udata 13.0.1.dev12__py3-none-any.whl → 14.4.1.dev7__py3-none-any.whl

udata/commands/tests/test_fixtures.py

@@ -24,7 +24,7 @@ from udata.tests.api import PytestOnlyAPITestCase
 
 class FixturesTest(PytestOnlyAPITestCase):
     @pytest.mark.options(FIXTURE_DATASET_SLUGS=["some-test-dataset-slug"])
-    def test_generate_fixtures_file_then_import(self, app, cli, api, monkeypatch):
+    def test_generate_fixtures_file_then_import(self, mocker):
         """Test generating fixtures from the current env, then importing them back."""
         assert models.Dataset.objects.count() == 0  # Start with a clean slate.
         user = UserFactory()
@@ -55,11 +55,11 @@ class FixturesTest(PytestOnlyAPITestCase):
         DataserviceFactory(datasets=[dataset], organization=org, contact_points=[contact_point])
 
         with NamedTemporaryFile(mode="w+", delete=True) as fixtures_fd:
-            # Get the fixtures from the local instance.
-            monkeypatch.setattr(requests, "get", lambda url: api.get(url))
-            monkeypatch.setattr(Response, "json", Response.get_json)
-            Response.ok = True
-            result = cli("generate-fixtures-file", "", fixtures_fd.name)
+            # Get the fixtures from the local instance by redirecting requests.get to the test client
+            mocker.patch.object(requests, "get", side_effect=lambda url: self.get(url))
+            mocker.patch.object(Response, "json", Response.get_json)
+            mocker.patch.object(Response, "ok", True, create=True)
+            result = self.cli("generate-fixtures-file", "", fixtures_fd.name)
             fixtures_fd.flush()
             assert "Fixtures saved to file " in result.output
 
@@ -81,7 +81,7 @@ class FixturesTest(PytestOnlyAPITestCase):
             assert models.ContactPoint.objects.count() == 0
 
             # Then load them in the database to make sure they're correct.
-            result = cli("import-fixtures", fixtures_fd.name)
+            result = self.cli("import-fixtures", fixtures_fd.name)
         assert models.Organization.objects(slug=org.slug).count() > 0
         result_org = models.Organization.objects.get(slug=org.slug)
         assert result_org.members[0].user.id == user.id
@@ -106,11 +106,11 @@ class FixturesTest(PytestOnlyAPITestCase):
         assert result_dataservice.organization == org
         assert result_dataservice.contact_points == [contact_point]
 
-    def test_import_fixtures_from_default_file(self, cli):
+    def test_import_fixtures_from_default_file(self):
         """Test importing fixtures from udata.commands.fixture.DEFAULT_FIXTURE_FILE."""
         # Deactivate spam detection when testing import fixtures
         SpamMixin.detect_spam_enabled = False
-        cli("import-fixtures")
+        self.cli("import-fixtures")
         SpamMixin.detect_spam_enabled = True
         assert models.Organization.objects.count() > 0
         assert models.Dataset.objects.count() > 0

udata/core/access_type/api.py

@@ -13,6 +13,6 @@ class ReasonCategoriesAPI(API):
     def get(self):
         """List all limitation reason categories"""
         return [
-            {"value": category.value, "label": category.label}
+            {"value": category.value, "label": category.label, "definition": category.definition}
             for category in InspireLimitationCategory
         ]

