udata 14.0.0__py3-none-any.whl → 14.5.1.dev6__py3-none-any.whl

udata/core/organization/notifications.py

@@ -1,10 +1,94 @@
 import logging
 
+from udata.api_fields import field, generate_fields
+from udata.core.organization.api_fields import org_ref_fields
+from udata.core.organization.models import MembershipRequest, Organization
+from udata.core.user.api_fields import user_ref_fields
+from udata.core.user.models import User
 from udata.features.notifications.actions import notifier
+from udata.models import db
 
 log = logging.getLogger(__name__)
 
 
+@generate_fields()
+class MembershipRequestNotificationDetails(db.EmbeddedDocument):
+    request_organization = field(
+        db.ReferenceField(Organization),
+        readonly=True,
+        nested_fields=org_ref_fields,
+        auditable=False,
+        allow_null=True,
+        filterable={},
+    )
+    request_user = field(
+        db.ReferenceField(User),
+        nested_fields=user_ref_fields,
+        readonly=True,
+        auditable=False,
+        allow_null=True,
+        filterable={},
+    )
+
+
+@MembershipRequest.after_create.connect
+def on_new_membership_request(request: MembershipRequest, **kwargs):
+    from udata.features.notifications.models import Notification
+
+    """Create notification when a new membership request is created"""
+    organization = kwargs.get("org")
+
+    if organization is None:
+        return
+
+    # Get all admin users for the organization
+    admin_users = [member.user for member in organization.members if member.role == "admin"]
+
+    # For each pending request, check if a notification already exists
+    for admin_user in admin_users:
+        try:
+            # Check if notification already exists
+            existing = Notification.objects(
+                user=admin_user,
+                details__request_organization=organization,
+                details__request_user=request.user,
+            ).first()
+
+            if not existing:
+                notification = Notification(
+                    user=admin_user,
+                    details=MembershipRequestNotificationDetails(
+                        request_organization=organization, request_user=request.user
+                    ),
+                )
+                notification.created_at = request.created
+                notification.save()
+        except Exception as e:
+            log.error(
+                f"Error creating notification for user {admin_user.id} "
+                f"and organization {organization.id}: {e}"
+            )
+
+
+@MembershipRequest.after_handle.connect
+def on_handle_membership_request(request: MembershipRequest, **kwargs):
+    from udata.features.notifications.models import Notification
+
+    organization = kwargs.get("org")
+
+    if organization is None:
+        return
+
+    notifications = Notification.objects(
+        details__request_organization=organization,
+        details__request_user=request.user,
+    )
+
+    for notification in notifications:
+        notification.handled_at = request.handled_on
+        notification.save()
+
+
 @notifier("membership_request")
 def membership_request_notifications(user):
     """Notify user about pending membership requests"""

udata/core/organization/permissions.py

@@ -2,7 +2,7 @@ from collections import namedtuple
 from functools import partial
 
 from udata.auth import Permission, current_user, identity_loaded
-from udata.models import Organization
+from udata.core.organization.models import Organization
 from udata.utils import get_by
 
 OrganizationNeed = namedtuple("organization", ("role", "value"))

udata/core/organization/tasks.py

@@ -1,5 +1,6 @@
 from udata.core import storages
 from udata.core.badges.tasks import notify_new_badge
+from udata.features.notifications.models import Notification
 from udata.models import Activity, ContactPoint, Dataset, Follow, Transfer
 from udata.search import reindex
 from udata.tasks import get_logger, job, task
@@ -25,6 +26,8 @@ def purge_organizations(self):
         Transfer.objects(owner=organization).delete()
         # Remove related contact points
         ContactPoint.objects(organization=organization).delete()
+        # Remove related notifications
+        Notification.objects.with_organization_in_details(organization).delete()
         # Store datasets for later reindexation
         d_ids = [d.id for d in Dataset.objects(organization=organization)]
         # Remove organization's logo in all sizes

udata/core/pages/tests/test_api.py

@@ -1,7 +1,9 @@
 from flask import url_for
 
+from udata.core.dataset import tasks
 from udata.core.dataset.factories import DatasetFactory
 from udata.core.pages.models import Page
+from udata.core.user.factories import AdminFactory
 from udata.tests.api import APITestCase
 
