rethoth 0.4.1

data/lib/thoth/controller/comment.rb

@@ -0,0 +1,173 @@
+#--
+# Copyright (c) 2017 John Pagonis <john@pagonis.org>
+# Copyright (c) 2009 Ryan Grove <ryan@wonko.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#   * Redistributions of source code must retain the above copyright notice,
+#     this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright notice,
+#     this list of conditions and the following disclaimer in the documentation
+#     and/or other materials provided with the distribution.
+#   * Neither the name of this project nor the names of its contributors may be
+#     used to endorse or promote products derived from this software without
+#     specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#++
+
+module Thoth
+  class CommentController < Controller
+    map '/comment'
+    helper :aspect, :cache, :pagination
+
+    cache_action(:method => :index, :ttl => 60) { auth_key_valid? }
+    cache_action(:method => :atom,  :ttl => 120)
+    cache_action(:method => :rss,   :ttl => 120)
+
+    before_all { error_404 unless Thoth::Config.site['enable_comments'] }
+
+    def index
+      now = Time.now.strftime('%Y%j')
+
+      comments = Comment.recent.partition do |comment|
+        comment.created_at('%Y%j') == now
+      end
+
+      @title = 'Recent Comments'
+      @today, @ancient = comments
+    end
+
+    def atom
+      response['Content-Type'] = 'application/atom+xml'
+
+      x = Builder::XmlMarkup.new(:indent => 2)
+      x.instruct!
+
+      x.feed(:xmlns => 'http://www.w3.org/2005/Atom') {
+        comments_url = Config.site['url'].chomp('/') + rs().to_s
+
+        x.id       comments_url
+        x.title    "#{Config.site['name']} Recent Comments"
+        x.subtitle Config.site['desc']
+        x.updated  Time.now.xmlschema # TODO: use modification time of the last post
+        x.link     :href => comments_url
+        x.link     :href => Config.site['url'].chomp('/') + rs(:atom).to_s,
+                       :rel => 'self'
+
+        Comment.recent.all.each do |comment|
+          x.entry {
+            x.id        comment.url
+            x.title     comment.title.empty? ? comment.summary : comment.title
+            x.published comment.created_at.xmlschema
+            x.updated   comment.updated_at.xmlschema
+            x.link      :href => comment.url, :rel => 'alternate'
+            x.content   comment.body_rendered, :type => 'html'
+
+            x.author {
+              x.name comment.author
+
+              if comment.author_url && !comment.author_url.empty?
+                x.uri comment.author_url
+              end
+            }
+          }
+        end
+      }
+
+      throw(:respond, x.target!)
+    end
+
+    def delete(id = nil)
+      require_auth
+
+      error_404 unless id && @comment = Comment[id]
+
+      if request.post?
+        error_403 unless form_token_valid?
+
+        comment_url = @comment.url
+
+        if request[:confirm] == 'yes'
+          @comment.deleted = true
+
+          if @comment.save(:changed => true, :validate => false)
+            Ramaze::Cache.action.clear
+            Ramaze::Cache.cache_helper_value.clear
+            flash[:success] = 'Comment deleted.'
+          else
+            flash[:error] = 'Error deleting comment.'
+          end
+        end
+
+        redirect(comment_url)
+      end
+
+      @title = "Delete Comment: #{@comment.title}"
+    end
+
+    def list(page = 1)
+      require_auth
+
+      page = page.to_i
+
+      @columns  = [:id, :title, :author, :created_at, :deleted]
+      @order    = (request[:order] || :desc).to_sym
+      @sort     = (request[:sort]  || :created_at).to_sym
+      @sort     = :created_at unless @columns.include?(@sort)
+      @sort_url = rs(:list, page)
+
+      @comments = Comment.order(@order == :desc ? Sequel.desc(@sort) : @sort).paginate(page, 20)
+      @title    = "Comments (page #{page} of #{[@comments.page_count, 1].max})"
+      @pager    = pager(@comments, rs(:list, '__page__', :sort => @sort, :order => @order))
+    end
+
+    def rss
+      response['Content-Type'] = 'application/rss+xml'
+
+      x = Builder::XmlMarkup.new(:indent => 2)
+      x.instruct!
