diff --git a/app.py b/app.py index abf0e80..aadc83e 100644 --- a/app.py +++ b/app.py @@ -210,6 +210,13 @@ class Page(BaseModel): return PagePropertyDict(self) def is_editable(self): return not self.is_locked + + def can_edit(self, user): + if self.is_locked: + return user.id == self.owner.id + return True + def is_owned_by(self, user): + return user.id == self.owner.id class PageText(BaseModel): @@ -508,12 +515,16 @@ def error_404(body): def error_403(body): return render_template('forbidden.html'), 403 -@app.errorhandler(500) +@app.errorhandler(400) def error_400(body): return render_template('badrequest.html'), 400 +@app.errorhandler(500) +def error_500(body): + return render_template('internalservererror.html'), 500 + # Middle point during page editing. -def savepoint(form, is_preview=False, pageid=None): +def savepoint(form, is_preview=False, pageobj=None): if is_preview: preview = md(form['text'], math='enablemath' in form) else: @@ -522,7 +533,7 @@ def savepoint(form, is_preview=False, pageid=None): pl_js_info['editing'] = dict( original_text = None, # TODO preview_text = form['text'], - page_id = pageid + page_id = pageobj.id if pageobj else None ) return render_template( 'edit.html', @@ -531,11 +542,15 @@ def savepoint(form, is_preview=False, pageid=None): pl_text=form['text'], pl_tags=form['tags'], pl_enablemath='enablemath' in form, + pl_is_locked='lockpage' in form, + pl_owner_is_current_user=pageobj.is_owned_by(current_user) if pageobj else True, preview=preview, - pl_js_info=pl_js_info + pl_js_info=pl_js_info, + pl_readonly=not pageobj.can_edit(current_user) if pageobj else False ) @app.route('/create/', methods=['GET', 'POST']) +@login_required def create(): if request.method == 'POST': if request.form.get('preview'): @@ -559,7 +574,9 @@ def create(): title=request.form['title'], is_redirect=False, touched=datetime.datetime.now(), - is_math_enabled='enablemath' in request.form + owner=current_user, + is_math_enabled='enablemath' in request.form, + is_locked = 'lockpage' in request.form ) p.change_tags(p_tags) except IntegrityError as e: @@ -567,7 +584,7 @@ def create(): return savepoint(request.form) pr = PageRevision.create( page=p, - user_id=0, + user_id=p.owner.id, comment='', textref=PageText.create_content(request.form['text']), pub_date=datetime.datetime.now(), @@ -575,37 +592,49 @@ def create(): ) PageLink.parse_links(p, request.form['text']) return redirect(p.get_url()) - return render_template('edit.html', pl_url=request.args.get('url')) + return savepoint({ + "url": request.args.get("url"), + "title": "", + "text": "", + "tags": "" + }) @app.route('/edit//', methods=['GET', 'POST']) +@login_required def edit(id): p = Page[id] if request.method == 'POST': + # check if page is locked first! + if not p.can_edit(current_user): + flash('You are trying to edit a locked page!') + abort(403) + if request.form.get('preview'): - return savepoint(request.form, is_preview=True, pageid=id) + return savepoint(request.form, is_preview=True, pageobj=p) p_url = request.form['url'] or None if p_url: if not is_valid_url(p_url): flash('Invalid URL. Valid URLs contain only letters, numbers and hyphens.') - return savepoint(request.form, pageid=id) + return savepoint(request.form, pageobj=p) elif not is_url_available(p_url) and p_url != p.url: flash('This URL is not available.') - return savepoint(request.form, pageid=id) + return savepoint(request.form, pageobj=p) p_tags = [x.strip().lower().replace(' ', '-').replace('_', '-').lstrip('#') for x in request.form.get('tags', '').split(',')] p_tags = [x for x in p_tags if x] if any(not re.fullmatch(SLUG_RE, x) for x in p_tags): flash('Invalid tags text. Tags contain only letters, numbers and hyphens, and are separated by comma.') - return savepoint(request.form, pageid=id) + return savepoint(request.form, pageobj=p) p.url = p_url p.title = request.form['title'] p.touched = datetime.datetime.now() p.is_math_enabled = 'enablemath' in request.form + p.is_locked = 'lockpage' in request.form p.save() p.change_tags(p_tags) pr = PageRevision.create( page=p, - user_id=0, + user_id=current_user.id, comment='', textref=PageText.create_content(request.form['text']), pub_date=datetime.datetime.now(), @@ -613,22 +642,19 @@ def edit(id): ) PageLink.parse_links(p, request.form['text']) return redirect(p.get_url()) - pl_js_info = dict() - pl_js_info['editing'] = dict( - original_text = None, # TODO - preview_text = None, - page_id = id - ) - return render_template( - 'edit.html', - pl_url=p.url, - pl_title=p.title, - pl_text=p.latest.text, - pl_tags=','.join(x.name for x in p.tags), - pl_js_info=pl_js_info, - pl_enablemath = p.is_math_enabled - ) + form = { + "url": p.url, + "title": p.title, + "text": p.latest.text, + "tags": ','.join(x.name for x in p.tags) + } + if p.is_math_enabled: + form["enablemath"] = "1" + if p.is_locked: + form["lockpage"] = "1" + + return savepoint(form, pageobj=p) @app.route("/__sync_start") def __sync_start(): @@ -805,6 +831,8 @@ def theme_switch(): @app.route('/accounts/login/', methods=['GET','POST']) def accounts_login(): + if current_user.is_authenticated: + return redirect(request.args.get('next', '/')) if request.method == 'POST': try: username = request.form['username'] @@ -826,8 +854,6 @@ def accounts_login(): @app.route('/accounts/register/', methods=['GET','POST']) def accounts_register(): - if current_user.is_authenticated: - return redirect(request.args.get('next', '/')) if request.method == 'POST': username = request.form['username'] password = request.form['password'] @@ -980,7 +1006,7 @@ class Importer(object): rev = PageRevision.create( page = p, - user = self.owner.id, + user_id = self.owner.id, textref = textref, comment = revobj.get('comment'), pub_date = datetime.datetime.fromtimestamp(revobj['timestamp']), diff --git a/i18n/salvi.en.json b/i18n/salvi.en.json index c33dab1..2640b81 100644 --- a/i18n/salvi.en.json +++ b/i18n/salvi.en.json @@ -54,6 +54,7 @@ "privacy-policy": "Privacy Policy", "already-have-account": "Already have an account?", "logged-in-as": "Logged in as", - "not-logged-in": "Not logged in" + "not-logged-in": "Not logged in", + "owner": "Owner" } } \ No newline at end of file diff --git a/i18n/salvi.it.json b/i18n/salvi.it.json index a7b061a..6f7614e 100644 --- a/i18n/salvi.it.json +++ b/i18n/salvi.it.json @@ -45,6 +45,7 @@ "notes-count-with-url": "Numero di note con URL impostato", "revision-count": "Numero di revisioni", "revision-count-per-page": "Media di revisioni per pagina", - "remember-me-for": "Ricordami per" + "remember-me-for": "Ricordami per", + "owner": "Proprietario" } } \ No newline at end of file diff --git a/templates/base.html b/templates/base.html index 05b2850..6192923 100644 --- a/templates/base.html +++ b/templates/base.html @@ -45,7 +45,13 @@
© 2020–2023 Sakuragasaki46.
-
{% if current_user %}{{ T('logged-in-as') }}: {{ current_user.username }}{% else %}{{ T('not-logged-in') }}{% endif %}
+
+ {% if current_user.is_authenticated %} + {{ T('logged-in-as') }}: {{ current_user.username }} + {% else %} + {{ T('not-logged-in') }}. {{ T("login") }} + {% endif %} +
{% block actions %}{% endblock %}
{{app_name}} version {{app_version}}
diff --git a/templates/edit.html b/templates/edit.html index 8440b28..0439228 100644 --- a/templates/edit.html +++ b/templates/edit.html @@ -11,7 +11,7 @@ {% endblock %} -{% block json_info %}{% endblock %} +{% block json_info %}{% endblock %} {% block content %} @@ -35,25 +35,32 @@
- +
- +
+ {% if not pl_readonly %}

