udata 14.0.0__py3-none-any.whl → 14.5.1.dev6__py3-none-any.whl

udata/core/dataservices/rdf.py

@@ -31,6 +31,7 @@ def dataservice_from_rdf(
     node,
     all_datasets: list[Dataset],
     remote_url_prefix: str | None = None,
+    dryrun: bool = False,
 ) -> Dataservice:
     """
     Create or update a dataservice from a RDF/DCAT graph
@@ -51,7 +52,7 @@ def dataservice_from_rdf(
     dataservice.machine_documentation_url = url_from_rdf(d, DCAT.endpointDescription)
 
     roles = [  # Imbricated list of contact points for each role
-        contact_points_from_rdf(d, rdf_entity, role, dataservice)
+        contact_points_from_rdf(d, rdf_entity, role, dataservice, dryrun=dryrun)
         for rdf_entity, role in CONTACT_POINT_ENTITY_TO_ROLE.items()
     ]
     dataservice.contact_points = [  # Flattened list of contact points

udata/core/dataservices/tasks.py

@@ -6,6 +6,7 @@ from udata.core.constants import HVD
 from udata.core.dataservices.models import Dataservice
 from udata.core.organization.constants import CERTIFIED, PUBLIC_SERVICE
 from udata.core.organization.models import Organization
+from udata.core.pages.models import Page
 from udata.core.topic.models import TopicElement
 from udata.harvest.models import HarvestJob
 from udata.models import Discussion, Follow, Transfer
@@ -22,12 +23,22 @@ def purge_dataservices(self):
         Follow.objects(following=dataservice).delete()
         # Remove discussions
         Discussion.objects(subject=dataservice).delete()
-        # Remove HarvestItem references
-        HarvestJob.objects(items__dataservice=dataservice).update(set__items__S__dataservice=None)
+        # Remove HarvestItem references (using update_many with array_filters to update all matching items)
+        HarvestJob._get_collection().update_many(
+            {"items.dataservice": dataservice.id},
+            {"$set": {"items.$[item].dataservice": None}},
+            array_filters=[{"item.dataservice": dataservice.id}],
+        )
         # Remove associated Transfers
         Transfer.objects(subject=dataservice).delete()
         # Remove dataservices references in Topics
         TopicElement.objects(element=dataservice).update(element=None)
+        # Remove dataservices in pages (mongoengine doesn't support updating a field in a generic embed)
+        Page._get_collection().update_many(
+            {"blocs.dataservices": dataservice.id},
+            {"$pull": {"blocs.$[b].dataservices": dataservice.id}},
+            array_filters=[{"b.dataservices": dataservice.id}],
+        )
         # Remove dataservice
         dataservice.delete()
 

udata/core/dataset/api.py

@@ -39,6 +39,7 @@ from udata.core.dataservices.models import Dataservice
 from udata.core.dataset.models import CHECKSUM_TYPES
 from udata.core.followers.api import FollowAPI
 from udata.core.followers.models import Follow
+from udata.core.legal.mails import add_send_legal_notice_argument, send_legal_notice_on_deletion
 from udata.core.organization.models import Organization
 from udata.core.reuse.models import Reuse
 from udata.core.storages.api import handle_upload, upload_parser
@@ -364,6 +365,9 @@ class DatasetsAtomFeedAPI(API):
         return response
 
 
+dataset_delete_parser = add_send_legal_notice_argument(api.parser())
+
+
 @ns.route("/<dataset:dataset>/", endpoint="dataset", doc=common_doc)
 @api.response(404, "Dataset not found")
 @api.response(410, "Dataset has been deleted")
@@ -397,12 +401,16 @@ class DatasetAPI(API):
 