+
+      x.rss(:version     => '2.0',
+            'xmlns:atom' => 'http://www.w3.org/2005/Atom',
+            'xmlns:dc'   => 'http://purl.org/dc/elements/1.1/') {
+        x.channel {
+          x.title          "#{Config.site['name']} Recent Comments"
+          x.link           Config.site['url']
+          x.description    Config.site['desc']
+          x.managingEditor "#{Config.admin['email']} (#{Config.admin['name']})"
+          x.webMaster      "#{Config.admin['email']} (#{Config.admin['name']})"
+          x.docs           'http://backend.userland.com/rss/'
+          x.ttl            30
+          x.atom           :link, :rel => 'self',
+                               :type => 'application/rss+xml',
+                               :href => Config.site['url'].chomp('/') + rs(:rss).to_s
+
+          Comment.recent.all.each do |comment|
+            x.item {
+              x.title       comment.title.empty? ? comment.summary : comment.title
+              x.link        comment.url
+              x.dc          :creator, comment.author
+              x.guid        comment.url, :isPermaLink => 'true'
+              x.pubDate     comment.created_at.rfc2822
+              x.description comment.body_rendered
+            }
+          end
+        }
+      }
+
+      throw(:respond, x.target!)
+    end
+  end
+end

data/lib/thoth/controller/main.rb

@@ -0,0 +1,193 @@
+#--
+# Copyright (c) 2017 John Pagonis <john@pagonis.org>
+# Copyright (c) 2009 Ryan Grove <ryan@wonko.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#   * Redistributions of source code must retain the above copyright notice,
+#     this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright notice,
+#     this list of conditions and the following disclaimer in the documentation
+#     and/or other materials provided with the distribution.
+#   * Neither the name of this project nor the names of its contributors may be
+#     used to endorse or promote products derived from this software without
+#     specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#++
+
+module Thoth
+  class MainController < Controller
+    map '/'
+    map_views '/thoth'
+    helper :cache, :pagination
+
+    cache_action(:method => :index, :ttl => 60) do
+      auth_key_valid?.to_s + (request[:type] || '') + flash.inspect
+    end
+
+    cache_action(:method => :atom,    :ttl => 120)
+    cache_action(:method => :rss,     :ttl => 120)
+    cache_action(:method => :sitemap, :ttl => 3600)
+
+    def index
+      # Check for legacy feed requests and redirect if necessary.
+      if type = request[:type]
+        redirect rs(type), :status => 301
+      end
+
+      @title = Config.site['name']
+      @posts = Post.recent
+      @pager = pager(@posts, rs(:archive, '__page__'))
+    end
+
+    def atom
+      response['Content-Type'] = 'application/atom+xml'
+
+      x = Builder::XmlMarkup.new(:indent => 2)
+      x.instruct!
+
+      x.feed(:xmlns => 'http://www.w3.org/2005/Atom') {
+        x.id       Config.site['url']
+        x.title    Config.site['name']
+        x.subtitle Config.site['desc']
+        x.updated  Time.now.xmlschema # TODO: use modification time of the last post
+        x.link     :href => Config.site['url']
+        x.link     :href => Config.site['url'].chomp('/') + rs(:atom).to_s,
+                   :rel => 'self'
+
+        x.author {
+          x.name  Config.admin['name']
+          x.email Config.admin['email']
+          x.uri   Config.site['url']
+        }
+
+        Post.recent.all.each do |post|
+          x.entry {
+            x.id        post.url
+            x.title     post.title
+            x.published post.created_at.xmlschema
+            x.updated   post.updated_at.xmlschema
+            x.link      :href => post.url, :rel => 'alternate'
+            x.content   post.body_rendered, :type => 'html'
+
+            post.tags.each do |tag|
+              x.category :term => tag.name, :label => tag.name,
+                  :scheme => tag.url
+            end
+          }
+        end
+      }
+
+      throw(:respond, x.target!)
