Merge pull request #91 from tracim/feature/598_comment_htmlpage_thread_contents_endpoints

README.md

     # launch your favorite web-browser
     firefox http://localhost:6543/api/v2/doc/
 
+## Roles, profile and access rights
+
+In Tracim, only some user can access to some informations, this is also true in
+Tracim REST API. you can check the [roles documentation](doc/roles.md) to check
+what a specific user can do.
+
+
 CI
 ---
 

doc/roles.md

+# Introduction
+
+In Tracim, you have 2 system of "roles".
+
+One is global to whole tracim instance and is called "global profile" (Groups).
+The other is workspace related and is called "workspace role".
+
+## Global profile
+
+
+|                               | Normal User | Managers    | Admin   |
+|-------------------------------|-------------|-------------|---------|
+| participate to workspaces     |  yes        | yes         | yes     |
+| access to tracim apps         |  yes        | yes         | yes     |
+|-------------------------------|-------------|-------------|---------|
+| create workspace              |  no         | yes         | yes     |
+| invite user to tracim         |  no         | yes, if manager of a given workspace         | yes     |
+|-------------------------------|-------------|-------------|---------|
+| set user global profile rights|  no         | no          | yes     |
+| deactivate user               |  no         | no          | yes     |
+|-------------------------------|-------------|-------------|---------|
+| access to all user data (/users/{user_id} endpoints) |personal-only|personal-only| yes     |
+
+
+## Workspace Roles
+
+
+|                              | Reader | Contributor | Content Manager | Workspace Manager |
+|------------------------------|--------|-------------|-----------------|-------------------|
+| read content                 |  yes   | yes         | yes             | yes               |
+|------------------------------|--------|-------------|-----------------|-------------------|
+| create content               |  no    | yes         | yes             | yes               |
+| edit content                 |  no    | yes         | yes             | yes               |
+| copy content                 |  no    | yes         | yes             | yes               |
+| comments content             |  no    | yes         | yes             | yes               |
+| update content status        |  no    | yes         | yes             | yes               |
+-------------------------------|--------|-------------|-----------------|-------------------|
+| move content                 |  no    | no          | yes             | yes               |
+| archive content              |  no    | no          | yes             | yes               |
+| delete content               |  no    | no          | yes             | yes               |
+|------------------------------|--------|-------------|-----------------|-------------------|
+| edit workspace               |  no    | no          | no              | yes               |
+| invite users (to workspace)  |  no    | no          | no              | yes               |
+| set user workspace role      |  no    | no          | no              | yes               |
+| revoke users (from workspace)|  no    | no          | no              | yes               |
+|------------------------------|--------|-------------|-----------------|-------------------|
+| modify comments              |  no    | owner       | owner             | yes             |
+| delete comments              |  no    | owner       | owner             | yes             |
+ 
+ 

tracim/__init__.py

 from tracim.lib.utils.authorization import TRACIM_DEFAULT_PERM
 from tracim.lib.webdav import WebdavAppFactory
 from tracim.views import BASE_API_V2
+from tracim.views.contents_api.html_document_controller import HTMLDocumentController  # nopep8
+from tracim.views.contents_api.threads_controller import ThreadController
 from tracim.views.core_api.session_controller import SessionController
 from tracim.views.core_api.system_controller import SystemController
 from tracim.views.core_api.user_controller import UserController
 from tracim.views.core_api.workspace_controller import WorkspaceController
+from tracim.views.contents_api.comment_controller import CommentController
 from tracim.views.errors import ErrorSchema
 from tracim.lib.utils.cors import add_cors_support
 
     system_controller = SystemController()
     user_controller = UserController()
     workspace_controller = WorkspaceController()
+    comment_controller = CommentController()
+    html_document_controller = HTMLDocumentController()
+    thread_controller = ThreadController()
     configurator.include(session_controller.bind, route_prefix=BASE_API_V2)
     configurator.include(system_controller.bind, route_prefix=BASE_API_V2)
     configurator.include(user_controller.bind, route_prefix=BASE_API_V2)
     configurator.include(workspace_controller.bind, route_prefix=BASE_API_V2)
+    configurator.include(comment_controller.bind, route_prefix=BASE_API_V2)
+    configurator.include(html_document_controller.bind, route_prefix=BASE_API_V2)  # nopep8
+    configurator.include(thread_controller.bind, route_prefix=BASE_API_V2)
+
     hapic.add_documentation_view(
         '/api/v2/doc',
         'Tracim v2 API',

tracim/exceptions.py

     pass
 
 
-class InsufficientUserWorkspaceRole(TracimException):
+class InsufficientUserRoleInWorkspace(TracimException):
     pass
 
 
     pass
 
 
+class ContentNotFoundInTracimRequest(TracimException):
+    pass
+
+
+class ContentNotFound(TracimException):
+    pass
+
+
+class ContentTypeNotAllowed(TracimException):
+    pass
+
+
 class WorkspacesDoNotMatch(TracimException):
     pass

tracim/fixtures/content.py

         bob = self._session.query(models.User) \
             .filter(models.User.email == 'bob@fsf.local') \
             .one()
+        john_the_reader = self._session.query(models.User) \
+            .filter(models.User.email == 'john-the-reader@reader.local') \
+            .one()
+
         admin_workspace_api = WorkspaceApi(
             current_user=admin,
             session=self._session,
             session=self._session,
             config=self._config
         )
+        bob_content_api = ContentApi(
+            current_user=bob,
+            session=self._session,
+            config=self._config
+        )
+        reader_content_api = ContentApi(
+            current_user=john_the_reader,
+            session=self._session,
+            config=self._config
+        )
         role_api = RoleApi(
             current_user=admin,
             session=self._session,
             role_level=UserRoleInWorkspace.CONTENT_MANAGER,
             with_notif=False,
         )
+        role_api.create_one(
+            user=john_the_reader,
+            workspace=recipe_workspace,
+            role_level=UserRoleInWorkspace.READER,
+            with_notif=False,
+        )
         # Folders
 
         tool_workspace = content_api.create(
             content_type=ContentType.Page,
             workspace=recipe_workspace,
             parent=dessert_folder,
-            label='Tiramisu Recipe',
+            label='Tiramisu Recipes!!!',
             do_save=True,
             do_notify=False,
         )
+        with new_revision(
+                session=self._session,
+                tm=transaction.manager,
+                content=tiramisu_page,
+        ):
+            content_api.update_content(
+                item=tiramisu_page,
+                new_content='<p>To cook a greet Tiramisu, you need many ingredients.</p>',  # nopep8
+                new_label='Tiramisu Recipes!!!',
+            )
+            content_api.save(tiramisu_page)
+
         best_cake_thread = content_api.create(
             content_type=ContentType.Thread,
             workspace=recipe_workspace,
             parent=dessert_folder,
-            label='Best Cakes ?',
+            label='Best Cake',
             do_save=False,
             do_notify=False,
         )
-        best_cake_thread.description = 'What is the best cake ?'
+        best_cake_thread.description = 'Which is the best cake?'
         self._session.add(best_cake_thread)
         apple_pie_recipe = content_api.create(
             content_type=ContentType.File,
             content_api.delete(bad_fruit_salad)
         content_api.save(bad_fruit_salad)
 
+        content_api.create_comment(
+            parent=best_cake_thread,
+            content='<p>What is for you the best cake ever? </br> I personnally vote for Chocolate cupcake!</p>',  # nopep8
+            do_save=True,
+        )
+        bob_content_api.create_comment(
+            parent=best_cake_thread,
+            content='<p>What about Apple Pie? There are Awesome!</p>',
+            do_save=True,
+        )
+        reader_content_api.create_comment(
+            parent=best_cake_thread,
+            content='<p>You are right, but Kouign-amann are clearly better.</p>',
+            do_save=True,
+        )
+        with new_revision(
+                session=self._session,
+                tm=transaction.manager,
+                content=best_cake_thread,
+        ):
+            bob_content_api.update_content(
+                item=best_cake_thread,
+                new_content='What is the best cake?',
+                new_label='Best Cakes?',
+            )
+            bob_content_api.save(best_cake_thread)
 
+        with new_revision(
+                session=self._session,
+                tm=transaction.manager,
+                content=tiramisu_page,
+        ):
+            bob_content_api.update_content(
+                item=tiramisu_page,
+                new_content='<p>To cook a great Tiramisu, you need many ingredients.</p>',  # nopep8
+                new_label='Tiramisu Recipe',
+            )
+            bob_content_api.save(tiramisu_page)
         self._session.flush()

tracim/fixtures/users_and_groups.py

         bob.password = 'foobarbaz'
         self._session.add(bob)
         g2.users.append(bob)
+
+        g1 = self._session.query(models.Group).\
+            filter(models.Group.group_name == 'users').one()
+        reader = models.User()
+        reader.display_name = 'John Reader'
+        reader.email = 'john-the-reader@reader.local'
+        reader.password = 'read'
+        self._session.add(reader)
+        g1.users.append(reader)

tracim/lib/core/content.py

 from sqlalchemy.orm import aliased
 from sqlalchemy.orm import joinedload
 from sqlalchemy.orm.attributes import get_history
+from sqlalchemy.orm.exc import NoResultFound
 from sqlalchemy.orm.session import Session
 from sqlalchemy import desc
 from sqlalchemy import distinct
 from tracim.lib.utils.utils import cmp_to_key
 from tracim.lib.core.notifications import NotifierFactory
 from tracim.exceptions import SameValueError
+from tracim.exceptions import ContentNotFound
 from tracim.exceptions import WorkspacesDoNotMatch
 from tracim.lib.utils.utils import current_date_for_filename
 from tracim.models.revision_protection import new_revision
 from tracim.models.data import UserRoleInWorkspace
 from tracim.models.data import Workspace
 from tracim.lib.utils.translation import fake_translator as _
+from tracim.models.context_models import RevisionInContext
 from tracim.models.context_models import ContentInContext
 
-
 __author__ = 'damien'
 
 
         ContentType.Comment,
         ContentType.Thread,
         ContentType.Page,
+        ContentType.PageLegacy,
         ContentType.MarkdownPage,
     )
 
             self._show_deleted = previous_show_deleted
             self._show_temporary = previous_show_temporary
 
-    def get_content_in_context(self, content: Content):
+    def get_content_in_context(self, content: Content) -> ContentInContext:
         return ContentInContext(content, self._session, self._config)
 
-    def get_revision_join(self) -> sqlalchemy.sql.elements.BooleanClauseList:
+    def get_revision_in_context(self, revision: ContentRevisionRO) -> RevisionInContext:  # nopep8
+        # TODO - G.M - 2018-06-173 - create revision in context object
+        return RevisionInContext(revision, self._session, self._config)
+    
+    def _get_revision_join(self) -> sqlalchemy.sql.elements.BooleanClauseList:
         """
         Return the Content/ContentRevision query join condition
         :return: Content/ContentRevision query join condition
         :return: Content/ContentRevision Query
         """
         return self._session.query(Content)\
-            .join(ContentRevisionRO, self.get_revision_join())
+            .join(ContentRevisionRO, self._get_revision_join())
 
     @classmethod
     def sort_tree_items(
         item = Content()
         item.owner = self._user
         item.parent = parent
+        if parent and not workspace:
+            workspace = item.parent.workspace
         item.workspace = workspace
         item.type = ContentType.Comment
         item.description = content
 
         return content
 
-    def get_one(self, content_id: int, content_type: str, workspace: Workspace=None) -> Content:
+    def get_one(self, content_id: int, content_type: str, workspace: Workspace=None, parent: Content=None) -> Content:
 
         if not content_id:
             return None
 
-        if content_type==ContentType.Any:
-            return self._base_query(workspace).filter(Content.content_id==content_id).one()
+        base_request = self._base_query(workspace).filter(Content.content_id==content_id)
+
+        if content_type!=ContentType.Any:
+            base_request = base_request.filter(Content.type==content_type)
 
-        return self._base_query(workspace).filter(Content.content_id==content_id).filter(Content.type==content_type).one()
+        if parent:
+            base_request = base_request.filter(Content.parent_id==parent.content_id)  # nopep8
+
+        try:
+            content = base_request.one()
+        except NoResultFound as exc:
+            raise ContentNotFound('Content "{}" not found in database'.format(content_id)) from exc  # nopep8
+        return content
 
     def get_one_revision(self, revision_id: int = None) -> ContentRevisionRO:
         """

tracim/lib/utils/authorization.py

 # -*- coding: utf-8 -*-
+import typing
 from typing import TYPE_CHECKING
 import functools
 from pyramid.interfaces import IAuthorizationPolicy
 from zope.interface import implementer
+
+from tracim.models.contents import NewContentType
+from tracim.models.context_models import ContentInContext
+
 try:
     from json.decoder import JSONDecodeError
 except ImportError:  # python3.4
     JSONDecodeError = ValueError
 
-from tracim.exceptions import InsufficientUserWorkspaceRole
+from tracim.models.contents import ContentTypeLegacy as ContentType
+from tracim.exceptions import InsufficientUserRoleInWorkspace
+from tracim.exceptions import ContentTypeNotAllowed
 from tracim.exceptions import InsufficientUserProfile
 if TYPE_CHECKING:
     from tracim import TracimRequest
 # We prefer to use decorators
 
 
-def require_same_user_or_profile(group: int):
+def require_same_user_or_profile(group: int) -> typing.Callable:
     """
     Decorator for view to restrict access of tracim request if candidate user
     is distinct from authenticated user and not with high enough profile.
     like Group.TIM_USER or Group.TIM_MANAGER
     :return:
     """
-    def decorator(func):
+    def decorator(func: typing.Callable) -> typing.Callable:
         @functools.wraps(func)
-        def wrapper(self, context, request: 'TracimRequest'):
+        def wrapper(self, context, request: 'TracimRequest') -> typing.Callable:
             auth_user = request.current_user
             candidate_user = request.candidate_user
             if auth_user.user_id == candidate_user.user_id or \
     return decorator
 
