udata 14.0.3.dev1__py3-none-any.whl → 14.7.3.dev4__py3-none-any.whl

udata/core/post/api.py

@@ -2,70 +2,27 @@ from datetime import datetime
 
 from feedgenerator.django.utils.feedgenerator import Atom1Feed
 from flask import make_response, request
+from flask_login import current_user
 
-from udata.api import API, api, fields
+from udata.api import API, api
+from udata.api_fields import patch, patch_and_save
 from udata.auth import Permission as AdminPermission
 from udata.auth import admin_permission
-from udata.core.dataset.api_fields import dataset_fields
-from udata.core.reuse.models import Reuse
 from udata.core.storages.api import (
     image_parser,
     parse_uploaded_image,
     uploaded_image_fields,
 )
-from udata.core.user.api_fields import user_ref_fields
 from udata.frontend.markdown import md
 from udata.i18n import gettext as _
 
-from .forms import PostForm
 from .models import Post
 
 DEFAULT_SORTING = "-published"
 
 ns = api.namespace("posts", "Posts related operations")
 
-post_fields = api.model(
-    "Post",
-    {
-        "id": fields.String(description="The post identifier"),
-        "name": fields.String(description="The post name", required=True),
-        "slug": fields.String(description="The post permalink string", readonly=True),
-        "headline": fields.String(description="The post headline", required=True),
-        "content": fields.Markdown(description="The post content in Markdown", required=True),
-        "image": fields.ImageField(description="The post image", readonly=True),
-        "credit_to": fields.String(description="An optional credit line (associated to the image)"),
-        "credit_url": fields.String(description="An optional link associated to the credits"),
-        "tags": fields.List(fields.String, description="Some keywords to help in search"),
-        "datasets": fields.List(fields.Nested(dataset_fields), description="The post datasets"),
-        "reuses": fields.List(fields.Nested(Reuse.__read_fields__), description="The post reuses"),
-        "owner": fields.Nested(
-            user_ref_fields, description="The owner user", readonly=True, allow_null=True
-        ),
-        "created_at": fields.ISODateTime(description="The post creation date", readonly=True),
-        "last_modified": fields.ISODateTime(
-            description="The post last modification date", readonly=True
-        ),
-        "published": fields.ISODateTime(description="The post publication date", readonly=True),
-        "body_type": fields.String(description="HTML or markdown body type", default="markdown"),
-        "uri": fields.String(
-            attribute=lambda p: p.self_api_url(),
-            description="The API URI for this post",
-            readonly=True,
-        ),
-        "page": fields.String(
-            attribute=lambda p: p.self_web_url(),
-            description="The post web page URL",
-            readonly=True,
-        ),
-    },
-    mask="*,datasets{id,title,acronym,uri,page},reuses{id,title,image,image_thumbnail,uri,page}",
-)
-
-post_page_fields = api.model("PostPage", fields.pager(post_fields))
-
-parser = api.page_parser()
-
-parser.add_argument("sort", type=str, location="args", help="The sorting attribute")
+parser = Post.__index_parser__
 parser.add_argument(
     "with_drafts",
     type=bool,
@@ -73,16 +30,13 @@ parser.add_argument(
     location="args",
     help="`True` also returns the unpublished posts (only for super-admins)",
 )
-parser.add_argument(
-    "q", type=str, location="args", help="query string to search through resources titles"
-)
 
 
 @ns.route("/", endpoint="posts")
 class PostsAPI(API):
     @api.doc("list_posts")
     @api.expect(parser)
-    @api.marshal_with(post_page_fields)
+    @api.marshal_with(Post.__page_fields__)
     def get(self):
         """List all posts"""
         args = parser.parse_args()
@@ -92,22 +46,23 @@ class PostsAPI(API):
         if not (AdminPermission().can() and args["with_drafts"]):
             posts = posts.published()
 
-        if args["q"]:
-            phrase_query = " ".join([f'"{elem}"' for elem in args["q"].split(" ")])
-            posts = posts.search_text(phrase_query)
-
-        sort = args["sort"] or ("$text_score" if args["q"] else None) or DEFAULT_SORTING
-        return posts.order_by(sort).paginate(args["page"], args["page_size"])
+        # The search is already handled by apply_sort_filters if searchable=True
+        return Post.apply_pagination(Post.apply_sort_filters(posts))
 
