studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-03-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
1d9c2a81181840191c01b7b4ef9492ab749c9fc1
docs/src/backend/core/api/viewsets.py

2296 lines
83 KiB
Python
Raw Normal View History

✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
"""API endpoints"""
🚸(backend) use unaccented full name for user search We have the user full name through OIDC in the database, but the search only used the email field. This change allows to search for a user by their first and/or last name (fix #929). Given that user names are more likely than emails to include diacritics, it unaccents both the query and the database entry for search (fix #1091). It also unaccents for email so that internationalized domain names are managed whether or not the accent is included in the search. An unaccented gin index is added on users full_name an email fields. Using a manual migration because a wrapper around unaccent is necessary to make it IMMUTABLE (cf. https://stackoverflow.com/questions/9063402/ )
2025-11-19 14:49:24 +01:00
✨(backend) annotate number of accesses on documents The new UI will display the number of accesses on each document. /!\ Once team accesses will be used, this will not represent the number of people with access anymore and will have to be improved by computing the number of people in each team.
2024-11-09 18:33:48 +01:00
# pylint: disable=too-many-lines
🚨(backend) fix linting issues after upgrading The last upgrades introduced some linting issues. This commit fixes them.
2024-08-20 16:42:27 +02:00
♻️(convert) reuse existing convert yprovider endpoint for content API reuse convert service instead of renaming it in content
2025-07-24 14:08:18 +02:00
import base64
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
import json
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
import logging
✨(backend) allow uploading images as attachments to a document We only rely on S3 to store attachments for a document. Nothing is persisted in the database as the image media urls will be stored in the document json.
2024-08-19 22:35:48 +02:00
import uuid
♻️(backend) optimize refactoring access abilities and fix inheritance The latest refactoring in a445278 kept some factorizations that are not legit anymore after the refactoring. It is also cleaner to not make serializer choice in the list view if the reason for this choice is related to something else b/c other views would then use the wrong serializer and that would be a security leak. This commit also fixes a bug in the access rights inheritance: if a user is allowed to see accesses on a document, he should see all acesses related to ancestors, even the ancestors that he can not read. This is because the access that was granted on all ancestors also apply on the current document... so it must be displayed. Lastly, we optimize database queries because the number of accesses we fetch is going up with multi-pages and we were generating a lot of useless queries.
2025-05-02 18:30:12 +02:00
from collections import defaultdict
♻️(back) return the media-check url on the attachment_upload response We want to have the media-check url returned on the attachment-upload response instead of the media url directly. The front will know the endpoint to use to check the media status.
2025-05-21 15:09:40 +02:00
from urllib.parse import unquote, urlencode, urlparse
✨(backend) allow uploading images as attachments to a document We only rely on S3 to store attachments for a document. Nothing is persisted in the database as the image media urls will be stored in the document json.
2024-08-19 22:35:48 +02:00
from django.conf import settings
✨(models/api) add RBAC on templates linking accesses to a team name We want to be able to control who can access a template via roles. I added this feature on the TeamAccess model assuming that the teams to which a user belongs can be retrieved via a `get_teams` method on the user model. The idea is that this method will get the teams either via a call to an external API or directly from the OIDC token upon user login. This list of teams will probably have to be cached for each user.
2024-03-03 08:49:27 +01:00
from django.contrib.postgres.aggregates import ArrayAgg
🚸(backend) improve users similarity search and sort results In some edge cases, the domain part the email addresse is longer than the name part. Users searches by email similarity then return a lot of unsorted results. We can improve this by being more demanding on similarity when the query looks like an email. Sorting results by the similarity score is also an obvious improvement. At the moment, we still think it is good to propose results with a weak similarity on the name part because we want to avoid as much as possible creating duplicate users by inviting one of is many emails, a user who is already in our database. Fixes 399
2024-11-06 08:09:05 +01:00
from django.contrib.postgres.search import TrigramSimilarity
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
from django.core.cache import cache
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
from django.core.exceptions import ValidationError
✨(backend) allow uploading images as attachments to a document We only rely on S3 to store attachments for a document. Nothing is persisted in the database as the image media urls will be stored in the document json.
2024-08-19 22:35:48 +02:00
from django.core.files.storage import default_storage
♻️(back) validate url used in cors_proxy endpoint The url used by the cors_proxy was not validated, other value than a http url can be used. We use the built in URLValidator to validate it is a valid url.
2025-08-25 16:15:16 +02:00
from django.core.validators import URLValidator
🐛(backend) race condition create doc When 2 docs are created almost at the same time, the second one will fail because the first one. We get a unicity error on the path key already used ("impress_document_path_key"). To fix this issue, we will lock the table the time to create the document, the next query will wait for the lock to be released.
2025-02-12 10:13:41 +01:00
from django.db import connection, transaction
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
from django.db import models as db
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
from django.db.models.expressions import RawSQL
🚸(backend) use unaccented full name for user search We have the user full name through OIDC in the database, but the search only used the email field. This change allows to search for a user by their first and/or last name (fix #929). Given that user names are more likely than emails to include diacritics, it unaccents both the query and the database entry for search (fix #1091). It also unaccents for email so that internationalized domain names are managed whether or not the accent is included in the search. An unaccented gin index is added on users full_name an email fields. Using a manual migration because a wrapper around unaccent is necessary to make it IMMUTABLE (cf. https://stackoverflow.com/questions/9063402/ )
2025-11-19 14:49:24 +01:00
from django.db.models.functions import Greatest, Left, Length
✨(back) create a cors proxy fetching docs external resources When exporting a document in PDF and if the doc contains external resources, we want to fetch them using a proxy bypassing CORS restrictions. To ensure this endpoint is not used for something else than fetching urls contains in the doc, we use access control and check if the url really exists in the document.
2025-03-10 10:11:38 +01:00
from django.http import Http404, StreamingHttpResponse
♻️(back) return the media-check url on the attachment_upload response We want to have the media-check url returned on the attachment-upload response instead of the media url directly. The front will know the endpoint to use to check the media status.
2025-05-21 15:09:40 +02:00
from django.urls import reverse
✨(backend) implement thread and reactions API In order to use comment we also have to implement a thread and reactions API. A thread has multiple comments and comments can have multiple reactions.
2025-09-12 15:28:25 +02:00
from django.utils import timezone
🐛(backend) allow creating accesses when privileged by heritage We took the opportunity of this bug to refactor serializers and permissions as advised one day by @qbey: no permission checks in serializers.
2025-05-06 09:41:16 +02:00
from django.utils.functional import cached_property
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
from django.utils.text import capfirst, slugify
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
from django.utils.translation import gettext_lazy as _
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
✨(back) create a cors proxy fetching docs external resources When exporting a document in PDF and if the doc contains external resources, we want to fetch them using a proxy bypassing CORS restrictions. To ensure this endpoint is not used for something else than fetching urls contains in the doc, we use access control and check if the url really exists in the document.
2025-03-10 10:11:38 +01:00
import requests
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
import rest_framework as drf
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
from botocore.exceptions import ClientError
➕(back) install and configure django csp (#1085) We want to protect all requests from django with content security policy header. We use the djang-csp library and configure it with default values. Fixes #1000
2025-06-30 10:42:48 +02:00
from csp.constants import NONE
from csp.decorators import csp_update
✨(backend) manage uploaded file status and call to malware detection In the attachment_upload method, the status in the file metadata to processing and the malware_detection backend is called. We check in the media_auth if the status is ready in order to accept the request.
2025-05-05 16:01:12 +02:00
from lasuite.malware_detection import malware_detection
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
from rest_framework import filters, status, viewsets
✨(backend) add server-to-server API endpoint to create documents We want trusted external applications to be able to create documents via the API on behalf of any user. The user may or may not pre-exist in our database and should be notified of the document creation by email.
2024-12-01 11:25:01 +01:00
from rest_framework import response as drf_response
✨(backend) add public endpoint /api/v1.0/config/ Add public endpoint /api/v1.0/config/ to share some public configuration values.
2024-11-15 09:29:07 +01:00
from rest_framework.permissions import AllowAny
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
✨(backend) give an order to choices We are going to need to compare choices to materialize the fact that choices are ordered. For example an admin role is higer than an editor role but lower than an owner role. We will need this to compute the reach and role resulting from all the document accesses (resp. link accesses) assigned on a document's ancestors.
2025-04-23 22:47:24 +02:00
from core import authentication, choices, enums, models
🚸(backend) use unaccented full name for user search We have the user full name through OIDC in the database, but the search only used the email field. This change allows to search for a user by their first and/or last name (fix #929). Given that user names are more likely than emails to include diacritics, it unaccents both the query and the database entry for search (fix #1091). It also unaccents for email so that internationalized domain names are managed whether or not the accent is included in the search. An unaccented gin index is added on users full_name an email fields. Using a manual migration because a wrapper around unaccent is necessary to make it IMMUTABLE (cf. https://stackoverflow.com/questions/9063402/ )
2025-11-19 14:49:24 +01:00
from core.api.filters import remove_accents
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
from core.services.ai_services import AIService
✨(backend) notify collaboration server When an access is updated or removed, the collaboration server is notified to reset the access connection; by being disconnected, the accesses will automatically reconnect by passing by the ngnix subrequest, and so get the good rights. We do the same system when the document link is updated, except here we reset every access connection.
2024-11-28 16:35:48 +01:00
from core.services.collaboration_services import CollaborationService
♻️(convert) reuse existing convert yprovider endpoint for content API reuse convert service instead of renaming it in content
2025-07-24 14:08:18 +02:00
from core.services.converter_services import (
✨(api) add API route to fetch document content This allows API users to process document content, enabling the use of Docs as a headless CMS for instance, or any kind of document processing. Fixes #1206.
2025-07-24 02:31:50 +02:00
ServiceUnavailableError as YProviderServiceUnavailableError,
)
♻️(convert) reuse existing convert yprovider endpoint for content API reuse convert service instead of renaming it in content
2025-07-24 14:08:18 +02:00
from core.services.converter_services import (
✨(api) add API route to fetch document content This allows API users to process document content, enabling the use of Docs as a headless CMS for instance, or any kind of document processing. Fixes #1206.
2025-07-24 02:31:50 +02:00
ValidationError as YProviderValidationError,
)
♻️(convert) reuse existing convert yprovider endpoint for content API reuse convert service instead of renaming it in content
2025-07-24 14:08:18 +02:00
from core.services.converter_services import (
YdocConverter,
✨(api) add API route to fetch document content This allows API users to process document content, enabling the use of Docs as a headless CMS for instance, or any kind of document processing. Fixes #1206.
2025-07-24 02:31:50 +02:00
)
✨(backend) send email to admins when user ask for access When a user requests access to a document, an email is sent to the admins and owners of the document.
2025-06-20 15:24:46 +02:00
from core.tasks.mail import send_ask_for_access_mail
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
from core.utils import extract_attachments, filter_descendants
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
from . import permissions, serializers, utils
🐛(backend) validate user search input data Only the input data min length was checked. We also have to check the mex length because the levenshtein dos not accept more than 254 characters and the email field has a max length of 254
2025-09-08 16:12:55 +02:00
from .filters import DocumentFilter, ListDocumentFilter, UserSearchFilter
🛂(backend) stop throttling collaboration servers We observe some throttling pick here and there. We observed that when the collaboration has a problem, it is retrying to connect, leading to more requests to the django backend. At one point, the throttling is reached and the user would not be able to use the application anymore. Now when the request comes from a collaboration server, we do not throttle it anymore.
2025-12-12 09:24:04 +01:00
from .throttling import (
DocumentThrottle,
UserListThrottleBurst,
UserListThrottleSustained,
)
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
logger = logging.getLogger(__name__)
♻️(backend) refactor post hackathon to a first working version This project was copied and hacked to make a POC in a 2-day hackathon. We need to clean and refactor things in order to get a first version of the product we want.
2024-02-09 19:32:12 +01:00
# pylint: disable=too-many-ancestors
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
class NestedGenericViewSet(viewsets.GenericViewSet):
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
"""
A generic Viewset aims to be used in a nested route context.
e.g: `/api/v1.0/resource_1/<resource_1_pk>/resource_2/<resource_2_pk>/`
It allows to define all url kwargs and lookup fields to perform the lookup.
"""
lookup_fields: list[str] = ["pk"]
lookup_url_kwargs: list[str] = []
def __getattribute__(self, item):
"""
This method is overridden to allow to get the last lookup field or lookup url kwarg
when accessing the `lookup_field` or `lookup_url_kwarg` attribute. This is useful
to keep compatibility with all methods used by the parent class `GenericViewSet`.
"""
if item in ["lookup_field", "lookup_url_kwarg"]:
return getattr(self, item + "s", [None])[-1]
return super().__getattribute__(item)
def get_queryset(self):
"""
Get the list of items for this view.
`lookup_fields` attribute is enumerated here to perform the nested lookup.
"""
queryset = super().get_queryset()
# The last lookup field is removed to perform the nested lookup as it corresponds
# to the object pk, it is used within get_object method.
lookup_url_kwargs = (
self.lookup_url_kwargs[:-1]
if self.lookup_url_kwargs
else self.lookup_fields[:-1]
)
filter_kwargs = {}
for index, lookup_url_kwarg in enumerate(lookup_url_kwargs):
if lookup_url_kwarg not in self.kwargs:
raise KeyError(
f"Expected view {self.__class__.__name__} to be called with a URL "
f'keyword argument named "{lookup_url_kwarg}". Fix your URL conf, or '
"set the `.lookup_fields` attribute on the view correctly."
)
filter_kwargs.update(
{self.lookup_fields[index]: self.kwargs[lookup_url_kwarg]}
)
return queryset.filter(**filter_kwargs)
class SerializerPerActionMixin:
"""
A mixin to allow to define serializer classes for each action.
This mixin is useful to avoid to define a serializer class for each action in the
`get_serializer_class` method.
♻️(backend) generalize use of SerializerPerActionMixin in viewsets We improve the serializer and generalize its use for clarity.
2025-01-17 19:50:03 +01:00
Example:
```
class MyViewSet(SerializerPerActionMixin, viewsets.GenericViewSet):
serializer_class = MySerializer
list_serializer_class = MyListSerializer
retrieve_serializer_class = MyRetrieveSerializer
```
"""
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
def get_serializer_class(self):
"""
Return the serializer class to use depending on the action.
"""
♻️(backend) generalize use of SerializerPerActionMixin in viewsets We improve the serializer and generalize its use for clarity.
2025-01-17 19:50:03 +01:00
if serializer_class := getattr(self, f"{self.action}_serializer_class", None):
return serializer_class
return super().get_serializer_class()
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
class Pagination(drf.pagination.PageNumberPagination):
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
"""Pagination to display no more than 100 objects per page sorted by creation date."""
ordering = "-created_on"
🔧(backend) bump maximum page size to 200 The new UI with infinite scroll calls for longer pages which we are able to produce thanks to the many optimizations on the list view.
2025-01-17 17:15:17 +01:00
max_page_size = 200
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
page_size_query_param = "page_size"
class UserViewSet(
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
drf.mixins.UpdateModelMixin, viewsets.GenericViewSet, drf.mixins.ListModelMixin
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
):
"""User ViewSet"""
permission_classes = [permissions.IsSelf]
🐛(backend) stop returning inactive users on the list endpoint inactive users should not be returned as we don't want users to be able to share new documents with them.
2025-02-13 00:00:13 +01:00
queryset = models.User.objects.filter(is_active=True)
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
serializer_class = serializers.UserSerializer
🔒️(back) remove pagination and limit to 5 for user list endpoint The user list endpoint does not use anymore a pagination, the results is directly return in a list and the max results returned is limited to 5. In order to modify this limit the settings API_USERS_LIST_LIMIT is used.
2025-03-21 09:55:19 +01:00
pagination_class = None
🔒️(back) throttle user list endpoint The user list endpoint is throttle to avoid users discovery. The throttle is set to 500 requests per day. This can be changed using the settings API_USERS_LIST_THROTTLE_RATE.
2025-03-21 10:39:11 +01:00
throttle_classes = []
def get_throttles(self):
self.throttle_classes = []
if self.action == "list":
self.throttle_classes = [UserListThrottleBurst, UserListThrottleSustained]
return super().get_throttles()
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
✨(backend) search users We need to search users by their email. For that we will use the trigram similarity algorithm provided by PostgreSQL. To use it we have to activate the pg_trgm extension in postgres db. To query the email we will use the query param `q`. We have another query param `document_id`, it is necessary to exclude the users that have already access to the document.
2024-05-29 14:48:12 +02:00
def get_queryset(self):
"""
Limit listed users by querying the email field with a trigram similarity
search if a query is provided.
Limit listed users by excluding users already in the document if a document_id
is provided.
"""
queryset = self.queryset
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
if self.action != "list":
return queryset
✨(backend) search users We need to search users by their email. For that we will use the trigram similarity algorithm provided by PostgreSQL. To use it we have to activate the pg_trgm extension in postgres db. To query the email we will use the query param `q`. We have another query param `document_id`, it is necessary to exclude the users that have already access to the document.
2024-05-29 14:48:12 +02:00
🐛(backend) validate user search input data Only the input data min length was checked. We also have to check the mex length because the levenshtein dos not accept more than 254 characters and the email field has a max length of 254
2025-09-08 16:12:55 +02:00
filterset = UserSearchFilter(
self.request.GET, queryset=queryset, request=self.request
)
if not filterset.is_valid():
raise drf.exceptions.ValidationError(filterset.errors)
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
# Exclude all users already in the given document
🔒️(back) remove pagination and limit to 5 for user list endpoint The user list endpoint does not use anymore a pagination, the results is directly return in a list and the max results returned is limited to 5. In order to modify this limit the settings API_USERS_LIST_LIMIT is used.
2025-03-21 09:55:19 +01:00
if document_id := self.request.query_params.get("document_id", ""):
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
queryset = queryset.exclude(documentaccess__document_id=document_id)
✨(backend) search users We need to search users by their email. For that we will use the trigram similarity algorithm provided by PostgreSQL. To use it we have to activate the pg_trgm extension in postgres db. To query the email we will use the query param `q`. We have another query param `document_id`, it is necessary to exclude the users that have already access to the document.
