udata 10.1.2.dev34172__py2.py3-none-any.whl → 10.1.3__py2.py3-none-any.whl

udata/__init__.py

@@ -4,5 +4,5 @@
 udata
 """
 
-__version__ = "10.1.2.dev"
+__version__ = "10.1.3"
 __description__ = "Open data portal"

udata/commands/fixtures.py

@@ -39,7 +39,7 @@ COMMUNITY_RES_URL = "/api/1/datasets/community_resources"
 DISCUSSION_URL = "/api/1/discussions"
 
 
-DEFAULT_FIXTURE_FILE_TAG: str = "v5.0.0"
+DEFAULT_FIXTURE_FILE_TAG: str = "v6.0.0"
 DEFAULT_FIXTURE_FILE: str = f"https://raw.githubusercontent.com/opendatateam/udata-fixtures/{DEFAULT_FIXTURE_FILE_TAG}/results.json"  # noqa
 
 DEFAULT_FIXTURES_RESULTS_FILENAME: str = "results.json"

udata/core/dataservices/constants.py

@@ -0,0 +1,11 @@
+DATASERVICE_FORMATS = ["REST", "WMS", "WSL"]
+
+
+DATASERVICE_ACCESS_TYPE_OPEN = "open"
+DATASERVICE_ACCESS_TYPE_OPEN_WITH_ACCOUNT = "open_with_account"
+DATASERVICE_ACCESS_TYPE_RESTRICTED = "restricted"
+DATASERVICE_ACCESS_TYPES = [
+    DATASERVICE_ACCESS_TYPE_OPEN,
+    DATASERVICE_ACCESS_TYPE_OPEN_WITH_ACCOUNT,
+    DATASERVICE_ACCESS_TYPE_RESTRICTED,
+]

udata/core/dataservices/csv.py

@@ -13,13 +13,13 @@ class DataserviceCsvAdapter(csv.Adapter):
         ("url", lambda d: d.self_web_url()),
         "description",
         "base_api_url",
-        "endpoint_description_url",
+        "machine_documentation_url",
+        "technical_documentation_url",
         "business_documentation_url",
         "authorization_request_url",
         "availability",
         "rate_limiting",
-        "is_restricted",
-        "has_token",
+        "access_type",
         "license",
         ("organization", "organization.name"),
         ("organization_id", "organization.id"),

udata/core/dataservices/models.py

@@ -8,6 +8,7 @@ from mongoengine.signals import post_save
 import udata.core.contact_point.api_fields as contact_api_fields
 import udata.core.dataset.api_fields as datasets_api_fields
 from udata.api_fields import field, function_field, generate_fields
+from udata.core.dataservices.constants import DATASERVICE_ACCESS_TYPES, DATASERVICE_FORMATS
 from udata.core.dataset.models import Dataset
 from udata.core.metrics.models import WithMetrics
 from udata.core.owned import Owned, OwnedQuerySet
@@ -24,8 +25,6 @@ from udata.uris import endpoint_for
 # "spatial"
 # "temporal_coverage"
 
-DATASERVICE_FORMATS = ["REST", "WMS", "WSL"]
-
 
 class DataserviceQuerySet(OwnedQuerySet):
     def visible(self):
@@ -95,16 +94,23 @@ class HarvestMetadata(db.EmbeddedDocument):
     )
     last_update = field(db.DateTimeField(), description="Date of the last harvesting")
     archived_at = field(db.DateTimeField())
+    archived_reason = field(db.StringField())
 
