]> git.ipfire.org Git - ipfire.org.git/blobdiff - src/web/wiki.py
projects / ipfire.org.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
docs: Move the diff UI module
[ipfire.org.git] / src / web / wiki.py
diff --git a/src/web/wiki.py b/src/web/wiki.py
index 5a37ea22d80c972d348fec551f4b4ac5c0e85e26..bf9fe54e3325a80a83a07d832e72a4c64781b14f 100644 (file)
--- a/src/web/wiki.py
+++ b/src/web/wiki.py
@@ -1,15 +1,16 @@
 #!/usr/bin/python3
 
-import difflib
 import tornado.web
 
-from . import auth
 from . import base
 from . import ui_modules
 
-class ActionEditHandler(auth.CacheMixin, base.BaseHandler):
+class ActionEditHandler(base.BaseHandler):
        @tornado.web.authenticated
        def get(self, path):
+               if path is None:
+                       path = "/"
+
                # Check permissions
                if not self.backend.wiki.check_acl(path, self.current_user):
                        raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
@@ -22,10 +23,13 @@ class ActionEditHandler(auth.CacheMixin, base.BaseHandler):
                        page = None
 
                # Render page
-               self.render("wiki/edit.html", page=page)
+               self.render("wiki/edit.html", page=page, path=path)
 
        @tornado.web.authenticated
        def post(self, path):
+               if path is None:
+                       path = "/"
+
                # Check permissions
                if not self.backend.wiki.check_acl(path, self.current_user):
                        raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
@@ -59,8 +63,9 @@ class ActionEditHandler(auth.CacheMixin, base.BaseHandler):
                        self.backend.wiki.refresh()
 
 
-class ActionUploadHandler(auth.CacheMixin, base.BaseHandler):
+class ActionUploadHandler(base.BaseHandler):
        @tornado.web.authenticated
+       @base.ratelimit(minutes=60, requests=24)
        def post(self):
                path = self.get_argument("path")
 
@@ -71,6 +76,9 @@ class ActionUploadHandler(auth.CacheMixin, base.BaseHandler):
                try:
                        filename, data, mimetype = self.get_file("file")
 
+                       # Use filename from request if any
+                       filename = self.get_argument("filename", filename)
+
                        # XXX check valid mimetypes
 
                        with self.db.transaction():
@@ -84,45 +92,23 @@ class ActionUploadHandler(auth.CacheMixin, base.BaseHandler):
                self.redirect("%s/_files" % path)
 
 
-class ActionWatchHandler(auth.CacheMixin, base.BaseHandler):
-       @tornado.web.authenticated
-       def get(self, path, action):
-               page = self.backend.wiki.get_page(path)
-               if not page:
-                       raise tornado.web.HTTPError(404, "Page does not exist: %s" % path)
-
-               # Check permissions
-               if not self.backend.wiki.check_acl(path, self.current_user):
-                       raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
-
-               with self.db.transaction():
-                       if action == "watch":
-                               page.add_watcher(self.current_user)
-                       elif action == "unwatch":
-                               page.remove_watcher(self.current_user)
-
-               # Redirect back to page
-               self.redirect(page.url)
-
-
-class FilesHandler(auth.CacheMixin, base.BaseHandler):
+class ActionDeleteHandler(base.BaseHandler):
        @tornado.web.authenticated
        def get(self, path):
                # Check permissions
                if not self.backend.wiki.check_acl(path, self.current_user):
                        raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
 
-               files = self.backend.wiki.get_files(path)
-
-               self.render("wiki/files/index.html", path=path, files=files)
-
+               # Fetch the file
+               file = self.backend.wiki.get_file_by_path(path)
+               if not file:
+                       raise tornado.web.HTTPError(404, "Could not find %s" % path)
 
-class FileHandler(base.BaseHandler):
-       @property
-       def action(self):
-               return self.get_argument("action", None)
+               self.render("wiki/confirm-delete.html", file=file)
 
-       def get(self, path):
+       @tornado.web.authenticated
+       @base.ratelimit(minutes=60, requests=24)
+       def post(self, path):
                # Check permissions
                if not self.backend.wiki.check_acl(path, self.current_user):
                        raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
@@ -132,104 +118,100 @@ class FileHandler(base.BaseHandler):
                if not file:
                        raise tornado.web.HTTPError(404, "Could not find %s" % path)
 
