.e7ca9e02": "Linked to",
|
||||
"i18n:govoplan-files.linking.6f640897": "Linking…",
|
||||
"i18n:govoplan-files.loading_connector_files.02c876e0": "Loading connector files…",
|
||||
"i18n:govoplan-files.loading_connector_files.e5b0871d": "Loading connector files",
|
||||
"i18n:govoplan-files.loading_connector_folders.426de3b6": "Loading connector folders",
|
||||
"i18n:govoplan-files.loading_connector_folders.dde26f3e": "Loading connector folders...",
|
||||
"i18n:govoplan-files.loading_connector_policy.2b984eec": "Loading connector policy...",
|
||||
"i18n:govoplan-files.loading_connector_policy.f12ab285": "Loading connector policy",
|
||||
"i18n:govoplan-files.loading_connector_space.356d83c6": "Loading connector space…",
|
||||
"i18n:govoplan-files.loading_connector_space.c176e6b8": "Loading connector space",
|
||||
"i18n:govoplan-files.loading_file_connections.bd68f224": "Loading file connections",
|
||||
"i18n:govoplan-files.loading_file_connections.ef22dc81": "Loading file connections...",
|
||||
"i18n:govoplan-files.loading_files.3b142382": "Loading files",
|
||||
"i18n:govoplan-files.loading_files.bfd27a7e": "Loading files…",
|
||||
"i18n:govoplan-files.loading.b04ba49f": "Loading...",
|
||||
"i18n:govoplan-files.lower_connection_limits.4f9838bc": "Lower connection limits",
|
||||
"i18n:govoplan-files.lower_credential_limits.ec2b72bc": "Lower credential limits",
|
||||
"i18n:govoplan-files.lower_endpoint_limits.3fd781d5": "Lower endpoint limits",
|
||||
"i18n:govoplan-files.lower_path_limits.1abcccb1": "Lower path limits",
|
||||
"i18n:govoplan-files.lower_provider_limits.5816270a": "Lower provider limits",
|
||||
"i18n:govoplan-files.managed_files.4dd6ad11": "Verwaltete Dateien",
|
||||
"i18n:govoplan-files.match.c79af5c2": "match.",
|
||||
"i18n:govoplan-files.mb.6e979f42": "MB",
|
||||
"i18n:govoplan-files.metadata_json_must_be_an_object.48629f13": "Metadata JSON must be an object.",
|
||||
"i18n:govoplan-files.metadata_json.b0e4c283": "Metadata JSON",
|
||||
"i18n:govoplan-files.mode.a7b93d21": "Mode",
|
||||
"i18n:govoplan-files.modified.19a532c8": "Modified",
|
||||
"i18n:govoplan-files.more_show_next.f1912318": "more — show next",
|
||||
"i18n:govoplan-files.move.76cdb950": "Verschieben",
|
||||
"i18n:govoplan-files.move.8a74a26e": "Move…",
|
||||
"i18n:govoplan-files.moved.0fc28db0": "Moved",
|
||||
"i18n:govoplan-files.moving.65cd4dd8": "Moving",
|
||||
"i18n:govoplan-files.must_stay_in_allowed_paths.dc5b4eb4": "Must stay in allowed paths",
|
||||
"i18n:govoplan-files.name.709a2322": "Name",
|
||||
"i18n:govoplan-files.native_default.ba32f7b6": "Native/default",
|
||||
"i18n:govoplan-files.new_connection.ac979fe4": "New connection",
|
||||
"i18n:govoplan-files.new_credential.65b2a9b1": "New credential",
|
||||
"i18n:govoplan-files.new_file_connection.2ec6eb56": "New file connection",
|
||||
"i18n:govoplan-files.new_file_credential.4c061082": "New file credential",
|
||||
"i18n:govoplan-files.new_folder.a711999b": "Neuer Ordner",
|
||||
"i18n:govoplan-files.new_name.9e627c7b": "New name",
|
||||
"i18n:govoplan-files.new_path_for_value.a9a30c1c": "New path for {value0}",
|
||||
"i18n:govoplan-files.nextcloud.aab73a3d": "Nextcloud",
|
||||
"i18n:govoplan-files.nfs.db121865": "NFS",
|
||||
"i18n:govoplan-files.no_accessible_file_spaces_were_found.abcf5003": "No accessible file spaces were found.",
|
||||
"i18n:govoplan-files.no_campaign_links.4203c2be": "No campaign links",
|
||||
"i18n:govoplan-files.no_connector_items.d634e023": "No connector items.",
|
||||
"i18n:govoplan-files.no_connector_profiles_are_available.9be3be28": "No connector profiles are available.",
|
||||
"i18n:govoplan-files.no_connector_profiles.03c730ee": "No connector profiles",
|
||||
"i18n:govoplan-files.no_current_files_match_this_pattern.b84c5836": "No current files match this pattern.",
|
||||
"i18n:govoplan-files.no_endpoint.d0ea68c4": "No endpoint",
|
||||
"i18n:govoplan-files.no_file_connections_configured.3ef02049": "No file connections configured.",
|
||||
"i18n:govoplan-files.no_file_selected.f76f1c1c": "No file selected",
|
||||
"i18n:govoplan-files.no_file_spaces_available.a81fa3d0": "No file spaces available.",
|
||||
"i18n:govoplan-files.no_value_available": "Keine {value0} verfügbar.",
|
||||
"i18n:govoplan-files.no_files_uploaded_all_conflicts_were_skipped.1166f3b5": "No files uploaded; all conflicts were skipped.",
|
||||
"i18n:govoplan-files.no_folders_yet_choose_the_root_folder.6430304d": "No folders yet. Choose the root folder.",
|
||||
"i18n:govoplan-files.no_saved_credential.30a5a951": "No saved credential",
|
||||
"i18n:govoplan-files.no_secret.33c1a339": "No secret",
|
||||
"i18n:govoplan-files.none.6eef6648": "Keine",
|
||||
"i18n:govoplan-files.not_sorted.0abc03c5": "not sorted",
|
||||
"i18n:govoplan-files.ntlm.026eac85": "NTLM",
|
||||
"i18n:govoplan-files.only_the_visible_name_changes_immutable_blobs_st.01557e71": "Only the visible name changes. Immutable blobs stay stable for audit.",
|
||||
"i18n:govoplan-files.open_parent_folder_value.8030a7c7": "Open parent folder {value0}",
|
||||
"i18n:govoplan-files.overwrite_all.a76f2d04": "Overwrite all",
|
||||
"i18n:govoplan-files.overwrite.0625c54e": "Overwrite",
|
||||
"i18n:govoplan-files.owner_space.364c4b62": "Owner space",
