geovisio 2.9.0__py3-none-any.whl → 2.11.0__py3-none-any.whl

geovisio/web/items.py

@@ -5,8 +5,7 @@ import os
 from typing import Dict, List, Optional, Any
 from urllib.parse import unquote
 from psycopg.types.json import Jsonb
-from pydantic import BaseModel, ConfigDict, ValidationError, field_validator, model_validator
-from shapely import intersects
+from pydantic import BaseModel, ValidationError, field_validator, model_validator
 from werkzeug.datastructures import MultiDict
 from uuid import UUID
 from geovisio import errors, utils
@@ -15,7 +14,9 @@ from geovisio.utils.cql2 import parse_search_filter
 from geovisio.utils.params import validation_error
 from geovisio.utils.pictures import cleanupExif
 from geovisio.utils.semantics import Entity, EntityType, update_tags
+from geovisio.utils.items import SortableItemField, SortBy, ItemSortByField
 from geovisio.utils.tags import SemanticTagUpdate
+from geovisio.utils.auth import Account
 from geovisio.web.params import (
     as_latitude,
     as_longitude,
@@ -23,17 +24,20 @@ from geovisio.web.params import (
     parse_datetime,
     parse_datetime_interval,
     parse_bbox,
+    parse_item_sortby,
     parse_list,
     parse_lonlat,
     parse_distance_range,
     parse_picture_heading,
+    Visibility,
+    check_visibility,
 )
-from geovisio.utils.fields import Bounds
+from geovisio.utils.fields import Bounds, SQLDirection
 import hashlib
 from psycopg.rows import dict_row
 from psycopg.sql import SQL
 from geovisio.web.utils import (
-    accountIdOrDefault,
+    accountOrDefault,
     cleanNoneInList,
     dbTsToStac,
     dbTsToStacTZ,
@@ -46,13 +50,19 @@ from flask import current_app, request, url_for, Blueprint
 from flask_babel import gettext as _, get_locale
 from geopic_tag_reader.writer import writePictureMetadata, PictureMetadata
 import sentry_sdk
-import math
 
 
 bp = Blueprint("stac_items", __name__, url_prefix="/api")
 
 
-def dbPictureToStacItem(seqId, dbPic):
+def retrocompatible_picture_status(db_pic):
+    """We used to display status='hidden' for hidden picture, now that the status and the visiblity has been split, we still return a 'ready' status for retrocompatibility"""
+    if db_pic.get("status") == "hidden":
+        return "ready"
+    return db_pic.get("status")
+
+
+def dbPictureToStacItem(dbPic):
     """Transforms a picture extracted from database into a STAC Item
 
     Parameters
@@ -70,6 +80,7 @@ def dbPictureToStacItem(seqId, dbPic):
 
     sensorDim = None
     visibleArea = None
+    seqId = str(dbPic["seq_id"])
     if dbPic["metadata"].get("crop") is not None:
         sensorDim = [dbPic["metadata"]["crop"].get("fullWidth"), dbPic["metadata"]["crop"].get("fullHeight")]
         visibleArea = [
@@ -115,7 +126,7 @@ def dbPictureToStacItem(seqId, dbPic):
                     "datetime": dbTsToStac(dbPic["ts"]),
                     "datetimetz": dbTsToStacTZ(dbPic["ts"], dbPic["metadata"].get("tz")),
                     "created": dbTsToStac(dbPic["inserted_at"]),
-                    # TODO : add "updated" TS for last edit time of metadata
+                    "updated": dbTsToStac(dbPic["updated_at"]),
                     "license": current_app.config["API_PICTURES_LICENSE_SPDX_ID"],
                     "view:azimuth": dbPic["heading"],
                     "pers:interior_orientation": (
@@ -139,18 +150,20 @@ def dbPictureToStacItem(seqId, dbPic):
                     ),
                     "pers:pitch": dbPic["metadata"].get("pitch"),
                     "pers:roll": dbPic["metadata"].get("roll"),
-                    "geovisio:status": dbPic.get("status"),
+                    "geovisio:status": retrocompatible_picture_status(dbPic),
+                    "geovisio:visibility": dbPic.get("visibility"),
                     "geovisio:producer": dbPic["account_name"],
                     "geovisio:rank_in_collection": dbPic["rank"],
                     "original_file:size": dbPic["metadata"].get("originalFileSize"),
                     "original_file:name": dbPic["metadata"].get("originalFileName"),
                     "panoramax:horizontal_pixel_density": dbPic.get("h_pixel_density"),
-                    "geovisio:image": _getHDJpgPictureURL(dbPic["id"], dbPic.get("status")),
-                    "geovisio:thumbnail": _getThumbJpgPictureURL(dbPic["id"], dbPic.get("status")),
+                    "geovisio:image": _getHDJpgPictureURL(dbPic["id"], dbPic.get("visibility")),
+                    "geovisio:thumbnail": _getThumbJpgPictureURL(dbPic["id"], dbPic.get("visibility")),
                     "exif": removeNoneInDict(cleanupExif(dbPic["exif"])),
                     "quality:horizontal_accuracy": float("{:.1f}".format(dbPic["gps_accuracy_m"])) if dbPic.get("gps_accuracy_m") else None,
                     "semantics": [s for s in dbPic.get("semantics") or [] if s],
                     "annotations": [a for a in dbPic.get("annotations") or [] if a],
+                    "collection": {"semantics": dbPic["sequence_semantics"]} if "sequence_semantics" in dbPic else None,
                 }
             ),
             "links": cleanNoneInList(
@@ -180,21 +193,21 @@ def dbPictureToStacItem(seqId, dbPic):
                     "description": "Highest resolution available of this picture",
                     "roles": ["data"],
                     "type": "image/jpeg",
-                    "href": _getHDJpgPictureURL(dbPic["id"], status=dbPic.get("status")),
+                    "href": _getHDJpgPictureURL(dbPic["id"], visibility=dbPic.get("visibility")),
                 },
                 "sd": {
                     "title": "SD picture",
                     "description": "Picture in standard definition (fixed width of 2048px)",
                     "roles": ["visual"],
                     "type": "image/jpeg",
-                    "href": _getSDJpgPictureURL(dbPic["id"], status=dbPic.get("status")),
+                    "href": _getSDJpgPictureURL(dbPic["id"], visibility=dbPic.get("visibility")),
                 },
                 "thumb": {
                     "title": "Thumbnail",
                     "description": "Picture in low definition (fixed width of 500px)",
                     "roles": ["thumbnail"],
                     "type": "image/jpeg",
-                    "href": _getThumbJpgPictureURL(dbPic["id"], status=dbPic.get("status")),
+                    "href": _getThumbJpgPictureURL(dbPic["id"], visibility=dbPic.get("visibility")),
                 },
             },
             "collection": str(seqId),
@@ -272,7 +285,7 @@ def dbPictureToStacItem(seqId, dbPic):
                 "description": "Highest resolution available of this picture, as tiles",
                 "roles": ["data"],
                 "type": "image/jpeg",
-                "href": _getTilesJpgPictureURL(dbPic["id"], status=dbPic.get("status")),
+                "href": _getTilesJpgPictureURL(dbPic["id"], visibility=dbPic.get("visibility")),
             }
         }
 