 
-def require_profile(group: int):
+def require_profile(group: int) -> typing.Callable:
     """
     Decorator for view to restrict access of tracim request if profile is
     not high enough
     like Group.TIM_USER or Group.TIM_MANAGER
     :return:
     """
-    def decorator(func):
+    def decorator(func: typing.Callable) -> typing.Callable:
         @functools.wraps(func)
-        def wrapper(self, context, request: 'TracimRequest'):
+        def wrapper(self, context, request: 'TracimRequest') -> typing.Callable:
             user = request.current_user
             if user.profile.id >= group:
                 return func(self, context, request)
     return decorator
 
 
-def require_workspace_role(minimal_required_role: int):
+def require_workspace_role(minimal_required_role: int) -> typing.Callable:
     """
     Restricts access to endpoint to minimal role or raise an exception.
     Check role for current_workspace.
     UserRoleInWorkspace.CONTRIBUTOR or UserRoleInWorkspace.READER
     :return: decorator
     """
-    def decorator(func):
+    def decorator(func: typing.Callable) -> typing.Callable:
         @functools.wraps(func)
-        def wrapper(self, context, request: 'TracimRequest'):
+        def wrapper(self, context, request: 'TracimRequest') -> typing.Callable:
             user = request.current_user
             workspace = request.current_workspace
             if workspace.get_user_role(user) >= minimal_required_role:
                 return func(self, context, request)
-            raise InsufficientUserWorkspaceRole()
+            raise InsufficientUserRoleInWorkspace()
 
         return wrapper
     return decorator
 
 
-def require_candidate_workspace_role(minimal_required_role: int):
+def require_candidate_workspace_role(minimal_required_role: int) -> typing.Callable:  # nopep8
     """
     Restricts access to endpoint to minimal role or raise an exception.
     Check role for candidate_workspace.
     UserRoleInWorkspace.CONTRIBUTOR or UserRoleInWorkspace.READER
     :return: decorator
     """
-    def decorator(func):
+    def decorator(func: typing.Callable) -> typing.Callable:
 
-        def wrapper(self, context, request: 'TracimRequest'):
+        def wrapper(self, context, request: 'TracimRequest') -> typing.Callable:
             user = request.current_user
             workspace = request.candidate_workspace
 
             if workspace.get_user_role(user) >= minimal_required_role:
                 return func(self, context, request)
-            raise InsufficientUserWorkspaceRole()
+            raise InsufficientUserRoleInWorkspace()
+
+        return wrapper
+    return decorator
+
+
+def require_content_types(content_types: typing.List['NewContentType']) -> typing.Callable:  # nopep8
+    """
+    Restricts access to specific file type or raise an exception.
+    Check role for candidate_workspace.
+    :param content_types: list of NewContentType object
+    :return: decorator
+    """
+    def decorator(func: typing.Callable) -> typing.Callable:
+        @functools.wraps(func)
+        def wrapper(self, context, request: 'TracimRequest') -> typing.Callable:
+            content = request.current_content
+            current_content_type_slug = ContentType(content.type).slug
+            content_types_slug = [content_type.slug for content_type in content_types]  # nopep8
+            if current_content_type_slug in content_types_slug:
+                return func(self, context, request)
+            raise ContentTypeNotAllowed()
+        return wrapper
+    return decorator
 
+
+def require_comment_ownership_or_role(
+        minimal_required_role_for_owner: int,
+        minimal_required_role_for_anyone: int,
+) -> typing.Callable:
+    """
+    Decorator for view to restrict access of tracim request if role is
+    not high enough and user is not owner of the current_content
+    :param minimal_required_role_for_owner: minimal role for owner
+    of current_content to access to this view
+    :param minimal_required_role_for_anyone: minimal role for anyone to
+    access to this view.
+    :return:
+    """
+    def decorator(func: typing.Callable) -> typing.Callable:
+        @functools.wraps(func)
+        def wrapper(self, context, request: 'TracimRequest') -> typing.Callable:
+            user = request.current_user
+            workspace = request.current_workspace
+            comment = request.current_comment
+            # INFO - G.M - 2018-06-178 - find minimal role required
+            if comment.owner.user_id == user.user_id:
+                minimal_required_role = minimal_required_role_for_owner
+            else:
+                minimal_required_role = minimal_required_role_for_anyone
+            # INFO - G.M - 2018-06-178 - normal role test
+            if workspace.get_user_role(user) >= minimal_required_role:
+                return func(self, context, request)
+            raise InsufficientUserRoleInWorkspace()
         return wrapper
     return decorator

tracim/lib/utils/request.py

 from pyramid.request import Request
 from sqlalchemy.orm.exc import NoResultFound
 
-from tracim.exceptions import NotAuthenticated
+from tracim.exceptions import NotAuthenticated, ContentNotFound
+from tracim.exceptions import ContentNotFoundInTracimRequest
 from tracim.exceptions import WorkspaceNotFoundInTracimRequest
 from tracim.exceptions import UserNotFoundInTracimRequest
 from tracim.exceptions import UserDoesNotExist
 from tracim.exceptions import WorkspaceNotFound
 from tracim.exceptions import ImmutableAttribute
+from tracim.models.contents import ContentTypeLegacy as ContentType
+from tracim.lib.core.content import ContentApi
 from tracim.lib.core.user import UserApi
 from tracim.lib.core.workspace import WorkspaceApi
 from tracim.lib.utils.authorization import JSONDecodeError
 
 from tracim.models import User
 from tracim.models.data import Workspace
+from tracim.models.data import Content
 
 
 class TracimRequest(Request):
             decode_param_names,
             **kw
         )
+        # Current comment, found in request path
+        self._current_comment = None  # type: Content
+
+        # Current content, found in request path
+        self._current_content = None  # type: Content
+
         # Current workspace, found in request path
         self._current_workspace = None  # type: Workspace
 
         :return: Workspace of the request
         """
         if self._current_workspace is None:
-            self._current_workspace = self._get_current_workspace(self.current_user, self)
+            self._current_workspace = self._get_current_workspace(self.current_user, self)   # nopep8
         return self._current_workspace
 
     @current_workspace.setter
             )
         self._current_user = user
 
+    @property
+    def current_content(self) -> Content:
+        """
+        Get current  content from path
+        """
+        if self._current_content is None:
+            self._current_content = self._get_current_content(
+                self.current_user,
+                self.current_workspace,
+                self
+                )
+        return self._current_content
+
+    @current_content.setter
+    def current_content(self, content: Content) -> None:
+        if self._current_content is not None:
+            raise ImmutableAttribute(
+                "Can't modify already setted current_content"
+            )
+        self._current_content = content
+
+    @property
+    def current_comment(self) -> Content:
+        """
+        Get current comment from path
+        """
+        if self._current_comment is None:
+            self._current_comment = self._get_current_comment(
+                self.current_user,
+                self.current_workspace,
+                self.current_content,
+                self
+                )
+        return self._current_comment
+
+    @current_comment.setter
+    def current_comment(self, content: Content) -> None:
+        if self._current_comment is not None:
+            raise ImmutableAttribute(
+                "Can't modify already setted current_content"
+            )
+        self._current_comment = content
     # TODO - G.M - 24-05-2018 - Find a better naming for this ?
+
     @property
     def candidate_user(self) -> User:
         """
         self._current_workspace = None
         self.dbsession.close()
 
-
     @candidate_user.setter
     def candidate_user(self, user: User) -> None:
         if self._candidate_user is not None:
     ###
     # Utils for TracimRequest
     ###
+    def _get_current_comment(
+            self,
+            user: User,
+            workspace: Workspace,
+            content: Content,
+            request: 'TracimRequest'
+    ) -> Content:
+        """
+        Get current content from request
+        :param user: User who want to check the workspace
+        :param workspace: Workspace of the content
+        :param content: comment is related to this content
+        :param request: pyramid request
+        :return: current content
+        """
+        comment_id = ''
+        try:
+            if 'comment_id' in request.matchdict:
+                comment_id = int(request.matchdict['comment_id'])
+            if not comment_id:
+                raise ContentNotFoundInTracimRequest('No comment_id property found in request')  # nopep8
+            api = ContentApi(
+                current_user=user,
+                session=request.dbsession,
+                config=request.registry.settings['CFG']
+            )
+            comment = api.get_one(
+                comment_id,
+                content_type=ContentType.Comment,
+                workspace=workspace,
+                parent=content,
+            )
+        except JSONDecodeError as exc:
+            raise ContentNotFound('Invalid JSON content') from exc
+        except NoResultFound as exc:
+            raise ContentNotFound(
+                'Comment {} does not exist '
+                'or is not visible for this user'.format(comment_id)
+            ) from exc
+        return comment
+
+    def _get_current_content(
+            self,
+            user: User,
+            workspace: Workspace,
+            request: 'TracimRequest'
+    ) -> Content:
+        """
+        Get current content from request
+        :param user: User who want to check the workspace
+        :param workspace: Workspace of the content
+        :param request: pyramid request
+        :return: current content
+        """
+        content_id = ''
+        try:
+            if 'content_id' in request.matchdict:
+                content_id = int(request.matchdict['content_id'])
+            if not content_id:
+                raise ContentNotFoundInTracimRequest('No content_id property found in request')  # nopep8
+            api = ContentApi(
+                current_user=user,
+                session=request.dbsession,
+                config=request.registry.settings['CFG']
+            )
+            content = api.get_one(content_id=content_id, workspace=workspace, content_type=ContentType.Any)  # nopep8
+        except JSONDecodeError as exc:
+            raise ContentNotFound('Invalid JSON content') from exc
+        except NoResultFound as exc:
+            raise ContentNotFound(
+                'Content {} does not exist '
+                'or is not visible for this user'.format(content_id)
+            ) from exc
+        return content
 
     def _get_candidate_user(
             self,
         """
         app_config = request.registry.settings['CFG']
         uapi = UserApi(None, session=request.dbsession, config=app_config)
-
+        login = ''
         try:
             login = None
             if 'user_id' in request.matchdict:
         """
         app_config = request.registry.settings['CFG']
         uapi = UserApi(None, session=request.dbsession, config=app_config)
+        login = ''
         try:
             login = request.authenticated_userid
             if not login:
             if 'workspace_id' in request.matchdict:
                 workspace_id = request.matchdict['workspace_id']
             if not workspace_id:
-                raise WorkspaceNotFoundInTracimRequest('No workspace_id property found in request')
+                raise WorkspaceNotFoundInTracimRequest('No workspace_id property found in request')  # nopep8
             wapi = WorkspaceApi(
                 current_user=user,
                 session=request.dbsession,
                 config=request.registry.settings['CFG']
             )
             workspace = wapi.get_one(workspace_id)
-        except JSONDecodeError:
-            raise WorkspaceNotFound('Bad json body')
-        except NoResultFound:
+        except JSONDecodeError as exc:
+            raise WorkspaceNotFound('Invalid JSON content') from exc
+        except NoResultFound as exc:
             raise WorkspaceNotFound(
                 'Workspace {} does not exist '
                 'or is not visible for this user'.format(workspace_id)
-            )
+            ) from exc
         return workspace
 
     def _get_candidate_workspace(
             if 'new_workspace_id' in request.json_body:
                 workspace_id = request.json_body['new_workspace_id']
             if not workspace_id:
-                raise WorkspaceNotFoundInTracimRequest('No new_workspace_id property found in body')
+                raise WorkspaceNotFoundInTracimRequest('No new_workspace_id property found in body')  # nopep8
             wapi = WorkspaceApi(
                 current_user=user,
                 session=request.dbsession,
                 config=request.registry.settings['CFG']
             )
             workspace = wapi.get_one(workspace_id)
-        except JSONDecodeError:
-            raise WorkspaceNotFound('Bad json body')
-        except NoResultFound:
+        except JSONDecodeError as exc:
+            raise WorkspaceNotFound('Invalid JSON content') from exc
+        except NoResultFound as exc:
             raise WorkspaceNotFound(
                 'Workspace {} does not exist '
                 'or is not visible for this user'.format(workspace_id)
-            )
+            ) from exc
         return workspace

tracim/lib/utils/utils.py

 
 from tracim.config import CFG
 
+DATETIME_FORMAT = '%Y-%m-%dT%H:%M:%SZ'
 DEFAULT_WEBDAV_CONFIG_FILE = "wsgidav.conf"
 DEFAULT_TRACIM_CONFIG_FILE = "development.ini"
 

tracim/models/applications.py

 calendar = Application(
     label='Calendar',
     slug='calendar',
-    fa_icon='calendar-alt',
+    fa_icon='calendar',
     hexcolor='#757575',
     is_active=True,
     config={},
 markdownpluspage = Application(
     label='Markdown Plus Documents',  # TODO - G.M - 24-05-2018 - Check label
     slug='contents/markdownpluspage',
-    fa_icon='file-code',
+    fa_icon='file-code-o',
     hexcolor='#f12d2d',
     is_active=True,
     config={},
     main_route='/#/workspaces/{workspace_id}/contents?type=markdownpluspage',
 )
 
-htmlpage = Application(
+html_documents = Application(
     label='Text Documents',  # TODO - G.M - 24-05-2018 - Check label
-    slug='contents/htmlpage',
+    slug='contents/html-documents',
     fa_icon='file-text-o',
     hexcolor='#3f52e3',
     is_active=True,
     config={},
-    main_route='/#/workspaces/{workspace_id}/contents?type=htmlpage',
+    main_route='/#/workspaces/{workspace_id}/contents?type=html-documents',
 )
 # TODO - G.M - 08-06-2018 - This is hardcoded lists of app, make this dynamic.
 # List of applications
 applications = [
-    htmlpage,
+    html_documents,
     markdownpluspage,
     _file,
     thread,

tracim/models/contents.py

 import typing
 from enum import Enum
 
-from tracim.exceptions import ContentStatusNotExist, ContentTypeNotExist
-from tracim.models.applications import htmlpage, _file, thread, markdownpluspage
+from tracim.exceptions import ContentTypeNotExist
+from tracim.exceptions import ContentStatusNotExist
+from tracim.models.applications import html_documents
+from tracim.models.applications import _file
+from tracim.models.applications import thread
+from tracim.models.applications import markdownpluspage
 
