wiki: Implement deleting files

Fixes: #12124
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/Makefile.am b/Makefile.am
index 4d645ccf80777f72f3e5b8546c844931a1285417..ea6545258d9161ef1454ccdc53d026ac4327c4f6 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -276,6 +276,7 @@ templates_staticdir = $(templatesdir)/static
 templates_wiki_DATA = \
        src/templates/wiki/404.html \
        src/templates/wiki/base.html \
+       src/templates/wiki/confirm-delete.html \
        src/templates/wiki/diff.html \
        src/templates/wiki/edit.html \
        src/templates/wiki/page.html \

diff --git a/src/backend/wiki.py b/src/backend/wiki.py
index 36d19e7c3d0fea6c278b23a476148cc9fa103948..1747429ca083d5234e817595d1d1153802d3d9e7 100644 (file)
--- a/src/backend/wiki.py
+++ b/src/backend/wiki.py
@@ -485,10 +485,9 @@ class File(misc.Object):
        def created_at(self):
                return self.data.created_at
 
-       def delete(self, author):
-               # XXX handle author
-               self.db.execute("UPDATE wiki_files SET deleted_at = NOW() \
-                       WHERE id = %s", self.id)
+       def delete(self, author=None):
+               self.db.execute("UPDATE wiki_files SET deleted_at = NOW(), deleted_by = %s \
+                       WHERE id = %s", author.uid if author else None, self.id)
 
        @property
        def deleted_at(self):

diff --git a/src/templates/wiki/confirm-delete.html b/src/templates/wiki/confirm-delete.html
new file mode 100644 (file)
index 0000000..031b917
--- /dev/null
+++ b/src/templates/wiki/confirm-delete.html
@@ -0,0 +1,25 @@
+{% extends "base.html" %}
+
+{% block title %}{{ _("Delete %s") % file.filename }}{% end block %}
+
+{% block content %}
+       <div class="row justify-content-center my-5">
+               <div class="col col-md-6">
+                       <div class="card card-body">
+                               <h5 class=" mb-4">{{ _("Delete %s") % file.filename }}</h5>
+
+                               <p>
+                                       {{ _("Do you really want to delete %(filename)s in %(path)s?") % { "filename" : file.filename, "path" : file.path } }}
+                               </p>
+
+                               <form action="" method="POST">
+                                       {% raw xsrf_form_html() %}
+
+                                       <button type="submit" class="btn btn-primary btn-block">
+                                               {{ _("Delete") }}
+                                       </button>
+                               </form>
+                       </div>
+               </div>
+       </div>
+{% end block %}

diff --git a/src/templates/wiki/files/detail.html b/src/templates/wiki/files/detail.html
index c4fe5ea0642411d82cd464116c07ccedf4b0648f..a6773098469ba546062445484ce92e44e94cf2e8 100644 (file)
--- a/src/templates/wiki/files/detail.html
+++ b/src/templates/wiki/files/detail.html
@@ -72,6 +72,12 @@
                                {% end %}
                        </dl>
 
+                       <h6>{{ _("Delete") }}</h6>
+
+                       <a class="btn btn-danger btn-block mb-5" href="{{ file.url }}/_delete">
+                               {{ _("Delete") }}
+                       </a>
+
                        <h6>{{ _("Upload Newer Revision") }}</h6>
 
                        <form method="POST" action="/actions/upload" enctype="multipart/form-data">

diff --git a/src/web/__init__.py b/src/web/__init__.py
index 2a1b96f01ef7945a6bd9da90323929bcf0489c31..8343b86d3ecf60534271a679772fb1ce533cced6 100644 (file)
--- a/src/web/__init__.py
+++ b/src/web/__init__.py
@@ -290,6 +290,7 @@ class Application(tornado.web.Application):
                        authentication_handlers + [
 
                        # Actions
+                       (r"((?:[A-Za-z0-9\-_\/]+)?(?:.*)\.(?:\w+))/_delete", wiki.ActionDeleteHandler),
                        (r"([A-Za-z0-9\-_\/]+)?/_edit", wiki.ActionEditHandler),
                        (r"([A-Za-z0-9\-_\/]+)?/_render", wiki.ActionRenderHandler),
                        (r"([A-Za-z0-9\-_\/]+)?/_(watch|unwatch)", wiki.ActionWatchHandler),

diff --git a/src/web/wiki.py b/src/web/wiki.py
index 6d0600f066a229939897f59082a139136cffd04f..e5759e375e27ef6680a869aec85f2c7459b5b1b5 100644 (file)
--- a/src/web/wiki.py
+++ b/src/web/wiki.py
@@ -94,6 +94,39 @@ class ActionUploadHandler(auth.CacheMixin, base.BaseHandler):
                self.redirect("%s/_files" % path)
 
 
+class ActionDeleteHandler(auth.CacheMixin, base.BaseHandler):
+       @tornado.web.authenticated
+       def get(self, path):
+               # Check permissions
+               if not self.backend.wiki.check_acl(path, self.current_user):
+                       raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
+
+               # Fetch the file
+               file = self.backend.wiki.get_file_by_path(path)
+               if not file:
+                       raise tornado.web.HTTPError(404, "Could not find %s" % path)
+
+               self.render("wiki/confirm-delete.html", file=file)
+
+       @tornado.web.authenticated
+       @base.ratelimit(minutes=60, requests=24)
+       def post(self, path):
+               # Check permissions
+               if not self.backend.wiki.check_acl(path, self.current_user):
+                       raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
+
+               # Fetch the file
+               file = self.backend.wiki.get_file_by_path(path)
+               if not file:
+                       raise tornado.web.HTTPError(404, "Could not find %s" % path)
+
+               with self.db.transaction():
+                       file.delete(self.current_user)
+
+               self.redirect("%s/_files" % file.path)
+
+
+
 class ActionWatchHandler(auth.CacheMixin, base.BaseHandler):
        @tornado.web.authenticated
        @base.ratelimit(minutes=60, requests=180)