# HG changeset patch # User Ludovic Chabant # Date 1515653562 28800 # Node ID faa4c84672911f84574714669a9c436a6357f81e # Parent 038b22935250bc6fee583b84db26de37f9a560fa web: Improve upload workflow. - Add 'upload' and 'wikiupload' permissions, and check for them. - Fix the message about what the syntax is for using files in pages. - Fix uploading files to endpoint pages. diff -r 038b22935250 -r faa4c8467291 wikked/auth.py --- a/wikked/auth.py Wed Jan 10 22:51:39 2018 -0800 +++ b/wikked/auth.py Wed Jan 10 22:52:42 2018 -0800 @@ -14,12 +14,14 @@ PERM_HISTORY = 2**4 PERM_REVERT = 2**5 PERM_SEARCH = 2**6 +PERM_UPLOAD = 2**7 # Site-wide premissions. -PERM_INDEX = 2**7 -PERM_LIST = 2**8 -PERM_LISTREFRESH = 2**9 -PERM_WIKIHISTORY = 2**10 -PERM_USERS = 2**11 +PERM_INDEX = 2**8 +PERM_LIST = 2**9 +PERM_LISTREFRESH = 2**10 +PERM_WIKIHISTORY = 2**11 +PERM_WIKIUPLOAD = 2**12 +PERM_USERS = 2**13 PERM_NAMES = { # Page permissions. @@ -31,11 +33,13 @@ 'history': PERM_HISTORY, 'revert': PERM_REVERT, 'search': PERM_SEARCH, + 'upload': PERM_UPLOAD, # Site-wide permissions. 'index': PERM_INDEX, 'list': PERM_LIST, 'listrefresh': PERM_LISTREFRESH, 'wikihistory': PERM_WIKIHISTORY, + 'wikiupload': PERM_WIKIUPLOAD, 'users': PERM_USERS, # Aliases 'write': PERM_EDIT, @@ -47,9 +51,9 @@ DEFAULT_USER_ROLES = { 'reader': (PERM_READ | PERM_HISTORY), - 'contributor': (PERM_READ | PERM_EDIT | PERM_HISTORY), + 'contributor': (PERM_READ | PERM_EDIT | PERM_HISTORY | PERM_UPLOAD), 'editor': (PERM_READ | PERM_EDIT | PERM_CREATE | PERM_DELETE | - PERM_HISTORY | PERM_REVERT), + PERM_HISTORY | PERM_REVERT | PERM_UPLOAD | PERM_WIKIUPLOAD), 'admin': 0xffff } diff -r 038b22935250 -r faa4c8467291 wikked/templates/upload-file.html --- a/wikked/templates/upload-file.html Wed Jan 10 22:51:39 2018 -0800 +++ b/wikked/templates/upload-file.html Wed Jan 10 22:52:42 2018 -0800 @@ -8,9 +8,13 @@ {% if success %}

File Uploaded!

-

The file is accessible with the following syntax: {%raw%}{{file: {%endraw%}{{success.example}}{%raw%}}}{%endraw%}

+

The file URL is accessible with the following syntax: [[file: {{success.example}}]]

+

Media files can be embedded easily in a page:

+

{% if success.is_page_specific %} -

Note: this syntax is valid only on the current page.

+

Note: these syntaxes are only valid on the current page.

{% endif %}
{% else %} diff -r 038b22935250 -r faa4c8467291 wikked/views/edit.py --- a/wikked/views/edit.py Wed Jan 10 22:51:39 2018 -0800 +++ b/wikked/views/edit.py Wed Jan 10 22:52:42 2018 -0800 @@ -98,27 +98,28 @@ @requires_permission('create') def upload_file(): p = request.args.get('p') + p_url = url_from_viewarg(p) data = { 'post_back': url_for('upload_file', p=p), - 'for_page': p + 'for_page': p_url } add_auth_data(data) - add_navigation_data(p, data) + add_navigation_data(p_url, data) if request.method == 'GET': return render_template('upload-file.html', **data) if request.method == 'POST': - wiki = get_wiki() - user = current_user.get_id() or request.remote_addr - for_url = None is_page_specific = (request.form.get('is_page_specific') == 'true') if is_page_specific: - for_url = p + for_url = p_url + wiki = get_wiki() + user = current_user.get_id() res = do_upload_file( wiki, user, request.files.get('file'), + commit_user=(user or request.remote_addr), for_url=for_url) data['success'] = { diff -r 038b22935250 -r faa4c8467291 wikked/webimpl/edit.py --- a/wikked/webimpl/edit.py Wed Jan 10 22:51:39 2018 -0800 +++ b/wikked/webimpl/edit.py Wed Jan 10 22:52:42 2018 -0800 @@ -2,12 +2,14 @@ import logging import urllib.parse from werkzeug.utils import secure_filename +from wikked.auth import PERM_UPLOAD, PERM_WIKIUPLOAD from wikked.page import Page, PageData from wikked.formatter import PageFormatter, FormattingContext from wikked.resolver import PageResolver from wikked.utils import PageNotFoundError from wikked.webimpl import ( - get_page_or_raise, get_page_meta, make_page_title) + get_page_or_raise, get_page_meta, make_page_title, + UserPermissionError) logger = logging.getLogger(__name__) @@ -107,20 +109,31 @@ return dummy.text -def do_upload_file(wiki, user, reqfile, for_url=None, submit=True): +def do_upload_file(wiki, user, reqfile, for_url=None, commit_user=False, + submit=True): if not reqfile: raise Exception("No file was specified.") if not reqfile.filename: raise Exception("No file name was specified.") - # TODO: check permissions for the user. + # Check permissions for the user. + if for_url: + for_page = get_page_or_raise(wiki, for_url, + fields=['url', 'local_meta']) + if not wiki.auth.hasPagePermission(for_page, user, PERM_UPLOAD): + raise UserPermissionError( + "You don't have permission to upload files to this page.") + else: + if not wiki.auth.hasPermission(user, PERM_WIKIUPLOAD): + raise UserPermissionError( + "You don't have permission to upload files.") filename = secure_filename(reqfile.filename) - files_dir = os.path.join(wiki.root, '_files') - upload_dir = files_dir + upload_dir = os.path.join(wiki.root, '_files') if for_url: - upload_dir = os.path.join(wiki.root, for_url) + fs_info = wiki.fs.findPageInfo(for_url) + upload_dir, _ = os.path.splitext(fs_info.path) path = os.path.join(upload_dir, filename) path = os.path.normpath(path) @@ -134,14 +147,14 @@ # Commit the file to the source-control. if submit: commit_meta = { - 'author': user, + 'author': commit_user, 'message': "Uploaded '%s'." % filename} wiki.scm.commit([path], commit_meta) if for_url: example = './%s' % filename else: - example = os.path.relpath(path, files_dir) + example = filename result = { 'example': example }