 
 ####
     slug='open',
     global_status=GlobalStatus.OPEN.value,
     label='Open',
-    fa_icon='fa-square-o',
-    hexcolor='#000FF',
+    fa_icon='square-o',
+    hexcolor='#3f52e3',
 )
 
 closed_validated_status = NewContentStatus(
     slug='closed-validated',
     global_status=GlobalStatus.CLOSED.value,
     label='Validated',
-    fa_icon='fa-check-square-o',
-    hexcolor='#000FF',
+    fa_icon='check-square-o',
+    hexcolor='#008000',
 )
 
 closed_unvalidated_status = NewContentStatus(
     slug='closed-unvalidated',
     global_status=GlobalStatus.CLOSED.value,
     label='Cancelled',
-    fa_icon='fa-close',
-    hexcolor='#000FF',
+    fa_icon='close',
+    hexcolor='#f63434',
 )
 
 closed_deprecated_status = NewContentStatus(
     slug='closed-deprecated',
     global_status=GlobalStatus.CLOSED.value,
     label='Deprecated',
-    fa_icon='fa-warning',
-    hexcolor='#000FF',
+    fa_icon='warning',
+    hexcolor='#ababab',
 )
 
 
     available_statuses=CONTENT_DEFAULT_STATUS,
 )
 
-htmlpage_type = NewContentType(
-    slug='page',
-    fa_icon=htmlpage.fa_icon,
-    hexcolor=htmlpage.hexcolor,
+html_documents_type = NewContentType(
+    slug='html-documents',
+    fa_icon=html_documents.fa_icon,
+    hexcolor=html_documents.hexcolor,
     label='Text Document',
     creation_label='Write a document',
     available_statuses=CONTENT_DEFAULT_STATUS,
     thread_type,
     file_type,
     markdownpluspage_type,
-    htmlpage_type,
+    html_documents_type,
     folder_type,
 ]
 
+# TODO - G.M - 31-05-2018 - Set Better Event params
+event_type = NewContentType(
+    slug='event',
+    fa_icon=thread.fa_icon,
+    hexcolor=thread.hexcolor,
+    label='Event',
+    creation_label='Event',
+    available_statuses=CONTENT_DEFAULT_STATUS,
+)
+
+# TODO - G.M - 31-05-2018 - Set Better Event params
+comment_type = NewContentType(
+    slug='comment',
+    fa_icon=thread.fa_icon,
+    hexcolor=thread.hexcolor,
+    label='Comment',
+    creation_label='Comment',
+    available_statuses=CONTENT_DEFAULT_STATUS,
+)
+
+CONTENT_DEFAULT_TYPE_SPECIAL = [
+    event_type,
+    comment_type,
+]
+
+ALL_CONTENTS_DEFAULT_TYPES = CONTENT_DEFAULT_TYPE + CONTENT_DEFAULT_TYPE_SPECIAL
+
 
 class ContentTypeLegacy(NewContentType):
     """
 
     File = file_type.slug
     Thread = thread_type.slug
-    Page = htmlpage_type.slug
+    Page = html_documents_type.slug
+    PageLegacy = 'page'
     MarkdownPage = markdownpluspage_type.slug
 
     def __init__(self, slug: str):
-        for content_type in CONTENT_DEFAULT_TYPE:
+        if slug == 'page':
+            slug = ContentTypeLegacy.Page
+        for content_type in ALL_CONTENTS_DEFAULT_TYPES:
             if slug == content_type.slug:
                 super(ContentTypeLegacy, self).__init__(
                     slug=content_type.slug,
 
     @classmethod
     def allowed_types(cls) -> typing.List[str]:
-        contents_types = [status.slug for status in CONTENT_DEFAULT_TYPE]
-        contents_types.extend([cls.Folder, cls.Event, cls.Comment])
+        contents_types = [status.slug for status in ALL_CONTENTS_DEFAULT_TYPES]
         return contents_types
 
     @classmethod
         # This method is used for showing only "main"
         # types in the left-side treeview
         contents_types = [status.slug for status in CONTENT_DEFAULT_TYPE]
-        contents_types.extend([cls.Folder])
         return contents_types
 
     # TODO - G.M - 30-05-2018 - This method don't do anything.

tracim/models/context_models.py

 from tracim.models import User
 from tracim.models.auth import Profile
 from tracim.models.data import Content
+from tracim.models.data import ContentRevisionRO
 from tracim.models.data import Workspace, UserRoleInWorkspace
 from tracim.models.workspace_menu_entries import default_workspace_menu_entry
 from tracim.models.workspace_menu_entries import WorkspaceMenuEntry
+from tracim.models.contents import ContentTypeLegacy as ContentType
 
 
 class MoveParams(object):
     """
-    Json body params for move action
+    Json body params for move action model
     """
-    def __init__(self, new_parent_id: str, new_workspace_id: str = None):
+    def __init__(self, new_parent_id: str, new_workspace_id: str = None) -> None:  # nopep8
         self.new_parent_id = new_parent_id
         self.new_workspace_id = new_workspace_id
 
 
 class LoginCredentials(object):
     """
-    Login credentials model for login
+    Login credentials model for login model
     """
 
-    def __init__(self, email: str, password: str):
+    def __init__(self, email: str, password: str) -> None:
         self.email = email
         self.password = password
 
 
 class WorkspaceAndContentPath(object):
     """
-    Paths params with workspace id and content_id
+    Paths params with workspace id and content_id model
     """
-    def __init__(self, workspace_id: int, content_id: int):
+    def __init__(self, workspace_id: int, content_id: int) -> None:
         self.content_id = content_id
         self.workspace_id = workspace_id
 
 
+class CommentPath(object):
+    """
+    Paths params with workspace id and content_id and comment_id model
+    """
+    def __init__(
+        self,
+        workspace_id: int,
+        content_id: int,
+        comment_id: int
+    ) -> None:
+        self.content_id = content_id
+        self.workspace_id = workspace_id
+        self.comment_id = comment_id
+
+
 class ContentFilter(object):
     """
     Content filter model
             show_archived: int = 0,
             show_deleted: int = 0,
             show_active: int = 1,
-    ):
+    ) -> None:
         self.parent_id = parent_id
         self.show_archived = bool(show_archived)
         self.show_deleted = bool(show_deleted)
             self,
             label: str,
             content_type: str,
-    ):
+    ) -> None:
         self.label = label
         self.content_type = content_type
 
 
+class CommentCreation(object):
+    """
+    Comment creation model
+    """
+    def __init__(
+            self,
+            raw_content: str,
+    ) -> None:
+        self.raw_content = raw_content
+
+
+class SetContentStatus(object):
+    """
+    Set content status
+    """
+    def __init__(
+            self,
+            status: str,
+    ) -> None:
+        self.status = status
+
+
+class HTMLDocumentUpdate(object):
+    """
+    Html Document update model
+    """
+    def __init__(
+            self,
+            label: str,
+            raw_content: str,
+    ) -> None:
+        self.label = label
+        self.raw_content = raw_content
+
+
+class ThreadUpdate(object):
+    """
+    Thread update model
+    """
+    def __init__(
+            self,
+            label: str,
+            raw_content: str,
+    ) -> None:
+        self.label = label
+        self.raw_content = raw_content
+
+
 class UserInContext(object):
     """
     Interface to get User data and User data related to context.
 
     @property
     def content_type(self) -> str:
-        return self.content.type
+        content_type = ContentType(self.content.type)
+        return content_type.slug
 
     @property
     def sub_content_types(self) -> typing.List[str]:
-        return [type.slug for type in self.content.get_allowed_content_types()]
+        return [_type.slug for _type in self.content.get_allowed_content_types()]  # nopep8
 
     @property
     def status(self) -> str:
     def is_deleted(self):
         return self.content.is_deleted
 
-    # Context-related
+    @property
+    def raw_content(self):
+        return self.content.description
+
+    @property
+    def author(self):
+        return UserInContext(
+            dbsession=self.dbsession,
+            config=self.config,
+            user=self.content.first_revision.owner
+        )
+
+    @property
+    def current_revision_id(self):
+        return self.content.revision_id
+
+    @property
+    def created(self):
+        return self.content.created
+
+    @property
+    def modified(self):
+        return self.updated
+
+    @property
+    def updated(self):
+        return self.content.updated
 
     @property
+    def last_modifier(self):
+        return UserInContext(
+            dbsession=self.dbsession,
+            config=self.config,
+            user=self.content.last_revision.owner
+        )
+
+    # Context-related
+    @property
     def show_in_ui(self):
         # TODO - G.M - 31-05-2018 - Enable Show_in_ui params
         # if false, then do not show content in the treeview.
     @property
     def slug(self):
         return slugify(self.content.label)
+
+
+class RevisionInContext(object):
+    """
+    Interface to get Content data and Content data related to context.
+    """
+
+    def __init__(self, content_revision: ContentRevisionRO, dbsession: Session, config: CFG):
+        assert content_revision is not None
+        self.revision = content_revision
+        self.dbsession = dbsession
+        self.config = config
+
+    # Default
+    @property
+    def content_id(self) -> int:
+        return self.revision.content_id
+
+    @property
+    def id(self) -> int:
+        return self.content_id
+
+    @property
+    def parent_id(self) -> int:
+        """
+        Return parent_id of the content
+        """
+        return self.revision.parent_id
+
+    @property
+    def workspace_id(self) -> int:
+        return self.revision.workspace_id
+
+    @property
+    def label(self) -> str:
+        return self.revision.label
+
+    @property
+    def content_type(self) -> str:
+        content_type = ContentType(self.revision.type)
+        if content_type:
+            return content_type.slug
+        else:
+            return None
+
+    @property
+    def sub_content_types(self) -> typing.List[str]:
+        return [_type.slug for _type
+                in self.revision.node.get_allowed_content_types()]
+
+    @property
+    def status(self) -> str:
+        return self.revision.status
+
+    @property
+    def is_archived(self) -> bool:
+        return self.revision.is_archived
+
+    @property
+    def is_deleted(self) -> bool:
+        return self.revision.is_deleted
+
+    @property
+    def raw_content(self) -> str:
+        return self.revision.description
+
+    @property
+    def author(self) -> UserInContext:
+        return UserInContext(
+            dbsession=self.dbsession,
+            config=self.config,
+            user=self.revision.owner
+        )
+
+    @property
+    def revision_id(self) -> int:
+        return self.revision.revision_id
+
+    @property
+    def created(self) -> datetime:
+        return self.updated
+
+    @property
+    def modified(self) -> datetime:
+        return self.updated
+
+    @property
+    def updated(self) -> datetime:
+        return self.revision.updated
+
+    @property
+    def next_revision(self) -> typing.Optional[ContentRevisionRO]:
+        """
+        Get next revision (later revision)
+        :return: next_revision
+        """
+        next_revision = None
+        revisions = self.revision.node.revisions
+        # INFO - G.M - 2018-06-177 - Get revisions more recent that
+        # current one
+        next_revisions = [
+            revision for revision in revisions
+            if revision.revision_id > self.revision.revision_id
+        ]
+        if next_revisions:
+            # INFO - G.M - 2018-06-177 -sort revisions by date
+            sorted_next_revisions = sorted(
+                next_revisions,
+                key=lambda revision: revision.updated
+            )
+            # INFO - G.M - 2018-06-177 - return only next revision
+            return sorted_next_revisions[0]
+        else:
+            return None
+
+    @property
+    def comment_ids(self) -> typing.List[int]:
+        """
+        Get list of ids of all current revision related comments
+        :return: list of comments ids
+        """
+        comments = self.revision.node.get_comments()
+        # INFO - G.M - 2018-06-177 - Get comments more recent than revision.
+        revision_comments = [
+            comment for comment in comments
+            if comment.created > self.revision.updated
+        ]
+        if self.next_revision:
+            # INFO - G.M - 2018-06-177 - if there is a revision more recent
+            # than current remove comments from theses rev (comments older
+            # than next_revision.)
+            revision_comments = [
+                comment for comment in revision_comments
+                if comment.created < self.next_revision.updated
+            ]
+        sorted_revision_comments = sorted(
+            revision_comments,
+            key=lambda revision: revision.created
+        )
+        comment_ids = []
+        for comment in sorted_revision_comments:
+            comment_ids.append(comment.content_id)
+        return comment_ids
+
+    # Context-related
+    @property
+    def show_in_ui(self) -> bool:
+        # TODO - G.M - 31-05-2018 - Enable Show_in_ui params
+        # if false, then do not show content in the treeview.
+        # This may his maybe used for specific contents or for sub-contents.
+        # Default is True.
+        # In first version of the API, this field is always True
+        return True
+
+    @property
+    def slug(self) -> str:
+        return slugify(self.revision.label)

tracim/models/data.py

 
     # TODO - G.M - 10-04-2018 - [Cleanup] Drop this
     _ICONS = {
-        'archiving': 'fa fa-archive',
-        'content-comment': 'fa-comment-o',
-        'creation': 'fa-magic',
-        'deletion': 'fa-trash',
-        'edition': 'fa-edit',
-        'revision': 'fa-history',
-        'status-update': 'fa-random',
-        'unarchiving': 'fa-file-archive-o',
-        'undeletion': 'fa-trash-o',
-        'move': 'fa-arrows',
-        'copy': 'fa-files-o',
+        'archiving': 'archive',
+        'content-comment': 'comment-o',
+        'creation': 'magic',
+        'deletion': 'trash',
+        'edition': 'edit',
+        'revision': 'history',
+        'status-update': 'random',
+        'unarchiving': 'file-archive-o',
+        'undeletion': 'trash-o',
+        'move': 'arrows',
+        'copy': 'files-o',
     }
     #
     # _LABELS = {
 
     revision_id = Column(Integer, primary_key=True)
     content_id = Column(Integer, ForeignKey('content.id'), nullable=False)
+    # TODO - G.M - 2018-06-177 - [author] Owner should be renamed "author"
     owner_id = Column(Integer, ForeignKey('users.user_id'), nullable=True)
 
     label = Column(Unicode(1024), unique=False, nullable=False)
     parent = relationship("Content", foreign_keys=[parent_id], back_populates="children_revisions")
 
     node = relationship("Content", foreign_keys=[content_id], back_populates="revisions")
+    # TODO - G.M - 2018-06-177 - [author] Owner should be renamed "author"
     owner = relationship('User', remote_side=[User.user_id])
 