 
@@ -71,3 +73,33 @@ class PageAPITest(APITestCase):
         self.assertEqual("more information", response.json["blocs"][0]["subtitle"])
         self.assertEqual(len(response.json["blocs"][0]["datasets"]), 1)
         self.assertEqual(str(datasets[2].id), response.json["blocs"][0]["datasets"][0]["id"])
+
+    def test_page_with_deleted_dataset(self):
+        self.login(AdminFactory())
+        datasets = DatasetFactory.create_batch(3)
+
+        response = self.post(
+            url_for("api.pages"),
+            {
+                "blocs": [
+                    {
+                        "class": "DatasetsListBloc",
+                        "title": "My awesome title",
+                        "datasets": [str(d.id) for d in datasets],
+                    }
+                ],
+            },
+        )
+        self.assert201(response)
+        page_id = response.json["id"]
+
+        response = self.delete(url_for("api.dataset", dataset=datasets[0].id))
+        self.assert204(response)
+
+        response = self.get(url_for("api.page", page=page_id))
+        self.assert200(response)
+
+        tasks.purge_datasets()
+
+        response = self.get(url_for("api.page", page=page_id))
+        self.assert200(response)

udata/core/post/api.py

@@ -2,70 +2,27 @@ from datetime import datetime
 
 from feedgenerator.django.utils.feedgenerator import Atom1Feed
 from flask import make_response, request
+from flask_login import current_user
 
-from udata.api import API, api, fields
+from udata.api import API, api
+from udata.api_fields import patch, patch_and_save
 from udata.auth import Permission as AdminPermission
 from udata.auth import admin_permission
-from udata.core.dataset.api_fields import dataset_fields
-from udata.core.reuse.models import Reuse
 from udata.core.storages.api import (
     image_parser,
     parse_uploaded_image,
     uploaded_image_fields,
 )
-from udata.core.user.api_fields import user_ref_fields
 from udata.frontend.markdown import md
 from udata.i18n import gettext as _
 
-from .forms import PostForm
 from .models import Post
 
 DEFAULT_SORTING = "-published"
 
 ns = api.namespace("posts", "Posts related operations")
 
-post_fields = api.model(
-    "Post",
-    {
-        "id": fields.String(description="The post identifier"),
-        "name": fields.String(description="The post name", required=True),
-        "slug": fields.String(description="The post permalink string", readonly=True),
-        "headline": fields.String(description="The post headline", required=True),
-        "content": fields.Markdown(description="The post content in Markdown", required=True),
-        "image": fields.ImageField(description="The post image", readonly=True),
-        "credit_to": fields.String(description="An optional credit line (associated to the image)"),
-        "credit_url": fields.String(description="An optional link associated to the credits"),
-        "tags": fields.List(fields.String, description="Some keywords to help in search"),
-        "datasets": fields.List(fields.Nested(dataset_fields), description="The post datasets"),
-        "reuses": fields.List(fields.Nested(Reuse.__read_fields__), description="The post reuses"),
-        "owner": fields.Nested(
-            user_ref_fields, description="The owner user", readonly=True, allow_null=True
-        ),
-        "created_at": fields.ISODateTime(description="The post creation date", readonly=True),
-        "last_modified": fields.ISODateTime(
-            description="The post last modification date", readonly=True
-        ),
-        "published": fields.ISODateTime(description="The post publication date", readonly=True),
-        "body_type": fields.String(description="HTML or markdown body type", default="markdown"),
-        "uri": fields.String(
-            attribute=lambda p: p.self_api_url(),
-            description="The API URI for this post",
-            readonly=True,
-        ),
-        "page": fields.String(
-            attribute=lambda p: p.self_web_url(),
-            description="The post web page URL",
-            readonly=True,
-        ),
-    },
-    mask="*,datasets{id,title,acronym,uri,page},reuses{id,title,image,image_thumbnail,uri,page}",
-)
-
-post_page_fields = api.model("PostPage", fields.pager(post_fields))
-
-parser = api.page_parser()
-
-parser.add_argument("sort", type=str, location="args", help="The sorting attribute")
+parser = Post.__index_parser__
 parser.add_argument(
     "with_drafts",
     type=bool,
@@ -73,16 +30,13 @@ parser.add_argument(
     location="args",
     help="`True` also returns the unpublished posts (only for super-admins)",
 )
-parser.add_argument(
-    "q", type=str, location="args", help="query string to search through resources titles"
-)
 
