try:
filename, data, mimetype = self.get_file("file")
+ # Use filename from request if any
+ filename = self.get_argument("filename", filename)
+
# XXX check valid mimetypes
with self.db.transaction():
self.redirect("%s/_files" % path)
+class ActionDeleteHandler(auth.CacheMixin, base.BaseHandler):
+ @tornado.web.authenticated
+ def get(self, path):
+ # Check permissions
+ if not self.backend.wiki.check_acl(path, self.current_user):
+ raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
+
+ # Fetch the file
+ file = self.backend.wiki.get_file_by_path(path)
+ if not file:
+ raise tornado.web.HTTPError(404, "Could not find %s" % path)
+
+ self.render("wiki/confirm-delete.html", file=file)
+
+ @tornado.web.authenticated
+ @base.ratelimit(minutes=60, requests=24)
+ def post(self, path):
+ # Check permissions
+ if not self.backend.wiki.check_acl(path, self.current_user):
+ raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
+
+ # Fetch the file
+ file = self.backend.wiki.get_file_by_path(path)
+ if not file:
+ raise tornado.web.HTTPError(404, "Could not find %s" % path)
+
+ with self.db.transaction():
+ file.delete(self.current_user)
+
+ self.redirect("%s/_files" % file.path)
+
+
+class ActionRestoreHandler(auth.CacheMixin, base.BaseHandler):
+ @tornado.web.authenticated
+ @base.ratelimit(minutes=60, requests=24)
+ def post(self):
+ path = self.get_argument("path")
+
+ # Check permissions
+ if not self.backend.wiki.check_acl(path, self.current_user):
+ raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
+
+ # Check if we are asked to render a certain revision
+ revision = self.get_argument("revision", None)
+
+ # Fetch the wiki page
+ page = self.backend.wiki.get_page(path, revision=revision)
+
+ with self.db.transaction():
+ page = page.restore(
+ author=self.current_user, address=self.get_remote_ip(),
+ )
+
+ # Redirect back to page
+ self.redirect(page.page)
+
+
class ActionWatchHandler(auth.CacheMixin, base.BaseHandler):
@tornado.web.authenticated
@base.ratelimit(minutes=60, requests=180)
if not self.backend.wiki.check_acl(path, self.current_user):
raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
+ # Check if we are asked to render a certain revision
+ revision = self.get_argument("revision", None)
+
# Fetch the file
- file = self.backend.wiki.get_file_by_path(path)
+ file = self.backend.wiki.get_file_by_path(path, revision=revision)
if not file:
raise tornado.web.HTTPError(404, "Could not find %s" % path)
self.render("wiki/diff.html", page=page, a=a, b=b)
return
+ # Restore
+ elif self.action == "restore":
+ self.render("wiki/confirm-restore.html", page=page)
+ return
+
# Revisions
elif self.action == "revisions":
self.render("wiki/revisions.html", page=page)
# If the page does not exist, we send 404
if not page or page.was_deleted():
+ # Handle /start links which were in the format of DokuWiki
+ if path.endswith("/start"):
+ # Strip /start from path
+ path = path[:-6] or "/"
+
+ # Redirect user to page if it exists
+ page = self.backend.wiki.page_exists(path)
+ if page:
+ self.redirect(path)
+
raise tornado.web.HTTPError(404)
# Fetch the latest revision
class SearchHandler(auth.CacheMixin, base.BaseHandler):
- @base.blacklisted
- @base.ratelimit(minutes=15, requests=10)
+ @base.ratelimit(minutes=5, requests=25)
def get(self):
q = self.get_argument("q")