Added a 'del' link to allow deleting files.

4 files changed, 56 insertions, 2 deletions

diff --git a/db.py b/db.py
index 3436ef3..eaf5f13 100644
--- a/db.py
+++ b/db.py
@@ -56,7 +56,7 @@ class File(Base):
 
 	def html(self):
 		return u'<a href="{root}f/{hash}/{filename}">{filename}</a> ' \
-				'<sup><a href="{root}f/{hash}">1</a> <a href="{root}f/{hash}{ext}">2</a></sup> ({size}) on {date}'.format(
+				'<sup><a href="{root}f/{hash}">1</a> <a href="{root}f/{hash}{ext}">2</a> <a href="{root}d/{hash}">del</a></sup> ({size}) on {date}'.format(
 			root = settings.virtual_root, hash = self.hash, filename = self.filename, ext = os.path.splitext(self.filename)[1],
 			size = self.pretty_size(self.get_size()), date = self.date.strftime('%Y-%m-%d %H:%M:%S UTC'))
 
diff --git a/fbin.py b/fbin.py
index 5aaa6a1..5ca571b 100755
--- a/fbin.py
+++ b/fbin.py
@@ -141,6 +141,17 @@ class Application(object):
 		finally:
 			session.close()
 
+	def delete_file(self, file):
+		session = db.Session()
+		try:
+			session.delete(file)
+			session.commit()
+			os.unlink(file.get_path())
+		except:
+			raise
+		finally:
+			session.close()
+
 	def not_modified(self, environ, date):
 		if not 'HTTP_IF_MODIFIED_SINCE' in environ:
 			return False
@@ -471,6 +482,38 @@ class Application(object):
 		start_response('200 OK', [('Content-Type', 'image/jpeg'), ('Last-Modified', date.strftime(rfc1123_format))])
 		return open(thumbfile, 'rb')
 
+	def delete(self, environ, start_response, path):
+		c = Cookie.SimpleCookie(environ['HTTP_COOKIE'] if 'HTTP_COOKIE' in environ else None)
+		user = self.validate_cookie(c)
+		if user == None:
+			start_response('200 OK', [('Content-Type', 'text/html')])
+			return ['Not logged in.']
+		hash = path[1]
+		file = self.get_file(hash)
+		if file == None:
+			start_response('404 Not Found', [('Content-Type', 'text/html')])
+			return ['<h1>Not Found</h1><p>The file you requested does not exist.</p>']
+		if file.user_id != user.id:
+			start_response('403 Forbidden', [('Content-Type', 'text/html')])
+			return ['<h1>Forbidden</h1><p>You are not allowed to delete this file.</p>']
+		if environ['REQUEST_METHOD'] == 'POST':
+			try:
+				self.delete_file(file)
+			except Exception as e:
+				start_response('500 Internal Error', [('Content-Type', 'text/html')])
+				return ['Failed to delete file {filename} ({error}).'.format(filename = file.filename, error = str(e))]
+			else:
+				start_response('302 Found', [('Location', settings.virtual_root + 'u')])
+				return []
+		else:
+			start_response('200 OK', [('Content-Type', 'text/html')])
+			return str(templates.delete(searchList = {
+				'root': settings.virtual_root,
+				'user': user,
+				'hash': hash,
+				'filename': file.filename,
+			}))
+
 	f = file
 	u = upload
 	l = login
@@ -482,11 +525,12 @@ class Application(object):
 	o = logout
 	r = register
 	c = changepass
+	d = delete
 
 	def __call__(self, environ, start_response):
 		path = environ['PATH_INFO'].split('/')[1:]
 		module = path[0] if len(path) else ''
-		if len(module) and module in 'fulshmitorc':
+		if len(module) and module in 'fulshmitorcd':
 			return getattr(self, module)(environ, start_response, path)
 		else:
 			start_response('302 Found', [('Location', settings.virtual_root + 'u')])
diff --git a/templates/__init__.py b/templates/__init__.py
index 5c9f28e..a8a47b8 100644
--- a/templates/__init__.py
+++ b/templates/__init__.py
@@ -6,3 +6,4 @@ from my import my
 from images import images
 from register import register
 from changepass import changepass
+from delete import delete
diff --git a/templates/delete.tmpl b/templates/delete.tmpl
new file mode 100644
index 0000000..62216d5
--- /dev/null
+++ b/templates/delete.tmpl
@@ -0,0 +1,9 @@
+#def title: delete
+#def header: delete
+#extends templates.base
+#def content
+		<form method="post" action="${root}d/$hash">
+			<p>Are you sure you want to delete the file $filename?</p>
+			<p><input type="submit" value="Yes" /> <input type="button" value="No" onclick="document.location = '${root}u'" /></p>
+		</form>
+#end def