udata 7.0.8.dev28841__py2.py3-none-any.whl → 9.0.1.dev29390__py2.py3-none-any.whl

udata/core/dataset/csv.py

@@ -19,6 +19,9 @@ class DatasetCsvAdapter(csv.Adapter):
         ('url', 'external_url'),
         ('organization', 'organization.name'),
         ('organization_id', 'organization.id'),
+        ('owner', 'owner.slug'),  # in case it's owned by a user, or introduce 'owner_type'?
+        ('owner_id', 'owner.id'),
+        # 'contact_point', #  ?
         'description',
         'frequency',
         'license',
@@ -26,19 +29,20 @@ class DatasetCsvAdapter(csv.Adapter):
         'temporal_coverage.end',
         'spatial.granularity',
         ('spatial.zones', serialize_spatial_zones),
-        'private',
         ('featured', lambda o: o.featured or False),
         'created_at',
         'last_modified',
         ('tags', lambda o: ','.join(o.tags)),
         ('archived', lambda o: o.archived or False),
         ('resources_count', lambda o: len(o.resources)),
+        ('main_resources_count', lambda o: len([r for r in o.resources if r.type == 'main'])),
         'downloads',
         ('harvest.backend', lambda r: r.harvest and r.harvest.backend),
         ('harvest.domain', lambda r: r.harvest and r.harvest.domain),
         ('harvest.created_at', lambda r: r.harvest and r.harvest.created_at),
         ('harvest.modified_at', lambda r: r.harvest and r.harvest.modified_at),
         ('quality_score', lambda o: format(o.quality['score'], '.2f')),
+        # schema? what is the schema of a dataset?
     )
 
     def dynamic_fields(self):
@@ -85,6 +89,9 @@ class ResourcesCsvAdapter(csv.NestedAdapter):
         ('downloads', lambda o: int(o.metrics.get('views', 0))),
         ('harvest.created_at', lambda o: o.harvest and o.harvest.created_at),
         ('harvest.modified_at', lambda o: o.harvest and o.harvest.modified_at),
+        ('schema_name', 'schema.name'),
+        ('schema_version', 'schema.version'),
+        ('preview_url', lambda o: o.preview_url or False),
     )
     attribute = 'resources'
 

udata/core/dataset/models.py

@@ -505,6 +505,7 @@ class Dataset(WithMetrics, BadgeMixin, Owned, db.Document):
         'reuses',
         'followers',
         'views',
+        'resources_downloads',
     ]
 
     meta = {

udata/core/dataset/rdf.py

@@ -22,9 +22,10 @@ from udata.frontend.markdown import parse_html
 from udata.core.dataset.models import HarvestDatasetMetadata, HarvestResourceMetadata
 from udata.models import db, ContactPoint
 from udata.rdf import (
-    DCAT, DCT, FREQ, SCV, SKOS, SPDX, SCHEMA, EUFREQ, EUFORMAT, IANAFORMAT, VCARD, RDFS,
-    namespace_manager, schema_from_rdf, url_from_rdf
+    DCAT, DCATAP, DCT, FREQ, SCV, SKOS, SPDX, SCHEMA, EUFREQ, EUFORMAT, IANAFORMAT, VCARD, RDFS,
+    HVD_LEGISLATION, namespace_manager, schema_from_rdf, url_from_rdf
 )
+from udata.tags import slug as slugify_tag
 from udata.utils import get_by, safe_unicode
 from udata.uris import endpoint_for
 