     """ List of column copied when make a new revision from another """
             file_extension,
         )
 
-
+# TODO - G.M - 2018-06-177 - [author] Owner should be renamed "author"
 Index('idx__content_revisions__owner_id', ContentRevisionRO.owner_id)
 Index('idx__content_revisions__parent_id', ContentRevisionRO.parent_id)
 
     # QUERY CONTENTS
 
     To query contents you will need to join your content query with ContentRevisionRO. Join
-    condition is available at tracim.lib.content.ContentApi#get_revision_join:
+    condition is available at tracim.lib.content.ContentApi#_get_revision_join:
 
-    content = DBSession.query(Content).join(ContentRevisionRO, ContentApi.get_revision_join())
+    content = DBSession.query(Content).join(ContentRevisionRO, ContentApi._get_revision_join())
                   .filter(Content.label == 'foo')
                   .one()
 
     def revision_id(cls) -> InstrumentedAttribute:
         return ContentRevisionRO.revision_id
 
+    # TODO - G.M - 2018-06-177 - [author] Owner should be renamed "author"
+    # and should be author of first revision.
     @hybrid_property
     def owner_id(self) -> int:
         return self.revision.owner_id
     def node(cls) -> InstrumentedAttribute:
         return ContentRevisionRO.node
 
+    # TODO - G.M - 2018-06-177 - [author] Owner should be renamed "author"
+    # and should be author of first revision.
     @hybrid_property
     def owner(self) -> User:
         return self.revision.owner
             delta_from_datetime = datetime.utcnow()
 
         delta = delta_from_datetime - self.created
-        
+
         if delta.days > 0:
             if delta.days >= 365:
                 aff = '%d year%s ago' % (delta.days/365, 's' if delta.days/365>=2 else '')

tracim/models/workspace_menu_entries.py

   label='Dashboard',
   route='/#/workspaces/{workspace_id}/dashboard',
   hexcolor='#252525',
-  fa_icon="",
+  fa_icon="signal",
 )
 all_content_menu_entry = WorkspaceMenuEntry(
   slug="contents/all",
   label="All Contents",
   route="/#/workspaces/{workspace_id}/contents",
   hexcolor="#fdfdfd",
-  fa_icon="",
+  fa_icon="th",
 )
 
 # TODO - G.M - 08-06-2018 - This is hardcoded default menu entry,

tracim/tests/__init__.py

 from pyramid import testing
 from sqlalchemy.exc import IntegrityError
 
-from tracim.command.database import InitializeDBCommand
 from tracim.lib.core.content import ContentApi
 from tracim.lib.core.workspace import WorkspaceApi
-from tracim.models import get_engine, DeclarativeBase, get_session_factory, \
-    get_tm_session
-from tracim.models.data import Workspace, ContentType
+from tracim.models import get_engine
+from tracim.models import DeclarativeBase
+from tracim.models import get_session_factory
+from tracim.models import get_tm_session
+from tracim.models.data import Workspace
+from tracim.models.data import ContentType
+from tracim.models.data import ContentRevisionRO
 from tracim.models.data import Content
 from tracim.lib.utils.logger import logger
 from tracim.fixtures import FixturesLoader
     # TODO - G.M - 05-04-2018 - Remove this when all old nose code is removed
     assert a == b, msg or "%r != %r" % (a, b)
 
+# TODO - G.M - 2018-06-179 - Refactor slug change function
+#  as a kind of pytest fixture ?
+
+
+def set_html_document_slug_to_legacy(session_factory) -> None:
+    """
+    Simple function to help some functional test. This modify "html-documents"
+    type content in database to legacy "page" slug.
+    :param session_factory: session factory of the test
+    :return: Nothing.
+    """
+    dbsession = get_tm_session(
+        session_factory,
+        transaction.manager
+    )
+    content_query = dbsession.query(ContentRevisionRO).filter(ContentRevisionRO.type == 'page').filter(ContentRevisionRO.content_id == 6)  # nopep8
+    assert content_query.count() == 0
+    html_documents_query = dbsession.query(ContentRevisionRO).filter(ContentRevisionRO.type == 'html-documents')  # nopep8
+    html_documents_query.update({ContentRevisionRO.type: 'page'})
+    transaction.commit()
+    assert content_query.count() > 0
+
 
 class FunctionalTest(unittest.TestCase):
 

tracim/tests/functional/test_comments.py

+# -*- coding: utf-8 -*-
+from tracim.tests import FunctionalTest
+from tracim.fixtures.content import Content as ContentFixtures
+from tracim.fixtures.users_and_groups import Base as BaseFixture
+
+
+class TestCommentsEndpoint(FunctionalTest):
+    """
+    Tests for /api/v2/workspaces/{workspace_id}/contents/{content_id}/comments
+    endpoint
+    """
+
+    fixtures = [BaseFixture, ContentFixtures]
+
+    def test_api__get_contents_comments__ok_200__nominal_case(self) -> None:
+        """
+        Get alls comments of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)   # nopep8
+        assert len(res.json_body) == 3
+        comment = res.json_body[0]
+        assert comment['content_id'] == 18
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>What is for you the best cake ever? </br> I personnally vote for Chocolate cupcake!</p>'  # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 1
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] == None
+        assert comment['author']['public_name'] == 'Global manager'
+
+        comment = res.json_body[1]
+        assert comment['content_id'] == 19
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>What about Apple Pie? There are Awesome!</p>'  # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 3
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] == None
+        assert comment['author']['public_name'] == 'Bob i.'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        comment = res.json_body[2]
+        assert comment['content_id'] == 20
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>You are right, but Kouign-amann are clearly better.</p>'  # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 4
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] == None
+        assert comment['author']['public_name'] == 'John Reader'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+    def test_api__post_content_comment__ok_200__nominal_case(self) -> None:
+        """
+        Get alls comments of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'raw_content': 'I strongly disagree, Tiramisu win!'
+        }
+        res = self.testapp.post_json(
+            '/api/v2/workspaces/2/contents/7/comments',
+            params=params,
+            status=200
+        )
+        comment = res.json_body
+        assert comment['content_id']
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == 'I strongly disagree, Tiramisu win!'
+        assert comment['author']
+        assert comment['author']['user_id'] == 1
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] is None
+        assert comment['author']['public_name'] == 'Global manager'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)  # nopep8
+        assert len(res.json_body) == 4
+        assert comment == res.json_body[3]
+
+    def test_api__delete_content_comment__ok_200__user_is_owner_and_workspace_manager(self) -> None:  # nopep8
+        """
+        delete comment (user is workspace_manager and owner)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 3
+        comment = res.json_body[0]
+        assert comment['content_id'] == 18
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>What is for you the best cake ever? </br> I personnally vote for Chocolate cupcake!</p>'   # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 1
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] is None
+        assert comment['author']['public_name'] == 'Global manager'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        res = self.testapp.delete(
+            '/api/v2/workspaces/2/contents/7/comments/18',
+            status=204
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 2
+        assert not [content for content in res.json_body if content['content_id'] == 18]  # nopep8
+
+    def test_api__delete_content_comment__ok_200__user_is_workspace_manager(self) -> None:  # nopep8
+        """
+        delete comment (user is workspace_manager)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 3
+        comment = res.json_body[1]
+        assert comment['content_id'] == 19
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>What about Apple Pie? There are Awesome!</p>'   # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 3
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] is None
+        assert comment['author']['public_name'] == 'Bob i.'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        res = self.testapp.delete(
+            '/api/v2/workspaces/2/contents/7/comments/19',
+            status=204
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 2
+        assert not [content for content in res.json_body if content['content_id'] == 19]  # nopep8
+
+    def test_api__delete_content_comment__ok_200__user_is_owner_and_content_manager(self) -> None:   # nopep8
+        """
+        delete comment (user is content-manager and owner)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 3
+        comment = res.json_body[1]
+        assert comment['content_id'] == 19
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>What about Apple Pie? There are Awesome!</p>'   # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 3
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] is None
+        assert comment['author']['public_name'] == 'Bob i.'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        res = self.testapp.delete(
+            '/api/v2/workspaces/2/contents/7/comments/19',
+            status=204
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 2
+        assert not [content for content in res.json_body if content['content_id'] == 19]  # nopep8
+
+    def test_api__delete_content_comment__err_403__user_is_content_manager(self) -> None:  # nopep8
+        """
+        delete comment (user is content-manager)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'bob@fsf.local',
+                'foobarbaz'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)  #  nopep8
+        assert len(res.json_body) == 3
+        comment = res.json_body[2]
+        assert comment['content_id'] == 20
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>You are right, but Kouign-amann are clearly better.</p>'   # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 4
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] is None
+        assert comment['author']['public_name'] == 'John Reader'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        res = self.testapp.delete(
+            '/api/v2/workspaces/2/contents/7/comments/20',
+            status=403
+        )
+
+    def test_api__delete_content_comment__err_403__user_is_owner_and_reader(self) -> None:
+        """
+        delete comment (user is reader and owner)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'bob@fsf.local',
+                'foobarbaz'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 3
+        comment = res.json_body[2]
+        assert comment['content_id'] == 20
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>You are right, but Kouign-amann are clearly better.</p>'   # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 4
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] is None
+        assert comment['author']['public_name'] == 'John Reader'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        res = self.testapp.delete(
+            '/api/v2/workspaces/2/contents/7/comments/20',
+            status=403
+        )
+
+    def test_api__delete_content_comment__err_403__user_is_reader(self) -> None:
+        """
+        delete comment (user is reader)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'bob@fsf.local',
+                'foobarbaz'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 3
+        comment = res.json_body[2]
+        assert comment['content_id'] == 20
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>You are right, but Kouign-amann are clearly better.</p>'   # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 4
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] is None
+        assert comment['author']['public_name'] == 'John Reader'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        res = self.testapp.delete(
+            '/api/v2/workspaces/2/contents/7/comments/20',
+            status=403
+        )