 
 @ns.route("/", endpoint="posts")
 class PostsAPI(API):
     @api.doc("list_posts")
     @api.expect(parser)
-    @api.marshal_with(post_page_fields)
+    @api.marshal_with(Post.__page_fields__)
     def get(self):
         """List all posts"""
         args = parser.parse_args()
@@ -92,22 +46,23 @@ class PostsAPI(API):
         if not (AdminPermission().can() and args["with_drafts"]):
             posts = posts.published()
 
-        if args["q"]:
-            phrase_query = " ".join([f'"{elem}"' for elem in args["q"].split(" ")])
-            posts = posts.search_text(phrase_query)
-
-        sort = args["sort"] or ("$text_score" if args["q"] else None) or DEFAULT_SORTING
-        return posts.order_by(sort).paginate(args["page"], args["page_size"])
+        # The search is already handled by apply_sort_filters if searchable=True
+        return Post.apply_pagination(Post.apply_sort_filters(posts))
 
     @api.doc("create_post")
     @api.secure(admin_permission)
-    @api.expect(post_fields)
-    @api.marshal_with(post_fields)
+    @api.expect(Post.__write_fields__)
+    @api.marshal_with(Post.__read_fields__)
     @api.response(400, "Validation error")
     def post(self):
         """Create a post"""
-        form = api.validate(PostForm)
-        return form.save(), 201
+        post = patch(Post(), request)
+
+        if not post.owner:
+            post.owner = current_user._get_current_object()
+
+        post.save()
+        return post, 201
 
 
 @ns.route("/recent.atom", endpoint="recent_posts_atom_feed")
@@ -143,20 +98,20 @@ class PostsAtomFeedAPI(API):
 @api.param("post", "The post ID or slug")
 class PostAPI(API):
     @api.doc("get_post")
-    @api.marshal_with(post_fields)
+    @api.marshal_with(Post.__read_fields__)
     def get(self, post):
         """Get a given post"""
         return post
 
     @api.doc("update_post")
     @api.secure(admin_permission)
-    @api.expect(post_fields)
-    @api.marshal_with(post_fields)
+    @api.expect(Post.__write_fields__)
+    @api.marshal_with(Post.__read_fields__)
     @api.response(400, "Validation error")
     def put(self, post):
         """Update a given post"""
-        form = api.validate(PostForm, post)
-        return form.save()
+        post = patch_and_save(post, request)
+        return post
 
     @api.secure(admin_permission)
     @api.doc("delete_post")
@@ -171,7 +126,7 @@ class PostAPI(API):
 class PublishPostAPI(API):
     @api.secure(admin_permission)
     @api.doc("publish_post")
-    @api.marshal_with(post_fields)
+    @api.marshal_with(Post.__read_fields__)
     def post(self, post):
         """Publish an existing post"""
         post.modify(published=datetime.utcnow())
@@ -179,9 +134,9 @@ class PublishPostAPI(API):
 
     @api.secure(admin_permission)
     @api.doc("unpublish_post")
-    @api.marshal_with(post_fields)
+    @api.marshal_with(Post.__read_fields__)
     def delete(self, post):
-        """Publish an existing post"""
+        """Unpublish an existing post"""
         post.modify(published=None)
         return post
 

udata/core/post/models.py

@@ -1,5 +1,7 @@
 from flask import url_for
 
+from udata.api_fields import field, generate_fields
+from udata.core.dataset.api_fields import dataset_fields
 from udata.core.linkable import Linkable
 from udata.core.storages import default_image_basename, images
 from udata.i18n import lazy_gettext as _
@@ -16,27 +18,85 @@ class PostQuerySet(db.BaseQuerySet):
         return self(published__ne=None).order_by("-published")
 