2024-05-29 14:48:12 +02:00
🐛(backend) validate user search input data Only the input data min length was checked. We also have to check the mex length because the levenshtein dos not accept more than 254 characters and the email field has a max length of 254
2025-09-08 16:12:55 +02:00
filter_data = filterset.form.cleaned_data
🚸(backend) use unaccented full name for user search We have the user full name through OIDC in the database, but the search only used the email field. This change allows to search for a user by their first and/or last name (fix #929). Given that user names are more likely than emails to include diacritics, it unaccents both the query and the database entry for search (fix #1091). It also unaccents for email so that internationalized domain names are managed whether or not the accent is included in the search. An unaccented gin index is added on users full_name an email fields. Using a manual migration because a wrapper around unaccent is necessary to make it IMMUTABLE (cf. https://stackoverflow.com/questions/9063402/ )
2025-11-19 14:49:24 +01:00
query = remove_accents(filter_data["q"])
🚸(backend) improve users similarity search and sort results In some edge cases, the domain part the email addresse is longer than the name part. Users searches by email similarity then return a lot of unsorted results. We can improve this by being more demanding on similarity when the query looks like an email. Sorting results by the similarity score is also an obvious improvement. At the moment, we still think it is good to propose results with a weak similarity on the name part because we want to avoid as much as possible creating duplicate users by inviting one of is many emails, a user who is already in our database. Fixes 399
2024-11-06 08:09:05 +01:00
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
# For emails, match emails by Levenstein distance to prevent typing errors
if "@" in query:
return (
queryset.annotate(
🚸(backend) use unaccented full name for user search We have the user full name through OIDC in the database, but the search only used the email field. This change allows to search for a user by their first and/or last name (fix #929). Given that user names are more likely than emails to include diacritics, it unaccents both the query and the database entry for search (fix #1091). It also unaccents for email so that internationalized domain names are managed whether or not the accent is included in the search. An unaccented gin index is added on users full_name an email fields. Using a manual migration because a wrapper around unaccent is necessary to make it IMMUTABLE (cf. https://stackoverflow.com/questions/9063402/ )
2025-11-19 14:49:24 +01:00
distance=RawSQL(
"levenshtein(unaccent(email::text), %s::text)", (query,)
)
🚸(backend) improve users similarity search and sort results In some edge cases, the domain part the email addresse is longer than the name part. Users searches by email similarity then return a lot of unsorted results. We can improve this by being more demanding on similarity when the query looks like an email. Sorting results by the similarity score is also an obvious improvement. At the moment, we still think it is good to propose results with a weak similarity on the name part because we want to avoid as much as possible creating duplicate users by inviting one of is many emails, a user who is already in our database. Fixes 399
2024-11-06 08:09:05 +01:00
)
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
.filter(distance__lte=3)
🔒️(back) remove pagination and limit to 5 for user list endpoint The user list endpoint does not use anymore a pagination, the results is directly return in a list and the max results returned is limited to 5. In order to modify this limit the settings API_USERS_LIST_LIMIT is used.
2025-03-21 09:55:19 +01:00
.order_by("distance", "email")[: settings.API_USERS_LIST_LIMIT]
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
)
🚸(backend) improve users similarity search and sort results In some edge cases, the domain part the email addresse is longer than the name part. Users searches by email similarity then return a lot of unsorted results. We can improve this by being more demanding on similarity when the query looks like an email. Sorting results by the similarity score is also an obvious improvement. At the moment, we still think it is good to propose results with a weak similarity on the name part because we want to avoid as much as possible creating duplicate users by inviting one of is many emails, a user who is already in our database. Fixes 399
2024-11-06 08:09:05 +01:00
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
# Use trigram similarity for non-email-like queries
# For performance reasons we filter first by similarity, which relies on an
# index, then only calculate precise similarity scores for sorting purposes
🚸(backend) use unaccented full name for user search We have the user full name through OIDC in the database, but the search only used the email field. This change allows to search for a user by their first and/or last name (fix #929). Given that user names are more likely than emails to include diacritics, it unaccents both the query and the database entry for search (fix #1091). It also unaccents for email so that internationalized domain names are managed whether or not the accent is included in the search. An unaccented gin index is added on users full_name an email fields. Using a manual migration because a wrapper around unaccent is necessary to make it IMMUTABLE (cf. https://stackoverflow.com/questions/9063402/ )
2025-11-19 14:49:24 +01:00
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
return (
🚸(backend) use unaccented full name for user search We have the user full name through OIDC in the database, but the search only used the email field. This change allows to search for a user by their first and/or last name (fix #929). Given that user names are more likely than emails to include diacritics, it unaccents both the query and the database entry for search (fix #1091). It also unaccents for email so that internationalized domain names are managed whether or not the accent is included in the search. An unaccented gin index is added on users full_name an email fields. Using a manual migration because a wrapper around unaccent is necessary to make it IMMUTABLE (cf. https://stackoverflow.com/questions/9063402/ )
2025-11-19 14:49:24 +01:00
queryset.annotate(
sim_email=TrigramSimilarity("email", query),
sim_name=TrigramSimilarity("full_name", query),
)
.annotate(similarity=Greatest("sim_email", "sim_name"))
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
.filter(similarity__gt=0.2)
🚸(backend) use unaccented full name for user search We have the user full name through OIDC in the database, but the search only used the email field. This change allows to search for a user by their first and/or last name (fix #929). Given that user names are more likely than emails to include diacritics, it unaccents both the query and the database entry for search (fix #1091). It also unaccents for email so that internationalized domain names are managed whether or not the accent is included in the search. An unaccented gin index is added on users full_name an email fields. Using a manual migration because a wrapper around unaccent is necessary to make it IMMUTABLE (cf. https://stackoverflow.com/questions/9063402/ )
2025-11-19 14:49:24 +01:00
.order_by("-similarity")[: settings.API_USERS_LIST_LIMIT]
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
)
✨(backend) search users We need to search users by their email. For that we will use the trigram similarity algorithm provided by PostgreSQL. To use it we have to activate the pg_trgm extension in postgres db. To query the email we will use the query param `q`. We have another query param `document_id`, it is necessary to exclude the users that have already access to the document.
2024-05-29 14:48:12 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
detail=False,
methods=["get"],
url_name="me",
url_path="me",
permission_classes=[permissions.IsAuthenticated],
)
def get_me(self, request):
"""
Return information on currently logged user
"""
context = {"request": request}
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
self.serializer_class(request.user, context=context).data
)
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
class ResourceAccessViewsetMixin:
"""Mixin with methods common to all access viewsets."""
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
♻️(backend) refactor resource access viewset The document viewset was overriding the get_queryset method from its own mixin. This was a sign that the mixin was not optimal anymore. In the next commit I will need to complexify it further so it's time to refactor the mixin.
2025-04-12 09:11:33 +02:00
def filter_queryset(self, queryset):
"""Override to filter on related resource."""
queryset = super().filter_queryset(queryset)
return queryset.filter(**{self.resource_field_name: self.kwargs["resource_id"]})
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
def get_serializer_context(self):
"""Extra context provided to the serializer class."""
context = super().get_serializer_context()
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
context["resource_id"] = self.kwargs["resource_id"]
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
return context
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
class DocumentMetadata(drf.metadata.SimpleMetadata):
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
"""Custom metadata class to add information"""
def determine_metadata(self, request, view):
"""Add language choices only for the list endpoint."""
simple_metadata = super().determine_metadata(request, view)
if request.path.endswith("/documents/"):
simple_metadata["actions"]["POST"]["language"] = {
"choices": [
{"value": code, "display_name": name}
for code, name in enums.ALL_LANGUAGES.items()
]
}
return simple_metadata
✨(backend) add API endpoint to move a document in the document tree Only administrators or owners of a document can move it to a target document for which they are also administrator or owner. We allow different moving modes: - first-child: move the document as the first child of the target - last-child: move the document as the last child of the target - first-sibling: move the document as the first sibling of the target - last-sibling: move the document as the last sibling of the target - left: move the document as sibling ordered just before the target - right: move the document as sibling ordered just after the target The whole subtree below the document that is being moved, moves as well and remains below the document after it is moved.
2025-01-02 23:15:03 +01:00
# pylint: disable=too-many-public-methods
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
class DocumentViewSet(
♻️(backend) generalize use of SerializerPerActionMixin in viewsets We improve the serializer and generalize its use for clarity.
2025-01-17 19:50:03 +01:00
SerializerPerActionMixin,
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
drf.mixins.CreateModelMixin,
drf.mixins.DestroyModelMixin,
drf.mixins.UpdateModelMixin,
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
viewsets.GenericViewSet,
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
):
✨(backend) add creator field on document and allow filtering on it We want to be able to limit the documents displayed on a logged-in user's list view by the documents they created or by the documents that other users created. This is different from having the "owner" role on a document because this can be acquired and even lost. What we want here is to be able to identify documents by the user who created them so we add a new field.
2024-11-12 16:28:34 +01:00
"""
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
DocumentViewSet API.
This view set provides CRUD operations and additional actions for managing documents.
Supports filtering, ordering, and annotations for enhanced querying capabilities.
### API Endpoints:
1. **List**: Retrieve a paginated list of documents.
Example: GET /documents/?page=2
2. **Retrieve**: Get a specific document by its ID.
Example: GET /documents/{id}/
3. **Create**: Create a new document.
Example: POST /documents/
4. **Update**: Update a document by its ID.
Example: PUT /documents/{id}/
5. **Delete**: Soft delete a document by its ID.
Example: DELETE /documents/{id}/
### Additional Actions:
1. **Trashbin**: List soft deleted documents for a document owner
Example: GET /documents/{id}/trashbin/
2. **Children**: List or create child documents.
Example: GET, POST /documents/{id}/children/
3. **Versions List**: Retrieve version history of a document.
Example: GET /documents/{id}/versions/
4. **Version Detail**: Get or delete a specific document version.
Example: GET, DELETE /documents/{id}/versions/{version_id}/
5. **Favorite**: Get list of favorite documents for a user. Mark or unmark
a document as favorite.
Examples:
- GET /documents/favorite/
- POST, DELETE /documents/{id}/favorite/
6. **Create for Owner**: Create a document via server-to-server on behalf of a user.
Example: POST /documents/create-for-owner/
7. **Link Configuration**: Update document link configuration.
Example: PUT /documents/{id}/link-configuration/
8. **Attachment Upload**: Upload a file attachment for the document.
Example: POST /documents/{id}/attachment-upload/
9. **Media Auth**: Authorize access to document media.
Example: GET /documents/media-auth/
🔥(back) remove collaboration-auth endpoint We don't need anymore the collaboration-auth endpoint. Every code related to it is removed.
2025-03-25 15:04:47 +01:00
10. **AI Transform**: Apply a transformation action on a piece of text with AI.
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
Example: POST /documents/{id}/ai-transform/
Expected data:
- text (str): The input text.
- action (str): The transformation type, one of [prompt, correct, rephrase, summarize].
Returns: JSON response with the processed text.
Throttled by: AIDocumentRateThrottle, AIUserRateThrottle.
🔥(back) remove collaboration-auth endpoint We don't need anymore the collaboration-auth endpoint. Every code related to it is removed.
2025-03-25 15:04:47 +01:00
11. **AI Translate**: Translate a piece of text with AI.
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
Example: POST /documents/{id}/ai-translate/
Expected data:
- text (str): The input text.
- language (str): The target language, chosen from settings.LANGUAGES.
Returns: JSON response with the translated text.
Throttled by: AIDocumentRateThrottle, AIUserRateThrottle.
### Ordering: created_at, updated_at, is_favorite, title
Example:
- Ascending: GET /api/v1.0/documents/?ordering=created_at
✏️(project) fix typo Fix and improve typos in the codebase.
2025-05-26 10:27:17 +02:00
- Descending: GET /api/v1.0/documents/?ordering=-title
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
### Filtering:
✨(backend) add creator field on document and allow filtering on it We want to be able to limit the documents displayed on a logged-in user's list view by the documents they created or by the documents that other users created. This is different from having the "owner" role on a document because this can be acquired and even lost. What we want here is to be able to identify documents by the user who created them so we add a new field.
2024-11-12 16:28:34 +01:00
- `is_creator_me=true`: Returns documents created by the current user.
- `is_creator_me=false`: Returns documents created by other users.
✨(backend) allow filtering by documents marked as favorite We recently allowed authenticated users to mark a document as favorite. We were lacking the possibility for users to see only the documents they marked as favorite.
2024-11-13 08:58:12 +01:00
- `is_favorite=true`: Returns documents marked as favorite by the current user
- `is_favorite=false`: Returns documents not marked as favorite by the current user
✨(backend) allow filtering on document titles This is the minimal and fast search feature, while we are working on a full text search based on opensearch. For the moment we only search on the title of the document.
2024-11-15 09:42:27 +01:00
- `title=hello`: Returns documents which title contains the "hello" string
✨(backend) add creator field on document and allow filtering on it We want to be able to limit the documents displayed on a logged-in user's list view by the documents they created or by the documents that other users created. This is different from having the "owner" role on a document because this can be acquired and even lost. What we want here is to be able to identify documents by the user who created them so we add a new field.
2024-11-12 16:28:34 +01:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
Example:
✨(backend) allow filtering by documents marked as favorite We recently allowed authenticated users to mark a document as favorite. We were lacking the possibility for users to see only the documents they marked as favorite.
2024-11-13 08:58:12 +01:00
- GET /api/v1.0/documents/?is_creator_me=true&is_favorite=true
✨(backend) allow filtering on document titles This is the minimal and fast search feature, while we are working on a full text search based on opensearch. For the moment we only search on the title of the document.
2024-11-15 09:42:27 +01:00
- GET /api/v1.0/documents/?is_creator_me=false&title=hello
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
### Annotations:
1. **is_favorite**: Indicates whether the document is marked as favorite by the current user.
2. **user_roles**: Roles the current user has on the document or its ancestors.
### Notes:
- Only the highest ancestor in a document hierarchy is shown in list views.
- Implements soft delete logic to retain document tree structures.
✨(backend) add creator field on document and allow filtering on it We want to be able to limit the documents displayed on a logged-in user's list view by the documents they created or by the documents that other users created. This is different from having the "owner" role on a document because this can be acquired and even lost. What we want here is to be able to identify documents by the user who created them so we add a new field.
2024-11-12 16:28:34 +01:00
"""
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
⚡️(backend) optimize number of queries on document list view I realized most of the database queries made when getting a document list view were to include nested accesses. This detailed information about accesses in only necessary for the document detail view. I introduced a specific serializer for the document list view with less fields. For a list of 20 documents with 5 accesses, we go down from 3x5x20= 300 queries to just 3 queries.
2024-11-09 10:27:21 +01:00
metadata_class = DocumentMetadata
ordering = ["-updated_at"]
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
ordering_fields = ["created_at", "updated_at", "title"]
✨(backend) allow forcing page size within limits We want to be able to increase the page size with by passing the query string parameter "page_size".
2025-02-15 13:16:35 +01:00
pagination_class = Pagination
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
permission_classes = [
🐛(backend) allow creating accesses when privileged by heritage We took the opportunity of this bug to refactor serializers and permissions as advised one day by @qbey: no permission checks in serializers.
2025-05-06 09:41:16 +02:00
permissions.DocumentPermission,
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
]
🛂(backend) stop throttling collaboration servers We observe some throttling pick here and there. We observed that when the collaboration has a problem, it is retrying to connect, leading to more requests to the django backend. At one point, the throttling is reached and the user would not be able to use the application anymore. Now when the request comes from a collaboration server, we do not throttle it anymore.
2025-12-12 09:24:04 +01:00
throttle_classes = [DocumentThrottle]
🔒️(backend) configure throttle on every viewsets We want to configure the throttle on all doc's viewsets. In order to monitor them, we use the MonitoredScopedRateThrottle class and a custom callback caputing the message in sentry at the warning level.
2025-09-05 15:29:08 +02:00
throttle_scope = "document"
🐛(backend) allow creator to delete subpages An editor who created a subpages should be allowed to delete it. We change the abilities to be coherent between the creation and the deletion. Fixes #1193
2025-08-22 14:57:02 +02:00
queryset = models.Document.objects.select_related("creator").all()
⚡️(backend) optimize number of queries on document list view I realized most of the database queries made when getting a document list view were to include nested accesses. This detailed information about accesses in only necessary for the document detail view. I introduced a specific serializer for the document list view with less fields. For a list of 20 documents with 5 accesses, we go down from 3x5x20= 300 queries to just 3 queries.
2024-11-09 10:27:21 +01:00
serializer_class = serializers.DocumentSerializer
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
ai_translate_serializer_class = serializers.AITranslateSerializer
children_serializer_class = serializers.ListDocumentSerializer
✨(backend) add new "descendants" action to document API endpoint We want to be able to make a search query inside a hierchical document. It's elegant to do it as a document detail action so that we benefit from access control.
2025-02-17 10:25:07 +01:00
descendants_serializer_class = serializers.ListDocumentSerializer
♻️(backend) generalize use of SerializerPerActionMixin in viewsets We improve the serializer and generalize its use for clarity.
2025-01-17 19:50:03 +01:00
list_serializer_class = serializers.ListDocumentSerializer
trashbin_serializer_class = serializers.ListDocumentSerializer
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
tree_serializer_class = serializers.ListDocumentSerializer
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
✨(backend) retrieve & update a document taking into account ancestors A document should inherit the access rights a user has on any of its ancestors.
2024-12-17 07:47:23 +01:00
def get_queryset(self):
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
"""Get queryset performing all annotation and filtering on the document tree structure."""
user = self.request.user
✨(backend) retrieve & update a document taking into account ancestors A document should inherit the access rights a user has on any of its ancestors.
2024-12-17 07:47:23 +01:00
queryset = super().get_queryset()
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
# Only list views need filtering and annotation
if self.detail:
return queryset
✨(backend) annotate number of accesses on documents The new UI will display the number of accesses on each document. /!\ Once team accesses will be used, this will not represent the number of people with access anymore and will have to be improved by computing the number of people in each team.
2024-11-09 18:33:48 +01:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
if not user.is_authenticated:
return queryset.none()
queryset = queryset.filter(ancestors_deleted_at__isnull=True)
# Filter documents to which the current user has access...
access_documents_ids = models.DocumentAccess.objects.filter(
db.Q(user=user) | db.Q(team__in=user.teams)
).values_list("document_id", flat=True)
# ...or that were previously accessed and are not restricted
traced_documents_ids = models.LinkTrace.objects.filter(user=user).values_list(
"document_id", flat=True
)
return queryset.filter(
db.Q(id__in=access_documents_ids)
| (
db.Q(id__in=traced_documents_ids)
& ~db.Q(link_reach=models.LinkReachChoices.RESTRICTED)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
)
def filter_queryset(self, queryset):
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
"""Override to apply annotations to generic views."""
queryset = super().filter_queryset(queryset)
♻️(backend) factorize document query set annotation The methods to annotate a document queryset were factorized on the viewset but the correct place is the custom queryset itself now that we have one.
2025-04-12 11:35:36 +02:00
user = self.request.user
queryset = queryset.annotate_is_favorite(user)
queryset = queryset.annotate_user_roles(user)
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
return queryset
♻️(backend) simplify roles by returning only the max role We were returning the list of roles a user has on a document (direct and inherited). Now that we introduced priority on roles, we are able to determine what is the max role and return only this one. This commit also changes the role that is returned for the restricted reach: we now return None because the role is not relevant in this case.
2025-04-25 08:03:12 +02:00
def get_response_for_queryset(self, queryset, context=None):
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
"""Return paginated response for the queryset if requested."""
♻️(backend) simplify roles by returning only the max role We were returning the list of roles a user has on a document (direct and inherited). Now that we introduced priority on roles, we are able to determine what is the max role and return only this one. This commit also changes the role that is returned for the restricted reach: we now return None because the role is not relevant in this case.
2025-04-25 08:03:12 +02:00
context = context or self.get_serializer_context()
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
page = self.paginate_queryset(queryset)
if page is not None:
♻️(backend) simplify roles by returning only the max role We were returning the list of roles a user has on a document (direct and inherited). Now that we introduced priority on roles, we are able to determine what is the max role and return only this one. This commit also changes the role that is returned for the restricted reach: we now return None because the role is not relevant in this case.