tracim/tests/functional/test_contents.py

+# -*- coding: utf-8 -*-
+from tracim.tests import FunctionalTest
+from tracim.tests import set_html_document_slug_to_legacy
+from tracim.fixtures.content import Content as ContentFixtures
+from tracim.fixtures.users_and_groups import Base as BaseFixture
+
+
+class TestHtmlDocuments(FunctionalTest):
+    """
+    Tests for /api/v2/workspaces/{workspace_id}/html-documents/{content_id}
+    endpoint
+    """
+
+    fixtures = [BaseFixture, ContentFixtures]
+
+    def test_api__get_html_document__err_400__wrong_content_type(self) -> None:
+        """
+        Get one html document of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/html-documents/7',
+            status=400
+        )   # nopep8
+
+    def test_api__get_html_document__ok_200__legacy_slug(self) -> None:
+        """
+        Get one html document of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        set_html_document_slug_to_legacy(self.session_factory)
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/html-documents/6',
+            status=200
+        )   # nopep8
+        content = res.json_body
+        assert content['content_type'] == 'html-documents'
+        assert content['content_id'] == 6
+        assert content['is_archived'] is False
+        assert content['is_deleted'] is False
+        assert content['label'] == 'Tiramisu Recipe'
+        assert content['parent_id'] == 3
+        assert content['show_in_ui'] is True
+        assert content['slug'] == 'tiramisu-recipe'
+        assert content['status'] == 'open'
+        assert content['workspace_id'] == 2
+        assert content['current_revision_id'] == 27
+        # TODO - G.M - 2018-06-173 - check date format
+        assert content['created']
+        assert content['author']
+        assert content['author']['user_id'] == 1
+        assert content['author']['avatar_url'] is None
+        assert content['author']['public_name'] == 'Global manager'
+        # TODO - G.M - 2018-06-173 - check date format
+        assert content['modified']
+        assert content['last_modifier'] != content['author']
+        assert content['last_modifier']['user_id'] == 3
+        assert content['last_modifier']['public_name'] == 'Bob i.'
+        assert content['last_modifier']['avatar_url'] is None
+        assert content['raw_content'] == '<p>To cook a great Tiramisu, you need many ingredients.</p>'  # nopep8
+
+    def test_api__get_html_document__ok_200__nominal_case(self) -> None:
+        """
+        Get one html document of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/html-documents/6',
+            status=200
+        )   # nopep8
+        content = res.json_body
+        assert content['content_type'] == 'html-documents'
+        assert content['content_id'] == 6
+        assert content['is_archived'] is False
+        assert content['is_deleted'] is False
+        assert content['label'] == 'Tiramisu Recipe'
+        assert content['parent_id'] == 3
+        assert content['show_in_ui'] is True
+        assert content['slug'] == 'tiramisu-recipe'
+        assert content['status'] == 'open'
+        assert content['workspace_id'] == 2
+        assert content['current_revision_id'] == 27
+        # TODO - G.M - 2018-06-173 - check date format
+        assert content['created']
+        assert content['author']
+        assert content['author']['user_id'] == 1
+        assert content['author']['avatar_url'] is None
+        assert content['author']['public_name'] == 'Global manager'
+        # TODO - G.M - 2018-06-173 - check date format
+        assert content['modified']
+        assert content['last_modifier'] != content['author']
+        assert content['last_modifier']['user_id'] == 3
+        assert content['last_modifier']['public_name'] == 'Bob i.'
+        assert content['last_modifier']['avatar_url'] is None
+        assert content['raw_content'] == '<p>To cook a great Tiramisu, you need many ingredients.</p>'  # nopep8
+
+    def test_api__update_html_document__ok_200__nominal_case(self) -> None:
+        """
+        Update(put) one html document of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'label': 'My New label',
+            'raw_content': '<p> Le nouveau contenu </p>',
+        }
+        res = self.testapp.put_json(
+            '/api/v2/workspaces/2/html-documents/6',
+            params=params,
+            status=200
+        )
+        content = res.json_body
+        assert content['content_type'] == 'html-documents'
+        assert content['content_id'] == 6
+        assert content['is_archived'] is False
+        assert content['is_deleted'] is False
+        assert content['label'] == 'My New label'
+        assert content['parent_id'] == 3
+        assert content['show_in_ui'] is True
+        assert content['slug'] == 'my-new-label'
+        assert content['status'] == 'open'
+        assert content['workspace_id'] == 2
+        assert content['current_revision_id'] == 28
+        # TODO - G.M - 2018-06-173 - check date format
+        assert content['created']
+        assert content['author']
+        assert content['author']['user_id'] == 1
+        assert content['author']['avatar_url'] is None
+        assert content['author']['public_name'] == 'Global manager'
+        # TODO - G.M - 2018-06-173 - check date format
+        assert content['modified']
+        assert content['last_modifier'] == content['author']
+        assert content['raw_content'] == '<p> Le nouveau contenu </p>'
+
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/html-documents/6',
+            status=200
+        )   # nopep8
+        content = res.json_body
+        assert content['content_type'] == 'html-documents'
+        assert content['content_id'] == 6
+        assert content['is_archived'] is False
+        assert content['is_deleted'] is False
+        assert content['label'] == 'My New label'
+        assert content['parent_id'] == 3
+        assert content['show_in_ui'] is True
+        assert content['slug'] == 'my-new-label'
+        assert content['status'] == 'open'
+        assert content['workspace_id'] == 2
+        assert content['current_revision_id'] == 28
+        # TODO - G.M - 2018-06-173 - check date format
+        assert content['created']
+        assert content['author']
+        assert content['author']['user_id'] == 1
+        assert content['author']['avatar_url'] is None
+        assert content['author']['public_name'] == 'Global manager'
+        # TODO - G.M - 2018-06-173 - check date format
+        assert content['modified']
+        assert content['last_modifier'] == content['author']
+        assert content['raw_content'] == '<p> Le nouveau contenu </p>'
+
+    def test_api__get_html_document_revisions__ok_200__nominal_case(
+            self
+    ) -> None:
+        """
+        Get one html document of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/html-documents/6/revisions',
+            status=200
+        )
+        revisions = res.json_body
+        assert len(revisions) == 3
+        revision = revisions[0]
+        assert revision['content_type'] == 'html-documents'
+        assert revision['content_id'] == 6
+        assert revision['is_archived'] is False
+        assert revision['is_deleted'] is False
+        assert revision['label'] == 'Tiramisu Recipes!!!'
+        assert revision['parent_id'] == 3
+        assert revision['show_in_ui'] is True
+        assert revision['slug'] == 'tiramisu-recipes'
+        assert revision['status'] == 'open'
+        assert revision['workspace_id'] == 2
+        assert revision['revision_id'] == 6
+        assert revision['sub_content_types']
+        # TODO - G.M - 2018-06-173 - Test with real comments
+        assert revision['comment_ids'] == []
+        # TODO - G.M - 2018-06-173 - check date format
+        assert revision['created']
+        assert revision['author']
+        assert revision['author']['user_id'] == 1
+        assert revision['author']['avatar_url'] is None
+        assert revision['author']['public_name'] == 'Global manager'
+        revision = revisions[1]
+        assert revision['content_type'] == 'html-documents'
+        assert revision['content_id'] == 6
+        assert revision['is_archived'] is False
+        assert revision['is_deleted'] is False
+        assert revision['label'] == 'Tiramisu Recipes!!!'
+        assert revision['parent_id'] == 3
+        assert revision['show_in_ui'] is True
+        assert revision['slug'] == 'tiramisu-recipes'
+        assert revision['status'] == 'open'
+        assert revision['workspace_id'] == 2
+        assert revision['revision_id'] == 7
+        assert revision['sub_content_types']
+        # TODO - G.M - 2018-06-173 - Test with real comments
+        assert revision['comment_ids'] == []
+        # TODO - G.M - 2018-06-173 - check date format
+        assert revision['created']
+        assert revision['author']
+        assert revision['author']['user_id'] == 1
+        assert revision['author']['avatar_url'] is None
+        assert revision['author']['public_name'] == 'Global manager'
+        revision = revisions[2]
+        assert revision['content_type'] == 'html-documents'
+        assert revision['content_id'] == 6
+        assert revision['is_archived'] is False
+        assert revision['is_deleted'] is False
+        assert revision['label'] == 'Tiramisu Recipe'
+        assert revision['parent_id'] == 3
+        assert revision['show_in_ui'] is True
+        assert revision['slug'] == 'tiramisu-recipe'
+        assert revision['status'] == 'open'
+        assert revision['workspace_id'] == 2
+        assert revision['revision_id'] == 27
+        assert revision['sub_content_types']
+        # TODO - G.M - 2018-06-173 - Test with real comments
+        assert revision['comment_ids'] == []
+        # TODO - G.M - 2018-06-173 - check date format
+        assert revision['created']
+        assert revision['author']
+        assert revision['author']['user_id'] == 3
+        assert revision['author']['avatar_url'] is None
+        assert revision['author']['public_name'] == 'Bob i.'
+
+    def test_api__set_html_document_status__ok_200__nominal_case(self) -> None:
+        """
+        Get one html document of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'status': 'closed-deprecated',
+        }
+
+        # before
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/html-documents/6',
+            status=200
+        )   # nopep8
+        content = res.json_body
+        assert content['content_type'] == 'html-documents'
+        assert content['content_id'] == 6
+        assert content['status'] == 'open'
+
+        # set status
+        res = self.testapp.put_json(
+            '/api/v2/workspaces/2/html-documents/6/status',
+            params=params,
+            status=204
+        )
+
+        # after
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/html-documents/6',
+            status=200
+        )   # nopep8
+        content = res.json_body
+        assert content['content_type'] == 'html-documents'
+        assert content['content_id'] == 6
+        assert content['status'] == 'closed-deprecated'
+
+
+class TestThreads(FunctionalTest):
+    """
+    Tests for /api/v2/workspaces/{workspace_id}/threads/{content_id}
+    endpoint
+    """
+
+    fixtures = [BaseFixture, ContentFixtures]
+
+    def test_api__get_thread__err_400__wrong_content_type(self) -> None:
+        """
+        Get one html document of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/threads/6',
+            status=400
+        )   # nopep8
+
+    def test_api__get_thread__ok_200__nominal_case(self) -> None:
+        """
+        Get one html document of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/threads/7',
+            status=200
+        )   # nopep8
+        content = res.json_body
+        assert content['content_type'] == 'thread'
+        assert content['content_id'] == 7
+        assert content['is_archived'] is False
+        assert content['is_deleted'] is False
+        assert content['label'] == 'Best Cakes?'
+        assert content['parent_id'] == 3
+        assert content['show_in_ui'] is True
+        assert content['slug'] == 'best-cakes'
+        assert content['status'] == 'open'
+        assert content['workspace_id'] == 2
+        assert content['current_revision_id'] == 26
+        # TODO - G.M - 2018-06-173 - check date format
+        assert content['created']
+        assert content['author']
+        assert content['author']['user_id'] == 1
+        assert content['author']['avatar_url'] is None
+        assert content['author']['public_name'] == 'Global manager'
+        # TODO - G.M - 2018-06-173 - check date format
+        assert content['modified']
+        assert content['last_modifier'] != content['author']
+        assert content['last_modifier']['user_id'] == 3
+        assert content['last_modifier']['public_name'] == 'Bob i.'
+        assert content['last_modifier']['avatar_url'] is None
+        assert content['raw_content'] == 'What is the best cake?'  # nopep8
+
+    def test_api__update_thread__ok_200__nominal_case(self) -> None:
+        """
+        Update(put) one html document of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'label': 'My New label',
+            'raw_content': '<p> Le nouveau contenu </p>',
+        }
+        res = self.testapp.put_json(
+            '/api/v2/workspaces/2/threads/7',
+            params=params,
+            status=200
+        )
+        content = res.json_body
+        assert content['content_type'] == 'thread'
+        assert content['content_id'] == 7
+        assert content['is_archived'] is False
+        assert content['is_deleted'] is False
+        assert content['label'] == 'My New label'
+        assert content['parent_id'] == 3
+        assert content['show_in_ui'] is True
+        assert content['slug'] == 'my-new-label'
+        assert content['status'] == 'open'
+        assert content['workspace_id'] == 2
+        assert content['current_revision_id'] == 28
+        # TODO - G.M - 2018-06-173 - check date format
+        assert content['created']
+        assert content['author']
+        assert content['author']['user_id'] == 1
+        assert content['author']['avatar_url'] is None
+        assert content['author']['public_name'] == 'Global manager'
+        # TODO - G.M - 2018-06-173 - check date format
+        assert content['modified']
+        assert content['last_modifier'] == content['author']
+        assert content['raw_content'] == '<p> Le nouveau contenu </p>'
+
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/threads/7',
+            status=200
+        )   # nopep8
+        content = res.json_body
+        assert content['content_type'] == 'thread'
+        assert content['content_id'] == 7
+        assert content['is_archived'] is False
+        assert content['is_deleted'] is False
+        assert content['label'] == 'My New label'
+        assert content['parent_id'] == 3
+        assert content['show_in_ui'] is True
+        assert content['slug'] == 'my-new-label'
+        assert content['status'] == 'open'
+        assert content['workspace_id'] == 2
+        assert content['current_revision_id'] == 28
+        # TODO - G.M - 2018-06-173 - check date format
+        assert content['created']
+        assert content['author']
+        assert content['author']['user_id'] == 1
+        assert content['author']['avatar_url'] is None
+        assert content['author']['public_name'] == 'Global manager'
+        # TODO - G.M - 2018-06-173 - check date format
+        assert content['modified']
+        assert content['last_modifier'] == content['author']
+        assert content['raw_content'] == '<p> Le nouveau contenu </p>'
+
+    def test_api__get_thread_revisions__ok_200__nominal_case(
+            self
+    ) -> None:
+        """
+        Get one html document of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/threads/7/revisions',
+            status=200
+        )
+        revisions = res.json_body
+        assert len(revisions) == 2
+        revision = revisions[0]
+        assert revision['content_type'] == 'thread'
+        assert revision['content_id'] == 7
+        assert revision['is_archived'] is False
+        assert revision['is_deleted'] is False
+        assert revision['label'] == 'Best Cake'
+        assert revision['parent_id'] == 3
+        assert revision['show_in_ui'] is True
+        assert revision['slug'] == 'best-cake'
+        assert revision['status'] == 'open'
+        assert revision['workspace_id'] == 2
+        assert revision['revision_id'] == 8
+        assert revision['sub_content_types']
+        assert revision['comment_ids'] == [18, 19, 20]
+        # TODO - G.M - 2018-06-173 - check date format
+        assert revision['created']
+        assert revision['author']
+        assert revision['author']['user_id'] == 1
+        assert revision['author']['avatar_url'] is None
+        assert revision['author']['public_name'] == 'Global manager'
+        revision = revisions[1]
+        assert revision['content_type'] == 'thread'
+        assert revision['content_id'] == 7
+        assert revision['is_archived'] is False
+        assert revision['is_deleted'] is False
+        assert revision['label'] == 'Best Cakes?'
+        assert revision['parent_id'] == 3
+        assert revision['show_in_ui'] is True
+        assert revision['slug'] == 'best-cakes'
+        assert revision['status'] == 'open'
+        assert revision['workspace_id'] == 2
+        assert revision['revision_id'] == 26
+        assert revision['sub_content_types']
+        assert revision['comment_ids'] == []
+        # TODO - G.M - 2018-06-173 - check date format
+        assert revision['created']
+        assert revision['author']
+        assert revision['author']['user_id'] == 3
+        assert revision['author']['avatar_url'] is None
+        assert revision['author']['public_name'] == 'Bob i.'
+
+    def test_api__set_thread_status__ok_200__nominal_case(self) -> None:
+        """
+        Get one html document of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'status': 'closed-deprecated',
+        }
+
+        # before
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/threads/7',
+            status=200
+        )   # nopep8
+        content = res.json_body
+        assert content['content_type'] == 'thread'
+        assert content['content_id'] == 7
+        assert content['status'] == 'open'
+
+        # set status
+        res = self.testapp.put_json(
+            '/api/v2/workspaces/2/threads/7/status',
+            params=params,
+            status=204
+        )
+
+        # after
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/threads/7',
+            status=200
+        )   # nopep8
+        content = res.json_body
+        assert content['content_type'] == 'thread'
+        assert content['content_id'] == 7
+        assert content['status'] == 'closed-deprecated'

tracim/tests/functional/test_mail_notification.py

         assert headers['From'][0] == '"Bob i. via Tracim" <test_user_from+3@localhost>'  # nopep8
         assert headers['To'][0] == 'Global manager <admin@admin.admin>'
         assert headers['Subject'][0] == '[TRACIM] [Recipes] file1 (Open)'
-        assert headers['References'][0] == 'test_user_refs+19@localhost'
-        assert headers['Reply-to'][0] == '"Bob i. & all members of Recipes" <test_user_reply+19@localhost>'  # nopep8
+        assert headers['References'][0] == 'test_user_refs+22@localhost'
+        assert headers['Reply-to'][0] == '"Bob i. & all members of Recipes" <test_user_reply+22@localhost>'  # nopep8
 
 
 class TestNotificationsAsync(MailHogTest):
         assert headers['From'][0] == '"Bob i. via Tracim" <test_user_from+3@localhost>'  # nopep8
         assert headers['To'][0] == 'Global manager <admin@admin.admin>'
         assert headers['Subject'][0] == '[TRACIM] [Recipes] file1 (Open)'
-        assert headers['References'][0] == 'test_user_refs+19@localhost'
-        assert headers['Reply-to'][0] == '"Bob i. & all members of Recipes" <test_user_reply+19@localhost>'  # nopep8
+        assert headers['References'][0] == 'test_user_refs+22@localhost'
+        assert headers['Reply-to'][0] == '"Bob i. & all members of Recipes" <test_user_reply+22@localhost>'  # nopep8

tracim/tests/functional/test_session.py

         assert res.json_body['caldav_url'] is None
         assert res.json_body['avatar_url'] is None
 
