do not create content if not allowed

backend/tracim_backend/exceptions.py

@@ -203,3 +203,7 @@ class PageOfPreviewNotFound(NotFound):
 
 class PreviewDimNotAllowed(TracimException):
     pass
+
+
+class UnallowedSubContent(TracimException):
+    pass

backend/tracim_backend/lib/core/content.py

@@ -25,7 +25,7 @@ from sqlalchemy.sql.elements import and_
 
 from tracim_backend.lib.utils.utils import cmp_to_key
 from tracim_backend.lib.core.notifications import NotifierFactory
-from tracim_backend.exceptions import SameValueError
+from tracim_backend.exceptions import SameValueError, UnallowedSubContent
 from tracim_backend.exceptions import PageOfPreviewNotFound
 from tracim_backend.exceptions import PreviewDimNotAllowed
 from tracim_backend.exceptions import RevisionDoesNotMatchThisContent
@@ -408,13 +408,31 @@ class ContentApi(object):
 
     def create(self, content_type_slug: str, workspace: Workspace, parent: Content=None, label: str = '', filename: str = '', do_save=False, is_temporary: bool=False, do_notify=True) -> Content:
         # TODO - G.M - 2018-07-16 - raise Exception instead of assert
-        assert content_type_slug in CONTENT_TYPES.query_allowed_types_slugs()
         assert content_type_slug != CONTENT_TYPES.Any_SLUG
         assert not (label and filename)
 
         if content_type_slug == CONTENT_TYPES.Folder.slug and not label:
             label = self.generate_folder_label(workspace, parent)
 
+        if not workspace:
+            workspace = parent.workspace
+
+        content_type = CONTENT_TYPES.get_one_by_slug(content_type_slug)
+        if parent:
+            if content_type.slug not in parent.properties['allowed_content'] or not parent.properties['allowed_content'][content_type.slug]:
+                raise UnallowedSubContent(' SubContent of type {subcontent_type}  not allowed in content {content_id}'.format(  # nopep8
+                    subcontent_type=content_type.slug,
+                    content_id=parent.content_id,
+                ))
+
+        if content_type.slug not in workspace.get_allowed_content_types():
+            raise UnallowedSubContent(
+                ' SubContent of type {subcontent_type}  not allowed in workspace {content_id}'.format(  # nopep8
+                    subcontent_type=content_type.slug,
+                    content_id=workspace.workspace_id,
+                )
+            )
+
         content = Content()
 
         if filename:
@@ -433,8 +451,9 @@ class ContentApi(object):
 
         content.owner = self._user
         content.parent = parent
+
         content.workspace = workspace
-        content.type = content_type_slug
+        content.type = content_type.slug
         content.is_temporary = is_temporary
         content.revision_type = ActionDescription.CREATION
 
@@ -450,6 +469,7 @@ class ContentApi(object):
         return content
 
     def create_comment(self, workspace: Workspace=None, parent: Content=None, content:str ='', do_save=False) -> Content:
+        # TODO: check parent allowed_type and workspace allowed_ type
         assert parent and parent.type != CONTENT_TYPES.Folder.slug
         if not content:
             raise EmptyCommentContentNotAllowed()

backend/tracim_backend/models/contents.py

@@ -228,6 +228,7 @@ class ContentTypeList(object):
         """
         content_types = self._content_types.copy()
         content_types.extend(self._special_contents_types)
+        content_types.append(self.Event)
         for item in content_types:
             if item.slug == slug or (item.slug_alias and slug in item.slug_alias):  # nopep8
                 return item

backend/tracim_backend/models/data.py

@@ -87,7 +87,7 @@ class Workspace(DeclarativeBase):
 
     def get_allowed_content_types(self):
         # @see Content.get_allowed_content_types()
-        return CONTENT_TYPES.endpoint_allowed_types_slug()
+        return CONTENT_TYPES.extended_endpoint_allowed_types_slug()
 
     def get_valid_children(
             self,

backend/tracim_backend/tests/library/test_content_api.py

@@ -9,7 +9,8 @@ from tracim_backend.lib.core.content import ContentApi
 # TODO - G.M - 28-03-2018 - [GroupApi] Re-enable GroupApi
 from tracim_backend.lib.core.group import GroupApi
 from tracim_backend.lib.core.user import UserApi
-from tracim_backend.exceptions import SameValueError
+from tracim_backend.exceptions import SameValueError, EmptyLabelNotAllowed, \
+    UnallowedSubContent
 # TODO - G.M - 28-03-2018 - [RoleApi] Re-enable RoleApi
 from tracim_backend.lib.core.workspace import RoleApi
 # TODO - G.M - 28-03-2018 - [WorkspaceApi] Re-enable WorkspaceApi
@@ -101,6 +102,181 @@ class TestContentApi(DefaultTest):
             'value is {} instead of {}'.format(sorteds[1].content_id,
                                                c1.content_id))
 
