Merge pull request #93 from tracim/fix/better_content_types_and_status_code

tracim/__init__.py

@@ -1,6 +1,8 @@
 # -*- coding: utf-8 -*-
-import json
-import time
+try:  # Python 3.5+
+    from http import HTTPStatus
+except ImportError:
+    from http import client as HTTPStatus
 
 from pyramid.config import Configurator
 from pyramid.authentication import BasicAuthAuthenticationPolicy
@@ -15,6 +17,7 @@ from tracim.lib.utils.authentification import basic_auth_check_credentials
 from tracim.lib.utils.authentification import BASIC_AUTH_WEBUI_REALM
 from tracim.lib.utils.authorization import AcceptAllAuthorizationPolicy
 from tracim.lib.utils.authorization import TRACIM_DEFAULT_PERM
+from tracim.lib.utils.cors import add_cors_support
 from tracim.lib.webdav import WebdavAppFactory
 from tracim.views import BASE_API_V2
 from tracim.views.contents_api.html_document_controller import HTMLDocumentController  # nopep8
@@ -25,7 +28,18 @@ from tracim.views.core_api.user_controller import UserController
 from tracim.views.core_api.workspace_controller import WorkspaceController
 from tracim.views.contents_api.comment_controller import CommentController
 from tracim.views.errors import ErrorSchema
-from tracim.lib.utils.cors import add_cors_support
+from tracim.exceptions import NotAuthenticated
+from tracim.exceptions import InvalidId
+from tracim.exceptions import InsufficientUserProfile
+from tracim.exceptions import InsufficientUserRoleInWorkspace
+from tracim.exceptions import WorkspaceNotFoundInTracimRequest
+from tracim.exceptions import UserNotFoundInTracimRequest
+from tracim.exceptions import ContentNotFoundInTracimRequest
+from tracim.exceptions import WorkspaceNotFound
+from tracim.exceptions import ContentNotFound
+from tracim.exceptions import UserDoesNotExist
+from tracim.exceptions import AuthenticationFailed
+from tracim.exceptions import ContentTypeNotAllowed
 
 
 def web(global_config, **local_settings):
@@ -66,9 +80,27 @@ def web(global_config, **local_settings):
         debug=app_config.DEBUG,
     )
     hapic.set_context(context)
-    context.handle_exception(NotFound, 404)
-    context.handle_exception(OperationalError, 500)
-    context.handle_exception(Exception, 500)
+    # INFO - G.M - 2018-07-04 - global-context exceptions
+    # Not found
+    context.handle_exception(NotFound, HTTPStatus.NOT_FOUND)
+    # Bad request
+    context.handle_exception(WorkspaceNotFoundInTracimRequest, HTTPStatus.BAD_REQUEST)  # nopep8
+    context.handle_exception(UserNotFoundInTracimRequest, HTTPStatus.BAD_REQUEST)  # nopep8
+    context.handle_exception(ContentNotFoundInTracimRequest, HTTPStatus.BAD_REQUEST)  # nopep8
+    context.handle_exception(WorkspaceNotFound, HTTPStatus.BAD_REQUEST)
+    context.handle_exception(UserDoesNotExist, HTTPStatus.BAD_REQUEST)
+    context.handle_exception(ContentNotFound, HTTPStatus.BAD_REQUEST)
+    context.handle_exception(ContentTypeNotAllowed, HTTPStatus.BAD_REQUEST)
+    context.handle_exception(InvalidId, HTTPStatus.BAD_REQUEST)
+    # Auth exception
+    context.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    context.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    context.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)  # nopep8
+    context.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
+    # Internal server error
+    context.handle_exception(OperationalError, HTTPStatus.INTERNAL_SERVER_ERROR)
+    context.handle_exception(Exception, HTTPStatus.INTERNAL_SERVER_ERROR)
+
     # Add controllers
     session_controller = SessionController()
     system_controller = SystemController()

tracim/exceptions.py

@@ -121,6 +121,25 @@ class ContentNotFoundInTracimRequest(TracimException):
     pass
 
 
+class InvalidId(TracimException):
+    pass
+
+
+class InvalidContentId(InvalidId):
+    pass
+
+
+class InvalidCommentId(InvalidId):
+    pass
+
+
+class InvalidWorkspaceId(InvalidId):
+    pass
+
+
+class InvalidUserId(InvalidId):
+    pass
+
 class ContentNotFound(TracimException):
     pass
 
@@ -131,3 +150,15 @@ class ContentTypeNotAllowed(TracimException):
 
 class WorkspacesDoNotMatch(TracimException):
     pass
+
+
+class EmptyValueNotAllowed(TracimException):
+    pass
+
+
+class EmptyLabelNotAllowed(EmptyValueNotAllowed):
+    pass
+
+
+class EmptyCommentContentNotAllowed(EmptyValueNotAllowed):
+    pass

tracim/lib/core/content.py

@@ -5,7 +5,6 @@ import datetime
 import re
 import typing
 from operator import itemgetter
-from operator import not_
 
 import transaction
 from sqlalchemy import func
@@ -26,6 +25,8 @@ from sqlalchemy.sql.elements import and_
 from tracim.lib.utils.utils import cmp_to_key
 from tracim.lib.core.notifications import NotifierFactory
 from tracim.exceptions import SameValueError
+from tracim.exceptions import EmptyCommentContentNotAllowed
+from tracim.exceptions import EmptyLabelNotAllowed
 from tracim.exceptions import ContentNotFound
 from tracim.exceptions import WorkspacesDoNotMatch
 from tracim.lib.utils.utils import current_date_for_filename
@@ -393,18 +394,34 @@ class ContentApi(object):
 
         return result
 
-    def create(self, content_type: str, workspace: Workspace, parent: Content=None, label:str ='', do_save=False, is_temporary: bool=False, do_notify=True) -> Content:
+    def create(self, content_type: str, workspace: Workspace, parent: Content=None, label: str ='', filename: str = '', do_save=False, is_temporary: bool=False, do_notify=True) -> Content:
+        # TODO - G.M - 2018-07-16 - raise Exception instead of assert
         assert content_type in ContentType.allowed_types()
+        assert not (label and filename)
 
         if content_type == ContentType.Folder and not label:
             label = self.generate_folder_label(workspace, parent)
 
         content = Content()
+
+        if filename:
+            # INFO - G.M - 2018-07-04 - File_name setting automatically
+            # set label and file_extension
+            content.file_name = label
+        elif label:
+            content.label = label
+        else:
+            if content_type == ContentType.Comment:
+                # INFO - G.M - 2018-07-16 - Default label for comments is
+                # empty string.
+                content.label = ''
+            else:
+                raise EmptyLabelNotAllowed('Content of this type should have a valid label')  # nopep8
+
         content.owner = self._user
         content.parent = parent
         content.workspace = workspace
         content.type = content_type
-        content.label = label
         content.is_temporary = is_temporary
         content.revision_type = ActionDescription.CREATION
 
@@ -419,13 +436,14 @@ class ContentApi(object):
             self.save(content, ActionDescription.CREATION, do_notify=do_notify)
         return content
 
-
     def create_comment(self, workspace: Workspace=None, parent: Content=None, content:str ='', do_save=False) -> Content:
-        assert parent  and parent.type!=ContentType.Folder
+        assert parent and parent.type != ContentType.Folder
+        if not content:
+            raise EmptyCommentContentNotAllowed()
         item = Content()
         item.owner = self._user
         item.parent = parent
-        if parent and not workspace:
+        if not workspace:
             workspace = item.parent.workspace
         item.workspace = workspace
         item.type = ContentType.Comment
@@ -437,7 +455,6 @@ class ContentApi(object):
             self.save(item, ActionDescription.COMMENT)
         return item
 
-
     def get_one_from_revision(self, content_id: int, content_type: str, workspace: Workspace=None, revision_id=None) -> Content:
         """
         This method is a hack to convert a node revision item into a node
@@ -474,6 +491,11 @@ class ContentApi(object):
         try:
             content = base_request.one()
         except NoResultFound as exc:
+            # TODO - G.M - 2018-07-16 - Add better support for all different
+            # error case who can happened here
+            # like content doesn't exist, wrong parent, wrong content_type, wrong workspace,
+            # wrong access to this workspace, wrong base filter according
+            # to content_status.
             raise ContentNotFound('Content "{}" not found in database'.format(content_id)) from exc  # nopep8
         return content
 
