def test_unit__get_receiver_ids_workspace_members_event__nominal_case( self, session, workspace_and_users, admin_user, user_api_factory, workspace_api_factory, role_api_factory, ): (my_workspace, same_workspace_user, role, other_user, event_initiator) = workspace_and_users workspace_api = workspace_api_factory.get() workspace_in_context = workspace_api.get_workspace_with_context(my_workspace) rapi = role_api_factory.get() user_api = user_api_factory.get() role_in_context = rapi.get_user_role_workspace_with_context(role) fields = { Event.AUTHOR_FIELD: UserSchema() .dump(user_api.get_user_with_context(event_initiator)) .data, Event.USER_FIELD: UserSchema() .dump(user_api.get_user_with_context(event_initiator)) .data, Event.CLIENT_TOKEN_FIELD: "test", Event.WORKSPACE_FIELD: WorkspaceSchema().dump(workspace_in_context).data, Event.MEMBER_FIELD: WorkspaceMemberDigestSchema().dump(role_in_context).data, } event = Event( entity_type=EntityType.WORKSPACE_MEMBER, operation=OperationType.MODIFIED, fields=fields ) receivers_ids = FakeLiveMessageBuilder()._get_receiver_ids(event, session) assert event_initiator.user_id in receivers_ids assert same_workspace_user.user_id in receivers_ids assert other_user.user_id not in receivers_ids assert admin_user.user_id in receivers_ids
def test_unit__get_receiver_ids_workspace_event__accessible_workspace( self, session, accessible_workspace_and_users, admin_user, user_api_factory, workspace_api_factory, ): ( my_workspace, same_workspace_user, _, other_user, event_initiator, ) = accessible_workspace_and_users workspace_api = workspace_api_factory.get() workspace_in_context = workspace_api.get_workspace_with_context(my_workspace) user_api = user_api_factory.get() fields = { Event.AUTHOR_FIELD: UserSchema() .dump(user_api.get_user_with_context(event_initiator)) .data, Event.CLIENT_TOKEN_FIELD: "test", Event.WORKSPACE_FIELD: WorkspaceSchema().dump(workspace_in_context).data, } event = Event( entity_type=EntityType.WORKSPACE, operation=OperationType.MODIFIED, fields=fields ) receivers_ids = FakeLiveMessageBuilder()._get_receiver_ids(event, session) assert event_initiator.user_id in receivers_ids assert same_workspace_user.user_id in receivers_ids assert other_user.user_id in receivers_ids assert admin_user.user_id in receivers_ids
def test_unit__get_receiver_ids_content_event__nominal_case( self, session, user_api_factory, content_type_list, content_api_factory, admin_user, workspace_api_factory, role_api_factory, workspace_and_users, ): (my_workspace, same_workspace_user, role, other_user, event_initiator) = workspace_and_users workspace_api = workspace_api_factory.get() user_api = user_api_factory.get() workspace_in_context = workspace_api.get_workspace_with_context( my_workspace) content_api = content_api_factory.get(current_user=event_initiator) folder = content_api.create( label="test_folder", content_type_slug=content_type_list.Folder.slug, workspace=my_workspace, do_save=True, do_notify=False, ) transaction.commit() content_in_context = content_api.get_content_in_context(folder) fields = { Event.AUTHOR_FIELD: UserSchema().dump( user_api.get_user_with_context(event_initiator)).data, Event.CONTENT_FIELD: ContentSchema().dump(content_in_context).data, Event.CLIENT_TOKEN_FIELD: "test", Event.WORKSPACE_FIELD: WorkspaceSchema().dump(workspace_in_context).data, } event = Event(entity_type=EntityType.CONTENT, operation=OperationType.MODIFIED, fields=fields) receivers_ids = FakeLiveMessageBuilder()._get_receiver_ids( event, session) assert event_initiator.user_id in receivers_ids assert same_workspace_user.user_id in receivers_ids assert other_user.user_id not in receivers_ids assert admin_user.user_id not in receivers_ids
class EventApi: """Api to query event & messages""" user_schema = UserSchema() workspace_schema = WorkspaceSchema() content_schemas = { COMMENT_TYPE: CommentSchema(), HTML_DOCUMENTS_TYPE: TextBasedContentSchema(), FILE_TYPE: FileContentSchema(), FOLDER_TYPE: TextBasedContentSchema(), THREAD_TYPE: TextBasedContentSchema(), } event_schema = EventSchema() workspace_user_role_schema = WorkspaceMemberDigestSchema() workspace_subscription_schema = WorkspaceSubscriptionSchema() def __init__(self, current_user: Optional[User], session: TracimSession, config: CFG) -> None: self._current_user = current_user self._session = session self._config = config def _filter_event_types(self, query: Query, event_types: Optional[ List[EventTypeDatabaseParameters]], exclude: bool) -> Query: if event_types: event_type_filters = [] for event_type in event_types: if event_type.subtype: event_type_filter = and_( Event.entity_type == event_type.entity, Event.operation == event_type.operation, Event.entity_subtype == event_type.subtype, ) else: event_type_filter = and_( Event.entity_type == event_type.entity, Event.operation == event_type.operation, ) event_type_filters.append(event_type_filter) if len(event_type_filters) > 1: f = or_(*event_type_filters) else: f = event_type_filters[0] if exclude: f = not_(f) return query.filter(f) return query def _base_query( self, read_status: ReadStatus = ReadStatus.ALL, event_id: Optional[int] = None, user_id: Optional[int] = None, include_event_types: List[EventTypeDatabaseParameters] = None, exclude_event_types: List[EventTypeDatabaseParameters] = None, exclude_author_ids: Optional[List[int]] = None, after_event_id: int = 0, ) -> Query: query = self._session.query(Message).join(Event) if event_id: query = query.filter(Message.event_id == event_id) if user_id: query = query.filter(Message.receiver_id == user_id) if read_status == ReadStatus.READ: query = query.filter(Message.read != null()) elif read_status == ReadStatus.UNREAD: query = query.filter(Message.read == null()) else: # ALL doesn't need any filtering and is the only other handled case assert read_status == ReadStatus.ALL query = self._filter_event_types(query, include_event_types, False) query = self._filter_event_types(query, exclude_event_types, True) if exclude_event_types: event_type_filters = [] for event_type in exclude_event_types: if event_type.subtype: event_type_filter = or_( Event.entity_type != event_type.entity, Event.operation != event_type.operation, Event.entity_subtype != event_type.subtype, ) else: event_type_filter = or_( Event.entity_type != event_type.entity, Event.operation != event_type.operation, ) event_type_filters.append(event_type_filter) if len(event_type_filters) > 1: query = query.filter(and_(*event_type_filters)) else: query = query.filter(event_type_filters[0]) if exclude_author_ids: for author_id in exclude_author_ids: # RJ & SG - 2020-09-11 - HACK # We wanted to use Event.fields["author"] == JSON.NULL instead of this # soup involving a cast and a get out of my way text("'null'") to # know whether a JSON field is null. However, this does not work on # PostgreSQL. See https://github.com/sqlalchemy/sqlalchemy/issues/5575 query = query.filter( or_( cast(Event.fields["author"], String) == text("'null'"), Event.fields["author"]["user_id"].as_integer() != author_id, )) if after_event_id: query = query.filter(Message.event_id > after_event_id) return query def get_one_message(self, event_id: int, user_id: int) -> Message: try: return self._base_query(event_id=event_id, user_id=user_id).one() except NoResultFound as exc: raise MessageDoesNotExist( 'Message for user {} with event id "{}" not found in database'. format(user_id, event_id)) from exc def mark_user_message_as_read(self, event_id: int, user_id: int) -> Message: message = self.get_one_message(event_id, user_id) message.read = datetime.utcnow() self._session.add(message) self._session.flush() return message def mark_user_message_as_unread(self, event_id: int, user_id: int) -> Message: message = self.get_one_message(event_id, user_id) message.read = None self._session.add(message) self._session.flush() return message def mark_user_messages_as_read(self, user_id: int) -> List[Message]: unread_messages = self._base_query(read_status=ReadStatus.UNREAD, user_id=user_id).all() for message in unread_messages: message.read = datetime.utcnow() self._session.add(message) self._session.flush() return unread_messages def get_messages_for_user(self, user_id: int, after_event_id: int = 0) -> List[Message]: query = self._base_query( user_id=user_id, after_event_id=after_event_id, ) return query.all() def get_paginated_messages_for_user( self, user_id: int, read_status: ReadStatus, exclude_author_ids: List[int] = None, include_event_types: List[EventTypeDatabaseParameters] = None, exclude_event_types: List[EventTypeDatabaseParameters] = None, count: Optional[int] = DEFAULT_NB_ITEM_PAGINATION, page_token: Optional[int] = None, ) -> Page: query = self._base_query( user_id=user_id, read_status=read_status, include_event_types=include_event_types, exclude_event_types=exclude_event_types, exclude_author_ids=exclude_author_ids, ).order_by(Message.event_id.desc()) return get_page(query, per_page=count, page=page_token or False) def get_messages_count( self, user_id: int, read_status: ReadStatus, include_event_types: List[EventTypeDatabaseParameters] = None, exclude_event_types: List[EventTypeDatabaseParameters] = None, exclude_author_ids: List[int] = None, ) -> int: return self._base_query( user_id=user_id, include_event_types=include_event_types, exclude_event_types=exclude_event_types, read_status=read_status, exclude_author_ids=exclude_author_ids, ).count() def create_event( self, entity_type: EntityType, operation: OperationType, additional_fields: Dict[str, JsonDict], context: TracimContext, entity_subtype: Optional[str] = None, ) -> Event: current_user = context.safe_current_user() user_api = UserApi( current_user=current_user, session=context.dbsession, config=self._config, show_deleted=True, ) if current_user: author = self.user_schema.dump( user_api.get_user_with_context(current_user)).data else: author = None fields = { Event.AUTHOR_FIELD: author, Event.CLIENT_TOKEN_FIELD: context.client_token, } fields.update(additional_fields) event = Event( entity_type=entity_type, operation=operation, entity_subtype=entity_subtype, fields=fields, ) context.dbsession.add(event) context.pending_events.append(event) return event @classmethod def get_content_schema_for_type(cls, content_type: str) -> ContentSchema: try: return cls.content_schemas[content_type] except KeyError: logger.error( cls, ("Cannot dump proper content for content-type '{}' in generated event " "as it is unknown, falling back to generic content schema" ).format(content_type), ) return ContentSchema()
class WorkspaceController(Controller): @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_ENDPOINTS]) @require_profile_and_workspace_role( minimal_profile=Group.TIM_USER, minimal_required_role=UserRoleInWorkspace.READER, allow_superadmin=True) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.output_body(WorkspaceSchema()) def workspace(self, context, request: TracimRequest, hapic_data=None): """ Get workspace informations """ app_config = request.registry.settings['CFG'] wapi = WorkspaceApi( current_user=request.current_user, # User session=request.dbsession, config=app_config, ) return wapi.get_workspace_with_context(request.current_workspace) @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_ENDPOINTS]) @require_profile(Group.TIM_ADMIN) @hapic.output_body( WorkspaceSchema(many=True), ) def workspaces(self, context, request: TracimRequest, hapic_data=None): """ Returns the list of all workspaces. This route is for admin only. Standard users must use their own route: /api/v2/users/me/workspaces """ app_config = request.registry.settings['CFG'] wapi = WorkspaceApi( current_user=request.current_user, # User session=request.dbsession, config=app_config, ) workspaces = wapi.get_all() return [ wapi.get_workspace_with_context(workspace) for workspace in workspaces ] @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_ENDPOINTS]) @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST) @require_profile_and_workspace_role( minimal_profile=Group.TIM_USER, minimal_required_role=UserRoleInWorkspace.WORKSPACE_MANAGER, allow_superadmin=True) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.input_body(WorkspaceModifySchema()) @hapic.output_body(WorkspaceSchema()) def update_workspace(self, context, request: TracimRequest, hapic_data=None): # nopep8 """ Update a workspace. This route is for trusted users and administrators. Note : a trusted user can only update spaces on which he/she is space manager """ app_config = request.registry.settings['CFG'] wapi = WorkspaceApi( current_user=request.current_user, # User