import backend repository

backend/.coveragerc

@@ -0,0 +1,6 @@
+[run]
+source = tracim
+omit = tracim/test*
+
+[report]
+omit = tests/*

backend/.gitignore

@@ -0,0 +1,67 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+eggs/
+#lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.cache
+nosetests.xml
+coverage.xml
+.pytest_cache
+
+# Mr Developer
+.mr.developer.cfg
+.project
+.pydevproject
+
+# Rope
+.ropeproject
+
+# Django stuff:
+*.log
+*.pot
+
+# Sphinx documentation
+docs/_build/
+
+# Vim and dev tools
+*.swp
+.idea
+
+# Site-local config file
+development.ini
+track.js
+wsgidav.conf
+# Temporary files
+*~
+*.sqlite
+*.lock
+depot/
+
+# binary translation files
+*.mo
+.mypy_cache/

backend/.travis.yml

@@ -0,0 +1,32 @@
+sudo: false
+language: python
+python:
+  - "3.4"
+  - "3.5"
+  - "3.6"
+
+addons:
+  apt:
+    packages:
+    - libreoffice
+    - imagemagick
+    - libmagickwand-dev
+    - ghostscript
+services:
+  - docker
+  - redis-server
+
+before_install:
+  - docker pull mailhog/mailhog
+  - docker run -d -p 1025:1025 -p 8025:8025 mailhog/mailhog
+install:
+  - pip install --upgrade pip setuptools
+  - pip install -e ".[testing]"
+  - pip install pytest-cov
+  - pip install python-coveralls
+
+script:
+ - py.test --cov tracim
+
+after_success:
+  - coveralls

backend/CHANGES.txt

@@ -0,0 +1,4 @@
+1.9.1
+---
+
+- Begin Pyramid Project for Tracim v2 : Prototype step

backend/MANIFEST.in

@@ -0,0 +1,2 @@
+include *.txt *.ini *.cfg *.rst
+recursive-include tracim *.ico *.png *.css *.gif *.jpg *.pt *.txt *.mak *.mako *.js *.html *.xml *.jinja2

backend/README.md

@@ -0,0 +1,174 @@
+[![Build Status](https://travis-ci.org/tracim/tracim_backend.svg?branch=master)](https://travis-ci.org/tracim/tracim_backend)
+[![Coverage Status](https://coveralls.io/repos/github/tracim/tracim_backend/badge.svg?branch=master)](https://coveralls.io/github/tracim/tracim_backend?branch=master)
+[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/tracim/tracim_backend/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/tracim/tracim_backend/?branch=master)
+
+tracim_backend
+==============
+
+This code is "work in progress". Not usable at all for production.
+
+Backend source code of tracim v2, using Pyramid Framework.
+
+Installation
+---------------
+
+### Distribution dependencies ###
+
+on Debian Stretch (9) with sudo:
+
+    sudo apt update
+    sudo apt install git
+    sudo apt install python3 python3-venv python3-dev python3-pip
+    sudo apt install redis-server
+    sudo apt install zlib1g-dev libjpeg-dev
+    sudo apt install imagemagick libmagickwand-dev ghostscript
+
+for better preview support:
+
+    sudo apt install libreoffice # most office documents file and text format
+    sudo apt install inkscape # for .svg files.
+
+### Get the source ###
+
+get source from github:
+
+    git clone https://github.com/tracim/tracim_backend.git
+
+go to *tracim_backend* directory:
+
+    cd tracim_backend
+
+### Setup Python Virtualenv ###
+
+Create a Python virtual environment:
+
+    python3 -m venv env
+
+Activate it in your terminal session (**all tracim command execution must be executed under this virtual environment**):
+
+    source env/bin/activate
+
+Upgrade packaging tools:
+
+    pip install --upgrade pip setuptools
+
+Install the project in editable mode with its testing requirements :
+
+    pip install -e ".[testing]"
+
+If you want to use postgresql, mysql or other databases
+than the default one: sqlite, you need to install python driver for those databases
+that are supported by sqlalchemy.
+
+For postgreSQL and mySQL, those are shortcuts to install Tracim with test and
+specific driver.
+
+For PostgreSQL:
+
+    pip install -e ".[testing,postgresql]"
+
+For mySQL:
+
+    pip install -e ".[testing,mysql]"
+
+### Configure Tracim_backend ###
+
+Create [configuration file](doc/setting.md) for a development environment:
+
+    cp development.ini.sample development.ini
+
+Initialize the database using [tracimcli](doc/cli.md) tool
+
+    tracimcli db init
+
+create wsgidav configuration file for webdav:
+
+    cp wsgidav.conf.sample wsgidav.conf
+
+## Run Tracim_backend ##
+
+### With Uwsgi ###
+
+Run all services with uwsgi
+
+    # install uwsgi with pip ( unneeded if you already have uwsgi with python3 plugin enabled)
+    sudo pip3 install uwsgi
+    # set tracim_conf_file path
+    export TRACIM_CONF_PATH="$(pwd)/development.ini"
+    export TRACIM_WEBDAV_CONF_PATH="$(pwd)/wsgidav.conf"
+    # pyramid webserver
+    uwsgi -d /tmp/tracim_web.log --http-socket :6543 --wsgi-file wsgi/web.py -H env --pidfile /tmp/tracim_web.pid
+    # webdav wsgidav server
+    uwsgi -d /tmp/tracim_webdav.log --http-socket :3030 --wsgi-file wsgi/webdav.py -H env --pidfile /tmp/tracim_webdav.pid
+
+to stop them:
+
+    # pyramid webserver
+    uwsgi --stop /tmp/tracim_web.pid
+    # webdav wsgidav server
+    uwsgi --stop /tmp/tracim_webdav.pid
+
+### With Waitress (legacy way, usefull for debug) ###
+
+run tracim_backend web api:
+
+    pserve development.ini
+
+run wsgidav server:
+
+    tracimcli webdav start
+
+
+## Run Tests and others checks ##
+
+### Run Tests ###
+
+Before running some functional test related to email, you need a local working *MailHog*
+see here : https://github.com/mailhog/MailHog
+
+You can run it this way with docker :
+
+    docker pull mailhog/mailhog
+    docker run -d -p 1025:1025 -p 8025:8025 mailhog/mailhog
+
+Run your project's tests:
+
+    pytest
+
+### Lints and others checks ###
+
+Run mypy checks:
+
+    mypy --ignore-missing-imports --disallow-untyped-defs tracim
+
+Run pep8 checks:
+
+    pep8 tracim
+
+Tracim API
+----------
+
+Tracim_backend give access to a REST API in */api/v2*.
+This API is auto-documented with [Hapic](https://github.com/algoo/hapic).
+The specification is accessible when you run Tracim, go to */api/v2/doc* .
+
+For example, with default config:
+
+    # run tracim
+    pserve development.ini
+    # launch your favorite web-browser
+    firefox http://localhost:6543/api/v2/doc/
+
+## Roles, profile and access rights
+
+In Tracim, only some user can access to some informations, this is also true in
+Tracim REST API. you can check the [roles documentation](doc/roles.md) to check
+what a specific user can do.
+
+
+CI
+---
+
+* Code quality: https://scrutinizer-ci.com/g/tracim/tracim_backend/
+* Test validation: https://travis-ci.org/tracim/tracim_backend
+* Code coverage: https://coveralls.io/github/tracim/tracim_backend

backend/development.ini.sample

@@ -0,0 +1,278 @@
+###
+# app configuration
+# https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html
+###
+[pipeline:main]
+pipeline = tracim_web
+[app:tracim_web]
+use = egg:tracim_backend
+
+pyramid.reload_templates = true
+pyramid.debug_authorization = false
+pyramid.debug_notfound = false
+pyramid.debug_routematch = false
+pyramid.default_locale_name = en
+pyramid.includes =
+    pyramid_debugtoolbar
+
+[pipeline:webdav]
+pipeline = tracim_webdav
+[app:tracim_webdav]
+use = egg:tracim_backend#webdav
+
+[DEFAULT]
+sqlalchemy.url = sqlite:///%(here)s/tracim.sqlite
+
+retry.attempts = 3
+
+# By default, the toolbar only appears for clients from IP addresses
+# '127.0.0.1' and '::1'.
+# debugtoolbar.hosts = 127.0.0.1 ::1
+
+###
+# TRACIM SPECIFIC CONF
+###
+
+### Global
+
+cache_dir = %(here)s/data
+# preview generator cache directory
+preview_cache_dir = /tmp/tracim/preview/
+# file depot storage
+depot_storage_name = tracim
+depot_storage_dir = %(here)s/depot/
+
+# The following parameters allow to personalize the home page
+# They are html ready (you can put html tags they will be interpreted)
+website.title = TRACIM
+website.title.color = #555
+website.home.subtitle = Default login: email: admin@admin.admin (password: admin@admin.admin)
+website.home.tag_line = <div class="text-center" style="font-weight: bold;">Collaboration, versionning and traceability</div>
+website.home.below_login_form = in case of problem, please contact the administrator.
+# Values may be 'all' or 'folders'
+website.treeview.content = all
+# The following base_url is used for links and icons
+# integrated in the email notifcations
+website.base_url = http://127.0.0.1:8080
+# If config not provided, it will be extracted from website.base_url
+website.server_name = 127.0.0.1
+
+# Specifies if the update of comments and attached files is allowed (by the owner only).
+# Examples:
+#    600 means 10 minutes (ie 600 seconds)
+#   3600 means 1 hour (60x60 seconds)
+#
+# Allowed values:
+#  -1 means that content update is allowed for ever
+#   0 means that content update is not allowed
+#   x means that content update is allowed for x seconds (with x>0)
+content.update.allowed.duration = 3600
+
+# Auth type (internal or ldap)
+auth_type = internal
+# If auth_type is ldap, uncomment following ldap_* parameters
+# LDAP server address
+# ldap_url = ldap://localhost:389
+# Base dn to make queries
+# ldap_base_dn = dc=directory,dc=fsf,dc=org
+# Bind dn to identify the search
+# ldap_bind_dn = cn=admin,dc=directory,dc=fsf,dc=org
+# The bind password
+# ldap_bind_pass = toor
+# Attribute name of user record who contain user login (email)
+# ldap_ldap_naming_attribute = uid
+# Matching between ldap attribute and ldap user field (ldap_attr1=user_field1,ldap_attr2=user_field2,...)
+# ldap_user_attributes = mail=email
+# TLS usage to communicate with your LDAP server
+# ldap_tls = False
+# If True, LDAP own tracim group managment (not available for now!)
+# ldap_group_enabled = False
+# User auth token validity in seconds (used to interfaces like web calendars)
+user.auth_token.validity = 604800
+
+### Mail
+
+# Reset password through email related configuration.
+# These emails will be sent through SMTP
+#
+resetpassword.email_sender = email@sender.com
+resetpassword.smtp_host = smtp.sender
+resetpassword.smtp_port = 25
+resetpassword.smtp_login = smtp.login
+resetpassword.smtp_passwd = smtp.password
+
+email.notification.activated = False
+# email.notification.log_file_path = /tmp/mail-notifications.log
+# email notifications can be sent with the user_id added as an identifier
+# this way email clients like Thunderbird will be able to distinguish
+# notifications generated by a user or another one
+email.notification.from.email = noreply+{user_id}@trac.im
+email.notification.from.default_label = Tracim Notifications
+email.notification.reply_to.email = reply+{content_id}@trac.im
+email.notification.references.email = thread+{content_id}@trac.im
+email.notification.content_update.template.html = %(here)s/tracim/templates/mail/content_update_body_html.mak
+email.notification.content_update.template.text = %(here)s/tracim/templates/mail/content_update_body_text.mak
+email.notification.created_account.template.html = %(here)s/tracim/templates/mail/created_account_body_html.mak
+email.notification.created_account.template.text = %(here)s/tracim/templates/mail/created_account_body_text.mak
+# Note: items between { and } are variable names. Do not remove / rename them
+email.notification.content_update.subject = [{website_title}] [{workspace_label}] {content_label} ({content_status_label})
+email.notification.created_account.subject = [{website_title}] Created account
+# processing_mode may be sync or async
+email.notification.processing_mode = sync
+email.notification.smtp.server = your_smtp_server
+email.notification.smtp.port = 25
+email.notification.smtp.user = your_smtp_user
+email.notification.smtp.password = your_smtp_password
+
+## Email sending configuration
+# processing_mode may be sync or async,
+# with async, please configure redis below
+email.processing_mode = sync
+# email.async.redis.host = localhost
+# email.async.redis.port = 6379
+# email.async.redis.db = 0
+
+# Email reply configuration
+email.reply.activated = False
+email.reply.imap.server = your_imap_server
+email.reply.imap.port = 993
+email.reply.imap.user = your_imap_user
+email.reply.imap.password = your_imap_password
+email.reply.imap.folder = INBOX
+email.reply.imap.use_ssl = true
+email.reply.imap.use_idle = true
+# Re-new connection each 10 minutes
+email.reply.connection.max_lifetime = 600
+# Token for communication between mail fetcher and tracim controller
+email.reply.token = mysecuretoken
+# Delay in seconds between each check
+email.reply.check.heartbeat = 60
+email.reply.use_html_parsing = true
+email.reply.use_txt_parsing = true
+# Lockfile path is required for email_reply feature,
+# it's just an empty file use to prevent concurrent access to imap unseen mail
+email.reply.lockfile_path = %(here)s/email_fetcher.lock
+
+### Radical (CalDav server) configuration
+
+# radicale.server.host = 0.0.0.0
+# radicale.server.port = 5232
+# radicale.server.ssl = false
+radicale.server.filesystem.folder = %(here)s/radicale/collections/
+# radicale.server.allow_origin = *
+# radicale.server.realm_message = Tracim Calendar - Password Required
+## url can be extended like http://127.0.0.1:5232/calendar
+## in this case, you have to create your own proxy behind this url.
+## and update following parameters
+# radicale.client.base_url.host = http://127.0.0.1:5232
+# radicale.client.base_url.prefix = /
+
+### WSGIDAV
+
+wsgidav.config_path = %(here)s/wsgidav.conf
+## url can be extended like 127.0.0.1/webdav
+## in this case, you have to create your own proxy behind this url.
+## Do not set http:// prefix.
+# wsgidav.client.base_url = 127.0.0.1:<WSGIDAV_PORT>
+
+### Preview
+## You can parametrized allowed jpg preview dimension list, if not set, default
+## is 256x256. First {width}x{length} items is default preview dimensions.
+## all items should be separated by ',' and you should be really careful to do
+## set anything else than '{int}x{int}' item and ', ' separator
+# preview.jpg.allowed_dims = 256x256,1000x1000
+## Preview dimensions can be set as restricted, if set as restricted, access
+## endpoint to  to get any other preview dimensions than allowed_dims will
+## return error
+# preview.jpg.restricted_dims = True
+
+###
+# wsgi server configuration
+###
+
+[server:main]
+use = egg:waitress#main
+listen = localhost:6543
+
+[alembic]
+# path to migration scripts
+script_location = tracim/migration
+
+# template used to generate migration files
+# file_template = %%(rev)s_%%(slug)s
+
+# timezone to use when rendering the date
+# within the migration file as well as the filename.
+# string value is passed to dateutil.tz.gettz()
+# leave blank for localtime
+# timezone =
+
+# max length of characters to apply to the
+# "slug" field
+#truncate_slug_length = 40
+
+# set to 'true' to run the environment during
+# the 'revision' command, regardless of autogenerate
+# revision_environment = false
+
+# set to 'true' to allow .pyc and .pyo files without
+# a source .py file to be detected as revisions in the
+# versions/ directory
+# sourceless = false
+
+# version location specification; this defaults
+# to migrate/versions.  When using multiple version
+# directories, initial revisions must be specified with --version-path
+# version_locations = %(here)s/bar %(here)s/bat migrate/versions
+
+# the output encoding used when revision files
+# are written from script.py.mako
+# output_encoding = utf-8
+
+sqlalchemy.url = sqlite:///%(here)s/tracim.sqlite
+
+###
+# logging configuration
+# https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/logging.html
+###
+
+[loggers]
+keys = root, tracim, sqlalchemy, alembic
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = INFO
+handlers = console
+
+[logger_tracim]
+level = DEBUG
+handlers =
+qualname = tracim
+
+[logger_sqlalchemy]
+level = INFO
+handlers =
+qualname = sqlalchemy.engine
+# "level = INFO" logs SQL queries.
+# "level = DEBUG" logs SQL queries and results.
+# "level = WARN" logs neither.  (Recommended for production systems.)
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(asctime)s %(levelname)-5.5s [%(name)s:%(lineno)s][%(threadName)s] %(message)s
+datefmt = %H:%M:%S

backend/doc/cli.md

@@ -0,0 +1,56 @@
+# TracimCli #
+
+Tracim has a build-in command line tool.
+
+## Introduction ##
+
+This document is intended to developers or sysadmin.
+
+In order to use the `tracimcli` commands, go to the root of the project and
+and active the Tracim virtualenv:
+
+    user@host:~/tracim_backend$ source env/bin/activate
+    (env) user@host:~/tracim_backend$
+
+## Database ##
+
+### Create database
+
+    tracimcli db init
+
+### Create database with some default test data (many users, workspaces, etc…)
+
+    tracimcli db init --test-data
+
+### Delete database /!\
+
+This will drop all your database, be carefull !
+
+    tracimcli db delete --force
+
+## User ##
+   
+### add a user
+
+    tracimcli user create -l "john@john@john.john" -p "superpassword"
+
+### update user password
+
+    tracimcli user update -l "john@john@john.john" -p "mynewsuperpassword"
+
+### Help
+
+    tracim user create -h
+    tracim user update -h
+ 
+## Help ##
+
+    tracimcli -h
+    
+## Run services ##
+
+### Webdav wsgidav server ###
+
+    tracimcli webdav start
+
+

backend/doc/devtools.md

@@ -0,0 +1,28 @@
+# Devtools
+
+# Check third party licences
+
+Install `yolk3k` pip package:
+
+    pip install yolk3k
+
+Then execute command:
+
+    yolk -l -f license
+
+Output will look like:
+
+```
+PyYAML (3.12) !
+    License: MIT
+
+Pygments (2.2.0) !
+    License: BSD License
+
+SQLAlchemy (1.2.5) !
+    License: MIT License
+
+Unidecode (1.0.22) !
+    License: GPL
+...
+```

backend/doc/migration.md

@@ -0,0 +1,36 @@
+# Performing migrations #
+
+## Introduction ##
+
+This document is intended to developers.
+
+Migrations on `Tracim` lays on [`alembic`](http://alembic.zzzcomputing.com/en/latest/index.html) which is the migration tool dedicated to `SQLAlchemy`.
+
+In order to use the `tracimcli` commands, go to the root of the project and
+and active the Tracim virtualenv:
+
+    user@host:~/tracim_backend$ source env/bin/activate
+    (env) user@host:~/tracim_backend$
+
+## Migration howto - Overview ##
+   
+### Upgrading schema to last revision ###
+
+    alembic -c development.ini upgrade head
+
+### Downgrading schema ###
+
+    alembic -c development.ini downgrade -1
+
+## Migration howto - Advanced (for developers) ##
+
+### Retrieving schema current version ###
+
+    alembic -c development.ini current
+
+### Creating new schema migration ###
+
+This creates a new auto-generated python migration file 
+in `tracim/migration/versions/` ending by `migration_label.py`:
+
+    alembic -c development.ini revision --autogenerate -m "migration label"

backend/doc/roles.md

@@ -0,0 +1,50 @@
+# Introduction
+
+In Tracim, you have 2 system of "roles".
+
+One is global to whole tracim instance and is called "global profile" (Groups).
+The other is workspace related and is called "workspace role".
+
+## Global profile
+
+
+|                               | Normal User | Managers    | Admin   |
+|-------------------------------|-------------|-------------|---------|
+| participate to workspaces     |  yes        | yes         | yes     |
+| access to tracim apps         |  yes        | yes         | yes     |
+|-------------------------------|-------------|-------------|---------|
+| create workspace              |  no         | yes         | yes     |
+| invite user to tracim         |  no         | yes, if manager of a given workspace         | yes     |
+|-------------------------------|-------------|-------------|---------|
+| set user global profile rights|  no         | no          | yes     |
+| deactivate user               |  no         | no          | yes     |
+|-------------------------------|-------------|-------------|---------|
+| access to all user data (/users/{user_id} endpoints) |personal-only|personal-only| yes     |
+
+
+## Workspace Roles
+
+
+|                              | Reader | Contributor | Content Manager | Workspace Manager |
+|------------------------------|--------|-------------|-----------------|-------------------|
+| read content                 |  yes   | yes         | yes             | yes               |
+|------------------------------|--------|-------------|-----------------|-------------------|
+| create content               |  no    | yes         | yes             | yes               |
+| edit content                 |  no    | yes         | yes             | yes               |
+| copy content                 |  no    | yes         | yes             | yes               |
+| comments content             |  no    | yes         | yes             | yes               |
+| update content status        |  no    | yes         | yes             | yes               |
+-------------------------------|--------|-------------|-----------------|-------------------|
+| move content                 |  no    | no          | yes             | yes               |
+| archive content              |  no    | no          | yes             | yes               |
+| delete content               |  no    | no          | yes             | yes               |
+|------------------------------|--------|-------------|-----------------|-------------------|
+| edit workspace               |  no    | no          | no              | yes               |
+| invite users (to workspace)  |  no    | no          | no              | yes               |
+| set user workspace role      |  no    | no          | no              | yes               |
+| revoke users (from workspace)|  no    | no          | no              | yes               |
+|------------------------------|--------|-------------|-----------------|-------------------|
+| modify comments              |  no    | owner       | owner             | yes             |
+| delete comments              |  no    | owner       | owner             | yes             |
+ 
+ 

backend/doc/setting.md

@@ -0,0 +1,46 @@
+# Setting #
+
+Here is a short description of settings available in the file `development.ini`.
+
+## Listening port ##
+
+Default configuration is to listen on port 6534.
+If you want to adapt this to your environment, edit the `.ini` file and setup the port you want:
+
+    [server:main]
+    ...
+    listen = localhost:6543
+
+To allow other computer to access to this website, listen to "*" instead of localhost:
+
+    [server:main]
+    ...
+    listen = *:6534
+
+## Prod/Debug configuration ##
+
+
+To enable simple debug conf:
+
+    [app:main]
+    ...
+    pyramid.reload_templates = true
+    pyramid.debug_all = true
+    pyramid.includes =
+        pyramid_debugtoolbar
+
+production conf (no reload, no debugtoolbar):
+
+    [app:main]
+    ...
+    pyramid.reload_templates = false
+    pyramid.debug_authorization = false
+    pyramid.debug_notfound = false
+    pyramid.debug_routematch = false
+
+You can, of course, also set level of one of the different logger to have more/less log
+about something.
+
+    [logger_sqlalchemy]
+    ...
+    level = INFO

backend/production.ini

@@ -0,0 +1,65 @@
+###
+# app configuration
+# https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html
+###
+
+[app:main]
+use = egg:tracim
+
+pyramid.reload_templates = false
+pyramid.debug_authorization = false
+pyramid.debug_notfound = false
+pyramid.debug_routematch = false
+pyramid.default_locale_name = en
+
+sqlalchemy.url = sqlite:///%(here)s/tracim.sqlite
+
+retry.attempts = 3
+
+###
+# wsgi server configuration
+###
+
+[server:main]
+use = egg:waitress#main
+listen = *:6543
+
+###
+# logging configuration
+# https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/logging.html
+###
+
+[loggers]
+keys = root, tracim, sqlalchemy
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+
+[logger_tracim]
+level = WARN
+handlers =
+qualname = tracim
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+# "level = INFO" logs SQL queries.
+# "level = DEBUG" logs SQL queries and results.
+# "level = WARN" logs neither.  (Recommended for production systems.)
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(asctime)s %(levelname)-5.5s [%(name)s:%(lineno)s][%(threadName)s] %(message)s

backend/pytest.ini

@@ -0,0 +1,4 @@
+[pytest]
+minversion = 2.8
+testpaths = tracim
+addopts = -s -v

backend/requirements.txt

@@ -0,0 +1,73 @@
+alembic==0.9.9
+atomicwrites==1.1.5
+attrs==18.1.0
+Babel==2.6.0
+beautifulsoup4==4.6.0
+certifi==2018.4.16
+chardet==3.0.4
+click==6.7
+cliff==2.12.0
+cmd2==0.9.1
+colorama==0.3.9
+coverage==4.5.1
+defusedxml==0.5.0
+filedepot==0.5.2
+hapic==0.42
+hapic-apispec==0.37.0
+hupper==1.3
+idna==2.7
+Jinja2==2.10
+jsmin==2.2.2
+lxml==4.2.1
+Mako==1.0.7
+MarkupSafe==1.0
+marshmallow==2.15.3
+more-itertools==4.2.0
+multidict==4.3.1
+mypy==0.610
+PasteDeploy==1.5.2
+pbr==4.0.4
+pep8==1.7.1
+pkg-resources==0.0.0
+plaster==1.0
+plaster-pastedeploy==0.5
+pluggy==0.6.0
+prettytable==0.7.2
+psycopg2==2.7.4
+py==1.5.3
+Pygments==2.2.0
+pyparsing==2.2.0
+pyperclip==1.6.2
+pyramid==1.9.2
+pyramid-debugtoolbar==4.4
+pyramid-jinja2==2.7
+pyramid-mako==1.0.2
+pyramid-retry==0.5
+pyramid-tm==2.2
+pytest==3.6.1
+pytest-cov==2.5.1
+python-dateutil==2.7.3
+python-editor==1.0.3
+pytz==2018.4
+PyYAML==3.12
+redis==2.10.6
+repoze.lru==0.7
+requests==2.19.1
+rq==0.11.0
+six==1.11.0
+SQLAlchemy==1.2.8
+stevedore==1.28.0
+transaction==2.2.1
+translationstring==1.3
+typed-ast==1.1.0
+Unidecode==1.0.22
+urllib3==1.23
+venusian==1.1.0
+waitress==1.1.0
+wcwidth==0.1.7
+WebOb==1.8.2
+WebTest==2.0.29
+WsgiDAV==2.4.0
+zope.deprecation==4.3.0
+zope.interface==4.5.0
+zope.sqlalchemy==1.0

backend/setup.py

@@ -0,0 +1,116 @@
+import os
+
+import sys
+from setuptools import setup, find_packages
+
+here = os.path.abspath(os.path.dirname(__file__))
+with open(os.path.join(here, 'README.md')) as f:
+    README = f.read()
+with open(os.path.join(here, 'CHANGES.txt')) as f:
+    CHANGES = f.read()
+
+requires = [
+    # pyramid
+    'plaster_pastedeploy',
+    'pyramid >= 1.9a',
+    'pyramid_debugtoolbar',
+    'pyramid_jinja2',
+    'pyramid_retry',
+    'waitress',
+    # Database
+    'pyramid_tm',
+    'SQLAlchemy',
+    'transaction',
+    'zope.sqlalchemy',
+    'alembic',
+    # API
+    'hapic>=0.41',
+    'marshmallow <3.0.0a1,>2.0.0',
+    # CLI
+    'cliff',
+    # Webdav
+    'wsgidav',
+    'PyYAML',
+    # others
+    'filedepot',
+    'babel',
+    'python-slugify',
+    'preview-generator',
+    # mail-notifier
+    'mako',
+    'lxml',
+    'redis',
+    'rq',
+]
+
+tests_require = [
+    'WebTest >= 1.3.1',  # py3 compat
+    'pytest',
+    'pytest-cov',
+    'pep8',
+    'mypy',
+    'requests',
+    'Pillow'
+]
+
+mysql_require = [
+    'PyMySQL'
+]
+
+postgresql_require = [
+    'psycopg2',
+]
+# Python version adaptations
+if sys.version_info < (3, 5):
+    requires.append('typing')
+
+
+setup(
+    name='tracim_backend',
+    version='1.9.1',
+    description='Rest API (Back-end) of Tracim v2',
+    long_description=README + '\n\n' + CHANGES,
+    classifiers=[
+        'Development Status :: 2 - Pre-Alpha',
+        'Programming Language :: Python',
+        "Programming Language :: Python :: 3.4",
+        "Programming Language :: Python :: 3.5",
+        "Programming Language :: Python :: 3.6",
+        'Framework :: Pyramid',
+        'Topic :: Internet :: WWW/HTTP',
+        'Topic :: Internet :: WWW/HTTP :: WSGI :: Application',
+        'Topic :: Communications :: File Sharing',
+        'Topic :: Communications',
+        'License :: OSI Approved :: MIT License',
+    ],
+    author='',
+    author_email='',
+    url='https://github.com/tracim/tracim_backend',
+    keywords='web pyramid tracim ',
+    packages=find_packages(),
+    include_package_data=True,
+    zip_safe=False,
+    extras_require={
+        'testing': tests_require,
+        'mysql': mysql_require,
+        'postgresql': postgresql_require,
+    },
+    install_requires=requires,
+    entry_points={
+        'paste.app_factory': [
+            'main = tracim:web',
+            'webdav = tracim:webdav'
+        ],
+        'console_scripts': [
+            'tracimcli = tracim.command:main',
+        ],
+        'tracimcli': [
+            'test = tracim.command:TestTracimCommand',
+            'user_create = tracim.command.user:CreateUserCommand',
+            'user_update = tracim.command.user:UpdateUserCommand',
+            'db_init = tracim.command.database:InitializeDBCommand',
+            'db_delete = tracim.command.database:DeleteDBCommand',
+            'webdav start = tracim.command.webdav:WebdavRunnerCommand',
+        ]
+    },
+)

backend/tests_configs.ini

@@ -0,0 +1,65 @@
+[base_test]
+sqlalchemy.url = sqlite:///:memory:
+depot_storage_name = test
+depot_storage_dir = /tmp/test/depot
+user.auth_token.validity = 604800
+preview_cache_dir = /tmp/test/preview_cache
+
+[app:command_test]
+use = egg:tracim_backend
+sqlalchemy.url = sqlite:///tracim_test.sqlite
+depot_storage_name = test
+depot_storage_dir = /tmp/test/depot
+user.auth_token.validity = 604800
+preview_cache_dir = /tmp/test/preview_cache
+
+[mail_test]
+sqlalchemy.url = sqlite:///:memory:
+depot_storage_name = test
+depot_storage_dir = /tmp/test/depot
+user.auth_token.validity = 604800
+preview_cache_dir = /tmp/test/preview_cache
+email.notification.activated = true
+email.notification.from.email = test_user_from+{user_id}@localhost
+email.notification.from.default_label = Tracim Notifications
+email.notification.reply_to.email = test_user_reply+{content_id}@localhost
+email.notification.references.email = test_user_refs+{content_id}@localhost
+email.notification.content_update.template.html = %(here)s/tracim/templates/mail/content_update_body_html.mak
+email.notification.content_update.template.text = %(here)s/tracim/templates/mail/content_update_body_text.mak
+email.notification.created_account.template.html = %(here)s/tracim/templates/mail/created_account_body_html.mak
+email.notification.created_account.template.text = %(here)s/tracim/templates/mail/created_account_body_text.mak
+# Note: items between { and } are variable names. Do not remove / rename them
+email.notification.content_update.subject = [{website_title}] [{workspace_label}] {content_label} ({content_status_label})
+email.notification.created_account.subject = [{website_title}] Created account
+# processing_mode may be sync or async
+email.notification.processing_mode = sync
+email.notification.smtp.server = 127.0.0.1
+email.notification.smtp.port = 1025
+email.notification.smtp.user = test_user
+email.notification.smtp.password = just_a_password
+
+[mail_test_async]
+sqlalchemy.url = sqlite:///:memory:
+depot_storage_name = test
+depot_storage_dir = /tmp/test/depot
+user.auth_token.validity = 604800
+preview_cache_dir = /tmp/test/preview_cache
+email.notification.activated = true
+email.notification.from.email = test_user_from+{user_id}@localhost
+email.notification.from.default_label = Tracim Notifications
+email.notification.reply_to.email = test_user_reply+{content_id}@localhost
+email.notification.references.email = test_user_refs+{content_id}@localhost
+email.notification.content_update.template.html = %(here)s/tracim/templates/mail/content_update_body_html.mak
+email.notification.content_update.template.text = %(here)s/tracim/templates/mail/content_update_body_text.mak
+email.notification.created_account.template.html = %(here)s/tracim/templates/mail/created_account_body_html.mak
+email.notification.created_account.template.text = %(here)s/tracim/templates/mail/created_account_body_text.mak
+# Note: items between { and } are variable names. Do not remove / rename them
+email.notification.content_update.subject = [{website_title}] [{workspace_label}] {content_label} ({content_status_label})
+email.notification.created_account.subject = [{website_title}] Created account
+# processing_mode may be sync or async
+email.notification.processing_mode = sync
+email.processing_mode = async
+email.notification.smtp.server = 127.0.0.1
+email.notification.smtp.port = 1025
+email.notification.smtp.user = test_user
+email.notification.smtp.password = just_a_password

backend/tracim/__init__.py

@@ -0,0 +1,141 @@
+# -*- coding: utf-8 -*-
+
+
+try:  # Python 3.5+
+    from http import HTTPStatus
+except ImportError:
+    from http import client as HTTPStatus
+
+from pyramid.config import Configurator
+from pyramid.authentication import BasicAuthAuthenticationPolicy
+from hapic.ext.pyramid import PyramidContext
+from pyramid.exceptions import NotFound
+from sqlalchemy.exc import OperationalError
+
+from tracim.extensions import hapic
+from tracim.config import CFG
+from tracim.lib.utils.request import TracimRequest
+from tracim.lib.utils.authentification import basic_auth_check_credentials
+from tracim.lib.utils.authentification import BASIC_AUTH_WEBUI_REALM
+from tracim.lib.utils.authorization import AcceptAllAuthorizationPolicy
+from tracim.lib.utils.authorization import TRACIM_DEFAULT_PERM
+from tracim.lib.utils.cors import add_cors_support
+from tracim.lib.webdav import WebdavAppFactory
+from tracim.views import BASE_API_V2
+from tracim.views.contents_api.html_document_controller import HTMLDocumentController  # nopep8
+from tracim.views.contents_api.threads_controller import ThreadController
+from tracim.views.core_api.session_controller import SessionController
+from tracim.views.core_api.system_controller import SystemController
+from tracim.views.core_api.user_controller import UserController
+from tracim.views.core_api.workspace_controller import WorkspaceController
+from tracim.views.contents_api.comment_controller import CommentController
+from tracim.views.contents_api.file_controller import FileController
+from tracim.views.errors import ErrorSchema
+from tracim.exceptions import NotAuthenticated
+from tracim.exceptions import UserNotActive
+from tracim.exceptions import InvalidId
+from tracim.exceptions import InsufficientUserProfile
+from tracim.exceptions import InsufficientUserRoleInWorkspace
+from tracim.exceptions import WorkspaceNotFoundInTracimRequest
+from tracim.exceptions import UserNotFoundInTracimRequest
+from tracim.exceptions import ContentNotFoundInTracimRequest
+from tracim.exceptions import WorkspaceNotFound
+from tracim.exceptions import ContentNotFound
+from tracim.exceptions import UserDoesNotExist
+from tracim.exceptions import AuthenticationFailed
+from tracim.exceptions import ContentTypeNotAllowed
+
+
+def web(global_config, **local_settings):
+    """ This function returns a Pyramid WSGI application.
+    """
+    settings = global_config
+    settings.update(local_settings)
+    # set CFG object
+    app_config = CFG(settings)
+    app_config.configure_filedepot()
+    settings['CFG'] = app_config
+    configurator = Configurator(settings=settings, autocommit=True)
+    # Add BasicAuthPolicy
+    authn_policy = BasicAuthAuthenticationPolicy(
+        basic_auth_check_credentials,
+        realm=BASIC_AUTH_WEBUI_REALM,
+    )
+    configurator.include(add_cors_support)
+    # make sure to add this before other routes to intercept OPTIONS
+    configurator.add_cors_preflight_handler()
+    # Default authorization : Accept anything.
+    configurator.set_authorization_policy(AcceptAllAuthorizationPolicy())
+    configurator.set_authentication_policy(authn_policy)
+    # INFO - GM - 11-04-2018 - set default perm
+    # setting default perm is needed to force authentification
+    # mecanism in all views.
+    configurator.set_default_permission(TRACIM_DEFAULT_PERM)
+    # Override default request
+    configurator.set_request_factory(TracimRequest)
+    # Pyramids "plugin" include.
+    configurator.include('pyramid_jinja2')
+    # Add SqlAlchemy DB
+    configurator.include('.models')
+    # set Hapic
+    context = PyramidContext(
+        configurator=configurator,
+        default_error_builder=ErrorSchema(),
+        debug=app_config.DEBUG,
+    )
+    hapic.set_context(context)
+    # INFO - G.M - 2018-07-04 - global-context exceptions
+    # Not found
+    context.handle_exception(NotFound, HTTPStatus.NOT_FOUND)
+    # Bad request
+    context.handle_exception(WorkspaceNotFoundInTracimRequest, HTTPStatus.BAD_REQUEST)  # nopep8
+    context.handle_exception(UserNotFoundInTracimRequest, HTTPStatus.BAD_REQUEST)  # nopep8
+    context.handle_exception(ContentNotFoundInTracimRequest, HTTPStatus.BAD_REQUEST)  # nopep8
+    context.handle_exception(WorkspaceNotFound, HTTPStatus.BAD_REQUEST)
+    context.handle_exception(UserDoesNotExist, HTTPStatus.BAD_REQUEST)
+    context.handle_exception(ContentNotFound, HTTPStatus.BAD_REQUEST)
+    context.handle_exception(ContentTypeNotAllowed, HTTPStatus.BAD_REQUEST)
+    context.handle_exception(InvalidId, HTTPStatus.BAD_REQUEST)
+    # Auth exception
+    context.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    context.handle_exception(UserNotActive, HTTPStatus.FORBIDDEN)
+    context.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
+    context.handle_exception(InsufficientUserRoleInWorkspace, HTTPStatus.FORBIDDEN)  # nopep8
+    context.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
+    # Internal server error
+    context.handle_exception(OperationalError, HTTPStatus.INTERNAL_SERVER_ERROR)
+    context.handle_exception(Exception, HTTPStatus.INTERNAL_SERVER_ERROR)
+
+    # Add controllers
+    session_controller = SessionController()
+    system_controller = SystemController()
+    user_controller = UserController()
+    workspace_controller = WorkspaceController()
+    comment_controller = CommentController()
+    html_document_controller = HTMLDocumentController()
+    thread_controller = ThreadController()
+    file_controller = FileController()
+    configurator.include(session_controller.bind, route_prefix=BASE_API_V2)
+    configurator.include(system_controller.bind, route_prefix=BASE_API_V2)
+    configurator.include(user_controller.bind, route_prefix=BASE_API_V2)
+    configurator.include(workspace_controller.bind, route_prefix=BASE_API_V2)
+    configurator.include(comment_controller.bind, route_prefix=BASE_API_V2)
+    configurator.include(html_document_controller.bind, route_prefix=BASE_API_V2)  # nopep8
+    configurator.include(thread_controller.bind, route_prefix=BASE_API_V2)
+    configurator.include(file_controller.bind, route_prefix=BASE_API_V2)
+
+    hapic.add_documentation_view(
+        '/api/v2/doc',
+        'Tracim v2 API',
+        'API of Tracim v2',
+    )
+    return configurator.make_wsgi_app()
+
+
+def webdav(global_config, **local_settings):
+    settings = global_config
+    settings.update(local_settings)
+    app_factory = WebdavAppFactory(
+        tracim_config_file_path=settings['__file__'],
+    )
+    return app_factory.get_wsgi_app()

backend/tracim/command/__init__.py

@@ -0,0 +1,97 @@
+# -*- coding: utf-8 -*-
+import sys
+import argparse
+import transaction
+
+from cliff.app import App
+from cliff.command import Command
+from cliff.commandmanager import CommandManager
+
+from pyramid.paster import bootstrap
+from pyramid.scripting import AppEnvironment
+from tracim.exceptions import BadCommandError
+from tracim.lib.utils.utils import DEFAULT_TRACIM_CONFIG_FILE
+
+
+class TracimCLI(App):
+    def __init__(self) -> None:
+        super(TracimCLI, self).__init__(
+            description='TracimCli',
+            version='0.1',
+            command_manager=CommandManager('tracimcli'),
+            deferred_help=True,
+            )
+
+    def initialize_app(self, argv) -> None:
+        self.LOG.debug('initialize_app')
+
+    def prepare_to_run_command(self, cmd) -> None:
+        self.LOG.debug('prepare_to_run_command %s', cmd.__class__.__name__)
+
+    def clean_up(self, cmd, result, err) -> None:
+        self.LOG.debug('clean_up %s', cmd.__class__.__name__)
+        if err:
+            self.LOG.debug('got an error: %s', err)
+
+
+def main(argv=sys.argv[1:]):
+    myapp = TracimCLI()
+    return myapp.run(argv)
+
+
+if __name__ == "__main__":
+    main()
+
+
+class AppContextCommand(Command):
+    """
+    Command who initialize app context at beginning of take_action method.
+    """
+    auto_setup_context = True
+
+    def take_action(self, parsed_args: argparse.Namespace) -> None:
+        super(AppContextCommand, self).take_action(parsed_args)
+        if self.auto_setup_context:
+            with bootstrap(parsed_args.config_file) as app_context:
+                with app_context['request'].tm:
+                    self.take_app_action(parsed_args, app_context)
+
+
+    def get_parser(self, prog_name: str) -> argparse.ArgumentParser:
+        parser = super(AppContextCommand, self).get_parser(prog_name)
+
+        parser.add_argument(
+            "-c",
+            "--config",
+            help='application config file to read (default: {})'.format(
+                DEFAULT_TRACIM_CONFIG_FILE
+            ),
+            dest='config_file',
+            default=DEFAULT_TRACIM_CONFIG_FILE,
+        )
+        return parser
+
+    # def run(self, parsed_args):
+    #     super().run(parsed_args)
+    #     transaction.commit()
+
+
+class Extender(argparse.Action):
+    """
+    Copied class from http://stackoverflow.com/a/12461237/801924
+    """
+    def __call__(self, parser, namespace, values, option_strings=None):
+        # Need None here incase `argparse.SUPPRESS` was supplied for `dest`
+        dest = getattr(namespace, self.dest, None)
+        # print dest,self.default,values,option_strings
+        if not hasattr(dest, 'extend') or dest == self.default:
+            dest = []
+            setattr(namespace, self.dest, dest)
+            # if default isn't set to None, this method might be called
+            # with the default as `values` for other arguements which
+            # share this destination.
+            parser.set_defaults(**{self.dest: None})
+        try:
+            dest.extend(values)
+        except ValueError:
+            dest.append(values)

backend/tracim/command/database.py

@@ -0,0 +1,137 @@
+# -*- coding: utf-8 -*-
+import argparse
+
+import plaster_pastedeploy
+import transaction
+from depot.manager import DepotManager
+from pyramid.paster import (
+    get_appsettings,
+    setup_logging,
+    )
+
+from tracim import CFG
+from tracim.fixtures import FixturesLoader
+from tracim.fixtures.users_and_groups import Base as BaseFixture
+from tracim.fixtures.content import Content as ContentFixture
+from sqlalchemy.exc import IntegrityError
+from tracim.command import AppContextCommand
+from tracim.models.meta import DeclarativeBase
+from tracim.models import (
+    get_engine,
+    get_session_factory,
+    get_tm_session,
+    )
+
+
+class InitializeDBCommand(AppContextCommand):
+    auto_setup_context = False
+
+    def get_description(self) -> str:
+        return "Initialize database"
+
+    def get_parser(self, prog_name: str) -> argparse.ArgumentParser:
+        parser = super().get_parser(prog_name)
+        parser.add_argument(
+            "--test-data",
+            help='Add some default data to database to make test',
+            dest='test_data',
+            required=False,
+            action='store_true',
+            default=False,
+        )
+        return parser
+
+    def take_action(self, parsed_args: argparse.Namespace) -> None:
+        super(InitializeDBCommand, self).take_action(parsed_args)
+        config_uri = parsed_args.config_file
+        setup_logging(config_uri)
+        settings = get_appsettings(config_uri)
+        # INFO - G.M - 2018-06-178 - We need to add info from [DEFAULT]
+        # section of config file in order to have both global and
+        # web app specific param.
+        settings.update(settings.global_conf)
+        self._create_schema(settings)
+        self._populate_database(settings, add_test_data=parsed_args.test_data)
+
+    @classmethod
+    def _create_schema(
+            cls,
+            settings: plaster_pastedeploy.ConfigDict
+    ) -> None:
+        print("- Create Schemas of databases -")
+        engine = get_engine(settings)
+        DeclarativeBase.metadata.create_all(engine)
+
+    @classmethod
+    def _populate_database(
+            cls,
+            settings: plaster_pastedeploy.ConfigDict,
+            add_test_data: bool
+    ) -> None:
+        engine = get_engine(settings)
+        session_factory = get_session_factory(engine)
+        app_config = CFG(settings)
+        print("- Populate database with default data -")
+        with transaction.manager:
+            dbsession = get_tm_session(session_factory, transaction.manager)
+            try:
+                fixtures = [BaseFixture]
+                fixtures_loader = FixturesLoader(dbsession, app_config)
+                fixtures_loader.loads(fixtures)
+                transaction.commit()
+                if add_test_data:
+                    app_config.configure_filedepot()
+                    fixtures = [ContentFixture]
+                    fixtures_loader.loads(fixtures)
+                transaction.commit()
+                print("Database initialized.")
+            except IntegrityError:
+                print('Warning, there was a problem when adding default data'
+                      ', it may have already been added:')
+                import traceback
+                print(traceback.format_exc())
+                transaction.abort()
+                print('Database initialization failed')
+
+
+class DeleteDBCommand(AppContextCommand):
+    auto_setup_context = False
+
+    def get_description(self) -> str:
+        return "Delete database"
+
+    def get_parser(self, prog_name: str) -> argparse.ArgumentParser:
+        parser = super().get_parser(prog_name)
+        parser.add_argument(
+            "--force",
+            help='force delete of database',
+            dest='force',
+            required=False,
+            action='store_true',
+            default=False,
+        )
+        return parser
+
+    def take_action(self, parsed_args: argparse.Namespace) -> None:
+        super(DeleteDBCommand, self).take_action(parsed_args)
+        config_uri = parsed_args.config_file
+        setup_logging(config_uri)
+        settings = get_appsettings(config_uri)
+        settings.update(settings.global_conf)
+        engine = get_engine(settings)
+        app_config = CFG(settings)
+        app_config.configure_filedepot()
+
+        if parsed_args.force:
+            print('Database deletion begin.')
+            DeclarativeBase.metadata.drop_all(engine)
+            print('Database deletion done.')
+            print('Cleaning depot begin.')
+            depot = DepotManager.get()
+            depot_files = depot.list()
+            for file_ in depot_files:
+                depot.delete(file_)
+            print('Cleaning depot done.')
+        else:
+            print('Warning, You should use --force if you really want to'
+                  ' delete database.')

