studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-03-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
a7c91f94430015897237aa799c04f46961ef0707
docs/src/backend/core/api/viewsets.py

1984 lines
73 KiB
Python
Raw Normal View History

✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
"""API endpoints"""
✨(backend) annotate number of accesses on documents The new UI will display the number of accesses on each document. /!\ Once team accesses will be used, this will not represent the number of people with access anymore and will have to be improved by computing the number of people in each team.
2024-11-09 18:33:48 +01:00
# pylint: disable=too-many-lines
🚨(backend) fix linting issues after upgrading The last upgrades introduced some linting issues. This commit fixes them.
2024-08-20 16:42:27 +02:00
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
import json
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
import logging
✨(backend) allow uploading images as attachments to a document We only rely on S3 to store attachments for a document. Nothing is persisted in the database as the image media urls will be stored in the document json.
2024-08-19 22:35:48 +02:00
import uuid
♻️(back) return the media-check url on the attachment_upload response We want to have the media-check url returned on the attachment-upload response instead of the media url directly. The front will know the endpoint to use to check the media status.
2025-05-21 15:09:40 +02:00
from urllib.parse import unquote, urlencode, urlparse
✨(backend) allow uploading images as attachments to a document We only rely on S3 to store attachments for a document. Nothing is persisted in the database as the image media urls will be stored in the document json.
2024-08-19 22:35:48 +02:00
from django.conf import settings
✨(models/api) add RBAC on templates linking accesses to a team name We want to be able to control who can access a template via roles. I added this feature on the TeamAccess model assuming that the teams to which a user belongs can be retrieved via a `get_teams` method on the user model. The idea is that this method will get the teams either via a call to an external API or directly from the OIDC token upon user login. This list of teams will probably have to be cached for each user.
2024-03-03 08:49:27 +01:00
from django.contrib.postgres.aggregates import ArrayAgg
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
from django.contrib.postgres.fields import ArrayField
🚸(backend) improve users similarity search and sort results In some edge cases, the domain part the email addresse is longer than the name part. Users searches by email similarity then return a lot of unsorted results. We can improve this by being more demanding on similarity when the query looks like an email. Sorting results by the similarity score is also an obvious improvement. At the moment, we still think it is good to propose results with a weak similarity on the name part because we want to avoid as much as possible creating duplicate users by inviting one of is many emails, a user who is already in our database. Fixes 399
2024-11-06 08:09:05 +01:00
from django.contrib.postgres.search import TrigramSimilarity
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
from django.core.cache import cache
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
from django.core.exceptions import ValidationError
✨(backend) allow uploading images as attachments to a document We only rely on S3 to store attachments for a document. Nothing is persisted in the database as the image media urls will be stored in the document json.
2024-08-19 22:35:48 +02:00
from django.core.files.storage import default_storage
🐛(backend) race condition create doc When 2 docs are created almost at the same time, the second one will fail because the first one. We get a unicity error on the path key already used ("impress_document_path_key"). To fix this issue, we will lock the table the time to create the document, the next query will wait for the lock to be released.
2025-02-12 10:13:41 +01:00
from django.db import connection, transaction
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
from django.db import models as db
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
from django.db.models.expressions import RawSQL
✨(backend) list only the first visible parent document for a user Now that we have a tree structure, we should only include parents of a visible subtree in list results.
2024-12-17 07:35:09 +01:00
from django.db.models.functions import Left, Length
✨(back) create a cors proxy fetching docs external resources When exporting a document in PDF and if the doc contains external resources, we want to fetch them using a proxy bypassing CORS restrictions. To ensure this endpoint is not used for something else than fetching urls contains in the doc, we use access control and check if the url really exists in the document.
2025-03-10 10:11:38 +01:00
from django.http import Http404, StreamingHttpResponse
♻️(back) return the media-check url on the attachment_upload response We want to have the media-check url returned on the attachment-upload response instead of the media url directly. The front will know the endpoint to use to check the media status.
2025-05-21 15:09:40 +02:00
from django.urls import reverse
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
from django.utils.text import capfirst, slugify
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
from django.utils.translation import gettext_lazy as _
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
✨(back) create a cors proxy fetching docs external resources When exporting a document in PDF and if the doc contains external resources, we want to fetch them using a proxy bypassing CORS restrictions. To ensure this endpoint is not used for something else than fetching urls contains in the doc, we use access control and check if the url really exists in the document.
2025-03-10 10:11:38 +01:00
import requests
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
import rest_framework as drf
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
from botocore.exceptions import ClientError
➕(back) install and configure django csp (#1085) We want to protect all requests from django with content security policy header. We use the djang-csp library and configure it with default values. Fixes #1000
2025-06-30 10:42:48 +02:00
from csp.constants import NONE
from csp.decorators import csp_update
✨(backend) manage uploaded file status and call to malware detection In the attachment_upload method, the status in the file metadata to processing and the malware_detection backend is called. We check in the media_auth if the status is ready in order to accept the request.
2025-05-05 16:01:12 +02:00
from lasuite.malware_detection import malware_detection
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
from rest_framework import filters, status, viewsets
✨(backend) add server-to-server API endpoint to create documents We want trusted external applications to be able to create documents via the API on behalf of any user. The user may or may not pre-exist in our database and should be notified of the document creation by email.
2024-12-01 11:25:01 +01:00
from rest_framework import response as drf_response
✨(backend) add public endpoint /api/v1.0/config/ Add public endpoint /api/v1.0/config/ to share some public configuration values.
2024-11-15 09:29:07 +01:00
from rest_framework.permissions import AllowAny
🔒️(back) throttle user list endpoint The user list endpoint is throttle to avoid users discovery. The throttle is set to 500 requests per day. This can be changed using the settings API_USERS_LIST_THROTTLE_RATE.
2025-03-21 10:39:11 +01:00
from rest_framework.throttling import UserRateThrottle
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
✨(backend) add server-to-server API endpoint to create documents We want trusted external applications to be able to create documents via the API on behalf of any user. The user may or may not pre-exist in our database and should be notified of the document creation by email.
2024-12-01 11:25:01 +01:00
from core import authentication, enums, models
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
from core.services.ai_services import AIService
✨(backend) notify collaboration server When an access is updated or removed, the collaboration server is notified to reset the access connection; by being disconnected, the accesses will automatically reconnect by passing by the ngnix subrequest, and so get the good rights. We do the same system when the document link is updated, except here we reset every access connection.
2024-11-28 16:35:48 +01:00
from core.services.collaboration_services import CollaborationService
✨(backend) send email to admins when user ask for access When a user requests access to a document, an email is sent to the admins and owners of the document.
2025-06-20 15:24:46 +02:00
from core.tasks.mail import send_ask_for_access_mail
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
from core.utils import extract_attachments, filter_descendants
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
from . import permissions, serializers, utils
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
from .filters import DocumentFilter, ListDocumentFilter
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
logger = logging.getLogger(__name__)
♻️(backend) refactor post hackathon to a first working version This project was copied and hacked to make a POC in a 2-day hackathon. We need to clean and refactor things in order to get a first version of the product we want.
2024-02-09 19:32:12 +01:00
# pylint: disable=too-many-ancestors
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
class NestedGenericViewSet(viewsets.GenericViewSet):
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
"""
A generic Viewset aims to be used in a nested route context.
e.g: `/api/v1.0/resource_1/<resource_1_pk>/resource_2/<resource_2_pk>/`
It allows to define all url kwargs and lookup fields to perform the lookup.
"""
lookup_fields: list[str] = ["pk"]
lookup_url_kwargs: list[str] = []
def __getattribute__(self, item):
"""
This method is overridden to allow to get the last lookup field or lookup url kwarg
when accessing the `lookup_field` or `lookup_url_kwarg` attribute. This is useful
to keep compatibility with all methods used by the parent class `GenericViewSet`.
"""
if item in ["lookup_field", "lookup_url_kwarg"]:
return getattr(self, item + "s", [None])[-1]
return super().__getattribute__(item)
def get_queryset(self):
"""
Get the list of items for this view.
`lookup_fields` attribute is enumerated here to perform the nested lookup.
"""
queryset = super().get_queryset()
# The last lookup field is removed to perform the nested lookup as it corresponds
# to the object pk, it is used within get_object method.
lookup_url_kwargs = (
self.lookup_url_kwargs[:-1]
if self.lookup_url_kwargs
else self.lookup_fields[:-1]
)
filter_kwargs = {}
for index, lookup_url_kwarg in enumerate(lookup_url_kwargs):
if lookup_url_kwarg not in self.kwargs:
raise KeyError(
f"Expected view {self.__class__.__name__} to be called with a URL "
f'keyword argument named "{lookup_url_kwarg}". Fix your URL conf, or '
"set the `.lookup_fields` attribute on the view correctly."
)
filter_kwargs.update(
{self.lookup_fields[index]: self.kwargs[lookup_url_kwarg]}
)
return queryset.filter(**filter_kwargs)
class SerializerPerActionMixin:
"""
A mixin to allow to define serializer classes for each action.
This mixin is useful to avoid to define a serializer class for each action in the
`get_serializer_class` method.
♻️(backend) generalize use of SerializerPerActionMixin in viewsets We improve the serializer and generalize its use for clarity.
2025-01-17 19:50:03 +01:00
Example:
```
class MyViewSet(SerializerPerActionMixin, viewsets.GenericViewSet):
serializer_class = MySerializer
list_serializer_class = MyListSerializer
retrieve_serializer_class = MyRetrieveSerializer
```
"""
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
def get_serializer_class(self):
"""
Return the serializer class to use depending on the action.
"""
♻️(backend) generalize use of SerializerPerActionMixin in viewsets We improve the serializer and generalize its use for clarity.
2025-01-17 19:50:03 +01:00
if serializer_class := getattr(self, f"{self.action}_serializer_class", None):
return serializer_class
return super().get_serializer_class()
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
class Pagination(drf.pagination.PageNumberPagination):
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
"""Pagination to display no more than 100 objects per page sorted by creation date."""
ordering = "-created_on"
🔧(backend) bump maximum page size to 200 The new UI with infinite scroll calls for longer pages which we are able to produce thanks to the many optimizations on the list view.
2025-01-17 17:15:17 +01:00
max_page_size = 200
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
page_size_query_param = "page_size"
🔒️(back) throttle user list endpoint The user list endpoint is throttle to avoid users discovery. The throttle is set to 500 requests per day. This can be changed using the settings API_USERS_LIST_THROTTLE_RATE.
2025-03-21 10:39:11 +01:00
class UserListThrottleBurst(UserRateThrottle):
"""Throttle for the user list endpoint."""
scope = "user_list_burst"
class UserListThrottleSustained(UserRateThrottle):
"""Throttle for the user list endpoint."""
scope = "user_list_sustained"
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
class UserViewSet(
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
drf.mixins.UpdateModelMixin, viewsets.GenericViewSet, drf.mixins.ListModelMixin
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
):
"""User ViewSet"""
permission_classes = [permissions.IsSelf]
🐛(backend) stop returning inactive users on the list endpoint inactive users should not be returned as we don't want users to be able to share new documents with them.
2025-02-13 00:00:13 +01:00
queryset = models.User.objects.filter(is_active=True)
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
serializer_class = serializers.UserSerializer
🔒️(back) remove pagination and limit to 5 for user list endpoint The user list endpoint does not use anymore a pagination, the results is directly return in a list and the max results returned is limited to 5. In order to modify this limit the settings API_USERS_LIST_LIMIT is used.
2025-03-21 09:55:19 +01:00
pagination_class = None
🔒️(back) throttle user list endpoint The user list endpoint is throttle to avoid users discovery. The throttle is set to 500 requests per day. This can be changed using the settings API_USERS_LIST_THROTTLE_RATE.
2025-03-21 10:39:11 +01:00
throttle_classes = []
def get_throttles(self):
self.throttle_classes = []
if self.action == "list":
self.throttle_classes = [UserListThrottleBurst, UserListThrottleSustained]
return super().get_throttles()
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
✨(backend) search users We need to search users by their email. For that we will use the trigram similarity algorithm provided by PostgreSQL. To use it we have to activate the pg_trgm extension in postgres db. To query the email we will use the query param `q`. We have another query param `document_id`, it is necessary to exclude the users that have already access to the document.
2024-05-29 14:48:12 +02:00
def get_queryset(self):
"""
Limit listed users by querying the email field with a trigram similarity
search if a query is provided.
Limit listed users by excluding users already in the document if a document_id
is provided.
"""
queryset = self.queryset
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
if self.action != "list":
return queryset
✨(backend) search users We need to search users by their email. For that we will use the trigram similarity algorithm provided by PostgreSQL. To use it we have to activate the pg_trgm extension in postgres db. To query the email we will use the query param `q`. We have another query param `document_id`, it is necessary to exclude the users that have already access to the document.
2024-05-29 14:48:12 +02:00
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
# Exclude all users already in the given document
🔒️(back) remove pagination and limit to 5 for user list endpoint The user list endpoint does not use anymore a pagination, the results is directly return in a list and the max results returned is limited to 5. In order to modify this limit the settings API_USERS_LIST_LIMIT is used.
2025-03-21 09:55:19 +01:00
if document_id := self.request.query_params.get("document_id", ""):
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
queryset = queryset.exclude(documentaccess__document_id=document_id)
✨(backend) search users We need to search users by their email. For that we will use the trigram similarity algorithm provided by PostgreSQL. To use it we have to activate the pg_trgm extension in postgres db. To query the email we will use the query param `q`. We have another query param `document_id`, it is necessary to exclude the users that have already access to the document.
2024-05-29 14:48:12 +02:00
🔒️(back) remove pagination and limit to 5 for user list endpoint The user list endpoint does not use anymore a pagination, the results is directly return in a list and the max results returned is limited to 5. In order to modify this limit the settings API_USERS_LIST_LIMIT is used.
2025-03-21 09:55:19 +01:00
if not (query := self.request.query_params.get("q", "")) or len(query) < 5:
🔒️(backend) require at least 5 characters to search for users Listing users is made a little to easy for authenticated users.
