geovisio 2.9.0__py3-none-any.whl → 2.11.0__py3-none-any.whl

geovisio/web/map.py

@@ -4,7 +4,8 @@
 import io
 from typing import Optional, Dict, Any, Tuple, List, Union
 from uuid import UUID
-from flask import Blueprint, current_app, send_file, request, jsonify, url_for
+from functools import lru_cache
+from flask import Blueprint, current_app, send_file, request, jsonify, url_for, g
 from flask_babel import gettext as _, get_locale
 from geovisio.utils import auth, db
 from geovisio.utils.auth import Account
@@ -13,6 +14,7 @@ from geovisio.web.utils import user_dependant_response
 from geovisio.web.configuration import _get_translated
 from geovisio import errors
 from psycopg import sql
+import psycopg
 
 bp = Blueprint("map", __name__, url_prefix="/api")
 
@@ -139,6 +141,14 @@ def get_style_json(forUser: Optional[Union[UUID, str]] = None):
             "coef_360_pictures",
             "coef_flat_pictures",
         ]
+        if _has_non_public_fields():
+            style["metadata"]["panoramax:fields"]["grid"].extend(
+                [
+                    "logged_coef",
+                    "logged_coef_360_pictures",
+                    "logged_coef_flat_pictures",
+                ]
+            )
 
     return jsonify(style)
 
@@ -211,7 +221,6 @@ def getStyle():
 
 
 @bp.route("/map/<int:z>/<int:x>/<int:y>.<format>")
-@user_dependant_response(False)
 def getTile(z: int, x: int, y: int, format: str):
     """Get pictures and sequences as vector tiles
 
@@ -227,6 +236,9 @@ def getTile(z: int, x: int, y: int, format: str):
         - coef (value from 0 to 1, relative quantity of available pictures)
         - coef_360_pictures (value from 0 to 1, relative quantity of available 360° pictures)
         - coef_flat_pictures (value from 0 to 1, relative quantity of available flat pictures)
+        - logged_coef (value from 0 to 1, relative quantity of available pictures for logged users)
+        - logged_coef_360_pictures (value from 0 to 1, relative quantity of available 360° pictures for logged users)
+        - logged_coef_flat_pictures (value from 0 to 1, relative quantity of available flat pictures for logged users)
 
     Layer "sequences":
       - Available on zoom levels >= 7 (and simplified version on zoom >= 6 and < 7)
@@ -296,6 +308,26 @@ def getTile(z: int, x: int, y: int, format: str):
     return _getTile(z, x, y, format, onlyForUser=None)
 
 
+def _has_non_public_fields():
+    """Check if the database has the `nb_non_public_pictures` field."""
+    if current_app.config["API_REGISTRATION_IS_OPEN"] is True:
+        return False
+
+    @lru_cache(maxsize=100)
+    def check_db():
+        """This function can be dropped in the next version (and only use the `API_REGISTRATION_IS_OPEN` config).
+        We do it because the pictures_grid materialized view is expensive to compute and we want the API to work during the schema migration.
+        We also cache it to not slow down every query, and eventually (after the limit is reached or the API is restarted), the API will start returning the non-public fields.
+        """
+        try:
+            db.fetchone(current_app, "SELECT nb_non_public_pictures FROM pictures_grid LIMIT 1")
+        except psycopg.errors.UndefinedColumn:
+            return False
+        return True
+
+    return check_db()
+
+
 def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_filter: Optional[sql.SQL]) -> Tuple[sql.Composed, Dict]:
     """Returns appropriate SQL query according to given zoom"""
 
@@ -320,10 +352,10 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
     if additional_filter:
         sequences_filter.append(additional_filter)
         filter_str = additional_filter.as_string(None)
-        if "status" in filter_str:
+        if "visibility" in filter_str:
             # hack to have a coherent filter between the APIs
-            # if asked for status='hidden', we want both hidden pics and hidden sequences
-            pic_additional_filter_str = filter_str.replace("s.status", "p.status")
+            # if asked for visibility <> 'anyone' (status='hidden' in API), we want both hidden pics and hidden sequences
+            pic_additional_filter_str = filter_str.replace("s.visibility", "p.visibility")
             pic_additional_filter = sql.SQL(pic_additional_filter_str)  # type: ignore
             pictures_filter.append(sql.SQL("(") + sql.SQL(" OR ").join([pic_additional_filter, additional_filter]) + sql.SQL(")"))
 
