2b8cf0414aa9198624c2f91e238a6fbf3c446d44
[ikiwiki.git] / IkiWiki / Plugin / remove.pm
1 #!/usr/bin/perl
2 package IkiWiki::Plugin::remove;
3
4 use warnings;
5 use strict;
6 use IkiWiki 3.00;
7
8 sub import {
9         hook(type => "getsetup", id => "remove", call => \&getsetup);
10         hook(type => "formbuilder_setup", id => "remove", call => \&formbuilder_setup);
11         hook(type => "formbuilder", id => "remove", call => \&formbuilder);
12         hook(type => "sessioncgi", id => "remove", call => \&sessioncgi);
13
14 }
15
16 sub getsetup () {
17         return 
18                 plugin => {
19                         safe => 1,
20                         rebuild => 0,
21                 },
22 }
23
24 sub check_canremove ($$$) {
25         my $page=shift;
26         my $q=shift;
27         my $session=shift;
28
29         # Must be a known source file.
30         if (! exists $pagesources{$page}) {
31                 error(sprintf(gettext("%s does not exist"),
32                         htmllink("", "", $page, noimageinline => 1)));
33         }
34
35         # Must exist on disk, and be a regular file.
36         my $file=$pagesources{$page};
37         if (! -e "$config{srcdir}/$file") {
38                 error(sprintf(gettext("%s is not in the srcdir, so it cannot be deleted"), $file));
39         }
40         elsif (-l "$config{srcdir}/$file" && ! -f _) {
41                 error(sprintf(gettext("%s is not a file"), $file));
42         }
43         
44         # Must be editable.
45         IkiWiki::check_canedit($page, $q, $session);
46
47         # If a user can't upload an attachment, don't let them delete it.
48         # This is sorta overkill, but better safe than sorry.
49         if (! defined pagetype($pagesources{$page})) {
50                 if (IkiWiki::Plugin::attachment->can("check_canattach")) {
51                         IkiWiki::Plugin::attachment::check_canattach($session, $page, $file);
52                 }
53                 else {
54                         error("renaming of attachments is not allowed");
55                 }
56         }
57
58         my $canremove;
59         IkiWiki::run_hooks(canremove => sub {
60                 return if defined $canremove;
61                 my $ret=shift->(page => $page, cgi => $q, session => $session);
62                 if (defined $ret) {
63                         if ($ret eq "") {
64                                 $canremove=1;
65                         }
66                         elsif (ref $ret eq 'CODE') {
67                                 $ret->();
68                                 $canremove=0;
69                         }
70                         elsif (defined $ret) {
71                                 error($ret);
72                                 $canremove=0;
73                         }
74                 }
75         });
76 }
77
78 sub formbuilder_setup (@) {
79         my %params=@_;
80         my $form=$params{form};
81         my $q=$params{cgi};
82
83         if (defined $form->field("do") && ($form->field("do") eq "edit" ||
84             $form->field("do") eq "create")) {
85                 # Removal button for the page, and also for attachments.
86                 push @{$params{buttons}}, "Remove" if $form->field("do") eq "edit";
87                 $form->tmpl_param("field-remove" => '<input name="_submit" type="submit" value="Remove Attachments" />');
88         }
89 }
90
91 sub confirmation_form ($$) {
92         my $q=shift;
93         my $session=shift;
94
95         eval q{use CGI::FormBuilder};
96         error($@) if $@;
97         my $f = CGI::FormBuilder->new(
98                 name => "remove",
99                 header => 0,
100                 charset => "utf-8",
101                 method => 'POST',
102                 javascript => 0,
103                 params => $q,
104                 action => $config{cgiurl},
105                 stylesheet => IkiWiki::baseurl()."style.css",
106                 fields => [qw{do page}],
107         );
108         
109         $f->field(name => "do", type => "hidden", value => "remove", force => 1);
110
111         return $f, ["Remove", "Cancel"];
112 }
113
114 sub removal_confirm ($$@) {
115         my $q=shift;
116         my $session=shift;
117         my $attachment=shift;
118         my @pages=@_;
119
120         foreach my $page (@pages) {
121                 check_canremove($page, $q, $session);
122         }
123
124         # Save current form state to allow returning to it later
125         # without losing any edits.
126         # (But don't save what button was submitted, to avoid
127         # looping back to here.)