2025-02-12 23:48:01 +01:00
return queryset.none()
🚸(backend) improve users similarity search and sort results In some edge cases, the domain part the email addresse is longer than the name part. Users searches by email similarity then return a lot of unsorted results. We can improve this by being more demanding on similarity when the query looks like an email. Sorting results by the similarity score is also an obvious improvement. At the moment, we still think it is good to propose results with a weak similarity on the name part because we want to avoid as much as possible creating duplicate users by inviting one of is many emails, a user who is already in our database. Fixes 399
2024-11-06 08:09:05 +01:00
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
# For emails, match emails by Levenstein distance to prevent typing errors
if "@" in query:
return (
queryset.annotate(
distance=RawSQL("levenshtein(email::text, %s::text)", (query,))
🚸(backend) improve users similarity search and sort results In some edge cases, the domain part the email addresse is longer than the name part. Users searches by email similarity then return a lot of unsorted results. We can improve this by being more demanding on similarity when the query looks like an email. Sorting results by the similarity score is also an obvious improvement. At the moment, we still think it is good to propose results with a weak similarity on the name part because we want to avoid as much as possible creating duplicate users by inviting one of is many emails, a user who is already in our database. Fixes 399
2024-11-06 08:09:05 +01:00
)
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
.filter(distance__lte=3)
🔒️(back) remove pagination and limit to 5 for user list endpoint The user list endpoint does not use anymore a pagination, the results is directly return in a list and the max results returned is limited to 5. In order to modify this limit the settings API_USERS_LIST_LIMIT is used.
2025-03-21 09:55:19 +01:00
.order_by("distance", "email")[: settings.API_USERS_LIST_LIMIT]
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
)
🚸(backend) improve users similarity search and sort results In some edge cases, the domain part the email addresse is longer than the name part. Users searches by email similarity then return a lot of unsorted results. We can improve this by being more demanding on similarity when the query looks like an email. Sorting results by the similarity score is also an obvious improvement. At the moment, we still think it is good to propose results with a weak similarity on the name part because we want to avoid as much as possible creating duplicate users by inviting one of is many emails, a user who is already in our database. Fixes 399
2024-11-06 08:09:05 +01:00
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
# Use trigram similarity for non-email-like queries
# For performance reasons we filter first by similarity, which relies on an
# index, then only calculate precise similarity scores for sorting purposes
return (
queryset.filter(email__trigram_word_similar=query)
.annotate(similarity=TrigramSimilarity("email", query))
.filter(similarity__gt=0.2)
🔒️(back) remove pagination and limit to 5 for user list endpoint The user list endpoint does not use anymore a pagination, the results is directly return in a list and the max results returned is limited to 5. In order to modify this limit the settings API_USERS_LIST_LIMIT is used.
2025-03-21 09:55:19 +01:00
.order_by("-similarity", "email")[: settings.API_USERS_LIST_LIMIT]
🚸(backend) on user search match emails by Levenstein distance When the query looks like an email (includes @) we search by Levenstein distance because we are just trying to prevent typing errors, not searching anymore. It is important to still propose results with a short Levenstein distance because it is frequent to forget a double letter in someone's name for example "Pacoud" or even "pacou" instead of "Paccoud" and we want to prevent duplicates or failing on invitation. We consider the query string to be an email as soon as it contains a "@" character. Trying harder to identify a string that is really an email would lead to weird behaviors like toto@example.gouv looking like and email but if we continue typing toto@example.gouv.f not looking like an email... before toto@example.gouv.fr finally looking like an email. The result would be jumping from one type of search to the other. As soon as there is a "@" in the query, we can be sure that the user is not looking for a name anymore and we can switch to matching by Levenstein distance.
2025-01-25 10:51:30 +01:00
)
✨(backend) search users We need to search users by their email. For that we will use the trigram similarity algorithm provided by PostgreSQL. To use it we have to activate the pg_trgm extension in postgres db. To query the email we will use the query param `q`. We have another query param `document_id`, it is necessary to exclude the users that have already access to the document.
2024-05-29 14:48:12 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
detail=False,
methods=["get"],
url_name="me",
url_path="me",
permission_classes=[permissions.IsAuthenticated],
)
def get_me(self, request):
"""
Return information on currently logged user
"""
context = {"request": request}
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
self.serializer_class(request.user, context=context).data
)
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
class ResourceAccessViewsetMixin:
"""Mixin with methods common to all access viewsets."""
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
♻️(backend) refactor resource access viewset The document viewset was overriding the get_queryset method from its own mixin. This was a sign that the mixin was not optimal anymore. In the next commit I will need to complexify it further so it's time to refactor the mixin.
2025-04-12 09:11:33 +02:00
def filter_queryset(self, queryset):
"""Override to filter on related resource."""
queryset = super().filter_queryset(queryset)
return queryset.filter(**{self.resource_field_name: self.kwargs["resource_id"]})
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
def get_serializer_context(self):
"""Extra context provided to the serializer class."""
context = super().get_serializer_context()
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
context["resource_id"] = self.kwargs["resource_id"]
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
return context
def destroy(self, request, *args, **kwargs):
"""Forbid deleting the last owner access"""
instance = self.get_object()
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
resource = getattr(instance, self.resource_field_name)
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
# Check if the access being deleted is the last owner access for the resource
♻️(backend) refactor post hackathon to a first working version This project was copied and hacked to make a POC in a 2-day hackathon. We need to clean and refactor things in order to get a first version of the product we want.
2024-02-09 19:32:12 +01:00
if (
instance.role == "owner"
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
and resource.accesses.filter(role="owner").count() == 1
♻️(backend) refactor post hackathon to a first working version This project was copied and hacked to make a POC in a 2-day hackathon. We need to clean and refactor things in order to get a first version of the product we want.
2024-02-09 19:32:12 +01:00
):
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
{"detail": "Cannot delete the last owner access for the resource."},
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
status=drf.status.HTTP_403_FORBIDDEN,
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
)
return super().destroy(request, *args, **kwargs)
def perform_update(self, serializer):
"""Check that we don't change the role if it leads to losing the last owner."""
instance = serializer.instance
# Check if the role is being updated and the new role is not "owner"
if (
"role" in self.request.data
and self.request.data["role"] != models.RoleChoices.OWNER
):
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
resource = getattr(instance, self.resource_field_name)
# Check if the access being updated is the last owner access for the resource
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
if (
instance.role == models.RoleChoices.OWNER
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
and resource.accesses.filter(role=models.RoleChoices.OWNER).count() == 1
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
):
message = "Cannot change the role to a non-owner role for the last owner access."
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
raise drf.exceptions.PermissionDenied({"detail": message})
✨(project) first proof of concept printing pdf from markdown This is a boilerplate inspired from https://github.com/openfun/joanie
2024-01-09 15:30:36 +01:00
serializer.save()
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
class DocumentMetadata(drf.metadata.SimpleMetadata):
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
"""Custom metadata class to add information"""
def determine_metadata(self, request, view):
"""Add language choices only for the list endpoint."""
simple_metadata = super().determine_metadata(request, view)
if request.path.endswith("/documents/"):
simple_metadata["actions"]["POST"]["language"] = {
"choices": [
{"value": code, "display_name": name}
for code, name in enums.ALL_LANGUAGES.items()
]
}
return simple_metadata
✨(backend) add API endpoint to move a document in the document tree Only administrators or owners of a document can move it to a target document for which they are also administrator or owner. We allow different moving modes: - first-child: move the document as the first child of the target - last-child: move the document as the last child of the target - first-sibling: move the document as the first sibling of the target - last-sibling: move the document as the last sibling of the target - left: move the document as sibling ordered just before the target - right: move the document as sibling ordered just after the target The whole subtree below the document that is being moved, moves as well and remains below the document after it is moved.
2025-01-02 23:15:03 +01:00
# pylint: disable=too-many-public-methods
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
class DocumentViewSet(
♻️(backend) generalize use of SerializerPerActionMixin in viewsets We improve the serializer and generalize its use for clarity.
2025-01-17 19:50:03 +01:00
SerializerPerActionMixin,
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
drf.mixins.CreateModelMixin,
drf.mixins.DestroyModelMixin,
drf.mixins.UpdateModelMixin,
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
viewsets.GenericViewSet,
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
):
✨(backend) add creator field on document and allow filtering on it We want to be able to limit the documents displayed on a logged-in user's list view by the documents they created or by the documents that other users created. This is different from having the "owner" role on a document because this can be acquired and even lost. What we want here is to be able to identify documents by the user who created them so we add a new field.
2024-11-12 16:28:34 +01:00
"""
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
DocumentViewSet API.
This view set provides CRUD operations and additional actions for managing documents.
Supports filtering, ordering, and annotations for enhanced querying capabilities.
### API Endpoints:
1. **List**: Retrieve a paginated list of documents.
Example: GET /documents/?page=2
2. **Retrieve**: Get a specific document by its ID.
Example: GET /documents/{id}/
3. **Create**: Create a new document.
Example: POST /documents/
4. **Update**: Update a document by its ID.
Example: PUT /documents/{id}/
5. **Delete**: Soft delete a document by its ID.
Example: DELETE /documents/{id}/
### Additional Actions:
1. **Trashbin**: List soft deleted documents for a document owner
Example: GET /documents/{id}/trashbin/
2. **Children**: List or create child documents.
Example: GET, POST /documents/{id}/children/
3. **Versions List**: Retrieve version history of a document.
Example: GET /documents/{id}/versions/
4. **Version Detail**: Get or delete a specific document version.
Example: GET, DELETE /documents/{id}/versions/{version_id}/
5. **Favorite**: Get list of favorite documents for a user. Mark or unmark
a document as favorite.
Examples:
- GET /documents/favorite/
- POST, DELETE /documents/{id}/favorite/
6. **Create for Owner**: Create a document via server-to-server on behalf of a user.
Example: POST /documents/create-for-owner/
7. **Link Configuration**: Update document link configuration.
Example: PUT /documents/{id}/link-configuration/
8. **Attachment Upload**: Upload a file attachment for the document.
Example: POST /documents/{id}/attachment-upload/
9. **Media Auth**: Authorize access to document media.
Example: GET /documents/media-auth/
🔥(back) remove collaboration-auth endpoint We don't need anymore the collaboration-auth endpoint. Every code related to it is removed.
2025-03-25 15:04:47 +01:00
10. **AI Transform**: Apply a transformation action on a piece of text with AI.
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
Example: POST /documents/{id}/ai-transform/
Expected data:
- text (str): The input text.
- action (str): The transformation type, one of [prompt, correct, rephrase, summarize].
Returns: JSON response with the processed text.
Throttled by: AIDocumentRateThrottle, AIUserRateThrottle.
🔥(back) remove collaboration-auth endpoint We don't need anymore the collaboration-auth endpoint. Every code related to it is removed.
2025-03-25 15:04:47 +01:00
11. **AI Translate**: Translate a piece of text with AI.
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
Example: POST /documents/{id}/ai-translate/
Expected data:
- text (str): The input text.
- language (str): The target language, chosen from settings.LANGUAGES.
Returns: JSON response with the translated text.
Throttled by: AIDocumentRateThrottle, AIUserRateThrottle.
### Ordering: created_at, updated_at, is_favorite, title
Example:
- Ascending: GET /api/v1.0/documents/?ordering=created_at
✏️(project) fix typo Fix and improve typos in the codebase.
2025-05-26 10:27:17 +02:00
- Descending: GET /api/v1.0/documents/?ordering=-title
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
### Filtering:
✨(backend) add creator field on document and allow filtering on it We want to be able to limit the documents displayed on a logged-in user's list view by the documents they created or by the documents that other users created. This is different from having the "owner" role on a document because this can be acquired and even lost. What we want here is to be able to identify documents by the user who created them so we add a new field.
2024-11-12 16:28:34 +01:00
- `is_creator_me=true`: Returns documents created by the current user.
- `is_creator_me=false`: Returns documents created by other users.
✨(backend) allow filtering by documents marked as favorite We recently allowed authenticated users to mark a document as favorite. We were lacking the possibility for users to see only the documents they marked as favorite.
2024-11-13 08:58:12 +01:00
- `is_favorite=true`: Returns documents marked as favorite by the current user
- `is_favorite=false`: Returns documents not marked as favorite by the current user
✨(backend) allow filtering on document titles This is the minimal and fast search feature, while we are working on a full text search based on opensearch. For the moment we only search on the title of the document.
2024-11-15 09:42:27 +01:00
- `title=hello`: Returns documents which title contains the "hello" string
✨(backend) add creator field on document and allow filtering on it We want to be able to limit the documents displayed on a logged-in user's list view by the documents they created or by the documents that other users created. This is different from having the "owner" role on a document because this can be acquired and even lost. What we want here is to be able to identify documents by the user who created them so we add a new field.
2024-11-12 16:28:34 +01:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
Example:
✨(backend) allow filtering by documents marked as favorite We recently allowed authenticated users to mark a document as favorite. We were lacking the possibility for users to see only the documents they marked as favorite.
2024-11-13 08:58:12 +01:00
- GET /api/v1.0/documents/?is_creator_me=true&is_favorite=true
✨(backend) allow filtering on document titles This is the minimal and fast search feature, while we are working on a full text search based on opensearch. For the moment we only search on the title of the document.
2024-11-15 09:42:27 +01:00
- GET /api/v1.0/documents/?is_creator_me=false&title=hello
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
### Annotations:
1. **is_favorite**: Indicates whether the document is marked as favorite by the current user.
2. **user_roles**: Roles the current user has on the document or its ancestors.
### Notes:
- Only the highest ancestor in a document hierarchy is shown in list views.
- Implements soft delete logic to retain document tree structures.
✨(backend) add creator field on document and allow filtering on it We want to be able to limit the documents displayed on a logged-in user's list view by the documents they created or by the documents that other users created. This is different from having the "owner" role on a document because this can be acquired and even lost. What we want here is to be able to identify documents by the user who created them so we add a new field.
2024-11-12 16:28:34 +01:00
"""
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
⚡️(backend) optimize number of queries on document list view I realized most of the database queries made when getting a document list view were to include nested accesses. This detailed information about accesses in only necessary for the document detail view. I introduced a specific serializer for the document list view with less fields. For a list of 20 documents with 5 accesses, we go down from 3x5x20= 300 queries to just 3 queries.
2024-11-09 10:27:21 +01:00
metadata_class = DocumentMetadata
ordering = ["-updated_at"]
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
ordering_fields = ["created_at", "updated_at", "title"]
✨(backend) allow forcing page size within limits We want to be able to increase the page size with by passing the query string parameter "page_size".
