PyPI - udata - Versions diffs - 14.0.3.dev1__py3-none-any.whl → 14.7.3.dev4__py3-none-any.whl - Mend

udata 14.0.3.dev1py3-none-any.whl → 14.7.3.dev4py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (151) hide show

udata/api/__init__.py +2 -0
udata/api_fields.py +120 -19
udata/app.py +18 -20
udata/auth/__init__.py +4 -7
udata/auth/forms.py +3 -3
udata/auth/views.py +13 -6
udata/commands/dcat.py +1 -1
udata/commands/serve.py +3 -11
udata/core/activity/api.py +5 -6
udata/core/badges/tests/test_tasks.py +0 -2
udata/core/csv.py +5 -0
udata/core/dataservices/api.py +8 -1
udata/core/dataservices/apiv2.py +3 -6
udata/core/dataservices/models.py +5 -2
udata/core/dataservices/rdf.py +2 -1
udata/core/dataservices/tasks.py +6 -2
udata/core/dataset/api.py +30 -4
udata/core/dataset/api_fields.py +1 -1
udata/core/dataset/apiv2.py +1 -1
udata/core/dataset/constants.py +2 -9
udata/core/dataset/models.py +21 -9
udata/core/dataset/permissions.py +31 -0
udata/core/dataset/rdf.py +18 -16
udata/core/dataset/tasks.py +16 -7
udata/core/discussions/api.py +15 -1
udata/core/discussions/models.py +6 -0
udata/core/legal/__init__.py +0 -0
udata/core/legal/mails.py +128 -0
udata/core/organization/api.py +16 -5
udata/core/organization/api_fields.py +3 -3
udata/core/organization/apiv2.py +3 -4
udata/core/organization/mails.py +1 -1
udata/core/organization/models.py +40 -7
udata/core/organization/notifications.py +84 -0
udata/core/organization/permissions.py +1 -1
udata/core/organization/tasks.py +3 -0
udata/core/pages/models.py +49 -0
udata/core/pages/tests/test_api.py +165 -1
udata/core/post/api.py +25 -70
udata/core/post/constants.py +8 -0
udata/core/post/models.py +109 -17
udata/core/post/tests/test_api.py +140 -3
udata/core/post/tests/test_models.py +24 -0
udata/core/reports/api.py +18 -0
udata/core/reports/models.py +42 -2
udata/core/reuse/api.py +8 -0
udata/core/reuse/apiv2.py +3 -6
udata/core/reuse/models.py +1 -1
udata/core/spatial/forms.py +2 -2
udata/core/topic/models.py +8 -2
udata/core/user/api.py +10 -3
udata/core/user/api_fields.py +3 -3
udata/core/user/models.py +33 -8
udata/features/notifications/api.py +7 -18
udata/features/notifications/models.py +59 -0
udata/features/notifications/tasks.py +25 -0
udata/features/transfer/actions.py +2 -0
udata/features/transfer/models.py +17 -0
udata/features/transfer/notifications.py +96 -0
udata/flask_mongoengine/engine.py +0 -4
udata/flask_mongoengine/pagination.py +1 -1
udata/frontend/markdown.py +2 -1
udata/harvest/actions.py +20 -0
udata/harvest/api.py +24 -7
udata/harvest/backends/base.py +27 -1
udata/harvest/backends/ckan/harvesters.py +21 -4
udata/harvest/backends/dcat.py +4 -1
udata/harvest/commands.py +33 -0
udata/harvest/filters.py +17 -6
udata/harvest/models.py +16 -0
udata/harvest/permissions.py +27 -0
udata/harvest/tests/ckan/test_ckan_backend.py +33 -0
udata/harvest/tests/test_actions.py +46 -2
udata/harvest/tests/test_api.py +161 -6
udata/harvest/tests/test_base_backend.py +86 -1
udata/harvest/tests/test_dcat_backend.py +68 -3
udata/harvest/tests/test_filters.py +6 -0
udata/i18n.py +1 -4
udata/mail.py +14 -0
udata/migrations/2021-08-17-harvest-integrity.py +23 -16
udata/migrations/2025-10-31-create-membership-request-notifications.py +55 -0
