haiwen · awu0403 · Oct 24, 2024 · Oct 25, 2024 · Oct 25, 2024
diff --git a/seahub/api2/endpoints/internal_api.py b/seahub/api2/endpoints/internal_api.py
@@ -11,8 +11,11 @@
 from seahub.base.accounts import User
 from seahub.repo_api_tokens.models import RepoAPITokens
 from seahub.share.models import UploadLinkShare, FileShare, check_share_link_access, check_share_link_access_by_scope
-from seaserv import seafile_api
+from seaserv import seafile_api, ccnet_api
 from seahub.utils.repo import parse_repo_perm
+from seahub.utils.user_permissions import get_user_role
+from seahub.role_permissions.settings import DEFAULT_ENABLED_ROLE_PERMISSIONS
+
 
 logger = logging.getLogger(__name__)
 
@@ -186,3 +189,32 @@ def post(self, request, repo_id):
             return api_error(status.HTTP_403_FORBIDDEN, error_msg)
 
         return Response({'user': rat.app_name})
+
+
+class InternalDownloadRateLimitView(APIView):
+    authentication_classes = (SessionCRSFCheckFreeAuthentication, )
+
+    def post(self, request):
+        auth = request.META.get('HTTP_AUTHORIZATION', '').split()
+        is_valid = is_valid_internal_jwt(auth)
+        if not is_valid:
+            error_msg = 'Permission denied.'
+            return api_error(status.HTTP_403_FORBIDDEN, error_msg)
+        data = request.data
+        traffic_info_list = {}
+        for user_info in data:
+            org_id = user_info['org_id']
+            username = user_info['username']
+            user = User.objects.get(email=username)
+            role = get_user_role(user)
+            if user_info['org_id'] > 0:
+                monthly_rate_limit_per_user = DEFAULT_ENABLED_ROLE_PERMISSIONS[role]['monthly_rate_limit_per_user']
+                org = ccnet_api.get_org_by_id(org_id)
+                org_users = ccnet_api.get_org_emailusers(org.url_prefix, -1, -1)
+                monthly_rate_limit = monthly_rate_limit_per_user * len(org_users)
+            else:
+                monthly_rate_limit = DEFAULT_ENABLED_ROLE_PERMISSIONS[role]['monthly_rate_limit']
+            traffic_info_list[username] = {'org_id': org_id, 'monthly_rate_limit': monthly_rate_limit}
+
+        return Response(traffic_info_list)
+
diff --git a/seahub/role_permissions/settings.py b/seahub/role_permissions/settings.py
@@ -46,6 +46,8 @@ def merge_roles(default, custom):
         'can_publish_repo': True,
         'upload_rate_limit': 0,
         'download_rate_limit': 0,
+        'monthly_rate_limit': 0,
+        'monthly_rate_limit_per_user': 0
     },
     GUEST_USER: {
         'can_add_repo': False,
@@ -68,6 +70,8 @@ def merge_roles(default, custom):
         'can_publish_repo': False,
         'upload_rate_limit': 0,
         'download_rate_limit': 0,
+        'monthly_rate_limit': 0,
+        'monthly_rate_limit_per_user': 0
     },
 }
 

diff --git a/seahub/urls.py b/seahub/urls.py
@@ -5,7 +5,7 @@
 from seahub.ai.apis import ImageCaption, GenerateSummary
 from seahub.api2.endpoints.share_link_auth import ShareLinkUserAuthView, ShareLinkEmailAuthView
 from seahub.api2.endpoints.internal_api import InternalUserListView, InternalCheckShareLinkAccess, \
-    InternalCheckFileOperationAccess
+    InternalCheckFileOperationAccess, InternalDownloadRateLimitView
 from seahub.auth.views import multi_adfs_sso, login_simple_check
 from seahub.views import *
 from seahub.views.mobile import mobile_login
@@ -796,7 +796,7 @@
     re_path(r'^api/v2.1/internal/user-list/$', InternalUserListView.as_view(), name="api-v2.1-internal-user-list"),
     re_path(r'^api/v2.1/internal/check-share-link-access/$', InternalCheckShareLinkAccess.as_view(), name="api-v2.1-internal-share-link-info"),
     re_path(r'^api/v2.1/internal/repos/(?P<repo_id>[-0-9a-f]{36})/check-access/$', InternalCheckFileOperationAccess.as_view(), name="api-v2.1-internal-check-file-op-access"),
-
+    re_path(r'^api/v2.1/internal/download-limit/$', InternalDownloadRateLimitView.as_view(), name='api-v2.1-internal-download-limit'),
     ### system admin ###
     re_path(r'^sys/seafadmin/delete/(?P<repo_id>[-0-9a-f]{36})/$', sys_repo_delete, name='sys_repo_delete'),
     path('sys/useradmin/export-excel/', sys_useradmin_export_excel, name='sys_useradmin_export_excel'),

diff --git a/tests/seahub/role_permissions/test_utils.py b/tests/seahub/role_permissions/test_utils.py
@@ -11,4 +11,4 @@ def test_get_available_role(self):
         assert DEFAULT_USER in get_available_roles()
 
     def test_get_enabled_role_permissions_by_role(self):
-        assert len(list(get_enabled_role_permissions_by_role(DEFAULT_USER).keys())) == 20
+        assert len(list(get_enabled_role_permissions_by_role(DEFAULT_USER).keys())) == 22