     @api.secure
     @api.doc("delete_dataset")
+    @api.expect(dataset_delete_parser)
     @api.response(204, "Dataset deleted")
     def delete(self, dataset):
         """Delete a dataset given its identifier"""
+        args = dataset_delete_parser.parse_args()
         if dataset.deleted:
             api.abort(410, "Dataset has been deleted")
         dataset.permissions["delete"].test()
+        send_legal_notice_on_deletion(dataset, args)
+
         dataset.deleted = datetime.utcnow()
         dataset.last_modified_internal = datetime.utcnow()
         dataset.save()
@@ -531,6 +539,8 @@ class ResourcesAPI(API):
                 f"All resources must be reordered, you provided {len(resources)} "
                 f"out of {len(dataset.resources)}",
             )
+        if any(isinstance(r, dict) and "id" not in r for r in resources):
+            api.abort(400, "Each resource must have an 'id' field")
         if set(r["id"] if isinstance(r, dict) else r for r in resources) != set(
             str(r.id) for r in dataset.resources
         ):

udata/core/dataset/models.py

@@ -546,7 +546,10 @@ class Dataset(
         ),
         auditable=False,
     )
-    description = field(db.StringField(required=True, default=""))
+    description = field(
+        db.StringField(required=True, default=""),
+        markdown=True,
+    )
     description_short = field(db.StringField(max_length=DESCRIPTION_SHORT_SIZE_LIMIT))
     license = field(db.ReferenceField("License"))
 
@@ -730,7 +733,7 @@ class Dataset(
         }
 
     def self_web_url(self, **kwargs):
-        return cdata_url(f"/datasets/{self._link_id(**kwargs)}/", **kwargs)
+        return cdata_url(f"/datasets/{self._link_id(**kwargs)}", **kwargs)
 
     def self_api_url(self, **kwargs):
         return url_for(
@@ -795,7 +798,7 @@ class Dataset(
         Resources should be fetched when calling this method.
         """
         if self.harvest and self.harvest.modified_at:
-            return self.harvest.modified_at
+            return to_naive_datetime(self.harvest.modified_at)
         if self.resources:
             return max([res.last_modified for res in self.resources])
         else:
@@ -1148,9 +1151,6 @@ class ResourceSchema(object):
         except requests.exceptions.RequestException as err:
             log.exception(f"Error while getting schema catalog from {endpoint}: {err}")
             schemas = cache.get(cache_key)
-        except requests.exceptions.JSONDecodeError as err:
-            log.exception(f"Error while getting schema catalog from {endpoint}: {err}")
-            schemas = cache.get(cache_key)
         else:
             schemas = data.get("schemas", [])
             cache.set(cache_key, schemas)

udata/core/dataset/permissions.py

@@ -1,3 +1,6 @@
+from flask_principal import Permission as BasePermission
+from flask_principal import RoleNeed
+
 from udata.auth import Permission, UserNeed
 from udata.core.organization.permissions import (
     OrganizationAdminNeed,
@@ -22,6 +25,34 @@ class OwnablePermission(Permission):
         super(OwnablePermission, self).__init__(*needs)
 
 
+class OwnableReadPermission(BasePermission):
+    """Permission to read a private ownable object.
+
+    Always grants access if the object is not private.
+    For private objects, requires owner, org member, or sysadmin.
+
+    We inherit from BasePermission instead of udata's Permission because
+    Permission automatically adds RoleNeed("admin") to all needs. This means
+    a permission with no needs would only allow admins. With BasePermission,
+    an empty needs set allows everyone (Flask-Principal returns True when
+    self.needs is empty).
+    """
+
+    def __init__(self, obj):
+        if not getattr(obj, "private", False):
+            super().__init__()
+            return
+
+        needs = [RoleNeed("admin")]
+        if obj.organization:
+            needs.append(OrganizationAdminNeed(obj.organization.id))
+            needs.append(OrganizationEditorNeed(obj.organization.id))
+        elif obj.owner:
+            needs.append(UserNeed(obj.owner.fs_uniquifier))
+
+        super().__init__(*needs)
+
+
 class DatasetEditPermission(OwnablePermission):
     """Permissions to edit a Dataset"""
 

udata/core/dataset/rdf.py

@@ -742,7 +742,13 @@ def resource_from_rdf(graph_or_distrib, dataset=None, is_additionnal=False):
     return resource
 