backend/tracim/command/user.py

@@ -0,0 +1,254 @@
+# -*- coding: utf-8 -*-
+import argparse
+from pyramid.scripting import AppEnvironment
+import transaction
+from sqlalchemy.exc import IntegrityError
+from sqlalchemy.orm.exc import NoResultFound
+
+from tracim import CFG
+from tracim.command import AppContextCommand
+from tracim.command import Extender
+from tracim.exceptions import UserAlreadyExistError
+from tracim.exceptions import GroupDoesNotExist
+from tracim.exceptions import NotificationNotSend
+from tracim.exceptions import BadCommandError
+from tracim.lib.core.group import GroupApi
+from tracim.lib.core.user import UserApi
+from tracim.models import User
+from tracim.models import Group
+
+
+class UserCommand(AppContextCommand):
+
+    ACTION_CREATE = 'create'
+    ACTION_UPDATE = 'update'
+
+    action = NotImplemented
+
+    def get_description(self) -> str:
+        return '''Create or update user.'''
+
+    def get_parser(self, prog_name: str) -> argparse.ArgumentParser:
+        parser = super().get_parser(prog_name)
+
+        parser.add_argument(
+            "-l",
+            "--login",
+            help='User login (email)',
+            dest='login',
+            required=True
+        )
+
+        parser.add_argument(
+            "-p",
+            "--password",
+            help='User password',
+            dest='password',
+            required=False,
+            default=None
+        )
+
+        parser.add_argument(
+            "-g",
+            "--add-to-group",
+            help='Add user to group',
+            dest='add_to_group',
+            nargs='*',
+            action=Extender,
+            default=[],
+        )
+
+        parser.add_argument(
+            "-rmg",
+            "--remove-from-group",
+            help='Remove user from group',
+            dest='remove_from_group',
+            nargs='*',
+            action=Extender,
+            default=[],
+        )
+
+        parser.add_argument(
+            "--send-email",
+            help='Send mail to user',
+            dest='send_email',
+            required=False,
+            action='store_true',
+            default=False,
+        )
+
+        return parser
+
+    def _user_exist(self, login: str) -> User:
+        return self._user_api.user_with_email_exists(login)
+
+    def _get_group(self, name: str) -> Group:
+        groups_availables = [group.group_name
+                             for group in self._group_api.get_all()]
+        if name not in groups_availables:
+            msg = "Group '{}' does not exist, choose a group name in : ".format(name)  # nopep8
+            for group in groups_availables:
+                msg+= "'{}',".format(group)
+            self._session.rollback()
+            raise GroupDoesNotExist(msg)
+        return self._group_api.get_one_with_name(name)
+
+    def _add_user_to_named_group(
+            self,
+            user: str,
+            group_name: str
+    ) -> None:
+
+        group = self._get_group(group_name)
+        if user not in group.users:
+            group.users.append(user)
+        self._session.flush()
+
+    def _remove_user_from_named_group(
+            self,
+            user: User,
+            group_name: str
+    ) -> None:
+        group = self._get_group(group_name)
+        if user in group.users:
+            group.users.remove(user)
+        self._session.flush()
+
+    def _create_user(
+            self,
+            login: str,
+            password: str,
+            do_notify: bool,
+            **kwargs
+    ) -> User:
+        if not password:
+            if self._password_required():
+                raise BadCommandError(
+                    "You must provide -p/--password parameter"
+                )
+            password = ''
+
+        try:
+            user = self._user_api.create_user(
+                email=login,
+                password=password,
+                do_save=True,
+                do_notify=do_notify,
+            )
+            # TODO - G.M - 04-04-2018 - [Caldav] Check this code
+            # # We need to enable radicale if it not already done
+            # daemons = DaemonsManager()
+            # daemons.run('radicale', RadicaleDaemon)
+            self._user_api.execute_created_user_actions(user)
+        except IntegrityError:
+            self._session.rollback()
+            raise UserAlreadyExistError()
+        except NotificationNotSend as exception:
+            self._session.rollback()
+            raise exception
+
+        return user
+
+    def _update_password_for_login(self, login: str, password: str) -> None:
+        user = self._user_api.get_one_by_email(login)
+        user.password = password
+        self._session.flush()
+        transaction.commit()
+
+    def take_app_action(
+            self,
+            parsed_args: argparse.Namespace,
+            app_context: AppEnvironment
+    ) -> None:
+        # TODO - G.M - 05-04-2018 -Refactor this in order
+        # to not setup object var outside of __init__ .
+        self._session = app_context['request'].dbsession
+        self._app_config = app_context['registry'].settings['CFG']
+        self._user_api = UserApi(
+            current_user=None,
+            session=self._session,
+            config=self._app_config,
+        )
+        self._group_api = GroupApi(
+            current_user=None,
+            session=self._session,
+            config=self._app_config,
+        )
+        user = self._proceed_user(parsed_args)
+        self._proceed_groups(user, parsed_args)
+
+        print("User created/updated")
+
+    def _proceed_user(self, parsed_args: argparse.Namespace) -> User:
+        self._check_context(parsed_args)
+
+        if self.action == self.ACTION_CREATE:
+            try:
+                user = self._create_user(
+                    login=parsed_args.login,
+                    password=parsed_args.password,
+                    do_notify=parsed_args.send_email,
+                )
+            except UserAlreadyExistError:
+                raise UserAlreadyExistError("Error: User already exist (use `user update` command instead)")
+            except NotificationNotSend:
+                raise NotificationNotSend("Error: Cannot send email notification, user not created.")
+            # TODO - G.M - 04-04-2018 - [Email] Check this code
+            # if parsed_args.send_email:
+            #     email_manager = get_email_manager()
+            #     email_manager.notify_created_account(
+            #         user=user,
+            #         password=parsed_args.password,
+            #     )
+
+        else:
+            if parsed_args.password:
+                self._update_password_for_login(
+                    login=parsed_args.login,
+                    password=parsed_args.password
+                )
+            user = self._user_api.get_one_by_email(parsed_args.login)
+
+        return user
+
+    def _proceed_groups(
+            self,
+            user: User,
+            parsed_args: argparse.Namespace
+    ) -> None:
+        # User always in "users" group
+        self._add_user_to_named_group(user, 'users')
+
+        for group_name in parsed_args.add_to_group:
+            self._add_user_to_named_group(user, group_name)
+
+        for group_name in parsed_args.remove_from_group:
+            self._remove_user_from_named_group(user, group_name)
+
+    def _password_required(self) -> bool:
+        # TODO - G.M - 04-04-2018 - [LDAP] Check this code
+        # if config.get('auth_type') == LDAPAuth.name:
+        #     return False
+        return True
+
+    def _check_context(self, parsed_args: argparse.Namespace) -> None:
+        # TODO - G.M - 04-04-2018 - [LDAP] Check this code
+        # if config.get('auth_type') == LDAPAuth.name:
+        #     auth_instance = config.get('auth_instance')
+        #     if not auth_instance.ldap_auth.user_exist(parsed_args.login):
+        #         raise LDAPUserUnknown(
+        #             "LDAP is enabled and user with login/email \"%s\" not found in LDAP" % parsed_args.login
+        #         )
+        pass
+
+
+class CreateUserCommand(UserCommand):
+    action = UserCommand.ACTION_CREATE
+
+
+class UpdateUserCommand(UserCommand):
+    action = UserCommand.ACTION_UPDATE
+
+
+class LDAPUserUnknown(BadCommandError):
+    pass

backend/tracim/command/webdav.py

@@ -0,0 +1,27 @@
+# -*- coding: utf-8 -*-
+import argparse
+
+import plaster_pastedeploy
+from waitress import serve
+
+from tracim.command import AppContextCommand
+from tracim.lib.webdav import WebdavAppFactory
+from wsgi import webdav_app
+
+
+class WebdavRunnerCommand(AppContextCommand):
+    auto_setup_context = False
+
+    def get_description(self) -> str:
+        return "run webdav server"
+
+    def get_parser(self, prog_name: str) -> argparse.ArgumentParser:
+        parser = super().get_parser(prog_name)
+        return parser
+
+    def take_action(self, parsed_args: argparse.Namespace) -> None:
+        super(WebdavRunnerCommand, self).take_action(parsed_args)
+        tracim_config = parsed_args.config_file
+        # TODO - G.M - 16-04-2018 - Allow specific webdav config file
+        app = webdav_app(tracim_config)
+        serve(app, port=app.config['port'], host=app.config['host'])

backend/tracim/config.py

@@ -0,0 +1,462 @@
+# -*- coding: utf-8 -*-
+from urllib.parse import urlparse
+from paste.deploy.converters import asbool
+from tracim.lib.utils.logger import logger
+from depot.manager import DepotManager
+
+from tracim.models.data import ActionDescription, ContentType
+
+
+class CFG(object):
+    """Object used for easy access to config file parameters."""
+
+    def __setattr__(self, key, value):
+        """
+        Log-ready setter.
+
+        Logs all configuration parameters except password.
+        :param key:
+        :param value:
+        :return:
+        """
+        if 'PASSWORD' not in key and \
+                ('URL' not in key or type(value) == str) and \
+                'CONTENT' not in key:
+            # We do not show PASSWORD for security reason
+            # we do not show URL because At the time of configuration setup,
+            # it can't be evaluated
+            # We do not show CONTENT in order not to pollute log files
+            logger.info(self, 'CONFIG: [ {} | {} ]'.format(key, value))
+        else:
+            logger.info(self, 'CONFIG: [ {} | <value not shown> ]'.format(key))
+
+        self.__dict__[key] = value
+
+    def __init__(self, settings):
+        """Parse configuration file."""
+
+        ###
+        # General
+        ###
+
+        mandatory_msg = \
+            'ERROR: {} configuration is mandatory. Set it before continuing.'
+        self.DEPOT_STORAGE_DIR = settings.get(
+            'depot_storage_dir',
+        )
+        if not self.DEPOT_STORAGE_DIR:
+            raise Exception(
+                mandatory_msg.format('depot_storage_dir')
+            )
+        self.DEPOT_STORAGE_NAME = settings.get(
+            'depot_storage_name',
+        )
+        if not self.DEPOT_STORAGE_NAME:
+            raise Exception(
+                mandatory_msg.format('depot_storage_name')
+            )
+        self.PREVIEW_CACHE_DIR = settings.get(
+            'preview_cache_dir',
+        )
+        if not self.PREVIEW_CACHE_DIR:
+            raise Exception(
+                'ERROR: preview_cache_dir configuration is mandatory. '
+                'Set it before continuing.'
+            )
+
+        self.DATA_UPDATE_ALLOWED_DURATION = int(settings.get(
+            'content.update.allowed.duration',
+            0,
+        ))
+
+        self.WEBSITE_TITLE = settings.get(
+            'website.title',
+            'TRACIM',
+        )
+
+        self.WEBSITE_BASE_URL = settings.get(
+            'website.base_url',
+            '',
+        )
+
+        # TODO - G.M - 26-03-2018 - [Cleanup] These params seems deprecated for tracimv2,  # nopep8
+        # Verify this
+        #
+        # self.WEBSITE_HOME_TITLE_COLOR = settings.get(
+        #     'website.title.color',
+        #     '#555',
+        # )
+        # self.WEBSITE_HOME_IMAGE_PATH = settings.get(
+        #     '/assets/img/home_illustration.jpg',
+        # )
+        # self.WEBSITE_HOME_BACKGROUND_IMAGE_PATH = settings.get(
+        #     '/assets/img/bg.jpg',
+        # )
+        #
+
+        self.WEBSITE_SERVER_NAME = settings.get(
+            'website.server_name',
+            None,
+        )
+
+        if not self.WEBSITE_SERVER_NAME:
+            self.WEBSITE_SERVER_NAME = urlparse(self.WEBSITE_BASE_URL).hostname
+            logger.warning(
+                self,
+                'NOTE: Generated website.server_name parameter from '
+                'website.base_url parameter -> {0}'
+                .format(self.WEBSITE_SERVER_NAME)
+            )
+
+        self.WEBSITE_HOME_TAG_LINE = settings.get(
+            'website.home.tag_line',
+            '',
+        )
+        self.WEBSITE_SUBTITLE = settings.get(
+            'website.home.subtitle',
+            '',
+        )
+        self.WEBSITE_HOME_BELOW_LOGIN_FORM = settings.get(
+            'website.home.below_login_form',
+            '',
+        )
+
+        self.WEBSITE_TREEVIEW_CONTENT = settings.get(
+            'website.treeview.content',
+        )
+
+        self.USER_AUTH_TOKEN_VALIDITY = int(settings.get(
+            'user.auth_token.validity',
+            '604800',
+        ))
+
+        self.DEBUG = asbool(settings.get('debug', False))
+        # TODO - G.M - 27-03-2018 - [Email] Restore email config
+        ###
+        # EMAIL related stuff (notification, reply)
+        ##
+
+        self.EMAIL_NOTIFICATION_NOTIFIED_EVENTS = [
+            ActionDescription.COMMENT,
+            ActionDescription.CREATION,
+            ActionDescription.EDITION,
+            ActionDescription.REVISION,
+            ActionDescription.STATUS_UPDATE
+        ]
+
+        self.EMAIL_NOTIFICATION_NOTIFIED_CONTENTS = [
+            ContentType.Page,
+            ContentType.Thread,
+            ContentType.File,
+            ContentType.Comment,
+            # ContentType.Folder -- Folder is skipped
+        ]
+        if settings.get('email.notification.from'):
+            raise Exception(
+                'email.notification.from configuration is deprecated. '
+                'Use instead email.notification.from.email and '
+                'email.notification.from.default_label.'
+            )
+
+        self.EMAIL_NOTIFICATION_FROM_EMAIL = settings.get(
+            'email.notification.from.email',
+        )
+        self.EMAIL_NOTIFICATION_FROM_DEFAULT_LABEL = settings.get(
+            'email.notification.from.default_label'
+        )
+        self.EMAIL_NOTIFICATION_REPLY_TO_EMAIL = settings.get(
+            'email.notification.reply_to.email',
+        )
+        self.EMAIL_NOTIFICATION_REFERENCES_EMAIL = settings.get(
+            'email.notification.references.email'
+        )
+        self.EMAIL_NOTIFICATION_CONTENT_UPDATE_TEMPLATE_HTML = settings.get(
+            'email.notification.content_update.template.html',
+        )
+        self.EMAIL_NOTIFICATION_CONTENT_UPDATE_TEMPLATE_TEXT = settings.get(
+            'email.notification.content_update.template.text',
+        )
+        self.EMAIL_NOTIFICATION_CREATED_ACCOUNT_TEMPLATE_HTML = settings.get(
+            'email.notification.created_account.template.html',
+            './tracim/templates/mail/created_account_body_html.mak',
+        )
+        self.EMAIL_NOTIFICATION_CREATED_ACCOUNT_TEMPLATE_TEXT = settings.get(
+            'email.notification.created_account.template.text',
+            './tracim/templates/mail/created_account_body_text.mak',
+        )
+        self.EMAIL_NOTIFICATION_CONTENT_UPDATE_SUBJECT = settings.get(
+            'email.notification.content_update.subject',
+        )
+        self.EMAIL_NOTIFICATION_CREATED_ACCOUNT_SUBJECT = settings.get(
+            'email.notification.created_account.subject',
+            '[{website_title}] Created account',
+        )
+        self.EMAIL_NOTIFICATION_PROCESSING_MODE = settings.get(
+            'email.notification.processing_mode',
+        )
+
+        self.EMAIL_NOTIFICATION_ACTIVATED = asbool(settings.get(
+            'email.notification.activated',
+        ))
+        self.EMAIL_NOTIFICATION_SMTP_SERVER = settings.get(
+            'email.notification.smtp.server',
+        )
+        self.EMAIL_NOTIFICATION_SMTP_PORT = settings.get(
+            'email.notification.smtp.port',
+        )
+        self.EMAIL_NOTIFICATION_SMTP_USER = settings.get(
+            'email.notification.smtp.user',
+        )
+        self.EMAIL_NOTIFICATION_SMTP_PASSWORD = settings.get(
+            'email.notification.smtp.password',
+        )
+        self.EMAIL_NOTIFICATION_LOG_FILE_PATH = settings.get(
+            'email.notification.log_file_path',
+            None,
+        )
+
+        # self.EMAIL_REPLY_ACTIVATED = asbool(settings.get(
+        #     'email.reply.activated',
+        #     False,
+        # ))
+        #
+        # self.EMAIL_REPLY_IMAP_SERVER = settings.get(
+        #     'email.reply.imap.server',
+        # )
+        # self.EMAIL_REPLY_IMAP_PORT = settings.get(
+        #     'email.reply.imap.port',
+        # )
+        # self.EMAIL_REPLY_IMAP_USER = settings.get(
+        #     'email.reply.imap.user',
+        # )
+        # self.EMAIL_REPLY_IMAP_PASSWORD = settings.get(
+        #     'email.reply.imap.password',
+        # )
+        # self.EMAIL_REPLY_IMAP_FOLDER = settings.get(
+        #     'email.reply.imap.folder',
+        # )
+        # self.EMAIL_REPLY_CHECK_HEARTBEAT = int(settings.get(
+        #     'email.reply.check.heartbeat',
+        #     60,
+        # ))
+        # self.EMAIL_REPLY_TOKEN = settings.get(
+        #     'email.reply.token',
+        # )
+        # self.EMAIL_REPLY_IMAP_USE_SSL = asbool(settings.get(
+        #     'email.reply.imap.use_ssl',
+        # ))
+        # self.EMAIL_REPLY_IMAP_USE_IDLE = asbool(settings.get(
+        #     'email.reply.imap.use_idle',
+        #     True,
+        # ))
+        # self.EMAIL_REPLY_CONNECTION_MAX_LIFETIME = int(settings.get(
+        #     'email.reply.connection.max_lifetime',
+        #     600,  # 10 minutes
+        # ))
+        # self.EMAIL_REPLY_USE_HTML_PARSING = asbool(settings.get(
+        #     'email.reply.use_html_parsing',
+        #     True,
+        # ))
+        # self.EMAIL_REPLY_USE_TXT_PARSING = asbool(settings.get(
+        #     'email.reply.use_txt_parsing',
+        #     True,
+        # ))
+        # self.EMAIL_REPLY_LOCKFILE_PATH = settings.get(
+        #     'email.reply.lockfile_path',
+        #     ''
+        # )
+        # if not self.EMAIL_REPLY_LOCKFILE_PATH and self.EMAIL_REPLY_ACTIVATED:
+        #     raise Exception(
+        #         mandatory_msg.format('email.reply.lockfile_path')
+        #     )
+        #
+        self.EMAIL_PROCESSING_MODE = settings.get(
+            'email.processing_mode',
+            'sync',
+        ).upper()
+
+        if self.EMAIL_PROCESSING_MODE not in (
+                self.CST.ASYNC,
+                self.CST.SYNC,
+        ):
+            raise Exception(
+                'email.processing_mode '
+                'can ''be "{}" or "{}", not "{}"'.format(
+                    self.CST.ASYNC,
+                    self.CST.SYNC,
+                    self.EMAIL_PROCESSING_MODE,
+                )
+            )
+
+        self.EMAIL_SENDER_REDIS_HOST = settings.get(
+            'email.async.redis.host',
+            'localhost',
+        )
+        self.EMAIL_SENDER_REDIS_PORT = int(settings.get(
+            'email.async.redis.port',
+            6379,
+        ))
+        self.EMAIL_SENDER_REDIS_DB = int(settings.get(
+            'email.async.redis.db',
+            0,
+        ))
+
+        ###
+        # WSGIDAV (Webdav server)
+        ###
+
+        # TODO - G.M - 27-03-2018 - [WebDav] Restore wsgidav config
+        #self.WSGIDAV_CONFIG_PATH = settings.get(
+        #    'wsgidav.config_path',
+        #    'wsgidav.conf',
+        #)
+        # TODO: Convert to importlib
+        # http://stackoverflow.com/questions/41063938/use-importlib-instead-imp-for-non-py-file
+        #self.wsgidav_config = imp.load_source(
+        #    'wsgidav_config',
+        #    self.WSGIDAV_CONFIG_PATH,
+        #)
+        # self.WSGIDAV_PORT = self.wsgidav_config.port
+        # self.WSGIDAV_CLIENT_BASE_URL = settings.get(
+        #     'wsgidav.client.base_url',
+        #     None,
+        # )
+        #
+        # if not self.WSGIDAV_CLIENT_BASE_URL:
+        #     self.WSGIDAV_CLIENT_BASE_URL = \
+        #         '{0}:{1}'.format(
+        #             self.WEBSITE_SERVER_NAME,
+        #             self.WSGIDAV_PORT,
+        #         )
+        #     logger.warning(self,
+        #         'NOTE: Generated wsgidav.client.base_url parameter with '
+        #         'followings parameters: website.server_name and '
+        #         'wsgidav.conf port'.format(
+        #             self.WSGIDAV_CLIENT_BASE_URL,
+        #         )
+        #     )
+        #
+        # if not self.WSGIDAV_CLIENT_BASE_URL.endswith('/'):
+        #     self.WSGIDAV_CLIENT_BASE_URL += '/'
+
+        # TODO - G.M - 27-03-2018 - [Caldav] Restore radicale config
+        ###
+        # RADICALE (Caldav server)
+        ###
+        # self.RADICALE_SERVER_HOST = settings.get(
+        #     'radicale.server.host',
+        #     '127.0.0.1',
+        # )
+        # self.RADICALE_SERVER_PORT = int(settings.get(
+        #     'radicale.server.port',
+        #     5232,
+        # ))
+        # # Note: Other parameters needed to work in SSL (cert file, etc)
+        # self.RADICALE_SERVER_SSL = asbool(settings.get(
+        #     'radicale.server.ssl',
+        #     False,
+        # ))
+        # self.RADICALE_SERVER_FILE_SYSTEM_FOLDER = settings.get(
+        #     'radicale.server.filesystem.folder',
+        # )
+        # if not self.RADICALE_SERVER_FILE_SYSTEM_FOLDER:
+        #     raise Exception(
+        #         mandatory_msg.format('radicale.server.filesystem.folder')
+        #     )
+        # self.RADICALE_SERVER_ALLOW_ORIGIN = settings.get(
+        #     'radicale.server.allow_origin',
+        #     None,
+        # )
+        # if not self.RADICALE_SERVER_ALLOW_ORIGIN:
+        #     self.RADICALE_SERVER_ALLOW_ORIGIN = self.WEBSITE_BASE_URL
+        #     logger.warning(self,
+        #         'NOTE: Generated radicale.server.allow_origin parameter with '
+        #         'followings parameters: website.base_url ({0})'
+        #         .format(self.WEBSITE_BASE_URL)
+        #     )
+        #
+        # self.RADICALE_SERVER_REALM_MESSAGE = settings.get(
+        #     'radicale.server.realm_message',
+        #     'Tracim Calendar - Password Required',
+        # )
+        #
+        # self.RADICALE_CLIENT_BASE_URL_HOST = settings.get(
+        #     'radicale.client.base_url.host',
+        #     'http://{}:{}'.format(
+        #         self.RADICALE_SERVER_HOST,
+        #         self.RADICALE_SERVER_PORT,
+        #     ),
+        # )
+        #
+        # self.RADICALE_CLIENT_BASE_URL_PREFIX = settings.get(
+        #     'radicale.client.base_url.prefix',
+        #     '/',
+        # )
+        # # Ensure finished by '/'
+        # if '/' != self.RADICALE_CLIENT_BASE_URL_PREFIX[-1]:
+        #     self.RADICALE_CLIENT_BASE_URL_PREFIX += '/'
+        # if '/' != self.RADICALE_CLIENT_BASE_URL_PREFIX[0]:
+        #     self.RADICALE_CLIENT_BASE_URL_PREFIX \
+        #         = '/' + self.RADICALE_CLIENT_BASE_URL_PREFIX
+        #
+        # if not self.RADICALE_CLIENT_BASE_URL_HOST:
+        #     logger.warning(self,
+        #         'Generated radicale.client.base_url.host parameter with '
+        #         'followings parameters: website.server_name -> {}'
+        #         .format(self.WEBSITE_SERVER_NAME)
+        #     )
+        #     self.RADICALE_CLIENT_BASE_URL_HOST = self.WEBSITE_SERVER_NAME
+        #
+        # self.RADICALE_CLIENT_BASE_URL_TEMPLATE = '{}{}'.format(
+        #     self.RADICALE_CLIENT_BASE_URL_HOST,
+        #     self.RADICALE_CLIENT_BASE_URL_PREFIX,
+        # )
+        self.PREVIEW_JPG_RESTRICTED_DIMS = asbool(settings.get(
+            'preview.jpg.restricted_dims', False
+        ))
+        preview_jpg_allowed_dims_str = settings.get('preview.jpg.allowed_dims', '')  # nopep8
+        allowed_dims = []
+        if preview_jpg_allowed_dims_str:
+            for sizes in preview_jpg_allowed_dims_str.split(','):
+                parts = sizes.split('x')
+                assert len(parts) == 2
+                width, height = parts
+                assert width.isdecimal()
+                assert height.isdecimal()
+                size = PreviewDim(int(width), int(height))
+                allowed_dims.append(size)
+
+        if not allowed_dims:
+            size = PreviewDim(256, 256)
+            allowed_dims.append(size)
+
+        self.PREVIEW_JPG_ALLOWED_DIMS = allowed_dims
+
+    def configure_filedepot(self):
+        depot_storage_name = self.DEPOT_STORAGE_NAME
+        depot_storage_path = self.DEPOT_STORAGE_DIR
+        depot_storage_settings = {'depot.storage_path': depot_storage_path}
+        DepotManager.configure(
+            depot_storage_name,
+            depot_storage_settings,
+        )
+
+    class CST(object):
+        ASYNC = 'ASYNC'
+        SYNC = 'SYNC'
+
+        TREEVIEW_FOLDERS = 'folders'
+        TREEVIEW_ALL = 'all'
+
+
+class PreviewDim(object):
+
+    def __init__(self, width: int, height: int) -> None:
+        self.width = width
+        self.height = height
+
+    def __repr__(self):
+        return "<PreviewDim width:{width} height:{height}>".format(
+            width=self.width,
+            height=self.height,
+        )

backend/tracim/exceptions.py

@@ -0,0 +1,205 @@
+# -*- coding: utf-8 -*-
+
+
+class TracimError(Exception):
+    pass
+
+
+class TracimException(Exception):
+    pass
+
+
+class RunTimeError(TracimError):
+    pass
+
+
+class ContentRevisionUpdateError(RuntimeError):
+    pass
+
+
+class ContentRevisionDeleteError(ContentRevisionUpdateError):
+    pass
+
+
+class ConfigurationError(TracimError):
+    pass
+
+
+class UserAlreadyExistError(TracimError):
+    pass
+
+
+class BadCommandError(TracimError):
+    pass
+
+
+class DaemonException(TracimException):
+    pass
+
+
+class AlreadyRunningDaemon(DaemonException):
+    pass
+
+
+class CalendarException(TracimException):
+    pass
+
+
+class UnknownCalendarType(CalendarException):
+    pass
+
+
+class NotFound(TracimException):
+    pass
+
+
+class SameValueError(ValueError):
+    pass
+
+
+class NotAuthenticated(TracimException):
+    pass
+
+
+class WorkspaceNotFound(NotFound):
+    pass
+
+
+class WorkspaceNotFoundInTracimRequest(NotFound):
+    pass
+
+
+class InsufficientUserRoleInWorkspace(TracimException):
+    pass
+
+
+class InsufficientUserProfile(TracimException):
+    pass
+
+
+class ImmutableAttribute(TracimException):
+    pass
+
+
+class DigestAuthNotImplemented(Exception):
+    pass
+
+
+class AuthenticationFailed(TracimException):
+    pass
+
+
+class WrongUserPassword(TracimException):
+    pass
+
+
+class NotificationNotSend(TracimException):
+    pass
+
+
+class GroupDoesNotExist(TracimError):
+    pass
+
+
+class ContentStatusNotExist(TracimError):
+    pass
+
+
+class ContentTypeNotExist(TracimError):
+    pass
+
+
+class UserDoesNotExist(TracimException):
+    pass
+
+
+class UserNotFoundInTracimRequest(TracimException):
+    pass
+
+
+class ContentNotFoundInTracimRequest(TracimException):
+    pass
+
+
+class InvalidId(TracimException):
+    pass
+
+
+class InvalidContentId(InvalidId):
+    pass
+
+
+class InvalidCommentId(InvalidId):
+    pass
+
+
+class InvalidWorkspaceId(InvalidId):
+    pass
+
+
+class InvalidUserId(InvalidId):
+    pass
+
+
+class ContentNotFound(TracimException):
+    pass
+
+
+class ContentTypeNotAllowed(TracimException):
+    pass
+
+
+class WorkspacesDoNotMatch(TracimException):
+    pass
+
+
+class PasswordDoNotMatch(TracimException):
+    pass
+
+
+class EmptyValueNotAllowed(TracimException):
+    pass
+
+
+class EmptyLabelNotAllowed(EmptyValueNotAllowed):
+    pass
+
+
+class EmptyCommentContentNotAllowed(EmptyValueNotAllowed):
+    pass
+
+
+class UserNotActive(TracimException):
+    pass
+
+
+class NoUserSetted(TracimException):
+    pass
+
+
+class RoleDoesNotExist(TracimException):
+    pass
+
+
+class EmailValidationFailed(TracimException):
+    pass
+
+
+class UserCreationFailed(TracimException):
+    pass
+
+
+class ParentNotFound(NotFound):
+    pass
+
+
+class RevisionDoesNotMatchThisContent(TracimException):
+    pass
+
+
+class PageOfPreviewNotFound(NotFound):
+    pass
+
+
+class PreviewDimNotAllowed(TracimException):
+    pass

backend/tracim/extensions.py

@@ -0,0 +1,3 @@
+from hapic import Hapic
+
+hapic = Hapic()

backend/tracim/fixtures/__init__.py

@@ -0,0 +1,48 @@
+import copy
+import transaction
+
+
+class Fixture(object):
+
+    """ Fixture classes (list) required for this fixtures"""
+    require = NotImplemented
+
+    def __init__(self, session, config):
+        self._session = session
+        self._config = config
+
+    def insert(self):
+        raise NotImplementedError()
+
+
+class FixturesLoader(object):
+    """
+    Fixtures loader. Load each fixture once.
+    """
+
+    def __init__(self, session, config, loaded=None):
+        loaded = [] if loaded is None else loaded
+        self._loaded = loaded
+        self._session = session
+        # FIXME - G.M - 2018-06-169 - Fixture failed with email_notification
+        # activated, disable it there now. Find better way to fix this
+        # later
+        self._config = copy.copy(config)
+        self._config.EMAIL_NOTIFICATION_ACTIVATED = False
+
+    def loads(self, fixtures_classes):
+        for fixture_class in fixtures_classes:
+            for required_fixture_class in fixture_class.require:
+                self._load(required_fixture_class)
+            self._load(fixture_class)
+
+    def _load(self, fixture_class: Fixture):
+        if fixture_class not in self._loaded:
+            fixture = fixture_class(
+                session=self._session,
+                config=self._config,
+            )
+            fixture.insert()
+            self._loaded.append(fixture_class)
+            self._session.flush()
+            transaction.commit()

backend/tracim/fixtures/content.py

@@ -0,0 +1,319 @@
+# -*- coding: utf-8 -*-
+from depot.io.utils import FileIntent
+import transaction
+
+from tracim import models
+from tracim.fixtures import Fixture
+from tracim.fixtures.users_and_groups import Test
+from tracim.lib.core.content import ContentApi
+from tracim.lib.core.userworkspace import RoleApi
+from tracim.lib.core.workspace import WorkspaceApi
+from tracim.models.data import ContentType
+from tracim.models.data import UserRoleInWorkspace
+from tracim.models.revision_protection import new_revision
+
+
+class Content(Fixture):
+    require = [Test]
+
+    def insert(self):
+        admin = self._session.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        bob = self._session.query(models.User) \
+            .filter(models.User.email == 'bob@fsf.local') \
+            .one()
+        john_the_reader = self._session.query(models.User) \
+            .filter(models.User.email == 'john-the-reader@reader.local') \
+            .one()
+
+        admin_workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=self._session,
+            config=self._config,
+        )
+        bob_workspace_api = WorkspaceApi(
+            current_user=bob,
+            session=self._session,
+            config=self._config
+        )
+        content_api = ContentApi(
+            current_user=admin,
+            session=self._session,
+            config=self._config
+        )
+        bob_content_api = ContentApi(
+            current_user=bob,
+            session=self._session,
+            config=self._config
+        )
+        reader_content_api = ContentApi(
+            current_user=john_the_reader,
+            session=self._session,
+            config=self._config
+        )
+        role_api = RoleApi(
+            current_user=admin,
+            session=self._session,
+            config=self._config,
+        )
+
+        # Workspaces
+        business_workspace = admin_workspace_api.create_workspace(
+            'Business',
+            description='All importants documents',
+            save_now=True,
+        )
+        recipe_workspace = admin_workspace_api.create_workspace(
+            'Recipes',
+            description='Our best recipes',
+            save_now=True,
+        )
+        other_workspace = bob_workspace_api.create_workspace(
+            'Others',
+            description='Other Workspace',
+            save_now=True,
+        )
+
+        # Workspaces roles
+        role_api.create_one(
+            user=bob,
+            workspace=recipe_workspace,
+            role_level=UserRoleInWorkspace.CONTENT_MANAGER,
+            with_notif=False,
+        )
+        role_api.create_one(
+            user=john_the_reader,
+            workspace=recipe_workspace,
+            role_level=UserRoleInWorkspace.READER,
+            with_notif=False,
+        )
+        # Folders
+
+        tool_workspace = content_api.create(
+            content_type=ContentType.Folder,
+            workspace=business_workspace,
+            label='Tools',
+            do_save=True,
+            do_notify=False,
+        )
+        menu_workspace = content_api.create(
+            content_type=ContentType.Folder,
+            workspace=business_workspace,
+            label='Menus',
+            do_save=True,
+            do_notify=False,
+        )
+
+        dessert_folder = content_api.create(
+            content_type=ContentType.Folder,
+            workspace=recipe_workspace,
+            label='Desserts',
+            do_save=True,
+            do_notify=False,
+        )
+        salads_folder = content_api.create(
+            content_type=ContentType.Folder,
+            workspace=recipe_workspace,
+            label='Salads',
+            do_save=True,
+            do_notify=False,
+        )
+        other_folder = content_api.create(
+            content_type=ContentType.Folder,
+            workspace=other_workspace,
+            label='Infos',
+            do_save=True,
+            do_notify=False,
+        )
+
+        # Pages, threads, ..
+        tiramisu_page = content_api.create(
+            content_type=ContentType.Page,
+            workspace=recipe_workspace,
+            parent=dessert_folder,
+            label='Tiramisu Recipes!!!',
+            do_save=True,
+            do_notify=False,
+        )
+        with new_revision(
+                session=self._session,
+                tm=transaction.manager,
+                content=tiramisu_page,
+        ):
+            content_api.update_content(
+                item=tiramisu_page,
+                new_content='<p>To cook a greet Tiramisu, you need many ingredients.</p>',  # nopep8
+                new_label='Tiramisu Recipes!!!',
+            )
+            content_api.save(tiramisu_page)
+
+        best_cake_thread = content_api.create(
+            content_type=ContentType.Thread,
+            workspace=recipe_workspace,
+            parent=dessert_folder,
+            label='Best Cake',
+            do_save=False,
+            do_notify=False,
+        )
+        best_cake_thread.description = 'Which is the best cake?'
+        self._session.add(best_cake_thread)
+        apple_pie_recipe = content_api.create(
+            content_type=ContentType.File,
+            workspace=recipe_workspace,
+            parent=dessert_folder,
+            label='Apple_Pie',
+            do_save=False,
+            do_notify=False,
+        )
+        apple_pie_recipe.file_extension = '.txt'
+        apple_pie_recipe.depot_file = FileIntent(
+            b'Apple pie Recipe',
+            'apple_Pie.txt',
+            'text/plain',
+        )
+        self._session.add(apple_pie_recipe)
+        Brownie_recipe = content_api.create(
+            content_type=ContentType.File,
+            workspace=recipe_workspace,
+            parent=dessert_folder,
+            label='Brownie Recipe',
+            do_save=False,
+            do_notify=False,
+        )
+        Brownie_recipe.file_extension = '.html'
+        Brownie_recipe.depot_file = FileIntent(
+            b'<p>Brownie Recipe</p>',
+            'brownie_recipe.html',
+            'text/html',
+        )
+        self._session.add(Brownie_recipe)
+        fruits_desserts_folder = content_api.create(
+            content_type=ContentType.Folder,
+            workspace=recipe_workspace,
+            label='Fruits Desserts',
+            parent=dessert_folder,
+            do_save=True,
+        )
+
+        menu_page = content_api.create(
+            content_type=ContentType.Page,
+            workspace=business_workspace,
+            parent=menu_workspace,
+            label='Current Menu',
+            do_save=True,
+        )
+
+        new_fruit_salad = content_api.create(
+            content_type=ContentType.Page,
+            workspace=recipe_workspace,
+            parent=fruits_desserts_folder,
+            label='New Fruit Salad',
+            do_save=True,
+        )
+        old_fruit_salad = content_api.create(
+            content_type=ContentType.Page,
+            workspace=recipe_workspace,
+            parent=fruits_desserts_folder,
+            label='Fruit Salad',
+            do_save=True,
+            do_notify=False,
+        )
+        with new_revision(
+                session=self._session,
+                tm=transaction.manager,
+                content=old_fruit_salad,
+        ):
+            content_api.archive(old_fruit_salad)
+        content_api.save(old_fruit_salad)
+
+        bad_fruit_salad = content_api.create(
+            content_type=ContentType.Page,
+            workspace=recipe_workspace,
+            parent=fruits_desserts_folder,
+            label='Bad Fruit Salad',
+            do_save=True,
+            do_notify=False,
+        )
+        with new_revision(
+                session=self._session,
+                tm=transaction.manager,
+                content=bad_fruit_salad,
+        ):
+            content_api.delete(bad_fruit_salad)
+        content_api.save(bad_fruit_salad)
+
+        # File at the root for test
+        new_fruit_salad = content_api.create(
+            content_type=ContentType.Page,
+            workspace=other_workspace,
+            label='New Fruit Salad',
+            do_save=True,
+        )
+        old_fruit_salad = content_api.create(
+            content_type=ContentType.Page,
+            workspace=other_workspace,
+            label='Fruit Salad',
+            do_save=True,
+        )
+        with new_revision(
+                session=self._session,
+                tm=transaction.manager,
+                content=old_fruit_salad,
+        ):
+            content_api.archive(old_fruit_salad)
+        content_api.save(old_fruit_salad)
+
+        bad_fruit_salad = content_api.create(
+            content_type=ContentType.Page,
+            workspace=other_workspace,
+            label='Bad Fruit Salad',
+            do_save=True,
+        )
+        with new_revision(
+                session=self._session,
+                tm=transaction.manager,
+                content=bad_fruit_salad,
+        ):
+            content_api.delete(bad_fruit_salad)
+        content_api.save(bad_fruit_salad)
+
+        content_api.create_comment(
+            parent=best_cake_thread,
+            content='<p>What is for you the best cake ever? </br> I personnally vote for Chocolate cupcake!</p>',  # nopep8
+            do_save=True,
+        )
+        bob_content_api.create_comment(
+            parent=best_cake_thread,
+            content='<p>What about Apple Pie? There are Awesome!</p>',
+            do_save=True,
+        )
+        reader_content_api.create_comment(
+            parent=best_cake_thread,
+            content='<p>You are right, but Kouign-amann are clearly better.</p>',
+            do_save=True,
+        )
+        with new_revision(
+                session=self._session,
+                tm=transaction.manager,
+                content=best_cake_thread,
+        ):
+            bob_content_api.update_content(
+                item=best_cake_thread,
+                new_content='What is the best cake?',
+                new_label='Best Cakes?',
+            )
+            bob_content_api.save(best_cake_thread)
+
+        with new_revision(
+                session=self._session,
+                tm=transaction.manager,
+                content=tiramisu_page,
+        ):
+            bob_content_api.update_content(
+                item=tiramisu_page,
+                new_content='<p>To cook a great Tiramisu, you need many ingredients.</p>',  # nopep8
+                new_label='Tiramisu Recipe',
+            )
+            bob_content_api.save(tiramisu_page)
+        self._session.flush()

backend/tracim/fixtures/ldap.py

@@ -0,0 +1,58 @@
+ldap_test_server_fixtures = {
+    'port': 3333,
+    'password': 'toor',
+
+    'bind_dn': 'cn=admin,dc=directory,dc=fsf,dc=org',
+    'base': {
+        'objectclass': ['dcObject', 'organization'],
+        'dn': 'dc=directory,dc=fsf,dc=org',
+        'attributes': {
+            'o': 'Free Software Foundation',
+            'dc': 'directory'
+        }
+    },
+
+    'entries': [
+        {
+            'objectclass': ['organizationalRole'],
+            'dn': 'cn=admin,dc=directory,dc=fsf,dc=org',
+            'attributes': {
+                'cn': 'admin'
+            }
+        },
+        {
+            'objectclass': ['organizationalUnit'],
+            'dn': 'ou=people,dc=directory,dc=fsf,dc=org',
+            'attributes': {
+                'ou': 'people',
+            }
+        },
+        {
+            'objectclass': ['organizationalUnit'],
+            'dn': 'ou=groups,dc=directory,dc=fsf,dc=org',
+            'attributes': {
+                'ou': 'groups',
+            }
+        },
+        {
+            'objectclass': ['account', 'top'],
+            'dn': 'cn=richard-not-real-email@fsf.org,ou=people,dc=directory,dc=fsf,dc=org',
+            'attributes': {
+                'uid': 'richard-not-real-email@fsf.org',
+                'userPassword': 'rms',
+                'mail': 'richard-not-real-email@fsf.org',
+                'pubname': 'Richard Stallman',
+            }
+        },
+        {
+            'objectclass': ['account', 'top'],
+            'dn': 'cn=lawrence-not-real-email@fsf.local,ou=people,dc=directory,dc=fsf,dc=org',
+            'attributes': {
+                'uid': 'lawrence-not-real-email@fsf.local',
+                'userPassword': 'foobarbaz',
+                'mail': 'lawrence-not-real-email@fsf.local',
+                'pubname': 'Lawrence Lessig',
+            }
+        },
+    ]
+}

backend/tracim/fixtures/users_and_groups.py

@@ -0,0 +1,72 @@
+# -*- coding: utf-8 -*-
+from tracim import models
+from tracim.fixtures import Fixture
+from tracim.lib.core.user import UserApi
+
+
+class Base(Fixture):
+    require = []
+
+    def insert(self):
+        u = models.User()
+        u.display_name = 'Global manager'
+        u.email = 'admin@admin.admin'
+        u.password = 'admin@admin.admin'
+        self._session.add(u)
+        uapi = UserApi(
+            session=self._session,
+            config=self._config,
+            current_user=u)
+        uapi.execute_created_user_actions(u)
+
+        g1 = models.Group()
+        g1.group_id = 1
+        g1.group_name = 'users'
+        g1.display_name = 'Users'
+        g1.users.append(u)
+        self._session.add(g1)
+
+        g2 = models.Group()
+        g2.group_id = 2
+        g2.group_name = 'managers'
+        g2.display_name = 'Global Managers'
+        g2.users.append(u)
+        self._session.add(g2)
+
+        g3 = models.Group()
+        g3.group_id = 3
+        g3.group_name = 'administrators'
+        g3.display_name = 'Administrators'
+        g3.users.append(u)
+        self._session.add(g3)
+
+
+class Test(Fixture):
+    require = [Base, ]
+
+    def insert(self):
+        g2 = self._session.query(models.Group).\
+            filter(models.Group.group_name == 'managers').one()
+
+        lawrence = models.User()
+        lawrence.display_name = 'Lawrence L.'
+        lawrence.email = 'lawrence-not-real-email@fsf.local'
+        lawrence.password = 'foobarbaz'
+        self._session.add(lawrence)
+        g2.users.append(lawrence)
+
+        bob = models.User()
+        bob.display_name = 'Bob i.'
+        bob.email = 'bob@fsf.local'
+        bob.password = 'foobarbaz'
+        self._session.add(bob)
+        g2.users.append(bob)
+
+        g1 = self._session.query(models.Group).\
+            filter(models.Group.group_name == 'users').one()
+        reader = models.User()
+        reader.display_name = 'John Reader'
+        reader.email = 'john-the-reader@reader.local'
+        reader.password = 'read'
+        self._session.add(reader)
+        g1.users.append(reader)

