7 files changed, 75 insertions, 13 deletions

diff --git a/images/del.png b/images/del.png
new file mode 100644
index 000000000..a3260d718
--- /dev/null
+++ b/images/del.png
diff --git a/inc/admin_acl.php b/inc/admin_acl.php
index 5dc907049..fcf9d9ae3 100644
--- a/inc/admin_acl.php
+++ b/inc/admin_acl.php
@@ -28,7 +28,7 @@ function admin_acl_handler(){
   if($type == '@') $user = '@'.$user;
   if($user == '@all') $user = '@ALL'; //special group! (now case insensitive)
   $perm  = (int) $perm;
-  if($perm > AUTH_UPLOAD) $perm = AUTH_UPLOAD;
+  if($perm > AUTH_DELETE) $perm = AUTH_DELETE;
   //FIXME sanitize scope!!!
 
   //nothing to do?
@@ -374,7 +374,7 @@ function admin_acl_html_checkboxes($setperm,$ispage){
   static $label = 0; //number labels
   $ret = '';
 
-  foreach(array(AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD) as $perm){
+  foreach(array(AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD,AUTH_DELETE) as $perm){
     $label += 1;
 
     //general checkbox attributes
diff --git a/inc/auth.php b/inc/auth.php
index a948a544f..a55cfbc51 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -23,6 +23,7 @@
   define('AUTH_EDIT',2);
   define('AUTH_CREATE',4);
   define('AUTH_UPLOAD',8);
+  define('AUTH_DELETE',16);
   define('AUTH_ADMIN',255);
 
   if($conf['useacl']){
@@ -249,7 +250,7 @@ function auth_aclcheck($id,$user,$groups){
     foreach($matches as $match){
       $match = preg_replace('/#.*$/','',$match); //ignore comments
       $acl   = preg_split('/\s+/',$match);
-      if($acl[2] > AUTH_UPLOAD) $acl[2] = AUTH_UPLOAD; //no admins in the ACL!
+      if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL!
       if($acl[2] > $perm){
         $perm = $acl[2];
       }
@@ -273,7 +274,7 @@ function auth_aclcheck($id,$user,$groups){
       foreach($matches as $match){
         $match = preg_replace('/#.*$/','',$match); //ignore comments
         $acl   = preg_split('/\s+/',$match);
-        if($acl[2] > AUTH_UPLOAD) $acl[2] = AUTH_UPLOAD; //no admins in the ACL!
+        if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL!
         if($acl[2] > $perm){
           $perm = $acl[2];
         }
diff --git a/inc/template.php b/inc/template.php
index 1f54c5f99..11a1112d0 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -548,6 +548,7 @@ function tpl_mediafilelist(){
   global $conf;
   global $lang;
   global $NS;
+  global $AUTH;
   $dir = utf8_encodeFN(str_replace(':','/',$NS));
 
   $data = array();
@@ -564,11 +565,27 @@ function tpl_mediafilelist(){
     ptln('<a href="javascript:mediaSelect(\''.$item['id'].'\')">'.
          utf8_decodeFN($item['file']).
          '</a>',6);
+
+    //prepare deletion button
+    if($AUTH >= AUTH_DELETE){
+      $ask  = $lang['del_confirm'].'\\n';
+      $ask .= $item['id'];
+
+      $del = '<a href="media.php?delete='.urlencode($item['id']).'" '.
+             'onclick="return confirm(\''.$ask.'\')" onkeypress="return confirm(\''.$ask.'\')">'.
+             '<img src="'.DOKU_BASE.'images/del.png" alt="'.$lang['btn_delete'].'" '.
+             'align="bottom" title="'.$lang['btn_delete'].'" /></a>';
+    }else{
+      $del = '';
+    }
+
+
     if($item['isimg']){
       $w = $item['info'][0];
       $h = $item['info'][1];
 
