diff --git a/src/web.lisp b/src/web.lisp index f34938c..d477c44 100644 --- a/src/web.lisp +++ b/src/web.lisp @@ -1491,7 +1491,7 @@ (defroute ("/danger/manage-files" :method :GET) () (hermetic:auth - (:logged-in) + (:administrator) ;; Authorised (let ((alert (utils:get-and-reset-alert))) (render "/danger/manage-files.html" @@ -1540,7 +1540,7 @@ (defroute ("/danger/manage-database-entries" :method :GET) () (hermetic:auth - (:logged-in) + (:administrator) ;; Authorised (let ((alert (utils:get-and-reset-alert))) (render "/danger/manage-db-entries.html" @@ -1796,6 +1796,40 @@ "You are not authorised to delete page." "error") (redirect "/login"))))))) +(defroute ("/danger/upload-snapshot" :method :POST) () + (destructuring-bind + (&key authenticity-token &allow-other-keys) + (utils:request-params + (lack.request:request-body-parameters ningle:*request*)) + (if (not (string= authenticity-token (auth:csrf-token))) + `(,+forbidden+ (:content-type "text/plain") ("Denied")) + (let ((files (utils:separate-files-in-web-request + (lack.request:request-body-parameters ningle:*request*) + "SNAPSHOT-FILES"))) + (hermetic:auth + (:administrator) + ;; Authorised + (cond ((validation:string-is-nil-or-empty? (caddr (car files))) + (utils:set-alert "No Snapshots provided." "missing-data") + (redirect "/danger/manage-snapshots")) + (t (loop + :for item :in files + :do (when (and (not (storage:raw-directory-exists? + (storage:make-raw-path + (format + nil "snapshots/~a/" + (pathname-name (caddr item)))))) + (string= "zip" (pathname-type (caddr item)))) + (snapshot:store-snapshot + (utils:format-filename (caddr item)) (cdr item)))) + (utils:set-alert "Snapshot upload complete." "success") + (redirect "/danger/manage-snapshots"))) + ;; Not Authorised + (progn + (utils:set-alert "You are not authorised to view this page." + "error") + (redirect "/login"))))))) + ;; ;; Error pages