From cb51a8360594babbc41035ffdde6babd04fa9cb4 Mon Sep 17 00:00:00 2001
From: Craig Oates <craig@craigoates.net>
Date: Sat, 17 Sep 2022 15:04:00 +0100
Subject: [PATCH] implement /page/delete defroute and update redirects to
 /user/pages.

---
 src/web.lisp | 32 +++++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/src/web.lisp b/src/web.lisp
index b43b066..2b8963b 100644
--- a/src/web.lisp
+++ b/src/web.lisp
@@ -447,7 +447,7 @@
 	      ;; Authorised
 	      (cond ((utils:string-is-nil-or-empty? title)
 		     (utils:set-alert "Cannot find file. Unable to save page.")
-		     (redirect "/pages"))
+		     (redirect "/user/pages"))
 		     
 		    (t (storage:store-text
 			"" ; `USERNAME' blank because it's not used/needed.
@@ -455,7 +455,7 @@
 		        (utils:slugify title)
 			page-content)
 		       (utils:set-alert "Page updated.")
-		       (redirect "/pages")))
+		       (redirect "/user/pages")))
 	      ;; Not Authorised
 	      (progn (utils:set-alert "You are not logged in.")
 		     (redirect "/login")))))))
@@ -471,7 +471,7 @@
 	      ;; Authorised
 	      (cond ((utils:string-is-nil-or-empty? title)
 		     (utils:set-alert "Cannot find file. Unable to save changes.")
-		     (redirect "/pages"))
+		     (redirect "/user/pages"))
 
 		    ((utils:string-is-nil-or-empty? new-title)
 		     (utils:set-alert "No title provided. Unable to save changes.")
@@ -487,6 +487,32 @@
 	      (progn (utils:set-alert "You are not logged in.")
 		     (redirect "/login")))))))
 
+(defroute ("/page/delete" :method :POST) ()
+  (destructuring-bind
+      (&key title authenticity-token &allow-other-keys)
+      (utils:request-params (lack.request:request-body-parameters ningle:*request*))
+    (cond ((not (string= authenticity-token (auth:csrf-token)))
+	   `(,+forbidden+ (:content-type "text/plain") ("Denied")))
+	  (t (hermetic:auth
+	      (:administrator)
+	      ;; Authorised
+	      (cond ((utils:string-is-nil-or-empty? title)
+		     (utils:set-alert "No file name provided. Nothing deleted.")
+		     (redirect "/user/pages"))
+
+		    ((null (storage:file-exists-p "" "pages" title))
+		     (utils:set-alert "Unable to find page. Nothing deleted.")
+		     (redirect "/user/pages"))
+		     
+		    (t (storage:remove-file
+			"" ; `USERNAME' blank because it's not used/needed.
+			"pages" title)
+		       (utils:set-alert "Page deleted.")
+		       (redirect "/user/pages")))
+	      ;; Not Authorised
+	      (progn (utils:set-alert "You are not authorised to delete page.")
+		     (redirect "/login")))))))
+
 ;;
 ;; Error pages