 
-def dataset_from_rdf(graph: Graph, dataset=None, node=None, remote_url_prefix: str | None = None):
+def dataset_from_rdf(
+    graph: Graph,
+    dataset=None,
+    node=None,
+    remote_url_prefix: str | None = None,
+    dryrun: bool = False,
+):
     """
     Create or update a dataset from a RDF/DCAT graph
     """
@@ -764,7 +770,7 @@ def dataset_from_rdf(graph: Graph, dataset=None, node=None, remote_url_prefix: s
     dataset.description = sanitize_html(description)
     dataset.frequency = frequency_from_rdf(d.value(DCT.accrualPeriodicity)) or dataset.frequency
     roles = [  # Imbricated list of contact points for each role
-        contact_points_from_rdf(d, rdf_entity, role, dataset)
+        contact_points_from_rdf(d, rdf_entity, role, dataset, dryrun=dryrun)
         for rdf_entity, role in CONTACT_POINT_ENTITY_TO_ROLE.items()
     ]
     dataset.contact_points = [  # Flattened list of contact points

udata/core/dataset/tasks.py

@@ -1,4 +1,5 @@
 import collections
+import gzip
 import os
 from datetime import date, datetime
 from tempfile import NamedTemporaryFile
@@ -15,6 +16,7 @@ from udata.core.dataservices.models import Dataservice
 from udata.core.dataset.constants import INSPIRE
 from udata.core.organization.constants import CERTIFIED, PUBLIC_SERVICE
 from udata.core.organization.models import Organization
+from udata.core.pages.models import Page
 from udata.harvest.models import HarvestJob
 from udata.models import Activity, Discussion, Follow, TopicElement, Transfer, db
 from udata.storage.s3 import store_bytes
@@ -52,8 +54,18 @@ def purge_datasets(self):
             datasets = dataservice.datasets
             datasets.remove(dataset)
             dataservice.update(datasets=datasets)
-        # Remove HarvestItem references
-        HarvestJob.objects(items__dataset=dataset).update(set__items__S__dataset=None)
+        # Remove HarvestItem references (using update_many with array_filters to update all matching items)
+        HarvestJob._get_collection().update_many(
+            {"items.dataset": dataset.id},
+            {"$set": {"items.$[item].dataset": None}},
+            array_filters=[{"item.dataset": dataset.id}],
+        )
+        # Remove datasets in pages (mongoengine doesn't support updating a field in a generic embed)
+        Page._get_collection().update_many(
+            {"blocs.datasets": dataset.id},
+            {"$pull": {"blocs.$[b].datasets": dataset.id}},
+            array_filters=[{"b.datasets": dataset.id}],
+        )
         # Remove associated Transfers
         Transfer.objects(subject=dataset).delete()
         # Remove each dataset's resource's file
@@ -87,8 +99,7 @@ def get_queryset(model_cls):
     for attr in attrs:
         if getattr(model_cls, attr, None):
             params[attr] = False
-    # no_cache to avoid eating up too much RAM
-    return model_cls.objects.filter(**params).no_cache()
+    return model_cls.objects.filter(**params)
 