@@ -361,9 +374,10 @@ def getCollectionItems(collectionId):
 
     filters = [
         SQL("sp.seq_id = %(seq)s"),
-        SQL("(p.status = 'ready' OR p.account_id = %(account)s)"),
-        SQL("(is_sequence_visible_by_user(s, %(account)s))"),
+        SQL("(p.preparing_status = 'prepared' OR p.account_id = %(account)s)"),
     ]
+    if account is None or not account.can_see_all():
+        filters.append(SQL("(is_picture_visible_by_user(p, %(account)s))"))
 
     # Check if limit is valid
     sql_limit = SQL("")
@@ -402,7 +416,7 @@ def getCollectionItems(collectionId):
                 + (", MAX(sp.rank) AS max_rank, MIN(sp.rank) AS min_rank " if paginated else "")
                 + "FROM sequences s "
                 + ("LEFT JOIN sequences_pictures sp ON sp.seq_id = s.id " if paginated else "")
-                + "WHERE s.id = %(seq)s AND (is_sequence_visible_by_user(s, %(account)s)) "
+                + "WHERE s.id = %(seq)s AND (s.status = 'ready' OR s.account_id = %(account)s) AND is_sequence_visible_by_user(s, %(account)s) AND s.status != 'deleted'"
                 + ("GROUP BY s.id" if paginated else ""),
                 params,
             ).fetchone()
@@ -424,36 +438,43 @@ def getCollectionItems(collectionId):
                     params={"id": withPicture, "seq": collectionId},
                 ).fetchone()
                 if not pic:
-                    raise errors.InvalidAPIUsage(_("Picture with id %(p)s does not exists", p=withPicture))
+                    raise errors.InvalidAPIUsage(_("Picture with id %(p)s does not exist", p=withPicture))
                 rank = get_first_rank_of_page(pic["rank"], limit)
 
                 filters.append(SQL("rank >= %(start_after_rank)s"))
                 params["start_after_rank"] = rank
 
