instiki/app/controllers/admin_controller.rb
Jacques Distler 3bef45277f Small Refactoring
Streamline check that non-idempotent actions are submitted via POST.
2008-12-14 23:29:40 -06:00

133 lines
4.6 KiB
Ruby

class AdminController < ApplicationController
layout 'default'
cache_sweeper :web_sweeper
def create_system
if @wiki.setup?
flash[:error] =
"Wiki has already been created in '#{@wiki.storage_path}'. " +
"Shut down Instiki and delete this directory if you want to recreate it from scratch." +
"\n\n" +
"(WARNING: this will destroy content of your current wiki)."
redirect_home(@wiki.webs.keys.first)
elsif params['web_name']
# form submitted -> create a wiki
@wiki.setup(params['password'], params['web_name'], params['web_address'])
flash[:info] = "Your new wiki '#{params['web_name']}' is created!\n" +
"Please edit its home page and press Submit when finished."
redirect_to :web => params['web_address'], :controller => 'wiki', :action => 'new',
:id => 'HomePage'
else
# no form submitted -> go to template
end
end
def create_web
if params['address']
return unless is_post
# form submitted
if @wiki.authenticate(params['system_password'])
begin
@wiki.create_web(params['name'], params['address'])
flash[:info] = "New web '#{params['name']}' successfully created."
redirect_to :web => params['address'], :controller => 'wiki', :action => 'new',
:id => 'HomePage'
rescue Instiki::ValidationError => e
@error = e.message
# and re-render the form again
end
else
redirect_to :controller => 'wiki', :action => 'index'
end
else
# no form submitted -> render template
end
end
def edit_web
system_password = params['system_password']
if system_password
return unless is_post
# form submitted
if wiki.authenticate(system_password)
begin
wiki.edit_web(
@web.address, params['address'], params['name'],
params['markup'].intern,
params['color'], params['additional_style'],
params['safe_mode'] ? true : false,
params['password'].empty? ? nil : params['password'],
params['published'] ? true : false,
params['brackets_only'] ? true : false,
params['count_pages'] ? true : false,
params['allow_uploads'] ? true : false,
params['max_upload_size']
)
flash[:info] = "Web '#{params['address']}' was successfully updated"
redirect_home(params['address'])
rescue Instiki::ValidationError => e
logger.warn e.message
@error = e.message
# and re-render the same template again
end
else
@error = password_error(system_password)
# and re-render the same template again
end
else
# no form submitted - go to template
end
end
def remove_orphaned_pages
return unless is_post
if wiki.authenticate(params['system_password_orphaned'])
wiki.remove_orphaned_pages(@web_name)
flash[:info] = 'Orphaned pages removed'
redirect_to :controller => 'wiki', :web => @web_name, :action => 'list'
else
flash[:error] = password_error(params['system_password_orphaned'])
redirect_to :controller => 'admin', :web => @web_name, :action => 'edit_web'
end
end
def remove_orphaned_pages_in_category
return unless is_post
if wiki.authenticate(params['system_password_orphaned_in_category'])
category = params['category']
wiki.remove_orphaned_pages_in_category(@web_name, category)
flash[:info] = "Orphaned pages in category \"#{category}\" removed"
redirect_to :controller => 'wiki', :web => @web_name, :action => 'list'
else
flash[:error] = password_error(params['system_password_orphaned_in_category'])
redirect_to :controller => 'admin', :web => @web_name, :action => 'edit_web'
end
end
def delete_web
return unless is_post
if wiki.authenticate(params['system_password_delete_web'])
@web.remove_pages(@web.select_all)
wiki.delete_web(@web_name)
flash[:info] = "Web \"#{@web_name}\" has been deleted."
redirect_to :controller => 'wiki', :action => 'web_list'
else
flash[:error] = password_error(params['system_password_delete_web'])
redirect_to :controller => 'admin', :web => @web_name, :action => 'edit_web'
end
end
private
def is_post
unless (request.post? || ENV["RAILS_ENV"] == "test")
headers['Allow'] = 'POST'
render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
return false
end
return true
end
end