 
 @generate_fields(
     searchable=True,
     additional_filters={"organization_badge": "organization.badges"},
+    additional_sorts=[
+        {"key": "followers", "value": "metrics.followers"},
+        {"key": "views", "value": "metrics.views"},
+    ],
 )
 class Dataservice(WithMetrics, Owned, db.Document):
     meta = {
         "indexes": [
             "$title",
+            "metrics.followers",
+            "metrics.views",
         ]
         + Owned.meta["indexes"],
         "queryset_class": DataserviceQuerySet,
@@ -132,13 +138,22 @@ class Dataservice(WithMetrics, Owned, db.Document):
     )
     description = field(db.StringField(default=""), description="In markdown")
     base_api_url = field(db.URLField(), sortable=True)
-    endpoint_description_url = field(db.URLField())
+
+    machine_documentation_url = field(
+        db.URLField(), description="Swagger link, OpenAPI format, WMS XML…"
+    )
+    technical_documentation_url = field(db.URLField(), description="HTML version of a Swagger…")
     business_documentation_url = field(db.URLField())
-    authorization_request_url = field(db.URLField())
-    availability = field(db.FloatField(min=0, max=100), example="99.99")
+
     rate_limiting = field(db.StringField())
-    is_restricted = field(db.BooleanField(), filterable={})
-    has_token = field(db.BooleanField())
+    rate_limiting_url = field(db.URLField())
+
+    availability = field(db.FloatField(min=0, max=100), example="99.99")
+    availability_url = field(db.URLField())
+
+    access_type = field(db.StringField(choices=DATASERVICE_ACCESS_TYPES), filterable={})
+    authorization_request_url = field(db.URLField())
+
     format = field(db.StringField(choices=DATASERVICE_FORMATS))
 
     license = field(
@@ -223,11 +238,11 @@ class Dataservice(WithMetrics, Owned, db.Document):
     def self_web_url(self):
         return endpoint_for("dataservices.show", dataservice=self, _external=True)
 
-    # TODO
-    # frequency = db.StringField(choices=list(UPDATE_FREQUENCIES.keys()))
-    # temporal_coverage = db.EmbeddedDocumentField(db.DateRange)
-    # spatial = db.EmbeddedDocumentField(SpatialCoverage)
-    # harvest = db.EmbeddedDocumentField(HarvestDatasetMetadata)
+    __metrics_keys__ = [
+        "discussions",
+        "followers",
+        "views",
+    ]
 
     @property
     def is_hidden(self):

udata/core/dataservices/rdf.py

@@ -42,7 +42,9 @@ def dataservice_from_rdf(
     dataservice.description = sanitize_html(d.value(DCT.description) or d.value(DCT.abstract))
 
     dataservice.base_api_url = url_from_rdf(d, DCAT.endpointURL)
-    dataservice.endpoint_description_url = url_from_rdf(d, DCAT.endpointDescription)
+
+    # TODO detect if it's human-readable or not?
+    dataservice.machine_documentation_url = url_from_rdf(d, DCAT.endpointDescription)
 
     roles = [  # Imbricated list of contact points for each role
         contact_points_from_rdf(d, rdf_entity, role, dataservice)
@@ -145,8 +147,8 @@ def dataservice_to_rdf(dataservice: Dataservice, graph=None):
             ),
         )
 
-    if dataservice.endpoint_description_url:
-        d.set(DCAT.endpointDescription, URIRef(dataservice.endpoint_description_url))
+    if dataservice.machine_documentation_url:
+        d.set(DCAT.endpointDescription, URIRef(dataservice.machine_documentation_url))
 
     # Add DCAT-AP HVD properties if the dataservice is tagged hvd.
     # See https://semiceu.github.io/DCAT-AP/releases/2.2.0-hvd/

udata/core/dataservices/search.py

@@ -5,6 +5,11 @@ from flask_restx.inputs import boolean
 
 from udata.api import api
 from udata.api.parsers import ModelApiParser
+from udata.core.dataservices.constants import (
+    DATASERVICE_ACCESS_TYPE_OPEN,
+    DATASERVICE_ACCESS_TYPE_OPEN_WITH_ACCOUNT,
+    DATASERVICE_ACCESS_TYPE_RESTRICTED,
+)
 from udata.models import Dataservice, Organization, User
 from udata.search import (
     BoolFilter,
@@ -47,7 +52,11 @@ class DataserviceApiParser(ModelApiParser):
                 api.abort(400, "Organization arg must be an identifier")
             dataservices = dataservices.filter(organization=args["organization"])
         if "is_restricted" in args:
-            dataservices = dataservices.filter(is_restricted=boolean(args["is_restricted"]))
+            dataservices = dataservices.filter(
+                access_type__in=[DATASERVICE_ACCESS_TYPE_RESTRICTED]
+                if boolean(args["is_restricted"])
+                else [DATASERVICE_ACCESS_TYPE_OPEN, DATASERVICE_ACCESS_TYPE_OPEN_WITH_ACCOUNT]
+            )
         return dataservices
 