2025-02-15 13:16:35 +01:00
pagination_class = Pagination
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
permission_classes = [
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
permissions.DocumentAccessPermission,
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
]
queryset = models.Document.objects.all()
⚡️(backend) optimize number of queries on document list view I realized most of the database queries made when getting a document list view were to include nested accesses. This detailed information about accesses in only necessary for the document detail view. I introduced a specific serializer for the document list view with less fields. For a list of 20 documents with 5 accesses, we go down from 3x5x20= 300 queries to just 3 queries.
2024-11-09 10:27:21 +01:00
serializer_class = serializers.DocumentSerializer
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
ai_translate_serializer_class = serializers.AITranslateSerializer
children_serializer_class = serializers.ListDocumentSerializer
✨(backend) add new "descendants" action to document API endpoint We want to be able to make a search query inside a hierchical document. It's elegant to do it as a document detail action so that we benefit from access control.
2025-02-17 10:25:07 +01:00
descendants_serializer_class = serializers.ListDocumentSerializer
♻️(backend) generalize use of SerializerPerActionMixin in viewsets We improve the serializer and generalize its use for clarity.
2025-01-17 19:50:03 +01:00
list_serializer_class = serializers.ListDocumentSerializer
trashbin_serializer_class = serializers.ListDocumentSerializer
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
tree_serializer_class = serializers.ListDocumentSerializer
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
def annotate_is_favorite(self, queryset):
"""
Annotate document queryset with the favorite status for the current user.
"""
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
user = self.request.user
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
if user.is_authenticated:
favorite_exists_subquery = models.DocumentFavorite.objects.filter(
document_id=db.OuterRef("pk"), user=user
✨(backend) retrieve & update a document taking into account ancestors A document should inherit the access rights a user has on any of its ancestors.
2024-12-17 07:47:23 +01:00
)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
return queryset.annotate(is_favorite=db.Exists(favorite_exists_subquery))
✨(backend) retrieve & update a document taking into account ancestors A document should inherit the access rights a user has on any of its ancestors.
2024-12-17 07:47:23 +01:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
return queryset.annotate(is_favorite=db.Value(False))
✨(backend) annotate number of accesses on documents The new UI will display the number of accesses on each document. /!\ Once team accesses will be used, this will not represent the number of people with access anymore and will have to be improved by computing the number of people in each team.
2024-11-09 18:33:48 +01:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
def annotate_user_roles(self, queryset):
"""
Annotate document queryset with the roles of the current user
on the document or its ancestors.
"""
user = self.request.user
output_field = ArrayField(base_field=db.CharField())
if user.is_authenticated:
user_roles_subquery = models.DocumentAccess.objects.filter(
db.Q(user=user) | db.Q(team__in=user.teams),
document__path=Left(db.OuterRef("path"), Length("document__path")),
).values_list("role", flat=True)
return queryset.annotate(
user_roles=db.Func(
user_roles_subquery, function="ARRAY", output_field=output_field
)
)
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
return queryset.annotate(
user_roles=db.Value([], output_field=output_field),
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
)
✨(backend) retrieve & update a document taking into account ancestors A document should inherit the access rights a user has on any of its ancestors.
2024-12-17 07:47:23 +01:00
def get_queryset(self):
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
"""Get queryset performing all annotation and filtering on the document tree structure."""
user = self.request.user
✨(backend) retrieve & update a document taking into account ancestors A document should inherit the access rights a user has on any of its ancestors.
2024-12-17 07:47:23 +01:00
queryset = super().get_queryset()
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
# Only list views need filtering and annotation
if self.detail:
return queryset
✨(backend) annotate number of accesses on documents The new UI will display the number of accesses on each document. /!\ Once team accesses will be used, this will not represent the number of people with access anymore and will have to be improved by computing the number of people in each team.
2024-11-09 18:33:48 +01:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
if not user.is_authenticated:
return queryset.none()
queryset = queryset.filter(ancestors_deleted_at__isnull=True)
# Filter documents to which the current user has access...
access_documents_ids = models.DocumentAccess.objects.filter(
db.Q(user=user) | db.Q(team__in=user.teams)
).values_list("document_id", flat=True)
# ...or that were previously accessed and are not restricted
traced_documents_ids = models.LinkTrace.objects.filter(user=user).values_list(
"document_id", flat=True
)
return queryset.filter(
db.Q(id__in=access_documents_ids)
| (
db.Q(id__in=traced_documents_ids)
& ~db.Q(link_reach=models.LinkReachChoices.RESTRICTED)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
)
def filter_queryset(self, queryset):
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
"""Override to apply annotations to generic views."""
queryset = super().filter_queryset(queryset)
queryset = self.annotate_is_favorite(queryset)
queryset = self.annotate_user_roles(queryset)
return queryset
def get_response_for_queryset(self, queryset):
"""Return paginated response for the queryset if requested."""
page = self.paginate_queryset(queryset)
if page is not None:
serializer = self.get_serializer(page, many=True)
return self.get_paginated_response(serializer.data)
serializer = self.get_serializer(queryset, many=True)
return drf.response.Response(serializer.data)
def list(self, request, *args, **kwargs):
"""
Returns a DRF response containing the filtered, annotated and ordered document list.
This method applies filtering based on request parameters using `ListDocumentFilter`.
It performs early filtering on model fields, annotates user roles, and removes
descendant documents to keep only the highest ancestors readable by the current user.
Additional annotations (e.g., `is_highest_ancestor_for_user`, favorite status) are
applied before ordering and returning the response.
"""
queryset = (
self.get_queryset()
) # Not calling filter_queryset. We do our own cooking.
filterset = ListDocumentFilter(
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
self.request.GET, queryset=queryset, request=self.request
)
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
if not filterset.is_valid():
raise drf.exceptions.ValidationError(filterset.errors)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
filter_data = filterset.form.cleaned_data
# Filter as early as possible on fields that are available on the model
for field in ["is_creator_me", "title"]:
queryset = filterset.filters[field].filter(queryset, filter_data[field])
✨(backend) list only the first visible parent document for a user Now that we have a tree structure, we should only include parents of a visible subtree in list results.
2024-12-17 07:35:09 +01:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
queryset = self.annotate_user_roles(queryset)
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
# Among the results, we may have documents that are ancestors/descendants
# of each other. In this case we want to keep only the highest ancestors.
root_paths = utils.filter_root_paths(
queryset.order_by("path").values_list("path", flat=True),
skip_sorting=True,
)
queryset = queryset.filter(path__in=root_paths)
✨(backend) list only the first visible parent document for a user Now that we have a tree structure, we should only include parents of a visible subtree in list results.
2024-12-17 07:35:09 +01:00
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
# Annotate the queryset with an attribute marking instances as highest ancestor
# in order to save some time while computing abilities on the instance
queryset = queryset.annotate(
is_highest_ancestor_for_user=db.Value(True, output_field=db.BooleanField())
)
✨(backend) list only the first visible parent document for a user Now that we have a tree structure, we should only include parents of a visible subtree in list results.
2024-12-17 07:35:09 +01:00
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
# Annotate favorite status and filter if applicable as late as possible
queryset = self.annotate_is_favorite(queryset)
queryset = filterset.filters["is_favorite"].filter(
queryset, filter_data["is_favorite"]
)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
✏️(project) automatic typo correction Fix typos in the project.
2025-05-13 16:00:12 +02:00
# Apply ordering only now that everything is filtered and annotated
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
queryset = filters.OrderingFilter().filter_queryset(
self.request, queryset, self
)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
return self.get_response_for_queryset(queryset)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
def retrieve(self, request, *args, **kwargs):
"""
Add a trace that the document was accessed by a user. This is used to list documents
on a user's list view even though the user has no specific role in the document (link
access when the link reach configuration of the document allows it).
"""
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
user = self.request.user
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
instance = self.get_object()
serializer = self.get_serializer(instance)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
# The `create` query generates 5 db queries which are much less efficient than an
# `exists` query. The user will visit the document many times after the first visit
# so that's what we should optimize for.
if (
user.is_authenticated
and not instance.link_traces.filter(user=user).exists()
):
models.LinkTrace.objects.create(document=instance, user=request.user)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(serializer.data)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
🗃️(backend) make document/template creation atomic When creating a new document/template via the API, we add the logged-in user as owner of the created object. This should be done atomically with the object creation to make sure we don't end-up with an orphan object that the creator can't access anymore.
2025-01-27 21:20:16 +01:00
@transaction.atomic
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
def perform_create(self, serializer):
✨(backend) add creator field on document and allow filtering on it We want to be able to limit the documents displayed on a logged-in user's list view by the documents they created or by the documents that other users created. This is different from having the "owner" role on a document because this can be acquired and even lost. What we want here is to be able to identify documents by the user who created them so we add a new field.
2024-11-12 16:28:34 +01:00
"""Set the current user as creator and owner of the newly created object."""
🐛(backend) race condition create doc When 2 docs are created almost at the same time, the second one will fail because the first one. We get a unicity error on the path key already used ("impress_document_path_key"). To fix this issue, we will lock the table the time to create the document, the next query will wait for the lock to be released.
2025-02-12 10:13:41 +01:00
# locks the table to ensure safe concurrent access
with connection.cursor() as cursor:
cursor.execute(
f'LOCK TABLE "{models.Document._meta.db_table}" ' # noqa: SLF001
"IN SHARE ROW EXCLUSIVE MODE;"
)
✨(backend) add django-treebeard to allow tree structure on documents We choose to use Django-treebeard for its quality, performance and stability. Adding tree structure to documents is as simple as inheriting from the MP_Node class.
2024-12-16 16:58:14 +01:00
obj = models.Document.add_root(
creator=self.request.user,
**serializer.validated_data,
)
serializer.instance = obj
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
models.DocumentAccess.objects.create(
document=obj,
user=self.request.user,
role=models.RoleChoices.OWNER,
)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
def perform_destroy(self, instance):
"""Override to implement a soft delete instead of dumping the record in database."""
instance.soft_delete()
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
def _can_user_edit_document(self, document_id, set_cache=False):
"""Check if the user can edit the document."""
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
try:
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
count, exists = CollaborationService().get_document_connection_info(
document_id,
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
self.request.session.session_key,
)
except requests.HTTPError as e:
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
logger.exception("Failed to call collaboration server: %s", e)
count = 0
exists = False
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
if count == 0:
# Nobody is connected to the websocket server
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
logger.debug("update without connection found in the websocket server")
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
cache_key = f"docs:no-websocket:{document_id}"
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
current_editor = cache.get(cache_key)
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
if not current_editor:
if set_cache:
cache.set(
cache_key,
self.request.session.session_key,
settings.NO_WEBSOCKET_CACHE_TIMEOUT,
)
return True
if current_editor != self.request.session.session_key:
return False
if set_cache:
cache.touch(cache_key, settings.NO_WEBSOCKET_CACHE_TIMEOUT)
return True
if exists:
# Current user is connected to the websocket server
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
logger.debug("session key found in the websocket server")
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
return True
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
logger.debug(
"Users connected to the websocket but current editor not connected to it. Can not edit."
)
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
return False
def perform_update(self, serializer):
"""Check rules about collaboration."""
🚩(back) use existing no websocket feature flag An already existing feature flag COLLABORATION_WS_NOT_CONNECTED_READY_ONLY was used bu the frontend application to disable or not the edition for a user not connected to the websocket. We want to reuse it in the backend application to disable or not the no websocket feature.
2025-07-04 10:56:24 +02:00
if (
serializer.validated_data.get("websocket", False)
or not settings.COLLABORATION_WS_NOT_CONNECTED_READY_ONLY
):
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
return super().perform_update(serializer)
if self._can_user_edit_document(serializer.instance.id, set_cache=True):
return super().perform_update(serializer)
✨(back) check on document update if user can save it When a document is updated, users not connected to the collaboration server can override work made by other people connected to the collaboration server. To avoid this, the priority is given to user connected to the collaboration server. If the websocket property in the request payload is missing or set to False, the backend fetch the collaboration server to now if the user can save or not. If users are already connected, the user can't save. Also, only one user without websocket can save a connect, the first user saving acquire a lock and all other users can't save. To implement this behavior, we need to track all users, connected and not, so a session is created for every user in the ForceSessionMiddleware.
2025-06-25 17:30:33 +02:00
raise drf.exceptions.PermissionDenied(
"You are not allowed to edit this document."
)
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
@drf.decorators.action(
detail=True,
methods=["get"],
url_path="can-edit",
)
def can_edit(self, request, *args, **kwargs):
"""Check if the current user can edit the document."""
document = self.get_object()
🚩(back) use existing no websocket feature flag An already existing feature flag COLLABORATION_WS_NOT_CONNECTED_READY_ONLY was used bu the frontend application to disable or not the edition for a user not connected to the websocket. We want to reuse it in the backend application to disable or not the no websocket feature.
2025-07-04 10:56:24 +02:00
can_edit = (
True
if not settings.COLLABORATION_WS_NOT_CONNECTED_READY_ONLY
else self._can_user_edit_document(document.id)
✨(back) new endpoint document can_edit The endpoint can_edit is added to the DocumentViewset, it will give the information to the frontend application id the current user can edit the Docs based on the no-websocket rules.
2025-06-26 07:17:00 +02:00
)
🚩(back) use existing no websocket feature flag An already existing feature flag COLLABORATION_WS_NOT_CONNECTED_READY_ONLY was used bu the frontend application to disable or not the edition for a user not connected to the websocket. We want to reuse it in the backend application to disable or not the no websocket feature.
2025-07-04 10:56:24 +02:00
return drf.response.Response({"can_edit": can_edit})
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
@drf.decorators.action(
detail=False,
methods=["get"],
🔒️(back) restrict access to favorite_list endpoint favorite_list endpoint is accessible to anonymous user. This lead to an error 500. This endpoint should be accessible only to authenticated users.