     @api.doc("create_post")
     @api.secure(admin_permission)
-    @api.expect(post_fields)
-    @api.marshal_with(post_fields)
+    @api.expect(Post.__write_fields__)
+    @api.marshal_with(Post.__read_fields__)
     @api.response(400, "Validation error")
     def post(self):
         """Create a post"""
-        form = api.validate(PostForm)
-        return form.save(), 201
+        post = patch(Post(), request)
+
+        if not post.owner:
+            post.owner = current_user._get_current_object()
+
+        post.save()
+        return post, 201
 
 
 @ns.route("/recent.atom", endpoint="recent_posts_atom_feed")
@@ -121,7 +76,7 @@ class PostsAtomFeedAPI(API):
             link=request.url_root,
         )
 
-        posts: list[Post] = Post.objects().published().order_by("-published").limit(15)
+        posts: list[Post] = Post.objects(kind="news").published().order_by("-published").limit(15)
         for post in posts:
             feed.add_item(
                 post.name,
@@ -143,20 +98,20 @@ class PostsAtomFeedAPI(API):
 @api.param("post", "The post ID or slug")
 class PostAPI(API):
     @api.doc("get_post")
-    @api.marshal_with(post_fields)
+    @api.marshal_with(Post.__read_fields__)
     def get(self, post):
         """Get a given post"""
         return post
 
     @api.doc("update_post")
     @api.secure(admin_permission)
-    @api.expect(post_fields)
-    @api.marshal_with(post_fields)
+    @api.expect(Post.__write_fields__)
+    @api.marshal_with(Post.__read_fields__)
     @api.response(400, "Validation error")
     def put(self, post):
         """Update a given post"""
-        form = api.validate(PostForm, post)
-        return form.save()
+        post = patch_and_save(post, request)
+        return post
 
     @api.secure(admin_permission)
     @api.doc("delete_post")
@@ -171,7 +126,7 @@ class PostAPI(API):
 class PublishPostAPI(API):
     @api.secure(admin_permission)
     @api.doc("publish_post")
-    @api.marshal_with(post_fields)
+    @api.marshal_with(Post.__read_fields__)
     def post(self, post):
         """Publish an existing post"""
         post.modify(published=datetime.utcnow())
@@ -179,9 +134,9 @@ class PublishPostAPI(API):
 
     @api.secure(admin_permission)
     @api.doc("unpublish_post")
-    @api.marshal_with(post_fields)
+    @api.marshal_with(Post.__read_fields__)
     def delete(self, post):
-        """Publish an existing post"""
+        """Unpublish an existing post"""
         post.modify(published=None)
         return post
 

udata/core/post/constants.py

@@ -8,5 +8,13 @@ BODY_TYPES = OrderedDict(
     [
         ("markdown", _("Markdown")),
         ("html", _("HTML")),
+        ("blocs", _("Blocs")),
+    ]
+)
+
+POST_KINDS = OrderedDict(
+    [
+        ("news", _("News")),
+        ("page", _("Page")),
     ]
 )

udata/core/post/models.py

@@ -1,12 +1,16 @@
 from flask import url_for
 
+from udata.api_fields import field, generate_fields
+from udata.core.dataset.api_fields import dataset_fields
 from udata.core.linkable import Linkable
+from udata.core.pages.models import Page
 from udata.core.storages import default_image_basename, images
+from udata.core.user.api_fields import user_ref_fields
 from udata.i18n import lazy_gettext as _
 from udata.mongo import db
 from udata.uris import cdata_url
 
-from .constants import BODY_TYPES, IMAGE_SIZES
+from .constants import BODY_TYPES, IMAGE_SIZES, POST_KINDS
 
 __all__ = ("Post",)
 
@@ -16,27 +20,97 @@ class PostQuerySet(db.BaseQuerySet):
         return self(published__ne=None).order_by("-published")
 
