templates_wiki_DATA = \
src/templates/wiki/404.html \
src/templates/wiki/base.html \
+ src/templates/wiki/confirm-delete.html \
src/templates/wiki/diff.html \
src/templates/wiki/edit.html \
src/templates/wiki/page.html \
def created_at(self):
return self.data.created_at
- def delete(self, author):
- # XXX handle author
- self.db.execute("UPDATE wiki_files SET deleted_at = NOW() \
- WHERE id = %s", self.id)
+ def delete(self, author=None):
+ self.db.execute("UPDATE wiki_files SET deleted_at = NOW(), deleted_by = %s \
+ WHERE id = %s", author.uid if author else None, self.id)
@property
def deleted_at(self):
--- /dev/null
+{% extends "base.html" %}
+
+{% block title %}{{ _("Delete %s") % file.filename }}{% end block %}
+
+{% block content %}
+ <div class="row justify-content-center my-5">
+ <div class="col col-md-6">
+ <div class="card card-body">
+ <h5 class=" mb-4">{{ _("Delete %s") % file.filename }}</h5>
+
+ <p>
+ {{ _("Do you really want to delete %(filename)s in %(path)s?") % { "filename" : file.filename, "path" : file.path } }}
+ </p>
+
+ <form action="" method="POST">
+ {% raw xsrf_form_html() %}
+
+ <button type="submit" class="btn btn-primary btn-block">
+ {{ _("Delete") }}
+ </button>
+ </form>
+ </div>
+ </div>
+ </div>
+{% end block %}
{% end %}
</dl>
+ <h6>{{ _("Delete") }}</h6>
+
+ <a class="btn btn-danger btn-block mb-5" href="{{ file.url }}/_delete">
+ {{ _("Delete") }}
+ </a>
+
<h6>{{ _("Upload Newer Revision") }}</h6>
<form method="POST" action="/actions/upload" enctype="multipart/form-data">
authentication_handlers + [
# Actions
+ (r"((?:[A-Za-z0-9\-_\/]+)?(?:.*)\.(?:\w+))/_delete", wiki.ActionDeleteHandler),
(r"([A-Za-z0-9\-_\/]+)?/_edit", wiki.ActionEditHandler),
(r"([A-Za-z0-9\-_\/]+)?/_render", wiki.ActionRenderHandler),
(r"([A-Za-z0-9\-_\/]+)?/_(watch|unwatch)", wiki.ActionWatchHandler),
self.redirect("%s/_files" % path)
+class ActionDeleteHandler(auth.CacheMixin, base.BaseHandler):
+ @tornado.web.authenticated
+ def get(self, path):
+ # Check permissions
+ if not self.backend.wiki.check_acl(path, self.current_user):
+ raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
+
+ # Fetch the file
+ file = self.backend.wiki.get_file_by_path(path)
+ if not file:
+ raise tornado.web.HTTPError(404, "Could not find %s" % path)
+
+ self.render("wiki/confirm-delete.html", file=file)
+
+ @tornado.web.authenticated
+ @base.ratelimit(minutes=60, requests=24)
+ def post(self, path):
+ # Check permissions
+ if not self.backend.wiki.check_acl(path, self.current_user):
+ raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
+
+ # Fetch the file
+ file = self.backend.wiki.get_file_by_path(path)
+ if not file:
+ raise tornado.web.HTTPError(404, "Could not find %s" % path)
+
+ with self.db.transaction():
+ file.delete(self.current_user)
+
+ self.redirect("%s/_files" % file.path)
+
+
+
class ActionWatchHandler(auth.CacheMixin, base.BaseHandler):
@tornado.web.authenticated
@base.ratelimit(minutes=60, requests=180)