+    def test_unit__create_content__OK_nominal_case(self):
+        uapi = UserApi(
+            session=self.session,
+            config=self.app_config,
+            current_user=None,
+        )
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        groups = [group_api.get_one(Group.TIM_USER),
+                  group_api.get_one(Group.TIM_MANAGER),
+                  group_api.get_one(Group.TIM_ADMIN)]
+
+        user = uapi.create_minimal_user(email='this.is@user',
+                                        groups=groups, save_now=True)
+        workspace = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_workspace('test workspace', save_now=True)
+        api = ContentApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
+        item = api.create(
+            content_type_slug=CONTENT_TYPES.Folder.slug,
+            workspace=workspace,
+            parent=None,
+            label='not_deleted',
+            do_save=True
+        )
+        assert isinstance(item, Content)
+
+    def test_unit__create_content__err_empty_label(self):
+        uapi = UserApi(
+            session=self.session,
+            config=self.app_config,
+            current_user=None,
+        )
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        groups = [group_api.get_one(Group.TIM_USER),
+                  group_api.get_one(Group.TIM_MANAGER),
+                  group_api.get_one(Group.TIM_ADMIN)]
+
+        user = uapi.create_minimal_user(email='this.is@user',
+                                        groups=groups, save_now=True)
+        workspace = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_workspace('test workspace', save_now=True)
+        api = ContentApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
+        with pytest.raises(EmptyLabelNotAllowed):
+            api.create(
+                content_type_slug=CONTENT_TYPES.Thread.slug,
+                workspace=workspace,
+                parent=None,
+                label='',
+                do_save=True
+            )
+
+    def test_unit__create_content__err_content_type_not_allowed_in_this_folder(self):
+        uapi = UserApi(
+            session=self.session,
+            config=self.app_config,
+            current_user=None,
+        )
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        groups = [group_api.get_one(Group.TIM_USER),
+                  group_api.get_one(Group.TIM_MANAGER),
+                  group_api.get_one(Group.TIM_ADMIN)]
+
+        user = uapi.create_minimal_user(email='this.is@user',
+                                        groups=groups, save_now=True)
+        workspace = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_workspace('test workspace', save_now=True)
+        api = ContentApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
+        folder = api.create(
+            content_type_slug=CONTENT_TYPES.Folder.slug,
+            workspace=workspace,
+            parent=None,
+            label='plop',
+            do_save=False
+        )
+        allowed_content_dict = {CONTENT_TYPES.Folder.slug: True, CONTENT_TYPES.File.slug: False} # nopep8
+        api.set_allowed_content(
+            folder,
+            allowed_content_dict=allowed_content_dict
+        )
+        api.save(content=folder)
+        # not in list -> do not allow
+        with pytest.raises(UnallowedSubContent):
+            api.create(
+                content_type_slug=CONTENT_TYPES.Event.slug,
+                workspace=workspace,
+                parent=folder,
+                label='lapin',
+                do_save=True
+            )
+        # in list but false -> do not allow
+        with pytest.raises(UnallowedSubContent):
+            api.create(
+                content_type_slug=CONTENT_TYPES.File.slug,
+                workspace=workspace,
+                parent=folder,
+                label='lapin',
+                do_save=True
+            )
+        # in list and true -> allow
+        api.create(
+            content_type_slug=CONTENT_TYPES.Folder.slug,
+            workspace=workspace,
+            parent=folder,
+            label='lapin',
+            do_save=True
+        )
+
+    def test_unit__create_content__err_content_type_not_allowed_in_this_workspace(self):
+        uapi = UserApi(
+            session=self.session,
+            config=self.app_config,
+            current_user=None,
+        )
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        groups = [group_api.get_one(Group.TIM_USER),
+                  group_api.get_one(Group.TIM_MANAGER),
+                  group_api.get_one(Group.TIM_ADMIN)]
+
+        user = uapi.create_minimal_user(email='this.is@user',
+                                        groups=groups, save_now=True)
+        workspace = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_workspace('test workspace', save_now=True)
+        api = ContentApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
+        with pytest.raises(UnallowedSubContent):
+            api.create(
+                content_type_slug=CONTENT_TYPES.Event.slug,
+                workspace=workspace,
+                parent=None,
+                label='lapin',
+                do_save=True
+            )
+
     def test_delete(self):
         uapi = UserApi(
             session=self.session,