#!/usr/bin/python3
-import difflib
import tornado.web
-from . import auth
from . import base
from . import ui_modules
-class ActionEditHandler(auth.CacheMixin, base.BaseHandler):
+class ActionEditHandler(base.BaseHandler):
@tornado.web.authenticated
- def post(self):
- path = self.get_argument("path")
+ def get(self, path):
+ if path is None:
+ path = "/"
+
+ # Check permissions
+ if not self.backend.wiki.check_acl(path, self.current_user):
+ raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
+
+ # Fetch the wiki page
+ page = self.backend.wiki.get_page(path)
+
+ # Empty page if it was deleted
+ if page and page.was_deleted():
+ page = None
+
+ # Render page
+ self.render("wiki/edit.html", page=page, path=path)
+
+ @tornado.web.authenticated
+ def post(self, path):
+ if path is None:
+ path = "/"
# Check permissions
if not self.backend.wiki.check_acl(path, self.current_user):
page = self.backend.wiki.create_page(path,
self.current_user, content, changes=changes, address=self.get_remote_ip())
+ # Add user as a watcher if wanted
+ watch = self.get_argument("watch", False)
+ if watch:
+ page.add_watcher(self.current_user)
+
# Redirect back
if page.was_deleted():
self.redirect("/")
self.backend.wiki.refresh()
-class ActionUploadHandler(auth.CacheMixin, base.BaseHandler):
+class ActionUploadHandler(base.BaseHandler):
@tornado.web.authenticated
+ @base.ratelimit(minutes=60, requests=24)
def post(self):
path = self.get_argument("path")
try:
filename, data, mimetype = self.get_file("file")
+ # Use filename from request if any
+ filename = self.get_argument("filename", filename)
+
# XXX check valid mimetypes
with self.db.transaction():
except TypeError as e:
raise e
- self.redirect("%s/files" % path)
+ self.redirect("%s/_files" % path)
-class FilesHandler(auth.CacheMixin, base.BaseHandler):
+class ActionDeleteHandler(base.BaseHandler):
@tornado.web.authenticated
def get(self, path):
# Check permissions
if not self.backend.wiki.check_acl(path, self.current_user):
raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
- files = self.backend.wiki.get_files(path)
-
- self.render("wiki/files/index.html", path=path, files=files)
-
+ # Fetch the file
+ file = self.backend.wiki.get_file_by_path(path)
+ if not file:
+ raise tornado.web.HTTPError(404, "Could not find %s" % path)
-class FileHandler(base.BaseHandler):
- @property
- def action(self):
- return self.get_argument("action", None)
+ self.render("wiki/confirm-delete.html", file=file)
- def get(self, path):
+ @tornado.web.authenticated
+ @base.ratelimit(minutes=60, requests=24)
+ def post(self, path):
# Check permissions
if not self.backend.wiki.check_acl(path, self.current_user):
raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
if not file:
raise tornado.web.HTTPError(404, "Could not find %s" % path)
- # Render detail page
- if self.action == "detail":
- self.render("wiki/files/detail.html", file=file)
- return
+ with self.db.transaction():
+ file.delete(self.current_user)
- size = self.get_argument_int("s", None)
+ self.redirect("%s/_files" % file.path)
- # Check if image should be resized
- if file.is_image() and size:
- blob = file.get_thumbnail(size)
- else:
- blob = file.blob
- # Set headers
- self.set_header("Content-Type", file.mimetype or "application/octet-stream")
- self.set_header("Content-Length", len(blob))
+class ActionRestoreHandler(base.BaseHandler):
+ @tornado.web.authenticated
+ @base.ratelimit(minutes=60, requests=24)
+ def post(self):
+ path = self.get_argument("path")
- # Set expires
- self.set_expires(3600)
+ # Check permissions
+ if not self.backend.wiki.check_acl(path, self.current_user):
+ raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
- # Deliver content
- self.finish(blob)
+ # Check if we are asked to render a certain revision
+ revision = self.get_argument("revision", None)
+ comment = self.get_argument("comment", None)
+ # Fetch the wiki page
+ page = self.backend.wiki.get_page(path, revision=revision)
-class PageHandler(auth.CacheMixin, base.BaseHandler):
- @property
- def action(self):
- return self.get_argument("action", None)
+ with self.db.transaction():
+ page = page.restore(
+ author=self.current_user,
+ address=self.get_remote_ip(),
+ comment=comment,
+ )
- def write_error(self, status_code, **kwargs):
- # Render a custom page for 404
- if status_code == 404:
- self.render("wiki/404.html", **kwargs)
- return
+ # Redirect back to page
+ self.redirect(page.page)
- # Otherwise raise this to one layer above
- super().write_error(status_code, **kwargs)
- @tornado.web.removeslash
- def get(self, page):
- # Check permissions
- if not self.backend.wiki.check_acl(page, self.current_user):
- raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (page, self.current_user))
+class ActionWatchHandler(base.BaseHandler):
+ @tornado.web.authenticated
+ @base.ratelimit(minutes=60, requests=180)