@@ -76,6 +77,17 @@ EU_RDF_REQUENCIES = {
     EUFREQ.NEVER: 'punctual',
 }
 
+# Map High Value Datasets URIs to keyword categories
+EU_HVD_CATEGORIES = {
+    "http://data.europa.eu/bna/c_164e0bf5": "Météorologiques",
+    "http://data.europa.eu/bna/c_a9135398": "Entreprises et propriété d'entreprises",
+    "http://data.europa.eu/bna/c_ac64a52d": "Géospatiales",
+    "http://data.europa.eu/bna/c_b79e35eb": "Mobilité",
+    "http://data.europa.eu/bna/c_dd313021": "Observation de la terre et environnement",
+    "http://data.europa.eu/bna/c_e1da4e07": "Statistiques"
+}
+TAG_TO_EU_HVD_CATEGORIES = {slugify_tag(EU_HVD_CATEGORIES[uri]): uri for uri in EU_HVD_CATEGORIES}
+
 
 class HTMLDetector(HTMLParser):
     def __init__(self, *args, **kwargs):
@@ -131,7 +143,7 @@ def owner_to_rdf(dataset, graph=None):
     return
 
 
-def resource_to_rdf(resource, dataset=None, graph=None):
+def resource_to_rdf(resource, dataset=None, graph=None, is_hvd=False):
     '''
     Map a Resource domain model to a DCAT/RDF graph
     '''
@@ -170,6 +182,9 @@ def resource_to_rdf(resource, dataset=None, graph=None):
         checksum.add(SPDX.algorithm, getattr(SPDX, algorithm))
         checksum.add(SPDX.checksumValue, Literal(resource.checksum.value))
         r.add(SPDX.checksum, checksum)
+    if is_hvd:
+        # DCAT-AP HVD applicable legislation is also expected at the distribution level
+        r.add(DCATAP.applicableLegislation, URIRef(HVD_LEGISLATION))
     return r
 
 
@@ -204,11 +219,20 @@ def dataset_to_rdf(dataset, graph=None):
     if dataset.acronym:
         d.set(SKOS.altLabel, Literal(dataset.acronym))
 
+    # Add DCAT-AP HVD properties if the dataset is tagged hvd.
+    # See https://semiceu.github.io/DCAT-AP/releases/2.2.0-hvd/
+    is_hvd = current_app.config['HVD_SUPPORT'] and 'hvd' in dataset.tags
+    if is_hvd:
+        d.add(DCATAP.applicableLegislation, URIRef(HVD_LEGISLATION))
+
     for tag in dataset.tags:
         d.add(DCAT.keyword, Literal(tag))
+        # Add HVD category if this dataset is tagged HVD
+        if is_hvd and tag in TAG_TO_EU_HVD_CATEGORIES:
+            d.add(DCATAP.hvdCategory, URIRef(TAG_TO_EU_HVD_CATEGORIES[tag]))
 
     for resource in dataset.resources:
-        d.add(DCAT.distribution, resource_to_rdf(resource, dataset, graph))
+        d.add(DCAT.distribution, resource_to_rdf(resource, dataset, graph, is_hvd))
 
     if dataset.temporal_coverage:
         d.set(DCT.temporal, temporal_to_rdf(dataset.temporal_coverage, graph))
@@ -371,23 +395,51 @@ def spatial_from_rdf(graph):
                     else:
                         continue
 
-                    if geojson['type'] == 'Polygon':
-                        geojson['type'] = 'MultiPolygon'
-                        geojson['coordinates'] = [geojson['coordinates']]
-
                     geojsons.append(geojson)
         except Exception as e:
             log.exception(f"Exception during `spatial_from_rdf` for term {term}: {e}", stack_info=True)
 
+    if not geojsons:
+        return None
+
+    # We first try to build a big MultiPolygon with all the spatial coverages found in RDF.
+    # We deduplicate the coordinates because some backend provides the same coordinates multiple
+    # times in different format. We only support in this first pass Polygons and MultiPolygons. Not sure
+    # if there are other types of spatial coverage worth integrating (points? line strings?). But these other
+    # formats are not compatible to be merged in the unique stored representation in MongoDB, we'll deal with them in a second pass.
+    # The merging lose the properties and other information inside the GeoJSON…
+    # Note that having multiple `Polygon` is not really the DCAT way of doing things, the standard require that you use 
+    # a `MultiPolygon` in this case. We support this right now, and wait and see if it raises problems in the future for
+    # people following the standard. (see https://github.com/datagouv/data.gouv.fr/issues/1362#issuecomment-2112774115)
+    polygons = []
     for geojson in geojsons:
-        spatial_coverage = SpatialCoverage(geom=geojson)
-        try:
-            spatial_coverage.clean()
-            return spatial_coverage
-        except ValidationError:
+        if geojson['type'] == 'Polygon':
+            if geojson['coordinates'] not in polygons:
+                polygons.append(geojson['coordinates'])
+        elif geojson['type'] == 'MultiPolygon':
+            for coordinates in geojson['coordinates']:
+                if coordinates not in polygons:
+                    polygons.append(coordinates)
+        else:
+            log.warning(f"Unsupported GeoJSON type '{geojson['type']}'")
             continue
 