             query = SQL(
-                """
-                SELECT
-                    p.id, p.ts, p.heading, p.metadata, p.inserted_at, p.status,
+                """SELECT
+                    p.id, p.ts, p.heading, p.metadata, p.inserted_at, p.updated_at, p.status, p.visibility,
                     ST_AsGeoJSON(p.geom)::json AS geojson,
                     a.name AS account_name,
                     p.account_id AS account_id,
-                    sp.rank, p.exif, p.gps_accuracy_m, p.h_pixel_density,
-                    CASE WHEN LAG(p.status) OVER othpics = 'ready' THEN LAG(p.id) OVER othpics END AS prevpic,
-                    CASE WHEN LAG(p.status) OVER othpics = 'ready' THEN ST_AsGeoJSON(LAG(p.geom) OVER othpics)::json END AS prevpicgeojson,
-                    CASE WHEN LEAD(p.status) OVER othpics = 'ready' THEN LEAD(p.id) OVER othpics END AS nextpic,
-                    CASE WHEN LEAD(p.status) OVER othpics = 'ready' THEN ST_AsGeoJSON(LEAD(p.geom) OVER othpics)::json END AS nextpicgeojson,
+                    sp.seq_id, sp.rank, p.exif, p.gps_accuracy_m, p.h_pixel_density,
+                    CASE WHEN LAG(is_picture_visible_by_user(p, %(account)s)) OVER othpics THEN LAG(p.id) OVER othpics END AS prevpic,
+                    CASE WHEN LAG(is_picture_visible_by_user(p, %(account)s)) OVER othpics THEN ST_AsGeoJSON(LAG(p.geom) OVER othpics)::json END AS prevpicgeojson,
+                    CASE WHEN LEAD(is_picture_visible_by_user(p, %(account)s)) OVER othpics THEN LEAD(p.id) OVER othpics END AS nextpic,
+                    CASE WHEN LEAD(is_picture_visible_by_user(p, %(account)s)) OVER othpics THEN ST_AsGeoJSON(LEAD(p.geom) OVER othpics)::json END AS nextpicgeojson,
                     get_picture_semantics(p.id) as semantics,
-                    get_picture_annotations(p.id) as annotations
+                    get_picture_annotations(p.id) as annotations,
+                    COALESCE(seq_sem.semantics, '[]'::json) AS sequence_semantics
                 FROM sequences_pictures sp
                 JOIN pictures p ON sp.pic_id = p.id
                 JOIN accounts a ON a.id = p.account_id
                 JOIN sequences s ON s.id = sp.seq_id
+                LEFT JOIN (
+                    SELECT sequence_id, json_agg(json_strip_nulls(json_build_object(
+                        'key', key,
+                        'value', value
+                    )) ORDER BY key, value) AS semantics
+                    FROM sequences_semantics
+                    GROUP BY sequence_id
+                ) seq_sem ON seq_sem.sequence_id = s.id
                 WHERE
                     {filter}
                 WINDOW othpics AS (PARTITION BY sp.seq_id ORDER BY sp.rank)
                 ORDER BY rank
-                {limit}
-                """
+                {limit}"""
             ).format(filter=SQL(" AND ").join(filters), limit=sql_limit)
 
             records = cursor.execute(query, params)
@@ -464,7 +485,7 @@ def getCollectionItems(collectionId):
                 if first_rank is None:
                     first_rank = dbPic["rank"]
                 last_rank = dbPic["rank"]
-                items.append(dbPictureToStacItem(collectionId, dbPic))
+                items.append(dbPictureToStacItem(dbPic))
             bounds = Bounds(first=first_rank, last=last_rank) if records else None
 
             links = [
@@ -570,44 +591,39 @@ def getCollectionItems(collectionId):
             )
 
 
-def _getPictureItemById(collectionId, itemId):
-    """Get a picture metadata by its ID and collection ID
-
-    ---
-    tags:
-        - Pictures
-    parameters:
-        - name: collectionId
-          in: path
-          description: ID of collection to retrieve
-          required: true
-          schema:
-            type: string
-        - name: itemId
-          in: path
-          description: ID of item to retrieve
-          required: true
-          schema:
-            type: string
-    """
+def _getPictureItemById(itemId: UUID, account: Optional[Account]):
+    """Get a picture metadata by its ID"""
     with current_app.pool.connection() as conn:
+        perm_filter = SQL("")
+        if account is not None and account.can_see_all():
+            # admins can see all pictures, regardless of their visibility
+            perm_filter = SQL("TRUE")
+        else:
+            perm_filter = SQL(
+                """(p.account_id = %(acc)s OR p.status != 'hidden') -- for retrocompabitilty, we can drop this filter once database have migrated all hidden pictures
+    AND (is_picture_visible_by_user(p, %(acc)s))
+    AND (s.status != 'hidden' OR s.account_id = %(acc)s) -- same, we can drop this later (and replace it with `s.status = 'ready'`)
+    AND is_sequence_visible_by_user(s, %(acc)s)"""
+            )
+
         with conn.cursor(row_factory=dict_row) as cursor:
-            # Check if there is a logged user
-            account = auth.get_current_account()
-            accountId = account.id if account else None
 