@@ -334,56 +366,65 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
         params["account"] = onlyForUser
 
     # Not logged-in requests -> only show "ready" pics/sequences
-    account = auth.get_current_account()
-    accountId = account.id if account is not None else None
-    if not onlyForUser or accountId != str(onlyForUser):
-        sequences_filter.append(sql.SQL("s.status = 'ready'"))
-        pictures_filter.append(sql.SQL("p.status = 'ready'"))
-        pictures_filter.append(sql.SQL("s.status = 'ready'"))
-
+    if current_app.config["API_REGISTRATION_IS_OPEN"] is False or onlyForUser:
+        # for instances that supports logged-only data, we cannot add the tiles in a public cache (since non authenticated users could access this cache)
+        g.user_dependant_response = True
+        params["account_to_query"] = auth.get_current_account_id()
+        sequences_filter.append(sql.SQL("is_sequence_visible_by_user(s, %(account_to_query)s)"))
+        pictures_filter.append(sql.SQL("is_picture_visible_by_user(p, %(account_to_query)s)"))
+        pictures_filter.append(sql.SQL("is_sequence_visible_by_user(s, %(account_to_query)s)"))
+    else:
+        # for public instances, we can add the tiles in a public cache, and we only show the 'anyone' visibility
+        g.user_dependant_response = False
+        sequences_filter.append(sql.SQL("s.visibility = 'anyone'"))
+        pictures_filter.append(sql.SQL("s.visibility = 'anyone'"))
+        pictures_filter.append(sql.SQL("p.visibility = 'anyone'"))
+
+    sequences_filter.append(sql.SQL("s.status = 'ready'"))
+    pictures_filter.append(sql.SQL("p.preparing_status = 'prepared'"))
+    pictures_filter.append(sql.SQL("s.status = 'ready'"))
     #############################################################
     # SQL Result columns/fields
     #
 