+    end
+
+    def rss
+      response['Content-Type'] = 'application/rss+xml'
+
+      x = Builder::XmlMarkup.new(:indent => 2)
+      x.instruct!
+
+      x.rss(:version     => '2.0',
+            'xmlns:atom' => 'http://www.w3.org/2005/Atom') {
+        x.channel {
+          x.title          Config.site['name']
+          x.link           Config.site['url']
+          x.description    Config.site['desc']
+          x.managingEditor "#{Config.admin['email']} (#{Config.admin['name']})"
+          x.webMaster      "#{Config.admin['email']} (#{Config.admin['name']})"
+          x.docs           'http://backend.userland.com/rss/'
+          x.ttl            60
+          x.atom           :link, :rel => 'self',
+                               :type => 'application/rss+xml',
+                               :href => Config.site['url'].chomp('/') + rs(:rss).to_s
+
+          Post.recent.all.each do |post|
+            x.item {
+              x.title       post.title
+              x.link        post.url
+              x.guid        post.url, :isPermaLink => 'true'
+              x.pubDate     post.created_at.rfc2822
+              x.description post.body_rendered
+
+              post.tags.each do |tag|
+                x.category tag.name, :domain => tag.url
+              end
+            }
+          end
+        }
+      }
+
+      throw(:respond, x.target!)
+    end
+
+    def sitemap
+      error_404 unless Config.site['enable_sitemap']
+
+      response['Content-Type'] = 'text/xml'
+
+      x = Builder::XmlMarkup.new(:indent => 2)
+      x.instruct!
+
+      x.urlset(:xmlns => 'http://www.sitemaps.org/schemas/sitemap/0.9') {
+        x.url {
+          x.loc        Config.site['url']
+          x.changefreq 'hourly'
+          x.priority   '1.0'
+        }
+
+        Page.reverse_order(:updated_at).all do |page|
+          x.url {
+            x.loc        page.url
+            x.lastmod    page.updated_at.xmlschema
+            x.changefreq 'weekly'
+            x.priority   '0.7'
+          }
+        end
+
+        Post.filter(:is_draft => false).reverse_order(:updated_at).all do |post|
+          x.url {
+            x.loc        post.url
+            x.lastmod    post.updated_at.xmlschema
+            x.changefreq 'weekly'
+            x.priority   '0.6'
+          }
+        end
+      }
+
+      throw(:respond, x.target!)
+    end
+
+    # Legacy redirect to /archive/+page+.
+    def archives(page = 1)
+      redirect ArchiveController.r(:/, page), :status => 301
+    end
+
+    # Legacy redirect to /post/+name+.
+    def article(name)
+      redirect PostController.r(:/, name), :status => 301
+    end
+
+    # Legacy redirect to /comment.
+    def comments
+      if type = request[:type]
+        redirect CommentController.r(:/, type), :status => 301
+      else
+        redirect CommentController.r(), :status => 301
+      end
+    end
+    
+    alias_method 'recent-comments', :comments
+    end
+end

data/lib/thoth/controller/media.rb

@@ -0,0 +1,172 @@
+#--
+# Copyright (c) 2017 John Pagonis <john@pagonis.org>
+# Copyright (c) 2009 Ryan Grove <ryan@wonko.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#   * Redistributions of source code must retain the above copyright notice,
+#     this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright notice,
+#     this list of conditions and the following disclaimer in the documentation
+#     and/or other materials provided with the distribution.
+#   * Neither the name of this project nor the names of its contributors may be
+#     used to endorse or promote products derived from this software without
+#     specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#++
+
+require 'rack/utils'
+
+module Thoth
+  class MediaController < Controller
+    map '/media'
+    helper :pagination
+
+    def index(filename = nil)
+      error_404 unless filename && file = Media[:filename => filename.strip]
+
+      send_media(file.path)
+
+    rescue Errno::ENOENT => e
+      error_404
+    end
+
+    def delete(id = nil)
+      require_auth
+
+      error_404 unless id && @file = Media[id]
+
+      if request.post?