udata/migrations/2025-12-04-add-uuid-to-discussion-messages.py +28 -0
udata/migrations/2025-12-16-create-transfer-request-notifications.py +69 -0
udata/migrations/2026-01-14-add-default-kind-to-posts.py +17 -0
udata/mongo/slug_fields.py +1 -1
udata/rdf.py +65 -11
udata/routing.py +2 -2
udata/settings.py +11 -0
udata/tasks.py +2 -0
udata/templates/mail/message.html +3 -1
udata/tests/api/__init__.py +7 -17
udata/tests/api/test_activities_api.py +36 -0
udata/tests/api/test_datasets_api.py +69 -0
udata/tests/api/test_organizations_api.py +0 -3
udata/tests/api/test_reports_api.py +157 -0
udata/tests/api/test_user_api.py +1 -1
udata/tests/apiv2/test_dataservices.py +14 -0
udata/tests/apiv2/test_organizations.py +9 -0
udata/tests/apiv2/test_reuses.py +11 -0
udata/tests/cli/test_cli_base.py +0 -1
udata/tests/dataservice/test_dataservice_tasks.py +29 -0
udata/tests/dataset/test_dataset_model.py +13 -1
udata/tests/dataset/test_dataset_rdf.py +164 -5
udata/tests/dataset/test_dataset_tasks.py +25 -0
udata/tests/frontend/test_auth.py +58 -1
udata/tests/frontend/test_csv.py +0 -3
udata/tests/helpers.py +31 -27
udata/tests/organization/test_notifications.py +67 -2
udata/tests/search/test_search_integration.py +70 -0
udata/tests/site/test_site_csv_exports.py +22 -10
udata/tests/test_activity.py +9 -9
udata/tests/test_api_fields.py +10 -0
udata/tests/test_discussions.py +5 -5
udata/tests/test_legal_mails.py +359 -0
udata/tests/test_notifications.py +15 -57
udata/tests/test_notifications_task.py +43 -0
udata/tests/test_owned.py +81 -1
udata/tests/test_transfer.py +181 -2
udata/tests/test_uris.py +33 -0
udata/translations/ar/LC_MESSAGES/udata.mo +0 -0
udata/translations/ar/LC_MESSAGES/udata.po +309 -158
udata/translations/de/LC_MESSAGES/udata.mo +0 -0
udata/translations/de/LC_MESSAGES/udata.po +313 -160
udata/translations/es/LC_MESSAGES/udata.mo +0 -0
udata/translations/es/LC_MESSAGES/udata.po +312 -160
udata/translations/fr/LC_MESSAGES/udata.mo +0 -0
udata/translations/fr/LC_MESSAGES/udata.po +475 -202
udata/translations/it/LC_MESSAGES/udata.mo +0 -0
udata/translations/it/LC_MESSAGES/udata.po +317 -162
udata/translations/pt/LC_MESSAGES/udata.mo +0 -0
udata/translations/pt/LC_MESSAGES/udata.po +315 -161
udata/translations/sr/LC_MESSAGES/udata.mo +0 -0
udata/translations/sr/LC_MESSAGES/udata.po +323 -164
udata/translations/udata.pot +169 -124
udata/uris.py +0 -2
udata/utils.py +23 -0
udata-14.7.3.dev4.dist-info/METADATA +109 -0
{udata-14.0.3.dev1.dist-info → udata-14.7.3.dev4.dist-info}/RECORD +142 -135
udata/core/post/forms.py +0 -30
udata/flask_mongoengine/json.py +0 -38
udata/templates/mail/base.html +0 -105
udata/templates/mail/base.txt +0 -6
udata/templates/mail/button.html +0 -3
udata/templates/mail/layouts/1-column.html +0 -19
udata/templates/mail/layouts/2-columns.html +0 -20
udata/templates/mail/layouts/center-panel.html +0 -16
udata-14.0.3.dev1.dist-info/METADATA +0 -132
{udata-14.0.3.dev1.dist-info → udata-14.7.3.dev4.dist-info}/WHEEL +0 -0
{udata-14.0.3.dev1.dist-info → udata-14.7.3.dev4.dist-info}/entry_points.txt +0 -0
{udata-14.0.3.dev1.dist-info → udata-14.7.3.dev4.dist-info}/licenses/LICENSE +0 -0
{udata-14.0.3.dev1.dist-info → udata-14.7.3.dev4.dist-info}/top_level.txt +0 -0