@@ -972,6 +994,8 @@ class ContentApi(object):
             # TODO - G.M - 20-03-2018 - Fix internatization for webdav access.
             # Internatization disabled in libcontent for now.
             raise SameValueError('The content did not changed')
+        if not new_label:
+            raise EmptyLabelNotAllowed()
         item.owner = self._user
         item.label = new_label
         item.description = new_content if new_content else item.description # TODO: convert urls into links

tracim/lib/utils/request.py

@@ -2,7 +2,12 @@
 from pyramid.request import Request
 from sqlalchemy.orm.exc import NoResultFound
 
-from tracim.exceptions import NotAuthenticated, ContentNotFound
+from tracim.exceptions import NotAuthenticated
+from tracim.exceptions import ContentNotFound
+from tracim.exceptions import InvalidUserId
+from tracim.exceptions import InvalidWorkspaceId
+from tracim.exceptions import InvalidContentId
+from tracim.exceptions import InvalidCommentId
 from tracim.exceptions import ContentNotFoundInTracimRequest
 from tracim.exceptions import WorkspaceNotFoundInTracimRequest
 from tracim.exceptions import UserNotFoundInTracimRequest
@@ -214,6 +219,9 @@ class TracimRequest(Request):
         comment_id = ''
         try:
             if 'comment_id' in request.matchdict:
+                comment_id_str = request.matchdict['content_id']
+                if not isinstance(comment_id_str, str) or not comment_id_str.isdecimal():  # nopep8
+                    raise InvalidCommentId('comment_id is not a correct integer')  # nopep8
                 comment_id = int(request.matchdict['comment_id'])
             if not comment_id:
                 raise ContentNotFoundInTracimRequest('No comment_id property found in request')  # nopep8
@@ -228,8 +236,6 @@ class TracimRequest(Request):
                 workspace=workspace,
                 parent=content,
             )
-        except JSONDecodeError as exc:
-            raise ContentNotFound('Invalid JSON content') from exc
         except NoResultFound as exc:
             raise ContentNotFound(
                 'Comment {} does not exist '
@@ -253,6 +259,9 @@ class TracimRequest(Request):
         content_id = ''
         try:
             if 'content_id' in request.matchdict:
+                content_id_str = request.matchdict['content_id']
+                if not isinstance(content_id_str, str) or not content_id_str.isdecimal():  # nopep8
+                    raise InvalidContentId('content_id is not a correct integer')  # nopep8
                 content_id = int(request.matchdict['content_id'])
             if not content_id:
                 raise ContentNotFoundInTracimRequest('No content_id property found in request')  # nopep8
@@ -262,8 +271,6 @@ class TracimRequest(Request):
                 config=request.registry.settings['CFG']
             )
             content = api.get_one(content_id=content_id, workspace=workspace, content_type=ContentType.Any)  # nopep8
-        except JSONDecodeError as exc:
-            raise ContentNotFound('Invalid JSON content') from exc
         except NoResultFound as exc:
             raise ContentNotFound(
                 'Content {} does not exist '
@@ -286,7 +293,10 @@ class TracimRequest(Request):
         try:
             login = None
             if 'user_id' in request.matchdict:
-                login = request.matchdict['user_id']
+                user_id_str = request.matchdict['user_id']
+                if not isinstance(user_id_str, str) or not user_id_str.isdecimal():
+                    raise InvalidUserId('user_id is not a correct integer')  # nopep8
+                login = int(request.matchdict['user_id'])
             if not login:
                 raise UserNotFoundInTracimRequest('You request a candidate user but the context not permit to found one')  # nopep8
             user = uapi.get_one(login)
@@ -329,7 +339,10 @@ class TracimRequest(Request):
         workspace_id = ''
         try:
             if 'workspace_id' in request.matchdict:
-                workspace_id = request.matchdict['workspace_id']
+                workspace_id_str = request.matchdict['workspace_id']
+                if not isinstance(workspace_id_str, str) or not workspace_id_str.isdecimal():  # nopep8
+                    raise InvalidWorkspaceId('workspace_id is not a correct integer')  # nopep8
+                workspace_id = int(request.matchdict['workspace_id'])
             if not workspace_id:
                 raise WorkspaceNotFoundInTracimRequest('No workspace_id property found in request')  # nopep8
             wapi = WorkspaceApi(
@@ -338,8 +351,6 @@ class TracimRequest(Request):
                 config=request.registry.settings['CFG']
             )
             workspace = wapi.get_one(workspace_id)
-        except JSONDecodeError as exc:
-            raise WorkspaceNotFound('Invalid JSON content') from exc
         except NoResultFound as exc:
             raise WorkspaceNotFound(
                 'Workspace {} does not exist '
@@ -362,6 +373,11 @@ class TracimRequest(Request):
         try:
             if 'new_workspace_id' in request.json_body:
                 workspace_id = request.json_body['new_workspace_id']
+                if not isinstance(workspace_id, int):
+                    if workspace_id.isdecimal():
+                        workspace_id = int(workspace_id)
+                    else:
+                        raise InvalidWorkspaceId('workspace_id is not a correct integer')  # nopep8
             if not workspace_id:
                 raise WorkspaceNotFoundInTracimRequest('No new_workspace_id property found in body')  # nopep8
             wapi = WorkspaceApi(

tracim/lib/webdav/utils.py

@@ -176,6 +176,7 @@ class FakeFileStream(object):
         is_temporary = self._file_name.startswith('.~') or self._file_name.startswith('~')
 
         file = self._api.create(
+            filename=self._file_name,
             content_type=ContentType.File,
             workspace=self._workspace,
             parent=self._parent,

tracim/models/context_models.py

@@ -110,22 +110,9 @@ class SetContentStatus(object):
         self.status = status
 
 
-class HTMLDocumentUpdate(object):
+class TextBasedContentUpdate(object):
     """
-    Html Document update model
-    """
-    def __init__(
-            self,
-            label: str,
-            raw_content: str,
-    ) -> None:
-        self.label = label
-        self.raw_content = raw_content
-
-
-class ThreadUpdate(object):
-    """
-    Thread update model
+    TextBasedContent update model
     """
     def __init__(
             self,
@@ -351,10 +338,6 @@ class ContentInContext(object):
         return self.content.content_id
 
     @property
-    def id(self) -> int:
-        return self.content_id
-
-    @property
     def parent_id(self) -> int:
         """
         Return parent_id of the content
@@ -458,10 +441,6 @@ class RevisionInContext(object):
         return self.revision.content_id
 
     @property
-    def id(self) -> int:
-        return self.content_id
-
-    @property
     def parent_id(self) -> int:
         """
         Return parent_id of the content

tracim/tests/functional/test_comments.py

@@ -94,6 +94,26 @@ class TestCommentsEndpoint(FunctionalTest):
         assert len(res.json_body) == 4
         assert comment == res.json_body[3]
 
+    def test_api__post_content_comment__err_400__empty_raw_content(self) -> None:
+        """
+        Get alls comments of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'raw_content': ''
+        }
+        res = self.testapp.post_json(
+            '/api/v2/workspaces/2/contents/7/comments',
+            params=params,
+            status=400
+        )
+
     def test_api__delete_content_comment__ok_200__user_is_owner_and_workspace_manager(self) -> None:  # nopep8
         """
         delete comment (user is workspace_manager and owner)

tracim/tests/functional/test_contents.py

@@ -13,22 +13,6 @@ class TestHtmlDocuments(FunctionalTest):
 
     fixtures = [BaseFixture, ContentFixtures]
 
-    def test_api__get_html_document__err_400__wrong_content_type(self) -> None:
-        """
-        Get one html document of a content
-        """
-        self.testapp.authorization = (
-            'Basic',
-            (
-                'admin@admin.admin',
-                'admin@admin.admin'
-            )
-        )
-        res = self.testapp.get(
-            '/api/v2/workspaces/2/html-documents/7',
-            status=400
-        )   # nopep8
-
     def test_api__get_html_document__ok_200__legacy_slug(self) -> None:
         """
         Get one html document of a content
@@ -44,7 +28,7 @@ class TestHtmlDocuments(FunctionalTest):
         res = self.testapp.get(
             '/api/v2/workspaces/2/html-documents/6',
             status=200
-        )   # nopep8
+        )
         content = res.json_body
         assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 6
@@ -85,7 +69,7 @@ class TestHtmlDocuments(FunctionalTest):
         res = self.testapp.get(
             '/api/v2/workspaces/2/html-documents/6',
             status=200
-        )   # nopep8
+        )
         content = res.json_body
         assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 6
@@ -112,6 +96,123 @@ class TestHtmlDocuments(FunctionalTest):
         assert content['last_modifier']['avatar_url'] is None
         assert content['raw_content'] == '<p>To cook a great Tiramisu, you need many ingredients.</p>'  # nopep8
 
