♻️(backend) rename, factorize and improve the subrequest media auth view

We want to use the same pattern for the websocket collaboration service
authorization as what we use for media files.

This addition comes in the next commit but doing it efficiently
required factorizing some code with the media auth view.

src/backend/core/tests/documents/test_api_documents_media_auth.py

@@ -20,7 +20,7 @@ from core.tests.conftest import TEAM, USER, VIA
 pytestmark = pytest.mark.django_db
 
 
-def test_api_documents_retrieve_auth_anonymous_public():
+def test_api_documents_media_auth_anonymous_public():
     """Anonymous users should be able to retrieve attachments linked to a public document"""
     document = factories.DocumentFactory(link_reach="public")
 
@@ -36,7 +36,7 @@ def test_api_documents_retrieve_auth_anonymous_public():
 
     original_url = f"http://localhost/media/{key:s}"
     response = APIClient().get(
-        "/api/v1.0/documents/retrieve-auth/", HTTP_X_ORIGINAL_URL=original_url
+        "/api/v1.0/documents/media-auth/", HTTP_X_ORIGINAL_URL=original_url
     )
 
     assert response.status_code == 200
@@ -65,7 +65,7 @@ def test_api_documents_retrieve_auth_anonymous_public():
 
 
 @pytest.mark.parametrize("reach", ["authenticated", "restricted"])
-def test_api_documents_retrieve_auth_anonymous_authenticated_or_restricted(reach):
+def test_api_documents_media_auth_anonymous_authenticated_or_restricted(reach):
     """
     Anonymous users should not be allowed to retrieve attachments linked to a document
     with link reach set to authenticated or restricted.
@@ -76,7 +76,7 @@ def test_api_documents_retrieve_auth_anonymous_authenticated_or_restricted(reach
     media_url = f"http://localhost/media/{document.pk!s}/attachments/{filename:s}"
 
     response = APIClient().get(
-        "/api/v1.0/documents/retrieve-auth/", HTTP_X_ORIGINAL_URL=media_url
+        "/api/v1.0/documents/media-auth/", HTTP_X_ORIGINAL_URL=media_url
     )
 
     assert response.status_code == 403
@@ -84,7 +84,7 @@ def test_api_documents_retrieve_auth_anonymous_authenticated_or_restricted(reach
 
 
 @pytest.mark.parametrize("reach", ["public", "authenticated"])
-def test_api_documents_retrieve_auth_authenticated_public_or_authenticated(reach):
+def test_api_documents_media_auth_authenticated_public_or_authenticated(reach):
     """
     Authenticated users who are not related to a document should be able to retrieve
     attachments related to a document with public or authenticated link reach.
@@ -107,7 +107,7 @@ def test_api_documents_retrieve_auth_authenticated_public_or_authenticated(reach
 
     original_url = f"http://localhost/media/{key:s}"
     response = client.get(
-        "/api/v1.0/documents/retrieve-auth/", HTTP_X_ORIGINAL_URL=original_url
+        "/api/v1.0/documents/media-auth/", HTTP_X_ORIGINAL_URL=original_url
     )
 
     assert response.status_code == 200
@@ -135,7 +135,7 @@ def test_api_documents_retrieve_auth_authenticated_public_or_authenticated(reach
     assert response.content.decode("utf-8") == "my prose"
 
 
-def test_api_documents_retrieve_auth_authenticated_restricted():
+def test_api_documents_media_auth_authenticated_restricted():
     """
     Authenticated users who are not related to a document should not be allowed to
     retrieve attachments linked to a document that is restricted.
@@ -150,7 +150,7 @@ def test_api_documents_retrieve_auth_authenticated_restricted():
     media_url = f"http://localhost/media/{document.pk!s}/attachments/{filename:s}"
 
     response = client.get(
-        "/api/v1.0/documents/retrieve-auth/", HTTP_X_ORIGINAL_URL=media_url
+        "/api/v1.0/documents/media-auth/", HTTP_X_ORIGINAL_URL=media_url
     )
 
     assert response.status_code == 403
@@ -158,7 +158,7 @@ def test_api_documents_retrieve_auth_authenticated_restricted():
 