udata/core/dataservices/tasks.py CHANGED Viewed

@@ -23,8 +23,12 @@ def purge_dataservices(self):
         Follow.objects(following=dataservice).delete()
         # Remove discussions
         Discussion.objects(subject=dataservice).delete()
-        # Remove HarvestItem references
-        HarvestJob.objects(items__dataservice=dataservice).update(set__items__S__dataservice=None)
+        # Remove HarvestItem references (using update_many with array_filters to update all matching items)
+        HarvestJob._get_collection().update_many(
+            {"items.dataservice": dataservice.id},
+            {"$set": {"items.$[item].dataservice": None}},
+            array_filters=[{"item.dataservice": dataservice.id}],
+        )
         # Remove associated Transfers
         Transfer.objects(subject=dataservice).delete()
         # Remove dataservices references in Topics

udata/core/dataset/api.py CHANGED Viewed

@@ -39,6 +39,7 @@ from udata.core.dataservices.models import Dataservice
 from udata.core.dataset.models import CHECKSUM_TYPES
 from udata.core.followers.api import FollowAPI
 from udata.core.followers.models import Follow
+from udata.core.legal.mails import add_send_legal_notice_argument, send_legal_notice_on_deletion
 from udata.core.organization.models import Organization
 from udata.core.reuse.models import Reuse
 from udata.core.storages.api import handle_upload, upload_parser
@@ -327,17 +328,33 @@ class DatasetListAPI(API):
 @ns.route("/recent.atom", endpoint="recent_datasets_atom_feed")
 class DatasetsAtomFeedAPI(API):
     @api.doc("recent_datasets_atom_feed")
+    @api.expect(dataset_parser.parser)
     def get(self):
+        args = dataset_parser.parse()
+        queryset = Dataset.objects.visible()
+        queryset = DatasetApiParser.parse_filters(queryset, args)
+        q = args.get("q").strip() if args.get("q") else ""
+        has_filters = any(
+            args.get(k)
+            for k in ["q", "tag", "license", "organization", "owner", "format", "badge", "topic"]
+        )
+        if q:
+            title = _("Datasets search: {q}").format(q=q)
+        elif has_filters:
+            title = _("Filtered datasets")
+        else:
+            title = _("Latest datasets")
         feed = Atom1Feed(
-            _("Latest datasets"),
+            title,
             description=None,
             feed_url=request.url,
             link=request.url_root,
         )
-        datasets: list[Dataset] = get_rss_feed_list(
-            Dataset.objects.visible(), "created_at_internal"
-        )
+        datasets: list[Dataset] = get_rss_feed_list(queryset, "created_at_internal")
         for dataset in datasets:
             author_name = None
@@ -364,6 +381,9 @@ class DatasetsAtomFeedAPI(API):
         return response
+dataset_delete_parser = add_send_legal_notice_argument(api.parser())
 @ns.route("/<dataset:dataset>/", endpoint="dataset", doc=common_doc)
 @api.response(404, "Dataset not found")
 @api.response(410, "Dataset has been deleted")
@@ -397,12 +417,16 @@ class DatasetAPI(API):
     @api.secure
     @api.doc("delete_dataset")
+    @api.expect(dataset_delete_parser)
     @api.response(204, "Dataset deleted")
     def delete(self, dataset):
         """Delete a dataset given its identifier"""
+        args = dataset_delete_parser.parse_args()
         if dataset.deleted:
             api.abort(410, "Dataset has been deleted")
         dataset.permissions["delete"].test()
+        send_legal_notice_on_deletion(dataset, args)
         dataset.deleted = datetime.utcnow()
         dataset.last_modified_internal = datetime.utcnow()
         dataset.save()
@@ -531,6 +555,8 @@ class ResourcesAPI(API):
                 f"All resources must be reordered, you provided {len(resources)} "
                 f"out of {len(dataset.resources)}",
             )
+        if any(isinstance(r, dict) and "id" not in r for r in resources):
+            api.abort(400, "Each resource must have an 'id' field")
         if set(r["id"] if isinstance(r, dict) else r for r in resources) != set(
             str(r.id) for r in dataset.resources
         ):

udata/core/dataset/api_fields.py CHANGED Viewed

@@ -332,7 +332,7 @@ dataset_fields = api.model(
         "id": fields.String(description="The dataset identifier", readonly=True),
         "title": fields.String(description="The dataset title", required=True),
         "acronym": fields.String(description="An optional dataset acronym"),
-        "slug": fields.String(description="The dataset permalink string", required=True),
+        "slug": fields.String(description="The dataset permalink string", readonly=True),
         "description": fields.Markdown(
             description="The dataset description in markdown", required=True
         ),

udata/core/dataset/apiv2.py CHANGED Viewed

@@ -108,7 +108,7 @@ dataset_fields = apiv2.model(
         "id": fields.String(description="The dataset identifier", readonly=True),
         "title": fields.String(description="The dataset title", required=True),
         "acronym": fields.String(description="An optional dataset acronym"),
-        "slug": fields.String(description="The dataset permalink string", required=True),
+        "slug": fields.String(description="The dataset permalink string", readonly=True),
         "description": fields.Markdown(
             description="The dataset description in markdown", required=True
         ),