2025-03-06 15:21:49 +01:00
permission_classes=[permissions.IsAuthenticated],
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
)
def favorite_list(self, request, *args, **kwargs):
"""Get list of favorite documents for the current user."""
user = request.user
favorite_documents_ids = models.DocumentFavorite.objects.filter(
user=user
).values_list("document_id", flat=True)
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
queryset = self.filter_queryset(self.get_queryset())
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
queryset = queryset.filter(id__in=favorite_documents_ids)
return self.get_response_for_queryset(queryset)
@drf.decorators.action(
detail=False,
methods=["get"],
)
def trashbin(self, request, *args, **kwargs):
"""
Retrieve soft-deleted documents for which the current user has the owner role.
The selected documents are those deleted within the cutoff period defined in the
settings (see TRASHBIN_CUTOFF_DAYS), before they are considered permanently deleted.
"""
queryset = self.queryset.filter(
deleted_at__isnull=False,
deleted_at__gte=models.get_trashbin_cutoff(),
)
queryset = self.annotate_user_roles(queryset)
queryset = queryset.filter(user_roles__contains=[models.RoleChoices.OWNER])
return self.get_response_for_queryset(queryset)
✨(backend) add server-to-server API endpoint to create documents We want trusted external applications to be able to create documents via the API on behalf of any user. The user may or may not pre-exist in our database and should be notified of the document creation by email.
2024-12-01 11:25:01 +01:00
@drf.decorators.action(
authentication_classes=[authentication.ServerToServerAuthentication],
detail=False,
methods=["post"],
permission_classes=[],
url_path="create-for-owner",
)
🐛(backend) race condition create doc When 2 docs are created almost at the same time, the second one will fail because the first one. We get a unicity error on the path key already used ("impress_document_path_key"). To fix this issue, we will lock the table the time to create the document, the next query will wait for the lock to be released.
2025-02-12 10:13:41 +01:00
@transaction.atomic
✨(backend) add server-to-server API endpoint to create documents We want trusted external applications to be able to create documents via the API on behalf of any user. The user may or may not pre-exist in our database and should be notified of the document creation by email.
2024-12-01 11:25:01 +01:00
def create_for_owner(self, request):
"""
Create a document on behalf of a specified owner (pre-existing user or invited).
"""
🐛(backend) race condition create doc When 2 docs are created almost at the same time, the second one will fail because the first one. We get a unicity error on the path key already used ("impress_document_path_key"). To fix this issue, we will lock the table the time to create the document, the next query will wait for the lock to be released.
2025-02-12 10:13:41 +01:00
# locks the table to ensure safe concurrent access
with connection.cursor() as cursor:
cursor.execute(
f'LOCK TABLE "{models.Document._meta.db_table}" ' # noqa: SLF001
"IN SHARE ROW EXCLUSIVE MODE;"
)
✨(backend) add server-to-server API endpoint to create documents We want trusted external applications to be able to create documents via the API on behalf of any user. The user may or may not pre-exist in our database and should be notified of the document creation by email.
2024-12-01 11:25:01 +01:00
# Deserialize and validate the data
serializer = serializers.ServerCreateDocumentSerializer(data=request.data)
if not serializer.is_valid():
return drf_response.Response(
serializer.errors, status=status.HTTP_400_BAD_REQUEST
)
document = serializer.save()
return drf_response.Response(
{"id": str(document.id)}, status=status.HTTP_201_CREATED
)
✨(backend) add API endpoint to move a document in the document tree Only administrators or owners of a document can move it to a target document for which they are also administrator or owner. We allow different moving modes: - first-child: move the document as the first child of the target - last-child: move the document as the last child of the target - first-sibling: move the document as the first sibling of the target - last-sibling: move the document as the last sibling of the target - left: move the document as sibling ordered just before the target - right: move the document as sibling ordered just after the target The whole subtree below the document that is being moved, moves as well and remains below the document after it is moved.
2025-01-02 23:15:03 +01:00
@drf.decorators.action(detail=True, methods=["post"])
@transaction.atomic
def move(self, request, *args, **kwargs):
"""
Move a document to another location within the document tree.
The user must be an administrator or owner of both the document being moved
and the target parent document.
"""
user = request.user
document = self.get_object() # including permission checks
# Validate the input payload
serializer = serializers.MoveDocumentSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
validated_data = serializer.validated_data
target_document_id = validated_data["target_document_id"]
try:
target_document = models.Document.objects.get(
id=target_document_id, ancestors_deleted_at__isnull=True
)
except models.Document.DoesNotExist:
return drf.response.Response(
{"target_document_id": "Target parent document does not exist."},
status=status.HTTP_400_BAD_REQUEST,
)
position = validated_data["position"]
message = None
if position in [
enums.MoveNodePositionChoices.FIRST_CHILD,
enums.MoveNodePositionChoices.LAST_CHILD,
]:
if not target_document.get_abilities(user).get("move"):
message = (
"You do not have permission to move documents "
"as a child to this target document."
)
elif not target_document.is_root():
if not target_document.get_parent().get_abilities(user).get("move"):
message = (
"You do not have permission to move documents "
"as a sibling of this target document."
)
if message:
return drf.response.Response(
{"target_document_id": message},
status=status.HTTP_400_BAD_REQUEST,
)
document.move(target_document, pos=position)
return drf.response.Response(
{"message": "Document moved successfully."}, status=status.HTTP_200_OK
)
✨(backend) add API endpoint action to restore a soft deleted document Only owners can see and restore deleted documents. They can only do it during the grace period before the document is considered hard deleted and hidden from everybody on the API.
2025-01-05 14:43:15 +01:00
@drf.decorators.action(
detail=True,
methods=["post"],
)
def restore(self, request, *args, **kwargs):
"""
Restore a soft-deleted document if it was deleted less than x days ago.
"""
document = self.get_object()
document.restore()
return drf_response.Response(
{"detail": "Document has been successfully restored."},
status=status.HTTP_200_OK,
)
✨(backend) add API endpoint to list a document's children This endpoint is nested under a document's detail endpoint.
2024-12-17 19:03:45 +01:00
@drf.decorators.action(
detail=True,
methods=["get", "post"],
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
ordering=["path"],
✨(backend) add API endpoint to list a document's children This endpoint is nested under a document's detail endpoint.
2024-12-17 19:03:45 +01:00
)
✨(backend) add API endpoint to create children for a document We add a POST method to the existing children endpoint.
2024-12-18 08:44:12 +01:00
def children(self, request, *args, **kwargs):
"""Handle listing and creating children of a document"""
✨(backend) add API endpoint to list a document's children This endpoint is nested under a document's detail endpoint.
2024-12-17 19:03:45 +01:00
document = self.get_object()
✨(backend) add API endpoint to create children for a document We add a POST method to the existing children endpoint.
2024-12-18 08:44:12 +01:00
if request.method == "POST":
# Create a child document
serializer = serializers.DocumentSerializer(
data=request.data, context=self.get_serializer_context()
)
serializer.is_valid(raise_exception=True)
with transaction.atomic():
🐛(backend) race condition create doc When 2 docs are created almost at the same time, the second one will fail because the first one. We get a unicity error on the path key already used ("impress_document_path_key"). To fix this issue, we will lock the table the time to create the document, the next query will wait for the lock to be released.
2025-02-12 10:13:41 +01:00
# "select_for_update" locks the table to ensure safe concurrent access
locked_parent = models.Document.objects.select_for_update().get(
pk=document.pk
)
child_document = locked_parent.add_child(
✨(backend) add API endpoint to create children for a document We add a POST method to the existing children endpoint.
2024-12-18 08:44:12 +01:00
creator=request.user,
**serializer.validated_data,
)
models.DocumentAccess.objects.create(
document=child_document,
user=request.user,
role=models.RoleChoices.OWNER,
)
# Set the created instance to the serializer
serializer.instance = child_document
headers = self.get_success_headers(serializer.data)
return drf.response.Response(
serializer.data, status=status.HTTP_201_CREATED, headers=headers
)
# GET: List children
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
queryset = document.get_children().filter(ancestors_deleted_at__isnull=True)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
queryset = self.filter_queryset(queryset)
♻️(backend) refactor list view to allow filtering other views the "filter_queryset" method is called in the middle of the "get_object" method. We use the "get_object" in actions like "children", "tree", etc. which start by calling "get_object" but return lists of documents. We would like to apply filters to these views but the it didn't work because the "get_object" method was also impacted by the filters... In a future PR, we should take control of the "get_object" method and decouple all this. We need a quick solution to allow releasing the hierchical documents feature in the frontend.
2025-02-17 10:19:06 +01:00
filterset = DocumentFilter(request.GET, queryset=queryset)
if not filterset.is_valid():
raise drf.exceptions.ValidationError(filterset.errors)
queryset = filterset.qs
return self.get_response_for_queryset(queryset)
@drf.decorators.action(
detail=True,
methods=["get"],
ordering=["path"],
)
def descendants(self, request, *args, **kwargs):
"""Handle listing descendants of a document"""
document = self.get_object()
queryset = document.get_descendants().filter(ancestors_deleted_at__isnull=True)
queryset = self.filter_queryset(queryset)
filterset = DocumentFilter(request.GET, queryset=queryset)
if not filterset.is_valid():
raise drf.exceptions.ValidationError(filterset.errors)
queryset = filterset.qs
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
return self.get_response_for_queryset(queryset)
✨(backend) add API endpoint to list a document's children This endpoint is nested under a document's detail endpoint.
2024-12-17 19:03:45 +01:00
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
@drf.decorators.action(
detail=True,
methods=["get"],
ordering=["path"],
)
def tree(self, request, pk, *args, **kwargs):
"""
List ancestors tree above the document.
What we need to display is the tree structure opened for the current document.
"""
try:
current_document = self.queryset.only("depth", "path").get(pk=pk)
except models.Document.DoesNotExist as excpt:
raise drf.exceptions.NotFound from excpt
ancestors = (
(current_document.get_ancestors() | self.queryset.filter(pk=pk))
.filter(ancestors_deleted_at__isnull=True)
.order_by("path")
)
# Get the highest readable ancestor
🐛(backend) compute ancestor_links in get_abilities if needed The refactor made in the tree view caching the ancestors_links to not compute them again in the document.get_abilities method lead to a bug. If the get_abilities method is called without ancestors_links, then they are computed on all the ancestors but not from the highest readable ancestor for the current user. We have to compute them with this constraint.
2025-03-24 10:46:40 +01:00
highest_readable = (
ancestors.readable_per_se(request.user).only("depth", "path").first()
)
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
if highest_readable is None:
raise (
drf.exceptions.PermissionDenied()
if request.user.is_authenticated
else drf.exceptions.NotAuthenticated()
)
✨(backend) add new "descendants" action to document API endpoint We want to be able to make a search query inside a hierchical document. It's elegant to do it as a document detail action so that we benefit from access control.
2025-02-17 10:25:07 +01:00
paths_links_mapping = {}
ancestors_links = []
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
children_clause = db.Q()
for ancestor in ancestors:
if ancestor.depth < highest_readable.depth:
continue
children_clause |= db.Q(
path__startswith=ancestor.path, depth=ancestor.depth + 1
)
✨(backend) add new "descendants" action to document API endpoint We want to be able to make a search query inside a hierchical document. It's elegant to do it as a document detail action so that we benefit from access control.
2025-02-17 10:25:07 +01:00
# Compute cache for ancestors links to avoid many queries while computing
✏️(project) automatic typo correction Fix typos in the project.
2025-05-13 16:00:12 +02:00
# abilities for his documents in the tree!
✨(backend) add new "descendants" action to document API endpoint We want to be able to make a search query inside a hierchical document. It's elegant to do it as a document detail action so that we benefit from access control.
2025-02-17 10:25:07 +01:00
ancestors_links.append(
{"link_reach": ancestor.link_reach, "link_role": ancestor.link_role}
)
paths_links_mapping[ancestor.path] = ancestors_links.copy()
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
children = self.queryset.filter(children_clause, deleted_at__isnull=True)
queryset = ancestors.filter(depth__gte=highest_readable.depth) | children
queryset = queryset.order_by("path")
🐛(backend) compute ancestor_links in get_abilities if needed The refactor made in the tree view caching the ancestors_links to not compute them again in the document.get_abilities method lead to a bug. If the get_abilities method is called without ancestors_links, then they are computed on all the ancestors but not from the highest readable ancestor for the current user. We have to compute them with this constraint.
2025-03-24 10:46:40 +01:00
# Annotate if the current document is the highest ancestor for the user
queryset = queryset.annotate(
is_highest_ancestor_for_user=db.Case(
db.When(
path=db.Value(highest_readable.path),
then=db.Value(True),
),
default=db.Value(False),
output_field=db.BooleanField(),
)
)
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
queryset = self.annotate_user_roles(queryset)
queryset = self.annotate_is_favorite(queryset)
# Pass ancestors' links definitions to the serializer as a context variable
# in order to allow saving time while computing abilities on the instance
serializer = self.get_serializer(
queryset,
many=True,
context={
"request": request,
✨(backend) add new "descendants" action to document API endpoint We want to be able to make a search query inside a hierchical document. It's elegant to do it as a document detail action so that we benefit from access control.
2025-02-17 10:25:07 +01:00
"paths_links_mapping": paths_links_mapping,
✨(backend) add "tree" action on document API endpoint We want to display the tree structure to which a document belongs on the left side panel of its detail view. For this, we need an endpoint to retrieve the list view of the document's ancestors opened. By opened, we mean that when display the document, we also need to display its siblings. When displaying the parent of the current document, we also need to display the siblings of the parent...
2025-02-16 17:26:51 +01:00
},
)
return drf.response.Response(
utils.nest_tree(serializer.data, self.queryset.model.steplen)
)
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
@drf.decorators.action(
detail=True,
methods=["post"],
permission_classes=[permissions.IsAuthenticated, permissions.AccessPermission],
url_path="duplicate",
)
@transaction.atomic
def duplicate(self, request, *args, **kwargs):
"""
Duplicate a document and store the links to attached files in the duplicated
document to allow cross-access.
Optionally duplicates accesses if `with_accesses` is set to true
in the payload.
"""
# Get document while checking permissions
document = self.get_object()
serializer = serializers.DocumentDuplicationSerializer(
data=request.data, partial=True
)
serializer.is_valid(raise_exception=True)
with_accesses = serializer.validated_data.get("with_accesses", False)
🛂(back) restrict duplicate with accesses to admin or owner Only admin or owner should be able to duplicate a document with existing accesses.