-               # Render detail page
-               if self.action == "detail":
-                       page = None
+               with self.db.transaction():
+                       file.delete(self.current_user)
 
-                       for breadcrumb, title in self.backend.wiki.make_breadcrumbs(path):
-                               page = self.backend.wiki.get_page(breadcrumb)
-                               if page:
-                                       break
+               self.redirect("%s/_files" % file.path)
 
-                       self.render("wiki/files/detail.html", page=page, file=file)
-                       return
 
-               size = self.get_argument_int("s", None)
+class ActionRestoreHandler(base.BaseHandler):
+       @tornado.web.authenticated
+       @base.ratelimit(minutes=60, requests=24)
+       def post(self):
+               path = self.get_argument("path")
 
-               # Check if image should be resized
-               if file.is_image() and size:
-                       blob = file.get_thumbnail(size)
-               else:
-                       blob = file.blob
+               # Check permissions
+               if not self.backend.wiki.check_acl(path, self.current_user):
+                       raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
 
-               # Set headers
-               self.set_header("Content-Type", file.mimetype or "application/octet-stream")
-               self.set_header("Content-Length", len(blob))
+               # Check if we are asked to render a certain revision
+               revision = self.get_argument("revision", None)
+               comment = self.get_argument("comment", None)
 
-               # Set expires
-               self.set_expires(3600)
+               # Fetch the wiki page
+               page = self.backend.wiki.get_page(path, revision=revision)
 
-               # Deliver content
-               self.finish(blob)
+               with self.db.transaction():
+                       page = page.restore(
+                               author=self.current_user,
+                               address=self.get_remote_ip(),
+                               comment=comment,
+                       )
 
+               # Redirect back to page
+               self.redirect(page.page)
 
-class PageHandler(auth.CacheMixin, base.BaseHandler):
-       @property
-       def action(self):
-               return self.get_argument("action", None)
 
-       def write_error(self, status_code, **kwargs):
-               # Render a custom page for 404
-               if status_code == 404:
-                       self.render("wiki/404.html", **kwargs)
-                       return
+class ActionWatchHandler(base.BaseHandler):
+       @tornado.web.authenticated
+       @base.ratelimit(minutes=60, requests=180)
+       def get(self, path, action):
+               if path is None:
+                       path = "/"
 
-               # Otherwise raise this to one layer above
-               super().write_error(status_code, **kwargs)
+               page = self.backend.wiki.get_page(path)
+               if not page:
+                       raise tornado.web.HTTPError(404, "Page does not exist: %s" % path)
 
-       @tornado.web.removeslash
-       def get(self, path):
                # Check permissions
                if not self.backend.wiki.check_acl(path, self.current_user):
                        raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
 
-               # Check if we are asked to render a certain revision
-               revision = self.get_argument("revision", None)
+               with self.db.transaction():
+                       if action == "watch":
+                               page.add_watcher(self.current_user)
+                       elif action == "unwatch":
+                               page.remove_watcher(self.current_user)
 
-               # Fetch the wiki page
-               page = self.backend.wiki.get_page(path, revision=revision)
+               # Redirect back to page
+               self.redirect(page.url)
 
-               # Diff
-               if self.action == "diff":
-                       # Get both revisions
-                       a = self.get_argument("a")
-                       b = self.get_argument("b")
 
-                       # Fetch both versions of the page
-                       a = self.backend.wiki.get_page(path, revision=a)
-                       b = self.backend.wiki.get_page(path, revision=b)
-                       if not a or not b:
-                               raise tornado.web.HTTPError(404)
+class ActionRenderHandler(base.BaseHandler):
+       def check_xsrf_cookie(self):
+               pass # disabled
 
-                       # Cannot render a diff for the identical page
-                       if a == b:
-                               raise tornado.web.HTTPError(400)
+       @tornado.web.authenticated
+       @base.ratelimit(minutes=5, requests=180)
+       def post(self, path):
+               if path is None:
+                       path = "/"
 
-                       # Make sure that b is newer than a
-                       if a > b:
-                               a, b = b, a
+               content = self.get_argument("content")
 
