summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--db.py2
-rwxr-xr-xfbin.py46
-rw-r--r--templates/__init__.py1
-rw-r--r--templates/delete.tmpl9
4 files changed, 56 insertions, 2 deletions
diff --git a/db.py b/db.py
index 3436ef3..eaf5f13 100644
--- a/db.py
+++ b/db.py
@@ -56,7 +56,7 @@ class File(Base):
def html(self):
return u'<a href="{root}f/{hash}/{filename}">{filename}</a> ' \
- '<sup><a href="{root}f/{hash}">1</a> <a href="{root}f/{hash}{ext}">2</a></sup> ({size}) on {date}'.format(
+ '<sup><a href="{root}f/{hash}">1</a> <a href="{root}f/{hash}{ext}">2</a> <a href="{root}d/{hash}">del</a></sup> ({size}) on {date}'.format(
root = settings.virtual_root, hash = self.hash, filename = self.filename, ext = os.path.splitext(self.filename)[1],
size = self.pretty_size(self.get_size()), date = self.date.strftime('%Y-%m-%d %H:%M:%S UTC'))
diff --git a/fbin.py b/fbin.py
index 5aaa6a1..5ca571b 100755
--- a/fbin.py
+++ b/fbin.py
@@ -141,6 +141,17 @@ class Application(object):
finally:
session.close()
+ def delete_file(self, file):
+ session = db.Session()
+ try:
+ session.delete(file)
+ session.commit()
+ os.unlink(file.get_path())
+ except:
+ raise
+ finally:
+ session.close()
+
def not_modified(self, environ, date):
if not 'HTTP_IF_MODIFIED_SINCE' in environ:
return False
@@ -471,6 +482,38 @@ class Application(object):
start_response('200 OK', [('Content-Type', 'image/jpeg'), ('Last-Modified', date.strftime(rfc1123_format))])
return open(thumbfile, 'rb')
+ def delete(self, environ, start_response, path):
+ c = Cookie.SimpleCookie(environ['HTTP_COOKIE'] if 'HTTP_COOKIE' in environ else None)
+ user = self.validate_cookie(c)
+ if user == None:
+ start_response('200 OK', [('Content-Type', 'text/html')])
+ return ['Not logged in.']
+ hash = path[1]
+ file = self.get_file(hash)
+ if file == None:
+ start_response('404 Not Found', [('Content-Type', 'text/html')])
+ return ['<h1>Not Found</h1><p>The file you requested does not exist.</p>']
+ if file.user_id != user.id:
+ start_response('403 Forbidden', [('Content-Type', 'text/html')])
+ return ['<h1>Forbidden</h1><p>You are not allowed to delete this file.</p>']
+ if environ['REQUEST_METHOD'] == 'POST':
+ try:
+ self.delete_file(file)
+ except Exception as e:
+ start_response('500 Internal Error', [('Content-Type', 'text/html')])
+ return ['Failed to delete file {filename} ({error}).'.format(filename = file.filename, error = str(e))]
+ else:
+ start_response('302 Found', [('Location', settings.virtual_root + 'u')])
+ return []
+ else:
+ start_response('200 OK', [('Content-Type', 'text/html')])
+ return str(templates.delete(searchList = {
+ 'root': settings.virtual_root,
+ 'user': user,
+ 'hash': hash,
+ 'filename': file.filename,
+ }))
+
f = file
u = upload
l = login
@@ -482,11 +525,12 @@ class Application(object):
o = logout
r = register
c = changepass
+ d = delete
def __call__(self, environ, start_response):
path = environ['PATH_INFO'].split('/')[1:]
module = path[0] if len(path) else ''
- if len(module) and module in 'fulshmitorc':
+ if len(module) and module in 'fulshmitorcd':
return getattr(self, module)(environ, start_response, path)
else:
start_response('302 Found', [('Location', settings.virtual_root + 'u')])
diff --git a/templates/__init__.py b/templates/__init__.py
index 5c9f28e..a8a47b8 100644
--- a/templates/__init__.py
+++ b/templates/__init__.py
@@ -6,3 +6,4 @@ from my import my
from images import images
from register import register
from changepass import changepass
+from delete import delete
diff --git a/templates/delete.tmpl b/templates/delete.tmpl
new file mode 100644
index 0000000..62216d5
--- /dev/null
+++ b/templates/delete.tmpl
@@ -0,0 +1,9 @@
+#def title: delete
+#def header: delete
+#extends templates.base
+#def content
+ <form method="post" action="${root}d/$hash">
+ <p>Are you sure you want to delete the file $filename?</p>
+ <p><input type="submit" value="Yes" /> <input type="button" value="No" onclick="document.location = '${root}u'" /></p>
+ </form>
+#end def