udata 8.0.1.dev29075__py2.py3-none-any.whl → 8.0.1.dev29111__py2.py3-none-any.whl

udata/core/dataset/apiv2.py

@@ -8,6 +8,7 @@ from udata import search
 from udata.api import apiv2, API, fields
 from udata.utils import multi_to_dict, get_by
 
+from udata.core.organization.api_fields import member_user_with_email_fields
 from .api_fields import (
     badge_fields,
     org_ref_fields,
@@ -165,6 +166,7 @@ specific_resource_fields = apiv2.model('SpecificResource', {
 apiv2.inherit('Badge', badge_fields)
 apiv2.inherit('OrganizationReference', org_ref_fields)
 apiv2.inherit('UserReference', user_ref_fields)
+apiv2.inherit('MemberUserWithEmail', member_user_with_email_fields)
 apiv2.inherit('Resource', resource_fields)
 apiv2.inherit('SpatialCoverage', spatial_coverage_fields)
 apiv2.inherit('TemporalCoverage', temporal_coverage_fields)

udata/core/dataset/models.py

@@ -505,6 +505,7 @@ class Dataset(WithMetrics, BadgeMixin, Owned, db.Document):
         'reuses',
         'followers',
         'views',
+        'resources_downloads',
     ]
 
     meta = {

udata/core/organization/api_fields.py

@@ -1,5 +1,8 @@
+from flask import request
+
 from udata.api import api, fields, base_reference
 from udata.core.badges.fields import badge_fields
+from udata.core.organization.permissions import OrganizationPrivatePermission
 
 from .constants import ORG_ROLES, DEFAULT_ROLE, MEMBERSHIP_STATUS, BIGGEST_LOGO_SIZE
 
@@ -27,9 +30,29 @@ org_ref_fields = api.inherit('OrganizationReference', base_reference, {
 
 from udata.core.user.api_fields import user_ref_fields  # noqa: required
 
+def check_can_access_email():
+    # This endpoint is secure, only organization member has access.
+    if request.endpoint == 'api.request_membership':
+        return True
+
+    if request.endpoint != 'api.organization':
+        return False
+
+    org = request.view_args.get('org')
+    if org is None:
+        return False
+    
+    return OrganizationPrivatePermission(org).can()
+
+member_user_with_email_fields = api.inherit('MemberUserWithEmail', user_ref_fields, {
+    'email': fields.Raw(
+        attribute=lambda o: o.email if check_can_access_email() else None,
+        description='The user email (only present on show organization endpoint if the current user has edit permission on the org)', readonly=True),
+})
+
 request_fields = api.model('MembershipRequest', {
     'id': fields.String(readonly=True),
-    'user': fields.Nested(user_ref_fields),
+    'user': fields.Nested(member_user_with_email_fields),
     'created': fields.ISODateTime(
         description='The request creation date', readonly=True),
     'status': fields.String(
@@ -40,10 +63,12 @@ request_fields = api.model('MembershipRequest', {
 })
 
 member_fields = api.model('Member', {
-    'user': fields.Nested(user_ref_fields),
+    'user': fields.Nested(member_user_with_email_fields),
     'role': fields.String(
         description='The member role in the organization', required=True,
-        enum=list(ORG_ROLES), default=DEFAULT_ROLE)
+        enum=list(ORG_ROLES), default=DEFAULT_ROLE),
+    'since': fields.ISODateTime(
+        description='The date the user joined the organization', readonly=True),
 })
 
 org_fields = api.model('Organization', {

udata/tests/api/test_organizations_api.py

@@ -191,8 +191,7 @@ class MembershipAPITest:
         user = api.login()
         data = {'comment': 'a comment'}
 
-        api_url = url_for('api.request_membership', org=organization)
-        response = api.post(api_url, data)
+        response = api.post(url_for('api.request_membership', org=organization), data)
         assert201(response)
 
         organization.reload()
@@ -209,14 +208,13 @@ class MembershipAPITest:
         assert request.handled_by is None
         assert request.refusal_comment is None
 
-    def test_request_existing_pending_membership(self, api):
+    def test_request_existing_pending_membership_do_not_duplicate_it(self, api):
         user = api.login()
         previous_request = MembershipRequest(user=user, comment='previous')
         organization = OrganizationFactory(requests=[previous_request])
         data = {'comment': 'a comment'}
 