session=request.dbsession, config=app_config, ) wapi.update_workspace( request.current_workspace, label=hapic_data.body.label, description=hapic_data.body.description, save_now=True, ) return wapi.get_workspace_with_context(request.current_workspace) @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_ENDPOINTS]) @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(WorkspaceLabelAlreadyUsed, HTTPStatus.BAD_REQUEST) @require_profile(Group.TIM_MANAGER) @hapic.input_body(WorkspaceCreationSchema()) @hapic.output_body(WorkspaceSchema()) def create_workspace(self, context, request: TracimRequest, hapic_data=None): # nopep8 """ Create a workspace. This route is for trusted users and administrators. """ app_config = request.registry.settings['CFG'] wapi = WorkspaceApi( current_user=request.current_user, # User session=request.dbsession, config=app_config, ) workspace = wapi.create_workspace( label=hapic_data.body.label, description=hapic_data.body.description, save_now=True, ) return wapi.get_workspace_with_context(workspace) @hapic.with_api_doc( tags=[SWAGGER_TAG__WORKSPACE_TRASH_AND_RESTORE_ENDPOINTS]) @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST) @require_profile_and_workspace_role( minimal_profile=Group.TIM_MANAGER, minimal_required_role=UserRoleInWorkspace.WORKSPACE_MANAGER, allow_superadmin=True) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) # nopep8 def delete_workspace(self, context, request: TracimRequest, hapic_data=None): # nopep8 """ Delete a workspace. This route is for trusted users and administrators. Note : a trusted user can only delete spaces on which he/she is space manager """ app_config = request.registry.settings['CFG'] wapi = WorkspaceApi( current_user=request.current_user, # User session=request.dbsession, config=app_config, ) wapi.delete(request.current_workspace, flush=True) return @hapic.with_api_doc( tags=[SWAGGER_TAG__WORKSPACE_TRASH_AND_RESTORE_ENDPOINTS]) @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST) @require_profile_and_workspace_role( minimal_profile=Group.TIM_MANAGER, minimal_required_role=UserRoleInWorkspace.WORKSPACE_MANAGER, allow_superadmin=True) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) # nopep8 def undelete_workspace(self, context, request: TracimRequest, hapic_data=None): # nopep8 """ Restore a deleted space. Note : a trusted user can only restore spaces on which he/she is space manager """ app_config = request.registry.settings['CFG'] wapi = WorkspaceApi( current_user=request.current_user, # User session=request.dbsession, config=app_config, show_deleted=True, ) wapi.undelete(request.current_workspace, flush=True) return @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_MEMBERS_ENDPOINTS]) @require_profile_and_workspace_role( minimal_profile=Group.TIM_USER, minimal_required_role=UserRoleInWorkspace.READER, allow_superadmin=True) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.output_body(WorkspaceMemberSchema(many=True)) def workspaces_members( self, context, request: TracimRequest, hapic_data=None) -> typing.List[UserRoleWorkspaceInContext]: """ Returns the list of space members with their role, avatar, etc. """ app_config = request.registry.settings['CFG'] rapi = RoleApi( current_user=request.current_user, session=request.dbsession, config=app_config, ) roles = rapi.get_all_for_workspace(request.current_workspace) return [ rapi.get_user_role_workspace_with_context(user_role) for user_role in roles ] @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_MEMBERS_ENDPOINTS]) @require_profile_and_workspace_role( minimal_profile=Group.TIM_USER, minimal_required_role=UserRoleInWorkspace.READER, allow_superadmin=True) @hapic.input_path(WorkspaceAndUserIdPathSchema()) @hapic.output_body(WorkspaceMemberSchema()) def workspaces_member_role(self, context, request: TracimRequest, hapic_data=None) -> UserRoleWorkspaceInContext: """ Returns given space member with its role, avatar, etc. """ app_config = request.registry.settings['CFG'] rapi = RoleApi( current_user=request.current_user, session=request.dbsession, config=app_config, ) role = rapi.get_one( user_id=hapic_data.path.user_id, workspace_id=hapic_data.path.workspace_id, ) return rapi.get_user_role_workspace_with_context(role) @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_MEMBERS_ENDPOINTS]) @hapic.handle_exception(UserRoleNotFound, HTTPStatus.BAD_REQUEST) @require_profile_and_workspace_role( minimal_profile=Group.TIM_USER, minimal_required_role=UserRoleInWorkspace.WORKSPACE_MANAGER, allow_superadmin=True) @hapic.input_path(WorkspaceAndUserIdPathSchema()) @hapic.input_body(RoleUpdateSchema()) @hapic.output_body(WorkspaceMemberSchema()) def update_workspaces_members_role( self, context, request: TracimRequest, hapic_data=None) -> UserRoleWorkspaceInContext: """ Update role of the given space member. This feature is for workspace managers, trusted users and administrators. """ app_config = request.registry.settings['CFG'] rapi = RoleApi( current_user=request.current_user, session=request.dbsession, config=app_config, ) role = rapi.get_one( user_id=hapic_data.path.user_id, workspace_id=hapic_data.path.workspace_id, ) workspace_role = WorkspaceRoles.get_role_from_slug( hapic_data.body.role) role = rapi.update_role(role, role_level=workspace_role.level) return rapi.get_user_role_workspace_with_context(role) @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_MEMBERS_ENDPOINTS]) @require_profile_and_workspace_role( minimal_profile=Group.TIM_USER, minimal_required_role=UserRoleInWorkspace.WORKSPACE_MANAGER, allow_superadmin=True) @hapic.handle_exception(UserRoleNotFound, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(UserCantRemoveHisOwnRoleInWorkspace, HTTPStatus.BAD_REQUEST) # nopep8 @hapic.input_path(WorkspaceAndUserIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) # nopep8 def delete_workspaces_members_role(self, context, request: TracimRequest, hapic_data=None) -> None: """ Remove the user from the space. This feature is for workspace managers and administrators. """ app_config = request.registry.settings['CFG'] rapi = RoleApi( current_user=request.current_user, session=request.dbsession, config=app_config, ) rapi.delete_one( user_id=hapic_data.path.user_id, workspace_id=hapic_data.path.workspace_id, ) return @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_MEMBERS_ENDPOINTS]) @hapic.handle_exception(EmailValidationFailed, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(UserDoesNotExist, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(UserIsNotActive, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(UserIsDeleted, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(RoleAlreadyExistError, HTTPStatus.BAD_REQUEST) @require_profile_and_workspace_role( minimal_profile=Group.TIM_USER, minimal_required_role=UserRoleInWorkspace.WORKSPACE_MANAGER, allow_superadmin=True) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.input_body(WorkspaceMemberInviteSchema()) @hapic.output_body(WorkspaceMemberCreationSchema()) def create_workspaces_members_role( self, context, request: TracimRequest, hapic_data=None) -> UserRoleWorkspaceInContext: """ Add a member to this workspace. This feature is for workspace managers and administrators. """ newly_created = False email_sent = False app_config = request.registry.settings['CFG'] rapi = RoleApi( current_user=request.current_user, session=request.dbsession, config=app_config, ) uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config, show_deactivated=True, show_deleted=True, ) try: _, user = uapi.find(user_id=hapic_data.body.user_id, email=hapic_data.body.user_email, public_name=hapic_data.body.user_public_name) if user.is_deleted: raise UserIsDeleted( 'This user has been deleted. Unable to invite him.' ) # nopep8 if not user.is_active: raise UserIsNotActive( 'This user is not activated. Unable to invite him' ) # nopep8 except UserDoesNotExist as exc: if not uapi.allowed_to_invite_new_user(hapic_data.body.user_email): raise exc user = uapi.create_user(email=hapic_data.body.user_email, password=password_generator(), do_notify=True) newly_created = True if app_config.EMAIL_NOTIFICATION_ACTIVATED and \ app_config.EMAIL_NOTIFICATION_PROCESSING_MODE.lower() == 'sync': email_sent = True role = rapi.create_one( user=user, workspace=request.current_workspace, role_level=WorkspaceRoles.get_role_from_slug( hapic_data.body.role).level, # nopep8 with_notif=False, flush=True, ) return rapi.get_user_role_workspace_with_context( role, newly_created=newly_created, email_sent=email_sent, ) @hapic.with_api_doc(tags=[SWAGGER_TAG__CONTENT_ENDPOINTS]) @require_workspace_role(UserRoleInWorkspace.READER) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.input_query(FilterContentQuerySchema()) @hapic.output_body(ContentDigestSchema(many=True)) def workspace_content( self, context, request: TracimRequest, hapic_data=None, ) -> typing.List[ContentInContext]: """ return a list of contents of the space. This is NOT the full content list: by default, returned contents are the ones at root level. In order to get contents in a given folder, then use parent_id query filter. You can also show.hide archived/deleted contents. """ app_config = request.registry.settings['CFG'] content_filter = hapic_data.query api = ContentApi( current_user=request.current_user, session=request.dbsession, config=app_config, show_archived=content_filter.show_archived, show_deleted=content_filter.show_deleted, show_active=content_filter.show_active, ) contents = api.get_all(parent_id=content_filter.parent_id, workspace=request.current_workspace, content_type=content_filter.content_type or content_type_list.Any_SLUG, label=content_filter.label, order_by_properties=[Content.label]) contents = [ api.get_content_in_context(content) for content in contents ] return contents @hapic.with_api_doc(tags=[SWAGGER_TAG__CONTENT_ENDPOINTS]) @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR) @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(UnallowedSubContent, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(ContentFilenameAlreadyUsedInFolder, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(ParentNotFound, HTTPStatus.BAD_REQUEST) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.input_body(ContentCreationSchema()) @hapic.output_body(ContentDigestSchema()) def create_generic_empty_content( self, context, request: TracimRequest, hapic_data=None, ) -> ContentInContext: """ Creates a generic empty content. The minimum viable content has a label and a content type. Creating a content generally starts with a request to this endpoint. For specific contents like files, it is recommended to use the dedicated endpoint. This feature is accessible to contributors and higher role only. """ app_config = request.registry.settings['CFG'] creation_data = hapic_data.body api = ContentApi(current_user=request.current_user, session=request.dbsession, config=app_config) parent = None if creation_data.parent_id: try: parent = api.get_one( content_id=creation_data.parent_id, content_type=content_type_list.Any_SLUG) # nopep8 except ContentNotFound as exc: raise ParentNotFound( 'Parent with content_id {} not found'.format( creation_data.parent_id)) from exc content = api.create( label=creation_data.label, content_type_slug=creation_data.content_type, workspace=request.current_workspace, parent=parent, ) api.save(content, ActionDescription.CREATION) content = api.get_content_in_context(content) return content @hapic.with_api_doc(tags=[SWAGGER_TAG__CONTENT_ENDPOINTS]) @require_workspace_role(UserRoleInWorkspace.READER) @hapic.input_path(WorkspaceAndContentIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.FOUND) # nopep8 def get_content_from_workspace( self, context, request: TracimRequest, hapic_data=None, ) -> None: """ Convenient route allowing to get detail about a content without to known routes associated to its content type. This route generate a HTTP 302 with the right url """ app_config = request.registry.settings['CFG'] content = request.current_content content_type = content_type_list.get_one_by_slug(content.type).slug # TODO - G.M - 2018-08-03 - Jsonify redirect response ? raise HTTPFound( "{base_url}workspaces/{workspace_id}/{content_type}s/{content_id}". format( base_url=BASE_API_V2, workspace_id=content.workspace_id, content_type=content_type, content_id=content.content_id, )) @hapic.with_api_doc(tags=[SWAGGER_TAG__CONTENT_ENDPOINTS]) @hapic.input_path(ContentIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.FOUND) # nopep8 def get_content( self, context, request: TracimRequest, hapic_data=None, ) -> None: """ Convenient route allowing to get detail about a content without to known routes associated to its content type. This route generate a HTTP 302 with the right url """ app_config = request.registry.settings['CFG'] api = ContentApi( current_user=request.current_user, session=request.dbsession, config=app_config, ) content = api.get_one(content_id=hapic_data.path['content_id'], content_type=content_type_list.Any_SLUG) content_type = content_type_list.get_one_by_slug(content.type).slug # TODO - G.M - 2018-08-03 - Jsonify redirect response ? raise HTTPFound( "{base_url}workspaces/{workspace_id}/{content_type}s/{content_id}". format( base_url=BASE_API_V2, workspace_id=content.workspace_id, content_type=content_type, content_id=content.content_id, )) @hapic.with_api_doc(tags=[SWAGGER_TAG__CONTENT_ENDPOINTS]) @hapic.handle_exception(WorkspacesDoNotMatch, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(ContentFilenameAlreadyUsedInFolder, HTTPStatus.BAD_REQUEST) @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER) @require_candidate_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER) @hapic.input_path(WorkspaceAndContentIdPathSchema()) @hapic.input_body(ContentMoveSchema()) @hapic.output_body(ContentDigestSchema()) def move_content( self, context, request: TracimRequest, hapic_data=None, ) -> ContentInContext: """ Move a content to specified new place. This requires to be content manager in both input and output spaces (which may be the same) """ app_config = request.registry.settings['CFG'] path_data = hapic_data.path move_data = hapic_data.body api = ContentApi( show_archived=True, show_deleted=True, current_user=request.current_user, session=request.dbsession, config=app_config, ) content = api.get_one(path_data.content_id, content_type=content_type_list.Any_SLUG) new_parent = api.get_one(move_data.new_parent_id, content_type=content_type_list.Any_SLUG) new_workspace = request.candidate_workspace with new_revision(session=request.dbsession, tm=transaction.manager, content=content): api.move( content, new_parent=new_parent, new_workspace=new_workspace, must_stay_in_same_workspace=False, ) updated_content = api.get_one(path_data.content_id, content_type=content_type_list.Any_SLUG) return api.get_content_in_context(updated_content) @hapic.with_api_doc( tags=[SWAGGER_TAG__CONTENT_ALL_TRASH_AND_RESTORE_ENDPOINTS]) # nopep8 @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER) @hapic.input_path(WorkspaceAndContentIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) # nopep8 def delete_content( self, context, request: TracimRequest, hapic_data=None, ) -> None: """ Move a content to the trash. After that, the content will be invisible by default. This action requires the user to be a content manager. Note: the content is still accessible but becomes read-only. """ app_config = request.registry.settings['CFG'] path_data = hapic_data.path api = ContentApi( show_archived=True, show_deleted=True, current_user=request.current_user, session=request.dbsession, config=app_config, ) content = api.get_one(path_data.content_id, content_type=content_type_list.Any_SLUG) with new_revision(session=request.dbsession, tm=transaction.manager, content=content): api.delete(content) return @hapic.with_api_doc( tags=[SWAGGER_TAG__CONTENT_ALL_TRASH_AND_RESTORE_ENDPOINTS]) # nopep8 @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER) @hapic.input_path(WorkspaceAndContentIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) # nopep8 def undelete_content( self, context, request: TracimRequest, hapic_data=None, ) -> None: """ Restore a content from the trash. The content will be visible and editable again. """ app_config = request.registry.settings['CFG'] path_data = hapic_data.path api = ContentApi( current_user=request.current_user, session=request.dbsession, config=app_config, show_deleted=True, show_archived=True, ) content = api.get_one(path_data.content_id, content_type=content_type_list.Any_SLUG) with new_revision(session=request.dbsession, tm=transaction.manager, content=content): api.undelete(content) return @hapic.with_api_doc(tags=[ SWAGGER_TAG__CONTENT_ALL_ARCHIVE_AND_RESTORE_ENDPOINTS ]) # nopep8 @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER) @hapic.input_path(WorkspaceAndContentIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) # nopep8 def archive_content( self, context, request: TracimRequest, hapic_data=None, ) -> None: """ Archives a content. The content will be invisible but still available. Difference with delete is that optimizing workspace will not delete archived contents This action requires the user to be a content manager. Note: the content is still accessible but becomes read-only. the difference with delete is that optimizing workspace will not delete archived contents """ app_config = request.registry.settings['CFG'] path_data = hapic_data.path api = ContentApi( show_archived=True, show_deleted=True, current_user=request.current_user, session=request.dbsession, config=app_config, ) content = api.get_one( path_data.content_id, content_type=content_type_list.Any_SLUG) # nopep8 with new_revision(session=request.dbsession, tm=transaction.manager, content=content): api.archive(content) return @hapic.with_api_doc(tags=[ SWAGGER_TAG__CONTENT_ALL_ARCHIVE_AND_RESTORE_ENDPOINTS ]) # nopep8 @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER) @hapic.input_path(WorkspaceAndContentIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) # nopep8 def unarchive_content( self, context, request: TracimRequest, hapic_data=None, ) -> None: """ Restore a content from archive. The content will be visible and editable again. """ app_config = request.registry.settings['CFG'] path_data = hapic_data.path api = ContentApi( current_user=request.current_user, session=request.dbsession, config=app_config, show_archived=True, show_deleted=True, ) content = api.get_one(path_data.content_id, content_type=content_type_list.Any_SLUG) with new_revision(session=request.dbsession, tm=transaction.manager, content=content): api.unarchive(content) return def bind(self, configurator: Configurator) -> None: """ Create all routes and views using pyramid configurator for this controller """ # Workspaces configurator.add_route('workspaces', '/workspaces', request_method='GET') # nopep8 configurator.add_view(self.workspaces, route_name='workspaces') # Workspace configurator.add_route('workspace', '/workspaces/{workspace_id}', request_method='GET') # nopep8 configurator.add_view(self.workspace, route_name='workspace') # Create workspace configurator.add_route('create_workspace', '/workspaces', request_method='POST') # nopep8 configurator.add_view(self.create_workspace, route_name='create_workspace') # nopep8 # Delete/Undelete workpace configurator.add_route('delete_workspace', '/workspaces/{workspace_id}/trashed', request_method='PUT') # nopep8 configurator.add_view(self.delete_workspace, route_name='delete_workspace') # nopep8 configurator.add_route('undelete_workspace', '/workspaces/{workspace_id}/trashed/restore', request_method='PUT') # nopep8 configurator.add_view(self.undelete_workspace, route_name='undelete_workspace') # nopep8 # Update Workspace configurator.add_route('update_workspace', '/workspaces/{workspace_id}', request_method='PUT') # nopep8 configurator.add_view(self.update_workspace, route_name='update_workspace') # nopep8 # Workspace Members (Roles) configurator.add_route('workspace_members', '/workspaces/{workspace_id}/members', request_method='GET') # nopep8 configurator.add_view(self.workspaces_members, route_name='workspace_members') # nopep8 # Workspace Members (Role) Individual configurator.add_route('workspace_member_role', '/workspaces/{workspace_id}/members/{user_id}', request_method='GET') # nopep8 configurator.add_view(self.workspaces_member_role, route_name='workspace_member_role') # nopep8 # Update Workspace Members roles configurator.add_route('update_workspace_member', '/workspaces/{workspace_id}/members/{user_id}', request_method='PUT') # nopep8 configurator.add_view(self.update_workspaces_members_role, route_name='update_workspace_member') # nopep8 # Create Workspace Members roles configurator.add_route('create_workspace_member', '/workspaces/{workspace_id}/members', request_method='POST') # nopep8 configurator.add_view(self.create_workspaces_members_role, route_name='create_workspace_member') # nopep8 # Delete Workspace Members roles configurator.add_route('delete_workspace_member', '/workspaces/{workspace_id}/members/{user_id}', request_method='DELETE') # nopep8 configurator.add_view(self.delete_workspaces_members_role, route_name='delete_workspace_member') # nopep8 # Workspace Content configurator.add_route('workspace_content', '/workspaces/{workspace_id}/contents', request_method='GET') # nopep8 configurator.add_view(self.workspace_content, route_name='workspace_content') # nopep8 # Create Generic Content configurator.add_route('create_generic_content', '/workspaces/{workspace_id}/contents', request_method='POST') # nopep8 configurator.add_view(self.create_generic_empty_content, route_name='create_generic_content') # nopep8 # Get Content configurator.add_route('get_content', '/contents/{content_id}', request_method='GET') # nopep8 configurator.add_view(self.get_content, route_name='get_content') # Get Content From workspace configurator.add_route( 'get_content_from_workspace', '/workspaces/{workspace_id}/contents/{content_id}', request_method='GET') # nopep8 configurator.add_view( self.get_content_from_workspace, route_name='get_content_from_workspace') # nopep8 # Move Content configurator.add_route( 'move_content', '/workspaces/{workspace_id}/contents/{content_id}/move', request_method='PUT') # nopep8 configurator.add_view(self.move_content, route_name='move_content') # nopep8 # Delete/Undelete Content configurator.add_route( 'delete_content', '/workspaces/{workspace_id}/contents/{content_id}/trashed', request_method='PUT') # nopep8 configurator.add_view(self.delete_content, route_name='delete_content') # nopep8 configurator.add_route( 'undelete_content', '/workspaces/{workspace_id}/contents/{content_id}/trashed/restore', request_method='PUT') # nopep8 configurator.add_view(self.undelete_content, route_name='undelete_content') # nopep8 # # Archive/Unarchive Content configurator.add_route( 'archive_content', '/workspaces/{workspace_id}/contents/{content_id}/archived', request_method='PUT') # nopep8 configurator.add_view(self.archive_content, route_name='archive_content') # nopep8 configurator.add_route( 'unarchive_content', '/workspaces/{workspace_id}/contents/{content_id}/archived/restore', request_method='PUT') # nopep8 configurator.add_view(self.unarchive_content, route_name='unarchive_content') # nopep8
