</div>
</div>
- <a class="btn btn-primary btn-block mb-3" href="{{ request.path }}?action=edit">
+ <a class="btn btn-primary btn-block mb-3" href="/actions/edit{{ request.path }}">
<span class="fas fa-edit mr-2"></span> {{ _("Edit Page") }}
{% if not current_user %}‐ {{ _("Yes, you can edit!") }}{% end %}
</a>
authentication_handlers + [
# Actions
- (r"/actions/edit", wiki.ActionEditHandler),
+ (r"/actions/edit([A-Za-z0-9\-_\/]+)", wiki.ActionEditHandler),
(r"/action/(watch|unwatch)(.*)", wiki.ActionWatchHandler),
(r"/actions/upload", wiki.ActionUploadHandler),
class ActionEditHandler(auth.CacheMixin, base.BaseHandler):
@tornado.web.authenticated
- def post(self):
- path = self.get_argument("path")
+ def get(self, path):
+ # Check permissions
+ if not self.backend.wiki.check_acl(path, self.current_user):
+ raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
+
+ # Fetch the wiki page
+ page = self.backend.wiki.get_page(path)
+ # Empty page if it was deleted
+ if page and page.was_deleted():
+ page = None
+
+ # Render page
+ self.render("wiki/edit.html", page=page)
+
+ @tornado.web.authenticated
+ def post(self, path):
# Check permissions
if not self.backend.wiki.check_acl(path, self.current_user):
raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
self.render("wiki/diff.html", page=page, a=a, b=b)
return
- # Edit
- elif self.action == "edit":
- if not self.current_user:
- raise tornado.web.HTTPError(401)
-
- # Empty page if it was deleted
- if page and page.was_deleted():
- page = None
-
- # Render page
- self.render("wiki/edit.html", page=page)
- return
-
# Revisions
elif self.action == "revisions":
self.render("wiki/revisions.html", page=page)
projects / ipfire.org.git / commitdiff