udata/core/access_type/constants.py

@@ -63,31 +63,35 @@ class InspireLimitationCategory(StrEnum):
         match self:
             case InspireLimitationCategory.PUBLIC_AUTHORITIES:
                 return _(
-                    "The confidentiality of the proceedings of public authorities, where such confidentiality is provided for by law."
+                    "Public access to datasets and services would adversely affect the confidentiality of the proceedings of public authorities, where such confidentiality is provided for by law."
                 )
             case InspireLimitationCategory.INTERNATIONAL_RELATIONS:
-                return _("International relations, public security or national defence.")
+                return _(
+                    "Public access to datasets and services would adversely affect international relations, public security or national defence."
+                )
             case InspireLimitationCategory.COURSE_OF_JUSTICE:
                 return _(
-                    "The course of justice, the ability of any person to receive a fair trial or the ability of a public authority to conduct an enquiry of a criminal or disciplinary nature."
+                    "Public access to datasets and services would adversely affect the course of justice, the ability of any person to receive a fair trial or the ability of a public authority to conduct an enquiry of a criminal or disciplinary nature."
                 )
             case InspireLimitationCategory.COMMERCIAL_CONFIDENTIALITY:
                 return _(
-                    "The confidentiality of commercial or industrial information, where such confidentiality is provided for by national or Community law to protect a legitimate economic interest."
+                    "Public access to datasets and services would adversely affect the confidentiality of commercial or industrial information, where such confidentiality is provided for by national or Community law to protect a legitimate economic interest, including the public interest in maintaining statistical confidentiality and tax secrecy."
                 )
             case InspireLimitationCategory.INTELLECTUAL_PROPERTY:
-                return _("Intellectual property rights.")
+                return _(
+                    "Public access to datasets and services would adversely affect intellectual property rights."
+                )
             case InspireLimitationCategory.PERSONAL_DATA:
                 return _(
-                    "The confidentiality of personal data and/or files relating to a natural person where that person has not consented to the disclosure."
+                    "Public access to datasets and services would adversely affect the confidentiality of personal data and/or files relating to a natural person where that person has not consented to the disclosure of the information to the public, where such confidentiality is provided for by national or Community law."
                 )
             case InspireLimitationCategory.VOLUNTARY_SUPPLIER:
                 return _(
-                    "The interests or protection of any person who supplied the information requested on a voluntary basis without being under a legal obligation."
+                    "Public access to datasets and services would adversely affect the interests or protection of any person who supplied the information requested on a voluntary basis without being under, or capable of being put under, a legal obligation to do so, unless that person has consented to the release of the information concerned."
                 )
             case InspireLimitationCategory.ENVIRONMENTAL_PROTECTION:
                 return _(
-                    "The protection of the environment to which such information relates, such as the location of rare species."
+                    "Public access to datasets and services would adversely affect the protection of the environment to which such information relates, such as the location of rare species."
                 )
             case _:
                 assert_never(self)

udata/core/activity/api.py

@@ -4,8 +4,9 @@ from bson import ObjectId
 from mongoengine.errors import DoesNotExist
 
 from udata.api import API, api, fields
-from udata.auth import current_user
+from udata.core.dataset.permissions import OwnableReadPermission
 from udata.core.organization.api_fields import org_ref_fields
+from udata.core.owned import Owned
 from udata.core.user.api_fields import user_ref_fields
 from udata.models import Activity, db
 
@@ -101,7 +102,7 @@ class SiteActivityAPI(API):
         # Always return a result even not complete
         # But log the error (ie. visible in sentry, silent for user)
         # Can happen when someone manually delete an object in DB (ie. without proper purge)
-        # - Filter out private items (except for sysadmin users)
+        # - Filter out items not visible to the current user
         safe_items = []
         for item in qs.queryset.items:
             try:
@@ -109,10 +110,8 @@ class SiteActivityAPI(API):
             except DoesNotExist as e:
                 log.error(e, exc_info=True)
             else:
-                if hasattr(item.related_to, "private") and (
-                    current_user.is_anonymous or not current_user.sysadmin
-                ):
-                    if item.related_to.private:
+                if isinstance(item.related_to, Owned):
+                    if not OwnableReadPermission(item.related_to).can():
                         continue
                 safe_items.append(item)
         qs.queryset.items = safe_items

udata/core/avatars/api.py

@@ -0,0 +1,43 @@
+import hashlib
+import io
+
+import pydenticon
+from flask import current_app, send_file
+
+from udata.api import API, api
+from udata.app import cache
+
+ns = api.namespace("avatars", "Avatars")
+
+
+@cache.memoize()
+def generate_pydenticon(identifier, size):
+    """
+    Use pydenticon to generate an identicon image.
+    All parameters are extracted from configuration.
+    """
+    blocks_size = current_app.config["AVATAR_INTERNAL_SIZE"]
+    foreground = current_app.config["AVATAR_INTERNAL_FOREGROUND"]
+    background = current_app.config["AVATAR_INTERNAL_BACKGROUND"]
+    generator = pydenticon.Generator(
+        blocks_size, blocks_size, digest=hashlib.sha1, foreground=foreground, background=background
+    )
+
+    # Pydenticon adds padding to the size and as a consequence
+    # we need to compute the size without the padding
+    padding = int(round(current_app.config["AVATAR_INTERNAL_PADDING"] * size / 100.0))
+    size = size - 2 * padding
+    padding = (padding,) * 4
+    return generator.generate(identifier, size, size, padding=padding, output_format="png")
+
+
+@ns.route("/<identifier>/<int:size>/", endpoint="avatar")
+class IdenticonAPI(API):
+    @api.doc("avatars")
+    def get(self, identifier, size):
+        """Get a deterministic avatar given an identifier at a given size"""
+        identicon = generate_pydenticon(identifier, size)
+        response = send_file(io.BytesIO(identicon), mimetype="image/png")
+        etag = hashlib.sha1(identicon).hexdigest()
+        response.set_etag(etag)
+        return response