backend/tracim/lib/core/__init__.py

@@ -0,0 +1 @@
+# coding=utf-8

backend/tracim/lib/core/group.py

@@ -0,0 +1,47 @@
+# -*- coding: utf-8 -*-
+import typing
+
+from sqlalchemy.orm.exc import NoResultFound
+
+from tracim.exceptions import GroupDoesNotExist
+from tracim import CFG
+
+
+__author__ = 'damien'
+
+from tracim.models.auth import Group, User
+from sqlalchemy.orm import Query
+from sqlalchemy.orm import Session
+
+
+class GroupApi(object):
+
+    def __init__(
+            self,
+            session: Session,
+            current_user: typing.Optional[User],
+            config: CFG
+    ):
+        self._user = current_user
+        self._session = session
+        self._config = config
+
+    def _base_query(self) -> Query:
+        return self._session.query(Group)
+
+    def get_one(self, group_id) -> Group:
+        try:
+            group = self._base_query().filter(Group.group_id == group_id).one()
+            return group
+        except NoResultFound:
+            raise GroupDoesNotExist()
+
+    def get_one_with_name(self, group_name) -> Group:
+        try:
+            group = self._base_query().filter(Group.group_name == group_name).one()
+            return group
+        except NoResultFound:
+            raise GroupDoesNotExist()
+
+    def get_all(self):
+        return self._base_query().order_by(Group.group_id).all()

backend/tracim/lib/core/notifications.py

@@ -0,0 +1,57 @@
+# -*- coding: utf-8 -*-
+from sqlalchemy.orm import Session
+
+from tracim import CFG
+from tracim.lib.utils.logger import logger
+from tracim.models.auth import User
+from tracim.models.data import Content
+
+
+class INotifier(object):
+    """
+    Interface for Notifier instances
+    """
+    def __init__(self,
+                 config: CFG,
+                 session: Session,
+                 current_user: User=None,
+    ) -> None:
+        pass
+
+    def notify_content_update(self, content: Content):
+        raise NotImplementedError
+
+
+class NotifierFactory(object):
+
+    @classmethod
+    def create(cls, config, session, current_user: User=None) -> INotifier:
+        if not config.EMAIL_NOTIFICATION_ACTIVATED:
+            return DummyNotifier(config, session, current_user)
+        from tracim.lib.mail_notifier.notifier import EmailNotifier
+        return EmailNotifier(config, session, current_user)
+
+
+class DummyNotifier(INotifier):
+    send_count = 0
+
+    def __init__(
+            self,
+            config: CFG,
+            session: Session,
+            current_user: User=None
+    ) -> None:
+        INotifier.__init__(
+            self,
+            config,
+            session,
+            current_user,
+        )
+        logger.info(self, 'Instantiating Dummy Notifier')
+
+    def notify_content_update(self, content: Content):
+        type(self).send_count += 1
+        logger.info(
+            self,
+            'Fake notifier, do not send notification for update of content {}'.format(content.content_id)  # nopep8
+        )

backend/tracim/lib/core/user.py

@@ -0,0 +1,377 @@
+# -*- coding: utf-8 -*-
+from smtplib import SMTPException
+
+import transaction
+import typing as typing
+from sqlalchemy.orm import Session
+from sqlalchemy.orm.exc import NoResultFound
+
+from tracim import CFG
+from tracim.models.auth import User
+from tracim.models.auth import Group
+from tracim.exceptions import NoUserSetted
+from tracim.exceptions import PasswordDoNotMatch
+from tracim.exceptions import EmailValidationFailed
+from tracim.exceptions import UserDoesNotExist
+from tracim.exceptions import WrongUserPassword
+from tracim.exceptions import AuthenticationFailed
+from tracim.exceptions import NotificationNotSend
+from tracim.exceptions import UserNotActive
+from tracim.models.context_models import UserInContext
+from tracim.lib.mail_notifier.notifier import get_email_manager
+from tracim.models.context_models import TypeUser
+
+
+class UserApi(object):
+
+    def __init__(
+            self,
+            current_user: typing.Optional[User],
+            session: Session,
+            config: CFG,
+    ) -> None:
+        self._session = session
+        self._user = current_user
+        self._config = config
+
+    def _base_query(self):
+        return self._session.query(User)
+
+    def get_user_with_context(self, user: User) -> UserInContext:
+        """
+        Return UserInContext object from User
+        """
+        user = UserInContext(
+            user=user,
+            dbsession=self._session,
+            config=self._config,
+        )
+        return user
+
+    # Getters
+
+    def get_one(self, user_id: int) -> User:
+        """
+        Get one user by user id
+        """
+        try:
+            user = self._base_query().filter(User.user_id == user_id).one()
+        except NoResultFound as exc:
+            raise UserDoesNotExist('User "{}" not found in database'.format(user_id)) from exc  # nopep8
+        return user
+
+    def get_one_by_email(self, email: str) -> User:
+        """
+        Get one user by email
+        :param email: Email of the user
+        :return: one user
+        """
+        try:
+            user = self._base_query().filter(User.email == email).one()
+        except NoResultFound as exc:
+            raise UserDoesNotExist('User "{}" not found in database'.format(email)) from exc  # nopep8
+        return user
+
+    def get_one_by_public_name(self, public_name: str) -> User:
+        """
+        Get one user by public_name
+        """
+        try:
+            user = self._base_query().filter(User.display_name == public_name).one()
+        except NoResultFound as exc:
+            raise UserDoesNotExist('User "{}" not found in database'.format(public_name)) from exc  # nopep8
+        return user
+    # FIXME - G.M - 24-04-2018 - Duplicate method with get_one.
+
+    def get_one_by_id(self, id: int) -> User:
+        return self.get_one(user_id=id)
+
+    def get_current_user(self) -> User:
+        """
+        Get current_user
+        """
+        if not self._user:
+            raise UserDoesNotExist('There is no current user')
+        return self._user
+
+    def get_all(self) -> typing.Iterable[User]:
+        return self._session.query(User).order_by(User.display_name).all()
+
+    def find(
+            self,
+            user_id: int=None,
+            email: str=None,
+            public_name: str=None
+    ) -> typing.Tuple[TypeUser, User]:
+        """
+        Find existing user from all theses params.
+        Check is made in this order: user_id, email, public_name
+        If no user found raise UserDoesNotExist exception
+        """
+        user = None
+
+        if user_id:
+            try:
+                user = self.get_one(user_id)
+                return TypeUser.USER_ID, user
+            except UserDoesNotExist:
+                pass
+        if email:
+            try:
+                user = self.get_one_by_email(email)
+                return TypeUser.EMAIL, user
+            except UserDoesNotExist:
+                pass
+        if public_name:
+            try:
+                user = self.get_one_by_public_name(public_name)
+                return TypeUser.PUBLIC_NAME, user
+            except UserDoesNotExist:
+                pass
+
+        raise UserDoesNotExist('User not found with any of given params.')
+
+    # Check methods
+
+    def user_with_email_exists(self, email: str) -> bool:
+        try:
+            self.get_one_by_email(email)
+            return True
+        # TODO - G.M - 09-04-2018 - Better exception
+        except:
+            return False
+
+    def authenticate_user(self, email: str, password: str) -> User:
+        """
+        Authenticate user with email and password, raise AuthenticationFailed
+        if uncorrect.
+        :param email: email of the user
+        :param password: cleartext password of the user
+        :return: User who was authenticated.
+        """
+        try:
+            user = self.get_one_by_email(email)
+            if not user.is_active:
+                raise UserNotActive('User "{}" is not active'.format(email))
+            if user.validate_password(password):
+                return user
+            else:
+                raise WrongUserPassword('User "{}" password is incorrect'.format(email))  # nopep8
+        except (WrongUserPassword, UserDoesNotExist) as exc:
+            raise AuthenticationFailed('User "{}" authentication failed'.format(email)) from exc  # nopep8
+
+    # Actions
+    def set_password(
+            self,
+            user: User,
+            loggedin_user_password: str,
+            new_password: str,
+            new_password2: str,
+            do_save: bool=True
+    ):
+        """
+        Set User password if loggedin user password is correct
+        and both new_password are the same.
+        :param user: User who need password changed
+        :param loggedin_user_password: cleartext password of logged user (not
+        same as user)
+        :param new_password: new password for user
+        :param new_password2: should be same as new_password
+        :param do_save: should we save new user password ?
+        :return:
+        """
+        if not self._user:
+            raise NoUserSetted('Current User should be set in UserApi to use this method')  # nopep8
+        if not self._user.validate_password(loggedin_user_password):  # nopep8
+            raise WrongUserPassword(
+                'Wrong password for authenticated user {}'. format(self._user.user_id)  # nopep8
+            )
+        if new_password != new_password2:
+            raise PasswordDoNotMatch('Passwords given are different')
+
+        self.update(
+            user=user,
+            password=new_password,
+            do_save=do_save,
+        )
+        if do_save:
+            # TODO - G.M - 2018-07-24 - Check why commit is needed here
+            transaction.commit()
+        return user
+
+    def set_email(
+            self,
+            user: User,
+            loggedin_user_password: str,
+            email: str,
+            do_save: bool = True
+    ):
+        """
+        Set email address of user if loggedin user password is correct
+        :param user: User who need email changed
+        :param loggedin_user_password: cleartext password of logged user (not
+        same as user)
+        :param email:
+        :param do_save:
+        :return:
+        """
+        if not self._user:
+            raise NoUserSetted('Current User should be set in UserApi to use this method')  # nopep8
+        if not self._user.validate_password(loggedin_user_password):  # nopep8
+            raise WrongUserPassword(
+                'Wrong password for authenticated user {}'. format(self._user.user_id)  # nopep8
+            )
+        self.update(
+            user=user,
+            email=email,
+            do_save=do_save,
+        )
+        return user
+
+    def _check_email(self, email: str) -> bool:
+        # TODO - G.M - 2018-07-05 - find a better way to check email
+        if not email:
+            return False
+        email = email.split('@')
+        if len(email) != 2:
+            return False
+        return True
+
+    def update(
+            self,
+            user: User,
+            name: str=None,
+            email: str=None,
+            password: str=None,
+            timezone: str=None,
+            groups: typing.Optional[typing.List[Group]]=None,
+            do_save=True,
+    ) -> User:
+        if name is not None:
+            user.display_name = name
+
+        if email is not None:
+            email_exist = self._check_email(email)
+            if not email_exist:
+                raise EmailValidationFailed('Email given form {} is uncorrect'.format(email))  # nopep8
+            user.email = email
+
+        if password is not None:
+            user.password = password
+
+        if timezone is not None:
+            user.timezone = timezone
+
+        if groups is not None:
+            # INFO - G.M - 2018-07-18 - Delete old groups
+            for group in user.groups:
+                if group not in groups:
+                    user.groups.remove(group)
+            # INFO - G.M - 2018-07-18 - add new groups
+            for group in groups:
+                if group not in user.groups:
+                    user.groups.append(group)
+
+        if do_save:
+            self.save(user)
+
+        return user
+
+    def create_user(
+        self,
+        email,
+        password: str = None,
+        name: str = None,
+        timezone: str = '',
+        groups=[],
+        do_save: bool=True,
+        do_notify: bool=True,
+    ) -> User:
+        new_user = self.create_minimal_user(email, groups, save_now=False)
+        self.update(
+            user=new_user,
+            name=name,
+            email=email,
+            password=password,
+            timezone=timezone,
+            do_save=False,
+        )
+        if do_notify:
+            try:
+                email_manager = get_email_manager(self._config, self._session)
+                email_manager.notify_created_account(
+                    new_user,
+                    password=password
+                )
+            except SMTPException as e:
+                raise NotificationNotSend()
+        if do_save:
+            self.save(new_user)
+        return new_user
+
+    def create_minimal_user(
+            self,
+            email,
+            groups=[],
+            save_now=False
+    ) -> User:
+        """Previous create_user method"""
+        user = User()
+
+        email_exist = self._check_email(email)
+        if not email_exist:
+            raise EmailValidationFailed('Email given form {} is uncorrect'.format(email))  # nopep8
+        user.email = email
+        user.display_name = email.split('@')[0]
+
+        for group in groups:
+            user.groups.append(group)
+
+        self._session.add(user)
+
+        if save_now:
+            self._session.flush()
+
+        return user
+
+    def enable(self, user: User, do_save=False):
+        user.is_active = True
+        if do_save:
+            self.save(user)
+
+    def disable(self, user:User, do_save=False):
+        user.is_active = False
+        if do_save:
+            self.save(user)
+
+    def save(self, user: User):
+        self._session.flush()
+
+    def execute_created_user_actions(self, created_user: User) -> None:
+        """
+        Execute actions when user just been created
+        :return:
+        """
+        # NOTE: Cyclic import
+        # TODO - G.M - 28-03-2018 - [Calendar] Reenable Calendar stuff
+        #from tracim.lib.calendar import CalendarManager
+        #from tracim.model.organisational import UserCalendar
+
+        # TODO - G.M - 04-04-2018 - [auth]
+        # Check if this is already needed with
+        # new auth system
+        created_user.ensure_auth_token(
+            session=self._session,
+            validity_seconds=self._config.USER_AUTH_TOKEN_VALIDITY
+        )
+
+        # Ensure database is up-to-date
+        self._session.flush()
+        transaction.commit()
+
+        # TODO - G.M - 28-03-2018 - [Calendar] Reenable Calendar stuff
+        # calendar_manager = CalendarManager(created_user)
+        # calendar_manager.create_then_remove_fake_event(
+        #     calendar_class=UserCalendar,
+        #     related_object_id=created_user.user_id,
+        # )

backend/tracim/lib/core/userworkspace.py

@@ -0,0 +1,198 @@
+# -*- coding: utf-8 -*-
+import typing
+
+from tracim import CFG
+from tracim.models.context_models import UserRoleWorkspaceInContext
+from tracim.models.roles import WorkspaceRoles
+
+__author__ = 'damien'
+
+from sqlalchemy.orm import Session
+from sqlalchemy.orm import Query
+from tracim.models.auth import User
+from tracim.models.data import Workspace
+from tracim.models.data import UserRoleInWorkspace
+
+
+class RoleApi(object):
+
+    # TODO - G.M - 29-06-2018 - [Cleanup] Drop this
+    # ALL_ROLE_VALUES = UserRoleInWorkspace.get_all_role_values()
+    # Dict containing readable members roles for given role
+    # members_read_rights = {
+    #     UserRoleInWorkspace.NOT_APPLICABLE: [],
+    #     UserRoleInWorkspace.READER: [
+    #         UserRoleInWorkspace.WORKSPACE_MANAGER,
+    #     ],
+    #     UserRoleInWorkspace.CONTRIBUTOR: [
+    #         UserRoleInWorkspace.WORKSPACE_MANAGER,
+    #         UserRoleInWorkspace.CONTENT_MANAGER,
+    #         UserRoleInWorkspace.CONTRIBUTOR,
+    #     ],
+    #     UserRoleInWorkspace.CONTENT_MANAGER: [
+    #         UserRoleInWorkspace.WORKSPACE_MANAGER,
+    #         UserRoleInWorkspace.CONTENT_MANAGER,
+    #         UserRoleInWorkspace.CONTRIBUTOR,
+    #         UserRoleInWorkspace.READER,
+    #     ],
+    #     UserRoleInWorkspace.WORKSPACE_MANAGER: [
+    #         UserRoleInWorkspace.WORKSPACE_MANAGER,
+    #         UserRoleInWorkspace.CONTENT_MANAGER,
+    #         UserRoleInWorkspace.CONTRIBUTOR,
+    #         UserRoleInWorkspace.READER,
+    #     ],
+    # }
+
+    # TODO - G.M - 29-06-2018 - [Cleanup] Drop this
+    # @classmethod
+    # def role_can_read_member_role(cls, reader_role: int, tested_role: int) \
+    #         -> bool:
+    #     """
+    #     :param reader_role: role as viewer
+    #     :param tested_role: role as viwed
+    #     :return: True if given role can view member role in workspace.
+    #     """
+    #     if reader_role in cls.members_read_rights:
+    #         return tested_role in cls.members_read_rights[reader_role]
+    #     return False
+
+    def get_user_role_workspace_with_context(
+            self,
+            user_role: UserRoleInWorkspace,
+            newly_created:bool = None,
+            email_sent: bool = None,
+    ) -> UserRoleWorkspaceInContext:
+        """
+        Return WorkspaceInContext object from Workspace
+        """
+        assert self._config
+        workspace = UserRoleWorkspaceInContext(
+            user_role=user_role,
+            dbsession=self._session,
+            config=self._config,
+            newly_created=newly_created,
+            email_sent=email_sent,
+        )
+        return workspace
+
+    def __init__(
+        self,
+        session: Session,
+        current_user: typing.Optional[User],
+        config: CFG,
+    )-> None:
+        self._session = session
+        self._user = current_user
+        self._config = config
+
+    def _get_one_rsc(self, user_id: int, workspace_id: int) -> Query:
+        """
+        :param user_id:
+        :param workspace_id:
+        :return: a Query object, filtered query but without fetching the object.
+        """
+        return self._session.query(UserRoleInWorkspace).\
+            filter(UserRoleInWorkspace.workspace_id == workspace_id).\
+            filter(UserRoleInWorkspace.user_id == user_id)
+
+    def get_one(self, user_id: int, workspace_id: int) -> UserRoleInWorkspace:
+        return self._get_one_rsc(user_id, workspace_id).one()
+
+    def update_role(
+        self,
+        role: UserRoleInWorkspace,
+        role_level: int,
+        with_notif: typing.Optional[bool] = None,
+        save_now: bool=False,
+    ):
+        """
+        Update role of user in this workspace
+        :param role: UserRoleInWorkspace object
+        :param role_level: level of new role wanted
+        :param with_notif: is user notification enabled in this workspace ?
+        :param save_now: database flush
+        :return: updated role
+        """
+        role.role = role_level
+        if with_notif is not None:
+            role.do_notify == with_notif
+        if save_now:
+            self.save(role)
+
+        return role
+
+    def create_one(
+        self,
+        user: User,
+        workspace: Workspace,
+        role_level: int,
+        with_notif: bool,
+        flush: bool=True
+    ) -> UserRoleInWorkspace:
+        role = UserRoleInWorkspace()
+        role.user_id = user.user_id
+        role.workspace = workspace
+        role.role = role_level
+        role.do_notify = with_notif
+        if flush:
+            self._session.flush()
+        return role
+
+    def delete_one(self, user_id: int, workspace_id: int, flush=True) -> None:
+        self._get_one_rsc(user_id, workspace_id).delete()
+        if flush:
+            self._session.flush()
+
+    def get_all_for_workspace(
+        self,
+        workspace:Workspace
+    ) -> typing.List[UserRoleInWorkspace]:
+        return self._session.query(UserRoleInWorkspace)\
+            .filter(UserRoleInWorkspace.workspace_id==workspace.workspace_id)\
+            .all()
+
+    def save(self, role: UserRoleInWorkspace) -> None:
+        self._session.flush()
+
+
+    # TODO - G.M - 29-06-2018 - [Cleanup] Drop this
+    # @classmethod
+    # def role_can_read_member_role(cls, reader_role: int, tested_role: int) \
+    #         -> bool:
+    #     """
+    #     :param reader_role: role as viewer
+    #     :param tested_role: role as viwed
+    #     :return: True if given role can view member role in workspace.
+    #     """
+    #     if reader_role in cls.members_read_rights:
+    #         return tested_role in cls.members_read_rights[reader_role]
+    #     return False
+    # def _get_all_for_user(self, user_id) -> typing.List[UserRoleInWorkspace]:
+    #     return self._session.query(UserRoleInWorkspace)\
+    #         .filter(UserRoleInWorkspace.user_id == user_id)
+    #
+    # def get_all_for_user(self, user: User) -> typing.List[UserRoleInWorkspace]:
+    #     return self._get_all_for_user(user.user_id).all()
+    #
+    # def get_all_for_user_order_by_workspace(
+    #     self,
+    #     user_id: int
+    # ) -> typing.List[UserRoleInWorkspace]:
+    #     return self._get_all_for_user(user_id)\
+    #         .join(UserRoleInWorkspace.workspace).order_by(Workspace.label).all()
+
+    # TODO - G.M - 07-06-2018 - [Cleanup] Check if this method is already needed
+    # @classmethod
+    # def get_roles_for_select_field(cls) -> typing.List[RoleType]:
+    #     """
+    #
+    #     :return: list of DictLikeClass instances representing available Roles
+    #     (to be used in select fields)
+    #     """
+    #     result = list()
+    #
+    #     for role_id in UserRoleInWorkspace.get_all_role_values():
+    #         role = RoleType(role_id)
+    #         result.append(role)
+    #
+    #     return result

backend/tracim/lib/core/workspace.py

@@ -0,0 +1,283 @@
+# -*- coding: utf-8 -*-
+import typing
+
+from sqlalchemy.orm import Query
+from sqlalchemy.orm import Session
+
+from tracim import CFG
+from tracim.exceptions import EmptyLabelNotAllowed
+from tracim.lib.utils.translation import fake_translator as _
+
+from tracim.lib.core.userworkspace import RoleApi
+from tracim.models.auth import Group
+from tracim.models.auth import User
+from tracim.models.context_models import WorkspaceInContext
+from tracim.models.data import UserRoleInWorkspace
+from tracim.models.data import Workspace
+
+__author__ = 'damien'
+
+
+class WorkspaceApi(object):
+
+    def __init__(
+            self,
+            session: Session,
+            current_user: User,
+            config: CFG,
+            force_role: bool=False
+    ):
+        """
+        :param current_user: Current user of context
+        :param force_role: If True, app role in queries even if admin
+        """
+        self._session = session
+        self._user = current_user
+        self._config = config
+        self._force_role = force_role
+
+    def _base_query_without_roles(self):
+        return self._session.query(Workspace).filter(Workspace.is_deleted == False)
+
+    def _base_query(self):
+        if not self._force_role and self._user.profile.id>=Group.TIM_ADMIN:
+            return self._base_query_without_roles()
+
+        return self._session.query(Workspace).\
+            join(Workspace.roles).\
+            filter(UserRoleInWorkspace.user_id == self._user.user_id).\
+            filter(Workspace.is_deleted == False)
+
+    def get_workspace_with_context(
+            self,
+            workspace: Workspace
+    ) -> WorkspaceInContext:
+        """
+        Return WorkspaceInContext object from Workspace
+        """
+        workspace = WorkspaceInContext(
+            workspace=workspace,
+            dbsession=self._session,
+            config=self._config,
+        )
+        return workspace
+
+    def create_workspace(
+            self,
+            label: str='',
+            description: str='',
+            calendar_enabled: bool=False,
+            save_now: bool=False,
+    ) -> Workspace:
+        if not label:
+            raise EmptyLabelNotAllowed('Workspace label cannot be empty')
+
+        workspace = Workspace()
+        workspace.label = label
+        workspace.description = description
+        workspace.calendar_enabled = calendar_enabled
+
+        # By default, we force the current user to be the workspace manager
+        # And to receive email notifications
+        role_api = RoleApi(
+            session=self._session,
+            current_user=self._user,
+            config=self._config
+        )
+
+        role = role_api.create_one(
+            self._user,
+            workspace,
+            UserRoleInWorkspace.WORKSPACE_MANAGER,
+            with_notif=True,
+        )
+
+        self._session.add(workspace)
+        self._session.add(role)
+
+        if save_now:
+            self._session.flush()
+
+        # TODO - G.M - 28-03-2018 - [Calendar] Reenable calendar stuff
+        # if calendar_enabled:
+        #     self._ensure_calendar_exist(workspace)
+        # else:
+        #     self._disable_calendar(workspace)
+
+        return workspace
+
+    def update_workspace(
+            self,
+            workspace: Workspace,
+            label: str,
+            description: str,
+            save_now: bool=False,
+    ) -> Workspace:
+        """
+        Update workspace
+        :param workspace: workspace to update
+        :param label: new label of workspace
+        :param description: new description
+        :param save_now: database flush
+        :return: updated workspace
+        """
+        if not label:
+            raise EmptyLabelNotAllowed('Workspace label cannot be empty')
+        workspace.label = label
+        workspace.description = description
+
+        if save_now:
+            self.save(workspace)
+
+        return workspace
+
+    def get_one(self, id):
+        return self._base_query().filter(Workspace.workspace_id == id).one()
+
+    def get_one_by_label(self, label: str) -> Workspace:
+        return self._base_query().filter(Workspace.label == label).one()
+
+    """
+    def get_one_for_current_user(self, id):
+        return self._base_query().filter(Workspace.workspace_id==id).\
+            session.query(ZKContact).filter(ZKContact.groups.any(ZKGroup.id.in_([1,2,3])))
+            filter(sqla.).one()
+    """
+
+    def get_all(self):
+        return self._base_query().all()
+
+    def get_all_for_user(self, user: User, ignored_ids=None):
+        workspaces = []
+
+        for role in user.roles:
+            if not role.workspace.is_deleted:
+                if not ignored_ids:
+                    workspaces.append(role.workspace)
+                elif role.workspace.workspace_id not in ignored_ids:
+                        workspaces.append(role.workspace)
+                else:
+                    pass  # do not return workspace
+
+        workspaces.sort(key=lambda workspace: workspace.label.lower())
+        return workspaces
+
+    def get_all_manageable(self) -> typing.List[Workspace]:
+        """Get all workspaces the current user has manager rights on."""
+        workspaces = []  # type: typing.List[Workspace]
+        if self._user.profile.id == Group.TIM_ADMIN:
+            workspaces = self._base_query().order_by(Workspace.label).all()
+        elif self._user.profile.id == Group.TIM_MANAGER:
+            workspaces = self._base_query() \
+                .filter(
+                    UserRoleInWorkspace.role ==
+                    UserRoleInWorkspace.WORKSPACE_MANAGER
+                ) \
+                .order_by(Workspace.label) \
+                .all()
+        return workspaces
+
+    def disable_notifications(self, user: User, workspace: Workspace):
+        for role in user.roles:
+            if role.workspace==workspace:
+                role.do_notify = False
+
+    def enable_notifications(self, user: User, workspace: Workspace):
+        for role in user.roles:
+            if role.workspace==workspace:
+                role.do_notify = True
+
+    def get_notifiable_roles(self, workspace: Workspace) -> [UserRoleInWorkspace]:
+        roles = []
+        for role in workspace.roles:
+            if role.do_notify==True \
+                    and role.user!=self._user \
+                    and role.user.is_active:
+                roles.append(role)
+        return roles
+
+    def save(self, workspace: Workspace):
+        self._session.flush()
+
+    def delete_one(self, workspace_id, flush=True):
+        workspace = self.get_one(workspace_id)
+        workspace.is_deleted = True
+
+        if flush:
+            self._session.flush()
+
+    def restore_one(self, workspace_id, flush=True):
+        workspace = self._session.query(Workspace)\
+            .filter(Workspace.is_deleted==True)\
+            .filter(Workspace.workspace_id==workspace_id).one()
+        workspace.is_deleted = False
+
+        if flush:
+            self._session.flush()
+
+        return workspace
+
+    def execute_created_workspace_actions(self, workspace: Workspace) -> None:
+        pass
+        # TODO - G.M - 28-03-2018 - [Calendar] Re-enable this calendar stuff
+        # self.ensure_calendar_exist(workspace)
+
+    # TODO - G.M - 28-03-2018 - [Calendar] Re-enable this calendar stuff
+    # def ensure_calendar_exist(self, workspace: Workspace) -> None:
+    #     # Note: Cyclic imports
+    #     from tracim.lib.calendar import CalendarManager
+    #     from tracim.model.organisational import WorkspaceCalendar
+    #
+    #     calendar_manager = CalendarManager(self._user)
+    #
+    #     try:
+    #         calendar_manager.enable_calendar_file(
+    #             calendar_class=WorkspaceCalendar,
+    #             related_object_id=workspace.workspace_id,
+    #             raise_=True,
+    #         )
+    #     # If previous calendar file no exist, calendar must be created
+    #     except FileNotFoundError:
+    #         self._user.ensure_auth_token()
+    #
+    #         # Ensure database is up-to-date
+    #         self.session.flush()
+    #         transaction.commit()
+    #
+    #         calendar_manager.create_then_remove_fake_event(
+    #             calendar_class=WorkspaceCalendar,
+    #             related_object_id=workspace.workspace_id,
+    #         )
+    #
+    # def disable_calendar(self, workspace: Workspace) -> None:
+    #     # Note: Cyclic imports
+    #     from tracim.lib.calendar import CalendarManager
+    #     from tracim.model.organisational import WorkspaceCalendar
+    #
+    #     calendar_manager = CalendarManager(self._user)
+    #     calendar_manager.disable_calendar_file(
+    #         calendar_class=WorkspaceCalendar,
+    #         related_object_id=workspace.workspace_id,
+    #         raise_=False,
+    #     )
+
+    def get_base_query(self) -> Query:
+        return self._base_query()
+
+    def generate_label(self) -> str:
+        """
+        :return: Generated workspace label
+        """
+        query = self._base_query_without_roles() \
+            .filter(Workspace.label.ilike('{0}%'.format(
+                _('Workspace'),
+            )))
+
+        return _('Workspace {}').format(
+            query.count() + 1,
+        )
+
+
+class UnsafeWorkspaceApi(WorkspaceApi):
+    def _base_query(self):
+        return self.session.query(Workspace).filter(Workspace.is_deleted==False)

backend/tracim/lib/mail_notifier/daemon.py

@@ -0,0 +1,61 @@
+from sqlalchemy.orm import collections
+
+from tracim.lib.utils.logger import logger
+from tracim.lib.utils.utils import get_rq_queue
+from tracim.lib.utils.utils import get_redis_connection
+from rq.dummy import do_nothing
+from rq.worker import StopRequested
+from rq import Connection as RQConnection
+from rq import Worker as BaseRQWorker
+
+
+class FakeDaemon(object):
+    """
+    Temporary class for transition between tracim 1 and tracim 2
+    """
+    def __init__(self, config, *args, **kwargs):
+        pass
+
+
+class MailSenderDaemon(FakeDaemon):
+    # NOTE: use *args and **kwargs because parent __init__ use strange
+    # * parameter
+    def __init__(self, config, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.config = config
+        self.worker = None  # type: RQWorker
+
+    def append_thread_callback(self, callback: collections.Callable) -> None:
+        logger.warning('MailSenderDaemon not implement append_thread_callback')
+        pass
+
+    def stop(self) -> None:
+        # When _stop_requested at False, tracim.lib.daemons.RQWorker
+        # will raise StopRequested exception in worker thread after receive a
+        # job.
+        self.worker._stop_requested = True
+        redis_connection = get_redis_connection(self.config)
+        queue = get_rq_queue(redis_connection, 'mail_sender')
+        queue.enqueue(do_nothing)
+
+    def run(self) -> None:
+
+        with RQConnection(get_redis_connection(self.config)):
+            self.worker = RQWorker(['mail_sender'])
+            self.worker.work()
+
+
+class RQWorker(BaseRQWorker):
+    def _install_signal_handlers(self):
+        # RQ Worker is designed to work in main thread
+        # So we have to disable these signals (we implement server stop in
+        # MailSenderDaemon.stop method).
+        pass
+
+    def dequeue_job_and_maintain_ttl(self, timeout):
+        # RQ Worker is designed to work in main thread, so we add behaviour
+        # here: if _stop_requested has been set to True, raise the standard way
+        # StopRequested exception to stop worker.
+        if self._stop_requested:
+            raise StopRequested()
+        return super().dequeue_job_and_maintain_ttl(timeout)

backend/tracim/lib/mail_notifier/notifier.py

@@ -0,0 +1,571 @@
+# -*- coding: utf-8 -*-
+import datetime
+import typing
+
+from email.mime.multipart import MIMEMultipart
+from email.mime.text import MIMEText
+from email.utils import formataddr
+
+from lxml.html.diff import htmldiff
+from mako.template import Template
+from sqlalchemy.orm import Session
+
+from tracim import CFG
+from tracim.lib.core.notifications import INotifier
+from tracim.lib.mail_notifier.sender import EmailSender
+from tracim.lib.mail_notifier.utils import SmtpConfiguration, EST
+from tracim.lib.mail_notifier.sender import send_email_through
+from tracim.lib.core.workspace import WorkspaceApi
+from tracim.lib.utils.logger import logger
+from tracim.models import User
+from tracim.models.auth import User
+from tracim.models.data import ActionDescription
+from tracim.models.data import Content
+from tracim.models.data import ContentType
+from tracim.models.data import UserRoleInWorkspace
+from tracim.lib.utils.translation import fake_translator as l_, \
+    fake_translator as _
+
+
+class EmailNotifier(INotifier):
+    """
+    EmailNotifier, this class will decide how to notify by mail
+    in order to let a EmailManager create email
+    """
+
+    def __init__(
+            self,
+            config: CFG,
+            session: Session,
+            current_user: User=None
+    ):
+        """
+        :param current_user: the user that has triggered the notification
+        :return:
+        """
+        INotifier.__init__(self, config, session, current_user)
+        logger.info(self, 'Instantiating Email Notifier')
+
+        self._user = current_user
+        self.session = session
+        self.config = config
+        self._smtp_config = SmtpConfiguration(
+            self.config.EMAIL_NOTIFICATION_SMTP_SERVER,
+            self.config.EMAIL_NOTIFICATION_SMTP_PORT,
+            self.config.EMAIL_NOTIFICATION_SMTP_USER,
+            self.config.EMAIL_NOTIFICATION_SMTP_PASSWORD
+        )
+
+    def notify_content_update(self, content: Content):
+
+        if content.get_last_action().id not \
+                in self.config.EMAIL_NOTIFICATION_NOTIFIED_EVENTS:
+            logger.info(
+                self,
+                'Skip email notification for update of content {}'
+                'by user {} (the action is {})'.format(
+                    content.content_id,
+                    # below: 0 means "no user"
+                    self._user.user_id if self._user else 0,
+                    content.get_last_action().id
+                )
+            )
+            return
+
+        logger.info(self,
+                    'About to email-notify update'
+                    'of content {} by user {}'.format(
+                        content.content_id,
+                        # Below: 0 means "no user"
+                        self._user.user_id if self._user else 0
+                    )
+        )
+
+        if content.type not \
+                in self.config.EMAIL_NOTIFICATION_NOTIFIED_CONTENTS:
+            logger.info(
+                self,
+                'Skip email notification for update of content {}'
+                'by user {} (the content type is {})'.format(
+                    content.type,
+                    # below: 0 means "no user"
+                    self._user.user_id if self._user else 0,
+                    content.get_last_action().id
+                )
+            )
+            return
+
+        logger.info(self,
+                    'About to email-notify update'
+                    'of content {} by user {}'.format(
+                        content.content_id,
+                        # Below: 0 means "no user"
+                        self._user.user_id if self._user else 0
+                    )
+        )
+
+        ####
+        #
+        # INFO - D.A. - 2014-11-05 - Emails are sent through asynchronous jobs.
+        # For that reason, we do not give SQLAlchemy objects but ids only
+        # (SQLA objects are related to a given thread/session)
+        #
+        try:
+            if self.config.EMAIL_NOTIFICATION_PROCESSING_MODE.lower() == self.config.CST.ASYNC.lower():
+                logger.info(self, 'Sending email in ASYNC mode')
+                # TODO - D.A - 2014-11-06
+                # This feature must be implemented in order to be able to scale to large communities
+                raise NotImplementedError('Sending emails through ASYNC mode is not working yet')
+            else:
+                logger.info(self, 'Sending email in SYNC mode')
+                EmailManager(
+                    self._smtp_config,
+                    self.config,
+                    self.session,
+                ).notify_content_update(self._user.user_id, content.content_id)
+        except TypeError as e:
+            logger.error(self, 'Exception catched during email notification: {}'.format(e.__str__()))
+
+
+class EmailManager(object):
+    """
+    Compared to Notifier, this class is independant from the HTTP request thread
+    This class will build Email and send it for both created account and content
+    update
+    """
+
+    def __init__(
+            self,
+            smtp_config: SmtpConfiguration,
+            config: CFG,
+            session: Session
+    ) -> None:
+        self._smtp_config = smtp_config
+        self.config = config
+        self.session = session
+        # FIXME - G.M - We need to have a session for the emailNotifier
+
+        # if not self.session:
+        #     engine = get_engine(settings)
+        #     session_factory = get_session_factory(engine)
+        #     app_config = CFG(settings)
+
+    def _get_sender(self, user: User=None) -> str:
+        """
+        Return sender string like "Bob Dylan
+            (via Tracim) <notification@mail.com>"
+        :param user: user to extract display name
+        :return: sender string
+        """
+
+        email_template = self.config.EMAIL_NOTIFICATION_FROM_EMAIL
+        mail_sender_name = self.config.EMAIL_NOTIFICATION_FROM_DEFAULT_LABEL  # nopep8
+        if user:
+            mail_sender_name = '{name} via Tracim'.format(name=user.display_name)
+            email_address = email_template.replace('{user_id}', str(user.user_id))
+            # INFO - D.A. - 2017-08-04
+            # We use email_template.replace() instead of .format() because this
+            # method is more robust to errors in config file.
+            #
+            # For example, if the email is info+{userid}@tracim.fr
+            # email.format(user_id='bob') will raise an exception
+            # email.replace('{user_id}', 'bob') will just ignore {userid}
+        else:
+            email_address = email_template.replace('{user_id}', '0')
+
+        return formataddr((mail_sender_name, email_address))
+
+    # Content Notification
+
+    @staticmethod
+    def log_notification(
+            config: CFG,
+            action: str,
+            recipient: typing.Optional[str],
+            subject: typing.Optional[str],
+    ) -> None:
+        """Log notification metadata."""
+        log_path = config.EMAIL_NOTIFICATION_LOG_FILE_PATH
+        if log_path:
+            # TODO - A.P - 2017-09-06 - file logging inefficiency
+            # Updating a document with 100 users to notify will leads to open
+            # and close the file 100 times.
+            with open(log_path, 'a') as log_file:
+                print(
+                    datetime.datetime.now(),
+                    action,
+                    recipient,
+                    subject,
+                    sep='|',
+                    file=log_file,
+                )
+
+    def notify_content_update(
+            self,
+            event_actor_id: int,
+            event_content_id: int
+    ) -> None:
+        """
+        Look for all users to be notified about the new content and send them an
+        individual email
+        :param event_actor_id: id of the user that has triggered the event
+        :param event_content_id: related content_id
+        :return:
+        """
+        # FIXME - D.A. - 2014-11-05
+        # Dirty import. It's here in order to avoid circular import
+        from tracim.lib.core.content import ContentApi
+        from tracim.lib.core.user import UserApi
+        user = UserApi(
+            None,
+            config=self.config,
+            session=self.session,
+            ).get_one(event_actor_id)
+        logger.debug(self, 'Content: {}'.format(event_content_id))
+        content_api = ContentApi(
+            current_user=user,
+            session=self.session,
+            config=self.config,
+            )
+        content = ContentApi(
+            session=self.session,
+            current_user=user, # TODO - use a system user instead of the user that has triggered the event
+            config=self.config,
+            show_archived=True,
+            show_deleted=True,
+        ).get_one(event_content_id, ContentType.Any)
+        main_content = content.parent if content.type == ContentType.Comment else content
+        notifiable_roles = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.config,
+        ).get_notifiable_roles(content.workspace)
+
+        if len(notifiable_roles) <= 0:
+            logger.info(self, 'Skipping notification as nobody subscribed to in workspace {}'.format(content.workspace.label))
+            return
+
+
+        logger.info(self, 'Sending asynchronous emails to {} user(s)'.format(len(notifiable_roles)))
+        # INFO - D.A. - 2014-11-06
+        # The following email sender will send emails in the async task queue
+        # This allow to build all mails through current thread but really send them (including SMTP connection)
+        # In the other thread.
+        #
+        # This way, the webserver will return sooner (actually before notification emails are sent
+        async_email_sender = EmailSender(
+            self.config,
+            self._smtp_config,
+            self.config.EMAIL_NOTIFICATION_ACTIVATED
+        )
+        for role in notifiable_roles:
+            logger.info(self, 'Sending email to {}'.format(role.user.email))
+            to_addr = formataddr((role.user.display_name, role.user.email))
+            #
+            # INFO - G.M - 2017-11-15 - set content_id in header to permit reply
+            # references can have multiple values, but only one in this case.
+            replyto_addr = self.config.EMAIL_NOTIFICATION_REPLY_TO_EMAIL.replace( # nopep8
+                '{content_id}',str(content.content_id)
+            )
+
+            reference_addr = self.config.EMAIL_NOTIFICATION_REFERENCES_EMAIL.replace( #nopep8
+                '{content_id}',str(content.content_id)
+             )
+            #
+            #  INFO - D.A. - 2014-11-06
+            # We do not use .format() here because the subject defined in the .ini file
+            # may not include all required labels. In order to avoid partial format() (which result in an exception)
+            # we do use replace and force the use of .__str__() in order to process LazyString objects
+            #
+            subject = self.config.EMAIL_NOTIFICATION_CONTENT_UPDATE_SUBJECT
+            subject = subject.replace(EST.WEBSITE_TITLE, self.config.WEBSITE_TITLE.__str__())
+            subject = subject.replace(EST.WORKSPACE_LABEL, main_content.workspace.label.__str__())
+            subject = subject.replace(EST.CONTENT_LABEL, main_content.label.__str__())
+            subject = subject.replace(EST.CONTENT_STATUS_LABEL, main_content.get_status().label.__str__())
+            reply_to_label = l_('{username} & all members of {workspace}').format(
+                username=user.display_name,
+                workspace=main_content.workspace.label)
+
+            message = MIMEMultipart('alternative')
+            message['Subject'] = subject
+            message['From'] = self._get_sender(user)
+            message['To'] = to_addr
+            message['Reply-to'] = formataddr((reply_to_label, replyto_addr))
+            # INFO - G.M - 2017-11-15
+            # References can theorically have label, but in pratice, references
+            # contains only message_id from parents post in thread.
+            # To link this email to a content we create a virtual parent
+            # in reference who contain the content_id.
+            message['References'] = formataddr(('',reference_addr))
+            body_text = self._build_email_body_for_content(self.config.EMAIL_NOTIFICATION_CONTENT_UPDATE_TEMPLATE_TEXT, role, content, user)
+            body_html = self._build_email_body_for_content(self.config.EMAIL_NOTIFICATION_CONTENT_UPDATE_TEMPLATE_HTML, role, content, user)
+
+            part1 = MIMEText(body_text, 'plain', 'utf-8')
+            part2 = MIMEText(body_html, 'html', 'utf-8')
+            # Attach parts into message container.
+            # According to RFC 2046, the last part of a multipart message, in this case
+            # the HTML message, is best and preferred.
+            message.attach(part1)
+            message.attach(part2)
+
+            self.log_notification(
+                action='CREATED',
+                recipient=message['To'],
+                subject=message['Subject'],
+                config=self.config,
+            )
+
+            send_email_through(
+                self.config,
+                async_email_sender.send_mail,
+                message
+            )
+
+    def notify_created_account(
+            self,
+            user: User,
+            password: str,
+    ) -> None:
+        """
+        Send created account email to given user.
+
+        :param password: choosed password
+        :param user: user to notify
+        """
+        # TODO BS 20160712: Cyclic import
+        logger.debug(self, 'user: {}'.format(user.user_id))
+        logger.info(self, 'Sending asynchronous email to 1 user ({0})'.format(
+            user.email,
+        ))
+
+        async_email_sender = EmailSender(
+            self.config,
+            self._smtp_config,
+            self.config.EMAIL_NOTIFICATION_ACTIVATED
+        )
+
+        subject = \
+            self.config.EMAIL_NOTIFICATION_CREATED_ACCOUNT_SUBJECT \
+            .replace(
+                EST.WEBSITE_TITLE,
+                self.config.WEBSITE_TITLE.__str__()
+            )
+        message = MIMEMultipart('alternative')
+        message['Subject'] = subject
+        message['From'] = self._get_sender()
+        message['To'] = formataddr((user.get_display_name(), user.email))
+
+        text_template_file_path = self.config.EMAIL_NOTIFICATION_CREATED_ACCOUNT_TEMPLATE_TEXT  # nopep8
+        html_template_file_path = self.config.EMAIL_NOTIFICATION_CREATED_ACCOUNT_TEMPLATE_HTML  # nopep8
+
+        context = {
+            'user': user,
+            'password': password,
+            # TODO - G.M - 11-06-2018 - [emailTemplateURL] correct value for logo_url  # nopep8
+            'logo_url': '',
+            # TODO - G.M - 11-06-2018 - [emailTemplateURL] correct value for login_url  # nopep8
+            'login_url': self.config.WEBSITE_BASE_URL,
+        }
+        body_text = self._render_template(
+            mako_template_filepath=text_template_file_path,
+            context=context
+        )
+
+        body_html = self._render_template(
+            mako_template_filepath=html_template_file_path,
+            context=context,
+        )
+
+        part1 = MIMEText(body_text, 'plain', 'utf-8')
+        part2 = MIMEText(body_html, 'html', 'utf-8')
+
+        # Attach parts into message container.
+        # According to RFC 2046, the last part of a multipart message,
+        # in this case the HTML message, is best and preferred.
+        message.attach(part1)
+        message.attach(part2)
+
+        send_email_through(
+            config=self.config,
+            sendmail_callable=async_email_sender.send_mail,
+            message=message
+        )
+
+    def _render_template(
+            self,
+            mako_template_filepath: str,
+            context: dict
+    ) -> str:
+        """
+        Render mako template with all needed current variables.
+
+        :param mako_template_filepath: file path of mako template
+        :param context: dict with template context
+        :return: template rendered string
+        """
+
+        template = Template(filename=mako_template_filepath)
+        return template.render(
+            _=_,
+            config=self.config,
+            **context
+        )
+
+    def _build_email_body_for_content(
+            self,
+            mako_template_filepath: str,
+            role: UserRoleInWorkspace,
+            content: Content,
+            actor: User
+    ) -> str:
+        """
+        Build an email body and return it as a string
+        :param mako_template_filepath: the absolute path to the mako template to be used for email body building
+        :param role: the role related to user to whom the email must be sent. The role is required (and not the user only) in order to show in the mail why the user receive the notification
+        :param content: the content item related to the notification
+        :param actor: the user at the origin of the action / notification (for example the one who wrote a comment
+        :param config: the global configuration
+        :return: the built email body as string. In case of multipart email, this method must be called one time for text and one time for html
+        """
+        logger.debug(self, 'Building email content from MAKO template {}'.format(mako_template_filepath))
+
+        main_title = content.label
+        content_intro = ''
+        content_text = ''
+        call_to_action_text = ''
+
+        # TODO - G.M - 11-06-2018 - [emailTemplateURL] correct value for call_to_action_url  # nopep8
+        call_to_action_url =''
+        # TODO - G.M - 11-06-2018 - [emailTemplateURL] correct value for status_icon_url  # nopep8
+        status_icon_url = ''
+        # TODO - G.M - 11-06-2018 - [emailTemplateURL] correct value for workspace_url  # nopep8
+        workspace_url = ''
+        # TODO - G.M - 11-06-2018 - [emailTemplateURL] correct value for logo_url  # nopep8
+        logo_url = ''
+
+        action = content.get_last_action().id
+        if ActionDescription.COMMENT == action:
+            content_intro = l_('<span id="content-intro-username">{}</span> added a comment:').format(actor.display_name)
+            content_text = content.description
+            call_to_action_text = l_('Answer')
+
+        elif ActionDescription.CREATION == action:
+
+            # Default values (if not overriden)
+            content_text = content.description
+            call_to_action_text = l_('View online')
+
+            if ContentType.Thread == content.type:
+                call_to_action_text = l_('Answer')
+                content_intro = l_('<span id="content-intro-username">{}</span> started a thread entitled:').format(actor.display_name)
+                content_text = '<p id="content-body-intro">{}</p>'.format(content.label) + \
+                               content.get_last_comment_from(actor).description
+
+            elif ContentType.File == content.type:
+                content_intro = l_('<span id="content-intro-username">{}</span> added a file entitled:').format(actor.display_name)
+                if content.description:
+                    content_text = content.description
+                else:
+                    content_text = '<span id="content-body-only-title">{}</span>'.format(content.label)
+
+            elif ContentType.Page == content.type:
+                content_intro = l_('<span id="content-intro-username">{}</span> added a page entitled:').format(actor.display_name)
+                content_text = '<span id="content-body-only-title">{}</span>'.format(content.label)
+
+        elif ActionDescription.REVISION == action:
+            content_text = content.description
+            call_to_action_text = l_('View online')
+
+            if ContentType.File == content.type:
+                content_intro = l_('<span id="content-intro-username">{}</span> uploaded a new revision.').format(actor.display_name)
+                content_text = ''
+
+            elif ContentType.Page == content.type:
+                content_intro = l_('<span id="content-intro-username">{}</span> updated this page.').format(actor.display_name)
+                previous_revision = content.get_previous_revision()
+                title_diff = ''
+                if previous_revision.label != content.label:
+                    title_diff = htmldiff(previous_revision.label, content.label)
+                content_text = str(l_('<p id="content-body-intro">Here is an overview of the changes:</p>'))+ \
+                    title_diff + \
+                    htmldiff(previous_revision.description, content.description)
+
+            elif ContentType.Thread == content.type:
+                content_intro = l_('<span id="content-intro-username">{}</span> updated the thread description.').format(actor.display_name)
+                previous_revision = content.get_previous_revision()
+                title_diff = ''
+                if previous_revision.label != content.label:
+                    title_diff = htmldiff(previous_revision.label, content.label)
+                content_text = str(l_('<p id="content-body-intro">Here is an overview of the changes:</p>'))+ \
+                    title_diff + \
+                    htmldiff(previous_revision.description, content.description)
+
+        elif ActionDescription.EDITION == action:
+            call_to_action_text = l_('View online')
+
+            if ContentType.File == content.type:
+                content_intro = l_('<span id="content-intro-username">{}</span> updated the file description.').format(actor.display_name)
+                content_text = '<p id="content-body-intro">{}</p>'.format(content.get_label()) + \
+                    content.description
+
+        elif ActionDescription.STATUS_UPDATE == action:
+            call_to_action_text = l_('View online')
+            intro_user_msg = l_(
+                '<span id="content-intro-username">{}</span> '
+                'updated the following status:'
+            )
+            content_intro = intro_user_msg.format(actor.display_name)
+            intro_body_msg = '<p id="content-body-intro">{}: {}</p>'
+            content_text = intro_body_msg.format(
+                content.get_label(),
+                content.get_status().label,
+            )
+
+        if '' == content_intro and content_text == '':
+            # Skip notification, but it's not normal
+            logger.error(
+                self, 'A notification is being sent but no content. '
+                      'Here are some debug informations: [content_id: {cid}]'
+                      '[action: {act}][author: {actor}]'.format(
+                    cid=content.content_id, act=action, actor=actor
+                )
+            )
+            raise ValueError('Unexpected empty notification')
+
+        context = {
+            'user': role.user,
+            'workspace': role.workspace,
+            'workspace_url': workspace_url,
+            'main_title': main_title,
+            'status_label': content.get_status().label,
+            'status_icon_url': status_icon_url,
+            'role_label': role.role_as_label(),
+            'content_intro': content_intro,
+            'content_text': content_text,
+            'call_to_action_text': call_to_action_text,
+            'call_to_action_url': call_to_action_url,
+            'logo_url': logo_url,
+        }
+        user = role.user
+        workspace = role.workspace
+        body_content = self._render_template(
+            mako_template_filepath=mako_template_filepath,
+            context=context,
+        )
+        return body_content
+
+
+def get_email_manager(config: CFG, session: Session):
+    """
+    :return: EmailManager instance
+    """
+    #  TODO: Find a way to import properly without cyclic import
+
+    smtp_config = SmtpConfiguration(
+        config.EMAIL_NOTIFICATION_SMTP_SERVER,
+        config.EMAIL_NOTIFICATION_SMTP_PORT,
+        config.EMAIL_NOTIFICATION_SMTP_USER,
+        config.EMAIL_NOTIFICATION_SMTP_PASSWORD
+    )
+
+    return EmailManager(config=config, smtp_config=smtp_config, session=session)