+    grid_coef_field = """((CASE WHEN {count_field} = 0 
+        THEN 0 
+    WHEN {count_field} <= (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY {count_field}) FILTER (WHERE {count_field} > 0) FROM pictures_grid)
+    THEN 
+        {count_field}::float / (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY {count_field}) FILTER (WHERE {count_field} > 0) FROM pictures_grid) * 0.5
+    ELSE 
+        0.5 + {count_field}::float / (SELECT MAX({count_field}) FROM pictures_grid) * 0.5
+END) * 10)::int / 10::float AS {coef_field}"""
+
     grid_fields = [
         sql.SQL("ST_AsMVTGeom(ST_Transform(ST_Centroid(geom), 3857), ST_TileEnvelope(%(z)s, %(x)s, %(y)s)) AS geom"),
         sql.SQL("id"),
         sql.SQL("nb_pictures"),
         sql.SQL("nb_360_pictures"),
         sql.SQL("nb_pictures - nb_360_pictures AS nb_flat_pictures"),
-        sql.SQL(
-            """((CASE WHEN nb_pictures = 0 
-                    THEN 0 
-                WHEN nb_pictures <= (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY nb_pictures) FILTER (WHERE nb_pictures > 0) FROM pictures_grid)
-                THEN 
-                    nb_pictures::float / (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY nb_pictures) FILTER (WHERE nb_pictures > 0) FROM pictures_grid) * 0.5
-                ELSE 
-                    0.5 + nb_pictures::float / (SELECT MAX(nb_pictures) FROM pictures_grid) * 0.5
-            END) * 10)::int / 10::float AS coef"""
-        ),
-        sql.SQL(
-            """((CASE WHEN nb_360_pictures = 0 
-                    THEN 0
-                WHEN (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY nb_360_pictures) FILTER (WHERE nb_360_pictures > 0) FROM pictures_grid) = 0 
-                    THEN 0
-                WHEN nb_360_pictures <= (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY nb_360_pictures) FILTER (WHERE nb_360_pictures > 0) FROM pictures_grid)
-                    THEN nb_360_pictures::float / (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY nb_360_pictures) FILTER (WHERE nb_360_pictures > 0) FROM pictures_grid) * 0.5
-                ELSE 
-                    0.5 + nb_360_pictures::float / (SELECT MAX(nb_360_pictures) FROM pictures_grid) * 0.5
-            END) * 10)::int / 10::float AS coef_360_pictures"""
-        ),
-        sql.SQL(
-            """((CASE WHEN (nb_pictures - nb_360_pictures) = 0 
-                    THEN 0 
-                WHEN (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY (nb_pictures - nb_360_pictures)) FILTER (WHERE (nb_pictures - nb_360_pictures) > 0) FROM pictures_grid) = 0 
-                    THEN 0
-                WHEN (nb_pictures - nb_360_pictures) <= (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY (nb_pictures - nb_360_pictures)) FILTER (WHERE (nb_pictures - nb_360_pictures) > 0) FROM pictures_grid)
-                    THEN (nb_pictures - nb_360_pictures)::float / (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY (nb_pictures - nb_360_pictures)) FILTER (WHERE (nb_pictures - nb_360_pictures) > 0) FROM pictures_grid) * 0.5
-                ELSE 
-                    0.5 + (nb_pictures - nb_360_pictures)::float / (SELECT MAX((nb_pictures - nb_360_pictures)) FROM pictures_grid) * 0.5
-            END) * 10)::int / 10::float AS coef_flat_pictures"""
-        ),
+        sql.SQL(grid_coef_field.format(count_field="nb_pictures", coef_field="coef")),
+        sql.SQL(grid_coef_field.format(count_field="nb_360_pictures", coef_field="coef_360_pictures")),
+        sql.SQL(grid_coef_field.format(count_field="(nb_pictures - nb_360_pictures)", coef_field="coef_flat_pictures")),
     ]
+    if _has_non_public_fields():
+        # we also add non-public pictures
+        grid_fields.extend(
+            [
+                sql.SQL(grid_coef_field.format(count_field="(nb_non_public_pictures + nb_pictures)", coef_field="logged_coef")),
+                sql.SQL(
+                    grid_coef_field.format(
+                        count_field="(nb_non_public_360_pictures + nb_360_pictures)", coef_field="logged_coef_360_pictures"
+                    )
+                ),
+                sql.SQL(
+                    grid_coef_field.format(
+                        count_field="((nb_non_public_360_pictures + nb_360_pictures) - (nb_non_public_360_pictures + nb_360_pictures))",
+                        coef_field="logged_coef_flat_pictures",
+                    )
+                ),
+            ]
+        )
+
     sequences_fields = [
         sql.SQL("ST_AsMVTGeom(ST_Transform(geom, 3857), ST_TileEnvelope(%(z)s, %(x)s, %(y)s)) AS geom"),
         sql.SQL("id"),
@@ -396,7 +437,7 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
         sequences_fields.extend(
             [
                 sql.SQL("account_id"),
-                sql.SQL("NULLIF(status != 'ready', FALSE) AS hidden"),
+                sql.SQL("NULLIF(visibility != 'anyone', FALSE) AS hidden"),
                 sql.SQL("computed_model AS model"),
                 sql.SQL("computed_type AS type"),
                 sql.SQL("computed_capture_date AS date"),
@@ -412,8 +453,7 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
     # Full pictures + sequences (z15+)
     if z >= ZOOM_PICTURES:
         query = sql.SQL(
-            """
-            SELECT mvtsequences.mvt || mvtpictures.mvt
+            """SELECT mvtsequences.mvt || mvtpictures.mvt
             FROM (
                 SELECT ST_AsMVT(mvtgeomseqs.*, 'sequences') AS mvt
                 FROM (
@@ -430,7 +470,7 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
                 SELECT
                     ST_AsMVTGeom(ST_Transform(p.geom, 3857), ST_TileEnvelope(%(z)s, %(x)s, %(y)s)) AS geom,
                     p.id, p.ts, p.heading, p.account_id,
-                    NULLIF(p.status != 'ready' OR s.status != 'ready', FALSE) AS hidden,
+                    NULLIF(p.visibility = 'owner-only' OR s.visibility = 'owner-only', FALSE) AS hidden,
                     p.metadata->>'type' AS type,
                     TRIM(CONCAT(p.metadata->>'make', ' ', p.metadata->>'model')) AS model,
                     gps_accuracy_m AS gps_accuracy,
@@ -455,8 +495,7 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
     # Full sequences (z7-14.9 and z0-14.9 for specific users)
     elif z >= ZOOM_GRID_SEQUENCES + 1 or onlyForUser:
         query = sql.SQL(
-            """
-            SELECT ST_AsMVT(mvtsequences.*, 'sequences') AS mvt
+            """SELECT ST_AsMVT(mvtsequences.*, 'sequences') AS mvt
             FROM (
                 SELECT
                     {sequences_fields}
@@ -470,8 +509,7 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
     # Sequences + grid (z6-6.9)
     elif z >= ZOOM_GRID_SEQUENCES:
         query = sql.SQL(
-            """
-            SELECT mvtsequences.mvt || mvtgrid.mvt
+            """SELECT mvtsequences.mvt || mvtgrid.mvt
             FROM (
                 SELECT ST_AsMVT(mvtgeomseqs.*, 'sequences') AS mvt
                 FROM (
@@ -502,8 +540,7 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
     # Grid overview (all users + z0-5.9)
     else:
         query = sql.SQL(
-            """
-            SELECT ST_AsMVT(mvtgrid.*, 'grid') AS mvt
+            """SELECT ST_AsMVT(mvtgrid.*, 'grid') AS mvt
             FROM (
                 SELECT
                     {grid_fields}
@@ -634,6 +671,7 @@ def getUserTile(userId: UUID, z: int, x: int, y: int, format: str):
 