|
||||
"i18n:govoplan-files.parent_folder.d8ed4c2a": "Parent folder",
|
||||
"i18n:govoplan-files.password_environment_variable.0e77673f": "Password environment variable",
|
||||
"i18n:govoplan-files.password.8be3c943": "Passwort",
|
||||
"i18n:govoplan-files.path_limited.d32cbef0": "Path-limited",
|
||||
"i18n:govoplan-files.pattern_preview_results.56cea56c": "Pattern preview results",
|
||||
"i18n:govoplan-files.policy.bb9cf141": "Richtlinie",
|
||||
"i18n:govoplan-files.prefix.90eceb01": "Prefix",
|
||||
"i18n:govoplan-files.preview_rename.bb890b24": "Preview rename",
|
||||
"i18n:govoplan-files.preview_resolves_to.a8d99432": "Preview resolves to",
|
||||
"i18n:govoplan-files.preview.f1fbb2b4": "Vorschau",
|
||||
"i18n:govoplan-files.profile_id_and_label_are_required.6ad85df1": "Profile id and label are required.",
|
||||
"i18n:govoplan-files.profile_id.25961d68": "Profile id",
|
||||
"i18n:govoplan-files.provider.7ceee3f3": "Provider",
|
||||
"i18n:govoplan-files.read_only.9b19a5a2": "Read-only",
|
||||
"i18n:govoplan-files.refresh.56e3badc": "Refresh",
|
||||
"i18n:govoplan-files.reload.cce71553": "Neu laden",
|
||||
"i18n:govoplan-files.remote_connector_space.d8956863": "Remote connector space",
|
||||
"i18n:govoplan-files.rename_all.1d6b24dc": "Rename all",
|
||||
"i18n:govoplan-files.rename_item.3d21d6ca": "Rename item",
|
||||
"i18n:govoplan-files.rename.d3f4cb89": "Umbenennen",
|
||||
"i18n:govoplan-files.renamed_value_item_s.3c4a40fe": "Renamed {value0} item(s).",
|
||||
"i18n:govoplan-files.replace_pattern.d98e4c92": "Replace pattern",
|
||||
"i18n:govoplan-files.replace_the_current_pattern.96f80707": "Replace the current pattern?",
|
||||
"i18n:govoplan-files.replace_value_with_the_exact_file_value.4a63236f": "Replace \"{value0}\" with the exact file \"{value1}\"?",
|
||||
"i18n:govoplan-files.replacement.c385e347": "Replacement",
|
||||
"i18n:govoplan-files.require_smb_signing.5168a83d": "Require SMB signing",
|
||||
"i18n:govoplan-files.review_individually.19abbe58": "Review individually",
|
||||
"i18n:govoplan-files.root.e96857c5": "Wurzel",
|
||||
"i18n:govoplan-files.save_connection.07796d38": "Save connection",
|
||||
"i18n:govoplan-files.save_credential.2c02a6d2": "Save credential",
|
||||
"i18n:govoplan-files.save_policy.77d67ce3": "Save policy",
|
||||
"i18n:govoplan-files.saving.56a2285c": "Saving…",
|
||||
"i18n:govoplan-files.saving.ae7e8875": "Saving...",
|
||||
"i18n:govoplan-files.seafile.600192cc": "Seafile",
|
||||
"i18n:govoplan-files.search_this_folder_pdf_pdf_or_2026_pdf.74dec36a": "Search this folder: *.pdf, **/*.pdf or 2026-??-*.pdf",
|
||||
"i18n:govoplan-files.search.bce06414": "Suchen",
|
||||
"i18n:govoplan-files.secret_configured.4dc0f095": "Secret configured",
|
||||
"i18n:govoplan-files.secret_reference.04ed2221": "Secret reference",
|
||||
"i18n:govoplan-files.select_a_remote_file_to_sync_into_the_destinatio.80477a47": "Select a remote file to sync into the destination folder.",
|
||||
"i18n:govoplan-files.select_a_remote_file_to_sync_it_into_this_space_.8e58a5ae": "Select a remote file to sync it into this space owner.",
|
||||
"i18n:govoplan-files.select_the_space_that_will_receive_the_selected_.0a8bea8f": "Select the space that will receive the selected file(s) or folder(s).",
|
||||
"i18n:govoplan-files.selected.840fac38": " · Selected",
|
||||
"i18n:govoplan-files.show_fewer.d94dfbe5": "Show fewer",
|
||||
"i18n:govoplan-files.size.b7152342": "Größe",
|
||||
"i18n:govoplan-files.skip.3da47453": "Skip",
|
||||
"i18n:govoplan-files.smb_authentication.96f7cb83": "SMB authentication",
|
||||
"i18n:govoplan-files.smb.515d2f88": "SMB",
|
||||
"i18n:govoplan-files.space_label.ec892726": "Space label",
|
||||
"i18n:govoplan-files.spaces.9b584b52": "Spaces",
|
||||
"i18n:govoplan-files.status.bae7d5be": "Status",
|
||||
"i18n:govoplan-files.suffix.885db975": "Suffix",
|
||||
"i18n:govoplan-files.sync_to_value_value.29c362ea": "Sync to {value0} / {value1}",
|
||||
"i18n:govoplan-files.sync.905f6309": "Sync",
|
||||
"i18n:govoplan-files.synced_new_file.d5e8243d": "Synced new file",
|
||||
"i18n:govoplan-files.synced_new_version.83784264": "Synced new version",
|
||||
"i18n:govoplan-files.system.bc0792d8": "System",
|
||||
"i18n:govoplan-files.target.61ad50a9": "Target",
|
||||
"i18n:govoplan-files.tb.f8a902b0": "TB",
|
||||
"i18n:govoplan-files.tenant.3ca93c78": "Tenant",
|
||||
"i18n:govoplan-files.test_value.6a5d10a5": "Test {value0}",
|
||||
"i18n:govoplan-files.testing.15ccc832": "Testing...",
|
||||
"i18n:govoplan-files.the_configured_managed_file_space_is_no_longer_a.5e93b729": "The configured managed file space is no longer available to this user.",
|
||||
"i18n:govoplan-files.this_attachment_base_path_is_not_connected_to_a_.3962b48f": "This attachment base path is not connected to a managed file space. Choose its folder under",
|
||||
"i18n:govoplan-files.this_file_connection.edcde997": "this file connection",
|
||||
"i18n:govoplan-files.this_file_credential.695efb90": "this file credential",
|
||||
"i18n:govoplan-files.this_folder_is_empty_upload_files_in_the_top_lev.cb6c3a1a": "This folder is empty. Upload files in the top-level Files module.",
|
||||
