Merge branch 'develop' of github.com:tracim/tracim_backend into feature/612_user_account_endpoint

.travis.yml

   - "3.5"
   - "3.6"
 
+addons:
+  apt:
+    packages:
+    - libreoffice
+    - imagemagick
+    - libmagickwand-dev
+    - ghostscript
 services:
   - docker
   - redis-server

README.md

     sudo apt install git
     sudo apt install python3 python3-venv python3-dev python3-pip
     sudo apt install redis-server
+    sudo apt install zlib1g-dev libjpeg-dev
+    sudo apt install imagemagick libmagickwand-dev ghostscript
+
+for better preview support:
+
+    sudo apt install libreoffice # most office documents file and text format
+    sudo apt install inkscape # for .svg files.
 
 ### Get the source ###
 
 
 run tracim_backend web api:
 
-    pserve developement.ini
+    pserve development.ini
 
 run wsgidav server:
 

development.ini.sample

 ## Do not set http:// prefix.
 # wsgidav.client.base_url = 127.0.0.1:<WSGIDAV_PORT>
 
+### Preview
+## You can parametrized allowed jpg preview dimension list, if not set, default
+## is 256x256. First {width}x{length} items is default preview dimensions.
+## all items should be separated by ',' and you should be really careful to do
+## set anything else than '{int}x{int}' item and ', ' separator
+# preview.jpg.allowed_dims = 256x256,1000x1000
+## Preview dimensions can be set as restricted, if set as restricted, access
+## endpoint to  to get any other preview dimensions than allowed_dims will
+## return error
+# preview.jpg.restricted_dims = True
+
 ###
 # wsgi server configuration
 ###

setup.py

     'filedepot',
     'babel',
     'python-slugify',
+    'preview-generator',
     # mail-notifier
     'mako',
     'lxml',
     'pytest-cov',
     'pep8',
     'mypy',
-    'requests'
+    'requests',
+    'Pillow'
 ]
 
 mysql_require = [

tracim/__init__.py

 # -*- coding: utf-8 -*-
+
+
 try:  # Python 3.5+
     from http import HTTPStatus
 except ImportError:
 from tracim.views.core_api.user_controller import UserController
 from tracim.views.core_api.workspace_controller import WorkspaceController
 from tracim.views.contents_api.comment_controller import CommentController
+from tracim.views.contents_api.file_controller import FileController
 from tracim.views.errors import ErrorSchema
 from tracim.exceptions import NotAuthenticated
 from tracim.exceptions import UserNotActive
     comment_controller = CommentController()
     html_document_controller = HTMLDocumentController()
     thread_controller = ThreadController()
+    file_controller = FileController()
     configurator.include(session_controller.bind, route_prefix=BASE_API_V2)
     configurator.include(system_controller.bind, route_prefix=BASE_API_V2)
     configurator.include(user_controller.bind, route_prefix=BASE_API_V2)
     configurator.include(comment_controller.bind, route_prefix=BASE_API_V2)
     configurator.include(html_document_controller.bind, route_prefix=BASE_API_V2)  # nopep8
     configurator.include(thread_controller.bind, route_prefix=BASE_API_V2)
+    configurator.include(file_controller.bind, route_prefix=BASE_API_V2)
 
     hapic.add_documentation_view(
         '/api/v2/doc',

tracim/config.py

         #     self.RADICALE_CLIENT_BASE_URL_HOST,
         #     self.RADICALE_CLIENT_BASE_URL_PREFIX,
         # )
+        self.PREVIEW_JPG_RESTRICTED_DIMS = asbool(settings.get(
+            'preview.jpg.restricted_dims', False
+        ))
+        preview_jpg_allowed_dims_str = settings.get('preview.jpg.allowed_dims', '')  # nopep8
+        allowed_dims = []
+        if preview_jpg_allowed_dims_str:
+            for sizes in preview_jpg_allowed_dims_str.split(','):
+                parts = sizes.split('x')
+                assert len(parts) == 2
+                width, height = parts
+                assert width.isdecimal()
+                assert height.isdecimal()
+                size = PreviewDim(int(width), int(height))
+                allowed_dims.append(size)
+
+        if not allowed_dims:
+            size = PreviewDim(256, 256)
+            allowed_dims.append(size)
+
+        self.PREVIEW_JPG_ALLOWED_DIMS = allowed_dims
 
     def configure_filedepot(self):
         depot_storage_name = self.DEPOT_STORAGE_NAME
 
         TREEVIEW_FOLDERS = 'folders'
         TREEVIEW_ALL = 'all'
+
+
+class PreviewDim(object):
+
+    def __init__(self, width: int, height: int) -> None:
+        self.width = width
+        self.height = height
+
+    def __repr__(self):
+        return "<PreviewDim width:{width} height:{height}>".format(
+            width=self.width,
+            height=self.height,
+        )

tracim/exceptions.py

     pass
 
 
+class RoleDoesNotExist(TracimException):
+    pass
+
+
+class EmailValidationFailed(TracimException):
+    pass
+
+
+class UserCreationFailed(TracimException):
+    pass
+
+
 class ParentNotFound(NotFound):
     pass
+
+
+class RevisionDoesNotMatchThisContent(TracimException):
+    pass
+
+
+class PageOfPreviewNotFound(NotFound):
+    pass
+
+
+class PreviewDimNotAllowed(TracimException):
+    pass

tracim/lib/core/content.py

 from operator import itemgetter
 
 import transaction
+from preview_generator.manager import PreviewManager
 from sqlalchemy import func
 from sqlalchemy.orm import Query
 from depot.manager import DepotManager
 from tracim.lib.utils.utils import cmp_to_key
 from tracim.lib.core.notifications import NotifierFactory
 from tracim.exceptions import SameValueError
+from tracim.exceptions import PageOfPreviewNotFound
+from tracim.exceptions import PreviewDimNotAllowed
+from tracim.exceptions import RevisionDoesNotMatchThisContent
 from tracim.exceptions import EmptyCommentContentNotAllowed
 from tracim.exceptions import EmptyLabelNotAllowed
 from tracim.exceptions import ContentNotFound
 from tracim.models.data import Workspace
 from tracim.lib.utils.translation import fake_translator as _
 from tracim.models.context_models import RevisionInContext
+from tracim.models.context_models import PreviewAllowedDim
 from tracim.models.context_models import ContentInContext
 
 __author__ = 'damien'
 
 
+# TODO - G.M - 2018-07-24 - [Cleanup] Is this method already needed ?
 def compare_content_for_sorting_by_type_and_name(
         content1: Content,
         content2: Content
         else:
             return 0
 
-
+# TODO - G.M - 2018-07-24 - [Cleanup] Is this method already needed ?
 def compare_tree_items_for_sorting_by_type_and_name(
         item1: NodeTreeItem,
         item2: NodeTreeItem
         self._show_all_type_of_contents_in_treeview = all_content_in_treeview
         self._force_show_all_types = force_show_all_types
         self._disable_user_workspaces_filter = disable_user_workspaces_filter
+        self.preview_manager = PreviewManager(self._config.PREVIEW_CACHE_DIR, create_folder=True)  # nopep8
 
     @contextmanager
     def show(
             self._show_temporary = previous_show_temporary
 
     def get_content_in_context(self, content: Content) -> ContentInContext:
-        return ContentInContext(content, self._session, self._config)
+        return ContentInContext(content, self._session, self._config, self._user)  # nopep8
 
     def get_revision_in_context(self, revision: ContentRevisionRO) -> RevisionInContext:  # nopep8
         # TODO - G.M - 2018-06-173 - create revision in context object
         return self._session.query(Content)\
             .join(ContentRevisionRO, self._get_revision_join())
 
+    # TODO - G.M - 2018-07-24 - [Cleanup] Is this method already needed ?
     @classmethod
     def sort_tree_items(
         cls,
 
         return content_list
 
+    # TODO - G.M - 2018-07-24 - [Cleanup] Is this method already needed ?
     @classmethod
     def sort_content(
         cls,
     ) -> Query:
         return self._base_query(workspace)
 
-    def get_child_folders(self, parent: Content=None, workspace: Workspace=None, filter_by_allowed_content_types: list=[], removed_item_ids: list=[], allowed_node_types=None) -> typing.List[Content]:
-        """
-        This method returns child items (folders or items) for left bar treeview.
-
-        :param parent:
-        :param workspace:
-        :param filter_by_allowed_content_types:
-        :param removed_item_ids:
-        :param allowed_node_types: This parameter allow to hide folders for which the given type of content is not allowed.
-               For example, if you want to move a Page from a folder to another, you should show only folders that accept pages
-        :return:
-        """
-        filter_by_allowed_content_types = filter_by_allowed_content_types or []  # FDV
-        removed_item_ids = removed_item_ids or []  # FDV
-
-        if not allowed_node_types:
-            allowed_node_types = [ContentType.Folder]
-        elif allowed_node_types==ContentType.Any:
-            allowed_node_types = ContentType.all()
-
-        parent_id = parent.content_id if parent else None
-        folders = self._base_query(workspace).\
-            filter(Content.parent_id==parent_id).\
-            filter(Content.type.in_(allowed_node_types)).\
-            filter(Content.content_id.notin_(removed_item_ids)).\
-            all()
-
-        if not filter_by_allowed_content_types or \
-                        len(filter_by_allowed_content_types)<=0:
-            # Standard case for the left treeview: we want to show all contents
-            # in the left treeview... so we still filter because for example
-            # comments must not appear in the treeview
-            return [folder for folder in folders \
-                    if folder.type in ContentType.allowed_types_for_folding()]
-
-        # Now this is a case of Folders only (used for moving content)
-        # When moving a content, you must get only folders that allow to be filled
-        # with the type of content you want to move
-        result = []
-        for folder in folders:
-            for allowed_content_type in filter_by_allowed_content_types:
-
-                is_folder = folder.type == ContentType.Folder
-                content_type__allowed = folder.properties['allowed_content'][allowed_content_type] == True
-
-                if is_folder and content_type__allowed:
-                    result.append(folder)
-                    break
-
-        return result
+    # TODO - G.M - 2018-07-17 - [Cleanup] Drop this method if unneeded
+    # def get_child_folders(self, parent: Content=None, workspace: Workspace=None, filter_by_allowed_content_types: list=[], removed_item_ids: list=[], allowed_node_types=None) -> typing.List[Content]:
+    #     """
+    #     This method returns child items (folders or items) for left bar treeview.
+    # 
+    #     :param parent:
+    #     :param workspace:
+    #     :param filter_by_allowed_content_types:
+    #     :param removed_item_ids:
+    #     :param allowed_node_types: This parameter allow to hide folders for which the given type of content is not allowed.
+    #            For example, if you want to move a Page from a folder to another, you should show only folders that accept pages
+    #     :return:
+    #     """
+    #     filter_by_allowed_content_types = filter_by_allowed_content_types or []  # FDV
+    #     removed_item_ids = removed_item_ids or []  # FDV
+    # 
+    #     if not allowed_node_types:
+    #         allowed_node_types = [ContentType.Folder]
+    #     elif allowed_node_types==ContentType.Any:
+    #         allowed_node_types = ContentType.all()
+    # 
+    #     parent_id = parent.content_id if parent else None
+    #     folders = self._base_query(workspace).\
+    #         filter(Content.parent_id==parent_id).\
+    #         filter(Content.type.in_(allowed_node_types)).\
+    #         filter(Content.content_id.notin_(removed_item_ids)).\
+    #         all()
+    # 
+    #     if not filter_by_allowed_content_types or \
+    #                     len(filter_by_allowed_content_types)<=0:
+    #         # Standard case for the left treeview: we want to show all contents
+    #         # in the left treeview... so we still filter because for example
+    #         # comments must not appear in the treeview
+    #         return [folder for folder in folders \
+    #                 if folder.type in ContentType.allowed_types_for_folding()]
+    # 
+    #     # Now this is a case of Folders only (used for moving content)
+    #     # When moving a content, you must get only folders that allow to be filled
+    #     # with the type of content you want to move
+    #     result = []
+    #     for folder in folders:
+    #         for allowed_content_type in filter_by_allowed_content_types:
+    # 
+    #             is_folder = folder.type == ContentType.Folder
+    #             content_type__allowed = folder.properties['allowed_content'][allowed_content_type] == True
+    # 
+    #             if is_folder and content_type__allowed:
+    #                 result.append(folder)
+    #                 break
+    # 
+    #     return result
 
     def create(self, content_type: str, workspace: Workspace, parent: Content=None, label: str ='', filename: str = '', do_save=False, is_temporary: bool=False, do_notify=True) -> Content:
         # TODO - G.M - 2018-07-16 - raise Exception instead of assert
             raise ContentNotFound('Content "{}" not found in database'.format(content_id)) from exc  # nopep8
         return content
 
-    def get_one_revision(self, revision_id: int = None) -> ContentRevisionRO:
+    def get_one_revision(self, revision_id: int = None, content: Content= None) -> ContentRevisionRO:  # nopep8
         """
         This method allow us to get directly any revision with its id
         :param revision_id: The content's revision's id that we want to return
+        :param content: The content related to the revision, if None do not
+        check if revision is related to this content.
         :return: An item Content linked with the correct revision
         """
         assert revision_id is not None# DYN_REMOVE
 
         revision = self._session.query(ContentRevisionRO).filter(ContentRevisionRO.revision_id == revision_id).one()
-
+        if content and revision.content_id != content.content_id:
+            raise RevisionDoesNotMatchThisContent(
+                'revision {revision_id} is not a revision of content {content_id}'.format(  # nopep8
+                    revision_id=revision.revision_id,
+                    content_id=content.content_id,
+                    )
+            )
         return revision
 
     # INFO - A.P - 2017-07-03 - python file object getter
             )\
             .one()
 
+    # TODO - G.M - 2018-07-24 - [Cleanup] Is this method already needed ?
     def get_folder_with_workspace_path_labels(
             self,
             path_labels: [str],
             ),
         ))
 
-    def get_all(self, parent_id: int=None, content_type: str=ContentType.Any, workspace: Workspace=None) -> typing.List[Content]:
-        assert parent_id is None or isinstance(parent_id, int) # DYN_REMOVE
-        assert content_type is not None# DYN_REMOVE
-        assert isinstance(content_type, str) # DYN_REMOVE
 
-        resultset = self._base_query(workspace)
+    def get_pdf_preview_path(
+            self,
+            content_id: int,
+            revision_id: int,
+            page: int
+    ) -> str:
+        """
+        Get pdf preview of revision of content
+        :param content_id: id of content
+        :param revision_id: id of content revision
+        :param page: page number of the preview, useful for multipage content
+        :return: preview_path as string
+        """
+        file_path = self.get_one_revision_filepath(revision_id)
+        if page >= self.preview_manager.get_page_nb(file_path):
+            raise PageOfPreviewNotFound(
+                'page {page} of content {content_id} does not exist'.format(
+                    page=page,
+                    content_id=content_id
+                ),
+            )
+        jpg_preview_path = self.preview_manager.get_pdf_preview(
+            file_path,
+            page=page
+        )
+        return jpg_preview_path
 
-        if content_type!=ContentType.Any:
-            resultset = resultset.filter(Content.type==content_type)
+    def get_full_pdf_preview_path(self, revision_id: int) -> str:
+        """
+        Get full(multiple page) pdf preview of revision of content
+        :param revision_id: id of revision
+        :return: path of the full pdf preview of this revision
+        """
+        file_path = self.get_one_revision_filepath(revision_id)
+        pdf_preview_path = self.preview_manager.get_pdf_preview(file_path)
+        return pdf_preview_path
 
-        if parent_id:
-            resultset = resultset.filter(Content.parent_id==parent_id)
-        if parent_id == 0 or parent_id is False:
-            resultset = resultset.filter(Content.parent_id == None)
-        # parent_id == None give all contents
+    def get_jpg_preview_allowed_dim(self) -> PreviewAllowedDim:
+        """
+        Get jpg preview allowed dimensions and strict bool param.
+        """
+        return PreviewAllowedDim(
+            self._config.PREVIEW_JPG_RESTRICTED_DIMS,
+            self._config.PREVIEW_JPG_ALLOWED_DIMS,
+        )
 
-        return resultset.all()
+    def get_jpg_preview_path(
+        self,
+        content_id: int,
+        revision_id: int,
+        page: int,
+        width: int = None,
+        height: int = None,
+    ) -> str:
+        """
+        Get jpg preview of revision of content
+        :param content_id: id of content
+        :param revision_id: id of content revision
+        :param page: page number of the preview, useful for multipage content
+        :param width: width in pixel
+        :param height: height in pixel
+        :return: preview_path as string
+        """
+        file_path = self.get_one_revision_filepath(revision_id)
+        if page >= self.preview_manager.get_page_nb(file_path):
+            raise Exception(
+                'page {page} of revision {revision_id} of content {content_id} does not exist'.format(  # nopep8
+                    page=page,
+                    revision_id=revision_id,
+                    content_id=content_id,
+                ),
+            )
+        if not width and not height:
+            width = self._config.PREVIEW_JPG_ALLOWED_DIMS[0].width
+            height = self._config.PREVIEW_JPG_ALLOWED_DIMS[0].height
+
+        allowed_dim = False
+        for preview_dim in self._config.PREVIEW_JPG_ALLOWED_DIMS:
+            if width == preview_dim.width and height == preview_dim.height:
+                allowed_dim = True
+                break
+
+        if not allowed_dim and self._config.PREVIEW_JPG_RESTRICTED_DIMS:
+            raise PreviewDimNotAllowed(
+                'Size {width}x{height} is not allowed for jpeg preview'.format(
+                    width=width,
+                    height=height,
+                )
+            )
+        jpg_preview_path = self.preview_manager.get_jpeg_preview(
+            file_path,
+            page=page,
+            width=width,
+            height=height,
+        )
+        return jpg_preview_path
 
-    def get_children(self, parent_id: int, content_types: list, workspace: Workspace=None) -> typing.List[Content]:
+    def _get_all_query(
+        self,
+        parent_id: int = None,
+        content_type: str = ContentType.Any,
+        workspace: Workspace = None
+    ) -> Query:
         """
-        Return parent_id childs of given content_types
-        :param parent_id: parent id
-        :param content_types: list of types
-        :param workspace: workspace filter
-        :return: list of content
+        Extended filter for better "get all data" query
+        :param parent_id: filter by parent_id
+        :param content_type: filter by content_type slug
+        :param workspace: filter by workspace
+        :return:
         """
+        assert parent_id is None or isinstance(parent_id, int)
+        assert content_type is not None
         resultset = self._base_query(workspace)
-        resultset = resultset.filter(Content.type.in_(content_types))
+
+        if content_type!=ContentType.Any:
+            # INFO - G.M - 2018-07-05 - convert with
+            #  content type object to support legacy slug
+            content_type_object = ContentType(content_type)
+            resultset = resultset.filter(Content.type.in_(content_type_object.get_slug_aliases()))
 
         if parent_id:
             resultset = resultset.filter(Content.parent_id==parent_id)
-        if parent_id is False:
+        if parent_id == 0 or parent_id is False:
             resultset = resultset.filter(Content.parent_id == None)
 