This editor is using Markdown for text formatting (e.g. bold, italic, headers and tables). More info on Markdown.

- {% if math_version %} + {% if math_version and pl_enablemath %}

Math with KaTeX is enabled. KaTeX guide

{% endif %}
- + {% else %} +
+

This page was locked by the owner, and is therefore not editable. You can still copy the source text.

+
+ {% endif %} +
+ {% if not pl_readonly %}
@@ -63,6 +70,13 @@
+ {% if pl_owner_is_current_user %} +
+ + +
+ {% endif %} + {% endif %} {% endblock %} diff --git a/templates/history.html b/templates/history.html index 9eb6552..1ef859c 100644 --- a/templates/history.html +++ b/templates/history.html @@ -16,6 +16,8 @@ #{{ rev.id }} · {{ rev.pub_date.strftime("%B %-d, %Y %H:%M:%S") }} + by + {{ rev.user.username }} {% endfor %} diff --git a/templates/internalservererror.html b/templates/internalservererror.html new file mode 100644 index 0000000..53ae91f --- /dev/null +++ b/templates/internalservererror.html @@ -0,0 +1,9 @@ +{% extends "base.html" %} + +{% block title %}Internal Server Error - {{ app_name }}{% endblock %} + +{% block content %} +

Internal Server Error

+ +

We’re sorry, an unexpected error occurred. Try refreshing the page.

+{% endblock %} diff --git a/templates/register.html b/templates/register.html index 4e34b07..cf6012f 100644 --- a/templates/register.html +++ b/templates/register.html @@ -17,18 +17,18 @@
- +
- +
- +
diff --git a/templates/view.html b/templates/view.html index 262c161..696ebc1 100644 --- a/templates/view.html +++ b/templates/view.html @@ -38,7 +38,8 @@ {{ T('action-history') }} - Backlinks - {{ T('last-changed') }} - -{{ T('page-id') }}: {{ p.id }} +{{ T('page-id') }}: {{ p.id }} - +{{ T('owner') }}: {{ p.owner.username }} {% endblock %} {% block scripts %}