 @bp.route("/users/me/map/style.json")
 @auth.login_required_with_redirect()
+@user_dependant_response(False)
 def getMyStyle(account: Account):
     """Get vector tiles style.
 

geovisio/web/pages.py

@@ -180,11 +180,9 @@ def postPage(page, lang, account):
     with db.execute(
         current_app,
         SQL(
-            """
-INSERT INTO pages (name, lang, content)
+            """INSERT INTO pages (name, lang, content)
 VALUES (%(name)s, %(lang)s, %(content)s)
-ON CONFLICT (name, lang) DO UPDATE SET content=EXCLUDED.content
-        """
+ON CONFLICT (name, lang) DO UPDATE SET content=EXCLUDED.content"""
         ),
         {"name": name.value, "lang": lang, "content": request.get_data(as_text=True)},
     ) as res:
@@ -238,3 +236,49 @@ def deletePage(page, lang, account):
             raise InvalidAPIUsage(_("Could not delete page content"), 500)
 
     return "", 200
+
+
+@bp.route("/pages/<page>/publish-change", methods=["POST", "PUT"])
+@auth.login_required()
+def postPageUpdate(page, account):
+    """Act that there is a new version of a page on major changes.
+    For pages that needs acceptance, the users can thus be notified of the changes.
+    ---
+    tags:
+        - Configuration
+    parameters:
+        - name: page
+          in: path
+          description: Page name
+          required: true
+          schema:
+            $ref: '#/components/schemas/GeoVisioPageName'
+    security:
+        - bearerToken: []
+        - cookieAuth: []
+    requestBody:
+        content:
+            application/json: {}
+    responses:
+        200:
+            description: Successfully saved
+    """
+
+    name = check_page_name(page)
+
+    if not account.can_edit_pages():
+        raise InvalidAPIUsage(_("You must be logged-in as admin to edit pages"), 403)
+
+    with db.execute(
+        current_app,
+        SQL(
+            """UPDATE pages
+SET updated_at = NOW()
+WHERE name = %(name)s"""
+        ),
+        {"name": name.value},
+    ) as res:
+        if not res.rowcount:
+            raise InvalidAPIUsage(_("Could not publish page changes"), 500)
+
+    return "", 200