-        return resultset.all()
+        return resultset
+
+    def get_all(self, parent_id: int=None, content_type: str=ContentType.Any, workspace: Workspace=None) -> typing.List[Content]:
+        return self._get_all_query(parent_id, content_type, workspace).all()
 
+    # TODO - G.M - 2018-07-17 - [Cleanup] Drop this method if unneeded
+    # def get_children(self, parent_id: int, content_types: list, workspace: Workspace=None) -> typing.List[Content]:
+    #     """
+    #     Return parent_id childs of given content_types
+    #     :param parent_id: parent id
+    #     :param content_types: list of types
+    #     :param workspace: workspace filter
+    #     :return: list of content
+    #     """
+    #     resultset = self._base_query(workspace)
+    #     resultset = resultset.filter(Content.type.in_(content_types))
+    #
+    #     if parent_id:
+    #         resultset = resultset.filter(Content.parent_id==parent_id)
+    #     if parent_id is False:
+    #         resultset = resultset.filter(Content.parent_id == None)
+    #
+    #     return resultset.all()
+
+    # TODO - G.M - 2018-07-17 - [Cleanup] Drop this method if unneeded
     # TODO find an other name to filter on is_deleted / is_archived
     def get_all_with_filter(self, parent_id: int=None, content_type: str=ContentType.Any, workspace: Workspace=None) -> typing.List[Content]:
         assert parent_id is None or isinstance(parent_id, int) # DYN_REMOVE
 
         return resultset.all()
 
+    # TODO - G.M - 2018-07-24 - [Cleanup] Is this method already needed ?
     def get_all_without_exception(self, content_type: str, workspace: Workspace=None) -> typing.List[Content]:
         assert content_type is not None# DYN_REMOVE
 
             .filter(Workspace.is_deleted.is_(False)) \
             .subquery()
 
-        not_read_content_ids_query = self._session.query(
-            distinct(not_read_revisions.c.content_id)
-        )
-        not_read_content_ids = list(map(
-            itemgetter(0),
-            not_read_content_ids_query,
-        ))
-
-        not_read_contents = self._base_query(workspace) \
-            .filter(Content.content_id.in_(not_read_content_ids)) \
-            .order_by(desc(Content.updated))
+    # TODO - G.M - 2018-07-17 - [Cleanup] Drop this method if unneeded
+    # def get_all_without_exception(self, content_type: str, workspace: Workspace=None) -> typing.List[Content]:
+    #     assert content_type is not None# DYN_REMOVE
+    #
+    #     resultset = self._base_query(workspace)
+    #
+    #     if content_type != ContentType.Any:
+    #         resultset = resultset.filter(Content.type==content_type)
+    #
+    #     return resultset.all()
+
+    def get_last_active(
+            self,
+            workspace: Workspace=None,
+            limit: typing.Optional[int]=None,
+            before_datetime: typing.Optional[datetime.datetime]= None,
+            content_ids: typing.Optional[typing.List[int]] = None,
+    ) -> typing.List[Content]:
+        """
+        get contents list sorted by last update
+        (last modification of content itself or one of this comment)
+        :param workspace: Workspace to check
+        :param limit: maximum number of elements to return
+        :param before_datetime: date from where we check older content.
+        :param content_ids: restrict selection to some content ids and
+        related Comments
+        :return: list of content
+        """
 
-        if content_type != ContentType.Any:
-            not_read_contents = not_read_contents.filter(
-                Content.type==content_type)
-        else:
-            not_read_contents = not_read_contents.filter(
-                Content.type!=ContentType.Folder)
+        resultset = self._get_all_query(
+            workspace=workspace,
+        )
+        if content_ids:
+            resultset = resultset.filter(
+                or_(
+                    Content.content_id.in_(content_ids),
+                    and_(
+                        Content.parent_id.in_(content_ids),
+                        Content.type == ContentType.Comment
+                    )
+                )
+            )
 
-        if parent_id:
-            not_read_contents = not_read_contents.filter(
-                Content.parent_id==parent_id)
+        resultset = resultset.order_by(desc(Content.updated))
 
-        result = []
-        for item in not_read_contents:
-            new_item = None
-            if ContentType.Comment == item.type:
-                new_item = item.parent
+        active_contents = []
+        too_recent_content = []
+        for content in resultset:
+            related_active_content = None
+            if ContentType.Comment == content.type:
+                related_active_content = content.parent
             else:
-                new_item = item
+                related_active_content = content
 
+            if not before_datetime:
+                before_datetime = datetime.datetime.now()
             # INFO - D.A. - 2015-05-20
             # We do not want to show only one item if the last 10 items are
             # comments about one thread for example
-            if new_item not in result:
-                result.append(new_item)
-
-            if len(result) >= limit:
+            if related_active_content not in active_contents and related_active_content not in too_recent_content:  # nopep8
+                # we verify that content is old enough
+                if content.updated < before_datetime:
+                    active_contents.append(related_active_content)
+                else:
+                    too_recent_content.append(related_active_content)
+
+            if limit and len(active_contents) >= limit:
                 break
 
-        return result
+        return active_contents
+
+    # TODO - G.M - 2018-07-19 - Find a way to update this method to something
+    # usable and efficient for tracim v2 to get content with read/unread status
+    # instead of relying on has_new_information_for()
+    # def get_last_unread(self, parent_id: typing.Optional[int], content_type: str,
+    #                     workspace: Workspace=None, limit=10) -> typing.List[Content]:
+    #     assert parent_id is None or isinstance(parent_id, int) # DYN_REMOVE
+    #     assert content_type is not None# DYN_REMOVE
+    #     assert isinstance(content_type, str) # DYN_REMOVE
+    #
+    #     read_revision_ids = self._session.query(RevisionReadStatus.revision_id) \
+    #         .filter(RevisionReadStatus.user_id==self._user_id)
+    #
+    #     not_read_revisions = self._revisions_base_query(workspace) \
+    #         .filter(~ContentRevisionRO.revision_id.in_(read_revision_ids)) \
+    #         .filter(ContentRevisionRO.workspace_id == Workspace.workspace_id) \
+    #         .filter(Workspace.is_deleted.is_(False)) \
+    #         .subquery()
+    #
+    #     not_read_content_ids_query = self._session.query(
+    #         distinct(not_read_revisions.c.content_id)
+    #     )
+    #     not_read_content_ids = list(map(
+    #         itemgetter(0),
+    #         not_read_content_ids_query,
+    #     ))
+    #
+    #     not_read_contents = self._base_query(workspace) \
+    #         .filter(Content.content_id.in_(not_read_content_ids)) \
+    #         .order_by(desc(Content.updated))
+    #
+    #     if content_type != ContentType.Any:
+    #         not_read_contents = not_read_contents.filter(
+    #             Content.type==content_type)
+    #     else:
+    #         not_read_contents = not_read_contents.filter(
+    #             Content.type!=ContentType.Folder)
+    #
+    #     if parent_id:
+    #         not_read_contents = not_read_contents.filter(
+    #             Content.parent_id==parent_id)
+    #
+    #     result = []
+    #     for item in not_read_contents:
+    #         new_item = None
+    #         if ContentType.Comment == item.type:
+    #             new_item = item.parent
+    #         else:
+    #             new_item = item
+    #
+    #         # INFO - D.A. - 2015-05-20
+    #         # We do not want to show only one item if the last 10 items are
+    #         # comments about one thread for example
+    #         if new_item not in result:
+    #             result.append(new_item)
+    #
+    #         if len(result) >= limit:
+    #             break
+    #
+    #     return result
 
     def set_allowed_content(self, folder: Content, allowed_content_dict:dict):
         """
         self.save(item, do_notify=False)
 
         for child in item.children:
-            with new_revision(child):
+            with new_revision(
+                session=self._session,
+                tm=transaction.manager,
+                content=child
+            ):
                 self.move_recursively(child, item, new_workspace)
         return
 
                        do_flush: bool=True,
                        recursive: bool=True
                        ):
-
-        itemset = self.get_last_unread(None, ContentType.Any)
-
-        for item in itemset:
-            self.mark_read(item, read_datetime, do_flush, recursive)
+        return self.mark_read__workspace(None, read_datetime, do_flush, recursive) # nopep8
 
     def mark_read__workspace(self,
                        workspace : Workspace,
                        do_flush: bool=True,
                        recursive: bool=True
                        ):
-
-        itemset = self.get_last_unread(None, ContentType.Any, workspace)
-
+        itemset = self.get_last_active(workspace)
         for item in itemset:
-            self.mark_read(item, read_datetime, do_flush, recursive)
+            if item.has_new_information_for(self._user):
+                self.mark_read(item, read_datetime, do_flush, recursive)
 
     def mark_read(self, content: Content,
                   read_datetime: datetime=None,
             .filter(ContentRevisionRO.content_id==content.content_id).all()
 
         for revision in revisions:
-            del revision.read_by[self._user]
+            try:
+                del revision.read_by[self._user]
+            except KeyError:
+                pass
 
         for child in content.get_valid_children():
             self.mark_unread(child, do_flush=False)
 
         return ContentType.sorted(content_types)
 
+    # TODO - G.M - 2018-07-24 - [Cleanup] Is this method already needed ?
     def exclude_unavailable(
         self,
         contents: typing.List[Content],
                 contents.remove(content)
         return contents
 
+    # TODO - G.M - 2018-07-24 - [Cleanup] Is this method already needed ?
     def content_under_deleted(self, content: Content) -> bool:
         if content.parent:
             if content.parent.is_deleted:
                 return self.content_under_deleted(content.parent)
         return False
 
+    # TODO - G.M - 2018-07-24 - [Cleanup] Is this method already needed ?
     def content_under_archived(self, content: Content) -> bool:
         if content.parent:
             if content.parent.is_archived:
                 return self.content_under_archived(content.parent)
         return False
 
+    # TODO - G.M - 2018-07-24 - [Cleanup] Is this method already needed ?
     def find_one_by_unique_property(
             self,
             property_name: str,
         )
         return query.one()
 
+    # TODO - G.M - 2018-07-24 - [Cleanup] Is this method already needed ?
     def generate_folder_label(
             self,
             workspace: Workspace,

tracim/lib/core/user.py

 from tracim import CFG
 from tracim.models.auth import User
 from tracim.models.auth import Group
-from tracim.exceptions import WrongUserPassword
 from tracim.exceptions import NoUserSetted
 from tracim.exceptions import PasswordDoNotMatch
+from tracim.exceptions import EmailValidationFailed
 from tracim.exceptions import UserDoesNotExist
+from tracim.exceptions import WrongUserPassword
 from tracim.exceptions import AuthenticationFailed
 from tracim.exceptions import NotificationNotSend
 from tracim.exceptions import UserNotActive
 from tracim.models.context_models import UserInContext
 from tracim.lib.mail_notifier.notifier import get_email_manager
+from tracim.models.context_models import TypeUser
 
 
 class UserApi(object):
             raise UserDoesNotExist('User "{}" not found in database'.format(email)) from exc  # nopep8
         return user
 
+    def get_one_by_public_name(self, public_name: str) -> User:
+        """
+        Get one user by public_name
+        """
+        try:
+            user = self._base_query().filter(User.display_name == public_name).one()
+        except NoResultFound as exc:
+            raise UserDoesNotExist('User "{}" not found in database'.format(public_name)) from exc  # nopep8
+        return user
     # FIXME - G.M - 24-04-2018 - Duplicate method with get_one.
+
     def get_one_by_id(self, id: int) -> User:
         return self.get_one(user_id=id)
 
     def get_all(self) -> typing.Iterable[User]:
         return self._session.query(User).order_by(User.display_name).all()
 
+    def find(
+            self,
+            user_id: int=None,
+            email: str=None,
+            public_name: str=None
+    ) -> typing.Tuple[TypeUser, User]:
+        """
+        Find existing user from all theses params.
+        Check is made in this order: user_id, email, public_name
+        If no user found raise UserDoesNotExist exception
+        """
+        user = None
+
+        if user_id:
+            try:
+                user = self.get_one(user_id)
+                return TypeUser.USER_ID, user
+            except UserDoesNotExist:
+                pass
+        if email:
+            try:
+                user = self.get_one_by_email(email)
+                return TypeUser.EMAIL, user
+            except UserDoesNotExist:
+                pass
+        if public_name:
+            try:
+                user = self.get_one_by_public_name(public_name)
+                return TypeUser.PUBLIC_NAME, user
+            except UserDoesNotExist:
+                pass
+
+        raise UserDoesNotExist('User not found with any of given params.')
+
     # Check methods
 
     def user_with_email_exists(self, email: str) -> bool:
         )
         return user
 
+    def _check_email(self, email: str) -> bool:
+        # TODO - G.M - 2018-07-05 - find a better way to check email
+        if not email:
+            return False
+        email = email.split('@')
+        if len(email) != 2:
+            return False
+        return True
+
     def update(
             self,
             user: User,
             user.display_name = name
 
         if email is not None:
+            email_exist = self._check_email(email)
+            if not email_exist:
+                raise EmailValidationFailed('Email given form {} is uncorrect'.format(email))  # nopep8
             user.email = email
 
         if password is not None:
         """Previous create_user method"""
         user = User()
 
+        email_exist = self._check_email(email)
+        if not email_exist:
+            raise EmailValidationFailed('Email given form {} is uncorrect'.format(email))  # nopep8
         user.email = email
+        user.display_name = email.split('@')[0]
 
         for group in groups:
             user.groups.append(group)

tracim/lib/core/userworkspace.py

 
 from tracim import CFG
 from tracim.models.context_models import UserRoleWorkspaceInContext
+from tracim.models.roles import WorkspaceRoles
 
 __author__ = 'damien'
 
 from tracim.models.auth import User
 from tracim.models.data import Workspace
 from tracim.models.data import UserRoleInWorkspace
-from tracim.models.data import RoleType
 
 
 class RoleApi(object):
 
-    ALL_ROLE_VALUES = UserRoleInWorkspace.get_all_role_values()
+    # TODO - G.M - 29-06-2018 - [Cleanup] Drop this
+    # ALL_ROLE_VALUES = UserRoleInWorkspace.get_all_role_values()
     # Dict containing readable members roles for given role
-    members_read_rights = {
-        UserRoleInWorkspace.NOT_APPLICABLE: [],
-        UserRoleInWorkspace.READER: [
-            UserRoleInWorkspace.WORKSPACE_MANAGER,
-        ],
-        UserRoleInWorkspace.CONTRIBUTOR: [
-            UserRoleInWorkspace.WORKSPACE_MANAGER,
-            UserRoleInWorkspace.CONTENT_MANAGER,
-            UserRoleInWorkspace.CONTRIBUTOR,
-        ],
-        UserRoleInWorkspace.CONTENT_MANAGER: [
-            UserRoleInWorkspace.WORKSPACE_MANAGER,
-            UserRoleInWorkspace.CONTENT_MANAGER,
-            UserRoleInWorkspace.CONTRIBUTOR,
-            UserRoleInWorkspace.READER,
-        ],
-        UserRoleInWorkspace.WORKSPACE_MANAGER: [
-            UserRoleInWorkspace.WORKSPACE_MANAGER,
-            UserRoleInWorkspace.CONTENT_MANAGER,
-            UserRoleInWorkspace.CONTRIBUTOR,
-            UserRoleInWorkspace.READER,
-        ],
-    }
+    # members_read_rights = {
+    #     UserRoleInWorkspace.NOT_APPLICABLE: [],
+    #     UserRoleInWorkspace.READER: [
+    #         UserRoleInWorkspace.WORKSPACE_MANAGER,
+    #     ],
+    #     UserRoleInWorkspace.CONTRIBUTOR: [
+    #         UserRoleInWorkspace.WORKSPACE_MANAGER,
+    #         UserRoleInWorkspace.CONTENT_MANAGER,
+    #         UserRoleInWorkspace.CONTRIBUTOR,
+    #     ],
+    #     UserRoleInWorkspace.CONTENT_MANAGER: [
+    #         UserRoleInWorkspace.WORKSPACE_MANAGER,
+    #         UserRoleInWorkspace.CONTENT_MANAGER,
+    #         UserRoleInWorkspace.CONTRIBUTOR,
+    #         UserRoleInWorkspace.READER,
+    #     ],
+    #     UserRoleInWorkspace.WORKSPACE_MANAGER: [
+    #         UserRoleInWorkspace.WORKSPACE_MANAGER,
+    #         UserRoleInWorkspace.CONTENT_MANAGER,
+    #         UserRoleInWorkspace.CONTRIBUTOR,
+    #         UserRoleInWorkspace.READER,
+    #     ],
+    # }
+
+    # TODO - G.M - 29-06-2018 - [Cleanup] Drop this
+    # @classmethod
+    # def role_can_read_member_role(cls, reader_role: int, tested_role: int) \
+    #         -> bool:
+    #     """
+    #     :param reader_role: role as viewer
+    #     :param tested_role: role as viwed
+    #     :return: True if given role can view member role in workspace.
+    #     """
+    #     if reader_role in cls.members_read_rights:
+    #         return tested_role in cls.members_read_rights[reader_role]
+    #     return False
 
     def get_user_role_workspace_with_context(
             self,
-            user_role: UserRoleInWorkspace
+            user_role: UserRoleInWorkspace,
+            newly_created:bool = None,
+            email_sent: bool = None,
     ) -> UserRoleWorkspaceInContext:
         """
         Return WorkspaceInContext object from Workspace
             user_role=user_role,
             dbsession=self._session,
             config=self._config,
+            newly_created=newly_created,
+            email_sent=email_sent,
         )
         return workspace
 
-    @classmethod
-    def role_can_read_member_role(cls, reader_role: int, tested_role: int) \
-            -> bool:
-        """
-        :param reader_role: role as viewer
-        :param tested_role: role as viwed
-        :return: True if given role can view member role in workspace.
-        """
-        if reader_role in cls.members_read_rights:
-            return tested_role in cls.members_read_rights[reader_role]
-        return False
-
-    @classmethod
-    def create_role(cls) -> UserRoleInWorkspace:
-        role = UserRoleInWorkspace()
-
-        return role
-
     def __init__(
         self,
         session: Session,
     def get_one(self, user_id: int, workspace_id: int) -> UserRoleInWorkspace:
         return self._get_one_rsc(user_id, workspace_id).one()
 