-      ptln('('.$w.'&#215;'.$h.' '.filesize_h($item['size']).')<br />',6);
+      ptln('('.$w.'&#215;'.$h.' '.filesize_h($item['size']).')',6);
+      ptln($del.'<br />',6);
       ptln('<a href="javascript:mediaSelect(\''.$item['id'].'\')">');
 
       if($w>120){
@@ -580,6 +597,7 @@ function tpl_mediafilelist(){
 
     }else{
       ptln ('('.filesize_h($item['size']).')',6);
+      ptln($del,6);
     }
     ptln('</li>',4);
   }
@@ -594,6 +612,7 @@ function tpl_mediafilelist(){
 function tpl_mediauploadform(){
   global $NS;
   global $UPLOADOK;
+  global $AUTH;
   global $lang;
 
   if(!$UPLOADOK) return;
@@ -606,6 +625,9 @@ function tpl_mediauploadform(){
   ptln($lang['txt_filename'].'<br />',4);
   ptln('<input type="text" name="id" class="edit" />',4);
   ptln('<input type="submit" class="button" value="'.$lang['btn_upload'].'" accesskey="s" />',4);
+  if($AUTH >= AUTH_DELETE){
+    ptln('<label for="ow" class="simple"><input type="checkbox" name="ow" value="1" id="ow">'.$lang['txt_overwrt'].'</label>',4);
+  }
   ptln('</form>',2);
 }
 
diff --git a/lang/de/lang.php b/lang/de/lang.php
index c4f65d814..bc6ff749a 100644
--- a/lang/de/lang.php
+++ b/lang/de/lang.php
@@ -53,8 +53,9 @@ $lang['reqbadpass'] = 'Die beiden eingegeben Passwörter stimmen nicht überein.
 $lang['regpwmail']  = 'Ihr DokuWiki Passwort';
 $lang['reghere']    = 'Sie haben noch keinen Zugang? Hier anmelden';
 
-$lang['txt_upload'] = 'Datei zum Hochladen auswählen';
+$lang['txt_upload']   = 'Datei zum Hochladen auswählen';
 $lang['txt_filename'] = 'Wikinamen eingeben (optional)';
+$lang['txt_overwrt']  = 'Bestehende Datei überschreiben';
 $lang['lockedby']     = 'Momentan gesperrt von';
 $lang['lockexpire']   = 'Sperre läuft ab am';
 $lang['willexpire']   = 'Die Sperre zur Bearbeitung dieser Seite läuft in einer Minute ab.\nUm Bearbeitungskonflikte zu vermeiden, sollten sie sie durch einen Klick auf den Vorschau-Knopf verlängern.';
@@ -69,6 +70,7 @@ $lang['fileupload']  = 'Datei hochladen';
 $lang['uploadsucc']  = 'Datei wurde erfolgreich hochgeladen';
 $lang['uploadfail']  = 'Hochladen fehlgeschlagen. Keine Berechtigung?';
 $lang['uploadwrong'] = 'Hochladen verweigert. Diese Dateiendung ist nicht erlaubt.';
+$lang['uploadexist'] = 'Datei existiert bereits. Keine Änderungen vorgenommen.';
 $lang['namespaces']  = 'Namensräume';
 $lang['mediafiles']  = 'Vorhandene Dateien in';
 
@@ -125,6 +127,7 @@ $lang['acl_perm1']  = 'Lesen';
 $lang['acl_perm2']  = 'Bearbeiten';
 $lang['acl_perm4']  = 'Anlegen';
 $lang['acl_perm8']  = 'Hochladen';
+$lang['acl_perm16'] = 'Entfernen';
 $lang['acl_new']    = 'Eintrag hinzufügen';
 
 //Setup VIM: ex: et ts=2 enc=utf-8 :
diff --git a/lang/en/lang.php b/lang/en/lang.php
index 49773b594..7d6667429 100644
--- a/lang/en/lang.php
+++ b/lang/en/lang.php
@@ -54,6 +54,7 @@ $lang['reghere']    = 'You don\'t have an account yet? Just get one';
 