geovisio/web/params.py

@@ -1,20 +1,21 @@
 from uuid import UUID
-
-from geovisio import errors
 import dateutil.parser
 from dateutil import tz
 from dateutil.parser import parse as dateparser
 import datetime
+from enum import Enum
 import re
 from werkzeug.datastructures import MultiDict
 from typing import Optional, Tuple, Any, List
 from pygeofilter import ast
 from pygeofilter.backends.evaluator import Evaluator, handle
 from psycopg import sql
+from flask_babel import gettext as _
+from flask import current_app
+from geovisio import errors
 from geovisio.utils.sequences import STAC_FIELD_MAPPINGS, STAC_FIELD_TO_SQL_FILTER
 from geovisio.utils.fields import SortBy, SQLDirection, SortByField
-from flask_babel import gettext as _
-
+from geovisio.utils import items as utils_items
 from geovisio.utils.cql2 import parse_cql2_filter
 
 
@@ -43,11 +44,11 @@ def parse_datetime(value, error, fallback_as_UTC=False):
 
     """
     # Hack to parse a date
-    # dateutils know how to parse lots of date, but fail to correctly parse date formated by `datetime.isoformat()`
+    # dateutils know how to parse lots of date, but fail to correctly parse date formatted by `datetime.isoformat()`
     # (like all the dates returned by the API).
     # datetime.isoformat is like: `2023-06-17T21:22:18.406856+02:00`
-    # dateutils silently fails the parse, and create an incorect date
-    # so we first try to parse it like an isoformated date, and if this fails we try the flexible dateutils
+    # dateutils silently fails the parse, and create an incorrect date
+    # so we first try to parse it like an isoformatted date, and if this fails we try the flexible dateutils
     d = None
     try:
         d = datetime.datetime.fromisoformat(value)
@@ -328,16 +329,20 @@ def parse_list(value: Optional[Any], tryFallbacks: bool = True, paramName: Optio
 def parse_collection_filter(value: Optional[str]) -> Optional[sql.SQL]:
     """Reads STAC filter parameter and sends SQL condition back.
 
+    Note: if more search filters are added, don't forget to add them to the qeryables endpoint (in queryables.py)
+
     >>> parse_collection_filter('')
 
     >>> parse_collection_filter("updated >= '2023-12-31'")
     SQL("(s.updated_at >= '2023-12-31')")
     >>> parse_collection_filter("updated >= '2023-12-31' AND created < '2023-10-31'")
     SQL("((s.updated_at >= '2023-12-31') AND (s.inserted_at < '2023-10-31'))")
-    >>> parse_collection_filter("status IN ('deleted','ready')") # when we ask for deleted, we should also have hidden collections
-    SQL("s.status IN ('deleted', 'ready', 'hidden')")
-    >>> parse_collection_filter("status = 'deleted' OR status = 'ready'")
-    SQL("(((s.status = 'deleted') OR (s.status = 'hidden')) OR (s.status = 'ready'))")
+    >>> parse_collection_filter("status IN ('deleted','ready')") # doctest: +IGNORE_EXCEPTION_DETAIL
+    Traceback (most recent call last):
+    geovisio.errors.InvalidAPIUsage: The status filter is not supported anymore, use the `show_deleted` parameter instead if you need to query deleted collections
+    >>> parse_collection_filter("status = 'deleted' OR status = 'ready'") # doctest: +IGNORE_EXCEPTION_DETAIL
+    Traceback (most recent call last):
+    geovisio.errors.InvalidAPIUsage: The status filter is not supported anymore, use the `show_deleted` parameter instead if you need to query deleted collections
     >>> parse_collection_filter('invalid = 10') # doctest: +IGNORE_EXCEPTION_DETAIL
     Traceback (most recent call last):
     geovisio.errors.InvalidAPIUsage: Unsupported filter parameter
@@ -345,6 +350,18 @@ def parse_collection_filter(value: Optional[str]) -> Optional[sql.SQL]:
     Traceback (most recent call last):
     geovisio.errors.InvalidAPIUsage: Unsupported filter parameter
     """
+    if value and "status" in value:
+        if "'hidden'" in value:
+            raise errors.InvalidAPIUsage(
+                _("The status filter is not supported anymore, use the `visibility` filter instead"),
+                status_code=400,
+            )
+        raise errors.InvalidAPIUsage(
+            _(
+                "The status filter is not supported anymore, use the `show_deleted` parameter instead if you need to query deleted collections"
+            ),
+            status_code=400,
+        )
     return parse_cql2_filter(value, STAC_FIELD_TO_SQL_FILTER, ast_updater=_alterFilterAst)
 