class WorkspaceController(Controller): @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_ENDPOINTS]) @check_right(can_see_workspace_information) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.output_body(WorkspaceSchema()) def workspace(self, context, request: TracimRequest, hapic_data=None): """ Get workspace informations """ app_config = request.registry.settings["CFG"] # type: CFG wapi = WorkspaceApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) return wapi.get_workspace_with_context(request.current_workspace) @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_ENDPOINTS]) @check_right(can_see_workspace_information) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.output_body(WorkspaceDiskSpaceSchema()) def workspace_disk_space(self, context, request: TracimRequest, hapic_data=None): """ Get workspace space info """ app_config = request.registry.settings["CFG"] # type: CFG wapi = WorkspaceApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) return wapi.get_workspace_with_context(request.current_workspace) @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_ENDPOINTS]) @check_right(is_administrator) @hapic.input_query(WorkspaceFilterQuerySchema()) @hapic.output_body(WorkspaceSchema(many=True)) def workspaces(self, context, request: TracimRequest, hapic_data=None): """ Returns the list of all workspaces. This route is for admin only. Standard users must use their own route: /api/users/me/workspaces Filtering by parent_ids is possible through this endpoint """ app_config = request.registry.settings["CFG"] # type: CFG wapi = WorkspaceApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) workspaces = wapi.get_all_children( parent_ids=hapic_data.query.parent_ids) return [ wapi.get_workspace_with_context(workspace) for workspace in workspaces ] @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_ENDPOINTS]) @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(DisallowedWorkspaceAccessType, HTTPStatus.BAD_REQUEST) @check_right(can_modify_workspace) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.input_body(WorkspaceModifySchema()) @hapic.output_body(WorkspaceSchema()) def update_workspace(self, context, request: TracimRequest, hapic_data=None): """ Update a workspace. This route is for trusted users and administrators. Note : a trusted user can only update spaces on which he/she is space manager """ app_config = request.registry.settings["CFG"] # type: CFG wapi = WorkspaceApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) wapi.update_workspace( request.current_workspace, label=hapic_data.body.label, description=hapic_data.body.description, agenda_enabled=hapic_data.body.agenda_enabled, public_download_enabled=hapic_data.body.public_download_enabled, public_upload_enabled=hapic_data.body.public_upload_enabled, default_user_role=hapic_data.body.default_user_role, save_now=True, ) wapi.execute_update_workspace_actions(request.current_workspace) return wapi.get_workspace_with_context(request.current_workspace) @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_ENDPOINTS]) @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(DisallowedWorkspaceAccessType, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(UserNotAllowedToCreateMoreWorkspace, HTTPStatus.BAD_REQUEST) @check_right(is_trusted_user) @hapic.input_body(WorkspaceCreationSchema()) @hapic.output_body(WorkspaceSchema()) def create_workspace(self, context, request: TracimRequest, hapic_data=None): """ Create a workspace. This route is for trusted users and administrators. """ app_config = request.registry.settings["CFG"] # type: CFG wapi = WorkspaceApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) parent = None if hapic_data.body.parent_id: parent = wapi.get_one(workspace_id=hapic_data.body.parent_id) workspace = wapi.create_workspace( label=hapic_data.body.label, description=hapic_data.body.description, access_type=hapic_data.body.access_type, save_now=True, agenda_enabled=hapic_data.body.agenda_enabled, public_download_enabled=hapic_data.body.public_download_enabled, public_upload_enabled=hapic_data.body.public_upload_enabled, default_user_role=hapic_data.body.default_user_role, parent=parent, ) wapi.execute_created_workspace_actions(workspace) return wapi.get_workspace_with_context(workspace) @hapic.with_api_doc( tags=[SWAGGER_TAG__WORKSPACE_TRASH_AND_RESTORE_ENDPOINTS]) @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST) @check_right(can_delete_workspace) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def delete_workspace(self, context, request: TracimRequest, hapic_data=None): """ Delete a workspace. This route is for trusted users and administrators. Note : a trusted user can only delete spaces on which he/she is space manager """ app_config = request.registry.settings["CFG"] # type: CFG wapi = WorkspaceApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) wapi.delete(request.current_workspace, flush=True) return @hapic.with_api_doc( tags=[SWAGGER_TAG__WORKSPACE_TRASH_AND_RESTORE_ENDPOINTS]) @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST) @check_right(can_delete_workspace) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def undelete_workspace(self, context, request: TracimRequest, hapic_data=None): """ Restore a deleted space. Note : a trusted user can only restore spaces on which he/she is space manager """ app_config = request.registry.settings["CFG"] # type: CFG wapi = WorkspaceApi( current_user=request.current_user, # User session=request.dbsession, config=app_config, show_deleted=True, ) wapi.undelete(request.current_workspace, flush=True) return @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_MEMBERS_ENDPOINTS]) @check_right(can_see_workspace_information) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.input_query(WorkspaceMemberFilterQuerySchema()) @hapic.output_body(WorkspaceMemberSchema(many=True)) def workspaces_members( self, context, request: TracimRequest, hapic_data=None) -> typing.List[UserRoleWorkspaceInContext]: """ Returns the list of space members with their role, avatar, etc. """ app_config = request.registry.settings["CFG"] # type: CFG rapi = RoleApi( current_user=request.current_user, session=request.dbsession, config=app_config, show_disabled_user=hapic_data.query.show_disabled_user, ) roles = rapi.get_all_for_workspace(workspace=request.current_workspace) return [ rapi.get_user_role_workspace_with_context(user_role) for user_role in roles ] @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_MEMBERS_ENDPOINTS]) @check_right(can_see_workspace_information) @hapic.input_path(WorkspaceAndUserIdPathSchema()) @hapic.output_body(WorkspaceMemberSchema()) def workspaces_member_role(self, context, request: TracimRequest, hapic_data=None) -> UserRoleWorkspaceInContext: """ Returns given space member with its role, avatar, etc. """ app_config = request.registry.settings["CFG"] # type: CFG rapi = RoleApi(current_user=request.current_user, session=request.dbsession, config=app_config) role = rapi.get_one(user_id=hapic_data.path.user_id, workspace_id=hapic_data.path.workspace_id) return rapi.get_user_role_workspace_with_context(role) @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_MEMBERS_ENDPOINTS]) @hapic.handle_exception(UserRoleNotFound, HTTPStatus.BAD_REQUEST) @check_right(can_modify_workspace) @hapic.handle_exception(LastWorkspaceManagerRoleCantBeModified, HTTPStatus.BAD_REQUEST) @hapic.input_path(WorkspaceAndUserIdPathSchema()) @hapic.input_body(RoleUpdateSchema()) @hapic.output_body(WorkspaceMemberSchema()) def update_workspaces_members_role( self, context, request: TracimRequest, hapic_data=None) -> UserRoleWorkspaceInContext: """ Update role of the given space member. This feature is for workspace managers, trusted users and administrators. """ app_config = request.registry.settings["CFG"] # type: CFG rapi = RoleApi(current_user=request.current_user, session=request.dbsession, config=app_config) role = rapi.get_one(user_id=hapic_data.path.user_id, workspace_id=hapic_data.path.workspace_id) role = rapi.update_role(role, role_level=hapic_data.body.role.level) return rapi.get_user_role_workspace_with_context(role) @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_MEMBERS_ENDPOINTS]) @check_right(can_leave_workspace) @hapic.handle_exception(UserRoleNotFound, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(LastWorkspaceManagerRoleCantBeModified, HTTPStatus.BAD_REQUEST) @hapic.input_path(WorkspaceAndUserIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def delete_workspaces_members_role(self, context, request: TracimRequest, hapic_data=None) -> None: """ Remove the user from the space. This feature is for workspace managers and administrators. """ app_config = request.registry.settings["CFG"] # type: CFG rapi = RoleApi(current_user=request.current_user, session=request.dbsession, config=app_config) rapi.delete_one(user_id=hapic_data.path.user_id, workspace_id=hapic_data.path.workspace_id) return @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_MEMBERS_ENDPOINTS]) @hapic.handle_exception(EmailValidationFailed, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(UserIsNotActive, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(UserIsDeleted, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(RoleAlreadyExistError, HTTPStatus.BAD_REQUEST) @check_right(can_modify_workspace) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.input_body(WorkspaceMemberInviteSchema()) @hapic.output_body(WorkspaceMemberCreationSchema()) def create_workspaces_members_role( self, context, request: TracimRequest, hapic_data=None) -> UserRoleWorkspaceInContext: """ Add a member to this workspace. This feature is for workspace managers and administrators. """ newly_created = False email_sent = False app_config = request.registry.settings["CFG"] # type: CFG rapi = RoleApi(current_user=request.current_user, session=request.dbsession, config=app_config) uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config, show_deactivated=True, show_deleted=True, ) try: if hapic_data.body.user_id: user = uapi.get_one(hapic_data.body.user_id) elif hapic_data.body.user_email: user = uapi.get_one_by_email(hapic_data.body.user_email) else: user = uapi.get_one_by_username(hapic_data.body.user_username) if user.is_deleted: raise UserIsDeleted( "This user has been deleted. Unable to invite him.") if not user.is_active: raise UserIsNotActive( "This user is not activated. Unable to invite him") except UserDoesNotExist as exc: if not uapi.allowed_to_invite_new_user(hapic_data.body.user_email): raise exc if app_config.NEW_USER__INVITATION__DO_NOTIFY: user = uapi.create_user( auth_type=AuthType.UNKNOWN, email=hapic_data.body.user_email, password=password_generator(), do_notify=True, ) if (app_config.EMAIL__NOTIFICATION__ACTIVATED and app_config.NEW_USER__INVITATION__DO_NOTIFY and app_config.JOBS__PROCESSING_MODE == app_config.CST.SYNC): email_sent = True else: user = uapi.create_user( auth_type=AuthType.UNKNOWN, email=hapic_data.body.user_email, password=None, do_notify=False, ) uapi.execute_created_user_actions(user) newly_created = True role = rapi.create_one( user=user, workspace=request.current_workspace, role_level=WorkspaceRoles.get_role_from_slug( hapic_data.body.role).level, with_notif=app_config.EMAIL__NOTIFICATION__ENABLED_ON_INVITATION, flush=True, ) return rapi.get_user_role_workspace_with_context( role, newly_created=newly_created, email_sent=email_sent) @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_SUBSCRIPTION_ENDPOINTS]) @check_right(can_modify_workspace) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.output_body(WorkspaceSubscriptionSchema(many=True)) def workspace_subscriptions( self, context, request: TracimRequest, hapic_data=None) -> typing.List[WorkspaceSubscription]: subscription_lib = SubscriptionLib( current_user=request.current_user, session=request.dbsession, config=request.app_config, ) return subscription_lib.get_workspace_subscriptions( request.current_workspace.workspace_id) @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_SUBSCRIPTION_ENDPOINTS]) @check_right(can_modify_workspace) @hapic.handle_exception(RoleAlreadyExistError, HTTPStatus.BAD_REQUEST) @hapic.input_path(WorkspaceAndUserIdPathSchema()) @hapic.input_body(RoleUpdateSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def accept_subscription( self, context, request: TracimRequest, hapic_data=None) -> typing.List[WorkspaceSubscription]: subscription_lib = SubscriptionLib( current_user=request.current_user, session=request.dbsession, config=request.app_config, ) subscription = subscription_lib.get_one( author_id=hapic_data.path.user_id, workspace_id=hapic_data.path.workspace_id) subscription_lib.accept_subscription(subscription=subscription, user_role=hapic_data.body.role) @hapic.with_api_doc(tags=[SWAGGER_TAG__WORKSPACE_SUBSCRIPTION_ENDPOINTS]) @check_right(can_modify_workspace) @hapic.input_path(WorkspaceAndUserIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def reject_subscription( self, context, request: TracimRequest, hapic_data=None) -> typing.List[WorkspaceSubscription]: subscription_lib = SubscriptionLib( current_user=request.current_user, session=request.dbsession, config=request.app_config, ) subscription = subscription_lib.get_one( author_id=hapic_data.path.user_id, workspace_id=hapic_data.path.workspace_id) subscription_lib.reject_subscription(subscription=subscription) @hapic.with_api_doc(tags=[SWAGGER_TAG__CONTENT_ENDPOINTS]) @check_right(is_reader) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.input_query(FilterContentQuerySchema()) @hapic.output_body(ContentDigestSchema(many=True)) def workspace_content(self, context, request: TracimRequest, hapic_data=None) -> typing.List[ContentInContext]: """ return a list of contents of the space. This is NOT the full content list: by default, returned contents are the ones at root level. In order to get contents in a given folder, then use parent_id query filter. You can also show.hide archived/deleted contents. """ app_config = request.registry.settings["CFG"] # type: CFG content_filter = hapic_data.query api = ContentApi( current_user=request.current_user, session=request.dbsession, config=app_config, namespaces_filter=content_filter.namespaces_filter or [ContentNamespaces.CONTENT], show_archived=content_filter.show_archived, show_deleted=content_filter.show_deleted, show_active=content_filter.show_active, ) contents = api.get_all( parent_ids=content_filter.parent_ids, complete_path_to_id=content_filter.complete_path_to_id, workspace=request.current_workspace, content_type=content_filter.content_type or content_type_list.Any_SLUG, label=content_filter.label, order_by_properties=[Content.label], ) contents = [ api.get_content_in_context(content) for content in contents ] return contents @hapic.with_api_doc(tags=[SWAGGER_TAG__CONTENT_ENDPOINTS]) @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(UnallowedSubContent, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(ContentFilenameAlreadyUsedInFolder, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(ParentNotFound, HTTPStatus.BAD_REQUEST) @check_right(can_create_content) @hapic.input_path(WorkspaceIdPathSchema()) @hapic.input_body(ContentCreationSchema()) @hapic.output_body(ContentDigestSchema()) def create_generic_empty_content(self, context, request: TracimRequest, hapic_data=None) -> ContentInContext: """ Creates a generic empty content. The minimum viable content has a label and a content type. Creating a content generally starts with a request to this endpoint. For specific contents like files, it is recommended to use the dedicated endpoint. This feature is accessible to contributors and higher role only. """ app_config = request.registry.settings["CFG"] # type: CFG creation_data = hapic_data.body api = ContentApi(current_user=request.current_user, session=request.dbsession, config=app_config) parent = None if creation_data.parent_id: try: parent = api.get_one(content_id=creation_data.parent_id, content_type=content_type_list.Any_SLUG) except ContentNotFound as exc: raise ParentNotFound( "Parent with content_id {} not found".format( creation_data.parent_id)) from exc content = api.create( label=creation_data.label, content_type_slug=creation_data.content_type, workspace=request.current_workspace, parent=parent, ) api.save(content, ActionDescription.CREATION) api.execute_created_content_actions(content) content = api.get_content_in_context(content) return content @hapic.with_api_doc(tags=[SWAGGER_TAG__CONTENT_ENDPOINTS]) @check_right(is_reader) @hapic.input_path(WorkspaceAndContentIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.FOUND) def get_content_from_workspace(self, context, request: TracimRequest, hapic_data=None) -> None: """ Convenient route allowing to get detail about a content without to known routes associated to its content type. This route generate a HTTP 302 with the right url """ content = request.current_content content_type = content_type_list.get_one_by_slug(content.type).slug # TODO - G.M - 2018-08-03 - Jsonify redirect response ? raise HTTPFound( "{base_url}workspaces/{workspace_id}/{content_type}s/{content_id}". format( base_url=BASE_API, workspace_id=content.workspace_id, content_type=content_type, content_id=content.content_id, )) @hapic.with_api_doc(tags=[SWAGGER_TAG__CONTENT_ENDPOINTS]) @hapic.input_path(ContentIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.FOUND) def get_content(self, context, request: TracimRequest, hapic_data=None) -> None: """ Convenient route allowing to get detail about a content without to known routes associated to its content type. This route generate a HTTP 302 with the right url """ app_config = request.registry.settings["CFG"] # type: CFG api = ContentApi(current_user=request.current_user, session=request.dbsession, config=app_config) content = api.get_one(content_id=hapic_data.path["content_id"], content_type=content_type_list.Any_SLUG) content_type = content_type_list.get_one_by_slug(content.type).slug # TODO - G.M - 2018-08-03 - Jsonify redirect response ? raise HTTPFound( "{base_url}workspaces/{workspace_id}/{content_type}s/{content_id}". format( base_url=BASE_API, workspace_id=content.workspace_id, content_type=content_type, content_id=content.content_id, )) @hapic.with_api_doc(tags=[SWAGGER_TAG__CONTENT_ENDPOINTS]) @hapic.handle_exception(WorkspacesDoNotMatch, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(ContentFilenameAlreadyUsedInFolder, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(UnallowedSubContent, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(ConflictingMoveInItself, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(ConflictingMoveInChild, HTTPStatus.BAD_REQUEST) @check_right(can_move_content) @hapic.input_path(WorkspaceAndContentIdPathSchema()) @hapic.input_body(ContentMoveSchema()) @hapic.output_body(ContentDigestSchema()) def move_content(self, context, request: TracimRequest, hapic_data=None) -> ContentInContext: """ Move a content to specified new place. This requires to be content manager in both input and output spaces (which may be the same) """ app_config = request.registry.settings["CFG"] # type: CFG path_data = hapic_data.path move_data = hapic_data.body api = ContentApi( show_archived=True, show_deleted=True, current_user=request.current_user, session=request.dbsession, config=app_config, ) content = api.get_one(path_data.content_id, content_type=content_type_list.Any_SLUG) new_parent = api.get_one(move_data.new_parent_id, content_type=content_type_list.Any_SLUG) new_workspace = request.candidate_workspace with new_revision(session=request.dbsession, tm=transaction.manager, content=content): api.move( content, new_parent=new_parent, new_workspace=new_workspace, new_content_namespace=ContentNamespaces.CONTENT, must_stay_in_same_workspace=False, ) api.execute_update_content_actions(content) updated_content = api.get_one(path_data.content_id, content_type=content_type_list.Any_SLUG) return api.get_content_in_context(updated_content) @hapic.with_api_doc( tags=[SWAGGER_TAG__CONTENT_ALL_TRASH_AND_RESTORE_ENDPOINTS]) @check_right(is_content_manager) @hapic.input_path(WorkspaceAndContentIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def delete_content(self, context, request: TracimRequest, hapic_data=None) -> None: """ Move a content to the trash. After that, the content will be invisible by default. This action requires the user to be a content manager. Note: the content is still accessible but becomes read-only. """ app_config = request.registry.settings["CFG"] # type: CFG path_data = hapic_data.path api = ContentApi( show_archived=True, show_deleted=True, current_user=request.current_user, session=request.dbsession, config=app_config, ) content = api.get_one(path_data.content_id, content_type=content_type_list.Any_SLUG) with new_revision(session=request.dbsession, tm=transaction.manager, content=content): api.delete(content) api.execute_update_content_actions(content) return @hapic.with_api_doc( tags=[SWAGGER_TAG__CONTENT_ALL_TRASH_AND_RESTORE_ENDPOINTS]) @check_right(is_content_manager) @hapic.input_path(WorkspaceAndContentIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def undelete_content(self, context, request: TracimRequest, hapic_data=None) -> None: """ Restore a content from the trash. The content will be visible and editable again. """ app_config = request.registry.settings["CFG"] # type: CFG path_data = hapic_data.path api = ContentApi( current_user=request.current_user, session=request.dbsession, config=app_config, show_deleted=True, show_archived=True, ) content = api.get_one(path_data.content_id, content_type=content_type_list.Any_SLUG) with new_revision(session=request.dbsession, tm=transaction.manager, content=content): api.undelete(content) api.execute_update_content_actions(content) return @hapic.with_api_doc( tags=[SWAGGER_TAG__CONTENT_ALL_ARCHIVE_AND_RESTORE_ENDPOINTS]) @check_right(is_content_manager) @hapic.input_path(WorkspaceAndContentIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def archive_content(self, context, request: TracimRequest, hapic_data=None) -> None: """ Archives a content. The content will be invisible but still available. Difference with delete is that optimizing workspace will not delete archived contents This action requires the user to be a content manager. Note: the content is still accessible but becomes read-only. the difference with delete is that optimizing workspace will not delete archived contents """ app_config = request.registry.settings["CFG"] # type: CFG path_data = hapic_data.path api = ContentApi( show_archived=True, show_deleted=True, current_user=request.current_user, session=request.dbsession, config=app_config, ) content = api.get_one(path_data.content_id, content_type=content_type_list.Any_SLUG) with new_revision(session=request.dbsession, tm=transaction.manager, content=content): api.archive(content) api.execute_update_content_actions(content) return @hapic.with_api_doc( tags=[SWAGGER_TAG__CONTENT_ALL_ARCHIVE_AND_RESTORE_ENDPOINTS]) @check_right(is_content_manager) @hapic.input_path(WorkspaceAndContentIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def unarchive_content(self, context, request: TracimRequest, hapic_data=None) -> None: """ Restore a content from archive. The content will be visible and editable again. """ app_config = request.registry.settings["CFG"] # type: CFG path_data = hapic_data.path api = ContentApi( current_user=request.current_user, session=request.dbsession, config=app_config, show_archived=True, show_deleted=True, ) content = api.get_one(path_data.content_id, content_type=content_type_list.Any_SLUG) with new_revision(session=request.dbsession, tm=transaction.manager, content=content): api.unarchive(content) api.execute_update_content_actions(content) return def bind(self, configurator: Configurator) -> None: """ Create all routes and views using pyramid configurator for this controller """ # Workspaces configurator.add_route("workspaces", "/workspaces", request_method="GET") configurator.add_view(self.workspaces, route_name="workspaces") # Workspace configurator.add_route("workspace", "/workspaces/{workspace_id}", request_method="GET") configurator.add_view(self.workspace, route_name="workspace") # Workspace space configurator.add_route("workspace_disk_space", "/workspaces/{workspace_id}/disk_space", request_method="GET") configurator.add_view(self.workspace_disk_space, route_name="workspace_disk_space") # Create workspace configurator.add_route("create_workspace", "/workspaces", request_method="POST") configurator.add_view(self.create_workspace, route_name="create_workspace") # Delete/Undelete workpace configurator.add_route("delete_workspace", "/workspaces/{workspace_id}/trashed", request_method="PUT") configurator.add_view(self.delete_workspace, route_name="delete_workspace") configurator.add_route("undelete_workspace", "/workspaces/{workspace_id}/trashed/restore", request_method="PUT") configurator.add_view(self.undelete_workspace, route_name="undelete_workspace") # Update Workspace configurator.add_route("update_workspace", "/workspaces/{workspace_id}", request_method="PUT") configurator.add_view(self.update_workspace, route_name="update_workspace") # Workspace Members (Roles) configurator.add_route("workspace_members", "/workspaces/{workspace_id}/members", request_method="GET") configurator.add_view(self.workspaces_members, route_name="workspace_members") # Workspace Members (Role) Individual configurator.add_route( "workspace_member_role", "/workspaces/{workspace_id}/members/{user_id}", request_method="GET", ) configurator.add_view(self.workspaces_member_role, route_name="workspace_member_role") # Update Workspace Members roles configurator.add_route( "update_workspace_member", "/workspaces/{workspace_id}/members/{user_id}", request_method="PUT", ) configurator.add_view(self.update_workspaces_members_role, route_name="update_workspace_member") # Create Workspace Members roles configurator.add_route("create_workspace_member", "/workspaces/{workspace_id}/members", request_method="POST") configurator.add_view(self.create_workspaces_members_role, route_name="create_workspace_member") # Delete Workspace Members roles configurator.add_route( "delete_workspace_member", "/workspaces/{workspace_id}/members/{user_id}", request_method="DELETE", ) configurator.add_view(self.delete_workspaces_members_role, route_name="delete_workspace_member") # Workspace Content configurator.add_route("workspace_content", "/workspaces/{workspace_id}/contents", request_method="GET") configurator.add_view(self.workspace_content, route_name="workspace_content") # Create Generic Content configurator.add_route("create_generic_content", "/workspaces/{workspace_id}/contents", request_method="POST") configurator.add_view(self.create_generic_empty_content, route_name="create_generic_content") # Get Content configurator.add_route("get_content", "/contents/{content_id}", request_method="GET") configurator.add_view(self.get_content, route_name="get_content") # Get