diff options
-rw-r--r-- | db.py | 2 | ||||
-rwxr-xr-x | fbin.py | 46 | ||||
-rw-r--r-- | templates/__init__.py | 1 | ||||
-rw-r--r-- | templates/delete.tmpl | 9 |
4 files changed, 56 insertions, 2 deletions
@@ -56,7 +56,7 @@ class File(Base): def html(self): return u'<a href="{root}f/{hash}/{filename}">{filename}</a> ' \ - '<sup><a href="{root}f/{hash}">1</a> <a href="{root}f/{hash}{ext}">2</a></sup> ({size}) on {date}'.format( + '<sup><a href="{root}f/{hash}">1</a> <a href="{root}f/{hash}{ext}">2</a> <a href="{root}d/{hash}">del</a></sup> ({size}) on {date}'.format( root = settings.virtual_root, hash = self.hash, filename = self.filename, ext = os.path.splitext(self.filename)[1], size = self.pretty_size(self.get_size()), date = self.date.strftime('%Y-%m-%d %H:%M:%S UTC')) @@ -141,6 +141,17 @@ class Application(object): finally: session.close() + def delete_file(self, file): + session = db.Session() + try: + session.delete(file) + session.commit() + os.unlink(file.get_path()) + except: + raise + finally: + session.close() + def not_modified(self, environ, date): if not 'HTTP_IF_MODIFIED_SINCE' in environ: return False @@ -471,6 +482,38 @@ class Application(object): start_response('200 OK', [('Content-Type', 'image/jpeg'), ('Last-Modified', date.strftime(rfc1123_format))]) return open(thumbfile, 'rb') + def delete(self, environ, start_response, path): + c = Cookie.SimpleCookie(environ['HTTP_COOKIE'] if 'HTTP_COOKIE' in environ else None) + user = self.validate_cookie(c) + if user == None: + start_response('200 OK', [('Content-Type', 'text/html')]) + return ['Not logged in.'] + hash = path[1] + file = self.get_file(hash) + if file == None: + start_response('404 Not Found', [('Content-Type', 'text/html')]) + return ['<h1>Not Found</h1><p>The file you requested does not exist.</p>'] + if file.user_id != user.id: + start_response('403 Forbidden', [('Content-Type', 'text/html')]) + return ['<h1>Forbidden</h1><p>You are not allowed to delete this file.</p>'] + if environ['REQUEST_METHOD'] == 'POST': + try: + self.delete_file(file) + except Exception as e: + start_response('500 Internal Error', [('Content-Type', 'text/html')]) + return ['Failed to delete file {filename} ({error}).'.format(filename = file.filename, error = str(e))] + else: + start_response('302 Found', [('Location', settings.virtual_root + 'u')]) + return [] + else: + start_response('200 OK', [('Content-Type', 'text/html')]) + return str(templates.delete(searchList = { + 'root': settings.virtual_root, + 'user': user, + 'hash': hash, + 'filename': file.filename, + })) + f = file u = upload l = login @@ -482,11 +525,12 @@ class Application(object): o = logout r = register c = changepass + d = delete def __call__(self, environ, start_response): path = environ['PATH_INFO'].split('/')[1:] module = path[0] if len(path) else '' - if len(module) and module in 'fulshmitorc': + if len(module) and module in 'fulshmitorcd': return getattr(self, module)(environ, start_response, path) else: start_response('302 Found', [('Location', settings.virtual_root + 'u')]) diff --git a/templates/__init__.py b/templates/__init__.py index 5c9f28e..a8a47b8 100644 --- a/templates/__init__.py +++ b/templates/__init__.py @@ -6,3 +6,4 @@ from my import my from images import images from register import register from changepass import changepass +from delete import delete diff --git a/templates/delete.tmpl b/templates/delete.tmpl new file mode 100644 index 0000000..62216d5 --- /dev/null +++ b/templates/delete.tmpl @@ -0,0 +1,9 @@ +#def title: delete +#def header: delete +#extends templates.base +#def content + <form method="post" action="${root}d/$hash"> + <p>Are you sure you want to delete the file $filename?</p> + <p><input type="submit" value="Yes" /> <input type="button" value="No" onclick="document.location = '${root}u'" /></p> + </form> +#end def |