-        api_url = url_for('api.request_membership', org=organization)
-        response = api.post(api_url, data)
+        response = api.post(url_for('api.request_membership', org=organization), data)
         assert200(response)
 
         organization.reload()
@@ -233,6 +231,81 @@ class MembershipAPITest:
         assert request.handled_by is None
         assert request.refusal_comment is None
 
+    def test_get_membership_requests(self, api):
+        user = api.login()
+        applicant = UserFactory(email="thibaud@example.org")
+        membership_request = MembershipRequest(user=applicant, comment='test')
+        member = Member(user=user, role='admin')
+        organization = OrganizationFactory(
+            members=[member], requests=[membership_request])
+
+        response = api.get(url_for('api.request_membership', org=organization))
+        assert200(response)
+
+        assert len(response.json) == 1
+        assert response.json[0]['comment'] == 'test'
+        assert response.json[0]['user']['email'] == 'thibaud@example.org' # Can see email of applicant
+
+    def test_only_org_member_can_get_membership_requests(self, api):
+        api.login()
+        applicant = UserFactory(email="thibaud@example.org")
+        membership_request = MembershipRequest(user=applicant, comment='test')
+        organization = OrganizationFactory(
+            members=[], requests=[membership_request])
+
+        response = api.get(url_for('api.request_membership', org=organization))
+        assert403(response)
+
+
+    def test_get_members_with_or_without_email(self, api):
+        admin = Member(user=UserFactory(email="admin@example.org"), role='admin', since="2024-04-14")
+        editor = Member(user=UserFactory(email="editor@example.org"), role='editor')
+        other = UserFactory(email="other@example.org")
+
+        organization = OrganizationFactory(members=[admin, editor])
+
+        # Admin can see emails
+        api.login(admin.user)
+        response = api.get(url_for('api.organization', org=organization))
+        assert200(response)
+
+        members = response.json['members']
+        assert len(members) == 2
+        assert members[0]['role'] == 'admin'
+        assert members[0]['since'] == '2024-04-14T00:00:00+00:00'
+        assert members[0]['user']['email'] == 'admin@example.org'
+
+        assert members[1]['role'] == 'editor'
+        assert members[1]['user']['email'] == 'editor@example.org'
+
+        # Editor can see emails
+        api.login(editor.user)
+        response = api.get(url_for('api.organization', org=organization))
+        assert200(response)
+
+        members = response.json['members']
+        assert len(members) == 2
+        assert members[0]['role'] == 'admin'
+        assert members[0]['since'] == '2024-04-14T00:00:00+00:00'
+        assert members[0]['user']['email'] == 'admin@example.org'
+
+        assert members[1]['role'] == 'editor'
+        assert members[1]['user']['email'] == 'editor@example.org'
+        
+        # Others cannot see emails
+        api.login(other)
+        response = api.get(url_for('api.organization', org=organization))
+        assert200(response)
+
+        members = response.json['members']
+        assert len(members) == 2
+        assert members[0]['role'] == 'admin'
+        assert members[0]['since'] == '2024-04-14T00:00:00+00:00'
+        assert members[0]['user']['email'] is None
+
+        assert members[1]['role'] == 'editor'
+        assert members[1]['user']['email'] is None
+
     def test_accept_membership(self, api):
         user = api.login()
         applicant = UserFactory()

{udata-8.0.1.dev29075.dist-info → udata-8.0.1.dev29111.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: udata
-Version: 8.0.1.dev29075
+Version: 8.0.1.dev29111
 Summary: Open data portal
 Home-page: https://github.com/opendatateam/udata
 Author: Opendata Team
@@ -143,6 +143,8 @@ It is collectively taken care of by members of the
 - Delete a user without sending mail [#3031](https://github.com/opendatateam/udata/pull/3031)
 - Convert known HVD categories used as theme to keywords [#3014](https://github.com/opendatateam/udata/pull/3014)
 - Allow for series in CSW ISO 19139 DCAT backend [#3028](https://github.com/opendatateam/udata/pull/3028)
+- Add `email` to membership request list API response, add `since` to org members API responses, add `email` to members of org on show org endpoint for org's admins and editors [#3038](https://github.com/opendatateam/udata/pull/3038)
+- Add `resources_downloads` to datasets metrics [#3042](https://github.com/opendatateam/udata/pull/3042)
 - Fix do not override resources extras on admin during update [#3043](https://github.com/opendatateam/udata/pull/3043) 
 