2025-07-02 14:13:15 +02:00
roles = set(document.get_roles(request.user))
is_owner_or_admin = bool(roles.intersection(set(models.PRIVILEGED_ROLES)))
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
base64_yjs_content = document.content
# Duplicate the document instance
link_kwargs = (
{"link_reach": document.link_reach, "link_role": document.link_role}
if with_accesses
else {}
)
extracted_attachments = set(extract_attachments(document.content))
attachments = list(extracted_attachments & set(document.attachments))
duplicated_document = document.add_sibling(
"right",
title=capfirst(_("copy of {title}").format(title=document.title)),
content=base64_yjs_content,
attachments=attachments,
duplicated_from=document,
creator=request.user,
**link_kwargs,
)
# Always add the logged-in user as OWNER
accesses_to_create = [
models.DocumentAccess(
document=duplicated_document,
user=request.user,
role=models.RoleChoices.OWNER,
)
]
# If accesses should be duplicated, add other users' accesses as per original document
🛂(back) restrict duplicate with accesses to admin or owner Only admin or owner should be able to duplicate a document with existing accesses.
2025-07-02 14:13:15 +02:00
if with_accesses and is_owner_or_admin:
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
original_accesses = models.DocumentAccess.objects.filter(
document=document
).exclude(user=request.user)
accesses_to_create.extend(
models.DocumentAccess(
document=duplicated_document,
user_id=access.user_id,
team=access.team,
role=access.role,
)
for access in original_accesses
)
# Bulk create all the duplicated accesses
models.DocumentAccess.objects.bulk_create(accesses_to_create)
return drf_response.Response(
{"id": str(duplicated_document.id)}, status=status.HTTP_201_CREATED
)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(detail=True, methods=["get"], url_path="versions")
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
def versions_list(self, request, *args, **kwargs):
"""
Return the document's versions but only those created after the user got access
to the document
"""
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
user = request.user
if not user.is_authenticated:
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
raise drf.exceptions.PermissionDenied("Authentication required.")
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
# Validate query parameters using dedicated serializer
serializer = serializers.VersionFilterSerializer(data=request.query_params)
serializer.is_valid(raise_exception=True)
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
document = self.get_object()
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
# Users should not see version history dating from before they gained access to the
# document. Filter to get the minimum access date for the logged-in user
✨(backend) retrieve & update a document taking into account ancestors A document should inherit the access rights a user has on any of its ancestors.
2024-12-17 07:47:23 +01:00
access_queryset = models.DocumentAccess.objects.filter(
db.Q(user=user) | db.Q(team__in=user.teams),
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
document__path=Left(db.Value(document.path), Length("document__path")),
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
).aggregate(min_date=db.Min("created_at"))
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
# Handle the case where the user has no accesses
min_datetime = access_queryset["min_date"]
if not min_datetime:
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.exceptions.PermissionDenied(
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
"Only users with specific access can see version history"
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
)
👔(backend) add document version serializer Add document version serializer to get the pagination with the document version list.
2024-07-17 09:10:05 +02:00
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
versions_data = document.get_versions_slice(
from_version_id=serializer.validated_data.get("version_id"),
min_datetime=min_datetime,
page_size=serializer.validated_data.get("page_size"),
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(versions_data)
👔(backend) add document version serializer Add document version serializer to get the pagination with the document version list.
2024-07-17 09:10:05 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
detail=True,
methods=["get", "delete"],
🐛(media) fix compatibility with Scaleway Object Storage Some providers with S3-compatible APIs have slightly different implementations. In this case, Scaleway didn't accept version_id="" and has a different version ID scheme. This was tested successfully and should remain compatible with any other provider.
2025-03-20 00:16:00 +01:00
url_path="versions/(?P<version_id>[0-9a-z-]+)",
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
)
# pylint: disable=unused-argument
def versions_detail(self, request, pk, version_id, *args, **kwargs):
"""Custom action to retrieve a specific version of a document"""
document = self.get_object()
try:
response = document.get_content_response(version_id=version_id)
except (FileNotFoundError, ClientError) as err:
raise Http404 from err
# Don't let users access versions that were created before they were given access
# to the document
🛂(backend) stop to list public doc to everyone Everybody could see the full list of public docs. Now only members can see their public docs. They can still access to any specific public doc.
2024-09-06 16:12:02 +02:00
user = request.user
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
min_datetime = min(
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
access.created_at
✨(backend) retrieve & update a document taking into account ancestors A document should inherit the access rights a user has on any of its ancestors.
2024-12-17 07:47:23 +01:00
for access in models.DocumentAccess.objects.filter(
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
db.Q(user=user) | db.Q(team__in=user.teams),
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
document__path=Left(db.Value(document.path), Length("document__path")),
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
)
)
✨(backend) retrieve & update a document taking into account ancestors A document should inherit the access rights a user has on any of its ancestors.
2024-12-17 07:47:23 +01:00
♻️(api) refactor getting versions to expose pagination Getting versions was not working properly. Some versions returned were not accessible by the user requesting the list of available versions. We refactor the code to make it simpler and let the frontend handle pagination (load more style).
2024-09-16 19:27:48 +02:00
if response["LastModified"] < min_datetime:
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
raise Http404
if request.method == "DELETE":
response = document.delete_version(version_id)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
status=response["ResponseMetadata"]["HTTPStatusCode"]
)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
{
🏷️(backend) accept string as saved document Saved documents has to be a string now. Before it has to be a json object.
2024-05-21 14:46:23 +02:00
"content": response["Body"].read().decode("utf-8"),
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
"last_modified": response["LastModified"],
👔(backend) add document version serializer Add document version serializer to get the pagination with the document version list.
2024-07-17 09:10:05 +02:00
"id": version_id,
✨(documents) allow retrieving versions (list and detail) Versions are retrieved directly from object storage and served on API endpoints. We make sure a user who is given access to a document will only see versions that were created after s.he gained access.
2024-04-08 23:37:15 +02:00
}
)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(detail=True, methods=["put"], url_path="link-configuration")
✨(api) allow updating link configuration for a document We open a specific endpoint to update documents link configuration because it makes it more secure and simple to limit access rights to administrators/owners whereas other document fields like title and content can be edited by anonymous or authenticated users with much less access rights.
2024-09-08 23:07:47 +02:00
def link_configuration(self, request, *args, **kwargs):
"""Update link configuration with specific rights (cf get_abilities)."""
# Check permissions first
document = self.get_object()
# Deserialize and validate the data
serializer = serializers.LinkDocumentSerializer(
document, data=request.data, partial=True
)
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
serializer.is_valid(raise_exception=True)
✨(api) allow updating link configuration for a document We open a specific endpoint to update documents link configuration because it makes it more secure and simple to limit access rights to administrators/owners whereas other document fields like title and content can be edited by anonymous or authenticated users with much less access rights.
2024-09-08 23:07:47 +02:00
serializer.save()
✨(backend) notify collaboration server When an access is updated or removed, the collaboration server is notified to reset the access connection; by being disconnected, the accesses will automatically reconnect by passing by the ngnix subrequest, and so get the good rights. We do the same system when the document link is updated, except here we reset every access connection.
2024-11-28 16:35:48 +01:00
# Notify collaboration server about the link updated
CollaborationService().reset_connections(str(document.id))
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(serializer.data, status=drf.status.HTTP_200_OK)
✨(api) allow updating link configuration for a document We open a specific endpoint to update documents link configuration because it makes it more secure and simple to limit access rights to administrators/owners whereas other document fields like title and content can be edited by anonymous or authenticated users with much less access rights.
2024-09-08 23:07:47 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(detail=True, methods=["post", "delete"], url_path="favorite")
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
def favorite(self, request, *args, **kwargs):
"""
Mark or unmark the document as a favorite for the logged-in user based on the HTTP method.
"""
# Check permissions first
document = self.get_object()
user = request.user
if request.method == "POST":
# Try to mark as favorite
try:
models.DocumentFavorite.objects.create(document=document, user=user)
except ValidationError:
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
{"detail": "Document already marked as favorite"},
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
status=drf.status.HTTP_200_OK,
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
{"detail": "Document marked as favorite"},
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
status=drf.status.HTTP_201_CREATED,
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
)
# Handle DELETE method to unmark as favorite
deleted, _ = models.DocumentFavorite.objects.filter(
document=document, user=user
).delete()
if deleted:
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
{"detail": "Document unmarked as favorite"},
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
status=drf.status.HTTP_204_NO_CONTENT,
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
{"detail": "Document was already not marked as favorite"},
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
status=drf.status.HTTP_200_OK,
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(detail=True, methods=["post"], url_path="attachment-upload")
✨(backend) allow uploading images as attachments to a document We only rely on S3 to store attachments for a document. Nothing is persisted in the database as the image media urls will be stored in the document json.
2024-08-19 22:35:48 +02:00
def attachment_upload(self, request, *args, **kwargs):
"""Upload a file related to a given document"""
# Check permissions first
document = self.get_object()
# Validate metadata in payload
serializer = serializers.FileUploadSerializer(data=request.data)
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
serializer.is_valid(raise_exception=True)
✨(backend) allow uploading images as attachments to a document We only rely on S3 to store attachments for a document. Nothing is persisted in the database as the image media urls will be stored in the document json.
2024-08-19 22:35:48 +02:00
# Generate a generic yet unique filename to store the image in object storage
file_id = uuid.uuid4()
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
ext = serializer.validated_data["expected_extension"]
✨(backend) allow uploading more types of attachments We want to allow users to upload files to a document, not just images. We try to enforce coherence between the file extension and the real mime type of its content. If a file is deemed unsafe, it is still accepted during upload and the information is stored as metadata on the object for display to readers.
2024-10-07 20:10:42 +02:00
# Prepare metadata for storage
🏷️(backend) add content-type to uploaded files All the uploaded files had the content-type set to `application/octet-stream`. It create issues when the file is downloaded from the frontend because the browser doesn't know how to handle the file. We now determine the content-type of the file and set it to the file object.
2025-01-15 15:58:46 +01:00
extra_args = {
✨(backend) manage uploaded file status and call to malware detection In the attachment_upload method, the status in the file metadata to processing and the malware_detection backend is called. We check in the media_auth if the status is ready in order to accept the request.
2025-05-05 16:01:12 +02:00
"Metadata": {
"owner": str(request.user.id),
"status": enums.DocumentAttachmentStatus.PROCESSING,
},
🏷️(backend) add content-type to uploaded files All the uploaded files had the content-type set to `application/octet-stream`. It create issues when the file is downloaded from the frontend because the browser doesn't know how to handle the file. We now determine the content-type of the file and set it to the file object.
2025-01-15 15:58:46 +01:00
"ContentType": serializer.validated_data["content_type"],
}
🛂(backend) add unsafe in the attachments filename The frontend cannot access custom headers of a file, so we need to add a flag in the filename. We add the `unsafe` flag in the filename to indicate that the file is unsafe. Previous filename: "/{UUID4}.{extension}" New filename: "/{UUID4}-unsafe.{extension}"
2025-02-26 18:21:38 +01:00
file_unsafe = ""
✨(backend) allow uploading more types of attachments We want to allow users to upload files to a document, not just images. We try to enforce coherence between the file extension and the real mime type of its content. If a file is deemed unsafe, it is still accepted during upload and the information is stored as metadata on the object for display to readers.
2024-10-07 20:10:42 +02:00
if serializer.validated_data["is_unsafe"]:
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
extra_args["Metadata"]["is_unsafe"] = "true"
🛂(backend) add unsafe in the attachments filename The frontend cannot access custom headers of a file, so we need to add a flag in the filename. We add the `unsafe` flag in the filename to indicate that the file is unsafe. Previous filename: "/{UUID4}.{extension}" New filename: "/{UUID4}-unsafe.{extension}"
2025-02-26 18:21:38 +01:00
file_unsafe = "-unsafe"
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
key = f"{document.key_base}/{enums.ATTACHMENTS_FOLDER:s}/{file_id!s}{file_unsafe}.{ext:s}"
✨(backend) allow uploading more types of attachments We want to allow users to upload files to a document, not just images. We try to enforce coherence between the file extension and the real mime type of its content. If a file is deemed unsafe, it is still accepted during upload and the information is stored as metadata on the object for display to readers.
2024-10-07 20:10:42 +02:00
🔒️(back) set ContentDisposition on media upload On the media upload endpoint, we want to set the content-disposition header. Its value is based on the uploaded file mime-type and if flagged as unsafe. If the file is not an image or is unsafe then the contentDisposition is set to attachment to force its download. Otherwise, we set it to inline.
2025-02-27 16:19:17 +01:00
file_name = serializer.validated_data["file_name"]
if (
not serializer.validated_data["content_type"].startswith("image/")
or serializer.validated_data["is_unsafe"]
):
extra_args.update(
{"ContentDisposition": f'attachment; filename="{file_name:s}"'}
)
else:
extra_args.update(
{"ContentDisposition": f'inline; filename="{file_name:s}"'}
)
✨(backend) allow uploading more types of attachments We want to allow users to upload files to a document, not just images. We try to enforce coherence between the file extension and the real mime type of its content. If a file is deemed unsafe, it is still accepted during upload and the information is stored as metadata on the object for display to readers.
2024-10-07 20:10:42 +02:00
file = serializer.validated_data["file"]
default_storage.connection.meta.client.upload_fileobj(
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
file, default_storage.bucket_name, key, ExtraArgs=extra_args
✨(backend) allow uploading more types of attachments We want to allow users to upload files to a document, not just images. We try to enforce coherence between the file extension and the real mime type of its content. If a file is deemed unsafe, it is still accepted during upload and the information is stored as metadata on the object for display to readers.
2024-10-07 20:10:42 +02:00
)
✨(backend) allow uploading images as attachments to a document We only rely on S3 to store attachments for a document. Nothing is persisted in the database as the image media urls will be stored in the document json.
2024-08-19 22:35:48 +02:00
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
# Make the attachment readable by document readers
document.attachments.append(key)
document.save()
✨(backend) manage uploaded file status and call to malware detection In the attachment_upload method, the status in the file metadata to processing and the malware_detection backend is called. We check in the media_auth if the status is ready in order to accept the request.
2025-05-05 16:01:12 +02:00
malware_detection.analyse_file(key, document_id=document.id)
♻️(back) return the media-check url on the attachment_upload response We want to have the media-check url returned on the attachment-upload response instead of the media url directly. The front will know the endpoint to use to check the media status.