+    def update_role(
+        self,
+        role: UserRoleInWorkspace,
+        role_level: int,
+        with_notif: typing.Optional[bool] = None,
+        save_now: bool=False,
+    ):
+        """
+        Update role of user in this workspace
+        :param role: UserRoleInWorkspace object
+        :param role_level: level of new role wanted
+        :param with_notif: is user notification enabled in this workspace ?
+        :param save_now: database flush
+        :return: updated role
+        """
+        role.role = role_level
+        if with_notif is not None:
+            role.do_notify == with_notif
+        if save_now:
+            self.save(role)
+
+        return role
+
     def create_one(
         self,
         user: User,
         with_notif: bool,
         flush: bool=True
     ) -> UserRoleInWorkspace:
-        role = self.create_role()
+        role = UserRoleInWorkspace()
         role.user_id = user.user_id
         role.workspace = workspace
         role.role = role_level
         if flush:
             self._session.flush()
 
-    def _get_all_for_user(self, user_id) -> typing.List[UserRoleInWorkspace]:
-        return self._session.query(UserRoleInWorkspace)\
-            .filter(UserRoleInWorkspace.user_id == user_id)
-
-    def get_all_for_user(self, user: User) -> typing.List[UserRoleInWorkspace]:
-        return self._get_all_for_user(user.user_id).all()
-
-    def get_all_for_user_order_by_workspace(
-        self,
-        user_id: int
-    ) -> typing.List[UserRoleInWorkspace]:
-        return self._get_all_for_user(user_id)\
-            .join(UserRoleInWorkspace.workspace).order_by(Workspace.label).all()
-
     def get_all_for_workspace(
         self,
         workspace:Workspace
     def save(self, role: UserRoleInWorkspace) -> None:
         self._session.flush()
 
-    # TODO - G.M - 07-06-2018 - [Cleanup] Check if this method is already needed
-    @classmethod
-    def get_roles_for_select_field(cls) -> typing.List[RoleType]:
-        """
-
-        :return: list of DictLikeClass instances representing available Roles
-        (to be used in select fields)
-        """
-        result = list()
 
-        for role_id in UserRoleInWorkspace.get_all_role_values():
-            role = RoleType(role_id)
-            result.append(role)
+    # TODO - G.M - 29-06-2018 - [Cleanup] Drop this
+    # @classmethod
+    # def role_can_read_member_role(cls, reader_role: int, tested_role: int) \
+    #         -> bool:
+    #     """
+    #     :param reader_role: role as viewer
+    #     :param tested_role: role as viwed
+    #     :return: True if given role can view member role in workspace.
+    #     """
+    #     if reader_role in cls.members_read_rights:
+    #         return tested_role in cls.members_read_rights[reader_role]
+    #     return False
+    # def _get_all_for_user(self, user_id) -> typing.List[UserRoleInWorkspace]:
+    #     return self._session.query(UserRoleInWorkspace)\
+    #         .filter(UserRoleInWorkspace.user_id == user_id)
+    #
+    # def get_all_for_user(self, user: User) -> typing.List[UserRoleInWorkspace]:
+    #     return self._get_all_for_user(user.user_id).all()
+    #
+    # def get_all_for_user_order_by_workspace(
+    #     self,
+    #     user_id: int
+    # ) -> typing.List[UserRoleInWorkspace]:
+    #     return self._get_all_for_user(user_id)\
+    #         .join(UserRoleInWorkspace.workspace).order_by(Workspace.label).all()
 
-        return result
+    # TODO - G.M - 07-06-2018 - [Cleanup] Check if this method is already needed
+    # @classmethod
+    # def get_roles_for_select_field(cls) -> typing.List[RoleType]:
+    #     """
+    #
+    #     :return: list of DictLikeClass instances representing available Roles
+    #     (to be used in select fields)
+    #     """
+    #     result = list()
+    #
+    #     for role_id in UserRoleInWorkspace.get_all_role_values():
+    #         role = RoleType(role_id)
+    #         result.append(role)
+    #
+    #     return result

tracim/lib/core/workspace.py

 from sqlalchemy.orm import Session
 
 from tracim import CFG
+from tracim.exceptions import EmptyLabelNotAllowed
 from tracim.lib.utils.translation import fake_translator as _
 
 from tracim.lib.core.userworkspace import RoleApi
             save_now: bool=False,
     ) -> Workspace:
         if not label:
-            label = self.generate_label()
+            raise EmptyLabelNotAllowed('Workspace label cannot be empty')
 
         workspace = Workspace()
         workspace.label = label
 
         return workspace
 
+    def update_workspace(
+            self,
+            workspace: Workspace,
+            label: str,
+            description: str,
+            save_now: bool=False,
+    ) -> Workspace:
+        """
+        Update workspace
+        :param workspace: workspace to update
+        :param label: new label of workspace
+        :param description: new description
+        :param save_now: database flush
+        :return: updated workspace
+        """
+        if not label:
+            raise EmptyLabelNotAllowed('Workspace label cannot be empty')
+        workspace.label = label
+        workspace.description = description
+
+        if save_now:
+            self.save(workspace)
+
+        return workspace
+
     def get_one(self, id):
         return self._base_query().filter(Workspace.workspace_id == id).one()
 

tracim/models/contents.py

                 return
         raise ContentTypeNotExist()
 
+    def get_slug_aliases(self) -> typing.List[str]:
+        """
+        Get all slug aliases of a content,
+        useful for legacy code convertion
+        """
+        # TODO - G.M - 2018-07-05 - Remove this legacy compat code
+        # when possible.
+        page_alias = [self.Page, self.PageLegacy]
+        if self.slug in page_alias:
+            return page_alias
+        else:
+            return [self.slug]
+
     @classmethod
     def all(cls) -> typing.List[str]:
         return cls.allowed_types()
         return contents_types
 
     @classmethod
+    def allowed_type_values(cls) -> typing.List[str]:
+        """
+        All content type slug + special values like any
+        """
+        content_types = cls.allowed_types()
+        content_types.append(ContentTypeLegacy.Any)
+        return content_types
+
+    @classmethod
     def allowed_types_for_folding(cls):
         # This method is used for showing only "main"
         # types in the left-side treeview

tracim/models/context_models.py

 # coding=utf-8
 import typing
 from datetime import datetime
+from enum import Enum
 
 from slugify import slugify
 from sqlalchemy.orm import Session
 from tracim import CFG
+from tracim.config import PreviewDim
 from tracim.models import User
 from tracim.models.auth import Profile
 from tracim.models.data import Content
 from tracim.models.data import ContentRevisionRO
-from tracim.models.data import Workspace, UserRoleInWorkspace
+from tracim.models.data import Workspace
+from tracim.models.data import UserRoleInWorkspace
+from tracim.models.roles import WorkspaceRoles
 from tracim.models.workspace_menu_entries import default_workspace_menu_entry
 from tracim.models.workspace_menu_entries import WorkspaceMenuEntry
 from tracim.models.contents import ContentTypeLegacy as ContentType
 
 
+class PreviewAllowedDim(object):
+
+    def __init__(
+            self,
+            restricted:bool,
+            dimensions: typing.List[PreviewDim]
+    ) -> None:
+        self.restricted = restricted
+        self.dimensions = dimensions
+
+
 class MoveParams(object):
     """
     Json body params for move action model
         self.workspace_id = workspace_id
 
 
+class WorkspaceAndContentRevisionPath(object):
+    """
+    Paths params with workspace id and content_id model
+    """
+    def __init__(self, workspace_id: int, content_id: int, revision_id) -> None:
+        self.content_id = content_id
+        self.revision_id = revision_id
+        self.workspace_id = workspace_id
+
+
+class ContentPreviewSizedPath(object):
+    """
+    Paths params with workspace id and content_id, width, heigth
+    """
+    def __init__(self, workspace_id: int, content_id: int, width: int, height: int) -> None:  # nopep8
+        self.content_id = content_id
+        self.workspace_id = workspace_id
+        self.width = width
+        self.height = height
+
+
+class RevisionPreviewSizedPath(object):
+    """
+    Paths params with workspace id and content_id, revision_id width, heigth
+    """
+    def __init__(self, workspace_id: int, content_id: int, revision_id: int, width: int, height: int) -> None:  # nopep8
+        self.content_id = content_id
+        self.revision_id = revision_id
+        self.workspace_id = workspace_id
+        self.width = width
+        self.height = height
+
+
+class WorkspaceAndUserPath(object):
+    """
+    Paths params with workspace id and user_id
+    """
+    def __init__(self, workspace_id: int, user_id: int):
+        self.workspace_id = workspace_id
+        self.user_id = workspace_id
+
+
+class UserWorkspaceAndContentPath(object):
+    """
+    Paths params with user_id, workspace id and content_id model
+    """
+    def __init__(self, user_id: int, workspace_id: int, content_id: int) -> None:  # nopep8
+        self.content_id = content_id
+        self.workspace_id = workspace_id
+        self.user_id = user_id
+
+
 class CommentPath(object):
     """
     Paths params with workspace id and content_id and comment_id model
         self.comment_id = comment_id
 
 
+class PageQuery(object):
+    """
+    Page query model
+    """
+    def __init__(
+            self,
+            page: int = 0
+    ):
+        self.page = page
+
+
 class ContentFilter(object):
     """
     Content filter model
     """
     def __init__(
             self,
+            workspace_id: int = None,
             parent_id: int = None,
             show_archived: int = 0,
             show_deleted: int = 0,
             show_active: int = 1,
+            content_type: str = None,
+            offset: int = None,
+            limit: int = None,
     ) -> None:
         self.parent_id = parent_id
+        self.workspace_id = workspace_id
         self.show_archived = bool(show_archived)
         self.show_deleted = bool(show_deleted)
         self.show_active = bool(show_active)
+        self.limit = limit
+        self.offset = offset
+        self.content_type = content_type
+
+
+class ActiveContentFilter(object):
+    def __init__(
+            self,
+            limit: int = None,
+            before_datetime: datetime = None,
+    ):
+        self.limit = limit
+        self.before_datetime = before_datetime
+
+
+class ContentIdsQuery(object):
+    def __init__(
+            self,
+            contents_ids: typing.List[int] = None,
+    ):
+        self.contents_ids = contents_ids
+
+
+class RoleUpdate(object):
+    """
+    Update role
+    """
+    def __init__(
+        self,
+        role: str,
+    ):
+        self.role = role
+
+
+class WorkspaceMemberInvitation(object):
+    """
+    Workspace Member Invitation
+    """
+    def __init__(
+        self,
+        user_id: int,
+        user_email_or_public_name: str,
+        role: str,
+    ):
+        self.role = role
+        self.user_email_or_public_name = user_email_or_public_name
+        self.user_id = user_id
+
+
+class WorkspaceUpdate(object):
+    """
+    Update workspace
+    """
+    def __init__(
+        self,
+        label: str,
+        description: str,
+    ):
+        self.label = label
+        self.description = description
 
 
 class ContentCreation(object):
         self.raw_content = raw_content
 
 
+class TypeUser(Enum):
+    """Params used to find user"""
+    USER_ID = 'found_id'
+    EMAIL = 'found_email'
+    PUBLIC_NAME = 'found_public_name'
+
+
 class UserInContext(object):
     """
     Interface to get User data and User data related to context.
             user_role: UserRoleInWorkspace,
             dbsession: Session,
             config: CFG,
+            # Extended params
+            newly_created: bool = None,
+            email_sent: bool = None
     )-> None:
         self.user_role = user_role
         self.dbsession = dbsession
         self.config = config
+        # Extended params
+        self.newly_created = newly_created
+        self.email_sent = email_sent
 
     @property
     def user_id(self) -> int:
         'contributor', 'content-manager', 'workspace-manager'
         :return: user workspace role as slug.
         """
-        return UserRoleInWorkspace.SLUG[self.user_role.role]
+        return WorkspaceRoles.get_role_from_level(self.user_role.role).slug
+
+    @property
+    def is_active(self) -> bool:
+        return self.user.is_active
 
     @property
     def user(self) -> UserInContext:
     Interface to get Content data and Content data related to context.
     """
 
-    def __init__(self, content: Content, dbsession: Session, config: CFG):
+    def __init__(self, content: Content, dbsession: Session, config: CFG, user: User=None):  # nopep8
         self.content = content
         self.dbsession = dbsession
         self.config = config
+        self._user = user
 
     # Default
     @property
     def slug(self):
         return slugify(self.content.label)
 
+    @property
+    def read_by_user(self):
+        assert self._user
+        return not self.content.has_new_information_for(self._user)
+
 
 class RevisionInContext(object):
     """
         return self.revision.label
 
     @property
+    def revision_type(self) -> str:
+        return self.revision.revision_type
+
+    @property
     def content_type(self) -> str:
         content_type = ContentType(self.revision.type)
         if content_type:

tracim/models/data.py

 from tracim.exceptions import ContentRevisionUpdateError
 from tracim.models.meta import DeclarativeBase
 from tracim.models.auth import User
+from tracim.models.roles import WorkspaceRoles
 
 DEFAULT_PROPERTIES = dict(
     allowed_content=dict(
     workspace = relationship('Workspace', remote_side=[Workspace.workspace_id], backref='roles', lazy='joined')
     user = relationship('User', remote_side=[User.user_id], backref='roles')
 
-    NOT_APPLICABLE = 0
-    READER = 1
-    CONTRIBUTOR = 2
-    CONTENT_MANAGER = 4
-    WORKSPACE_MANAGER = 8
-
-    SLUG = {
-        NOT_APPLICABLE: 'not-applicable',
-        READER: 'reader',
-        CONTRIBUTOR: 'contributor',
-        CONTENT_MANAGER: 'content-manager',
-        WORKSPACE_MANAGER: 'workspace-manager',
-    }
+    NOT_APPLICABLE = WorkspaceRoles.NOT_APPLICABLE.level
+    READER = WorkspaceRoles.READER.level
+    CONTRIBUTOR = WorkspaceRoles.CONTRIBUTOR.level
+    CONTENT_MANAGER = WorkspaceRoles.CONTENT_MANAGER.level
+    WORKSPACE_MANAGER = WorkspaceRoles.WORKSPACE_MANAGER.level
 
-    LABEL = dict()
-    LABEL[0] = l_('N/A')
-    LABEL[1] = l_('Reader')
-    LABEL[2] = l_('Contributor')
-    LABEL[4] = l_('Content Manager')
-    LABEL[8] = l_('Workspace Manager')
+    # TODO - G.M - 10-04-2018 - [Cleanup] Drop this
+    # SLUG = {
+    #     NOT_APPLICABLE: 'not-applicable',
+    #     READER: 'reader',
+    #     CONTRIBUTOR: 'contributor',
+    #     CONTENT_MANAGER: 'content-manager',
+    #     WORKSPACE_MANAGER: 'workspace-manager',
+    # }
+
+    # LABEL = dict()
+    # LABEL[0] = l_('N/A')
+    # LABEL[1] = l_('Reader')
+    # LABEL[2] = l_('Contributor')
+    # LABEL[4] = l_('Content Manager')
+    # LABEL[8] = l_('Workspace Manager')
     # TODO - G.M - 10-04-2018 - [Cleanup] Drop this
     #
     # STYLE = dict()
     #     return UserRoleInWorkspace.STYLE[self.role]
     #
 
+    def role_object(self):
+        return WorkspaceRoles.get_role_from_level(level=self.role)
+
     def role_as_label(self):
-        return UserRoleInWorkspace.LABEL[self.role]
+        return self.role_object().label
 
     @classmethod
     def get_all_role_values(cls) -> typing.List[int]:
         """
         Return all valid role value
         """
-        return [
-            UserRoleInWorkspace.READER,
-            UserRoleInWorkspace.CONTRIBUTOR,
-            UserRoleInWorkspace.CONTENT_MANAGER,
-            UserRoleInWorkspace.WORKSPACE_MANAGER
-        ]
+        return [role.level for role in WorkspaceRoles.get_all_valid_role()]
 
     @classmethod
     def get_all_role_slug(cls) -> typing.List[str]:
         # INFO - G.M - 25-05-2018 - Be carefull, as long as this method
         # and get_all_role_values are both used for API, this method should
         # return item in the same order as get_all_role_values
-        return [cls.SLUG[value] for value in cls.get_all_role_values()]
+        return [role.slug for role in WorkspaceRoles.get_all_valid_role()]
 
-
-class RoleType(object):
-    def __init__(self, role_id):
-        self.role_type_id = role_id
-        # TODO - G.M - 10-04-2018 - [Cleanup] Drop this
+# TODO - G.M - 10-04-2018 - [Cleanup] Drop this
+# class RoleType(object):
+#     def __init__(self, role_id):
+#         self.role_type_id = role_id
         # self.fa_icon = UserRoleInWorkspace.ICON[role_id]
         # self.role_label = UserRoleInWorkspace.LABEL[role_id]
         # self.css_style = UserRoleInWorkspace.STYLE[role_id]
     def get_last_action(self) -> ActionDescription:
         return ActionDescription(self.revision_type)
 
