]>
Commit | Line | Data |
---|---|---|
1 | #!/usr/bin/python3 | |
2 | ||
3 | import difflib | |
4 | import tornado.web | |
5 | ||
6 | from . import auth | |
7 | from . import base | |
8 | from . import ui_modules | |
9 | ||
10 | class ActionEditHandler(auth.CacheMixin, base.BaseHandler): | |
11 | @tornado.web.authenticated | |
12 | def get(self, path): | |
13 | if path is None: | |
14 | path = "/" | |
15 | ||
16 | # Check permissions | |
17 | if not self.backend.wiki.check_acl(path, self.current_user): | |
18 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
19 | ||
20 | # Fetch the wiki page | |
21 | page = self.backend.wiki.get_page(path) | |
22 | ||
23 | # Empty page if it was deleted | |
24 | if page and page.was_deleted(): | |
25 | page = None | |
26 | ||
27 | # Render page | |
28 | self.render("wiki/edit.html", page=page, path=path) | |
29 | ||
30 | @tornado.web.authenticated | |
31 | def post(self, path): | |
32 | if path is None: | |
33 | path = "/" | |
34 | ||
35 | # Check permissions | |
36 | if not self.backend.wiki.check_acl(path, self.current_user): | |
37 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
38 | ||
39 | content = self.get_argument("content", None) | |
40 | changes = self.get_argument("changes") | |
41 | ||
42 | # Create a new page in the database | |
43 | with self.db.transaction(): | |
44 | page = self.backend.wiki.create_page(path, | |
45 | self.current_user, content, changes=changes, address=self.get_remote_ip()) | |
46 | ||
47 | # Add user as a watcher if wanted | |
48 | watch = self.get_argument("watch", False) | |
49 | if watch: | |
50 | page.add_watcher(self.current_user) | |
51 | ||
52 | # Redirect back | |
53 | if page.was_deleted(): | |
54 | self.redirect("/") | |
55 | else: | |
56 | self.redirect(page.url) | |
57 | ||
58 | def on_finish(self): | |
59 | """ | |
60 | Updates the search index after the page has been edited | |
61 | """ | |
62 | # This is being executed in the background and after | |
63 | # the response has been set to the client | |
64 | with self.db.transaction(): | |
65 | self.backend.wiki.refresh() | |
66 | ||
67 | ||
68 | class ActionUploadHandler(auth.CacheMixin, base.BaseHandler): | |
69 | @tornado.web.authenticated | |
70 | @base.ratelimit(minutes=60, requests=24) | |
71 | def post(self): | |
72 | path = self.get_argument("path") | |
73 | ||
74 | # Check permissions | |
75 | if not self.backend.wiki.check_acl(path, self.current_user): | |
76 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
77 | ||
78 | try: | |
79 | filename, data, mimetype = self.get_file("file") | |
80 | ||
81 | # Use filename from request if any | |
82 | filename = self.get_argument("filename", filename) | |
83 | ||
84 | # XXX check valid mimetypes | |
85 | ||
86 | with self.db.transaction(): | |
87 | file = self.backend.wiki.upload(path, filename, data, | |
88 | mimetype=mimetype, author=self.current_user, | |
89 | address=self.get_remote_ip()) | |
90 | ||
91 | except TypeError as e: | |
92 | raise e | |
93 | ||
94 | self.redirect("%s/_files" % path) | |
95 | ||
96 | ||
97 | class ActionDeleteHandler(auth.CacheMixin, base.BaseHandler): | |
98 | @tornado.web.authenticated | |
99 | def get(self, path): | |
100 | # Check permissions | |
101 | if not self.backend.wiki.check_acl(path, self.current_user): | |
102 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
103 | ||
104 | # Fetch the file | |
105 | file = self.backend.wiki.get_file_by_path(path) | |
106 | if not file: | |
107 | raise tornado.web.HTTPError(404, "Could not find %s" % path) | |
108 | ||