 
@@ -56,9 +65,7 @@ class DataserviceSearch(ModelSearchAdapter):
     model = Dataservice
     search_url = "dataservices/"
 
-    sorts = {
-        "created": "created_at",
-    }
+    sorts = {"created": "created_at", "views": "views", "followers": "followers"}
 
     filters = {
         "tag": Filter(),
@@ -114,5 +121,6 @@ class DataserviceSearch(ModelSearchAdapter):
             "tags": dataservice.tags,
             "extras": extras,
             "followers": dataservice.metrics.get("followers", 0),
-            "is_restricted": dataservice.is_restricted or False,
+            "is_restricted": dataservice.access_type == DATASERVICE_ACCESS_TYPE_RESTRICTED,
+            "views": dataservice.metrics.get("views", 0),
         }

udata/core/dataset/api.py

@@ -62,7 +62,12 @@ from .exceptions import (
     SchemasCacheUnavailableException,
     SchemasCatalogNotFoundException,
 )
-from .forms import CommunityResourceForm, DatasetForm, ResourceForm, ResourcesListForm
+from .forms import (
+    CommunityResourceForm,
+    DatasetForm,
+    ResourceFormWithoutId,
+    ResourcesListForm,
+)
 from .models import (
     Checksum,
     CommunityResource,
@@ -379,8 +384,9 @@ class ResourcesAPI(API):
     def post(self, dataset):
         """Create a new resource for a given dataset"""
         ResourceEditPermission(dataset).test()
-        form = api.validate(ResourceForm)
+        form = api.validate(ResourceFormWithoutId)
         resource = Resource()
+
         if form._fields.get("filetype").data != "remote":
             api.abort(400, "This endpoint only supports remote resources")
         form.populate_obj(resource)
@@ -545,10 +551,19 @@ class ResourceAPI(ResourceMixin, API):
         """Update a given resource on a given dataset"""
         ResourceEditPermission(dataset).test()
         resource = self.get_resource_or_404(dataset, rid)
-        form = api.validate(ResourceForm, resource)
+        form = api.validate(ResourceFormWithoutId, resource)
+
+        # ensure filetype is not modified after creation
+        if (
+            form._fields.get("filetype").data
+            and form._fields.get("filetype").data != resource.filetype
+        ):
+            abort(400, "Cannot modify filetype after creation")
+
         # ensure API client does not override url on self-hosted resources
         if resource.filetype == "file":
             form._fields.get("url").data = resource.url
+
         # populate_obj populates existing resource object with the content of the form.
         # update_resource saves the updated resource dict to the database
         # the additional dataset.save is required as we update the last_modified date.

udata/core/dataset/forms.py

@@ -72,7 +72,7 @@ class BaseResourceForm(ModelForm):
         [validators.DataRequired()],
         choices=list(RESOURCE_FILETYPES.items()),
         default="file",
-        description=_("Whether the resource is an uploaded file, " "a remote file or an API"),
+        description=_("Whether the resource is an uploaded file, a remote file or an API"),
     )
     type = fields.RadioField(
         _("Type"),
@@ -89,7 +89,7 @@ class BaseResourceForm(ModelForm):
     checksum = fields.FormField(ChecksumForm)
     mime = fields.StringField(
         _("Mime type"),
-        description=_("The mime type associated to the extension. " "(ex: text/plain)"),
+        description=_("The mime type associated to the extension. (ex: text/plain)"),
     )
     filesize = fields.IntegerField(
         _("Size"), [validators.optional()], description=_("The file size in bytes")
@@ -104,6 +104,10 @@ class ResourceForm(BaseResourceForm):
     id = fields.UUIDField()
 