udata/core/dataset/constants.py CHANGED Viewed

@@ -1,5 +1,5 @@
 from collections import OrderedDict
-from datetime import date, datetime, timedelta
+from datetime import datetime, timedelta
 from enum import StrEnum, auto
 from flask_babel import LazyString
@@ -100,14 +100,7 @@ class UpdateFrequency(StrEnum):
         return self._delta  # type: ignore[misc]
     def next_update(self, last_update: datetime) -> datetime | None:
-        if not self.delta:
-            return None
-        result = last_update + self.delta
-        # Convert datetime.date to datetime.datetime for BSON compatibility
-        # MongoDB/BSON cannot encode datetime.date objects, only datetime.datetime
-        if isinstance(result, date) and not isinstance(result, datetime):
-            result = datetime.combine(result, datetime.min.time())
-        return result
+        return last_update + self.delta if self.delta else None
 # We must declare UpdateFrequency class variables after the Enum magic

udata/core/dataset/models.py CHANGED Viewed

@@ -15,17 +15,19 @@ from mongoengine.fields import DateTimeField
 from mongoengine.signals import post_save, pre_init, pre_save
 from werkzeug.utils import cached_property
-from udata.api_fields import field
+from udata.api_fields import field, generate_fields
 from udata.app import cache
 from udata.core import storages
 from udata.core.access_type.constants import AccessType
 from udata.core.access_type.models import WithAccessType, check_only_one_condition_per_role
 from udata.core.activity.models import Auditable
 from udata.core.constants import HVD
+from udata.core.dataset.api_fields import temporal_coverage_fields
 from udata.core.dataset.preview import TabularAPIPreview
 from udata.core.linkable import Linkable
 from udata.core.metrics.helpers import get_stock_metrics
 from udata.core.owned import Owned, OwnedQuerySet
+from udata.core.spatial.api_fields import spatial_coverage_fields
 from udata.frontend.markdown import mdstrip
 from udata.i18n import lazy_gettext as _
 from udata.models import Badge, BadgeMixin, BadgesList, SpatialCoverage, WithMetrics, db
@@ -89,6 +91,7 @@ def get_json_ld_extra(key, value):
     }
+@generate_fields()
 class HarvestDatasetMetadata(db.EmbeddedDocument):
     backend = db.StringField()
     created_at = db.DateTimeField()
@@ -114,6 +117,7 @@ class HarvestResourceMetadata(db.EmbeddedDocument):
     dct_identifier = db.StringField()
+@generate_fields()
 class Schema(db.EmbeddedDocument):
     """
     Schema can only be two things right now:
@@ -482,6 +486,7 @@ class ResourceMixin(object):
         return result
+@generate_fields()
 class Resource(ResourceMixin, WithMetrics, db.EmbeddedDocument):
     """
     Local file, remote file or API provided by the original provider of the
@@ -533,6 +538,7 @@ class DatasetBadgeMixin(BadgeMixin):
     __badges__ = BADGES
+@generate_fields()
 class Dataset(
     Auditable, WithMetrics, WithAccessType, DatasetBadgeMixin, Owned, Linkable, db.Document
 ):
@@ -546,7 +552,10 @@ class Dataset(
         ),
         auditable=False,
     )
-    description = field(db.StringField(required=True, default=""))
+    description = field(
+        db.StringField(required=True, default=""),
+        markdown=True,
+    )
     description_short = field(db.StringField(max_length=DESCRIPTION_SHORT_SIZE_LIMIT))
     license = field(db.ReferenceField("License"))
@@ -557,8 +566,14 @@ class Dataset(
     frequency = field(db.EnumField(UpdateFrequency))
     frequency_date = field(db.DateTimeField(verbose_name=_("Future date of update")))
-    temporal_coverage = field(db.EmbeddedDocumentField(db.DateRange))
-    spatial = field(db.EmbeddedDocumentField(SpatialCoverage))
+    temporal_coverage = field(
+        db.EmbeddedDocumentField(db.DateRange),
+        nested_fields=temporal_coverage_fields,
+    )
+    spatial = field(
+        db.EmbeddedDocumentField(SpatialCoverage),
+        nested_fields=spatial_coverage_fields,
+    )
     schema = field(db.EmbeddedDocumentField(Schema))
     ext = field(db.MapField(db.GenericEmbeddedDocumentField()), auditable=False)
@@ -730,7 +745,7 @@ class Dataset(
         }
     def self_web_url(self, **kwargs):
-        return cdata_url(f"/datasets/{self._link_id(**kwargs)}/", **kwargs)
+        return cdata_url(f"/datasets/{self._link_id(**kwargs)}", **kwargs)
     def self_api_url(self, **kwargs):
         return url_for(
@@ -795,7 +810,7 @@ class Dataset(
         Resources should be fetched when calling this method.
         """
         if self.harvest and self.harvest.modified_at:
-            return self.harvest.modified_at
+            return to_naive_datetime(self.harvest.modified_at)
         if self.resources:
             return max([res.last_modified for res in self.resources])
         else:
@@ -1148,9 +1163,6 @@ class ResourceSchema(object):
         except requests.exceptions.RequestException as err:
             log.exception(f"Error while getting schema catalog from {endpoint}: {err}")
             schemas = cache.get(cache_key)
-        except requests.exceptions.JSONDecodeError as err:
-            log.exception(f"Error while getting schema catalog from {endpoint}: {err}")
-            schemas = cache.get(cache_key)
         else:
             schemas = data.get("schemas", [])
             cache.set(cache_key, schemas)

