wiki: Only match usernames when a word starts with @

[ipfire.org.git] / src / web / wiki.py
diff --git a/src/web/wiki.py b/src/web/wiki.py

deleted file mode 100644 (file)

index 0c9858d..0000000
--- a/src/web/wiki.py
+++ /dev/null
@@ -1,142 +0,0 @@
-#!/usr/bin/python3
-
-import tornado.web
-
-from . import base
-from . import ui_modules
-
-class ActionUploadHandler(base.BaseHandler):
-       @tornado.web.authenticated
-       @base.ratelimit(minutes=60, requests=24)
-       def post(self):
-               path = self.get_argument("path")
-
-               # Check permissions
-               if not self.backend.wiki.check_acl(path, self.current_user):
-                       raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
-
-               try:
-                       filename, data, mimetype = self.get_file("file")
-
-                       # Use filename from request if any
-                       filename = self.get_argument("filename", filename)
-
-                       # XXX check valid mimetypes
-
-                       with self.db.transaction():
-                               file = self.backend.wiki.upload(path, filename, data,
-                                       mimetype=mimetype, author=self.current_user,
-                                       address=self.get_remote_ip())
-
-               except TypeError as e:
-                       raise e
-
-               self.redirect("%s/_files" % path)
-
-
-class ActionDeleteHandler(base.BaseHandler):
-       @tornado.web.authenticated
-       def get(self, path):
-               # Check permissions
-               if not self.backend.wiki.check_acl(path, self.current_user):
-                       raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
-
-               # Fetch the file
-               file = self.backend.wiki.get_file_by_path(path)
-               if not file:
-                       raise tornado.web.HTTPError(404, "Could not find %s" % path)
-
-               self.render("wiki/confirm-delete.html", file=file)
-
-       @tornado.web.authenticated
-       @base.ratelimit(minutes=60, requests=24)
-       def post(self, path):
-               # Check permissions
-               if not self.backend.wiki.check_acl(path, self.current_user):
-                       raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
-
-               # Fetch the file
-               file = self.backend.wiki.get_file_by_path(path)
-               if not file:
-                       raise tornado.web.HTTPError(404, "Could not find %s" % path)
-
-               with self.db.transaction():
-                       file.delete(self.current_user)
-
-               self.redirect("%s/_files" % file.path)
-
-
-class ActionRestoreHandler(base.BaseHandler):
-       @tornado.web.authenticated
-       @base.ratelimit(minutes=60, requests=24)
-       def post(self):
-               path = self.get_argument("path")
-
-               # Check permissions
-               if not self.backend.wiki.check_acl(path, self.current_user):
-                       raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
-
-               # Check if we are asked to render a certain revision
-               revision = self.get_argument("revision", None)
-               comment = self.get_argument("comment", None)
-
-               # Fetch the wiki page
-               page = self.backend.wiki.get_page(path, revision=revision)
-
-               with self.db.transaction():
-                       page = page.restore(
-                               author=self.current_user,
-                               address=self.get_remote_ip(),
-                               comment=comment,
-                       )
-
-               # Redirect back to page
-               self.redirect(page.page)
-
-
-class ActionWatchHandler(base.BaseHandler):
-       @tornado.web.authenticated
-       @base.ratelimit(minutes=60, requests=180)
-       def get(self, path, action):
-               if path is None:
-                       path = "/"
-
-               page = self.backend.wiki.get_page(path)
-               if not page:
-                       raise tornado.web.HTTPError(404, "Page does not exist: %s" % path)
-
-               # Check permissions
-               if not self.backend.wiki.check_acl(path, self.current_user):
-                       raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
-
-               with self.db.transaction():
-                       if action == "watch":
-                               page.add_watcher(self.current_user)
-                       elif action == "unwatch":
-                               page.remove_watcher(self.current_user)
-
-               # Redirect back to page
-               self.redirect(page.url)
-
-
-class FilesHandler(base.BaseHandler):
-       @tornado.web.authenticated
-       def get(self, path):
-               if path is None:
-                       path = "/"
-
-               # Check permissions
-               if not self.backend.wiki.check_acl(path, self.current_user):
-                       raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
-
-               files = self.backend.wiki.get_files(path)
-
-               self.render("wiki/files/index.html", path=path, files=files)
-
-
-class WikiListModule(ui_modules.UIModule):
-       def render(self, pages, link_revision=False, show_breadcrumbs=True,
-                       show_author=True, show_changes=False):
-               return self.render_string("wiki/modules/list.html", link_revision=link_revision,
-                       pages=pages, show_breadcrumbs=show_breadcrumbs,
-                       show_author=show_author, show_changes=show_changes)