2025-04-25 08:03:12 +02:00
serializer = self.get_serializer(page, many=True, context=context)
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
return self.get_paginated_response(serializer.data)
♻️(backend) simplify roles by returning only the max role We were returning the list of roles a user has on a document (direct and inherited). Now that we introduced priority on roles, we are able to determine what is the max role and return only this one. This commit also changes the role that is returned for the restricted reach: we now return None because the role is not relevant in this case.
2025-04-25 08:03:12 +02:00
serializer = self.get_serializer(queryset, many=True, context=context)
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
return drf.response.Response(serializer.data)
def list(self, request, *args, **kwargs):
"""
Returns a DRF response containing the filtered, annotated and ordered document list.
This method applies filtering based on request parameters using `ListDocumentFilter`.
It performs early filtering on model fields, annotates user roles, and removes
descendant documents to keep only the highest ancestors readable by the current user.
"""
♻️(backend) factorize document query set annotation The methods to annotate a document queryset were factorized on the viewset but the correct place is the custom queryset itself now that we have one.
2025-04-12 11:35:36 +02:00
user = self.request.user
# Not calling filter_queryset. We do our own cooking.
queryset = self.get_queryset()
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
filterset = ListDocumentFilter(
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
self.request.GET, queryset=queryset, request=self.request
)
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
if not filterset.is_valid():
raise drf.exceptions.ValidationError(filterset.errors)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
filter_data = filterset.form.cleaned_data
# Filter as early as possible on fields that are available on the model
for field in ["is_creator_me", "title"]:
queryset = filterset.filters[field].filter(queryset, filter_data[field])
✨(backend) list only the first visible parent document for a user Now that we have a tree structure, we should only include parents of a visible subtree in list results.
2024-12-17 07:35:09 +01:00
♻️(backend) factorize document query set annotation The methods to annotate a document queryset were factorized on the viewset but the correct place is the custom queryset itself now that we have one.
2025-04-12 11:35:36 +02:00
queryset = queryset.annotate_user_roles(user)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
# Among the results, we may have documents that are ancestors/descendants
# of each other. In this case we want to keep only the highest ancestors.
root_paths = utils.filter_root_paths(
queryset.order_by("path").values_list("path", flat=True),
skip_sorting=True,
)
queryset = queryset.filter(path__in=root_paths)
✨(backend) list only the first visible parent document for a user Now that we have a tree structure, we should only include parents of a visible subtree in list results.
2024-12-17 07:35:09 +01:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
# Annotate favorite status and filter if applicable as late as possible
♻️(backend) factorize document query set annotation The methods to annotate a document queryset were factorized on the viewset but the correct place is the custom queryset itself now that we have one.
2025-04-12 11:35:36 +02:00
queryset = queryset.annotate_is_favorite(user)
✨(backend) allow masking documents from the list view Once users have visited a document to which they have access, they can't remove it from their list view anymore. Several users reported that this is annoying because a document that gets a lot of updates keeps popping up at the top of their list view. They want to be able to mask the document in a click. We propose to add a "masked documents" section in the left side bar where the masked documents can still be found.
2025-07-13 19:56:07 +02:00
for field in ["is_favorite", "is_masked"]:
queryset = filterset.filters[field].filter(queryset, filter_data[field])
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
✏️(project) automatic typo correction Fix typos in the project.
2025-05-13 16:00:12 +02:00
# Apply ordering only now that everything is filtered and annotated
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
queryset = filters.OrderingFilter().filter_queryset(
self.request, queryset, self
)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
return self.get_response_for_queryset(queryset)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
def retrieve(self, request, *args, **kwargs):
"""
Add a trace that the document was accessed by a user. This is used to list documents
on a user's list view even though the user has no specific role in the document (link
access when the link reach configuration of the document allows it).
"""
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
user = self.request.user
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
instance = self.get_object()
serializer = self.get_serializer(instance)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
# The `create` query generates 5 db queries which are much less efficient than an
# `exists` query. The user will visit the document many times after the first visit
# so that's what we should optimize for.
if (
user.is_authenticated
and not instance.link_traces.filter(user=user).exists()
):
models.LinkTrace.objects.create(document=instance, user=request.user)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(serializer.data)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
🗃️(backend) make document/template creation atomic When creating a new document/template via the API, we add the logged-in user as owner of the created object. This should be done atomically with the object creation to make sure we don't end-up with an orphan object that the creator can't access anymore.
2025-01-27 21:20:16 +01:00
@transaction.atomic
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
def perform_create(self, serializer):
✨(backend) add creator field on document and allow filtering on it We want to be able to limit the documents displayed on a logged-in user's list view by the documents they created or by the documents that other users created. This is different from having the "owner" role on a document because this can be acquired and even lost. What we want here is to be able to identify documents by the user who created them so we add a new field.
2024-11-12 16:28:34 +01:00
"""Set the current user as creator and owner of the newly created object."""
🐛(backend) race condition create doc When 2 docs are created almost at the same time, the second one will fail because the first one. We get a unicity error on the path key already used ("impress_document_path_key"). To fix this issue, we will lock the table the time to create the document, the next query will wait for the lock to be released.
2025-02-12 10:13:41 +01:00
# locks the table to ensure safe concurrent access
with connection.cursor() as cursor:
cursor.execute(
f'LOCK TABLE "{models.Document._meta.db_table}" ' # noqa: SLF001
"IN SHARE ROW EXCLUSIVE MODE;"
)
✨(backend) add django-treebeard to allow tree structure on documents We choose to use Django-treebeard for its quality, performance and stability. Adding tree structure to documents is as simple as inheriting from the MP_Node class.
2024-12-16 16:58:14 +01:00
obj = models.Document.add_root(
creator=self.request.user,
**serializer.validated_data,
)
serializer.instance = obj
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
models.DocumentAccess.objects.create(
document=obj,
user=self.request.user,
role=models.RoleChoices.OWNER,
)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
def perform_destroy(self, instance):
"""Override to implement a soft delete instead of dumping the record in database."""
instance.soft_delete()
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
def _can_user_edit_document(self, document_id, set_cache=False):
"""Check if the user can edit the document."""
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
try:
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
count, exists = CollaborationService().get_document_connection_info(
document_id,
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
self.request.session.session_key,
)
except requests.HTTPError as e:
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
logger.exception("Failed to call collaboration server: %s", e)
count = 0
exists = False
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
if count == 0:
# Nobody is connected to the websocket server
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
logger.debug("update without connection found in the websocket server")
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
cache_key = f"docs:no-websocket:{document_id}"
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
current_editor = cache.get(cache_key)
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
if not current_editor:
if set_cache:
cache.set(
cache_key,
self.request.session.session_key,
settings.NO_WEBSOCKET_CACHE_TIMEOUT,
)
return True
if current_editor != self.request.session.session_key:
return False
if set_cache:
cache.touch(cache_key, settings.NO_WEBSOCKET_CACHE_TIMEOUT)
return True
if exists:
# Current user is connected to the websocket server
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
logger.debug("session key found in the websocket server")
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
return True
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
logger.debug(
"Users connected to the websocket but current editor not connected to it. Can not edit."
)
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
return False
def perform_update(self, serializer):
"""Check rules about collaboration."""
🚩(back) use existing no websocket feature flag An already existing feature flag COLLABORATION_WS_NOT_CONNECTED_READY_ONLY was used bu the frontend application to disable or not the edition for a user not connected to the websocket. We want to reuse it in the backend application to disable or not the no websocket feature.
2025-07-04 10:56:24 +02:00
if (
serializer.validated_data.get("websocket", False)
or not settings.COLLABORATION_WS_NOT_CONNECTED_READY_ONLY
):
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
return super().perform_update(serializer)
if self._can_user_edit_document(serializer.instance.id, set_cache=True):
return super().perform_update(serializer)
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
raise drf.exceptions.PermissionDenied(
"You are not allowed to edit this document."
)
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
@drf.decorators.action(
detail=True,
methods=["get"],
url_path="can-edit",
)
def can_edit(self, request, *args, **kwargs):
"""Check if the current user can edit the document."""
document = self.get_object()
🚩(back) use existing no websocket feature flag An already existing feature flag COLLABORATION_WS_NOT_CONNECTED_READY_ONLY was used bu the frontend application to disable or not the edition for a user not connected to the websocket. We want to reuse it in the backend application to disable or not the no websocket feature.
2025-07-04 10:56:24 +02:00
can_edit = (
True
if not settings.COLLABORATION_WS_NOT_CONNECTED_READY_ONLY
else self._can_user_edit_document(document.id)
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
)
🚩(back) use existing no websocket feature flag An already existing feature flag COLLABORATION_WS_NOT_CONNECTED_READY_ONLY was used bu the frontend application to disable or not the edition for a user not connected to the websocket. We want to reuse it in the backend application to disable or not the no websocket feature.
2025-07-04 10:56:24 +02:00
return drf.response.Response({"can_edit": can_edit})
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
@drf.decorators.action(
detail=False,
methods=["get"],
🔒️(back) restrict access to favorite_list endpoint favorite_list endpoint is accessible to anonymous user. This lead to an error 500. This endpoint should be accessible only to authenticated users.
2025-03-06 15:21:49 +01:00
permission_classes=[permissions.IsAuthenticated],
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
)
def favorite_list(self, request, *args, **kwargs):
"""Get list of favorite documents for the current user."""
user = request.user
favorite_documents_ids = models.DocumentFavorite.objects.filter(
user=user
).values_list("document_id", flat=True)
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
queryset = self.filter_queryset(self.get_queryset())
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
queryset = queryset.filter(id__in=favorite_documents_ids)
return self.get_response_for_queryset(queryset)
@drf.decorators.action(
detail=False,
methods=["get"],
)
def trashbin(self, request, *args, **kwargs):
"""
Retrieve soft-deleted documents for which the current user has the owner role.
The selected documents are those deleted within the cutoff period defined in the
settings (see TRASHBIN_CUTOFF_DAYS), before they are considered permanently deleted.
"""
⚡️(backend) improve trashbin endpoint performance (#1495) The trashbin endpoint is slow. To filter documents the user has owner access, we use a subquery to compute the roles and then filter on this subquery. This is very slow. To improve it, we use the same way to filter children used in the tree endpoint. First we look for all highest ancestors the user has access on with the owner role. Then we create one queryset filtering on all the docs starting by the given path and are deleted.
2025-10-16 17:06:47 +02:00
if not request.user.is_authenticated:
return self.get_response_for_queryset(self.queryset.none())
access_documents_paths = (
models.DocumentAccess.objects.select_related("document")
.filter(
db.Q(user=self.request.user) | db.Q(team__in=self.request.user.teams),
role=models.RoleChoices.OWNER,
)
.values_list("document__path", flat=True)
)
🐛(backend) fix trashbin list Fix listing of deleted documents in trashbin for users without owner access
2025-10-23 12:03:31 +02:00
if not access_documents_paths:
return self.get_response_for_queryset(self.queryset.none())
⚡️(backend) improve trashbin endpoint performance (#1495) The trashbin endpoint is slow. To filter documents the user has owner access, we use a subquery to compute the roles and then filter on this subquery. This is very slow. To improve it, we use the same way to filter children used in the tree endpoint. First we look for all highest ancestors the user has access on with the owner role. Then we create one queryset filtering on all the docs starting by the given path and are deleted.
2025-10-16 17:06:47 +02:00
children_clause = db.Q()
for path in access_documents_paths:
children_clause |= db.Q(path__startswith=path)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
queryset = self.queryset.filter(
⚡️(backend) improve trashbin endpoint performance (#1495) The trashbin endpoint is slow. To filter documents the user has owner access, we use a subquery to compute the roles and then filter on this subquery. This is very slow. To improve it, we use the same way to filter children used in the tree endpoint. First we look for all highest ancestors the user has access on with the owner role. Then we create one queryset filtering on all the docs starting by the given path and are deleted.
2025-10-16 17:06:47 +02:00
children_clause,
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
deleted_at__isnull=False,
deleted_at__gte=models.get_trashbin_cutoff(),
)
♻️(backend) factorize document query set annotation The methods to annotate a document queryset were factorized on the viewset but the correct place is the custom queryset itself now that we have one.
2025-04-12 11:35:36 +02:00
queryset = queryset.annotate_user_roles(self.request.user)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
return self.get_response_for_queryset(queryset)
✨(backend) add server-to-server API endpoint to create documents We want trusted external applications to be able to create documents via the API on behalf of any user. The user may or may not pre-exist in our database and should be notified of the document creation by email.
2024-12-01 11:25:01 +01:00
@drf.decorators.action(
authentication_classes=[authentication.ServerToServerAuthentication],
detail=False,
methods=["post"],
permission_classes=[],
url_path="create-for-owner",
)
🐛(backend) race condition create doc When 2 docs are created almost at the same time, the second one will fail because the first one. We get a unicity error on the path key already used ("impress_document_path_key"). To fix this issue, we will lock the table the time to create the document, the next query will wait for the lock to be released.
2025-02-12 10:13:41 +01:00
@transaction.atomic
✨(backend) add server-to-server API endpoint to create documents We want trusted external applications to be able to create documents via the API on behalf of any user. The user may or may not pre-exist in our database and should be notified of the document creation by email.
2024-12-01 11:25:01 +01:00
def create_for_owner(self, request):
"""
Create a document on behalf of a specified owner (pre-existing user or invited).
"""
🐛(backend) race condition create doc When 2 docs are created almost at the same time, the second one will fail because the first one. We get a unicity error on the path key already used ("impress_document_path_key"). To fix this issue, we will lock the table the time to create the document, the next query will wait for the lock to be released.
2025-02-12 10:13:41 +01:00
# locks the table to ensure safe concurrent access
with connection.cursor() as cursor:
cursor.execute(
f'LOCK TABLE "{models.Document._meta.db_table}" ' # noqa: SLF001
"IN SHARE ROW EXCLUSIVE MODE;"
)
✨(backend) add server-to-server API endpoint to create documents We want trusted external applications to be able to create documents via the API on behalf of any user. The user may or may not pre-exist in our database and should be notified of the document creation by email.
2024-12-01 11:25:01 +01:00
# Deserialize and validate the data
serializer = serializers.ServerCreateDocumentSerializer(data=request.data)
if not serializer.is_valid():
return drf_response.Response(
serializer.errors, status=status.HTTP_400_BAD_REQUEST
)
document = serializer.save()
return drf_response.Response(
{"id": str(document.id)}, status=status.HTTP_201_CREATED
)
✨(backend) add API endpoint to move a document in the document tree Only administrators or owners of a document can move it to a target document for which they are also administrator or owner. We allow different moving modes: - first-child: move the document as the first child of the target - last-child: move the document as the last child of the target - first-sibling: move the document as the first sibling of the target - last-sibling: move the document as the last sibling of the target - left: move the document as sibling ordered just before the target - right: move the document as sibling ordered just after the target The whole subtree below the document that is being moved, moves as well and remains below the document after it is moved.
2025-01-02 23:15:03 +01:00
@drf.decorators.action(detail=True, methods=["post"])
@transaction.atomic
def move(self, request, *args, **kwargs):
"""
Move a document to another location within the document tree.
The user must be an administrator or owner of both the document being moved
and the target parent document.
"""
user = request.user
document = self.get_object() # including permission checks
# Validate the input payload
serializer = serializers.MoveDocumentSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
validated_data = serializer.validated_data
target_document_id = validated_data["target_document_id"]
try:
target_document = models.Document.objects.get(
id=target_document_id, ancestors_deleted_at__isnull=True
)
except models.Document.DoesNotExist:
return drf.response.Response(
{"target_document_id": "Target parent document does not exist."},
status=status.HTTP_400_BAD_REQUEST,
)
position = validated_data["position"]
message = None
♻️(backend) stop requiring owner for non-root documents If root documents are guaranteed to have a owner, non-root documents will automatically have them as owner by inheritance. We should not require non-root documents to have their own direct owner because this will make it difficult to manage access rights when we move documents around or when we want to remove access rights for someone on a document subtree... There should be as few overrides as possible.
2025-05-04 22:16:34 +02:00
owner_accesses = []
✨(backend) add API endpoint to move a document in the document tree Only administrators or owners of a document can move it to a target document for which they are also administrator or owner. We allow different moving modes: - first-child: move the document as the first child of the target - last-child: move the document as the last child of the target - first-sibling: move the document as the first sibling of the target - last-sibling: move the document as the last sibling of the target - left: move the document as sibling ordered just before the target - right: move the document as sibling ordered just after the target The whole subtree below the document that is being moved, moves as well and remains below the document after it is moved.
2025-01-02 23:15:03 +01:00
if position in [
enums.MoveNodePositionChoices.FIRST_CHILD,
enums.MoveNodePositionChoices.LAST_CHILD,
]:
if not target_document.get_abilities(user).get("move"):
message = (
"You do not have permission to move documents "
"as a child to this target document."
)
♻️(backend) stop requiring owner for non-root documents If root documents are guaranteed to have a owner, non-root documents will automatically have them as owner by inheritance. We should not require non-root documents to have their own direct owner because this will make it difficult to manage access rights when we move documents around or when we want to remove access rights for someone on a document subtree... There should be as few overrides as possible.
2025-05-04 22:16:34 +02:00
elif target_document.is_root():
owner_accesses = document.get_root().accesses.filter(
role=models.RoleChoices.OWNER
)
elif not target_document.get_parent().get_abilities(user).get("move"):
message = (
"You do not have permission to move documents "
"as a sibling of this target document."
)
✨(backend) add API endpoint to move a document in the document tree Only administrators or owners of a document can move it to a target document for which they are also administrator or owner. We allow different moving modes: - first-child: move the document as the first child of the target - last-child: move the document as the last child of the target - first-sibling: move the document as the first sibling of the target - last-sibling: move the document as the last sibling of the target - left: move the document as sibling ordered just before the target - right: move the document as sibling ordered just after the target The whole subtree below the document that is being moved, moves as well and remains below the document after it is moved.
2025-01-02 23:15:03 +01:00
if message:
return drf.response.Response(
{"target_document_id": message},
status=status.HTTP_400_BAD_REQUEST,
)
document.move(target_document, pos=position)
♻️(backend) stop requiring owner for non-root documents If root documents are guaranteed to have a owner, non-root documents will automatically have them as owner by inheritance. We should not require non-root documents to have their own direct owner because this will make it difficult to manage access rights when we move documents around or when we want to remove access rights for someone on a document subtree... There should be as few overrides as possible.
2025-05-04 22:16:34 +02:00
# Make sure we have at least one owner
if (
owner_accesses
and not document.accesses.filter(role=models.RoleChoices.OWNER).exists()
):
for owner_access in owner_accesses:
models.DocumentAccess.objects.update_or_create(
document=document,
user=owner_access.user,
team=owner_access.team,
defaults={"role": models.RoleChoices.OWNER},
)
✨(backend) add API endpoint to move a document in the document tree Only administrators or owners of a document can move it to a target document for which they are also administrator or owner. We allow different moving modes: - first-child: move the document as the first child of the target - last-child: move the document as the last child of the target - first-sibling: move the document as the first sibling of the target - last-sibling: move the document as the last sibling of the target - left: move the document as sibling ordered just before the target - right: move the document as sibling ordered just after the target The whole subtree below the document that is being moved, moves as well and remains below the document after it is moved.