 
+@generate_fields(
+    searchable=True,
+    additional_sorts=[
+        {"key": "created_at", "value": "created_at"},
+        {"key": "modified", "value": "last_modified"},
+    ],
+    default_sort="-published",
+)
 class Post(db.Datetimed, Linkable, db.Document):
-    name = db.StringField(max_length=255, required=True)
-    slug = db.SlugField(
-        max_length=255, required=True, populate_from="name", update=True, follow=True
+    name = field(
+        db.StringField(max_length=255, required=True),
+        sortable=True,
+        show_as_ref=True,
+    )
+    slug = field(
+        db.SlugField(max_length=255, required=True, populate_from="name", update=True, follow=True),
+        readonly=True,
+    )
+    headline = field(
+        db.StringField(),
+        sortable=True,
+    )
+    content = field(
+        db.StringField(),
+        markdown=True,
+    )
+    content_as_page = field(
+        db.ReferenceField("Page", reverse_delete_rule=db.DENY),
+        nested_fields=Page.__read_fields__,
+        allow_null=True,
+        description="Reference to a Page when body_type is 'blocs'",
+    )
+    image_url = field(
+        db.StringField(),
+    )
+    image = field(
+        db.ImageField(fs=images, basename=default_image_basename, thumbnails=IMAGE_SIZES),
+        readonly=True,
+        thumbnail_info={"size": 100},
     )
-    headline = db.StringField()
-    content = db.StringField(required=True)
-    image_url = db.StringField()
-    image = db.ImageField(fs=images, basename=default_image_basename, thumbnails=IMAGE_SIZES)
 
-    credit_to = db.StringField()
-    credit_url = db.URLField()
+    credit_to = field(
+        db.StringField(),
+        description="An optional credit line (associated to the image)",
+    )
+    credit_url = field(
+        db.URLField(),
+        description="An optional link associated to the credits",
+    )
 
-    tags = db.ListField(db.StringField())
-    datasets = db.ListField(db.ReferenceField("Dataset", reverse_delete_rule=db.PULL))
-    reuses = db.ListField(db.ReferenceField("Reuse", reverse_delete_rule=db.PULL))
+    tags = field(
+        db.ListField(db.StringField()),
+        description="Some keywords to help in search",
+    )
+    datasets = field(
+        db.ListField(
+            field(
+                db.ReferenceField("Dataset", reverse_delete_rule=db.PULL),
+                nested_fields=dataset_fields,
+            )
+        ),
+        description="The post datasets",
+    )
+    reuses = field(
+        db.ListField(db.ReferenceField("Reuse", reverse_delete_rule=db.PULL)),
+        description="The post reuses",
+    )
 
-    owner = db.ReferenceField("User")
-    published = db.DateTimeField()
+    owner = field(
+        db.ReferenceField("User"),
+        nested_fields=user_ref_fields,
+        readonly=True,
+        allow_null=True,
+        description="The owner user",
+    )
+    published = field(
+        db.DateTimeField(),
+        readonly=True,
+        sortable=True,
+        description="The post publication date",
+    )
 
-    body_type = db.StringField(choices=list(BODY_TYPES), default="markdown", required=False)
+    body_type = field(
+        db.StringField(choices=list(BODY_TYPES), default="markdown", required=False),
+    )
+
+    kind = field(
+        db.StringField(choices=list(POST_KINDS), default="news", required=False),
+        filterable={},
+        description="Post kind (news or page)",
+    )
 
     meta = {
         "ordering": ["-created_at"],
@@ -54,17 +128,35 @@ class Post(db.Datetimed, Linkable, db.Document):
 
     verbose_name = _("post")
 
+    def clean(self):
+        if self.body_type == "blocs":
+            if not self.content_as_page:
+                raise db.ValidationError("content_as_page is required when body_type is 'blocs'")
+        else:
+            if not self.content:
+                raise db.ValidationError(
+                    "content is required when body_type is 'markdown' or 'html'"
+                )
+
     def __str__(self):
         return self.name or ""
 
     def self_web_url(self, **kwargs):
-        return cdata_url(f"/posts/{self._link_id(**kwargs)}/", **kwargs)
+        return cdata_url(f"/posts/{self._link_id(**kwargs)}", **kwargs)
 
     def self_api_url(self, **kwargs):
         return url_for(
             "api.post", post=self._link_id(**kwargs), **self._self_api_url_kwargs(**kwargs)
         )
 