 
+class ResourceFormWithoutId(BaseResourceForm):
+    model_class = Resource
+
+
 class CommunityResourceForm(BaseResourceForm):
     model_class = CommunityResource
 
@@ -145,7 +149,7 @@ class DatasetForm(ModelForm):
     description = fields.MarkdownField(
         _("Description"),
         [validators.DataRequired(), validators.Length(max=DESCRIPTION_SIZE_LIMIT)],
-        description=_("The details about the dataset " "(collection process, specifics...)."),
+        description=_("The details about the dataset (collection process, specifics...)."),
     )
     license = fields.ModelSelectField(_("License"), model=License, allow_blank=True)
     frequency = fields.SelectField(
@@ -168,7 +172,7 @@ class DatasetForm(ModelForm):
     tags = fields.TagField(_("Tags"), description=_("Some taxonomy keywords"))
     private = fields.BooleanField(
         _("Private"),
-        description=_("Restrict the dataset visibility to you or " "your organization only."),
+        description=_("Restrict the dataset visibility to you or your organization only."),
     )
 
     owner = fields.CurrentUserField()

udata/core/dataset/models.py

@@ -638,6 +638,9 @@ class Dataset(WithMetrics, DatasetBadgeMixin, Owned, db.Document):
         if self.frequency in LEGACY_FREQUENCIES:
             self.frequency = LEGACY_FREQUENCIES[self.frequency]
 
+        if len(set(res.id for res in self.resources)) != len(self.resources):
+            raise MongoEngineValidationError(f"Duplicate resource ID in dataset #{self.id}.")
+
         for key, value in self.extras.items():
             if not key.startswith("custom:"):
                 continue
@@ -897,6 +900,9 @@ class Dataset(WithMetrics, DatasetBadgeMixin, Owned, db.Document):
     def add_resource(self, resource):
         """Perform an atomic prepend for a new resource"""
         resource.validate()
+        if resource.id in [r.id for r in self.resources]:
+            raise MongoEngineValidationError("Cannot add resource with already existing ID")
+
         self.update(
             __raw__={"$push": {"resources": {"$each": [resource.to_mongo()], "$position": 0}}}
         )

udata/core/metrics/commands.py

@@ -4,6 +4,7 @@ import click
 from flask import current_app
 
 from udata.commands import cli, success
+from udata.core.dataservices.models import Dataservice
 from udata.models import Dataset, GeoZone, Organization, Reuse, Site, User
 
 log = logging.getLogger(__name__)
@@ -19,6 +20,7 @@ def grp():
 @click.option("-s", "--site", is_flag=True, help="Update site metrics")
 @click.option("-o", "--organizations", is_flag=True, help="Compute organizations metrics")
 @click.option("-d", "--datasets", is_flag=True, help="Compute datasets metrics")
+@click.option("--dataservices", is_flag=True, help="Compute dataservices metrics")
 @click.option("-r", "--reuses", is_flag=True, help="Compute reuses metrics")
 @click.option("-u", "--users", is_flag=True, help="Compute users metrics")
 @click.option("-g", "--geozones", is_flag=True, help="Compute geo levels metrics")
@@ -28,12 +30,13 @@ def update(
     organizations=False,
     users=False,
     datasets=False,
+    dataservices=False,
     reuses=False,
     geozones=False,
     drop=False,
 ):
     """Update all metrics for the current date"""
-    do_all = not any((site, organizations, users, datasets, reuses, geozones))
+    do_all = not any((site, organizations, users, datasets, dataservices, reuses, geozones))
 
     if do_all or site:
         log.info("Update site metrics")
@@ -75,6 +78,22 @@ def update(
                     log.info(f"Error during update: {e}")
                     continue
 
