def admin_file_list(): if not auth.can_create(): return abort(403) return render_template('admin-list-file.html', files=File.select(File.uuid, File.filename, File.mimetype, File.hash, File.encrypted), filehash=filehash)
def admin_article_list(): if not auth.can_create(): return abort(403) return render_template( 'admin-list-article.html', articles=Article.select(Article.slug, Article.title, Article.subtitle, Article.author, Article.listed, Article.encrypted, Article.date).order_by(-Article.date))
def edit_file(uuid): if not auth.can_create(): return abort(403) create = False try: file = File.get(File.uuid == uuid) except File.DoesNotExist: file = File() file.uuid = uuid create = True if request.method == 'GET': if not file.encrypted: return render_template('edit-file.html', file=file, password='', filehash=filehash) else: return render_template('unlock-file.html', file=file), 401 elif request.method == 'POST': if request.form['action'] == 'unlock': try: file.decrypt_in_place(request.form['password']) except ValueError: return render_template('unlock-file.html', file=file, error=True) return render_template('edit-file.html', file=file, password=request.form['password'], filehash=filehash) elif request.form['action'] == 'edit': file_content = request.files.get('content').read() if file_content: file.set_content(file_content) file.mimetype = request.form['mimetype'] or ( request.files['content'].mimetype if file_content else None) or file.mimetype or 'application/octet-stream' try: file.decrypt_in_place(request.form.get('old_password')) except ValueError: return render_template('unlock-file.html', file=file, error=True), 401 if request.form.get('password'): file.encrypt_in_place(request.form['password']) file.filename = request.form['filename'] or ( request.files['content'].filename if file_content else None) or file.filename or 'untitled.bin' file.save(force_insert=create) return redirect(url_for('file.edit_file', uuid=uuid))
def edit_article(slug): create = False try: article = Article.get(Article.slug == slug) except Article.DoesNotExist: article = Article() article.slug = slug create = True if create and not auth.can_create(): return abort(403) if not create and not auth.can_edit(article): return abort(403) if request.method == 'GET': if not article.encrypted: time = article.date.time().strftime('%H:%M:%S') date = article.date.date().strftime('%Y-%m-%d') tags = [i.tag for i in article.tags.join(Tag)] return render_template('edit-article.html', article=article, authors=Author.select(), article_body=str(article.content or b'', 'utf-8'), time=time, date=date, tags=tags, this_user=auth.get_user(True)) else: return render_template('unlock-article.html', article=article) elif request.method == 'POST': if request.form['action'] == 'edit': with db.atomic(): after_save = [] article.content = request.form.get( 'content') or article.content article.title = request.form.get('title') or article.title article.subtitle = request.form.get( 'subtitle') or article.subtitle article.slug = request.form.get('slug') or article.slug this_user = auth.get_user(True) try: author = Author.get( Author.slug == (request.form.get('author') or '')) if this_user.is_editor: article.author = author else: article.author = this_user except Author.DoesNotExist: article.author = this_user def add_tags(): for tag in (request.form.get('tags') or '').split(','): if tag: tag = tag.strip() tag_row, _ = Tag.get_or_create(slug=tag) ArticleTag.get_or_create(tag=tag_row, article=article) after_save.append(add_tags) time = request.form.get( 'time') or article.date.time().strftime('%H:%M:%S') date = request.form.get( 'date') or article.date.date().strftime('%Y-%m-%d') article.date = datetime.datetime.fromisoformat(date + 'T' + time) article.listed = request.form.get('listed') == 'on' article.content = bytes(request.form.get('content'), 'utf-8') or article.content article.format = request.form.get('format') or article.format try: crop = int(request.form.get('crop_at_paragraph')) except: crop = article.crop_at_paragraph article.crop_at_paragraph = crop article.encrypted = False password = request.form.get('password') or '' if password != '': after_save.append( lambda: article.encrypt_in_place(password)) version = request.form.get('version') or '' if (version != str(article.version)) and not create: tags = [] class Null: pass for tag in (request.form.get('tags') or '').split(','): obj = Null() obj.slug = tag tags.append(obj) return render_template('edit-article.html', article=article, authors=Author.select(), wrong_version=True, time=time, date=date, article_body=str( article.content, 'utf-8'), tags=tags, this_user=auth.get_user(True)) article.version = uuid.uuid4() article.save(force_insert=create) for func in after_save: func() return redirect( url_for('article.view_article', slug=article.slug)) elif request.form['action'] == 'unlock': try: content = article.decrypt(request.form['password']) except ValueError: return render_template('unlock-article.html', article=article, error=True) time = article.date.time().strftime('%H:%M:%S') date = article.date.date().strftime('%Y-%m-%d') tags = [i.tag for i in article.tags.join(Tag)] return render_template('edit-article.html', article=article, authors=Author.select(), article_body=str(content or b'', 'utf-8'), time=time, date=date, password=request.form['password'], tags=tags, this_user=auth.get_user(True))
def creation_tools(): if auth.can_create(): return render_template('creation-tools.html', is_editor=auth.is_editor(), db_size=os.path.getsize(DB_PATH)) return abort(403)
def vacuum_db(): if not auth.can_create(): return abort(403) db.execute_sql('vacuum;') return redirect(url_for('creation_tools'))