udata/core/avatars/test_avatar_api.py

@@ -0,0 +1,30 @@
+from flask import url_for
+
+from udata.tests.api import PytestOnlyAPITestCase
+from udata.tests.helpers import assert200
+from udata.utils import faker
+
+
+def assert_stream_equal(response1, response2):
+    __tracebackhide__ = True
+    stream1 = list(response1.iter_encoded())
+    stream2 = list(response2.iter_encoded())
+    assert stream1 == stream2
+
+
+class InternalBackendTest(PytestOnlyAPITestCase):
+    def test_base_rendering(self):
+        response = self.get(url_for("api.avatar", identifier=faker.word(), size=32))
+
+        assert200(response)
+        assert response.mimetype == "image/png"
+        assert response.is_streamed
+        etag, weak = response.get_etag()
+        assert etag is not None
+
+    def test_render_twice_the_same(self):
+        identifier = faker.word()
+        stream_a = self.get(url_for("api.avatar", identifier=identifier, size=32))
+        stream_b = self.get(url_for("api.avatar", identifier=identifier, size=32))
+
+        assert_stream_equal(stream_a, stream_b)

udata/core/badges/tests/test_commands.py

@@ -9,32 +9,32 @@ class BadgeCommandTest(PytestOnlyDBTestCase):
     def toggle(self, path_or_id, kind):
         return self.cli("badges", "toggle", path_or_id, kind)
 
-    def test_toggle_badge_on(self, cli):
+    def test_toggle_badge_on(self):
         org = OrganizationFactory()
 
-        cli("badges", "toggle", str(org.id), PUBLIC_SERVICE)
+        self.cli("badges", "toggle", str(org.id), PUBLIC_SERVICE)
 
         org.reload()
         assert org.badges[0].kind == PUBLIC_SERVICE
 
-    def test_toggle_badge_off(self, cli):
+    def test_toggle_badge_off(self):
         org = OrganizationFactory()
         org.add_badge(PUBLIC_SERVICE)
         org.add_badge(CERTIFIED)
 
-        cli("badges", "toggle", str(org.id), PUBLIC_SERVICE)
+        self.cli("badges", "toggle", str(org.id), PUBLIC_SERVICE)
 
         org.reload()
         assert org.badges[0].kind == CERTIFIED
 
-    def test_toggle_badge_on_from_file(self, cli):
+    def test_toggle_badge_on_from_file(self):
         orgs = [OrganizationFactory() for _ in range(2)]
 
         with NamedTemporaryFile(mode="w") as temp:
             temp.write("\n".join((str(org.id) for org in orgs)))
             temp.flush()
 
-            cli("badges", "toggle", temp.name, PUBLIC_SERVICE)
+            self.cli("badges", "toggle", temp.name, PUBLIC_SERVICE)
 
         for org in orgs:
             org.reload()

udata/core/csv.py

@@ -5,6 +5,7 @@ from datetime import date, datetime
 from io import StringIO
 
 from flask import Response, stream_with_context
+from mongoengine.queryset import QuerySet
 
 from udata.mongo import db
 from udata.utils import recursive_get
@@ -35,6 +36,10 @@ class Adapter(object):
     fields = None
 
     def __init__(self, queryset):
+        # no_cache() to avoid eating up too much RAM when iterating over large querysets.
+        # Applied here rather than upstream to preserve custom QuerySet methods (like with_badge).
+        if isinstance(queryset, QuerySet):
+            queryset = queryset.no_cache()
         self.queryset = queryset
         self._fields = None
 

udata/core/dataservices/models.py

@@ -130,7 +130,7 @@ def filter_by_topic(base_query, filter_value):
     try:
         topic = Topic.objects.get(id=filter_value)
     except Topic.DoesNotExist:
-        pass
+        return base_query
     else:
         return base_query.filter(
             id__in=[
@@ -140,11 +140,23 @@ def filter_by_topic(base_query, filter_value):
         )
 