+    if do_all or dataservices:
+        log.info("Update dataservices metrics")
+        all_dataservices = Dataservice.objects.visible().timeout(False)
+        with click.progressbar(
+            all_dataservices, length=Dataservice.objects.count()
+        ) as dataservice_bar:
+            for dataservice in dataservice_bar:
+                try:
+                    if drop:
+                        dataservice.metrics.clear()
+                    dataservice.count_discussions()
+                    dataservice.count_followers()
+                except Exception as e:
+                    log.info(f"Error during update: {e}")
+                    continue
+
     if do_all or reuses:
         log.info("Update reuses metrics")
         all_reuses = Reuse.objects.visible().timeout(False)

udata/core/organization/api_fields.py

@@ -82,7 +82,9 @@ member_user_with_email_fields = api.inherit(
             readonly=True,
         ),
         "last_login_at": fields.Raw(
-            attribute=lambda o: o.last_login_at if check_can_access_user_private_info() else None,
+            attribute=lambda o: o.current_login_at
+            if check_can_access_user_private_info()
+            else None,
             description="The user last connection date (only present on show organization endpoint if the current user is member of the organization: admin or editor)",
             readonly=True,
         ),

udata/core/user/api.py

@@ -275,6 +275,13 @@ delete_parser.add_argument(
     location="args",
     default=False,
 )
+delete_parser.add_argument(
+    "delete_comments",
+    type=bool,
+    help="Delete comments posted by the user upon user deletion",
+    location="args",
+    default=False,
+)
 
 
 @ns.route("/<user:user>/", endpoint="user")
@@ -317,7 +324,7 @@ class UserAPI(API):
                 403, "You cannot delete yourself with this API. " + 'Use the "me" API instead.'
             )
 
-        user.mark_as_deleted(notify=not args["no_mail"])
+        user.mark_as_deleted(notify=not args["no_mail"], delete_comments=args["delete_comments"])
         return "", 204
 
 

udata/core/user/api_fields.py

@@ -61,6 +61,11 @@ user_fields = api.model(
         "since": fields.ISODateTime(
             attribute="created_at", description="The registeration date", required=True
         ),
+        "last_login_at": fields.Raw(
+            attribute=lambda o: o.current_login_at if current_user_is_admin_or_self() else None,
+            description="The user last connection date (only present for global admins and on /me)",
+            readonly=True,
+        ),
         "page": fields.UrlFor(
             "users.show",
             lambda u: {"user": u},

udata/core/user/models.py

@@ -82,6 +82,10 @@ class User(WithMetrics, UserMixin, db.Document):
     ext = db.MapField(db.GenericEmbeddedDocumentField())
     extras = db.ExtrasField()
 
+    # Used to track notification for automatic inactive users deletion
+    # when YEARS_OF_INACTIVITY_BEFORE_DEACTIVATION is set
+    inactive_deletion_notified_at = db.DateTimeField()
+
     before_save = Signal()
     after_save = Signal()
     on_create = Signal()
@@ -237,7 +241,7 @@ class User(WithMetrics, UserMixin, db.Document):
         raise NotImplementedError("""This method should not be using directly.
         Use `mark_as_deleted` (or `_delete` if you know what you're doing)""")
 
-    def mark_as_deleted(self, notify: bool = True):
+    def mark_as_deleted(self, notify: bool = True, delete_comments: bool = False):
         if self.avatar.filename is not None:
             storage = storages.avatars
             storage.delete(self.avatar.filename)
@@ -265,16 +269,17 @@ class User(WithMetrics, UserMixin, db.Document):
                 member for member in organization.members if member.user != self
             ]
             organization.save()
-        for discussion in Discussion.objects(discussion__posted_by=self):
-            # Remove all discussions with current user as only participant
-            if all(message.posted_by == self for message in discussion.discussion):
-                discussion.delete()
-                continue
-
-            for message in discussion.discussion:
-                if message.posted_by == self:
-                    message.content = "DELETED"
-            discussion.save()
+        if delete_comments:
+            for discussion in Discussion.objects(discussion__posted_by=self):
+                # Remove all discussions with current user as only participant
+                if all(message.posted_by == self for message in discussion.discussion):
+                    discussion.delete()
+                    continue
+
+                for message in discussion.discussion:
+                    if message.posted_by == self:
+                        message.content = "DELETED"
+                discussion.save()
         Follow.objects(follower=self).delete()
         Follow.objects(following=self).delete()
 

udata/core/user/tasks.py

@@ -1,10 +1,14 @@
 import logging
+from copy import copy
+from datetime import datetime, timedelta
+
+from flask import current_app
 
 from udata import mail
 from udata.i18n import lazy_gettext as _
-from udata.tasks import task
+from udata.tasks import job, task
 