 
+@generate_fields(
+    searchable=True,
+    additional_sorts=[
+        {"key": "created_at", "value": "created_at"},
+        {"key": "modified", "value": "last_modified"},
+    ],
+    default_sort="-published",
+)
 class Post(db.Datetimed, Linkable, db.Document):
-    name = db.StringField(max_length=255, required=True)
-    slug = db.SlugField(
-        max_length=255, required=True, populate_from="name", update=True, follow=True
+    name = field(
+        db.StringField(max_length=255, required=True),
+        sortable=True,
+        show_as_ref=True,
+    )
+    slug = field(
+        db.SlugField(max_length=255, required=True, populate_from="name", update=True, follow=True),
+        readonly=True,
+    )
+    headline = field(
+        db.StringField(),
+        sortable=True,
+    )
+    content = field(
+        db.StringField(required=True),
+        markdown=True,
+    )
+    image_url = field(
+        db.StringField(),
+    )
+    image = field(
+        db.ImageField(fs=images, basename=default_image_basename, thumbnails=IMAGE_SIZES),
+        readonly=True,
+        thumbnail_info={"size": 100},
     )
-    headline = db.StringField()
-    content = db.StringField(required=True)
-    image_url = db.StringField()
-    image = db.ImageField(fs=images, basename=default_image_basename, thumbnails=IMAGE_SIZES)
 
-    credit_to = db.StringField()
-    credit_url = db.URLField()
+    credit_to = field(
+        db.StringField(),
+        description="An optional credit line (associated to the image)",
+    )
+    credit_url = field(
+        db.URLField(),
+        description="An optional link associated to the credits",
+    )
 
-    tags = db.ListField(db.StringField())
-    datasets = db.ListField(db.ReferenceField("Dataset", reverse_delete_rule=db.PULL))
-    reuses = db.ListField(db.ReferenceField("Reuse", reverse_delete_rule=db.PULL))
+    tags = field(
+        db.ListField(db.StringField()),
+        description="Some keywords to help in search",
+    )
+    datasets = field(
+        db.ListField(
+            field(
+                db.ReferenceField("Dataset", reverse_delete_rule=db.PULL),
+                nested_fields=dataset_fields,
+            )
+        ),
+        description="The post datasets",
+    )
+    reuses = field(
+        db.ListField(db.ReferenceField("Reuse", reverse_delete_rule=db.PULL)),
+        description="The post reuses",
+    )
 
-    owner = db.ReferenceField("User")
-    published = db.DateTimeField()
+    owner = field(
+        db.ReferenceField("User"),
+        readonly=True,
+        allow_null=True,
+        description="The owner user",
+    )
+    published = field(
+        db.DateTimeField(),
+        readonly=True,
+        sortable=True,
+        description="The post publication date",
+    )
 
-    body_type = db.StringField(choices=list(BODY_TYPES), default="markdown", required=False)
+    body_type = field(
+        db.StringField(choices=list(BODY_TYPES), default="markdown", required=False),
+        description="HTML or markdown body type",
+    )
 
     meta = {
         "ordering": ["-created_at"],
@@ -58,13 +118,21 @@ class Post(db.Datetimed, Linkable, db.Document):
         return self.name or ""
 
     def self_web_url(self, **kwargs):
-        return cdata_url(f"/posts/{self._link_id(**kwargs)}/", **kwargs)
+        return cdata_url(f"/posts/{self._link_id(**kwargs)}", **kwargs)
 
     def self_api_url(self, **kwargs):
         return url_for(
             "api.post", post=self._link_id(**kwargs), **self._self_api_url_kwargs(**kwargs)
         )
 
