|
|
|
@ -1485,6 +1485,55 @@
|
|
|
|
|
(format nil "~a" |
|
|
|
|
(mito.dao.mixin:object-updated-at item)))))))))) |
|
|
|
|
|
|
|
|
|
(defroute ("/danger/manage-files" :method :GET) () |
|
|
|
|
(hermetic:auth |
|
|
|
|
(:logged-in) |
|
|
|
|
;; Authorised |
|
|
|
|
(let ((alert (utils:get-and-reset-alert))) |
|
|
|
|
(render "/danger/manage-files.html" |
|
|
|
|
(append (auth:auth-user-data) |
|
|
|
|
`(:alert ,alert |
|
|
|
|
:system-data ,(nera:system-data) |
|
|
|
|
:archive-files |
|
|
|
|
,(storage:get-file-names |
|
|
|
|
(storage:get-files-in-directory "" "archive")) |
|
|
|
|
:media-files |
|
|
|
|
,(storage:get-file-names |
|
|
|
|
(storage:get-files-in-directory "" "media")) |
|
|
|
|
:pages-files |
|
|
|
|
,(storage:get-file-names |
|
|
|
|
(storage:get-files-in-directory "" "pages")))))) |
|
|
|
|
;; Not Authorised |
|
|
|
|
(progn |
|
|
|
|
(utils:set-alert "You are not authorised to view this page." "error") |
|
|
|
|
(redirect "/login")))) |
|
|
|
|
|
|
|
|
|
(defroute ("/danger/delete-file" :method :POST) () |
|
|
|
|
(destructuring-bind |
|
|
|
|
(&key filename directory authenticity-token &allow-other-keys) |
|
|
|
|
(utils:request-params (lack.request:request-body-parameters ningle:*request*)) |
|
|
|
|
(cond ((not (string= authenticity-token (auth:csrf-token))) |
|
|
|
|
`(,+forbidden+ (:content-type "text/plain") ("Denied"))) |
|
|
|
|
(t (hermetic:auth |
|
|
|
|
(:administrator) |
|
|
|
|
;; Authorised |
|
|
|
|
(cond ((find t (mapcar #'utils:string-is-nil-or-empty? |
|
|
|
|
`(,filename ,directory))) |
|
|
|
|
(utils:set-alert |
|
|
|
|
"File name or directory not provided." "missing-data") |
|
|
|
|
(redirect "/danger/manage-files")) |
|
|
|
|
((not (storage:file-exists-p "" directory filename)) |
|
|
|
|
(utils:set-alert "File cannot be found." "invalid-data") |
|
|
|
|
(redirect "/danger/manage-files")) |
|
|
|
|
(t (storage:file-exists-p "" directory filename) |
|
|
|
|
(storage:remove-file "" directory filename) |
|
|
|
|
(utils:set-alert "File deleted." "success") |
|
|
|
|
(redirect "/danger/manage-files"))) |
|
|
|
|
;; Not Authorised |
|
|
|
|
(progn (utils:set-alert |
|
|
|
|
"You are not authorised to delete page." "error") |
|
|
|
|
(redirect "/login"))))))) |
|
|
|
|
|
|
|
|
|
(defroute ("/danger/repopulate-search-db" :method :POST) () |
|
|
|
|
(destructuring-bind |
|
|
|
|
(&key authenticity-token &allow-other-keys) |
|
|
|
@ -1515,7 +1564,7 @@
|
|
|
|
|
(:administrator) |
|
|
|
|
;; Authorised |
|
|
|
|
(progn |
|
|
|
|
;; The 'when' checks are just a pre-caution. These directories |
|
|
|
|
;; The 'when' checks are just a precaution. These directories |
|
|
|
|
;; were created during the site's first-run/initial set-up. If |
|
|
|
|
;; they are missing, though, whilst this function is executing, |
|
|
|
|
;; an error is thrown -- hence the check. |
|
|
|
|