 
 def get_resource_for_csv_export_model(model, dataset):
@@ -166,7 +177,12 @@ def export_csv_for_model(model, dataset, replace: bool = False):
             dataset.save()
         # remove previous catalog if exists and replace is True
         if replace and fs_filename_to_remove:
-            storages.resources.delete(fs_filename_to_remove)
+            try:
+                storages.resources.delete(fs_filename_to_remove)
+            except FileNotFoundError:
+                log.error(
+                    f"File not found while deleting resource #{resource.id} ({fs_filename_to_remove}) in export_csv_for_model cleanup"
+                )
         return resource
     finally:
         csvfile.close()
@@ -210,8 +226,8 @@ def export_csv(self, model=None):
             with storages.resources.open(resource.fs_filename, "rb") as f:
                 store_bytes(
                     bucket=current_app.config["EXPORT_CSV_ARCHIVE_S3_BUCKET"],
-                    filename=f"{current_app.config['EXPORT_CSV_ARCHIVE_S3_FILENAME_PREFIX']}{resource.title}",
-                    bytes=f.read(),
+                    filename=f"{current_app.config['EXPORT_CSV_ARCHIVE_S3_FILENAME_PREFIX']}{resource.title}.gz",
+                    bytes=gzip.compress(f.read()),
                 )
 
 

udata/core/discussions/api.py

@@ -7,6 +7,7 @@ from flask_security import current_user
 from udata.api import API, api, fields
 from udata.core.dataservices.models import Dataservice
 from udata.core.dataset.models import Dataset
+from udata.core.legal.mails import add_send_legal_notice_argument, send_legal_notice_on_deletion
 from udata.core.organization.api_fields import org_ref_fields
 from udata.core.organization.models import Organization
 from udata.core.reuse.models import Reuse
@@ -164,6 +165,9 @@ class DiscussionSpamAPI(SpamAPIMixin):
     model = Discussion
 
 
+discussion_delete_parser = add_send_legal_notice_argument(api.parser())
+
+
 @ns.route("/<id>/", endpoint="discussion")
 class DiscussionAPI(API):
     """
@@ -236,11 +240,14 @@ class DiscussionAPI(API):
         return discussion
 
     @api.doc("delete_discussion")
+    @api.expect(discussion_delete_parser)
     @api.response(403, "Not allowed to delete this discussion")
     def delete(self, id):
         """Delete a discussion given its ID"""
+        args = discussion_delete_parser.parse_args()
         discussion = Discussion.objects.get_or_404(id=id_or_404(id))
         discussion.permissions["delete"].test()
+        send_legal_notice_on_deletion(discussion, args)
 
         discussion.delete()
         on_discussion_deleted.send(discussion)
@@ -259,6 +266,9 @@ class DiscussionCommentSpamAPI(SpamAPIMixin):
         return discussion, discussion.discussion[cidx]
 
 
+message_delete_parser = add_send_legal_notice_argument(api.parser())
+
+
 @ns.route("/<id>/comments/<int:cidx>/", endpoint="discussion_comment")
 class DiscussionCommentAPI(API):
     """
@@ -286,16 +296,20 @@ class DiscussionCommentAPI(API):
         return discussion
 
     @api.doc("delete_discussion_comment")
+    @api.expect(message_delete_parser)
     @api.response(403, "Not allowed to delete this comment")
     def delete(self, id, cidx):
         """Delete a comment given its index"""
+        args = message_delete_parser.parse_args()
         discussion = Discussion.objects.get_or_404(id=id_or_404(id))
         if len(discussion.discussion) <= cidx:
             api.abort(404, "Comment does not exist")
         elif cidx == 0:
             api.abort(400, "You cannot delete the first comment of a discussion")
 
-        discussion.discussion[cidx].permissions["delete"].test()
+        message = discussion.discussion[cidx]
+        message.permissions["delete"].test()
+        send_legal_notice_on_deletion(message, args)
 
         discussion.discussion.pop(cidx)
         discussion.save()

udata/core/discussions/models.py

@@ -6,6 +6,7 @@ from flask_login import current_user
 
 from udata.core.linkable import Linkable
 from udata.core.spam.models import SpamMixin, spam_protected
+from udata.i18n import lazy_gettext as _
 from udata.mongo import db
 
 from .signals import on_discussion_closed, on_new_discussion, on_new_discussion_comment
@@ -14,6 +15,9 @@ log = logging.getLogger(__name__)
 