+    @field(description="The API URI for this post")
+    def uri(self):
+        return self.self_api_url()
+
+    @field(description="The post web page URL")
+    def page(self):
+        return self.self_web_url()
+
     def count_discussions(self):
         # There are no metrics on Post to store discussions count
         pass

udata/core/post/tests/test_api.py

@@ -4,7 +4,7 @@ from udata.core.dataset.factories import DatasetFactory
 from udata.core.post.factories import PostFactory
 from udata.core.post.models import Post
 from udata.core.reuse.factories import ReuseFactory
-from udata.core.user.factories import AdminFactory
+from udata.core.user.factories import AdminFactory, UserFactory
 from udata.tests.api import APITestCase
 from udata.tests.helpers import assert200, assert201, assert204
 
@@ -136,3 +136,26 @@ class PostsAPITest(APITestCase):
 
         post.reload()
         assert post.published is None
+
+    def test_post_api_create_with_empty_credit_url(self):
+        """It should create a post with an empty credit_url (converted to None)"""
+        data = PostFactory.as_dict()
+        data["datasets"] = [str(d.id) for d in data["datasets"]]
+        data["reuses"] = [str(r.id) for r in data["reuses"]]
+        data["credit_url"] = ""
+        self.login(AdminFactory())
+        response = self.post(url_for("api.posts"), data)
+        assert201(response)
+        assert Post.objects.count() == 1
+        post = Post.objects.first()
+        assert post.credit_url is None
+
+    def test_post_api_list_with_drafts_non_admin(self):
+        """Non-admin users should not see drafts even with with_drafts=True"""
+        PostFactory.create_batch(3)
+        PostFactory(published=None)
+
+        self.login(UserFactory())
+        response = self.get(url_for("api.posts", with_drafts=True))
+        assert200(response)
+        assert len(response.json["data"]) == 3

udata/core/reports/api.py

@@ -42,6 +42,24 @@ class ReportAPI(API):
     def get(self, report):
         return report
 
+    @api.doc("update_report", responses={400: "Validation error"})
+    @api.secure(admin_permission)
+    @api.expect(Report.__write_fields__)
+    @api.marshal_with(Report.__read_fields__, code=200)
+    def patch(self, report):
+        dismiss_has_changed = (
+            "dismissed_at" in request.json and request.json["dismissed_at"] != report.dismissed_at
+        )
+
+        report = patch(report, request)
+        if dismiss_has_changed:
+            report.dismissed_by = (
+                current_user._get_current_object() if report.dismissed_at else None
+            )
+
+        report.save()
+        return report, 200
+
 
 @ns.route("/reasons/", endpoint="reports_reasons")
 class ReportsReasonsAPI(API):

udata/core/reports/models.py

@@ -2,7 +2,8 @@ from datetime import datetime
 
 from bson import DBRef
 from flask import url_for
-from mongoengine import DO_NOTHING, NULLIFY, signals
+from flask_restx import inputs
+from mongoengine import DO_NOTHING, NULLIFY, Q, signals
 
 from udata.api_fields import field, generate_fields
 from udata.core.user.api_fields import user_ref_fields
@@ -12,7 +13,32 @@ from udata.mongo import db
 from .constants import REPORT_REASONS_CHOICES, REPORTABLE_MODELS
 
 
-@generate_fields()
+class ReportQuerySet(db.BaseQuerySet):
+    def unhandled(self):
+        return self.filter(dismissed_at=None, subject_deleted_at=None)
+
+    def handled(self):
+        return self.filter(Q(dismissed_at__ne=None) | Q(subject_deleted_at__ne=None))
+
+
+def filter_by_handled(base_query, filter_value):
+    if filter_value is True:
+        return base_query.handled()
+    elif filter_value is False:
+        return base_query.unhandled()
+    else:
+        return base_query
+
+
+@generate_fields(
+    standalone_filters=[
+        {
+            "key": "handled",
+            "query": filter_by_handled,
+            "type": inputs.boolean,
+        },
+    ],
+)
 class Report(db.Document):
     by = field(
         db.ReferenceField(User, reverse_delete_rule=NULLIFY),
@@ -44,8 +70,22 @@ class Report(db.Document):
     reported_at = field(
         db.DateTimeField(default=datetime.utcnow, required=True),
         readonly=True,
+        sortable=True,
     )
 