backend/tracim/lib/mail_notifier/sender.py

@@ -0,0 +1,114 @@
+# -*- coding: utf-8 -*-
+import smtplib
+import typing
+from email.message import Message
+from email.mime.multipart import MIMEMultipart
+
+from tracim.config import CFG
+from tracim.lib.utils.logger import logger
+from tracim.lib.utils.utils import get_rq_queue
+from tracim.lib.utils.utils import get_redis_connection
+from tracim.lib.mail_notifier.utils import SmtpConfiguration
+
+def send_email_through(
+        config: CFG,
+        sendmail_callable: typing.Callable[[Message], None],
+        message: Message,
+) -> None:
+    """
+    Send mail encapsulation to send it in async or sync mode.
+
+    TODO BS 20170126: A global mail/sender management should be a good
+                      thing. Actually, this method is an fast solution.
+    :param config: system configuration
+    :param sendmail_callable: A callable who get message on first parameter
+    :param message: The message who have to be sent
+    """
+
+    if config.EMAIL_PROCESSING_MODE == config.CST.SYNC:
+        sendmail_callable(message)
+    elif config.EMAIL_PROCESSING_MODE == config.CST.ASYNC:
+        redis_connection = get_redis_connection(config)
+        queue = get_rq_queue(redis_connection, 'mail_sender')
+        queue.enqueue(sendmail_callable, message)
+    else:
+        raise NotImplementedError(
+            'Mail sender processing mode {} is not implemented'.format(
+                config.EMAIL_PROCESSING_MODE,
+            )
+        )
+
+
+class EmailSender(object):
+    """
+    Independent email sender class.
+
+    To allow its use in any thread, as an asyncjob_perform() call for
+    example, it has no dependencies on SQLAlchemy nor tg HTTP request.
+    """
+
+    def __init__(
+            self,
+            config: CFG,
+            smtp_config: SmtpConfiguration,
+            really_send_messages
+    ) -> None:
+        self._smtp_config = smtp_config
+        self.config = config
+        self._smtp_connection = None
+        self._is_active = really_send_messages
+
+    def connect(self):
+        if not self._smtp_connection:
+            log = 'Connecting from SMTP server {}'
+            logger.info(self, log.format(self._smtp_config.server))
+            self._smtp_connection = smtplib.SMTP(
+                self._smtp_config.server,
+                self._smtp_config.port
+            )
+            self._smtp_connection.ehlo()
+
+            if self._smtp_config.login:
+                try:
+                    starttls_result = self._smtp_connection.starttls()
+                    log = 'SMTP start TLS result: {}'
+                    logger.debug(self, log.format(starttls_result))
+                except Exception as e:
+                    log = 'SMTP start TLS error: {}'
+                    logger.debug(self, log.format(e.__str__()))
+
+            if self._smtp_config.login:
+                try:
+                    login_res = self._smtp_connection.login(
+                        self._smtp_config.login,
+                        self._smtp_config.password
+                    )
+                    log = 'SMTP login result: {}'
+                    logger.debug(self, log.format(login_res))
+                except Exception as e:
+                    log = 'SMTP login error: {}'
+                    logger.debug(self, log.format(e.__str__()))
+            logger.info(self, 'Connection OK')
+
+    def disconnect(self):
+        if self._smtp_connection:
+            log = 'Disconnecting from SMTP server {}'
+            logger.info(self, log.format(self._smtp_config.server))
+            self._smtp_connection.quit()
+            logger.info(self, 'Connection closed.')
+
+    def send_mail(self, message: MIMEMultipart):
+        if not self._is_active:
+            log = 'Not sending email to {} (service disabled)'
+            logger.info(self, log.format(message['To']))
+        else:
+            self.connect()  # Actually, this connects to SMTP only if required
+            logger.info(self, 'Sending email to {}'.format(message['To']))
+            self._smtp_connection.send_message(message)
+            from tracim.lib.mail_notifier.notifier import EmailManager
+            EmailManager.log_notification(
+                action='   SENT',
+                recipient=message['To'],
+                subject=message['Subject'],
+                config=self.config,
+            )

backend/tracim/lib/mail_notifier/utils.py

@@ -0,0 +1,33 @@
+class SmtpConfiguration(object):
+    """Container class for SMTP configuration used in Tracim."""
+
+    def __init__(self, server: str, port: int, login: str, password: str):
+        self.server = server
+        self.port = port
+        self.login = login
+        self.password = password
+
+
+class EST(object):
+    """
+    EST = Email Subject Tags - this is a convenient class - no business logic
+    here
+    This class is intended to agregate all dynamic content that may be included
+    in email subjects
+    """
+
+    WEBSITE_TITLE = '{website_title}'
+    WORKSPACE_LABEL = '{workspace_label}'
+    CONTENT_LABEL = '{content_label}'
+    CONTENT_STATUS_LABEL = '{content_status_label}'
+
+    @classmethod
+    def all(cls):
+        return [
+            cls.CONTENT_LABEL,
+            cls.CONTENT_STATUS_LABEL,
+            cls.WEBSITE_TITLE,
+            cls.WORKSPACE_LABEL
+        ]
+
+

backend/tracim/lib/utils/__init__.py

@@ -0,0 +1 @@
+# coding=utf-8

backend/tracim/lib/utils/authentification.py

@@ -0,0 +1,57 @@
+import typing
+
+from pyramid.request import Request
+from sqlalchemy.orm.exc import NoResultFound
+
+from tracim import TracimRequest
+from tracim.exceptions import UserDoesNotExist
+from tracim.lib.core.user import UserApi
+from tracim.models import User
+
+BASIC_AUTH_WEBUI_REALM = "tracim"
+
+
+###
+# Pyramid HTTP Basic Auth
+###
+
+def basic_auth_check_credentials(
+        login: str,
+        cleartext_password: str,
+        request: TracimRequest
+) -> typing.Optional[list]:
+    """
+    Check credential for pyramid basic_auth
+    :param login: login of user
+    :param cleartext_password: user password in cleartext
+    :param request: Pyramid request
+    :return: None if auth failed, list of permissions if auth succeed
+    """
+
+    # Do not accept invalid user
+    user = _get_basic_auth_unsafe_user(request)
+    if not user \
+            or user.email != login \
+            or not user.is_active \
+            or not user.validate_password(cleartext_password):
+        return None
+    return []
+
+
+def _get_basic_auth_unsafe_user(
+    request: Request,
+) -> typing.Optional[User]:
+    """
+    :param request: pyramid request
+    :return: User or None
+    """
+    app_config = request.registry.settings['CFG']
+    uapi = UserApi(None, session=request.dbsession, config=app_config)
+    try:
+        login = request.unauthenticated_userid
+        if not login:
+            return None
+        user = uapi.get_one_by_email(login)
+    except UserDoesNotExist:
+        return None
+    return user

backend/tracim/lib/utils/authorization.py

@@ -0,0 +1,185 @@
+# -*- coding: utf-8 -*-
+import typing
+from typing import TYPE_CHECKING
+import functools
+from pyramid.interfaces import IAuthorizationPolicy
+from zope.interface import implementer
+
+from tracim.models.contents import NewContentType
+from tracim.models.context_models import ContentInContext
+
+try:
+    from json.decoder import JSONDecodeError
+except ImportError:  # python3.4
+    JSONDecodeError = ValueError
+
+from tracim.models.contents import ContentTypeLegacy as ContentType
+from tracim.exceptions import InsufficientUserRoleInWorkspace
+from tracim.exceptions import ContentTypeNotAllowed
+from tracim.exceptions import InsufficientUserProfile
+if TYPE_CHECKING:
+    from tracim import TracimRequest
+###
+# Pyramid default permission/authorization mecanism
+
+# INFO - G.M - 12-04-2018 - Setiing a Default permission on view is
+#  needed to activate AuthentificationPolicy and
+# AuthorizationPolicy on pyramid request
+TRACIM_DEFAULT_PERM = 'tracim'
+
+
+@implementer(IAuthorizationPolicy)
+class AcceptAllAuthorizationPolicy(object):
+    """
+    Empty AuthorizationPolicy : Allow all request. As Pyramid need
+    a Authorization policy when we use AuthentificationPolicy, this
+    class permit use to disable pyramid authorization mecanism with
+    working a AuthentificationPolicy.
+    """
+    def permits(self, context, principals, permision):
+        return True
+
+    def principals_allowed_by_permission(self, context, permission):
+        raise NotImplementedError()
+
+###
+# Authorization decorators for views
+
+# INFO - G.M - 12-04-2018
+# Instead of relying on pyramid authorization mecanism
+# We prefer to use decorators
+
+
+def require_same_user_or_profile(group: int) -> typing.Callable:
+    """
+    Decorator for view to restrict access of tracim request if candidate user
+    is distinct from authenticated user and not with high enough profile.
+    :param group: value from Group Object
+    like Group.TIM_USER or Group.TIM_MANAGER
+    :return:
+    """
+    def decorator(func: typing.Callable) -> typing.Callable:
+        @functools.wraps(func)
+        def wrapper(self, context, request: 'TracimRequest') -> typing.Callable:
+            auth_user = request.current_user
+            candidate_user = request.candidate_user
+            if auth_user.user_id == candidate_user.user_id or \
+                    auth_user.profile.id >= group:
+                return func(self, context, request)
+            raise InsufficientUserProfile()
+        return wrapper
+    return decorator
+
+
+def require_profile(group: int) -> typing.Callable:
+    """
+    Decorator for view to restrict access of tracim request if profile is
+    not high enough
+    :param group: value from Group Object
+    like Group.TIM_USER or Group.TIM_MANAGER
+    :return:
+    """
+    def decorator(func: typing.Callable) -> typing.Callable:
+        @functools.wraps(func)
+        def wrapper(self, context, request: 'TracimRequest') -> typing.Callable:
+            user = request.current_user
+            if user.profile.id >= group:
+                return func(self, context, request)
+            raise InsufficientUserProfile()
+        return wrapper
+    return decorator
+
+
+def require_workspace_role(minimal_required_role: int) -> typing.Callable:
+    """
+    Restricts access to endpoint to minimal role or raise an exception.
+    Check role for current_workspace.
+    :param minimal_required_role: value from UserInWorkspace Object like
+    UserRoleInWorkspace.CONTRIBUTOR or UserRoleInWorkspace.READER
+    :return: decorator
+    """
+    def decorator(func: typing.Callable) -> typing.Callable:
+        @functools.wraps(func)
+        def wrapper(self, context, request: 'TracimRequest') -> typing.Callable:
+            user = request.current_user
+            workspace = request.current_workspace
+            if workspace.get_user_role(user) >= minimal_required_role:
+                return func(self, context, request)
+            raise InsufficientUserRoleInWorkspace()
+
+        return wrapper
+    return decorator
+
+
+def require_candidate_workspace_role(minimal_required_role: int) -> typing.Callable:  # nopep8
+    """
+    Restricts access to endpoint to minimal role or raise an exception.
+    Check role for candidate_workspace.
+    :param minimal_required_role: value from UserInWorkspace Object like
+    UserRoleInWorkspace.CONTRIBUTOR or UserRoleInWorkspace.READER
+    :return: decorator
+    """
+    def decorator(func: typing.Callable) -> typing.Callable:
+
+        def wrapper(self, context, request: 'TracimRequest') -> typing.Callable:
+            user = request.current_user
+            workspace = request.candidate_workspace
+
+            if workspace.get_user_role(user) >= minimal_required_role:
+                return func(self, context, request)
+            raise InsufficientUserRoleInWorkspace()
+
+        return wrapper
+    return decorator
+
+
+def require_content_types(content_types: typing.List['NewContentType']) -> typing.Callable:  # nopep8
+    """
+    Restricts access to specific file type or raise an exception.
+    Check role for candidate_workspace.
+    :param content_types: list of NewContentType object
+    :return: decorator
+    """
+    def decorator(func: typing.Callable) -> typing.Callable:
+        @functools.wraps(func)
+        def wrapper(self, context, request: 'TracimRequest') -> typing.Callable:
+            content = request.current_content
+            current_content_type_slug = ContentType(content.type).slug
+            content_types_slug = [content_type.slug for content_type in content_types]  # nopep8
+            if current_content_type_slug in content_types_slug:
+                return func(self, context, request)
+            raise ContentTypeNotAllowed()
+        return wrapper
+    return decorator
+
+
+def require_comment_ownership_or_role(
+        minimal_required_role_for_owner: int,
+        minimal_required_role_for_anyone: int,
+) -> typing.Callable:
+    """
+    Decorator for view to restrict access of tracim request if role is
+    not high enough and user is not owner of the current_content
+    :param minimal_required_role_for_owner: minimal role for owner
+    of current_content to access to this view
+    :param minimal_required_role_for_anyone: minimal role for anyone to
+    access to this view.
+    :return:
+    """
+    def decorator(func: typing.Callable) -> typing.Callable:
+        @functools.wraps(func)
+        def wrapper(self, context, request: 'TracimRequest') -> typing.Callable:
+            user = request.current_user
+            workspace = request.current_workspace
+            comment = request.current_comment
+            # INFO - G.M - 2018-06-178 - find minimal role required
+            if comment.owner.user_id == user.user_id:
+                minimal_required_role = minimal_required_role_for_owner
+            else:
+                minimal_required_role = minimal_required_role_for_anyone
+            # INFO - G.M - 2018-06-178 - normal role test
+            if workspace.get_user_role(user) >= minimal_required_role:
+                return func(self, context, request)
+            raise InsufficientUserRoleInWorkspace()
+        return wrapper
+    return decorator

backend/tracim/lib/utils/cors.py

@@ -0,0 +1,77 @@
+# -*- coding: utf-8 -*-
+# INFO - G.M -17-05-2018 - CORS support
+# original code from https://gist.github.com/mmerickel/1afaf64154b335b596e4
+# see also
+# here : https://groups.google.com/forum/#!topic/pylons-discuss/2Sw4OkOnZcE
+from pyramid.events import NewResponse
+
+
+def add_cors_support(config):
+    # INFO - G.M - 17-05-2018 - CORS Preflight stuff (special requests)
+    config.add_directive(
+        'add_cors_preflight_handler',
+        add_cors_preflight_handler
+    )
+    config.add_route_predicate('cors_preflight', CorsPreflightPredicate)
+
+    # INFO - G.M - 17-05-2018 CORS Headers for all responses
+    config.add_subscriber(add_cors_to_response, NewResponse)
+
+
+class CorsPreflightPredicate(object):
+    def __init__(self, val, config):
+        self.val = val
+
+    def text(self):
+        return 'cors_preflight = %s' % bool(self.val)
+
+    phash = text
+
+    def __call__(self, context, request):
+        if not self.val:
+            return False
+        return (
+            request.method == 'OPTIONS' and
+            'Origin' in request.headers and
+            'Access-Control-Request-Method' in request.headers
+        )
+
+
+def add_cors_preflight_handler(config):
+    # INFO - G.M - 17-05-2018 - Add route for CORS preflight
+    # see https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
+    # for more info about preflight
+
+    config.add_route(
+        'cors-options-preflight', '/{catch_all:.*}',
+        cors_preflight=True,
+    )
+    config.add_view(
+        cors_options_view,
+        route_name='cors-options-preflight',
+    )
+
+
+def cors_options_view(context, request):
+    response = request.response
+    if 'Access-Control-Request-Headers' in request.headers:
+        response.headers['Access-Control-Allow-Methods'] = (
+            'OPTIONS,HEAD,GET,POST,PUT,DELETE'
+        )
+    response.headers['Access-Control-Allow-Headers'] = (
+        'Content-Type,Accept,Accept-Language,Authorization,X-Request-ID'
+    )
+    return response
+
+
+def add_cors_to_response(event):
+    # INFO - G.M - 17-05-2018 - Add some CORS headers to all requests
+    request = event.request
+    response = event.response
+    if 'Origin' in request.headers:
+        response.headers['Access-Control-Expose-Headers'] = (
+            'Content-Type,Date,Content-Length,Authorization,X-Request-ID'
+        )
+        # TODO - G.M - 17-05-2018 - Allow to configure this header in config
+        response.headers['Access-Control-Allow-Origin'] = '*'
+        response.headers['Access-Control-Allow-Credentials'] = 'true'

backend/tracim/lib/utils/logger.py

@@ -0,0 +1,47 @@
+# -*- coding: utf-8 -*-
+import logging
+
+
+class Logger(object):
+    """
+    Global logger
+    """
+    TPL = '[{cls}] {msg}'
+
+    def __init__(self, logger_name):
+        self._name = logger_name
+        self._logger = logging.getLogger(self._name)
+
+    @classmethod
+    def _txt(cls, instance_or_class):
+        if instance_or_class.__class__.__name__ in ('function', 'type'):
+            return instance_or_class.__name__
+        else:
+            return instance_or_class.__class__.__name__
+
+    def debug(self, instance_or_class, message):
+        self._logger.debug(
+            Logger.TPL.format(cls=self._txt(instance_or_class), msg=message)
+        )
+
+    def error(self, instance_or_class, message, exc_info=0):
+        self._logger.error(
+            Logger.TPL.format(
+                cls=self._txt(instance_or_class),
+                msg=message,
+                exc_info=exc_info
+            )
+        )
+
+    def info(self, instance_or_class, message):
+        self._logger.info(
+            Logger.TPL.format(cls=self._txt(instance_or_class), msg=message)
+        )
+
+    def warning(self, instance_or_class, message):
+        self._logger.warning(
+            Logger.TPL.format(cls=self._txt(instance_or_class), msg=message)
+        )
+
+
+logger = Logger('tracim')

backend/tracim/lib/utils/request.py

@@ -0,0 +1,399 @@
+# -*- coding: utf-8 -*-
+from pyramid.request import Request
+from sqlalchemy.orm.exc import NoResultFound
+
+from tracim.exceptions import NotAuthenticated
+from tracim.exceptions import UserNotActive
+from tracim.exceptions import ContentNotFound
+from tracim.exceptions import InvalidUserId
+from tracim.exceptions import InvalidWorkspaceId
+from tracim.exceptions import InvalidContentId
+from tracim.exceptions import InvalidCommentId
+from tracim.exceptions import ContentNotFoundInTracimRequest
+from tracim.exceptions import WorkspaceNotFoundInTracimRequest
+from tracim.exceptions import UserNotFoundInTracimRequest
+from tracim.exceptions import UserDoesNotExist
+from tracim.exceptions import WorkspaceNotFound
+from tracim.exceptions import ImmutableAttribute
+from tracim.models.contents import ContentTypeLegacy as ContentType
+from tracim.lib.core.content import ContentApi
+from tracim.lib.core.user import UserApi
+from tracim.lib.core.workspace import WorkspaceApi
+from tracim.lib.utils.authorization import JSONDecodeError
+
+from tracim.models import User
+from tracim.models.data import Workspace
+from tracim.models.data import Content
+
+
+class TracimRequest(Request):
+    """
+    Request with tracim specific params/methods
+    """
+    def __init__(
+            self,
+            environ,
+            charset=None,
+            unicode_errors=None,
+            decode_param_names=None,
+            **kw
+    ):
+        super().__init__(
+            environ,
+            charset,
+            unicode_errors,
+            decode_param_names,
+            **kw
+        )
+        # Current comment, found in request path
+        self._current_comment = None  # type: Content
+
+        # Current content, found in request path
+        self._current_content = None  # type: Content
+
+        # Current workspace, found in request path
+        self._current_workspace = None  # type: Workspace
+
+        # Candidate workspace found in request body
+        self._candidate_workspace = None  # type: Workspace
+
+        # Authenticated user
+        self._current_user = None  # type: User
+
+        # User found from request headers, content, distinct from authenticated
+        # user
+        self._candidate_user = None  # type: User
+
+        # INFO - G.M - 18-05-2018 - Close db at the end of the request
+        self.add_finished_callback(self._cleanup)
+
+    @property
+    def current_workspace(self) -> Workspace:
+        """
+        Get current workspace of the request according to authentification and
+        request headers (to retrieve workspace). Setted by default value the
+        first time if not configured.
+        :return: Workspace of the request
+        """
+        if self._current_workspace is None:
+            self._current_workspace = self._get_current_workspace(self.current_user, self)   # nopep8
+        return self._current_workspace
+
+    @current_workspace.setter
+    def current_workspace(self, workspace: Workspace) -> None:
+        """
+        Setting current_workspace
+        :param workspace:
+        :return:
+        """
+        if self._current_workspace is not None:
+            raise ImmutableAttribute(
+                "Can't modify already setted current_workspace"
+            )
+        self._current_workspace = workspace
+
+    @property
+    def current_user(self) -> User:
+        """
+        Get user from authentication mecanism.
+        """
+        if self._current_user is None:
+            self.current_user = self._get_auth_safe_user(self)
+        return self._current_user
+
+    @current_user.setter
+    def current_user(self, user: User) -> None:
+        if self._current_user is not None:
+            raise ImmutableAttribute(
+                "Can't modify already setted current_user"
+            )
+        self._current_user = user
+
+    @property
+    def current_content(self) -> Content:
+        """
+        Get current  content from path
+        """
+        if self._current_content is None:
+            self._current_content = self._get_current_content(
+                self.current_user,
+                self.current_workspace,
+                self
+                )
+        return self._current_content
+
+    @current_content.setter
+    def current_content(self, content: Content) -> None:
+        if self._current_content is not None:
+            raise ImmutableAttribute(
+                "Can't modify already setted current_content"
+            )
+        self._current_content = content
+
+    @property
+    def current_comment(self) -> Content:
+        """
+        Get current comment from path
+        """
+        if self._current_comment is None:
+            self._current_comment = self._get_current_comment(
+                self.current_user,
+                self.current_workspace,
+                self.current_content,
+                self
+                )
+        return self._current_comment
+
+    @current_comment.setter
+    def current_comment(self, content: Content) -> None:
+        if self._current_comment is not None:
+            raise ImmutableAttribute(
+                "Can't modify already setted current_content"
+            )
+        self._current_comment = content
+    # TODO - G.M - 24-05-2018 - Find a better naming for this ?
+
+    @property
+    def candidate_user(self) -> User:
+        """
+        Get user from headers/body request. This user is not
+        the one found by authentication mecanism. This user
+        can help user to know about who one page is about in
+        a similar way as current_workspace.
+        """
+        if self._candidate_user is None:
+            self.candidate_user = self._get_candidate_user(self)
+        return self._candidate_user
+
+    @property
+    def candidate_workspace(self) -> Workspace:
+        """
+        Get workspace from headers/body request. This workspace is not
+        the one found from path. Its the one from json body.
+        """
+        if self._candidate_workspace is None:
+            self._candidate_workspace = self._get_candidate_workspace(
+                self.current_user,
+                self
+            )
+        return self._candidate_workspace
+
+    def _cleanup(self, request: 'TracimRequest') -> None:
+        """
+        Close dbsession at the end of the request in order to avoid exception
+        about not properly closed session or "object created in another thread"
+        issue
+        see https://github.com/tracim/tracim_backend/issues/62
+        :param request: same as self, request
+        :return: nothing.
+        """
+        self._current_user = None
+        self._current_workspace = None
+        self.dbsession.close()
+
+    @candidate_user.setter
+    def candidate_user(self, user: User) -> None:
+        if self._candidate_user is not None:
+            raise ImmutableAttribute(
+                "Can't modify already setted candidate_user"
+            )
+        self._candidate_user = user
+
+    ###
+    # Utils for TracimRequest
+    ###
+    def _get_current_comment(
+            self,
+            user: User,
+            workspace: Workspace,
+            content: Content,
+            request: 'TracimRequest'
+    ) -> Content:
+        """
+        Get current content from request
+        :param user: User who want to check the workspace
+        :param workspace: Workspace of the content
+        :param content: comment is related to this content
+        :param request: pyramid request
+        :return: current content
+        """
+        comment_id = ''
+        try:
+            if 'comment_id' in request.matchdict:
+                comment_id_str = request.matchdict['content_id']
+                if not isinstance(comment_id_str, str) or not comment_id_str.isdecimal():  # nopep8
+                    raise InvalidCommentId('comment_id is not a correct integer')  # nopep8
+                comment_id = int(request.matchdict['comment_id'])
+            if not comment_id:
+                raise ContentNotFoundInTracimRequest('No comment_id property found in request')  # nopep8
+            api = ContentApi(
+                current_user=user,
+                session=request.dbsession,
+                config=request.registry.settings['CFG']
+            )
+            comment = api.get_one(
+                comment_id,
+                content_type=ContentType.Comment,
+                workspace=workspace,
+                parent=content,
+            )
+        except NoResultFound as exc:
+            raise ContentNotFound(
+                'Comment {} does not exist '
+                'or is not visible for this user'.format(comment_id)
+            ) from exc
+        return comment
+
+    def _get_current_content(
+            self,
+            user: User,
+            workspace: Workspace,
+            request: 'TracimRequest'
+    ) -> Content:
+        """
+        Get current content from request
+        :param user: User who want to check the workspace
+        :param workspace: Workspace of the content
+        :param request: pyramid request
+        :return: current content
+        """
+        content_id = ''
+        try:
+            if 'content_id' in request.matchdict:
+                content_id_str = request.matchdict['content_id']
+                if not isinstance(content_id_str, str) or not content_id_str.isdecimal():  # nopep8
+                    raise InvalidContentId('content_id is not a correct integer')  # nopep8
+                content_id = int(request.matchdict['content_id'])
+            if not content_id:
+                raise ContentNotFoundInTracimRequest('No content_id property found in request')  # nopep8
+            api = ContentApi(
+                current_user=user,
+                session=request.dbsession,
+                config=request.registry.settings['CFG']
+            )
+            content = api.get_one(content_id=content_id, workspace=workspace, content_type=ContentType.Any)  # nopep8
+        except NoResultFound as exc:
+            raise ContentNotFound(
+                'Content {} does not exist '
+                'or is not visible for this user'.format(content_id)
+            ) from exc
+        return content
+
+    def _get_candidate_user(
+            self,
+            request: 'TracimRequest',
+    ) -> User:
+        """
+        Get candidate user
+        :param request: pyramid request
+        :return: user found from header/body
+        """
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(None, session=request.dbsession, config=app_config)
+        login = ''
+        try:
+            login = None
+            if 'user_id' in request.matchdict:
+                user_id_str = request.matchdict['user_id']
+                if not isinstance(user_id_str, str) or not user_id_str.isdecimal():
+                    raise InvalidUserId('user_id is not a correct integer')  # nopep8
+                login = int(request.matchdict['user_id'])
+            if not login:
+                raise UserNotFoundInTracimRequest('You request a candidate user but the context not permit to found one')  # nopep8
+            user = uapi.get_one(login)
+        except UserNotFoundInTracimRequest as exc:
+            raise UserDoesNotExist('User {} not found'.format(login)) from exc
+        return user
+
+    def _get_auth_safe_user(
+            self,
+            request: 'TracimRequest',
+    ) -> User:
+        """
+        Get current pyramid authenticated user from request
+        :param request: pyramid request
+        :return: current authenticated user
+        """
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(None, session=request.dbsession, config=app_config)
+        login = ''
+        try:
+            login = request.authenticated_userid
+            if not login:
+                raise UserNotFoundInTracimRequest('You request a current user but the context not permit to found one')  # nopep8
+            user = uapi.get_one_by_email(login)
+            if not user.is_active:
+                raise UserNotActive('User {} is not active'.format(login))
+        except (UserDoesNotExist, UserNotFoundInTracimRequest) as exc:
+            raise NotAuthenticated('User {} not found'.format(login)) from exc
+        return user
+
+    def _get_current_workspace(
+            self,
+            user: User,
+            request: 'TracimRequest'
+    ) -> Workspace:
+        """
+        Get current workspace from request
+        :param user: User who want to check the workspace
+        :param request: pyramid request
+        :return: current workspace
+        """
+        workspace_id = ''
+        try:
+            if 'workspace_id' in request.matchdict:
+                workspace_id_str = request.matchdict['workspace_id']
+                if not isinstance(workspace_id_str, str) or not workspace_id_str.isdecimal():  # nopep8
+                    raise InvalidWorkspaceId('workspace_id is not a correct integer')  # nopep8
+                workspace_id = int(request.matchdict['workspace_id'])
+            if not workspace_id:
+                raise WorkspaceNotFoundInTracimRequest('No workspace_id property found in request')  # nopep8
+            wapi = WorkspaceApi(
+                current_user=user,
+                session=request.dbsession,
+                config=request.registry.settings['CFG']
+            )
+            workspace = wapi.get_one(workspace_id)
+        except NoResultFound as exc:
+            raise WorkspaceNotFound(
+                'Workspace {} does not exist '
+                'or is not visible for this user'.format(workspace_id)
+            ) from exc
+        return workspace
+
+    def _get_candidate_workspace(
+            self,
+            user: User,
+            request: 'TracimRequest'
+    ) -> Workspace:
+        """
+        Get current workspace from request
+        :param user: User who want to check the workspace
+        :param request: pyramid request
+        :return: current workspace
+        """
+        workspace_id = ''
+        try:
+            if 'new_workspace_id' in request.json_body:
+                workspace_id = request.json_body['new_workspace_id']
+                if not isinstance(workspace_id, int):
+                    if workspace_id.isdecimal():
+                        workspace_id = int(workspace_id)
+                    else:
+                        raise InvalidWorkspaceId('workspace_id is not a correct integer')  # nopep8
+            if not workspace_id:
+                raise WorkspaceNotFoundInTracimRequest('No new_workspace_id property found in body')  # nopep8
+            wapi = WorkspaceApi(
+                current_user=user,
+                session=request.dbsession,
+                config=request.registry.settings['CFG']
+            )
+            workspace = wapi.get_one(workspace_id)
+        except JSONDecodeError as exc:
+            raise WorkspaceNotFound('Invalid JSON content') from exc
+        except NoResultFound as exc:
+            raise WorkspaceNotFound(
+                'Workspace {} does not exist '
+                'or is not visible for this user'.format(workspace_id)
+            ) from exc
+        return workspace

backend/tracim/lib/utils/translation.py

@@ -0,0 +1,12 @@
+# -*- coding: utf-8 -*-
+from babel.core import default_locale
+
+
+def fake_translator(text: str):
+    # TODO - G.M - 27-03-2018 - [i18n] Reconnect true internationalization
+    return text
+
+
+def get_locale():
+    # TODO - G.M - 27-03-2018 - [i18n] Reconnect true internationalization
+    return default_locale('LC_TIME')

backend/tracim/lib/utils/utils.py

@@ -0,0 +1,74 @@
+# -*- coding: utf-8 -*-
+import datetime
+from redis import Redis
+from rq import Queue
+
+from tracim.config import CFG
+
+DATETIME_FORMAT = '%Y-%m-%dT%H:%M:%SZ'
+DEFAULT_WEBDAV_CONFIG_FILE = "wsgidav.conf"
+DEFAULT_TRACIM_CONFIG_FILE = "development.ini"
+
+
+def get_redis_connection(config: CFG) -> Redis:
+    """
+    :param config: current app_config
+    :return: redis connection
+    """
+    return Redis(
+        host=config.EMAIL_SENDER_REDIS_HOST,
+        port=config.EMAIL_SENDER_REDIS_PORT,
+        db=config.EMAIL_SENDER_REDIS_DB,
+    )
+
+
+def get_rq_queue(redis_connection: Redis, queue_name: str ='default') -> Queue:
+    """
+    :param queue_name: name of queue
+    :return: wanted queue
+    """
+
+    return Queue(name=queue_name, connection=redis_connection)
+
+
+def cmp_to_key(mycmp):
+    """
+    List sort related function
+
+    Convert a cmp= function into a key= function
+    """
+    class K(object):
+        def __init__(self, obj, *args):
+            self.obj = obj
+
+        def __lt__(self, other):
+            return mycmp(self.obj, other.obj) < 0
+
+        def __gt__(self, other):
+            return mycmp(self.obj, other.obj) > 0
+
+        def __eq__(self, other):
+            return mycmp(self.obj, other.obj) == 0
+
+        def __le__(self, other):
+            return mycmp(self.obj, other.obj) <= 0
+
+        def __ge__(self, other):
+            return mycmp(self.obj, other.obj) >= 0
+
+        def __ne__(self, other):
+            return mycmp(self.obj, other.obj) != 0
+
+    return K
+
+
+def current_date_for_filename() -> str:
+    """
+    ISO8601 current date, adapted to be used in filename (for
+    webdav feature for example), with trouble-free characters.
+    :return: current date as string like "2018-03-19T15.49.27.246592"
+    """
+    # INFO - G.M - 19-03-2018 - As ':' is in transform_to_bdd method in
+    # webdav utils, it may cause trouble. So, it should be replaced to
+    # a character which will not change in bdd.
+    return datetime.datetime.now().isoformat().replace(':', '.')