udata/core/dataset/permissions.py CHANGED Viewed

@@ -1,3 +1,6 @@
+from flask_principal import Permission as BasePermission
+from flask_principal import RoleNeed
 from udata.auth import Permission, UserNeed
 from udata.core.organization.permissions import (
     OrganizationAdminNeed,
@@ -22,6 +25,34 @@ class OwnablePermission(Permission):
         super(OwnablePermission, self).__init__(*needs)
+class OwnableReadPermission(BasePermission):
+    """Permission to read a private ownable object.
+    Always grants access if the object is not private.
+    For private objects, requires owner, org member, or sysadmin.
+    We inherit from BasePermission instead of udata's Permission because
+    Permission automatically adds RoleNeed("admin") to all needs. This means
+    a permission with no needs would only allow admins. With BasePermission,
+    an empty needs set allows everyone (Flask-Principal returns True when
+    self.needs is empty).
+    """
+    def __init__(self, obj):
+        if not getattr(obj, "private", False):
+            super().__init__()
+            return
+        needs = [RoleNeed("admin")]
+        if obj.organization:
+            needs.append(OrganizationAdminNeed(obj.organization.id))
+            needs.append(OrganizationEditorNeed(obj.organization.id))
+        elif obj.owner:
+            needs.append(UserNeed(obj.owner.fs_uniquifier))
+        super().__init__(*needs)
 class DatasetEditPermission(OwnablePermission):
     """Permissions to edit a Dataset"""