+    def test_api__get_html_document__err_400__wrong_content_type(self) -> None:
+        """
+        Get one html document of a content content 7 is not html_document
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/html-documents/7',
+            status=400
+        )
+
+    def test_api__get_html_document__err_400__content_does_not_exist(self) -> None:  # nopep8
+        """
+        Get one html document of a content (content 170 does not exist in db
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/html-documents/170',
+            status=400
+        )
+
+    def test_api__get_html_document__err_400__content_not_in_workspace(self) -> None:  # nopep8
+        """
+        Get one html document of a content (content 6 is in workspace 2)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/1/html-documents/6',
+            status=400
+        )
+
+    def test_api__get_html_document__err_400__workspace_does_not_exist(self) -> None:  # nopep8
+        """
+        Get one html document of a content (Workspace 40 does not exist)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/40/html-documents/6',
+            status=400
+        )
+
+    def test_api__get_html_document__err_400__workspace_id_is_not_int(self) -> None:  # nopep8
+        """
+        Get one html document of a content, workspace id is not int
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/coucou/html-documents/6',
+            status=400
+        )
+
+    def test_api__get_html_document__err_400__content_id_is_not_int(self) -> None:  # nopep8
+        """
+        Get one html document of a content, content_id is not int
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/html-documents/coucou',
+            status=400
+        )
+
+    def test_api__update_html_document__err_400__empty_label(self) -> None:  # nopep8
+        """
+        Update(put) one html document of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'label': '',
+            'raw_content': '<p> Le nouveau contenu </p>',
+        }
+        res = self.testapp.put_json(
+            '/api/v2/workspaces/2/html-documents/6',
+            params=params,
+            status=400
+        )
+
     def test_api__update_html_document__ok_200__nominal_case(self) -> None:
         """
         Update(put) one html document of a content
@@ -158,7 +259,7 @@ class TestHtmlDocuments(FunctionalTest):
         res = self.testapp.get(
             '/api/v2/workspaces/2/html-documents/6',
             status=200
-        )   # nopep8
+        )
         content = res.json_body
         assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 6
@@ -284,7 +385,7 @@ class TestHtmlDocuments(FunctionalTest):
         res = self.testapp.get(
             '/api/v2/workspaces/2/html-documents/6',
             status=200
-        )   # nopep8
+        )
         content = res.json_body
         assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 6
@@ -301,12 +402,32 @@ class TestHtmlDocuments(FunctionalTest):
         res = self.testapp.get(
             '/api/v2/workspaces/2/html-documents/6',
             status=200
-        )   # nopep8
+        )
         content = res.json_body
         assert content['content_type'] == 'html-documents'
         assert content['content_id'] == 6
         assert content['status'] == 'closed-deprecated'
 
+    def test_api__set_html_document_status__err_400__wrong_status(self) -> None:
+        """
+        Get one html document of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'status': 'unexistant-status',
+        }
+        res = self.testapp.put_json(
+            '/api/v2/workspaces/2/html-documents/6/status',
+            params=params,
+            status=400
+        )
+
 
 class TestThreads(FunctionalTest):
     """
@@ -330,7 +451,7 @@ class TestThreads(FunctionalTest):
         res = self.testapp.get(
             '/api/v2/workspaces/2/threads/6',
             status=400
-        )   # nopep8
+        )
 
     def test_api__get_thread__ok_200__nominal_case(self) -> None:
         """
@@ -373,9 +494,89 @@ class TestThreads(FunctionalTest):
         assert content['last_modifier']['avatar_url'] is None
         assert content['raw_content'] == 'What is the best cake?'  # nopep8
 
+    def test_api__get_thread__err_400__content_does_not_exist(self) -> None:
+        """
+        Get one thread (content 170 does not exist)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/threads/170',
+            status=400
+        )
+
+    def test_api__get_thread__err_400__content_not_in_workspace(self) -> None:
+        """
+        Get one thread(content 7 is in workspace 2)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/1/threads/7',
+            status=400
+        )
+
+    def test_api__get_thread__err_400__workspace_does_not_exist(self) -> None:  # nopep8
+        """
+        Get one thread (Workspace 40 does not exist)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/40/threads/7',
+            status=400
+        )
+
+    def test_api__get_thread__err_400__workspace_id_is_not_int(self) -> None:  # nopep8
+        """
+        Get one thread, workspace id is not int
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/coucou/threads/7',
+            status=400
+        )
+
+    def test_api__get_thread__err_400_content_id_is_not_int(self) -> None:  # nopep8
+        """
+        Get one thread, content id is not int
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/2/threads/coucou',
+            status=400
+        )
+
     def test_api__update_thread__ok_200__nominal_case(self) -> None:
         """
-        Update(put) one html document of a content
+        Update(put) thread
         """
         self.testapp.authorization = (
             'Basic',
@@ -443,11 +644,32 @@ class TestThreads(FunctionalTest):
         assert content['last_modifier'] == content['author']
         assert content['raw_content'] == '<p> Le nouveau contenu </p>'
 
+    def test_api__update_thread__err_400__empty_label(self) -> None:
+        """
+        Update(put) thread
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'label': '',
+            'raw_content': '<p> Le nouveau contenu </p>',
+        }
+        res = self.testapp.put_json(
+            '/api/v2/workspaces/2/threads/7',
+            params=params,
+            status=400
+        )
+
     def test_api__get_thread_revisions__ok_200__nominal_case(
             self
     ) -> None:
         """
-        Get one html document of a content
+        Get threads revisions
         """
         self.testapp.authorization = (
             'Basic',
@@ -505,7 +727,7 @@ class TestThreads(FunctionalTest):
 
     def test_api__set_thread_status__ok_200__nominal_case(self) -> None:
         """
-        Get one html document of a content
+        Set thread status
         """
         self.testapp.authorization = (
             'Basic',
@@ -544,3 +766,24 @@ class TestThreads(FunctionalTest):
         assert content['content_type'] == 'thread'
         assert content['content_id'] == 7
         assert content['status'] == 'closed-deprecated'
+
+    def test_api__set_thread_status__ok_400__wrong_status(self) -> None:
+        """
+        Set thread status
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'status': 'unexistant-status',
+        }
+
+        res = self.testapp.put_json(
+            '/api/v2/workspaces/2/threads/7/status',
+            params=params,
+            status=400
+        )

tracim/tests/functional/test_user.py

@@ -118,7 +118,7 @@ class TestUserWorkspaceEndpoint(FunctionalTest):
         assert 'message' in res.json.keys()
         assert 'details' in res.json.keys()
 
-    def test_api__get_user_workspaces__err_404__user_does_not_exist(self):
+    def test_api__get_user_workspaces__err_400__user_does_not_exist(self):
         """
         Check obtain all workspaces reachables for one user who does
         not exist
@@ -131,7 +131,7 @@ class TestUserWorkspaceEndpoint(FunctionalTest):
                 'admin@admin.admin'
             )
         )
-        res = self.testapp.get('/api/v2/users/5/workspaces', status=404)
+        res = self.testapp.get('/api/v2/users/5/workspaces', status=400)
         assert isinstance(res.json, dict)
         assert 'code' in res.json.keys()
         assert 'message' in res.json.keys()

tracim/tests/functional/test_workspaces.py

@@ -83,7 +83,7 @@ class TestWorkspaceEndpoint(FunctionalTest):
         assert sidebar_entry['hexcolor'] == "#757575"
         assert sidebar_entry['fa_icon'] == "calendar"
 
-    def test_api__get_workspace__err_403__unallowed_user(self) -> None:
+    def test_api__get_workspace__err_400__unallowed_user(self) -> None:
         """
         Check obtain workspace unreachable for user
         """
@@ -94,7 +94,7 @@ class TestWorkspaceEndpoint(FunctionalTest):
                 'foobarbaz'
             )
         )
-        res = self.testapp.get('/api/v2/workspaces/1', status=403)
+        res = self.testapp.get('/api/v2/workspaces/1', status=400)
         assert isinstance(res.json, dict)
         assert 'code' in res.json.keys()
         assert 'message' in res.json.keys()
@@ -117,7 +117,7 @@ class TestWorkspaceEndpoint(FunctionalTest):
         assert 'message' in res.json.keys()
         assert 'details' in res.json.keys()
 