 
+def filter_by_reuse(base_query, filter_value):
+    from udata.core.reuse.models import Reuse
+
+    try:
+        reuse = Reuse.objects.get(id=filter_value)
+    except Reuse.DoesNotExist:
+        return base_query
+    else:
+        return base_query.filter(id__in=[dataservice.id for dataservice in reuse.dataservices])
+
+
 @generate_fields(
     searchable=True,
     nested_filters={"organization_badge": "organization.badges"},
     standalone_filters=[
-        {"key": "topic", "constraints": "objectid", "query": filter_by_topic, "type": str}
+        {"key": "topic", "constraints": ["objectid"], "query": filter_by_topic, "type": str},
+        {"key": "reuse", "constraints": ["objectid"], "query": filter_by_reuse, "type": str},
     ],
     additional_sorts=[
         {"key": "followers", "value": "metrics.followers"},
@@ -297,7 +309,7 @@ class Dataservice(
 
     @field(description="Link to the udata web page for this dataservice", show_as_ref=True)
     def self_web_url(self, **kwargs):
-        return cdata_url(f"/dataservices/{self._link_id(**kwargs)}/", **kwargs)
+        return cdata_url(f"/dataservices/{self._link_id(**kwargs)}", **kwargs)
 
     __metrics_keys__ = [
         "discussions",

udata/core/dataservices/tasks.py

@@ -6,6 +6,7 @@ from udata.core.constants import HVD
 from udata.core.dataservices.models import Dataservice
 from udata.core.organization.constants import CERTIFIED, PUBLIC_SERVICE
 from udata.core.organization.models import Organization
+from udata.core.pages.models import Page
 from udata.core.topic.models import TopicElement
 from udata.harvest.models import HarvestJob
 from udata.models import Discussion, Follow, Transfer
@@ -28,6 +29,12 @@ def purge_dataservices(self):
         Transfer.objects(subject=dataservice).delete()
         # Remove dataservices references in Topics
         TopicElement.objects(element=dataservice).update(element=None)
+        # Remove dataservices in pages (mongoengine doesn't support updating a field in a generic embed)
+        Page._get_collection().update_many(
+            {"blocs.dataservices": dataservice.id},
+            {"$pull": {"blocs.$[b].dataservices": dataservice.id}},
+            array_filters=[{"b.dataservices": dataservice.id}],
+        )
         # Remove dataservice
         dataservice.delete()
 

udata/core/dataset/api.py

@@ -531,6 +531,8 @@ class ResourcesAPI(API):
                 f"All resources must be reordered, you provided {len(resources)} "
                 f"out of {len(dataset.resources)}",
             )
+        if any(isinstance(r, dict) and "id" not in r for r in resources):
+            api.abort(400, "Each resource must have an 'id' field")
         if set(r["id"] if isinstance(r, dict) else r for r in resources) != set(
             str(r.id) for r in dataset.resources
         ):

udata/core/dataset/models.py

@@ -730,7 +730,7 @@ class Dataset(
         }
 
     def self_web_url(self, **kwargs):
-        return cdata_url(f"/datasets/{self._link_id(**kwargs)}/", **kwargs)
+        return cdata_url(f"/datasets/{self._link_id(**kwargs)}", **kwargs)
 
     def self_api_url(self, **kwargs):
         return url_for(
@@ -795,7 +795,7 @@ class Dataset(
         Resources should be fetched when calling this method.
         """
         if self.harvest and self.harvest.modified_at:
-            return self.harvest.modified_at
+            return to_naive_datetime(self.harvest.modified_at)
         if self.resources:
             return max([res.last_modified for res in self.resources])
         else:

udata/core/dataset/permissions.py

@@ -1,3 +1,6 @@
+from flask_principal import Permission as BasePermission
+from flask_principal import RoleNeed
+
 from udata.auth import Permission, UserNeed
 from udata.core.organization.permissions import (
     OrganizationAdminNeed,
@@ -22,6 +25,34 @@ class OwnablePermission(Permission):
         super(OwnablePermission, self).__init__(*needs)
 