-                       self.render("wiki/diff.html", page=page, a=a, b=b)
-                       return
+               # Render the content
+               html = self.backend.wiki.render(path, content)
 
-               # Revisions
-               elif self.action == "revisions":
-                       self.render("wiki/revisions.html", page=page)
-                       return
+               self.finish(html)
 
-               # If the page does not exist, we send 404
-               if not page or page.was_deleted():
-                       raise tornado.web.HTTPError(404)
 
-               # Fetch the latest revision
-               latest_revision = page.get_latest_revision()
+class FilesHandler(base.BaseHandler):
+       @tornado.web.authenticated
+       def get(self, path):
+               if path is None:
+                       path = "/"
 
-               # Render page
-               self.render("wiki/page.html", page=page, latest_revision=latest_revision)
+               # Check permissions
+               if not self.backend.wiki.check_acl(path, self.current_user):
+                       raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
 
+               files = self.backend.wiki.get_files(path)
+
+               self.render("wiki/files/index.html", path=path, files=files)
 
-class SearchHandler(auth.CacheMixin, base.BaseHandler):
-       @base.blacklisted
+
+class SearchHandler(base.BaseHandler):
+       @base.ratelimit(minutes=5, requests=25)
        def get(self):
                q = self.get_argument("q")
 
@@ -238,14 +220,19 @@ class SearchHandler(auth.CacheMixin, base.BaseHandler):
                self.render("wiki/search-results.html", q=q, pages=pages)
 
 
-class RecentChangesHandler(auth.CacheMixin, base.BaseHandler):
+class RecentChangesHandler(base.BaseHandler):
        def get(self):
                recent_changes = self.backend.wiki.get_recent_changes(self.current_user, limit=50)
 
                self.render("wiki/recent-changes.html", recent_changes=recent_changes)
 
 
-class WatchlistHandler(auth.CacheMixin, base.BaseHandler):
+class TreeHandler(base.BaseHandler):
+       def get(self):
+               self.render("wiki/tree.html", pages=self.backend.wiki)
+
+
+class WatchlistHandler(base.BaseHandler):
        @tornado.web.authenticated
        def get(self):
                pages = self.backend.wiki.get_watchlist(self.current_user)
@@ -253,58 +240,9 @@ class WatchlistHandler(auth.CacheMixin, base.BaseHandler):
                self.render("wiki/watchlist.html", pages=pages)
 
 
-class WikiDiffModule(ui_modules.UIModule):
-       differ = difflib.Differ()
-
-       def render(self, a, b):
-               diff = self.differ.compare(
-                       a.markdown.splitlines(),
-                       b.markdown.splitlines(),
-               )
-
-               return self.render_string("wiki/modules/diff.html", diff=diff)
-
-
 class WikiListModule(ui_modules.UIModule):
        def render(self, pages, link_revision=False, show_breadcrumbs=True,
                        show_author=True, show_changes=False):
                return self.render_string("wiki/modules/list.html", link_revision=link_revision,
                        pages=pages, show_breadcrumbs=show_breadcrumbs,
                        show_author=show_author, show_changes=show_changes)
-
-
-class WikiNavbarModule(ui_modules.UIModule):
-       @property
-       def path(self):
-               """
-                       Returns the path of the page (without any actions)
-               """
-               path = self.request.path.split("/")
-
-               if path and path[-1].startswith("_"):
-                       path.pop()
-
-               return "/".join(path)
-
-       def render(self, suffix=None):
-               _ = self.locale.translate
-
-               # Make the path
-               page = self.request.path.split("/")
-
-               # Drop the action bit
-               if page and page[-1].startswith("_"):
-                       page.pop()
-
-               page = "/".join(page)
-
-               breadcrumbs = self.backend.wiki.make_breadcrumbs(page)
-               title = self.backend.wiki.get_page_title(page)
-
-               if self.request.path.endswith("/_edit"):
-                       suffix = _("Edit")
-               elif self.request.path.endswith("/_files"):
-                       suffix = _("Files")
-
-               return self.render_string("wiki/modules/navbar.html",
-                       breadcrumbs=breadcrumbs, page=page, page_title=title, suffix=suffix)
The website of ipfire.org.