2025-01-02 23:15:03 +01:00
return drf.response.Response(
{"message": "Document moved successfully."}, status=status.HTTP_200_OK
)
✨(backend) add API endpoint action to restore a soft deleted document Only owners can see and restore deleted documents. They can only do it during the grace period before the document is considered hard deleted and hidden from everybody on the API.
2025-01-05 14:43:15 +01:00
@drf.decorators.action(
detail=True,
methods=["post"],
)
def restore(self, request, *args, **kwargs):
"""
Restore a soft-deleted document if it was deleted less than x days ago.
"""
document = self.get_object()
document.restore()
return drf_response.Response(
{"detail": "Document has been successfully restored."},
status=status.HTTP_200_OK,
)
✨(backend) add API endpoint to list a document's children This endpoint is nested under a document's detail endpoint.
2024-12-17 19:03:45 +01:00
@drf.decorators.action(
detail=True,
methods=["get", "post"],
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
ordering=["path"],
✨(backend) add API endpoint to list a document's children This endpoint is nested under a document's detail endpoint.
2024-12-17 19:03:45 +01:00
)
✨(backend) add API endpoint to create children for a document We add a POST method to the existing children endpoint.
2024-12-18 08:44:12 +01:00
def children(self, request, *args, **kwargs):
"""Handle listing and creating children of a document"""
✨(backend) add API endpoint to list a document's children This endpoint is nested under a document's detail endpoint.
2024-12-17 19:03:45 +01:00
document = self.get_object()
✨(backend) add API endpoint to create children for a document We add a POST method to the existing children endpoint.
2024-12-18 08:44:12 +01:00
if request.method == "POST":
# Create a child document
serializer = serializers.DocumentSerializer(
data=request.data, context=self.get_serializer_context()
)
serializer.is_valid(raise_exception=True)
with transaction.atomic():
🐛(backend) race condition create doc When 2 docs are created almost at the same time, the second one will fail because the first one. We get a unicity error on the path key already used ("impress_document_path_key"). To fix this issue, we will lock the table the time to create the document, the next query will wait for the lock to be released.
2025-02-12 10:13:41 +01:00
# "select_for_update" locks the table to ensure safe concurrent access
locked_parent = models.Document.objects.select_for_update().get(
pk=document.pk
)
child_document = locked_parent.add_child(
✨(backend) add API endpoint to create children for a document We add a POST method to the existing children endpoint.
2024-12-18 08:44:12 +01:00
creator=request.user,
**serializer.validated_data,
)
♻️(backend) stop requiring owner for non-root documents If root documents are guaranteed to have a owner, non-root documents will automatically have them as owner by inheritance. We should not require non-root documents to have their own direct owner because this will make it difficult to manage access rights when we move documents around or when we want to remove access rights for someone on a document subtree... There should be as few overrides as possible.
2025-05-04 22:16:34 +02:00
✨(backend) add API endpoint to create children for a document We add a POST method to the existing children endpoint.
2024-12-18 08:44:12 +01:00
# Set the created instance to the serializer
serializer.instance = child_document
headers = self.get_success_headers(serializer.data)
return drf.response.Response(
serializer.data, status=status.HTTP_201_CREATED, headers=headers
)
# GET: List children
🐛(backend) allow creator to delete subpages An editor who created a subpages should be allowed to delete it. We change the abilities to be coherent between the creation and the deletion. Fixes #1193
2025-08-22 14:57:02 +02:00
queryset = (
document.get_children()
.select_related("creator")
.filter(ancestors_deleted_at__isnull=True)
)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
queryset = self.filter_queryset(queryset)
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
filterset = DocumentFilter(request.GET, queryset=queryset)
if not filterset.is_valid():
raise drf.exceptions.ValidationError(filterset.errors)
queryset = filterset.qs
♻️(backend) simplify roles by returning only the max role We were returning the list of roles a user has on a document (direct and inherited). Now that we introduced priority on roles, we are able to determine what is the max role and return only this one. This commit also changes the role that is returned for the restricted reach: we now return None because the role is not relevant in this case.
2025-04-25 08:03:12 +02:00
# Pass ancestors' links paths mapping to the serializer as a context variable
# in order to allow saving time while computing abilities on the instance
paths_links_mapping = document.compute_ancestors_links_paths_mapping()
return self.get_response_for_queryset(
queryset,
context={
"request": request,
"paths_links_mapping": paths_links_mapping,
},
)
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
@drf.decorators.action(
detail=True,
methods=["get"],
ordering=["path"],
)
def descendants(self, request, *args, **kwargs):
"""Handle listing descendants of a document"""
document = self.get_object()
queryset = document.get_descendants().filter(ancestors_deleted_at__isnull=True)
queryset = self.filter_queryset(queryset)
filterset = DocumentFilter(request.GET, queryset=queryset)
if not filterset.is_valid():
raise drf.exceptions.ValidationError(filterset.errors)
queryset = filterset.qs
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
return self.get_response_for_queryset(queryset)
✨(backend) add API endpoint to list a document's children This endpoint is nested under a document's detail endpoint.
2024-12-17 19:03:45 +01:00
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
@drf.decorators.action(
detail=True,
methods=["get"],
ordering=["path"],
)
def tree(self, request, pk, *args, **kwargs):
"""
List ancestors tree above the document.
What we need to display is the tree structure opened for the current document.
"""
♻️(backend) factorize document query set annotation The methods to annotate a document queryset were factorized on the viewset but the correct place is the custom queryset itself now that we have one.
2025-04-12 11:35:36 +02:00
user = self.request.user
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
try:
🐛(backend) allow creator to delete subpages An editor who created a subpages should be allowed to delete it. We change the abilities to be coherent between the creation and the deletion. Fixes #1193
2025-08-22 14:57:02 +02:00
current_document = (
♻️(backend) open tree endpoint to deleted documents only for owners The tree endpoint will now return a result only for owners. For other users the endpoint still returns a 403. Also, the endpoint does look for ancestors anymore, it only stay on the current document.
2025-10-06 11:25:17 +02:00
self.queryset.select_related(None)
.only("depth", "path", "ancestors_deleted_at")
.get(pk=pk)
🐛(backend) allow creator to delete subpages An editor who created a subpages should be allowed to delete it. We change the abilities to be coherent between the creation and the deletion. Fixes #1193
2025-08-22 14:57:02 +02:00
)
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
except models.Document.DoesNotExist as excpt:
🐛(backend) allow creating accesses when privileged by heritage We took the opportunity of this bug to refactor serializers and permissions as advised one day by @qbey: no permission checks in serializers.
2025-05-06 09:41:16 +02:00
raise drf.exceptions.NotFound() from excpt
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
♻️(backend) open tree endpoint to deleted documents only for owners The tree endpoint will now return a result only for owners. For other users the endpoint still returns a 403. Also, the endpoint does look for ancestors anymore, it only stay on the current document.
2025-10-06 11:25:17 +02:00
is_deleted = current_document.ancestors_deleted_at is not None
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
♻️(backend) open tree endpoint to deleted documents only for owners The tree endpoint will now return a result only for owners. For other users the endpoint still returns a 403. Also, the endpoint does look for ancestors anymore, it only stay on the current document.
2025-10-06 11:25:17 +02:00
if is_deleted:
if current_document.get_role(user) != models.RoleChoices.OWNER:
raise (
drf.exceptions.PermissionDenied()
if request.user.is_authenticated
else drf.exceptions.NotAuthenticated()
)
highest_readable = current_document
ancestors = self.queryset.select_related(None).filter(pk=pk)
else:
ancestors = (
(
current_document.get_ancestors()
| self.queryset.select_related(None).filter(pk=pk)
)
.filter(ancestors_deleted_at__isnull=True)
.order_by("path")
)
# Get the highest readable ancestor
highest_readable = (
ancestors.select_related(None)
.readable_per_se(request.user)
.only("depth", "path")
.first()
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
)
♻️(backend) open tree endpoint to deleted documents only for owners The tree endpoint will now return a result only for owners. For other users the endpoint still returns a 403. Also, the endpoint does look for ancestors anymore, it only stay on the current document.
2025-10-06 11:25:17 +02:00
if highest_readable is None:
raise (
drf.exceptions.PermissionDenied()
if request.user.is_authenticated
else drf.exceptions.NotAuthenticated()
)
✨(backend) add new "descendants" action to document API endpoint We want to be able to make a search query inside a hierchical document. It's elegant to do it as a document detail action so that we benefit from access control.
2025-02-17 10:25:07 +01:00
paths_links_mapping = {}
ancestors_links = []
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
children_clause = db.Q()
for ancestor in ancestors:
✨(backend) add new "descendants" action to document API endpoint We want to be able to make a search query inside a hierchical document. It's elegant to do it as a document detail action so that we benefit from access control.
2025-02-17 10:25:07 +01:00
# Compute cache for ancestors links to avoid many queries while computing
✏️(project) automatic typo correction Fix typos in the project.
2025-05-13 16:00:12 +02:00
# abilities for his documents in the tree!
✨(backend) add new "descendants" action to document API endpoint We want to be able to make a search query inside a hierchical document. It's elegant to do it as a document detail action so that we benefit from access control.
2025-02-17 10:25:07 +01:00
ancestors_links.append(
{"link_reach": ancestor.link_reach, "link_role": ancestor.link_role}
)
paths_links_mapping[ancestor.path] = ancestors_links.copy()
♻️(backend) simplify roles by returning only the max role We were returning the list of roles a user has on a document (direct and inherited). Now that we introduced priority on roles, we are able to determine what is the max role and return only this one. This commit also changes the role that is returned for the restricted reach: we now return None because the role is not relevant in this case.
2025-04-25 08:03:12 +02:00
if ancestor.depth < highest_readable.depth:
continue
children_clause |= db.Q(
path__startswith=ancestor.path, depth=ancestor.depth + 1
)
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
children = self.queryset.filter(children_clause, deleted_at__isnull=True)
🐛(backend) allow creator to delete subpages An editor who created a subpages should be allowed to delete it. We change the abilities to be coherent between the creation and the deletion. Fixes #1193
2025-08-22 14:57:02 +02:00
queryset = (
ancestors.select_related("creator").filter(
depth__gte=highest_readable.depth
)
| children
)
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
queryset = queryset.order_by("path")
♻️(backend) factorize document query set annotation The methods to annotate a document queryset were factorized on the viewset but the correct place is the custom queryset itself now that we have one.
2025-04-12 11:35:36 +02:00
queryset = queryset.annotate_user_roles(user)
queryset = queryset.annotate_is_favorite(user)
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
♻️(backend) simplify roles by returning only the max role We were returning the list of roles a user has on a document (direct and inherited). Now that we introduced priority on roles, we are able to determine what is the max role and return only this one. This commit also changes the role that is returned for the restricted reach: we now return None because the role is not relevant in this case.
2025-04-25 08:03:12 +02:00
# Pass ancestors' links paths mapping to the serializer as a context variable
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
# in order to allow saving time while computing abilities on the instance
serializer = self.get_serializer(
queryset,
many=True,
context={
"request": request,
✨(backend) add new "descendants" action to document API endpoint We want to be able to make a search query inside a hierchical document. It's elegant to do it as a document detail action so that we benefit from access control.
2025-02-17 10:25:07 +01:00
"paths_links_mapping": paths_links_mapping,
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
},
)
return drf.response.Response(
utils.nest_tree(serializer.data, self.queryset.model.steplen)
)
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
@drf.decorators.action(
detail=True,
methods=["post"],
🐛(backend) allow creating accesses when privileged by heritage We took the opportunity of this bug to refactor serializers and permissions as advised one day by @qbey: no permission checks in serializers.
2025-05-06 09:41:16 +02:00
permission_classes=[
permissions.IsAuthenticated,
permissions.DocumentPermission,
],
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
url_path="duplicate",
)
@transaction.atomic
def duplicate(self, request, *args, **kwargs):
"""
Duplicate a document and store the links to attached files in the duplicated
document to allow cross-access.
Optionally duplicates accesses if `with_accesses` is set to true
in the payload.
"""
# Get document while checking permissions
🐛(backend) duplicate sub docs as root for reader user Reader user should be able to duplicate a doc in the doc tree. It should be created a new doc at the root level.
2025-09-15 22:44:58 +02:00
document_to_duplicate = self.get_object()
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
serializer = serializers.DocumentDuplicationSerializer(
data=request.data, partial=True
)
serializer.is_valid(raise_exception=True)
with_accesses = serializer.validated_data.get("with_accesses", False)
🐛(backend) duplicate sub docs as root for reader user Reader user should be able to duplicate a doc in the doc tree. It should be created a new doc at the root level.
2025-09-15 22:44:58 +02:00
user_role = document_to_duplicate.get_role(request.user)
is_owner_or_admin = user_role in models.PRIVILEGED_ROLES
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
🐛(backend) duplicate sub docs as root for reader user Reader user should be able to duplicate a doc in the doc tree. It should be created a new doc at the root level.
2025-09-15 22:44:58 +02:00
base64_yjs_content = document_to_duplicate.content
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
# Duplicate the document instance
link_kwargs = (
🐛(backend) duplicate sub docs as root for reader user Reader user should be able to duplicate a doc in the doc tree. It should be created a new doc at the root level.
2025-09-15 22:44:58 +02:00
{
"link_reach": document_to_duplicate.link_reach,
"link_role": document_to_duplicate.link_role,
}
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
if with_accesses
else {}
)
🐛(backend) duplicate sub docs as root for reader user Reader user should be able to duplicate a doc in the doc tree. It should be created a new doc at the root level.
2025-09-15 22:44:58 +02:00
extracted_attachments = set(extract_attachments(document_to_duplicate.content))
attachments = list(
extracted_attachments & set(document_to_duplicate.attachments)
)
title = capfirst(_("copy of {title}").format(title=document_to_duplicate.title))
if not document_to_duplicate.is_root() and choices.RoleChoices.get_priority(
user_role
) < choices.RoleChoices.get_priority(models.RoleChoices.EDITOR):
duplicated_document = models.Document.add_root(
creator=self.request.user,
title=title,
content=base64_yjs_content,
attachments=attachments,
duplicated_from=document_to_duplicate,
**link_kwargs,
)
models.DocumentAccess.objects.create(
document=duplicated_document,
user=self.request.user,
role=models.RoleChoices.OWNER,
)
return drf_response.Response(
{"id": str(duplicated_document.id)}, status=status.HTTP_201_CREATED
)
duplicated_document = document_to_duplicate.add_sibling(
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
"right",
🐛(backend) duplicate sub docs as root for reader user Reader user should be able to duplicate a doc in the doc tree. It should be created a new doc at the root level.
2025-09-15 22:44:58 +02:00
title=title,
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
content=base64_yjs_content,
attachments=attachments,
🐛(backend) duplicate sub docs as root for reader user Reader user should be able to duplicate a doc in the doc tree. It should be created a new doc at the root level.
2025-09-15 22:44:58 +02:00
duplicated_from=document_to_duplicate,
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
creator=request.user,
**link_kwargs,
)
🐛(back) duplicating a child should not create accesses Children does not have accesses created for now, they inherit from their parent for now. We have to ignore access creation while owrk on the children accesses has not been made.
2025-07-09 15:00:29 +02:00
# Always add the logged-in user as OWNER for root documents
🐛(backend) duplicate sub docs as root for reader user Reader user should be able to duplicate a doc in the doc tree. It should be created a new doc at the root level.
2025-09-15 22:44:58 +02:00
if document_to_duplicate.is_root():
🐛(back) duplicating a child should not create accesses Children does not have accesses created for now, they inherit from their parent for now. We have to ignore access creation while owrk on the children accesses has not been made.
2025-07-09 15:00:29 +02:00
accesses_to_create = [
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
models.DocumentAccess(
document=duplicated_document,
🐛(back) duplicating a child should not create accesses Children does not have accesses created for now, they inherit from their parent for now. We have to ignore access creation while owrk on the children accesses has not been made.
2025-07-09 15:00:29 +02:00
user=request.user,
role=models.RoleChoices.OWNER,
)
]
# If accesses should be duplicated, add other users' accesses as per original document
if with_accesses and is_owner_or_admin:
original_accesses = models.DocumentAccess.objects.filter(
🐛(backend) duplicate sub docs as root for reader user Reader user should be able to duplicate a doc in the doc tree. It should be created a new doc at the root level.
2025-09-15 22:44:58 +02:00
document=document_to_duplicate
🐛(back) duplicating a child should not create accesses Children does not have accesses created for now, they inherit from their parent for now. We have to ignore access creation while owrk on the children accesses has not been made.
2025-07-09 15:00:29 +02:00
).exclude(user=request.user)
accesses_to_create.extend(
models.DocumentAccess(
document=duplicated_document,
user_id=access.user_id,
team=access.team,
role=access.role,
)
for access in original_accesses
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
)
🐛(back) duplicating a child should not create accesses Children does not have accesses created for now, they inherit from their parent for now. We have to ignore access creation while owrk on the children accesses has not been made.
2025-07-09 15:00:29 +02:00
# Bulk create all the duplicated accesses
models.DocumentAccess.objects.bulk_create(accesses_to_create)
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
return drf_response.Response(
{"id": str(duplicated_document.id)}, status=status.HTTP_201_CREATED
)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(detail=True, methods=["get"], url_path="versions")
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
def versions_list(self, request, *args, **kwargs):
"""
Return the document's versions but only those created after the user got access
to the document
"""
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
user = request.user
if not user.is_authenticated:
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
raise drf.exceptions.PermissionDenied("Authentication required.")
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
# Validate query parameters using dedicated serializer
serializer = serializers.VersionFilterSerializer(data=request.query_params)
serializer.is_valid(raise_exception=True)
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
document = self.get_object()
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
# Users should not see version history dating from before they gained access to the
# document. Filter to get the minimum access date for the logged-in user
✨(backend) retrieve & update a document taking into account ancestors A document should inherit the access rights a user has on any of its ancestors.
2024-12-17 07:47:23 +01:00
access_queryset = models.DocumentAccess.objects.filter(
db.Q(user=user) | db.Q(team__in=user.teams),
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
document__path=Left(db.Value(document.path), Length("document__path")),
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
).aggregate(min_date=db.Min("created_at"))
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
# Handle the case where the user has no accesses
min_datetime = access_queryset["min_date"]
if not min_datetime:
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.exceptions.PermissionDenied(
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
"Only users with specific access can see version history"
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
)
👔(backend) add document version serializer Add document version serializer to get the pagination with the document version list.
2024-07-17 09:10:05 +02:00
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
versions_data = document.get_versions_slice(
from_version_id=serializer.validated_data.get("version_id"),
min_datetime=min_datetime,
page_size=serializer.validated_data.get("page_size"),
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(versions_data)
👔(backend) add document version serializer Add document version serializer to get the pagination with the document version list.
2024-07-17 09:10:05 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
detail=True,
methods=["get", "delete"],
🐛(backend) fix s3 version_id validation The regex used on the version_detail endpoint path is not fully compatible with the S3 spec. In the S3 specs, Version IDs are Unicode, UTF-8 encoded, URL-ready, opaque strings that are no more than 1,024 bytes long. We don't accept all unicode characters but enough to be compliant.