 
+class OwnableReadPermission(BasePermission):
+    """Permission to read a private ownable object.
+
+    Always grants access if the object is not private.
+    For private objects, requires owner, org member, or sysadmin.
+
+    We inherit from BasePermission instead of udata's Permission because
+    Permission automatically adds RoleNeed("admin") to all needs. This means
+    a permission with no needs would only allow admins. With BasePermission,
+    an empty needs set allows everyone (Flask-Principal returns True when
+    self.needs is empty).
+    """
+
+    def __init__(self, obj):
+        if not getattr(obj, "private", False):
+            super().__init__()
+            return
+
+        needs = [RoleNeed("admin")]
+        if obj.organization:
+            needs.append(OrganizationAdminNeed(obj.organization.id))
+            needs.append(OrganizationEditorNeed(obj.organization.id))
+        elif obj.owner:
+            needs.append(UserNeed(obj.owner.fs_uniquifier))
+
+        super().__init__(*needs)
+
+
 class DatasetEditPermission(OwnablePermission):
     """Permissions to edit a Dataset"""
 

udata/core/dataset/tasks.py

@@ -1,6 +1,7 @@
 import collections
+import gzip
 import os
-from datetime import datetime
+from datetime import date, datetime
 from tempfile import NamedTemporaryFile
 
 from celery.utils.log import get_task_logger
@@ -15,8 +16,10 @@ from udata.core.dataservices.models import Dataservice
 from udata.core.dataset.constants import INSPIRE
 from udata.core.organization.constants import CERTIFIED, PUBLIC_SERVICE
 from udata.core.organization.models import Organization
+from udata.core.pages.models import Page
 from udata.harvest.models import HarvestJob
 from udata.models import Activity, Discussion, Follow, TopicElement, Transfer, db
+from udata.storage.s3 import store_bytes
 from udata.tasks import job
 
 from .models import Checksum, CommunityResource, Dataset, Resource
@@ -53,6 +56,12 @@ def purge_datasets(self):
             dataservice.update(datasets=datasets)
         # Remove HarvestItem references
         HarvestJob.objects(items__dataset=dataset).update(set__items__S__dataset=None)
+        # Remove datasets in pages (mongoengine doesn't support updating a field in a generic embed)
+        Page._get_collection().update_many(
+            {"blocs.datasets": dataset.id},
+            {"$pull": {"blocs.$[b].datasets": dataset.id}},
+            array_filters=[{"b.datasets": dataset.id}],
+        )
         # Remove associated Transfers
         Transfer.objects(subject=dataset).delete()
         # Remove each dataset's resource's file
@@ -86,16 +95,17 @@ def get_queryset(model_cls):
     for attr in attrs:
         if getattr(model_cls, attr, None):
             params[attr] = False
-    # no_cache to avoid eating up too much RAM
-    return model_cls.objects.filter(**params).no_cache()
+    return model_cls.objects.filter(**params)
+
+
+def get_resource_for_csv_export_model(model, dataset):
+    for resource in dataset.resources:
+        if resource.extras.get("csv-export:model", "") == model:
+            return resource
 
 
 def get_or_create_resource(r_info, model, dataset):
-    resource = None
-    for r in dataset.resources:
-        if r.extras.get("csv-export:model", "") == model:
-            resource = r
-            break
+    resource = get_resource_for_csv_export_model(model, dataset)
     if resource:
         for k, v in r_info.items():
             setattr(resource, k, v)
@@ -126,11 +136,16 @@ def store_resource(csvfile, model, dataset):
     return get_or_create_resource(r_info, model, dataset)
 
 
-def export_csv_for_model(model, dataset):
+def export_csv_for_model(model, dataset, replace: bool = False):
     model_cls = getattr(udata_models, model.capitalize(), None)
     if not model_cls:
         log.error("Unknow model %s" % model)
         return
+
+    fs_filename_to_remove = None
+    if existing_resource := get_resource_for_csv_export_model(model, dataset):
+        fs_filename_to_remove = existing_resource.fs_filename
+
     queryset = get_queryset(model_cls)
     adapter = csv.get_adapter(model_cls)
     if not adapter:
@@ -156,6 +171,15 @@ def export_csv_for_model(model, dataset):
         else:
             dataset.last_modified_internal = datetime.utcnow()
             dataset.save()
+        # remove previous catalog if exists and replace is True
+        if replace and fs_filename_to_remove:
+            try:
+                storages.resources.delete(fs_filename_to_remove)
+            except FileNotFoundError:
+                log.error(
+                    f"File not found while deleting resource #{resource.id} ({fs_filename_to_remove}) in export_csv_for_model cleanup"
+                )
+        return resource
     finally:
         csvfile.close()
         os.unlink(csvfile.name)
@@ -184,7 +208,23 @@ def export_csv(self, model=None):
 