udata/core/dataset/rdf.py CHANGED Viewed

@@ -5,7 +5,7 @@ This module centralize dataset helpers for RDF/DCAT serialization and parsing
 import calendar
 import json
 import logging
-from datetime import date, datetime
+from datetime import date
 from dateutil.parser import parse as parse_dt
 from flask import current_app
@@ -51,7 +51,7 @@ from udata.rdf import (
     themes_from_rdf,
     url_from_rdf,
 )
-from udata.utils import get_by, safe_unicode, to_naive_datetime
+from udata.utils import get_by, safe_harvest_datetime, safe_unicode
 from .constants import OGC_SERVICE_FORMATS, UpdateFrequency
 from .models import Checksum, Dataset, License, Resource
@@ -729,12 +729,10 @@ def resource_from_rdf(graph_or_distrib, dataset=None, is_additionnal=False):
         resource.harvest = HarvestResourceMetadata()
     resource.harvest.issued_at = issued_at
-    # In the past, we've encountered future `modified_at` during harvesting
-    # do not save it. :FutureHarvestModifiedAt
-    if modified_at and to_naive_datetime(modified_at) > datetime.utcnow():
-        log.warning(f"Future `DCT.modified` date '{modified_at}' in resource")
-    else:
-        resource.harvest.modified_at = modified_at
+    # :FutureHarvestModifiedAt
+    resource.harvest.modified_at = safe_harvest_datetime(
+        modified_at, "DCT.modified (resource)", refuse_future=True
+    )
     resource.harvest.dct_identifier = identifier
     resource.harvest.uri = uri
@@ -742,7 +740,13 @@ def resource_from_rdf(graph_or_distrib, dataset=None, is_additionnal=False):
     return resource
-def dataset_from_rdf(graph: Graph, dataset=None, node=None, remote_url_prefix: str | None = None):
+def dataset_from_rdf(
+    graph: Graph,
+    dataset=None,
+    node=None,
+    remote_url_prefix: str | None = None,
+    dryrun: bool = False,
+):
     """
     Create or update a dataset from a RDF/DCAT graph
     """
@@ -764,7 +768,7 @@ def dataset_from_rdf(graph: Graph, dataset=None, node=None, remote_url_prefix: s
     dataset.description = sanitize_html(description)
     dataset.frequency = frequency_from_rdf(d.value(DCT.accrualPeriodicity)) or dataset.frequency
     roles = [  # Imbricated list of contact points for each role
-        contact_points_from_rdf(d, rdf_entity, role, dataset)
+        contact_points_from_rdf(d, rdf_entity, role, dataset, dryrun=dryrun)
         for rdf_entity, role in CONTACT_POINT_ENTITY_TO_ROLE.items()
     ]
     dataset.contact_points = [  # Flattened list of contact points
@@ -839,12 +843,10 @@ def dataset_from_rdf(graph: Graph, dataset=None, node=None, remote_url_prefix: s
     dataset.harvest.created_at = created_at
     dataset.harvest.issued_at = issued_at
-    # In the past, we've encountered future `modified_at` during harvesting
-    # do not save it. :FutureHarvestModifiedAt
-    if modified_at and to_naive_datetime(modified_at) > datetime.utcnow():
-        log.warning(f"Future `DCT.modified` date '{modified_at}' in dataset")
-    else:
-        dataset.harvest.modified_at = modified_at
+    # :FutureHarvestModifiedAt
+    dataset.harvest.modified_at = safe_harvest_datetime(
+        modified_at, "DCT.modified (dataset)", refuse_future=True
+    )
     return dataset

udata/core/dataset/tasks.py CHANGED Viewed

@@ -1,4 +1,5 @@
 import collections
+import gzip
 import os
 from datetime import date, datetime
 from tempfile import NamedTemporaryFile
@@ -53,8 +54,12 @@ def purge_datasets(self):
             datasets = dataservice.datasets
             datasets.remove(dataset)
             dataservice.update(datasets=datasets)
-        # Remove HarvestItem references
-        HarvestJob.objects(items__dataset=dataset).update(set__items__S__dataset=None)
+        # Remove HarvestItem references (using update_many with array_filters to update all matching items)
+        HarvestJob._get_collection().update_many(
+            {"items.dataset": dataset.id},
+            {"$set": {"items.$[item].dataset": None}},
+            array_filters=[{"item.dataset": dataset.id}],
+        )
         # Remove datasets in pages (mongoengine doesn't support updating a field in a generic embed)
         Page._get_collection().update_many(
             {"blocs.datasets": dataset.id},
@@ -94,8 +99,7 @@ def get_queryset(model_cls):
     for attr in attrs:
         if getattr(model_cls, attr, None):
             params[attr] = False
-    # no_cache to avoid eating up too much RAM
-    return model_cls.objects.filter(**params).no_cache()
+    return model_cls.objects.filter(**params)
 def get_resource_for_csv_export_model(model, dataset):
@@ -173,7 +177,12 @@ def export_csv_for_model(model, dataset, replace: bool = False):
             dataset.save()
         # remove previous catalog if exists and replace is True
         if replace and fs_filename_to_remove:
-            storages.resources.delete(fs_filename_to_remove)
+            try:
+                storages.resources.delete(fs_filename_to_remove)
+            except FileNotFoundError:
+                log.error(
+                    f"File not found while deleting resource #{resource.id} ({fs_filename_to_remove}) in export_csv_for_model cleanup"
+                )
         return resource
     finally:
         csvfile.close()
@@ -217,8 +226,8 @@ def export_csv(self, model=None):
             with storages.resources.open(resource.fs_filename, "rb") as f:
                 store_bytes(
                     bucket=current_app.config["EXPORT_CSV_ARCHIVE_S3_BUCKET"],
-                    filename=f"{current_app.config['EXPORT_CSV_ARCHIVE_S3_FILENAME_PREFIX']}{resource.title}",
-                    bytes=f.read(),
+                    filename=f"{current_app.config['EXPORT_CSV_ARCHIVE_S3_FILENAME_PREFIX']}{resource.title}.gz",
+                    bytes=gzip.compress(f.read()),
                 )