2025-10-30 15:29:11 +01:00
url_path=r"versions/(?P<version_id>[A-Za-z0-9._+\-=~]{1,1024})",
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
)
# pylint: disable=unused-argument
def versions_detail(self, request, pk, version_id, *args, **kwargs):
"""Custom action to retrieve a specific version of a document"""
document = self.get_object()
try:
response = document.get_content_response(version_id=version_id)
except (FileNotFoundError, ClientError) as err:
raise Http404 from err
# Don't let users access versions that were created before they were given access
# to the document
🛂(backend) stop to list public doc to everyone Everybody could see the full list of public docs. Now only members can see their public docs. They can still access to any specific public doc.
2024-09-06 16:12:02 +02:00
user = request.user
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
min_datetime = min(
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
access.created_at
✨(backend) retrieve & update a document taking into account ancestors A document should inherit the access rights a user has on any of its ancestors.
2024-12-17 07:47:23 +01:00
for access in models.DocumentAccess.objects.filter(
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
db.Q(user=user) | db.Q(team__in=user.teams),
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
document__path=Left(db.Value(document.path), Length("document__path")),
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
)
)
✨(backend) retrieve & update a document taking into account ancestors A document should inherit the access rights a user has on any of its ancestors.
2024-12-17 07:47:23 +01:00
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
if response["LastModified"] < min_datetime:
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
raise Http404
if request.method == "DELETE":
response = document.delete_version(version_id)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
status=response["ResponseMetadata"]["HTTPStatusCode"]
)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
{
🏷️(backend) accept string as saved document Saved documents has to be a string now. Before it has to be a json object.
2024-05-21 14:46:23 +02:00
"content": response["Body"].read().decode("utf-8"),
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
"last_modified": response["LastModified"],
👔(backend) add document version serializer Add document version serializer to get the pagination with the document version list.
2024-07-17 09:10:05 +02:00
"id": version_id,
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
}
)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(detail=True, methods=["put"], url_path="link-configuration")
✨(api) allow updating link configuration for a document We open a specific endpoint to update documents link configuration because it makes it more secure and simple to limit access rights to administrators/owners whereas other document fields like title and content can be edited by anonymous or authenticated users with much less access rights.
2024-09-08 23:07:47 +02:00
def link_configuration(self, request, *args, **kwargs):
"""Update link configuration with specific rights (cf get_abilities)."""
# Check permissions first
document = self.get_object()
# Deserialize and validate the data
serializer = serializers.LinkDocumentSerializer(
document, data=request.data, partial=True
)
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
serializer.is_valid(raise_exception=True)
✨(api) allow updating link configuration for a document We open a specific endpoint to update documents link configuration because it makes it more secure and simple to limit access rights to administrators/owners whereas other document fields like title and content can be edited by anonymous or authenticated users with much less access rights.
2024-09-08 23:07:47 +02:00
serializer.save()
✨(backend) notify collaboration server When an access is updated or removed, the collaboration server is notified to reset the access connection; by being disconnected, the accesses will automatically reconnect by passing by the ngnix subrequest, and so get the good rights. We do the same system when the document link is updated, except here we reset every access connection.
2024-11-28 16:35:48 +01:00
# Notify collaboration server about the link updated
CollaborationService().reset_connections(str(document.id))
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(serializer.data, status=drf.status.HTTP_200_OK)
✨(api) allow updating link configuration for a document We open a specific endpoint to update documents link configuration because it makes it more secure and simple to limit access rights to administrators/owners whereas other document fields like title and content can be edited by anonymous or authenticated users with much less access rights.
2024-09-08 23:07:47 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(detail=True, methods=["post", "delete"], url_path="favorite")
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
def favorite(self, request, *args, **kwargs):
"""
Mark or unmark the document as a favorite for the logged-in user based on the HTTP method.
"""
# Check permissions first
document = self.get_object()
user = request.user
if request.method == "POST":
# Try to mark as favorite
try:
models.DocumentFavorite.objects.create(document=document, user=user)
except ValidationError:
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
{"detail": "Document already marked as favorite"},
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
status=drf.status.HTTP_200_OK,
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
{"detail": "Document marked as favorite"},
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
status=drf.status.HTTP_201_CREATED,
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
)
# Handle DELETE method to unmark as favorite
deleted, _ = models.DocumentFavorite.objects.filter(
document=document, user=user
).delete()
if deleted:
✨(backend) allow masking documents from the list view Once users have visited a document to which they have access, they can't remove it from their list view anymore. Several users reported that this is annoying because a document that gets a lot of updates keeps popping up at the top of their list view. They want to be able to mask the document in a click. We propose to add a "masked documents" section in the left side bar where the masked documents can still be found.
2025-07-13 19:56:07 +02:00
return drf.response.Response(status=drf.status.HTTP_204_NO_CONTENT)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
{"detail": "Document was already not marked as favorite"},
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
status=drf.status.HTTP_200_OK,
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
)
✨(backend) allow masking documents from the list view Once users have visited a document to which they have access, they can't remove it from their list view anymore. Several users reported that this is annoying because a document that gets a lot of updates keeps popping up at the top of their list view. They want to be able to mask the document in a click. We propose to add a "masked documents" section in the left side bar where the masked documents can still be found.
2025-07-13 19:56:07 +02:00
@drf.decorators.action(detail=True, methods=["post", "delete"], url_path="mask")
def mask(self, request, *args, **kwargs):
"""Mask or unmask the document for the logged-in user based on the HTTP method."""
# Check permissions first
document = self.get_object()
user = request.user
try:
link_trace = models.LinkTrace.objects.get(document=document, user=user)
except models.LinkTrace.DoesNotExist:
return drf.response.Response(
{"detail": "User never accessed this document before."},
status=status.HTTP_400_BAD_REQUEST,
)
if request.method == "POST":
if link_trace.is_masked:
return drf.response.Response(
{"detail": "Document was already masked"},
status=drf.status.HTTP_200_OK,
)
link_trace.is_masked = True
link_trace.save(update_fields=["is_masked"])
return drf.response.Response(
{"detail": "Document was masked"},
status=drf.status.HTTP_201_CREATED,
)
# Handle DELETE method to unmask document
if not link_trace.is_masked:
return drf.response.Response(
{"detail": "Document was already not masked"},
status=drf.status.HTTP_200_OK,
)
link_trace.is_masked = False
link_trace.save(update_fields=["is_masked"])
return drf.response.Response(status=drf.status.HTTP_204_NO_CONTENT)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(detail=True, methods=["post"], url_path="attachment-upload")
✨(backend) allow uploading images as attachments to a document We only rely on S3 to store attachments for a document. Nothing is persisted in the database as the image media urls will be stored in the document json.
2024-08-19 22:35:48 +02:00
def attachment_upload(self, request, *args, **kwargs):
"""Upload a file related to a given document"""
# Check permissions first
document = self.get_object()
# Validate metadata in payload
serializer = serializers.FileUploadSerializer(data=request.data)
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
serializer.is_valid(raise_exception=True)
✨(backend) allow uploading images as attachments to a document We only rely on S3 to store attachments for a document. Nothing is persisted in the database as the image media urls will be stored in the document json.
2024-08-19 22:35:48 +02:00
# Generate a generic yet unique filename to store the image in object storage
file_id = uuid.uuid4()
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
ext = serializer.validated_data["expected_extension"]
✨(backend) allow uploading more types of attachments We want to allow users to upload files to a document, not just images. We try to enforce coherence between the file extension and the real mime type of its content. If a file is deemed unsafe, it is still accepted during upload and the information is stored as metadata on the object for display to readers.
2024-10-07 20:10:42 +02:00
# Prepare metadata for storage
🏷️(backend) add content-type to uploaded files All the uploaded files had the content-type set to `application/octet-stream`. It create issues when the file is downloaded from the frontend because the browser doesn't know how to handle the file. We now determine the content-type of the file and set it to the file object.
2025-01-15 15:58:46 +01:00
extra_args = {
✨(backend) manage uploaded file status and call to malware detection In the attachment_upload method, the status in the file metadata to processing and the malware_detection backend is called. We check in the media_auth if the status is ready in order to accept the request.
2025-05-05 16:01:12 +02:00
"Metadata": {
"owner": str(request.user.id),
"status": enums.DocumentAttachmentStatus.PROCESSING,
},
🏷️(backend) add content-type to uploaded files All the uploaded files had the content-type set to `application/octet-stream`. It create issues when the file is downloaded from the frontend because the browser doesn't know how to handle the file. We now determine the content-type of the file and set it to the file object.
2025-01-15 15:58:46 +01:00
"ContentType": serializer.validated_data["content_type"],
}
🛂(backend) add unsafe in the attachments filename The frontend cannot access custom headers of a file, so we need to add a flag in the filename. We add the `unsafe` flag in the filename to indicate that the file is unsafe. Previous filename: "/{UUID4}.{extension}" New filename: "/{UUID4}-unsafe.{extension}"
2025-02-26 18:21:38 +01:00
file_unsafe = ""
✨(backend) allow uploading more types of attachments We want to allow users to upload files to a document, not just images. We try to enforce coherence between the file extension and the real mime type of its content. If a file is deemed unsafe, it is still accepted during upload and the information is stored as metadata on the object for display to readers.
2024-10-07 20:10:42 +02:00
if serializer.validated_data["is_unsafe"]:
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
extra_args["Metadata"]["is_unsafe"] = "true"
🛂(backend) add unsafe in the attachments filename The frontend cannot access custom headers of a file, so we need to add a flag in the filename. We add the `unsafe` flag in the filename to indicate that the file is unsafe. Previous filename: "/{UUID4}.{extension}" New filename: "/{UUID4}-unsafe.{extension}"
2025-02-26 18:21:38 +01:00
file_unsafe = "-unsafe"
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
key = f"{document.key_base}/{enums.ATTACHMENTS_FOLDER:s}/{file_id!s}{file_unsafe}.{ext:s}"
✨(backend) allow uploading more types of attachments We want to allow users to upload files to a document, not just images. We try to enforce coherence between the file extension and the real mime type of its content. If a file is deemed unsafe, it is still accepted during upload and the information is stored as metadata on the object for display to readers.
2024-10-07 20:10:42 +02:00
🔒️(back) set ContentDisposition on media upload On the media upload endpoint, we want to set the content-disposition header. Its value is based on the uploaded file mime-type and if flagged as unsafe. If the file is not an image or is unsafe then the contentDisposition is set to attachment to force its download. Otherwise, we set it to inline.
2025-02-27 16:19:17 +01:00
file_name = serializer.validated_data["file_name"]
if (
not serializer.validated_data["content_type"].startswith("image/")
or serializer.validated_data["is_unsafe"]
):
extra_args.update(
{"ContentDisposition": f'attachment; filename="{file_name:s}"'}
)
else:
extra_args.update(
{"ContentDisposition": f'inline; filename="{file_name:s}"'}
)
✨(backend) allow uploading more types of attachments We want to allow users to upload files to a document, not just images. We try to enforce coherence between the file extension and the real mime type of its content. If a file is deemed unsafe, it is still accepted during upload and the information is stored as metadata on the object for display to readers.
2024-10-07 20:10:42 +02:00
file = serializer.validated_data["file"]
default_storage.connection.meta.client.upload_fileobj(
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
file, default_storage.bucket_name, key, ExtraArgs=extra_args
✨(backend) allow uploading more types of attachments We want to allow users to upload files to a document, not just images. We try to enforce coherence between the file extension and the real mime type of its content. If a file is deemed unsafe, it is still accepted during upload and the information is stored as metadata on the object for display to readers.
2024-10-07 20:10:42 +02:00
)
✨(backend) allow uploading images as attachments to a document We only rely on S3 to store attachments for a document. Nothing is persisted in the database as the image media urls will be stored in the document json.
2024-08-19 22:35:48 +02:00
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
# Make the attachment readable by document readers
document.attachments.append(key)
document.save()
✨(backend) manage uploaded file status and call to malware detection In the attachment_upload method, the status in the file metadata to processing and the malware_detection backend is called. We check in the media_auth if the status is ready in order to accept the request.
2025-05-05 16:01:12 +02:00
malware_detection.analyse_file(key, document_id=document.id)
♻️(back) return the media-check url on the attachment_upload response We want to have the media-check url returned on the attachment-upload response instead of the media url directly. The front will know the endpoint to use to check the media status.
2025-05-21 15:09:40 +02:00
url = reverse(
"documents-media-check",
kwargs={"pk": document.id},
)
parameters = urlencode({"key": key})
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
♻️(back) return the media-check url on the attachment_upload response We want to have the media-check url returned on the attachment-upload response instead of the media url directly. The front will know the endpoint to use to check the media status.
2025-05-21 15:09:40 +02:00
{
"file": f"{url:s}?{parameters:s}",
},
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
status=drf.status.HTTP_201_CREATED,
✨(backend) allow uploading images as attachments to a document We only rely on S3 to store attachments for a document. Nothing is persisted in the database as the image media urls will be stored in the document json.
2024-08-19 22:35:48 +02:00
)
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
def _auth_get_original_url(self, request):
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
"""
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
Extracts and parses the original URL from the "HTTP_X_ORIGINAL_URL" header.
Raises PermissionDenied if the header is missing.
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
The original url is passed by nginx in the "HTTP_X_ORIGINAL_URL" header.
See corresponding ingress configuration in Helm chart and read about the
nginx.ingress.kubernetes.io/auth-url annotation to understand how the Nginx ingress
is configured to do this.
Based on the original url and the logged in user, we must decide if we authorize Nginx
to let this request go through (by returning a 200 code) or if we block it (by returning
a 403 error). Note that we return 403 errors without any further details for security
reasons.
"""
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
# Extract the original URL from the request header
original_url = request.META.get("HTTP_X_ORIGINAL_URL")
if not original_url:
logger.debug("Missing HTTP_X_ORIGINAL_URL header in subrequest")
raise drf.exceptions.PermissionDenied()
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
logger.debug("Original url: '%s'", original_url)
return urlparse(original_url)
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
def _auth_get_url_params(self, pattern, fragment):
"""
Extracts URL parameters from the given fragment using the specified regex pattern.
Raises PermissionDenied if parameters cannot be extracted.
"""
match = pattern.search(fragment)
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
try:
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
return match.groupdict()
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
except (ValueError, AttributeError) as exc:
logger.debug("Failed to extract parameters from subrequest URL: %s", exc)
raise drf.exceptions.PermissionDenied() from exc
@drf.decorators.action(detail=False, methods=["get"], url_path="media-auth")
def media_auth(self, request, *args, **kwargs):
"""
This view is used by an Nginx subrequest to control access to a document's
attachment file.
When we let the request go through, we compute authorization headers that will be added to
the request going through thanks to the nginx.ingress.kubernetes.io/auth-response-headers
annotation. The request will then be proxied to the object storage backend who will
respond with the file after checking the signature included in headers.
"""
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
parsed_url = self._auth_get_original_url(request)
url_params = self._auth_get_url_params(
enums.MEDIA_STORAGE_URL_PATTERN, parsed_url.path
✨(backend) add subrequest auth view for collaboration server We need to improve security on the access to The collaboration server We can use the same pattern as for media files leveraging the nginx subrequest feature.
2024-11-18 08:05:54 +01:00
)
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
user = request.user
key = f"{url_params['pk']:s}/{url_params['attachment']:s}"
# Look for a document to which the user has access and that includes this attachment
# We must look into all descendants of any document to which the user has access per se
readable_per_se_paths = (
self.queryset.readable_per_se(user)
.order_by("path")
.values_list("path", flat=True)
)
attachments_documents = (
🐛(backend) allow creator to delete subpages An editor who created a subpages should be allowed to delete it. We change the abilities to be coherent between the creation and the deletion. Fixes #1193
2025-08-22 14:57:02 +02:00
self.queryset.select_related(None)
.filter(attachments__contains=[key])
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
.only("path")
.order_by("path")
)
readable_attachments_paths = filter_descendants(
[doc.path for doc in attachments_documents],
readable_per_se_paths,
skip_sorting=True,
)
if not readable_attachments_paths:
logger.debug("User '%s' lacks permission for attachment", user)
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
raise drf.exceptions.PermissionDenied()
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
✨(backend) manage uploaded file status and call to malware detection In the attachment_upload method, the status in the file metadata to processing and the malware_detection backend is called. We check in the media_auth if the status is ready in order to accept the request.
2025-05-05 16:01:12 +02:00
# Check if the attachment is ready
s3_client = default_storage.connection.meta.client
bucket_name = default_storage.bucket_name
✨(back) add endpoint checking media status With the usage of a malware detection system, we need a way to know the file status. The front will use it to display a loader while the analyse is not ended.
2025-05-21 14:22:31 +02:00
try:
head_resp = s3_client.head_object(Bucket=bucket_name, Key=key)
except ClientError as err:
raise drf.exceptions.PermissionDenied() from err
✨(backend) manage uploaded file status and call to malware detection In the attachment_upload method, the status in the file metadata to processing and the malware_detection backend is called. We check in the media_auth if the status is ready in order to accept the request.
2025-05-05 16:01:12 +02:00
metadata = head_resp.get("Metadata", {})
# In order to be compatible with existing upload without `status` metadata,
# we consider them as ready.
if (
metadata.get("status", enums.DocumentAttachmentStatus.READY)
!= enums.DocumentAttachmentStatus.READY
):
raise drf.exceptions.PermissionDenied()
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
# Generate S3 authorization headers using the extracted URL parameters
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
request = utils.generate_s3_authorization_headers(key)
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response("authorized", headers=request.headers, status=200)
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
✨(back) add endpoint checking media status With the usage of a malware detection system, we need a way to know the file status. The front will use it to display a loader while the analyse is not ended.
2025-05-21 14:22:31 +02:00
@drf.decorators.action(detail=True, methods=["get"], url_path="media-check")
def media_check(self, request, *args, **kwargs):
"""
Check if the media is ready to be served.
"""
document = self.get_object()
key = request.query_params.get("key")
if not key:
return drf.response.Response(
{"detail": "Missing 'key' query parameter"},
status=drf.status.HTTP_400_BAD_REQUEST,
)
if key not in document.attachments:
return drf.response.Response(
{"detail": "Attachment missing"},
status=drf.status.HTTP_404_NOT_FOUND,
)
# Check if the attachment is ready
s3_client = default_storage.connection.meta.client
bucket_name = default_storage.bucket_name
try:
head_resp = s3_client.head_object(Bucket=bucket_name, Key=key)
except ClientError as err:
logger.error("Client Error fetching file %s metadata: %s", key, err)
return drf.response.Response(
{"detail": "Media not found"},
status=drf.status.HTTP_404_NOT_FOUND,
)
metadata = head_resp.get("Metadata", {})
body = {
"status": metadata.get("status", enums.DocumentAttachmentStatus.PROCESSING),
}
if metadata.get("status") == enums.DocumentAttachmentStatus.READY:
body = {
"status": enums.DocumentAttachmentStatus.READY,
"file": f"{settings.MEDIA_URL:s}{key:s}",
}
return drf.response.Response(body, status=drf.status.HTTP_200_OK)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
detail=True,
methods=["post"],
name="Apply a transformation action on a piece of text with AI",
url_path="ai-transform",
throttle_classes=[utils.AIDocumentRateThrottle, utils.AIUserRateThrottle],
)
def ai_transform(self, request, *args, **kwargs):
"""
POST /api/v1.0/documents/<resource_id>/ai-transform
with expected data:
- text: str
- action: str [prompt, correct, rephrase, summarize]
Return JSON response with the processed text.