"i18n:govoplan-files.this_folder_is_empty_use_upload_or_create_folder.5977d784": "This folder is empty. Use Upload or Create Folder to add content.",
|
||||
"i18n:govoplan-files.token_environment_variable.5af4a79e": "Token environment variable",
|
||||
"i18n:govoplan-files.token.a1141eb9": "Token",
|
||||
"i18n:govoplan-files.unpack_zip_uploads.256fead4": "Unpack ZIP uploads",
|
||||
"i18n:govoplan-files.unpacking_zip_archive.698095f4": "Unpacking ZIP archive",
|
||||
"i18n:govoplan-files.unpacking_zip_upload.35019691": "Unpacking ZIP upload…",
|
||||
"i18n:govoplan-files.up.2038bdec": "Up",
|
||||
"i18n:govoplan-files.upload_failed_because_the_network_request_could_.360a5ab3": "Upload failed because the network request could not be completed.",
|
||||
"i18n:govoplan-files.upload_to_value_value.b83a34b4": "Upload to {value0} / {value1}",
|
||||
"i18n:govoplan-files.upload_was_cancelled.5bab0f9b": "Upload was cancelled.",
|
||||
"i18n:govoplan-files.upload.8bdf057f": "Hochladen",
|
||||
"i18n:govoplan-files.uploaded_value_file_s_into_value.d0fa052b": "Uploaded {value0} file(s) into {value1}.",
|
||||
"i18n:govoplan-files.uploading_files.6536791d": "Uploading files",
|
||||
"i18n:govoplan-files.uploading_value_file_s.715ba963": "Uploading {value0} file(s)…",
|
||||
"i18n:govoplan-files.use_pattern.ce54ba3e": "Use pattern",
|
||||
"i18n:govoplan-files.use_this_folder.0e77d6d1": "Use this folder",
|
||||
"i18n:govoplan-files.user.9f8a2389": "User",
|
||||
"i18n:govoplan-files.users": "Benutzer",
|
||||
"i18n:govoplan-files.username_password.e8ba8896": "Username/password",
|
||||
"i18n:govoplan-files.username.84c29015": "Benutzername",
|
||||
"i18n:govoplan-files.value_conflict_s.b3872a48": "{value0} conflict(s)",
|
||||
"i18n:govoplan-files.value_connector_policy_saved.430d4eca": "{value0} connector policy saved.",
|
||||
"i18n:govoplan-files.value_connector_policy.0bf7f53b": "{value0} connector policy",
|
||||
"i18n:govoplan-files.value_file_shown_for_context.3d6e0acb": "{value0}, file shown for context",
|
||||
"i18n:govoplan-files.value_folder_s_value_file_s.76b92c8c": "{value0} folder(s) · {value1} file(s)",
|
||||
"i18n:govoplan-files.value_this_selection_would_create_duplicate_visi.26ae34d4": "{value0} this selection would create duplicate visible names in the destination.",
|
||||
"i18n:govoplan-files.value_upload_conflict_s.3a04f117": "{value0} upload conflict(s)",
|
||||
"i18n:govoplan-files.value_value_activate_to_sort.3953ba71": "{value0}: {value1}. Activate to sort.",
|
||||
"i18n:govoplan-files.value_value_file_s_and_value_folder_s.c160e725": "{value0} {value1} file(s) and {value2} folder(s).",
|
||||
"i18n:govoplan-files.value_value.36bc3a40": "{value0}: {value1}.",
|
||||
"i18n:govoplan-files.value_value.598aab59": "{value0} -> {value1}",
|
||||
"i18n:govoplan-files.value_value.c189e8bc": "{value0} ({value1})",
|
||||
"i18n:govoplan-files.value_value.dca59cc0": "{value0} {value1}",
|
||||
"i18n:govoplan-files.value.48afe802": "· {value0}",
|
||||
"i18n:govoplan-files.value_file_connections": "{value0}-Dateiverbindungen",
|
||||
"i18n:govoplan-files.value_scope": "Geltungsbereich: {value0}",
|
||||
"i18n:govoplan-files.visible_file_s_were_not_matched.dc497e90": "visible file(s) were not matched.",
|
||||
"i18n:govoplan-files.webdav.521b4c8b": "WebDAV",
|
||||
"i18n:govoplan-files.working.13b7bfca": "Wird ausgeführt...",
|
||||
"i18n:govoplan-files.writable.dd35487a": "Writable"
|
||||
}
|
||||
};
|
||||
@@ -1,10 +1,11 @@
|
||||
import "./styles/file-manager.css";
|
||||
export { default } from "./module";
|
||||
export * from "./module";
|
||||
export { default as FilesPage } from "./features/files/FilesPage";
|
||||
export * from "./api/files";
|
||||
export type { PlatformWebModule, PlatformNavItem, PlatformRouteContribution, PlatformRouteContext } from "@govoplan/core-webui";
|
||||
export { FolderTree } from "./features/files/components/FileManagerComponents";
|
||||
export { default as ManagedFileChooser } from "./features/files/components/ManagedFileChooser";
|
||||
export type { ManagedAttachmentSelection, ManagedFolderSelection } from "./features/files/components/ManagedFileChooser";
|
||||
export { useFileTreeState } from "./features/files/hooks/useFileTreeState";
|
||||
export type { FolderNode, SortColumn, SortDirection } from "./features/files/types";
|
||||
export { buildExplorerEntries, buildFolderEntryFromSources, buildFolderTree, candidateRenamedPath, directFolderCounts, entryModifiedTime, entryName, entrySelectionKey, entrySize, fileIdsForSelection, folderAncestorPaths, folderBreadcrumbs, folderContentLabel, formatBytes, formatDate, isFileInFolder, isPathUnderOrSame, joinFolder, lastPathSegment, normalizeFilePath, normalizeFolder, parentFolderPath, parseDragState, sortExplorerEntries, sortFolderNodes, treeNodeKey } from "./features/files/utils/fileManagerUtils";
|
||||
|
||||
@@ -1,18 +1,74 @@
|
||||
import { createElement, lazy } from "react";
|
||||
import type { PlatformWebModule } from "@govoplan/core-webui";
|
||||
import { hasScope, type AdminSectionsUiCapability, type FilesConnectorsUiCapability, type FilesFileExplorerUiCapability, type PlatformWebModule } from "@govoplan/core-webui";
|
||||
import { FolderTree } from "./features/files/components/FileManagerComponents";