backend/tracim/lib/webdav/__init__.py

@@ -0,0 +1,152 @@
+import json
+import sys
+import os
+from pyramid.paster import get_appsettings
+from waitress import serve
+from wsgidav.wsgidav_app import DEFAULT_CONFIG
+from wsgidav.xml_tools import useLxml
+from wsgidav.wsgidav_app import WsgiDAVApp
+
+from tracim import CFG
+from tracim.lib.utils.utils import DEFAULT_TRACIM_CONFIG_FILE, \
+    DEFAULT_WEBDAV_CONFIG_FILE
+from tracim.lib.webdav.dav_provider import Provider
+from tracim.lib.webdav.authentification import TracimDomainController
+from wsgidav.dir_browser import WsgiDavDirBrowser
+from wsgidav.http_authenticator import HTTPAuthenticator
+from wsgidav.error_printer import ErrorPrinter
+from tracim.lib.webdav.middlewares import TracimWsgiDavDebugFilter, \
+    TracimEnforceHTTPS, TracimEnv, TracimUserSession
+
+from inspect import isfunction
+import traceback
+
+from tracim.models import get_engine, get_session_factory
+
+
+class WebdavAppFactory(object):
+
+    def __init__(self,
+                 tracim_config_file_path: str = None,
+                 ):
+        self.config = self._initConfig(
+            tracim_config_file_path
+        )
+
+    def _initConfig(self,
+                    tracim_config_file_path: str = None
+                    ):
+        """Setup configuration dictionary from default,
+         command line and configuration file."""
+        if not tracim_config_file_path:
+            tracim_config_file_path = DEFAULT_TRACIM_CONFIG_FILE
+
+        # Set config defaults
+        config = DEFAULT_CONFIG.copy()
+        temp_verbose = config["verbose"]
+        # Get pyramid Env
+        tracim_config_file_path = os.path.abspath(tracim_config_file_path)
+        config['tracim_config'] = tracim_config_file_path
+        settings = self._get_tracim_settings(config)
+        app_config = CFG(settings)
+
+        default_config_file = os.path.abspath(settings['wsgidav.config_path'])
+        webdav_config_file = self._readConfigFile(
+            default_config_file,
+            temp_verbose
+            )
+        # Configuration file overrides defaults
+        config.update(webdav_config_file)
+
+        if not useLxml and config["verbose"] >= 1:
+            print(
+                "WARNING: Could not import lxml: using xml instead (slower). "
+                "consider installing lxml from http://codespeak.net/lxml/."
+            )
+
+        config['middleware_stack'] = [
+            TracimEnforceHTTPS,
+            WsgiDavDirBrowser,
+            TracimUserSession,
+            HTTPAuthenticator,
+            ErrorPrinter,
+            TracimWsgiDavDebugFilter,
+            TracimEnv,
+
+        ]
+        config['provider_mapping'] = {
+            config['root_path']: Provider(
+                # TODO: Test to Re enabme archived and deleted
+                show_archived=False,  # config['show_archived'],
+                show_deleted=False,  # config['show_deleted'],
+                show_history=False,  # config['show_history'],
+                app_config=app_config,
+            )
+        }
+
+        config['domaincontroller'] = TracimDomainController(
+            presetdomain=None,
+            presetserver=None,
+            app_config=app_config,
+        )
+        return config
+
+    def _get_tracim_settings(
+            self,
+            default_config,
+    ):
+        """
+        Get tracim settings
+        """
+        global_conf = get_appsettings(default_config['tracim_config']).global_conf
+        local_conf = get_appsettings(default_config['tracim_config'], 'tracim_web')  # nopep8
+        settings = global_conf
+        settings.update(local_conf)
+        return settings
+
+    # INFO - G.M - 13-04-2018 - Copy from
+    # wsgidav.server.run_server._readConfigFile
+    def _readConfigFile(self, config_file, verbose):
+        """Read configuration file options into a dictionary."""
+
+        if not os.path.exists(config_file):
+            raise RuntimeError("Couldn't open configuration file '%s'." % config_file)
+
+        if config_file.endswith(".json"):
+            with open(config_file, mode="r", encoding="utf-8") as json_file:
+                return json.load(json_file)
+
+        try:
+            import imp
+            conf = {}
+            configmodule = imp.load_source("configuration_module", config_file)
+
+            for k, v in vars(configmodule).items():
+                if k.startswith("__"):
+                    continue
+                elif isfunction(v):
+                    continue
+                conf[k] = v
+        except Exception as e:
+            # if verbose >= 1:
+            #    traceback.print_exc()
+            exceptioninfo = traceback.format_exception_only(sys.exc_type, sys.exc_value)
+            exceptiontext = ""
+            for einfo in exceptioninfo:
+                exceptiontext += einfo + "\n"
+    #        raise RuntimeError("Failed to read configuration file: " + config_file + "\nDue to "
+    #            + exceptiontext)
+            print("Failed to read configuration file: " + config_file +
+                  "\nDue to " + exceptiontext, file=sys.stderr)
+            raise
+
+        return conf
+
+    def get_wsgi_app(self):
+        return WsgiDAVApp(self.config)
+
+
+if __name__ == '__main__':
+    app_factory = WebdavAppFactory()
+    app = app_factory.get_wsgi_app()
+    serve(app)

backend/tracim/lib/webdav/authentification.py

@@ -0,0 +1,49 @@
+# coding: utf8
+from tracim.exceptions import DigestAuthNotImplemented
+from tracim.lib.core.user import UserApi
+
+DEFAULT_TRACIM_WEBDAV_REALM = '/'
+
+
+class TracimDomainController(object):
+    """
+    The domain controller is used by http_authenticator to authenticate the user every time a request is
+    sent
+    """
+    def __init__(self, app_config, presetdomain=None, presetserver=None):
+        self.app_config = app_config
+
+    def getDomainRealm(self, inputURL, environ):
+        return DEFAULT_TRACIM_WEBDAV_REALM
+
+    def getRealmUserPassword(self, realmname, username, environ):
+        """
+        This method is normally only use for digest auth. wsgidav need
+        plain password to deal with it. as we didn't
+        provide support for this kind of auth, this method raise an exception.
+        """
+        raise DigestAuthNotImplemented
+
+    def requireAuthentication(self, realmname, environ):
+        return True
+
+    def isRealmUser(self, realmname, username, environ):
+        """
+        Called to check if for a given root, the username exists (though here we don't make difference between
+        root as we're always starting at tracim's root
+        """
+        api = UserApi(None, environ['tracim_dbsession'], self.app_config)
+        try:
+             api.get_one_by_email(username)
+             return True
+        except:
+             return False
+
+    def authDomainUser(self, realmname, username, password, environ):
+        """
+        If you ever feel the need to send a request al-mano with a curl, this is the function that'll be called by
+        http_authenticator to validate the password sent
+        """
+        api = UserApi(None, environ['tracim_dbsession'], self.app_config)
+        return self.isRealmUser(realmname, username, environ) and \
+             api.get_one_by_email(username).validate_password(password)

backend/tracim/lib/webdav/dav_provider.py

@@ -0,0 +1,370 @@
+# coding: utf8
+
+import re
+from os.path import basename, dirname
+
+from sqlalchemy.orm.exc import NoResultFound
+
+from tracim import CFG
+from tracim.lib.webdav.utils import transform_to_bdd, HistoryType, \
+    SpecialFolderExtension
+
+from wsgidav.dav_provider import DAVProvider
+from wsgidav.lock_manager import LockManager
+
+
+from tracim.lib.webdav.lock_storage import LockStorage
+from tracim.lib.core.content import ContentApi
+from tracim.lib.core.content import ContentRevisionRO
+from tracim.lib.core.workspace import WorkspaceApi
+from tracim.lib.webdav import resources
+from tracim.lib.webdav.utils import normpath
+from tracim.models.data import ContentType, Content, Workspace
+
+
+class Provider(DAVProvider):
+    """
+    This class' role is to provide to wsgidav _DAVResource. Wsgidav will then use them to execute action and send
+    informations to the client
+    """
+
+    def __init__(
+            self,
+            app_config: CFG,
+            show_history=True,
+            show_deleted=True,
+            show_archived=True,
+            manage_locks=True,
+    ):
+        super(Provider, self).__init__()
+
+        if manage_locks:
+            self.lockManager = LockManager(LockStorage())
+
+        self.app_config = app_config
+        self._show_archive = show_archived
+        self._show_delete = show_deleted
+        self._show_history = show_history
+
+    def show_history(self):
+        return self._show_history
+
+    def show_delete(self):
+        return self._show_delete
+
+    def show_archive(self):
+        return self._show_archive
+
+    #########################################################
+    # Everything override from DAVProvider
+    def getResourceInst(self, path: str, environ: dict):
+        """
+        Called by wsgidav whenever a request is called to get the _DAVResource corresponding to the path
+        """
+        user = environ['tracim_user']
+        session = environ['tracim_dbsession']
+        if not self.exists(path, environ):
+            return None
+        path = normpath(path)
+        root_path = environ['http_authenticator.realm']
+
+        # If the requested path is the root, then we return a RootResource resource
+        if path == root_path:
+            return resources.RootResource(
+                path=path,
+                environ=environ,
+                user=user,
+                session=session
+            )
+
+        workspace_api = WorkspaceApi(
+            current_user=user,
+            session=session,
+            config=self.app_config,
+        )
+        workspace = self.get_workspace_from_path(path, workspace_api)
+
+        # If the request path is in the form root/name, then we return a WorkspaceResource resource
+        parent_path = dirname(path)
+        if parent_path == root_path:
+            if not workspace:
+                return None
+            return resources.WorkspaceResource(
+                path=path,
+                environ=environ,
+                workspace=workspace,
+                user=user,
+                session=session,
+            )
+
+        # And now we'll work on the path to establish which type or resource is requested
+
+        content_api = ContentApi(
+            current_user=user,
+            session=session,
+            config=self.app_config,
+            show_archived=False,  # self._show_archive,
+            show_deleted=False,  # self._show_delete
+        )
+
+        content = self.get_content_from_path(
+            path=path,
+            content_api=content_api,
+            workspace=workspace
+        )
+
+
+        # Easy cases : path either end with /.deleted, /.archived or /.history, then we return corresponding resources
+        if path.endswith(SpecialFolderExtension.Archived) and self._show_archive:
+            return resources.ArchivedFolderResource(
+                path=path,
+                environ=environ,
+                workspace=workspace,
+                user=user,
+                content=content,
+                session=session,
+            )
+
+        if path.endswith(SpecialFolderExtension.Deleted) and self._show_delete:
+            return resources.DeletedFolderResource(
+                path=path,
+                environ=environ,
+                workspace=workspace,
+                user=user,
+                content=content,
+                session=session,
+            )
+
+        if path.endswith(SpecialFolderExtension.History) and self._show_history:
+            is_deleted_folder = re.search(r'/\.deleted/\.history$', path) is not None
+            is_archived_folder = re.search(r'/\.archived/\.history$', path) is not None
+
+            type = HistoryType.Deleted if is_deleted_folder \
+                else HistoryType.Archived if is_archived_folder \
+                else HistoryType.Standard
+
+            return resources.HistoryFolderResource(
+                path=path,
+                environ=environ,
+                workspace=workspace,
+                user=user,
+                content=content,
+                session=session,
+                type=type
+            )
+
+        # Now that's more complicated, we're trying to find out if the path end with /.history/file_name
+        is_history_file_folder = re.search(r'/\.history/([^/]+)$', path) is not None
+
+        if is_history_file_folder and self._show_history:
+            return resources.HistoryFileFolderResource(
+                path=path,
+                environ=environ,
+                user=user,
+                content=content,
+                session=session,
+            )
+        # And here next step :
+        is_history_file = re.search(r'/\.history/[^/]+/\((\d+) - [a-zA-Z]+\) .+', path) is not None
+
+        if self._show_history and is_history_file:
+
+            revision_id = re.search(r'/\.history/[^/]+/\((\d+) - [a-zA-Z]+\) ([^/].+)$', path).group(1)
+
+            content_revision = content_api.get_one_revision(revision_id)
+            content = self.get_content_from_revision(content_revision, content_api)
+
+            if content.type == ContentType.File:
+                return resources.HistoryFileResource(
+                    path=path,
+                    environ=environ,
+                    user=user,
+                    content=content,
+                    content_revision=content_revision,
+                    session=session,
+                )
+            else:
+                return resources.HistoryOtherFile(
+                    path=path,
+                    environ=environ,
+                    user=user,
+                    content=content,
+                    content_revision=content_revision,
+                    session=session,
+                )
+
+        # And if we're still going, the client is asking for a standard Folder/File/Page/Thread so we check the type7
+        # and return the corresponding resource
+
+        if content is None:
+            return None
+        if content.type == ContentType.Folder:
+            return resources.FolderResource(
+                path=path,
+                environ=environ,
+                workspace=content.workspace,
+                content=content,
+                session=session,
+                user=user,
+            )
+        elif content.type == ContentType.File:
+            return resources.FileResource(
+                path=path,
+                environ=environ,
+                content=content,
+                session=session,
+                user=user
+            )
+        else:
+            return resources.OtherFileResource(
+                path=path,
+                environ=environ,
+                content=content,
+                session=session,
+                user=user,
+            )
+
+    def exists(self, path, environ) -> bool:
+        """
+        Called by wsgidav to check if a certain path is linked to a _DAVResource
+        """
+
+        path = normpath(path)
+        working_path = self.reduce_path(path)
+        root_path = environ['http_authenticator.realm']
+        parent_path = dirname(working_path)
+        user = environ['tracim_user']
+        session = environ['tracim_dbsession']
+        if path == root_path:
+            return True
+
+        workspace = self.get_workspace_from_path(
+            path,
+            WorkspaceApi(
+                current_user=user,
+                session=session,
+                config=self.app_config,
+            )
+        )
+
+        if parent_path == root_path or workspace is None:
+            return workspace is not None
+
+        # TODO bastien: Arnaud avait mis a True, verif le comportement
+        # lorsque l'on explore les dossiers archive et deleted
+        content_api = ContentApi(
+            current_user=user,
+            session=session,
+            config=self.app_config,
+            show_archived=False,
+            show_deleted=False
+        )
+
+        revision_id = re.search(r'/\.history/[^/]+/\((\d+) - [a-zA-Z]+\) ([^/].+)$', path)
+
+        is_archived = self.is_path_archive(path)
+
+        is_deleted = self.is_path_delete(path)
+
+        if revision_id:
+            revision_id = revision_id.group(1)
+            content = content_api.get_one_revision(revision_id)
+        else:
+            content = self.get_content_from_path(working_path, content_api, workspace)
+
+        return content is not None \
+            and content.is_deleted == is_deleted \
+            and content.is_archived == is_archived
+
+    def is_path_archive(self, path):
+        """
+        This function will check if a given path is linked to a file that's archived or not. We're checking if the
+        given path end with one of these string :
+
+        ex:
+            - /a/b/.archived/my_file
+            - /a/b/.archived/.history/my_file
+            - /a/b/.archived/.history/my_file/(3615 - edition) my_file
+        """
+
+        return re.search(
+            r'/\.archived/(\.history/)?(?!\.history)[^/]*(/\.)?(history|deleted|archived)?$',
+            path
+        ) is not None
+
+    def is_path_delete(self, path):
+        """
+        This function will check if a given path is linked to a file that's deleted or not. We're checking if the
+        given path end with one of these string :
+
+        ex:
+            - /a/b/.deleted/my_file
+            - /a/b/.deleted/.history/my_file
+            - /a/b/.deleted/.history/my_file/(3615 - edition) my_file
+        """
+
+        return re.search(
+            r'/\.deleted/(\.history/)?(?!\.history)[^/]*(/\.)?(history|deleted|archived)?$',
+            path
+        ) is not None
+
+    def reduce_path(self, path: str) -> str:
+        """
+        As we use the given path to request the database
+
+        ex: if the path is /a/b/.deleted/c/.archived, we're trying to get the archived content of the 'c' resource,
+        we need to keep the path /a/b/c
+
+        ex: if the path is /a/b/.history/my_file, we're trying to get the history of the file my_file, thus we need
+        the path /a/b/my_file
+
+        ex: if the path is /a/b/.history/my_file/(1985 - edition) my_old_name, we're looking for,
+        thus we remove all useless information
+        """
+        path = re.sub(r'/\.archived', r'', path)
+        path = re.sub(r'/\.deleted', r'', path)
+        path = re.sub(r'/\.history/[^/]+/(\d+)-.+', r'/\1', path)
+        path = re.sub(r'/\.history/([^/]+)', r'/\1', path)
+        path = re.sub(r'/\.history', r'', path)
+
+        return path
+
+    def get_content_from_path(self, path, content_api: ContentApi, workspace: Workspace) -> Content:
+        """
+        Called whenever we want to get the Content item from the database for a given path
+        """
+        path = self.reduce_path(path)
+        parent_path = dirname(path)
+
+        relative_parents_path = parent_path[len(workspace.label)+1:]
+        parents = relative_parents_path.split('/')
+
+        try:
+            parents.remove('')
+        except ValueError:
+            pass
+        parents = [transform_to_bdd(x) for x in parents]
+
+        try:
+            return content_api.get_one_by_label_and_parent_labels(
+                content_label=transform_to_bdd(basename(path)),
+                content_parent_labels=parents,
+                workspace=workspace,
+            )
+        except NoResultFound:
+            return None
+
+    def get_content_from_revision(self, revision: ContentRevisionRO, api: ContentApi) -> Content:
+        try:
+            return api.get_one(revision.content_id, ContentType.Any)
+        except NoResultFound:
+            return None
+
+    def get_parent_from_path(self, path, api: ContentApi, workspace) -> Content:
+        return self.get_content_from_path(dirname(path), api, workspace)
+
+    def get_workspace_from_path(self, path: str, api: WorkspaceApi) -> Workspace:
+        try:
+            return api.get_one_by_label(transform_to_bdd(path.split('/')[1]))
+        except NoResultFound:
+            return None

backend/tracim/lib/webdav/design.py

@@ -0,0 +1,385 @@
+#coding: utf8
+from datetime import datetime
+
+from tracim.models.data import VirtualEvent
+from tracim.models.data import ContentType
+from tracim.models import data
+
+# FIXME: fix temporaire ...
+style = """
+.title {
+	background:#F5F5F5;
+	padding-right:15px;
+	padding-left:15px;
+	padding-top:10px;
+	border-bottom:1px solid #CCCCCC;
+	overflow:auto;
+} .title h1 { margin-top:0; }
+
+.content {
+	padding: 15px;
+}
+
+#left{ padding:0; }
+
+#right {
+	background:#F5F5F5;
+	border-left:1px solid #CCCCCC;
+	border-bottom: 1px solid #CCCCCC;
+	padding-top:15px;
+}
+@media (max-width: 1200px) {
+	#right {
+		border-top:1px solid #CCCCCC;
+		border-left: none;
+		border-bottom: none;
+	}
+}
+
+body { overflow:auto; }
+
+.btn {
+	text-align: left;
+}
+
+.table tbody tr .my-align {
+	vertical-align:middle;
+}
+
+.title-icon {
+	font-size:2.5em;
+	float:left;
+	margin-right:10px;
+}
+.title.page, .title-icon.page { color:#00CC00; }
+.title.thread, .title-icon.thread { color:#428BCA; }
+
+/* ****************************** */
+.description-icon {
+	color:#999;
+	font-size:3em;
+}
+
+.description {
+	border-left: 5px solid #999;
+	padding-left: 10px;
+	margin-left: 10px;
+	margin-bottom:10px;
+}
+
+.description-text {
+	display:block;
+	overflow:hidden;
+	color:#999;
+}
+
+.comment-row:nth-child(2n) {
+	background-color:#F5F5F5;
+}
+
+.comment-row:nth-child(2n+1) {
+	background-color:#FFF;
+}
+
+.comment-icon {
+	color:#CCC;
+	font-size:3em;
+	display:inline-block;
+	margin-right: 10px;
+	float:left;
+}
+
+.comment-content {
+	display:block;
+	overflow:hidden;
+}
+
+.comment, .comment-revision {
+	padding:10px;
+	border-top: 1px solid #999;
+}
+
+.comment-revision-icon {
+	color:#777;
+	margin-right: 10px;
+}
+
+.title-text {
+	display: inline-block;
+}
+"""
+
+_LABELS = {
+    'archiving': 'Item archived',
+    'content-comment': 'Item commented',
+    'creation': 'Item created',
+    'deletion': 'Item deleted',
+    'edition': 'item modified',
+    'revision': 'New revision',
+    'status-update': 'New status',
+    'unarchiving': 'Item unarchived',
+    'undeletion': 'Item undeleted',
+    'move': 'Item moved',
+    'comment': 'Comment',
+    'copy' : 'Item copied',
+}
+
+
+def create_readable_date(created, delta_from_datetime: datetime = None):
+    if not delta_from_datetime:
+        delta_from_datetime = datetime.now()
+
+    delta = delta_from_datetime - created
+
+    if delta.days > 0:
+        if delta.days >= 365:
+            aff = '%d year%s ago' % (delta.days / 365, 's' if delta.days / 365 >= 2 else '')
+        elif delta.days >= 30:
+            aff = '%d month%s ago' % (delta.days / 30, 's' if delta.days / 30 >= 2 else '')
+        else:
+            aff = '%d day%s ago' % (delta.days, 's' if delta.days >= 2 else '')
+    else:
+        if delta.seconds < 60:
+            aff = '%d second%s ago' % (delta.seconds, 's' if delta.seconds > 1 else '')
+        elif delta.seconds / 60 < 60:
+            aff = '%d minute%s ago' % (delta.seconds / 60, 's' if delta.seconds / 60 >= 2 else '')
+        else:
+            aff = '%d hour%s ago' % (delta.seconds / 3600, 's' if delta.seconds / 3600 >= 2 else '')
+
+    return aff
+
+def designPage(content: data.Content, content_revision: data.ContentRevisionRO) -> str:
+    hist = content.get_history(drop_empty_revision=False)
+    histHTML = '<table class="table table-striped table-hover">'
+    for event in hist:
+        if isinstance(event, VirtualEvent):
+            date = event.create_readable_date()
+            label = _LABELS[event.type.id]
+
+            histHTML += '''
+                <tr class="%s">
+                    <td class="my-align"><span class="label label-default"><i class="fa %s"></i> %s</span></td>
+                    <td>%s</td>
+                    <td>%s</td>
+                    <td>%s</td>
+                </tr>
+                ''' % ('warning' if event.id == content_revision.revision_id else '',
+                       event.type.fa_icon,
+                       label,
+                       date,
+                       event.owner.display_name,
+                       # NOTE: (WABDAV_HIST_DEL_DISABLED) Disabled for beta 1.0
+                       '<i class="fa fa-caret-left"></i> shown'  if event.id == content_revision.revision_id else '' # '''<span><a class="revision-link" href="/.history/%s/(%s - %s) %s.html">(View revision)</a></span>''' % (
+                       # content.label, event.id, event.type.id, event.ref_object.label) if event.type.id in ['revision', 'creation', 'edition'] else '')
+                   )
+    histHTML += '</table>'
+
+    page = '''
+<html>
+<head>
+	<meta charset="utf-8" />
+	<title>%s</title>
+	<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">
+	<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css">
+	<style>%s</style>
+	<script type="text/javascript" src="/home/arnaud/Documents/css/script.js"></script>
+	<script
+			  src="https://code.jquery.com/jquery-3.1.0.min.js"
+			  integrity="sha256-cCueBR6CsyA4/9szpPfrX3s49M9vUU5BgtiJj06wt/s="
+			  crossorigin="anonymous"></script>
+</head>
+<body>
+    <div id="left" class="col-lg-8 col-md-12 col-sm-12 col-xs-12">
+        <div class="title page">
+            <div class="title-text">
+                <i class="fa fa-file-text-o title-icon page"></i>
+                <h1>%s</h1>
+                <h6>page created on <b>%s</b> by <b>%s</b></h6>
+            </div>
+            <div class="pull-right">
+                <div class="btn-group btn-group-vertical">
+                    <!-- NOTE: Not omplemented yet, don't display not working link
+                     <a class="btn btn-default">
+                         <i class="fa fa-external-link"></i> View in tracim</a>
+                     </a>-->
+                </div>
+            </div>
+        </div>
+        <div class="content col-xs-12 col-sm-12 col-md-12 col-lg-12">
+            %s
+        </div>
+    </div>
+    <div id="right" class="col-lg-4 col-md-12 col-sm-12 col-xs-12">
+        <h4>History</h4>
+        %s
+    </div>
+    <script type="text/javascript">
+        window.onload = function() {
+            file_location = window.location.href
+            file_location = file_location.replace(/\/[^/]*$/, '')
+            file_location = file_location.replace(/\/.history\/[^/]*$/, '')
+
+            // NOTE: (WABDAV_HIST_DEL_DISABLED) Disabled for beta 1.0
+            // $('.revision-link').each(function() {
+            //    $(this).attr('href', file_location + $(this).attr('href'))
+            // });
+        }
+    </script>
+</body>
+</html>
+        ''' % (content_revision.label,
+               style,
+               content_revision.label,
+               content.created.strftime("%B %d, %Y at %H:%m"),
+               content.owner.display_name,
+               content_revision.description,
+               histHTML)
+
+    return page
+
+def designThread(content: data.Content, content_revision: data.ContentRevisionRO, comments) -> str:
+        hist = content.get_history(drop_empty_revision=False)
+
+        allT = []
+        allT += comments
+        allT += hist
+        allT.sort(key=lambda x: x.created, reverse=True)
+
+        disc = ''
+        participants = {}
+        for t in allT:
+            if t.type == ContentType.Comment:
+                disc += '''
+                    <div class="row comment comment-row">
+                        <i class="fa fa-comment-o comment-icon"></i>
+                            <div class="comment-content">
+                            <h5>
+                                <span class="comment-author"><b>%s</b> wrote :</span>
+                                <div class="pull-right text-right">%s</div>
+                            </h5>
+                            %s
+                        </div>
+                    </div>
+                    ''' % (t.owner.display_name, create_readable_date(t.created), t.description)
+
+                if t.owner.display_name not in participants:
+                    participants[t.owner.display_name] = [1, t.created]
+                else:
+                    participants[t.owner.display_name][0] += 1
+            else:
+                if isinstance(t, VirtualEvent) and t.type.id != 'comment':
+                    label = _LABELS[t.type.id]
+
+                    disc += '''
+                    <div class="%s row comment comment-row to-hide">
+                        <i class="fa %s comment-icon"></i>
+                            <div class="comment-content">
+                            <h5>
+                                <span class="comment-author"><b>%s</b></span>
+                                <div class="pull-right text-right">%s</div>
+                            </h5>
+                            %s %s
+                        </div>
+                    </div>
+                    ''' % ('warning' if t.id == content_revision.revision_id else '',
+                           t.type.fa_icon,
+                           t.owner.display_name,
+                           t.create_readable_date(),
+                           label,
+                            # NOTE: (WABDAV_HIST_DEL_DISABLED) Disabled for beta 1.0
+                            '<i class="fa fa-caret-left"></i> shown' if t.id == content_revision.revision_id else '' # else '''<span><a class="revision-link" href="/.history/%s/%s-%s">(View revision)</a></span>''' % (
+                               # content.label,
+                               # t.id,
+                               # t.ref_object.label) if t.type.id in ['revision', 'creation', 'edition'] else '')
+                           )
+
+        thread = '''
+<html>
+<head>
+	<meta charset="utf-8" />
+	<title>%s</title>
+	<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
+	<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">
+	<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css">
+	<style>%s</style>
+	<script type="text/javascript" src="/home/arnaud/Documents/css/script.js"></script>
+</head>
+<body>
+    <div id="left" class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
+        <div class="title thread">
+            <div class="title-text">
+                <i class="fa fa-comments-o title-icon thread"></i>
+                <h1>%s</h1>
+                <h6>thread created on <b>%s</b> by <b>%s</b></h6>
+            </div>
+            <div class="pull-right">
+                <div class="btn-group btn-group-vertical">
+                    <!-- NOTE: Not omplemented yet, don't display not working link
+                    <a class="btn btn-default" onclick="hide_elements()">
+                       <i id="hideshow" class="fa fa-eye-slash"></i> <span id="hideshowtxt" >Hide history</span></a>
+                    </a>-->
+                    <a class="btn btn-default">
+                        <i class="fa fa-external-link"></i> View in tracim</a>
+                    </a>
+                </div>
+            </div>
+        </div>
+        <div class="content col-xs-12 col-sm-12 col-md-12 col-lg-12">
+            <div class="description">
+                <span class="description-text">%s</span>
+            </div>
+            %s
+        </div>
+    </div>
+    <script type="text/javascript">
+        window.onload = function() {
+            file_location = window.location.href
+            file_location = file_location.replace(/\/[^/]*$/, '')
+            file_location = file_location.replace(/\/.history\/[^/]*$/, '')
+
+            // NOTE: (WABDAV_HIST_DEL_DISABLED) Disabled for beta 1.0
+            // $('.revision-link').each(function() {
+            //     $(this).attr('href', file_location + $(this).attr('href'))
+            // });
+        }
+
+        function hide_elements() {
+            elems = document.getElementsByClassName('to-hide');
+            if (elems.length > 0) {
+                for(var i = 0; i < elems.length; i++) {
+                    $(elems[i]).addClass('to-show')
+                    $(elems[i]).hide();
+                }
+                while (elems.length>0) {
+                    $(elems[0]).removeClass('comment-row');
+                    $(elems[0]).removeClass('to-hide');
+                }
+                $('#hideshow').addClass('fa-eye').removeClass('fa-eye-slash');
+                $('#hideshowtxt').html('Show history');
+            }
+            else {
+                elems = document.getElementsByClassName('to-show');
+                for(var i = 0; i<elems.length; i++) {
+                    $(elems[0]).addClass('comment-row');
+                    $(elems[i]).addClass('to-hide');
+                    $(elems[i]).show();
+                }
+                while (elems.length>0) {
+                    $(elems[0]).removeClass('to-show');
+                }
+                $('#hideshow').removeClass('fa-eye').addClass('fa-eye-slash');
+                $('#hideshowtxt').html('Hide history');
+            }
+        }
+    </script>
+</body>
+</html>
+        ''' % (content_revision.label,
+               style,
+               content_revision.label,
+               content.created.strftime("%B %d, %Y at %H:%m"),
+               content.owner.display_name,
+               content_revision.description,
+               disc)
+
+        return thread

backend/tracim/lib/webdav/lock_storage.py

@@ -0,0 +1,275 @@
+import time
+
+from tracim.lib.webdav.model import Lock, Url2Token
+from wsgidav import util
+from wsgidav.lock_manager import normalizeLockRoot, lockString, generateLockToken, validateLock
+from wsgidav.rw_lock import ReadWriteLock
+
+_logger = util.getModuleLogger(__name__)
+
+
+def from_dict_to_base(lock):
+    return Lock(
+        token=lock["token"],
+        depth=lock["depth"],
+        root=lock["root"],
+        type=lock["type"],
+        scopre=lock["scope"],
+        owner=lock["owner"],
+        timeout=lock["timeout"],
+        principal=lock["principal"],
+        expire=lock["expire"]
+    )
+
+
+def from_base_to_dict(lock):
+    return {
+        'token': lock.token,
+        'depth': lock.depth,
+        'root': lock.root,
+        'type': lock.type,
+        'scope': lock.scope,
+        'owner': lock.owner,
+        'timeout': lock.timeout,
+        'principal': lock.principal,
+        'expire': lock.expire
+    }
+
+
+class LockStorage(object):
+    LOCK_TIME_OUT_DEFAULT = 604800  # 1 week, in seconds
+    LOCK_TIME_OUT_MAX = 4 * 604800  # 1 month, in seconds
+
+    def __init__(self):
+        self._session = None# todo Session()
+        self._lock = ReadWriteLock()
+
+    def __repr__(self):
+        return "C'est bien mon verrou..."
+
+    def __del__(self):
+        pass
+
+    def get_lock_db_from_token(self, token):
+        return self._session.query(Lock).filter(Lock.token == token).one_or_none()
+
+    def _flush(self):
+        """Overloaded by Shelve implementation."""
+        pass
+
+    def open(self):
+        """Called before first use.
+
+        May be implemented to initialize a storage.
+        """
+        pass
+
+    def close(self):
+        """Called on shutdown."""
+        pass
+
+    def cleanup(self):
+        """Purge expired locks (optional)."""
+        pass
+
+    def clear(self):
+        """Delete all entries."""
+        self._session.query(Lock).all().delete(synchronize_session=False)
+        self._session.commit()
+
+    def get(self, token):
+        """Return a lock dictionary for a token.
+
+        If the lock does not exist or is expired, None is returned.
+
+        token:
+            lock token
+        Returns:
+            Lock dictionary or <None>
+
+        Side effect: if lock is expired, it will be purged and None is returned.
+        """
+        self._lock.acquireRead()
+        try:
+            lock_base = self._session.query(Lock).filter(Lock.token == token).one_or_none()
+            if lock_base is None:
+                # Lock not found: purge dangling URL2TOKEN entries
+                _logger.debug("Lock purged dangling: %s" % token)
+                self.delete(token)
+                return None
+            expire = float(lock_base.expire)
+            if 0 <= expire < time.time():
+                _logger.debug("Lock timed-out(%s): %s" % (expire, lockString(from_base_to_dict(lock_base))))
+                self.delete(token)
+                return None
+            return from_base_to_dict(lock_base)
+        finally:
+            self._lock.release()
+
+    def create(self, path, lock):
+        """Create a direct lock for a resource path.
+
+        path:
+            Normalized path (utf8 encoded string, no trailing '/')
+        lock:
+            lock dictionary, without a token entry
+        Returns:
+            New unique lock token.: <lock
+
+        **Note:** the lock dictionary may be modified on return:
+
+        - lock['root'] is ignored and set to the normalized <path>
+        - lock['timeout'] may be normalized and shorter than requested
+        - lock['token'] is added
+        """
+        self._lock.acquireWrite()
+        try:
+            # We expect only a lock definition, not an existing lock
+            assert lock.get("token") is None
+            assert lock.get("expire") is None, "Use timeout instead of expire"
+            assert path and "/" in path
+
+            # Normalize root: /foo/bar
+            org_path = path
+            path = normalizeLockRoot(path)
+            lock["root"] = path
+
+            # Normalize timeout from ttl to expire-date
+            timeout = float(lock.get("timeout"))
+            if timeout is None:
+                timeout = LockStorage.LOCK_TIME_OUT_DEFAULT
+            elif timeout < 0 or timeout > LockStorage.LOCK_TIME_OUT_MAX:
+                timeout = LockStorage.LOCK_TIME_OUT_MAX
+
+            lock["timeout"] = timeout
+            lock["expire"] = time.time() + timeout
+
+            validateLock(lock)
+
+            token = generateLockToken()
+            lock["token"] = token
+
+            # Store lock
+            lock_db = from_dict_to_base(lock)
+
+            self._session.add(lock_db)
+
+            # Store locked path reference
+            url2token = Url2Token(
+                path=path,
+                token=token
+            )
+
+            self._session.add(url2token)
+            self._session.commit()
+
+            self._flush()
+            _logger.debug("LockStorageDict.set(%r): %s" % (org_path, lockString(lock)))
+            #            print("LockStorageDict.set(%r): %s" % (org_path, lockString(lock)))
+            return lock
+        finally:
+            self._lock.release()
+
+    def refresh(self, token, timeout):
+        """Modify an existing lock's timeout.
+
+        token:
+            Valid lock token.
+        timeout:
+            Suggested lifetime in seconds (-1 for infinite).
+            The real expiration time may be shorter than requested!
+        Returns:
+            Lock dictionary.
+            Raises ValueError, if token is invalid.
+        """
+        lock_db = self._session.query(Lock).filter(Lock.token == token).one_or_none()
+        assert lock_db is not None, "Lock must exist"
+        assert timeout == -1 or timeout > 0
+        if timeout < 0 or timeout > LockStorage.LOCK_TIME_OUT_MAX:
+            timeout = LockStorage.LOCK_TIME_OUT_MAX
+
+        self._lock.acquireWrite()
+        try:
+            # Note: shelve dictionary returns copies, so we must reassign values:
+            lock_db.timeout = timeout
+            lock_db.expire = time.time() + timeout
+            self._session.commit()
+            self._flush()
+        finally:
+            self._lock.release()
+        return from_base_to_dict(lock_db)
+
+    def delete(self, token):
+        """Delete lock.
+
+        Returns True on success. False, if token does not exist, or is expired.
+        """
+        self._lock.acquireWrite()
+        try:
+            lock_db = self._session.query(Lock).filter(Lock.token == token).one_or_none()
+            _logger.debug("delete %s" % lockString(from_base_to_dict(lock_db)))
+            if lock_db is None:
+                return False
+            # Remove url to lock mapping
+            url2token = self._session.query(Url2Token).filter(
+                Url2Token.path == lock_db.root,
+                Url2Token.token == token).one_or_none()
+            if url2token is not None:
+                self._session.delete(url2token)
+            # Remove the lock
+            self._session.delete(lock_db)
+            self._session.commit()
+
+            self._flush()
+        finally:
+            self._lock.release()
+        return True
+
+    def getLockList(self, path, includeRoot, includeChildren, tokenOnly):
+        """Return a list of direct locks for <path>.
+
+        Expired locks are *not* returned (but may be purged).
+
+        path:
+            Normalized path (utf8 encoded string, no trailing '/')
+        includeRoot:
+            False: don't add <path> lock (only makes sense, when includeChildren
+            is True).
+        includeChildren:
+            True: Also check all sub-paths for existing locks.
+        tokenOnly:
+            True: only a list of token is returned. This may be implemented
+            more efficiently by some providers.
+        Returns:
+            List of valid lock dictionaries (may be empty).
+        """
+        assert path and path.startswith("/")
+        assert includeRoot or includeChildren
+
+        def __appendLocks(toklist):
+            # Since we can do this quickly, we use self.get() even if
+            # tokenOnly is set, so expired locks are purged.
+            for token in toklist:
+                lock_db = self.get_lock_db_from_token(token)
+                if lock_db:
+                    if tokenOnly:
+                        lockList.append(lock_db.token)
+                    else:
+                        lockList.append(from_base_to_dict(lock_db))
+
+        path = normalizeLockRoot(path)
+        self._lock.acquireRead()
+        try:
+            tokList = self._session.query(Url2Token.token).filter(Url2Token.path == path).all()
+            lockList = []
+            if includeRoot:
+                __appendLocks(tokList)
+
+            if includeChildren:
+                for url, in self._session.query(Url2Token.path).group_by(Url2Token.path):
+                    if util.isChildUri(path, url):
+                        __appendLocks(self._session.query(Url2Token.token).filter(Url2Token.path == url))
+
+            return lockList
+        finally:
+            self._lock.release()

backend/tracim/lib/webdav/middlewares.py

@@ -0,0 +1,295 @@
+import os
+import sys
+import threading
+import time
+from datetime import datetime
+from xml.etree import ElementTree
+
+import transaction
+import yaml
+from pyramid.paster import get_appsettings
+from wsgidav import util, compat
+from wsgidav.middleware import BaseMiddleware
+
+from tracim import CFG
+from tracim.lib.core.user import UserApi
+from tracim.models import get_engine, get_session_factory, get_tm_session
+
+
+class TracimWsgiDavDebugFilter(BaseMiddleware):
+    """
+    COPY PASTE OF wsgidav.debug_filter.WsgiDavDebugFilter
+    WITH ADD OF DUMP RESPONSE & REQUEST
+    """
+    def __init__(self, application, config):
+        self._application = application
+        self._config = config
+        #        self.out = sys.stderr
+        self.out = sys.stdout
+        self.passedLitmus = {}
+        # These methods boost verbose=2 to verbose=3
+        self.debug_methods = config.get("debug_methods", [])
+        # Litmus tests containing these string boost verbose=2 to verbose=3
+        self.debug_litmus = config.get("debug_litmus", [])
+        # Exit server, as soon as this litmus test has finished
+        self.break_after_litmus = [
+            #                                   "locks: 15",
+        ]
+
+        self.last_request_time = '__NOT_SET__'
+
+        # We disable request content dump for moment
+        # if self._config.get('dump_requests'):
+        #     # Monkey patching
+        #     old_parseXmlBody = util.parseXmlBody
+        #     def new_parseXmlBody(environ, allowEmpty=False):
+        #         xml = old_parseXmlBody(environ, allowEmpty)
+        #         self._dump_request(environ, xml)
+        #         return xml
+        #     util.parseXmlBody = new_parseXmlBody
+
+    def __call__(self, environ, start_response):
+        """"""
+        #        srvcfg = environ["wsgidav.config"]
+        verbose = self._config.get("verbose", 2)
+        self.last_request_time = '{0}_{1}'.format(
+            datetime.utcnow().strftime('%Y-%m-%d_%H-%M-%S'),
+            int(round(time.time() * 1000)),
+        )
+
+        method = environ["REQUEST_METHOD"]
+
+        debugBreak = False
+        dumpRequest = False
+        dumpResponse = False
+
+        if verbose >= 3 or self._config.get("dump_requests"):
+            dumpRequest = dumpResponse = True
+
+        # Process URL commands
+        if "dump_storage" in environ.get("QUERY_STRING"):
+            dav = environ.get("wsgidav.provider")
+            if dav.lockManager:
+                dav.lockManager._dump()
+            if dav.propManager:
+                dav.propManager._dump()
+
+        # Turn on max. debugging for selected litmus tests
+        litmusTag = environ.get("HTTP_X_LITMUS",
+                                environ.get("HTTP_X_LITMUS_SECOND"))
+        if litmusTag and verbose >= 2:
+            print("----\nRunning litmus test '%s'..." % litmusTag,
+                  file=self.out)
+            for litmusSubstring in self.debug_litmus:
+                if litmusSubstring in litmusTag:
+                    verbose = 3
+                    debugBreak = True
+                    dumpRequest = True
+                    dumpResponse = True
+                    break
+            for litmusSubstring in self.break_after_litmus:
+                if litmusSubstring in self.passedLitmus and litmusSubstring not in litmusTag:
+                    print(" *** break after litmus %s" % litmusTag,
+                          file=self.out)
+                    sys.exit(-1)
+                if litmusSubstring in litmusTag:
+                    self.passedLitmus[litmusSubstring] = True
+
+        # Turn on max. debugging for selected request methods
+        if verbose >= 2 and method in self.debug_methods:
+            verbose = 3
+            debugBreak = True
+            dumpRequest = True
+            dumpResponse = True
+
+        # Set debug options to environment
+        environ["wsgidav.verbose"] = verbose
+        #        environ["wsgidav.debug_methods"] = self.debug_methods
+        environ["wsgidav.debug_break"] = debugBreak
+        environ["wsgidav.dump_request_body"] = dumpRequest
+        environ["wsgidav.dump_response_body"] = dumpResponse
+
+        # Dump request headers
+        if dumpRequest:
+            print("<%s> --- %s Request ---" % (
+            threading.currentThread().ident, method), file=self.out)
+            for k, v in environ.items():
+                if k == k.upper():
+                    print("%20s: '%s'" % (k, v), file=self.out)
+            print("\n", file=self.out)
+            self._dump_request(environ, xml=None)
+
+        # Intercept start_response
+        #
+        sub_app_start_response = util.SubAppStartResponse()
+
+        nbytes = 0
+        first_yield = True
+        app_iter = self._application(environ, sub_app_start_response)
+
+        for v in app_iter:
+            # Start response (the first time)
+            if first_yield:
+                # Success!
+                start_response(sub_app_start_response.status,
+                               sub_app_start_response.response_headers,
+                               sub_app_start_response.exc_info)
+
+            # Dump response headers
+            if first_yield and dumpResponse:
+                print("<%s> --- %s Response(%s): ---" % (
+                threading.currentThread().ident,
+                method,
+                sub_app_start_response.status),
+                      file=self.out)
+                headersdict = dict(sub_app_start_response.response_headers)
+                for envitem in headersdict.keys():
+                    print("%s: %s" % (envitem, repr(headersdict[envitem])),
+                          file=self.out)
+                print("", file=self.out)
+
+            # Check, if response is a binary string, otherwise we probably have
+            # calculated a wrong content-length
+            assert compat.is_bytes(v), v
+
+            # Dump response body
+            drb = environ.get("wsgidav.dump_response_body")
+            if compat.is_basestring(drb):
+                # Middleware provided a formatted body representation
+                print(drb, file=self.out)
+            elif drb is True:
+                # Else dump what we get, (except for long GET responses)
+                if method == "GET":
+                    if first_yield:
+                        print(v[:50], "...", file=self.out)
+                elif len(v) > 0:
+                    print(v, file=self.out)
+
+            if dumpResponse:
+                self._dump_response(sub_app_start_response, drb)
+
+            drb = environ["wsgidav.dump_response_body"] = None
+
+            nbytes += len(v)
+            first_yield = False
+            yield v
+        if hasattr(app_iter, "close"):
+            app_iter.close()
+
+        # Start response (if it hasn't been done yet)
+        if first_yield:
+            # Success!
+            start_response(sub_app_start_response.status,
+                           sub_app_start_response.response_headers,
+                           sub_app_start_response.exc_info)
+
+        if dumpResponse:
+            print("\n<%s> --- End of %s Response (%i bytes) ---" % (
+            threading.currentThread().ident, method, nbytes), file=self.out)
+        return
+
+    def _dump_response(self, sub_app_start_response, drb):
+        dump_to_path = self._config.get(
+            'dump_requests_path',
+            '/tmp/wsgidav_dumps',
+        )
+        os.makedirs(dump_to_path, exist_ok=True)
+        dump_file = '{0}/{1}_RESPONSE_{2}.yml'.format(
+            dump_to_path,
+            self.last_request_time,
+            sub_app_start_response.status[0:3],
+        )
+        with open(dump_file, 'w+') as f:
+            dump_content = dict()
+            headers = {}
+            for header_tuple in sub_app_start_response.response_headers:
+                headers[header_tuple[0]] = header_tuple[1]
+            dump_content['headers'] = headers
+            if isinstance(drb, str):
+                dump_content['content'] = drb.replace('PROPFIND XML response body:\n', '')
+
+            f.write(yaml.dump(dump_content, default_flow_style=False))
+
+    def _dump_request(self, environ, xml):
+        dump_to_path = self._config.get(
+            'dump_requests_path',
+            '/tmp/wsgidav_dumps',
+        )
+        os.makedirs(dump_to_path, exist_ok=True)
+        dump_file = '{0}/{1}_REQUEST_{2}.yml'.format(
+            dump_to_path,
+            self.last_request_time,
+            environ['REQUEST_METHOD'],
+        )
+        with open(dump_file, 'w+') as f:
+            dump_content = dict()
+            dump_content['path'] = environ.get('PATH_INFO', '')
+            dump_content['Authorization'] = environ.get('HTTP_AUTHORIZATION', '')
+            if xml:
+                dump_content['content'] = ElementTree.tostring(xml, 'utf-8')
+
+            f.write(yaml.dump(dump_content, default_flow_style=False))
+
+
+class TracimEnforceHTTPS(BaseMiddleware):
+
+    def __init__(self, application, config):
+        super().__init__(application, config)
+        self._application = application
+        self._config = config
+
+    def __call__(self, environ, start_response):
+        # TODO - G.M - 06-03-2018 - Check protocol from http header first
+        # see http://www.bortzmeyer.org/7239.html
+        # if this params doesn't exist, rely on tracim config
+        # from tracim.config.app_cfg import CFG
+        # cfg = CFG.get_instance()
+        #
+        # if cfg.WEBSITE_BASE_URL.startswith('https'):
+        #     environ['wsgi.url_scheme'] = 'https'
+        return self._application(environ, start_response)
+
+
+class TracimEnv(BaseMiddleware):
+
+    def __init__(self, application, config):
+        super().__init__(application, config)
+        self._application = application
+        self._config = config
+        global_conf = get_appsettings(config['tracim_config']).global_conf
+        local_conf = get_appsettings(config['tracim_config'], 'tracim_web')
+        self.settings = global_conf
+        self.settings.update(local_conf)
+        self.engine = get_engine(self.settings)
+        self.session_factory = get_session_factory(self.engine)
+        self.app_config = CFG(self.settings)
+        self.app_config.configure_filedepot()
+
+    def __call__(self, environ, start_response):
+        # TODO - G.M - 18-05-2018 - This code should not create trouble
+        # with thread and database, this should be verify.
+        # see https://github.com/tracim/tracim_backend/issues/62
+        tm = transaction.manager
+        dbsession = get_tm_session(self.session_factory, tm)
+        environ['tracim_tm'] = tm
+        environ['tracim_dbsession'] = dbsession
+        environ['tracim_cfg'] = self.app_config
+        app = self._application(environ, start_response)
+        dbsession.close()
+        return app
+
+
+class TracimUserSession(BaseMiddleware):
+
+    def __init__(self, application, config):
+        super().__init__(application, config)
+        self._application = application
+        self._config = config
+
+    def __call__(self, environ, start_response):
+        environ['tracim_user'] = UserApi(
+            None,
+            session=environ['tracim_dbsession'],
+            config=environ['tracim_cfg'],
+        ).get_one_by_email(environ['http_authenticator.username'])
+        return self._application(environ, start_response)

backend/tracim/lib/webdav/model.py

@@ -0,0 +1,28 @@
+#coding: utf8
+
+from sqlalchemy import Column
+from sqlalchemy import ForeignKey
+from sqlalchemy.types import Unicode, UnicodeText, Float
+
+from wsgidav.compat import to_unicode
+
+
+class Lock(object):
+    __tablename__ = 'my_locks'
+
+    token = Column(UnicodeText, primary_key=True, unique=True, nullable=False)
+    depth = Column(Unicode(32), unique=False, nullable=False, default=to_unicode('infinity'))
+    root = Column(UnicodeText, unique=False, nullable=False)
+    type = Column(Unicode(32), unique=False, nullable=False, default=to_unicode('write'))
+    scope = Column(Unicode(32), unique=False, nullable=False, default=to_unicode('exclusive'))
+    owner = Column(UnicodeText, unique=False, nullable=False)
+    expire = Column(Float, unique=False, nullable=False)
+    principal = Column(Unicode(255), ForeignKey('my_users.display_name', ondelete="CASCADE"))
+    timeout = Column(Float, unique=False, nullable=False)
+
+
+class Url2Token(object):
+    __tablename__ = 'my_url2token'
+
+    token = Column(UnicodeText, primary_key=True, unique=True, nullable=False)
+    path = Column(UnicodeText, primary_key=True, unique=False, nullable=False)