-    def test_api__try_login_enpoint__err_400__bad_password(self):
+    def test_api__try_login_enpoint__err_403__bad_password(self):
         params = {
             'email': 'admin@admin.admin',
             'password': 'bad_password',
         }
         res = self.testapp.post_json(
             '/api/v2/sessions/login',
-            status=400,
+            status=403,
             params=params,
         )
         assert isinstance(res.json, dict)
         assert 'message' in res.json.keys()
         assert 'details' in res.json.keys()
 
-    def test_api__try_login_enpoint__err_400__unregistered_user(self):
+    def test_api__try_login_enpoint__err_403__unregistered_user(self):
         params = {
             'email': 'unknown_user@unknown.unknown',
             'password': 'bad_password',
         }
         res = self.testapp.post_json(
             '/api/v2/sessions/login',
-            status=400,
+            status=403,
             params=params,
         )
         assert isinstance(res.json, dict)

tracim/tests/functional/test_system.py

         res = res.json_body
         application = res[0]
         assert application['label'] == "Text Documents"
-        assert application['slug'] == 'contents/htmlpage'
+        assert application['slug'] == 'contents/html-documents'
         assert application['fa_icon'] == 'file-text-o'
         assert application['hexcolor'] == '#3f52e3'
         assert application['is_active'] is True
         application = res[1]
         assert application['label'] == "Markdown Plus Documents"
         assert application['slug'] == 'contents/markdownpluspage'
-        assert application['fa_icon'] == 'file-code'
+        assert application['fa_icon'] == 'file-code-o'
         assert application['hexcolor'] == '#f12d2d'
         assert application['is_active'] is True
         assert 'config' in application
         application = res[4]
         assert application['label'] == "Calendar"
         assert application['slug'] == 'calendar'
-        assert application['fa_icon'] == 'calendar-alt'
+        assert application['fa_icon'] == 'calendar'
         assert application['hexcolor'] == '#757575'
         assert application['is_active'] is True
         assert 'config' in application
 
         content_type = res[2]
         assert content_type['slug'] == 'markdownpage'
-        assert content_type['fa_icon'] == 'file-code'
+        assert content_type['fa_icon'] == 'file-code-o'
         assert content_type['hexcolor'] == '#f12d2d'
         assert content_type['label'] == 'Rich Markdown File'
         assert content_type['creation_label'] == 'Create a Markdown document'
         assert len(content_type['available_statuses']) == 4
 
         content_type = res[3]
-        assert content_type['slug'] == 'page'
+        assert content_type['slug'] == 'html-documents'
         assert content_type['fa_icon'] == 'file-text-o'
         assert content_type['hexcolor'] == '#3f52e3'
         assert content_type['label'] == 'Text Document'

tracim/tests/functional/test_user.py

         assert sidebar_entry['label'] == 'Dashboard'
         assert sidebar_entry['route'] == '/#/workspaces/1/dashboard'  # nopep8
         assert sidebar_entry['hexcolor'] == "#252525"
-        assert sidebar_entry['fa_icon'] == ""
+        assert sidebar_entry['fa_icon'] == "signal"
 
         sidebar_entry = workspace['sidebar_entries'][1]
         assert sidebar_entry['slug'] == 'contents/all'
         assert sidebar_entry['label'] == 'All Contents'
         assert sidebar_entry['route'] == "/#/workspaces/1/contents"  # nopep8
         assert sidebar_entry['hexcolor'] == "#fdfdfd"
-        assert sidebar_entry['fa_icon'] == ""
+        assert sidebar_entry['fa_icon'] == "th"
 
         sidebar_entry = workspace['sidebar_entries'][2]
-        assert sidebar_entry['slug'] == 'contents/htmlpage'
+        assert sidebar_entry['slug'] == 'contents/html-documents'
         assert sidebar_entry['label'] == 'Text Documents'
-        assert sidebar_entry['route'] == '/#/workspaces/1/contents?type=htmlpage'  # nopep8
+        assert sidebar_entry['route'] == '/#/workspaces/1/contents?type=html-documents'  # nopep8
         assert sidebar_entry['hexcolor'] == "#3f52e3"
         assert sidebar_entry['fa_icon'] == "file-text-o"
 
         assert sidebar_entry['label'] == 'Markdown Plus Documents'
         assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=markdownpluspage"    # nopep8
         assert sidebar_entry['hexcolor'] == "#f12d2d"
-        assert sidebar_entry['fa_icon'] == "file-code"
+        assert sidebar_entry['fa_icon'] == "file-code-o"
 
         sidebar_entry = workspace['sidebar_entries'][4]
         assert sidebar_entry['slug'] == 'contents/files'
         assert sidebar_entry['label'] == 'Calendar'
         assert sidebar_entry['route'] == "/#/workspaces/1/calendar"  # nopep8
         assert sidebar_entry['hexcolor'] == "#757575"
-        assert sidebar_entry['fa_icon'] == "calendar-alt"
+        assert sidebar_entry['fa_icon'] == "calendar"
 
     def test_api__get_user_workspaces__err_403__unallowed_user(self):
         """

tracim/tests/functional/test_workspaces.py

 Tests for /api/v2/workspaces subpath endpoints.
 """
 from tracim.tests import FunctionalTest
+from tracim.tests import set_html_document_slug_to_legacy
 from tracim.fixtures.content import Content as ContentFixtures
 from tracim.fixtures.users_and_groups import Base as BaseFixture
 
         assert sidebar_entry['label'] == 'Dashboard'
         assert sidebar_entry['route'] == '/#/workspaces/1/dashboard'  # nopep8
         assert sidebar_entry['hexcolor'] == "#252525"
-        assert sidebar_entry['fa_icon'] == ""
+        assert sidebar_entry['fa_icon'] == "signal"
 
         sidebar_entry = workspace['sidebar_entries'][1]
         assert sidebar_entry['slug'] == 'contents/all'
         assert sidebar_entry['label'] == 'All Contents'
         assert sidebar_entry['route'] == "/#/workspaces/1/contents"  # nopep8
         assert sidebar_entry['hexcolor'] == "#fdfdfd"
-        assert sidebar_entry['fa_icon'] == ""
+        assert sidebar_entry['fa_icon'] == "th"
 
         sidebar_entry = workspace['sidebar_entries'][2]
-        assert sidebar_entry['slug'] == 'contents/htmlpage'
+        assert sidebar_entry['slug'] == 'contents/html-documents'
         assert sidebar_entry['label'] == 'Text Documents'
-        assert sidebar_entry['route'] == '/#/workspaces/1/contents?type=htmlpage'  # nopep8
+        assert sidebar_entry['route'] == '/#/workspaces/1/contents?type=html-documents'  # nopep8
         assert sidebar_entry['hexcolor'] == "#3f52e3"
         assert sidebar_entry['fa_icon'] == "file-text-o"
 
         assert sidebar_entry['label'] == 'Markdown Plus Documents'
         assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=markdownpluspage"    # nopep8
         assert sidebar_entry['hexcolor'] == "#f12d2d"
-        assert sidebar_entry['fa_icon'] == "file-code"
+        assert sidebar_entry['fa_icon'] == "file-code-o"
 
         sidebar_entry = workspace['sidebar_entries'][4]
         assert sidebar_entry['slug'] == 'contents/files'
         assert sidebar_entry['label'] == 'Calendar'
         assert sidebar_entry['route'] == "/#/workspaces/1/calendar"  # nopep8
         assert sidebar_entry['hexcolor'] == "#757575"
-        assert sidebar_entry['fa_icon'] == "calendar-alt"
+        assert sidebar_entry['fa_icon'] == "calendar"
 
     def test_api__get_workspace__err_403__unallowed_user(self) -> None:
         """
         assert content['show_in_ui'] is True
         assert content['slug'] == 'tools'
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 1
         content = res[1]
         assert content['content_id'] == 2
         assert content['show_in_ui'] is True
         assert content['slug'] == 'menus'
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 1
         content = res[2]
         assert content['content_id'] == 11
         assert content['show_in_ui'] is True
         assert content['slug'] == 'current-menu'
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 1
 
     # Root related
+    def test_api__get_workspace_content__ok_200__get_all_root_content__legacy_html_slug(self):
+        """
+        Check obtain workspace all root contents
+        """
+        set_html_document_slug_to_legacy(self.session_factory)
+        params = {
+            'parent_id': 0,
+            'show_archived': 1,
+            'show_deleted': 1,
+            'show_active': 1,
+        }
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'bob@fsf.local',
+                'foobarbaz'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/3/contents',
+            status=200,
+            params=params,
+        ).json_body  # nopep8
+        # TODO - G.M - 30-05-2018 - Check this test
+        assert len(res) == 4
+        content = res[1]
+        assert content['content_type'] == 'html-documents'
+        assert content['content_id'] == 15
+        assert content['is_archived'] is False
+        assert content['is_deleted'] is False
+        assert content['label'] == 'New Fruit Salad'
+        assert content['parent_id'] is None
+        assert content['show_in_ui'] is True
+        assert content['slug'] == 'new-fruit-salad'
+        assert content['status'] == 'open'
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
+        assert content['workspace_id'] == 3
+
+        content = res[2]
+        assert content['content_type'] == 'html-documents'
+        assert content['content_id'] == 16
+        assert content['is_archived'] is True
+        assert content['is_deleted'] is False
+        assert content['label'].startswith('Fruit Salad')
+        assert content['parent_id'] is None
+        assert content['show_in_ui'] is True
+        assert content['slug'].startswith('fruit-salad')
+        assert content['status'] == 'open'
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
+        assert content['workspace_id'] == 3
+
+        content = res[3]
+        assert content['content_type'] == 'html-documents'
+        assert content['content_id'] == 17
+        assert content['is_archived'] is False
+        assert content['is_deleted'] is True
+        assert content['label'].startswith('Bad Fruit Salad')
+        assert content['parent_id'] is None
+        assert content['show_in_ui'] is True
+        assert content['slug'].startswith('bad-fruit-salad')
+        assert content['status'] == 'open'
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
+        assert content['workspace_id'] == 3
 
     def test_api__get_workspace_content__ok_200__get_all_root_content(self):
         """
         # TODO - G.M - 30-05-2018 - Check this test
         assert len(res) == 4
         content = res[1]
-        assert content['content_type'] == 'page'
+        assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 15
         assert content['is_archived'] is False
         assert content['is_deleted'] is False
         assert content['show_in_ui'] is True
         assert content['slug'] == 'new-fruit-salad'
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 3
 
         content = res[2]
-        assert content['content_type'] == 'page'
+        assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 16
         assert content['is_archived'] is True
         assert content['is_deleted'] is False
         assert content['show_in_ui'] is True
         assert content['slug'].startswith('fruit-salad')
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 3
 
         content = res[3]
-        assert content['content_type'] == 'page'
+        assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 17
         assert content['is_archived'] is False
         assert content['is_deleted'] is True
         assert content['show_in_ui'] is True
         assert content['slug'].startswith('bad-fruit-salad')
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 3
 
     def test_api__get_workspace_content__ok_200__get_only_active_root_content(self):  # nopep8
         # TODO - G.M - 30-05-2018 - Check this test
         assert len(res) == 2
         content = res[1]
-        assert content['content_type'] == 'page'
+        assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 15
         assert content['is_archived'] is False
         assert content['is_deleted'] is False
         assert content['show_in_ui'] is True
         assert content['slug'] == 'new-fruit-salad'
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 3
 
     def test_api__get_workspace_content__ok_200__get_only_archived_root_content(self):  # nopep8
         ).json_body   # nopep8
         assert len(res) == 1
         content = res[0]
-        assert content['content_type'] == 'page'
+        assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 16
         assert content['is_archived'] is True
         assert content['is_deleted'] is False
         assert content['show_in_ui'] is True
         assert content['slug'].startswith('fruit-salad')
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 3
 
     def test_api__get_workspace_content__ok_200__get_only_deleted_root_content(self):  # nopep8
 
         assert len(res) == 1
         content = res[0]
-        assert content['content_type'] == 'page'
+        assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 17
         assert content['is_archived'] is False
         assert content['is_deleted'] is True
         assert content['show_in_ui'] is True
         assert content['slug'].startswith('bad-fruit-salad')
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 3
 
     def test_api__get_workspace_content__ok_200__get_nothing_root_content(self):
         ).json_body   # nopep8
         assert len(res) == 3
         content = res[0]
-        assert content['content_type'] == 'page'
+        assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 12
         assert content['is_archived'] is False
         assert content['is_deleted'] is False
         assert content['show_in_ui'] is True
         assert content['slug'] == 'new-fruit-salad'
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 2
 
         content = res[1]
-        assert content['content_type'] == 'page'
+        assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 13
         assert content['is_archived'] is True
         assert content['is_deleted'] is False
         assert content['show_in_ui'] is True
         assert content['slug'].startswith('fruit-salad')
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 2
 
         content = res[2]
-        assert content['content_type'] == 'page'
+        assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 14
         assert content['is_archived'] is False
         assert content['is_deleted'] is True
         assert content['show_in_ui'] is True
         assert content['slug'].startswith('bad-fruit-salad')
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 2
 
     def test_api__get_workspace_content__ok_200__get_only_active_folder_content(self):  # nopep8
         assert content['show_in_ui'] is True
         assert content['slug'] == 'new-fruit-salad'
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 2
 
     def test_api__get_workspace_content__ok_200__get_only_archived_folder_content(self):  # nopep8
         ).json_body   # nopep8
         assert len(res) == 1
         content = res[0]
-        assert content['content_type'] == 'page'
+        assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 13
         assert content['is_archived'] is True
         assert content['is_deleted'] is False
         assert content['show_in_ui'] is True
         assert content['slug'].startswith('fruit-salad')
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 2
 
     def test_api__get_workspace_content__ok_200__get_only_deleted_folder_content(self):  # nopep8
 
         assert len(res) == 1
         content = res[0]
-        assert content['content_type'] == 'page'
+        assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 14
         assert content['is_archived'] is False
         assert content['is_deleted'] is True
         assert content['show_in_ui'] is True
         assert content['slug'].startswith('bad-fruit-salad')
         assert content['status'] == 'open'
-        assert set(content['sub_content_types']) == {'thread', 'page', 'folder', 'file'}  # nopep8
+        assert set(content['sub_content_types']) == {'thread', 'html-documents', 'folder', 'file'}  # nopep8
         assert content['workspace_id'] == 2
 
     def test_api__get_workspace_content__ok_200__get_nothing_folder_content(self):  # nopep8

tracim/tests/library/test_content_api.py

             tm=transaction.manager,
             content=p2,
         ):
-            p2.description = 'What\'s up ?'
+            p2.description = 'What\'s up?'
 