     models = (model,) if model else ALLOWED_MODELS
     for model in models:
-        export_csv_for_model(model, dataset)
+        resource = export_csv_for_model(model, dataset, replace=True)
+
+        # If we are the first day of the month, archive today catalogs
+        if (
+            current_app.config["EXPORT_CSV_ARCHIVE_S3_BUCKET"]
+            and resource
+            and date.today().day == 1
+        ):
+            log.info(
+                f"Archiving {model} csv catalog on {current_app.config['EXPORT_CSV_ARCHIVE_S3_BUCKET']} bucket"
+            )
+            with storages.resources.open(resource.fs_filename, "rb") as f:
+                store_bytes(
+                    bucket=current_app.config["EXPORT_CSV_ARCHIVE_S3_BUCKET"],
+                    filename=f"{current_app.config['EXPORT_CSV_ARCHIVE_S3_FILENAME_PREFIX']}{resource.title}.gz",
+                    bytes=gzip.compress(f.read()),
+                )
 
 
 @job("bind-tabular-dataservice")

udata/core/discussions/models.py

@@ -14,6 +14,7 @@ log = logging.getLogger(__name__)
 
 
 class Message(SpamMixin, db.EmbeddedDocument):
+    id = db.AutoUUIDField()
     content = db.StringField(required=True)
     posted_on = db.DateTimeField(default=datetime.utcnow, required=True)
     posted_by = db.ReferenceField("User")

udata/core/metrics/__init__.py

@@ -1,6 +1,3 @@
-from udata import entrypoints
-
-
 def init_app(app):
     # Load all core metrics
     import udata.core.user.metrics  # noqa
@@ -9,6 +6,3 @@ def init_app(app):
     import udata.core.dataset.metrics  # noqa
     import udata.core.reuse.metrics  # noqa
     import udata.core.followers.metrics  # noqa
-
-    # Load metrics from plugins
-    entrypoints.get_enabled("udata.metrics", app)

udata/core/organization/api.py

@@ -383,12 +383,13 @@ class MembershipRequestAPI(API):
 
         form = api.validate(MembershipRequestForm, membership_request)
 
-        if not membership_request:
+        if membership_request:
+            form.populate_obj(membership_request)
+            org.save()
+        else:
             membership_request = MembershipRequest()
-            org.requests.append(membership_request)
-
-        form.populate_obj(membership_request)
-        org.save()
+            form.populate_obj(membership_request)
+            org.add_membership_request(membership_request)
 
         notify_membership_request.delay(str(org.id), str(membership_request.id))
 
@@ -424,6 +425,7 @@ class MembershipAcceptAPI(MembershipAPI):
         org.members.append(member)
         org.count_members()
         org.save()
+        MembershipRequest.after_handle.send(membership_request, org=org)
 
         notify_membership_response.delay(str(org.id), str(membership_request.id))
 
@@ -446,6 +448,7 @@ class MembershipRefuseAPI(MembershipAPI):
         membership_request.refusal_comment = form.comment.data
 
         org.save()
+        MembershipRequest.after_handle.send(membership_request, org=org)
 
         notify_membership_response.delay(str(org.id), str(membership_request.id))
 

udata/core/organization/mails.py

@@ -16,7 +16,7 @@ def new_membership_request(org: Organization, request: MembershipRequest) -> Mai
                 )
             ),
             LabelledContent(_("Reason for the request:"), request.comment),
-            MailCTA(_("See the request"), cdata_url(f"/admin/organizations/{org.id}/members/")),
+            MailCTA(_("See the request"), cdata_url(f"/admin/organizations/{org.id}/members")),
         ],
     )
 

udata/core/organization/models.py

@@ -81,6 +81,9 @@ class MembershipRequest(db.EmbeddedDocument):
     comment = db.StringField()
     refusal_comment = db.StringField()
 
+    after_create = Signal()
+    after_handle = Signal()
+
     @property
     def status_label(self):
         return MEMBERSHIP_STATUS[self.status]
@@ -198,7 +201,7 @@ class Organization(
         cls.before_save.send(document)
 
     def self_web_url(self, **kwargs):
-        return cdata_url(f"/organizations/{self._link_id(**kwargs)}/", **kwargs)
+        return cdata_url(f"/organizations/{self._link_id(**kwargs)}", **kwargs)
 
     def self_api_url(self, **kwargs):
         return url_for(
@@ -304,6 +307,11 @@ class Organization(
     def views_count(self):
         return self.metrics.get("views", 0)
 
+    def add_membership_request(self, membership_request):
+        self.requests.append(membership_request)
+        self.save()
+        MembershipRequest.after_create.send(membership_request, org=self)
+
     def count_members(self):
         self.metrics["members"] = len(self.members)
         self.save(signal_kwargs={"ignores": ["post_save"]})