backend/tracim/lib/webdav/utils.py

@@ -0,0 +1,212 @@
+# -*- coding: utf-8 -*-
+
+import transaction
+from os.path import normpath as base_normpath
+
+from sqlalchemy.orm import Session
+from wsgidav import util
+from wsgidav import compat
+
+from tracim.lib.core.content import ContentApi
+from tracim.models.data import Workspace, Content, ContentType, \
+    ActionDescription
+from tracim.models.revision_protection import new_revision
+
+
+def transform_to_display(string: str) -> str:
+    """
+    As characters that Windows does not support may have been inserted
+    through Tracim in names, before displaying information we update path
+    so that all these forbidden characters are replaced with similar
+    shape character that are allowed so that the user isn't trouble and
+    isn't limited in his naming choice
+    """
+    _TO_DISPLAY = {
+        '/': '⧸',
+        '\\': '⧹',
+        ':': '∶',
+        '*': '∗',
+        '?': 'ʔ',
+        '"': 'ʺ',
+        '<': '❮',
+        '>': '❯',
+        '|': '∣'
+    }
+
+    for key, value in _TO_DISPLAY.items():
+        string = string.replace(key, value)
+
+    return string
+
+
+def transform_to_bdd(string: str) -> str:
+    """
+    Called before sending request to the database to recover the right names
+    """
+    _TO_BDD = {
+        '⧸': '/',
+        '⧹': '\\',
+        '∶': ':',
+        '∗': '*',
+        'ʔ': '?',
+        'ʺ': '"',
+        '❮': '<',
+        '❯': '>',
+        '∣': '|'
+    }
+
+    for key, value in _TO_BDD.items():
+        string = string.replace(key, value)
+
+    return string
+
+
+def normpath(path):
+    if path == b'':
+        path = b'/'
+    elif path == '':
+        path = '/'
+    return base_normpath(path)
+
+
+class HistoryType(object):
+    Deleted = 'deleted'
+    Archived = 'archived'
+    Standard = 'standard'
+    All = 'all'
+
+
+class SpecialFolderExtension(object):
+    Deleted = '/.deleted'
+    Archived = '/.archived'
+    History = '/.history'
+
+
+class FakeFileStream(object):
+    """
+    Fake a FileStream that we're giving to wsgidav to receive data and create files / new revisions
+
+    There's two scenarios :
+    - when a new file is created, wsgidav will call the method createEmptyResource and except to get a _DAVResource
+    which should have both 'beginWrite' and 'endWrite' method implemented
+    - when a file which already exists is updated, he's going to call the 'beginWrite' function of the _DAVResource
+    to get a filestream and write content in it
+
+    In the first case scenario, the transfer takes two part : it first create the resource (createEmptyResource)
+    then add its content (beginWrite, write, close..). If we went without this class, we would create two revision
+    of the file upon creating a new file, which is not what we want.
+    """
+
+    def __init__(
+            self,
+            session: Session,
+            content_api: ContentApi,
+            workspace: Workspace,
+            path: str,
+            file_name: str='',
+            content: Content=None,
+            parent: Content=None
+    ):
+        """
+
+        :param content_api:
+        :param workspace:
+        :param path:
+        :param file_name:
+        :param content:
+        :param parent:
+        """
+        self._file_stream = compat.BytesIO()
+        self._session = session
+        self._file_name = file_name if file_name != '' else self._content.file_name
+        self._content = content
+        self._api = content_api
+        self._workspace = workspace
+        self._parent = parent
+        self._path = path
+
+    def getRefUrl(self) -> str:
+        """
+        As wsgidav expect to receive a _DAVResource upon creating a new resource, this method's result is used
+        by Windows client to establish both file's path and file's name
+        """
+        return self._path
+
+    def beginWrite(self, contentType) -> 'FakeFileStream':
+        """
+        Called by wsgidav, it expect a filestream which possess both 'write' and 'close' operation to write
+        the file content.
+        """
+        return self
+
+    def endWrite(self, withErrors: bool):
+        """
+        Called by request_server when finished writing everything.
+        As we call operation to create new content or revision in the close operation, called before endWrite, there
+        is nothing to do here.
+        """
+        pass
+
+    def write(self, s: str):
+        """
+        Called by request_server when writing content to files, we put it inside a filestream
+        """
+        self._file_stream.write(s)
+
+    def close(self):
+        """
+        Called by request_server when the file content has been written. We either add a new content or create
+        a new revision
+        """
+
+        self._file_stream.seek(0)
+
+        if self._content is None:
+            self.create_file()
+        else:
+            self.update_file()
+
+        transaction.commit()
+
+    def create_file(self):
+        """
+        Called when this is a new file; will create a new Content initialized with the correct content
+        """
+
+        is_temporary = self._file_name.startswith('.~') or self._file_name.startswith('~')
+
+        file = self._api.create(
+            filename=self._file_name,
+            content_type=ContentType.File,
+            workspace=self._workspace,
+            parent=self._parent,
+            is_temporary=is_temporary
+        )
+
+        self._api.update_file_data(
+            file,
+            self._file_name,
+            util.guessMimeType(self._file_name),
+            self._file_stream.read()
+        )
+
+        self._api.save(file, ActionDescription.CREATION)
+
+    def update_file(self):
+        """
+        Called when we're updating an existing content; we create a new revision and update the file content
+        """
+
+        with new_revision(
+                session=self._session,
+                content=self._content,
+                tm=transaction.manager,
+        ):
+            self._api.update_file_data(
+                self._content,
+                self._file_name,
+                util.guessMimeType(self._content.file_name),
+                self._file_stream.read()
+            )
+
+            self._api.save(self._content, ActionDescription.REVISION)

backend/tracim/migration/env.py

@@ -0,0 +1,78 @@
+# -*- coding: utf-8 -*-
+
+from __future__ import with_statement
+from alembic import context
+from sqlalchemy import engine_from_config, pool
+from tracim import models
+# from logging.config import fileConfig
+
+# this is the Alembic Config object, which provides
+# access to the values within the .ini file in use.
+config = context.config
+# Interpret the config file for Python logging.
+# This line sets up loggers basically.
+# fileConfig(config.config_file_name)
+
+# add your model's MetaData object here
+# for 'autogenerate' support
+# from myapp import mymodel
+# target_metadata = mymodel.Base.metadata
+
+target_metadata = models.meta.metadata
+
+# other values from the config, defined by the needs of env.py,
+# can be acquired:
+# my_important_option = config.get_main_option("my_important_option")
+# ... etc.
+
+
+def run_migrations_offline():
+    """Run migrations in 'offline' mode.
+
+    This configures the context with just a URL
+    and not an Engine, though an Engine is acceptable
+    here as well.  By skipping the Engine creation
+    we don't even need a DBAPI to be available.
+
+    Calls to context.execute() here emit the given string to the
+    script output.
+
+    """
+    url = config.get_main_option("sqlalchemy.url")
+    context.configure(url=url, version_table='migrate_version')
+
+    with context.begin_transaction():
+        context.run_migrations()
+
+
+def run_migrations_online():
+    """Run migrations in 'online' mode.
+
+    In this scenario we need to create an Engine
+    and associate a connection with the context.
+
+    """
+    engine = engine_from_config(
+                config.get_section(config.config_ini_section),
+                prefix='sqlalchemy.',
+                poolclass=pool.NullPool)
+
+    connection = engine.connect()
+    context.configure(
+                connection=connection,
+                target_metadata=target_metadata,
+                version_table='migrate_version'
+                )
+
+    try:
+        with context.begin_transaction():
+            context.run_migrations()
+    finally:
+        connection.close()
+        engine.dispose()
+
+
+if context.is_offline_mode():
+    run_migrations_offline()
+else:
+    run_migrations_online()

backend/tracim/migration/script.py.mako

@@ -0,0 +1,22 @@
+"""${message}
+
+Revision ID: ${up_revision}
+Revises: ${down_revision}
+Create Date: ${create_date}
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = ${repr(up_revision)}
+down_revision = ${repr(down_revision)}
+
+from alembic import op
+import sqlalchemy as sa
+${imports if imports else ""}
+
+def upgrade():
+    ${upgrades if upgrades else "pass"}
+
+
+def downgrade():
+    ${downgrades if downgrades else "pass"}

backend/tracim/migration/versions/2b4043fa2502_remove_webdav_right_digest_response_.py

@@ -0,0 +1,26 @@
+"""remove webdav_right_digest_response_hash from database
+
+Revision ID: 2b4043fa2502
+Revises: f3852e1349c4
+Create Date: 2018-03-13 14:41:38.590375
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '2b4043fa2502'
+down_revision = None
+
+from alembic import op
+from sqlalchemy import Column, Unicode
+
+
+def upgrade():
+    with op.batch_alter_table('users') as batch_op:
+        batch_op.drop_column('webdav_left_digest_response_hash')
+
+
+def downgrade():
+    with op.batch_alter_table('users') as batch_op:
+        batch_op.add_column(
+            Column('webdav_left_digest_response_hash', Unicode(128))
+        )

backend/tracim/migration/versions/ad79f58ec2bf_tracim_v2.py

@@ -0,0 +1,26 @@
+"""Tracim V2
+
+Revision ID: ad79f58ec2bf
+Revises: 2b4043fa2502
+Create Date: 2018-03-29 17:05:41.735260
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = 'ad79f58ec2bf'
+down_revision = '2b4043fa2502'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    pass
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    pass
+    # ### end Alembic commands ###

backend/tracim/models/__init__.py

@@ -0,0 +1,95 @@
+# -*- coding: utf-8 -*-
+from sqlalchemy import engine_from_config
+from sqlalchemy.event import listen
+from sqlalchemy.orm import sessionmaker
+from sqlalchemy.orm import configure_mappers
+import zope.sqlalchemy
+from .meta import DeclarativeBase
+from .revision_protection import prevent_content_revision_delete
+# import or define all models here to ensure they are attached to the
+# Base.metadata prior to any initialization routines
+from tracim.models.auth import User, Group, Permission
+from tracim.models.data import Content, ContentRevisionRO
+
+# run configure_mappers after defining all of the models to ensure
+# all relationships can be setup
+configure_mappers()
+
+
+def get_engine(settings, prefix='sqlalchemy.'):
+    return engine_from_config(settings, prefix)
+
+
+def get_session_factory(engine):
+    factory = sessionmaker(expire_on_commit=False)
+    factory.configure(bind=engine)
+    return factory
+
+
+def get_tm_session(session_factory, transaction_manager):
+    """
+    Get a ``sqlalchemy.orm.Session`` instance backed by a transaction.
+
+    This function will hook the _session to the transaction manager which
+    will take care of committing any changes.
+
+    - When using pyramid_tm it will automatically be committed or aborted
+      depending on whether an exception is raised.
+
+    - When using scripts you should wrap the _session in a manager yourself.
+      For example::
+
+          import transaction
+
+          engine = get_engine(settings)
+          session_factory = get_session_factory(engine)
+          with transaction.manager:
+              dbsession = get_tm_session(session_factory, transaction.manager)
+
+    """
+    dbsession = session_factory()
+    # FIXME - G.M - 02-05-2018 - Check Zope/Sqlalchemy session conf.
+    # We use both keep_session=True for zope and
+    # expire_on_commit=False for sessionmaker to keep session alive after
+    # commit ( in order  to not have trouble like
+    # https://github.com/tracim/tracim_backend/issues/52
+    # or detached objects problems).
+    # These problem happened because we use "commit" in our current code.
+    # Understand what those params really mean and check if it can cause
+    # troubles somewhere else.
+    # see https://stackoverflow.com/questions/16152241/how-to-get-a-sqlalchemy-session-managed-by-zope-transaction-that-has-the-same-sc  # nopep8
+    zope.sqlalchemy.register(
+        dbsession,
+        transaction_manager=transaction_manager,
+        keep_session=True,
+    )
+    listen(dbsession, 'before_flush', prevent_content_revision_delete)
+    return dbsession
+
+
+def includeme(config):
+    """
+    Initialize the model for a Pyramid app.
+
+    Activate this setup using ``config.include('tracim.models')``.
+
+    """
+    settings = config.get_settings()
+    settings['tm.manager_hook'] = 'pyramid_tm.explicit_manager'
+
+    # use pyramid_tm to hook the transaction lifecycle to the request
+    config.include('pyramid_tm')
+
+    # use pyramid_retry to retry a request when transient exceptions occur
+    config.include('pyramid_retry')
+
+    session_factory = get_session_factory(get_engine(settings))
+    config.registry['dbsession_factory'] = session_factory
+
+    # make request.dbsession available for use in Pyramid
+    config.add_request_method(
+        # r.tm is the transaction manager used by pyramid_tm
+        lambda r: get_tm_session(session_factory, r.tm),
+        'dbsession',
+        reify=True
+    )

backend/tracim/models/applications.py

@@ -0,0 +1,99 @@
+# coding=utf-8
+import typing
+
+
+class Application(object):
+    """
+    Application class with data needed for frontend
+    """
+    def __init__(
+            self,
+            label: str,
+            slug: str,
+            fa_icon: str,
+            hexcolor: str,
+            is_active: bool,
+            config: typing.Dict[str, str],
+            main_route: str,
+    ) -> None:
+        """
+        @param label: public label of application
+        @param slug: identifier of application
+        @param icon: font awesome icon class
+        @param hexcolor: hexa color of application main color
+        @param is_active: True if application enable, False if inactive
+        @param config: a dict with eventual application config
+        @param main_route: the route of the frontend "home" screen of
+        the application. For exemple, if you have an application
+        called "calendar", the main route will be something
+        like /#/workspace/{wid}/calendar.
+        """
+        self.label = label
+        self.slug = slug
+        self.fa_icon = fa_icon
+        self.hexcolor = hexcolor
+        self.is_active = is_active
+        self.config = config
+        self.main_route = main_route
+
+
+# default apps
+calendar = Application(
+    label='Calendar',
+    slug='calendar',
+    fa_icon='calendar',
+    hexcolor='#757575',
+    is_active=True,
+    config={},
+    main_route='/#/workspaces/{workspace_id}/calendar',
+)
+
+thread = Application(
+    label='Threads',
+    slug='contents/threads',
+    fa_icon='comments-o',
+    hexcolor='#ad4cf9',
+    is_active=True,
+    config={},
+    main_route='/#/workspaces/{workspace_id}/contents?type=thread',
+
+)
+
+_file = Application(
+    label='Files',
+    slug='contents/files',
+    fa_icon='paperclip',
+    hexcolor='#FF9900',
+    is_active=True,
+    config={},
+    main_route='/#/workspaces/{workspace_id}/contents?type=file',
+)
+
+markdownpluspage = Application(
+    label='Markdown Plus Documents',  # TODO - G.M - 24-05-2018 - Check label
+    slug='contents/markdownpluspage',
+    fa_icon='file-code-o',
+    hexcolor='#f12d2d',
+    is_active=True,
+    config={},
+    main_route='/#/workspaces/{workspace_id}/contents?type=markdownpluspage',
+)
+
+html_documents = Application(
+    label='Text Documents',  # TODO - G.M - 24-05-2018 - Check label
+    slug='contents/html-documents',
+    fa_icon='file-text-o',
+    hexcolor='#3f52e3',
+    is_active=True,
+    config={},
+    main_route='/#/workspaces/{workspace_id}/contents?type=html-documents',
+)
+# TODO - G.M - 08-06-2018 - This is hardcoded lists of app, make this dynamic.
+# List of applications
+applications = [
+    html_documents,
+    markdownpluspage,
+    _file,
+    thread,
+    calendar,
+]

backend/tracim/models/auth.py

@@ -0,0 +1,330 @@
+# -*- coding: utf-8 -*-
+"""
+Auth* related model.
+
+This is where the models used by the authentication stack are defined.
+
+It's perfectly fine to re-use this definition in the tracim application,
+though.
+"""
+import os
+import time
+import uuid
+
+from datetime import datetime
+from hashlib import sha256
+from typing import TYPE_CHECKING
+
+from sqlalchemy import Column
+from sqlalchemy import ForeignKey
+from sqlalchemy import Sequence
+from sqlalchemy import Table
+from sqlalchemy.ext.hybrid import hybrid_property
+from sqlalchemy.orm import relation
+from sqlalchemy.orm import relationship
+from sqlalchemy.orm import synonym
+from sqlalchemy.types import Boolean
+from sqlalchemy.types import DateTime
+from sqlalchemy.types import Integer
+from sqlalchemy.types import Unicode
+
+from tracim.lib.utils.translation import fake_translator as l_
+from tracim.models.meta import DeclarativeBase
+from tracim.models.meta import metadata
+if TYPE_CHECKING:
+    from tracim.models.data import Workspace
+    from tracim.models.data import UserRoleInWorkspace
+__all__ = ['User', 'Group', 'Permission']
+
+# This is the association table for the many-to-many relationship between
+# groups and permissions.
+group_permission_table = Table('group_permission', metadata,
+    Column('group_id', Integer, ForeignKey('groups.group_id',
+        onupdate="CASCADE", ondelete="CASCADE"), primary_key=True),
+    Column('permission_id', Integer, ForeignKey('permissions.permission_id',
+        onupdate="CASCADE", ondelete="CASCADE"), primary_key=True)
+)
+
+# This is the association table for the many-to-many relationship between
+# groups and members - this is, the memberships.
+user_group_table = Table('user_group', metadata,
+    Column('user_id', Integer, ForeignKey('users.user_id',
+        onupdate="CASCADE", ondelete="CASCADE"), primary_key=True),
+    Column('group_id', Integer, ForeignKey('groups.group_id',
+        onupdate="CASCADE", ondelete="CASCADE"), primary_key=True)
+)
+
+
+class Group(DeclarativeBase):
+
+    TIM_NOBODY = 0
+    TIM_USER = 1
+    TIM_MANAGER = 2
+    TIM_ADMIN = 3
+
+    TIM_NOBODY_GROUPNAME = 'nobody'
+    TIM_USER_GROUPNAME = 'users'
+    TIM_MANAGER_GROUPNAME = 'managers'
+    TIM_ADMIN_GROUPNAME = 'administrators'
+
+    __tablename__ = 'groups'
+
+    group_id = Column(Integer, Sequence('seq__groups__group_id'), autoincrement=True, primary_key=True)
+    group_name = Column(Unicode(16), unique=True, nullable=False)
+    display_name = Column(Unicode(255))
+    created = Column(DateTime, default=datetime.utcnow)
+
+    users = relationship('User', secondary=user_group_table, backref='groups')
+
+    def __repr__(self):
+        return '<Group: name=%s>' % repr(self.group_name)
+
+    def __unicode__(self):
+        return self.group_name
+
+    @classmethod
+    def by_group_name(cls, group_name, dbsession):
+        """Return the user object whose email address is ``email``."""
+        return dbsession.query(cls).filter_by(group_name=group_name).first()
+
+
+class Profile(object):
+    """This model is the "max" group associated to a given user."""
+
+    _NAME = [
+        Group.TIM_NOBODY_GROUPNAME,
+        Group.TIM_USER_GROUPNAME,
+        Group.TIM_MANAGER_GROUPNAME,
+        Group.TIM_ADMIN_GROUPNAME,
+    ]
+
+    _IDS = [
+        Group.TIM_NOBODY,
+        Group.TIM_USER,
+        Group.TIM_MANAGER,
+        Group.TIM_ADMIN,
+    ]
+
+    # TODO - G.M - 18-04-2018 [Cleanup] Drop this
+    # _LABEL = [l_('Nobody'),
+    #           l_('Users'),
+    #           l_('Global managers'),
+    #           l_('Administrators')]
+
+    def __init__(self, profile_id):
+        assert isinstance(profile_id, int)
+        self.id = profile_id
+        self.name = Profile._NAME[profile_id]
+        # TODO - G.M - 18-04-2018 [Cleanup] Drop this
+        # self.label = Profile._LABEL[profile_id]
+
+
+class User(DeclarativeBase):
+    """
+    User definition.
+
+    This is the user definition used by :mod:`repoze.who`, which requires at
+    least the ``email`` column.
+    """
+
+    __tablename__ = 'users'
+
+    user_id = Column(Integer, Sequence('seq__users__user_id'), autoincrement=True, primary_key=True)
+    email = Column(Unicode(255), unique=True, nullable=False)
+    display_name = Column(Unicode(255))
+    _password = Column('password', Unicode(128))
+    created = Column(DateTime, default=datetime.utcnow)
+    is_active = Column(Boolean, default=True, nullable=False)
+    imported_from = Column(Unicode(32), nullable=True)
+    timezone = Column(Unicode(255), nullable=False, server_default='')
+    # TODO - G.M - 04-04-2018 - [auth] Check if this is already needed
+    # with new auth system
+    auth_token = Column(Unicode(255))
+    auth_token_created = Column(DateTime)
+
+    @hybrid_property
+    def email_address(self):
+        return self.email
+
+    def __repr__(self):
+        return '<User: email=%s, display=%s>' % (
+                repr(self.email), repr(self.display_name))
+
+    def __unicode__(self):
+        return self.display_name or self.email
+
+    @property
+    def permissions(self):
+        """Return a set with all permissions granted to the user."""
+        perms = set()
+        for g in self.groups:
+            perms = perms | set(g.permissions)
+        return perms
+
+    @property
+    def profile(self) -> Profile:
+        profile_id = 0
+        if len(self.groups) > 0:
+            profile_id = max(group.group_id for group in self.groups)
+        return Profile(profile_id)
+
+    # TODO - G-M - 20-04-2018 - [Calendar] Replace this in context model object
+    # @property
+    # def calendar_url(self) -> str:
+    #     # TODO - 20160531 - Bastien: Cyclic import if import in top of file
+    #     from tracim.lib.calendar import CalendarManager
+    #     calendar_manager = CalendarManager(None)
+    #
+    #     return calendar_manager.get_user_calendar_url(self.user_id)
+
+    @classmethod
+    def by_email_address(cls, email, dbsession):
+        """Return the user object whose email address is ``email``."""
+        return dbsession.query(cls).filter_by(email=email).first()
+
+    @classmethod
+    def by_user_name(cls, username, dbsession):
+        """Return the user object whose user name is ``username``."""
+        return dbsession.query(cls).filter_by(email=username).first()
+
+    @classmethod
+    def _hash_password(cls, cleartext_password: str) -> str:
+        salt = sha256()
+        salt.update(os.urandom(60))
+        salt = salt.hexdigest()
+
+        hash = sha256()
+        # Make sure password is a str because we cannot hash unicode objects
+        hash.update((cleartext_password + salt).encode('utf-8'))
+        hash = hash.hexdigest()
+
+        ciphertext_password = salt + hash
+
+        # Make sure the hashed password is a unicode object at the end of the
+        # process because SQLAlchemy _wants_ unicode objects for Unicode cols
+        # FIXME - D.A. - 2013-11-20 - The following line has been removed since using python3. Is this normal ?!
+        # password = password.decode('utf-8')
+
+        return ciphertext_password
+
+    def _set_password(self, cleartext_password: str) -> None:
+        """
+        Set ciphertext password from cleartext password.
+
+        Hash cleartext password on the fly,
+        Store its ciphertext version,
+        """
+        self._password = self._hash_password(cleartext_password)
+
+    def _get_password(self) -> str:
+        """Return the hashed version of the password."""
+        return self._password
+
+    password = synonym('_password', descriptor=property(_get_password,
+                                                        _set_password))
+
+    def validate_password(self, cleartext_password: str) -> bool:
+        """
+        Check the password against existing credentials.
+
+        :param cleartext_password: the password that was provided by the user
+            to try and authenticate. This is the clear text version that we
+            will need to match against the hashed one in the database.
+        :type cleartext_password: unicode object.
+        :return: Whether the password is valid.
+        :rtype: bool
+
+        """
+        result = False
+        if self.password:
+            hash = sha256()
+            hash.update((cleartext_password + self.password[:64]).encode('utf-8'))
+            result = self.password[64:] == hash.hexdigest()
+        return result
+
+    def get_display_name(self, remove_email_part: bool=False) -> str:
+        """
+        Get a name to display from corresponding member or email.
+
+        :param remove_email_part: If True and display name based on email,
+            remove @xxx.xxx part of email in returned value
+        :return: display name based on user name or email.
+        """
+        if self.display_name:
+            return self.display_name
+        else:
+            if remove_email_part:
+                at_pos = self.email.index('@')
+                return self.email[0:at_pos]
+            return self.email
+
+    def get_role(self, workspace: 'Workspace') -> int:
+        for role in self.roles:
+            if role.workspace == workspace:
+                return role.role
+
+        return UserRoleInWorkspace.NOT_APPLICABLE
+
+    def get_active_roles(self) -> ['UserRoleInWorkspace']:
+        """
+        :return: list of roles of the user for all not-deleted workspaces
+        """
+        roles = []
+        for role in self.roles:
+            if not role.workspace.is_deleted:
+                roles.append(role)
+        return roles
+
+    # TODO - G.M - 04-04-2018 - [auth] Check if this is already needed
+    # with new auth system
+    def ensure_auth_token(self, validity_seconds, session) -> None:
+        """
+        Create auth_token if None, regenerate auth_token if too much old.
+
+        auth_token validity is set in
+        :return:
+        """
+
+        if not self.auth_token or not self.auth_token_created:
+            self.auth_token = str(uuid.uuid4())
+            self.auth_token_created = datetime.utcnow()
+            session.flush()
+            return
+
+        now_seconds = time.mktime(datetime.utcnow().timetuple())
+        auth_token_seconds = time.mktime(self.auth_token_created.timetuple())
+        difference = now_seconds - auth_token_seconds
+
+        if difference > validity_seconds:
+            self.auth_token = str(uuid.uuid4())
+            self.auth_token_created = datetime.utcnow()
+            session.flush()
+
+
+class Permission(DeclarativeBase):
+    """
+    Permission definition.
+
+    Only the ``permission_name`` column is required.
+
+    """
+
+    __tablename__ = 'permissions'
+
+    permission_id = Column(
+        Integer,
+        Sequence('seq__permissions__permission_id'),
+        autoincrement=True,
+        primary_key=True
+    )
+    permission_name = Column(Unicode(63), unique=True, nullable=False)
+    description = Column(Unicode(255))
+
+    groups = relation(Group, secondary=group_permission_table,
+                      backref='permissions')
+
+    def __repr__(self):
+        return '<Permission: name=%s>' % repr(self.permission_name)
+
+    def __unicode__(self):
+        return self.permission_name

backend/tracim/models/contents.py

@@ -0,0 +1,302 @@
+# -*- coding: utf-8 -*-
+import typing
+from enum import Enum
+
+from tracim.exceptions import ContentTypeNotExist
+from tracim.exceptions import ContentStatusNotExist
+from tracim.models.applications import html_documents
+from tracim.models.applications import _file
+from tracim.models.applications import thread
+from tracim.models.applications import markdownpluspage
+
+
+####
+# Content Status
+
+
+class GlobalStatus(Enum):
+    OPEN = 'open'
+    CLOSED = 'closed'
+
+
+class NewContentStatus(object):
+    """
+    Future ContentStatus object class
+    """
+    def __init__(
+            self,
+            slug: str,
+            global_status: str,
+            label: str,
+            fa_icon: str,
+            hexcolor: str,
+    ):
+        self.slug = slug
+        self.global_status = global_status
+        self.label = label
+        self.fa_icon = fa_icon
+        self.hexcolor = hexcolor
+
+
+open_status = NewContentStatus(
+    slug='open',
+    global_status=GlobalStatus.OPEN.value,
+    label='Open',
+    fa_icon='square-o',
+    hexcolor='#3f52e3',
+)
+
+closed_validated_status = NewContentStatus(
+    slug='closed-validated',
+    global_status=GlobalStatus.CLOSED.value,
+    label='Validated',
+    fa_icon='check-square-o',
+    hexcolor='#008000',
+)
+
+closed_unvalidated_status = NewContentStatus(
+    slug='closed-unvalidated',
+    global_status=GlobalStatus.CLOSED.value,
+    label='Cancelled',
+    fa_icon='close',
+    hexcolor='#f63434',
+)
+
+closed_deprecated_status = NewContentStatus(
+    slug='closed-deprecated',
+    global_status=GlobalStatus.CLOSED.value,
+    label='Deprecated',
+    fa_icon='warning',
+    hexcolor='#ababab',
+)
+
+
+CONTENT_DEFAULT_STATUS = [
+    open_status,
+    closed_validated_status,
+    closed_unvalidated_status,
+    closed_deprecated_status,
+]
+
+
+class ContentStatusLegacy(NewContentStatus):
+    """
+    Temporary remplacement object for Legacy ContentStatus Object
+    """
+    OPEN = open_status.slug
+    CLOSED_VALIDATED = closed_validated_status.slug
+    CLOSED_UNVALIDATED = closed_unvalidated_status.slug
+    CLOSED_DEPRECATED = closed_deprecated_status.slug
+
+    def __init__(self, slug: str):
+        for status in CONTENT_DEFAULT_STATUS:
+            if slug == status.slug:
+                super(ContentStatusLegacy, self).__init__(
+                    slug=status.slug,
+                    global_status=status.global_status,
+                    label=status.label,
+                    fa_icon=status.fa_icon,
+                    hexcolor=status.hexcolor,
+                )
+                return
+        raise ContentStatusNotExist()
+
+    @classmethod
+    def all(cls, type='') -> ['NewContentStatus']:
+        return CONTENT_DEFAULT_STATUS
+
+    @classmethod
+    def allowed_values(cls):
+        return [status.slug for status in CONTENT_DEFAULT_STATUS]
+
+
+####
+# ContentType
+
+
+class NewContentType(object):
+    """
+    Future ContentType object class
+    """
+    def __init__(
+            self,
+            slug: str,
+            fa_icon: str,
+            hexcolor: str,
+            label: str,
+            creation_label: str,
+            available_statuses: typing.List[NewContentStatus],
+
+    ):
+        self.slug = slug
+        self.fa_icon = fa_icon
+        self.hexcolor = hexcolor
+        self.label = label
+        self.creation_label = creation_label
+        self.available_statuses = available_statuses
+
+
+thread_type = NewContentType(
+    slug='thread',
+    fa_icon=thread.fa_icon,
+    hexcolor=thread.hexcolor,
+    label='Thread',
+    creation_label='Discuss about a topic',
+    available_statuses=CONTENT_DEFAULT_STATUS,
+)
+
+file_type = NewContentType(
+    slug='file',
+    fa_icon=_file.fa_icon,
+    hexcolor=_file.hexcolor,
+    label='File',
+    creation_label='Upload a file',
+    available_statuses=CONTENT_DEFAULT_STATUS,
+)
+
+markdownpluspage_type = NewContentType(
+    slug='markdownpage',
+    fa_icon=markdownpluspage.fa_icon,
+    hexcolor=markdownpluspage.hexcolor,
+    label='Rich Markdown File',
+    creation_label='Create a Markdown document',
+    available_statuses=CONTENT_DEFAULT_STATUS,
+)
+
+html_documents_type = NewContentType(
+    slug='html-documents',
+    fa_icon=html_documents.fa_icon,
+    hexcolor=html_documents.hexcolor,
+    label='Text Document',
+    creation_label='Write a document',
+    available_statuses=CONTENT_DEFAULT_STATUS,
+)
+
+# TODO - G.M - 31-05-2018 - Set Better folder params
+folder_type = NewContentType(
+    slug='folder',
+    fa_icon=thread.fa_icon,
+    hexcolor=thread.hexcolor,
+    label='Folder',
+    creation_label='Create collection of any documents',
+    available_statuses=CONTENT_DEFAULT_STATUS,
+)
+
+CONTENT_DEFAULT_TYPE = [
+    thread_type,
+    file_type,
+    markdownpluspage_type,
+    html_documents_type,
+    folder_type,
+]
+
+# TODO - G.M - 31-05-2018 - Set Better Event params
+event_type = NewContentType(
+    slug='event',
+    fa_icon=thread.fa_icon,
+    hexcolor=thread.hexcolor,
+    label='Event',
+    creation_label='Event',
+    available_statuses=CONTENT_DEFAULT_STATUS,
+)
+
+# TODO - G.M - 31-05-2018 - Set Better Event params
+comment_type = NewContentType(
+    slug='comment',
+    fa_icon=thread.fa_icon,
+    hexcolor=thread.hexcolor,
+    label='Comment',
+    creation_label='Comment',
+    available_statuses=CONTENT_DEFAULT_STATUS,
+)
+
+CONTENT_DEFAULT_TYPE_SPECIAL = [
+    event_type,
+    comment_type,
+]
+
+ALL_CONTENTS_DEFAULT_TYPES = CONTENT_DEFAULT_TYPE + CONTENT_DEFAULT_TYPE_SPECIAL
+
+
+class ContentTypeLegacy(NewContentType):
+    """
+    Temporary remplacement object for Legacy ContentType Object
+    """
+
+    # special type
+    Any = 'any'
+    Folder = 'folder'
+    Event = 'event'
+    Comment = 'comment'
+
+    File = file_type.slug
+    Thread = thread_type.slug
+    Page = html_documents_type.slug
+    PageLegacy = 'page'
+    MarkdownPage = markdownpluspage_type.slug
+
+    def __init__(self, slug: str):
+        if slug == 'page':
+            slug = ContentTypeLegacy.Page
+        for content_type in ALL_CONTENTS_DEFAULT_TYPES:
+            if slug == content_type.slug:
+                super(ContentTypeLegacy, self).__init__(
+                    slug=content_type.slug,
+                    fa_icon=content_type.fa_icon,
+                    hexcolor=content_type.hexcolor,
+                    label=content_type.label,
+                    creation_label=content_type.creation_label,
+                    available_statuses=content_type.available_statuses
+                )
+                return
+        raise ContentTypeNotExist()
+
+    def get_slug_aliases(self) -> typing.List[str]:
+        """
+        Get all slug aliases of a content,
+        useful for legacy code convertion
+        """
+        # TODO - G.M - 2018-07-05 - Remove this legacy compat code
+        # when possible.
+        page_alias = [self.Page, self.PageLegacy]
+        if self.slug in page_alias:
+            return page_alias
+        else:
+            return [self.slug]
+
+    @classmethod
+    def all(cls) -> typing.List[str]:
+        return cls.allowed_types()
+
+    @classmethod
+    def allowed_types(cls) -> typing.List[str]:
+        contents_types = [status.slug for status in ALL_CONTENTS_DEFAULT_TYPES]
+        return contents_types
+
+    @classmethod
+    def allowed_type_values(cls) -> typing.List[str]:
+        """
+        All content type slug + special values like any
+        """
+        content_types = cls.allowed_types()
+        content_types.append(ContentTypeLegacy.Any)
+        return content_types
+
+    @classmethod
+    def allowed_types_for_folding(cls):
+        # This method is used for showing only "main"
+        # types in the left-side treeview
+        contents_types = [status.slug for status in CONTENT_DEFAULT_TYPE]
+        return contents_types
+
+    # TODO - G.M - 30-05-2018 - This method don't do anything.
+    @classmethod
+    def sorted(cls, types: ['ContentType']) -> ['ContentType']:
+        return types
+
+    @property
+    def id(self):
+        return self.slug
+
+    def toDict(self):
+        raise NotImplementedError()

backend/tracim/models/context_models.py

@@ -0,0 +1,810 @@
+# coding=utf-8
+import typing
+from datetime import datetime
+from enum import Enum
+
+from slugify import slugify
+from sqlalchemy.orm import Session
+from tracim import CFG
+from tracim.config import PreviewDim
+from tracim.models import User
+from tracim.models.auth import Profile
+from tracim.models.data import Content
+from tracim.models.data import ContentRevisionRO
+from tracim.models.data import Workspace
+from tracim.models.data import UserRoleInWorkspace
+from tracim.models.roles import WorkspaceRoles
+from tracim.models.workspace_menu_entries import default_workspace_menu_entry
+from tracim.models.workspace_menu_entries import WorkspaceMenuEntry
+from tracim.models.contents import ContentTypeLegacy as ContentType
+
+
+class PreviewAllowedDim(object):
+
+    def __init__(
+            self,
+            restricted:bool,
+            dimensions: typing.List[PreviewDim]
+    ) -> None:
+        self.restricted = restricted
+        self.dimensions = dimensions
+
+
+class MoveParams(object):
+    """
+    Json body params for move action model
+    """
+    def __init__(self, new_parent_id: str, new_workspace_id: str = None) -> None:  # nopep8
+        self.new_parent_id = new_parent_id
+        self.new_workspace_id = new_workspace_id
+
+
+class LoginCredentials(object):
+    """
+    Login credentials model for login model
+    """
+
+    def __init__(self, email: str, password: str) -> None:
+        self.email = email
+        self.password = password
+
+
+class SetEmail(object):
+    """
+    Just an email
+    """
+    def __init__(self, loggedin_user_password: str, email: str) -> None:
+        self.loggedin_user_password = loggedin_user_password
+        self.email = email
+
+
+class SetPassword(object):
+    """
+    Just an password
+    """
+    def __init__(self,
+        loggedin_user_password: str,
+        new_password: str,
+        new_password2: str
+    ) -> None:
+        self.loggedin_user_password = loggedin_user_password
+        self.new_password = new_password
+        self.new_password2 = new_password2
+
+
+class UserInfos(object):
+    """
+    Just some user infos
+    """
+    def __init__(self, timezone: str, public_name: str) -> None:
+        self.timezone = timezone
+        self.public_name = public_name
+
+
+class UserProfile(object):
+    """
+    Just some user infos
+    """
+    def __init__(self, profile: str) -> None:
+        self.profile = profile
+
+
+class UserCreation(object):
+    """
+    Just some user infos
+    """
+    def __init__(
+            self,
+            email: str,
+            password: str,
+            public_name: str,
+            timezone: str,
+            profile: str,
+            email_notification: str,
+    ) -> None:
+        self.email = email
+        self.password = password
+        self.public_name = public_name
+        self.timezone = timezone
+        self.profile = profile
+        self.email_notification = email_notification
+
+
+class WorkspaceAndContentPath(object):
+    """
+    Paths params with workspace id and content_id model
+    """
+    def __init__(self, workspace_id: int, content_id: int) -> None:
+        self.content_id = content_id
+        self.workspace_id = workspace_id
+
+
+class WorkspaceAndContentRevisionPath(object):
+    """
+    Paths params with workspace id and content_id model
+    """
+    def __init__(self, workspace_id: int, content_id: int, revision_id) -> None:
+        self.content_id = content_id
+        self.revision_id = revision_id
+        self.workspace_id = workspace_id
+
+
+class ContentPreviewSizedPath(object):
+    """
+    Paths params with workspace id and content_id, width, heigth
+    """
+    def __init__(self, workspace_id: int, content_id: int, width: int, height: int) -> None:  # nopep8
+        self.content_id = content_id
+        self.workspace_id = workspace_id
+        self.width = width
+        self.height = height
+
+
+class RevisionPreviewSizedPath(object):
+    """
+    Paths params with workspace id and content_id, revision_id width, heigth
+    """
+    def __init__(self, workspace_id: int, content_id: int, revision_id: int, width: int, height: int) -> None:  # nopep8
+        self.content_id = content_id
+        self.revision_id = revision_id
+        self.workspace_id = workspace_id
+        self.width = width
+        self.height = height
+
+
+class WorkspaceAndUserPath(object):
+    """
+    Paths params with workspace id and user_id
+    """
+    def __init__(self, workspace_id: int, user_id: int):
+        self.workspace_id = workspace_id
+        self.user_id = workspace_id
+
+
+class UserWorkspaceAndContentPath(object):
+    """
+    Paths params with user_id, workspace id and content_id model
+    """
+    def __init__(self, user_id: int, workspace_id: int, content_id: int) -> None:  # nopep8
+        self.content_id = content_id
+        self.workspace_id = workspace_id
+        self.user_id = user_id
+
+
+class CommentPath(object):
+    """
+    Paths params with workspace id and content_id and comment_id model
+    """
+    def __init__(
+        self,
+        workspace_id: int,
+        content_id: int,
+        comment_id: int
+    ) -> None:
+        self.content_id = content_id
+        self.workspace_id = workspace_id
+        self.comment_id = comment_id
+
+
+class PageQuery(object):
+    """
+    Page query model
+    """
+    def __init__(
+            self,
+            page: int = 0
+    ):
+        self.page = page
+
+
+class ContentFilter(object):
+    """
+    Content filter model
+    """
+    def __init__(
+            self,
+            workspace_id: int = None,
+            parent_id: int = None,
+            show_archived: int = 0,
+            show_deleted: int = 0,
+            show_active: int = 1,
+            content_type: str = None,
+            offset: int = None,
+            limit: int = None,
+    ) -> None:
+        self.parent_id = parent_id
+        self.workspace_id = workspace_id
+        self.show_archived = bool(show_archived)
+        self.show_deleted = bool(show_deleted)
+        self.show_active = bool(show_active)
+        self.limit = limit
+        self.offset = offset
+        self.content_type = content_type
+
+
+class ActiveContentFilter(object):
+    def __init__(
+            self,
+            limit: int = None,
+            before_datetime: datetime = None,
+    ):
+        self.limit = limit
+        self.before_datetime = before_datetime
+
+
+class ContentIdsQuery(object):
+    def __init__(
+            self,
+            contents_ids: typing.List[int] = None,
+    ):
+        self.contents_ids = contents_ids
+
+
+class RoleUpdate(object):
+    """
+    Update role
+    """
+    def __init__(
+        self,
+        role: str,
+    ):
+        self.role = role
+
+
+class WorkspaceMemberInvitation(object):
+    """
+    Workspace Member Invitation
+    """
+    def __init__(
+        self,
+        user_id: int,
+        user_email_or_public_name: str,
+        role: str,
+    ):
+        self.role = role
+        self.user_email_or_public_name = user_email_or_public_name
+        self.user_id = user_id
+
+
+class WorkspaceUpdate(object):
+    """
+    Update workspace
+    """
+    def __init__(
+        self,
+        label: str,
+        description: str,
+    ):
+        self.label = label
+        self.description = description
+
+
+class ContentCreation(object):
+    """
+    Content creation model
+    """
+    def __init__(
+            self,
+            label: str,
+            content_type: str,
+            parent_id: typing.Optional[int] = None,
+    ) -> None:
+        self.label = label
+        self.content_type = content_type
+        self.parent_id = parent_id
+
+
+class CommentCreation(object):
+    """
+    Comment creation model
+    """
+    def __init__(
+            self,
+            raw_content: str,
+    ) -> None:
+        self.raw_content = raw_content
+
+
+class SetContentStatus(object):
+    """
+    Set content status
+    """
+    def __init__(
+            self,
+            status: str,
+    ) -> None:
+        self.status = status
+
+
+class TextBasedContentUpdate(object):
+    """
+    TextBasedContent update model
+    """
+    def __init__(
+            self,
+            label: str,
+            raw_content: str,
+    ) -> None:
+        self.label = label
+        self.raw_content = raw_content
+
+
+class TypeUser(Enum):
+    """Params used to find user"""
+    USER_ID = 'found_id'
+    EMAIL = 'found_email'
+    PUBLIC_NAME = 'found_public_name'
+
+
+class UserInContext(object):
+    """
+    Interface to get User data and User data related to context.
+    """
+
+    def __init__(self, user: User, dbsession: Session, config: CFG):
+        self.user = user
+        self.dbsession = dbsession
+        self.config = config
+
+    # Default
+
+    @property
+    def email(self) -> str:
+        return self.user.email
+
+    @property
+    def user_id(self) -> int:
+        return self.user.user_id
+
+    @property
+    def public_name(self) -> str:
+        return self.display_name
+
+    @property
+    def display_name(self) -> str:
+        return self.user.display_name
+
+    @property
+    def created(self) -> datetime:
+        return self.user.created
+
+    @property
+    def is_active(self) -> bool:
+        return self.user.is_active
+
+    @property
+    def timezone(self) -> str:
+        return self.user.timezone
+
+    @property
+    def profile(self) -> Profile:
+        return self.user.profile.name
+
+    # Context related
+
+    @property
+    def calendar_url(self) -> typing.Optional[str]:
+        # TODO - G-M - 20-04-2018 - [Calendar] Replace calendar code to get
+        # url calendar url.
+        #
+        # from tracim.lib.calendar import CalendarManager
+        # calendar_manager = CalendarManager(None)
+        # return calendar_manager.get_workspace_calendar_url(self.workspace_id)
+        return None
+
+    @property
+    def avatar_url(self) -> typing.Optional[str]:
+        # TODO - G-M - 20-04-2018 - [Avatar] Add user avatar feature
+        return None
+
+
+class WorkspaceInContext(object):
+    """
+    Interface to get Workspace data and Workspace data related to context.
+    """
+
+    def __init__(self, workspace: Workspace, dbsession: Session, config: CFG):
+        self.workspace = workspace
+        self.dbsession = dbsession
+        self.config = config
+
+    @property
+    def workspace_id(self) -> int:
+        """
+        numeric id of the workspace.
+        """
+        return self.workspace.workspace_id
+
+    @property
+    def id(self) -> int:
+        """
+        alias of workspace_id
+        """
+        return self.workspace_id
+
+    @property
+    def label(self) -> str:
+        """
+        get workspace label
+        """
+        return self.workspace.label
+
+    @property
+    def description(self) -> str:
+        """
+        get workspace description
+        """
+        return self.workspace.description
+
+    @property
+    def slug(self) -> str:
+        """
+        get workspace slug
+        """
+        return slugify(self.workspace.label)
+
+    @property
+    def sidebar_entries(self) -> typing.List[WorkspaceMenuEntry]:
+        """
+        get sidebar entries, those depends on activated apps.
+        """
+        # TODO - G.M - 22-05-2018 - Rework on this in
+        # order to not use hardcoded list
+        # list should be able to change (depending on activated/disabled
+        # apps)
+        return default_workspace_menu_entry(self.workspace)
+
+
+class UserRoleWorkspaceInContext(object):
+    """
+    Interface to get UserRoleInWorkspace data and related content
+
+    """
+    def __init__(
+            self,
+            user_role: UserRoleInWorkspace,
+            dbsession: Session,
+            config: CFG,
+            # Extended params
+            newly_created: bool = None,
+            email_sent: bool = None
+    )-> None:
+        self.user_role = user_role
+        self.dbsession = dbsession
+        self.config = config
+        # Extended params
+        self.newly_created = newly_created
+        self.email_sent = email_sent
+
+    @property
+    def user_id(self) -> int:
+        """
+        User who has the role has this id
+        :return: user id as integer
+        """
+        return self.user_role.user_id
+
+    @property
+    def workspace_id(self) -> int:
+        """
+        This role apply only on the workspace with this workspace_id
+        :return: workspace id as integer
+        """
+        return self.user_role.workspace_id
+
+    # TODO - G.M - 23-05-2018 - Check the API spec for this this !
+
+    @property
+    def role_id(self) -> int:
+        """
+        role as int id, each value refer to a different role.
+        """
+        return self.user_role.role
+
+    @property
+    def role(self) -> str:
+        return self.role_slug
+
+    @property
+    def role_slug(self) -> str:
+        """
+        simple name of the role of the user.
+        can be anything from UserRoleInWorkspace SLUG, like
+        'not_applicable', 'reader',
+        'contributor', 'content-manager', 'workspace-manager'
+        :return: user workspace role as slug.
+        """
+        return WorkspaceRoles.get_role_from_level(self.user_role.role).slug
+
+    @property
+    def is_active(self) -> bool:
+        return self.user.is_active
+
+    @property
+    def user(self) -> UserInContext:
+        """
+        User who has this role, with context data
+        :return: UserInContext object
+        """
+        return UserInContext(
+            self.user_role.user,
+            self.dbsession,
+            self.config
+        )
+
+    @property
+    def workspace(self) -> WorkspaceInContext:
+        """
+        Workspace related to this role, with his context data
+        :return: WorkspaceInContext object
+        """
+        return WorkspaceInContext(
+            self.user_role.workspace,
+            self.dbsession,
+            self.config
+        )
+
+
+class ContentInContext(object):
+    """
+    Interface to get Content data and Content data related to context.
+    """
+
+    def __init__(self, content: Content, dbsession: Session, config: CFG, user: User=None):  # nopep8
+        self.content = content
+        self.dbsession = dbsession
+        self.config = config
+        self._user = user
+
+    # Default
+    @property
+    def content_id(self) -> int:
+        return self.content.content_id
+
+    @property
+    def parent_id(self) -> int:
+        """
+        Return parent_id of the content
+        """
+        return self.content.parent_id
+
+    @property
+    def workspace_id(self) -> int:
+        return self.content.workspace_id
+
+    @property
+    def label(self) -> str:
+        return self.content.label
+
+    @property
+    def content_type(self) -> str:
+        content_type = ContentType(self.content.type)
+        return content_type.slug
+
+    @property
+    def sub_content_types(self) -> typing.List[str]:
+        return [_type.slug for _type in self.content.get_allowed_content_types()]  # nopep8
+
+    @property
+    def status(self) -> str:
+        return self.content.status
+
+    @property
+    def is_archived(self):
+        return self.content.is_archived
+
+    @property
+    def is_deleted(self):
+        return self.content.is_deleted
+
+    @property
+    def raw_content(self):
+        return self.content.description
+
+    @property
+    def author(self):
+        return UserInContext(
+            dbsession=self.dbsession,
+            config=self.config,
+            user=self.content.first_revision.owner
+        )
+
+    @property
+    def current_revision_id(self):
+        return self.content.revision_id
+
+    @property
+    def created(self):
+        return self.content.created
+
+    @property
+    def modified(self):
+        return self.updated
+
+    @property
+    def updated(self):
+        return self.content.updated
+
+    @property
+    def last_modifier(self):
+        return UserInContext(
+            dbsession=self.dbsession,
+            config=self.config,
+            user=self.content.last_revision.owner
+        )
+
+    # Context-related
+    @property
+    def show_in_ui(self):
+        # TODO - G.M - 31-05-2018 - Enable Show_in_ui params
+        # if false, then do not show content in the treeview.
+        # This may his maybe used for specific contents or for sub-contents.
+        # Default is True.
+        # In first version of the API, this field is always True
+        return True
+
+    @property
+    def slug(self):
+        return slugify(self.content.label)
+
+    @property
+    def read_by_user(self):
+        assert self._user
+        return not self.content.has_new_information_for(self._user)
+
+
+class RevisionInContext(object):
+    """
+    Interface to get Content data and Content data related to context.
+    """
+
+    def __init__(self, content_revision: ContentRevisionRO, dbsession: Session, config: CFG):
+        assert content_revision is not None
+        self.revision = content_revision
+        self.dbsession = dbsession
+        self.config = config
+
+    # Default
+    @property
+    def content_id(self) -> int:
+        return self.revision.content_id
+
+    @property
+    def parent_id(self) -> int:
+        """
+        Return parent_id of the content
+        """
+        return self.revision.parent_id
+
+    @property
+    def workspace_id(self) -> int:
+        return self.revision.workspace_id
+
+    @property
+    def label(self) -> str:
+        return self.revision.label
+
+    @property
+    def revision_type(self) -> str:
+        return self.revision.revision_type
+
+    @property
+    def content_type(self) -> str:
+        content_type = ContentType(self.revision.type)
+        if content_type:
+            return content_type.slug
+        else:
+            return None
+
+    @property
+    def sub_content_types(self) -> typing.List[str]:
+        return [_type.slug for _type
+                in self.revision.node.get_allowed_content_types()]
+
+    @property
+    def status(self) -> str:
+        return self.revision.status
+
+    @property
+    def is_archived(self) -> bool:
+        return self.revision.is_archived
+
+    @property
+    def is_deleted(self) -> bool:
+        return self.revision.is_deleted
+
+    @property
+    def raw_content(self) -> str:
+        return self.revision.description
+
+    @property
+    def author(self) -> UserInContext:
+        return UserInContext(
+            dbsession=self.dbsession,
+            config=self.config,
+            user=self.revision.owner
+        )
+
+    @property
+    def revision_id(self) -> int:
+        return self.revision.revision_id
+
+    @property
+    def created(self) -> datetime:
+        return self.updated
+
+    @property
+    def modified(self) -> datetime:
+        return self.updated
+
+    @property
+    def updated(self) -> datetime:
+        return self.revision.updated
+
+    @property
+    def next_revision(self) -> typing.Optional[ContentRevisionRO]:
+        """
+        Get next revision (later revision)
+        :return: next_revision
+        """
+        next_revision = None
+        revisions = self.revision.node.revisions
+        # INFO - G.M - 2018-06-177 - Get revisions more recent that
+        # current one
+        next_revisions = [
+            revision for revision in revisions
+            if revision.revision_id > self.revision.revision_id
+        ]
+        if next_revisions:
+            # INFO - G.M - 2018-06-177 -sort revisions by date
+            sorted_next_revisions = sorted(
+                next_revisions,
+                key=lambda revision: revision.updated
+            )
+            # INFO - G.M - 2018-06-177 - return only next revision
+            return sorted_next_revisions[0]
+        else:
+            return None
+
+    @property
+    def comment_ids(self) -> typing.List[int]:
+        """
+        Get list of ids of all current revision related comments
+        :return: list of comments ids
+        """
+        comments = self.revision.node.get_comments()
+        # INFO - G.M - 2018-06-177 - Get comments more recent than revision.
+        revision_comments = [
+            comment for comment in comments
+            if comment.created > self.revision.updated
+        ]
+        if self.next_revision:
+            # INFO - G.M - 2018-06-177 - if there is a revision more recent
+            # than current remove comments from theses rev (comments older
+            # than next_revision.)
+            revision_comments = [
+                comment for comment in revision_comments
+                if comment.created < self.next_revision.updated
+            ]
+        sorted_revision_comments = sorted(
+            revision_comments,
+            key=lambda revision: revision.created
+        )
+        comment_ids = []
+        for comment in sorted_revision_comments:
+            comment_ids.append(comment.content_id)
+        return comment_ids
+
+    # Context-related
+    @property
+    def show_in_ui(self) -> bool:
+        # TODO - G.M - 31-05-2018 - Enable Show_in_ui params
+        # if false, then do not show content in the treeview.
+        # This may his maybe used for specific contents or for sub-contents.
+        # Default is True.
+        # In first version of the API, this field is always True
+        return True
+
+    @property
+    def slug(self) -> str:
+        return slugify(self.revision.label)