+    def get_simple_last_activity_date(self) -> datetime_root.datetime:
+        """
+        Get last activity_date, comments_included. Do not search recursively
+        in revision or children.
+        :return:
+        """
+        last_revision_date = self.updated
+        for comment in self.get_comments():
+            if comment.updated > last_revision_date:
+                last_revision_date = comment.updated
+        return last_revision_date
+
     def get_last_activity_date(self) -> datetime_root.datetime:
+        """
+        Get last activity date with complete recursive search
+        :return:
+        """
         last_revision_date = self.updated
         for revision in self.revisions:
             if revision.updated > last_revision_date:

tracim/models/roles.py

+import typing
+from enum import Enum
+
+from tracim.exceptions import RoleDoesNotExist
+
+
+class WorkspaceRoles(Enum):
+    """
+    Available role for workspace.
+    All roles should have a unique level and unique slug.
+    level is role value store in database and is also use for
+    permission check.
+    slug is for http endpoints and other place where readability is
+    needed.
+    """
+    NOT_APPLICABLE = (0, 'not-applicable')
+    READER = (1, 'reader')
+    CONTRIBUTOR = (2, 'contributor')
+    CONTENT_MANAGER = (4, 'content-manager')
+    WORKSPACE_MANAGER = (8, 'workspace-manager')
+
+    def __init__(self, level, slug):
+        self.level = level
+        self.slug = slug
+    
+    @property
+    def label(self):
+        """ Return valid label associated to role"""
+        # TODO - G.M - 2018-06-180 - Make this work correctly
+        return self.slug
+
+    @classmethod
+    def get_all_valid_role(cls) -> typing.List['WorkspaceRoles']:
+        """
+        Return all valid role value
+        """
+        return [item for item in list(WorkspaceRoles) if item.level > 0]
+
+    @classmethod
+    def get_role_from_level(cls, level: int) -> 'WorkspaceRoles':
+        """
+        Obtain Workspace role from a level value
+        :param level: level value as int
+        :return: correct workspace role related
+        """
+        roles = [item for item in list(WorkspaceRoles) if item.level == level]
+        if len(roles) != 1:
+            raise RoleDoesNotExist()
+        return roles[0]
+
+    @classmethod
+    def get_role_from_slug(cls, slug: str) -> 'WorkspaceRoles':
+        """
+        Obtain Workspace role from a slug value
+        :param slug: slug value as str
+        :return: correct workspace role related
+        """
+        roles = [item for item in list(WorkspaceRoles) if item.slug == slug]
+        if len(roles) != 1:
+            raise RoleDoesNotExist()
+        return roles[0]

tracim/tests/__init__.py

 from tracim.extensions import hapic
 from tracim import web
 from webtest import TestApp
+from io import BytesIO
+from PIL import Image
 
 
 def eq_(a, b, msg=None):
     assert content_query.count() > 0
 
 
+def create_1000px_png_test_image():
+    file = BytesIO()
+    image = Image.new('RGBA', size=(1000, 1000), color=(0, 0, 0))
+    image.save(file, 'png')
+    file.name = 'test_image.png'
+    file.seek(0)
+    return file
+
+
 class FunctionalTest(unittest.TestCase):
 
     fixtures = [BaseFixture]
             'depot_storage_dir': '/tmp/test/depot',
             'depot_storage_name': 'test',
             'preview_cache_dir': '/tmp/test/preview_cache',
-
+            'preview.jpg.restricted_dims': True,
+            'email.notification.activated': 'false',
         }
         hapic.reset_context()
         self.engine = get_engine(self.settings)

tracim/tests/functional/test_user.py

 """
 Tests for /api/v2/users subpath endpoints.
 """
+from time import sleep
+import pytest
 import transaction
 
 from tracim import models
-from tracim.lib.core.group import GroupApi
+from tracim.lib.core.content import ContentApi
 from tracim.lib.core.user import UserApi
+from tracim.lib.core.group import GroupApi
+from tracim.lib.core.workspace import WorkspaceApi
 from tracim.models import get_tm_session
+from tracim.models.contents import ContentTypeLegacy as ContentType
+from tracim.models.revision_protection import new_revision
 from tracim.tests import FunctionalTest
 from tracim.fixtures.content import Content as ContentFixtures
 from tracim.fixtures.users_and_groups import Base as BaseFixture
 
 
+class TestUserRecentlyActiveContentEndpoint(FunctionalTest):
+    """
+    Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active # nopep8
+    """
+    fixtures = [BaseFixture]
+
+    def test_api__get_recently_active_content__ok__200__nominal_case(self):
+
+        # init DB
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config
+
+        )
+        workspace = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace',
+            save_now=True
+        )
+        workspace2 = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace2',
+            save_now=True
+        )
+
+        api = ContentApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True)  # nopep8
+        main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True)  # nopep8
+        # creation order test
+        firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True)  # nopep8
+        secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8
+        # update order test
+        firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True)  # nopep8
+        secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True)  # nopep8
+        with new_revision(
+            session=dbsession,
+            tm=transaction.manager,
+            content=firstly_created_but_recently_updated,
+        ):
+            firstly_created_but_recently_updated.description = 'Just an update'
+        api.save(firstly_created_but_recently_updated)
+        # comment change order
+        firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8
+        secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8
+        comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8
+        content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True)  # nopep8
+        dbsession.flush()
+        transaction.commit()
+
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), status=200) # nopep8
+        res = res.json_body
+        assert len(res) == 7
+        for elem in res:
+            assert isinstance(elem['content_id'], int)
+            assert isinstance(elem['content_type'], str)
+            assert elem['content_type'] != 'comments'
+            assert isinstance(elem['is_archived'], bool)
+            assert isinstance(elem['is_deleted'], bool)
+            assert isinstance(elem['label'], str)
+            assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
+            assert isinstance(elem['show_in_ui'], bool)
+            assert isinstance(elem['slug'], str)
+            assert isinstance(elem['status'], str)
+            assert isinstance(elem['sub_content_types'], list)
+            for sub_content_type in elem['sub_content_types']:
+                assert isinstance(sub_content_type, str)
+            assert isinstance(elem['workspace_id'], int)
+        # comment is newest than page2
+        assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
+        assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
+        # last updated content is newer than other one despite creation
+        # of the other is more recent
+        assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
+        assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
+        # creation order is inverted here as last created is last active
+        assert res[4]['content_id'] == secondly_created.content_id
+        assert res[5]['content_id'] == firstly_created.content_id
+        # folder subcontent modification does not change folder order
+        assert res[6]['content_id'] == main_folder.content_id
+
+    @pytest.mark.skip('Test should be fixed')
+    def test_api__get_recently_active_content__ok__200__limit_2_multiple(self):
+        # TODO - G.M - 2018-07-20 - Better fix for this test, do not use sleep()
+        # anymore to fix datetime lack of precision.
+
+        # init DB
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config
+
+        )
+        workspace = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace',
+            save_now=True
+        )
+        workspace2 = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace2',
+            save_now=True
+        )
+
+        api = ContentApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True)  # nopep8
+        sleep(1)
+        main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True)  # nopep8
+        # creation order test
+        firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True)  # nopep8
+        sleep(1)
+        secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8
+        # update order test
+        firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True)  # nopep8
+        sleep(1)
+        secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True)  # nopep8
+        sleep(1)
+        with new_revision(
+            session=dbsession,
+            tm=transaction.manager,
+            content=firstly_created_but_recently_updated,
+        ):
+            firstly_created_but_recently_updated.description = 'Just an update'
+        api.save(firstly_created_but_recently_updated)
+        # comment change order
+        firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8
+        sleep(1)
+        secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8
+        sleep(1)
+        comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8
+        sleep(1)
+        content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True)  # nopep8
+        dbsession.flush()
+        transaction.commit()
+
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'limit': 2,
+        }
+        res = self.testapp.get(
+            '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id),  # nopep8
+            status=200,
+            params=params
+        ) # nopep8
+        res = res.json_body
+        assert len(res) == 2
+        for elem in res:
+            assert isinstance(elem['content_id'], int)
+            assert isinstance(elem['content_type'], str)
+            assert elem['content_type'] != 'comments'
+            assert isinstance(elem['is_archived'], bool)
+            assert isinstance(elem['is_deleted'], bool)
+            assert isinstance(elem['label'], str)
+            assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
+            assert isinstance(elem['show_in_ui'], bool)
+            assert isinstance(elem['slug'], str)
+            assert isinstance(elem['status'], str)
+            assert isinstance(elem['sub_content_types'], list)
+            for sub_content_type in elem['sub_content_types']:
+                assert isinstance(sub_content_type, str)
+            assert isinstance(elem['workspace_id'], int)
+        # comment is newest than page2
+        assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
+        assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
+
+        params = {
+            'limit': 2,
+            'before_datetime': secondly_created_but_not_commented.get_last_activity_date().strftime('%Y-%m-%dT%H:%M:%SZ'),  # nopep8
+        }
+        res = self.testapp.get(
+            '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id),  # nopep8
+            status=200,
+            params=params
+        )
+        res = res.json_body
+        assert len(res) == 2
+        # last updated content is newer than other one despite creation
+        # of the other is more recent
+        assert res[0]['content_id'] == firstly_created_but_recently_updated.content_id
+        assert res[1]['content_id'] == secondly_created_but_not_updated.content_id
+
+
+class TestUserReadStatusEndpoint(FunctionalTest):
+    """
+    Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status # nopep8
+    """
+    def test_api__get_read_status__ok__200__all(self):
+
+        # init DB
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config
+
+        )
+        workspace = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace',
+            save_now=True
+        )
+        workspace2 = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace2',
+            save_now=True
+        )
+
+        api = ContentApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True)  # nopep8
+        main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True)  # nopep8
+        # creation order test
+        firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True)  # nopep8
+        secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8
+        # update order test
+        firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True)  # nopep8
+        secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True)  # nopep8
+        with new_revision(
+            session=dbsession,
+            tm=transaction.manager,
+            content=firstly_created_but_recently_updated,
+        ):
+            firstly_created_but_recently_updated.description = 'Just an update'
+        api.save(firstly_created_but_recently_updated)
+        # comment change order
+        firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8
+        secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8
+        comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8
+        content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True)  # nopep8
+        dbsession.flush()
+        transaction.commit()
+
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
+        res = res.json_body
+        assert len(res) == 7
+        for elem in res:
+            assert isinstance(elem['content_id'], int)
+            assert isinstance(elem['read_by_user'], bool)
+        # comment is newest than page2
+        assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
+        assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
+        # last updated content is newer than other one despite creation
+        # of the other is more recent
+        assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
+        assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
+        # creation order is inverted here as last created is last active
+        assert res[4]['content_id'] == secondly_created.content_id
+        assert res[5]['content_id'] == firstly_created.content_id
+        # folder subcontent modification does not change folder order
+        assert res[6]['content_id'] == main_folder.content_id
+
+    def test_api__get_read_status__ok__200__nominal_case(self):
+
+        # init DB
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config
+
+        )
+        workspace = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace',
+            save_now=True
+        )
+        workspace2 = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace2',
+            save_now=True
+        )
+
+        api = ContentApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True)  # nopep8
+        main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True)  # nopep8
+        # creation order test
+        firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True)  # nopep8
+        secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8
+        # update order test
+        firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True)  # nopep8
+        secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True)  # nopep8
+        with new_revision(
+            session=dbsession,
+            tm=transaction.manager,
+            content=firstly_created_but_recently_updated,
+        ):
+            firstly_created_but_recently_updated.description = 'Just an update'
+        api.save(firstly_created_but_recently_updated)
+        # comment change order
+        firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8
+        secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8
+        comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8
+        content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True)  # nopep8
+        dbsession.flush()
+        transaction.commit()
+
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        selected_contents_id = [
+            firstly_created_but_recently_commented.content_id,
+            firstly_created_but_recently_updated.content_id,
+            firstly_created.content_id,
+            main_folder.content_id,
+        ]
+        url = '/api/v2/users/1/workspaces/{workspace_id}/contents/read_status?contents_ids={cid1}&contents_ids={cid2}&contents_ids={cid3}&contents_ids={cid4}'.format(  # nopep8
+              workspace_id=workspace.workspace_id,
+              cid1=selected_contents_id[0],
+              cid2=selected_contents_id[1],
+              cid3=selected_contents_id[2],
+              cid4=selected_contents_id[3],
+        )
+        res = self.testapp.get(
+            url=url,
+            status=200,
+        )
+        res = res.json_body
+        assert len(res) == 4
+        for elem in res:
+            assert isinstance(elem['content_id'], int)
+            assert isinstance(elem['read_by_user'], bool)
+        # comment is newest than page2
+        assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
+        # last updated content is newer than other one despite creation
+        # of the other is more recent
+        assert res[1]['content_id'] == firstly_created_but_recently_updated.content_id
+        # creation order is inverted here as last created is last active
+        assert res[2]['content_id'] == firstly_created.content_id
+        # folder subcontent modification does not change folder order
+        assert res[3]['content_id'] == main_folder.content_id
+
+
+class TestUserSetContentAsRead(FunctionalTest):
+    """
+    Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read  # nopep8
+    """
+    def test_api_set_content_as_read__ok__200__nominal_case(self):
+        # init DB
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config
+
+        )
+        workspace = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace',
+            save_now=True
+        )
+        api = ContentApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True)  # nopep8
+        # creation order test
+        firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True)  # nopep8
+        api.mark_unread(firstly_created)
+        dbsession.flush()
+        transaction.commit()
+
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
+        assert res.json_body[0]['content_id'] == firstly_created.content_id
+        assert res.json_body[0]['read_by_user'] is False
+        self.testapp.put(
+            '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format(  # nopep8
+                workspace_id=workspace.workspace_id,
+                content_id=firstly_created.content_id,
+                user_id=admin.user_id,
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200)  # nopep8
+        assert res.json_body[0]['content_id'] == firstly_created.content_id
+        assert res.json_body[0]['read_by_user'] is True
+
+    def test_api_set_content_as_read__ok__200__with_comments(self):
+        # init DB
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config
+
+        )
+        workspace = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace',
+            save_now=True
+        )
+        api = ContentApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True)  # nopep8
+        # creation order test
+        firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True)  # nopep8
+        comments = api.create_comment(workspace, firstly_created, 'juste a super comment', True)  # nopep8
+        api.mark_unread(firstly_created)
+        api.mark_unread(comments)
+        dbsession.flush()
+        transaction.commit()
+
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
+        assert res.json_body[0]['content_id'] == firstly_created.content_id
+        assert res.json_body[0]['read_by_user'] is False
+        self.testapp.put(
+            '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format(  # nopep8
+                workspace_id=workspace.workspace_id,
+                content_id=firstly_created.content_id,
+                user_id=admin.user_id,
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200)  # nopep8
+        assert res.json_body[0]['content_id'] == firstly_created.content_id
+        assert res.json_body[0]['read_by_user'] is True
+
+        # comment is also set as read
+        assert comments.has_new_information_for(admin) is False
+
+
+class TestUserSetContentAsUnread(FunctionalTest):
+    """
+    Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread  # nopep8
+    """
+    def test_api_set_content_as_unread__ok__200__nominal_case(self):
+        # init DB
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config
+
+        )
+        workspace = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace',
+            save_now=True
+        )
+        api = ContentApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True)  # nopep8
+        # creation order test
+        firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True)  # nopep8
+        api.mark_read(firstly_created)
+        dbsession.flush()
+        transaction.commit()
+
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
+        assert res.json_body[0]['content_id'] == firstly_created.content_id
+        assert res.json_body[0]['read_by_user'] is True
+        self.testapp.put(
+            '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format(  # nopep8
+                workspace_id=workspace.workspace_id,
+                content_id=firstly_created.content_id,
+                user_id=admin.user_id,
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200)  # nopep8
+        assert res.json_body[0]['content_id'] == firstly_created.content_id
+        assert res.json_body[0]['read_by_user'] is False
+
+    def test_api_set_content_as_unread__ok__200__with_comments(self):
+        # init DB
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config
+
+        )
+        workspace = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace',
+            save_now=True
+        )
+        api = ContentApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True)  # nopep8
+        # creation order test
+        firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True)  # nopep8
+        comments = api.create_comment(workspace, firstly_created, 'juste a super comment', True)  # nopep8
+        api.mark_read(firstly_created)
+        api.mark_read(comments)
+        dbsession.flush()
+        transaction.commit()
+
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
+        assert res.json_body[0]['content_id'] == firstly_created.content_id
+        assert res.json_body[0]['read_by_user'] is True
+        self.testapp.put(
+            '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format(  # nopep8
+                workspace_id=workspace.workspace_id,
+                content_id=firstly_created.content_id,
+                user_id=admin.user_id,
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200)  # nopep8
+        assert res.json_body[0]['content_id'] == firstly_created.content_id
+        assert res.json_body[0]['read_by_user'] is False
+
+        assert comments.has_new_information_for(admin) is True
+
+
+class TestUserSetWorkspaceAsRead(FunctionalTest):
+    """
+    Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/read
+    """
+    def test_api_set_content_as_read__ok__200__nominal_case(self):
+        # init DB
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config
+
+        )
+        workspace = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace',
+            save_now=True
+        )
+        api = ContentApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True)  # nopep8
+        # creation order test
+        firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True)  # nopep8
+        api.mark_unread(main_folder)
+        api.mark_unread(firstly_created)
+        dbsession.flush()
+        transaction.commit()
+
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
+        assert res.json_body[0]['content_id'] == firstly_created.content_id
+        assert res.json_body[0]['read_by_user'] is False
+        assert res.json_body[1]['content_id'] == main_folder.content_id
+        assert res.json_body[1]['read_by_user'] is False
+        self.testapp.put(
+            '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format(  # nopep8
+                workspace_id=workspace.workspace_id,
+                content_id=firstly_created.content_id,
+                user_id=admin.user_id,
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200)  # nopep8
+        assert res.json_body[0]['content_id'] == firstly_created.content_id
+        assert res.json_body[0]['read_by_user'] is True
+        assert res.json_body[1]['content_id'] == main_folder.content_id
+        assert res.json_body[1]['read_by_user'] is True
+
+
 class TestUserWorkspaceEndpoint(FunctionalTest):
-    # -*- coding: utf-8 -*-
     """
     Tests for /api/v2/users/{user_id}/workspaces
     """

tracim/tests/functional/test_workspaces.py

 """
 Tests for /api/v2/workspaces subpath endpoints.
 """
+
+import transaction
+from depot.io.utils import FileIntent
+
+from tracim import models
+from tracim.lib.core.content import ContentApi
+from tracim.lib.core.workspace import WorkspaceApi
+from tracim.models import get_tm_session
+from tracim.models.data import ContentType
 from tracim.tests import FunctionalTest
 from tracim.tests import set_html_document_slug_to_legacy
 from tracim.fixtures.content import Content as ContentFixtures
         assert sidebar_entry['hexcolor'] == "#757575"
         assert sidebar_entry['fa_icon'] == "calendar"
 