 
@@ -372,12 +389,16 @@ class _FilterAstUpdated(Evaluator):
     The rational here is that for non-owned pictures/sequences, when a pictures/sequence is 'hidden' it should be advertised as 'deleted'.
 
     This is especially important for crawler like the meta-catalog, since they should also delete the sequence/picture when it is hidden
+
+    We also need to maintain retrocompatibility, since the `hidden` status has been replaced by a `visibility` field.
     """
 
     @handle(ast.Equal)
     def eq(self, node, lhs, rhs):
         if lhs == ast.Attribute("status") and rhs == "deleted":
-            return ast.Or(node, ast.Equal(ast.Attribute("status"), "hidden"))  # type: ignore
+            return ast.Or(node, ast.NotEqual(ast.Attribute("visibility"), "anyone"))  # type: ignore
+        if lhs == ast.Attribute("status") and rhs == "hidden":
+            return ast.NotEqual(ast.Attribute("visibility"), "anyone")  # type: ignore
         return node
 
     @handle(ast.Or)
@@ -386,8 +407,10 @@ class _FilterAstUpdated(Evaluator):
 
     @handle(ast.In)
     def in_(self, node, lhs, *options):
-        if "deleted" in node.sub_nodes:
-            node.sub_nodes.append("hidden")
+        if "deleted" in node.sub_nodes or "hidden" in node.sub_nodes:
+            if "hidden" in node.sub_nodes:
+                node.sub_nodes.remove("hidden")
+            return ast.Or(node, ast.NotEqual(ast.Attribute("visibility"), "anyone"))
         return node
 
     def adopt(self, node, *sub_args):
@@ -400,7 +423,31 @@ def _alterFilterAst(ast: ast.Node):
     return filtered
 
 
-def parse_sortby(value: Optional[str]) -> Optional[SortBy]:
+def _parse_sorty_by(value: Optional[str], field_mapping_func, SortByCls):
+    if not value:
+        return None
+    # Check value pattern
+    if not RGX_SORTBY.match(value):
+        raise errors.InvalidAPIUsage(_("Unsupported sortby parameter: syntax isn't correct"), status_code=400)
+    values = value.split(",")
+    orders = []
+    for v in values:
+        direction = SQLDirection.DESC if v.startswith("-") else SQLDirection.ASC
+        raw_field = v.lstrip("+-")
+        f = field_mapping_func(raw_field, direction)
+
+        orders.append(f)
+
+    return SortByCls(fields=orders)
+
+
+def parse_boolean(value: Optional[str]) -> Optional[bool]:
+    if value is None:
+        return None
+    return value.lower() == "true"
+
+
+def parse_collection_sortby(value: Optional[str]) -> Optional[SortBy]:
     """Reads STAC/OGC sortby parameter, and sends a SQL ORDER BY string.
 