"""
# Check permissions first
self.get_object()
serializer = serializers.AITransformSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
text = serializer.validated_data["text"]
action = serializer.validated_data["action"]
response = AIService().transform(text, action)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(response, status=drf.status.HTTP_200_OK)
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
detail=True,
methods=["post"],
name="Translate a piece of text with AI",
url_path="ai-translate",
throttle_classes=[utils.AIDocumentRateThrottle, utils.AIUserRateThrottle],
)
def ai_translate(self, request, *args, **kwargs):
"""
POST /api/v1.0/documents/<resource_id>/ai-translate
with expected data:
- text: str
- language: str [settings.LANGUAGES]
Return JSON response with the translated text.
"""
# Check permissions first
self.get_object()
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
text = serializer.validated_data["text"]
language = serializer.validated_data["language"]
response = AIService().translate(text, language)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(response, status=drf.status.HTTP_200_OK)
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
✨(back) create a cors proxy fetching docs external resources When exporting a document in PDF and if the doc contains external resources, we want to fetch them using a proxy bypassing CORS restrictions. To ensure this endpoint is not used for something else than fetching urls contains in the doc, we use access control and check if the url really exists in the document.
2025-03-10 10:11:38 +01:00
@drf.decorators.action(
detail=True,
methods=["get"],
name="",
url_path="cors-proxy",
)
➕(back) install and configure django csp (#1085) We want to protect all requests from django with content security policy header. We use the djang-csp library and configure it with default values. Fixes #1000
2025-06-30 10:42:48 +02:00
@csp_update({"img-src": [NONE, "data:"]})
✨(back) create a cors proxy fetching docs external resources When exporting a document in PDF and if the doc contains external resources, we want to fetch them using a proxy bypassing CORS restrictions. To ensure this endpoint is not used for something else than fetching urls contains in the doc, we use access control and check if the url really exists in the document.
2025-03-10 10:11:38 +01:00
def cors_proxy(self, request, *args, **kwargs):
"""
GET /api/v1.0/documents/<resource_id>/cors-proxy
Act like a proxy to fetch external resources and bypass CORS restrictions.
"""
url = request.query_params.get("url")
if not url:
return drf.response.Response(
{"detail": "Missing 'url' query parameter"},
status=drf.status.HTTP_400_BAD_REQUEST,
)
# Check for permissions.
self.get_object()
url = unquote(url)
♻️(back) validate url used in cors_proxy endpoint The url used by the cors_proxy was not validated, other value than a http url can be used. We use the built in URLValidator to validate it is a valid url.
2025-08-25 16:15:16 +02:00
url_validator = URLValidator(schemes=["http", "https"])
try:
url_validator(url)
except drf.exceptions.ValidationError as e:
return drf.response.Response(
{"detail": str(e)},
status=drf.status.HTTP_400_BAD_REQUEST,
)
✨(back) create a cors proxy fetching docs external resources When exporting a document in PDF and if the doc contains external resources, we want to fetch them using a proxy bypassing CORS restrictions. To ensure this endpoint is not used for something else than fetching urls contains in the doc, we use access control and check if the url really exists in the document.
2025-03-10 10:11:38 +01:00
try:
response = requests.get(
url,
stream=True,
headers={
"User-Agent": request.headers.get("User-Agent", ""),
"Accept": request.headers.get("Accept", ""),
},
timeout=10,
)
🐛(back) allow only images to be used with the cors-proxy The cors-proxy endpoint allowed to use every type of files and to execute it in the browser. We limit the scope only to images and Content-Security-Policy and Content-Disposition headers are also added to not allow script execution that can be present in a SVG file.
2025-03-20 11:04:02 +01:00
content_type = response.headers.get("Content-Type", "")
if not content_type.startswith("image/"):
return drf.response.Response(
status=status.HTTP_415_UNSUPPORTED_MEDIA_TYPE
)
✨(back) create a cors proxy fetching docs external resources When exporting a document in PDF and if the doc contains external resources, we want to fetch them using a proxy bypassing CORS restrictions. To ensure this endpoint is not used for something else than fetching urls contains in the doc, we use access control and check if the url really exists in the document.
2025-03-10 10:11:38 +01:00
# Use StreamingHttpResponse with the response's iter_content to properly stream the data
proxy_response = StreamingHttpResponse(
streaming_content=response.iter_content(chunk_size=8192),
🐛(back) allow only images to be used with the cors-proxy The cors-proxy endpoint allowed to use every type of files and to execute it in the browser. We limit the scope only to images and Content-Security-Policy and Content-Disposition headers are also added to not allow script execution that can be present in a SVG file.
2025-03-20 11:04:02 +01:00
content_type=content_type,
headers={
"Content-Disposition": "attachment;",
},
✨(back) create a cors proxy fetching docs external resources When exporting a document in PDF and if the doc contains external resources, we want to fetch them using a proxy bypassing CORS restrictions. To ensure this endpoint is not used for something else than fetching urls contains in the doc, we use access control and check if the url really exists in the document.
2025-03-10 10:11:38 +01:00
status=response.status_code,
)
return proxy_response
except requests.RequestException as e:
♻️(back) stop returning a 500 on cors_proxy on request failure On the cors_proxy endpoint, if the fetched url fails we were returning an error 500. Instead, we log the exception and return a 400 to not give back information to the frontend application.
2025-08-25 17:24:57 +02:00
logger.exception(e)
return drf.response.Response(
{"error": f"Failed to fetch resource from {url}"},
status=status.HTTP_400_BAD_REQUEST,
✨(back) create a cors proxy fetching docs external resources When exporting a document in PDF and if the doc contains external resources, we want to fetch them using a proxy bypassing CORS restrictions. To ensure this endpoint is not used for something else than fetching urls contains in the doc, we use access control and check if the url really exists in the document.
2025-03-10 10:11:38 +01:00
)
✨(api) add API route to fetch document content This allows API users to process document content, enabling the use of Docs as a headless CMS for instance, or any kind of document processing. Fixes #1206.
2025-07-24 02:31:50 +02:00
@drf.decorators.action(
detail=True,
methods=["get"],
url_path="content",
name="Get document content in different formats",
)
def content(self, request, pk=None):
"""
Retrieve document content in different formats (JSON, Markdown, HTML).
Query parameters:
- content_format: The desired output format (json, markdown, html)
Returns:
JSON response with content in the specified format.
"""
document = self.get_object()
content_format = request.query_params.get("content_format", "json").lower()
if content_format not in {"json", "markdown", "html"}:
raise drf.exceptions.ValidationError(
"Invalid format. Must be one of: json, markdown, html"
)
# Get the base64 content from the document
content = None
base64_content = document.content
if base64_content is not None:
# Convert using the y-provider service
try:
♻️(convert) reuse existing convert yprovider endpoint for content API reuse convert service instead of renaming it in content
2025-07-24 14:08:18 +02:00
yprovider = YdocConverter()
result = yprovider.convert(
base64.b64decode(base64_content),
"application/vnd.yjs.doc",
{
"markdown": "text/markdown",
"html": "text/html",
"json": "application/json",
}[content_format],
)
content = result
✨(api) add API route to fetch document content This allows API users to process document content, enabling the use of Docs as a headless CMS for instance, or any kind of document processing. Fixes #1206.
2025-07-24 02:31:50 +02:00
except YProviderValidationError as e:
return drf_response.Response(
{"error": str(e)}, status=status.HTTP_400_BAD_REQUEST
)
except YProviderServiceUnavailableError as e:
logger.error("Error getting content for document %s: %s", pk, e)
return drf_response.Response(
{"error": "Failed to get document content"},
status=status.HTTP_500_INTERNAL_SERVER_ERROR,
)
return drf_response.Response(
{
"id": str(document.id),
"title": document.title,
"content": content,
"created_at": document.created_at,
"updated_at": document.updated_at,
}
)
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
class DocumentAccessViewSet(
ResourceAccessViewsetMixin,
♻️(backend) refactor resource access viewset The document viewset was overriding the get_queryset method from its own mixin. This was a sign that the mixin was not optimal anymore. In the next commit I will need to complexify it further so it's time to refactor the mixin.
2025-04-12 09:11:33 +02:00
drf.mixins.CreateModelMixin,
drf.mixins.RetrieveModelMixin,
drf.mixins.UpdateModelMixin,
drf.mixins.DestroyModelMixin,
viewsets.GenericViewSet,
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
):
"""
API ViewSet for all interactions with document accesses.
GET /api/v1.0/documents/<resource_id>/accesses/:<document_access_id>
Return list of all document accesses related to the logged-in user or one
document access if an id is provided.
POST /api/v1.0/documents/<resource_id>/accesses/ with expected data:
- user: str
♻️(models) rename document/template access rights The "member" access right does not make sense for documents and templates. What we really need are "editor" and "reader" access rights.
2024-05-25 08:15:34 +02:00
- role: str [administrator|editor|reader]
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
Return newly created document access
PUT /api/v1.0/documents/<resource_id>/accesses/<document_access_id>/ with expected data:
♻️(models) rename document/template access rights The "member" access right does not make sense for documents and templates. What we really need are "editor" and "reader" access rights.
2024-05-25 08:15:34 +02:00
- role: str [owner|admin|editor|reader]
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
Return updated document access
PATCH /api/v1.0/documents/<resource_id>/accesses/<document_access_id>/ with expected data:
♻️(models) rename document/template access rights The "member" access right does not make sense for documents and templates. What we really need are "editor" and "reader" access rights.
2024-05-25 08:15:34 +02:00
- role: str [owner|admin|editor|reader]
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
Return partially updated document access
DELETE /api/v1.0/documents/<resource_id>/accesses/<document_access_id>/
Delete targeted document access
"""
lookup_field = "pk"
🐛(backend) allow creating accesses when privileged by heritage We took the opportunity of this bug to refactor serializers and permissions as advised one day by @qbey: no permission checks in serializers.
2025-05-06 09:41:16 +02:00
permission_classes = [permissions.ResourceAccessPermission]
queryset = models.DocumentAccess.objects.select_related("user", "document").only(
"id",
"created_at",
"role",
"team",
"user__id",
"user__short_name",
"user__full_name",
"user__email",
"user__language",
"document__id",
"document__path",
"document__depth",
)
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
resource_field_name = "document"
🔒️(backend) configure throttle on every viewsets We want to configure the throttle on all doc's viewsets. In order to monitor them, we use the MonitoredScopedRateThrottle class and a custom callback caputing the message in sentry at the warning level.
2025-09-05 15:29:08 +02:00
throttle_scope = "document_access"
🔒️(back) restrict accesss to document accesses Every user having an access to a document, no matter its role have access to the entire accesses list with all the user details. Only owner or admin should be able to have the entire list, for the other roles, they have access to the list containing only owner and administrator with less information on the username. The email and its id is removed
2025-03-24 23:36:24 +01:00
🐛(backend) allow creating accesses when privileged by heritage We took the opportunity of this bug to refactor serializers and permissions as advised one day by @qbey: no permission checks in serializers.
2025-05-06 09:41:16 +02:00
@cached_property
def document(self):
"""Get related document from resource ID in url and annotate user roles."""
♻️(backend) optimize refactoring access abilities and fix inheritance The latest refactoring in a445278 kept some factorizations that are not legit anymore after the refactoring. It is also cleaner to not make serializer choice in the list view if the reason for this choice is related to something else b/c other views would then use the wrong serializer and that would be a security leak. This commit also fixes a bug in the access rights inheritance: if a user is allowed to see accesses on a document, he should see all acesses related to ancestors, even the ancestors that he can not read. This is because the access that was granted on all ancestors also apply on the current document... so it must be displayed. Lastly, we optimize database queries because the number of accesses we fetch is going up with multi-pages and we were generating a lot of useless queries.
2025-05-02 18:30:12 +02:00
try:
🐛(backend) allow creating accesses when privileged by heritage We took the opportunity of this bug to refactor serializers and permissions as advised one day by @qbey: no permission checks in serializers.
2025-05-06 09:41:16 +02:00
return models.Document.objects.annotate_user_roles(self.request.user).get(
pk=self.kwargs["resource_id"]
)
♻️(backend) optimize refactoring access abilities and fix inheritance The latest refactoring in a445278 kept some factorizations that are not legit anymore after the refactoring. It is also cleaner to not make serializer choice in the list view if the reason for this choice is related to something else b/c other views would then use the wrong serializer and that would be a security leak. This commit also fixes a bug in the access rights inheritance: if a user is allowed to see accesses on a document, he should see all acesses related to ancestors, even the ancestors that he can not read. This is because the access that was granted on all ancestors also apply on the current document... so it must be displayed. Lastly, we optimize database queries because the number of accesses we fetch is going up with multi-pages and we were generating a lot of useless queries.
2025-05-02 18:30:12 +02:00
except models.Document.DoesNotExist as excpt:
🐛(backend) allow creating accesses when privileged by heritage We took the opportunity of this bug to refactor serializers and permissions as advised one day by @qbey: no permission checks in serializers.
2025-05-06 09:41:16 +02:00
raise drf.exceptions.NotFound() from excpt
🔒️(back) restrict accesss to document accesses Every user having an access to a document, no matter its role have access to the entire accesses list with all the user details. Only owner or admin should be able to have the entire list, for the other roles, they have access to the list containing only owner and administrator with less information on the username. The email and its id is removed
2025-03-24 23:36:24 +01:00
♻️(backend) optimize refactoring access abilities and fix inheritance The latest refactoring in a445278 kept some factorizations that are not legit anymore after the refactoring. It is also cleaner to not make serializer choice in the list view if the reason for this choice is related to something else b/c other views would then use the wrong serializer and that would be a security leak. This commit also fixes a bug in the access rights inheritance: if a user is allowed to see accesses on a document, he should see all acesses related to ancestors, even the ancestors that he can not read. This is because the access that was granted on all ancestors also apply on the current document... so it must be displayed. Lastly, we optimize database queries because the number of accesses we fetch is going up with multi-pages and we were generating a lot of useless queries.
2025-05-02 18:30:12 +02:00
def get_serializer_class(self):
"""Use light serializer for unprivileged users."""
return (
serializers.DocumentAccessSerializer
if self.document.get_role(self.request.user) in choices.PRIVILEGED_ROLES
else serializers.DocumentAccessLightSerializer
✨(backend) we want to display ancestors accesses on a document share The document accesses a user have on a document's ancestors also apply to this document. The frontend needs to list them as "inherited" so we need to add them to the list. Adding a "document_id" field on the output will allow the frontend to differentiate between inherited and direct accesses on a document.
2025-04-12 13:43:30 +02:00
)
♻️(backend) optimize refactoring access abilities and fix inheritance The latest refactoring in a445278 kept some factorizations that are not legit anymore after the refactoring. It is also cleaner to not make serializer choice in the list view if the reason for this choice is related to something else b/c other views would then use the wrong serializer and that would be a security leak. This commit also fixes a bug in the access rights inheritance: if a user is allowed to see accesses on a document, he should see all acesses related to ancestors, even the ancestors that he can not read. This is because the access that was granted on all ancestors also apply on the current document... so it must be displayed. Lastly, we optimize database queries because the number of accesses we fetch is going up with multi-pages and we were generating a lot of useless queries.
2025-05-02 18:30:12 +02:00
def list(self, request, *args, **kwargs):
"""Return accesses for the current document with filters and annotations."""
user = request.user
role = self.document.get_role(user)
if not role:
✨(backend) we want to display ancestors accesses on a document share The document accesses a user have on a document's ancestors also apply to this document. The frontend needs to list them as "inherited" so we need to add them to the list. Adding a "document_id" field on the output will allow the frontend to differentiate between inherited and direct accesses on a document.
2025-04-12 13:43:30 +02:00
return drf.response.Response([])
♻️(backend) optimize refactoring access abilities and fix inheritance The latest refactoring in a445278 kept some factorizations that are not legit anymore after the refactoring. It is also cleaner to not make serializer choice in the list view if the reason for this choice is related to something else b/c other views would then use the wrong serializer and that would be a security leak. This commit also fixes a bug in the access rights inheritance: if a user is allowed to see accesses on a document, he should see all acesses related to ancestors, even the ancestors that he can not read. This is because the access that was granted on all ancestors also apply on the current document... so it must be displayed. Lastly, we optimize database queries because the number of accesses we fetch is going up with multi-pages and we were generating a lot of useless queries.
2025-05-02 18:30:12 +02:00
ancestors = (
self.document.get_ancestors()
| models.Document.objects.filter(pk=self.document.pk)
).filter(ancestors_deleted_at__isnull=True)
✨(backend) we want to display ancestors accesses on a document share The document accesses a user have on a document's ancestors also apply to this document. The frontend needs to list them as "inherited" so we need to add them to the list. Adding a "document_id" field on the output will allow the frontend to differentiate between inherited and direct accesses on a document.
2025-04-12 13:43:30 +02:00
♻️(backend) optimize refactoring access abilities and fix inheritance The latest refactoring in a445278 kept some factorizations that are not legit anymore after the refactoring. It is also cleaner to not make serializer choice in the list view if the reason for this choice is related to something else b/c other views would then use the wrong serializer and that would be a security leak. This commit also fixes a bug in the access rights inheritance: if a user is allowed to see accesses on a document, he should see all acesses related to ancestors, even the ancestors that he can not read. This is because the access that was granted on all ancestors also apply on the current document... so it must be displayed. Lastly, we optimize database queries because the number of accesses we fetch is going up with multi-pages and we were generating a lot of useless queries.
2025-05-02 18:30:12 +02:00
queryset = self.get_queryset().filter(document__in=ancestors)
if role not in choices.PRIVILEGED_ROLES:
✨(backend) give an order to choices We are going to need to compare choices to materialize the fact that choices are ordered. For example an admin role is higer than an editor role but lower than an owner role. We will need this to compute the reach and role resulting from all the document accesses (resp. link accesses) assigned on a document's ancestors.
2025-04-23 22:47:24 +02:00
queryset = queryset.filter(role__in=choices.PRIVILEGED_ROLES)
♻️(backend) refactor resource access viewset The document viewset was overriding the get_queryset method from its own mixin. This was a sign that the mixin was not optimal anymore. In the next commit I will need to complexify it further so it's time to refactor the mixin.
2025-04-12 09:11:33 +02:00
✨(backend) add document path and depth to accesses endpoint The frontend requires this information about the ancestor document to which each access is related. We make sure it does not generate more db queries and does not fetch useless and heavy fields from the document like "excerpt".
2025-05-07 18:48:08 +02:00
accesses = list(queryset.order_by("document__path"))
♻️(backend) optimize refactoring access abilities and fix inheritance The latest refactoring in a445278 kept some factorizations that are not legit anymore after the refactoring. It is also cleaner to not make serializer choice in the list view if the reason for this choice is related to something else b/c other views would then use the wrong serializer and that would be a security leak. This commit also fixes a bug in the access rights inheritance: if a user is allowed to see accesses on a document, he should see all acesses related to ancestors, even the ancestors that he can not read. This is because the access that was granted on all ancestors also apply on the current document... so it must be displayed. Lastly, we optimize database queries because the number of accesses we fetch is going up with multi-pages and we were generating a lot of useless queries.