109 | self.render("wiki/confirm-delete.html", file=file) | |
110 | ||
111 | @tornado.web.authenticated | |
112 | @base.ratelimit(minutes=60, requests=24) | |
113 | def post(self, path): | |
114 | # Check permissions | |
115 | if not self.backend.wiki.check_acl(path, self.current_user): | |
116 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
117 | ||
118 | # Fetch the file | |
119 | file = self.backend.wiki.get_file_by_path(path) | |
120 | if not file: | |
121 | raise tornado.web.HTTPError(404, "Could not find %s" % path) | |
122 | ||
123 | with self.db.transaction(): | |
124 | file.delete(self.current_user) | |
125 | ||
126 | self.redirect("%s/_files" % file.path) | |
127 | ||
128 | ||
129 | class ActionRestoreHandler(auth.CacheMixin, base.BaseHandler): | |
130 | @tornado.web.authenticated | |
131 | @base.ratelimit(minutes=60, requests=24) | |
132 | def post(self): | |
133 | path = self.get_argument("path") | |
134 | ||
135 | # Check permissions | |
136 | if not self.backend.wiki.check_acl(path, self.current_user): | |
137 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
138 | ||
139 | # Check if we are asked to render a certain revision | |
140 | revision = self.get_argument("revision", None) | |
141 | ||
142 | # Fetch the wiki page | |
143 | page = self.backend.wiki.get_page(path, revision=revision) | |
144 | ||
145 | with self.db.transaction(): | |
146 | page = page.restore( | |
147 | author=self.current_user, address=self.get_remote_ip(), | |
148 | ) | |
149 | ||
150 | # Redirect back to page | |
151 | self.redirect(page.page) | |
152 | ||
153 | ||
154 | class ActionWatchHandler(auth.CacheMixin, base.BaseHandler): | |
155 | @tornado.web.authenticated | |
156 | @base.ratelimit(minutes=60, requests=180) | |
157 | def get(self, path, action): | |
158 | if path is None: | |
159 | path = "/" | |
160 | ||
161 | page = self.backend.wiki.get_page(path) | |
162 | if not page: | |
163 | raise tornado.web.HTTPError(404, "Page does not exist: %s" % path) | |
164 | ||
165 | # Check permissions | |
166 | if not self.backend.wiki.check_acl(path, self.current_user): | |
167 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
168 | ||
169 | with self.db.transaction(): | |
170 | if action == "watch": | |
171 | page.add_watcher(self.current_user) | |
172 | elif action == "unwatch": | |
173 | page.remove_watcher(self.current_user) | |
174 | ||
175 | # Redirect back to page | |
176 | self.redirect(page.url) | |
177 | ||
178 | ||
179 | class ActionRenderHandler(auth.CacheMixin, base.BaseHandler): | |
180 | def check_xsrf_cookie(self): | |
181 | pass # disabled | |
182 | ||
183 | @tornado.web.authenticated | |
184 | @base.ratelimit(minutes=5, requests=180) | |
185 | def post(self, path): | |
186 | if path is None: | |
187 | path = "/" | |
188 | ||
189 | content = self.get_argument("content") | |
190 | ||
191 | # Render the content | |
192 | html = self.backend.wiki.render(path, content) | |
193 | ||
194 | self.finish(html) | |
195 | ||
196 | ||
197 | class FilesHandler(auth.CacheMixin, base.BaseHandler): | |
198 | @tornado.web.authenticated | |
199 | def get(self, path): | |
200 | if path is None: | |
201 | path = "/" | |
202 | ||
203 | # Check permissions | |
204 | if not self.backend.wiki.check_acl(path, self.current_user): | |
205 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
206 | ||
207 | files = self.backend.wiki.get_files(path) | |
208 | ||
209 | self.render("wiki/files/index.html", path=path, files=files) | |
210 | ||
211 | ||
212 | class FileHandler(base.BaseHandler): | |
213 | @property | |