 ## 8.0.0 (2024-04-23)

{udata-8.0.1.dev29075.dist-info → udata-8.0.1.dev29111.dist-info}/RECORD

@@ -86,7 +86,7 @@ udata/core/dataset/actions.py,sha256=3pzBg_qOR-w7fwPpTOKUHXWC9lkjALbOn1UQFmmT-s0
 udata/core/dataset/activities.py,sha256=qQnHNL0hOB1IGtQl7JsnVOiUsWT0gm-pts9uDyR3bvU,1536
 udata/core/dataset/api.py,sha256=C6EGhJswCb2hHfKigbxFQbfzpzgvWm8VD3c4O-ZQFso,28789
 udata/core/dataset/api_fields.py,sha256=Cgd_BPlAhP0nTzocOZWWEM-LvKcgCxYE2x00oAiKFYM,15405
-udata/core/dataset/apiv2.py,sha256=XzEwtmC53Mw0mq8NEMCD2cN52pCmrUkPu0adUj4wGyw,15751
+udata/core/dataset/apiv2.py,sha256=NmfixLd7Q8WNEAKxpJWubD2QzsxgJwJo69z8kNtU__Y,15896
 udata/core/dataset/commands.py,sha256=dbK7gMYH4G6pOPiYtmL3yomzg5MGqTaG97_UM9Smu_k,3712
 udata/core/dataset/constants.py,sha256=Twml-I5mGiIdTkiDV1D4bXqi_TcNhcEc-QFxorUKHM4,3138
 udata/core/dataset/csv.py,sha256=d6JMuvlov_vR7EN10rJa6Q03Il0PfbzMTHQIud5H8qg,3240
@@ -94,7 +94,7 @@ udata/core/dataset/events.py,sha256=DI71VfRc1eDTtgWQ3TJx5gtUw2MO0O_CVLCKLq0OIF0,
 udata/core/dataset/exceptions.py,sha256=uI_NvZRZMr_MtYQBYdLD8tk-BIUeDDfMMcrWwqV7mi8,494
 udata/core/dataset/factories.py,sha256=fHPgEUUpqGw7p7K5wGg-wA6Q0-Pc9eNbzAQK-va8zMM,9120
 udata/core/dataset/forms.py,sha256=VJCsGtgzhQgLW-M-J4ObpQ8o6c_saC3TTc1Js33m3sQ,6188
-udata/core/dataset/models.py,sha256=Z9Sqf-Aly67BB5ESwz3H4qxJvG3zy03Goz6enL55HyE,36022
+udata/core/dataset/models.py,sha256=q6AknSHYNjeUyVKoFgxEA0r9lSvMa_a4tJ3fLOzL03M,36053
 udata/core/dataset/permissions.py,sha256=3F2J7le3_rEYNhh88o3hSRWHAAt01_yHJM6RPmvCrRo,1090
 udata/core/dataset/preview.py,sha256=puPKT3fBD7ezAcT6owh0JK1_rGNDFZOqgT223qGn3LY,2597
 udata/core/dataset/rdf.py,sha256=y4XBB8nlm_xmqwWGrtiRJj3UZT8DtzCREw4jchOaGsg,23731
@@ -133,7 +133,7 @@ udata/core/metrics/tasks.py,sha256=Z7La3-zPB5j6qJoPKr_MgjNZhqscZCmNLPa711ZBkdY,7
 udata/core/organization/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 udata/core/organization/activities.py,sha256=fOBujmduVoTxJph2C6Z4qHeQHOaJT9IsZooEDCWC4BA,1140
 udata/core/organization/api.py,sha256=K9Lnps_gxxt_z1ImLZDBnY1eeh6Zpl7x50YoXcPzJ_k,17479
-udata/core/organization/api_fields.py,sha256=UV3DE7DoWvrRs2k-VnuJ2c7-mMTt93eVX8o-K_9IvXQ,5403
+udata/core/organization/api_fields.py,sha256=Xotv1Eqd3fnxhlC0cssSEG4mfiRfLKPQK_k07V1hmDc,6370
 udata/core/organization/apiv2.py,sha256=VAU_y9Zz-VhBgS-LWVbGOEZdSt3b44nZd5bzTV2wU8g,3206
 udata/core/organization/commands.py,sha256=FaSYxyWfQDR5tWvrAXmwcF2VMREOC13XTK8DD4vp_sY,1623