128         # Note: "_submit" is CGI::FormBuilder internals.
129         $q->param(-name => "_submit", -value => "");
130         $session->param(postremove => scalar $q->Vars);
131         IkiWiki::cgi_savesession($session);
132         
133         my ($f, $buttons)=confirmation_form($q, $session);
134         $f->title(sprintf(gettext("confirm removal of %s"),
135                 join(", ", map { pagetitle($_) } @pages)));
136         $f->field(name => "page", type => "hidden", value => \@pages, force => 1);
137         if (defined $attachment) {
138                 $f->field(name => "attachment", type => "hidden",
139                         value => $attachment, force => 1);
140         }
141
142         IkiWiki::showform($f, $buttons, $session, $q);
143         exit 0;
144 }
145
146 sub postremove ($) {
147         my $session=shift;
148
149         # Load saved form state and return to edit form.
150         my $postremove=CGI->new($session->param("postremove"));
151         $session->clear("postremove");
152         IkiWiki::cgi_savesession($session);
153         IkiWiki::cgi($postremove, $session);
154 }
155
156 sub formbuilder (@) {
157         my %params=@_;
158         my $form=$params{form};
159
160         if (defined $form->field("do") && ($form->field("do") eq "edit" ||
161             $form->field("do") eq "create")) {
162                 my $q=$params{cgi};
163                 my $session=$params{session};
164
165                 if ($form->submitted eq "Remove" && $form->field("do") eq "edit") {
166                         removal_confirm($q, $session, 0, $form->field("page"));
167                 }
168                 elsif ($form->submitted eq "Remove Attachments") {
169                         my @selected=map { Encode::decode_utf8($_) } $q->param("attachment_select");
170                         if (! @selected) {
171                                 error(gettext("Please select the attachments to remove."));
172                         }
173                         removal_confirm($q, $session, 1, @selected);
174                 }
175         }
176 }
177
178 sub sessioncgi ($$) {
179         my $q=shift;
180
181         if ($q->param("do") eq 'remove') {
182                 my $session=shift;
183                 my ($form, $buttons)=confirmation_form($q, $session);
184                 IkiWiki::decode_form_utf8($form);
185
186                 if ($form->submitted eq 'Cancel') {
187                         postremove($session);
188                 }
189                 elsif ($form->submitted eq 'Remove' && $form->validate) {
190                         my @pages=$form->field("page");
191         
192                         # Validate removal by checking that the page exists,
193                         # and that the user is allowed to edit(/remove) it.
194                         my @files;
195                         foreach my $page (@pages) {
196                                 check_canremove($page, $q, $session);
197                                 
198                                 # This untaint is safe because of the
199                                 # checks performed above, which verify the
200                                 # page is a normal file, etc.
201                                 push @files, IkiWiki::possibly_foolish_untaint($pagesources{$page});
202                         }
203
204                         # Do removal, and update the wiki.
205                         require IkiWiki::Render;
206                         if ($config{rcs}) {
207                                 IkiWiki::disable_commit_hook();
208                                 foreach my $file (@files) {
209                                         IkiWiki::rcs_remove($file);
210                                 }
211                                 IkiWiki::rcs_commit_staged(gettext("removed"),
212                                         $session->param("name"), $ENV{REMOTE_ADDR});
213                                 IkiWiki::enable_commit_hook();
214                                 IkiWiki::rcs_update();
215                         }
216                         else {
217                                 foreach my $file (@files) {
218                                         IkiWiki::prune("$config{srcdir}/$file");
219                                 }
220                         }
221                         IkiWiki::refresh();
222                         IkiWiki::saveindex();
223
224                         if ($q->param("attachment")) {
225                                 # Attachments were deleted, so redirect
226                                 # back to the edit form.
227                                 postremove($session);
228                         }
229                         else {
230                                 # The page is gone, so redirect to parent
231                                 # of the page.
232                                 my $parent=IkiWiki::dirname($pages[0]);
233                                 if (! exists $pagesources{$parent}) {
234                                         $parent="index";
235                                 }
236                                 IkiWiki::redirect($q, urlto($parent, '/', 1));
237                         }
238                 }
239                 else {
240                         removal_confirm($q, $session, 0, $form->field("page"));
241                 }
242
243                 exit 0;
244         }
245 }
246
247 1