]>
Commit | Line | Data |
---|---|---|
1 | #!/usr/bin/python3 | |
2 | ||
3 | import tornado.web | |
4 | ||
5 | from . import base | |
6 | from . import ui_modules | |
7 | ||
8 | class ActionEditHandler(base.BaseHandler): | |
9 | @tornado.web.authenticated | |
10 | def get(self, path): | |
11 | if path is None: | |
12 | path = "/" | |
13 | ||
14 | # Check permissions | |
15 | if not self.backend.wiki.check_acl(path, self.current_user): | |
16 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
17 | ||
18 | # Fetch the wiki page | |
19 | page = self.backend.wiki.get_page(path) | |
20 | ||
21 | # Empty page if it was deleted | |
22 | if page and page.was_deleted(): | |
23 | page = None | |
24 | ||
25 | # Render page | |
26 | self.render("wiki/edit.html", page=page, path=path) | |
27 | ||
28 | @tornado.web.authenticated | |
29 | def post(self, path): | |
30 | if path is None: | |
31 | path = "/" | |
32 | ||
33 | # Check permissions | |
34 | if not self.backend.wiki.check_acl(path, self.current_user): | |
35 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
36 | ||
37 | content = self.get_argument("content", None) | |
38 | changes = self.get_argument("changes") | |
39 | ||
40 | # Create a new page in the database | |
41 | with self.db.transaction(): | |
42 | page = self.backend.wiki.create_page(path, | |
43 | self.current_user, content, changes=changes, address=self.get_remote_ip()) | |
44 | ||
45 | # Add user as a watcher if wanted | |
46 | watch = self.get_argument("watch", False) | |
47 | if watch: | |
48 | page.add_watcher(self.current_user) | |
49 | ||
50 | # Redirect back | |
51 | if page.was_deleted(): | |
52 | self.redirect("/") | |
53 | else: | |
54 | self.redirect(page.url) | |
55 | ||
56 | def on_finish(self): | |
57 | """ | |
58 | Updates the search index after the page has been edited | |
59 | """ | |
60 | # This is being executed in the background and after | |
61 | # the response has been set to the client | |
62 | with self.db.transaction(): | |
63 | self.backend.wiki.refresh() | |
64 | ||
65 | ||
66 | class ActionUploadHandler(base.BaseHandler): | |
67 | @tornado.web.authenticated | |
68 | @base.ratelimit(minutes=60, requests=24) | |
69 | def post(self): | |
70 | path = self.get_argument("path") | |
71 | ||
72 | # Check permissions | |
73 | if not self.backend.wiki.check_acl(path, self.current_user): | |
74 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
75 | ||
76 | try: | |
77 | filename, data, mimetype = self.get_file("file") | |
78 | ||
79 | # Use filename from request if any | |
80 | filename = self.get_argument("filename", filename) | |
81 | ||
82 | # XXX check valid mimetypes | |
83 | ||
84 | with self.db.transaction(): | |
85 | file = self.backend.wiki.upload(path, filename, data, | |
86 | mimetype=mimetype, author=self.current_user, | |
87 | address=self.get_remote_ip()) | |
88 | ||
89 | except TypeError as e: | |
90 | raise e | |
91 | ||
92 | self.redirect("%s/_files" % path) | |
93 | ||
94 | ||
95 | class ActionDeleteHandler(base.BaseHandler): | |
96 | @tornado.web.authenticated | |
97 | def get(self, path): | |
98 | # Check permissions | |
99 | if not self.backend.wiki.check_acl(path, self.current_user): | |
100 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
101 | ||
102 | # Fetch the file | |
103 | file = self.backend.wiki.get_file_by_path(path) | |
104 | if not file: | |
105 | raise tornado.web.HTTPError(404, "Could not find %s" % path) | |
106 | ||
107 | self.render("wiki/confirm-delete.html", file=file) | |
108 | ||
109 | @tornado.web.authenticated | |
110 | @base.ratelimit(minutes=60, requests=24) | |
111 | def post(self, path): | |
112 | # Check permissions | |
113 | if not self.backend.wiki.check_acl(path, self.current_user): | |
114 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
115 | ||
116 | # Fetch the file | |
117 | file = self.backend.wiki.get_file_by_path(path) | |