214 | def action(self): | |
215 | return self.get_argument("action", None) | |
216 | ||
217 | def get(self, path): | |
218 | # Check permissions | |
219 | if not self.backend.wiki.check_acl(path, self.current_user): | |
220 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
221 | ||
222 | # Check if we are asked to render a certain revision | |
223 | revision = self.get_argument("revision", None) | |
224 | ||
225 | # Fetch the file | |
226 | file = self.backend.wiki.get_file_by_path(path, revision=revision) | |
227 | if not file: | |
228 | raise tornado.web.HTTPError(404, "Could not find %s" % path) | |
229 | ||
230 | # Render detail page | |
231 | if self.action == "detail": | |
232 | page = None | |
233 | ||
234 | for breadcrumb, title in self.backend.wiki.make_breadcrumbs(path): | |
235 | page = self.backend.wiki.get_page(breadcrumb) | |
236 | if page: | |
237 | break | |
238 | ||
239 | self.render("wiki/files/detail.html", page=page, file=file) | |
240 | return | |
241 | ||
242 | size = self.get_argument_int("s", None) | |
243 | ||
244 | # Check if image should be resized | |
245 | if file.is_image() and size: | |
246 | blob = file.get_thumbnail(size) | |
247 | else: | |
248 | blob = file.blob | |
249 | ||
250 | # Set headers | |
251 | self.set_header("Content-Type", file.mimetype or "application/octet-stream") | |
252 | self.set_header("Content-Length", len(blob)) | |
253 | ||
254 | # Set expires | |
255 | self.set_expires(3600) | |
256 | ||
257 | # Deliver content | |
258 | self.finish(blob) | |
259 | ||
260 | ||
261 | class PageHandler(auth.CacheMixin, base.BaseHandler): | |
262 | @property | |
263 | def action(self): | |
264 | return self.get_argument("action", None) | |
265 | ||
266 | def write_error(self, status_code, **kwargs): | |
267 | # Render a custom page for 404 | |
268 | if status_code == 404: | |
269 | self.render("wiki/404.html", **kwargs) | |
270 | return | |
271 | ||
272 | # Otherwise raise this to one layer above | |
273 | super().write_error(status_code, **kwargs) | |
274 | ||
275 | @tornado.web.removeslash | |
276 | def get(self, path): | |
277 | if path is None: | |
278 | path = "/" | |
279 | ||
280 | # Check permissions | |
281 | if not self.backend.wiki.check_acl(path, self.current_user): | |
282 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
283 | ||
284 | # Check if we are asked to render a certain revision | |
285 | revision = self.get_argument("revision", None) | |
286 | ||
287 | # Fetch the wiki page | |
288 | page = self.backend.wiki.get_page(path, revision=revision) | |
289 | ||
290 | # Diff | |
291 | if self.action == "diff": | |
292 | # Get both revisions | |
293 | a = self.get_argument("a") | |
294 | b = self.get_argument("b") | |
295 | ||
296 | # Fetch both versions of the page | |
297 | a = self.backend.wiki.get_page(path, revision=a) | |
298 | b = self.backend.wiki.get_page(path, revision=b) | |
299 | if not a or not b: | |
300 | raise tornado.web.HTTPError(404) | |
301 | ||
302 | # Cannot render a diff for the identical page | |
303 | if a == b: | |
304 | raise tornado.web.HTTPError(400) | |
305 | ||
306 | # Make sure that b is newer than a | |
307 | if a > b: | |
308 | a, b = b, a | |
309 | ||
310 | self.render("wiki/diff.html", page=page, a=a, b=b) | |
311 | return | |
312 | ||
313 | # Restore | |
314 | elif self.action == "restore": | |
315 | self.render("wiki/confirm-restore.html", page=page) | |
316 | return | |
317 | ||
318 | # Revisions | |
319 | elif self.action == "revisions": | |
320 | self.render("wiki/revisions.html", page=page) | |
321 | return | |