+ def get(self, path, action):
+ if path is None:
+ path = "/"
- # Check if we are asked to render a certain revision
- revision = self.get_argument("revision", None)
+ page = self.backend.wiki.get_page(path)
+ if not page:
+ raise tornado.web.HTTPError(404, "Page does not exist: %s" % path)
- # Fetch the wiki page
- page = self.backend.wiki.get_page(page, revision=revision)
+ # Check permissions
+ if not self.backend.wiki.check_acl(path, self.current_user):
+ raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
- # Diff
- if self.action == "diff":
- # Get both revisions
- a = self.get_argument("a")
- b = self.get_argument("b")
+ with self.db.transaction():
+ if action == "watch":
+ page.add_watcher(self.current_user)
+ elif action == "unwatch":
+ page.remove_watcher(self.current_user)
- # Fetch both versions of the page
- a = self.backend.wiki.get_page(page.page, revision=a)
- b = self.backend.wiki.get_page(page.page, revision=b)
- if not a or not b:
- raise tornado.web.HTTPError(404)
+ # Redirect back to page
+ self.redirect(page.url)
- # Cannot render a diff for the identical page
- if a == b:
- raise tornado.web.HTTPError(400)
- # Make sure that b is newer than a
- if a > b:
- a, b = b, a
+class ActionRenderHandler(base.BaseHandler):
+ def check_xsrf_cookie(self):
+ pass # disabled
- self.render("wiki/diff.html", page=page, a=a, b=b)
- return
+ @tornado.web.authenticated
+ @base.ratelimit(minutes=5, requests=180)
+ def post(self, path):
+ if path is None:
+ path = "/"
- # Edit
- elif self.action == "edit":
- if not self.current_user:
- raise tornado.web.HTTPError(401)
+ content = self.get_argument("content")
- # Empty page if it was deleted
- if page and page.was_deleted():
- page = None
+ # Render the content
+ html = self.backend.wiki.render(path, content)
- # Render page
- self.render("wiki/edit.html", page=page)
- return
+ self.finish(html)
- # Revisions
- elif self.action == "revisions":
- self.render("wiki/revisions.html", page=page)
- return
- # If the page does not exist, we send 404
- if not page or page.was_deleted():
- raise tornado.web.HTTPError(404)
+class FilesHandler(base.BaseHandler):
+ @tornado.web.authenticated
+ def get(self, path):
+ if path is None:
+ path = "/"
- # Fetch the latest revision
- latest_revision = page.get_latest_revision()
+ # Check permissions
+ if not self.backend.wiki.check_acl(path, self.current_user):
+ raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
- # Render page
- self.render("wiki/page.html", page=page, latest_revision=latest_revision)
+ files = self.backend.wiki.get_files(path)
+
+ self.render("wiki/files/index.html", path=path, files=files)
-class SearchHandler(auth.CacheMixin, base.BaseHandler):
- @base.blacklisted
+class SearchHandler(base.BaseHandler):
+ @base.ratelimit(minutes=5, requests=25)
def get(self):
q = self.get_argument("q")
pages = self.backend.wiki.search(q, account=self.current_user, limit=50)
- self.render("wiki/search-results.html", q=q, pages=list(pages))
+ self.render("wiki/search-results.html", q=q, pages=pages)
-class RecentChangesHandler(auth.CacheMixin, base.BaseHandler):
+class RecentChangesHandler(base.BaseHandler):
def get(self):
recent_changes = self.backend.wiki.get_recent_changes(self.current_user, limit=50)
self.render("wiki/recent-changes.html", recent_changes=recent_changes)
-class WikiDiffModule(ui_modules.UIModule):
- differ = difflib.Differ()
+class TreeHandler(base.BaseHandler):
+ def get(self):
+ self.render("wiki/tree.html", pages=self.backend.wiki)
+
- def render(self, a, b):
- diff = self.differ.compare(
- a.markdown.splitlines(),
- b.markdown.splitlines(),
- )
+class WatchlistHandler(base.BaseHandler):
+ @tornado.web.authenticated
+ def get(self):
+ pages = self.backend.wiki.get_watchlist(self.current_user)
- return self.render_string("wiki/modules/diff.html", diff=diff)
+ self.render("wiki/watchlist.html", pages=pages)
class WikiListModule(ui_modules.UIModule):
- def render(self, pages, link_revision=False, show_breadcrumbs=True, show_changes=False):
+ def render(self, pages, link_revision=False, show_breadcrumbs=True,
+ show_author=True, show_changes=False):
return self.render_string("wiki/modules/list.html", link_revision=link_revision,
- pages=pages, show_breadcrumbs=show_breadcrumbs, show_changes=show_changes)
-
-
-class WikiNavbarModule(ui_modules.UIModule):
- def render(self, suffix=None):
- _ = self.locale.translate
-
- breadcrumbs = self.backend.wiki.make_breadcrumbs(self.request.path)
-
- # Don't search for a title for the file manager
- if self.request.path.endswith("/files"):
- title = _("Files")
- else:
- title = self.backend.wiki.get_page_title(self.request.path)
-
- return self.render_string("wiki/modules/navbar.html",
- breadcrumbs=breadcrumbs, page_title=title, suffix=suffix)
+ pages=pages, show_breadcrumbs=show_breadcrumbs,
+ show_author=show_author, show_changes=show_changes)