backend/tracim/models/meta.py

@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.schema import MetaData
+
+# Recommended naming convention used by Alembic, as various different database
+# providers will autogenerate vastly different names making migrations more
+# difficult. See: http://alembic.zzzcomputing.com/en/latest/naming.html
+NAMING_CONVENTION = {
+    "ix": "ix_%(column_0_label)s",
+    "uq": "uq__%(table_name)s__%(column_0_name)s",  # Unique constrains
+    # TODO - G.M - 28-03-2018 - [Database] Convert database to allow naming convention
+    # for ck contraint.
+    # "ck": "ck_%(table_name)s_%(constraint_name)s",
+    "fk": "fk_%(table_name)s_%(column_0_name)s_%(referred_table_name)s",
+    "pk": "pk_%(table_name)s"
+}
+
+metadata = MetaData(naming_convention=NAMING_CONVENTION)
+DeclarativeBase = declarative_base(metadata=metadata)

backend/tracim/models/organisational.py

@@ -0,0 +1,54 @@
+# -*- coding: utf-8 -*-
+from tracim.models import User
+from tracim.models.data import UserRoleInWorkspace
+
+
+CALENDAR_PERMISSION_READ = 'r'
+CALENDAR_PERMISSION_WRITE = 'w'
+
+
+class Calendar(object):
+    def __init__(self, related_object, path):
+        self._related_object = related_object
+        self._path = path
+
+    @property
+    def related_object(self):
+        return self._related_object
+
+    def user_can_read(self, user: User) -> bool:
+        raise NotImplementedError()
+
+    def user_can_write(self, user: User) -> bool:
+        raise NotImplementedError()
+
+
+class UserCalendar(Calendar):
+    def user_can_write(self, user: User) -> bool:
+        return self._related_object.user_id == user.user_id
+
+    def user_can_read(self, user: User) -> bool:
+        return self._related_object.user_id == user.user_id
+
+
+class WorkspaceCalendar(Calendar):
+    _workspace_rights = {
+        UserRoleInWorkspace.NOT_APPLICABLE:
+            [],
+        UserRoleInWorkspace.READER:
+            [CALENDAR_PERMISSION_READ],
+        UserRoleInWorkspace.CONTRIBUTOR:
+            [CALENDAR_PERMISSION_READ, CALENDAR_PERMISSION_WRITE],
+        UserRoleInWorkspace.CONTENT_MANAGER:
+            [CALENDAR_PERMISSION_READ, CALENDAR_PERMISSION_WRITE],
+        UserRoleInWorkspace.WORKSPACE_MANAGER:
+            [CALENDAR_PERMISSION_READ, CALENDAR_PERMISSION_WRITE],
+    }
+
+    def user_can_write(self, user: User) -> bool:
+        role = user.get_role(self._related_object)
+        return CALENDAR_PERMISSION_WRITE in self._workspace_rights[role]
+
+    def user_can_read(self, user: User) -> bool:
+        role = user.get_role(self._related_object)
+        return CALENDAR_PERMISSION_READ in self._workspace_rights[role]

backend/tracim/models/revision_protection.py

@@ -0,0 +1,97 @@
+# -*- coding: utf-8 -*-
+from sqlalchemy.orm import Session
+from sqlalchemy import inspect
+from sqlalchemy.orm.unitofwork import UOWTransaction
+from transaction import TransactionManager
+from contextlib import contextmanager
+
+from tracim.exceptions import ContentRevisionDeleteError
+from tracim.exceptions import ContentRevisionUpdateError
+from tracim.exceptions import SameValueError
+
+from tracim.models.data import ContentRevisionRO
+from tracim.models.data import Content
+from tracim.models.meta import DeclarativeBase
+
+
+def prevent_content_revision_delete(
+        session: Session,
+        flush_context: UOWTransaction,
+        instances: [DeclarativeBase]
+) -> None:
+    for instance in session.deleted:
+        if isinstance(instance, ContentRevisionRO) \
+                and instance.revision_id is not None:
+            raise ContentRevisionDeleteError(
+                "ContentRevision is not deletable. " +
+                "You must make a new revision with" +
+                "is_deleted set to True. Look at " +
+                "tracim.model.new_revision context " +
+                "manager to make a new revision"
+            )
+
+
+class RevisionsIntegrity(object):
+    """
+    Simple static used class to manage a list with list of ContentRevisionRO
+    who are allowed to be updated.
+
+    When modify an already existing (understood have an identity in databse)
+    ContentRevisionRO, if it's not in RevisionsIntegrity._updatable_revisions
+    list, a ContentRevisionUpdateError thrown.
+
+    This class is used by tracim.model.new_revision context manager.
+    """
+    _updatable_revisions = []
+
+    @classmethod
+    def add_to_updatable(cls, revision: 'ContentRevisionRO') -> None:
+        if inspect(revision).has_identity:
+            raise ContentRevisionUpdateError("ContentRevision is not updatable. %s already have identity." % revision)  # nopep8
+
+        if revision not in cls._updatable_revisions:
+            cls._updatable_revisions.append(revision)
+
+    @classmethod
+    def remove_from_updatable(cls, revision: 'ContentRevisionRO') -> None:
+        if revision in cls._updatable_revisions:
+            cls._updatable_revisions.remove(revision)
+
+    @classmethod
+    def is_updatable(cls, revision: 'ContentRevisionRO') -> bool:
+        return revision in cls._updatable_revisions
+
+
+@contextmanager
+def new_revision(
+        session: Session,
+        tm: TransactionManager,
+        content: Content,
+        force_create_new_revision: bool=False,
+) -> Content:
+    """
+    Prepare context to update a Content. It will add a new updatable revision
+    to the content.
+    :param session: Database _session
+    :param tm: TransactionManager
+    :param content: Content instance to update
+    :param force_create_new_revision: Decide if new_rev should or should not
+    be forced.
+    :return:
+    """
+    with session.no_autoflush:
+        try:
+            if force_create_new_revision \
+                    or inspect(content.revision).has_identity:
+                content.new_revision()
+            RevisionsIntegrity.add_to_updatable(content.revision)
+            yield content
+        except SameValueError or ValueError as e:
+            # INFO - 20-03-2018 - renew transaction when error happened
+            # This avoid bad _session data like new "temporary" revision
+            # to be add when problem happen.
+            tm.abort()
+            tm.begin()
+            raise e
+        finally:
+            RevisionsIntegrity.remove_from_updatable(content.revision)

backend/tracim/models/roles.py

@@ -0,0 +1,61 @@
+import typing
+from enum import Enum
+
+from tracim.exceptions import RoleDoesNotExist
+
+
+class WorkspaceRoles(Enum):
+    """
+    Available role for workspace.
+    All roles should have a unique level and unique slug.
+    level is role value store in database and is also use for
+    permission check.
+    slug is for http endpoints and other place where readability is
+    needed.
+    """
+    NOT_APPLICABLE = (0, 'not-applicable')
+    READER = (1, 'reader')
+    CONTRIBUTOR = (2, 'contributor')
+    CONTENT_MANAGER = (4, 'content-manager')
+    WORKSPACE_MANAGER = (8, 'workspace-manager')
+
+    def __init__(self, level, slug):
+        self.level = level
+        self.slug = slug
+    
+    @property
+    def label(self):
+        """ Return valid label associated to role"""
+        # TODO - G.M - 2018-06-180 - Make this work correctly
+        return self.slug
+
+    @classmethod
+    def get_all_valid_role(cls) -> typing.List['WorkspaceRoles']:
+        """
+        Return all valid role value
+        """
+        return [item for item in list(WorkspaceRoles) if item.level > 0]
+
+    @classmethod
+    def get_role_from_level(cls, level: int) -> 'WorkspaceRoles':
+        """
+        Obtain Workspace role from a level value
+        :param level: level value as int
+        :return: correct workspace role related
+        """
+        roles = [item for item in list(WorkspaceRoles) if item.level == level]
+        if len(roles) != 1:
+            raise RoleDoesNotExist()
+        return roles[0]
+
+    @classmethod
+    def get_role_from_slug(cls, slug: str) -> 'WorkspaceRoles':
+        """
+        Obtain Workspace role from a slug value
+        :param slug: slug value as str
+        :return: correct workspace role related
+        """
+        roles = [item for item in list(WorkspaceRoles) if item.slug == slug]
+        if len(roles) != 1:
+            raise RoleDoesNotExist()
+        return roles[0]

backend/tracim/models/workspace_menu_entries.py

@@ -0,0 +1,71 @@
+# coding=utf-8
+import typing
+from copy import copy
+
+from tracim.models.applications import applications
+from tracim.models.data import Workspace
+
+
+class WorkspaceMenuEntry(object):
+    """
+    Application class with data needed for frontend
+    """
+    def __init__(
+            self,
+            label: str,
+            slug: str,
+            fa_icon: str,
+            hexcolor: str,
+            route: str,
+    ) -> None:
+        self.slug = slug
+        self.label = label
+        self.route = route
+        self.hexcolor = hexcolor
+        self.fa_icon = fa_icon
+
+dashboard_menu_entry = WorkspaceMenuEntry(
+  slug='dashboard',
+  label='Dashboard',
+  route='/#/workspaces/{workspace_id}/dashboard',
+  hexcolor='#252525',
+  fa_icon="signal",
+)
+all_content_menu_entry = WorkspaceMenuEntry(
+  slug="contents/all",
+  label="All Contents",
+  route="/#/workspaces/{workspace_id}/contents",
+  hexcolor="#fdfdfd",
+  fa_icon="th",
+)
+
+# TODO - G.M - 08-06-2018 - This is hardcoded default menu entry,
+#  of app, make this dynamic (and loaded from application system)
+def default_workspace_menu_entry(
+    workspace: Workspace,
+)-> typing.List[WorkspaceMenuEntry]:
+    """
+    Get default menu entry for a workspace
+    """
+    menu_entries = [
+        copy(dashboard_menu_entry),
+        copy(all_content_menu_entry),
+    ]
+    for app in applications:
+        if app.main_route:
+            new_entry = WorkspaceMenuEntry(
+                slug=app.slug,
+                label=app.label,
+                hexcolor=app.hexcolor,
+                fa_icon=app.fa_icon,
+                route=app.main_route
+            )
+            menu_entries.append(new_entry)
+
+    for entry in menu_entries:
+        entry.route = entry.route.replace(
+            '{workspace_id}',
+            str(workspace.workspace_id)
+        )
+
+    return menu_entries

backend/tracim/templates/mail/content_update_body_html.mak

@@ -0,0 +1,73 @@
+## -*- coding: utf-8 -*-
+<html>
+  <head>
+    <style>
+      a { color: #3465af;}
+      a.call-to-action {
+        background: #3465af;
+        padding: 3px 4px 5px 4px;
+        border: 1px solid #12438d;
+        font-weight: bold;
+        color: #FFF;
+        text-decoration: none;
+        margin-left: 5px;
+      }
+      a.call-to-action img { vertical-align: middle;}
+      th { vertical-align: top;}
+      
+      #content-intro-username { font-size: 1.5em; color: #666; font-weight: bold; }
+      #content-intro { margin: 0; border: 1em solid #DDD; border-width: 0 0 0 0em; padding: 1em 1em 1em 1em; }
+      #content-body { margin: 0em; border: 2em solid #DDD; border-width: 0 0 0 4em; padding: 0.5em 2em 1em 1em; }
+      #content-body-intro { font-size: 2em; color: #666; }
+      #content-body-only-title { font-size: 1.5em; }
+
+      #content-body ins { background-color: #AFA; }
+      #content-body del { background-color: #FAA; }
+
+
+      #call-to-action-button { background-color: #5CB85C; border: 1px solid #4CAE4C; color: #FFF; text-decoration: none; font-weight: bold; border-radius: 3px; font-size: 2em; padding: 4px 0.3em;}
+      #call-to-action-container { text-align: right; margin-top: 2em; }
+
+      #footer hr { border: 0px solid #CCC; border-top-width: 1px; width: 8em; max-width:25%; margin-left: 0;}
+      #footer { color: #999; margin: 4em auto auto 0.5em; }
+      #footer a { color: #999; }
+    </style>
+  </head>
+  <body style="font-family: Arial; font-size: 12px; max-width: 600px; margin: 0; padding: 0;">
+
+    <table style="width: 100%; cell-padding: 0; border-collapse: collapse; margin: 0">
+      <tr style="background-color: F5F5F5; border-bottom: 1px solid #CCC;" >
+        <td style="background-color: #666;">
+            <img alt="logo" src="${logo_url}" style="vertical-align: middle;">
+        </td>
+        <td style="padding: 0.5em; background-color: #666; text-align: left;">
+          <span style="font-size: 1.3em; color: #FFF; font-weight: bold;">
+            ${main_title}
+            &mdash;&nbsp;<span style="font-weight: bold; color: #999; font-weight: bold;">
+              ${status_label|n}
+              <img alt="status_icon" src="${status_icon_url}" style="vertical-align: middle;">
+            </span>
+        </td>
+      </tr>
+    </table>
+
+    <p id="content-intro">${content_intro|n}</p>
+    <div id="content-body">
+        <div>${content_text|n}</div>
+        <div href='' id="call-to-action-container">
+        </div>
+    </div>
+    
+    <div id="footer">
+        <p>
+
+            ${_('{user_display_name}, you receive this email because you are registered on <i>{website_title}</i> and you are <i>{user_role_label}</i> in the workspace <a href="{workspace_url}">{workspace_label}</a>.').format(user_display_name=user.display_name, user_role_label=role_label, workspace_url=workspace_url, workspace_label=workspace.label, website_title=config.WEBSITE_TITLE)|n}
+        </p>
+        <hr/>
+        <p>
+            ${_('This email was automatically sent by <i>Tracim</i>, a collaborative software developped by Algoo.')}<br/>
+            Algoo SAS &mdash; 340 Rue de l'Eygala, 38430 Moirans, France &mdash; <a style="text-decoration: none;" href="http://algoo.fr">www.algoo.fr</a>
+        </p>
+    </div>
+  </body>
+</html>

backend/tracim/templates/mail/content_update_body_text.mak

@@ -0,0 +1,31 @@
+## -*- coding: utf-8 -*-
+
+Dear ${user.display_name},
+
+This email is intended to be read as HTML content.
+Please configure your email client to get the best of Tracim notifications.
+
+We understand that Email was originally intended to carry raw text only.
+And you probably understand on your own that we are a decades after email
+was created ;)
+
+Hope you'll switch your mail client configuration and enjoy Tracim :)
+
+
+--------------------------------------------------------------------------------
+
+
+You receive this email because you are registered on /${config.WEBSITE_TITLE}/
+and you are /${role_label}/ in the workspace /${workspace.label}/
+
+----
+
+This email was automatically sent by *Tracim*,
+a collaborative software developped by Algoo.
+
+**Algoo SAS**
+340 Rue de l'Eygala
+38430 Moirans
+France
+http://algoo.fr
+

backend/tracim/templates/mail/created_account_body_html.mak

@@ -0,0 +1,88 @@
+## -*- coding: utf-8 -*-
+<html>
+  <head>
+    <style>
+      a { color: #3465af;}
+      a.call-to-action {
+        background: #3465af;
+        padding: 3px 4px 5px 4px;
+        border: 1px solid #12438d;
+        font-weight: bold;
+        color: #FFF;
+        text-decoration: none;
+        margin-left: 5px;
+      }
+      a.call-to-action img { vertical-align: middle;}
+      th { vertical-align: top;}
+      
+      #content-intro-username { font-size: 1.5em; color: #666; font-weight: bold; }
+      #content-intro { margin: 0; border: 1em solid #DDD; border-width: 0 0 0 0em; padding: 1em 1em 1em 1em; }
+      #content-body { margin: 0em; border: 2em solid #DDD; border-width: 0 0 0 4em; padding: 0.5em 2em 1em 1em; }
+      #content-body-intro { font-size: 2em; color: #666; }
+      #content-body-only-title { font-size: 1.5em; }
+
+      #content-body ins { background-color: #AFA; }
+      #content-body del { background-color: #FAA; }
+
+
+      #call-to-action-button { background-color: #5CB85C; border: 1px solid #4CAE4C; color: #FFF; text-decoration: none; font-weight: bold; border-radius: 3px; font-size: 2em; padding: 4px 0.3em;}
+      #call-to-action-container { text-align: right; margin-top: 2em; }
+
+      #footer hr { border: 0px solid #CCC; border-top-width: 1px; width: 8em; max-width:25%; margin-left: 0;}
+      #footer { color: #999; margin: 4em auto auto 0.5em; }
+      #footer a { color: #999; }
+    </style>
+  </head>
+  <body style="font-family: Arial; font-size: 12px; max-width: 600px; margin: 0; padding: 0;">
+
+    <table style="width: 100%; cell-padding: 0; border-collapse: collapse; margin: 0">
+      <tr style="background-color: F5F5F5; border-bottom: 1px solid #CCC;" >
+        <td style="background-color: #666;">
+            <img alt="logo" src="${logo_url}" style="vertical-align: middle;">
+        </td>
+        <td style="padding: 0.5em; background-color: #666; text-align: left;">
+          <span style="font-size: 1.3em; color: #FFF; font-weight: bold;">
+
+            ${config.WEBSITE_TITLE}: ${_('Created account')}
+
+          </span>
+        </td>
+      </tr>
+    </table>
+
+    <div id="content-body">
+        <div>
+            ${_('An administrator just create account for you on {website_title}'.format(
+                website_title=config.WEBSITE_TITLE
+            ))}
+
+            <ul>
+                <li>
+                    <b>${_('Login')}</b>: ${user.email}
+                </li>
+                <li>
+                    <b>${_('Password')}</b>: ${password}
+                </li>
+            </ul>
+
+        </div>
+        <div id="call-to-action-container">
+
+            ${_('To go to {website_title}, please click on following link'.format(
+                website_title=config.WEBSITE_TITLE
+            ))}
+
+            <span style="">
+                <a href="${login_url}" id='call-to-action-button'>${login_url}</a>
+            </span>
+        </div>
+    </div>
+    
+    <div id="footer">
+        <p>
+            ${_('This email was sent by <i>Tracim</i>, a collaborative software developped by Algoo.')}<br/>
+            Algoo SAS &mdash; 340 Rue de l'Eygala, 38430 Moirans, France &mdash; <a style="text-decoration: none;" href="http://algoo.fr">www.algoo.fr</a>
+        </p>
+    </div>
+  </body>
+</html>

backend/tracim/templates/mail/created_account_body_text.mak

@@ -0,0 +1,25 @@
+## -*- coding: utf-8 -*-
+
+${_('An administrator just create account for you on {website_title}'.format(
+    website_title=config.WEBSITE_TITLE
+))}
+
+* ${_('Login')}: ${user.email}
+* ${_('Password')}: ${password}
+
+${_('To go to {website_title}, please click on following link'.format(
+    website_title=config.WEBSITE_TITLE
+))}
+
+${login_url}
+
+--------------------------------------------------------------------------------
+
+This email was sent by *Tracim*,
+a collaborative software developped by Algoo.
+
+**Algoo SAS**
+340 Rue de l'Eygala
+38430 Moirans
+France
+http://algoo.fr

backend/tracim/tests/__init__.py

@@ -0,0 +1,293 @@
+# -*- coding: utf-8 -*-
+import unittest
+
+import plaster
+import requests
+import transaction
+from depot.manager import DepotManager
+from pyramid import testing
+from sqlalchemy.exc import IntegrityError
+
+from tracim.lib.core.content import ContentApi
+from tracim.lib.core.workspace import WorkspaceApi
+from tracim.models import get_engine
+from tracim.models import DeclarativeBase
+from tracim.models import get_session_factory
+from tracim.models import get_tm_session
+from tracim.models.data import Workspace
+from tracim.models.data import ContentType
+from tracim.models.data import ContentRevisionRO
+from tracim.models.data import Content
+from tracim.lib.utils.logger import logger
+from tracim.fixtures import FixturesLoader
+from tracim.fixtures.users_and_groups import Base as BaseFixture
+from tracim.config import CFG
+from tracim.extensions import hapic
+from tracim import web
+from webtest import TestApp
+from io import BytesIO
+from PIL import Image
+
+
+def eq_(a, b, msg=None):
+    # TODO - G.M - 05-04-2018 - Remove this when all old nose code is removed
+    assert a == b, msg or "%r != %r" % (a, b)
+
+# TODO - G.M - 2018-06-179 - Refactor slug change function
+#  as a kind of pytest fixture ?
+
+
+def set_html_document_slug_to_legacy(session_factory) -> None:
+    """
+    Simple function to help some functional test. This modify "html-documents"
+    type content in database to legacy "page" slug.
+    :param session_factory: session factory of the test
+    :return: Nothing.
+    """
+    dbsession = get_tm_session(
+        session_factory,
+        transaction.manager
+    )
+    content_query = dbsession.query(ContentRevisionRO).filter(ContentRevisionRO.type == 'page').filter(ContentRevisionRO.content_id == 6)  # nopep8
+    assert content_query.count() == 0
+    html_documents_query = dbsession.query(ContentRevisionRO).filter(ContentRevisionRO.type == 'html-documents')  # nopep8
+    html_documents_query.update({ContentRevisionRO.type: 'page'})
+    transaction.commit()
+    assert content_query.count() > 0
+
+
+def create_1000px_png_test_image():
+    file = BytesIO()
+    image = Image.new('RGBA', size=(1000, 1000), color=(0, 0, 0))
+    image.save(file, 'png')
+    file.name = 'test_image.png'
+    file.seek(0)
+    return file
+
+
+class FunctionalTest(unittest.TestCase):
+
+    fixtures = [BaseFixture]
+    sqlalchemy_url = 'sqlite:///tracim_test.sqlite'
+
+    def setUp(self):
+        logger._logger.setLevel('WARNING')
+        DepotManager._clear()
+        self.settings = {
+            'sqlalchemy.url': self.sqlalchemy_url,
+            'user.auth_token.validity': '604800',
+            'depot_storage_dir': '/tmp/test/depot',
+            'depot_storage_name': 'test',
+            'preview_cache_dir': '/tmp/test/preview_cache',
+            'preview.jpg.restricted_dims': True,
+            'email.notification.activated': 'false',
+        }
+        hapic.reset_context()
+        self.engine = get_engine(self.settings)
+        DeclarativeBase.metadata.create_all(self.engine)
+        self.session_factory = get_session_factory(self.engine)
+        self.app_config = CFG(self.settings)
+        self.app_config.configure_filedepot()
+        self.init_database(self.settings)
+        DepotManager._clear()
+        self.run_app()
+
+    def run_app(self):
+        app = web({}, **self.settings)
+        self.testapp = TestApp(app)
+
+    def init_database(self, settings):
+        with transaction.manager:
+            dbsession = get_tm_session(self.session_factory, transaction.manager)
+            try:
+                fixtures_loader = FixturesLoader(dbsession, self.app_config)
+                fixtures_loader.loads(self.fixtures)
+                transaction.commit()
+                print("Database initialized.")
+            except IntegrityError:
+                print('Warning, there was a problem when adding default data'
+                      ', it may have already been added:')
+                import traceback
+                print(traceback.format_exc())
+                transaction.abort()
+                print('Database initialization failed')
+
+    def tearDown(self):
+        logger.debug(self, 'TearDown Test...')
+        from tracim.models.meta import DeclarativeBase
+
+        testing.tearDown()
+        transaction.abort()
+        DeclarativeBase.metadata.drop_all(self.engine)
+        DepotManager._clear()
+
+
+class FunctionalTestEmptyDB(FunctionalTest):
+    fixtures = []
+
+
+class FunctionalTestNoDB(FunctionalTest):
+    sqlalchemy_url = 'sqlite://'
+
+    def init_database(self, settings):
+        self.engine = get_engine(settings)
+
+
+class CommandFunctionalTest(FunctionalTest):
+
+    def run_app(self):
+        self.session = get_tm_session(self.session_factory, transaction.manager)
+
+
+class BaseTest(unittest.TestCase):
+    """
+    Pyramid default test.
+    """
+
+    config_uri = 'tests_configs.ini'
+    config_section = 'base_test'
+
+    def setUp(self):
+        logger._logger.setLevel('WARNING')
+        logger.debug(self, 'Setup Test...')
+        self.settings = plaster.get_settings(
+            self.config_uri,
+            self.config_section
+        )
+        self.config = testing.setUp(settings = self.settings)
+        self.config.include('tracim.models')
+        DepotManager._clear()
+        DepotManager.configure(
+            'test', {'depot.backend': 'depot.io.memory.MemoryFileStorage'}
+        )
+        settings = self.config.get_settings()
+        self.app_config = CFG(settings)
+        from tracim.models import (
+            get_engine,
+            get_session_factory,
+            get_tm_session,
+        )
+
+        self.engine = get_engine(settings)
+        session_factory = get_session_factory(self.engine)
+
+        self.session = get_tm_session(session_factory, transaction.manager)
+        self.init_database()
+
+    def init_database(self):
+        logger.debug(self, 'Init Database Schema...')
+        from tracim.models.meta import DeclarativeBase
+        DeclarativeBase.metadata.create_all(self.engine)
+
+    def tearDown(self):
+        logger.debug(self, 'TearDown Test...')
+        from tracim.models.meta import DeclarativeBase
+
+        testing.tearDown()
+        transaction.abort()
+        DeclarativeBase.metadata.drop_all(self.engine)
+
+
+class StandardTest(BaseTest):
+    """
+    BaseTest with default fixtures
+    """
+    fixtures = [BaseFixture]
+
+    def init_database(self):
+        BaseTest.init_database(self)
+        fixtures_loader = FixturesLoader(
+            session=self.session,
+            config=CFG(self.config.get_settings()))
+        fixtures_loader.loads(self.fixtures)
+
+
+class DefaultTest(StandardTest):
+
+    def _create_workspace_and_test(self, name, user) -> Workspace:
+        """
+        All extra parameters (*args, **kwargs) are for Workspace init
+        :return: Created workspace instance
+        """
+        WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_workspace(name, save_now=True)
+
+        eq_(
+            1,
+            self.session.query(Workspace).filter(
+                Workspace.label == name
+            ).count()
+        )
+        return self.session.query(Workspace).filter(
+            Workspace.label == name
+        ).one()
+
+    def _create_content_and_test(
+            self,
+            name,
+            workspace,
+            *args,
+            **kwargs
+    ) -> Content:
+        """
+        All extra parameters (*args, **kwargs) are for Content init
+        :return: Created Content instance
+        """
+        content = Content(*args, **kwargs)
+        content.label = name
+        content.workspace = workspace
+        self.session.add(content)
+        self.session.flush()
+
+        content_api = ContentApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        eq_(
+            1,
+            content_api.get_canonical_query().filter(
+                Content.label == name
+            ).count()
+        )
+        return content_api.get_canonical_query().filter(
+            Content.label == name
+        ).one()
+
+    def _create_thread_and_test(self,
+                                user,
+                                workspace_name='workspace_1',
+                                folder_name='folder_1',
+                                thread_name='thread_1') -> Content:
+        """
+        :return: Thread
+        """
+        workspace = self._create_workspace_and_test(workspace_name, user)
+        folder = self._create_content_and_test(
+            folder_name, workspace,
+            type=ContentType.Folder,
+            owner=user
+        )
+        thread = self._create_content_and_test(
+            thread_name,
+            workspace,
+            type=ContentType.Thread,
+            parent=folder,
+            owner=user
+        )
+        return thread
+
+
+class MailHogTest(DefaultTest):
+    """
+    Theses test need a working mailhog
+    """
+
+    config_section = 'mail_test'
+
+    def tearDown(self):
+        logger.debug(self, 'Cleanup MailHog list...')
+        requests.delete('http://127.0.0.1:8025/api/v1/messages')

backend/tracim/tests/commands/__init__.py

@@ -0,0 +1 @@
+# coding=utf-8

backend/tracim/tests/commands/test_commands.py

@@ -0,0 +1,200 @@
+# -*- coding: utf-8 -*-
+import os
+import subprocess
+import pytest
+import tracim
+from tracim.command import TracimCLI
+from tracim.exceptions import UserAlreadyExistError
+from tracim.exceptions import BadCommandError
+from tracim.exceptions import GroupDoesNotExist
+from tracim.exceptions import UserDoesNotExist
+from tracim.lib.core.user import UserApi
+from tracim.tests import CommandFunctionalTest
+
+
+class TestCommands(CommandFunctionalTest):
+    """
+    Test tracimcli command line ui.
+    """
+
+    config_section = 'app:command_test'
+
+    def test_func__check_commands_list__ok__nominal_case(self) -> None:
+        """
+        Test listing of tracimcli command: Tracim commands must be listed
+        :return:
+        """
+        os.chdir(os.path.dirname(tracim.__file__) + '/../')
+
+        output = subprocess.check_output(["tracimcli", "-h"])
+        output = output.decode('utf-8')
+
+        assert output.find('user create') > 0
+        assert output.find('user update') > 0
+        assert output.find('db init') > 0
+        assert output.find('db delete') > 0
+        assert output.find('webdav start') > 0
+
+    def test_func__user_create_command__ok__nominal_case(self) -> None:
+        """
+        Test User creation
+        """
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        with pytest.raises(UserDoesNotExist):
+            api.get_one_by_email('command_test@user')
+        app = TracimCLI()
+        result = app.run([
+            'user', 'create',
+            '-c', 'tests_configs.ini#command_test',
+            '-l', 'command_test@user',
+            '-p', 'new_password',
+            '--debug',
+        ])
+        new_user = api.get_one_by_email('command_test@user')
+        assert new_user.email == 'command_test@user'
+        assert new_user.validate_password('new_password')
+        assert new_user.profile.name == 'users'
+
+    def test_func__user_create_command__ok__in_admin_group(self) -> None:
+        """
+        Test User creation with admin as group
+        """
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        with pytest.raises(UserDoesNotExist):
+            api.get_one_by_email('command_test@user')
+        app = TracimCLI()
+        result = app.run([
+            'user', 'create',
+            '-c', 'tests_configs.ini#command_test',
+            '-l', 'command_test@user',
+            '-p', 'new_password',
+            '-g', 'administrators',
+            '--debug',
+        ])
+        new_user = api.get_one_by_email('command_test@user')
+        assert new_user.email == 'command_test@user'
+        assert new_user.validate_password('new_password')
+        assert new_user.profile.name == 'administrators'
+
+    def test_func__user_create_command__err__in_unknown_group(self) -> None:
+        """
+        Test User creation with an unknown group
+        """
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        app = TracimCLI()
+        with pytest.raises(GroupDoesNotExist):
+            result = app.run([
+                'user', 'create',
+                '-c', 'tests_configs.ini#command_test',
+                '-l', 'command_test@user',
+                '-p', 'new_password',
+                '-g', 'unknown',
+                '--debug',
+            ])
+
+    def test_func__user_create_command__err_user_already_exist(self) -> None:
+        """
+        Test User creation with existing user login
+        """
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        app = TracimCLI()
+        with pytest.raises(UserAlreadyExistError):
+            result = app.run([
+                '--debug',
+                'user', 'create',
+                '-c', 'tests_configs.ini#command_test',
+                '-l', 'admin@admin.admin',
+                '-p', 'new_password',
+                '--debug',
+            ])
+
+    def test_func__user_create_command__err__password_required(self) -> None:
+        """
+        Test User creation without filling password
+        """
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        app = TracimCLI()
+        with pytest.raises(BadCommandError):
+            result = app.run([
+                '--debug',
+                'user', 'create',
+                '-c', 'tests_configs.ini#command_test',
+                '-l', 'admin@admin.admin',
+                '--debug',
+            ])
+
+    def test_func__user_update_command__ok__nominal_case(self) -> None:
+        """
+        Test user password update
+        """
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        user = api.get_one_by_email('admin@admin.admin')
+        assert user.email == 'admin@admin.admin'
+        assert user.validate_password('admin@admin.admin')
+        assert not user.validate_password('new_password')
+
+        app = TracimCLI()
+        result = app.run([
+            'user', 'update',
+            '-c', 'tests_configs.ini#command_test',
+            '-l', 'admin@admin.admin',
+            '-p', 'new_password',
+            '--debug',
+        ])
+        new_user = api.get_one_by_email('admin@admin.admin')
+        assert new_user.email == 'admin@admin.admin'
+        assert new_user.validate_password('new_password')
+        assert not new_user.validate_password('admin@admin.admin')
+
+    def test_func__user_update_command__ok__remove_group(self) -> None:
+        """
+        Test user password update
+        """
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        user = api.get_one_by_email('admin@admin.admin')
+        assert user.email == 'admin@admin.admin'
+        assert user.validate_password('admin@admin.admin')
+        assert not user.validate_password('new_password')
+        assert user.profile.name == 'administrators'
+        app = TracimCLI()
+        result = app.run([
+            'user', 'update',
+            '-c', 'tests_configs.ini#command_test',
+            '-l', 'admin@admin.admin',
+            '-p', 'new_password',
+            '-rmg', 'administrators',
+            '--debug',
+        ])
+        new_user = api.get_one_by_email('admin@admin.admin')
+        assert new_user.email == 'admin@admin.admin'
+        assert new_user.validate_password('new_password')
+        assert not new_user.validate_password('admin@admin.admin')
+        assert new_user.profile.name == 'managers'

backend/tracim/tests/functional/test_comments.py

@@ -0,0 +1,304 @@
+# -*- coding: utf-8 -*-
+from tracim.tests import FunctionalTest
+from tracim.fixtures.content import Content as ContentFixtures
+from tracim.fixtures.users_and_groups import Base as BaseFixture
+
+
+class TestCommentsEndpoint(FunctionalTest):
+    """
+    Tests for /api/v2/workspaces/{workspace_id}/contents/{content_id}/comments
+    endpoint
+    """
+
+    fixtures = [BaseFixture, ContentFixtures]
+
+    def test_api__get_contents_comments__ok_200__nominal_case(self) -> None:
+        """
+        Get alls comments of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)   # nopep8
+        assert len(res.json_body) == 3
+        comment = res.json_body[0]
+        assert comment['content_id'] == 18
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>What is for you the best cake ever? </br> I personnally vote for Chocolate cupcake!</p>'  # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 1
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] == None
+        assert comment['author']['public_name'] == 'Global manager'
+
+        comment = res.json_body[1]
+        assert comment['content_id'] == 19
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>What about Apple Pie? There are Awesome!</p>'  # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 3
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] == None
+        assert comment['author']['public_name'] == 'Bob i.'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        comment = res.json_body[2]
+        assert comment['content_id'] == 20
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>You are right, but Kouign-amann are clearly better.</p>'  # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 4
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] == None
+        assert comment['author']['public_name'] == 'John Reader'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+    def test_api__post_content_comment__ok_200__nominal_case(self) -> None:
+        """
+        Get alls comments of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'raw_content': 'I strongly disagree, Tiramisu win!'
+        }
+        res = self.testapp.post_json(
+            '/api/v2/workspaces/2/contents/7/comments',
+            params=params,
+            status=200
+        )
+        comment = res.json_body
+        assert comment['content_id']
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == 'I strongly disagree, Tiramisu win!'
+        assert comment['author']
+        assert comment['author']['user_id'] == 1
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] is None
+        assert comment['author']['public_name'] == 'Global manager'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)  # nopep8
+        assert len(res.json_body) == 4
+        assert comment == res.json_body[3]
+
+    def test_api__post_content_comment__err_400__empty_raw_content(self) -> None:
+        """
+        Get alls comments of a content
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'raw_content': ''
+        }
+        res = self.testapp.post_json(
+            '/api/v2/workspaces/2/contents/7/comments',
+            params=params,
+            status=400
+        )
+
+    def test_api__delete_content_comment__ok_200__user_is_owner_and_workspace_manager(self) -> None:  # nopep8
+        """
+        delete comment (user is workspace_manager and owner)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 3
+        comment = res.json_body[0]
+        assert comment['content_id'] == 18
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>What is for you the best cake ever? </br> I personnally vote for Chocolate cupcake!</p>'   # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 1
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] is None
+        assert comment['author']['public_name'] == 'Global manager'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        res = self.testapp.delete(
+            '/api/v2/workspaces/2/contents/7/comments/18',
+            status=204
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 2
+        assert not [content for content in res.json_body if content['content_id'] == 18]  # nopep8
+
+    def test_api__delete_content_comment__ok_200__user_is_workspace_manager(self) -> None:  # nopep8
+        """
+        delete comment (user is workspace_manager)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 3
+        comment = res.json_body[1]
+        assert comment['content_id'] == 19
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>What about Apple Pie? There are Awesome!</p>'   # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 3
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] is None
+        assert comment['author']['public_name'] == 'Bob i.'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        res = self.testapp.delete(
+            '/api/v2/workspaces/2/contents/7/comments/19',
+            status=204
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 2
+        assert not [content for content in res.json_body if content['content_id'] == 19]  # nopep8
+
+    def test_api__delete_content_comment__ok_200__user_is_owner_and_content_manager(self) -> None:   # nopep8
+        """
+        delete comment (user is content-manager and owner)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 3
+        comment = res.json_body[1]
+        assert comment['content_id'] == 19
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>What about Apple Pie? There are Awesome!</p>'   # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 3
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] is None
+        assert comment['author']['public_name'] == 'Bob i.'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        res = self.testapp.delete(
+            '/api/v2/workspaces/2/contents/7/comments/19',
+            status=204
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 2
+        assert not [content for content in res.json_body if content['content_id'] == 19]  # nopep8
+
+    def test_api__delete_content_comment__err_403__user_is_content_manager(self) -> None:  # nopep8
+        """
+        delete comment (user is content-manager)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'bob@fsf.local',
+                'foobarbaz'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)  #  nopep8
+        assert len(res.json_body) == 3
+        comment = res.json_body[2]
+        assert comment['content_id'] == 20
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>You are right, but Kouign-amann are clearly better.</p>'   # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 4
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] is None
+        assert comment['author']['public_name'] == 'John Reader'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        res = self.testapp.delete(
+            '/api/v2/workspaces/2/contents/7/comments/20',
+            status=403
+        )
+
+    def test_api__delete_content_comment__err_403__user_is_owner_and_reader(self) -> None:
+        """
+        delete comment (user is reader and owner)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'bob@fsf.local',
+                'foobarbaz'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 3
+        comment = res.json_body[2]
+        assert comment['content_id'] == 20
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>You are right, but Kouign-amann are clearly better.</p>'   # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 4
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] is None
+        assert comment['author']['public_name'] == 'John Reader'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        res = self.testapp.delete(
+            '/api/v2/workspaces/2/contents/7/comments/20',
+            status=403
+        )
+
+    def test_api__delete_content_comment__err_403__user_is_reader(self) -> None:
+        """
+        delete comment (user is reader)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'bob@fsf.local',
+                'foobarbaz'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/2/contents/7/comments', status=200)
+        assert len(res.json_body) == 3
+        comment = res.json_body[2]
+        assert comment['content_id'] == 20
+        assert comment['parent_id'] == 7
+        assert comment['raw_content'] == '<p>You are right, but Kouign-amann are clearly better.</p>'   # nopep8
+        assert comment['author']
+        assert comment['author']['user_id'] == 4
+        # TODO - G.M - 2018-06-172 - [avatar] setup avatar url
+        assert comment['author']['avatar_url'] is None
+        assert comment['author']['public_name'] == 'John Reader'
+        # TODO - G.M - 2018-06-179 - better check for datetime
+        assert comment['created']
+
+        res = self.testapp.delete(
+            '/api/v2/workspaces/2/contents/7/comments/20',
+            status=403
+        )