+    def test_api__update_workspace__ok_200__nominal_case(self) -> None:
+        """
+        Test update workspace
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'label': 'superworkspace',
+            'description': 'mysuperdescription'
+        }
+        # Before
+        res = self.testapp.get(
+            '/api/v2/workspaces/1',
+            status=200
+        )
+        assert res.json_body
+        workspace = res.json_body
+        assert workspace['workspace_id'] == 1
+        assert workspace['slug'] == 'business'
+        assert workspace['label'] == 'Business'
+        assert workspace['description'] == 'All importants documents'
+        assert len(workspace['sidebar_entries']) == 7
+
+        # modify workspace
+        res = self.testapp.put_json(
+            '/api/v2/workspaces/1',
+            status=200,
+            params=params,
+        )
+        assert res.json_body
+        workspace = res.json_body
+        assert workspace['workspace_id'] == 1
+        assert workspace['slug'] == 'superworkspace'
+        assert workspace['label'] == 'superworkspace'
+        assert workspace['description'] == 'mysuperdescription'
+        assert len(workspace['sidebar_entries']) == 7
+
+        # after
+        res = self.testapp.get(
+            '/api/v2/workspaces/1',
+            status=200
+        )
+        assert res.json_body
+        workspace = res.json_body
+        assert workspace['workspace_id'] == 1
+        assert workspace['slug'] == 'superworkspace'
+        assert workspace['label'] == 'superworkspace'
+        assert workspace['description'] == 'mysuperdescription'
+        assert len(workspace['sidebar_entries']) == 7
+
+    def test_api__update_workspace__err_400__empty_label(self) -> None:
+        """
+        Test update workspace with empty label
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'label': '',
+            'description': 'mysuperdescription'
+        }
+        res = self.testapp.put_json(
+            '/api/v2/workspaces/1',
+            status=400,
+            params=params,
+        )
+
+    def test_api__create_workspace__ok_200__nominal_case(self) -> None:
+        """
+        Test create workspace
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'label': 'superworkspace',
+            'description': 'mysuperdescription'
+        }
+        res = self.testapp.post_json(
+            '/api/v2/workspaces',
+            status=200,
+            params=params,
+        )
+        assert res.json_body
+        workspace = res.json_body
+        workspace_id = res.json_body['workspace_id']
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace_2 = res.json_body
+        assert workspace == workspace_2
+
+    def test_api__create_workspace__err_400__empty_label(self) -> None:
+        """
+        Test create workspace with empty label
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'label': '',
+            'description': 'mysuperdescription'
+        }
+        res = self.testapp.post_json(
+            '/api/v2/workspaces',
+            status=400,
+            params=params,
+        )
+
     def test_api__get_workspace__err_400__unallowed_user(self) -> None:
         """
         Check obtain workspace unreachable for user
         assert user_role['role'] == 'workspace-manager'
         assert user_role['user_id'] == 1
         assert user_role['workspace_id'] == 1
+        assert user_role['workspace']['workspace_id'] == 1
+        assert user_role['workspace']['label'] == 'Business'
+        assert user_role['workspace']['slug'] == 'business'
         assert user_role['user']['public_name'] == 'Global manager'
+        assert user_role['user']['user_id'] == 1
+        assert user_role['is_active'] is True
         # TODO - G.M - 24-05-2018 - [Avatar] Replace
         # by correct value when avatar feature will be enabled
         assert user_role['user']['avatar_url'] is None
         assert 'message' in res.json.keys()
         assert 'details' in res.json.keys()
 
+    def test_api__create_workspace_member_role__ok_200__user_id(self):
+        """
+        Create workspace member role
+        :return:
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        # create workspace role
+        params = {
+            'user_id': 2,
+            'user_email_or_public_name': None,
+            'role': 'content-manager',
+        }
+        res = self.testapp.post_json(
+            '/api/v2/workspaces/1/members',
+            status=200,
+            params=params,
+        )
+        user_role_found = res.json_body
+        assert user_role_found['role'] == 'content-manager'
+        assert user_role_found['user_id'] == 2
+        assert user_role_found['workspace_id'] == 1
+        assert user_role_found['newly_created'] is False
+        assert user_role_found['email_sent'] is False
+
+        res = self.testapp.get('/api/v2/workspaces/1/members', status=200).json_body   # nopep8
+        assert len(res) == 2
+        user_role = res[0]
+        assert user_role['role'] == 'workspace-manager'
+        assert user_role['user_id'] == 1
+        assert user_role['workspace_id'] == 1
+        user_role = res[1]
+        assert user_role_found['role'] == user_role['role']
+        assert user_role_found['user_id'] == user_role['user_id']
+        assert user_role_found['workspace_id'] == user_role['workspace_id']
+
+    def test_api__create_workspace_member_role__ok_200__user_email(self):
+        """
+        Create workspace member role
+        :return:
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        # create workspace role
+        params = {
+            'user_id': None,
+            'user_email_or_public_name': 'lawrence-not-real-email@fsf.local',
+            'role': 'content-manager',
+        }
+        res = self.testapp.post_json(
+            '/api/v2/workspaces/1/members',
+            status=200,
+            params=params,
+        )
+        user_role_found = res.json_body
+        assert user_role_found['role'] == 'content-manager'
+        assert user_role_found['user_id'] == 2
+        assert user_role_found['workspace_id'] == 1
+        assert user_role_found['newly_created'] is False
+        assert user_role_found['email_sent'] is False
+
+        res = self.testapp.get('/api/v2/workspaces/1/members', status=200).json_body   # nopep8
+        assert len(res) == 2
+        user_role = res[0]
+        assert user_role['role'] == 'workspace-manager'
+        assert user_role['user_id'] == 1
+        assert user_role['workspace_id'] == 1
+        user_role = res[1]
+        assert user_role_found['role'] == user_role['role']
+        assert user_role_found['user_id'] == user_role['user_id']
+        assert user_role_found['workspace_id'] == user_role['workspace_id']
+
+    def test_api__create_workspace_member_role__ok_200__user_public_name(self):
+        """
+        Create workspace member role
+        :return:
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        # create workspace role
+        params = {
+            'user_id': None,
+            'user_email_or_public_name': 'Lawrence L.',
+            'role': 'content-manager',
+        }
+        res = self.testapp.post_json(
+            '/api/v2/workspaces/1/members',
+            status=200,
+            params=params,
+        )
+        user_role_found = res.json_body
+        assert user_role_found['role'] == 'content-manager'
+        assert user_role_found['user_id'] == 2
+        assert user_role_found['workspace_id'] == 1
+        assert user_role_found['newly_created'] is False
+        assert user_role_found['email_sent'] is False
+
+        res = self.testapp.get('/api/v2/workspaces/1/members', status=200).json_body   # nopep8
+        assert len(res) == 2
+        user_role = res[0]
+        assert user_role['role'] == 'workspace-manager'
+        assert user_role['user_id'] == 1
+        assert user_role['workspace_id'] == 1
+        user_role = res[1]
+        assert user_role_found['role'] == user_role['role']
+        assert user_role_found['user_id'] == user_role['user_id']
+        assert user_role_found['workspace_id'] == user_role['workspace_id']
+
+    def test_api__create_workspace_member_role__err_400__nothing(self):
+        """
+        Create workspace member role
+        :return:
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        # create workspace role
+        params = {
+            'user_id': None,
+            'user_email_or_public_name': None,
+            'role': 'content-manager',
+        }
+        res = self.testapp.post_json(
+            '/api/v2/workspaces/1/members',
+            status=400,
+            params=params,
+        )
+
+    def test_api__create_workspace_member_role__err_400__wrong_user_id(self):
+        """
+        Create workspace member role
+        :return:
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        # create workspace role
+        params = {
+            'user_id': 47,
+            'user_email_or_public_name': None,
+            'role': 'content-manager',
+        }
+        res = self.testapp.post_json(
+            '/api/v2/workspaces/1/members',
+            status=400,
+            params=params,
+        )
+
+    def test_api__create_workspace_member_role__ok_200__new_user(self):  # nopep8
+        """
+        Create workspace member role
+        :return:
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        # create workspace role
+        params = {
+            'user_id': None,
+            'user_email_or_public_name': 'nothing@nothing.nothing',
+            'role': 'content-manager',
+        }
+        res = self.testapp.post_json(
+            '/api/v2/workspaces/1/members',
+            status=200,
+            params=params,
+        )
+        user_role_found = res.json_body
+        assert user_role_found['role'] == 'content-manager'
+        assert user_role_found['user_id']
+        user_id = user_role_found['user_id']
+        assert user_role_found['workspace_id'] == 1
+        assert user_role_found['newly_created'] is True
+        assert user_role_found['email_sent'] is False
+
+        res = self.testapp.get('/api/v2/workspaces/1/members',
+                               status=200).json_body  # nopep8
+        assert len(res) == 2
+        user_role = res[0]
+        assert user_role['role'] == 'workspace-manager'
+        assert user_role['user_id'] == 1
+        assert user_role['workspace_id'] == 1
+        user_role = res[1]
+        assert user_role_found['role'] == user_role['role']
+        assert user_role_found['user_id'] == user_role['user_id']
+        assert user_role_found['workspace_id'] == user_role['workspace_id']
+
+    def test_api__update_workspace_member_role__ok_200__nominal_case(self):
+        """
+        Update worskpace member role
+        """
+        # before
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/1/members', status=200).json_body   # nopep8
+        assert len(res) == 1
+        user_role = res[0]
+        assert user_role['role'] == 'workspace-manager'
+        assert user_role['user_id'] == 1
+        assert user_role['workspace_id'] == 1
+        # update workspace role
+        params = {
+            'role': 'content-manager',
+        }
+        res = self.testapp.put_json(
+            '/api/v2/workspaces/1/members/1',
+            status=200,
+            params=params,
+        )
+        user_role = res.json_body
+        assert user_role['role'] == 'content-manager'
+        assert user_role['user_id'] == 1
+        assert user_role['workspace_id'] == 1
+        # after
+        res = self.testapp.get('/api/v2/workspaces/1/members', status=200).json_body   # nopep8
+        assert len(res) == 1
+        user_role = res[0]
+        assert user_role['role'] == 'content-manager'
+        assert user_role['user_id'] == 1
+        assert user_role['workspace_id'] == 1
+
 
 class TestWorkspaceContents(FunctionalTest):
     """
         assert len(res) == 3
         content = res[0]
         assert content['content_id'] == 1
+        assert content['content_type'] == 'folder'
         assert content['is_archived'] is False
         assert content['is_deleted'] is False
         assert content['label'] == 'Tools'
         assert content['workspace_id'] == 1
         content = res[1]
         assert content['content_id'] == 2
+        assert content['content_type'] == 'folder'
         assert content['is_archived'] is False
         assert content['is_deleted'] is False
         assert content['label'] == 'Menus'
         assert content['workspace_id'] == 1
         content = res[2]
         assert content['content_id'] == 11
+        assert content['content_type'] == 'html-documents'
+        assert content['is_archived'] is False
+        assert content['is_deleted'] is False
+        assert content['label'] == 'Current Menu'
+        assert content['parent_id'] == 2
+        assert content['show_in_ui'] is True
+        assert content['slug'] == 'current-menu'
+        assert content['status'] == 'open'
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
+        assert content['workspace_id'] == 1
+
+    def test_api__get_workspace_content__ok_200__get_default_html_documents(self):
+        """
+        Check obtain workspace contents with defaults filters + content_filter
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'content_type': 'html-documents',
+        }
+        res = self.testapp.get('/api/v2/workspaces/1/contents', status=200, params=params).json_body   # nopep8
+        assert len(res) == 1
+        content = res[0]
+        assert content
+        assert content['content_id'] == 11
+        assert content['content_type'] == 'html-documents'
         assert content['is_archived'] is False
         assert content['is_deleted'] is False
         assert content['label'] == 'Current Menu'
         assert content['workspace_id'] == 1
 
     # Root related
-    def test_api__get_workspace_content__ok_200__get_all_root_content__legacy_html_slug(self):
+    def test_api__get_workspace_content__ok_200__get_all_root_content__legacy_html_slug(self):  # nopep8
         """
         Check obtain workspace all root contents
         """
         assert res == []
 
     # Folder related
+    def test_api__get_workspace_content__ok_200__get_all_filter_content_thread(self):
+        # prepare data
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config
+        )
+        business_workspace = workspace_api.get_one(1)
+        content_api = ContentApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config
+        )
+        tool_folder = content_api.get_one(1, content_type=ContentType.Any)
+        test_thread = content_api.create(
+            content_type=ContentType.Thread,
+            workspace=business_workspace,
+            parent=tool_folder,
+            label='Test Thread',
+            do_save=False,
+            do_notify=False,
+        )
+        test_thread.description = 'Thread description'
+        dbsession.add(test_thread)
+        test_file = content_api.create(
+            content_type=ContentType.File,
+            workspace=business_workspace,
+            parent=tool_folder,
+            label='Test file',
+            do_save=False,
+            do_notify=False,
+        )
+        test_file.file_extension = '.txt'
+        test_file.depot_file = FileIntent(
+            b'Test file',
+            'Test_file.txt',
+            'text/plain',
+        )
+        test_page_legacy = content_api.create(
+            content_type=ContentType.Page,
+            workspace=business_workspace,
+            label='test_page',
+            do_save=False,
+            do_notify=False,
+        )
+        test_page_legacy.type = ContentType.PageLegacy
+        content_api.update_content(test_page_legacy, 'test_page', '<p>PAGE</p>')
+        test_html_document = content_api.create(
+            content_type=ContentType.Page,
+            workspace=business_workspace,
+            label='test_html_page',
+            do_save=False,
+            do_notify=False,
+        )
+        content_api.update_content(test_html_document, 'test_page', '<p>HTML_DOCUMENT</p>')  # nopep8
+        dbsession.flush()
+        transaction.commit()
+        # test-itself
+        params = {
+            'parent_id': 1,
+            'show_archived': 1,
+            'show_deleted': 1,
+            'show_active': 1,
+            'content_type': 'thread',
+        }
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/1/contents',
+            status=200,
+            params=params,
+        ).json_body
+        assert len(res) == 1
+        content = res[0]
+        assert content['content_type'] == 'thread'
+        assert content['content_id']
+        assert content['is_archived'] is False
+        assert content['is_deleted'] is False
+        assert content['label'] == 'Test Thread'
+        assert content['parent_id'] == 1
+        assert content['show_in_ui'] is True
+        assert content['slug'] == 'test-thread'
+        assert content['status'] == 'open'
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
+        assert content['workspace_id'] == 1
+
+    def test_api__get_workspace_content__ok_200__get_all_filter_content_html_and_legacy_page(self):  # nopep8
+        # prepare data
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config
+        )
+        business_workspace = workspace_api.get_one(1)
+        content_api = ContentApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config
+        )
+        tool_folder = content_api.get_one(1, content_type=ContentType.Any)
+        test_thread = content_api.create(
+            content_type=ContentType.Thread,
+            workspace=business_workspace,
+            parent=tool_folder,
+            label='Test Thread',
+            do_save=False,
+            do_notify=False,
+        )
+        test_thread.description = 'Thread description'
+        dbsession.add(test_thread)
+        test_file = content_api.create(
+            content_type=ContentType.File,
+            workspace=business_workspace,
+            parent=tool_folder,
+            label='Test file',
+            do_save=False,
+            do_notify=False,
+        )
+        test_file.file_extension = '.txt'
+        test_file.depot_file = FileIntent(
+            b'Test file',
+            'Test_file.txt',
+            'text/plain',
+        )
+        test_page_legacy = content_api.create(
+            content_type=ContentType.Page,
+            workspace=business_workspace,
+            parent=tool_folder,
+            label='test_page',
+            do_save=False,
+            do_notify=False,
+        )
+        test_page_legacy.type = ContentType.PageLegacy
+        content_api.update_content(test_page_legacy, 'test_page', '<p>PAGE</p>')
+        test_html_document = content_api.create(
+            content_type=ContentType.Page,
+            workspace=business_workspace,
+            parent=tool_folder,
+            label='test_html_page',
+            do_save=False,
+            do_notify=False,
+        )
+        content_api.update_content(test_html_document, 'test_html_page', '<p>HTML_DOCUMENT</p>')  # nopep8
+        dbsession.flush()
+        transaction.commit()
+        # test-itself
+        params = {
+            'parent_id': 1,
+            'show_archived': 1,
+            'show_deleted': 1,
+            'show_active': 1,
+            'content_type': 'html-documents',
+        }
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/1/contents',
+            status=200,
+            params=params,
+        ).json_body
+        assert len(res) == 2
+        content = res[0]
+        assert content['content_type'] == 'html-documents'
+        assert content['content_id']
+        assert content['is_archived'] is False
+        assert content['is_deleted'] is False
+        assert content['label'] == 'test_page'
+        assert content['parent_id'] == 1
+        assert content['show_in_ui'] is True
+        assert content['slug'] == 'test-page'
+        assert content['status'] == 'open'
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
+        assert content['workspace_id'] == 1
+        content = res[1]
+        assert content['content_type'] == 'html-documents'
+        assert content['content_id']
+        assert content['is_archived'] is False
+        assert content['is_deleted'] is False
+        assert content['label'] == 'test_html_page'
+        assert content['parent_id'] == 1
+        assert content['show_in_ui'] is True
+        assert content['slug'] == 'test-html-page'
+        assert content['status'] == 'open'
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
+        assert content['workspace_id'] == 1
+        assert res[0]['content_id'] != res[1]['content_id']
 
     def test_api__get_workspace_content__ok_200__get_all_folder_content(self):
         """
             'show_archived': 1,
             'show_deleted': 1,
             'show_active': 1,
+            'content_type': 'any'
         }
         self.testapp.authorization = (
             'Basic',

tracim/tests/library/test_content_api.py

 # -*- coding: utf-8 -*-
-
+import datetime
 import transaction
 import pytest
 
         eq_(ActionDescription.UNDELETION, updated2.revision_type)
         eq_(u1id, updated2.owner_id)
 