-from .models import datastore
+from .models import User, datastore
 
 log = logging.getLogger(__name__)
 
@@ -13,3 +17,78 @@ log = logging.getLogger(__name__)
 def send_test_mail(email):
     user = datastore.find_user(email=email)
     mail.send(_("Test mail"), user, "test")
+
+
+@job("notify-inactive-users")
+def notify_inactive_users(self):
+    if not current_app.config["YEARS_OF_INACTIVITY_BEFORE_DEACTIVATION"]:
+        logging.warning(
+            "YEARS_OF_INACTIVITY_BEFORE_DEACTIVATION setting is not set, no deletion planned"
+        )
+        return
+    notification_comparison_date = (
+        datetime.utcnow()
+        - timedelta(days=current_app.config["YEARS_OF_INACTIVITY_BEFORE_DEACTIVATION"] * 365)
+        + timedelta(days=current_app.config["DAYS_BEFORE_ACCOUNT_INACTIVITY_NOTIFY_DELAY"])
+    )
+
+    users_to_notify = User.objects(
+        deleted=None,
+        inactive_deletion_notified_at=None,
+        current_login_at__lte=notification_comparison_date,
+    )
+    for i, user in enumerate(users_to_notify):
+        if i >= current_app.config["MAX_NUMBER_OF_USER_INACTIVITY_NOTIFICATIONS"]:
+            logging.warning("MAX_NUMBER_OF_USER_INACTIVITY_NOTIFICATIONS reached, stopping here.")
+            return
+        mail.send(
+            _("Inactivity of your {site} account").format(site=current_app.config["SITE_TITLE"]),
+            user,
+            "account_inactivity",
+            user=user,
+        )
+        logging.debug(f"Notified {user.email} of account inactivity")
+        user.inactive_deletion_notified_at = datetime.utcnow()
+        user.save()
+
+    logging.info(f"Notified {users_to_notify.count()} inactive users")
+
+
+@job("delete-inactive-users")
+def delete_inactive_users(self):
+    if not current_app.config["YEARS_OF_INACTIVITY_BEFORE_DEACTIVATION"]:
+        logging.warning(
+            "YEARS_OF_INACTIVITY_BEFORE_DEACTIVATION setting is not set, no deletion planned"
+        )
+        return
+
+    # Clear inactive_deletion_notified_at field if user has logged in since notification
+    for user in User.objects(deleted=None, inactive_deletion_notified_at__exists=True):
+        if user.current_login_at > user.inactive_deletion_notified_at:
+            user.inactive_deletion_notified_at = None
+            user.save()
+
+    # Delete inactive users upon notification delay if user still hasn't logged in
+    deletion_comparison_date = datetime.utcnow() - timedelta(
+        days=current_app.config["YEARS_OF_INACTIVITY_BEFORE_DEACTIVATION"] * 365
+    )
+    notified_at = datetime.utcnow() - timedelta(
+        days=current_app.config["DAYS_BEFORE_ACCOUNT_INACTIVITY_NOTIFY_DELAY"]
+    )
+    users_to_delete = User.objects(
+        deleted=None,
+        current_login_at__lte=deletion_comparison_date,
+        inactive_deletion_notified_at__lte=notified_at,
+    )
+    for user in users_to_delete:
+        copied_user = copy(user)
+        user.mark_as_deleted(notify=False, delete_comments=False)
+        logging.warning(f"Deleted user {copied_user.email} due to account inactivity")
+        mail.send(
+            _("Deletion of your inactive {site} account").format(
+                site=current_app.config["SITE_TITLE"]
+            ),
+            copied_user,
+            "inactive_account_deleted",
+        )
+    logging.info(f"Deleted {users_to_delete.count()} inactive users")