+    @field(description="The API URI for this post")
+    def uri(self):
+        return self.self_api_url()
+
+    @field(description="The post web page URL")
+    def page(self):
+        return self.self_web_url()
+
     def count_discussions(self):
         # There are no metrics on Post to store discussions count
         pass

udata/core/post/tests/test_api.py

@@ -1,12 +1,14 @@
 from flask import url_for
 
 from udata.core.dataset.factories import DatasetFactory
+from udata.core.pages.factories import PageFactory
+from udata.core.pages.models import DatasetsListBloc
 from udata.core.post.factories import PostFactory
 from udata.core.post.models import Post
 from udata.core.reuse.factories import ReuseFactory
-from udata.core.user.factories import AdminFactory
+from udata.core.user.factories import AdminFactory, UserFactory
 from udata.tests.api import APITestCase
-from udata.tests.helpers import assert200, assert201, assert204
+from udata.tests.helpers import assert200, assert201, assert204, assert400
 
 
 class PostsAPITest(APITestCase):
@@ -56,9 +58,13 @@ class PostsAPITest(APITestCase):
 
     def test_post_api_get(self):
         """It should fetch a post from the API"""
-        post = PostFactory()
+        admin = AdminFactory()
+        post = PostFactory(owner=admin)
         response = self.get(url_for("api.post", post=post))
         assert200(response)
+        owner = response.json["owner"]
+        assert isinstance(owner, dict)
+        assert owner["id"] == str(admin.id)
 
     def test_post_api_create(self):
         """It should create a post from the API"""
@@ -136,3 +142,134 @@ class PostsAPITest(APITestCase):
 