-    return None
+    if not polygons:
+        log.warning(f"No supported types found in the GeoJSON data.")
+        return None
+
+    spatial_coverage = SpatialCoverage(geom={
+        'type': 'MultiPolygon',
+        'coordinates': polygons,
+    })
+
+    try:
+        spatial_coverage.clean()
+        return spatial_coverage
+    except ValidationError as e:
+        log.warning(f"Cannot save the spatial coverage {coordinates} (error was {e})")
+        return None
+
 
 def frequency_from_rdf(term):
     if isinstance(term, str):
@@ -469,9 +521,19 @@ def remote_url_from_rdf(rdf):
 
 
 def theme_labels_from_rdf(rdf):
+    '''
+    Get theme labels to use as keywords.
+    Map HVD keywords from known URIs resources if HVD support is activated.
+    '''
     for theme in rdf.objects(DCAT.theme):
         if isinstance(theme, RdfResource):
-            label = rdf_value(theme, SKOS.prefLabel)
+            uri = theme.identifier.toPython()
+            if current_app.config['HVD_SUPPORT'] and uri in EU_HVD_CATEGORIES:
+                label = EU_HVD_CATEGORIES[uri]
+                # Additionnally yield hvd keyword
+                yield 'hvd'
+            else:
+                label = rdf_value(theme, SKOS.prefLabel)
         else:
             label = theme.toPython()
         if label:

udata/core/metrics/commands.py

@@ -5,7 +5,7 @@ import click
 from flask import current_app
 
 from udata.commands import cli, success
-from udata.models import User, Dataset, Reuse, Organization, Site
+from udata.models import User, Dataset, Reuse, Organization, Site, GeoZone
 
 log = logging.getLogger(__name__)
 
@@ -24,11 +24,12 @@ def grp():
               help='Compute datasets metrics')
 @click.option('-r', '--reuses', is_flag=True, help='Compute reuses metrics')
 @click.option('-u', '--users', is_flag=True, help='Compute users metrics')
+@click.option('-g', '--geozones', is_flag=True, help='Compute geo levels metrics')
 @click.option('--drop', is_flag=True, help='Clear old metrics before computing new ones')
 def update(site=False, organizations=False, users=False, datasets=False,
-           reuses=False, drop=False):
+           reuses=False, geozones = False, drop=False):
     '''Update all metrics for the current date'''
-    do_all = not any((site, organizations, users, datasets, reuses))
+    do_all = not any((site, organizations, users, datasets, reuses, geozones))
 
     if do_all or site:
         log.info('Update site metrics')
@@ -114,4 +115,18 @@ def update(site=False, organizations=False, users=False, datasets=False,
                 except Exception as e:
                     log.info(f'Error during update: {e}')
                     continue
+
+    if do_all or geozones:
+        log.info('Update GeoZone metrics')
+        all_geozones = GeoZone.objects.timeout(False)
+        with click.progressbar(all_geozones, length=GeoZone.objects.count()) as geozones_bar:
+            for geozone in geozones_bar:
+                try:
+                    if drop:
+                        geozone.metrics.clear()
+                    geozone.count_datasets()
+                except Exception as e:
+                    log.info(f'Error during update: {e}')
+                    continue
+
     success('All metrics have been updated')

udata/core/metrics/models.py

@@ -1,5 +1,4 @@
-from datetime import date, timedelta
-
+from udata.api_fields import field
 from udata.mongo import db
 