|
||||
import FileConnectorSettingsPanel from "./features/files/FileConnectorSettingsPanel";
|
||||
import ManagedFileChooser from "./features/files/components/ManagedFileChooser";
|
||||
import { listFileSpaces, listFiles, listFilesDelta, listFolders, resolveFilePatterns, shareFilesWithTarget } from "./api/files";
|
||||
import { generatedTranslations } from "./i18n/generatedTranslations";
|
||||
import "./styles/file-manager.css";
|
||||
|
||||
const FilesPage = lazy(() => import("./features/files/FilesPage"));
|
||||
|
||||
const fileRead = ["files:file:read"];
|
||||
const translations = {
|
||||
en: generatedTranslations.en,
|
||||
de: generatedTranslations.de
|
||||
};
|
||||
const fileConnectorAdminSections: AdminSectionsUiCapability = {
|
||||
sections: [
|
||||
{
|
||||
id: "system-file-connectors",
|
||||
label: "i18n:govoplan-files.file_connections.1e362326",
|
||||
group: "SYSTEM",
|
||||
order: 75,
|
||||
anyOf: ["system:settings:read", "files:file:admin"],
|
||||
render: ({ settings, auth }) => createElement(FileConnectorSettingsPanel, {
|
||||
settings,
|
||||
scopeType: "system",
|
||||
canWrite: hasScope(auth, "system:settings:write") || hasScope(auth, "files:file:admin")
|
||||
})
|
||||
},
|
||||
{
|
||||
id: "tenant-file-connectors",
|
||||
label: "i18n:govoplan-files.file_connections.1e362326",
|
||||
group: "TENANT",
|
||||
order: 65,
|
||||
anyOf: ["admin:settings:read", "files:file:admin"],
|
||||
render: ({ settings, auth }) => createElement(FileConnectorSettingsPanel, {
|
||||
settings,
|
||||
scopeType: "tenant",
|
||||
canWrite: hasScope(auth, "admin:settings:write") || hasScope(auth, "files:file:admin")
|
||||
})
|
||||
}]
|
||||
|
||||
};
|
||||
|
||||
export const filesModule: PlatformWebModule = {
|
||||
id: "files",
|
||||
label: "Files",
|
||||
label: "i18n:govoplan-files.files.6ce6c512",
|
||||
version: "1.0.0",
|
||||
dependencies: ["access"],
|
||||
navItems: [{ to: "/files", label: "Files", iconName: "folder", anyOf: fileRead, order: 40 }],
|
||||
translations,
|
||||
navItems: [{ to: "/files", label: "i18n:govoplan-files.files.6ce6c512", iconName: "folder", anyOf: fileRead, order: 40 }],
|
||||
routes: [
|
||||
{ path: "/files", anyOf: fileRead, order: 40, render: ({ settings, auth }) => createElement(FilesPage, { settings, auth }) }
|
||||
]
|
||||
{ path: "/files", anyOf: fileRead, order: 40, render: ({ settings, auth }) => createElement(FilesPage, { settings, auth }) }],
|
||||
|
||||
uiCapabilities: {
|
||||
"files.fileExplorer": {
|
||||
FolderTree,
|
||||
ManagedFileChooser,
|
||||
listFileSpaces,
|
||||
listFiles,
|
||||
listFilesDelta,
|
||||
listFolders,
|
||||
resolveFilePatterns,
|
||||
shareFilesWithTarget
|
||||
} satisfies FilesFileExplorerUiCapability,
|
||||
"files.connectors": {
|
||||
FileConnectorScopeManager: FileConnectorSettingsPanel
|
||||
} satisfies FilesConnectorsUiCapability,
|
||||
"admin.sections": fileConnectorAdminSections
|
||||
}
|
||||
};
|
||||
|
||||
export default filesModule;
|
||||
|
||||
@@ -35,134 +35,6 @@
|
||||
background: var(--panel);
|
||||
}
|
||||
|
||||
.file-tree-panel {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
min-width: 0;
|
||||
min-height: 0;
|
||||
border-right: 1px solid var(--line);
|
||||
background: linear-gradient(180deg, var(--panel-soft), var(--panel));
|
||||
}
|
||||
|
||||
.file-tree-heading {
|
||||
flex: 0 0 auto;
|
||||
padding: 13px 14px;
|
||||
border-bottom: 1px solid var(--line);
|
||||
color: var(--muted);
|
||||
font-size: 12px;
|
||||
font-weight: 800;
|
||||
letter-spacing: .05em;
|
||||
text-transform: uppercase;
|
||||
}
|
||||
|
||||
.file-tree-list {
|
||||
flex: 1 1 auto;
|
||||
min-height: 0;
|
||||
overflow: auto;
|
||||
padding: 0px 0px 16px;
|
||||
}
|
||||
|
||||
.file-tree-space + .file-tree-space {
|
||||
margin-top: 10px;
|
||||
padding-top: 10px;
|
||||
border-top: 1px solid var(--line);
|
||||
}
|
||||
|
||||
.file-tree-node-wrap {
|
||||
display: grid;
|
||||
grid-template-columns: 26px minmax(0, 1fr);
|
||||
align-items: center;
|
||||
gap: 2px;
|
||||
border-radius: 0px;
|
||||
}
|
||||
|
||||
.file-tree-node,
|
||||
.file-tree-select,
|
||||
.file-tree-toggle {
|
||||
border: 0;
|
||||
background: transparent;
|
||||
color: var(--text);
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.file-tree-toggle {
|
||||
display: grid;
|
||||
place-items: center;
|
||||
width: 26px;
|
||||
height: 32px;
|
||||
border-radius: 0px;
|
||||
color: var(--muted);
|
||||
}
|
||||
|
||||
.file-tree-toggle:disabled {
|
||||
cursor: default;
|
||||
opacity: .55;
|
||||
}
|
||||
|
||||
.file-tree-node {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 8px;
|
||||
min-width: 0;
|
||||
width: 100%;
|
||||
padding: 8px 9px;
|
||||
border-radius: 0px;
|
||||
font: inherit;
|
||||
text-align: left;
|
||||
user-select: none;
|
||||
}
|
||||
|
||||
.file-tree-node span {
|
||||
overflow: hidden;
|
||||
text-overflow: ellipsis;
|
||||
white-space: nowrap;
|
||||
}
|
||||
|
||||
.file-tree-root {
|
||||
font-weight: 800;
|
||||
}
|
||||
|
||||
.file-tree-select {
|
||||
width: 24px;
|
||||
height: 24px;
|
||||
border-radius: 999px;
|
||||
color: var(--text-strong);
|
||||
font-weight: 900;
|
||||
line-height: 1;
|
||||
}
|
||||
|