+    def test_unit__get_last_active__ok__nominal_case(self):
+        uapi = UserApi(
+            session=self.session,
+            config=self.app_config,
+            current_user=None,
+        )
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        groups = [group_api.get_one(Group.TIM_USER),
+                  group_api.get_one(Group.TIM_MANAGER),
+                  group_api.get_one(Group.TIM_ADMIN)]
+
+        user = uapi.create_minimal_user(email='this.is@user',
+                                        groups=groups, save_now=True)
+        workspace = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace',
+            save_now=True
+        )
+        workspace2 = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace2',
+            save_now=True
+        )
+
+        api = ContentApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
+        main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True)  # nopep8
+        main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True)  # nopep8
+        # creation order test
+        firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True)  # nopep8
+        secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8
+        # update order test
+        firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True)  # nopep8
+        secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True)  # nopep8
+        with new_revision(
+            session=self.session,
+            tm=transaction.manager,
+            content=firstly_created_but_recently_updated,
+        ):
+            firstly_created_but_recently_updated.description = 'Just an update'
+        api.save(firstly_created_but_recently_updated)
+        # comment change order
+        firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8
+        secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8
+        comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8
+
+        content_workspace_2 = api.create(ContentType.Page, workspace2 ,main_folder_workspace2, 'content_workspace_2', '',True)  # nopep8
+        last_actives = api.get_last_active()
+        assert len(last_actives) == 9
+        # workspace_2 content
+        assert last_actives[0] == content_workspace_2
+        # comment is newest than page2
+        assert last_actives[1] == firstly_created_but_recently_commented
+        assert last_actives[2] == secondly_created_but_not_commented
+        # last updated content is newer than other one despite creation
+        # of the other is more recent
+        assert last_actives[3] == firstly_created_but_recently_updated
+        assert last_actives[4] == secondly_created_but_not_updated
+        # creation order is inverted here as last created is last active
+        assert last_actives[5] == secondly_created
+        assert last_actives[6] == firstly_created
+        # folder subcontent modification does not change folder order
+        assert last_actives[7] == main_folder
+        # folder subcontent modification does not change folder order
+        # (workspace2)
+        assert last_actives[8] == main_folder_workspace2
+
+    def test_unit__get_last_active__ok__workspace_filter_workspace_full(self):
+        uapi = UserApi(
+            session=self.session,
+            config=self.app_config,
+            current_user=None,
+        )
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        groups = [group_api.get_one(Group.TIM_USER),
+                  group_api.get_one(Group.TIM_MANAGER),
+                  group_api.get_one(Group.TIM_ADMIN)]
+
+        user = uapi.create_minimal_user(email='this.is@user',
+                                        groups=groups, save_now=True)
+        workspace = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace',
+            save_now=True
+        )
+
+        api = ContentApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
+        main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True)  # nopep8
+        # creation order test
+        firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True)  # nopep8
+        secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8
+        # update order test
+        firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True)  # nopep8
+        secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True)  # nopep8
+        with new_revision(
+            session=self.session,
+            tm=transaction.manager,
+            content=firstly_created_but_recently_updated,
+        ):
+            firstly_created_but_recently_updated.description = 'Just an update'
+        api.save(firstly_created_but_recently_updated)
+        # comment change order
+        firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8
+        secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8
+        comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8
+
+        last_actives = api.get_last_active(workspace=workspace)
+        assert len(last_actives) == 7
+        # comment is newest than page2
+        assert last_actives[0] == firstly_created_but_recently_commented
+        assert last_actives[1] == secondly_created_but_not_commented
+        # last updated content is newer than other one despite creation
+        # of the other is more recent
+        assert last_actives[2] == firstly_created_but_recently_updated
+        assert last_actives[3] == secondly_created_but_not_updated
+        # creation order is inverted here as last created is last active
+        assert last_actives[4] == secondly_created
+        assert last_actives[5] == firstly_created
+        # folder subcontent modification does not change folder order
+        assert last_actives[6] == main_folder
+
+    def test_unit__get_last_active__ok__workspace_filter_workspace_content_ids(self):
+        uapi = UserApi(
+            session=self.session,
+            config=self.app_config,
+            current_user=None,
+        )
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        groups = [group_api.get_one(Group.TIM_USER),
+                  group_api.get_one(Group.TIM_MANAGER),
+                  group_api.get_one(Group.TIM_ADMIN)]
+
+        user = uapi.create_minimal_user(email='this.is@user',
+                                        groups=groups, save_now=True)
+        workspace = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace',
+            save_now=True
+        )
+
+        api = ContentApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
+        main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True)  # nopep8
+        # creation order test
+        firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True)  # nopep8
+        secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8
+        # update order test
+        firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True)  # nopep8
+        secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True)  # nopep8
+        with new_revision(
+            session=self.session,
+            tm=transaction.manager,
+            content=firstly_created_but_recently_updated,
+        ):
+            firstly_created_but_recently_updated.description = 'Just an update'
+        api.save(firstly_created_but_recently_updated)
+        # comment change order
+        firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8
+        secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8
+        comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8
+
+        selected_contents = [
+            firstly_created_but_recently_commented,
+            firstly_created_but_recently_updated,
+            firstly_created,
+            main_folder,
+        ]
+        content_ids = [content.content_id for content in selected_contents]
+        last_actives = api.get_last_active(
+            workspace=workspace,
+            content_ids=content_ids,
+        )
+        assert len(last_actives) == 4
+        # comment is newest than page2
+        assert last_actives[0] == firstly_created_but_recently_commented
+        assert secondly_created_but_not_commented not in last_actives
+        # last updated content is newer than other one despite creation
+        # of the other is more recent
+        assert last_actives[1] == firstly_created_but_recently_updated
+        assert secondly_created_but_not_updated not in last_actives
+        # creation order is inverted here as last created is last active
+        assert secondly_created not in last_actives
+        assert last_actives[2] == firstly_created
+        # folder subcontent modification does not change folder order
+        assert last_actives[3] == main_folder
+
+    def test_unit__get_last_active__ok__workspace_filter_workspace_limit_2_multiples_times(self):  # nopep8
+        uapi = UserApi(
+            session=self.session,
+            config=self.app_config,
+            current_user=None,
+        )
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        groups = [group_api.get_one(Group.TIM_USER),
+                  group_api.get_one(Group.TIM_MANAGER),
+                  group_api.get_one(Group.TIM_ADMIN)]
+
+        user = uapi.create_minimal_user(email='this.is@user',
+                                        groups=groups, save_now=True)
+        workspace = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace',
+            save_now=True
+        )
+
+        api = ContentApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
+        main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True)  # nopep8
+        # creation order test
+        firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True)  # nopep8
+        secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8
+        # update order test
+        firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True)  # nopep8
+        secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True)  # nopep8
+        with new_revision(
+            session=self.session,
+            tm=transaction.manager,
+            content=firstly_created_but_recently_updated,
+        ):
+            firstly_created_but_recently_updated.description = 'Just an update'
+        api.save(firstly_created_but_recently_updated)
+        # comment change order
+        firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8
+        secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8
+        comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8
+
+        last_actives = api.get_last_active(workspace=workspace, limit=2, before_datetime=datetime.datetime.now())  # nopep8
+        assert len(last_actives) == 2
+        # comment is newest than page2
+        assert last_actives[0] == firstly_created_but_recently_commented
+        assert last_actives[1] == secondly_created_but_not_commented
+
+        last_actives = api.get_last_active(workspace=workspace, limit=2, before_datetime=last_actives[1].get_simple_last_activity_date())  # nopep8
+        assert len(last_actives) == 2
+        # last updated content is newer than other one despite creation
+        # of the other is more recent
+        assert last_actives[0] == firstly_created_but_recently_updated
+        assert last_actives[1] == secondly_created_but_not_updated
+
+        last_actives = api.get_last_active(workspace=workspace, limit=2, before_datetime=last_actives[1].get_simple_last_activity_date())  # nopep8
+        assert len(last_actives) == 2
+        # creation order is inverted here as last created is last active
+        assert last_actives[0] == secondly_created
+        assert last_actives[1] == firstly_created
+
+        last_actives = api.get_last_active(workspace=workspace, limit=2, before_datetime=last_actives[1].get_simple_last_activity_date())  # nopep8
+        assert len(last_actives) == 1
+        # folder subcontent modification does not change folder order
+        assert last_actives[0] == main_folder
+
+    def test_unit__get_last_active__ok__workspace_filter_workspace_empty(self):
+        uapi = UserApi(
+            session=self.session,
+            config=self.app_config,
+            current_user=None,
+        )
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        groups = [group_api.get_one(Group.TIM_USER),
+                  group_api.get_one(Group.TIM_MANAGER),
+                  group_api.get_one(Group.TIM_ADMIN)]
+
+        user = uapi.create_minimal_user(email='this.is@user',
+                                        groups=groups, save_now=True)
+        workspace = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace',
+            save_now=True
+        )
+        workspace2 = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_workspace(
+            'test workspace2',
+            save_now=True
+        )
+        api = ContentApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
+        main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True)  # nopep8
+        # creation order test
+        firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True)  # nopep8
+        secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8
+        # update order test
+        firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True)  # nopep8
+        secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True)  # nopep8
+        with new_revision(
+            session=self.session,
+            tm=transaction.manager,
+            content=firstly_created_but_recently_updated,
+        ):
+            firstly_created_but_recently_updated.description = 'Just an update'
+        api.save(firstly_created_but_recently_updated)
+        # comment change order
+        firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8
+        secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8
+        comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8
+
+        last_actives = api.get_last_active(workspace=workspace2)
+        assert len(last_actives) == 0
+
     def test_search_in_label(self):
         # HACK - D.A. - 2015-03-09
         # This test is based on a bug which does NOT return results found

tracim/tests/library/test_role_api.py

+# coding=utf-8
+import pytest
+from sqlalchemy.orm.exc import NoResultFound
+
+from tracim.lib.core.userworkspace import RoleApi
+from tracim.models import User
+from tracim.models.roles import WorkspaceRoles
+from tracim.tests import DefaultTest
+from tracim.fixtures.users_and_groups import Base as BaseFixture
+from tracim.fixtures.content import Content as ContentFixture
+
+
+class TestRoleApi(DefaultTest):
+
+    fixtures = [BaseFixture, ContentFixture]
+
+    def test_unit__get_one__ok__nominal_case(self):
+        admin = self.session.query(User)\
+            .filter(User.email == 'admin@admin.admin').one()
+        rapi = RoleApi(
+            current_user=admin,
+            session=self.session,
+            config=self.config,
+        )
+        rapi.get_one(admin.user_id, 1)
+
+    def test_unit__get_one__err__role_does_not_exist(self):
+        admin = self.session.query(User)\
+            .filter(User.email == 'admin@admin.admin').one()
+        rapi = RoleApi(
+            current_user=admin,
+            session=self.session,
+            config=self.config,
+        )
+        with pytest.raises(NoResultFound):
+            rapi.get_one(admin.user_id, 100)  # workspace 100 does not exist
+
+    def test_unit__create_one__nominal_case(self):
+        admin = self.session.query(User)\
+            .filter(User.email == 'admin@admin.admin').one()
+        workspace = self._create_workspace_and_test(
+            'workspace_1',
+            admin
+        )
+        bob = self.session.query(User)\
+            .filter(User.email == 'bob@fsf.local').one()
+        rapi = RoleApi(
+            current_user=admin,
+            session=self.session,
+            config=self.config,
+        )
+        created_role = rapi.create_one(
+            user=bob,
+            workspace=workspace,
+            role_level=WorkspaceRoles.CONTENT_MANAGER.level,
+            with_notif=False,
+        )
+        obtain_role = rapi.get_one(bob.user_id, workspace.workspace_id)
+        assert created_role == obtain_role
+
+    def test_unit__get_all_for_usages(self):
+        admin = self.session.query(User)\
+            .filter(User.email == 'admin@admin.admin').one()
+        rapi = RoleApi(
+            current_user=admin,
+            session=self.session,
+            config=self.config,
+        )
+        workspace = self._create_workspace_and_test(
+            'workspace_1',
+            admin
+        )
+        roles = rapi.get_all_for_workspace(workspace)
+        len(roles) == 1
+        roles[0].user_id == admin.user_id
+        roles[0].role == WorkspaceRoles.WORKSPACE_MANAGER.level
+

tracim/tests/library/test_user_api.py

         )
         u = api.create_minimal_user('bob@bob')
         assert u.email == 'bob@bob'
-        assert u.display_name is None
+        assert u.display_name == 'bob'
 
     def test_unit__create_minimal_user_and_update__ok__nominal_case(self):
         api = UserApi(

tracim/tests/models/tests_roles.py

+# coding=utf-8
+import unittest
+import pytest
+from tracim.exceptions import RoleDoesNotExist
+from tracim.models.roles import WorkspaceRoles
+
+
+class TestWorkspacesRoles(unittest.TestCase):
+    """
+    Test for WorkspaceRoles Enum Object
+    """
+    def test_workspace_roles__ok__all_list(self):
+        roles = list(WorkspaceRoles)
+        assert len(roles) == 5
+        for role in roles:
+            assert role
+            assert role.slug
+            assert isinstance(role.slug, str)
+            assert role.level or role.level == 0
+            assert isinstance(role.level, int)
+            assert role.label
+            assert isinstance(role.slug, str)
+        assert WorkspaceRoles['READER']
+        assert WorkspaceRoles['NOT_APPLICABLE']
+        assert WorkspaceRoles['CONTRIBUTOR']
+        assert WorkspaceRoles['WORKSPACE_MANAGER']
+        assert WorkspaceRoles['CONTENT_MANAGER']
+
+    def test__workspace_roles__ok__check_model(self):
+        role = WorkspaceRoles.WORKSPACE_MANAGER
+        assert role
+        assert role.slug
+        assert isinstance(role.slug, str)
+        assert role.level
+        assert isinstance(role.level, int)
+        assert role.label
+        assert isinstance(role.slug, str)
+
+    def test_workspace_roles__ok__get_all_valid_roles(self):
+        roles = WorkspaceRoles.get_all_valid_role()
+        assert len(roles) == 4
+        for role in roles:
+            assert role
+            assert role.slug
+            assert isinstance(role.slug, str)
+            assert role.level or role.level == 0
+            assert isinstance(role.level, int)
+            assert role.level > 0
+            assert role.label
+            assert isinstance(role.slug, str)
+
+    def test_workspace_roles__ok__get_role__from_level__ok__nominal_case(self):
+        role = WorkspaceRoles.get_role_from_level(0)
+
+        assert role
+        assert role.slug
+        assert isinstance(role.slug, str)
+        assert role.level == 0
+        assert isinstance(role.level, int)
+        assert role.label
+        assert isinstance(role.slug, str)
+
+    def test_workspace_roles__ok__get_role__from_slug__ok__nominal_case(self):
+        role = WorkspaceRoles.get_role_from_slug('reader')
+
+        assert role
+        assert role.slug
+        assert isinstance(role.slug, str)
+        assert role.level > 0
+        assert isinstance(role.level, int)
+        assert role.label
+        assert isinstance(role.slug, str)
+
+    def test_workspace_roles__ok__get_role__from_level__err__role_does_not_exist(self):  # nopep8
+        with pytest.raises(RoleDoesNotExist):
+            WorkspaceRoles.get_role_from_level(-1000)
+
+    def test_workspace_roles__ok__get_role__from_slug__err__role_does_not_exist(self):  # nopep8
+        with pytest.raises(RoleDoesNotExist):
+            WorkspaceRoles.get_role_from_slug('this slug does not exist')