             # Get rank + position of wanted picture
             record = cursor.execute(
-                """
+                SQL(
+                    """WITH seq AS (
+                    SELECT seq_id FROM sequences_pictures WHERE pic_id = %(pic)s LIMIT 1
+                )
                 SELECT
-                    p.id, sp.rank, ST_AsGeoJSON(p.geom)::json AS geojson, p.heading, p.ts, p.metadata,
-                    p.inserted_at, p.status, accounts.name AS account_name,
-                    p.account_id AS account_id,
+                    p.id, sp.seq_id, sp.rank, ST_AsGeoJSON(p.geom)::json AS geojson, p.heading, p.ts, p.metadata,
+                    p.inserted_at, p.updated_at, p.status,
+                    accounts.name AS account_name, p.account_id AS account_id,
+                    p.visibility, 
                     spl.prevpic, spl.prevpicgeojson, spl.nextpic, spl.nextpicgeojson, p.exif,
                     relp.related_pics, p.gps_accuracy_m, p.h_pixel_density,
-                   
                     get_picture_semantics(p.id) as semantics,
-                    get_picture_annotations(p.id) as annotations
+                    get_picture_annotations(p.id) as annotations,
+                    COALESCE(seq_sem.semantics, '[]'::json) AS sequence_semantics
                 FROM pictures p
                 JOIN sequences_pictures sp ON sp.pic_id = p.id
                 JOIN accounts ON p.account_id = accounts.id
@@ -622,8 +638,8 @@ def _getPictureItemById(collectionId, itemId):
                     FROM pictures p
                     JOIN sequences_pictures sp ON p.id = sp.pic_id
                     WHERE
-                        sp.seq_id = %(seq)s
-                        AND (p.account_id = %(acc)s OR p.status != 'hidden')
+                        sp.seq_id IN (SELECT seq_id FROM seq)
+                        AND (is_picture_visible_by_user(p, %(acc)s) AND p.preparing_status = 'prepared')
                     WINDOW othpics AS (PARTITION BY sp.seq_id ORDER BY sp.rank)
                 ) spl ON p.id = spl.id
                 LEFT JOIN (
@@ -650,7 +666,7 @@ def _getPictureItemById(collectionId, itemId):
                             AND relp.status != 'waiting-for-delete'
                             AND relp.id != p.id
                             AND relsp.pic_id = relp.id
-                            AND relsp.seq_id != %(seq)s
+                            AND relsp.seq_id NOT IN (SELECT seq_id FROM seq)
                             AND (
                                 p.metadata->>'type' = 'equirectangular'
                                 OR (relp.heading IS NULL OR p.heading IS NULL)
@@ -663,19 +679,28 @@ def _getPictureItemById(collectionId, itemId):
                         ORDER BY relsp.seq_id, p.geom <-> relp.geom
                     ) a
                 ) relp ON TRUE
-                WHERE sp.seq_id = %(seq)s
+                LEFT JOIN (
+                    SELECT sequence_id, json_agg(json_strip_nulls(json_build_object(
+                        'key', key,
+                        'value', value
+                    )) ORDER BY key, value) AS semantics
+                    FROM sequences_semantics
+                    GROUP BY sequence_id
+                ) seq_sem ON seq_sem.sequence_id = s.id
+                WHERE sp.seq_id IN (SELECT seq_id FROM seq)
                     AND p.id = %(pic)s
-                    AND (p.account_id = %(acc)s OR p.status != 'hidden')
-                    AND (s.status != 'hidden' OR s.account_id = %(acc)s)
+                    -- TODO Should we show non prepared items to all ? AND (p.account_id = %(acc)s OR p.preparing_status = 'prepared')
+                    AND {perm_filter}
                     AND s.status != 'deleted'
-                """,
-                {"seq": collectionId, "pic": itemId, "acc": accountId},
+                """
+                ).format(perm_filter=perm_filter),
+                {"pic": itemId, "acc": account.id if account is not None else None},
             ).fetchone()
 
             if record is None:
                 return None
 
-            return dbPictureToStacItem(collectionId, record)
+            return dbPictureToStacItem(record)
 
 
 @bp.route("/collections/<uuid:collectionId>/items/<uuid:itemId>")
@@ -711,12 +736,12 @@ def getCollectionItem(collectionId, itemId):
                     schema:
                         $ref: '#/components/schemas/GeoVisioItem'
     """
+    account = auth.get_current_account()
 
-    stacItem = _getPictureItemById(collectionId, itemId)
+    stacItem = _getPictureItemById(itemId, account)
     if stacItem is None:
         raise errors.InvalidAPIUsage(_("Item doesn't exist"), status_code=404)
 
-    account = auth.get_current_account()
     picStatusToHttpCode = {
         "waiting-for-process": 102,
         "ready": 200,
@@ -726,18 +751,6 @@ def getCollectionItem(collectionId, itemId):
     return stacItem, picStatusToHttpCode[stacItem["properties"]["geovisio:status"]], {"Content-Type": "application/geo+json"}
 
 
-class SearchParams(BaseModel):
-    bbox: Optional[str] = None
-    limit: int = 10
-    datetime: Optional[str] = None
-    place_position: Optional[str] = None
-    place_distance: Optional[str] = None
-    place_fov_tolerance: Optional[int] = None
-    intersects: Optional[str] = None
-    ids: Optional[str] = None
-    collections: Optional[str] = None
-
-
 @bp.route("/search", methods=["GET", "POST"])
 def searchItems():
     """Search through all available items
@@ -759,6 +772,7 @@ def searchItems():
             - $ref: '#/components/parameters/GeoVisio_place_distance'
             - $ref: '#/components/parameters/GeoVisio_place_fov_tolerance'
             - $ref: '#/components/parameters/searchCQL2_filter'
+            - $ref: '#/components/parameters/GeoVisioSearchSortedBy'
     post:
         requestBody:
             required: true
@@ -768,15 +782,21 @@ def searchItems():
                   $ref: '#/components/schemas/GeoVisioItemSearchBody'
     responses:
         200:
-            $ref: '#/components/responses/STAC_search'
+            description: The search results
+            content:
+                application/geo+json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioCollectionItems'
     """
 
     account = auth.get_current_account()
     accountId = account.id if account is not None else None
-    sqlWhere = [SQL("(p.status = 'ready' OR p.account_id = %(account)s)"), SQL("(is_sequence_visible_by_user(s, %(account)s))")]
+    sqlWhere = [
+        SQL("(p.status = 'ready' AND is_picture_visible_by_user(p, %(account)s))"),
+        SQL("(s.status = 'ready' AND is_sequence_visible_by_user(s, %(account)s))"),
+    ]
     sqlParams: Dict[str, Any] = {"account": accountId}
-    sqlSubQueryWhere = [SQL("(p.status = 'ready' OR p.account_id = %(account)s)")]
-    order_by = SQL("")
+    sqlSubQueryWhere = [SQL("(p.status = 'ready' AND is_picture_visible_by_user(p, %(account)s))")]
 
     #
     # Parameters parsing and verification
@@ -801,6 +821,8 @@ def searchItems():
         raise errors.InvalidAPIUsage(_("Parameter limit must be either empty or a number between 1 and 10000"), status_code=400)
     sqlParams["limit"] = limit
 