     Parameters
@@ -416,46 +463,40 @@ def parse_sortby(value: Optional[str]) -> Optional[SortBy]:
 
     None if no sort by is found
 
-    >>> parse_sortby(None)
-    >>> parse_sortby("")
-    >>> parse_sortby('updated')
+    >>> parse_collection_sortby(None)
+    >>> parse_collection_sortby("")
+    >>> parse_collection_sortby('updated')
     SortBy(fields=[SortByField(field=FieldMapping(sql_column=SQL('updated_at'), stac='updated'), direction=<SQLDirection.ASC: SQL('ASC')>)])
-    >>> parse_sortby('+created')
+    >>> parse_collection_sortby('+created')
     SortBy(fields=[SortByField(field=FieldMapping(sql_column=SQL('inserted_at'), stac='created'), direction=<SQLDirection.ASC: SQL('ASC')>)])
-    >>> parse_sortby('-created')
+    >>> parse_collection_sortby('-created')
     SortBy(fields=[SortByField(field=FieldMapping(sql_column=SQL('inserted_at'), stac='created'), direction=<SQLDirection.DESC: SQL('DESC')>)])
-    >>> parse_sortby('+updated,-created')
+    >>> parse_collection_sortby('+updated,-created')
     SortBy(fields=[SortByField(field=FieldMapping(sql_column=SQL('updated_at'), stac='updated'), direction=<SQLDirection.ASC: SQL('ASC')>), SortByField(field=FieldMapping(sql_column=SQL('inserted_at'), stac='created'), direction=<SQLDirection.DESC: SQL('DESC')>)])
-    >>> parse_sortby('invalid') # doctest: +IGNORE_EXCEPTION_DETAIL
+    >>> parse_collection_sortby('invalid') # doctest: +IGNORE_EXCEPTION_DETAIL
     Traceback (most recent call last):
     geovisio.errors.InvalidAPIUsage: Unsupported sortby parameter
-    >>> parse_sortby('~nb') # doctest: +IGNORE_EXCEPTION_DETAIL
+    >>> parse_collection_sortby('~nb') # doctest: +IGNORE_EXCEPTION_DETAIL
     Traceback (most recent call last):
     geovisio.errors.InvalidAPIUsage: Unsupported sortby parameter
     """
 
-    if value is not None and len(value) > 0:
-        # Check value pattern
-        if RGX_SORTBY.match(value):
-            values = value.split(",")
-            orders = []
-            for v in values:
-                direction = SQLDirection.DESC if v.startswith("-") else SQLDirection.ASC
-                vOnly = v.replace("+", "").replace("-", "")
+    def mapping(raw_field: str, direction: SQLDirection):
+        if raw_field not in STAC_FIELD_MAPPINGS:
+            raise errors.InvalidAPIUsage(_("Unsupported sortby parameter: invalid column name"), status_code=400)
+        return SortByField(field=STAC_FIELD_MAPPINGS[raw_field], direction=direction)
 
-                # Check if in value mapping
-                if vOnly not in STAC_FIELD_MAPPINGS:
-                    raise errors.InvalidAPIUsage(_("Unsupported sortby parameter: invalid column name"), status_code=400)
-                field_mapping = STAC_FIELD_MAPPINGS[vOnly]
+    return _parse_sorty_by(value, mapping, SortByCls=SortBy)
 
-                orders.append(SortByField(field=field_mapping, direction=direction))
 
-            # Create definitive ORDER string
-            return SortBy(fields=orders)
-        else:
-            raise errors.InvalidAPIUsage(_("Unsupported sortby parameter: syntax isn't correct"), status_code=400)
-    else:
-        return None
+def parse_item_sortby(value: Optional[str]) -> Optional[utils_items.SortBy]:
+    def mapping(raw_field: str, direction: SQLDirection):
+        if raw_field == "distance_to" or raw_field not in utils_items.SortableItemField.__dict__:
+            # distance to is for the moment only an implicit sort when search a point or in a bbox
+            raise errors.InvalidAPIUsage(_("Unsupported sortby parameter: invalid field"), status_code=400)
+        return utils_items.ItemSortByField(field=utils_items.SortableItemField[raw_field], direction=direction)
+
+    return _parse_sorty_by(value, mapping, SortByCls=utils_items.SortBy)
 
 
 def parse_collections_limit(limit: Optional[str]) -> int:
@@ -513,3 +554,20 @@ def as_uuid(value: str, error: str) -> UUID:
         return UUID(value)
     except ValueError:
         raise errors.InvalidAPIUsage(error)
+
+
+class Visibility(Enum):
+    """Represent the visibility of picture"""
+
+    anyone = "anyone"
+    logged_only = "logged-only"
+    owner_only = "owner-only"
+
+
+def check_visibility(visibility: Visibility | str):
+    """Check if the visibility is valid."""
+
+    if visibility == Visibility.logged_only or visibility == "logged-only":
+        if current_app.config["API_REGISTRATION_IS_OPEN"] is True:
+            return False
+    return True