2025-05-21 15:09:40 +02:00
url = reverse(
"documents-media-check",
kwargs={"pk": document.id},
)
parameters = urlencode({"key": key})
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(
♻️(back) return the media-check url on the attachment_upload response We want to have the media-check url returned on the attachment-upload response instead of the media url directly. The front will know the endpoint to use to check the media status.
2025-05-21 15:09:40 +02:00
{
"file": f"{url:s}?{parameters:s}",
},
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
status=drf.status.HTTP_201_CREATED,
✨(backend) allow uploading images as attachments to a document We only rely on S3 to store attachments for a document. Nothing is persisted in the database as the image media urls will be stored in the document json.
2024-08-19 22:35:48 +02:00
)
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
def _auth_get_original_url(self, request):
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
"""
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
Extracts and parses the original URL from the "HTTP_X_ORIGINAL_URL" header.
Raises PermissionDenied if the header is missing.
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
The original url is passed by nginx in the "HTTP_X_ORIGINAL_URL" header.
See corresponding ingress configuration in Helm chart and read about the
nginx.ingress.kubernetes.io/auth-url annotation to understand how the Nginx ingress
is configured to do this.
Based on the original url and the logged in user, we must decide if we authorize Nginx
to let this request go through (by returning a 200 code) or if we block it (by returning
a 403 error). Note that we return 403 errors without any further details for security
reasons.
"""
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
# Extract the original URL from the request header
original_url = request.META.get("HTTP_X_ORIGINAL_URL")
if not original_url:
logger.debug("Missing HTTP_X_ORIGINAL_URL header in subrequest")
raise drf.exceptions.PermissionDenied()
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
logger.debug("Original url: '%s'", original_url)
return urlparse(original_url)
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
def _auth_get_url_params(self, pattern, fragment):
"""
Extracts URL parameters from the given fragment using the specified regex pattern.
Raises PermissionDenied if parameters cannot be extracted.
"""
match = pattern.search(fragment)
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
try:
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
return match.groupdict()
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
except (ValueError, AttributeError) as exc:
logger.debug("Failed to extract parameters from subrequest URL: %s", exc)
raise drf.exceptions.PermissionDenied() from exc
@drf.decorators.action(detail=False, methods=["get"], url_path="media-auth")
def media_auth(self, request, *args, **kwargs):
"""
This view is used by an Nginx subrequest to control access to a document's
attachment file.
When we let the request go through, we compute authorization headers that will be added to
the request going through thanks to the nginx.ingress.kubernetes.io/auth-response-headers
annotation. The request will then be proxied to the object storage backend who will
respond with the file after checking the signature included in headers.
"""
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
parsed_url = self._auth_get_original_url(request)
url_params = self._auth_get_url_params(
enums.MEDIA_STORAGE_URL_PATTERN, parsed_url.path
✨(backend) add subrequest auth view for collaboration server We need to improve security on the access to The collaboration server We can use the same pattern as for media files leveraging the nginx subrequest feature.
2024-11-18 08:05:54 +01:00
)
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
user = request.user
key = f"{url_params['pk']:s}/{url_params['attachment']:s}"
# Look for a document to which the user has access and that includes this attachment
# We must look into all descendants of any document to which the user has access per se
readable_per_se_paths = (
self.queryset.readable_per_se(user)
.order_by("path")
.values_list("path", flat=True)
)
attachments_documents = (
self.queryset.filter(attachments__contains=[key])
.only("path")
.order_by("path")
)
readable_attachments_paths = filter_descendants(
[doc.path for doc in attachments_documents],
readable_per_se_paths,
skip_sorting=True,
)
if not readable_attachments_paths:
logger.debug("User '%s' lacks permission for attachment", user)
♻️(backend) refactor media_auth and collaboration_auth for flexibility These 2 actions had factorized code but a few iterations lead to spaghetti code where factorized code includes "if" clauses. Refactor abstractions so that code factorization really works.
2024-12-27 17:19:16 +01:00
raise drf.exceptions.PermissionDenied()
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
✨(backend) manage uploaded file status and call to malware detection In the attachment_upload method, the status in the file metadata to processing and the malware_detection backend is called. We check in the media_auth if the status is ready in order to accept the request.
2025-05-05 16:01:12 +02:00
# Check if the attachment is ready
s3_client = default_storage.connection.meta.client
bucket_name = default_storage.bucket_name
✨(back) add endpoint checking media status With the usage of a malware detection system, we need a way to know the file status. The front will use it to display a loader while the analyse is not ended.
2025-05-21 14:22:31 +02:00
try:
head_resp = s3_client.head_object(Bucket=bucket_name, Key=key)
except ClientError as err:
raise drf.exceptions.PermissionDenied() from err
✨(backend) manage uploaded file status and call to malware detection In the attachment_upload method, the status in the file metadata to processing and the malware_detection backend is called. We check in the media_auth if the status is ready in order to accept the request.
2025-05-05 16:01:12 +02:00
metadata = head_resp.get("Metadata", {})
# In order to be compatible with existing upload without `status` metadata,
# we consider them as ready.
if (
metadata.get("status", enums.DocumentAttachmentStatus.READY)
!= enums.DocumentAttachmentStatus.READY
):
raise drf.exceptions.PermissionDenied()
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
# Generate S3 authorization headers using the extracted URL parameters
✨(backend) add duplicate action to the document API endpoint We took this opportunity to refactor the way access is controlled on media attachments. We now add the media key to a list on the document instance each time a media is uploaded to a document. This list is passed along when a document is duplicated, allowing us to grant access to readers on the new document, even if they don't have or lost access to the original document. We also propose an option to reproduce the same access rights on the duplicate document as what was in place on the original document. This can be requested by passing the "with_accesses=true" option in the query string. The tricky point is that we need to extract attachment keys from the existing documents and set them on the new "attachments" field that is now used to track access rights on media files.
2025-01-20 10:23:18 +01:00
request = utils.generate_s3_authorization_headers(key)
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response("authorized", headers=request.headers, status=200)
✨(backend) add url to download media attachments with access rights We make use of nginx subrequests to block media file downloads while we check for access rights. The request is then proxied to the object storage engine and authorization is added via the "Authorization" header. This way the media urls are static and can be stored in the document's json content without compromising on security: access control is done on all requests based on the user cookie session.
2024-08-19 22:38:41 +02:00
✨(back) add endpoint checking media status With the usage of a malware detection system, we need a way to know the file status. The front will use it to display a loader while the analyse is not ended.
2025-05-21 14:22:31 +02:00
@drf.decorators.action(detail=True, methods=["get"], url_path="media-check")
def media_check(self, request, *args, **kwargs):
"""
Check if the media is ready to be served.
"""
document = self.get_object()
key = request.query_params.get("key")
if not key:
return drf.response.Response(
{"detail": "Missing 'key' query parameter"},
status=drf.status.HTTP_400_BAD_REQUEST,
)
if key not in document.attachments:
return drf.response.Response(
{"detail": "Attachment missing"},
status=drf.status.HTTP_404_NOT_FOUND,
)
# Check if the attachment is ready
s3_client = default_storage.connection.meta.client
bucket_name = default_storage.bucket_name
try:
head_resp = s3_client.head_object(Bucket=bucket_name, Key=key)
except ClientError as err:
logger.error("Client Error fetching file %s metadata: %s", key, err)
return drf.response.Response(
{"detail": "Media not found"},
status=drf.status.HTTP_404_NOT_FOUND,
)
metadata = head_resp.get("Metadata", {})
body = {
"status": metadata.get("status", enums.DocumentAttachmentStatus.PROCESSING),
}
if metadata.get("status") == enums.DocumentAttachmentStatus.READY:
body = {
"status": enums.DocumentAttachmentStatus.READY,
"file": f"{settings.MEDIA_URL:s}{key:s}",
}
return drf.response.Response(body, status=drf.status.HTTP_200_OK)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
detail=True,
methods=["post"],
name="Apply a transformation action on a piece of text with AI",
url_path="ai-transform",
throttle_classes=[utils.AIDocumentRateThrottle, utils.AIUserRateThrottle],
)
def ai_transform(self, request, *args, **kwargs):
"""
POST /api/v1.0/documents/<resource_id>/ai-transform
with expected data:
- text: str
- action: str [prompt, correct, rephrase, summarize]
Return JSON response with the processed text.
"""
# Check permissions first
self.get_object()
serializer = serializers.AITransformSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
text = serializer.validated_data["text"]
action = serializer.validated_data["action"]
response = AIService().transform(text, action)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(response, status=drf.status.HTTP_200_OK)
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
@drf.decorators.action(
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
detail=True,
methods=["post"],
name="Translate a piece of text with AI",
url_path="ai-translate",
throttle_classes=[utils.AIDocumentRateThrottle, utils.AIUserRateThrottle],
)
def ai_translate(self, request, *args, **kwargs):
"""
POST /api/v1.0/documents/<resource_id>/ai-translate
with expected data:
- text: str
- language: str [settings.LANGUAGES]
Return JSON response with the translated text.
"""
# Check permissions first
self.get_object()
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
text = serializer.validated_data["text"]
language = serializer.validated_data["language"]
response = AIService().translate(text, language)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(response, status=drf.status.HTTP_200_OK)
✨(backend) create ai endpoint We created 2 new action endpoints on the document to perform AI operations: - POST /api/v1.0/documents/{uuid}/ai-transform - POST /api/v1.0/documents/{uuid}/ai-translate
2024-09-20 22:42:46 +02:00
✨(back) create a cors proxy fetching docs external resources When exporting a document in PDF and if the doc contains external resources, we want to fetch them using a proxy bypassing CORS restrictions. To ensure this endpoint is not used for something else than fetching urls contains in the doc, we use access control and check if the url really exists in the document.
2025-03-10 10:11:38 +01:00
@drf.decorators.action(
detail=True,
methods=["get"],
name="",
url_path="cors-proxy",
)
➕(back) install and configure django csp (#1085) We want to protect all requests from django with content security policy header. We use the djang-csp library and configure it with default values. Fixes #1000
2025-06-30 10:42:48 +02:00
@csp_update({"img-src": [NONE, "data:"]})
✨(back) create a cors proxy fetching docs external resources When exporting a document in PDF and if the doc contains external resources, we want to fetch them using a proxy bypassing CORS restrictions. To ensure this endpoint is not used for something else than fetching urls contains in the doc, we use access control and check if the url really exists in the document.
2025-03-10 10:11:38 +01:00
def cors_proxy(self, request, *args, **kwargs):
"""
GET /api/v1.0/documents/<resource_id>/cors-proxy
Act like a proxy to fetch external resources and bypass CORS restrictions.
"""
url = request.query_params.get("url")
if not url:
return drf.response.Response(
{"detail": "Missing 'url' query parameter"},
status=drf.status.HTTP_400_BAD_REQUEST,
)
# Check for permissions.
self.get_object()
url = unquote(url)
try:
response = requests.get(
url,
stream=True,
headers={
"User-Agent": request.headers.get("User-Agent", ""),
"Accept": request.headers.get("Accept", ""),
},
timeout=10,
)
🐛(back) allow only images to be used with the cors-proxy The cors-proxy endpoint allowed to use every type of files and to execute it in the browser. We limit the scope only to images and Content-Security-Policy and Content-Disposition headers are also added to not allow script execution that can be present in a SVG file.
2025-03-20 11:04:02 +01:00
content_type = response.headers.get("Content-Type", "")
if not content_type.startswith("image/"):
return drf.response.Response(
status=status.HTTP_415_UNSUPPORTED_MEDIA_TYPE
)
✨(back) create a cors proxy fetching docs external resources When exporting a document in PDF and if the doc contains external resources, we want to fetch them using a proxy bypassing CORS restrictions. To ensure this endpoint is not used for something else than fetching urls contains in the doc, we use access control and check if the url really exists in the document.
2025-03-10 10:11:38 +01:00
# Use StreamingHttpResponse with the response's iter_content to properly stream the data
proxy_response = StreamingHttpResponse(
streaming_content=response.iter_content(chunk_size=8192),
🐛(back) allow only images to be used with the cors-proxy The cors-proxy endpoint allowed to use every type of files and to execute it in the browser. We limit the scope only to images and Content-Security-Policy and Content-Disposition headers are also added to not allow script execution that can be present in a SVG file.
2025-03-20 11:04:02 +01:00
content_type=content_type,
headers={
"Content-Disposition": "attachment;",
},
✨(back) create a cors proxy fetching docs external resources When exporting a document in PDF and if the doc contains external resources, we want to fetch them using a proxy bypassing CORS restrictions. To ensure this endpoint is not used for something else than fetching urls contains in the doc, we use access control and check if the url really exists in the document.
2025-03-10 10:11:38 +01:00
status=response.status_code,
)
return proxy_response
except requests.RequestException as e:
logger.error("Proxy request failed: %s", str(e))
return drf_response.Response(
{"error": f"Failed to fetch resource: {e!s}"},
status=status.HTTP_500_INTERNAL_SERVER_ERROR,
)
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
class DocumentAccessViewSet(
ResourceAccessViewsetMixin,
♻️(backend) refactor resource access viewset The document viewset was overriding the get_queryset method from its own mixin. This was a sign that the mixin was not optimal anymore. In the next commit I will need to complexify it further so it's time to refactor the mixin.
2025-04-12 09:11:33 +02:00
drf.mixins.CreateModelMixin,
drf.mixins.RetrieveModelMixin,
drf.mixins.UpdateModelMixin,
drf.mixins.DestroyModelMixin,
viewsets.GenericViewSet,
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
):
"""
API ViewSet for all interactions with document accesses.
GET /api/v1.0/documents/<resource_id>/accesses/:<document_access_id>
Return list of all document accesses related to the logged-in user or one
document access if an id is provided.
POST /api/v1.0/documents/<resource_id>/accesses/ with expected data:
- user: str
♻️(models) rename document/template access rights The "member" access right does not make sense for documents and templates. What we really need are "editor" and "reader" access rights.
2024-05-25 08:15:34 +02:00
- role: str [administrator|editor|reader]
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
Return newly created document access
PUT /api/v1.0/documents/<resource_id>/accesses/<document_access_id>/ with expected data:
♻️(models) rename document/template access rights The "member" access right does not make sense for documents and templates. What we really need are "editor" and "reader" access rights.