         api.save(p1)
         api.save(p2)
         eq_(2, self.session.query(ContentRevisionRO).filter(ContentRevisionRO.label == 'this is dummy label content').count())
         eq_(1, self.session.query(ContentRevisionRO).filter(ContentRevisionRO.description == 'This is some amazing test').count())
         eq_(2, self.session.query(ContentRevisionRO).filter(ContentRevisionRO.label == 'Hey ! Jon !').count())
-        eq_(1, self.session.query(ContentRevisionRO).filter(ContentRevisionRO.description == 'What\'s up ?').count())
+        eq_(1, self.session.query(ContentRevisionRO).filter(ContentRevisionRO.description == 'What\'s up?').count())
 
         res = api.search(['dummy', 'jon'])
         eq_(2, len(res.all()))

tracim/tests/library/test_webdav.py

                 content_names,
         )
 
-        assert 'Best Cakes ʔ.html' in content_names,\
-            'Best Cakes ʔ.html should be in names ({0})'.format(
+        assert 'Best Cakesʔ.html' in content_names,\
+            'Best Cakesʔ.html should be in names ({0})'.format(
                 content_names,
         )
         assert 'Apple_Pie.txt' in content_names,\
         eq_(
             True,
             content_pie.is_deleted,
-            msg='Content should be deleted !'
+            msg='Content should be deleted!'
         )
 
         result = provider.getResourceInst(
         eq_(
             False,
             content_new_file.is_deleted,
-            msg='Content should not be deleted !'
+            msg='Content should not be deleted!'
         )
         content_new_file_id = content_new_file.content_id
 
         eq_(
             True,
             content_pie.is_deleted,
-            msg='Content should be deleted !'
+            msg='Content should be deleted!'
         )
 
         result = provider.getResourceInst(
         eq_(
             True,
             content_pie.is_deleted,
-            msg='Content should be deleted !'
+            msg='Content should be deleted!'
         )
 
         # And an other file exist for this name
             .order_by(Content.revision_id.desc()) \
             .first()
         assert content_new_new_file.content_id != content_new_file_id,\
-            'Contents ids should not be same !'
+            'Contents ids should not be same!'
 
         eq_(
             False,
             content_new_new_file.is_deleted,
-            msg='Content should not be deleted !'
+            msg='Content should not be deleted!'
         )
 
     def test_unit__rename_content__ok(self):

tracim/views/contents_api/comment_controller.py

+# coding=utf-8
+import transaction
+from pyramid.config import Configurator
+
+try:  # Python 3.5+
+    from http import HTTPStatus
+except ImportError:
+    from http import client as HTTPStatus
+
+from tracim import TracimRequest
+from tracim.extensions import hapic
+from tracim.lib.core.content import ContentApi
+from tracim.lib.core.workspace import WorkspaceApi
+from tracim.lib.utils.authorization import require_workspace_role
+from tracim.lib.utils.authorization import require_comment_ownership_or_role
+from tracim.views.controllers import Controller
+from tracim.views.core_api.schemas import CommentSchema
+from tracim.views.core_api.schemas import CommentsPathSchema
+from tracim.views.core_api.schemas import SetCommentSchema
+from tracim.views.core_api.schemas import WorkspaceAndContentIdPathSchema
+from tracim.views.core_api.schemas import NoContentSchema
+from tracim.exceptions import WorkspaceNotFound
+from tracim.exceptions import InsufficientUserRoleInWorkspace
+from tracim.exceptions import NotAuthenticated
+from tracim.exceptions import AuthenticationFailed
+from tracim.models.contents import ContentTypeLegacy as ContentType
+from tracim.models.revision_protection import new_revision
+from tracim.models.data import UserRoleInWorkspace
+
+COMMENT_ENDPOINTS_TAG = 'Comments'
+
+
+class CommentController(Controller):
+
+    @hapic.with_api_doc(tags=[COMMENT_ENDPOINTS_TAG])
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.output_body(CommentSchema(many=True),)
+    def content_comments(self, context, request: TracimRequest, hapic_data=None):
+        """
+        Get all comments related to a content in asc order (first is the oldest)
+        """
+
+        # login = hapic_data.body
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        comments = content.get_comments()
+        comments.sort(key=lambda comment: comment.created)
+        return [api.get_content_in_context(comment)
+                for comment in comments
+        ]
+
+    @hapic.with_api_doc(tags=[COMMENT_ENDPOINTS_TAG])
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.input_body(SetCommentSchema())
+    @hapic.output_body(CommentSchema(),)
+    def add_comment(self, context, request: TracimRequest, hapic_data=None):
+        """
+        Add new comment
+        """
+        # login = hapic_data.body
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        comment = api.create_comment(
+            content.workspace,
+            content,
+            hapic_data.body.raw_content,
+            do_save=True,
+        )
+        return api.get_content_in_context(comment)
+
+    @hapic.with_api_doc(tags=[COMMENT_ENDPOINTS_TAG])
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    @require_comment_ownership_or_role(
+        minimal_required_role_for_anyone=UserRoleInWorkspace.WORKSPACE_MANAGER,
+        minimal_required_role_for_owner=UserRoleInWorkspace.CONTRIBUTOR,
+    )
+    @hapic.input_path(CommentsPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def delete_comment(self, context, request: TracimRequest, hapic_data=None):
+        """
+        Delete comment
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        wapi = WorkspaceApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        workspace = wapi.get_one(hapic_data.path.workspace_id)
+        parent = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any,
+            workspace=workspace
+        )
+        comment = api.get_one(
+            hapic_data.path.comment_id,
+            content_type=ContentType.Comment,
+            workspace=workspace,
+            parent=parent,
+        )
+        with new_revision(
+                session=request.dbsession,
+                tm=transaction.manager,
+                content=comment
+        ):
+            api.delete(comment)
+        return
+
+    def bind(self, configurator: Configurator):
+        # Get comments
+        configurator.add_route(
+            'content_comments',
+            '/workspaces/{workspace_id}/contents/{content_id}/comments',
+            request_method='GET'
+        )
+        configurator.add_view(self.content_comments, route_name='content_comments')
+
+        # Add comments
+        configurator.add_route(
+            'add_comment',
+            '/workspaces/{workspace_id}/contents/{content_id}/comments',
+            request_method='POST'
+        )  # nopep8
+        configurator.add_view(self.add_comment, route_name='add_comment')
+
+        # delete comments
+        configurator.add_route(
+            'delete_comment',
+            '/workspaces/{workspace_id}/contents/{content_id}/comments/{comment_id}',  # nopep8
+            request_method='DELETE'
+        )
+        configurator.add_view(self.delete_comment, route_name='delete_comment')

tracim/views/contents_api/html_document_controller.py

+# coding=utf-8
+import typing
+
+import transaction
+from pyramid.config import Configurator
+
+from tracim.models.data import UserRoleInWorkspace
+
+try:  # Python 3.5+
+    from http import HTTPStatus
+except ImportError:
+    from http import client as HTTPStatus
+
+from tracim import TracimRequest
+from tracim.extensions import hapic
+from tracim.lib.core.content import ContentApi
+from tracim.views.controllers import Controller
+from tracim.views.core_api.schemas import HtmlDocumentContentSchema
+from tracim.views.core_api.schemas import HtmlDocumentRevisionSchema
+from tracim.views.core_api.schemas import SetContentStatusSchema
+from tracim.views.core_api.schemas import HtmlDocumentModifySchema
+from tracim.views.core_api.schemas import WorkspaceAndContentIdPathSchema
+from tracim.views.core_api.schemas import NoContentSchema
+from tracim.lib.utils.authorization import require_content_types
+from tracim.lib.utils.authorization import require_workspace_role
+from tracim.exceptions import WorkspaceNotFound
+from tracim.exceptions import ContentTypeNotAllowed
+from tracim.exceptions import InsufficientUserRoleInWorkspace
+from tracim.exceptions import NotAuthenticated
+from tracim.exceptions import AuthenticationFailed
+from tracim.models.context_models import ContentInContext
+from tracim.models.context_models import RevisionInContext
+from tracim.models.contents import ContentTypeLegacy as ContentType
+from tracim.models.contents import html_documents_type
+from tracim.models.revision_protection import new_revision
+
+HTML_DOCUMENT_ENDPOINTS_TAG = 'HTML documents'
+
+
+class HTMLDocumentController(Controller):
+
+    @hapic.with_api_doc(tags=[HTML_DOCUMENT_ENDPOINTS_TAG])
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(ContentTypeNotAllowed, HTTPStatus.BAD_REQUEST)
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([html_documents_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.output_body(HtmlDocumentContentSchema())
+    def get_html_document(self, context, request: TracimRequest, hapic_data=None) -> ContentInContext:  # nopep8
+        """
+        Get html document content
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        return api.get_content_in_context(content)
+
+    @hapic.with_api_doc(tags=[HTML_DOCUMENT_ENDPOINTS_TAG])
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
+    @require_content_types([html_documents_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.input_body(HtmlDocumentModifySchema())
+    @hapic.output_body(HtmlDocumentContentSchema())
+    def update_html_document(self, context, request: TracimRequest, hapic_data=None) -> ContentInContext:  # nopep8
+        """
+        update_html_document
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        with new_revision(
+                session=request.dbsession,
+                tm=transaction.manager,
+                content=content
+        ):
+            api.update_content(
+                item=content,
+                new_label=hapic_data.body.label,
+                new_content=hapic_data.body.raw_content,
+
+            )
+            api.save(content)
+        return api.get_content_in_context(content)
+
+    @hapic.with_api_doc(tags=[HTML_DOCUMENT_ENDPOINTS_TAG])
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([html_documents_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.output_body(HtmlDocumentRevisionSchema(many=True))
+    def get_html_document_revisions(
+            self,
+            context,
+            request: TracimRequest,
+            hapic_data=None
+    ) -> typing.List[RevisionInContext]:
+        """
+        get html_document revisions
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        revisions = content.revisions
+        return [
+            api.get_revision_in_context(revision)
+            for revision in revisions
+        ]
+
+    @hapic.with_api_doc(tags=[HTML_DOCUMENT_ENDPOINTS_TAG])
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
+    @require_content_types([html_documents_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.input_body(SetContentStatusSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def set_html_document_status(
+            self,
+            context,
+            request: TracimRequest,
+            hapic_data=None
+    ) -> None:
+        """
+        set html_document status
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        with new_revision(
+                session=request.dbsession,
+                tm=transaction.manager,
+                content=content
+        ):
+            api.set_status(
+                content,
+                hapic_data.body.status,
+            )
+            api.save(content)
+        return
+
+    def bind(self, configurator: Configurator) -> None:
+        # Get html-document
+        configurator.add_route(
+            'html_document',
+            '/workspaces/{workspace_id}/html-documents/{content_id}',
+            request_method='GET'
+        )
+        configurator.add_view(self.get_html_document, route_name='html_document')  # nopep8
+
+        # update html-document
+        configurator.add_route(
+            'update_html_document',
+            '/workspaces/{workspace_id}/html-documents/{content_id}',
+            request_method='PUT'
+        )  # nopep8
+        configurator.add_view(self.update_html_document, route_name='update_html_document')  # nopep8
+
+        # get html document revisions
+        configurator.add_route(
+            'html_document_revisions',
+            '/workspaces/{workspace_id}/html-documents/{content_id}/revisions',  # nopep8
+            request_method='GET'
+        )
+        configurator.add_view(self.get_html_document_revisions, route_name='html_document_revisions')  # nopep8
+
+        # get html document revisions
+        configurator.add_route(
+            'set_html_document_status',
+            '/workspaces/{workspace_id}/html-documents/{content_id}/status',  # nopep8
+            request_method='PUT'
+        )
+        configurator.add_view(self.set_html_document_status, route_name='set_html_document_status')  # nopep8