geovisio/web/pictures.py

@@ -44,7 +44,7 @@ def getPictureHD(pictureId, format):
     metadata = utils.pictures.checkPictureStatus(fses, pictureId)
 
     external_url = utils.pictures.getPublicHDPictureExternalUrl(pictureId, format)
-    if external_url and metadata["status"] == "ready":
+    if external_url and metadata["status"] == "ready" and metadata["visibility"] == "anyone":
         return redirect(external_url)
 
     try:
@@ -89,7 +89,7 @@ def getPictureSD(pictureId, format):
     metadata = utils.pictures.checkPictureStatus(fses, pictureId)
 
     external_url = utils.pictures.getPublicDerivatePictureExternalUrl(pictureId, format, "sd.jpg")
-    if external_url and metadata["status"] == "ready":
+    if external_url and metadata["status"] == "ready" and metadata["visibility"] == "anyone":
         return redirect(external_url)
 
     try:
@@ -178,7 +178,7 @@ def getPictureTile(pictureId, col, row, format):
 
     metadata = utils.pictures.checkPictureStatus(fses, pictureId)
     external_url = utils.pictures.getPublicDerivatePictureExternalUrl(pictureId, format, f"tiles/{col}_{row}.jpg")
-    if external_url and metadata["status"] == "ready":
+    if external_url and metadata["status"] == "ready" and metadata["visibility"] == "anyone":
         return redirect(external_url)
 
     picPath = f"{utils.pictures.getPictureFolderPath(pictureId)}/tiles/{col}_{row}.jpg"
@@ -208,3 +208,37 @@ def getPictureTile(pictureId, col, row, format):
         raise errors.InvalidAPIUsage(_("Unable to read picture on filesystem"), status_code=500)
 
     return utils.pictures.sendInFormat(picture, "jpeg", format)
+
+
+@bp.route("/<uuid:pictureId>")
+def getPictureById(pictureId):
+    """Get picture's STAC definition.
+
+    It's the non-stac alias to the `/api/collections/<collectionId>/items/<itemId>` endpoint (but you don't need to know the collection ID here).
+    ---
+    tags:
+        - Pictures
+    parameters:
+        - name: pictureId
+          in: path
+          description: ID of the picture (called item in STAC) to retrieve
+          required: true
+          schema:
+            type: string
+    responses:
+        102:
+            description: the picture (which is still under process)
+            content:
+                application/geo+json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioItem'
+        200:
+            description: the wanted picture
+            content:
+                application/geo+json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioItem'
+    """
+    from geovisio.web.items import getCollectionItem
+
+    return getCollectionItem(collectionId=None, itemId=pictureId)

geovisio/web/prepare.py

@@ -71,10 +71,12 @@ def prepareItem(collectionId, itemId, account=None):
                     """SELECT 1 
 FROM pictures p
 JOIN sequences_pictures sp ON p.id = sp.pic_id
+JOIN sequences s ON s.id = sp.seq_id
 WHERE
     p.id = %(pic)s
     AND sp.seq_id = %(seq)s
-    AND (p.account_id = %(acc)s OR p.status != 'hidden')"""
+    AND (is_picture_visible_by_user(p, %(acc)s))
+    AND (is_sequence_visible_by_user(s, %(acc)s))"""
                 ),
                 {"pic": itemId, "seq": collectionId, "acc": accountId},
             ).fetchone()
@@ -138,7 +140,7 @@ def prepareCollection(collectionId, account=None):
 FROM sequences
 WHERE
     id = %(seq)s
-    AND (account_id = %(acc)s OR status != 'hidden')"""
+    AND is_sequence_visible_by_user(sequences, %(acc)s)"""
                 ),
                 {"seq": collectionId, "acc": accountId},
             ).fetchone()