 
 class Message(SpamMixin, db.EmbeddedDocument):
+    verbose_name = _("message")
+
+    id = db.AutoUUIDField()
     content = db.StringField(required=True)
     posted_on = db.DateTimeField(default=datetime.utcnow, required=True)
     posted_by = db.ReferenceField("User")
@@ -69,6 +73,8 @@ class Message(SpamMixin, db.EmbeddedDocument):
 
 
 class Discussion(SpamMixin, Linkable, db.Document):
+    verbose_name = _("discussion")
+
     user = db.ReferenceField("User")
     organization = db.ReferenceField("Organization")
 

udata/core/legal/mails.py

@@ -0,0 +1,128 @@
+from flask import current_app
+from flask_babel import LazyString
+from flask_login import current_user
+from flask_restx.inputs import boolean
+
+from udata.core.dataservices.models import Dataservice
+from udata.core.dataset.models import Dataset
+from udata.core.discussions.models import Discussion, Message
+from udata.core.organization.models import Organization
+from udata.core.reuse.models import Reuse
+from udata.core.user.models import User
+from udata.i18n import lazy_gettext as _
+from udata.mail import Link, MailMessage, ParagraphWithLinks
+
+DeletableObject = Dataset | Reuse | Dataservice | Organization | User | Discussion | Message
+
+
+def add_send_legal_notice_argument(parser):
+    """Add the send_legal_notice argument to a parser.
+
+    When send_legal_notice=true is passed by an admin, a formal legal notice email
+    is sent to the content owner. This email includes terms of use references and
+    information about how to contest the deletion (administrative appeal).
+    """
+    parser.add_argument(
+        "send_legal_notice",
+        type=boolean,
+        default=False,
+        location="args",
+        help="Send formal legal notice with appeal information to owner (admin only)",
+    )
+    return parser
+
+
+def _get_recipients_for_organization(org: Organization) -> list[User]:
+    return [m.user for m in org.by_role("admin")]
+
+
+def _get_recipients_for_owned_object(obj: Dataset | Reuse | Dataservice) -> list[User]:
+    if obj.owner:
+        return [obj.owner]
+    elif obj.organization:
+        return _get_recipients_for_organization(obj.organization)
+    return []
+
+
+def send_legal_notice_on_deletion(obj: DeletableObject, args: dict):
+    """Send a formal legal notice email when content is deleted by an admin.
+
+    The email is only sent if:
+    - send_legal_notice=true was passed in args
+    - The current user is a sysadmin
+    """
+    if not args.get("send_legal_notice") or not current_user.sysadmin:
+        return
+
+    if isinstance(obj, Organization):
+        recipients = _get_recipients_for_organization(obj)
+    elif isinstance(obj, User):
+        recipients = [obj]
+    elif isinstance(obj, Discussion):
+        recipients = [obj.user] if obj.user else []
+    elif isinstance(obj, Message):
+        recipients = [obj.posted_by] if obj.posted_by else []
+    else:
+        recipients = _get_recipients_for_owned_object(obj)
+
+    if recipients:
+        _content_deleted(obj.verbose_name).send(recipients)
+
+
+def _content_deleted(content_type_label: LazyString) -> MailMessage:
+    admin = current_user._get_current_object()
+    terms_of_use_url = current_app.config.get("TERMS_OF_USE_URL")
+    terms_of_use_deletion_article = current_app.config.get("TERMS_OF_USE_DELETION_ARTICLE")
+    telerecours_url = current_app.config.get("TELERECOURS_URL")
+
+    if terms_of_use_url and terms_of_use_deletion_article:
+        terms_paragraph = ParagraphWithLinks(
+            _(
+                'Our %(terms_link)s specify in point %(article)s that the platform is not "intended '
+                "to disseminate advertising content, promotions of private interests, content contrary "
+                "to public order, illegal content, spam and any contribution violating the applicable "
+                "legal framework. The Editor reserves the right, without prior notice, to remove or "
+                "make inaccessible content published on the Platform that has no connection with its "
+                'Purpose. The Editor does not carry out "a priori" control over publications. As soon '
+                "as the Editor becomes aware of content contrary to these terms of use, it acts quickly "
+                'to remove or make it inaccessible".',
+                terms_link=Link(_("terms of use"), terms_of_use_url),
+                article=terms_of_use_deletion_article,
+            )
+        )
+    else:
+        terms_paragraph = _(
+            'The platform is not "intended to disseminate advertising content, promotions of '
+            "private interests, content contrary to public order, illegal content, spam and any "
+            "contribution violating the applicable legal framework. The Editor reserves the right, "
+            "without prior notice, to remove or make inaccessible content published on the Platform "
+            'that has no connection with its Purpose. The Editor does not carry out "a priori" '
+            "control over publications. As soon as the Editor becomes aware of content contrary to "
+            'these terms of use, it acts quickly to remove or make it inaccessible".'
+        )
+
+    if telerecours_url:
+        appeal_paragraph = ParagraphWithLinks(
+            _(
+                "You may contest this decision within two months of its notification by filing "
+                "an administrative appeal (recours gracieux ou hiérarchique). You may also bring "
+                'the matter before the administrative court via the "%(telerecours_link)s" application.',
+                telerecours_link=Link(_("Télérecours citoyens"), telerecours_url),
+            )
+        )
+    else:
+        appeal_paragraph = _("You may contest this decision by contacting us.")
+
+    paragraphs = [
+        _("Your %(content_type)s has been deleted.", content_type=content_type_label),
+        terms_paragraph,
+        appeal_paragraph,
+        _("Best regards,"),
+        admin.fullname,
+        _("%(site)s team member", site=current_app.config.get("SITE_TITLE", "data.gouv.fr")),
+    ]
+
+    return MailMessage(
+        subject=_("Deletion of your %(content_type)s", content_type=content_type_label),
+        paragraphs=paragraphs,
+    )