+    sort_by = parse_item_sortby(args.get("sortby"))
+
     # Bounding box
     bboxarg = parse_bbox(args.getlist("bbox"))
     if bboxarg is not None:
@@ -810,7 +832,16 @@ def searchItems():
         sqlParams["maxx"] = bboxarg[2]
         sqlParams["maxy"] = bboxarg[3]
         # if we search by bbox, we'll give first the items near the center of the bounding box
-        order_by = SQL("ORDER BY p.geom <-> ST_Centroid(ST_MakeEnvelope(%(minx)s, %(miny)s, %(maxx)s, %(maxy)s, 4326))")
+        if not sort_by:
+            sort_by = SortBy(
+                fields=[
+                    ItemSortByField(
+                        field=SortableItemField.distance_to,
+                        direction=SQLDirection.ASC,
+                        obj_to_compare=SQL("ST_Centroid(ST_MakeEnvelope(%(minx)s, %(miny)s, %(maxx)s, %(maxy)s, 4326))"),
+                    ),
+                ]
+            )
 
     # Datetime
     min_dt, max_dt = parse_datetime_interval(args.get("datetime"))
@@ -866,7 +897,16 @@ def searchItems():
         )
 
         # Sort pictures by nearest to POI
-        order_by = SQL("ORDER BY p.geom <-> ST_Point(%(placex)s, %(placey)s, 4326)")
+        if not sort_by:
+            sort_by = SortBy(
+                fields=[
+                    ItemSortByField(
+                        field=SortableItemField.distance_to,
+                        direction=SQLDirection.ASC,
+                        obj_to_compare=SQL("ST_Point(%(placex)s, %(placey)s, 4326)"),
+                    ),
+                ]
+            )
 
     # Intersects
     if args.get("intersects") is not None:
@@ -881,7 +921,16 @@ def searchItems():
             sqlWhere.append(SQL("ST_Intersects(p.geom, ST_GeomFromGeoJSON(%(geom)s))"))
         sqlParams["geom"] = Jsonb(intersects)
         # if we search by bbox, we'll give first the items near the center of the bounding box
-        order_by = SQL("ORDER BY p.geom <-> ST_Centroid(ST_GeomFromGeoJSON(%(geom)s))")
+        if not sort_by:
+            sort_by = SortBy(
+                fields=[
+                    ItemSortByField(
+                        field=SortableItemField.distance_to,
+                        direction=SQLDirection.ASC,
+                        obj_to_compare=SQL("ST_Centroid(ST_GeomFromGeoJSON(%(geom)s))"),
+                    ),
+                ]
+            )
 
     # Ids
     if args.get("ids") is not None:
@@ -910,11 +959,7 @@ def searchItems():
             picture_id = ids[0]
 
             with current_app.pool.connection() as conn, conn.cursor() as cursor:
-                seq = cursor.execute("SELECT seq_id FROM sequences_pictures WHERE pic_id = %s", [picture_id]).fetchone()
-                if not seq:
-                    raise errors.InvalidAPIUsage(_("Picture doesn't exist"), status_code=404)
-
-                item = _getPictureItemById(seq[0], UUID(picture_id))
+                item = _getPictureItemById(UUID(picture_id), account)
                 features = [item] if item else []
                 return (
                     {"type": "FeatureCollection", "features": features, "links": [get_root_link()]},
@@ -926,6 +971,18 @@ def searchItems():
         cql_filter = parse_search_filter(filter_param)
         if cql_filter is not None:
             sqlWhere.append(cql_filter)
+
+    if not sort_by:
+        # by default we sort by last updated (and id in case of equalities)
+        sort_by = SortBy(
+            fields=[
+                ItemSortByField(field=SortableItemField.updated, direction=SQLDirection.DESC),
+                ItemSortByField(field=SortableItemField.id, direction=SQLDirection.ASC),
+            ]
+        )
+
+    order_by = sort_by.to_sql()
+
     #
     # Database query
     #
@@ -934,18 +991,27 @@ def searchItems():
             """
 SELECT * FROM (
     SELECT
-        p.id, p.ts, p.heading, p.metadata, p.inserted_at,
+        p.id, p.ts, p.heading, p.metadata, p.inserted_at, p.updated_at,
         ST_AsGeoJSON(p.geom)::json AS geojson,
         sp.seq_id, sp.rank AS rank,
         accounts.name AS account_name, 
         p.account_id AS account_id,
         p.exif, p.gps_accuracy_m, p.h_pixel_density,
         get_picture_semantics(p.id) as semantics,
-        get_picture_annotations(p.id) as annotations
+        get_picture_annotations(p.id) as annotations,
+        COALESCE(seq_sem.semantics, '[]'::json) AS sequence_semantics
     FROM pictures p
     LEFT JOIN sequences_pictures sp ON p.id = sp.pic_id
     LEFT JOIN sequences s ON s.id = sp.seq_id
     LEFT JOIN accounts ON p.account_id = accounts.id
+    LEFT JOIN (
+        SELECT sequence_id, json_agg(json_strip_nulls(json_build_object(
+            'key', key,
+            'value', value
+        )) ORDER BY key, value) AS semantics
+        FROM sequences_semantics
+        GROUP BY sequence_id
+    ) seq_sem ON seq_sem.sequence_id = s.id
     WHERE {sqlWhere}
     {orderBy}
     LIMIT %(limit)s
@@ -968,13 +1034,14 @@ LEFT JOIN LATERAL (
     ORDER BY sp.rank ASC 
     LIMIT 1
 ) next on true
+
 ;
         """
         ).format(sqlWhere=SQL(" AND ").join(sqlWhere), sqlSubQueryWhere=SQL(" AND ").join(sqlSubQueryWhere), orderBy=order_by)
 
         records = cursor.execute(query, sqlParams)
 