2024-05-25 08:15:34 +02:00
- role: str [owner|admin|editor|reader]
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
Return updated document access
PATCH /api/v1.0/documents/<resource_id>/accesses/<document_access_id>/ with expected data:
♻️(models) rename document/template access rights The "member" access right does not make sense for documents and templates. What we really need are "editor" and "reader" access rights.
2024-05-25 08:15:34 +02:00
- role: str [owner|admin|editor|reader]
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
Return partially updated document access
DELETE /api/v1.0/documents/<resource_id>/accesses/<document_access_id>/
Delete targeted document access
"""
lookup_field = "pk"
permission_classes = [permissions.IsAuthenticated, permissions.AccessPermission]
queryset = models.DocumentAccess.objects.select_related("user").all()
resource_field_name = "document"
serializer_class = serializers.DocumentAccessSerializer
🔒️(back) restrict accesss to document accesses Every user having an access to a document, no matter its role have access to the entire accesses list with all the user details. Only owner or admin should be able to have the entire list, for the other roles, they have access to the list containing only owner and administrator with less information on the username. The email and its id is removed
2025-03-24 23:36:24 +01:00
is_current_user_owner_or_admin = False
♻️(backend) refactor resource access viewset The document viewset was overriding the get_queryset method from its own mixin. This was a sign that the mixin was not optimal anymore. In the next commit I will need to complexify it further so it's time to refactor the mixin.
2025-04-12 09:11:33 +02:00
def list(self, request, *args, **kwargs):
"""Return accesses for the current document with filters and annotations."""
user = self.request.user
queryset = self.filter_queryset(self.get_queryset())
🔒️(back) restrict accesss to document accesses Every user having an access to a document, no matter its role have access to the entire accesses list with all the user details. Only owner or admin should be able to have the entire list, for the other roles, they have access to the list containing only owner and administrator with less information on the username. The email and its id is removed
2025-03-24 23:36:24 +01:00
♻️(backend) refactor resource access viewset The document viewset was overriding the get_queryset method from its own mixin. This was a sign that the mixin was not optimal anymore. In the next commit I will need to complexify it further so it's time to refactor the mixin.
2025-04-12 09:11:33 +02:00
try:
document = models.Document.objects.get(pk=self.kwargs["resource_id"])
except models.Document.DoesNotExist:
return drf.response.Response([])
🔒️(back) restrict accesss to document accesses Every user having an access to a document, no matter its role have access to the entire accesses list with all the user details. Only owner or admin should be able to have the entire list, for the other roles, they have access to the list containing only owner and administrator with less information on the username. The email and its id is removed
2025-03-24 23:36:24 +01:00
♻️(backend) refactor resource access viewset The document viewset was overriding the get_queryset method from its own mixin. This was a sign that the mixin was not optimal anymore. In the next commit I will need to complexify it further so it's time to refactor the mixin.
2025-04-12 09:11:33 +02:00
roles = set(document.get_roles(user))
if not roles:
return drf.response.Response([])
🔒️(back) restrict accesss to document accesses Every user having an access to a document, no matter its role have access to the entire accesses list with all the user details. Only owner or admin should be able to have the entire list, for the other roles, they have access to the list containing only owner and administrator with less information on the username. The email and its id is removed
2025-03-24 23:36:24 +01:00
♻️(backend) refactor resource access viewset The document viewset was overriding the get_queryset method from its own mixin. This was a sign that the mixin was not optimal anymore. In the next commit I will need to complexify it further so it's time to refactor the mixin.
2025-04-12 09:11:33 +02:00
is_owner_or_admin = bool(roles.intersection(set(models.PRIVILEGED_ROLES)))
self.is_current_user_owner_or_admin = is_owner_or_admin
if not is_owner_or_admin:
# Return only the document's privileged accesses
queryset = queryset.filter(role__in=models.PRIVILEGED_ROLES)
queryset = queryset.distinct()
serializer = self.get_serializer(queryset, many=True)
return drf.response.Response(serializer.data)
🔒️(back) restrict accesss to document accesses Every user having an access to a document, no matter its role have access to the entire accesses list with all the user details. Only owner or admin should be able to have the entire list, for the other roles, they have access to the list containing only owner and administrator with less information on the username. The email and its id is removed
2025-03-24 23:36:24 +01:00
def get_serializer_class(self):
if self.action == "list" and not self.is_current_user_owner_or_admin:
return serializers.DocumentAccessLightSerializer
return super().get_serializer_class()
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
✨(backend) send email invitation when add user to doc We send as well an email invitation to the user when we add him to a document.
2024-08-15 15:40:56 +02:00
def perform_create(self, serializer):
"""Add a new access to the document and send an email to the new added user."""
access = serializer.save()
♻️(email) use full name instead of email If the full name is available, we will use it to identify the user in the email instead of the email address.
2024-10-15 15:53:18 +02:00
✨(backend) add server-to-server API endpoint to create documents We want trusted external applications to be able to create documents via the API on behalf of any user. The user may or may not pre-exist in our database and should be notified of the document creation by email.
2024-12-01 11:25:01 +01:00
access.document.send_invitation_email(
♻️(email) use full name instead of email If the full name is available, we will use it to identify the user in the email instead of the email address.
2024-10-15 15:53:18 +02:00
access.user.email,
access.role,
self.request.user,
🔨(backend) email invitation in invited user's language - language for invitation emails => language saved on the invited user - if invited user does not exist yet => language of the sending user - if for some reason no sending user => system default language
2025-03-04 13:46:40 +01:00
access.user.language
or self.request.user.language
or settings.LANGUAGE_CODE,
♻️(backend) change email invitation content Change the email invitation content. More document related variables are added. To benefit of the document inheritance, we moved the function email_invitation to the document model.
2024-09-25 12:43:02 +02:00
)
✨(backend) send email invitation when add user to doc We send as well an email invitation to the user when we add him to a document.
2024-08-15 15:40:56 +02:00
✨(backend) notify collaboration server When an access is updated or removed, the collaboration server is notified to reset the access connection; by being disconnected, the accesses will automatically reconnect by passing by the ngnix subrequest, and so get the good rights. We do the same system when the document link is updated, except here we reset every access connection.
2024-11-28 16:35:48 +01:00
def perform_update(self, serializer):
"""Update an access to the document and notify the collaboration server."""
access = serializer.save()
access_user_id = None
if access.user:
access_user_id = str(access.user.id)
# Notify collaboration server about the access change
CollaborationService().reset_connections(
str(access.document.id), access_user_id
)
def perform_destroy(self, instance):
"""Delete an access to the document and notify the collaboration server."""
instance.delete()
# Notify collaboration server about the access removed
CollaborationService().reset_connections(
str(instance.document.id), str(instance.user.id)
)
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
class TemplateViewSet(
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
drf.mixins.CreateModelMixin,
drf.mixins.DestroyModelMixin,
drf.mixins.RetrieveModelMixin,
drf.mixins.UpdateModelMixin,
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
viewsets.GenericViewSet,
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
):
"""Template ViewSet"""
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
filter_backends = [drf.filters.OrderingFilter]
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
permission_classes = [
permissions.IsAuthenticatedOrSafe,
permissions.AccessPermission,
]
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
ordering = ["-created_at"]
ordering_fields = ["created_at", "updated_at", "title"]
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
serializer_class = serializers.TemplateSerializer
queryset = models.Template.objects.all()
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
def get_queryset(self):
"""Custom queryset to get user related templates."""
queryset = super().get_queryset()
user = self.request.user
if not user.is_authenticated:
return queryset
user_roles_query = (
models.TemplateAccess.objects.filter(
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
db.Q(user=user) | db.Q(team__in=user.teams),
template_id=db.OuterRef("pk"),
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
)
.values("template")
.annotate(roles_array=ArrayAgg("role"))
.values("roles_array")
)
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
return queryset.annotate(user_roles=db.Subquery(user_roles_query)).distinct()
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
def list(self, request, *args, **kwargs):
"""Restrict templates returned by the list endpoint"""
queryset = self.filter_queryset(self.get_queryset())
user = self.request.user
if user.is_authenticated:
queryset = queryset.filter(
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
db.Q(accesses__user=user)
| db.Q(accesses__team__in=user.teams)
| db.Q(is_public=True)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
)
else:
queryset = queryset.filter(is_public=True)
page = self.paginate_queryset(queryset)
if page is not None:
serializer = self.get_serializer(page, many=True)
return self.get_paginated_response(serializer.data)
serializer = self.get_serializer(queryset, many=True)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(serializer.data)
✨(models/api) add link access reach and role Link access was either public or private and was only allowing readers. This commit makes link access more powerful: - link reach can be private (users need to obtain specific access by document's administrators), restricted (any authenticated user) or public (anybody including anonymous users) - link role can be reader or editor. It is thus now possible to give editor access to an anonymous user or any authenticated user.
2024-09-08 23:37:49 +02:00
🗃️(backend) make document/template creation atomic When creating a new document/template via the API, we add the logged-in user as owner of the created object. This should be done atomically with the object creation to make sure we don't end-up with an orphan object that the creator can't access anymore.
2025-01-27 21:20:16 +01:00
@transaction.atomic
✨(backend) allow users to mark/unmark documents as favorite A user can now mark/unmark documents as favorite. This is done via a new action of the document API endpoint: /api/v1.0/documents/{document_id}/favorite POST to mark as favorite / DELETE to unmark
2024-11-09 10:45:38 +01:00
def perform_create(self, serializer):
"""Set the current user as owner of the newly created object."""
obj = serializer.save()
models.TemplateAccess.objects.create(
template=obj,
user=self.request.user,
role=models.RoleChoices.OWNER,
)
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
class TemplateAccessViewSet(
ResourceAccessViewsetMixin,
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
drf.mixins.CreateModelMixin,
drf.mixins.DestroyModelMixin,
drf.mixins.RetrieveModelMixin,
drf.mixins.UpdateModelMixin,
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
viewsets.GenericViewSet,
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
):
"""
API ViewSet for all interactions with template accesses.
GET /api/v1.0/templates/<template_id>/accesses/:<template_access_id>
Return list of all template accesses related to the logged-in user or one
template access if an id is provided.
POST /api/v1.0/templates/<template_id>/accesses/ with expected data:
- user: str
♻️(models) rename document/template access rights The "member" access right does not make sense for documents and templates. What we really need are "editor" and "reader" access rights.
2024-05-25 08:15:34 +02:00
- role: str [administrator|editor|reader]
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
Return newly created template access
PUT /api/v1.0/templates/<template_id>/accesses/<template_access_id>/ with expected data:
♻️(models) rename document/template access rights The "member" access right does not make sense for documents and templates. What we really need are "editor" and "reader" access rights.
2024-05-25 08:15:34 +02:00
- role: str [owner|admin|editor|reader]
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
Return updated template access
PATCH /api/v1.0/templates/<template_id>/accesses/<template_access_id>/ with expected data:
♻️(models) rename document/template access rights The "member" access right does not make sense for documents and templates. What we really need are "editor" and "reader" access rights.
2024-05-25 08:15:34 +02:00
- role: str [owner|admin|editor|reader]
✨(models/api) add document model and API We do this by making copies of existing Template and TemplateAccess models and API. A little refactoring is done to try to limit duplicate code.
2024-04-03 18:50:28 +02:00
Return partially updated template access
DELETE /api/v1.0/templates/<template_id>/accesses/<template_access_id>/
Delete targeted template access
"""
lookup_field = "pk"
permission_classes = [permissions.IsAuthenticated, permissions.AccessPermission]
queryset = models.TemplateAccess.objects.select_related("user").all()
resource_field_name = "template"
serializer_class = serializers.TemplateAccessSerializer
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
♻️(backend) refactor resource access viewset The document viewset was overriding the get_queryset method from its own mixin. This was a sign that the mixin was not optimal anymore. In the next commit I will need to complexify it further so it's time to refactor the mixin.
2025-04-12 09:11:33 +02:00
def list(self, request, *args, **kwargs):
"""Restrict templates returned by the list endpoint"""
user = self.request.user
teams = user.teams
queryset = self.filter_queryset(self.get_queryset())
# Limit to resource access instances related to a resource THAT also has
# a resource access instance for the logged-in user (we don't want to list
# only the resource access instances pointing to the logged-in user)
queryset = queryset.filter(
db.Q(template__accesses__user=user)
| db.Q(template__accesses__team__in=teams),
).distinct()
serializer = self.get_serializer(queryset, many=True)
return drf.response.Response(serializer.data)
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
class InvitationViewset(
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
drf.mixins.CreateModelMixin,
drf.mixins.ListModelMixin,
drf.mixins.RetrieveModelMixin,
drf.mixins.DestroyModelMixin,
drf.mixins.UpdateModelMixin,
✨(backend) add soft delete to documents and refactor db queryset Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
viewsets.GenericViewSet,
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
):
"""API ViewSet for user invitations to document.
GET /api/v1.0/documents/<document_id>/invitations/:<invitation_id>/
Return list of invitations related to that document or one
document access if an id is provided.
POST /api/v1.0/documents/<document_id>/invitations/ with expected data:
- email: str
♻️(models) rename document/template access rights The "member" access right does not make sense for documents and templates. What we really need are "editor" and "reader" access rights.
2024-05-25 08:15:34 +02:00
- role: str [administrator|editor|reader]
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
Return newly created invitation (issuer and document are automatically set)
🛂(backend) can update role invitation Allow to update role invitation if owner or admin.
2024-08-16 16:55:00 +02:00
PATCH /api/v1.0/documents/<document_id>/invitations/:<invitation_id>/ with expected data:
- role: str [owner|admin|editor|reader]
Return partially updated document invitation
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
DELETE /api/v1.0/documents/<document_id>/invitations/<invitation_id>/
Delete targeted invitation
"""
lookup_field = "id"
pagination_class = Pagination
🐛(backend) fix invitations API endpoint access rights Only users who have the rights to manage accesses on the document should be allowed to see and manipulate invitations. Other users can see access rights on the document but only when the corresponding user/team has actually been granted access. We added a parameter in document abilities so the frontend knows when the logged-in user can invite another user with the owner role or not.