||||
.file-tree-node-wrap:hover,
|
||||
.file-tree-node-wrap:focus-within,
|
||||
.file-tree-node-wrap.is-active,
|
||||
.file-tree-root:hover:not(:disabled),
|
||||
.file-tree-root:focus-visible,
|
||||
.file-tree-root.is-active {
|
||||
background: var(--line);
|
||||
outline: none;
|
||||
}
|
||||
|
||||
.file-tree-node:focus-visible,
|
||||
.file-tree-toggle:focus-visible,
|
||||
.file-tree-select:focus-visible {
|
||||
outline: none;
|
||||
}
|
||||
|
||||
.file-tree-node-wrap.is-drop-target,
|
||||
.file-tree-root.is-drop-target {
|
||||
background: var(--line);
|
||||
box-shadow: inset 0 0 0 2px var(--line-dark);
|
||||
}
|
||||
|
||||
.file-tree-node-wrap.is-selected .file-tree-select {
|
||||
background: #0d6efd;
|
||||
color: #fff;
|
||||
}
|
||||
|
||||
.file-tree-children {
|
||||
display: grid;
|
||||
gap: 1px;
|
||||
}
|
||||
|
||||
.file-list-panel {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
@@ -356,6 +228,16 @@
|
||||
font-size: 12px;
|
||||
}
|
||||
|
||||
.file-linkage-status {
|
||||
display: inline-flex;
|
||||
align-items: center;
|
||||
gap: 4px;
|
||||
}
|
||||
|
||||
.file-linkage-status.is-linked {
|
||||
color: var(--text-strong);
|
||||
}
|
||||
|
||||
.file-row-icon {
|
||||
color: var(--muted);
|
||||
flex: 0 0 auto;
|
||||
@@ -381,6 +263,11 @@
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
.file-list-virtual-spacer {
|
||||
min-height: 0;
|
||||
pointer-events: none;
|
||||
}
|
||||
|
||||
.file-context-menu {
|
||||
position: fixed;
|
||||
z-index: 110;
|
||||
@@ -473,37 +360,6 @@
|
||||
padding: 18px;
|
||||
}
|
||||
|
||||
.file-upload-drop-zone {
|
||||
display: grid;
|
||||
place-items: center;
|
||||
gap: 8px;
|
||||
min-height: 170px;
|
||||
border: 1px dashed var(--line-dark);
|
||||
border-radius: 14px;
|
||||
background: var(--panel-soft);
|
||||
color: var(--muted);
|
||||
text-align: center;
|
||||
cursor: pointer;
|
||||
transition: border-color .16s ease, background .16s ease, box-shadow .16s ease;
|
||||
}
|
||||
|
||||
.file-upload-drop-zone:hover,
|
||||
.file-upload-drop-zone:focus-visible,
|
||||
.file-upload-drop-zone.is-active {
|
||||
border-color: #0d6efd;
|
||||
background: rgba(13, 110, 253, .08);
|
||||
}
|
||||
|
||||
.file-upload-drop-zone:focus-visible {
|
||||
outline: none;
|
||||
box-shadow: 0 0 0 3px rgba(13, 110, 253, .18);
|
||||
}
|
||||
|
||||
.file-upload-drop-zone[aria-disabled="true"] {
|
||||
cursor: not-allowed;
|
||||
opacity: .65;
|
||||
}
|
||||
|
||||
.field-error {
|
||||
color: var(--danger-text);
|
||||
font-weight: 700;
|
||||
@@ -590,6 +446,278 @@
|
||||
gap: 2px;
|
||||
}
|
||||
|
||||
.file-dialog:has(.connector-sync-grid) {
|
||||
width: min(820px, 100%);
|
||||
}
|
||||
|
||||
.connector-sync-grid {
|
||||
display: grid;
|
||||
grid-template-columns: minmax(0, .9fr) minmax(0, 1.1fr);
|
||||
gap: 16px;
|
||||
align-items: start;
|
||||
}
|
||||
|
||||
.connector-browser {
|
||||
display: grid;
|
||||
grid-template-rows: auto auto minmax(0, 1fr);
|
||||
min-height: 320px;
|
||||
overflow: hidden;
|
||||
border: 1px solid var(--line);
|
||||
border-radius: 12px;
|
||||
background: var(--panel);
|
||||
}
|
||||
|
||||
.connector-browser-toolbar {
|
||||
display: grid;
|
||||
grid-template-columns: auto minmax(0, 1fr) auto;
|
||||
gap: 10px;
|
||||
align-items: center;
|
||||
padding: 10px;
|
||||
border-bottom: 1px solid var(--line);
|
||||
background: var(--panel-soft);
|
||||
}
|
||||
|
||||
.connector-browser-path {
|
||||
min-width: 0;
|
||||
overflow: hidden;
|
||||
color: var(--text-strong);
|
||||
font-size: 13px;
|
||||
font-weight: 800;
|
||||
text-overflow: ellipsis;
|
||||
white-space: nowrap;
|
||||
}
|
||||
|
||||
.connector-browser-error {
|
||||
margin: 0;
|
||||
padding: 8px 10px 0;
|
||||
}
|
||||
|
||||
.connector-browser-list {
|
||||
display: grid;
|
||||
align-content: start;
|
||||
min-height: 0;
|
||||
overflow: auto;
|
||||
padding: 6px;
|
||||
}
|
||||
|
||||
.connector-browser-row {
|
||||
display: grid;
|
||||
grid-template-columns: 22px minmax(0, 1fr);
|
||||
gap: 10px;
|
||||
align-items: center;
|
||||
min-height: 48px;
|
||||
width: 100%;
|
||||
border: 0;
|
||||
border-radius: 8px;
|
||||
background: transparent;
|
||||
color: var(--text);
|
||||
cursor: pointer;
|
||||
font: inherit;
|
||||
padding: 8px 9px;
|
||||
text-align: left;
|
||||
}
|
||||
|
||||
.connector-browser-row:hover:not(:disabled),
|
||||
.connector-browser-row:focus-visible,
|
||||
.connector-browser-row.is-selected {
|
||||
background: var(--line);
|
||||
outline: none;
|
||||
}
|
||||
|
||||
.connector-browser-row.is-selected {
|
||||
box-shadow: inset 0 0 0 1px var(--line-dark);
|
||||
}
|
||||
|
||||
.connector-browser-row > span {
|
||||
display: grid;
|
||||
gap: 2px;
|
||||
min-width: 0;
|
||||
}
|
||||
|
||||
.connector-browser-row strong,
|
||||
.connector-browser-row small {
|
||||
overflow: hidden;
|
||||
text-overflow: ellipsis;
|
||||
white-space: nowrap;
|
||||
}
|
||||
|
||||
.connector-browser-row small {
|
||||
color: var(--muted);
|
||||
font-size: 12px;
|
||||
}
|
||||
|
||||
.connector-browser-empty {
|
||||
display: inline-flex;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
gap: 8px;
|
||||
min-height: 120px;
|
||||
color: var(--muted);