udata/core/discussions/api.py CHANGED Viewed

@@ -7,6 +7,7 @@ from flask_security import current_user
 from udata.api import API, api, fields
 from udata.core.dataservices.models import Dataservice
 from udata.core.dataset.models import Dataset
+from udata.core.legal.mails import add_send_legal_notice_argument, send_legal_notice_on_deletion
 from udata.core.organization.api_fields import org_ref_fields
 from udata.core.organization.models import Organization
 from udata.core.reuse.models import Reuse
@@ -164,6 +165,9 @@ class DiscussionSpamAPI(SpamAPIMixin):
     model = Discussion
+discussion_delete_parser = add_send_legal_notice_argument(api.parser())
 @ns.route("/<id>/", endpoint="discussion")
 class DiscussionAPI(API):
     """
@@ -236,11 +240,14 @@ class DiscussionAPI(API):
         return discussion
     @api.doc("delete_discussion")
+    @api.expect(discussion_delete_parser)
     @api.response(403, "Not allowed to delete this discussion")
     def delete(self, id):
         """Delete a discussion given its ID"""
+        args = discussion_delete_parser.parse_args()
         discussion = Discussion.objects.get_or_404(id=id_or_404(id))
         discussion.permissions["delete"].test()
+        send_legal_notice_on_deletion(discussion, args)
         discussion.delete()
         on_discussion_deleted.send(discussion)
@@ -259,6 +266,9 @@ class DiscussionCommentSpamAPI(SpamAPIMixin):
         return discussion, discussion.discussion[cidx]
+message_delete_parser = add_send_legal_notice_argument(api.parser())
 @ns.route("/<id>/comments/<int:cidx>/", endpoint="discussion_comment")
 class DiscussionCommentAPI(API):
     """
@@ -286,16 +296,20 @@ class DiscussionCommentAPI(API):
         return discussion
     @api.doc("delete_discussion_comment")
+    @api.expect(message_delete_parser)
     @api.response(403, "Not allowed to delete this comment")
     def delete(self, id, cidx):
         """Delete a comment given its index"""
+        args = message_delete_parser.parse_args()
         discussion = Discussion.objects.get_or_404(id=id_or_404(id))
         if len(discussion.discussion) <= cidx:
             api.abort(404, "Comment does not exist")
         elif cidx == 0:
             api.abort(400, "You cannot delete the first comment of a discussion")
-        discussion.discussion[cidx].permissions["delete"].test()
+        message = discussion.discussion[cidx]
+        message.permissions["delete"].test()
+        send_legal_notice_on_deletion(message, args)
         discussion.discussion.pop(cidx)
         discussion.save()

udata/core/discussions/models.py CHANGED Viewed

@@ -6,6 +6,7 @@ from flask_login import current_user
 from udata.core.linkable import Linkable
 from udata.core.spam.models import SpamMixin, spam_protected
+from udata.i18n import lazy_gettext as _
 from udata.mongo import db
 from .signals import on_discussion_closed, on_new_discussion, on_new_discussion_comment
@@ -14,6 +15,9 @@ log = logging.getLogger(__name__)
 class Message(SpamMixin, db.EmbeddedDocument):
+    verbose_name = _("message")
+    id = db.AutoUUIDField()
     content = db.StringField(required=True)
     posted_on = db.DateTimeField(default=datetime.utcnow, required=True)
     posted_by = db.ReferenceField("User")
@@ -69,6 +73,8 @@ class Message(SpamMixin, db.EmbeddedDocument):
 class Discussion(SpamMixin, Linkable, db.Document):
+    verbose_name = _("discussion")
     user = db.ReferenceField("User")
     organization = db.ReferenceField("Organization")