-    def test_api__get_workspace__err_403__workspace_does_not_exist(self) -> None:  # nopep8
+    def test_api__get_workspace__err_400__workspace_does_not_exist(self) -> None:  # nopep8
         """
         Check obtain workspace who does not exist with an existing user.
         """
@@ -128,7 +128,7 @@ class TestWorkspaceEndpoint(FunctionalTest):
                 'admin@admin.admin'
             )
         )
-        res = self.testapp.get('/api/v2/workspaces/5', status=403)
+        res = self.testapp.get('/api/v2/workspaces/5', status=400)
         assert isinstance(res.json, dict)
         assert 'code' in res.json.keys()
         assert 'message' in res.json.keys()
@@ -164,7 +164,7 @@ class TestWorkspaceMembersEndpoint(FunctionalTest):
         # by correct value when avatar feature will be enabled
         assert user_role['user']['avatar_url'] is None
 
-    def test_api__get_workspace_members__err_403__unallowed_user(self):
+    def test_api__get_workspace_members__err_400__unallowed_user(self):
         """
         Check obtain workspace members list with an unreachable workspace for
         user
@@ -176,7 +176,7 @@ class TestWorkspaceMembersEndpoint(FunctionalTest):
                 'foobarbaz'
             )
         )
-        res = self.testapp.get('/api/v2/workspaces/3/members', status=403)
+        res = self.testapp.get('/api/v2/workspaces/3/members', status=400)
         assert isinstance(res.json, dict)
         assert 'code' in res.json.keys()
         assert 'message' in res.json.keys()
@@ -199,7 +199,7 @@ class TestWorkspaceMembersEndpoint(FunctionalTest):
         assert 'message' in res.json.keys()
         assert 'details' in res.json.keys()
 
-    def test_api__get_workspace_members__err_403__workspace_does_not_exist(self):  # nopep8
+    def test_api__get_workspace_members__err_400__workspace_does_not_exist(self):  # nopep8
         """
         Check obtain workspace members list with an existing user but
         an unexisting workspace
@@ -211,7 +211,7 @@ class TestWorkspaceMembersEndpoint(FunctionalTest):
                 'admin@admin.admin'
             )
         )
-        res = self.testapp.get('/api/v2/workspaces/5/members', status=403)
+        res = self.testapp.get('/api/v2/workspaces/5/members', status=400)
         assert isinstance(res.json, dict)
         assert 'code' in res.json.keys()
         assert 'message' in res.json.keys()
@@ -739,7 +739,7 @@ class TestWorkspaceContents(FunctionalTest):
 
     # Error case
 
-    def test_api__get_workspace_content__err_403__unallowed_user(self):
+    def test_api__get_workspace_content__err_400__unallowed_user(self):
         """
         Check obtain workspace content list with an unreachable workspace for
         user
@@ -751,7 +751,7 @@ class TestWorkspaceContents(FunctionalTest):
                 'foobarbaz'
             )
         )
-        res = self.testapp.get('/api/v2/workspaces/3/contents', status=403)
+        res = self.testapp.get('/api/v2/workspaces/3/contents', status=400)
         assert isinstance(res.json, dict)
         assert 'code' in res.json.keys()
         assert 'message' in res.json.keys()
@@ -774,7 +774,7 @@ class TestWorkspaceContents(FunctionalTest):
         assert 'message' in res.json.keys()
         assert 'details' in res.json.keys()
 
-    def test_api__get_workspace_content__err_403__workspace_does_not_exist(self):  # nopep8
+    def test_api__get_workspace_content__err_400__workspace_does_not_exist(self):  # nopep8
         """
         Check obtain workspace contents list with an existing user but
         an unexisting workspace
@@ -786,7 +786,7 @@ class TestWorkspaceContents(FunctionalTest):
                 'admin@admin.admin'
             )
         )
-        res = self.testapp.get('/api/v2/workspaces/5/contents', status=403)
+        res = self.testapp.get('/api/v2/workspaces/5/contents', status=400)
         assert isinstance(res.json, dict)
         assert 'code' in res.json.keys()
         assert 'message' in res.json.keys()
@@ -834,6 +834,48 @@ class TestWorkspaceContents(FunctionalTest):
         active_contents = self.testapp.get('/api/v2/workspaces/1/contents', params=params_active, status=200).json_body  # nopep8
         assert res.json_body in active_contents
 
+    def test_api__post_content_create_generic_content__err_400__empty_label(self) -> None:  # nopep8
+        """
+        Create generic content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'label': '',
+            'content_type': 'markdownpage',
+        }
+        res = self.testapp.post_json(
+            '/api/v2/workspaces/1/contents',
+            params=params,
+            status=400
+        )
+
+    def test_api__post_content_create_generic_content__err_400__wrong_content_type(self) -> None:  # nopep8
+        """
+        Create generic content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'label': 'GenericCreatedContent',
+            'content_type': 'unexistent-content-type',
+        }
+        res = self.testapp.post_json(
+            '/api/v2/workspaces/1/contents',
+            params=params,
+            status=400,
+        )
+
     def test_api_put_move_content__ok_200__nominal_case(self):
         """
         Move content

tracim/tests/library/test_content_api.py

@@ -128,10 +128,20 @@ class TestContentApi(DefaultTest):
             session=self.session,
             config=self.app_config,
         )
-        item = api.create(ContentType.Folder, workspace, None,
-                          'not_deleted', True)
-        item2 = api.create(ContentType.Folder, workspace, None,
-                           'to_delete', True)
+        item = api.create(
+            content_type=ContentType.Folder,
+            workspace=workspace,
+            parent=None,
+            label='not_deleted',
+            do_save=True
+        )
+        item2 = api.create(
+            content_type=ContentType.Folder,
+            workspace=workspace,
+            parent=None,
+            label='to_delete',
+            do_save=True
+        )
         uid = user.user_id
         wid = workspace.workspace_id
         transaction.commit()
@@ -229,10 +239,20 @@ class TestContentApi(DefaultTest):
             session=self.session,
             config=self.app_config,
         )
-        item = api.create(ContentType.Folder, workspace, None,
-                          'not_archived', True)
-        item2 = api.create(ContentType.Folder, workspace, None,
-                           'to_archive', True)
+        item = api.create(
+            content_type=ContentType.Folder,
+            workspace=workspace,
+            parent=None,
+            label='not_archived',
+            do_save=True
+        )
+        item2 = api.create(
+            content_type=ContentType.Folder,
+            workspace=workspace,
+            parent=None,
+            label='to_archive',
+            do_save=True
+        )
         uid = user.user_id
         wid = workspace.workspace_id
         transaction.commit()
@@ -337,9 +357,20 @@ class TestContentApi(DefaultTest):
             session=self.session,
             config=self.app_config,
         )
-        item = api.create(ContentType.Folder, workspace, None,
-                          'thefolder', True)
-        item2 = api.create(ContentType.File, workspace, None, 'thefile', True)
+        item = api.create(
+            content_type=ContentType.Folder,
+            workspace=workspace,
+            parent=None,
+            label='thefolder',
+            do_save=True
+        )
+        item2 = api.create(
+            content_type=ContentType.File,
+            workspace=workspace,
+            parent=None,
+            label='thefile',
+            do_save=True
+        )
         uid = user.user_id
         wid = workspace.workspace_id
         transaction.commit()
@@ -475,7 +506,7 @@ class TestContentApi(DefaultTest):
             session=self.session,
             config=self.app_config,
         )
-        c = api.create(ContentType.Folder, workspace, None, 'parent', True)
+        c = api.create(ContentType.Folder, workspace, None, 'parent', '', True)
         with new_revision(
             session=self.session,
             tm=transaction.manager,
@@ -515,7 +546,7 @@ class TestContentApi(DefaultTest):
             session=self.session,
             config=self.app_config,
         )
-        c = api.create(ContentType.Folder, workspace, None, 'parent', True)
+        c = api.create(ContentType.Folder, workspace, None, 'parent', '', True)
         with new_revision(
             session=self.session,
             tm=transaction.manager,
@@ -625,6 +656,7 @@ class TestContentApi(DefaultTest):
             workspace,
             None,
             'folder a',
+            '',
             True
         )
         with self.session.no_autoflush:
@@ -661,6 +693,7 @@ class TestContentApi(DefaultTest):
             workspace2,
             None,
             'folder b',
+            '',
             True
         )
 