|
||||
font-weight: 700;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
.connector-space-panel {
|
||||
display: grid;
|
||||
grid-template-rows: minmax(0, 1fr) auto;
|
||||
gap: 12px;
|
||||
flex: 1 1 auto;
|
||||
min-height: 0;
|
||||
overflow: hidden;
|
||||
padding: 12px;
|
||||
}
|
||||
|
||||
.connector-space-browser {
|
||||
min-height: 0;
|
||||
border-radius: 0;
|
||||
}
|
||||
|
||||
.connector-sync-selection {
|
||||
display: grid;
|
||||
gap: 3px;
|
||||
min-width: 0;
|
||||
padding: 10px 12px;
|
||||
border: 1px solid var(--line);
|
||||
border-radius: 10px;
|
||||
background: var(--panel-soft);
|
||||
}
|
||||
|
||||
.connector-sync-selection strong,
|
||||
.connector-sync-selection small {
|
||||
overflow: hidden;
|
||||
text-overflow: ellipsis;
|
||||
white-space: nowrap;
|
||||
}
|
||||
|
||||
.connector-sync-selection small {
|
||||
color: var(--muted);
|
||||
}
|
||||
|
||||
.file-connector-settings-panel {
|
||||
display: grid;
|
||||
gap: 16px;
|
||||
}
|
||||
|
||||
.file-connector-settings-empty,
|
||||
.file-connector-profile-row,
|
||||
.file-connector-profile-main,
|
||||
.file-connector-profile-actions,
|
||||
.file-connector-settings-section {
|
||||
min-width: 0;
|
||||
}
|
||||
|
||||
.file-connector-settings-empty {
|
||||
display: inline-flex;
|
||||
align-items: center;
|
||||
gap: 8px;
|
||||
color: var(--muted);
|
||||
font-weight: 700;
|
||||
}
|
||||
|
||||
.file-connector-profile-list {
|
||||
display: grid;
|
||||
gap: 10px;
|
||||
}
|
||||
|
||||
.file-connector-profile-row {
|
||||
display: grid;
|
||||
grid-template-columns: minmax(0, 1fr) auto;
|
||||
gap: 12px;
|
||||
align-items: center;
|
||||
padding: 10px 12px;
|
||||
border: 1px solid var(--line);
|
||||
border-radius: 8px;
|
||||
background: var(--panel-soft);
|
||||
}
|
||||
|
||||
.file-connector-profile-main {
|
||||
display: grid;
|
||||
gap: 3px;
|
||||
}
|
||||
|
||||
.file-connector-profile-main strong,
|
||||
.file-connector-profile-main small {
|
||||
overflow: hidden;
|
||||
text-overflow: ellipsis;
|
||||
white-space: nowrap;
|
||||
}
|
||||
|
||||
.file-connector-profile-main small {
|
||||
color: var(--muted);
|
||||
}
|
||||
|
||||
.file-connector-test-ok {
|
||||
color: var(--success-text, var(--muted));
|
||||
}
|
||||
|
||||
.file-connector-test-error {
|
||||
color: var(--danger-text, var(--muted));
|
||||
}
|
||||
|
||||
.file-connector-profile-actions,
|
||||
.file-connector-settings-section {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 8px;
|
||||
flex-wrap: wrap;
|
||||
}
|
||||
|
||||
.file-connector-settings-section {
|
||||
margin: 14px 0;
|
||||
}
|
||||
|
||||
.file-connector-policy-locks {
|
||||
align-items: flex-start;
|
||||
}
|
||||
|
||||
.file-connector-policy-sources {
|
||||
color: var(--muted);
|
||||
font-size: 0.88rem;
|
||||
overflow-wrap: anywhere;
|
||||
}
|
||||
|
||||
.file-connector-settings-toggle-field {
|
||||
display: flex;
|
||||
align-items: end;
|
||||
min-height: 58px;
|
||||
}
|
||||
|
||||
.file-connector-provider-field {
|
||||
grid-column: 1 / -1;
|
||||
min-width: 0;
|
||||
}
|
||||
|
||||
.file-connector-provider-switch {
|
||||
grid-auto-columns: minmax(86px, 1fr);
|
||||
overflow-x: auto;
|
||||
}
|
||||
|
||||
.file-connector-provider-switch .segmented-control-option {
|
||||
min-height: 34px;
|
||||
padding: 0 10px;
|
||||
white-space: nowrap;
|
||||
}
|
||||
|
||||
@media (max-width: 760px) {
|
||||
.file-connector-profile-row {
|
||||
grid-template-columns: 1fr;
|
||||
}
|
||||
|
||||
.file-connector-profile-actions {
|
||||
justify-content: flex-start;
|
||||
}
|
||||
}
|
||||
|
||||
@media (max-width: 760px) {
|
||||
.connector-sync-grid {
|
||||
grid-template-columns: 1fr;
|
||||
}
|
||||
|
||||
.connector-browser {
|
||||
min-height: 260px;
|
||||
}
|
||||
}
|
||||
|
||||
@media (max-width: 1050px) {
|
||||
.file-manager-shell {
|
||||
grid-template-columns: 1fr;
|
||||
@@ -719,3 +847,478 @@
|
||||
color: var(--text-strong);
|
||||
outline: none;
|
||||
}
|
||||
|
||||
/* Managed file chooser exposed through the files.fileExplorer capability. */
|
||||
.managed-file-chooser-dialog {
|
||||
display: grid;
|
||||
grid-template-rows: auto minmax(0, 1fr) auto;
|
||||
width: min(1080px, calc(100vw - 40px));
|
||||
height: min(820px, calc(100vh - 40px));
|
||||
max-height: min(820px, calc(100vh - 40px));
|
||||
overflow: hidden;
|
||||
}
|
||||
|
||||
.managed-file-chooser-dialog > .dialog-header {
|
||||
padding: 16px 18px;
|
||||
border-bottom: 1px solid var(--line);
|
||||
background: var(--panel);
|
||||
}
|
||||
|
||||
.managed-file-chooser-body {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
gap: 14px;
|
||||
min-height: 0;
|
||||
overflow: hidden;
|
||||
padding: 0;
|
||||
}
|
||||
|
||||
.managed-file-chooser-body > .alert {
|
||||
margin: 14px 14px 0;
|
||||
}
|
||||
|
||||
.managed-file-chooser-loading-frame {
|
||||
display: flex;
|
||||
flex: 1 1 auto;
|
||||
min-height: 0;
|
||||
}
|
||||
|
||||
.managed-file-chooser-loading-frame > .managed-file-chooser-layout {
|
||||
flex: 1 1 auto;
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
.managed-file-chooser-footer {
|
||||
flex: 0 0 auto;
|
||||
padding: 12px 18px;
|
||||
border-top: 1px solid var(--line);
|
||||