 
@@ -7,7 +6,7 @@ __all__ = ('WithMetrics',)
 
 
 class WithMetrics(object):
-    metrics = db.DictField()
+    metrics = field(db.DictField())
 
     __metrics_keys__ = []
 

udata/core/organization/api_fields.py

@@ -1,5 +1,8 @@
+from flask import request
+
 from udata.api import api, fields, base_reference
 from udata.core.badges.fields import badge_fields
+from udata.core.organization.permissions import OrganizationPrivatePermission
 
 from .constants import ORG_ROLES, DEFAULT_ROLE, MEMBERSHIP_STATUS, BIGGEST_LOGO_SIZE
 
@@ -27,9 +30,29 @@ org_ref_fields = api.inherit('OrganizationReference', base_reference, {
 
 from udata.core.user.api_fields import user_ref_fields  # noqa: required
 
+def check_can_access_email():
+    # This endpoint is secure, only organization member has access.
+    if request.endpoint == 'api.request_membership':
+        return True
+
+    if request.endpoint != 'api.organization':
+        return False
+
+    org = request.view_args.get('org')
+    if org is None:
+        return False
+    
+    return OrganizationPrivatePermission(org).can()
+
+member_user_with_email_fields = api.inherit('MemberUserWithEmail', user_ref_fields, {
+    'email': fields.Raw(
+        attribute=lambda o: o.email if check_can_access_email() else None,
+        description='The user email (only present on show organization endpoint if the current user has edit permission on the org)', readonly=True),
+})
+
 request_fields = api.model('MembershipRequest', {
     'id': fields.String(readonly=True),
-    'user': fields.Nested(user_ref_fields),
+    'user': fields.Nested(member_user_with_email_fields),
     'created': fields.ISODateTime(
         description='The request creation date', readonly=True),
     'status': fields.String(
@@ -40,10 +63,12 @@ request_fields = api.model('MembershipRequest', {
 })
 
 member_fields = api.model('Member', {
-    'user': fields.Nested(user_ref_fields),
+    'user': fields.Nested(member_user_with_email_fields),
     'role': fields.String(
         description='The member role in the organization', required=True,
-        enum=list(ORG_ROLES), default=DEFAULT_ROLE)
+        enum=list(ORG_ROLES), default=DEFAULT_ROLE),
+    'since': fields.ISODateTime(
+        description='The date the user joined the organization', readonly=True),
 })
 
 org_fields = api.model('Organization', {

udata/core/organization/csv.py

@@ -15,18 +15,20 @@ class OrganizationCsvAdapter(csv.Adapter):
         ('url', 'external_url'),
         'description',
         ('logo', lambda o: o.logo(external=True)),
-        ('badges', lambda o: [badge.kind for badge in o.badges]),
+        ('badges', lambda o: ','.join([badge.kind for badge in o.badges])),
         'created_at',
         'last_modified',
+        'business_number_id',
+        ('members_count', lambda o: len(o.members)),
     )
 
     def dynamic_fields(self):
         return csv.metric_fields(Organization) + self.get_dynamic_field_downloads()
-    
+
     def get_dynamic_field_downloads(self):
         downloads_counts = self.get_downloads_counts()
         return [('downloads', lambda o: downloads_counts.get(str(o.id), 0))]
-    
+
     def get_downloads_counts(self):
         '''
         Prefetch all the resources' downloads for all selected organization into memory

udata/core/organization/models.py

@@ -5,9 +5,11 @@ from blinker import Signal
 from mongoengine.signals import pre_save, post_save
 from werkzeug.utils import cached_property
 