         post.reload()
         assert post.published is None
+
+    def test_post_api_create_with_empty_credit_url(self):
+        """It should create a post with an empty credit_url (converted to None)"""
+        data = PostFactory.as_dict()
+        data["datasets"] = [str(d.id) for d in data["datasets"]]
+        data["reuses"] = [str(r.id) for r in data["reuses"]]
+        data["credit_url"] = ""
+        self.login(AdminFactory())
+        response = self.post(url_for("api.posts"), data)
+        assert201(response)
+        assert Post.objects.count() == 1
+        post = Post.objects.first()
+        assert post.credit_url is None
+
+    def test_post_api_list_with_drafts_non_admin(self):
+        """Non-admin users should not see drafts even with with_drafts=True"""
+        PostFactory.create_batch(3)
+        PostFactory(published=None)
+
+        self.login(UserFactory())
+        response = self.get(url_for("api.posts", with_drafts=True))
+        assert200(response)
+        assert len(response.json["data"]) == 3
+
+    def test_post_api_create_with_blocs_body_type_and_page(self):
+        """It should create a post with body_type='blocs' when content_as_page is provided"""
+        page = PageFactory()
+        data = PostFactory.as_dict()
+        data["datasets"] = [str(d.id) for d in data["datasets"]]
+        data["reuses"] = [str(r.id) for r in data["reuses"]]
+        data["body_type"] = "blocs"
+        data["content_as_page"] = str(page.id)
+        self.login(AdminFactory())
+        response = self.post(url_for("api.posts"), data)
+        assert201(response)
+        assert Post.objects.count() == 1
+        post = Post.objects.first()
+        assert post.body_type == "blocs"
+        assert post.content_as_page.id == page.id
+
+    def test_post_api_create_with_blocs_body_type_without_page(self):
+        """It should fail to create a post with body_type='blocs' without content_as_page"""
+        data = PostFactory.as_dict()
+        data["datasets"] = [str(d.id) for d in data["datasets"]]
+        data["reuses"] = [str(r.id) for r in data["reuses"]]
+        data["body_type"] = "blocs"
+        self.login(AdminFactory())
+        response = self.post(url_for("api.posts"), data)
+        assert400(response)
+
+    def test_post_api_get_with_blocs_returns_page_blocs(self):
+        """It should return blocs from the associated page when fetching a post"""
+        datasets = DatasetFactory.create_batch(2)
+        bloc = DatasetsListBloc(title="Featured datasets", datasets=datasets)
+        page = PageFactory(blocs=[bloc])
+        post = PostFactory(body_type="blocs", content_as_page=page)
+        response = self.get(url_for("api.post", post=post))
+        assert200(response)
+        assert response.json["body_type"] == "blocs"
+        assert "content_as_page" in response.json
+        page_data = response.json["content_as_page"]
+        assert "blocs" in page_data
+        assert len(page_data["blocs"]) == 1
+        assert page_data["blocs"][0]["class"] == "DatasetsListBloc"
+        assert page_data["blocs"][0]["title"] == "Featured datasets"
+        assert len(page_data["blocs"][0]["datasets"]) == 2
+
+    def test_post_api_update_to_blocs_without_content_as_page(self):
+        """It should fail to update body_type to 'blocs' without providing content_as_page"""
+        post = PostFactory(body_type="markdown")
+        self.login(AdminFactory())
+        response = self.put(url_for("api.post", post=post), {"body_type": "blocs"})
+        assert400(response)
+
+    def test_post_api_update_to_blocs_with_content_as_page(self):
+        """It should update body_type to 'blocs' when content_as_page is provided"""
+        post = PostFactory(body_type="markdown")
+        page = PageFactory()
+        self.login(AdminFactory())
+        response = self.put(
+            url_for("api.post", post=post), {"body_type": "blocs", "content_as_page": str(page.id)}
+        )
+        assert200(response)
+        post.reload()
+        assert post.body_type == "blocs"
+        assert post.content_as_page.id == page.id
+
+    def test_post_api_update_remove_content_as_page_from_blocs_post(self):
+        """It should fail to remove content_as_page from a post with body_type='blocs'"""
+        page = PageFactory()
+        post = PostFactory(body_type="blocs", content_as_page=page)
+        self.login(AdminFactory())
+        response = self.put(url_for("api.post", post=post), {"content_as_page": None})
+        assert400(response)
+
+    def test_post_api_update_body_type_preserves_content_as_page(self):
+        """Switching from 'blocs' to 'markdown' preserves content_as_page so user can switch back"""
+        page = PageFactory()
+        post = PostFactory(body_type="blocs", content_as_page=page)
+        self.login(AdminFactory())
+        response = self.put(url_for("api.post", post=post), {"body_type": "markdown"})
+        assert200(response)
+        post.reload()
+        assert post.body_type == "markdown"
+        assert post.content_as_page.id == page.id
+
+    def test_post_api_filter_by_kind(self):
+        """It should filter posts by kind"""
+        news_post = PostFactory(kind="news")
+        page_post = PostFactory(kind="page")
+
+        response = self.get(url_for("api.posts", kind="news"))
+        assert200(response)
+        assert len(response.json["data"]) == 1
+        assert response.json["data"][0]["id"] == str(news_post.id)
+
+        response = self.get(url_for("api.posts", kind="page"))
+        assert200(response)
+        assert len(response.json["data"]) == 1
+        assert response.json["data"][0]["id"] == str(page_post.id)
+
+    def test_rss_feed_only_returns_news(self):
+        """RSS feed should only return posts with kind=news"""
+        news_post = PostFactory(kind="news")
+        page_post = PostFactory(kind="page")
+
+        response = self.get(url_for("api.recent_posts_atom_feed"))
+        assert200(response)
+        content = response.data.decode("utf-8")
+        assert news_post.name in content
+        assert page_post.name not in content

udata/core/post/tests/test_models.py

@@ -0,0 +1,24 @@
+import mongoengine
+import pytest
+
+from udata.core.pages.factories import PageFactory
+from udata.core.pages.models import Page
+from udata.core.post.factories import PostFactory
+from udata.tests.api import PytestOnlyDBTestCase
+
+
+class PostTest(PytestOnlyDBTestCase):
+    def test_page_deletion_raises_if_reference_still_exists(self):
+        page = PageFactory()
+        post = PostFactory(body_type="blocs", content_as_page=page)
+
+        assert Page.objects().count() == 1
+
+        with pytest.raises(mongoengine.errors.OperationError):
+            page.delete()
+
+        # Delete the post referencing the page before being able to delete the page itself
+        post.delete()
+        page.delete()
+
+        assert Page.objects().count() == 0

udata/core/reports/api.py

@@ -42,6 +42,24 @@ class ReportAPI(API):
     def get(self, report):
         return report
 