+        error_403 unless form_token_valid?
+
+        if request[:confirm] == 'yes'
+          @file.destroy
+          flash[:success] = 'File deleted.'
+          redirect(rs(:list))
+        else
+          redirect(rs(:edit, id))
+        end
+      end
+
+      @title          = "Delete File: #{@file.filename}"
+      @delete         = true
+      @show_file_edit = true
+    end
+
+    def edit(id = nil)
+      require_auth
+
+      redirect(rs(:new)) unless id && @file = Media[id]
+
+      @title          = "Edit Media - #{@file.filename}"
+      @form_action    = rs(:edit, id).to_s
+      @show_file_edit = true
+
+      if request.post?
+        error_403 unless form_token_valid?
+
+        tempfile, filename, type = request[:file].values_at(
+            :tempfile, :filename, :type)
+
+        @file.mimetype = type || 'application/octet-stream'
+
+        begin
+          unless File.directory?(File.dirname(@file.path))
+            FileUtils.mkdir_p(File.dirname(@file.path))
+          end
+
+          FileUtils.mv(tempfile.path, @file.path)
+          @file.save
+
+          flash[:success] = 'File saved.'
+          redirect(rs(:edit, id))
+        rescue => e
+          @media_error = "Error: #{e}"
+        end
+      end
+    end
+
+    def list(page = 1)
+      require_auth
+
+      page = page.to_i
+
+      @columns  = [:filename, :size, :created_at, :updated_at]
+      @order    = (request[:order] || :asc).to_sym
+      @sort     = (request[:sort]  || :filename).to_sym
+      @sort     = :created_at unless @columns.include?(@sort)
+      @sort_url = rs(:list, page)
+
+      @files = Media.order(@order == :desc ? Sequel.desc(@sort) : @sort).paginate(page, 20)
+
+      @title = "Media (page #{page} of #{[@files.page_count, 1].max})"
+      @pager = pager(@files, rs(:list, '__page__', :sort => @sort, :order => @order))
+    end
+
+    def new
+      require_auth
+
+      @title       = "Upload Media"
+      @form_action = rs(:new).to_s
+
+      if request.post?
+        error_403 unless form_token_valid?
+
+        tempfile, filename, type = request[:file].values_at(
+            :tempfile, :filename, :type)
+
+        # Ensure that the filename is a name only and not a full path, since
+        # certain browsers are stupid (I'm looking at you, IE).
+        filename = filename[/([^\/\\]+)$/].strip
+
+        if filename.empty?
+          return @media_error = 'Error: Invalid filename.'
+        end
+
+        file = Media.new do |f|
+          f.filename = filename
+          f.mimetype = type || 'application/octet-stream'
+        end
+
+        begin
+          unless File.directory?(File.dirname(file.path))
+            FileUtils.mkdir_p(File.dirname(file.path))
+          end
+
+          FileUtils.mv(tempfile.path, file.path)
+          file.save
+
+          flash[:success] = 'File uploaded.'
+          redirect(rs(:edit, file.id))
+        rescue => e
+          @media_error = "Error: #{e}"
+        end
+      end
+    end
+
+    private
+
+    def send_media(filename, content_type = nil)
+      # This should eventually be eliminated in favor of using the frontend
+      # server to send files directly without passing through Thoth/Ramaze.
+
+      respond!(::File.open(filename, 'rb'), 200,
+        'Content-Length' => ::File.size(filename).to_s,
+        'Content-Type'   => content_type || Rack::Mime.mime_type(::File.extname(filename))
+      )
+    end
+
+  end
+end

data/lib/thoth/controller/page.rb

@@ -0,0 +1,167 @@
+#--
+# Copyright (c) 2017 John Pagonis <john@pagonis.org>
+# Copyright (c) 2009 Ryan Grove <ryan@wonko.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#   * Redistributions of source code must retain the above copyright notice,
+#     this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright notice,
+#     this list of conditions and the following disclaimer in the documentation
+#     and/or other materials provided with the distribution.
