(r"/test", handlers.TestHandler),
# Uploads
- (r"/uploads", uploads.CreateHandler),
+ (r"/uploads", uploads.IndexHandler),
],
# Forward any other settings
from .. import users
@tornado.web.stream_request_body
-class CreateHandler(BaseHandler):
+class IndexHandler(BaseHandler):
def initialize(self):
# Buffer to cache the uploaded content
self.buffer = io.BytesIO()
"id" : upload.uuid,
"expires_at" : upload.expires_at.isoformat(),
})
+
+ @tornado.web.authenticated
+ async def delete(self):
+ """
+ Deletes an upload with a certain UUID
+ """
+ # Fetch the UUID
+ uuid = self.get_argument("id")
+
+ # Fetch the upload
+ upload = self.backend.uploads.get_by_uuid(uuid)
+ if not upload:
+ raise tornado.web.HTTPError(404, "Could not find upload %s" % uuid)
+
+ # Check for permissions
+ if not upload.has_perm(self.current_user):
+ raise tornado.web.HTTPError(403, "%s has no permission to delete %s" \
+ % (self.current_user, upload))
+
+ # Delete the upload
+ with self.db.transaction():
+ await upload.delete()
+
+ self.finish({
+ "status" : "ok",
+ })
projects / pbs.git / commitdiff
