Commit Graph

1063 Commits

Author SHA1 Message Date
Nathan Panchout 8ae112b43b (frontend) updated dependencies and added new packages
Added several new dependencies to the `package.json` file, including
`@dnd-kit/core`, `@dnd-kit/modifiers`, `@fontsource/material-icons`, and
`@gouvfr-lasuite/ui-kit`.
2025-07-01 15:18:07 +02:00
Nathan Panchout e72317fbaa 🐛(back) keep info if document has deleted children
With the soft delete feature, relying on the is_leaf method from the
treebeard is not accurate anymore. To determine if a node is a leaf, it
checks if the number of numchild is equal to 0. But a node can have soft
deleted children, then numchild is equal to 0, but it is not a leaf
because if we want to add a child we have to look for the last child to
compute a correct path. Otherwise we will have an error saying that the
path already exists.
2025-07-01 15:17:32 +02:00
Samuel Paccoud - DINUM 507c9a583a (backend) add ancestors links definitions to document abilities
The frontend needs to display inherited link accesses when it displays
possible selection options. We need to return this information to the
client.
2025-07-01 15:17:32 +02:00
Samuel Paccoud - DINUM 4a44b44aec ♻️(backend) simplify roles by returning only the max role
We were returning the list of roles a user has on a document (direct
and inherited). Now that we introduced priority on roles, we are able
to determine what is the max role and return only this one.

This commit also changes the role that is returned for the restricted
reach: we now return None because the role is not relevant in this
case.
2025-07-01 15:17:32 +02:00
Samuel Paccoud - DINUM 94c372ea6e (backend) add ancestors links definitions to document abilities
The frontend needs to display inherited link accesses when it displays
possible selection options. We need to return this information to the
client.
2025-07-01 15:17:32 +02:00
Samuel Paccoud - DINUM c807aded5c (backend) add max_role field to the document access API endpoint
The frontend needs to know what to display on an access. The maximum
role between the access role and the role equivalent to all accesses
on the document's ancestors should be computed on the backend.
2025-07-01 15:17:32 +02:00
Samuel Paccoud - DINUM ad7a5235e1 ♻️(backend) simplify further select options on link reach/role
We reduce the number of options even more by treating link reach
and link role independently: link reach must be higher than its
ancestors' equivalent link reach and link role must be higher than
its ancestors' link role.

This reduces the number of possibilities but we decided to start
with the most restrictive and simple offer and extend it if we
realize it faces too many criticism instead of risking to offer
too many options that are too complex and must be reduced afterwards.
2025-07-01 15:17:32 +02:00
Samuel Paccoud - DINUM 62ff585539 🐛(backend) fix creating/updating document accesses for teams
This use case was forgotten when the support for team accesses
was added. We add tests to stabilize the feature and its security.
2025-07-01 15:17:32 +02:00
Samuel Paccoud - DINUM 8c6bf045cc (backend) add document path and depth to accesses endpoint
The frontend requires this information about the ancestor document
to which each access is related. We make sure it does not generate
more db queries and does not fetch useless and heavy fields from
the document like "excerpt".
2025-07-01 15:17:32 +02:00
Samuel Paccoud - DINUM 8e7651d5cd 🐛(backend) allow creating accesses when privileged by heritage
We took the opportunity of this bug to refactor serializers and
permissions as advised one day by @qbey: no permission checks in
serializers.
2025-07-01 15:17:30 +02:00
Samuel Paccoud - DINUM 12a229e0ab (backend) fix randomly failing test due to delay before check
There is a delay between the time the signature is issued and the
time it is checked. Although this delay is minimal, if the signature
is issued at the end of a second, both timestamps can differ of 1s.

