lemoncurry/micropub/views/delete.py

48 lines
1.5 KiB
Python

from django.http import HttpResponse
from django.urls import resolve, Resolver404
from urllib.parse import urlparse
from entries.jobs import ping_hub
from entries.models import Entry
from . import error
def delete(request):
normalise = {
'application/json': lambda r: r.json.get('url'),
'application/x-www-form-urlencoded': lambda r: r.POST.get('url'),
}
if 'delete' not in request.token:
return error.bad_scope('delete')
if request.content_type not in normalise:
return error.unsupported_type(request.content_type)
url = normalise[request.content_type](request)
if not url:
return error.bad_req('url parameter required')
if '//' not in url:
url = '//' + url
url = urlparse(url, scheme='https')
if url.scheme not in ('http', 'https') or url.netloc != request.site.domain:
return error.bad_req('url does not point to this site')
try:
match = resolve(url.path)
except Resolver404:
return error.bad_req('url does not point to a valid page on this site')
if match.view_name != 'entries:entry':
return error.bad_req('url does not point to an entry on this site')
try:
entry = Entry.objects.get(pk=match.kwargs['id'])
except Entry.DoesNotExist:
return error.bad_req('url does not point to an existing entry')
if entry.author != request.token.user:
return error.forbid('entry belongs to another user')
urls = entry.affected_urls
entry.delete()
ping_hub.delay(urls)
return HttpResponse(status=204)