 $lang['txt_upload']   = 'Select file to upload';
 $lang['txt_filename'] = 'Enter wikiname (optional)';
+$lang['txt_overwrt']  = 'Overwrite existing file';
 $lang['lockedby']     = 'Currently locked by';
 $lang['lockexpire']   = 'Lock expires at';
 $lang['willexpire']   = 'Your lock for editing this page is about to expire in a minute.\nTo avoid conflicts use the preview button to reset the locktimer.';
@@ -66,7 +67,8 @@ $lang['mediaselect'] = 'Mediafile Selection';
 $lang['fileupload']  = 'Mediafile Upload';
 $lang['uploadsucc']  = 'Upload successful';
 $lang['uploadfail']  = 'Upload failed. Maybe wrong permissions?';
-$lang['uploadwrong'] = 'Upload denied. This file extension is forbidden';
+$lang['uploadwrong'] = 'Upload denied. This file extension is forbidden!';
+$lang['uploadexist'] = 'File already exists. Nothing done.';
 $lang['namespaces']  = 'Namespaces';
 $lang['mediafiles']  = 'Available files in';
 
@@ -123,6 +125,7 @@ $lang['acl_perm1']  = 'Read';
 $lang['acl_perm2']  = 'Edit';
 $lang['acl_perm4']  = 'Create';
 $lang['acl_perm8']  = 'Upload';
+$lang['acl_perm16'] = 'Delete';
 $lang['acl_new']    = 'Add new Entry';
 
 //Setup VIM: ex: et ts=2 enc=utf-8 :
diff --git a/media.php b/media.php
index 3b71f62a3..3340bae4e 100644
--- a/media.php
+++ b/media.php
@@ -11,11 +11,18 @@
 
   header('Content-Type: text/html; charset='.$lang['encoding']);
 
-  $NS = $_REQUEST['ns'];
-  $NS = cleanID($NS);
+  //get namespace to display (either direct or from deletion order)
+  if($_REQUEST['delete']){
+		$DEL = cleanID($_REQUEST['delete']);
+    $NS  = getNS($DEL);
+  }else{
+    $NS = $_REQUEST['ns'];
+    $NS = cleanID($NS);
+  }
 
   //check upload permissions
-  if(auth_quickaclcheck("$NS:*") >= AUTH_UPLOAD){
+  $AUTH = auth_quickaclcheck("$NS:*");
+  if($AUTH >= AUTH_UPLOAD){
     $UPLOADOK = true;
     //create the given namespace (just for beautification)
     $mdir = $conf['mediadir'].'/'.utf8_encodeFN(str_replace(':','/',$NS));
@@ -24,8 +31,14 @@
     $UPLOADOK = false;
   }
 
+  //handle deletion
+	if($DEL && $AUTH >= AUTH_DELETE){
+		media_delete($DEL);
+	}
+
+	//handle upload
   if($_FILES['upload']['tmp_name'] && $UPLOADOK){
-    media_upload($NS);
+    media_upload($NS,$AUTH);
   }
 
   //start output and load template
@@ -38,11 +51,26 @@
 /**********************************************/
 
 /**
+ * Deletes mediafiles - Auth is not handled here!
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
+ */
+function media_delete($delid){
+  $file = mediaFN($delid);
+	if(@unlink($file)){
+		return true;
+	}
+	//something went wrong
+  msg("'$file' couldn't be deleted - check permissions",-1);
+  return false;
+}
+
+/**
  * Handles Mediafile uploads
  *
  * @author Andreas Gohr <andi@splitbrain.org>
  */
-function media_upload($NS){
+function media_upload($NS,$AUTH){
 	require_once(DOKU_INC.'inc/confutils.php');
   global $lang;
   global $conf;
@@ -65,9 +93,14 @@ function media_upload($NS){
   // because a temp file was created already
   umask($conf['umask']);
   if(preg_match('/\.('.$regex.')$/i',$fn)){
+		//check for overwrite
+		if(@file_exists($fn) && (!$_POST['ow'] || $AUTH < AUTH_DELETE)){
+			msg($lang['uploadexist'],0);
+			return false;
+		}
   	// prepare directory
   	io_makeFileDir($fn);
-    if (move_uploaded_file($file['tmp_name'], $fn)) {
+    if(move_uploaded_file($file['tmp_name'], $fn)) {
 			// set the correct permission here
 			chmod($fn, 0777 - $conf['umask']);
       msg($lang['uploadsucc'],1);