+    dismissed_at = field(
+        db.DateTimeField(),
+    )
+    dismissed_by = field(
+        db.ReferenceField(User, reverse_delete_rule=NULLIFY),
+        nested_fields=user_ref_fields,
+        allow_null=True,
+    )
+
+    meta = {
+        "queryset_class": ReportQuerySet,
+    }
+
     @field(description="Link to the API endpoint for this report")
     def self_api_url(self):
         return url_for("api.report", report=self, _external=True)

udata/core/reuse/api.py

@@ -15,6 +15,7 @@ from udata.core.badges.fields import badge_fields
 from udata.core.dataservices.models import Dataservice
 from udata.core.dataset.api_fields import dataset_ref_fields
 from udata.core.followers.api import FollowAPI
+from udata.core.legal.mails import add_send_legal_notice_argument, send_legal_notice_on_deletion
 from udata.core.organization.models import Organization
 from udata.core.reuse.constants import REUSE_TOPICS, REUSE_TYPES
 from udata.core.storages.api import (
@@ -170,6 +171,9 @@ class ReusesAtomFeedAPI(API):
         return response
 
 
+reuse_delete_parser = add_send_legal_notice_argument(api.parser())
+
+
 @ns.route("/<reuse:reuse>/", endpoint="reuse", doc=common_doc)
 @api.response(404, "Reuse not found")
 @api.response(410, "Reuse has been deleted")
@@ -202,12 +206,16 @@ class ReuseAPI(API):
 
     @api.secure
     @api.doc("delete_reuse")
+    @api.expect(reuse_delete_parser)
     @api.response(204, "Reuse deleted")
     def delete(self, reuse):
         """Delete a given reuse"""
+        args = reuse_delete_parser.parse_args()
         if reuse.deleted:
             api.abort(410, "This reuse has been deleted")
         reuse.permissions["delete"].test()
+        send_legal_notice_on_deletion(reuse, args)
+
         reuse.deleted = datetime.utcnow()
         reuse.save()
         return "", 204

udata/core/reuse/apiv2.py

@@ -1,9 +1,6 @@
-from flask import request
-
 from udata import search
 from udata.api import API, apiv2
 from udata.core.reuse.models import Reuse
-from udata.utils import multi_to_dict
 
 from .api_fields import reuse_permissions_fields
 from .search import ReuseSearch
@@ -28,5 +25,5 @@ class ReuseSearchAPI(API):
     @apiv2.marshal_with(Reuse.__page_fields__)
     def get(self):
         """Search all reuses"""
-        search_parser.parse_args()
-        return search.query(ReuseSearch, **multi_to_dict(request.args))
+        args = search_parser.parse_args()
+        return search.query(ReuseSearch, **args)

udata/core/reuse/models.py

@@ -199,7 +199,7 @@ class Reuse(db.Datetimed, Auditable, WithMetrics, ReuseBadgeMixin, Linkable, Own
         cls.before_save.send(document)
 
     def self_web_url(self, **kwargs):
-        return cdata_url(f"/reuses/{self._link_id(**kwargs)}/", **kwargs)
+        return cdata_url(f"/reuses/{self._link_id(**kwargs)}", **kwargs)
 
     def self_api_url(self, **kwargs):
         return url_for(

udata/core/reuse/tasks.py

@@ -1,4 +1,5 @@
 from udata.core import storages
+from udata.core.pages.models import Page
 from udata.core.topic.models import TopicElement
 from udata.models import Activity, Discussion, Follow, Transfer
 from udata.tasks import get_logger, job, task
@@ -23,6 +24,12 @@ def purge_reuses(self) -> None:
         Transfer.objects(subject=reuse).delete()
         # Remove reuses references in Topics
         TopicElement.objects(element=reuse).update(element=None)
+        # Remove reuses in pages (mongoengine doesn't support updating a field in a generic embed)
+        Page._get_collection().update_many(
+            {"blocs.reuses": reuse.id},
+            {"$pull": {"blocs.$[b].reuses": reuse.id}},
+            array_filters=[{"b.reuses": reuse.id}],
+        )
         # Remove reuse's logo in all sizes
         if reuse.image.filename is not None:
             storage = storages.images