background: var(--panel);
|
||||
box-shadow: 0 -8px 24px rgba(15, 23, 42, .06);
|
||||
}
|
||||
|
||||
.managed-file-chooser-layout {
|
||||
display: grid;
|
||||
grid-template-columns: minmax(190px, 240px) minmax(0, 1fr);
|
||||
flex: 1 1 auto;
|
||||
min-height: 0;
|
||||
max-height: none;
|
||||
border: 0;
|
||||
border-radius: 0;
|
||||
overflow: hidden;
|
||||
background: var(--panel);
|
||||
}
|
||||
|
||||
.managed-file-chooser-spaces {
|
||||
min-width: 0;
|
||||
padding: 16px;
|
||||
border-right: 1px solid var(--line);
|
||||
background: var(--panel-soft);
|
||||
overflow: auto;
|
||||
}
|
||||
|
||||
.managed-file-chooser-spaces.file-tree-panel {
|
||||
display: flex;
|
||||
padding: 0;
|
||||
overflow: hidden;
|
||||
}
|
||||
|
||||
.managed-file-chooser-spaces .file-tree-list {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
min-height: 0;
|
||||
padding-bottom: 12px;
|
||||
}
|
||||
|
||||
.managed-file-chooser-spaces .file-tree-space.is-active {
|
||||
display: flex;
|
||||
flex: 1 1 auto;
|
||||
flex-direction: column;
|
||||
min-height: 0;
|
||||
}
|
||||
|
||||
.managed-file-chooser-spaces h3 {
|
||||
margin: 0 0 12px;
|
||||
font-size: 13px;
|
||||
text-transform: uppercase;
|
||||
letter-spacing: .04em;
|
||||
color: var(--muted);
|
||||
}
|
||||
|
||||
.managed-file-space-list {
|
||||
display: grid;
|
||||
gap: 7px;
|
||||
}
|
||||
|
||||
.managed-file-space-button,
|
||||
.managed-file-entry {
|
||||
width: 100%;
|
||||
border: 1px solid transparent;
|
||||
border-radius: 9px;
|
||||
background: transparent;
|
||||
color: var(--ink);
|
||||
text-align: left;
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.managed-file-space-button {
|
||||
display: grid;
|
||||
grid-template-columns: 20px minmax(0, 1fr);
|
||||
gap: 9px;
|
||||
align-items: start;
|
||||
padding: 9px;
|
||||
}
|
||||
|
||||
.managed-file-space-button span,
|
||||
.managed-file-entry > span:not(.managed-file-shared-badge) {
|
||||
display: grid;
|
||||
gap: 2px;
|
||||
min-width: 0;
|
||||
}
|
||||
|
||||
.managed-file-space-button small,
|
||||
.managed-file-entry small {
|
||||
color: var(--muted);
|
||||
font-size: 11px;
|
||||
}
|
||||
|
||||
.managed-file-space-button:hover:not(:disabled),
|
||||
.managed-file-space-button.is-selected {
|
||||
border-color: var(--line-dark);
|
||||
background: var(--panel);
|
||||
}
|
||||
|
||||
.managed-file-space-button.is-selected {
|
||||
border-color: var(--accent);
|
||||
box-shadow: inset 3px 0 0 var(--accent);
|
||||
}
|
||||
|
||||
.managed-file-space-button:disabled {
|
||||
cursor: not-allowed;
|
||||
opacity: .45;
|
||||
}
|
||||
|
||||
.managed-file-chooser-browser {
|
||||
display: grid;
|
||||
grid-template-rows: auto auto minmax(0, 1fr) auto;
|
||||
min-width: 0;
|
||||
min-height: 0;
|
||||
}
|
||||
|
||||
.managed-file-chooser-browser.folder-mode {
|
||||
grid-template-rows: auto minmax(0, 1fr) auto;
|
||||
}
|
||||
|
||||
.managed-file-chooser-toolbar {
|
||||
display: flex;
|
||||
justify-content: space-between;
|
||||
gap: 12px;
|
||||
align-items: center;
|
||||
padding: 12px 14px;
|
||||
border-bottom: 1px solid var(--line);
|
||||
}
|
||||
|
||||
.managed-file-breadcrumb {
|
||||
display: flex;
|
||||
flex-wrap: wrap;
|
||||
gap: 5px;
|
||||
align-items: center;
|
||||
min-width: 0;
|
||||
}
|
||||
|
||||
.managed-file-breadcrumb > button,
|
||||
.managed-file-breadcrumb span button {
|
||||
display: inline-flex;
|
||||
gap: 5px;
|
||||
align-items: center;
|
||||
border: 0;
|
||||
border-radius: 6px;
|
||||
background: transparent;
|
||||
color: var(--ink);
|
||||
padding: 5px 6px;
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.managed-file-breadcrumb button:hover:not(:disabled) {
|
||||
background: var(--panel-soft);
|
||||
}
|
||||
|
||||
.managed-pattern-editor {
|
||||
display: grid;
|
||||
gap: 8px;
|
||||
padding: 12px 14px;
|
||||
border-bottom: 1px solid var(--line);
|
||||
background: var(--panel-soft);
|
||||
}
|
||||
|
||||
.managed-pattern-editor label {
|
||||
display: grid;
|
||||
gap: 6px;
|
||||
font-size: 12px;
|
||||
font-weight: 700;
|
||||
}
|
||||
|
||||
.managed-file-entry-table {
|
||||
display: grid;
|
||||
grid-template-rows: auto minmax(0, 1fr);
|
||||
min-height: 0;
|
||||
overflow: hidden;
|
||||
}
|
||||
|
||||
.managed-file-entry-head,
|
||||
.managed-file-entry {
|
||||
grid-template-columns: 22px minmax(0, 1fr) 110px 160px;
|
||||
}
|
||||
|
||||
.managed-file-entry-head {
|
||||
display: grid;
|
||||
gap: 9px;
|
||||
align-items: center;
|
||||
min-height: 38px;
|
||||
padding: 0 20px;
|
||||
border-bottom: 1px solid var(--line);
|
||||
background: var(--panel-soft);
|
||||
color: var(--muted);
|
||||
font-size: 12px;
|
||||
font-weight: 750;
|
||||
}
|
||||
|
||||
.managed-file-entry-head button {
|
||||
display: inline-flex;
|
||||
align-items: center;
|
||||
justify-content: flex-start;
|
||||
gap: 5px;
|
||||
width: max-content;
|
||||
max-width: 100%;
|
||||
border: 0;
|
||||
background: transparent;
|
||||
color: inherit;
|
||||
padding: 5px 0;
|
||||
font: inherit;
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.managed-file-entry-head button.is-sorted {
|
||||
color: var(--text-strong);
|
||||
}
|
||||
|
||||
.managed-file-entry-list {
|
||||
