manage_uploads deletes files now

This commit is contained in:
iou1name 2018-05-17 12:46:36 -04:00
parent 90f7bf75ed
commit 62c444f703
3 changed files with 65 additions and 34 deletions

View File

@ -3,11 +3,11 @@
Simple file host using Flask.
"""
import os
import time
import string
import secrets
import sqlite3
import threading
from datetime import datetime
from passlib.hash import argon2
from flask import Flask, session, request, abort, redirect, url_for, g, \
@ -147,27 +147,41 @@ def verify_username(username):
return False
@app.route("/delete_file", methods=["POST"])
def delete_file():
def delete_file(filename):
"""
Allows an admin to delete a file from the upload directory and the database.
Deletes a file from the upload directory and from the database.
"""
username = request.form.get("user")
password = request.form.get("pass")
filename = request.form.get("fname")
if not verify_password(username, password):
abort(401)
if not g.admin:
abort(401)
try:
os.remove(os.path.join(app.config.get("UPLOAD_DIR"), filename))
db.execute("DELETE FROM uploads WHERE filename = ?", (filename,))
con.commit()
db_execute("DELETE FROM uploads WHERE filename = ?", (filename,))
except FileNotFoundError:
return "Error: File not found."
return False
return True
@app.route("/delete_file", methods=["POST"])
def deleteFile():
"""
Allows a user to delete a file from the upload directory and the database.
"""
username = session.get("username")
filename = request.form.get("fname")
if not verify_username(username):
abort(401)
if not g.admin:
uploader = db_execute(
"SELECT uploaded_by FROM uploads WHERE filename=?",
(filename,)).fetchone()[0]
if uploader != username:
abort(401)
res = delete_file(filename)
if res:
return "Success"
else:
return "Error: File not found."
@app.route("/add_user", methods=["POST"])
@ -258,18 +272,29 @@ def manage_uploads():
if not verify_username(username):
abort(401)
if request.method == "GET":
uploads = db_execute(
"SELECT filename, uploaded_date FROM uploads WHERE uploaded_by = ?",
(username,)).fetchall()
new_uploads = []
for file, date in uploads:
file = app.config.get("UPLOAD_URL") + file
date = time.strftime("%Y-%m-%d %H:%M", date)
date = datetime.fromtimestamp(date).strftime("%Y-%m-%d %H:%M")
new_uploads.append((file, date))
if request.method == "GET":
return render_template("manage_uploads.html", uploads=new_uploads)
return render_template("manage_uploads.html", uploads=new_uploads,
upload_dir=app.config.get("UPLOAD_URL"))
deletes = [fname for fname,_ in request.form.items()]
deletes.remove("submit")
for filename in deletes:
uploader = db_execute(
"SELECT uploaded_by FROM uploads WHERE filename=?",
(filename,)).fetchone()[0]
if uploader != username:
abort(401)
delete_file(filename)
return redirect(url_for("manage_uploads"))
@app.route("/", methods=["POST", "GET"])

View File

@ -8,6 +8,7 @@
Hello, {{ session.username }}<br />
<a href="{{ url_for('change_password') }}">Change password</a><br />
<a href="{{ url_for('logout') }}">Logout</a><br />
<a href="{{ url_for('manage_uploads') }}">Manage Uploads</a><br />
<p>Select file to upload:
<p><input type="file" name="file" required/><br />
<input type="checkbox" name="randname"> Generate random filename.

View File

@ -4,17 +4,22 @@
<title>Manage your uploads</title>
</head>
<body>
<form method="post" enctype="multipart/form-data" action="{{ url_for('manage_uploads') }}">
<table>
<tr>
<th>File</th>
<th>Date Uploaded</th>
<th>Delete</th>
</tr>
{% for file, date in uploads %}
<tr>
<td>{{ upload_url + file }}</td>
<td>{{ date|string }}</td>
<td><a href="{{ upload_dir + file }}">{{ file }}</a></td>
<td>{{ date }}</td>
<td><input type="checkbox" name="{{ file }}"/></td>
</tr>
{% endfor %}
</table>
<input type="submit" value="Delete this" name="submit"/>
</form>
</body>
</html>