@verb #84:"edit_file" this none this rxdo #789
@program #84:"edit_file" this none this
caller == this || raise(E_PERM)
player:isa($webber) || raise(E_PERM)
player:tell($eval.antistealth)
set_task_perms(player.user)
{name, object} = args
if (iobj && player.referer && $www:previous_object() != object && player.user != $no_one)
  "We have an unknown form refering a command to us with a user's perms..."
  $msg:mtell("www_error", "Warning!  Previous page doesn't appear to be this one!")
  player:tell("For security reasons the command will not be executed.  Refering page: [", player.referer, "]")
  iobj = {}
endif
suspend(0)
image_types = {".gif", ".jpg", ".jpeg", ".png"}
url = tostr("/", toint(object))
oldname = name
access = `object:fileaccess(name) ! "E_FILE" => E_INVARG'
if (access == "" && !$perm_utils:controls(player.user, object))
  $msg:mtell("www_error", "You do not have permission to view this file.")
  return $www.exam:tell_files(object)
elseif (access == E_INVARG)
  if ($www:parse_POST("create"))
    "File doesn't exist, and we want to create it."
    object:filewrite(name, {})
    player:tell("<B>File created!</B><BR>")
    "Keep going, and show the edit page."
    iobj = {}
  else
    "File doesn't exist, offer to create it."
    player:tell("<B>", object:nn(), " doesn't have this file.</B><BR>")
    if ($perm_utils:controls(player.user, object))
      player:tell("<FORM METHOD=\"post\"><INPUT NAME=\"create\" TYPE=\"hidden\" VALUE=\"X\"><INPUT TYPE=\"submit\" VALUE=\"Create file\"></FORM><BR>")
    endif
    return player:tell("See the list of <A HREF=\"", url, "!\">existing files</A> on ", $su:nn(object), ".")
  endif
elseif ($www:parse_POST("delete") == "Delete file")
  "Unconfirmed request to delete file (probably no JavaScript)."
  player:tell("<B>Are you sure you want to delete this file?</B><BR>")
  player:tell("<FORM ACTION=\"", url, "!", $su:subst(name, $www.desubst_single), "\" METHOD='post'><INPUT NAME='delete' TYPE='hidden' VALUE='Confirmed'><INPUT TYPE='submit' VALUE='Delete file'></FORM><BR>")
  return
elseif ($www:parse_POST("delete"))
  "Delete the file, then show the list of files."
  if (`object:filedelete(name) ! E_PERM' == E_PERM)
    $msg:mtell("www_error", "You do not have permission to delete this file.")
  else
    player:tell("<B>", object, "!", $html_utils:literal_text(name), " has been deleted!</B><BR>")
    return $www.exam:tell_files(object)
  endif
elseif ($www:parse_POST("copy") == "Copy file...")
  "Request to move file with no target (probably no JavaScript)."
  player:tell("<B>Where do you want to copy this file to?</B><BR>eg. #123 or !filename or #123!filename<BR>")
  player:tell("<FORM ACTION=\"", url, "!", $su:subst(name, $www.desubst_single), "\" METHOD='post'><INPUT NAME='copy' TYPE='text' SIZE=30><INPUT TYPE='submit' VALUE='Copy file'></FORM><BR>")
  return
elseif ($www:parse_POST("move") == "Move file...")
  "Request to move file with no target (probably no JavaScript)."
  player:tell("<B>Where do you want to move this file to?</B><BR>eg. #123 or !filename or #123!filename<BR>")
  player:tell("<FORM ACTION=\"", url, "!", $su:subst(name, $www.desubst_single), "\" METHOD='post'><INPUT NAME='move' TYPE='text' SIZE=30><INPUT TYPE='submit' VALUE='Move file'></FORM><BR>")
  return
elseif ($www:parse_POST("copy") || $www:parse_POST("move"))
  mode = $www:parse_POST("copy") ? "copy" | "move"
  player:tell("<TT>")
  result = player.user:("_" + mode + ($www:parse_POST("force") ? "!" | "") + "_file")(object, name, $www:parse_POST(mode))
  player:tell("</TT><P>")
  if (result == E_NACC)
    "Aready exists.  Force?"
    player:tell("<FORM ACTION=\"", url, "!", $su:subst(name, $www.desubst_single), "\" METHOD='post'>", $html_utils:input_hidden(mode, $www:parse_POST(mode)), "<INPUT NAME='force' TYPE='submit' VALUE='Force ", mode, "!'></FORM><P>")
    "Links to target would be nice, but that info isn't available."
  elseif (result)
    "Success"
    {destobj, destname, desttype} = result
    if (destobj == object && desttype == "file")
      $www.exam:tell_files(object)
    else
      player:tell("<TABLE WIDTH='100%'><TR><TD VALIGN=top>")
      $www.exam:tell_files(object)
      player:tell("</TD><TD VALIGN=top>")
      $www.exam:("tell_" + desttype + "s")(destobj)
      player:tell("</TD></TR></TABLE>")
    endif
  else
    "Failure"
    player:tell("<B>", $su:capitalise(mode), " failed.</B>")
    $www.exam:tell_files(object)
  endif
  return
elseif (iobj)
  "Save the file."
  if ($www:parse_POST("create"))
    $msg:mtell("www_error", "File already exists!")
  elseif (this.sharing_violations && $www:parse_POST("hash") && this:hash(tostr(object, "!", name)) != $www:parse_POST("hash"))
    $msg:mtell("www_error", "Sharing violation!")
    player:tell("While you were in the editor, somebody/something changed this file.  You have two choices: you can either lose your changes or you can lose the other person's changes.<P>")
    player:tell("<FORM ACTION=\"", url, "!", $su:subst(name, $www.desubst_single), "\" METHOD=\"post\">")
    player:tell($html_utils:input_hidden("hash", ""))
    for x in (iobj)
      if (x[1] != "hash")
        player:tell($html_utils:input_hidden(@x))
      endif
    endfor