@@ -744,6 +777,7 @@ class TestContentApi(DefaultTest):
             workspace,
             None,
             'folder a',
+            '',
             True
         )
         with self.session.no_autoflush:
@@ -780,6 +814,7 @@ class TestContentApi(DefaultTest):
             workspace2,
             None,
             'folder b',
+            '',
             True
         )
         api2.copy(
@@ -860,6 +895,7 @@ class TestContentApi(DefaultTest):
             workspace,
             None,
             'folder a',
+            '',
             True
         )
         with self.session.no_autoflush:
@@ -1248,8 +1284,13 @@ class TestContentApi(DefaultTest):
             config=self.app_config,
         )
 
-        p = api.create(ContentType.Page, workspace, None,
-                       'this_is_a_page', True)
+        p = api.create(
+            content_type=ContentType.Page,
+            workspace=workspace,
+            parent=None,
+            label='this_is_a_page',
+            do_save=True
+        )
 
         u1id = user1.user_id
         u2id = user2.user_id
@@ -1453,8 +1494,13 @@ class TestContentApi(DefaultTest):
             session=self.session,
             config=self.app_config,
         )
-        p = api.create(ContentType.File, workspace, None,
-                       'this_is_a_page', True)
+        p = api.create(
+            content_type=ContentType.File,
+            workspace=workspace,
+            parent=None,
+            label='this_is_a_page',
+            do_save=True
+        )
 
         u1id = user1.user_id
         u2id = user2.user_id
@@ -1666,8 +1712,13 @@ class TestContentApi(DefaultTest):
             show_archived=True,
             config=self.app_config,
         )
-        p = api.create(ContentType.File, workspace, None,
-                       'this_is_a_page', True)
+        p = api.create(
+            content_type=ContentType.File,
+            workspace=workspace,
+            parent=None,
+            label='this_is_a_page',
+            do_save=True
+        )
 
         u1id = user1.user_id
         u2id = user2.user_id
@@ -1822,8 +1873,13 @@ class TestContentApi(DefaultTest):
             config=self.app_config,
             show_deleted=True,
         )
-        p = api.create(ContentType.File, workspace, None,
-                       'this_is_a_page', True)
+        p = api.create(
+            content_type=ContentType.File,
+            workspace=workspace,
+            parent=None,
+            label='this_is_a_page',
+            do_save=True
+        )
 
         u1id = user1.user_id
         u2id = user2.user_id
@@ -1957,9 +2013,9 @@ class TestContentApi(DefaultTest):
             config=self.app_config,
         )
         a = api.create(ContentType.Folder, workspace, None,
-                       'this is randomized folder', True)
+                       'this is randomized folder', '', True)
         p = api.create(ContentType.Page, workspace, a,
-                       'this is randomized label content', True)
+                       'this is randomized label content', '', True)
 
         with new_revision(
             session=self.session,
@@ -2013,9 +2069,9 @@ class TestContentApi(DefaultTest):
             config=self.app_config,
         )
         a = api.create(ContentType.Folder, workspace, None,
-                       'this is randomized folder', True)
+                       'this is randomized folder', '', True)
         p = api.create(ContentType.Page, workspace, a,
-                       'this is dummy label content', True)
+                       'this is dummy label content', '', True)
 
         with new_revision(
             tm=transaction.manager,
@@ -2065,11 +2121,27 @@ class TestContentApi(DefaultTest):
             session=self.session,
             config=self.app_config,
         )
-        a = api.create(ContentType.Folder, workspace, None,
-                       'this is randomized folder', True)
-        p1 = api.create(ContentType.Page, workspace, a,
-                        'this is dummy label content', True)
-        p2 = api.create(ContentType.Page, workspace, a, 'Hey ! Jon !', True)
+        a = api.create(
+            content_type=ContentType.Folder,
+            workspace=workspace,
+            parent=None,
+            label='this is randomized folder',
+            do_save=True
+        )
+        p1 = api.create(
+            content_type=ContentType.Page,
+            workspace=workspace,
+            parent=a,
+            label='this is dummy label content',
+            do_save=True
+        )
+        p2 = api.create(
+            content_type=ContentType.Page,
+            workspace=workspace,
+            parent=a,
+            label='Hey ! Jon !',
+            do_save=True
+        )
 
         with new_revision(
             session=self.session,

tracim/tests/library/test_webdav.py

@@ -95,6 +95,7 @@ class TestWebDav(StandardTest):
                        self.session,
                        self.app_config
                        ).get_one_by_email(email)
+
     def _put_new_text_file(
             self,
             provider,

tracim/views/contents_api/comment_controller.py

@@ -19,10 +19,7 @@ from tracim.views.core_api.schemas import CommentsPathSchema
 from tracim.views.core_api.schemas import SetCommentSchema
 from tracim.views.core_api.schemas import WorkspaceAndContentIdPathSchema
 from tracim.views.core_api.schemas import NoContentSchema
-from tracim.exceptions import WorkspaceNotFound
-from tracim.exceptions import InsufficientUserRoleInWorkspace
-from tracim.exceptions import NotAuthenticated
-from tracim.exceptions import AuthenticationFailed
+from tracim.exceptions import EmptyCommentContentNotAllowed
 from tracim.models.contents import ContentTypeLegacy as ContentType
 from tracim.models.revision_protection import new_revision
 from tracim.models.data import UserRoleInWorkspace
@@ -33,13 +30,9 @@ COMMENT_ENDPOINTS_TAG = 'Comments'
 class CommentController(Controller):
 
     @hapic.with_api_doc(tags=[COMMENT_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.READER)
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
-    @hapic.output_body(CommentSchema(many=True),)
+    @hapic.output_body(CommentSchema(many=True))
     def content_comments(self, context, request: TracimRequest, hapic_data=None):
         """
         Get all comments related to a content in asc order (first is the oldest)
@@ -63,14 +56,11 @@ class CommentController(Controller):
         ]
 
     @hapic.with_api_doc(tags=[COMMENT_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(EmptyCommentContentNotAllowed, HTTPStatus.BAD_REQUEST)  # nopep8
     @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
     @hapic.input_body(SetCommentSchema())
-    @hapic.output_body(CommentSchema(),)
+    @hapic.output_body(CommentSchema())
     def add_comment(self, context, request: TracimRequest, hapic_data=None):
         """
         Add new comment
@@ -95,10 +85,6 @@ class CommentController(Controller):
         return api.get_content_in_context(comment)
 
     @hapic.with_api_doc(tags=[COMMENT_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
     @require_comment_ownership_or_role(
         minimal_required_role_for_anyone=UserRoleInWorkspace.WORKSPACE_MANAGER,
         minimal_required_role_for_owner=UserRoleInWorkspace.CONTRIBUTOR,

tracim/views/contents_api/html_document_controller.py

@@ -15,19 +15,15 @@ from tracim import TracimRequest
 from tracim.extensions import hapic
 from tracim.lib.core.content import ContentApi
 from tracim.views.controllers import Controller
-from tracim.views.core_api.schemas import HtmlDocumentContentSchema
-from tracim.views.core_api.schemas import HtmlDocumentRevisionSchema
+from tracim.views.core_api.schemas import TextBasedContentSchema
+from tracim.views.core_api.schemas import TextBasedRevisionSchema
+from tracim.views.core_api.schemas import TextBasedContentModifySchema
 from tracim.views.core_api.schemas import SetContentStatusSchema
-from tracim.views.core_api.schemas import HtmlDocumentModifySchema
 from tracim.views.core_api.schemas import WorkspaceAndContentIdPathSchema
 from tracim.views.core_api.schemas import NoContentSchema
 from tracim.lib.utils.authorization import require_content_types
 from tracim.lib.utils.authorization import require_workspace_role
-from tracim.exceptions import WorkspaceNotFound
-from tracim.exceptions import ContentTypeNotAllowed
-from tracim.exceptions import InsufficientUserRoleInWorkspace
-from tracim.exceptions import NotAuthenticated
-from tracim.exceptions import AuthenticationFailed
+from tracim.exceptions import EmptyLabelNotAllowed
 from tracim.models.context_models import ContentInContext
 from tracim.models.context_models import RevisionInContext
 from tracim.models.contents import ContentTypeLegacy as ContentType
@@ -40,15 +36,10 @@ HTML_DOCUMENT_ENDPOINTS_TAG = 'HTML documents'
 class HTMLDocumentController(Controller):
 
