haiwen · freeplant · Aug 25, 2024 · Aug 25, 2024
diff --git a/seahub/api2/endpoints/public_repos_search.py b/seahub/api2/endpoints/public_repos_search.py
@@ -10,6 +10,7 @@
 
 from seahub.api2.authentication import TokenAuthentication
 from seahub.api2.throttling import UserRateThrottle
+from seahub.api2.permissions import IsProVersion
 from seahub.api2.utils import api_error
 from seahub.utils.repo import is_valid_repo_id_format
 from seahub.utils import HAS_FILE_SEARCH, HAS_FILE_SEASEARCH
@@ -25,7 +26,7 @@ class PublishedRepoSearchView(APIView):
     """ Search public repos
     """
     authentication_classes = (TokenAuthentication, SessionAuthentication)
-    permission_classes = (IsAuthenticatedOrReadOnly,)
+    permission_classes = (IsAuthenticatedOrReadOnly, IsProVersion)
     throttle_classes = (UserRateThrottle, )
 
     def get(self, request):

diff --git a/seahub/api2/views.py b/seahub/api2/views.py
@@ -36,6 +36,7 @@
 from .utils import get_diff_details, to_python_boolean, \
     api_error, get_file_size, prepare_starred_files, is_web_request, \
     get_groups, api_group_check, get_timestamp, json_response
+from seahub.api2.permissions import IsProVersion
 from seahub.wopi.utils import get_wopi_dict
 from seahub.api2.base import APIView
 from seahub.api2.models import TokenV2, DESKTOP_PLATFORMS
@@ -443,7 +444,7 @@ class Search(APIView):
     """ Search all the repos
     """
     authentication_classes = (TokenAuthentication, SessionAuthentication)
-    permission_classes = (IsAuthenticated,)
+    permission_classes = (IsAuthenticated, IsProVersion)
     throttle_classes = (UserRateThrottle, )
 
     def get(self, request, format=None):

diff --git a/seahub/seadoc/apis.py b/seahub/seadoc/apis.py
@@ -27,6 +27,7 @@
 
 from seahub.views import check_folder_permission
 from seahub.api2.authentication import TokenAuthentication, SdocJWTTokenAuthentication
+from seahub.api2.permissions import IsProVersion
 from seahub.api2.utils import api_error, user_to_dict, to_python_boolean, get_user_common_info
 from seahub.api2.throttling import UserRateThrottle
 from seahub.seadoc.utils import is_valid_seadoc_access_token, get_seadoc_upload_link, \
@@ -2900,6 +2901,7 @@ def post(self, request, file_uuid):
 class SeadocSearchFilenameView(APIView):
 
     authentication_classes = (SdocJWTTokenAuthentication, TokenAuthentication, SessionAuthentication)
+    permission_classes = (IsProVersion, )
     throttle_classes = (UserRateThrottle,)
 
     def get(self, request, file_uuid):

diff --git a/tests/api/test_search.py b/tests/api/test_search.py
@@ -8,6 +8,11 @@
 
 from seaserv import seafile_api
 
+try:
+    from seahub.settings import LOCAL_PRO_DEV_ENV
+except ImportError:
+    LOCAL_PRO_DEV_ENV = False
+
 
 class SearchTest(BaseTestCase):
     def setUp(self):
@@ -35,8 +40,13 @@ def setUp(self):
 
     @patch('seahub.api2.views.HAS_FILE_SEARCH', True)
     @patch('seahub.api2.views.search_files')
+    @patch('seahub.api2.views.is_pro_version')
     @pytest.mark.skipif(TRAVIS, reason="")
-    def test_can_search_file(self, mock_search_files):
+    def test_can_search_file(self, mock_search_files, mock_is_pro_version):
+        if not LOCAL_PRO_DEV_ENV:
+            return
+
+        mock_is_pro_version.return_value = True
         mock_search_files.return_value = self.mock_results, \
                 self.mock_total
 
@@ -50,22 +60,37 @@ def test_can_search_file(self, mock_search_files):
         assert json_resp['results'][0]['repo_id'] == self.mock_results[0]['repo_id']
 
     @patch('seahub.api2.views.HAS_FILE_SEARCH', True)
-    def test_can_not_search_with_invalid_repo_permission(self):
+    @patch('seahub.api2.views.is_pro_version')
+    def test_can_not_search_with_invalid_repo_permission(self, mock_is_pro_version):
+        if not LOCAL_PRO_DEV_ENV:
+            return
+
+        mock_is_pro_version.return_value = True
         self.login_as(self.admin)
         resp = self.client.get(self.url + '?q=lian&search_repo=%s' %
                 self.repo_id)
         self.assertEqual(403, resp.status_code)
 
     @patch('seahub.api2.views.HAS_FILE_SEARCH', True)
-    def test_can_not_search_without_q_parameter(self):
+    @patch('seahub.api2.views.is_pro_version')
+    def test_can_not_search_without_q_parameter(self, mock_is_pro_version):
+        if not LOCAL_PRO_DEV_ENV:
+            return
+
+        mock_is_pro_version.return_value = True
         self.login_as(self.user)
         resp = self.client.get(self.url)
         self.assertEqual(400, resp.status_code)
 
     @patch('seahub.api2.views.HAS_FILE_SEARCH', True)
     @patch('seahub.api2.views.search_files')
+    @patch('seahub.api2.views.is_pro_version')
     @pytest.mark.skipif(TRAVIS, reason="")
-    def test_can_search_with_search_path(self, mock_search_files):
+    def test_can_search_with_search_path(self, mock_search_files, mock_is_pro_version):
+        if not LOCAL_PRO_DEV_ENV:
+            return
+
+        mock_is_pro_version.return_value = True
         mock_search_files.return_value = self.mock_results, \
                 self.mock_total