From baee8206b8338b1d4a9712eeec916d39da633ba6 Mon Sep 17 00:00:00 2001
From: Jon Bergli Heier <snakebite@jvnv.net>
Date: Sun, 1 Jan 2012 13:17:08 +0100
Subject: Added a 'del' link to allow deleting files.

---
 fbin.py | 46 +++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

(limited to 'fbin.py')

diff --git a/fbin.py b/fbin.py
index 5aaa6a1..5ca571b 100755
--- a/fbin.py
+++ b/fbin.py
@@ -141,6 +141,17 @@ class Application(object):
 		finally:
 			session.close()
 
+	def delete_file(self, file):
+		session = db.Session()
+		try:
+			session.delete(file)
+			session.commit()
+			os.unlink(file.get_path())
+		except:
+			raise
+		finally:
+			session.close()
+
 	def not_modified(self, environ, date):
 		if not 'HTTP_IF_MODIFIED_SINCE' in environ:
 			return False
@@ -471,6 +482,38 @@ class Application(object):
 		start_response('200 OK', [('Content-Type', 'image/jpeg'), ('Last-Modified', date.strftime(rfc1123_format))])
 		return open(thumbfile, 'rb')
 
+	def delete(self, environ, start_response, path):
+		c = Cookie.SimpleCookie(environ['HTTP_COOKIE'] if 'HTTP_COOKIE' in environ else None)
+		user = self.validate_cookie(c)
+		if user == None:
+			start_response('200 OK', [('Content-Type', 'text/html')])
+			return ['Not logged in.']
+		hash = path[1]
+		file = self.get_file(hash)
+		if file == None:
+			start_response('404 Not Found', [('Content-Type', 'text/html')])
+			return ['<h1>Not Found</h1><p>The file you requested does not exist.</p>']
+		if file.user_id != user.id:
+			start_response('403 Forbidden', [('Content-Type', 'text/html')])
+			return ['<h1>Forbidden</h1><p>You are not allowed to delete this file.</p>']
+		if environ['REQUEST_METHOD'] == 'POST':
+			try:
+				self.delete_file(file)
+			except Exception as e:
+				start_response('500 Internal Error', [('Content-Type', 'text/html')])
+				return ['Failed to delete file {filename} ({error}).'.format(filename = file.filename, error = str(e))]
+			else:
+				start_response('302 Found', [('Location', settings.virtual_root + 'u')])
+				return []
+		else:
+			start_response('200 OK', [('Content-Type', 'text/html')])
+			return str(templates.delete(searchList = {
+				'root': settings.virtual_root,
+				'user': user,
+				'hash': hash,
+				'filename': file.filename,
+			}))
+
 	f = file
 	u = upload
 	l = login
@@ -482,11 +525,12 @@ class Application(object):
 	o = logout
 	r = register
 	c = changepass
+	d = delete
 
 	def __call__(self, environ, start_response):
 		path = environ['PATH_INFO'].split('/')[1:]
 		module = path[0] if len(path) else ''
-		if len(module) and module in 'fulshmitorc':
+		if len(module) and module in 'fulshmitorcd':
 			return getattr(self, module)(environ, start_response, path)
 		else:
 			start_response('302 Found', [('Location', settings.virtual_root + 'u')])
-- 
cgit v1.2.3