+from udata.core.badges.models import BadgeMixin
+from udata.core.metrics.models import WithMetrics
 from udata.core.storages import avatars, default_image_basename
 from udata.frontend.markdown import mdstrip
-from udata.models import db, BadgeMixin, WithMetrics
+from udata.mongo import db
 from udata.i18n import lazy_gettext as _
 from udata.uris import endpoint_for
 from .constants import ASSOCIATION, CERTIFIED, COMPANY, LOCAL_AUTHORITY, LOGO_SIZES, ORG_BID_SIZE_LIMIT, ORG_ROLES, DEFAULT_ROLE, MEMBERSHIP_STATUS, LOGO_MAX_SIZE, PUBLIC_SERVICE

udata/core/owned.py

@@ -4,7 +4,15 @@ from blinker import signal
 from mongoengine import NULLIFY, Q, post_save
 from mongoengine.fields import ReferenceField
 
+from udata.api_fields import field
+from udata.core.organization.models import Organization
+from udata.core.user.models import User
 from udata.mongo.queryset import UDataQuerySet
+from udata.core.user.api_fields import user_ref_fields
+from udata.core.organization.api_fields import org_ref_fields
+from udata.core.organization.permissions import OrganizationPrivatePermission
+from udata.mongo.errors import FieldValidationError
+from udata.i18n import lazy_gettext as _
 
 log = logging.getLogger(__name__)
 
@@ -15,14 +23,42 @@ class OwnedQuerySet(UDataQuerySet):
         for owner in owners:
             qs |= Q(owner=owner) | Q(organization=owner)
         return self(qs)
+    
+def check_owner_is_current_user(owner):
+    from udata.auth import current_user, admin_permission
+    if current_user.is_authenticated and owner and not admin_permission and current_user.id != owner:
+        raise FieldValidationError(_('You can only set yourself as owner'), field="owner")
+
+def check_organization_is_valid_for_current_user(organization):
+    from udata.auth import current_user
+    from udata.models import Organization
+
+    org = Organization.objects(id=organization).first()
+    if org is None:
+        raise FieldValidationError(_("Unknown organization"), field="organization")
+
+    if current_user.is_authenticated and org and not OrganizationPrivatePermission(org).can():
+        raise FieldValidationError(_("Permission denied for this organization"), field="organization")
 
 
 class Owned(object):
     '''
     A mixin to factorize owning behvaior between users and organizations.
     '''
-    owner = ReferenceField('User', reverse_delete_rule=NULLIFY)
-    organization = ReferenceField('Organization', reverse_delete_rule=NULLIFY)
+    owner = field(
+        ReferenceField(User, reverse_delete_rule=NULLIFY),
+        nested_fields=user_ref_fields,
+        description="Only present if organization is not set. Can only be set to the current authenticated user.",
+        check=check_owner_is_current_user,
+        allow_null=True,
+    )
+    organization = field(
+        ReferenceField(Organization, reverse_delete_rule=NULLIFY),
+        nested_fields=org_ref_fields,
+        description="Only present if owner is not set. Can only be set to an organization of the current authenticated user.",
+        check=check_organization_is_valid_for_current_user,
+        allow_null=True,
+    )
 
     on_owner_change = signal('Owned.on_owner_change')
 
@@ -38,6 +74,7 @@ class Owned(object):
         '''
         Verify owner consistency and fetch original owner before the new one erase it.
         '''
+
         changed_fields = self._get_changed_fields()
         if 'organization' in changed_fields and 'owner' in changed_fields:
             # Ownership changes (org to owner or the other way around) have already been made

udata/core/reuse/csv.py

@@ -15,10 +15,13 @@ class ReuseCsvAdapter(csv.Adapter):
         ('remote_url', 'url'),
         ('organization', 'organization.name'),
         ('organization_id', 'organization.id'),
+        ('owner', 'owner.slug'),  # in case it's owned by a user
+        ('owner_id', 'owner.id'),
         ('image', lambda r: r.image(external=True)),
         ('featured', lambda r: r.featured or False),
         'created_at',
         'last_modified',
+        'topic',
         ('tags', lambda r: ','.join(r.tags)),
         ('datasets', lambda r: ','.join([str(d.id) for d in r.datasets])),
     )