2024-10-22 00:28:16 +02:00
permission_classes = [
permissions.CanCreateInvitationPermission,
permissions.AccessPermission,
]
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
queryset = (
models.Invitation.objects.all()
.select_related("document")
.order_by("-created_at")
)
serializer_class = serializers.InvitationSerializer
def get_serializer_context(self):
"""Extra context provided to the serializer class."""
context = super().get_serializer_context()
context["resource_id"] = self.kwargs["resource_id"]
return context
def get_queryset(self):
"""Return the queryset according to the action."""
queryset = super().get_queryset()
queryset = queryset.filter(document=self.kwargs["resource_id"])
if self.action == "list":
user = self.request.user
🛂(backend) stop to list public doc to everyone Everybody could see the full list of public docs. Now only members can see their public docs. They can still access to any specific public doc.
2024-09-06 16:12:02 +02:00
teams = user.teams
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
# Determine which role the logged-in user has in the document
user_roles_query = (
models.DocumentAccess.objects.filter(
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
db.Q(user=user) | db.Q(team__in=teams),
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
document=self.kwargs["resource_id"],
)
.values("document")
.annotate(roles_array=ArrayAgg("role"))
.values("roles_array")
)
queryset = (
🐛(backend) fix invitations API endpoint access rights Only users who have the rights to manage accesses on the document should be allowed to see and manipulate invitations. Other users can see access rights on the document but only when the corresponding user/team has actually been granted access. We added a parameter in document abilities so the frontend knows when the logged-in user can invite another user with the owner role or not.
2024-10-22 00:28:16 +02:00
# The logged-in user should be administrator or owner to see its accesses
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
queryset.filter(
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
db.Q(
🐛(backend) fix invitations API endpoint access rights Only users who have the rights to manage accesses on the document should be allowed to see and manipulate invitations. Other users can see access rights on the document but only when the corresponding user/team has actually been granted access. We added a parameter in document abilities so the frontend knows when the logged-in user can invite another user with the owner role or not.
2024-10-22 00:28:16 +02:00
document__accesses__user=user,
document__accesses__role__in=models.PRIVILEGED_ROLES,
)
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
| db.Q(
🐛(backend) fix invitations API endpoint access rights Only users who have the rights to manage accesses on the document should be allowed to see and manipulate invitations. Other users can see access rights on the document but only when the corresponding user/team has actually been granted access. We added a parameter in document abilities so the frontend knows when the logged-in user can invite another user with the owner role or not.
2024-10-22 00:28:16 +02:00
document__accesses__team__in=teams,
document__accesses__role__in=models.PRIVILEGED_ROLES,
),
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
)
# Abilities are computed based on logged-in user's role and
# the user role on each document access
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
.annotate(user_roles=db.Subquery(user_roles_query))
✨(models/api) allow inviting external users to a document by their email We want to be able to share a document with a person even if this person does not have an account in impress yet. This code is ported from https://github.com/numerique-gouv/people.
2024-05-13 23:31:00 +02:00
.distinct()
)
return queryset
✨(backend) send email invitation when add user to doc We send as well an email invitation to the user when we add him to a document.
2024-08-15 15:40:56 +02:00
♻️(backend) refacto email invitation Remove email invitation from Invitation model to be able to use it in other context. We add it in utils.py instead, and it will be called from the viewset. We add the document_id to link to the document from the mail.
2024-08-15 15:38:38 +02:00
def perform_create(self, serializer):
"""Save invitation to a document then send an email to the invited user."""
invitation = serializer.save()
✨(backend) add server-to-server API endpoint to create documents We want trusted external applications to be able to create documents via the API on behalf of any user. The user may or may not pre-exist in our database and should be notified of the document creation by email.
2024-12-01 11:25:01 +01:00
invitation.document.send_invitation_email(
🔨(backend) email invitation in invited user's language - language for invitation emails => language saved on the invited user - if invited user does not exist yet => language of the sending user - if for some reason no sending user => system default language
2025-03-04 13:46:40 +01:00
invitation.email,
invitation.role,
self.request.user,
self.request.user.language or settings.LANGUAGE_CODE,
♻️(backend) change email invitation content Change the email invitation content. More document related variables are added. To benefit of the document inheritance, we moved the function email_invitation to the document model.
2024-09-25 12:43:02 +02:00
)
✨(backend) add public endpoint /api/v1.0/config/ Add public endpoint /api/v1.0/config/ to share some public configuration values.
2024-11-15 09:29:07 +01:00
✨(back) document as for access CRUD We introduce a new model for user wanted to access a document or upgrade their role if they already have access. The viewsets does not implement PUT and PATCH, we don't need it for now.
2025-06-18 15:13:48 +02:00
class DocumentAskForAccessViewSet(
drf.mixins.ListModelMixin,
drf.mixins.RetrieveModelMixin,
drf.mixins.DestroyModelMixin,
viewsets.GenericViewSet,
):
"""API ViewSet for asking for access to a document."""
lookup_field = "id"
pagination_class = Pagination
permission_classes = [permissions.IsAuthenticated, permissions.AccessPermission]
queryset = models.DocumentAskForAccess.objects.all()
serializer_class = serializers.DocumentAskForAccessSerializer
_document = None
def get_document_or_404(self):
"""Get the document related to the viewset or raise a 404 error."""
if self._document is None:
try:
self._document = models.Document.objects.get(
pk=self.kwargs["resource_id"]
)
except models.Document.DoesNotExist as e:
raise drf.exceptions.NotFound("Document not found.") from e
return self._document
def get_queryset(self):
"""Return the queryset according to the action."""
document = self.get_document_or_404()
queryset = super().get_queryset()
queryset = queryset.filter(document=document)
roles = set(document.get_roles(self.request.user))
is_owner_or_admin = bool(roles.intersection(set(models.PRIVILEGED_ROLES)))
if not is_owner_or_admin:
queryset = queryset.filter(user=self.request.user)
return queryset
def create(self, request, *args, **kwargs):
"""Create a document ask for access resource."""
document = self.get_document_or_404()
serializer = serializers.DocumentAskForAccessCreateSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
queryset = self.get_queryset()
if queryset.filter(user=request.user).exists():
return drf.response.Response(
{"detail": "You already ask to access to this document."},
status=drf.status.HTTP_400_BAD_REQUEST,
)
✨(backend) send email to admins when user ask for access When a user requests access to a document, an email is sent to the admins and owners of the document.
2025-06-20 15:24:46 +02:00
ask_for_access = models.DocumentAskForAccess.objects.create(
✨(back) document as for access CRUD We introduce a new model for user wanted to access a document or upgrade their role if they already have access. The viewsets does not implement PUT and PATCH, we don't need it for now.
2025-06-18 15:13:48 +02:00
document=document,
user=request.user,
role=serializer.validated_data["role"],
)
✨(backend) send email to admins when user ask for access When a user requests access to a document, an email is sent to the admins and owners of the document.
2025-06-20 15:24:46 +02:00
send_ask_for_access_mail.delay(ask_for_access.id)
✨(back) document as for access CRUD We introduce a new model for user wanted to access a document or upgrade their role if they already have access. The viewsets does not implement PUT and PATCH, we don't need it for now.
2025-06-18 15:13:48 +02:00
return drf.response.Response(status=drf.status.HTTP_201_CREATED)
✨(back) accept for a owner the request to access a document Add the action accepting a request to access a document. It is possible to override the role from the request and also update an existing DocumentAccess
2025-06-18 15:50:12 +02:00
@drf.decorators.action(detail=True, methods=["post"])
def accept(self, request, *args, **kwargs):
"""Accept a document ask for access resource."""
document_ask_for_access = self.get_object()
serializer = serializers.RoleSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
document_ask_for_access.accept(role=serializer.validated_data.get("role"))
return drf.response.Response(status=drf.status.HTTP_204_NO_CONTENT)
✨(back) document as for access CRUD We introduce a new model for user wanted to access a document or upgrade their role if they already have access. The viewsets does not implement PUT and PATCH, we don't need it for now.
2025-06-18 15:13:48 +02:00
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
class ConfigView(drf.views.APIView):
✨(backend) add public endpoint /api/v1.0/config/ Add public endpoint /api/v1.0/config/ to share some public configuration values.
2024-11-15 09:29:07 +01:00
"""API ViewSet for sharing some public settings."""
permission_classes = [AllowAny]
def get(self, request):
"""
GET /api/v1.0/config/
Return a dictionary of public settings.
"""
array_settings = [
🐛(frontend) conditionally render AI button in toolbar Added a feature flag check to ensure the AIGroupButton is only rendered when AI_FEATURE_ENABLED is explicitly set to "true". This prevents the AI button from appearing when the feature is not configured or disabled. Fixes #782 Signed-off-by: Matthias <matthias@universum.com>
2025-03-27 23:21:26 +01:00
"AI_FEATURE_ENABLED",
🚚(collaboration) change the websocket url name We will have 2 urls targeting the server, better to improve the naming to avoid confusion.
2024-12-03 15:07:21 +01:00
"COLLABORATION_WS_URL",
🚩(frontend) feature flag on blocking edition If users were not connected to the collaboration server, they were not be able to edit documents. We decided to add a feature flag on this feature as it can be quite restrictive. We can now enable or disable this feature at runtime thanks to the env variable "COLLABORATION_WS_NOT_CONNECTED_READY_ONLY".
2025-05-23 10:17:00 +02:00
"COLLABORATION_WS_NOT_CONNECTED_READY_ONLY",
🔧(backend) add CRISP_WEBSITE_ID setting Add setting CRISP_WEBSITE_ID. This setting is used to configure the Crisp chat widget. It will be available to the conf endpoint, to be used by the frontend.
2024-11-25 14:35:02 +01:00
"CRISP_WEBSITE_ID",
🔧(backend) add FRONTEND_THEME setting The frontend need to know the theme to be used, so we need to add a new setting to the backend, in order to expose this value to the frontend.
2024-11-15 11:43:10 +01:00
"ENVIRONMENT",
🔧(backend) add FRONTEND_CSS_URL env var We added the `FRONTEND_CSS_URL` environment variable. It will give the possibility to add a css layer at runtime.
2025-03-26 16:15:44 +01:00
"FRONTEND_CSS_URL",
🚩(backend) add homepage feature flag Add a homepage feature flag that we will propagate to the frontend. It will be used to enable or disable the homepage at runtime.
2025-04-09 15:32:25 +02:00
"FRONTEND_HOMEPAGE_FEATURE_ENABLED",
🔧(backend) add view to manage footer json We added the `FRONTEND_URL_JSON_FOOTER` environment variable. It will give the possibility to generate your own footer content in the frontend. If the variable is not set, the footer will not be displayed.
2025-04-04 10:04:30 +02:00
"FRONTEND_THEME",
🔧(backend) add MEDIA_BASE_URL setting The frontend need to know the base url for the media files, so we need to add a new setting to the backend, in order to expose this value to the frontend. If the setting is not defined, the frontend current domain will be used as the base url. In production this setting do not need to be defined since we have nginx capturing the media requests, but in development we need to define it to target the nginx server.
2024-11-15 11:31:09 +01:00
"MEDIA_BASE_URL",
🔧(backend) add posthog configuration We add the posthog configuration to the project. We will expose the posthog configuration to the frontend.
2025-01-21 14:16:00 +01:00
"POSTHOG_KEY",
✨(backend) add public endpoint /api/v1.0/config/ Add public endpoint /api/v1.0/config/ to share some public configuration values.
2024-11-15 09:29:07 +01:00
"LANGUAGES",
"LANGUAGE_CODE",
"SENTRY_DSN",
]
dict_settings = {}
for setting in array_settings:
if hasattr(settings, setting):
dict_settings[setting] = getattr(settings, setting)
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
dict_settings["theme_customization"] = self._load_theme_customization()
♻️(backend) rename, factorize and improve the subrequest media auth view We want to use the same pattern for the websocket collaboration service authorization as what we use for media files. This addition comes in the next commit but doing it efficiently required factorizing some code with the media auth view.
2024-11-18 07:59:55 +01:00
return drf.response.Response(dict_settings)
🔧(backend) add view to manage footer json We added the `FRONTEND_URL_JSON_FOOTER` environment variable. It will give the possibility to generate your own footer content in the frontend. If the variable is not set, the footer will not be displayed.
2025-04-04 10:04:30 +02:00
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
def _load_theme_customization(self):
if not settings.THEME_CUSTOMIZATION_FILE_PATH:
return {}
🔧(backend) add view to manage footer json We added the `FRONTEND_URL_JSON_FOOTER` environment variable. It will give the possibility to generate your own footer content in the frontend. If the variable is not set, the footer will not be displayed.
2025-04-04 10:04:30 +02:00
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
cache_key = (
f"theme_customization_{slugify(settings.THEME_CUSTOMIZATION_FILE_PATH)}"
)
theme_customization = cache.get(cache_key, {})
if theme_customization:
return theme_customization
🔧(backend) add view to manage footer json We added the `FRONTEND_URL_JSON_FOOTER` environment variable. It will give the possibility to generate your own footer content in the frontend. If the variable is not set, the footer will not be displayed.
2025-04-04 10:04:30 +02:00
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
try:
with open(
settings.THEME_CUSTOMIZATION_FILE_PATH, "r", encoding="utf-8"
) as f:
theme_customization = json.load(f)
except FileNotFoundError:
logger.error(
"Configuration file not found: %s",
settings.THEME_CUSTOMIZATION_FILE_PATH,
)
except json.JSONDecodeError:
logger.error(
"Configuration file is not a valid JSON: %s",
settings.THEME_CUSTOMIZATION_FILE_PATH,
)
else:
cache.set(
cache_key,
theme_customization,
settings.THEME_CUSTOMIZATION_CACHE_TIMEOUT,
)
🔧(backend) add view to manage footer json We added the `FRONTEND_URL_JSON_FOOTER` environment variable. It will give the possibility to generate your own footer content in the frontend. If the variable is not set, the footer will not be displayed.
2025-04-04 10:04:30 +02:00
✨(back) allow theme customnization using a configuration file We want to customize the theme by using a configuration file. This configuration file path can be defined using the settings THEME_CUSTOMIZATION_FILE_PATH. If this file does not exists or is an invalid json, an empty json object will be added in the config endpoint.
2025-05-07 11:50:04 +02:00
return theme_customization
Reference in New Issue Copy Permalink