implement /danger/upload-snapshot defroute in web.lisp file.

I, also, replaced some 'logged-in' permission checks to 'administrator' in
several defroutes (mostly 'danger-zone' routes).

This is the back-end functionality which allows users to upload Snapshots (in
.zip files) to the /snapshot directory.

The route accepts multi-file uploads and ignores files which are not either a
.zip file or if a file has the same name as one of the Snapshots already in the
/snapshots directory.

Technically, the user can upload several files at once which are not .zip files
and the alert-message will relay a 'success' message, even when nothing was
added to the system. This is because the system is relaying the upload went
without errors and not how valid each file was. The system doesn't have anything
built-in which allows the multi-faceted alert-message approach to work.

Another thing to note here is the lack of checks for the contents within a .zip
Snapshot file. Basically, there isn't any. I am unsure how many moving parts are
going to be in these Snapshots in the future and hard-coding checks for
directories and file names seems a bit premature (maybe unpredictable?). The
HTML template responsible for dealing with the front-end of the Snapshot
features clearly state it is a 'danger zone' section of the site. So, there is
an expectation (hopefully) of 'if you don't know what you're doing, then don't
touch it'. Hello, person of the future. I was really wrong with that assumption,
wasn't I?

src/web.lisp

@@ -1491,7 +1491,7 @@
 
 (defroute ("/danger/manage-files" :method :GET) ()
   (hermetic:auth
-   (:logged-in)
+   (:administrator)
    ;; Authorised
    (let ((alert (utils:get-and-reset-alert)))
      (render "/danger/manage-files.html"
@@ -1540,7 +1540,7 @@
 
 (defroute ("/danger/manage-database-entries" :method :GET) ()
   (hermetic:auth
-   (:logged-in)
+   (:administrator)
    ;; Authorised
    (let ((alert (utils:get-and-reset-alert)))
      (render "/danger/manage-db-entries.html"
@@ -1796,6 +1796,40 @@
                             "You are not authorised to delete page." "error")
 		           (redirect "/login")))))))
 
+(defroute ("/danger/upload-snapshot" :method :POST) ()
+  (destructuring-bind
+      (&key authenticity-token &allow-other-keys)
+      (utils:request-params
+       (lack.request:request-body-parameters ningle:*request*))
+     (if (not (string= authenticity-token (auth:csrf-token)))
+	 `(,+forbidden+ (:content-type "text/plain") ("Denied"))
+	 (let ((files (utils:separate-files-in-web-request
+		       (lack.request:request-body-parameters ningle:*request*)
+		       "SNAPSHOT-FILES")))
+	   (hermetic:auth
+	    (:administrator)
+	    ;; Authorised
+	    (cond ((validation:string-is-nil-or-empty? (caddr (car files)))
+		   (utils:set-alert "No Snapshots provided." "missing-data")
+		   (redirect "/danger/manage-snapshots"))
+		  (t (loop
+		       :for item :in files
+		       :do (when (and (not (storage:raw-directory-exists?
+                                            (storage:make-raw-path
+                                             (format
+                                              nil "snapshots/~a/"
+                                              (pathname-name (caddr item))))))
+                                      (string= "zip" (pathname-type (caddr item))))
+                             (snapshot:store-snapshot
+                              (utils:format-filename (caddr item)) (cdr item))))
+		     (utils:set-alert "Snapshot upload complete." "success")
+		     (redirect "/danger/manage-snapshots")))
+	    ;; Not Authorised
+	    (progn
+	      (utils:set-alert "You are not authorised to view this page."
+			       "error")
+	      (redirect "/login")))))))
+
 ;;
 ;; Error pages