-        items = [dbPictureToStacItem(str(dbPic["seq_id"]), dbPic) for dbPic in records]
+        items = [dbPictureToStacItem(dbPic) for dbPic in records]
 
         return (
             {
@@ -992,7 +1059,9 @@ LEFT JOIN LATERAL (
 @bp.route("/collections/<uuid:collectionId>/items", methods=["POST"])
 @auth.login_required_by_setting("API_FORCE_AUTH_ON_UPLOAD")
 def postCollectionItem(collectionId, account=None):
-    """Add a new picture in a given sequence
+    """Add a new picture in a given sequence.
+
+    Note that this is the legacy API, upload should be done using the [UploadSet](#UploadSet) endpoints if possible.
     ---
     tags:
         - Upload
@@ -1018,6 +1087,42 @@ def postCollectionItem(collectionId, account=None):
                 application/geo+json:
                     schema:
                         $ref: '#/components/schemas/GeoVisioItem'
+        400:
+            description: Error if the request is malformed
+            content:
+                application/json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioError'
+        401:
+            description: Error if you're not logged in
+            content:
+                application/json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioError'
+        403:
+            description: Error if you're not authorized to add picture to this collection
+            content:
+                application/json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioError'
+        404:
+            description: Error if the collection doesn't exist
+            content:
+                application/json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioError'
+        409:
+            description: Error if a picture (named `item` in the API) has already been added in the same index (named `position` in the API) in this collection
+            content:
+                application/json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioError'
+        415:
+            description: Error if the content type is not multipart/form-data
+            content:
+                application/json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioError'
     """
 
     if not request.headers.get("Content-Type", "").startswith("multipart/form-data"):
@@ -1098,7 +1203,7 @@ def postCollectionItem(collectionId, account=None):
                 raise errors.InvalidAPIUsage(_("The collection has been deleted, impossible to add pictures to it"), status_code=404)
 
             # Compute various metadata
-            accountId = accountIdOrDefault(account)
+            accountId = accountOrDefault(account).id
             raw_pic = picture.read()
             filesize = len(raw_pic)
 
@@ -1125,7 +1230,7 @@ def postCollectionItem(collectionId, account=None):
                         conn, collectionId, position, updated_picture, accountId, additionalMetadata, lang=get_locale().language
                     )
                 except utils.pictures.PicturePositionConflict:
-                    raise errors.InvalidAPIUsage(_("Picture at given position already exist"), status_code=409)
+                    raise errors.InvalidAPIUsage(_("There is already a picture with the same index in the sequence"), status_code=409)
                 except utils.pictures.MetadataReadingError as e:
                     raise errors.InvalidAPIUsage(_("Impossible to parse picture metadata"), payload={"details": {"error": e.details}})
                 except utils.pictures.InvalidMetadataValue as e:
@@ -1143,7 +1248,7 @@ def postCollectionItem(collectionId, account=None):
 
     # Return picture metadata
     return (
-        getCollectionItem(collectionId, picId)[0],
+        _getPictureItemById(picId, account=account),
         202,
         {
             "Content-Type": "application/json",
@@ -1159,7 +1264,21 @@ class PatchItemParameter(BaseModel):
     heading: Optional[int] = None
     """Heading of the picture. The new heading will not be persisted in the picture's exif tags for the moment."""
     visible: Optional[bool] = None
-    """Should the picture be publicly visible ?"""
+    """Should the picture be publicly visible ?
+    
+    This parameter is deprecated in favor of the finer grained `visibility` parameter.
+    `visible=true` is equivalent to `visibility=anyone`.
+    `visible=false` is equivalent to `visibility=logged-only`.
+    """
+    visibility: Optional[Visibility] = None
+    """Visibility of the sequence. Can be set to:
+    * `anyone`: the sequence is visible to anyone
+    * `owner-only`: the sequence is visible to the owner and administrator only
+    * `logged-only`: the sequence is visible to logged users only
+
+    This visibility can also be set for each picture individually, using the `visibility` field of the pictures.
+    If not set at the sequence level, it will default to the visibility of the `upload_set` and if not set the default visibility of the `account` and if not set the default visibility of the instance.
+    """
 
     capture_time: Optional[datetime] = None
     """Capture time of the picture. The new capture time will not be persisted in the picture's exif tags for the moment."""
@@ -1227,66 +1346,29 @@ class PatchItemParameter(BaseModel):
             raise errors.InvalidAPIUsage(_("Longitude cannot be overridden alone, latitude also needs to be set"))
         if self.longitude is None and self.latitude is not None:
             raise errors.InvalidAPIUsage(_("Latitude cannot be overridden alone, longitude also needs to be set"))
+        if self.visibility is not None and self.visible is not None:
+            raise errors.InvalidAPIUsage(_("Visibility and visible parameters are mutually exclusive parameters"))
+        # handle retrocompatibility on the visible parameter
+        if self.visible is not None:
+            self.visibility = Visibility.anyone if self.visible is True else Visibility.owner_only
         return self
 
     def has_only_semantics_updates(self):
         return self.model_fields_set == {"semantics"}
 