Content From workspace configurator.add_route( "get_content_from_workspace", "/workspaces/{workspace_id}/contents/{content_id}", request_method="GET", ) configurator.add_view(self.get_content_from_workspace, route_name="get_content_from_workspace") # Move Content configurator.add_route( "move_content", "/workspaces/{workspace_id}/contents/{content_id}/move", request_method="PUT", ) configurator.add_view(self.move_content, route_name="move_content") # Delete/Undelete Content configurator.add_route( "delete_content", "/workspaces/{workspace_id}/contents/{content_id}/trashed", request_method="PUT", ) configurator.add_view(self.delete_content, route_name="delete_content") configurator.add_route( "undelete_content", "/workspaces/{workspace_id}/contents/{content_id}/trashed/restore", request_method="PUT", ) configurator.add_view(self.undelete_content, route_name="undelete_content") # # Archive/Unarchive Content configurator.add_route( "archive_content", "/workspaces/{workspace_id}/contents/{content_id}/archived", request_method="PUT", ) configurator.add_view(self.archive_content, route_name="archive_content") configurator.add_route( "unarchive_content", "/workspaces/{workspace_id}/contents/{content_id}/archived/restore", request_method="PUT", ) configurator.add_view(self.unarchive_content, route_name="unarchive_content") # Subscriptions configurator.add_route( "workspace_subscriptions", "/workspaces/{workspace_id}/subscriptions", request_method="GET", ) configurator.add_view(self.workspace_subscriptions, route_name="workspace_subscriptions") configurator.add_route( "accept_subscription", "/workspaces/{workspace_id}/subscriptions/{user_id}/accept", request_method="PUT", ) configurator.add_view(self.accept_subscription, route_name="accept_subscription") configurator.add_route( "reject_subscription", "/workspaces/{workspace_id}/subscriptions/{user_id}/reject", request_method="PUT", ) configurator.add_view(self.reject_subscription, route_name="reject_subscription")
def test_unit__get_receiver_ids_workspace_subscription_event__reject_subscription( self, session: TracimSession, user_api_factory: UserApiFactory, subscription_lib_factory: SubscriptionLibFactory, admin_user: User, workspace_api_factory: WorkspaceApiFactory, role_api_factory: RoleApiFactory, ): user_api = user_api_factory.get() profile = Profile.USER subscriber = user_api.create_user( "*****@*****.**", password="******", do_save=True, do_notify=False, profile=profile, ) workspace_content_manager = user_api.create_user( "*****@*****.**", password="******", do_save=True, do_notify=False, profile=profile, ) workspace_manager = user_api.create_user( "*****@*****.**", password="******", do_save=True, do_notify=False, profile=profile, ) other_user = user_api.create_user( "*****@*****.**", password="******", do_save=True, do_notify=False, profile=profile, ) workspace_api = workspace_api_factory.get(current_user=admin_user) my_workspace = workspace_api.create_workspace( "test workspace", save_now=True, access_type=WorkspaceAccessType.ON_REQUEST ) workspace_in_context = workspace_api.get_workspace_with_context(my_workspace) subscription_lib = subscription_lib_factory.get(current_user=subscriber) rapi = role_api_factory.get(current_user=subscriber) rapi.create_one( workspace_content_manager, my_workspace, UserRoleInWorkspace.CONTENT_MANAGER, False ) rapi.create_one( workspace_manager, my_workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False ) subscription = subscription_lib.submit_subscription(my_workspace) subscription_lib.reject_subscription(subscription) transaction.commit() fields = { Event.AUTHOR_FIELD: UserSchema().dump(user_api.get_user_with_context(admin_user)).data, Event.WORKSPACE_FIELD: WorkspaceSchema().dump(workspace_in_context).data, Event.SUBSCRIPTION_FIELD: WorkspaceSubscriptionSchema().dump(subscription).data, } event = Event( entity_type=EntityType.WORKSPACE_SUBSCRIPTION, operation=OperationType.MODIFIED, fields=fields, ) receivers_ids = FakeLiveMessageBuilder()._get_receiver_ids(event, session) assert subscriber.user_id in receivers_ids assert workspace_manager.user_id in receivers_ids assert admin_user.user_id in receivers_ids assert workspace_content_manager.user_id not in receivers_ids assert other_user.user_id not in receivers_ids
class UserController(Controller): @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_CONTENT_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserIdPathSchema()) @hapic.input_query(UserWorkspaceFilterQuerySchema()) @hapic.output_body(WorkspaceSchema(many=True)) def user_workspace(self, context, request: TracimRequest, hapic_data=None): """ Get list of user workspaces """ app_config = request.registry.settings["CFG"] # type: CFG wapi = WorkspaceApi( current_user=request.candidate_user, # User session=request.dbsession, config=app_config, ) workspaces = wapi.get_all_for_user( request.candidate_user, include_owned=hapic_data.query.show_owned_workspace, include_with_role=hapic_data.query.show_workspace_with_role, parents_ids=hapic_data.query.parent_ids, ) return [wapi.get_workspace_with_context(workspace) for workspace in workspaces] @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_CONTENT_ENDPOINTS]) @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(RoleAlreadyExistError, HTTPStatus.BAD_REQUEST) @check_right(has_personal_access) @hapic.input_path(UserIdPathSchema()) @hapic.input_body(WorkspaceIdSchema()) @hapic.output_body(WorkspaceSchema()) def join_workspace(self, context, request: TracimRequest, hapic_data=None): """ Join a workspace. Only possible for OPEN workspaces. Subscribing to a ON_REQUEST workspace is done through /api/users/<user_id>/workspace_subscriptions. """ app_config = request.registry.settings["CFG"] # type: CFG wapi = WorkspaceApi( current_user=request.candidate_user, # User session=request.dbsession, config=app_config, ) workspace = wapi.add_current_user_as_member(workspace_id=hapic_data.body["workspace_id"]) return wapi.get_workspace_with_context(workspace) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserIdPathSchema()) @hapic.output_body(UserSchema()) def user(self, context, request: TracimRequest, hapic_data=None): """ Get user infos. """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) return uapi.get_user_with_context(request.candidate_user) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserIdPathSchema()) @hapic.output_body(UserDiskSpaceSchema()) def user_disk_space(self, context, request: TracimRequest, hapic_data=None): """ Get user space infos. """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) return uapi.get_user_with_context(request.candidate_user) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS]) @check_right(is_administrator) @hapic.output_body(UserDigestSchema(many=True)) def users(self, context, request: TracimRequest, hapic_data=None): """ Get all users """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) users = uapi.get_all() context_users = [uapi.get_user_with_context(user) for user in users] return context_users @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserIdPathSchema()) @hapic.input_query(KnownMembersQuerySchema()) @hapic.output_body(UserDigestSchema(many=True)) @hapic.handle_exception(CannotUseBothIncludeAndExcludeWorkspaceUsers, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(TooShortAutocompleteString, HTTPStatus.BAD_REQUEST) def known_members(self, context, request: TracimRequest, hapic_data=None): """ Get known users list """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.candidate_user, # User session=request.dbsession, config=app_config, show_deactivated=False, ) users = uapi.get_known_users( acp=hapic_data.query.acp, exclude_user_ids=hapic_data.query.exclude_user_ids, exclude_workspace_ids=hapic_data.query.exclude_workspace_ids, include_workspace_ids=hapic_data.query.include_workspace_ids, limit=hapic_data.query.limit, filter_results=app_config.KNOWN_MEMBERS__FILTER, ) context_users = [uapi.get_user_with_context(user) for user in users] return context_users @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS]) @hapic.handle_exception(WrongUserPassword, HTTPStatus.FORBIDDEN) @hapic.handle_exception(EmailAlreadyExists, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(ExternalAuthUserEmailModificationDisallowed, HTTPStatus.BAD_REQUEST) @check_right(has_personal_access) @hapic.input_body(SetEmailSchema()) @hapic.input_path(UserIdPathSchema()) @hapic.output_body(UserSchema()) def set_user_email(self, context, request: TracimRequest, hapic_data=None): """ Set user Email """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) user = uapi.set_email( request.candidate_user, hapic_data.body.loggedin_user_password, hapic_data.body.email, do_save=True, ) return uapi.get_user_with_context(user) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS]) @hapic.handle_exception(WrongUserPassword, HTTPStatus.FORBIDDEN) @hapic.handle_exception(UsernameAlreadyExists, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(ReservedUsernameError, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(TracimValidationFailed, HTTPStatus.BAD_REQUEST) @check_right(has_personal_access) @hapic.input_body(SetUsernameSchema()) @hapic.input_path(UserIdPathSchema()) @hapic.output_body(UserSchema()) def set_user_username(self, context, request: TracimRequest, hapic_data=None): """ Set user username """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) user = uapi.set_username( request.candidate_user, hapic_data.body.loggedin_user_password, hapic_data.body.username, do_save=True, ) return uapi.get_user_with_context(user) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS]) @hapic.handle_exception(WrongUserPassword, HTTPStatus.FORBIDDEN) @hapic.handle_exception(PasswordDoNotMatch, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(ExternalAuthUserPasswordModificationDisallowed, HTTPStatus.BAD_REQUEST) @check_right(has_personal_access) @hapic.input_body(SetPasswordSchema()) @hapic.input_path(UserIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def set_user_password(self, context, request: TracimRequest, hapic_data=None): """ Set user password """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) uapi.set_password( request.candidate_user, hapic_data.body.loggedin_user_password, hapic_data.body.new_password, hapic_data.body.new_password2, do_save=True, ) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_body(SetUserInfoSchema()) @hapic.input_path(UserIdPathSchema()) @hapic.output_body(UserSchema()) def set_user_infos(self, context, request: TracimRequest, hapic_data=None): """ Set user info data """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) user = uapi.update( request.candidate_user, auth_type=request.candidate_user.auth_type, name=hapic_data.body.public_name, timezone=hapic_data.body.timezone, lang=hapic_data.body.lang, do_save=True, ) uapi.execute_updated_user_actions(user) return uapi.get_user_with_context(user) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS]) @hapic.handle_exception(EmailAlreadyExists, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(UsernameAlreadyExists, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(ReservedUsernameError, HTTPStatus.BAD_REQUEST) @hapic.handle_exception(TracimValidationFailed, HTTPStatus.BAD_REQUEST) @check_right(is_administrator) @hapic.input_body(UserCreationSchema()) @hapic.output_body(UserSchema()) def create_user(self, context, request: TracimRequest, hapic_data=None): """ Create new user. Note: One of username or email required. """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) if hapic_data.body.profile: profile = Profile.get_profile_from_slug(hapic_data.body.profile) else: profile = None password = hapic_data.body.password if not password and hapic_data.body.email_notification: password = password_generator() user = uapi.create_user( auth_type=AuthType.UNKNOWN, email=hapic_data.body.email, password=password, timezone=hapic_data.body.timezone, lang=hapic_data.body.lang, name=hapic_data.body.public_name, username=hapic_data.body.username, do_notify=hapic_data.body.email_notification, allowed_space=hapic_data.body.allowed_space, profile=profile, do_save=True, ) uapi.execute_created_user_actions(user) return uapi.get_user_with_context(user) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENABLE_AND_DISABLE_ENDPOINTS]) @check_right(is_administrator) @hapic.input_path(UserIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def enable_user(self, context, request: TracimRequest, hapic_data=None): """ enable user """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) uapi.enable(user=request.candidate_user, do_save=True) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_TRASH_AND_RESTORE_ENDPOINTS]) @hapic.handle_exception(UserCantDeleteHimself, HTTPStatus.BAD_REQUEST) @check_right(is_administrator) @hapic.input_path(UserIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def delete_user(self, context, request: TracimRequest, hapic_data=None): """ delete user """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) uapi.delete(user=request.candidate_user, do_save=True) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_TRASH_AND_RESTORE_ENDPOINTS]) @check_right(is_administrator) @hapic.input_path(UserIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def undelete_user(self, context, request: TracimRequest, hapic_data=None): """ undelete user """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, # User session=request.dbsession, config=app_config, show_deleted=True, ) uapi.undelete(user=request.candidate_user, do_save=True) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENABLE_AND_DISABLE_ENDPOINTS]) @hapic.handle_exception(UserCantDisableHimself, HTTPStatus.BAD_REQUEST) @check_right(is_administrator) @hapic.input_path(UserIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def disable_user(self, context, request: TracimRequest, hapic_data=None): """ disable user """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) uapi.disable(user=request.candidate_user, do_save=True) return @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS]) @hapic.handle_exception(UserCantChangeIsOwnProfile, HTTPStatus.BAD_REQUEST) @check_right(is_administrator) @hapic.input_path(UserIdPathSchema()) @hapic.input_body(SetUserProfileSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def set_profile(self, context, request: TracimRequest, hapic_data=None): """ set user profile """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) profile = Profile.get_profile_from_slug(hapic_data.body.profile) uapi.update( user=request.candidate_user, auth_type=request.candidate_user.auth_type, profile=profile, do_save=True, ) return @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS]) @check_right(is_administrator) @hapic.input_path(UserIdPathSchema()) @hapic.input_body(SetUserAllowedSpaceSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def set_allowed_space(self, context, request: TracimRequest, hapic_data=None): """ set user allowed_space """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) uapi.update( user=request.candidate_user, auth_type=request.candidate_user.auth_type, allowed_space=hapic_data.body.allowed_space, do_save=True, ) return @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_CONTENT_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserWorkspaceIdPathSchema()) @hapic.input_query(ActiveContentFilterQuerySchema()) @hapic.output_body(ContentDigestSchema(many=True)) def last_active_content(self, context, request: TracimRequest, hapic_data=None): """ Get last_active_content for user """ app_config = request.registry.settings["CFG"] # type: CFG content_filter = hapic_data.query api = ContentApi( current_user=request.candidate_user, # User session=request.dbsession, config=app_config, ) wapi = WorkspaceApi( current_user=request.candidate_user, # User session=request.dbsession, config=app_config, ) workspace = None if hapic_data.path.workspace_id: workspace = wapi.get_one(hapic_data.path.workspace_id) before_content = None if content_filter.before_content_id: before_content = api.get_one( content_id=content_filter.before_content_id, workspace=workspace, content_type=content_type_list.Any_SLUG, ) last_actives = api.get_last_active( workspace=workspace, limit=content_filter.limit or None, before_content=before_content ) return [api.get_content_in_context(content) for content in last_actives] @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_CONTENT_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserWorkspaceIdPathSchema()) @hapic.input_query(ContentIdsQuerySchema()) @hapic.output_body(ReadStatusSchema(many=True)) def contents_read_status(self, context, request: TracimRequest, hapic_data=None): """ get user_read status of contents """ app_config = request.registry.settings["CFG"] # type: CFG api = ContentApi( current_user=request.candidate_user, # User session=request.dbsession, config=app_config, ) wapi = WorkspaceApi( current_user=request.candidate_user, # User session=request.dbsession, config=app_config, ) workspace = None if hapic_data.path.workspace_id: workspace = wapi.get_one(hapic_data.path.workspace_id) last_actives = api.get_last_active( workspace=workspace, limit=None, before_content=None, content_ids=hapic_data.query.content_ids or None, ) return [api.get_content_in_context(content) for content in last_actives] @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_CONTENT_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserWorkspaceAndContentIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def set_content_as_read(self, context, request: TracimRequest, hapic_data=None): """ set user_read status of content to read """ app_config = request.registry.settings["CFG"] # type: CFG api = ContentApi( show_archived=True, show_deleted=True, current_user=request.candidate_user, session=request.dbsession, config=app_config, ) api.mark_read(request.current_content, do_flush=True) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_CONTENT_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserWorkspaceAndContentIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def set_content_as_unread(self, context, request: TracimRequest, hapic_data=None): """ set user_read status of content to unread """ app_config = request.registry.settings["CFG"] # type: CFG api = ContentApi( show_archived=True, show_deleted=True, current_user=request.candidate_user, session=request.dbsession, config=app_config, ) api.mark_unread(request.current_content, do_flush=True) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_CONTENT_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserWorkspaceIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def set_workspace_as_read(self, context, request: TracimRequest, hapic_data=None): """ set user_read status of all content of workspace to read """ app_config = request.registry.settings["CFG"] # type: CFG api = ContentApi( show_archived=True, show_deleted=True, current_user=request.candidate_user, session=request.dbsession, config=app_config, ) api.mark_read__workspace(request.current_workspace) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_NOTIFICATION_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserWorkspaceIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def enable_workspace_notification(self, context, request: TracimRequest, hapic_data=None): """ enable workspace notification """ app_config = request.registry.settings["CFG"] # type: CFG wapi = WorkspaceApi( current_user=request.candidate_user, # User session=request.dbsession, config=app_config, ) workspace = wapi.get_one(hapic_data.path.workspace_id) wapi.enable_notifications(request.candidate_user, workspace) wapi.save(workspace) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_NOTIFICATION_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserWorkspaceIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def disable_workspace_notification(self, context, request: TracimRequest, hapic_data=None): """ disable workspace notification """ app_config = request.registry.settings["CFG"] # type: CFG wapi = WorkspaceApi( current_user=request.candidate_user, # User session=request.dbsession, config=app_config, ) workspace = wapi.get_one(hapic_data.path.workspace_id) wapi.disable_notifications(request.candidate_user, workspace) wapi.save(workspace) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_EVENT_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserIdPathSchema()) @hapic.input_query(GetLiveMessageQuerySchema()) @hapic.output_body(LiveMessageSchemaPage()) def get_user_messages( self, context, request: TracimRequest, hapic_data: HapicData ) -> PaginatedObject: """ Returns user messages matching the given query """ app_config = request.registry.settings["CFG"] # type: CFG event_api = EventApi(request.current_user, request.dbsession, app_config) return PaginatedObject( event_api.get_paginated_messages_for_user( user_id=request.candidate_user.user_id, read_status=hapic_data.query.read_status, page_token=hapic_data.query.page_token, count=hapic_data.query.count, exclude_author_ids=hapic_data.query.exclude_author_ids, include_event_types=hapic_data.query.include_event_types, exclude_event_types=hapic_data.query.exclude_event_types, workspace_ids=hapic_data.query.workspace_ids, include_not_sent=hapic_data.query.include_not_sent, related_to_content_ids=hapic_data.query.related_to_content_ids, ) ) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_EVENT_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserIdPathSchema()) @hapic.input_query(UserMessagesSummaryQuerySchema()) @hapic.output_body(UserMessagesSummarySchema()) def get_user_messages_summary( self, context, request: TracimRequest, hapic_data: HapicData ) -> UserMessagesSummary: """ Returns a summary about messages filtered """ app_config = request.registry.settings["CFG"] # type: CFG event_api = EventApi(request.current_user, request.dbsession, app_config) candidate_user = UserApi( request.current_user, request.dbsession, app_config ).get_user_with_context(request.candidate_user) unread_messages_count = event_api.get_messages_count( user_id=candidate_user.user_id, read_status=ReadStatus.UNREAD, include_event_types=hapic_data.query.include_event_types, exclude_event_types=hapic_data.query.exclude_event_types, exclude_author_ids=hapic_data.query.exclude_author_ids, include_not_sent=hapic_data.query.include_not_sent, workspace_ids=hapic_data.query.workspace_ids, related_to_content_ids=hapic_data.query.related_to_content_ids, ) read_messages_count = event_api.get_messages_count( user_id=candidate_user.user_id, read_status=ReadStatus.READ, include_event_types=hapic_data.query.include_event_types, exclude_event_types=hapic_data.query.exclude_event_types, exclude_author_ids=hapic_data.query.exclude_author_ids, include_not_sent=hapic_data.query.include_not_sent, workspace_ids=hapic_data.query.workspace_ids, related_to_content_ids=hapic_data.query.related_to_content_ids, ) return UserMessagesSummary( user=candidate_user, unread_messages_count=unread_messages_count, read_messages_count=read_messages_count, ) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_EVENT_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserIdPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def set_all_user_messages_as_read( self, context, request: TracimRequest, hapic_data: HapicData ) -> None: """ Read all unread message for user """ app_config = request.registry.settings["CFG"] # type: CFG event_api = EventApi(request.current_user, request.dbsession, app_config) event_api.mark_user_messages_as_read(request.candidate_user.user_id) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_EVENT_ENDPOINTS]) @hapic.handle_exception(MessageDoesNotExist, http_code=HTTPStatus.BAD_REQUEST) @check_right(has_personal_access) @hapic.input_path(MessageIdsPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def set_message_as_read(self, context, request: TracimRequest, hapic_data: HapicData) -> None: """ Read one message """ app_config = request.registry.settings["CFG"] # type: CFG event_api = EventApi(request.current_user, request.dbsession, app_config) event_api.mark_user_message_as_read( event_id=hapic_data.path.event_id, user_id=request.candidate_user.user_id ) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_EVENT_ENDPOINTS]) @hapic.handle_exception(MessageDoesNotExist, http_code=HTTPStatus.BAD_REQUEST) @check_right(has_personal_access) @hapic.input_path(MessageIdsPathSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def set_message_as_unread(self, context, request: TracimRequest, hapic_data: HapicData) -> None: """ unread one message """ app_config = request.registry.settings["CFG"] # type: CFG event_api = EventApi(request.current_user, request.dbsession, app_config) event_api.mark_user_message_as_unread( event_id=hapic_data.path.event_id, user_id=request.candidate_user.user_id ) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_EVENT_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserIdPathSchema()) @hapic.input_headers(TracimLiveEventHeaderSchema()) @hapic.input_query(TracimLiveEventQuerySchema()) def