Ability to remove files from libraries by admin

Hello.

I’ve been testing Seaflle for a moment and I’m trying to achieve some specific functionality.
My goal is to have the user files automatically deleted after some time. This is how it is supposed to work in my setup and I am aware of what deleting user files mean and my users are aware of it. We are all very happy with that. There is really no need to tell us that we are wrong. The whole cloud is not for keeping files, but for short time sharing with others. I’m used to work with people and they will not clean after them - so those files will be left there forever, which is not what we want.

I’ve found that autoremoving files is not implemented as a feature.
So I’ve been trying to make a workaround. I can mount the seafile data dir (seaf-fuse.sh) and search for a files older than n days. That is what works. But the mount is read only, so I cannot delete any files this way. I, then, tried to use Web API to delete those files, but I got “Permission denied”. That baffled me. It looks like I cannot delete other user files even from admin account.
I got the same denial, when I tried to remove the whole library.
BUT it is possible to delete any library from the web application! So why it is not possible from Web API ?
Or maybe I’m doing something wrong ?

Any answer would be nice, even if it is “it was made impossible on purpose, because we know better”.

I think the only option for something like that is to enable ENABLE_SYS_ADMIN_VIEW_REPO which is only available in pro edition and according to the documentation only via a specific admin page.

https://manual.seafile.com/config/seahub_settings_py.html#pro-edition-only-options

Usually admins are not supposed to manage user data directly.

You could however create a “Library manager” bot (with an account assigned to it), share your library (r/w) with it and let it clean it.
Maybe for extra caution add a check for a plain text file named CLEAN ME AFTER.txt with the number of days to keep the files, written in it.

Hello!

Thank you for reply. Going with pro edition is not an option at this moment.
I tried the second approach, but I am afraid that I got stuck with the very same permission bottleneck.

So - I have another admin account, lets say "cleaner@example.com". If I share an library with that account, then I, indeed, can remove any file from that library using Web API with “cleaner” account:

# curl -k -X DELETE -H 'Authorization: Token 6...............2' -H 'Accept: application/json; charset=utf-8; indent=1' https://example.com/api2/repos/6.............1/file/?p=/test.zip
"success"

But I have to manually share a library (using web app) from the user that is owning it. When I try to use Web API to do that (from admin account, not from the user account) - I have not enough privileges:

# curl -k -X PUT -d "share_type=user&username=cleaner@example.com&permission=rw" -H 'Authorization: Token 6..............2' -H 'Accept: application/json; charset=utf-8; indent=1' https://example.com/api2/repos/6..................1/dir/shared_items/?p=/
{
 "detail": "You do not have permission to perform this action."
}

So, telling users that they have to manually share each library with another account is basically the same as persuading them to clean after themselves. Or worse. Sounds perfectly sane, but will not work in real life.

I am completely aware, that I want to abuse what Seafile is meant for, but it is so far the best and almost working solution for our purposes.

Just do it the other way around. Create the libraries with your cleaner@example.com account and share them with the target person.

You could block users from creating new libraries and then share the cleaner libraries with the users, ensuring that you have access to them. Another option would be to use your admin privileges to share or re-share libraries from other users to the cleaner with Share Repo to User.

Hello!

I tried the second solution - with “Share Repo to User” and it works! I think this is all we need!

Thank you again.

1 Like