> assert response["X-Amz-Date"] == timezone.now().strftime("%Y%m%dT%H%M%SZ")
AssertionError: assert equals failed '20250504T175307Z'  '20250504T175308Z'
2025-07-01 15:16:09 +02:00
Samuel Paccoud - DINUM a3e3ede1f8 ♻️(backend) stop requiring owner for non-root documents
If root documents are guaranteed to have a owner, non-root documents
will automatically have them as owner by inheritance. We should not
require non-root documents to have their own direct owner because
this will make it difficult to manage access rights when we move
documents around or when we want to remove access rights for someone
on a document subtree... There should be as few overrides as possible.
2025-07-01 15:16:09 +02:00
Samuel Paccoud - DINUM 46ac2e11ed (backend) add max ancestors role field to document access endpoint
This field is set only on the list view when all accesses for a given
document and all its ancestors are listed. It gives the highest role
among all accesses related to each document.
2025-07-01 15:16:09 +02:00
Samuel Paccoud - DINUM e0d6271677 fixup! ♻️(backend) optimize refactoring access abilities and fix inheritance 2025-07-01 15:16:09 +02:00
Samuel Paccoud - DINUM 9e9efa197a ♻️(backend) optimize refactoring access abilities and fix inheritance
The latest refactoring in a445278 kept some factorizations that are
not legit anymore after the refactoring.

It is also cleaner to not make serializer choice in the list view if
the reason for this choice is related to something else b/c other
views would then use the wrong serializer and that would be a
security leak.

This commit also fixes a bug in the access rights inheritance: if a
user is allowed to see accesses on a document, he should see all
acesses related to ancestors, even the ancestors that he can not
read. This is because the access that was granted on all ancestors
also apply on the current document... so it must be displayed.

Lastly, we optimize database queries because the number of accesses
we fetch is going up with multi-pages and we were generating a lot
of useless queries.
2025-07-01 15:16:07 +02:00
Samuel Paccoud - DINUM 9b29a0b693 (backend) add computed link reach and role to document API
On a document, we need to display the status of the link (reach and
role) taking into account the ancestors link reach/role as well as
the current document.
2025-07-01 15:15:17 +02:00
Samuel Paccoud - DINUM b85f1d1737 (backend) add ancestors link reach and role to document API
On a document, we need to display the status of the link (reach and
role) as inherited from its ancestors.
2025-07-01 15:15:17 +02:00
Samuel Paccoud - DINUM 4474fc8ddb ♻️(backend) simplify roles by returning only the max role
We were returning the list of roles a user has on a document (direct
and inherited). Now that we introduced priority on roles, we are able
to determine what is the max role and return only this one.

This commit also changes the role that is returned for the restricted
reach: we now return None because the role is not relevant in this
case.
2025-07-01 15:15:16 +02:00
Samuel Paccoud - DINUM 2f980e880a (backend) fix randomly failing test on user search
The user account created to query the API had a random email
that could randomly interfere with our search results.
2025-07-01 15:15:16 +02:00
Samuel Paccoud - DINUM 6edb92ee62 ♻️(backend) refactor get_select_options to take definitions dict
This will allow us to simplify the get_abilities method. It is also
more efficient because we have computed this definitions dict and
the the get_select_options method was doing the conversion again.
2025-07-01 15:15:14 +02:00
Samuel Paccoud - DINUM ee8f61a858 (backend) give an order to choices
We are going to need to compare choices to materialize the fact that
choices are ordered. For example an admin role is higer than an
editor role but lower than an owner role.

We will need this to compute the reach and role resulting from all
the document accesses (resp. link accesses) assigned on a document's
ancestors.
2025-07-01 15:13:40 +02:00
Samuel Paccoud - DINUM 40785f381a (backend) we want to display ancestors accesses on a document share
The document accesses a user have on a document's ancestors also apply
to this document. The frontend needs to list them as "inherited" so we
need to add them to the list.
Adding a "document_id" field on the output will allow the frontend to
differentiate between inherited and direct accesses on a document.
2025-07-01 15:13:40 +02:00
Samuel Paccoud - DINUM 149f711f60 ♻️(backend) factorize document query set annotation
The methods to annotate a document queryset were factorized on the
viewset but the correct place is the custom queryset itself now that
we have one.
2025-07-01 15:13:40 +02:00
Samuel Paccoud - DINUM b5dad9eb1a ♻️(backend) refactor resource access viewset
The document viewset was overriding the get_queryset method from its
own mixin. This was a sign that the mixin was not optimal anymore.
In the next commit I will need to complexify it further so it's time
to refactor the mixin.
2025-07-01 15:13:40 +02:00
Samuel Paccoud - DINUM 8c714bfdc6 ♻️(backend) remove different reach for authenticated and anonymous
If anonymous users have reader access on a parent, we were considering
that an edge use case was interesting: allowing an authenticated user
to still be editor on the child.