+    @field_validator("visibility", mode="after")
+    @classmethod
+    def validate_visibility(cls, visibility):
+        if not check_visibility(visibility):
+            raise errors.InvalidAPIUsage(
+                _("The logged-only visibility is not allowed on this instance since anybody can create an account"),
+                status_code=400,
+            )
+        return visibility
 
-@bp.route("/collections/<uuid:collectionId>/items/<uuid:itemId>", methods=["PATCH"])
-@auth.login_required()
-def patchCollectionItem(collectionId, itemId, account):
-    """Edits properties of an existing picture
-
-    Note that tags cannot be added as form-data for the moment, only as JSON.
-
-    Note that there are rules on the editing of a picture's metadata:
-
-    - Only the owner of a picture can change its visibility
-    - For core metadata (heading, capture_time, position, longitude, latitude), the owner can restrict their change by other accounts (see `collaborative_metadata` field in `/api/users/me`) and if not explicitly defined by the user, the instance's default value is used.
-    - Everyone can add/edit/delete semantics tags.
-    ---
-    tags:
-        - Editing
-        - Semantics
-    parameters:
-        - name: collectionId
-          in: path
-          description: ID of sequence the picture belongs to
-          required: true
-          schema:
-            type: string
-        - name: itemId
-          in: path
-          description: ID of picture to edit
-          required: true
-          schema:
-            type: string
-    requestBody:
-        content:
-            application/json:
-                schema:
-                    $ref: '#/components/schemas/GeoVisioPatchItem'
-            application/x-www-form-urlencoded:
-                schema:
-                    $ref: '#/components/schemas/GeoVisioPatchItem'
-            multipart/form-data:
-                schema:
-                    $ref: '#/components/schemas/GeoVisioPatchItem'
-    security:
-        - bearerToken: []
-        - cookieAuth: []
-    responses:
-        200:
-            description: the wanted item
-            content:
-                application/geo+json:
-                    schema:
-                        $ref: '#/components/schemas/GeoVisioItem'
-    """
 
+def update_picture(itemId: UUID, account: Account):
     # Parse received parameters
-
     metadata = None
     content_type = (request.headers.get("Content-Type") or "").split(";")[0]
 
@@ -1300,21 +1382,28 @@ def patchCollectionItem(collectionId, itemId, account):
 
     # If no parameter is set
     if metadata is None or not metadata.has_override():
-        return getCollectionItem(collectionId, itemId)
+        return (_getPictureItemById(itemId, account), 304)
 
     # Check if picture exists and if given account is authorized to edit
     with db.conn(current_app) as conn:
         with conn.transaction(), conn.cursor(row_factory=dict_row) as cursor:
-            pic = cursor.execute("SELECT status, account_id FROM pictures WHERE id = %s", [itemId]).fetchone()
+            pic = cursor.execute(
+                """SELECT p.visibility, p.account_id 
+                FROM pictures p
+                JOIN sequences_pictures sp ON sp.pic_id = p.id
+                JOIN sequences s ON s.id = sp.seq_id
+                WHERE p.id = %(id)s AND is_picture_visible_by_user(p, %(account)s) AND is_sequence_visible_by_user(s, %(account)s)""",
+                {"id": itemId, "account": account.id},
+            ).fetchone()
 
             # Picture not found
             if not pic:
                 raise errors.InvalidAPIUsage(_("Picture %(p)s wasn't found in database", p=itemId), status_code=404)
 
-            if account is not None and account.id != str(pic["account_id"]):
+            if not account.can_edit_item(str(pic["account_id"])):
                 # Account associated to picture doesn't match current user
                 # and we limit the status change to only the owner.
-                if metadata.visible is not None:
+                if metadata.visibility is not None:
                     raise errors.InvalidAPIUsage(
                         _("You're not authorized to edit the visibility of this picture. Only the owner can change this."), status_code=403
                     )
@@ -1330,24 +1419,14 @@ def patchCollectionItem(collectionId, itemId, account):
             sqlParams = {"id": itemId, "account": account.id}
 
             # Let's edit this picture
-            oldStatus = pic["status"]
-            if oldStatus not in ["ready", "hidden"]:
-                # Picture is in a preparing/broken/... state so no edit possible
-                raise errors.InvalidAPIUsage(
-                    _(
-                        "Picture %(p)s is in %(s)s state, its visibility can't be changed for now",
-                        p=itemId,
-                        s=oldStatus,
-                    ),
-                    status_code=400,
-                )
+            oldVisibility = pic["visibility"]
 
-            newStatus = None
-            if metadata.visible is not None:
-                newStatus = "ready" if metadata.visible is True else "hidden"
-                if newStatus != oldStatus:
-                    sqlUpdates.append(SQL("status = %(status)s"))
-                    sqlParams["status"] = newStatus
+            newVisibility = None
+            if metadata.visibility is not None:
+                newVisibility = metadata.visibility.value
+                if newVisibility != oldVisibility:
+                    sqlUpdates.append(SQL("visibility = %(visibility)s"))
+                    sqlParams["visibility"] = newVisibility
 
             if metadata.heading is not None:
                 sqlUpdates.extend([SQL("heading = %(heading)s"), SQL("heading_computed = false")])
@@ -1381,12 +1460,66 @@ WHERE id = %(id)s"""
                 )
 