+    @api.doc("update_report", responses={400: "Validation error"})
+    @api.secure(admin_permission)
+    @api.expect(Report.__write_fields__)
+    @api.marshal_with(Report.__read_fields__, code=200)
+    def patch(self, report):
+        dismiss_has_changed = (
+            "dismissed_at" in request.json and request.json["dismissed_at"] != report.dismissed_at
+        )
+
+        report = patch(report, request)
+        if dismiss_has_changed:
+            report.dismissed_by = (
+                current_user._get_current_object() if report.dismissed_at else None
+            )
+
+        report.save()
+        return report, 200
+
 
 @ns.route("/reasons/", endpoint="reports_reasons")
 class ReportsReasonsAPI(API):

udata/core/reports/models.py

@@ -2,7 +2,8 @@ from datetime import datetime
 
 from bson import DBRef
 from flask import url_for
-from mongoengine import DO_NOTHING, NULLIFY, signals
+from flask_restx import inputs
+from mongoengine import DO_NOTHING, NULLIFY, Q, signals
 
 from udata.api_fields import field, generate_fields
 from udata.core.user.api_fields import user_ref_fields
@@ -12,7 +13,32 @@ from udata.mongo import db
 from .constants import REPORT_REASONS_CHOICES, REPORTABLE_MODELS
 
 
-@generate_fields()
+class ReportQuerySet(db.BaseQuerySet):
+    def unhandled(self):
+        return self.filter(dismissed_at=None, subject_deleted_at=None)
+
+    def handled(self):
+        return self.filter(Q(dismissed_at__ne=None) | Q(subject_deleted_at__ne=None))
+
+
+def filter_by_handled(base_query, filter_value):
+    if filter_value is True:
+        return base_query.handled()
+    elif filter_value is False:
+        return base_query.unhandled()
+    else:
+        return base_query
+
+
+@generate_fields(
+    standalone_filters=[
+        {
+            "key": "handled",
+            "query": filter_by_handled,
+            "type": inputs.boolean,
+        },
+    ],
+)
 class Report(db.Document):
     by = field(
         db.ReferenceField(User, reverse_delete_rule=NULLIFY),
@@ -44,8 +70,22 @@ class Report(db.Document):
     reported_at = field(
         db.DateTimeField(default=datetime.utcnow, required=True),
         readonly=True,
+        sortable=True,
     )
 
+    dismissed_at = field(
+        db.DateTimeField(),
+    )
+    dismissed_by = field(
+        db.ReferenceField(User, reverse_delete_rule=NULLIFY),
+        nested_fields=user_ref_fields,
+        allow_null=True,
+    )
+
+    meta = {
+        "queryset_class": ReportQuerySet,
+    }
+
     @field(description="Link to the API endpoint for this report")
     def self_api_url(self):
         return url_for("api.report", report=self, _external=True)

udata/core/reuse/api.py

@@ -15,6 +15,7 @@ from udata.core.badges.fields import badge_fields
 from udata.core.dataservices.models import Dataservice
 from udata.core.dataset.api_fields import dataset_ref_fields
 from udata.core.followers.api import FollowAPI
+from udata.core.legal.mails import add_send_legal_notice_argument, send_legal_notice_on_deletion
 from udata.core.organization.models import Organization
 from udata.core.reuse.constants import REUSE_TOPICS, REUSE_TYPES
 from udata.core.storages.api import (
@@ -170,6 +171,9 @@ class ReusesAtomFeedAPI(API):
         return response
 
 
+reuse_delete_parser = add_send_legal_notice_argument(api.parser())
+
+
 @ns.route("/<reuse:reuse>/", endpoint="reuse", doc=common_doc)
 @api.response(404, "Reuse not found")
 @api.response(410, "Reuse has been deleted")
@@ -202,12 +206,16 @@ class ReuseAPI(API):
 
     @api.secure
     @api.doc("delete_reuse")
+    @api.expect(reuse_delete_parser)
     @api.response(204, "Reuse deleted")
     def delete(self, reuse):
         """Delete a given reuse"""
+        args = reuse_delete_parser.parse_args()
         if reuse.deleted:
             api.abort(410, "This reuse has been deleted")
         reuse.permissions["delete"].test()
+        send_legal_notice_on_deletion(reuse, args)
+
         reuse.deleted = datetime.utcnow()
         reuse.save()
         return "", 204