2025-05-02 18:30:12 +02:00
# Annotate more information on roles
✨(backend) add max ancestors role field to document access endpoint This field is set only on the list view when all accesses for a given document and all its ancestors are listed. It gives the highest role among all accesses related to each document.
2025-05-02 19:18:30 +02:00
path_to_key_to_max_ancestors_role = defaultdict(
lambda: defaultdict(lambda: None)
)
♻️(backend) optimize refactoring access abilities and fix inheritance The latest refactoring in a445278 kept some factorizations that are not legit anymore after the refactoring. It is also cleaner to not make serializer choice in the list view if the reason for this choice is related to something else b/c other views would then use the wrong serializer and that would be a security leak. This commit also fixes a bug in the access rights inheritance: if a user is allowed to see accesses on a document, he should see all acesses related to ancestors, even the ancestors that he can not read. This is because the access that was granted on all ancestors also apply on the current document... so it must be displayed. Lastly, we optimize database queries because the number of accesses we fetch is going up with multi-pages and we were generating a lot of useless queries.
2025-05-02 18:30:12 +02:00
path_to_ancestors_roles = defaultdict(list)
path_to_role = defaultdict(lambda: None)
for access in accesses:
✨(backend) add max ancestors role field to document access endpoint This field is set only on the list view when all accesses for a given document and all its ancestors are listed. It gives the highest role among all accesses related to each document.
2025-05-02 19:18:30 +02:00
key = access.target_key
path = access.document.path
parent_path = path[: -models.Document.steplen]
path_to_key_to_max_ancestors_role[path][key] = choices.RoleChoices.max(
path_to_key_to_max_ancestors_role[path][key], access.role
)
♻️(backend) optimize refactoring access abilities and fix inheritance The latest refactoring in a445278 kept some factorizations that are not legit anymore after the refactoring. It is also cleaner to not make serializer choice in the list view if the reason for this choice is related to something else b/c other views would then use the wrong serializer and that would be a security leak. This commit also fixes a bug in the access rights inheritance: if a user is allowed to see accesses on a document, he should see all acesses related to ancestors, even the ancestors that he can not read. This is because the access that was granted on all ancestors also apply on the current document... so it must be displayed. Lastly, we optimize database queries because the number of accesses we fetch is going up with multi-pages and we were generating a lot of useless queries.
2025-05-02 18:30:12 +02:00
✨(backend) add max ancestors role field to document access endpoint This field is set only on the list view when all accesses for a given document and all its ancestors are listed. It gives the highest role among all accesses related to each document.
2025-05-02 19:18:30 +02:00
if parent_path:
path_to_key_to_max_ancestors_role[path][key] = choices.RoleChoices.max(
path_to_key_to_max_ancestors_role[parent_path][key],
path_to_key_to_max_ancestors_role[path][key],
)
path_to_ancestors_roles[path].extend(
path_to_ancestors_roles[parent_path]
)
path_to_ancestors_roles[path].append(path_to_role[parent_path])
else:
path_to_ancestors_roles[path] = []
if access.user_id == user.id or access.team in user.teams:
path_to_role[path] = choices.RoleChoices.max(
path_to_role[path], access.role
♻️(backend) optimize refactoring access abilities and fix inheritance The latest refactoring in a445278 kept some factorizations that are not legit anymore after the refactoring. It is also cleaner to not make serializer choice in the list view if the reason for this choice is related to something else b/c other views would then use the wrong serializer and that would be a security leak. This commit also fixes a bug in the access rights inheritance: if a user is allowed to see accesses on a document, he should see all acesses related to ancestors, even the ancestors that he can not read. This is because the access that was granted on all ancestors also apply on the current document... so it must be displayed. Lastly, we optimize database queries because the number of accesses we fetch is going up with multi-pages and we were generating a lot of useless queries.
2025-05-02 18:30:12 +02:00
)
# serialize and return the response
context = self.get_serializer_context()
serializer_class = self.get_serializer_class()
serialized_data = []
for access in accesses:
✨(backend) add max ancestors role field to document access endpoint This field is set only on the list view when all accesses for a given document and all its ancestors are listed. It gives the highest role among all accesses related to each document.
2025-05-02 19:18:30 +02:00
path = access.document.path
parent_path = path[: -models.Document.steplen]
access.max_ancestors_role = (
path_to_key_to_max_ancestors_role[parent_path][access.target_key]
if parent_path
else None
)
♻️(backend) optimize refactoring access abilities and fix inheritance The latest refactoring in a445278 kept some factorizations that are not legit anymore after the refactoring. It is also cleaner to not make serializer choice in the list view if the reason for this choice is related to something else b/c other views would then use the wrong serializer and that would be a security leak. This commit also fixes a bug in the access rights inheritance: if a user is allowed to see accesses on a document, he should see all acesses related to ancestors, even the ancestors that he can not read. This is because the access that was granted on all ancestors also apply on the current document... so it must be displayed. Lastly, we optimize database queries because the number of accesses we fetch is going up with multi-pages and we were generating a lot of useless queries.
2025-05-02 18:30:12 +02:00
access.set_user_roles_tuple(
✨(backend) add max ancestors role field to document access endpoint This field is set only on the list view when all accesses for a given document and all its ancestors are listed. It gives the highest role among all accesses related to each document.
2025-05-02 19:18:30 +02:00
choices.RoleChoices.max(*path_to_ancestors_roles[path]),
path_to_role.get(path),
♻️(backend) optimize refactoring access abilities and fix inheritance The latest refactoring in a445278 kept some factorizations that are not legit anymore after the refactoring. It is also cleaner to not make serializer choice in the list view if the reason for this choice is related to something else b/c other views would then use the wrong serializer and that would be a security leak. This commit also fixes a bug in the access rights inheritance: if a user is allowed to see accesses on a document, he should see all acesses related to ancestors, even the ancestors that he can not read. This is because the access that was granted on all ancestors also apply on the current document... so it must be displayed. Lastly, we optimize database queries because the number of accesses we fetch is going up with multi-pages and we were generating a lot of useless queries.
2025-05-02 18:30:12 +02:00
)
serializer = serializer_class(access, context=context)
serialized_data.append(serializer.data)
return drf.response.Response(serialized_data)
🔒️(back) restrict accesss to document accesses Every user having an access to a document, no matter its role have access to the entire accesses list with all the user details. Only owner or admin should be able to have the entire list, for the other roles, they have access to the list containing only owner and administrator with less information on the username. The email and its id is removed
2025-03-24 23:36:24 +01:00
✨(backend) send email invitation when add user to doc We send as well an email invitation to the user when we add him to a document.
2024-08-15 15:40:56 +02:00
def perform_create(self, serializer):
🐛(backend) allow creating accesses when privileged by heritage We took the opportunity of this bug to refactor serializers and permissions as advised one day by @qbey: no permission checks in serializers.
2025-05-06 09:41:16 +02:00
"""
Actually create the new document access:
- Ensures the `document_id` is explicitly set from the URL
- If the assigned role is `OWNER`, checks that the requesting user is an owner
of the document. This is the only permission check deferred until this step;
all other access checks are handled earlier in the permission lifecycle.
- Sends an invitation email to the newly added user after saving the access.
"""
role = serializer.validated_data.get("role")
if (
role == choices.RoleChoices.OWNER
and self.document.get_role(self.request.user) != choices.RoleChoices.OWNER
):
raise drf.exceptions.PermissionDenied(
"Only owners of a document can assign other users as owners."
)
access = serializer.save(document_id=self.kwargs["resource_id"])
♻️(email) use full name instead of email If the full name is available, we will use it to identify the user in the email instead of the email address.
2024-10-15 15:53:18 +02:00
🐛(backend) fix creating/updating document accesses for teams This use case was forgotten when the support for team accesses was added. We add tests to stabilize the feature and its security.
2025-05-07 19:52:02 +02:00
if access.user:
access.document.send_invitation_email(
access.user.email,
access.role,
self.request.user,
access.user.language
or self.request.user.language
or settings.LANGUAGE_CODE,
)
✨(backend) send email invitation when add user to doc We send as well an email invitation to the user when we add him to a document.
2024-08-15 15:40:56 +02:00
✨(backend) notify collaboration server When an access is updated or removed, the collaboration server is notified to reset the access connection; by being disconnected, the accesses will automatically reconnect by passing by the ngnix subrequest, and so get the good rights. We do the same system when the document link is updated, except here we reset every access connection.
2024-11-28 16:35:48 +01:00
def perform_update(self, serializer):
"""Update an access to the document and notify the collaboration server."""
access = serializer.save()
access_user_id = None
if access.user:
access_user_id = str(access.user.id)
# Notify collaboration server about the access change
CollaborationService().reset_connections(
str(access.document.id), access_user_id
)
def perform_destroy(self, instance):
"""Delete an access to the document and notify the collaboration server."""
instance.delete()
# Notify collaboration server about the access removed
CollaborationService().reset_connections(
str(instance.document.id), str(instance.user.id)
)
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
class TemplateViewSet(
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
drf.mixins.RetrieveModelMixin,
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
viewsets.GenericViewSet,
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
):
"""Template ViewSet"""
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
filter_backends = [drf.filters.OrderingFilter]
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
permission_classes = [
permissions.IsAuthenticatedOrSafe,
🐛(backend) allow creating accesses when privileged by heritage We took the opportunity of this bug to refactor serializers and permissions as advised one day by @qbey: no permission checks in serializers.
2025-05-06 09:41:16 +02:00
permissions.ResourceWithAccessPermission,
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
]
🔒️(backend) configure throttle on every viewsets We want to configure the throttle on all doc's viewsets. In order to monitor them, we use the MonitoredScopedRateThrottle class and a custom callback caputing the message in sentry at the warning level.
2025-09-05 15:29:08 +02:00
throttle_scope = "template"
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
ordering = ["-created_at"]
ordering_fields = ["created_at", "updated_at", "title"]
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
serializer_class = serializers.TemplateSerializer
queryset = models.Template.objects.all()
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
def get_queryset(self):
"""Custom queryset to get user related templates."""
queryset = super().get_queryset()
user = self.request.user
if not user.is_authenticated:
return queryset
user_roles_query = (
models.TemplateAccess.objects.filter(
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
db.Q(user=user) | db.Q(team__in=user.teams),
template_id=db.OuterRef("pk"),
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
)
.values("template")
.annotate(roles_array=ArrayAgg("role"))
.values("roles_array")
)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
return queryset.annotate(user_roles=db.Subquery(user_roles_query)).distinct()
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
def list(self, request, *args, **kwargs):
"""Restrict templates returned by the list endpoint"""
queryset = self.filter_queryset(self.get_queryset())
user = self.request.user
if user.is_authenticated:
queryset = queryset.filter(
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
db.Q(accesses__user=user)
| db.Q(accesses__team__in=user.teams)
| db.Q(is_public=True)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
)
else:
queryset = queryset.filter(is_public=True)
page = self.paginate_queryset(queryset)
if page is not None:
serializer = self.get_serializer(page, many=True)
return self.get_paginated_response(serializer.data)
serializer = self.get_serializer(queryset, many=True)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(serializer.data)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
class InvitationViewset(
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
drf.mixins.CreateModelMixin,
drf.mixins.ListModelMixin,
drf.mixins.RetrieveModelMixin,
drf.mixins.DestroyModelMixin,
drf.mixins.UpdateModelMixin,
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
viewsets.GenericViewSet,
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
):
"""API ViewSet for user invitations to document.
GET /api/v1.0/documents/<document_id>/invitations/:<invitation_id>/
Return list of invitations related to that document or one
document access if an id is provided.
POST /api/v1.0/documents/<document_id>/invitations/ with expected data:
- email: str
♻️(models) rename document/template access rights The "member" access right does not make sense for documents and templates. What we really need are "editor" and "reader" access rights.
2024-05-25 08:15:34 +02:00
- role: str [administrator|editor|reader]
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
Return newly created invitation (issuer and document are automatically set)
🛂(backend) can update role invitation Allow to update role invitation if owner or admin.
2024-08-16 16:55:00 +02:00
PATCH /api/v1.0/documents/<document_id>/invitations/:<invitation_id>/ with expected data:
- role: str [owner|admin|editor|reader]
Return partially updated document invitation
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
DELETE /api/v1.0/documents/<document_id>/invitations/<invitation_id>/
Delete targeted invitation
"""
lookup_field = "id"
pagination_class = Pagination
🐛(backend) fix invitations API endpoint access rights Only users who have the rights to manage accesses on the document should be allowed to see and manipulate invitations. Other users can see access rights on the document but only when the corresponding user/team has actually been granted access. We added a parameter in document abilities so the frontend knows when the logged-in user can invite another user with the owner role or not.
2024-10-22 00:28:16 +02:00
permission_classes = [
permissions.CanCreateInvitationPermission,
🐛(backend) allow creating accesses when privileged by heritage We took the opportunity of this bug to refactor serializers and permissions as advised one day by @qbey: no permission checks in serializers.
2025-05-06 09:41:16 +02:00
permissions.ResourceWithAccessPermission,
🐛(backend) fix invitations API endpoint access rights Only users who have the rights to manage accesses on the document should be allowed to see and manipulate invitations. Other users can see access rights on the document but only when the corresponding user/team has actually been granted access. We added a parameter in document abilities so the frontend knows when the logged-in user can invite another user with the owner role or not.
2024-10-22 00:28:16 +02:00
]
🔒️(backend) configure throttle on every viewsets We want to configure the throttle on all doc's viewsets. In order to monitor them, we use the MonitoredScopedRateThrottle class and a custom callback caputing the message in sentry at the warning level.
2025-09-05 15:29:08 +02:00
throttle_scope = "invitation"
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
queryset = (
models.Invitation.objects.all()
.select_related("document")
.order_by("-created_at")
)
serializer_class = serializers.InvitationSerializer
def get_serializer_context(self):
"""Extra context provided to the serializer class."""
context = super().get_serializer_context()
context["resource_id"] = self.kwargs["resource_id"]
return context
def get_queryset(self):
"""Return the queryset according to the action."""
queryset = super().get_queryset()
queryset = queryset.filter(document=self.kwargs["resource_id"])
if self.action == "list":
user = self.request.user
🛂(backend) stop to list public doc to everyone Everybody could see the full list of public docs. Now only members can see their public docs. They can still access to any specific public doc.
2024-09-06 16:12:02 +02:00
teams = user.teams
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
# Determine which role the logged-in user has in the document
user_roles_query = (
models.DocumentAccess.objects.filter(
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
db.Q(user=user) | db.Q(team__in=teams),
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
document=self.kwargs["resource_id"],
)
.values("document")
.annotate(roles_array=ArrayAgg("role"))
.values("roles_array")
)
queryset = (
🐛(backend) fix invitations API endpoint access rights Only users who have the rights to manage accesses on the document should be allowed to see and manipulate invitations. Other users can see access rights on the document but only when the corresponding user/team has actually been granted access. We added a parameter in document abilities so the frontend knows when the logged-in user can invite another user with the owner role or not.
2024-10-22 00:28:16 +02:00
# The logged-in user should be administrator or owner to see its accesses
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
queryset.filter(
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
db.Q(
🐛(backend) fix invitations API endpoint access rights Only users who have the rights to manage accesses on the document should be allowed to see and manipulate invitations. Other users can see access rights on the document but only when the corresponding user/team has actually been granted access. We added a parameter in document abilities so the frontend knows when the logged-in user can invite another user with the owner role or not.
2024-10-22 00:28:16 +02:00
document__accesses__user=user,
✨(backend) give an order to choices We are going to need to compare choices to materialize the fact that choices are ordered. For example an admin role is higer than an editor role but lower than an owner role. We will need this to compute the reach and role resulting from all the document accesses (resp. link accesses) assigned on a document's ancestors.
2025-04-23 22:47:24 +02:00
document__accesses__role__in=choices.PRIVILEGED_ROLES,
🐛(backend) fix invitations API endpoint access rights Only users who have the rights to manage accesses on the document should be allowed to see and manipulate invitations. Other users can see access rights on the document but only when the corresponding user/team has actually been granted access. We added a parameter in document abilities so the frontend knows when the logged-in user can invite another user with the owner role or not.
2024-10-22 00:28:16 +02:00
)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
| db.Q(
🐛(backend) fix invitations API endpoint access rights Only users who have the rights to manage accesses on the document should be allowed to see and manipulate invitations. Other users can see access rights on the document but only when the corresponding user/team has actually been granted access. We added a parameter in document abilities so the frontend knows when the logged-in user can invite another user with the owner role or not.
2024-10-22 00:28:16 +02:00
document__accesses__team__in=teams,
✨(backend) give an order to choices We are going to need to compare choices to materialize the fact that choices are ordered. For example an admin role is higer than an editor role but lower than an owner role. We will need this to compute the reach and role resulting from all the document accesses (resp. link accesses) assigned on a document's ancestors.
2025-04-23 22:47:24 +02:00
document__accesses__role__in=choices.PRIVILEGED_ROLES,
🐛(backend) fix invitations API endpoint access rights Only users who have the rights to manage accesses on the document should be allowed to see and manipulate invitations. Other users can see access rights on the document but only when the corresponding user/team has actually been granted access. We added a parameter in document abilities so the frontend knows when the logged-in user can invite another user with the owner role or not.
2024-10-22 00:28:16 +02:00
),
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
)
# Abilities are computed based on logged-in user's role and
# the user role on each document access
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
.annotate(user_roles=db.Subquery(user_roles_query))
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
.distinct()
)
return queryset
✨(backend) send email invitation when add user to doc We send as well an email invitation to the user when we add him to a document.
2024-08-15 15:40:56 +02:00
♻️(backend) refacto email invitation Remove email invitation from Invitation model to be able to use it in other context. We add it in utils.py instead, and it will be called from the viewset. We add the document_id to link to the document from the mail.
2024-08-15 15:38:38 +02:00
def perform_create(self, serializer):
"""Save invitation to a document then send an email to the invited user."""
invitation = serializer.save()
✨(backend) add server-to-server API endpoint to create documents We want trusted external applications to be able to create documents via the API on behalf of any user. The user may or may not pre-exist in our database and should be notified of the document creation by email.
2024-12-01 11:25:01 +01:00
invitation.document.send_invitation_email(
🔨(backend) email invitation in invited user's language - language for invitation emails => language saved on the invited user - if invited user does not exist yet => language of the sending user - if for some reason no sending user => system default language
2025-03-04 13:46:40 +01:00
invitation.email,
invitation.role,
self.request.user,
self.request.user.language or settings.LANGUAGE_CODE,
♻️(backend) change email invitation content Change the email invitation content. More document related variables are added. To benefit of the document inheritance, we moved the function email_invitation to the document model.
2024-09-25 12:43:02 +02:00
)
✨(backend) add public endpoint /api/v1.0/config/ Add public endpoint /api/v1.0/config/ to share some public configuration values.