322 | ||
323 | # If the page does not exist, we send 404 | |
324 | if not page or page.was_deleted(): | |
325 | # Handle /start links which were in the format of DokuWiki | |
326 | if path.endswith("/start"): | |
327 | # Strip /start from path | |
328 | path = path[:-6] or "/" | |
329 | ||
330 | # Redirect user to page if it exists | |
331 | page = self.backend.wiki.page_exists(path) | |
332 | if page: | |
333 | self.redirect(path) | |
334 | ||
335 | raise tornado.web.HTTPError(404) | |
336 | ||
337 | # Fetch the latest revision | |
338 | latest_revision = page.get_latest_revision() | |
339 | ||
340 | # Render page | |
341 | self.render("wiki/page.html", page=page, latest_revision=latest_revision) | |
342 | ||
343 | ||
344 | class SearchHandler(auth.CacheMixin, base.BaseHandler): | |
345 | @base.ratelimit(minutes=5, requests=25) | |
346 | def get(self): | |
347 | q = self.get_argument("q") | |
348 | ||
349 | pages = self.backend.wiki.search(q, account=self.current_user, limit=50) | |
350 | ||
351 | self.render("wiki/search-results.html", q=q, pages=pages) | |
352 | ||
353 | ||
354 | class RecentChangesHandler(auth.CacheMixin, base.BaseHandler): | |
355 | def get(self): | |
356 | recent_changes = self.backend.wiki.get_recent_changes(self.current_user, limit=50) | |
357 | ||
358 | self.render("wiki/recent-changes.html", recent_changes=recent_changes) | |
359 | ||
360 | ||
361 | class WatchlistHandler(auth.CacheMixin, base.BaseHandler): | |
362 | @tornado.web.authenticated | |
363 | def get(self): | |
364 | pages = self.backend.wiki.get_watchlist(self.current_user) | |
365 | ||
366 | self.render("wiki/watchlist.html", pages=pages) | |
367 | ||
368 | ||
369 | class WikiDiffModule(ui_modules.UIModule): | |
370 | differ = difflib.Differ() | |
371 | ||
372 | def render(self, a, b): | |
373 | diff = self.differ.compare( | |
374 | a.markdown.splitlines(), | |
375 | b.markdown.splitlines(), | |
376 | ) | |
377 | ||
378 | return self.render_string("wiki/modules/diff.html", diff=diff) | |
379 | ||
380 | ||
381 | class WikiListModule(ui_modules.UIModule): | |
382 | def render(self, pages, link_revision=False, show_breadcrumbs=True, | |
383 | show_author=True, show_changes=False): | |
384 | return self.render_string("wiki/modules/list.html", link_revision=link_revision, | |
385 | pages=pages, show_breadcrumbs=show_breadcrumbs, | |
386 | show_author=show_author, show_changes=show_changes) | |
387 | ||
388 | ||
389 | class WikiNavbarModule(ui_modules.UIModule): | |
390 | @property | |
391 | def path(self): | |
392 | """ | |
393 | Returns the path of the page (without any actions) | |
394 | """ | |
395 | path = self.request.path.split("/") | |
396 | ||
397 | if path and path[-1].startswith("_"): | |
398 | path.pop() | |
399 | ||
400 | return "/".join(path) | |
401 | ||
402 | def render(self, suffix=None): | |
403 | _ = self.locale.translate | |
404 | ||
405 | # Make the path | |
406 | page = self.request.path.split("/") | |
407 | ||
408 | # Drop the action bit | |
409 | if page and page[-1].startswith("_"): | |
410 | page.pop() | |
411 | ||
412 | page = "/".join(page) | |
413 | ||
414 | breadcrumbs = self.backend.wiki.make_breadcrumbs(page) | |
415 | title = self.backend.wiki.get_page_title(page) | |
416 | ||
417 | if self.request.path.endswith("/_edit"): | |
418 | suffix = _("Edit") | |
419 | elif self.request.path.endswith("/_files"): | |
420 | suffix = _("Files") | |
421 | ||
422 | return self.render_string("wiki/modules/navbar.html", | |
423 | breadcrumbs=breadcrumbs, page=page, page_title=title, suffix=suffix) |