     @hapic.with_api_doc(tags=[HTML_DOCUMENT_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(ContentTypeNotAllowed, HTTPStatus.BAD_REQUEST)
     @require_workspace_role(UserRoleInWorkspace.READER)
     @require_content_types([html_documents_type])
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
-    @hapic.output_body(HtmlDocumentContentSchema())
+    @hapic.output_body(TextBasedContentSchema())
     def get_html_document(self, context, request: TracimRequest, hapic_data=None) -> ContentInContext:  # nopep8
         """
         Get html document content
@@ -66,15 +57,12 @@ class HTMLDocumentController(Controller):
         return api.get_content_in_context(content)
 
     @hapic.with_api_doc(tags=[HTML_DOCUMENT_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST)
     @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
     @require_content_types([html_documents_type])
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
-    @hapic.input_body(HtmlDocumentModifySchema())
-    @hapic.output_body(HtmlDocumentContentSchema())
+    @hapic.input_body(TextBasedContentModifySchema())
+    @hapic.output_body(TextBasedContentSchema())
     def update_html_document(self, context, request: TracimRequest, hapic_data=None) -> ContentInContext:  # nopep8
         """
         update_html_document
@@ -104,14 +92,10 @@ class HTMLDocumentController(Controller):
         return api.get_content_in_context(content)
 
     @hapic.with_api_doc(tags=[HTML_DOCUMENT_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.READER)
     @require_content_types([html_documents_type])
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
-    @hapic.output_body(HtmlDocumentRevisionSchema(many=True))
+    @hapic.output_body(TextBasedRevisionSchema(many=True))
     def get_html_document_revisions(
             self,
             context,
@@ -138,10 +122,6 @@ class HTMLDocumentController(Controller):
         ]
 
     @hapic.with_api_doc(tags=[HTML_DOCUMENT_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
     @require_content_types([html_documents_type])
     @hapic.input_path(WorkspaceAndContentIdPathSchema())

tracim/views/contents_api/threads_controller.py

@@ -14,18 +14,15 @@ from tracim import TracimRequest
 from tracim.extensions import hapic
 from tracim.lib.core.content import ContentApi
 from tracim.views.controllers import Controller
-from tracim.views.core_api.schemas import ThreadContentSchema
-from tracim.views.core_api.schemas import ThreadRevisionSchema
+from tracim.views.core_api.schemas import TextBasedContentSchema
+from tracim.views.core_api.schemas import TextBasedRevisionSchema
 from tracim.views.core_api.schemas import SetContentStatusSchema
-from tracim.views.core_api.schemas import ThreadModifySchema
+from tracim.views.core_api.schemas import TextBasedContentModifySchema
 from tracim.views.core_api.schemas import WorkspaceAndContentIdPathSchema
 from tracim.views.core_api.schemas import NoContentSchema
 from tracim.lib.utils.authorization import require_content_types
 from tracim.lib.utils.authorization import require_workspace_role
-from tracim.exceptions import WorkspaceNotFound, ContentTypeNotAllowed
-from tracim.exceptions import InsufficientUserRoleInWorkspace
-from tracim.exceptions import NotAuthenticated
-from tracim.exceptions import AuthenticationFailed
+from tracim.exceptions import EmptyLabelNotAllowed
 from tracim.models.context_models import ContentInContext
 from tracim.models.context_models import RevisionInContext
 from tracim.models.contents import ContentTypeLegacy as ContentType
@@ -38,15 +35,10 @@ THREAD_ENDPOINTS_TAG = 'Threads'
 class ThreadController(Controller):
 
     @hapic.with_api_doc(tags=[THREAD_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(ContentTypeNotAllowed, HTTPStatus.BAD_REQUEST)
     @require_workspace_role(UserRoleInWorkspace.READER)
     @require_content_types([thread_type])
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
-    @hapic.output_body(ThreadContentSchema())
+    @hapic.output_body(TextBasedContentSchema())
     def get_thread(self, context, request: TracimRequest, hapic_data=None) -> ContentInContext:  # nopep8
         """
         Get thread content
@@ -64,15 +56,12 @@ class ThreadController(Controller):
         return api.get_content_in_context(content)
 
     @hapic.with_api_doc(tags=[THREAD_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST)
     @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
     @require_content_types([thread_type])
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
-    @hapic.input_body(ThreadModifySchema())
-    @hapic.output_body(ThreadContentSchema())
+    @hapic.input_body(TextBasedContentModifySchema())
+    @hapic.output_body(TextBasedContentSchema())
     def update_thread(self, context, request: TracimRequest, hapic_data=None) -> ContentInContext:  # nopep8
         """
         update thread
@@ -102,14 +91,10 @@ class ThreadController(Controller):
         return api.get_content_in_context(content)
 
     @hapic.with_api_doc(tags=[THREAD_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.READER)
     @require_content_types([thread_type])
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
-    @hapic.output_body(ThreadRevisionSchema(many=True))
+    @hapic.output_body(TextBasedRevisionSchema(many=True))
     def get_thread_revisions(
             self,
             context,
@@ -136,10 +121,6 @@ class ThreadController(Controller):
         ]
 
     @hapic.with_api_doc(tags=[THREAD_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
     @require_content_types([thread_type])
     @hapic.input_path(WorkspaceAndContentIdPathSchema())

tracim/views/core_api/schemas.py

@@ -2,23 +2,23 @@
 import marshmallow
 from marshmallow import post_load
 from marshmallow.validate import OneOf
+from marshmallow.validate import Range
 
 from tracim.lib.utils.utils import DATETIME_FORMAT
 from tracim.models.auth import Profile
-from tracim.models.contents import CONTENT_DEFAULT_TYPE
-from tracim.models.contents import CONTENT_DEFAULT_STATUS
 from tracim.models.contents import GlobalStatus
 from tracim.models.contents import open_status
+from tracim.models.contents import ContentTypeLegacy as ContentType
+from tracim.models.contents import ContentStatusLegacy as ContentStatus
 from tracim.models.context_models import ContentCreation
-from tracim.models.context_models import SetContentStatus
 from tracim.models.context_models import CommentCreation
+from tracim.models.context_models import TextBasedContentUpdate
+from tracim.models.context_models import SetContentStatus
 from tracim.models.context_models import CommentPath
 from tracim.models.context_models import MoveParams
 from tracim.models.context_models import WorkspaceAndContentPath
 from tracim.models.context_models import ContentFilter
 from tracim.models.context_models import LoginCredentials
-from tracim.models.context_models import HTMLDocumentUpdate
-from tracim.models.context_models import ThreadUpdate
 from tracim.models.data import UserRoleInWorkspace
 
 
@@ -80,15 +80,30 @@ class UserSchema(UserDigestSchema):
 
 
 class UserIdPathSchema(marshmallow.Schema):
-    user_id = marshmallow.fields.Int(example=3, required=True)
+    user_id = marshmallow.fields.Int(
+        example=3,
+        required=True,
+        description='id of a valid user',
+        validate=Range(min=1, error="Value must be greater than 0"),
+    )
 
 
 class WorkspaceIdPathSchema(marshmallow.Schema):
-    workspace_id = marshmallow.fields.Int(example=4, required=True)
+    workspace_id = marshmallow.fields.Int(
+        example=4,
+        required=True,
+        description='id of a valid workspace',
+        validate=Range(min=1, error="Value must be greater than 0"),
+    )
 
 
 class ContentIdPathSchema(marshmallow.Schema):
-    content_id = marshmallow.fields.Int(example=6, required=True)
+    content_id = marshmallow.fields.Int(
+        example=6,
+        required=True,
+        description='id of a valid content',
+        validate=Range(min=1, error="Value must be greater than 0"),
+    )
 
 
 class WorkspaceAndContentIdPathSchema(
@@ -103,8 +118,9 @@ class WorkspaceAndContentIdPathSchema(
 class CommentsPathSchema(WorkspaceAndContentIdPathSchema):
     comment_id = marshmallow.fields.Int(
         example=6,
-        description='id of a comment related to content content_id',
-        required=True
+        description='id of a valid comment related to content content_id',
+        required=True,
+        validate=Range(min=1, error="Value must be greater than 0"),
     )
     @post_load
     def make_path_object(self, data):
@@ -119,19 +135,22 @@ class FilterContentQuerySchema(marshmallow.Schema):
                     ' If not set, then return all contents.'
                     ' If set to 0, then return root contents.'
                     ' If set to another value, return all contents'
-                    ' directly included in the folder parent_id'
+                    ' directly included in the folder parent_id',
+        validate=Range(min=0, error="Value must be positive or 0"),
     )
     show_archived = marshmallow.fields.Int(
         example=0,
         default=0,
         description='if set to 1, then show archived contents.'
-                    ' Default is 0 - hide archived content'
+                    ' Default is 0 - hide archived content',
+        validate=Range(min=0, max=1, error="Value must be 0 or 1"),
     )
     show_deleted = marshmallow.fields.Int(
         example=0,
         default=0,
         description='if set to 1, then show deleted contents.'
-                    ' Default is 0 - hide deleted content'
+                    ' Default is 0 - hide deleted content',
+        validate=Range(min=0, max=1, error="Value must be 0 or 1"),
     )
     show_active = marshmallow.fields.Int(
         example=1,
@@ -141,7 +160,8 @@ class FilterContentQuerySchema(marshmallow.Schema):
                     ' Note: active content are content '
                     'that is neither archived nor deleted. '
                     'The reason for this parameter to exist is for example '
-                    'to allow to show only archived documents'
+                    'to allow to show only archived documents',
+        validate=Range(min=0, max=1, error="Value must be 0 or 1"),
     )
 