udata/core/user/tests/test_user_model.py

@@ -18,7 +18,7 @@ class UserModelTest:
         user = UserFactory()
         other_user = UserFactory()
         org = OrganizationFactory(editors=[user])
-        discussion_only_user = DiscussionFactory(
+        discussion = DiscussionFactory(
             user=user,
             subject=org,
             discussion=[
@@ -26,14 +26,6 @@ class UserModelTest:
                 MessageDiscussionFactory(posted_by=user),
             ],
         )
-        discussion_with_other = DiscussionFactory(
-            user=other_user,
-            subject=org,
-            discussion=[
-                MessageDiscussionFactory(posted_by=other_user),
-                MessageDiscussionFactory(posted_by=user),
-            ],
-        )
         user_follow_org = Follow.objects.create(follower=user, following=org)
         user_followed = Follow.objects.create(follower=other_user, following=user)
 
@@ -42,15 +34,40 @@ class UserModelTest:
         org.reload()
         assert len(org.members) == 0
 
-        assert Discussion.objects(id=discussion_only_user.id).first() is None
-        discussion_with_other.reload()
-        assert discussion_with_other.discussion[1].content == "DELETED"
+        # discussions are kept by default
+        discussion.reload()
+        assert len(discussion.discussion) == 2
+        assert discussion.discussion[1].content != "DELETED"
 
         assert Follow.objects(id=user_follow_org.id).first() is None
         assert Follow.objects(id=user_followed.id).first() is None
 
         assert user.slug == "deleted"
 
+    def test_mark_as_deleted_with_comments_deletion(self):
+        user = UserFactory()
+        other_user = UserFactory()
+        discussion_only_user = DiscussionFactory(
+            user=user,
+            discussion=[
+                MessageDiscussionFactory(posted_by=user),
+                MessageDiscussionFactory(posted_by=user),
+            ],
+        )
+        discussion_with_other = DiscussionFactory(
+            user=other_user,
+            discussion=[
+                MessageDiscussionFactory(posted_by=other_user),
+                MessageDiscussionFactory(posted_by=user),
+            ],
+        )
+
+        user.mark_as_deleted(delete_comments=True)
+
+        assert Discussion.objects(id=discussion_only_user.id).first() is None
+        discussion_with_other.reload()
+        assert discussion_with_other.discussion[1].content == "DELETED"
+
     def test_mark_as_deleted_slug_multiple(self):
         user = UserFactory()
         other_user = UserFactory()

udata/features/transfer/api.py

@@ -1,4 +1,4 @@
-from flask import request
+from flask import abort, request
 
 from udata.api import API, api, base_reference, fields
 from udata.core.dataservices.models import Dataservice
@@ -27,7 +27,7 @@ transfer_request_fields = api.model(
         "recipient": fields.Nested(
             base_reference,
             required=True,
-            description=("The transfer recipient, " "either an user or an organization"),
+            description=("The transfer recipient, either an user or an organization"),
         ),
         "comment": fields.String(
             description="An explanation about the transfer request", required=True
@@ -68,12 +68,12 @@ transfer_fields = api.model(
         "owner": fields.Polymorph(
             person_mapping,
             readonly=True,
-            description=("The user or organization currently owning " "the transfered object"),
+            description=("The user or organization currently owning the transfered object"),
         ),
         "recipient": fields.Polymorph(
             person_mapping,
             readonly=True,
-            description=("The user or organization receiving " "the transfered object"),
+            description=("The user or organization receiving the transfered object"),
         ),
         "subject": fields.Polymorph(
             subject_mapping, readonly=True, description="The transfered object"
@@ -186,6 +186,9 @@ class TransferRequestAPI(API):
         """Respond to a transfer request"""
         transfer = Transfer.objects.get_or_404(id=id_or_404(id))
 
+        if transfer.status != "pending":
+            abort(400, "Cannot update transfer after accepting/refusing")
+
         data = request.json
         comment = data.get("comment")