2024-11-15 09:29:07 +01:00
✨(back) document as for access CRUD We introduce a new model for user wanted to access a document or upgrade their role if they already have access. The viewsets does not implement PUT and PATCH, we don't need it for now.
2025-06-18 15:13:48 +02:00
class DocumentAskForAccessViewSet(
drf.mixins.ListModelMixin,
drf.mixins.RetrieveModelMixin,
drf.mixins.DestroyModelMixin,
viewsets.GenericViewSet,
):
"""API ViewSet for asking for access to a document."""
lookup_field = "id"
pagination_class = Pagination
✅(back) fix backend code related to multipage dev During the multipage dev, the code base has changed a lot and rebase after rebase it has come difficult to manage fixup commits. This commits fix modification made that can be fixup in previous commits. The persmission AccessPermission has been renamed in ResourceWithAccessPermission and should be used in the DocumentAskForAccessViewSet. A migration with the same dependency exists, the last one is fixed. And a test didn't have removed an abilitites.
2025-07-01 16:29:08 +02:00
permission_classes = [
permissions.IsAuthenticated,
permissions.ResourceWithAccessPermission,
]
🔒️(backend) configure throttle on every viewsets We want to configure the throttle on all doc's viewsets. In order to monitor them, we use the MonitoredScopedRateThrottle class and a custom callback caputing the message in sentry at the warning level.
2025-09-05 15:29:08 +02:00
throttle_scope = "document_ask_for_access"
✨(back) document as for access CRUD We introduce a new model for user wanted to access a document or upgrade their role if they already have access. The viewsets does not implement PUT and PATCH, we don't need it for now.
2025-06-18 15:13:48 +02:00
queryset = models.DocumentAskForAccess.objects.all()
serializer_class = serializers.DocumentAskForAccessSerializer
_document = None
def get_document_or_404(self):
"""Get the document related to the viewset or raise a 404 error."""
if self._document is None:
try:
self._document = models.Document.objects.get(
🛂(back) restrict ask for access to root documents In a first version we want to restrict the ask for access feature only to root document. We will work on opening to all documents when iherited permissions will be implemented.
2025-07-08 10:58:48 +02:00
pk=self.kwargs["resource_id"],
depth=1,
✨(back) document as for access CRUD We introduce a new model for user wanted to access a document or upgrade their role if they already have access. The viewsets does not implement PUT and PATCH, we don't need it for now.
2025-06-18 15:13:48 +02:00
)
except models.Document.DoesNotExist as e:
raise drf.exceptions.NotFound("Document not found.") from e
return self._document
def get_queryset(self):
"""Return the queryset according to the action."""
document = self.get_document_or_404()
queryset = super().get_queryset()
queryset = queryset.filter(document=document)
✅(back) fix backend code related to multipage dev During the multipage dev, the code base has changed a lot and rebase after rebase it has come difficult to manage fixup commits. This commits fix modification made that can be fixup in previous commits. The persmission AccessPermission has been renamed in ResourceWithAccessPermission and should be used in the DocumentAskForAccessViewSet. A migration with the same dependency exists, the last one is fixed. And a test didn't have removed an abilitites.
2025-07-01 16:29:08 +02:00
is_owner_or_admin = (
document.get_role(self.request.user) in models.PRIVILEGED_ROLES
)
✨(back) document as for access CRUD We introduce a new model for user wanted to access a document or upgrade their role if they already have access. The viewsets does not implement PUT and PATCH, we don't need it for now.
2025-06-18 15:13:48 +02:00
if not is_owner_or_admin:
queryset = queryset.filter(user=self.request.user)
return queryset
def create(self, request, *args, **kwargs):
"""Create a document ask for access resource."""
document = self.get_document_or_404()
serializer = serializers.DocumentAskForAccessCreateSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
queryset = self.get_queryset()
if queryset.filter(user=request.user).exists():
return drf.response.Response(
{"detail": "You already ask to access to this document."},
status=drf.status.HTTP_400_BAD_REQUEST,
)
✨(backend) send email to admins when user ask for access When a user requests access to a document, an email is sent to the admins and owners of the document.
2025-06-20 15:24:46 +02:00
ask_for_access = models.DocumentAskForAccess.objects.create(
✨(back) document as for access CRUD We introduce a new model for user wanted to access a document or upgrade their role if they already have access. The viewsets does not implement PUT and PATCH, we don't need it for now.
2025-06-18 15:13:48 +02:00
document=document,
user=request.user,
role=serializer.validated_data["role"],
)
✨(backend) send email to admins when user ask for access When a user requests access to a document, an email is sent to the admins and owners of the document.
2025-06-20 15:24:46 +02:00
send_ask_for_access_mail.delay(ask_for_access.id)
✨(back) document as for access CRUD We introduce a new model for user wanted to access a document or upgrade their role if they already have access. The viewsets does not implement PUT and PATCH, we don't need it for now.
2025-06-18 15:13:48 +02:00
return drf.response.Response(status=drf.status.HTTP_201_CREATED)
✨(back) accept for a owner the request to access a document Add the action accepting a request to access a document. It is possible to override the role from the request and also update an existing DocumentAccess
2025-06-18 15:50:12 +02:00
@drf.decorators.action(detail=True, methods=["post"])
def accept(self, request, *args, **kwargs):
"""Accept a document ask for access resource."""
document_ask_for_access = self.get_object()
serializer = serializers.RoleSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
♻️(backend) rely on set_role_to from DocumentAskForAccess abilities Like in other abilities, we compute a set_role_to property on the abilities. This set_role_to contains all the roles lower or equal than the current user role. We rely on this propoerty to validate the accept endpoint and it will be used by the front allpication to built the role select list.
2025-11-13 14:44:28 +01:00
target_role = serializer.validated_data.get(
"role", document_ask_for_access.role
)
abilities = document_ask_for_access.get_abilities(request.user)
🔒️(backend) role in ask_for_access must be lower than user role We check that the role set in a ask_for_access is not higher than the user's role accepting the request. We prevent case where ad min will grant a user owner in order to take control of the document. Only owner can accept an owner role.
2025-11-12 11:54:55 +01:00
♻️(backend) rely on set_role_to from DocumentAskForAccess abilities Like in other abilities, we compute a set_role_to property on the abilities. This set_role_to contains all the roles lower or equal than the current user role. We rely on this propoerty to validate the accept endpoint and it will be used by the front allpication to built the role select list.
2025-11-13 14:44:28 +01:00
if target_role not in abilities["set_role_to"]:
🔒️(backend) role in ask_for_access must be lower than user role We check that the role set in a ask_for_access is not higher than the user's role accepting the request. We prevent case where ad min will grant a user owner in order to take control of the document. Only owner can accept an owner role.
2025-11-12 11:54:55 +01:00
return drf.response.Response(
{"detail": "You cannot accept a role higher than your own."},
status=drf.status.HTTP_400_BAD_REQUEST,
)
document_ask_for_access.accept(role=target_role)
✨(back) accept for a owner the request to access a document Add the action accepting a request to access a document. It is possible to override the role from the request and also update an existing DocumentAccess
2025-06-18 15:50:12 +02:00
return drf.response.Response(status=drf.status.HTTP_204_NO_CONTENT)
✨(back) document as for access CRUD We introduce a new model for user wanted to access a document or upgrade their role if they already have access. The viewsets does not implement PUT and PATCH, we don't need it for now.
2025-06-18 15:13:48 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
class ConfigView(drf.views.APIView):
✨(backend) add public endpoint /api/v1.0/config/ Add public endpoint /api/v1.0/config/ to share some public configuration values.
2024-11-15 09:29:07 +01:00
"""API ViewSet for sharing some public settings."""
permission_classes = [AllowAny]
🔒️(backend) configure throttle on every viewsets We want to configure the throttle on all doc's viewsets. In order to monitor them, we use the MonitoredScopedRateThrottle class and a custom callback caputing the message in sentry at the warning level.
2025-09-05 15:29:08 +02:00
throttle_scope = "config"
✨(backend) add public endpoint /api/v1.0/config/ Add public endpoint /api/v1.0/config/ to share some public configuration values.
2024-11-15 09:29:07 +01:00
def get(self, request):
"""
GET /api/v1.0/config/
Return a dictionary of public settings.
"""
array_settings = [
🐛(frontend) conditionally render AI button in toolbar Added a feature flag check to ensure the AIGroupButton is only rendered when AI_FEATURE_ENABLED is explicitly set to "true". This prevents the AI button from appearing when the feature is not configured or disabled. Fixes #782 Signed-off-by: Matthias <matthias@universum.com>
2025-03-27 23:21:26 +01:00
"AI_FEATURE_ENABLED",
🚚(collaboration) change the websocket url name We will have 2 urls targeting the server, better to improve the naming to avoid confusion.
2024-12-03 15:07:21 +01:00
"COLLABORATION_WS_URL",
🚩(frontend) feature flag on blocking edition If users were not connected to the collaboration server, they were not be able to edit documents. We decided to add a feature flag on this feature as it can be quite restrictive. We can now enable or disable this feature at runtime thanks to the env variable "COLLABORATION_WS_NOT_CONNECTED_READY_ONLY".
2025-05-23 10:17:00 +02:00
"COLLABORATION_WS_NOT_CONNECTED_READY_ONLY",
🔧(backend) add CRISP_WEBSITE_ID setting Add setting CRISP_WEBSITE_ID. This setting is used to configure the Crisp chat widget. It will be available to the conf endpoint, to be used by the frontend.
2024-11-25 14:35:02 +01:00
"CRISP_WEBSITE_ID",
🔧(backend) add FRONTEND_THEME setting The frontend need to know the theme to be used, so we need to add a new setting to the backend, in order to expose this value to the frontend.
2024-11-15 11:43:10 +01:00
"ENVIRONMENT",
🔧(backend) add FRONTEND_CSS_URL env var We added the `FRONTEND_CSS_URL` environment variable. It will give the possibility to add a css layer at runtime.
2025-03-26 16:15:44 +01:00
"FRONTEND_CSS_URL",
🚩(backend) add homepage feature flag Add a homepage feature flag that we will propagate to the frontend. It will be used to enable or disable the homepage at runtime.
2025-04-09 15:32:25 +02:00
"FRONTEND_HOMEPAGE_FEATURE_ENABLED",
🔧(backend) add view to manage footer json We added the `FRONTEND_URL_JSON_FOOTER` environment variable. It will give the possibility to generate your own footer content in the frontend. If the variable is not set, the footer will not be displayed.
2025-04-04 10:04:30 +02:00
"FRONTEND_THEME",
🔧(backend) add MEDIA_BASE_URL setting The frontend need to know the base url for the media files, so we need to add a new setting to the backend, in order to expose this value to the frontend. If the setting is not defined, the frontend current domain will be used as the base url. In production this setting do not need to be defined since we have nginx capturing the media requests, but in development we need to define it to target the nginx server.
2024-11-15 11:31:09 +01:00
"MEDIA_BASE_URL",
🔧(backend) add posthog configuration We add the posthog configuration to the project. We will expose the posthog configuration to the frontend.
2025-01-21 14:16:00 +01:00
"POSTHOG_KEY",
✨(backend) add public endpoint /api/v1.0/config/ Add public endpoint /api/v1.0/config/ to share some public configuration values.
2024-11-15 09:29:07 +01:00
"LANGUAGES",
"LANGUAGE_CODE",
"SENTRY_DSN",
✨(backend) expose deleted_at information in serializer The front needs to know when a document has been deleted. We expose the deleted_at property on a document object,
2025-10-06 08:38:40 +02:00
"TRASHBIN_CUTOFF_DAYS",
✨(backend) add public endpoint /api/v1.0/config/ Add public endpoint /api/v1.0/config/ to share some public configuration values.
2024-11-15 09:29:07 +01:00
]
dict_settings = {}
for setting in array_settings:
if hasattr(settings, setting):
dict_settings[setting] = getattr(settings, setting)
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
dict_settings["theme_customization"] = self._load_theme_customization()
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(dict_settings)
🔧(backend) add view to manage footer json We added the `FRONTEND_URL_JSON_FOOTER` environment variable. It will give the possibility to generate your own footer content in the frontend. If the variable is not set, the footer will not be displayed.
2025-04-04 10:04:30 +02:00
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
def _load_theme_customization(self):
if not settings.THEME_CUSTOMIZATION_FILE_PATH:
return {}
🔧(backend) add view to manage footer json We added the `FRONTEND_URL_JSON_FOOTER` environment variable. It will give the possibility to generate your own footer content in the frontend. If the variable is not set, the footer will not be displayed.
2025-04-04 10:04:30 +02:00
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
cache_key = (
f"theme_customization_{slugify(settings.THEME_CUSTOMIZATION_FILE_PATH)}"
)
theme_customization = cache.get(cache_key, {})
if theme_customization:
return theme_customization
🔧(backend) add view to manage footer json We added the `FRONTEND_URL_JSON_FOOTER` environment variable. It will give the possibility to generate your own footer content in the frontend. If the variable is not set, the footer will not be displayed.
2025-04-04 10:04:30 +02:00
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
try:
with open(
settings.THEME_CUSTOMIZATION_FILE_PATH, "r", encoding="utf-8"
) as f:
theme_customization = json.load(f)
except FileNotFoundError:
logger.error(
"Configuration file not found: %s",
settings.THEME_CUSTOMIZATION_FILE_PATH,
)
except json.JSONDecodeError:
logger.error(
"Configuration file is not a valid JSON: %s",
settings.THEME_CUSTOMIZATION_FILE_PATH,
)
else:
cache.set(
cache_key,
theme_customization,
settings.THEME_CUSTOMIZATION_CACHE_TIMEOUT,
)
🔧(backend) add view to manage footer json We added the `FRONTEND_URL_JSON_FOOTER` environment variable. It will give the possibility to generate your own footer content in the frontend. If the variable is not set, the footer will not be displayed.
2025-04-04 10:04:30 +02:00
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
return theme_customization
✨(backend) add comment viewset This commit add the CRUD part to manage comment lifeycle. Permissions are relying on the Document and Comment abilities. Comment viewset depends on the Document route and is added to the document_related_router. Dedicated serializer and permission are created.
2025-08-28 08:21:35 +02:00
✨(backend) implement thread and reactions API In order to use comment we also have to implement a thread and reactions API. A thread has multiple comments and comments can have multiple reactions.
2025-09-12 15:28:25 +02:00
class CommentViewSetMixin:
"""Comment ViewSet Mixin."""
✨(backend) add comment viewset This commit add the CRUD part to manage comment lifeycle. Permissions are relying on the Document and Comment abilities. Comment viewset depends on the Document route and is added to the document_related_router. Dedicated serializer and permission are created.
2025-08-28 08:21:35 +02:00
_document = None
def get_document_or_404(self):
"""Get the document related to the viewset or raise a 404 error."""
if self._document is None:
try:
self._document = models.Document.objects.get(
pk=self.kwargs["resource_id"],
)
except models.Document.DoesNotExist as e:
raise drf.exceptions.NotFound("Document not found.") from e
return self._document
✨(backend) implement thread and reactions API In order to use comment we also have to implement a thread and reactions API. A thread has multiple comments and comments can have multiple reactions.
2025-09-12 15:28:25 +02:00
class ThreadViewSet(
ResourceAccessViewsetMixin,
CommentViewSetMixin,
drf.mixins.CreateModelMixin,
drf.mixins.ListModelMixin,
drf.mixins.RetrieveModelMixin,
drf.mixins.DestroyModelMixin,
viewsets.GenericViewSet,
):
"""Thread API: list/create threads and nested comment operations."""
permission_classes = [permissions.CommentPermission]
pagination_class = Pagination
serializer_class = serializers.ThreadSerializer
queryset = models.Thread.objects.select_related("creator", "document").filter(
resolved=False
)
resource_field_name = "document"
def perform_create(self, serializer):
"""Create the first comment of the thread."""
body = serializer.validated_data["body"]
del serializer.validated_data["body"]
thread = serializer.save()
models.Comment.objects.create(
thread=thread,
user=self.request.user if self.request.user.is_authenticated else None,
body=body,
)
@drf.decorators.action(detail=True, methods=["post"], url_path="resolve")
def resolve(self, request, *args, **kwargs):
"""Resolve a thread."""
thread = self.get_object()
if not thread.resolved:
thread.resolved = True
thread.resolved_at = timezone.now()
thread.resolved_by = request.user
thread.save(update_fields=["resolved", "resolved_at", "resolved_by"])
return drf.response.Response(status=status.HTTP_204_NO_CONTENT)
class CommentViewSet(
CommentViewSetMixin,
viewsets.ModelViewSet,
):
"""Comment API: list/create comments and nested reaction operations."""
permission_classes = [permissions.CommentPermission]
pagination_class = Pagination
serializer_class = serializers.CommentSerializer
queryset = models.Comment.objects.select_related("user").all()
def get_queryset(self):
"""Override to filter on related resource."""
return (
super()
.get_queryset()
.filter(
thread=self.kwargs["thread_id"],
thread__document=self.kwargs["resource_id"],
)
)
✨(backend) add comment viewset This commit add the CRUD part to manage comment lifeycle. Permissions are relying on the Document and Comment abilities. Comment viewset depends on the Document route and is added to the document_related_router. Dedicated serializer and permission are created.
2025-08-28 08:21:35 +02:00
def get_serializer_context(self):
"""Extra context provided to the serializer class."""
context = super().get_serializer_context()
✨(backend) implement thread and reactions API In order to use comment we also have to implement a thread and reactions API. A thread has multiple comments and comments can have multiple reactions.
2025-09-12 15:28:25 +02:00
context["document_id"] = self.kwargs["resource_id"]
context["thread_id"] = self.kwargs["thread_id"]
✨(backend) add comment viewset This commit add the CRUD part to manage comment lifeycle. Permissions are relying on the Document and Comment abilities. Comment viewset depends on the Document route and is added to the document_related_router. Dedicated serializer and permission are created.
2025-08-28 08:21:35 +02:00
return context
✨(backend) implement thread and reactions API In order to use comment we also have to implement a thread and reactions API. A thread has multiple comments and comments can have multiple reactions.
2025-09-12 15:28:25 +02:00
@drf.decorators.action(
detail=True,
methods=["post", "delete"],
)
def reactions(self, request, *args, **kwargs):
"""POST: add reaction; DELETE: remove reaction.
Emoji is expected in request.data['emoji'] for both operations.
"""
comment = self.get_object()
serializer = serializers.ReactionSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
if request.method == "POST":
reaction, created = models.Reaction.objects.get_or_create(
comment=comment,
emoji=serializer.validated_data["emoji"],
)
if not created and reaction.users.filter(id=request.user.id).exists():
return drf.response.Response(
{"user_already_reacted": True}, status=status.HTTP_400_BAD_REQUEST
)
reaction.users.add(request.user)
return drf.response.Response(status=status.HTTP_201_CREATED)
# DELETE
try:
reaction = models.Reaction.objects.get(
comment=comment,
emoji=serializer.validated_data["emoji"],
users__in=[request.user],
)
except models.Reaction.DoesNotExist as e:
raise drf.exceptions.NotFound("Reaction not found.") from e
reaction.users.remove(request.user)
if not reaction.users.exists():
reaction.delete()
return drf.response.Response(status=status.HTTP_204_NO_CONTENT)
Reference in New Issue Copy Permalink