 udata/core/organization/constants.py,sha256=XGVnItrJTG0hcVKRK5sPmx44KHC9r_EKtj_y0MmBt0o,563
@@ -592,7 +592,7 @@ udata/tests/api/test_datasets_api.py,sha256=zqRtC61NvYUNum4kBTjA1W87JAIobA4k564r
 udata/tests/api/test_fields.py,sha256=OW85Z5MES5HeWOpapeem8OvR1cIcrqW-xMWpdZO4LZ8,1033
 udata/tests/api/test_follow_api.py,sha256=0h54P_Dfbo07u6tg0Rbai1WWgWb19ZLN2HGv4oLCWfg,3383
 udata/tests/api/test_me_api.py,sha256=8OthqVYQKZrFoGuJ7zAvoLJx1IclPNzPdD5Tnzmh3rM,14163
-udata/tests/api/test_organizations_api.py,sha256=HxeTqP14wlWGaQt4fpQljuRy98HWnmL1QelcxbJDmV0,32704
+udata/tests/api/test_organizations_api.py,sha256=buE1KdGIoJxfsj-ofz5CkMtgnARi38bXWR1jgPRkMzo,35732
 udata/tests/api/test_reuses_api.py,sha256=GSoZ6SBRdMg6o0xKSQWtCSfvzqz_vZxERU567Rq1_GY,17009
 udata/tests/api/test_swagger.py,sha256=tLg452rCD5Q0AgFXOVZKMM6jGiWwC5diX5PxbdYni0o,760
 udata/tests/api/test_tags_api.py,sha256=xSIx_x5gqKz6BJCXKEsTqA_CR4BF1nG5NxEyfp9dy0o,2579
@@ -681,9 +681,9 @@ udata/translations/pt/LC_MESSAGES/udata.mo,sha256=uttB2K8VsqzkEQG-5HfTtFms_3LtV9
 udata/translations/pt/LC_MESSAGES/udata.po,sha256=8Ql1Lp7Z9KLnvp-qRxw-NhFu1p35Xj-q6Jg9JHsYhcw,43733
 udata/translations/sr/LC_MESSAGES/udata.mo,sha256=US8beNIMPxP5h-zD_jfP1TheDDd4DdRVS5UIiY5XVZ8,28553
 udata/translations/sr/LC_MESSAGES/udata.po,sha256=TM0yMDvKRljyOzgZZMlTX6OfpF6OC4Ngf_9Zc8n6ayA,50313
-udata-8.0.1.dev29075.dist-info/LICENSE,sha256=V8j_M8nAz8PvAOZQocyRDX7keai8UJ9skgmnwqETmdY,34520
-udata-8.0.1.dev29075.dist-info/METADATA,sha256=AnoJN4HbSzM1xVKvqFAVB6Q8vEk4z1ZjQ9i97S5_cCI,122815
-udata-8.0.1.dev29075.dist-info/WHEEL,sha256=DZajD4pwLWue70CAfc7YaxT1wLUciNBvN_TTcvXpltE,110
-udata-8.0.1.dev29075.dist-info/entry_points.txt,sha256=3SKiqVy4HUqxf6iWspgMqH8d88Htk6KoLbG1BU-UddQ,451
-udata-8.0.1.dev29075.dist-info/top_level.txt,sha256=39OCg-VWFWOq4gCKnjKNu-s3OwFlZIu_dVH8Gl6ndHw,12
-udata-8.0.1.dev29075.dist-info/RECORD,,
+udata-8.0.1.dev29111.dist-info/LICENSE,sha256=V8j_M8nAz8PvAOZQocyRDX7keai8UJ9skgmnwqETmdY,34520
+udata-8.0.1.dev29111.dist-info/METADATA,sha256=8XbLmQfd-YkSgFDbbzJshQ6nlUUnYZ9btLKZfcCfteI,123154
+udata-8.0.1.dev29111.dist-info/WHEEL,sha256=DZajD4pwLWue70CAfc7YaxT1wLUciNBvN_TTcvXpltE,110
+udata-8.0.1.dev29111.dist-info/entry_points.txt,sha256=3SKiqVy4HUqxf6iWspgMqH8d88Htk6KoLbG1BU-UddQ,451
+udata-8.0.1.dev29111.dist-info/top_level.txt,sha256=39OCg-VWFWOq4gCKnjKNu-s3OwFlZIu_dVH8Gl6ndHw,12
+udata-8.0.1.dev29111.dist-info/RECORD,,