udata/core/legal/__init__.py ADDED Viewed

File without changes

udata/core/legal/mails.py ADDED Viewed

@@ -0,0 +1,128 @@
+from flask import current_app
+from flask_babel import LazyString
+from flask_login import current_user
+from flask_restx.inputs import boolean
+from udata.core.dataservices.models import Dataservice
+from udata.core.dataset.models import Dataset
+from udata.core.discussions.models import Discussion, Message
+from udata.core.organization.models import Organization
+from udata.core.reuse.models import Reuse
+from udata.core.user.models import User
+from udata.i18n import lazy_gettext as _
+from udata.mail import Link, MailMessage, ParagraphWithLinks
+DeletableObject = Dataset | Reuse | Dataservice | Organization | User | Discussion | Message
+def add_send_legal_notice_argument(parser):
+    """Add the send_legal_notice argument to a parser.
+    When send_legal_notice=true is passed by an admin, a formal legal notice email
+    is sent to the content owner. This email includes terms of use references and
+    information about how to contest the deletion (administrative appeal).
+    """
+    parser.add_argument(
+        "send_legal_notice",
+        type=boolean,
+        default=False,
+        location="args",
+        help="Send formal legal notice with appeal information to owner (admin only)",
+    )
+    return parser
+def _get_recipients_for_organization(org: Organization) -> list[User]:
+    return [m.user for m in org.by_role("admin")]
+def _get_recipients_for_owned_object(obj: Dataset | Reuse | Dataservice) -> list[User]:
+    if obj.owner:
+        return [obj.owner]
+    elif obj.organization:
+        return _get_recipients_for_organization(obj.organization)
+    return []
+def send_legal_notice_on_deletion(obj: DeletableObject, args: dict):
+    """Send a formal legal notice email when content is deleted by an admin.
+    The email is only sent if:
+    - send_legal_notice=true was passed in args
+    - The current user is a sysadmin
+    """
+    if not args.get("send_legal_notice") or not current_user.sysadmin:
+        return
+    if isinstance(obj, Organization):
+        recipients = _get_recipients_for_organization(obj)
+    elif isinstance(obj, User):
+        recipients = [obj]
+    elif isinstance(obj, Discussion):
+        recipients = [obj.user] if obj.user else []
+    elif isinstance(obj, Message):
+        recipients = [obj.posted_by] if obj.posted_by else []
+    else:
+        recipients = _get_recipients_for_owned_object(obj)
+    if recipients:
+        _content_deleted(obj.verbose_name).send(recipients)
+def _content_deleted(content_type_label: LazyString) -> MailMessage:
+    admin = current_user._get_current_object()
+    terms_of_use_url = current_app.config.get("TERMS_OF_USE_URL")
+    terms_of_use_deletion_article = current_app.config.get("TERMS_OF_USE_DELETION_ARTICLE")
+    telerecours_url = current_app.config.get("TELERECOURS_URL")
+    if terms_of_use_url and terms_of_use_deletion_article:
+        terms_paragraph = ParagraphWithLinks(
+            _(
+                'Our %(terms_link)s specify in point %(article)s that the platform is not "intended '
+                "to disseminate advertising content, promotions of private interests, content contrary "
+                "to public order, illegal content, spam and any contribution violating the applicable "
+                "legal framework. The Editor reserves the right, without prior notice, to remove or "
+                "make inaccessible content published on the Platform that has no connection with its "
+                'Purpose. The Editor does not carry out "a priori" control over publications. As soon '
+                "as the Editor becomes aware of content contrary to these terms of use, it acts quickly "
+                'to remove or make it inaccessible".',
+                terms_link=Link(_("terms of use"), terms_of_use_url),
+                article=terms_of_use_deletion_article,
+            )
+        )
+    else:
+        terms_paragraph = _(
+            'The platform is not "intended to disseminate advertising content, promotions of '
+            "private interests, content contrary to public order, illegal content, spam and any "
+            "contribution violating the applicable legal framework. The Editor reserves the right, "
+            "without prior notice, to remove or make inaccessible content published on the Platform "
+            'that has no connection with its Purpose. The Editor does not carry out "a priori" '
+            "control over publications. As soon as the Editor becomes aware of content contrary to "
+            'these terms of use, it acts quickly to remove or make it inaccessible".'
+        )
+    if telerecours_url:
+        appeal_paragraph = ParagraphWithLinks(
+            _(
+                "You may contest this decision within two months of its notification by filing "
+                "an administrative appeal (recours gracieux ou hiérarchique). You may also bring "
+                'the matter before the administrative court via the "%(telerecours_link)s" application.',
+                telerecours_link=Link(_("Télérecours citoyens"), telerecours_url),
+            )
+        )
+    else:
+        appeal_paragraph = _("You may contest this decision by contacting us.")
+    paragraphs = [
+        _("Your %(content_type)s has been deleted.", content_type=content_type_label),
+        terms_paragraph,
+        appeal_paragraph,
+        _("Best regards,"),
+        admin.fullname,
+        _("%(site)s team member", site=current_app.config.get("SITE_TITLE", "data.gouv.fr")),
+    ]
+    return MailMessage(
+        subject=_("Deletion of your %(content_type)s", content_type=content_type_label),
+        paragraphs=paragraphs,
+    )

udata 14.0.3.dev1__py3-none-any.whl → 14.7.3.dev4__py3-none-any.whl

udata 14.0.3.dev1py3-none-any.whl → 14.7.3.dev4py3-none-any.whl