Although this use case could be interesting, we consider, as a first
approach, that the value it carries is not big enough to justify the
complexity for the user to understand this complex access right heritage.
2025-07-01 15:13:40 +02:00
Samuel Paccoud - DINUM 55ea7f8375 (backend) add ancestors links definitions to document abilities
The frontend needs to display inherited link accesses when it displays
possible selection options. We need to return this information to the
client.
2025-07-01 15:13:36 +02:00
Samuel Paccoud - DINUM abddb4d585 🐛(backend) fix link definition select options linked to ancestors
We were returning too many select options for the restricted link reach:
- when the "restricted" reach is an option (key present in the returned
  dictionary), the possible values for link roles are now always None to
  make it clearer that they don't matter and no select box should be
  shown for roles.
- Never propose "restricted" as option for link reach when the ancestors
  already offer a public access. Indeed, restricted/editor was shown when
  the ancestors had public/read access. The logic was to propose editor
  role on more restricted reaches... but this does not make sense for
  restricted since the role does is not taken into account for this reach.
  Roles are set by each access line assign to users/teams.
2025-07-01 15:11:06 +02:00
soyouzpanda 6c3850b22b (frontend) support _FILE environment variables for secrets
Allow configuration variables that handles secrets to be read from a
file given in an environment variable.
2025-07-01 10:47:55 +02:00
soyouzpanda 31e8ed3a00 (backend) support _FILE environment variables for secrets
Allow configuration variables that handles secrets, like
`DJANGO_SECRET_KEY` to be able to read from a file which is given
through an environment file.

For example, if `DJANGO_SECRET_KEY_FILE` is set to
`/var/lib/docs/django-secret-key`, the value of `DJANGO_SECRET_KEY` will
be the content of `/var/lib/docs/django-secret-key`.
2025-07-01 10:32:55 +02:00
Manuel Raynaud 7e63e9e460 ♻️(back) exclude /admin from CSP rules
We have to exclude the /admin prefix to allow loading static files when
the django admin is used.
2025-06-30 14:46:01 +02:00
Anthony LC 388f71d9d0 (frontend) button access request on share modal
When a document is in public or connected mode,
users can now request access to the document.
2025-06-30 12:13:28 +02:00
Anthony LC 2360a832af (frontend) add access request on doc share modal
Add the access request to the document
share modal, allowing admin to see and manage
access requests directly from the modal interface.
2025-06-30 12:13:28 +02:00
Anthony LC 411d52c73b ♻️(frontend) improve separation of concerns in DocShareModal
Improve separation of concerns in the DocShareModal
component.
The member and invitation list are now
in a separate component.
It will help us to integrate cleanly the
request access list.
2025-06-30 12:13:28 +02:00
Anthony LC 394f91387d (backend) send email to admins when user ask for access
When a user requests access to a document, an
email is sent to the admins and owners of the
document.
2025-06-30 12:13:27 +02:00
Anthony LC 878de08b1e (frontend) integrate doc access request
When a user is redirected on the 403 page,
they can now request access to the document.
2025-06-30 12:13:27 +02:00
Manuel Raynaud d33286019c (back) accept for a owner the request to access a document
Add the action accepting a request to access a document. It is possible
to override the role from the request and also update an existing
DocumentAccess
2025-06-30 12:13:26 +02:00
Manuel Raynaud c2e46fa9e2 (back) document as for access CRUD
We introduce a new model for user wanted to access a document or upgrade
their role if they already have access.
The viewsets does not implement PUT and PATCH, we don't need it for now.
2025-06-30 12:13:26 +02:00
Manuel Raynaud 2e1b112133 🚨(back) remove unused ruff ignore rule
A ruff ignore rule was present in the factories module. But this rule is
not used in the file so we can safely remove it.
2025-06-30 10:43:58 +02:00
renovate[bot] 8f7ac12ea1 ⬆️(dependencies) update python dependencies 2025-06-30 10:43:58 +02:00
Manuel Raynaud dfdfe83db5 (back) install and configure django csp (#1085)
We want to protect all requests from django with content security
policy header. We use the djang-csp library and configure it with
default values.