udata/core/organization/api.py

@@ -21,6 +21,7 @@ from udata.core.discussions.api import discussion_fields
 from udata.core.discussions.csv import DiscussionCsvAdapter
 from udata.core.discussions.models import Discussion
 from udata.core.followers.api import FollowAPI
+from udata.core.legal.mails import add_send_legal_notice_argument, send_legal_notice_on_deletion
 from udata.core.reuse.models import Reuse
 from udata.core.storages.api import (
     image_parser,
@@ -137,6 +138,9 @@ class OrganizationListAPI(API):
         return organization, 201
 
 
+org_delete_parser = add_send_legal_notice_argument(api.parser())
+
+
 @ns.route("/<org:org>/", endpoint="organization", doc=common_doc)
 @api.response(404, "Organization not found")
 @api.response(410, "Organization has been deleted")
@@ -170,12 +174,16 @@ class OrganizationAPI(API):
 
     @api.secure
     @api.doc("delete_organization")
+    @api.expect(org_delete_parser)
     @api.response(204, "Organization deleted")
     def delete(self, org):
         """Delete a organization given its identifier"""
+        args = org_delete_parser.parse_args()
         if org.deleted:
             api.abort(410, "Organization has been deleted")
         EditOrganizationPermission(org).test()
+        send_legal_notice_on_deletion(org, args)
+
         org.deleted = datetime.utcnow()
         org.save()
         return "", 204
@@ -383,12 +391,13 @@ class MembershipRequestAPI(API):
 
         form = api.validate(MembershipRequestForm, membership_request)
 