tracim/views/contents_api/file_controller.py

+# coding=utf-8
+import typing
+
+import transaction
+from depot.manager import DepotManager
+from preview_generator.exception import UnavailablePreviewType
+from pyramid.config import Configurator
+from pyramid.response import FileResponse, FileIter
+
+try:  # Python 3.5+
+    from http import HTTPStatus
+except ImportError:
+    from http import client as HTTPStatus
+
+from tracim import TracimRequest
+from tracim.extensions import hapic
+from tracim.lib.core.content import ContentApi
+from tracim.views.controllers import Controller
+from tracim.views.core_api.schemas import FileContentSchema
+from tracim.views.core_api.schemas import AllowedJpgPreviewDimSchema
+from tracim.views.core_api.schemas import ContentPreviewSizedPathSchema
+from tracim.views.core_api.schemas import RevisionPreviewSizedPathSchema
+from tracim.views.core_api.schemas import PageQuerySchema
+from tracim.views.core_api.schemas import WorkspaceAndContentRevisionIdPathSchema  # nopep8
+from tracim.views.core_api.schemas import FileRevisionSchema
+from tracim.views.core_api.schemas import SetContentStatusSchema
+from tracim.views.core_api.schemas import FileContentModifySchema
+from tracim.views.core_api.schemas import WorkspaceAndContentIdPathSchema
+from tracim.views.core_api.schemas import NoContentSchema
+from tracim.lib.utils.authorization import require_content_types
+from tracim.lib.utils.authorization import require_workspace_role
+from tracim.models.data import UserRoleInWorkspace
+from tracim.models.context_models import ContentInContext
+from tracim.models.context_models import RevisionInContext
+from tracim.models.contents import ContentTypeLegacy as ContentType
+from tracim.models.contents import file_type
+from tracim.models.revision_protection import new_revision
+from tracim.exceptions import EmptyLabelNotAllowed
+from tracim.exceptions import PageOfPreviewNotFound
+from tracim.exceptions import PreviewDimNotAllowed
+
+FILE_ENDPOINTS_TAG = 'Files'
+
+
+class FileController(Controller):
+    """
+    Endpoints for File Content
+    """
+
+    # File data
+    @hapic.with_api_doc(tags=[FILE_ENDPOINTS_TAG])
+    @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
+    @require_content_types([file_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    # TODO - G.M - 2018-07-24 - Use hapic for input file
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def upload_file(self, context, request: TracimRequest, hapic_data=None):
+        """
+        Upload a new version of raw file of content. This will create a new
+        revision.
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        file = request.POST['files']
+        with new_revision(
+                session=request.dbsession,
+                tm=transaction.manager,
+                content=content
+        ):
+            api.update_file_data(
+                content,
+                new_filename=file.filename,
+                new_mimetype=file.type,
+                new_content=file.file,
+            )
+
+        return
+
+    @hapic.with_api_doc(tags=[FILE_ENDPOINTS_TAG])
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([file_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.output_file([])
+    def download_file(self, context, request: TracimRequest, hapic_data=None):
+        """
+        Download raw file of last revision of content.
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        file = DepotManager.get().get(content.depot_file)
+        response = request.response
+        response.content_type = file.content_type
+        response.app_iter = FileIter(file)
+        return response
+
+    @hapic.with_api_doc(tags=[FILE_ENDPOINTS_TAG])
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([file_type])
+    @hapic.input_path(WorkspaceAndContentRevisionIdPathSchema())
+    @hapic.output_file([])
+    def download_revisions_file(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        Download raw file for specific revision of content.
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        revision = api.get_one_revision(
+            revision_id=hapic_data.path.revision_id,
+            content=content
+        )
+        file = DepotManager.get().get(revision.depot_file)
+        response = request.response
+        response.content_type = file.content_type
+        response.app_iter = FileIter(file)
+        return response
+
+    # preview
+    # pdf
+    @hapic.with_api_doc(tags=[FILE_ENDPOINTS_TAG])
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([file_type])
+    @hapic.handle_exception(UnavailablePreviewType, HTTPStatus.BAD_REQUEST)
+    @hapic.handle_exception(PageOfPreviewNotFound, HTTPStatus.BAD_REQUEST)
+    @hapic.input_query(PageQuerySchema())
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.output_file([])
+    def preview_pdf(self, context, request: TracimRequest, hapic_data=None):
+        """
+        Obtain a specific page pdf preview of last revision of content.
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        pdf_preview_path = api.get_pdf_preview_path(
+            content.content_id,
+            content.revision_id,
+            page=hapic_data.query.page
+        )
+        return FileResponse(pdf_preview_path)
+
+    @hapic.with_api_doc(tags=[FILE_ENDPOINTS_TAG])
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([file_type])
+    @hapic.handle_exception(UnavailablePreviewType, HTTPStatus.BAD_REQUEST)
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.output_file([])
+    def preview_pdf_full(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        Obtain a full pdf preview (all page) of last revision of content.
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        pdf_preview_path = api.get_full_pdf_preview_path(content.revision_id)
+        return FileResponse(pdf_preview_path)
+
+    @hapic.with_api_doc(tags=[FILE_ENDPOINTS_TAG])
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([file_type])
+    @hapic.handle_exception(UnavailablePreviewType, HTTPStatus.BAD_REQUEST)
+    @hapic.input_path(WorkspaceAndContentRevisionIdPathSchema())
+    @hapic.input_query(PageQuerySchema())
+    @hapic.output_file([])
+    def preview_pdf_revision(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        Obtain a specific page pdf preview of a specific revision of content.
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        revision = api.get_one_revision(
+            revision_id=hapic_data.path.revision_id,
+            content=content
+        )
+        pdf_preview_path = api.get_pdf_preview_path(
+            revision.content_id,
+            revision.revision_id,
+            page=hapic_data.query.page
+        )
+        return FileResponse(pdf_preview_path)
+
+    # jpg
+    @hapic.with_api_doc(tags=[FILE_ENDPOINTS_TAG])
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([file_type])
+    @hapic.handle_exception(PageOfPreviewNotFound, HTTPStatus.BAD_REQUEST)
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.input_query(PageQuerySchema())
+    @hapic.output_file([])
+    def preview_jpg(self, context, request: TracimRequest, hapic_data=None):
+        """
+        Obtain normally sied jpg preview of last revision of content.
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        allowed_dim = api.get_jpg_preview_allowed_dim()
+        jpg_preview_path = api.get_jpg_preview_path(
+            content_id=content.content_id,
+            revision_id=content.revision_id,
+            page=hapic_data.query.page,
+            width=allowed_dim.dimensions[0].width,
+            height=allowed_dim.dimensions[0].height,
+        )
+        return FileResponse(jpg_preview_path)
+
+    @hapic.with_api_doc(tags=[FILE_ENDPOINTS_TAG])
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([file_type])
+    @hapic.handle_exception(PageOfPreviewNotFound, HTTPStatus.BAD_REQUEST)
+    @hapic.handle_exception(PreviewDimNotAllowed, HTTPStatus.BAD_REQUEST)
+    @hapic.input_query(PageQuerySchema())
+    @hapic.input_path(ContentPreviewSizedPathSchema())
+    @hapic.output_file([])
+    def sized_preview_jpg(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        Obtain resized jpg preview of last revision of content.
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        jpg_preview_path = api.get_jpg_preview_path(
+            content_id=content.content_id,
+            revision_id=content.revision_id,
+            page=hapic_data.query.page,
+            height=hapic_data.path.height,
+            width=hapic_data.path.width,
+        )
+        return FileResponse(jpg_preview_path)
+
+    @hapic.with_api_doc(tags=[FILE_ENDPOINTS_TAG])
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([file_type])
+    @hapic.handle_exception(PageOfPreviewNotFound, HTTPStatus.BAD_REQUEST)
+    @hapic.handle_exception(PreviewDimNotAllowed, HTTPStatus.BAD_REQUEST)
+    @hapic.input_path(RevisionPreviewSizedPathSchema())
+    @hapic.input_query(PageQuerySchema())
+    @hapic.output_file([])
+    def sized_preview_jpg_revision(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        Obtain resized jpg preview of a specific revision of content.
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        revision = api.get_one_revision(
+            revision_id=hapic_data.path.revision_id,
+            content=content
+        )
+        jpg_preview_path = api.get_jpg_preview_path(
+            content_id=content.content_id,
+            revision_id=revision.revision_id,
+            page=hapic_data.query.page,
+            height=hapic_data.path.height,
+            width=hapic_data.path.width,
+        )
+        return FileResponse(jpg_preview_path)
+
+    @hapic.with_api_doc(tags=[FILE_ENDPOINTS_TAG])
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([file_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.output_body(AllowedJpgPreviewDimSchema())
+    def allowed_dim_preview_jpg(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        Get allowed dimensions of jpg preview. If restricted is true,
+        only those dimensions are strictly accepted.
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        return api.get_jpg_preview_allowed_dim()
+
+    # File infos
+    @hapic.with_api_doc(tags=[FILE_ENDPOINTS_TAG])
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([file_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.output_body(FileContentSchema())
+    def get_file_infos(self, context, request: TracimRequest, hapic_data=None) -> ContentInContext:  # nopep8
+        """
+        Get thread content
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        return api.get_content_in_context(content)
+
+    @hapic.with_api_doc(tags=[FILE_ENDPOINTS_TAG])
+    @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST)
+    @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
+    @require_content_types([file_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.input_body(FileContentModifySchema())
+    @hapic.output_body(FileContentSchema())
+    def update_file_info(self, context, request: TracimRequest, hapic_data=None) -> ContentInContext:  # nopep8
+        """
+        update thread
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        with new_revision(
+                session=request.dbsession,
+                tm=transaction.manager,
+                content=content
+        ):
+            api.update_content(
+                item=content,
+                new_label=hapic_data.body.label,
+                new_content=hapic_data.body.raw_content,
+
+            )
+            api.save(content)
+        return api.get_content_in_context(content)
+
+    @hapic.with_api_doc(tags=[FILE_ENDPOINTS_TAG])
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([file_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.output_body(FileRevisionSchema(many=True))
+    def get_file_revisions(
+            self,
+            context,
+            request: TracimRequest,
+            hapic_data=None
+    ) -> typing.List[RevisionInContext]:
+        """
+        get file revisions
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        revisions = content.revisions
+        return [
+            api.get_revision_in_context(revision)
+            for revision in revisions
+        ]
+
+    @hapic.with_api_doc(tags=[FILE_ENDPOINTS_TAG])
+    @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST)
+    @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
+    @require_content_types([file_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.input_body(SetContentStatusSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def set_file_status(self, context, request: TracimRequest, hapic_data=None) -> None:  # nopep8
+        """
+        set file status
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        with new_revision(
+                session=request.dbsession,
+                tm=transaction.manager,
+                content=content
+        ):
+            api.set_status(
+                content,
+                hapic_data.body.status,
+            )
+            api.save(content)
+        return
+
+    def bind(self, configurator: Configurator) -> None:
+        """
+        Add route to configurator.
+        """
+
+        # file info #
+        # Get file info
+        configurator.add_route(
+            'file_info',
+            '/workspaces/{workspace_id}/files/{content_id}',
+            request_method='GET'
+        )
+        configurator.add_view(self.get_file_infos, route_name='file_info')  # nopep8
+        # update file
+        configurator.add_route(
+            'update_file_info',
+            '/workspaces/{workspace_id}/files/{content_id}',
+            request_method='PUT'
+        )  # nopep8
+        configurator.add_view(self.update_file_info, route_name='update_file_info')  # nopep8
+
+        # raw file #
+        # upload raw file
+        configurator.add_route(
+            'upload_file',
+            '/workspaces/{workspace_id}/files/{content_id}/raw',  # nopep8
+            request_method='PUT'
+        )
+        configurator.add_view(self.upload_file, route_name='upload_file')  # nopep8
+        # download raw file
+        configurator.add_route(
+            'download_file',
+            '/workspaces/{workspace_id}/files/{content_id}/raw',  # nopep8
+            request_method='GET'
+        )
+        configurator.add_view(self.download_file, route_name='download_file')  # nopep8
+        # download raw file of revision
+        configurator.add_route(
+            'download_revision',
+            '/workspaces/{workspace_id}/files/{content_id}/revisions/{revision_id}/raw',  # nopep8
+            request_method='GET'
+        )
+        configurator.add_view(self.download_revisions_file, route_name='download_revision')  # nopep8
+
+        # previews #
+        # get preview pdf full
+        configurator.add_route(
+            'preview_pdf_full',
+            '/workspaces/{workspace_id}/files/{content_id}/preview/pdf/full',  # nopep8
+            request_method='GET'
+        )
+        configurator.add_view(self.preview_pdf_full, route_name='preview_pdf_full')  # nopep8
+        # get preview pdf
+        configurator.add_route(
+            'preview_pdf',
+            '/workspaces/{workspace_id}/files/{content_id}/preview/pdf',  # nopep8
+            request_method='GET'
+        )
+        configurator.add_view(self.preview_pdf, route_name='preview_pdf')  # nopep8
+        # get preview jpg allowed dims
+        configurator.add_route(
+            'allowed_dim_preview_jpg',
+            '/workspaces/{workspace_id}/files/{content_id}/preview/jpg/allowed_dims',  # nopep8
+            request_method='GET'
+        )
+        configurator.add_view(self.allowed_dim_preview_jpg, route_name='allowed_dim_preview_jpg')  # nopep8
+        # get preview jpg
+        configurator.add_route(
+            'preview_jpg',
+            '/workspaces/{workspace_id}/files/{content_id}/preview/jpg',  # nopep8
+            request_method='GET'
+        )
+        configurator.add_view(self.preview_jpg, route_name='preview_jpg')  # nopep8
+        # get preview jpg with size
+        configurator.add_route(
+            'sized_preview_jpg',
+            '/workspaces/{workspace_id}/files/{content_id}/preview/jpg/{width}x{height}',  # nopep8
+            request_method='GET'
+        )
+        configurator.add_view(self.sized_preview_jpg, route_name='sized_preview_jpg')  # nopep8
+        # get jpg preview for revision
+        configurator.add_route(
+            'sized_preview_jpg_revision',
+            '/workspaces/{workspace_id}/files/{content_id}/revisions/{revision_id}/preview/jpg/{width}x{height}',  # nopep8
+            request_method='GET'
+        )
+        configurator.add_view(self.sized_preview_jpg_revision, route_name='sized_preview_jpg_revision')  # nopep8
+        # get jpg preview for revision
+        configurator.add_route(
+            'preview_pdf_revision',
+            '/workspaces/{workspace_id}/files/{content_id}/revisions/{revision_id}/preview/pdf',  # nopep8
+            request_method='GET'
+        )
+        configurator.add_view(self.preview_pdf_revision, route_name='preview_pdf_revision')  # nopep8
+        # others #
+        # get file revisions
+        configurator.add_route(
+            'file_revisions',
+            '/workspaces/{workspace_id}/files/{content_id}/revisions',  # nopep8
+            request_method='GET'
+        )
+        configurator.add_view(self.get_file_revisions, route_name='file_revisions')  # nopep8
+
+        # get file status
+        configurator.add_route(
+            'set_file_status',
+            '/workspaces/{workspace_id}/files/{content_id}/status',  # nopep8
+            request_method='PUT'
+        )
+        configurator.add_view(self.set_file_status, route_name='set_file_status')  # nopep8

tracim/views/core_api/schemas.py

 from tracim.models.contents import open_status
 from tracim.models.contents import ContentTypeLegacy as ContentType
 from tracim.models.contents import ContentStatusLegacy as ContentStatus
+from tracim.models.context_models import ActiveContentFilter
+from tracim.models.context_models import ContentIdsQuery
+from tracim.models.context_models import UserWorkspaceAndContentPath
 from tracim.models.context_models import ContentCreation
 from tracim.models.context_models import UserCreation
 from tracim.models.context_models import SetEmail
 from tracim.models.context_models import SetPassword
 from tracim.models.context_models import UserInfos
 from tracim.models.context_models import UserProfile
+from tracim.models.context_models import ContentPreviewSizedPath
+from tracim.models.context_models import RevisionPreviewSizedPath
+from tracim.models.context_models import PageQuery
+from tracim.models.context_models import WorkspaceAndContentRevisionPath
+from tracim.models.context_models import WorkspaceMemberInvitation
+from tracim.models.context_models import WorkspaceUpdate
+from tracim.models.context_models import RoleUpdate
 from tracim.models.context_models import CommentCreation
 from tracim.models.context_models import TextBasedContentUpdate
 from tracim.models.context_models import SetContentStatus
 from tracim.models.context_models import CommentPath
 from tracim.models.context_models import MoveParams
 from tracim.models.context_models import WorkspaceAndContentPath
+from tracim.models.context_models import WorkspaceAndUserPath
 from tracim.models.context_models import ContentFilter
 from tracim.models.context_models import LoginCredentials
 from tracim.models.data import UserRoleInWorkspace
+from tracim.models.data import ActionDescription
 
 
 class UserDigestSchema(marshmallow.Schema):
     )
 
 
+class RevisionIdPathSchema(marshmallow.Schema):
+    revision_id = marshmallow.fields.Int(example=6, required=True)
+
+
+class WorkspaceAndUserIdPathSchema(
+    UserIdPathSchema,
+    WorkspaceIdPathSchema
+):
+    @post_load
+    def make_path_object(self, data):
+        return WorkspaceAndUserPath(**data)
+
+
 class WorkspaceAndContentIdPathSchema(
     WorkspaceIdPathSchema,
     ContentIdPathSchema
         return WorkspaceAndContentPath(**data)
 
 
+class WidthAndHeightPathSchema(marshmallow.Schema):
+    width = marshmallow.fields.Int(example=256)
+    height = marshmallow.fields.Int(example=256)
+
+
+class AllowedJpgPreviewSizesSchema(marshmallow.Schema):
+    width = marshmallow.fields.Int(example=256)
+    height = marshmallow.fields.Int(example=256)
+
+
+class AllowedJpgPreviewDimSchema(marshmallow.Schema):
+    restricted = marshmallow.fields.Bool()
+    dimensions = marshmallow.fields.Nested(
+        AllowedJpgPreviewSizesSchema,
+        many=True
+    )
+
+
+class WorkspaceAndContentRevisionIdPathSchema(
+    WorkspaceIdPathSchema,
+    ContentIdPathSchema,
+    RevisionIdPathSchema,
+):
+    @post_load
+    def make_path_object(self, data):
+        return WorkspaceAndContentRevisionPath(**data)
+
+
+class ContentPreviewSizedPathSchema(
+    WorkspaceAndContentIdPathSchema,
+    WidthAndHeightPathSchema
+):
+    @post_load
+    def make_path_object(self, data):
+        return ContentPreviewSizedPath(**data)
+
+
+class RevisionPreviewSizedPathSchema(
+    WorkspaceAndContentRevisionIdPathSchema,
+    WidthAndHeightPathSchema
+):
+    @post_load
+    def make_path_object(self, data):
+        return RevisionPreviewSizedPath(**data)
+
+
+class UserWorkspaceAndContentIdPathSchema(
+    UserIdPathSchema,
+    WorkspaceIdPathSchema,
+    ContentIdPathSchema,
+):
+    @post_load
+    def make_path_object(self, data):
+        return UserWorkspaceAndContentPath(**data)
+
+
+class UserWorkspaceIdPathSchema(
+    UserIdPathSchema,
+    WorkspaceIdPathSchema,
+):
+    @post_load
+    def make_path_object(self, data):
+        return WorkspaceAndUserPath(**data)
+
+
 class CommentsPathSchema(WorkspaceAndContentIdPathSchema):
     comment_id = marshmallow.fields.Int(
         example=6,
         return CommentPath(**data)
 
 
+class PageQuerySchema(marshmallow.Schema):
+    page = marshmallow.fields.Int(
+        example=2,
+        default=0,
+        description='allow to show a specific page of a pdf file',
+        validate=Range(min=0, error="Value must be positive or 0"),
+    )
+
+    @post_load
+    def make_page_query(self, data):
+        return PageQuery(**data)
+
+
 class FilterContentQuerySchema(marshmallow.Schema):
     parent_id = marshmallow.fields.Int(
         example=2,
                     'to allow to show only archived documents',
         validate=Range(min=0, max=1, error="Value must be 0 or 1"),
     )
+    content_type = marshmallow.fields.String(
+        example=ContentType.Any,
+        default=ContentType.Any,
+        validate=OneOf(ContentType.allowed_type_values())
+    )
 
     @post_load
     def make_content_filter(self, data):
         return ContentFilter(**data)
 
+
+class ActiveContentFilterQuerySchema(marshmallow.Schema):
+    limit = marshmallow.fields.Int(
+        example=2,
+        default=0,
+        description='if 0 or not set, return all elements, else return only '
+                    'the first limit elem (according to offset)',
+        validate=Range(min=0, error="Value must be positive or 0"),
+    )
+    before_datetime = marshmallow.fields.DateTime(
+        format=DATETIME_FORMAT,
+        description='return only content lastly updated before this date',
+    )
+    @post_load
+    def make_content_filter(self, data):
+        return ActiveContentFilter(**data)
+
+
+class ContentIdsQuerySchema(marshmallow.Schema):
+    contents_ids = marshmallow.fields.List(
+        marshmallow.fields.Int(
+            example=6,
+            validate=Range(min=1, error="Value must be greater than 0"),
+        )
+    )
+    @post_load
+    def make_contents_ids(self, data):
+        return ContentIdsQuery(**data)
+
+
 ###
 
 
+class RoleUpdateSchema(marshmallow.Schema):
+    role = marshmallow.fields.String(
+        example='contributor',
+        validate=OneOf(UserRoleInWorkspace.get_all_role_slug())
+    )
+
+    @post_load
+    def make_role(self, data):
+        return RoleUpdate(**data)
+
+
+class WorkspaceMemberInviteSchema(RoleUpdateSchema):
+    user_id = marshmallow.fields.Int(
+        example=5,
+        default=None,
+        allow_none=True,
+    )
+    user_email_or_public_name = marshmallow.fields.String(
+        example='suri@cate.fr',
+        default=None,
+        allow_none=True,
+    )
+
+    @post_load
+    def make_role(self, data):
+        return WorkspaceMemberInvitation(**data)
+
+
 class BasicAuthSchema(marshmallow.Schema):
 
     email = marshmallow.fields.Email(
     expire_after = marshmallow.fields.String()
 
 
+class WorkspaceModifySchema(marshmallow.Schema):
+    label = marshmallow.fields.String(
+        example='My Workspace',
+    )
+    description = marshmallow.fields.String(
+        example='A super description of my workspace.',
+    )
+
+    @post_load
+    def make_workspace_modifications(self, data):
+        return WorkspaceUpdate(**data)
+
+
+class WorkspaceCreationSchema(WorkspaceModifySchema):
+    pass
+
+
 class NoContentSchema(marshmallow.Schema):
 
     class Meta:
         validate=Range(min=1, error="Value must be greater than 0"),
     )
     user = marshmallow.fields.Nested(
-        UserSchema(only=('public_name', 'avatar_url'))
+        UserDigestSchema()
     )
+    workspace = marshmallow.fields.Nested(
+        WorkspaceDigestSchema(exclude=('sidebar_entries',))
+    )
+    is_active = marshmallow.fields.Bool()
 
     class Meta:
         description = 'Workspace Member information'
 