udata/core/site/api.py

@@ -105,7 +105,10 @@ class SiteRdfCatalogFormat(API):
         params = multi_to_dict(request.args)
         page = int(params.get('page', 1))
         page_size = int(params.get('page_size', 100))
-        datasets = Dataset.objects.visible().paginate(page, page_size)
+        datasets = Dataset.objects.visible()
+        if 'tag' in params:
+            datasets = datasets.filter(tags=params.get('tag', ''))
+        datasets = datasets.paginate(page, page_size)
         catalog = build_catalog(current_site, datasets, format=format)
         # bypass flask-restplus make_response, since graph_response
         # is handling the content negociation directly

udata/core/spatial/api.py

@@ -85,7 +85,7 @@ dataset_parser.add_argument(
     location='args', default=25)
 
 
-@ns.route('/zones/<pathlist:ids>/', endpoint='zones')
+@ns.route('/zones/<list:ids>/', endpoint='zones')
 class ZonesAPI(API):
     @api.doc('spatial_zones',
              params={'ids': 'A zone identifiers list (comma separated)'})
@@ -101,7 +101,7 @@ class ZonesAPI(API):
         }
 
 
-@ns.route('/zone/<path:id>/datasets/', endpoint='zone_datasets')
+@ns.route('/zone/<id>/datasets/', endpoint='zone_datasets')
 class ZoneDatasetsAPI(API):
     @api.doc('spatial_zone_datasets', params={'id': 'A zone identifier'})
     @api.expect(dataset_parser)
@@ -118,7 +118,7 @@ class ZoneDatasetsAPI(API):
         return datasets
 
 
-@ns.route('/zone/<path:id>/', endpoint='zone')
+@ns.route('/zone/<id>/', endpoint='zone')
 class ZoneAPI(API):
     @api.doc('spatial_zone', params={'id': 'A zone identifier'})
     def get(self, id):
@@ -152,7 +152,7 @@ class SpatialGranularitiesAPI(API):
         } for id, name in spatial_granularities]
 
 
-@ns.route('/coverage/<path:level>/', endpoint='spatial_coverage')
+@ns.route('/coverage/<level>/', endpoint='spatial_coverage')
 class SpatialCoverageAPI(API):
     @api.doc('spatial_coverage')
     @api.marshal_list_with(feature_collection_fields)
@@ -162,11 +162,6 @@ class SpatialCoverageAPI(API):
         features = []
 
         for zone in GeoZone.objects(level=level.id):
-            # fetch nested levels IDs
-            ids = []
-            ids.append(zone.id)
-            # Count datasets in zone
-            nb_datasets = Dataset.objects(spatial__zones__in=ids).count()
             features.append({
                 'id': zone.id,
                 'type': 'Feature',
@@ -174,7 +169,7 @@ class SpatialCoverageAPI(API):
                     'name': _(zone.name),
                     'code': zone.code,
                     'uri': zone.uri,
-                    'datasets': nb_datasets
+                    'datasets': zone.metrics.get('datasets', 0)
                 }
             })
 

udata/core/spatial/models.py

@@ -3,6 +3,7 @@ from werkzeug.local import LocalProxy
 from werkzeug.utils import cached_property
 
 from udata.app import cache
+from udata.core.metrics.models import WithMetrics
 from udata.uris import endpoint_for
 from udata.i18n import _, get_locale, language
 from udata.mongo import db
@@ -21,7 +22,6 @@ class GeoLevel(db.Document):
                               max_value=ADMIN_LEVEL_MAX,
                               default=100)
 
-
 class GeoZoneQuerySet(db.BaseQuerySet):
 
     def resolve(self, geoid, id_only=False):
@@ -40,7 +40,7 @@ class GeoZoneQuerySet(db.BaseQuerySet):
         return result.id if id_only and result else result
 
 
-class GeoZone(db.Document):
+class GeoZone(WithMetrics, db.Document):
     SEPARATOR = ':'
 
     id = db.StringField(primary_key=True)
@@ -101,6 +101,11 @@ class GeoZone(db.Document):
     def external_url(self):
         return endpoint_for('territories.territory', territory=self, _external=True)
 