     @post_load
@@ -205,7 +225,10 @@ class WorkspaceMenuEntrySchema(marshmallow.Schema):
 
 
 class WorkspaceDigestSchema(marshmallow.Schema):
-    workspace_id = marshmallow.fields.Int(example=4)
+    workspace_id = marshmallow.fields.Int(
+        example=4,
+        validate=Range(min=1, error="Value must be greater than 0"),
+    )
     slug = marshmallow.fields.String(example='intranet')
     label = marshmallow.fields.String(example='Intranet')
     sidebar_entries = marshmallow.fields.Nested(
@@ -229,8 +252,14 @@ class WorkspaceMemberSchema(marshmallow.Schema):
         example='contributor',
         validate=OneOf(UserRoleInWorkspace.get_all_role_slug())
     )
-    user_id = marshmallow.fields.Int(example=3)
-    workspace_id = marshmallow.fields.Int(example=4)
+    user_id = marshmallow.fields.Int(
+        example=3,
+        validate=Range(min=1, error="Value must be greater than 0"),
+    )
+    workspace_id = marshmallow.fields.Int(
+        example=4,
+        validate=Range(min=1, error="Value must be greater than 0"),
+    )
     user = marshmallow.fields.Nested(
         UserSchema(only=('public_name', 'avatar_url'))
     )
@@ -286,7 +315,7 @@ class StatusSchema(marshmallow.Schema):
 class ContentTypeSchema(marshmallow.Schema):
     slug = marshmallow.fields.String(
         example='pagehtml',
-        validate=OneOf([content.slug for content in CONTENT_DEFAULT_TYPE]),
+        validate=OneOf(ContentType.allowed_types()),
     )
     fa_icon = marshmallow.fields.String(
         example='fa-file-text-o',
@@ -319,11 +348,13 @@ class ContentMoveSchema(marshmallow.Schema):
         description='id of the new parent content id.',
         allow_none=True,
         required=True,
+        validate=Range(min=0, error="Value must be positive or 0"),
     )
     new_workspace_id = marshmallow.fields.Int(
         example=2,
         description='id of the new workspace id.',
-        required=True
+        required=True,
+        validate=Range(min=1, error="Value must be greater than 0"),
     )
 
     @post_load
@@ -338,7 +369,7 @@ class ContentCreationSchema(marshmallow.Schema):
     )
     content_type = marshmallow.fields.String(
         example='html-documents',
-        validate=OneOf([content.slug for content in CONTENT_DEFAULT_TYPE]),
+        validate=OneOf(ContentType.allowed_types_for_folding()),  # nopep8
     )
 
     @post_load
@@ -347,30 +378,38 @@ class ContentCreationSchema(marshmallow.Schema):
 
 
 class ContentDigestSchema(marshmallow.Schema):
-    content_id = marshmallow.fields.Int(example=6)
+    content_id = marshmallow.fields.Int(
+        example=6,
+        validate=Range(min=1, error="Value must be greater than 0"),
+    )
     slug = marshmallow.fields.Str(example='intervention-report-12')
     parent_id = marshmallow.fields.Int(
         example=34,
         allow_none=True,
-        default=None
+        default=None,
+        validate=Range(min=0, error="Value must be positive or 0"),
     )
     workspace_id = marshmallow.fields.Int(
         example=19,
+        validate=Range(min=1, error="Value must be greater than 0"),
     )
     label = marshmallow.fields.Str(example='Intervention Report 12')
     content_type = marshmallow.fields.Str(
         example='html-documents',
-        validate=OneOf([content.slug for content in CONTENT_DEFAULT_TYPE]),
+        validate=OneOf(ContentType.allowed_types()),
     )
     sub_content_types = marshmallow.fields.List(
-        marshmallow.fields.String(),
+        marshmallow.fields.String(
+            example='html-content',
+            validate=OneOf(ContentType.allowed_types())
+        ),
         description='list of content types allowed as sub contents. '
                     'This field is required for folder contents, '
                     'set it to empty list in other cases'
     )
     status = marshmallow.fields.Str(
         example='closed-deprecated',
-        validate=OneOf([status.slug for status in CONTENT_DEFAULT_STATUS]),
+        validate=OneOf(ContentStatus.allowed_values()),
         description='this slug is found in content_type available statuses',
         default=open_status
     )
@@ -403,20 +442,15 @@ class ContentSchema(ContentDigestSchema):
     last_modifier = marshmallow.fields.Nested(UserDigestSchema)
 
 
-class ThreadContentSchema(ContentSchema):
-    content_type = marshmallow.fields.Str(
-        example='thread',
-        validate=OneOf([content.slug for content in CONTENT_DEFAULT_TYPE]),
+class TextBasedDataAbstractSchema(marshmallow.Schema):
+    raw_content = marshmallow.fields.String(
+        description='Content of the object, may be raw text or <b>html</b> for example'  # nopep8
     )
-    raw_content = marshmallow.fields.String('Description of Thread')
 
 
-class HtmlDocumentContentSchema(ContentSchema):
-    content_type = marshmallow.fields.Str(
-        example='html-documents',
-        validate=OneOf([content.slug for content in CONTENT_DEFAULT_TYPE]),
-    )
-    raw_content = marshmallow.fields.String('<p>Html page Content!</p>')
+class TextBasedContentSchema(ContentSchema, TextBasedDataAbstractSchema):
+    pass
+
 
 #####
 # Revision
@@ -424,8 +458,16 @@ class HtmlDocumentContentSchema(ContentSchema):
 
 
 class RevisionSchema(ContentDigestSchema):
-    comment_ids = marshmallow.fields.List(marshmallow.fields.Int(example=4))
-    revision_id = marshmallow.fields.Int(example=12)
+    comment_ids = marshmallow.fields.List(
+        marshmallow.fields.Int(
+            example=4,
+            validate=Range(min=1, error="Value must be greater than 0"),
+        )
+    )
+    revision_id = marshmallow.fields.Int(
+        example=12,
+        validate=Range(min=1, error="Value must be greater than 0"),
+    )
     created = marshmallow.fields.DateTime(
         format=DATETIME_FORMAT,
         description='Content creation date',
@@ -433,27 +475,19 @@ class RevisionSchema(ContentDigestSchema):
     author = marshmallow.fields.Nested(UserDigestSchema)
 
 
-class ThreadRevisionSchema(RevisionSchema):
-    content_type = marshmallow.fields.Str(
-        example='thread',
-        validate=OneOf([content.slug for content in CONTENT_DEFAULT_TYPE]),
-    )
-    raw_content = marshmallow.fields.String('Description of Thread')
-
-
-class HtmlDocumentRevisionSchema(RevisionSchema):
-    content_type = marshmallow.fields.Str(
-        example='html-documents',
-        validate=OneOf([content.slug for content in CONTENT_DEFAULT_TYPE]),
-    )
-    raw_content = marshmallow.fields.String('<p>Html page Content!</p>')
-
+class TextBasedRevisionSchema(RevisionSchema, TextBasedDataAbstractSchema):
+    pass
 
-####
 
 class CommentSchema(marshmallow.Schema):
-    content_id = marshmallow.fields.Int(example=6)
-    parent_id = marshmallow.fields.Int(example=34)
+    content_id = marshmallow.fields.Int(
+        example=6,
+        validate=Range(min=1, error="Value must be greater than 0"),
+    )
+    parent_id = marshmallow.fields.Int(
+        example=34,
+        validate=Range(min=0, error="Value must be positive or 0"),
+    )
     raw_content = marshmallow.fields.String(
         example='<p>This is just an html comment !</p>'
     )
@@ -464,43 +498,35 @@ class CommentSchema(marshmallow.Schema):
     )
 