Fixes #1000
2025-06-30 08:42:48 +00:00
Anthony LC 4ae757ce93 🔥(frontend) remove Beta from logo
Docs got homologated, so we can remove the beta
logo from the DSFR theme.
2025-06-27 18:22:59 +02:00
Manuel Raynaud 6964686f7c 🔧(back) remove usage of deprecated db engine
The db engine postgresql_psycopg2 does not exists anymore in django but
for BC compat it is possible to use it in the configuration and it is
replace by postgresql at runtime. We changed this settings to use the
good one.
2025-06-27 16:03:09 +00:00
Manuel Raynaud 45bbffdf9f (back) allow to disable checking unsafe mimetype on attachment upload
We added the possibility to scan all uploaded files with an anti malware
solution. Depending the backend used, we want to give the possibility to
check the file mimtype to determine if this one is tagged as unsafe or
not. To this you can set the environment variable
DOCUMENT_ATTACHMENT_CHECK_UNSAFE_MIME_TYPES_ENABLED to False. The
default value is True.
2025-06-27 15:31:15 +00:00
Anthony LC 95a55e7805 (e2e) reduce flakiness in e2e tests
Flakiness in e2e tests has been reduced by:
- Adding waits for media-check processing in image tests.
- Ensuring that slash menu resets are handled
correctly to avoid flakiness.
- Wait for the Download button to be stable before clicking
2025-06-27 16:50:10 +02:00
Anthony LC 00009ecc16 🔧(conf) add server to server api tokens to common
We have the e2e test "it creates a doc server way"
that is quite complicated to run locally, because
it requires the `DJANGO_SERVER_TO_SERVER_API_TOKENS`
environment variable to be set in "env.d/development/common".
We moved `DJANGO_SERVER_TO_SERVER_API_TOKENS` from
"env.d/development/common.e2e.dist" to
"env.d/development/common.dist", by doing so,
this variable will be set by default in the
"env.d/development/common" file, the test will now run
without any additional configuration.
2025-06-26 17:09:08 +02:00
Anthony LC 9b0676ec15 (jest) fix window.location mock
We upgraded to jest 30.0.3.
This upgrade updated jsdom and jsdom now do not
allows to mock window.location.
See: https://github.com/jsdom/jsdom/issues/3492
This commit fixes this issue.
2025-06-26 16:49:13 +02:00
Anthony LC 9f222bbaa3 ⬇️(dependencies) downgrade to docx 9.5.0
Prob compatibility issue with docx 9.5.1 and
BlockNote. We downgrade to 9.5.0 for now until
BlockNote is updated to support docx 9.5.1.
2025-06-26 16:47:51 +02:00
renovate[bot] f0b253f0ff ⬆️(dependencies) update js dependencies 2025-06-26 12:14:34 +00:00
lebaudantoine 71cd016d4d ️(frontend) optimize document fetch error handling
Reduce unnecessary fetch requests when retrieving documents with permission
or authentication issues. Previous implementation was triggering multiple
document requests despite having sufficient error information from initial
attempt to determine appropriate user redirection.

Additionally, fix issue where resetting the auth cache was triggering redundant
authentication verification requests. The responsibility for checking auth
status should belong to the 401 page component on mount, rather than being
triggered by cache resets during error handling.

Known limitations:
- Not waiting for async  function completion makes code harder to
 maintain
- Added loading spinner as temporary solution to prevent UI flicker
- Future improvement should implement consistent error-based redirects rather
 than rendering error messages directly on document page
2025-06-24 15:50:02 +02:00
lebaudantoine 2a7ffff96d ️(frontend) prevent authentication retry on 401 responses
Stop retry attempts when receiving 401 Unauthorized from /me endpoint since
this clearly indicates authentication status. The original purpose of the /me
call is simply to determine if user is authenticated, and a 401 provides
sufficient information.

Prevents unnecessary network requests caused by React Query's automatic retry
behavior when re-raising exceptions, which was hiding the 401 status. Improves
performance and reduces server load during authentication failures.
2025-06-24 15:46:48 +02:00