manage_uploads deletes files now

2018-05-17 12:46:36 -04:00 · 2018-05-17 12:46:36 -04:00 · 62c444f703
commit 62c444f703
parent 90f7bf75ed
3 changed files with 65 additions and 34 deletions
--- a/fileHost.py
+++ b/fileHost.py
@ -3,11 +3,11 @@
 Simple file host using Flask.
 """
 import os
-import time
 import string
 import secrets
 import sqlite3
 import threading
+from datetime import datetime

 from passlib.hash import argon2
 from flask import Flask, session, request, abort, redirect, url_for, g, \
@ -147,27 +147,41 @@ def verify_username(username):
 		return False


-@app.route("/delete_file", methods=["POST"])
-def delete_file():
+def delete_file(filename):
 	"""
-	Allows an admin to delete a file from the upload directory and the database.
+	Deletes a file from the upload directory and from the database.
 	"""
-	username = request.form.get("user")
-	password = request.form.get("pass")
-	filename = request.form.get("fname")
-
-	if not verify_password(username, password):
-		abort(401)
-	if not g.admin:
-		abort(401)
-
 	try:
 		os.remove(os.path.join(app.config.get("UPLOAD_DIR"), filename))
-		db.execute("DELETE FROM uploads WHERE filename = ?", (filename,))
-		con.commit()
+		db_execute("DELETE FROM uploads WHERE filename = ?", (filename,))
 	except FileNotFoundError:
+		return False
+	return True
+
+
+
+@app.route("/delete_file", methods=["POST"])
+def deleteFile():
+	"""
+	Allows a user to delete a file from the upload directory and the database.
+	"""
+	username = session.get("username")
+	filename = request.form.get("fname")
+
+	if not verify_username(username):
+		abort(401)
+	if not g.admin:
+		uploader = db_execute(
+			"SELECT uploaded_by FROM uploads WHERE filename=?",
+			(filename,)).fetchone()[0]
+		if uploader != username:
+			abort(401)
+
+	res = delete_file(filename)
+	if res:
+		return "Success"
+	else:
 		return "Error: File not found."
-	return "Success"


@app.route("/add_user", methods=["POST"])
@ -258,18 +272,29 @@ def manage_uploads():
 	if not verify_username(username):
 		abort(401)

-	uploads = db_execute(
-		"SELECT filename, uploaded_date FROM uploads WHERE uploaded_by = ?",
-		(username,)).fetchall()
-
-	new_uploads = []
-	for file, date in uploads:
-		file = app.config.get("UPLOAD_URL") + file
-		date = time.strftime("%Y-%m-%d %H:%M", date)
-		new_uploads.append((file, date))
-
 	if request.method == "GET":
-		return render_template("manage_uploads.html", uploads=new_uploads)
+		uploads = db_execute(
+			"SELECT filename, uploaded_date FROM uploads WHERE uploaded_by = ?",
+			(username,)).fetchall()
+
+		new_uploads = []
+		for file, date in uploads:
+			date = datetime.fromtimestamp(date).strftime("%Y-%m-%d %H:%M")
+			new_uploads.append((file, date))
+
+		return render_template("manage_uploads.html", uploads=new_uploads,
+			upload_dir=app.config.get("UPLOAD_URL"))
+
+	deletes = [fname for fname,_ in request.form.items()]
+	deletes.remove("submit")
+	for filename in deletes:
+		uploader = db_execute(
+			"SELECT uploaded_by FROM uploads WHERE filename=?",
+			(filename,)).fetchone()[0]
+		if uploader != username:
+			abort(401)
+		delete_file(filename)
+	return redirect(url_for("manage_uploads"))


@app.route("/", methods=["POST", "GET"])
--- a/templates/index.html
+++ b/templates/index.html
@ -5,11 +5,12 @@
 </head>
 <body>
 <form method="post" enctype="multipart/form-data" action="{{ url_for('index') }}">
-    Hello, {{ session.username }}<br/>
-    <a href="{{ url_for('change_password') }}">Change password</a><br/>
-    <a href="{{ url_for('logout') }}">Logout</a><br/>
-    <p>Select file to upload:
-    <p><input type="file" name="file" required/><br/>
+    Hello, {{ session.username }}<br />
+    <a href="{{ url_for('change_password') }}">Change password</a><br />
+    <a href="{{ url_for('logout') }}">Logout</a><br />
+    <a href="{{ url_for('manage_uploads') }}">Manage Uploads</a><br />
+	<p>Select file to upload:
+    <p><input type="file" name="file" required/><br />
    <input type="checkbox" name="randname"> Generate random filename.
    <p><input type="submit" value="Upload File" name="submit"/>
 </form>
--- a/templates/manage_uploads.html
+++ b/templates/manage_uploads.html
@ -4,17 +4,22 @@
 	<title>Manage your uploads</title>
 </head>
 <body>
+<form method="post" enctype="multipart/form-data" action="{{ url_for('manage_uploads') }}">
 <table>
 	<tr>
 		<th>File</th>
 		<th>Date Uploaded</th>
+		<th>Delete</th>
 	</tr>
 	{% for file, date in uploads %}
 	<tr>
-		<td>{{ upload_url + file }}</td>
-		<td>{{ date|string }}</td>
+		<td><a href="{{ upload_dir + file }}">{{ file }}</a></td>
+		<td>{{ date }}</td>
+		<td><input type="checkbox" name="{{ file }}"/></td>
 	</tr>
 	{% endfor %}
 </table>
+<input type="submit" value="Delete this" name="submit"/>
+</form>
 </body>
 </html>