manage_uploads deletes files now

2018-05-17 12:46:36 -04:00 · 2018-05-17 12:46:36 -04:00 · 62c444f703
commit 62c444f703
parent 90f7bf75ed
3 changed files with 65 additions and 34 deletions
--- a/fileHost.py
+++ b/fileHost.py
@ -3,11 +3,11 @@
 Simple file host using Flask.
 """
 import os
 import time
 import string
 import secrets
 import sqlite3
 import threading
 from datetime import datetime
 from passlib.hash import argon2
 from flask import Flask, session, request, abort, redirect, url_for, g, \
@ -147,27 +147,41 @@ def verify_username(username):
 		return False
-@app.route("/delete_file", methods=["POST"])
+def delete_file(filename):
 def delete_file():
 	"""
-	Allows an admin to delete a file from the upload directory and the database.
+	Deletes a file from the upload directory and from the database.
 	"""
 	username = request.form.get("user")
 	password = request.form.get("pass")
 	filename = request.form.get("fname")
 	if not verify_password(username, password):
 		abort(401)
 	if not g.admin:
 		abort(401)
 	try:
 		os.remove(os.path.join(app.config.get("UPLOAD_DIR"), filename))
-		db.execute("DELETE FROM uploads WHERE filename = ?", (filename,))
+		db_execute("DELETE FROM uploads WHERE filename = ?", (filename,))
 		con.commit()
 	except FileNotFoundError:
-		return "Error: File not found."
+		return False
 	return True
@app.route("/delete_file", methods=["POST"])
 def deleteFile():
 	"""
 	Allows a user to delete a file from the upload directory and the database.
 	"""
 	username = session.get("username")
 	filename = request.form.get("fname")
 	if not verify_username(username):
 		abort(401)
 	if not g.admin:
 		uploader = db_execute(
 			"SELECT uploaded_by FROM uploads WHERE filename=?",
 			(filename,)).fetchone()[0]
 		if uploader != username:
 			abort(401)
 	res = delete_file(filename)
 	if res:
 		return "Success"
 	else:
 		return "Error: File not found."
@app.route("/add_user", methods=["POST"])
@ -258,18 +272,29 @@ def manage_uploads():
 	if not verify_username(username):
 		abort(401)
 	if request.method == "GET":
 		uploads = db_execute(
 			"SELECT filename, uploaded_date FROM uploads WHERE uploaded_by = ?",
 			(username,)).fetchall()
 		new_uploads = []
 		for file, date in uploads:
-		file = app.config.get("UPLOAD_URL") + file
+			date = datetime.fromtimestamp(date).strftime("%Y-%m-%d %H:%M")
 		date = time.strftime("%Y-%m-%d %H:%M", date)
 			new_uploads.append((file, date))
-	if request.method == "GET":
+		return render_template("manage_uploads.html", uploads=new_uploads,
-		return render_template("manage_uploads.html", uploads=new_uploads)
+			upload_dir=app.config.get("UPLOAD_URL"))
 	deletes = [fname for fname,_ in request.form.items()]
 	deletes.remove("submit")
 	for filename in deletes:
 		uploader = db_execute(
 			"SELECT uploaded_by FROM uploads WHERE filename=?",
 			(filename,)).fetchone()[0]
 		if uploader != username:
 			abort(401)
 		delete_file(filename)
 	return redirect(url_for("manage_uploads"))
@app.route("/", methods=["POST", "GET"])
--- a/templates/index.html
+++ b/templates/index.html
@ -5,11 +5,12 @@
 </head>
 <body>
 <form method="post" enctype="multipart/form-data" action="{{ url_for('index') }}">
-    Hello, {{ session.username }}<br/>
+    Hello, {{ session.username }}<br />
-    <a href="{{ url_for('change_password') }}">Change password</a><br/>
+    <a href="{{ url_for('change_password') }}">Change password</a><br />
-    <a href="{{ url_for('logout') }}">Logout</a><br/>
+    <a href="{{ url_for('logout') }}">Logout</a><br />
    <a href="{{ url_for('manage_uploads') }}">Manage Uploads</a><br />
 	<p>Select file to upload:
-    <p><input type="file" name="file" required/><br/>
+    <p><input type="file" name="file" required/><br />
    <input type="checkbox" name="randname"> Generate random filename.
    <p><input type="submit" value="Upload File" name="submit"/>
 </form>
--- a/templates/manage_uploads.html
+++ b/templates/manage_uploads.html
@ -4,17 +4,22 @@
 	<title>Manage your uploads</title>
 </head>
 <body>
 <form method="post" enctype="multipart/form-data" action="{{ url_for('manage_uploads') }}">
 <table>
 	<tr>
 		<th>File</th>
 		<th>Date Uploaded</th>
 		<th>Delete</th>
 	</tr>
 	{% for file, date in uploads %}
 	<tr>
-		<td>{{ upload_url + file }}</td>
+		<td><a href="{{ upload_dir + file }}">{{ file }}</a></td>
-		<td>{{ date|string }}</td>
+		<td>{{ date }}</td>
 		<td><input type="checkbox" name="{{ file }}"/></td>
 	</tr>
 	{% endfor %}
 </table>
 <input type="submit" value="Delete this" name="submit"/>
 </form>
 </body>
 </html>