+    def count_datasets(self):
+        from udata.models import Dataset
+        self.metrics['datasets'] = Dataset.objects(spatial__zones=self.id).visible().count()
+        self.save()
+
     def toGeoJSON(self):
         return {
             'id': self.id,

udata/core/spatial/tasks.py

@@ -0,0 +1,7 @@
+from udata.core.spatial.models import GeoZone
+from udata.tasks import job
+
+@job('compute-geozones-metrics')
+def compute_geozones_metrics(self):
+    for geozone in GeoZone.objects.timeout(False):
+        geozone.count_datasets()

udata/core/spatial/tests/test_api.py

@@ -10,6 +10,7 @@ from udata.core.dataset.factories import DatasetFactory
 from udata.core.spatial.factories import (
     SpatialCoverageFactory, GeoZoneFactory, GeoLevelFactory
 )
+from udata.core.spatial.tasks import compute_geozones_metrics
 
 
 class SpatialApiTest(APITestCase):
@@ -229,6 +230,31 @@ class SpatialApiTest(APITestCase):
             'features': [],
         })
 
+    def test_coverage_datasets_count(self):
+        GeoLevelFactory(id='fr:commune')
+        paris = GeoZoneFactory(
+            id='fr:commune:75056', level='fr:commune',
+            name='Paris', code='75056')
+        arles = GeoZoneFactory(
+            id='fr:commune:13004', level='fr:commune',
+            name='Arles', code='13004')
+
+        for _ in range(3):
+            DatasetFactory(
+                spatial=SpatialCoverageFactory(zones=[paris.id]))
+        for _ in range(2):
+            DatasetFactory(
+                spatial=SpatialCoverageFactory(zones=[arles.id]))
+                    
+        compute_geozones_metrics()
+
+        response = self.get(url_for('api.spatial_coverage', level='fr:commune'))
+        self.assert200(response)
+        self.assertEqual(response.json['features'][0]['id'], 'fr:commune:13004')
+        self.assertEqual(response.json['features'][0]['properties']['datasets'], 2)
+        self.assertEqual(response.json['features'][1]['id'], 'fr:commune:75056')
+        self.assertEqual(response.json['features'][1]['properties']['datasets'], 3)
+
 
 class SpatialTerritoriesApiTest(APITestCase):
     modules = []

udata/core/user/api.py

@@ -226,6 +226,7 @@ class UserListAPI(API):
     fields = user_fields
     form = UserProfileForm
 
+    @api.secure(admin_permission)
     @api.doc('list_users')
     @api.expect(user_parser.parser)
     @api.marshal_with(user_page_fields)
@@ -269,6 +270,12 @@ class UserAvatarAPI(API):
         return {'image': user.avatar}
 
 
+
+delete_parser = api.parser()
+delete_parser.add_argument(
+    'no_mail', type=bool, help='Do not send a mail to notify the user of the deletion',
+    location='args', default=False)
+
 @ns.route('/<user:user>/', endpoint='user')
 @api.response(404, 'User not found')
 @api.response(410, 'User is not active or has been deleted')
@@ -297,22 +304,19 @@ class UserAPI(API):
 
     @api.secure(admin_permission)
     @api.doc('delete_user')
+    @api.expect(delete_parser)
     @api.response(204, 'Object deleted')
     @api.response(403, 'When trying to delete yourself')
     def delete(self, user):
         '''Delete a user given its identifier'''
+        args = delete_parser.parse_args()
         if user.deleted:
             api.abort(410, 'User has already been deleted')
         if user == current_user._get_current_object():
             api.abort(403, 'You cannot delete yourself with this API. ' +
                       'Use the "me" API instead.')
-        if user.avatar.filename is not None:
-            storage = storages.avatars
-            storage.delete(user.avatar.filename)
-            storage.delete(user.avatar.original)
-            for key, value in user.avatar.thumbnails.items():
-                storage.delete(value)
-        user.mark_as_deleted()
+        
+        user.mark_as_deleted(notify=not args['no_mail'])
         return '', 204