118 | if not file: | |
119 | raise tornado.web.HTTPError(404, "Could not find %s" % path) | |
120 | ||
121 | with self.db.transaction(): | |
122 | file.delete(self.current_user) | |
123 | ||
124 | self.redirect("%s/_files" % file.path) | |
125 | ||
126 | ||
127 | class ActionRestoreHandler(base.BaseHandler): | |
128 | @tornado.web.authenticated | |
129 | @base.ratelimit(minutes=60, requests=24) | |
130 | def post(self): | |
131 | path = self.get_argument("path") | |
132 | ||
133 | # Check permissions | |
134 | if not self.backend.wiki.check_acl(path, self.current_user): | |
135 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
136 | ||
137 | # Check if we are asked to render a certain revision | |
138 | revision = self.get_argument("revision", None) | |
139 | comment = self.get_argument("comment", None) | |
140 | ||
141 | # Fetch the wiki page | |
142 | page = self.backend.wiki.get_page(path, revision=revision) | |
143 | ||
144 | with self.db.transaction(): | |
145 | page = page.restore( | |
146 | author=self.current_user, | |
147 | address=self.get_remote_ip(), | |
148 | comment=comment, | |
149 | ) | |
150 | ||
151 | # Redirect back to page | |
152 | self.redirect(page.page) | |
153 | ||
154 | ||
155 | class ActionWatchHandler(base.BaseHandler): | |
156 | @tornado.web.authenticated | |
157 | @base.ratelimit(minutes=60, requests=180) | |
158 | def get(self, path, action): | |
159 | if path is None: | |
160 | path = "/" | |
161 | ||
162 | page = self.backend.wiki.get_page(path) | |
163 | if not page: | |
164 | raise tornado.web.HTTPError(404, "Page does not exist: %s" % path) | |
165 | ||
166 | # Check permissions | |
167 | if not self.backend.wiki.check_acl(path, self.current_user): | |
168 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
169 | ||
170 | with self.db.transaction(): | |
171 | if action == "watch": | |
172 | page.add_watcher(self.current_user) | |
173 | elif action == "unwatch": | |
174 | page.remove_watcher(self.current_user) | |
175 | ||
176 | # Redirect back to page | |
177 | self.redirect(page.url) | |
178 | ||
179 | ||
180 | class ActionRenderHandler(base.BaseHandler): | |
181 | def check_xsrf_cookie(self): | |
182 | pass # disabled | |
183 | ||
184 | @tornado.web.authenticated | |
185 | @base.ratelimit(minutes=5, requests=180) | |
186 | def post(self, path): | |
187 | if path is None: | |
188 | path = "/" | |
189 | ||
190 | content = self.get_argument("content") | |
191 | ||
192 | # Render the content | |
193 | html = self.backend.wiki.render(path, content) | |
194 | ||
195 | self.finish(html) | |
196 | ||
197 | ||
198 | class FilesHandler(base.BaseHandler): | |
199 | @tornado.web.authenticated | |
200 | def get(self, path): | |
201 | if path is None: | |
202 | path = "/" | |
203 | ||
204 | # Check permissions | |
205 | if not self.backend.wiki.check_acl(path, self.current_user): | |
206 | raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user)) | |
207 | ||
208 | files = self.backend.wiki.get_files(path) | |
209 | ||
210 | self.render("wiki/files/index.html", path=path, files=files) | |
211 | ||
212 | ||
213 | class TreeHandler(base.BaseHandler): | |
214 | def get(self): | |
215 | self.render("wiki/tree.html", pages=self.backend.wiki) | |
216 | ||
217 | ||
218 | class WatchlistHandler(base.BaseHandler): | |
219 | @tornado.web.authenticated | |
220 | def get(self): | |
221 | pages = self.backend.wiki.get_watchlist(self.current_user) | |
222 | ||
223 | self.render("wiki/watchlist.html", pages=pages) | |
224 | ||
225 | ||
226 | class WikiListModule(ui_modules.UIModule): | |
227 | def render(self, pages, link_revision=False, show_breadcrumbs=True, | |
228 | show_author=True, show_changes=False): | |
229 | return self.render_string("wiki/modules/list.html", link_revision=link_revision, | |
230 | pages=pages, show_breadcrumbs=show_breadcrumbs, | |
231 | show_author=show_author, show_changes=show_changes) |