 
 @pytest.mark.parametrize("via", VIA)
-def test_api_documents_retrieve_auth_related(via, mock_user_teams):
+def test_api_documents_media_auth_related(via, mock_user_teams):
     """
     Users who have a specific access to a document, whatever the role, should be able to
     retrieve related attachments.
@@ -186,7 +186,7 @@ def test_api_documents_retrieve_auth_related(via, mock_user_teams):
 
     original_url = f"http://localhost/media/{key:s}"
     response = client.get(
-        "/api/v1.0/documents/retrieve-auth/", HTTP_X_ORIGINAL_URL=original_url
+        "/api/v1.0/documents/media-auth/", HTTP_X_ORIGINAL_URL=original_url
     )
 
     assert response.status_code == 200

src/backend/core/tests/documents/test_api_documents_retrieve.py

@@ -31,6 +31,7 @@ def test_api_documents_retrieve_anonymous_public():
             "favorite": False,
             "invite_owner": False,
             "link_configuration": False,
+            "media_auth": True,
             "partial_update": document.link_role == "editor",
             "retrieve": True,
             "update": document.link_role == "editor",
@@ -91,6 +92,7 @@ def test_api_documents_retrieve_authenticated_unrelated_public_or_authenticated(
             "destroy": False,
             "favorite": True,
             "invite_owner": False,
+            "media_auth": True,
             "link_configuration": False,
             "partial_update": document.link_role == "editor",
             "retrieve": True,

src/backend/core/tests/test_models_documents.py

@@ -101,6 +101,7 @@ def test_models_documents_get_abilities_forbidden(is_authenticated, reach, role)
         "destroy": False,
         "favorite": False,
         "invite_owner": False,
+        "media_auth": False,
         "link_configuration": False,
         "partial_update": False,
         "retrieve": False,
@@ -137,6 +138,7 @@ def test_models_documents_get_abilities_reader(is_authenticated, reach):
         "favorite": is_authenticated,
         "invite_owner": False,
         "link_configuration": False,
+        "media_auth": True,
         "partial_update": False,
         "retrieve": True,
         "update": False,
@@ -172,6 +174,7 @@ def test_models_documents_get_abilities_editor(is_authenticated, reach):
         "favorite": is_authenticated,
         "invite_owner": False,
         "link_configuration": False,
+        "media_auth": True,
         "partial_update": True,
         "retrieve": True,
         "update": True,
@@ -196,6 +199,7 @@ def test_models_documents_get_abilities_owner():
         "favorite": True,
         "invite_owner": True,
         "link_configuration": True,
+        "media_auth": True,
         "partial_update": True,
         "retrieve": True,
         "update": True,
@@ -219,6 +223,7 @@ def test_models_documents_get_abilities_administrator():
         "favorite": True,
         "invite_owner": False,
         "link_configuration": True,
+        "media_auth": True,
         "partial_update": True,
         "retrieve": True,
         "update": True,
@@ -245,6 +250,7 @@ def test_models_documents_get_abilities_editor_user(django_assert_num_queries):
         "favorite": True,
         "invite_owner": False,
         "link_configuration": False,
+        "media_auth": True,
         "partial_update": True,
         "retrieve": True,
         "update": True,
@@ -273,6 +279,7 @@ def test_models_documents_get_abilities_reader_user(django_assert_num_queries):
         "favorite": True,
         "invite_owner": False,
         "link_configuration": False,
+        "media_auth": True,
         "partial_update": False,
         "retrieve": True,
         "update": False,
@@ -302,6 +309,7 @@ def test_models_documents_get_abilities_preset_role(django_assert_num_queries):
         "favorite": True,
         "invite_owner": False,
         "link_configuration": False,
+        "media_auth": True,
         "partial_update": False,
         "retrieve": True,
         "update": False,