display: block;
|
||||
padding: 10px;
|
||||
min-height: 0;
|
||||
overflow: auto;
|
||||
}
|
||||
|
||||
.managed-file-entry {
|
||||
display: grid;
|
||||
gap: 9px;
|
||||
align-items: center;
|
||||
min-height: 52px;
|
||||
padding: 8px 10px;
|
||||
margin: 0 0 4px;
|
||||
}
|
||||
|
||||
.managed-file-entry:last-child {
|
||||
margin-bottom: 0;
|
||||
}
|
||||
|
||||
.managed-file-entry:hover:not(:disabled) {
|
||||
border-color: var(--line);
|
||||
background: var(--panel-soft);
|
||||
}
|
||||
|
||||
.managed-file-entry.is-selected {
|
||||
border-color: var(--accent);
|
||||
background: var(--accent-soft);
|
||||
}
|
||||
|
||||
.managed-file-entry:disabled {
|
||||
color: var(--ink);
|
||||
opacity: 1;
|
||||
cursor: default;
|
||||
}
|
||||
|
||||
.managed-file-entry.is-folder:not(:disabled) {
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.managed-file-entry.is-context-only {
|
||||
opacity: .56;
|
||||
}
|
||||
|
||||
.managed-file-entry.is-parent:disabled {
|
||||
opacity: .38;
|
||||
}
|
||||
|
||||
.managed-file-entry-name {
|
||||
display: grid;
|
||||
gap: 2px;
|
||||
min-width: 0;
|
||||
}
|
||||
|
||||
.managed-file-entry-name strong,
|
||||
.managed-file-entry-name small {
|
||||
overflow: hidden;
|
||||
text-overflow: ellipsis;
|
||||
white-space: nowrap;
|
||||
}
|
||||
|
||||
.managed-file-entry-name small {
|
||||
display: inline-flex;
|
||||
align-items: center;
|
||||
gap: 4px;
|
||||
}
|
||||
|
||||
.managed-file-entry-size,
|
||||
.managed-file-entry-modified {
|
||||
color: var(--muted);
|
||||
font-size: 12px;
|
||||
white-space: nowrap;
|
||||
}
|
||||
|
||||
.managed-file-shared-badge {
|
||||
display: inline-flex;
|
||||
gap: 4px;
|
||||
align-items: center;
|
||||
border: 1px solid var(--success-line, var(--line));
|
||||
border-radius: 999px;
|
||||
padding: 3px 7px;
|
||||
color: var(--success, var(--muted));
|
||||
font-size: 11px;
|
||||
white-space: nowrap;
|
||||
}
|
||||
|
||||
.managed-file-empty {
|
||||
padding: 28px 16px;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
.managed-file-virtual-spacer {
|
||||
min-height: 0;
|
||||
pointer-events: none;
|
||||
}
|
||||
|
||||
.managed-file-tree-virtual-list {
|
||||
flex: 1 1 auto;
|
||||
min-height: 80px;
|
||||
overflow: auto;
|
||||
}
|
||||
|
||||
.managed-file-chooser-note {
|
||||
margin: 0;
|
||||
padding: 10px 14px;
|
||||
border-top: 1px solid var(--line);
|
||||
background: var(--panel-soft);
|
||||
}
|
||||
|
||||
.managed-pattern-summary {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
justify-content: space-between;
|
||||
gap: 12px;
|
||||
color: var(--muted);
|
||||
font-size: 12px;
|
||||
font-weight: 600;
|
||||
}
|
||||
|
||||
.managed-pattern-results {
|
||||
display: grid;
|
||||
grid-template-rows: auto minmax(0, 1fr);
|
||||
min-width: 0;
|
||||
min-height: 0;
|
||||
overflow: hidden;
|
||||
}
|
||||
|
||||
.managed-pattern-results .file-list-table {
|
||||
min-width: 680px;
|
||||
min-height: 0;
|
||||
overflow: auto;
|
||||
}
|
||||
|
||||
.managed-pattern-result-row {
|
||||
width: 100%;
|
||||
border-top: 0;
|
||||
border-right: 0;
|
||||
border-left: 0;
|
||||
background: transparent;
|
||||
color: var(--ink);
|
||||
text-align: left;
|
||||
font: inherit;
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.managed-pattern-result-row .file-list-name > span {
|
||||
display: grid;
|
||||
min-width: 0;
|
||||
}
|
||||
|
||||
.managed-pattern-result-row .file-list-name strong {
|
||||
overflow: hidden;
|
||||
text-overflow: ellipsis;
|
||||
white-space: nowrap;
|
||||
}
|
||||
|
||||
.managed-pattern-result-row .file-list-name small {
|
||||
color: var(--muted);
|
||||
font-size: 11px;
|
||||
}
|
||||
|
||||
.managed-pattern-rendered {
|
||||
display: block;
|
||||
color: var(--muted);
|
||||
}
|
||||
|
||||
.split-field-action {
|
||||
gap: 0;
|
||||
}
|
||||
|
||||
.split-field-action > input,
|
||||
.split-field-action > select,
|
||||
.split-field-action > textarea {
|
||||
border-top-right-radius: 0 !important;
|
||||
border-bottom-right-radius: 0 !important;
|
||||
}
|
||||
|
||||
.split-field-action > button,
|
||||
.split-field-action > .button,
|
||||
.split-field-action > .btn {
|
||||
align-self: stretch;
|
||||
margin-left: -1px;
|
||||
border-top-left-radius: 0;
|
||||
border-bottom-left-radius: 0;
|
||||
box-shadow: none;
|
||||
}
|
||||
|
||||
@media (max-width: 850px) {
|
||||
.managed-file-entry-head,
|
||||
.managed-file-entry {
|
||||
grid-template-columns: 22px minmax(0, 1fr) 100px;
|
||||
}
|
||||
|
||||
.managed-file-entry-head > :last-child,
|
||||
.managed-file-entry-modified {
|
||||
display: none;
|
||||
}
|
||||
}
|
||||
|
||||
@media (max-width: 760px) {
|
||||
.managed-file-chooser-dialog {
|
||||
width: calc(100vw - 20px);
|
||||
height: calc(100vh - 20px);
|
||||
}
|
||||
|
||||
.managed-file-chooser-layout {
|
||||
grid-template-columns: 1fr;
|
||||
max-height: calc(100vh - 220px);
|
||||
}
|
||||
|
||||
.managed-file-chooser-spaces {
|
||||
border-right: 0;
|
||||
border-bottom: 1px solid var(--line);
|
||||
max-height: 160px;
|
||||
}
|
||||
|
||||
.managed-file-chooser-toolbar {
|
||||
align-items: flex-start;
|
||||
flex-direction: column;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user