implement /page/delete defroute and update redirects to /user/pages.

2 years ago · cb51a83605
1 changed files with 29 additions and 3 deletions
--- a/src/web.lisp
+++ b/src/web.lisp
@ -447,7 +447,7 @@
 	      ;; Authorised
 	      (cond ((utils:string-is-nil-or-empty? title)
 		     (utils:set-alert "Cannot find file. Unable to save page.")
-		     (redirect "/pages"))
+		     (redirect "/user/pages"))
 		     
 		    (t (storage:store-text
 			"" ; `USERNAME' blank because it's not used/needed.
@ -455,7 +455,7 @@
 		        (utils:slugify title)
 			page-content)
 		       (utils:set-alert "Page updated.")
-		       (redirect "/pages")))
+		       (redirect "/user/pages")))
 	      ;; Not Authorised
 	      (progn (utils:set-alert "You are not logged in.")
 		     (redirect "/login")))))))
@ -471,7 +471,7 @@
 	      ;; Authorised
 	      (cond ((utils:string-is-nil-or-empty? title)
 		     (utils:set-alert "Cannot find file. Unable to save changes.")
-		     (redirect "/pages"))
+		     (redirect "/user/pages"))

 		    ((utils:string-is-nil-or-empty? new-title)
 		     (utils:set-alert "No title provided. Unable to save changes.")
@ -487,6 +487,32 @@
 	      (progn (utils:set-alert "You are not logged in.")
 		     (redirect "/login")))))))

+(defroute ("/page/delete" :method :POST) ()
+  (destructuring-bind
+      (&key title authenticity-token &allow-other-keys)
+      (utils:request-params (lack.request:request-body-parameters ningle:*request*))
+    (cond ((not (string= authenticity-token (auth:csrf-token)))
+	   `(,+forbidden+ (:content-type "text/plain") ("Denied")))
+	  (t (hermetic:auth
+	      (:administrator)
+	      ;; Authorised
+	      (cond ((utils:string-is-nil-or-empty? title)
+		     (utils:set-alert "No file name provided. Nothing deleted.")
+		     (redirect "/user/pages"))
+
+		    ((null (storage:file-exists-p "" "pages" title))
+		     (utils:set-alert "Unable to find page. Nothing deleted.")
+		     (redirect "/user/pages"))
+		     
+		    (t (storage:remove-file
+			"" ; `USERNAME' blank because it's not used/needed.
+			"pages" title)
+		       (utils:set-alert "Page deleted.")
+		       (redirect "/user/pages")))
+	      ;; Not Authorised
+	      (progn (utils:set-alert "You are not authorised to delete page.")
+		     (redirect "/login")))))))
+
 ;;
 ;; Error pages