-        if not membership_request:
+        if membership_request:
+            form.populate_obj(membership_request)
+            org.save()
+        else:
             membership_request = MembershipRequest()
-            org.requests.append(membership_request)
-
-        form.populate_obj(membership_request)
-        org.save()
+            form.populate_obj(membership_request)
+            org.add_membership_request(membership_request)
 
         notify_membership_request.delay(str(org.id), str(membership_request.id))
 
@@ -424,6 +433,7 @@ class MembershipAcceptAPI(MembershipAPI):
         org.members.append(member)
         org.count_members()
         org.save()
+        MembershipRequest.after_handle.send(membership_request, org=org)
 
         notify_membership_response.delay(str(org.id), str(membership_request.id))
 
@@ -446,6 +456,7 @@ class MembershipRefuseAPI(MembershipAPI):
         membership_request.refusal_comment = form.comment.data
 
         org.save()
+        MembershipRequest.after_handle.send(membership_request, org=org)
 
         notify_membership_response.delay(str(org.id), str(membership_request.id))
 

udata/core/organization/apiv2.py

@@ -3,7 +3,6 @@ from flask import request
 from udata import search
 from udata.api import API, apiv2
 from udata.core.contact_point.api_fields import contact_point_fields
-from udata.utils import multi_to_dict
 
 from .api_fields import member_fields, org_fields, org_page_fields
 from .permissions import EditOrganizationPermission
@@ -30,8 +29,8 @@ class OrganizationSearchAPI(API):
     @apiv2.marshal_with(org_page_fields)
     def get(self):
         """Search all organizations"""
-        search_parser.parse_args()
-        return search.query(OrganizationSearch, **multi_to_dict(request.args))
+        args = search_parser.parse_args()
+        return search.query(OrganizationSearch, **args)
 
 
 @ns.route("/<org:org>/extras/", endpoint="organization_extras")

udata/core/organization/mails.py

@@ -16,7 +16,7 @@ def new_membership_request(org: Organization, request: MembershipRequest) -> Mai
                 )
             ),
             LabelledContent(_("Reason for the request:"), request.comment),
-            MailCTA(_("See the request"), cdata_url(f"/admin/organizations/{org.id}/members/")),
+            MailCTA(_("See the request"), cdata_url(f"/admin/organizations/{org.id}/members")),
         ],
     )
 

udata/core/organization/models.py

@@ -81,6 +81,9 @@ class MembershipRequest(db.EmbeddedDocument):
     comment = db.StringField()
     refusal_comment = db.StringField()
 
+    after_create = Signal()
+    after_handle = Signal()
+
     @property
     def status_label(self):
         return MEMBERSHIP_STATUS[self.status]
@@ -123,7 +126,10 @@ class Organization(
         db.SlugField(max_length=255, required=True, populate_from="name", update=True, follow=True),
         auditable=False,
     )
-    description = field(db.StringField(required=True))
+    description = field(
+        db.StringField(required=True),
+        markdown=True,
+    )
     url = field(db.URLField())
     image_url = field(db.StringField())
     logo = field(
@@ -162,6 +168,8 @@ class Organization(
         "auto_create_index_on_save": True,
     }
 
+    verbose_name = _("organization")
+
     def __str__(self):
         return self.name or ""
 
@@ -198,7 +206,7 @@ class Organization(
         cls.before_save.send(document)
 
     def self_web_url(self, **kwargs):
-        return cdata_url(f"/organizations/{self._link_id(**kwargs)}/", **kwargs)
+        return cdata_url(f"/organizations/{self._link_id(**kwargs)}", **kwargs)
 
     def self_api_url(self, **kwargs):
         return url_for(
@@ -304,6 +312,11 @@ class Organization(
     def views_count(self):
         return self.metrics.get("views", 0)
 
+    def add_membership_request(self, membership_request):
+        self.requests.append(membership_request)
+        self.save()
+        MembershipRequest.after_create.send(membership_request, org=self)
+
     def count_members(self):
         self.metrics["members"] = len(self.members)
         self.save(signal_kwargs={"ignores": ["post_save"]})