tracim/views/contents_api/threads_controller.py

+# coding=utf-8
+import typing
+
+import transaction
+from pyramid.config import Configurator
+from tracim.models.data import UserRoleInWorkspace
+
+try:  # Python 3.5+
+    from http import HTTPStatus
+except ImportError:
+    from http import client as HTTPStatus
+
+from tracim import TracimRequest
+from tracim.extensions import hapic
+from tracim.lib.core.content import ContentApi
+from tracim.views.controllers import Controller
+from tracim.views.core_api.schemas import ThreadContentSchema
+from tracim.views.core_api.schemas import ThreadRevisionSchema
+from tracim.views.core_api.schemas import SetContentStatusSchema
+from tracim.views.core_api.schemas import ThreadModifySchema
+from tracim.views.core_api.schemas import WorkspaceAndContentIdPathSchema
+from tracim.views.core_api.schemas import NoContentSchema
+from tracim.lib.utils.authorization import require_content_types
+from tracim.lib.utils.authorization import require_workspace_role
+from tracim.exceptions import WorkspaceNotFound, ContentTypeNotAllowed
+from tracim.exceptions import InsufficientUserRoleInWorkspace
+from tracim.exceptions import NotAuthenticated
+from tracim.exceptions import AuthenticationFailed
+from tracim.models.context_models import ContentInContext
+from tracim.models.context_models import RevisionInContext
+from tracim.models.contents import ContentTypeLegacy as ContentType
+from tracim.models.contents import thread_type
+from tracim.models.revision_protection import new_revision
+
+THREAD_ENDPOINTS_TAG = 'Threads'
+
+
+class ThreadController(Controller):
+
+    @hapic.with_api_doc(tags=[THREAD_ENDPOINTS_TAG])
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(ContentTypeNotAllowed, HTTPStatus.BAD_REQUEST)
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([thread_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.output_body(ThreadContentSchema())
+    def get_thread(self, context, request: TracimRequest, hapic_data=None) -> ContentInContext:  # nopep8
+        """
+        Get thread content
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        return api.get_content_in_context(content)
+
+    @hapic.with_api_doc(tags=[THREAD_ENDPOINTS_TAG])
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
+    @require_content_types([thread_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.input_body(ThreadModifySchema())
+    @hapic.output_body(ThreadContentSchema())
+    def update_thread(self, context, request: TracimRequest, hapic_data=None) -> ContentInContext:  # nopep8
+        """
+        update thread
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        with new_revision(
+                session=request.dbsession,
+                tm=transaction.manager,
+                content=content
+        ):
+            api.update_content(
+                item=content,
+                new_label=hapic_data.body.label,
+                new_content=hapic_data.body.raw_content,
+
+            )
+            api.save(content)
+        return api.get_content_in_context(content)
+
+    @hapic.with_api_doc(tags=[THREAD_ENDPOINTS_TAG])
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @require_content_types([thread_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.output_body(ThreadRevisionSchema(many=True))
+    def get_thread_revisions(
+            self,
+            context,
+            request: TracimRequest,
+            hapic_data=None
+    ) -> typing.List[RevisionInContext]:
+        """
+        get thread revisions
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        revisions = content.revisions
+        return [
+            api.get_revision_in_context(revision)
+            for revision in revisions
+        ]
+
+    @hapic.with_api_doc(tags=[THREAD_ENDPOINTS_TAG])
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
+    @require_content_types([thread_type])
+    @hapic.input_path(WorkspaceAndContentIdPathSchema())
+    @hapic.input_body(SetContentStatusSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def set_thread_status(self, context, request: TracimRequest, hapic_data=None) -> None:  # nopep8
+        """
+        set thread status
+        """
+        app_config = request.registry.settings['CFG']
+        api = ContentApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        content = api.get_one(
+            hapic_data.path.content_id,
+            content_type=ContentType.Any
+        )
+        with new_revision(
+                session=request.dbsession,
+                tm=transaction.manager,
+                content=content
+        ):
+            api.set_status(
+                content,
+                hapic_data.body.status,
+            )
+            api.save(content)
+        return
+
+    def bind(self, configurator: Configurator) -> None:
+        # Get thread
+        configurator.add_route(
+            'thread',
+            '/workspaces/{workspace_id}/threads/{content_id}',
+            request_method='GET'
+        )
+        configurator.add_view(self.get_thread, route_name='thread')  # nopep8
+
+        # update thread
+        configurator.add_route(
+            'update_thread',
+            '/workspaces/{workspace_id}/threads/{content_id}',
+            request_method='PUT'
+        )  # nopep8
+        configurator.add_view(self.update_thread, route_name='update_thread')  # nopep8
+
+        # get thread revisions
+        configurator.add_route(
+            'thread_revisions',
+            '/workspaces/{workspace_id}/threads/{content_id}/revisions',  # nopep8
+            request_method='GET'
+        )
+        configurator.add_view(self.get_thread_revisions, route_name='thread_revisions')  # nopep8
+
+        # get thread revisions
+        configurator.add_route(
+            'set_thread_status',
+            '/workspaces/{workspace_id}/threads/{content_id}/status',  # nopep8
+            request_method='PUT'
+        )
+        configurator.add_view(self.set_thread_status, route_name='set_thread_status')  # nopep8

tracim/views/core_api/schemas.py

 from marshmallow import post_load
 from marshmallow.validate import OneOf
 
+from tracim.lib.utils.utils import DATETIME_FORMAT
 from tracim.models.auth import Profile
 from tracim.models.contents import CONTENT_DEFAULT_TYPE
 from tracim.models.contents import CONTENT_DEFAULT_STATUS
 from tracim.models.contents import GlobalStatus
 from tracim.models.contents import open_status
 from tracim.models.context_models import ContentCreation
+from tracim.models.context_models import SetContentStatus
+from tracim.models.context_models import CommentCreation
+from tracim.models.context_models import CommentPath
 from tracim.models.context_models import MoveParams
 from tracim.models.context_models import WorkspaceAndContentPath
 from tracim.models.context_models import ContentFilter
 from tracim.models.context_models import LoginCredentials
+from tracim.models.context_models import HTMLDocumentUpdate
+from tracim.models.context_models import ThreadUpdate
 from tracim.models.data import UserRoleInWorkspace
 
 
-class UserSchema(marshmallow.Schema):
-
+class UserDigestSchema(marshmallow.Schema):
+    """
+    Simple user schema
+    """
     user_id = marshmallow.fields.Int(dump_only=True, example=3)
-    email = marshmallow.fields.Email(
-        required=True,
-        example='suri.cate@algoo.fr'
+    avatar_url = marshmallow.fields.Url(
+        allow_none=True,
+        example="/api/v2/assets/avatars/suri-cate.jpg",
+        description="avatar_url is the url to the image file. "
+                    "If no avatar, then set it to null "
+                    "(and frontend will interpret this with a default avatar)",
     )
     public_name = marshmallow.fields.String(
         example='Suri Cate',
     )
+
+
+class UserSchema(UserDigestSchema):
+    """
+    Complete user schema
+    """
+    email = marshmallow.fields.Email(
+        required=True,
+        example='suri.cate@algoo.fr'
+    )
     created = marshmallow.fields.DateTime(
-        format='%Y-%m-%dT%H:%M:%SZ',
+        format=DATETIME_FORMAT,
         description='User account creation date',
     )
     is_active = marshmallow.fields.Bool(
         example="/api/v2/calendar/user/3.ics/",
         description="The url for calendar CalDAV direct access",
     )
-    avatar_url = marshmallow.fields.Url(
-        allow_none=True,
-        example="/api/v2/assets/avatars/suri-cate.jpg",
-        description="avatar_url is the url to the image file. "
-                    "If no avatar, then set it to null "
-                    "(and frontend will interpret this with a default avatar)",
-    )
     profile = marshmallow.fields.String(
         attribute='profile',
         validate=OneOf(Profile._NAME),
     class Meta:
         description = 'User account of Tracim'
 
-
 # Path Schemas
 
 
     content_id = marshmallow.fields.Int(example=6, required=True)
 
 
-class WorkspaceAndContentIdPathSchema(WorkspaceIdPathSchema, ContentIdPathSchema):
+class WorkspaceAndContentIdPathSchema(
+    WorkspaceIdPathSchema,
+    ContentIdPathSchema
+):
     @post_load
     def make_path_object(self, data):
         return WorkspaceAndContentPath(**data)
 
 
+class CommentsPathSchema(WorkspaceAndContentIdPathSchema):
+    comment_id = marshmallow.fields.Int(
+        example=6,
+        description='id of a comment related to content content_id',
+        required=True
+    )
+    @post_load
+    def make_path_object(self, data):
+        return CommentPath(**data)
+
+
 class FilterContentQuerySchema(marshmallow.Schema):
     parent_id = marshmallow.fields.Int(
         example=2,
                     'The reason for this parameter to exist is for example '
                     'to allow to show only archived documents'
     )
+
     @post_load
     def make_content_filter(self, data):
         return ContentFilter(**data)
         description='Title of the content to create'
     )
     content_type = marshmallow.fields.String(
-        example='htmlpage',
+        example='html-documents',
         validate=OneOf([content.slug for content in CONTENT_DEFAULT_TYPE]),
     )
 
     )
     label = marshmallow.fields.Str(example='Intervention Report 12')
     content_type = marshmallow.fields.Str(
-        example='htmlpage',
+        example='html-documents',
         validate=OneOf([content.slug for content in CONTENT_DEFAULT_TYPE]),
     )
     sub_content_types = marshmallow.fields.List(
-        marshmallow.fields.Str,
+        marshmallow.fields.String(),
         description='list of content types allowed as sub contents. '
                     'This field is required for folder contents, '
                     'set it to empty list in other cases'
                     'for sub-contents. Default is True. '
                     'In first version of the API, this field is always True',
     )
+
+
+#####
+# Content
+#####
+
+class ContentSchema(ContentDigestSchema):
+    current_revision_id = marshmallow.fields.Int(example=12)
+    created = marshmallow.fields.DateTime(
+        format=DATETIME_FORMAT,
+        description='Content creation date',
+    )
+    author = marshmallow.fields.Nested(UserDigestSchema)
+    modified = marshmallow.fields.DateTime(
+        format=DATETIME_FORMAT,
+        description='date of last modification of content',
+    )
+    last_modifier = marshmallow.fields.Nested(UserDigestSchema)
+
+
+class ThreadContentSchema(ContentSchema):
+    content_type = marshmallow.fields.Str(
+        example='thread',
+        validate=OneOf([content.slug for content in CONTENT_DEFAULT_TYPE]),
+    )
+    raw_content = marshmallow.fields.String('Description of Thread')
+
+
+class HtmlDocumentContentSchema(ContentSchema):
+    content_type = marshmallow.fields.Str(
+        example='html-documents',
+        validate=OneOf([content.slug for content in CONTENT_DEFAULT_TYPE]),
+    )
+    raw_content = marshmallow.fields.String('<p>Html page Content!</p>')
+
+#####
+# Revision
+#####
+
+
+class RevisionSchema(ContentDigestSchema):
+    comment_ids = marshmallow.fields.List(marshmallow.fields.Int(example=4))
+    revision_id = marshmallow.fields.Int(example=12)
+    created = marshmallow.fields.DateTime(
+        format=DATETIME_FORMAT,
+        description='Content creation date',
+    )
+    author = marshmallow.fields.Nested(UserDigestSchema)
+
+
+class ThreadRevisionSchema(RevisionSchema):
+    content_type = marshmallow.fields.Str(
+        example='thread',
+        validate=OneOf([content.slug for content in CONTENT_DEFAULT_TYPE]),
+    )
+    raw_content = marshmallow.fields.String('Description of Thread')
+
+
+class HtmlDocumentRevisionSchema(RevisionSchema):
+    content_type = marshmallow.fields.Str(
+        example='html-documents',
+        validate=OneOf([content.slug for content in CONTENT_DEFAULT_TYPE]),
+    )
+    raw_content = marshmallow.fields.String('<p>Html page Content!</p>')
+
+
+####
+
+class CommentSchema(marshmallow.Schema):
+    content_id = marshmallow.fields.Int(example=6)
+    parent_id = marshmallow.fields.Int(example=34)
+    raw_content = marshmallow.fields.String(
+        example='<p>This is just an html comment !</p>'
+    )
+    author = marshmallow.fields.Nested(UserDigestSchema)
+    created = marshmallow.fields.DateTime(
+        format=DATETIME_FORMAT,
+        description='comment creation date',
+    )
+
+
+class ContentModifySchema(marshmallow.Schema):
+    label = marshmallow.fields.String(
+        example='contract for client XXX',
+        description='New title of the content'
+    )
+
+
+class HtmlDocumentModifySchema(ContentModifySchema):
+    raw_content = marshmallow.fields.String('<p>Html page Content!</p>')
+
+    @post_load
+    def html_document_update(self, data):
+        return HTMLDocumentUpdate(**data)
+
+
+class ThreadModifySchema(ContentModifySchema):
+    raw_content = marshmallow.fields.String('Description of Thread')
+
+    @post_load
+    def thread_update(self, data):
+        return ThreadUpdate(**data)
+
+
+class SetCommentSchema(marshmallow.Schema):
+    raw_content = marshmallow.fields.String(
+        example='<p>This is just an html comment !</p>'
+    )
+
+    @post_load
+    def create_comment(self, data):
+        return CommentCreation(**data)
+
+
+class SetContentStatusSchema(marshmallow.Schema):
+    status = marshmallow.fields.Str(
+        example='closed-deprecated',
+        validate=OneOf([status.slug for status in CONTENT_DEFAULT_STATUS]),
+        description='this slug is found in content_type available statuses',
+        default=open_status,
+        required=True,
+    )
+
+    @post_load
+    def set_status(self, data):
+        return SetContentStatus(**data)

tracim/views/core_api/session_controller.py

     @hapic.with_api_doc(tags=[SESSION_ENDPOINTS_TAG])
     @hapic.input_headers(LoginOutputHeaders())
     @hapic.input_body(BasicAuthSchema())
-    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.BAD_REQUEST)
+    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
     # TODO - G.M - 17-04-2018 - fix output header ?
     # @hapic.output_headers()
     @hapic.output_body(UserSchema(),)

tracim/views/core_api/workspace_controller.py

 from tracim.models.data import ActionDescription
 from tracim.models.context_models import UserRoleWorkspaceInContext
 from tracim.models.context_models import ContentInContext
-from tracim.exceptions import NotAuthenticated, InsufficientUserWorkspaceRole
+from tracim.exceptions import NotAuthenticated, InsufficientUserRoleInWorkspace
 from tracim.exceptions import WorkspaceNotFoundInTracimRequest
 from tracim.exceptions import WorkspacesDoNotMatch
-from tracim.exceptions import InsufficientUserProfile
 from tracim.exceptions import WorkspaceNotFound
 from tracim.views.controllers import Controller
 from tracim.views.core_api.schemas import FilterContentQuerySchema
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
     @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
     @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.READER)
     @hapic.input_path(WorkspaceIdPathSchema())
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
     @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
     @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.READER)
     @hapic.input_path(WorkspaceIdPathSchema())
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
     @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
     @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.READER)
     @hapic.input_path(WorkspaceIdPathSchema())
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
     @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
     @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
     @hapic.input_path(WorkspaceIdPathSchema())
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
     @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
     @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(InsufficientUserWorkspaceRole, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
     @hapic.handle_exception(WorkspacesDoNotMatch, HTTPStatus.BAD_REQUEST)
-    @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
-    @require_candidate_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
+    @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER)
+    @require_candidate_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER)
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
     @hapic.input_body(ContentMoveSchema())
     @hapic.output_body(ContentDigestSchema())
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
     @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
     @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
+    @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER)
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
     @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
     def delete_content(
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
     @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
     @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
+    @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER)
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
     @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
     def undelete_content(
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
     @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
     @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
+    @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER)
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
     @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
     def archive_content(
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
     @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
     @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
+    @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER)
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
     @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
     def unarchive_content(