 
-class ContentModifySchema(marshmallow.Schema):
-    label = marshmallow.fields.String(
-        example='contract for client XXX',
-        description='New title of the content'
+class SetCommentSchema(marshmallow.Schema):
+    raw_content = marshmallow.fields.String(
+        example='<p>This is just an html comment !</p>'
     )
 
+    @post_load()
+    def create_comment(self, data):
+        return CommentCreation(**data)
 
-class HtmlDocumentModifySchema(ContentModifySchema):
-    raw_content = marshmallow.fields.String('<p>Html page Content!</p>')
-
-    @post_load
-    def html_document_update(self, data):
-        return HTMLDocumentUpdate(**data)
-
-
-class ThreadModifySchema(ContentModifySchema):
-    raw_content = marshmallow.fields.String('Description of Thread')
 
-    @post_load
-    def thread_update(self, data):
-        return ThreadUpdate(**data)
+class ContentModifyAbstractSchema(marshmallow.Schema):
+    label = marshmallow.fields.String(
+        required=True,
+        example='contract for client XXX',
+        description='New title of the content'
+    )
 
 
-class SetCommentSchema(marshmallow.Schema):
-    raw_content = marshmallow.fields.String(
-        example='<p>This is just an html comment !</p>'
-    )
+class TextBasedContentModifySchema(ContentModifyAbstractSchema, TextBasedDataAbstractSchema):  # nopep8
 
     @post_load
-    def create_comment(self, data):
-        return CommentCreation(**data)
+    def text_based_content_update(self, data):
+        return TextBasedContentUpdate(**data)
 
 
 class SetContentStatusSchema(marshmallow.Schema):
     status = marshmallow.fields.Str(
         example='closed-deprecated',
-        validate=OneOf([status.slug for status in CONTENT_DEFAULT_STATUS]),
+        validate=OneOf(ContentStatus.allowed_values()),
         description='this slug is found in content_type available statuses',
         default=open_status,
         required=True,

tracim/views/core_api/session_controller.py

@@ -24,11 +24,9 @@ class SessionController(Controller):
     @hapic.with_api_doc(tags=[SESSION_ENDPOINTS_TAG])
     @hapic.input_headers(LoginOutputHeaders())
     @hapic.input_body(BasicAuthSchema())
-    @hapic.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
     # TODO - G.M - 17-04-2018 - fix output header ?
     # @hapic.output_headers()
     @hapic.output_body(UserSchema(),)
-    #@hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
     def login(self, context, request: TracimRequest, hapic_data=None):
         """
         Logs user into the system
@@ -54,7 +52,6 @@ class SessionController(Controller):
         return
 
     @hapic.with_api_doc(tags=[SESSION_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
     @hapic.output_body(UserSchema(),)
     def whoami(self, context, request: TracimRequest, hapic_data=None):
         """

tracim/views/core_api/system_controller.py

@@ -5,7 +5,7 @@ from tracim.exceptions import InsufficientUserProfile
 from tracim.lib.utils.authorization import require_profile
 from tracim.models import Group
 from tracim.models.applications import applications
-from tracim.models.contents import CONTENT_DEFAULT_TYPE
+from tracim.models.contents import ContentTypeLegacy as ContentType
 
 try:  # Python 3.5+
     from http import HTTPStatus
@@ -20,11 +20,10 @@ from tracim.views.core_api.schemas import ContentTypeSchema
 
 SYSTEM_ENDPOINTS_TAG = 'System'
 
+
 class SystemController(Controller):
 
     @hapic.with_api_doc(tags=[SYSTEM_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
     @require_profile(Group.TIM_USER)
     @hapic.output_body(ApplicationSchema(many=True),)
     def applications(self, context, request: TracimRequest, hapic_data=None):
@@ -34,16 +33,15 @@ class SystemController(Controller):
         return applications
 
     @hapic.with_api_doc(tags=[SYSTEM_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
     @require_profile(Group.TIM_USER)
     @hapic.output_body(ContentTypeSchema(many=True),)
     def content_types(self, context, request: TracimRequest, hapic_data=None):
         """
         Get list of alls content types availables in this tracim instance.
         """
-
-        return CONTENT_DEFAULT_TYPE
+        content_types_slugs = ContentType.allowed_types_for_folding()
+        content_types = [ContentType(slug) for slug in content_types_slugs]
+        return content_types
 
     def bind(self, configurator: Configurator) -> None:
         """

tracim/views/core_api/user_controller.py

@@ -26,9 +26,6 @@ USER_ENDPOINTS_TAG = 'Users'
 class UserController(Controller):
 
     @hapic.with_api_doc(tags=[USER_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(UserDoesNotExist, HTTPStatus.NOT_FOUND)
     @require_same_user_or_profile(Group.TIM_ADMIN)
     @hapic.input_path(UserIdPathSchema())
     @hapic.output_body(WorkspaceDigestSchema(many=True),)

tracim/views/core_api/workspace_controller.py

@@ -11,16 +11,14 @@ from tracim import TracimRequest
 from tracim.lib.core.workspace import WorkspaceApi
 from tracim.lib.core.content import ContentApi
 from tracim.lib.core.userworkspace import RoleApi
-from tracim.lib.utils.authorization import require_workspace_role, \
-    require_candidate_workspace_role
+from tracim.lib.utils.authorization import require_workspace_role
+from tracim.lib.utils.authorization import require_candidate_workspace_role
 from tracim.models.data import UserRoleInWorkspace
 from tracim.models.data import ActionDescription
 from tracim.models.context_models import UserRoleWorkspaceInContext
 from tracim.models.context_models import ContentInContext
-from tracim.exceptions import NotAuthenticated, InsufficientUserRoleInWorkspace
-from tracim.exceptions import WorkspaceNotFoundInTracimRequest
+from tracim.exceptions import EmptyLabelNotAllowed
 from tracim.exceptions import WorkspacesDoNotMatch
-from tracim.exceptions import WorkspaceNotFound
 from tracim.views.controllers import Controller
 from tracim.views.core_api.schemas import FilterContentQuerySchema
 from tracim.views.core_api.schemas import ContentMoveSchema
@@ -40,9 +38,6 @@ WORKSPACE_ENDPOINTS_TAG = 'Workspaces'
 class WorkspaceController(Controller):
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.READER)
     @hapic.input_path(WorkspaceIdPathSchema())
     @hapic.output_body(WorkspaceSchema())
@@ -60,9 +55,6 @@ class WorkspaceController(Controller):
         return wapi.get_workspace_with_context(request.current_workspace)
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.READER)
     @hapic.input_path(WorkspaceIdPathSchema())
     @hapic.output_body(WorkspaceMemberSchema(many=True))
@@ -89,9 +81,6 @@ class WorkspaceController(Controller):
         ]
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.READER)
     @hapic.input_path(WorkspaceIdPathSchema())
     @hapic.input_query(FilterContentQuerySchema())
@@ -125,10 +114,8 @@ class WorkspaceController(Controller):
         return contents
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.CONTRIBUTOR)
+    @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST)
     @hapic.input_path(WorkspaceIdPathSchema())
     @hapic.input_body(ContentCreationSchema())
     @hapic.output_body(ContentDigestSchema())
@@ -137,7 +124,7 @@ class WorkspaceController(Controller):
             context,
             request: TracimRequest,
             hapic_data=None,
-    ) -> typing.List[ContentInContext]:
+    ) -> ContentInContext:
         """
         create a generic empty content
         """
@@ -158,9 +145,6 @@ class WorkspaceController(Controller):
         return content
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
     @hapic.handle_exception(WorkspacesDoNotMatch, HTTPStatus.BAD_REQUEST)
     @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER)
     @require_candidate_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER)
@@ -213,9 +197,6 @@ class WorkspaceController(Controller):
         return api.get_content_in_context(updated_content)
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER)
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
     @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
@@ -248,9 +229,6 @@ class WorkspaceController(Controller):
         return
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER)
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
     @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
@@ -284,9 +262,6 @@ class WorkspaceController(Controller):
         return
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER)
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
     @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
@@ -316,9 +291,6 @@ class WorkspaceController(Controller):
         return
 
     @hapic.with_api_doc(tags=[WORKSPACE_ENDPOINTS_TAG])
-    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
-    @hapic.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)
-    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
     @require_workspace_role(UserRoleInWorkspace.CONTENT_MANAGER)
     @hapic.input_path(WorkspaceAndContentIdPathSchema())
     @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8