     # Redirect response to a classic GET
-    return getCollectionItem(collectionId, itemId)
+    return (_getPictureItemById(itemId, account), 200)
+
+
+@bp.route("/collections/<uuid:collectionId>/items/<uuid:itemId>", methods=["PATCH"])
+@auth.login_required()
+def patchCollectionItem(collectionId, itemId, account):
+    """Edits properties of an existing picture
+
+    Note that tags cannot be added as form-data for the moment, only as JSON.
+
+    Note that there are rules on the editing of a picture's metadata:
+
+    - Only the owner of a picture can change its visibility
+    - For core metadata (heading, capture_time, position, longitude, latitude), the owner can restrict their change by other accounts (see `collaborative_metadata` field in `/api/users/me`) and if not explicitly defined by the user, the instance's default value is used.
+    - Everyone can add/edit/delete semantics tags.
+    ---
+    tags:
+        - Editing
+        - Semantics
+    parameters:
+        - name: collectionId
+          in: path
+          description: ID of sequence the picture belongs to
+          required: true
+          schema:
+            type: string
+        - name: itemId
+          in: path
+          description: ID of picture to edit
+          required: true
+          schema:
+            type: string
+    requestBody:
+        content:
+            application/json:
+                schema:
+                    $ref: '#/components/schemas/GeoVisioPatchItem'
+            application/x-www-form-urlencoded:
+                schema:
+                    $ref: '#/components/schemas/GeoVisioPatchItem'
+            multipart/form-data:
+                schema:
+                    $ref: '#/components/schemas/GeoVisioPatchItem'
+    security:
+        - bearerToken: []
+        - cookieAuth: []
+    responses:
+        200:
+            description: the wanted item
+            content:
+                application/geo+json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioItem'
+    """
+    return update_picture(itemId, account=account)
 
 
 @bp.route("/collections/<uuid:collectionId>/items/<uuid:itemId>", methods=["DELETE"])
 @auth.login_required()
-def deleteCollectionItem(collectionId, itemId, account):
+def deleteCollectionItem(collectionId: UUID, itemId: UUID, account: Account):
     """Delete an existing picture
     ---
     tags:
@@ -1422,7 +1555,7 @@ def deleteCollectionItem(collectionId, itemId, account):
                 raise errors.InvalidAPIUsage(_("Picture %(p)s wasn't found in database", p=itemId), status_code=404)
 
             # Account associated to picture doesn't match current user
-            if account is not None and account.id != str(pic[1]):
+            if not account.can_edit_item(str(pic[1])):
                 raise errors.InvalidAPIUsage(_("You're not authorized to edit this picture"), status_code=403)
 
             cursor.execute("DELETE FROM pictures WHERE id = %s", [itemId])
@@ -1433,29 +1566,29 @@ def deleteCollectionItem(collectionId, itemId, account):
     return "", 204
 
 
-def _getHDJpgPictureURL(picId: str, status: Optional[str]):
+def _getHDJpgPictureURL(picId: str, visibility: Optional[str]):
     external_url = utils.pictures.getPublicHDPictureExternalUrl(picId, format="jpg")
-    if external_url and status == "ready":  # we always serve non ready pictures through the API to be able to check permission:
+    if external_url and visibility == "anyone":  # we always serve non public pictures through the API to be able to check permission:
         return external_url
     return url_for("pictures.getPictureHD", _external=True, pictureId=picId, format="jpg")
 
 
-def _getSDJpgPictureURL(picId: str, status: Optional[str]):
+def _getSDJpgPictureURL(picId: str, visibility: Optional[str]):
     external_url = utils.pictures.getPublicDerivatePictureExternalUrl(picId, format="jpg", derivateFileName="sd.jpg")
-    if external_url and status == "ready":  # we always serve non ready pictures through the API to be able to check permission:
+    if external_url and visibility == "anyone":  # we always serve non public pictures through the API to be able to check permission:
         return external_url
     return url_for("pictures.getPictureSD", _external=True, pictureId=picId, format="jpg")
 
 
-def _getThumbJpgPictureURL(picId: str, status: Optional[str]):
+def _getThumbJpgPictureURL(picId: str, visibility: Optional[str]):
     external_url = utils.pictures.getPublicDerivatePictureExternalUrl(picId, format="jpg", derivateFileName="thumb.jpg")
-    if external_url and status == "ready":  # we always serve non ready pictures through the API to be able to check permission
+    if external_url and visibility == "anyone":  # we always serve non public pictures through the API to be able to check permission
         return external_url
     return url_for("pictures.getPictureThumb", _external=True, pictureId=picId, format="jpg")
 
 
-def _getTilesJpgPictureURL(picId: str, status: Optional[str]):
+def _getTilesJpgPictureURL(picId: str, visibility: Optional[str]):
     external_url = utils.pictures.getPublicDerivatePictureExternalUrl(picId, format="jpg", derivateFileName="tiles/{TileCol}_{TileRow}.jpg")
-    if external_url and status == "ready":  # we always serve non ready pictures through the API to be able to check permission:
+    if external_url and visibility == "anyone":  # we always serve non public pictures through the API to be able to check permission:
         return external_url
     return unquote(url_for("pictures.getPictureTile", _external=True, pictureId=picId, format="jpg", col="{TileCol}", row="{TileRow}"))