+#   * Neither the name of this project nor the names of its contributors may be
+#     used to endorse or promote products derived from this software without
+#     specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#++
+
+module Thoth
+  class PageController < Controller
+    map '/page'
+    helper :cache, :pagination, :wiki
+
+    cache_action(:method => :index, :ttl => 120) { auth_key_valid? }
+
+    def index(name = nil)
+      error_404 unless name && @page = Page[:name => name.strip.downcase]
+
+      @title          = @page.title
+      @show_page_edit = true
+    end
+
+    def delete(id = nil)
+      require_auth
+
+      error_404 unless id && @page = Page[id]
+
+      if request.post?
+        error_403 unless form_token_valid?
+
+        if request[:confirm] == 'yes'
+          @page.destroy
+          Ramaze::Cache.action.clear
+          flash[:success] = 'Page deleted.'
+          redirect(MainController.r())
+        else
+          redirect(@page.url)
+        end
+      end
+
+      @title          = "Delete Page: #{@page.title}"
+      @show_page_edit = true
+    end
+
+    def edit(id = nil)
+      require_auth
+
+      unless @page = Page[id]
+        flash[:error] = 'Invalid page id.'
+        redirect(rs(:new))
+      end
+
+      if request.post?
+        error_403 unless form_token_valid?
+
+        @page.name  = request[:name]
+        @page.title = request[:title]
+        @page.body  = request[:body]
+
+        if @page.valid? && request[:action] == 'Post'
+          begin
+            raise unless @page.save
+          rescue => e
+            @page_error = "There was an error saving your page: #{e}"
+          else
+            Ramaze::Cache.action.clear
+            flash[:success] = 'Page saved.'
+            redirect(rs(@page.name))
+          end
+        end
+      end
+
+      @title          = "Edit page - #{@page.title}"
+      @form_action    = rs(:edit, id)
+      @show_page_edit = true
+    end
+
+    def list(page = 1)
+      require_auth
+
+      # If this is a POST request, set page display positions.
+      if request.post? && !request[:position].nil? &&
+          request[:position].is_a?(Hash)
+
+        error_403 unless form_token_valid?
+
+        Page.normalize_positions
+
+        Page.order(:position).all do |p|
+          unless request[:position][p.id.to_s].nil? ||
+             request[:position][p.id.to_s].to_i == p.position
+            Page.set_position(p, request[:position][p.id.to_s].to_i)
+          end
+        end
+
+        Page.normalize_positions
+      end
+
+      page = page.to_i
+
+      @columns  = [:name, :title, :created_at, :updated_at, :position]
+      @order    = (request[:order] || :asc).to_sym
+      @sort     = (request[:sort]  || :display_order).to_sym
+      @sort     = :position unless @columns.include?(@sort)
+      @sort_url = rs(:list, page)
+
+      @pages = Page.order(@order == :desc ? Sequel.desc(@sort) : @sort).paginate(page, 20)
+
+      @title        = "Pages (page #{page} of #{[@pages.page_count, 1].max})"
+      @pager        = pager(@pages, rs(:list, '__page__', :sort => @sort, :order => @order))
+      @form_action  = rs(:list)
+    end
+
+    def new
+      require_auth
+
+      @title       = "New page - Untitled"
+      @form_action = rs(:new)
+
+      if request.post?
+        error_403 unless form_token_valid?
+
+        @page = Page.new do |p|
+          p.name     = request[:name]
+          p.title    = request[:title]
+          p.body     = request[:body]
+          p.position = Page.dataset.max(:position).to_i + 1
+        end
+
+        if @page.valid? && request[:action] == 'Post'
+          begin
+            raise unless @page.save
+          rescue => e
+            @page_error = "There was an error saving your page: #{e}"
+          else
+            Ramaze::Cache.action.clear
+            flash[:success] = 'Page created.'
+            redirect(rs(@page.name))
+          end
+        end
+
+        @title = "New page - #{@page.title}"
+      end
+    end
+  end
+end