def admin_file_list():
if not auth.can_create():
return abort(403)
return render_template('admin-list-file.html',
files=File.select(File.uuid, File.filename,
File.mimetype, File.hash,
File.encrypted),
filehash=filehash)
def admin_article_list():
if not auth.can_create():
return abort(403)
return render_template(
'admin-list-article.html',
articles=Article.select(Article.slug, Article.title, Article.subtitle,
Article.author, Article.listed,
Article.encrypted,
Article.date).order_by(-Article.date))
def edit_file(uuid):
if not auth.can_create():
return abort(403)
create = False
try:
file = File.get(File.uuid == uuid)
except File.DoesNotExist:
file = File()
file.uuid = uuid
create = True
if request.method == 'GET':
if not file.encrypted:
return render_template('edit-file.html',
file=file,
password='',
filehash=filehash)
else:
return render_template('unlock-file.html', file=file), 401
elif request.method == 'POST':
if request.form['action'] == 'unlock':
try:
file.decrypt_in_place(request.form['password'])
except ValueError:
return render_template('unlock-file.html',
file=file,
error=True)
return render_template('edit-file.html',
file=file,
password=request.form['password'],
filehash=filehash)
elif request.form['action'] == 'edit':
file_content = request.files.get('content').read()
if file_content:
file.set_content(file_content)
file.mimetype = request.form['mimetype'] or (
request.files['content'].mimetype if file_content else
None) or file.mimetype or 'application/octet-stream'
try:
file.decrypt_in_place(request.form.get('old_password'))
except ValueError:
return render_template('unlock-file.html',
file=file,
error=True), 401
if request.form.get('password'):
file.encrypt_in_place(request.form['password'])
file.filename = request.form['filename'] or (
request.files['content'].filename
if file_content else None) or file.filename or 'untitled.bin'
file.save(force_insert=create)
return redirect(url_for('file.edit_file', uuid=uuid))
def edit_article(slug):
create = False
try:
article = Article.get(Article.slug == slug)
except Article.DoesNotExist:
article = Article()
article.slug = slug
create = True
if create and not auth.can_create():
return abort(403)
if not create and not auth.can_edit(article):
return abort(403)
if request.method == 'GET':
if not article.encrypted:
time = article.date.time().strftime('%H:%M:%S')
date = article.date.date().strftime('%Y-%m-%d')
tags = [i.tag for i in article.tags.join(Tag)]
return render_template('edit-article.html',
article=article,
authors=Author.select(),
article_body=str(article.content or b'',
'utf-8'),
time=time,
date=date,
tags=tags,
this_user=auth.get_user(True))
else:
return render_template('unlock-article.html', article=article)
elif request.method == 'POST':
if request.form['action'] == 'edit':
with db.atomic():
after_save = []
article.content = request.form.get(
'content') or article.content
article.title = request.form.get('title') or article.title
article.subtitle = request.form.get(
'subtitle') or article.subtitle
article.slug = request.form.get('slug') or article.slug
this_user = auth.get_user(True)
try:
author = Author.get(
Author.slug == (request.form.get('author') or ''))
if this_user.is_editor:
article.author = author
else:
article.author = this_user
except Author.DoesNotExist:
article.author = this_user
def add_tags():
for tag in (request.form.get('tags') or '').split(','):
if tag:
tag = tag.strip()
tag_row, _ = Tag.get_or_create(slug=tag)
ArticleTag.get_or_create(tag=tag_row,
article=article)
after_save.append(add_tags)
time = request.form.get(
'time') or article.date.time().strftime('%H:%M:%S')
date = request.form.get(
'date') or article.date.date().strftime('%Y-%m-%d')
article.date = datetime.datetime.fromisoformat(date + 'T' +
time)
article.listed = request.form.get('listed') == 'on'
article.content = bytes(request.form.get('content'),
'utf-8') or article.content
article.format = request.form.get('format') or article.format
try:
crop = int(request.form.get('crop_at_paragraph'))
except:
crop = article.crop_at_paragraph
article.crop_at_paragraph = crop
article.encrypted = False
password = request.form.get('password') or ''
if password != '':
after_save.append(
lambda: article.encrypt_in_place(password))
version = request.form.get('version') or ''
if (version != str(article.version)) and not create:
tags = []
class Null:
pass
for tag in (request.form.get('tags') or '').split(','):
obj = Null()
obj.slug = tag
tags.append(obj)
return render_template('edit-article.html',
article=article,
authors=Author.select(),
wrong_version=True,
time=time,
date=date,
article_body=str(
article.content, 'utf-8'),
tags=tags,
this_user=auth.get_user(True))
article.version = uuid.uuid4()
article.save(force_insert=create)
for func in after_save:
func()
return redirect(
url_for('article.view_article', slug=article.slug))
elif request.form['action'] == 'unlock':
try:
content = article.decrypt(request.form['password'])
except ValueError:
return render_template('unlock-article.html',
article=article,
error=True)
time = article.date.time().strftime('%H:%M:%S')
date = article.date.date().strftime('%Y-%m-%d')
tags = [i.tag for i in article.tags.join(Tag)]
return render_template('edit-article.html',
article=article,
authors=Author.select(),
article_body=str(content or b'', 'utf-8'),
time=time,
date=date,
password=request.form['password'],
tags=tags,
this_user=auth.get_user(True))
def creation_tools():
if auth.can_create():
return render_template('creation-tools.html',
is_editor=auth.is_editor(),
db_size=os.path.getsize(DB_PATH))
return abort(403)
def vacuum_db():
if not auth.can_create():
return abort(403)
db.execute_sql('vacuum;')
return redirect(url_for('creation_tools'))