open_message_stream(self, context, request: TracimRequest, hapic_data) -> Response: """ Open the message stream for the given user. Tracim Live Message Events as ServerSide Event Stream """ stream_opened_event = ":Tracim Live Messages for user {}\n\nevent: stream-open\ndata:\n\n".format( str(request.candidate_user.user_id) ) after_event_id = hapic_data.query["after_event_id"] # type: int if after_event_id: app_config = request.registry.settings["CFG"] # type: CFG event_api = EventApi(request.current_user, request.dbsession, app_config) messages = event_api.get_messages_for_user( request.candidate_user.user_id, after_event_id=after_event_id ) # type: typing.List[Message] stream_opened_event += "".join( [ "data:" + json.dumps(LiveMessagesLib.message_as_dict(message)) + "\n\n" for message in messages ] ) escaped_keepalive_event = "event: keep-alive\\ndata:\\n\\n" user_channel_name = LiveMessagesLib.user_grip_channel(request.candidate_user.user_id) headers = [ # Here we ask push pin to keep the connection open ("Grip-Hold", "stream"), # and register this connection on the given channel # multiple channels subscription is possible ("Grip-Channel", user_channel_name), ("Grip-Keep-Alive", "{}; format=cstring; timeout=30".format(escaped_keepalive_event)), # content type for SSE ("Content-Type", "text/event-stream"), # do not cache the events ("Cache-Control", "no-cache"), ] return Response( headerlist=headers, charset="utf-8", status_code=200, body=stream_opened_event ) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_CONFIG_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserIdPathSchema()) @hapic.output_body(UserConfigSchema()) def get_user_config( self, context, request: TracimRequest, hapic_data: HapicData ) -> typing.Dict: """ get all the configuration parameters for the given user """ config_api = UserConfigApi(current_user=request.candidate_user, session=request.dbsession) return {"parameters": config_api.get_all_params()} @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_CONFIG_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserIdPathSchema()) @hapic.input_body(SetConfigSchema()) @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT) def set_user_config(self, context, request: TracimRequest, hapic_data: HapicData) -> None: """ Set or update the given configuration parameters for the given user The behavior of this endpoint is adding/updating key (patch-like) but not replacing the whole configuration, so it's not possible to remove keys through this endpoint. """ config_api = UserConfigApi(current_user=request.candidate_user, session=request.dbsession) config_api.set_params(params=hapic_data.body["parameters"]) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_CONFIG_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserIdPathSchema()) @hapic.output_body(WorkspaceSchema(many=True)) def get_accessible_workspaces( self, context, request: TracimRequest, hapic_data: HapicData ) -> typing.List[WorkspaceInContext]: """ Return the list of accessible workspaces by the given user id. An accessible workspace is: - a workspace the user is not member of (`workspaces` API returns them) - has an OPEN or ON_REQUEST access type """ app_config = request.registry.settings["CFG"] # type: CFG wapi = WorkspaceApi( current_user=request.candidate_user, session=request.dbsession, config=app_config, ) workspaces = wapi.get_all_accessible_by_user(request.candidate_user) return [wapi.get_workspace_with_context(workspace) for workspace in workspaces] @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_SUBSCRIPTIONS_ENDPOINTS]) @check_right(has_personal_access) @hapic.input_path(UserIdPathSchema()) @hapic.output_body(WorkspaceSubscriptionSchema(many=True)) def user_subscriptions( self, context, request: TracimRequest, hapic_data: HapicData ) -> typing.List[WorkspaceSubscription]: subscription_lib = SubscriptionLib( current_user=request.current_user, session=request.dbsession, config=request.app_config, ) return subscription_lib.get_user_subscription(request.candidate_user.user_id) @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_SUBSCRIPTIONS_ENDPOINTS]) @check_right(has_personal_access) @hapic.handle_exception(InvalidWorkspaceAccessType, HTTPStatus.BAD_REQUEST) @hapic.input_path(UserIdPathSchema()) @hapic.input_body(WorkspaceIdSchema()) @hapic.output_body(WorkspaceSubscriptionSchema()) def submit_subscription( self, context, request: TracimRequest, hapic_data: HapicData ) -> typing.List[WorkspaceSubscription]: workspace = WorkspaceApi( current_user=None, session=request.dbsession, config=request.app_config ).get_one(hapic_data.body["workspace_id"]) subscription_lib = SubscriptionLib( current_user=request.current_user, session=request.dbsession, config=request.app_config, ) return subscription_lib.submit_subscription(workspace=workspace) def bind(self, configurator: Configurator) -> None: """ Create all routes and views using pyramid configurator for this controller """ # user workspace configurator.add_route( "get_user_workspace", "/users/{user_id:\d+}/workspaces", request_method="GET", # noqa: W605 ) configurator.add_view(self.user_workspace, route_name="get_user_workspace") configurator.add_route( "post_user_workspace", "/users/{user_id:\d+}/workspaces", request_method="POST", # noqa: W605 ) configurator.add_view(self.join_workspace, route_name="post_user_workspace") # user info configurator.add_route("user", "/users/{user_id:\d+}", request_method="GET") # noqa: W605 configurator.add_view(self.user, route_name="user") # user space info configurator.add_route( "user_disk_space", "/users/{user_id:\d+}/disk_space", request_method="GET" ) # noqa: W605 configurator.add_view(self.user_disk_space, route_name="user_disk_space") # users lists configurator.add_route("users", "/users", request_method="GET") configurator.add_view(self.users, route_name="users") # known members lists configurator.add_route( "known_members", "/users/{user_id:\d+}/known_members", request_method="GET", # noqa: W605 ) configurator.add_view(self.known_members, route_name="known_members") # set user email configurator.add_route( "set_user_email", "/users/{user_id:\d+}/email", request_method="PUT" ) # noqa: W605 configurator.add_view(self.set_user_email, route_name="set_user_email") # set user username configurator.add_route( "set_user_username", "/users/{user_id:\d+}/username", request_method="PUT" ) # noqa: W605 configurator.add_view(self.set_user_username, route_name="set_user_username") # set user password configurator.add_route( "set_user_password", "/users/{user_id:\d+}/password", request_method="PUT" # noqa: W605 ) configurator.add_view(self.set_user_password, route_name="set_user_password") # set user_info configurator.add_route( "set_user_info", "/users/{user_id:\d+}", request_method="PUT" ) # noqa: W605 configurator.add_view(self.set_user_infos, route_name="set_user_info") # create user configurator.add_route("create_user", "/users", request_method="POST") configurator.add_view(self.create_user, route_name="create_user") # enable user configurator.add_route( "enable_user", "/users/{user_id:\d+}/enabled", request_method="PUT" ) # noqa: W605 configurator.add_view(self.enable_user, route_name="enable_user") # disable user configurator.add_route( "disable_user", "/users/{user_id:\d+}/disabled", request_method="PUT" # noqa: W605 ) configurator.add_view(self.disable_user, route_name="disable_user") # delete user configurator.add_route( "delete_user", "/users/{user_id:\d+}/trashed", request_method="PUT" ) # noqa: W605 configurator.add_view(self.delete_user, route_name="delete_user") # undelete user configurator.add_route( "undelete_user", "/users/{user_id:\d+}/trashed/restore", request_method="PUT", # noqa: W605 ) configurator.add_view(self.undelete_user, route_name="undelete_user") # set user profile configurator.add_route( "set_user_profile", "/users/{user_id:\d+}/profile", request_method="PUT" # noqa: W605 ) configurator.add_view(self.set_profile, route_name="set_user_profile") # set user allowed_space configurator.add_route( "set_user_allowed_space", "/users/{user_id:\d+}/allowed_space", request_method="PUT", # noqa: W605 ) configurator.add_view(self.set_allowed_space, route_name="set_user_allowed_space") # user content configurator.add_route( "contents_read_status", "/users/{user_id:\d+}/workspaces/{workspace_id}/contents/read_status", # noqa: W605 request_method="GET", ) configurator.add_view(self.contents_read_status, route_name="contents_read_status") # last active content for user configurator.add_route( "last_active_content", "/users/{user_id:\d+}/workspaces/{workspace_id}/contents/recently_active", # noqa: W605 request_method="GET", ) configurator.add_view(self.last_active_content, route_name="last_active_content") # set content as read/unread configurator.add_route( "read_content", "/users/{user_id:\d+}/workspaces/{workspace_id}/contents/{content_id}/read", # noqa: W605 request_method="PUT", ) configurator.add_view(self.set_content_as_read, route_name="read_content") configurator.add_route( "unread_content", "/users/{user_id:\d+}/workspaces/{workspace_id}/contents/{content_id}/unread", # noqa: W605 request_method="PUT", ) configurator.add_view(self.set_content_as_unread, route_name="unread_content") # set workspace as read configurator.add_route( "read_workspace", "/users/{user_id:\d+}/workspaces/{workspace_id}/read", # noqa: W605 request_method="PUT", ) configurator.add_view(self.set_workspace_as_read, route_name="read_workspace") # enable workspace notification configurator.add_route( "enable_workspace_notification", "/users/{user_id:\d+}/workspaces/{workspace_id}/notifications/activate", # noqa: W605 request_method="PUT", ) configurator.add_view( self.enable_workspace_notification, route_name="enable_workspace_notification" ) # enable workspace notification configurator.add_route( "disable_workspace_notification", "/users/{user_id:\d+}/workspaces/{workspace_id}/notifications/deactivate", # noqa: W605 request_method="PUT", ) configurator.add_view( self.disable_workspace_notification, route_name="disable_workspace_notification" ) # TracimLiveMessages notification configurator.add_route( "live_messages", "/users/{user_id:\d+}/live_messages", # noqa: W605 request_method="GET", ) configurator.add_view(self.open_message_stream, route_name="live_messages") # Tracim user messages configurator.add_route( "messages", "/users/{user_id:\d+}/messages", request_method="GET", # noqa: W605 ) configurator.add_view(self.get_user_messages, route_name="messages") configurator.add_route( "messages_summary", "/users/{user_id:\d+}/messages/summary", request_method="GET", # noqa: W605 ) configurator.add_view(self.get_user_messages_summary, route_name="messages_summary") # read all unread messages for user configurator.add_route( "read_messages", "/users/{user_id:\d+}/messages/read", request_method="PUT", # noqa: W605 ) configurator.add_view(self.set_all_user_messages_as_read, route_name="read_messages") # read all unread messages for user configurator.add_route( "read_message", "/users/{user_id:\d+}/messages/{event_id:\d+}/read", request_method="PUT", # noqa: W605 ) configurator.add_view(self.set_message_as_read, route_name="read_message") # read all unread messages for user configurator.add_route( "unread_message", "/users/{user_id:\d+}/messages/{event_id:\d+}/unread", request_method="PUT", # noqa: W605 ) configurator.add_view(self.set_message_as_unread, route_name="unread_message") # User configuration configurator.add_route( "config_get", "/users/{user_id:\d+}/config", request_method="GET", # noqa: W605 ) configurator.add_view(self.get_user_config, route_name="config_get") configurator.add_route( "config_post", "/users/{user_id:\d+}/config", request_method="PUT", # noqa: W605 ) configurator.add_view(self.set_user_config, route_name="config_post") # User accessible workspaces (not member of, but can see information about them to subscribe) configurator.add_route( "get_accessible_workspaces", "/users/{user_id:\d+}/accessible_workspaces", request_method="GET", # noqa: W605 ) configurator.add_view( self.get_accessible_workspaces, route_name="get_accessible_workspaces" ) # User subscriptions configurator.add_route( "subscriptions_get", "/users/{user_id:\d+}/workspace_subscriptions", request_method="GET", # noqa: W605 ) configurator.add_view(self.user_subscriptions, route_name="subscriptions_get") configurator.add_route( "subscriptions_put", "/users/{user_id:\d+}/workspace_subscriptions", request_method="PUT", # noqa: W605 ) configurator.add_view(self.submit_subscription, route_name="subscriptions_put")