 
+class WorkspaceMemberCreationSchema(WorkspaceMemberSchema):
+    newly_created = marshmallow.fields.Bool(
+        exemple=False,
+        description='Is the user completely new '
+                    '(and account was just created) or not ?',
+    )
+    email_sent = marshmallow.fields.Bool(
+        exemple=False,
+        description='Has an email been sent to user to inform him about '
+                    'this new workspace registration and eventually his account'
+                    'creation'
+    )
+
+
 class ApplicationConfigSchema(marshmallow.Schema):
     pass
     #  TODO - G.M - 24-05-2018 - Set this
     )
 
 
+class ReadStatusSchema(marshmallow.Schema):
+    content_id = marshmallow.fields.Int(
+        example=6,
+        validate=Range(min=1, error="Value must be greater than 0"),
+    )
+    read_by_user = marshmallow.fields.Bool(example=False, default=False)
 #####
 # Content
 #####
     )
 
 
+class FileInfoAbstractSchema(marshmallow.Schema):
+    raw_content = marshmallow.fields.String(
+        description='raw text or html description of the file'
+    )
+
+
 class TextBasedContentSchema(ContentSchema, TextBasedDataAbstractSchema):
     pass
 
 
+class FileContentSchema(ContentSchema, FileInfoAbstractSchema):
+    pass
+
 #####
 # Revision
 #####
         example=12,
         validate=Range(min=1, error="Value must be greater than 0"),
     )
+    revision_type = marshmallow.fields.String(
+        example=ActionDescription.CREATION,
+        validate=OneOf(ActionDescription.allowed_values()),
+    )
     created = marshmallow.fields.DateTime(
         format=DATETIME_FORMAT,
         description='Content creation date',
     pass
 
 
+class FileRevisionSchema(RevisionSchema, FileInfoAbstractSchema):
+    pass
+
+
 class CommentSchema(marshmallow.Schema):
     content_id = marshmallow.fields.Int(
         example=6,
         return TextBasedContentUpdate(**data)
 
 
+class FileContentModifySchema(TextBasedContentModifySchema):
+    pass
+
+
 class SetContentStatusSchema(marshmallow.Schema):
     status = marshmallow.fields.Str(
         example='closed-deprecated',

tracim/views/core_api/user_controller.py

-import transaction
 from pyramid.config import Configurator
-
 try:  # Python 3.5+
     from http import HTTPStatus
 except ImportError:
     from http import client as HTTPStatus
 
-from tracim import hapic, TracimRequest
-
-from tracim.exceptions import WrongUserPassword, PasswordDoNotMatch
-from tracim.lib.core.group import GroupApi
-from tracim.lib.utils.authorization import require_same_user_or_profile
-from tracim.lib.utils.authorization import require_profile
+from tracim import hapic
+from tracim import TracimRequest
 from tracim.models import Group
-from tracim.models.context_models import WorkspaceInContext
+from tracim.lib.core.group import GroupApi
 from tracim.lib.core.user import UserApi
 from tracim.lib.core.workspace import WorkspaceApi
+from tracim.lib.core.content import ContentApi
 from tracim.views.controllers import Controller
-from tracim.views.core_api.schemas import UserIdPathSchema
+from tracim.lib.utils.authorization import require_same_user_or_profile
+from tracim.lib.utils.authorization import require_profile
+from tracim.exceptions import WrongUserPassword
+from tracim.exceptions import PasswordDoNotMatch
 from tracim.views.core_api.schemas import UserSchema
 from tracim.views.core_api.schemas import SetEmailSchema
 from tracim.views.core_api.schemas import SetPasswordSchema
 from tracim.views.core_api.schemas import UserInfosSchema
-from tracim.views.core_api.schemas import NoContentSchema
 from tracim.views.core_api.schemas import UserCreationSchema
 from tracim.views.core_api.schemas import UserProfileSchema
+from tracim.views.core_api.schemas import UserIdPathSchema
+from tracim.views.core_api.schemas import ReadStatusSchema
+from tracim.views.core_api.schemas import ContentIdsQuerySchema
+from tracim.views.core_api.schemas import NoContentSchema
+from tracim.views.core_api.schemas import UserWorkspaceIdPathSchema
+from tracim.views.core_api.schemas import UserWorkspaceAndContentIdPathSchema
+from tracim.views.core_api.schemas import ContentDigestSchema
+from tracim.views.core_api.schemas import ActiveContentFilterQuerySchema
 from tracim.views.core_api.schemas import WorkspaceDigestSchema
 
 USER_ENDPOINTS_TAG = 'Users'
         """
         app_config = request.registry.settings['CFG']
         wapi = WorkspaceApi(
-            current_user=request.current_user,  # User
+            current_user=request.candidate_user,  # User
             session=request.dbsession,
             config=app_config,
         )
         
         workspaces = wapi.get_all_for_user(request.candidate_user)
         return [
-            WorkspaceInContext(workspace, request.dbsession, app_config)
+            wapi.get_workspace_with_context(workspace)
             for workspace in workspaces
         ]
 
         )
         return
 
+    @hapic.with_api_doc(tags=[USER_ENDPOINTS_TAG])
+    @require_same_user_or_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserWorkspaceIdPathSchema())
+    @hapic.input_query(ActiveContentFilterQuerySchema())
+    @hapic.output_body(ContentDigestSchema(many=True))
+    def last_active_content(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        Get last_active_content for user
+        """
+        app_config = request.registry.settings['CFG']
+        content_filter = hapic_data.query
+        api = ContentApi(
+            current_user=request.candidate_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        wapi = WorkspaceApi(
+            current_user=request.candidate_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        workspace = None
+        if hapic_data.path.workspace_id:
+            workspace = wapi.get_one(hapic_data.path.workspace_id)
+        last_actives = api.get_last_active(
+            workspace=workspace,
+            limit=content_filter.limit or None,
+            before_datetime=content_filter.before_datetime or None,
+        )
+        return [
+            api.get_content_in_context(content)
+            for content in last_actives
+        ]
+
+    @hapic.with_api_doc(tags=[USER_ENDPOINTS_TAG])
+    @require_same_user_or_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserWorkspaceIdPathSchema())
+    @hapic.input_query(ContentIdsQuerySchema(), as_list=['contents_ids'])
+    @hapic.output_body(ReadStatusSchema(many=True))  # nopep8
+    def contents_read_status(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        get user_read status of contents
+        """
+        app_config = request.registry.settings['CFG']
+        content_filter = hapic_data.query
+        api = ContentApi(
+            current_user=request.candidate_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        wapi = WorkspaceApi(
+            current_user=request.candidate_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        workspace = None
+        if hapic_data.path.workspace_id:
+            workspace = wapi.get_one(hapic_data.path.workspace_id)
+        last_actives = api.get_last_active(
+            workspace=workspace,
+            limit=None,
+            before_datetime=None,
+            content_ids=hapic_data.query.contents_ids or None
+        )
+        return [
+            api.get_content_in_context(content)
+            for content in last_actives
+        ]
+
+    @hapic.with_api_doc(tags=[USER_ENDPOINTS_TAG])
+    @require_same_user_or_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserWorkspaceAndContentIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def set_content_as_read(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        set user_read status of content to read
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.candidate_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        api.mark_read(request.current_content, do_flush=True)
+        return
+
+    @hapic.with_api_doc(tags=[USER_ENDPOINTS_TAG])
+    @require_same_user_or_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserWorkspaceAndContentIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def set_content_as_unread(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        set user_read status of content to unread
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.candidate_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        api.mark_unread(request.current_content, do_flush=True)
+        return
+
+    @hapic.with_api_doc(tags=[USER_ENDPOINTS_TAG])
+    @require_same_user_or_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserWorkspaceIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def set_workspace_as_read(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        set user_read status of all content of workspace to read
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.candidate_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        api.mark_read__workspace(request.current_workspace)
+        return
+
     def bind(self, configurator: Configurator) -> None:
         """
         Create all routes and views using pyramid configurator
         # set user profile
         configurator.add_route('set_user_profile', '/users/{user_id}/profile', request_method='PUT')  # nopep8
         configurator.add_view(self.set_profile, route_name='set_user_profile')
+
+        # user content
+        configurator.add_route('contents_read_status', '/users/{user_id}/workspaces/{workspace_id}/contents/read_status', request_method='GET')  # nopep8
+        configurator.add_view(self.contents_read_status, route_name='contents_read_status')  # nopep8
+        # last active content for user
+        configurator.add_route('last_active_content', '/users/{user_id}/workspaces/{workspace_id}/contents/recently_active', request_method='GET')  # nopep8
+        configurator.add_view(self.last_active_content, route_name='last_active_content')  # nopep8
+
+        # set content as read/unread
+        configurator.add_route('read_content', '/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read', request_method='PUT')  # nopep8
+        configurator.add_view(self.set_content_as_read, route_name='read_content')  # nopep8
+        configurator.add_route('unread_content', '/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread', request_method='PUT')  # nopep8
+        configurator.add_view(self.set_content_as_unread, route_name='unread_content')  # nopep8
+
+        # set workspace as read
+        configurator.add_route('read_workspace', '/users/{user_id}/workspaces/{workspace_id}/read', request_method='PUT')  # nopep8
+        configurator.add_view(self.set_workspace_as_read, route_name='read_workspace')  # nopep8

tracim/views/core_api/workspace_controller.py

 import typing
 import transaction
 from pyramid.config import Configurator
+
+from tracim.lib.core.user import UserApi
+from tracim.models.roles import WorkspaceRoles
+
 try:  # Python 3.5+
     from http import HTTPStatus
 except ImportError:
 from tracim.lib.core.content import ContentApi
 from tracim.lib.core.userworkspace import RoleApi
 from tracim.lib.utils.authorization import require_workspace_role
+from tracim.lib.utils.authorization import require_profile
+from tracim.models import Group
 from tracim.lib.utils.authorization import require_candidate_workspace_role
 from tracim.models.data import UserRoleInWorkspace
 from tracim.models.data import ActionDescription
 from tracim.models.context_models import UserRoleWorkspaceInContext
 from tracim.models.context_models import ContentInContext
 from tracim.exceptions import EmptyLabelNotAllowed
+from tracim.exceptions import EmailValidationFailed
+from tracim.exceptions import UserCreationFailed
+from tracim.exceptions import UserDoesNotExist
 from tracim.exceptions import ContentNotFound
 from tracim.exceptions import WorkspacesDoNotMatch
 from tracim.exceptions import ParentNotFound
 from tracim.views.controllers import Controller
 from tracim.views.core_api.schemas import FilterContentQuerySchema
+from tracim.views.core_api.schemas import WorkspaceMemberCreationSchema
+from tracim.views.core_api.schemas import WorkspaceMemberInviteSchema
+from tracim.views.core_api.schemas import RoleUpdateSchema
+from tracim.views.core_api.schemas import WorkspaceCreationSchema
+from tracim.views.core_api.schemas import WorkspaceModifySchema
+from tracim.views.core_api.schemas import WorkspaceAndUserIdPathSchema
 from tracim.views.core_api.schemas import ContentMoveSchema
 from tracim.views.core_api.schemas import NoContentSchema
 from tracim.views.core_api.schemas import ContentCreationSchema
         """
         Get workspace informations
         """
-        wid = hapic_data.path['workspace_id']
         app_config = request.registry.settings['CFG']
         wapi = WorkspaceApi(
             current_user=request.current_user,  # User
         return wapi.get_workspace_with_context(request.current_workspace)
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
+    @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST)
+    @require_workspace_role(UserRoleInWorkspace.WORKSPACE_MANAGER)
+    @hapic.input_path(WorkspaceIdPathSchema())
+    @hapic.input_body(WorkspaceModifySchema())
+    @hapic.output_body(WorkspaceSchema())
+    def update_workspace(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        Update workspace informations
+        """
+        app_config = request.registry.settings['CFG']
+        wapi = WorkspaceApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        wapi.update_workspace(
+            request.current_workspace,
+            label=hapic_data.body.label,
+            description=hapic_data.body.description,
+            save_now=True,
+        )
+        return wapi.get_workspace_with_context(request.current_workspace)
+
+    @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
+    @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST)
+    @require_profile(Group.TIM_MANAGER)
+    @hapic.input_body(WorkspaceCreationSchema())
+    @hapic.output_body(WorkspaceSchema())
+    def create_workspace(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        create workspace
+        """
+        app_config = request.registry.settings['CFG']
+        wapi = WorkspaceApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        workspace = wapi.create_workspace(
+            label=hapic_data.body.label,
+            description=hapic_data.body.description,
+            save_now=True,
+        )
+        return wapi.get_workspace_with_context(workspace)
+
+    @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
     @require_workspace_role(UserRoleInWorkspace.READER)
     @hapic.input_path(WorkspaceIdPathSchema())
     @hapic.output_body(WorkspaceMemberSchema(many=True))
         ]
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
+    @require_workspace_role(UserRoleInWorkspace.WORKSPACE_MANAGER)
+    @hapic.input_path(WorkspaceAndUserIdPathSchema())
+    @hapic.input_body(RoleUpdateSchema())
+    @hapic.output_body(WorkspaceMemberSchema())
+    def update_workspaces_members_role(
+            self,
+            context,
+            request: TracimRequest,
+            hapic_data=None
+    ) -> UserRoleWorkspaceInContext:
+        """
+        Update Members to this workspace
+        """
+        app_config = request.registry.settings['CFG']
+        rapi = RoleApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+
+        role = rapi.get_one(
+            user_id=hapic_data.path.user_id,
+            workspace_id=hapic_data.path.workspace_id,
+        )
+        workspace_role = WorkspaceRoles.get_role_from_slug(hapic_data.body.role)
+        role = rapi.update_role(
+            role,
+            role_level=workspace_role.level
+        )
+        return rapi.get_user_role_workspace_with_context(role)
+
+    @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
+    @hapic.handle_exception(UserCreationFailed, HTTPStatus.BAD_REQUEST)
+    @require_workspace_role(UserRoleInWorkspace.WORKSPACE_MANAGER)
+    @hapic.input_path(WorkspaceIdPathSchema())
+    @hapic.input_body(WorkspaceMemberInviteSchema())
+    @hapic.output_body(WorkspaceMemberCreationSchema())
+    def create_workspaces_members_role(
+            self,
+            context,
+            request: TracimRequest,
+            hapic_data=None
+    ) -> UserRoleWorkspaceInContext:
+        """
+        Add Members to this workspace
+        """
+        newly_created = False
+        email_sent = False
+        app_config = request.registry.settings['CFG']
+        rapi = RoleApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        uapi = UserApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        try:
+            _, user = uapi.find(
+                user_id=hapic_data.body.user_id,
+                email=hapic_data.body.user_email_or_public_name,
+                public_name=hapic_data.body.user_email_or_public_name
+            )
+        except UserDoesNotExist:
+            try:
+                # TODO - G.M - 2018-07-05 - [UserCreation] Reenable email
+                # notification for creation
+                user = uapi.create_user(
+                    hapic_data.body.user_email_or_public_name,
+                    do_notify=False
+                )  # nopep8
+                newly_created = True
+            except EmailValidationFailed:
+                raise UserCreationFailed('no valid mail given')
+        role = rapi.create_one(
+            user=user,
+            workspace=request.current_workspace,
+            role_level=WorkspaceRoles.get_role_from_slug(hapic_data.body.role).level,  # nopep8
+            with_notif=False,
+            flush=True,
+        )
+        return rapi.get_user_role_workspace_with_context(
+            role,
+            newly_created=newly_created,
+            email_sent=email_sent,
+        )
+
+    @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
     @require_workspace_role(UserRoleInWorkspace.READER)
     @hapic.input_path(WorkspaceIdPathSchema())
     @hapic.input_query(FilterContentQuerySchema())
         contents = api.get_all(
             parent_id=content_filter.parent_id,
             workspace=request.current_workspace,
+            content_type=content_filter.content_type or ContentType.Any,
         )
         contents = [
             api.get_content_in_context(content) for content in contents
             context,
             request: TracimRequest,
             hapic_data=None,
-    ) -> typing.List[ContentInContext]:
+    ) -> ContentInContext:
         """
         move a content
         """
             context,
             request: TracimRequest,
             hapic_data=None,
-    ) -> typing.List[ContentInContext]:
+    ) -> None:
         """
         delete a content
         """
             context,
             request: TracimRequest,
             hapic_data=None,
-    ) -> typing.List[ContentInContext]:
+    ) -> None:
         """
         undelete a content
         """
             context,
             request: TracimRequest,
             hapic_data=None,
-    ) -> typing.List[ContentInContext]:
+    ) -> None:
         """
         archive a content
         """
             session=request.dbsession,
             config=app_config,
         )
-        content = api.get_one(path_data.content_id, content_type=ContentType.Any)
+        content = api.get_one(path_data.content_id, content_type=ContentType.Any)  # nopep8
         with new_revision(
                 session=request.dbsession,
                 tm=transaction.manager,
             context,
             request: TracimRequest,
             hapic_data=None,
-    ) -> typing.List[ContentInContext]:
+    ) -> None:
         """
         unarchive a content
         """
         # Workspace
         configurator.add_route('workspace', '/workspaces/{workspace_id}', request_method='GET')  # nopep8
         configurator.add_view(self.workspace, route_name='workspace')
+        # Create workspace
+        configurator.add_route('create_workspace', '/workspaces', request_method='POST')  # nopep8
+        configurator.add_view(self.create_workspace, route_name='create_workspace')  # nopep8
+        # Update Workspace
+        configurator.add_route('update_workspace', '/workspaces/{workspace_id}', request_method='PUT')  # nopep8
+        configurator.add_view(self.update_workspace, route_name='update_workspace')  # nopep8
         # Workspace Members (Roles)
         configurator.add_route('workspace_members', '/workspaces/{workspace_id}/members', request_method='GET')  # nopep8
         configurator.add_view(self.workspaces_members, route_name='workspace_members')  # nopep8
+        # Update Workspace Members roles
+        configurator.add_route('update_workspace_member', '/workspaces/{workspace_id}/members/{user_id}', request_method='PUT')  # nopep8
+        configurator.add_view(self.update_workspaces_members_role, route_name='update_workspace_member')  # nopep8
+        # Create Workspace Members roles
+        configurator.add_route('create_workspace_member', '/workspaces/{workspace_id}/members', request_method='POST')  # nopep8
+        configurator.add_view(self.create_workspaces_members_role, route_name='create_workspace_member')  # nopep8
         # Workspace Content
         configurator.add_route('workspace_content', '/workspaces/{workspace_id}/contents', request_method='GET')  # nopep8
         configurator.add_view(self.workspace_content, route_name='workspace_content')  # nopep8