backend/tracim/tests/functional/test_doc.py

@@ -0,0 +1,44 @@
+from tracim.tests import FunctionalTest
+
+
+class TestDoc(FunctionalTest):
+
+    def test_api__check_doc_index_html_page__ok_200__nominal_case(self):
+        res = self.testapp.get('/api/v2/doc/', status=200)
+        assert res.content_type == 'text/html'
+
+    def test_api__check_spec_yaml_file__ok_200__nominal_case(self):
+        res = self.testapp.get('/api/v2/doc/spec.yml', status=200)
+        assert res.content_type == 'text/x-yaml'
+
+    def test_api__check_docs_assets__ok_200__nominal_case(self):
+        res = self.testapp.get(
+            '/api/v2/doc/favicon-32x32.png',
+            status=200,
+        )
+        assert res.content_type == 'image/png'
+        res = self.testapp.get(
+            '/api/v2/doc/favicon-16x16.png',
+            status=200
+        )
+        assert res.content_type == 'image/png'
+        res = self.testapp.get(
+            '/api/v2/doc/swagger-ui.js',
+            status=200
+        )
+        assert res.content_type == 'application/javascript'
+        res = self.testapp.get(
+            '/api/v2/doc/swagger-ui-standalone-preset.js',
+            status=200
+        )
+        assert res.content_type == 'application/javascript'
+        res = self.testapp.get(
+            '/api/v2/doc/swagger-ui-bundle.js',
+            status=200
+        )
+        assert res.content_type == 'application/javascript'
+        res = self.testapp.get(
+            '/api/v2/doc/swagger-ui.css',
+            status=200
+        )
+        assert res.content_type == 'text/css'

backend/tracim/tests/functional/test_mail_notification.py

@@ -0,0 +1,267 @@
+# coding=utf-8
+# INFO - G.M - 09-06-2018 - Those test need a working MailHog
+
+from email.mime.multipart import MIMEMultipart
+from email.mime.text import MIMEText
+
+import requests
+from rq import SimpleWorker
+
+from tracim.fixtures.users_and_groups import Base as BaseFixture
+from tracim.fixtures.content import Content as ContentFixture
+from tracim.lib.utils.utils import get_redis_connection
+from tracim.lib.utils.utils import get_rq_queue
+from tracim.models.data import ContentType
+
+from tracim.lib.core.content import ContentApi
+from tracim.lib.core.user import UserApi
+from tracim.lib.core.workspace import WorkspaceApi
+from tracim.lib.mail_notifier.sender import EmailSender
+from tracim.lib.mail_notifier.utils import SmtpConfiguration
+from tracim.tests import MailHogTest
+
+
+class TestEmailSender(MailHogTest):
+
+    def test__func__connect_disconnect__ok__nominal_case(self):
+        smtp_config = SmtpConfiguration(
+            self.app_config.EMAIL_NOTIFICATION_SMTP_SERVER,
+            self.app_config.EMAIL_NOTIFICATION_SMTP_PORT,
+            self.app_config.EMAIL_NOTIFICATION_SMTP_USER,
+            self.app_config.EMAIL_NOTIFICATION_SMTP_PASSWORD
+        )
+        sender = EmailSender(
+            self.app_config,
+            smtp_config,
+            True,
+        )
+        sender.connect()
+        sender.disconnect()
+
+    def test__func__send_email__ok__nominal_case(self):
+        smtp_config = SmtpConfiguration(
+            self.app_config.EMAIL_NOTIFICATION_SMTP_SERVER,
+            self.app_config.EMAIL_NOTIFICATION_SMTP_PORT,
+            self.app_config.EMAIL_NOTIFICATION_SMTP_USER,
+            self.app_config.EMAIL_NOTIFICATION_SMTP_PASSWORD
+        )
+        sender = EmailSender(
+            self.app_config,
+            smtp_config,
+            True,
+        )
+
+        # Create test_mail
+        msg = MIMEMultipart()
+        msg['Subject'] = 'test__func__send_email__ok__nominal_case'
+        msg['From'] = 'test_send_mail@localhost'
+        msg['To'] = 'receiver_test_send_mail@localhost'
+        text = "test__func__send_email__ok__nominal_case"
+        html = """\
+        <html>
+          <head></head>
+          <body>
+            <p>test__func__send_email__ok__nominal_case</p>
+          </body>
+        </html>
+        """.replace(' ', '').replace('\n', '')
+        part1 = MIMEText(text, 'plain')
+        part2 = MIMEText(html, 'html')
+        msg.attach(part1)
+        msg.attach(part2)
+
+        sender.send_mail(msg)
+        sender.disconnect()
+
+        # check mail received
+        response = requests.get('http://127.0.0.1:8025/api/v1/messages')
+        response = response.json()
+        headers = response[0]['Content']['Headers']
+        assert headers['From'][0] == 'test_send_mail@localhost'
+        assert headers['To'][0] == 'receiver_test_send_mail@localhost'
+        assert headers['Subject'][0] == 'test__func__send_email__ok__nominal_case'  # nopep8
+        assert response[0]['MIME']['Parts'][0]['Body'] == text
+        assert response[0]['MIME']['Parts'][1]['Body'] == html
+
+
+class TestNotificationsSync(MailHogTest):
+
+    fixtures = [BaseFixture, ContentFixture]
+
+    def test_func__create_user_with_mail_notification__ok__nominal_case(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        u = api.create_user(
+            email='bob@bob',
+            password='pass',
+            name='bob',
+            timezone='+2',
+            do_save=True,
+            do_notify=True,
+        )
+        assert u is not None
+        assert u.email == "bob@bob"
+        assert u.validate_password('pass')
+        assert u.display_name == 'bob'
+        assert u.timezone == '+2'
+
+        # check mail received
+        response = requests.get('http://127.0.0.1:8025/api/v1/messages')
+        response = response.json()
+        headers = response[0]['Content']['Headers']
+        assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>'  # nopep8
+        assert headers['To'][0] == 'bob <bob@bob>'
+        assert headers['Subject'][0] == '[TRACIM] Created account'
+
+    def test_func__create_new_content_with_notification__ok__nominal_case(self):
+        uapi = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        current_user = uapi.get_one_by_email('admin@admin.admin')
+        # Create new user with notification enabled on w1 workspace
+        wapi = WorkspaceApi(
+            current_user=current_user,
+            session=self.session,
+            config=self.app_config,
+        )
+        workspace = wapi.get_one_by_label('Recipes')
+        user = uapi.get_one_by_email('bob@fsf.local')
+        wapi.enable_notifications(user, workspace)
+
+        api = ContentApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
+        item = api.create(
+            ContentType.Folder,
+            workspace,
+            None,
+            'parent',
+            do_save=True,
+            do_notify=False,
+        )
+        item2 = api.create(
+            ContentType.File,
+            workspace,
+            item,
+            'file1',
+            do_save=True,
+            do_notify=True,
+        )
+
+        # check mail received
+        response = requests.get('http://127.0.0.1:8025/api/v1/messages')
+        response = response.json()
+        headers = response[0]['Content']['Headers']
+        assert headers['From'][0] == '"Bob i. via Tracim" <test_user_from+3@localhost>'  # nopep8
+        assert headers['To'][0] == 'Global manager <admin@admin.admin>'
+        assert headers['Subject'][0] == '[TRACIM] [Recipes] file1 (Open)'
+        assert headers['References'][0] == 'test_user_refs+22@localhost'
+        assert headers['Reply-to'][0] == '"Bob i. & all members of Recipes" <test_user_reply+22@localhost>'  # nopep8
+
+
+class TestNotificationsAsync(MailHogTest):
+    fixtures = [BaseFixture, ContentFixture]
+    config_section = 'mail_test_async'
+
+    def test_func__create_user_with_mail_notification__ok__nominal_case(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        u = api.create_user(
+            email='bob@bob',
+            password='pass',
+            name='bob',
+            timezone='+2',
+            do_save=True,
+            do_notify=True,
+        )
+        assert u is not None
+        assert u.email == "bob@bob"
+        assert u.validate_password('pass')
+        assert u.display_name == 'bob'
+        assert u.timezone == '+2'
+
+        # Send mail async from redis queue
+        redis = get_redis_connection(
+            self.app_config
+        )
+        queue = get_rq_queue(
+            redis,
+            'mail_sender',
+        )
+        worker = SimpleWorker([queue], connection=queue.connection)
+        worker.work(burst=True)
+        # check mail received
+        response = requests.get('http://127.0.0.1:8025/api/v1/messages')
+        response = response.json()
+        headers = response[0]['Content']['Headers']
+        assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>'  # nopep8
+        assert headers['To'][0] == 'bob <bob@bob>'
+        assert headers['Subject'][0] == '[TRACIM] Created account'
+
+    def test_func__create_new_content_with_notification__ok__nominal_case(self):
+        uapi = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        current_user = uapi.get_one_by_email('admin@admin.admin')
+        # Create new user with notification enabled on w1 workspace
+        wapi = WorkspaceApi(
+            current_user=current_user,
+            session=self.session,
+            config=self.app_config,
+        )
+        workspace = wapi.get_one_by_label('Recipes')
+        user = uapi.get_one_by_email('bob@fsf.local')
+        wapi.enable_notifications(user, workspace)
+
+        api = ContentApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
+        item = api.create(
+            ContentType.Folder,
+            workspace,
+            None,
+            'parent',
+            do_save=True,
+            do_notify=False,
+        )
+        item2 = api.create(
+            ContentType.File,
+            workspace,
+            item,
+            'file1',
+            do_save=True,
+            do_notify=True,
+        )
+        # Send mail async from redis queue
+        redis = get_redis_connection(
+            self.app_config
+        )
+        queue = get_rq_queue(
+            redis,
+            'mail_sender',
+        )
+        worker = SimpleWorker([queue], connection=queue.connection)
+        worker.work(burst=True)
+        # check mail received
+        response = requests.get('http://127.0.0.1:8025/api/v1/messages')
+        response = response.json()
+        headers = response[0]['Content']['Headers']
+        assert headers['From'][0] == '"Bob i. via Tracim" <test_user_from+3@localhost>'  # nopep8
+        assert headers['To'][0] == 'Global manager <admin@admin.admin>'
+        assert headers['Subject'][0] == '[TRACIM] [Recipes] file1 (Open)'
+        assert headers['References'][0] == 'test_user_refs+22@localhost'
+        assert headers['Reply-to'][0] == '"Bob i. & all members of Recipes" <test_user_reply+22@localhost>'  # nopep8

backend/tracim/tests/functional/test_session.py

@@ -0,0 +1,214 @@
+# coding=utf-8
+import datetime
+import pytest
+import transaction
+from sqlalchemy.exc import OperationalError
+
+from tracim import models
+from tracim.lib.core.group import GroupApi
+from tracim.lib.core.user import UserApi
+from tracim.models import get_tm_session
+from tracim.tests import FunctionalTest
+from tracim.tests import FunctionalTestNoDB
+
+
+class TestLogoutEndpoint(FunctionalTest):
+
+    def test_api__access_logout_get_enpoint__ok__nominal_case(self):
+        res = self.testapp.post_json('/api/v2/sessions/logout', status=204)
+
+    def test_api__access_logout_post_enpoint__ok__nominal_case(self):
+        res = self.testapp.get('/api/v2/sessions/logout', status=204)
+
+
+class TestLoginEndpointUnititedDB(FunctionalTestNoDB):
+
+    def test_api__try_login_enpoint__err_500__no_inited_db(self):
+        params = {
+            'email': 'admin@admin.admin',
+            'password': 'admin@admin.admin',
+        }
+        res = self.testapp.post_json(
+            '/api/v2/sessions/login',
+            params=params,
+            status=500,
+        )
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()
+
+
+class TestLoginEndpoint(FunctionalTest):
+
+    def test_api__try_login_enpoint__ok_200__nominal_case(self):
+        params = {
+            'email': 'admin@admin.admin',
+            'password': 'admin@admin.admin',
+        }
+        res = self.testapp.post_json(
+            '/api/v2/sessions/login',
+            params=params,
+            status=200,
+        )
+        assert res.json_body['created']
+        datetime.datetime.strptime(
+            res.json_body['created'],
+            '%Y-%m-%dT%H:%M:%SZ'
+        )
+        assert res.json_body['public_name'] == 'Global manager'
+        assert res.json_body['email'] == 'admin@admin.admin'
+        assert res.json_body['is_active']
+        assert res.json_body['profile']
+        assert res.json_body['profile'] == 'administrators'
+        assert res.json_body['caldav_url'] is None
+        assert res.json_body['avatar_url'] is None
+
+    def test_api__try_login_enpoint__err_401__user_not_activated(self):
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('users')]
+        test_user = uapi.create_user(
+            email='test@test.test',
+            password='pass',
+            name='bob',
+            groups=groups,
+            timezone='Europe/Paris',
+            do_save=True,
+            do_notify=False,
+        )
+        uapi.save(test_user)
+        uapi.disable(test_user)
+        transaction.commit()
+
+        params = {
+            'email': 'test@test.test',
+            'password': 'test@test.test',
+        }
+        res = self.testapp.post_json(
+            '/api/v2/sessions/login',
+            params=params,
+            status=403,
+        )
+
+    def test_api__try_login_enpoint__err_403__bad_password(self):
+        params = {
+            'email': 'admin@admin.admin',
+            'password': 'bad_password',
+        }
+        res = self.testapp.post_json(
+            '/api/v2/sessions/login',
+            status=403,
+            params=params,
+        )
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()
+
+    def test_api__try_login_enpoint__err_403__unregistered_user(self):
+        params = {
+            'email': 'unknown_user@unknown.unknown',
+            'password': 'bad_password',
+        }
+        res = self.testapp.post_json(
+            '/api/v2/sessions/login',
+            status=403,
+            params=params,
+        )
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()
+
+    def test_api__try_login_enpoint__err_400__no_json_body(self):
+        res = self.testapp.post_json('/api/v2/sessions/login', status=400)
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()
+
+
+class TestWhoamiEndpoint(FunctionalTest):
+
+    def test_api__try_whoami_enpoint__ok_200__nominal_case(self):
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/sessions/whoami', status=200)
+        assert res.json_body['public_name'] == 'Global manager'
+        assert res.json_body['email'] == 'admin@admin.admin'
+        assert res.json_body['created']
+        assert res.json_body['is_active']
+        assert res.json_body['profile']
+        assert res.json_body['profile'] == 'administrators'
+        assert res.json_body['caldav_url'] is None
+        assert res.json_body['avatar_url'] is None
+
+    def test_api__try_whoami_enpoint__err_401__user_is_not_active(self):
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('users')]
+        test_user = uapi.create_user(
+            email='test@test.test',
+            password='pass',
+            name='bob',
+            groups=groups,
+            timezone='Europe/Paris',
+            do_save=True,
+            do_notify=False,
+        )
+        uapi.save(test_user)
+        uapi.disable(test_user)
+        transaction.commit()
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'pass'
+            )
+        )
+
+        res = self.testapp.get('/api/v2/sessions/whoami', status=401)
+
+    def test_api__try_whoami_enpoint__err_401__unauthenticated(self):
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'john@doe.doe',
+                'lapin'
+            )
+        )
+        res = self.testapp.get('/api/v2/sessions/whoami', status=401)
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()

backend/tracim/tests/functional/test_system.py

@@ -0,0 +1,152 @@
+# coding=utf-8
+from tracim.tests import FunctionalTest
+
+"""
+Tests for /api/v2/system subpath endpoints.
+"""
+
+class TestApplicationEndpoint(FunctionalTest):
+    """
+    Tests for /api/v2/system/applications
+    """
+
+    def test_api__get_applications__ok_200__nominal_case(self):
+        """
+        Get applications list with a registered user.
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/system/applications', status=200)
+        res = res.json_body
+        application = res[0]
+        assert application['label'] == "Text Documents"
+        assert application['slug'] == 'contents/html-documents'
+        assert application['fa_icon'] == 'file-text-o'
+        assert application['hexcolor'] == '#3f52e3'
+        assert application['is_active'] is True
+        assert 'config' in application
+        application = res[1]
+        assert application['label'] == "Markdown Plus Documents"
+        assert application['slug'] == 'contents/markdownpluspage'
+        assert application['fa_icon'] == 'file-code-o'
+        assert application['hexcolor'] == '#f12d2d'
+        assert application['is_active'] is True
+        assert 'config' in application
+        application = res[2]
+        assert application['label'] == "Files"
+        assert application['slug'] == 'contents/files'
+        assert application['fa_icon'] == 'paperclip'
+        assert application['hexcolor'] == '#FF9900'
+        assert application['is_active'] is True
+        assert 'config' in application
+        application = res[3]
+        assert application['label'] == "Threads"
+        assert application['slug'] == 'contents/threads'
+        assert application['fa_icon'] == 'comments-o'
+        assert application['hexcolor'] == '#ad4cf9'
+        assert application['is_active'] is True
+        assert 'config' in application
+        application = res[4]
+        assert application['label'] == "Calendar"
+        assert application['slug'] == 'calendar'
+        assert application['fa_icon'] == 'calendar'
+        assert application['hexcolor'] == '#757575'
+        assert application['is_active'] is True
+        assert 'config' in application
+
+    def test_api__get_applications__err_401__unregistered_user(self):
+        """
+        Get applications list with an unregistered user (bad auth)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'john@doe.doe',
+                'lapin'
+            )
+        )
+        res = self.testapp.get('/api/v2/system/applications', status=401)
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()
+
+
+class TestContentsTypesEndpoint(FunctionalTest):
+    """
+    Tests for /api/v2/system/content_types
+    """
+
+    def test_api__get_content_types__ok_200__nominal_case(self):
+        """
+        Get system content_types list with a registered user.
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/system/content_types', status=200)
+        res = res.json_body
+
+        content_type = res[0]
+        assert content_type['slug'] == 'thread'
+        assert content_type['fa_icon'] == 'comments-o'
+        assert content_type['hexcolor'] == '#ad4cf9'
+        assert content_type['label'] == 'Thread'
+        assert content_type['creation_label'] == 'Discuss about a topic'
+        assert 'available_statuses' in content_type
+        assert len(content_type['available_statuses']) == 4
+
+        content_type = res[1]
+        assert content_type['slug'] == 'file'
+        assert content_type['fa_icon'] == 'paperclip'
+        assert content_type['hexcolor'] == '#FF9900'
+        assert content_type['label'] == 'File'
+        assert content_type['creation_label'] == 'Upload a file'
+        assert 'available_statuses' in content_type
+        assert len(content_type['available_statuses']) == 4
+
+        content_type = res[2]
+        assert content_type['slug'] == 'markdownpage'
+        assert content_type['fa_icon'] == 'file-code-o'
+        assert content_type['hexcolor'] == '#f12d2d'
+        assert content_type['label'] == 'Rich Markdown File'
+        assert content_type['creation_label'] == 'Create a Markdown document'
+        assert 'available_statuses' in content_type
+        assert len(content_type['available_statuses']) == 4
+
+        content_type = res[3]
+        assert content_type['slug'] == 'html-documents'
+        assert content_type['fa_icon'] == 'file-text-o'
+        assert content_type['hexcolor'] == '#3f52e3'
+        assert content_type['label'] == 'Text Document'
+        assert content_type['creation_label'] == 'Write a document'
+        assert 'available_statuses' in content_type
+        assert len(content_type['available_statuses']) == 4
+        # TODO - G.M - 31-05-2018 - Check Folder type
+        # TODO - G.M - 29-05-2018 - Better check for available_statuses
+
+    def test_api__get_content_types__err_401__unregistered_user(self):
+        """
+        Get system content_types list with an unregistered user (bad auth)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'john@doe.doe',
+                'lapin'
+            )
+        )
+        res = self.testapp.get('/api/v2/system/content_types', status=401)
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()

backend/tracim/tests/library/__init__.py

@@ -0,0 +1,2 @@
+# -*- coding: utf-8 -*-
+"""Unit test suite for the library of the application."""

backend/tracim/tests/library/test_group_api.py

@@ -0,0 +1,74 @@
+# coding=utf-8
+import pytest
+
+from tracim.exceptions import GroupDoesNotExist
+from tracim.lib.core.group import GroupApi
+from tracim.tests import DefaultTest
+from tracim.fixtures.users_and_groups import Base as BaseFixture
+from tracim.fixtures.content import Content as ContentFixture
+
+
+class TestGroupApi(DefaultTest):
+    fixtures = [BaseFixture, ContentFixture]
+
+    def test_unit__get_one__ok_nominal_case(self) -> None:
+        """
+        Get one group by id
+        """
+        api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        group = api.get_one(1)
+        assert group.group_id == 1
+        assert group.group_name == 'users'
+
+    def test_unit__get_one__err__group_not_exist(self) -> None:
+        """
+        Get one group who does not exist by id
+        """
+        api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        with pytest.raises(GroupDoesNotExist):
+            group = api.get_one(10)
+
+    def test_unit__get_one_group_with_name__nominal_case(self) -> None:
+        """
+        get one group by name
+        """
+        api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        group = api.get_one_with_name('administrators')
+        assert group.group_id == 3
+        assert group.group_name == 'administrators'
+
+    def test_unit__get_one_with_name__err__group_not_exist(self) -> None:
+        """
+        get one group by name who does not exist
+        """
+        api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        with pytest.raises(GroupDoesNotExist):
+            group = api.get_one_with_name('unknown_group')
+
+    def test_unit__get_all__ok__nominal_case(self):
+        """
+        get all groups
+        """
+        api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
+        groups = api.get_all()
+        assert ['users', 'managers', 'administrators'] == [group.group_name for group in groups]  # nopep8

backend/tracim/tests/library/test_notification.py

@@ -0,0 +1,41 @@
+# -*- coding: utf-8 -*-
+import os
+import re
+
+
+from tracim.lib.core.notifications import DummyNotifier
+
+from tracim.lib.core.notifications import NotifierFactory
+from tracim.lib.mail_notifier.notifier import EmailNotifier
+from tracim.models.auth import User
+from tracim.models.data import Content
+from tracim.tests import DefaultTest
+from tracim.tests import eq_
+
+
+class TestDummyNotifier(DefaultTest):
+
+    def test_dummy_notifier__notify_content_update(self):
+        c = Content()
+        notifier = DummyNotifier(self.app_config, self.session)
+        notifier.notify_content_update(c)
+        # INFO - D.A. - 2014-12-09 -
+        # Old notification_content_update raised an exception
+
+
+class TestNotifierFactory(DefaultTest):
+    def test_notifier_factory_method(self):
+        u = User()
+
+        self.app_config.EMAIL_NOTIFICATION_ACTIVATED = True
+        notifier = NotifierFactory.create(self.app_config, u)
+        eq_(EmailNotifier, notifier.__class__)
+
+        self.app_config.EMAIL_NOTIFICATION_ACTIVATED = False
+        notifier = NotifierFactory.create(self.app_config, u)
+        eq_(DummyNotifier, notifier.__class__)
+
+
+class TestEmailNotifier(DefaultTest):
+    # TODO - G.M - 04-03-2017 -  [emailNotif] - Restore test for email Notif
+    pass

backend/tracim/tests/library/test_role_api.py

@@ -0,0 +1,77 @@
+# coding=utf-8
+import pytest
+from sqlalchemy.orm.exc import NoResultFound
+
+from tracim.lib.core.userworkspace import RoleApi
+from tracim.models import User
+from tracim.models.roles import WorkspaceRoles
+from tracim.tests import DefaultTest
+from tracim.fixtures.users_and_groups import Base as BaseFixture
+from tracim.fixtures.content import Content as ContentFixture
+
+
+class TestRoleApi(DefaultTest):
+
+    fixtures = [BaseFixture, ContentFixture]
+
+    def test_unit__get_one__ok__nominal_case(self):
+        admin = self.session.query(User)\
+            .filter(User.email == 'admin@admin.admin').one()
+        rapi = RoleApi(
+            current_user=admin,
+            session=self.session,
+            config=self.config,
+        )
+        rapi.get_one(admin.user_id, 1)
+
+    def test_unit__get_one__err__role_does_not_exist(self):
+        admin = self.session.query(User)\
+            .filter(User.email == 'admin@admin.admin').one()
+        rapi = RoleApi(
+            current_user=admin,
+            session=self.session,
+            config=self.config,
+        )
+        with pytest.raises(NoResultFound):
+            rapi.get_one(admin.user_id, 100)  # workspace 100 does not exist
+
+    def test_unit__create_one__nominal_case(self):
+        admin = self.session.query(User)\
+            .filter(User.email == 'admin@admin.admin').one()
+        workspace = self._create_workspace_and_test(
+            'workspace_1',
+            admin
+        )
+        bob = self.session.query(User)\
+            .filter(User.email == 'bob@fsf.local').one()
+        rapi = RoleApi(
+            current_user=admin,
+            session=self.session,
+            config=self.config,
+        )
+        created_role = rapi.create_one(
+            user=bob,
+            workspace=workspace,
+            role_level=WorkspaceRoles.CONTENT_MANAGER.level,
+            with_notif=False,
+        )
+        obtain_role = rapi.get_one(bob.user_id, workspace.workspace_id)
+        assert created_role == obtain_role
+
+    def test_unit__get_all_for_usages(self):
+        admin = self.session.query(User)\
+            .filter(User.email == 'admin@admin.admin').one()
+        rapi = RoleApi(
+            current_user=admin,
+            session=self.session,
+            config=self.config,
+        )
+        workspace = self._create_workspace_and_test(
+            'workspace_1',
+            admin
+        )
+        roles = rapi.get_all_for_workspace(workspace)
+        len(roles) == 1
+        roles[0].user_id == admin.user_id
+        roles[0].role == WorkspaceRoles.WORKSPACE_MANAGER.level
+

backend/tracim/tests/library/test_user_api.py

@@ -0,0 +1,216 @@
+# -*- coding: utf-8 -*-
+import pytest
+import transaction
+
+from tracim.exceptions import AuthenticationFailed
+from tracim.exceptions import UserDoesNotExist
+from tracim.exceptions import UserNotActive
+from tracim.lib.core.group import GroupApi
+from tracim.lib.core.user import UserApi
+from tracim.models import User
+from tracim.models.context_models import UserInContext
+from tracim.tests import DefaultTest
+from tracim.tests import eq_
+
+
+class TestUserApi(DefaultTest):
+
+    def test_unit__create_minimal_user__ok__nominal_case(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        u = api.create_minimal_user('bob@bob')
+        assert u.email == 'bob@bob'
+        assert u.display_name == 'bob'
+
+    def test_unit__create_minimal_user_and_update__ok__nominal_case(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        u = api.create_minimal_user('bob@bob')
+        api.update(u, 'bob', 'bob@bob', 'pass', do_save=True)
+        nu = api.get_one_by_email('bob@bob')
+        assert nu is not None
+        assert nu.email == 'bob@bob'
+        assert nu.display_name == 'bob'
+        assert nu.validate_password('pass')
+
+    def test__unit__create__user__ok_nominal_case(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        u = api.create_user(
+            email='bob@bob',
+            password='pass',
+            name='bob',
+            timezone='+2',
+            do_save=True,
+            do_notify=False,
+        )
+        assert u is not None
+        assert u.email == "bob@bob"
+        assert u.validate_password('pass')
+        assert u.display_name == 'bob'
+        assert u.timezone == '+2'
+
+    def test_unit__user_with_email_exists__ok__nominal_case(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        u = api.create_minimal_user('bibi@bibi')
+        api.update(u, 'bibi', 'bibi@bibi', 'pass', do_save=True)
+        transaction.commit()
+
+        eq_(True, api.user_with_email_exists('bibi@bibi'))
+        eq_(False, api.user_with_email_exists('unknown'))
+
+    def test_get_one_by_email(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        u = api.create_minimal_user('bibi@bibi')
+        self.session.flush()
+        api.update(u, 'bibi', 'bibi@bibi', 'pass', do_save=True)
+        uid = u.user_id
+        transaction.commit()
+
+        eq_(uid, api.get_one_by_email('bibi@bibi').user_id)
+
+    def test_unit__get_one_by_email__err__user_does_not_exist(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        with pytest.raises(UserDoesNotExist):
+            api.get_one_by_email('unknown')
+
+    def test_unit__get_all__ok__nominal_case(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        u1 = api.create_minimal_user('bibi@bibi')
+
+        users = api.get_all()
+        # u1 + Admin user from BaseFixture
+        assert 2 == len(users)
+
+    def test_unit__get_one__ok__nominal_case(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        u = api.create_minimal_user('titi@titi')
+        api.update(u, 'titi', 'titi@titi', 'pass', do_save=True)
+        one = api.get_one(u.user_id)
+        eq_(u.user_id, one.user_id)
+
+    def test_unit__get_user_with_context__nominal_case(self):
+        user = User(
+            email='admin@tracim.tracim',
+            display_name='Admin',
+            is_active=True,
+        )
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        new_user = api.get_user_with_context(user)
+        assert isinstance(new_user, UserInContext)
+        assert new_user.user == user
+        assert new_user.profile == 'nobody'
+        assert new_user.user_id == user.user_id
+        assert new_user.email == 'admin@tracim.tracim'
+        assert new_user.display_name == 'Admin'
+        assert new_user.is_active is True
+        # TODO - G.M - 03-05-2018 - [avatar][calendar] Should test this
+        # with true value when those param will be available.
+        assert new_user.avatar_url is None
+        assert new_user.calendar_url is None
+
+    def test_unit__get_current_user_ok__nominal_case(self):
+        user = User(email='admin@tracim.tracim')
+        api = UserApi(
+            current_user=user,
+            session=self.session,
+            config=self.config,
+        )
+        new_user = api.get_current_user()
+        assert isinstance(new_user, User)
+        assert user == new_user
+
+    def test_unit__get_current_user__err__user_not_exist(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        with pytest.raises(UserDoesNotExist):
+            api.get_current_user()
+
+    def test_unit__authenticate_user___ok__nominal_case(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        user = api.authenticate_user('admin@admin.admin', 'admin@admin.admin')
+        assert isinstance(user, User)
+        assert user.email == 'admin@admin.admin'
+
+    def test_unit__authenticate_user___err__user_not_active(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        gapi = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        groups = [gapi.get_one_with_name('users')]
+        user = api.create_user(
+            email='test@test.test',
+            password='pass',
+            name='bob',
+            groups=groups,
+            timezone='Europe/Paris',
+            do_save=True,
+            do_notify=False,
+        )
+        api.disable(user)
+        with pytest.raises(UserNotActive):
+            api.authenticate_user('test@test.test', 'test@test.test')
+
+    def test_unit__authenticate_user___err__wrong_password(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        with pytest.raises(AuthenticationFailed):
+            api.authenticate_user('admin@admin.admin', 'wrong_password')
+
+    def test_unit__authenticate_user___err__wrong_user(self):
+        api = UserApi(
+            current_user=None,
+            session=self.session,
+            config=self.config,
+        )
+        with pytest.raises(AuthenticationFailed):
+            api.authenticate_user('admin@admin.admin', 'wrong_password')

backend/tracim/tests/library/test_webdav.py

@@ -0,0 +1,660 @@
+# -*- coding: utf-8 -*-
+import io
+
+import pytest
+from sqlalchemy.exc import InvalidRequestError
+from wsgidav.wsgidav_app import DEFAULT_CONFIG
+from tracim import WebdavAppFactory
+from tracim.lib.core.user import UserApi
+from tracim.lib.webdav import TracimDomainController
+from tracim.tests import eq_
+from tracim.lib.core.notifications import DummyNotifier
+from tracim.lib.webdav.dav_provider import Provider
+from tracim.lib.webdav.resources import RootResource
+from tracim.models import Content
+from tracim.models import ContentRevisionRO
+from tracim.tests import StandardTest
+from tracim.fixtures.content import Content as ContentFixtures
+from tracim.fixtures.users_and_groups import Base as BaseFixture
+from wsgidav import util
+from unittest.mock import MagicMock
+
+
+class TestWebdavFactory(StandardTest):
+
+    def test_unit__initConfig__ok__nominal_case(self):
+        """
+        Check if config is correctly modify for wsgidav using mocked
+        wsgidav and tracim conf (as dict)
+        :return:
+        """
+        tracim_settings = {
+            'sqlalchemy.url': 'sqlite:///:memory:',
+            'user.auth_token.validity': '604800',
+            'depot_storage_dir': '/tmp/test/depot',
+            'depot_storage_name': 'test',
+            'preview_cache_dir': '/tmp/test/preview_cache',
+            'wsgidav.config_path': 'development.ini'
+
+        }
+        wsgidav_setting = DEFAULT_CONFIG.copy()
+        wsgidav_setting.update(
+            {
+               'root_path':  '',
+               'acceptbasic': True,
+               'acceptdigest': False,
+               'defaultdigest': False,
+            }
+        )
+        mock = MagicMock()
+        mock._initConfig = WebdavAppFactory._initConfig
+        mock._readConfigFile.return_value = wsgidav_setting
+        mock._get_tracim_settings.return_value = tracim_settings
+        config = mock._initConfig(mock)
+        assert config
+        assert config['acceptbasic'] is True
+        assert config['acceptdigest'] is False
+        assert config['defaultdigest'] is False
+        # TODO - G.M - 25-05-2018 - Better check for middleware stack config
+        assert 'middleware_stack' in config
+        assert len(config['middleware_stack']) == 7
+        assert 'root_path' in config
+        assert 'provider_mapping' in config
+        assert config['root_path'] in config['provider_mapping']
+        assert isinstance(config['provider_mapping'][config['root_path']], Provider)  # nopep8
+        assert 'domaincontroller' in config
+        assert isinstance(config['domaincontroller'], TracimDomainController)
+
+
+class TestWebDav(StandardTest):
+    fixtures = [BaseFixture, ContentFixtures]
+
+    def _get_provider(self, config):
+        return Provider(
+            show_archived=False,
+            show_deleted=False,
+            show_history=False,
+            app_config=config,
+        )
+
+    def _get_environ(
+            self,
+            provider: Provider,
+            username: str,
+    ) -> dict:
+        return {
+            'http_authenticator.username': username,
+            'http_authenticator.realm': '/',
+            'wsgidav.provider': provider,
+            'tracim_user': self._get_user(username),
+            'tracim_dbsession': self.session,
+        }
+
+    def _get_user(self, email):
+        return UserApi(None,
+                       self.session,
+                       self.app_config
+                       ).get_one_by_email(email)
+
+    def _put_new_text_file(
+            self,
+            provider,
+            environ,
+            file_path,
+            file_content,
+    ):
+        # This part id a reproduction of
+        # wsgidav.request_server.RequestServer#doPUT
+
+        # Grab parent folder where create file
+        parentRes = provider.getResourceInst(
+            util.getUriParent(file_path),
+            environ,
+        )
+        assert parentRes, 'we should found folder for {0}'.format(file_path)
+
+        new_resource = parentRes.createEmptyResource(
+            util.getUriName(file_path),
+        )
+        write_object = new_resource.beginWrite(
+            contentType='application/octet-stream',
+        )
+        write_object.write(file_content)
+        write_object.close()
+        new_resource.endWrite(withErrors=False)
+
+        # Now file should exist
+        return provider.getResourceInst(
+            file_path,
+            environ,
+        )
+
+    def test_unit__get_root__ok(self):
+        provider = self._get_provider(self.app_config)
+        root = provider.getResourceInst(
+            '/',
+            self._get_environ(
+                provider,
+                'bob@fsf.local',
+            )
+        )
+        assert root, 'Path / should return a RootResource instance'
+        assert isinstance(root, RootResource)
+
+    def test_unit__list_workspaces_with_user__ok(self):
+        provider = self._get_provider(self.app_config)
+        root = provider.getResourceInst(
+            '/',
+            self._get_environ(
+                provider,
+                'bob@fsf.local',
+            )
+        )
+        assert root, 'Path / should return a RootResource instance'
+        assert isinstance(root, RootResource), 'Path / should return a RootResource instance'
+
+        children = root.getMemberList()
+        eq_(
+            2,
+            len(children),
+            msg='RootResource should return 2 workspaces instead {0}'.format(
+                len(children),
+            )
+        )
+
+        workspaces_names = [w.name for w in children]
+        assert 'Recipes' in workspaces_names, \
+            'Recipes should be in names ({0})'.format(
+                workspaces_names,
+        )
+        assert 'Others' in workspaces_names, 'Others should be in names ({0})'.format(
+            workspaces_names,
+        )
+
+    def test_unit__list_workspaces_with_admin__ok(self):
+        provider = self._get_provider(self.app_config)
+        root = provider.getResourceInst(
+            '/',
+            self._get_environ(
+                provider,
+                'admin@admin.admin',
+            )
+        )
+        assert root, 'Path / should return a RootResource instance'
+        assert isinstance(root, RootResource), 'Path / should return a RootResource instance'
+
+        children = root.getMemberList()
+        eq_(
+            2,
+            len(children),
+            msg='RootResource should return 3 workspaces instead {0}'.format(
+                len(children),
+            )
+        )
+
+        workspaces_names = [w.name for w in children]
+        assert 'Recipes' in workspaces_names, 'Recipes should be in names ({0})'.format(
+            workspaces_names,
+        )
+        assert 'Business' in workspaces_names, 'Business should be in names ({0})'.format(
+            workspaces_names,
+        )
+
+    def test_unit__list_workspace_folders__ok(self):
+        provider = self._get_provider(self.app_config)
+        Recipes = provider.getResourceInst(
+            '/Recipes/',
+            self._get_environ(
+                provider,
+                'bob@fsf.local',
+            )
+        )
+        assert Recipes, 'Path /Recipes should return a Wrkspace instance'
+
+        children = Recipes.getMemberList()
+        eq_(
+            2,
+            len(children),
+            msg='Recipes should list 2 folders instead {0}'.format(
+                len(children),
+            ),
+        )
+
+        folders_names = [f.name for f in children]
+        assert 'Salads' in folders_names, 'Salads should be in names ({0})'.format(
+                folders_names,
+        )
+        assert 'Desserts' in folders_names, 'Desserts should be in names ({0})'.format(
+                folders_names,
+        )
+
+    def test_unit__list_content__ok(self):
+        provider = self._get_provider(self.app_config)
+        Salads = provider.getResourceInst(
+            '/Recipes/Desserts',
+            self._get_environ(
+                provider,
+                'bob@fsf.local',
+            )
+        )
+        assert Salads, 'Path /Salads should return a Wrkspace instance'
+
+        children = Salads.getMemberList()
+        eq_(
+            5,
+            len(children),
+            msg='Salads should list 5 Files instead {0}'.format(
+                len(children),
+            ),
+        )
+
+        content_names = [c.name for c in children]
+        assert 'Brownie Recipe.html' in content_names, \
+            'Brownie Recipe.html should be in names ({0})'.format(
+                content_names,
+        )
+
+        assert 'Best Cakesʔ.html' in content_names,\
+            'Best Cakesʔ.html should be in names ({0})'.format(
+                content_names,
+        )
+        assert 'Apple_Pie.txt' in content_names,\
+            'Apple_Pie.txt should be in names ({0})'.format(content_names,)
+
+        assert 'Fruits Desserts' in content_names, \
+            'Fruits Desserts should be in names ({0})'.format(
+                content_names,
+        )
+
+        assert 'Tiramisu Recipe.html' in content_names,\
+            'Tiramisu Recipe.html should be in names ({0})'.format(
+                content_names,
+        )
+
+    def test_unit__get_content__ok(self):
+        provider = self._get_provider(self.app_config)
+        pie = provider.getResourceInst(
+            '/Recipes/Desserts/Apple_Pie.txt',
+            self._get_environ(
+                provider,
+                'bob@fsf.local',
+            )
+        )
+
+        assert pie, 'Apple_Pie should be found'
+        eq_('Apple_Pie.txt', pie.name)
+
+    def test_unit__delete_content__ok(self):
+        provider = self._get_provider(self.app_config)
+        pie = provider.getResourceInst(
+            '/Recipes/Desserts/Apple_Pie.txt',
+            self._get_environ(
+                provider,
+                'bob@fsf.local',
+            )
+        )
+        
+        content_pie = self.session.query(ContentRevisionRO) \
+            .filter(Content.label == 'Apple_Pie') \
+            .one()  # It must exist only one revision, cf fixtures
+        eq_(
+            False,
+            content_pie.is_deleted,
+            msg='Content should not be deleted !'
+        )
+        content_pie_id = content_pie.content_id
+
+        pie.delete()
+
+        self.session.flush()
+        content_pie = self.session.query(ContentRevisionRO) \
+            .filter(Content.content_id == content_pie_id) \
+            .order_by(Content.revision_id.desc()) \
+            .first()
+        eq_(
+            True,
+            content_pie.is_deleted,
+            msg='Content should be deleted!'
+        )
+
+        result = provider.getResourceInst(
+            '/Recipes/Desserts/Apple_Pie.txt',
+            self._get_environ(
+                provider,
+                'bob@fsf.local',
+            )
+        )
+        eq_(None, result, msg='Result should be None instead {0}'.format(
+            result
+        ))
+
+    def test_unit__create_content__ok(self):
+        provider = self._get_provider(self.app_config)
+        environ = self._get_environ(
+            provider,
+            'bob@fsf.local',
+        )
+        result = provider.getResourceInst(
+            '/Recipes/Salads/greek_salad.txt',
+            environ,
+        )
+
+        eq_(None, result, msg='Result should be None instead {0}'.format(
+            result
+        ))
+
+        result = self._put_new_text_file(
+            provider,
+            environ,
+            '/Recipes/Salads/greek_salad.txt',
+            b'Greek Salad\n',
+        )
+
+        assert result, 'Result should not be None instead {0}'.format(
+            result
+        )
+        eq_(
+            b'Greek Salad\n',
+            result.content.depot_file.file.read(),
+            msg='fiel content should be "Greek Salad\n" but it is {0}'.format(
+                result.content.depot_file.file.read()
+            )
+        )
+
+    def test_unit__create_delete_and_create_file__ok(self):
+        provider = self._get_provider(self.app_config)
+        environ = self._get_environ(
+            provider,
+            'bob@fsf.local',
+        )
+        new_file = provider.getResourceInst(
+            '/Recipes/Salads/greek_salad.txt',
+            environ,
+        )
+
+        eq_(None, new_file, msg='Result should be None instead {0}'.format(
+            new_file
+        ))
+
+        # create it
+        new_file = self._put_new_text_file(
+            provider,
+            environ,
+            '/Recipes/Salads/greek_salad.txt',
+            b'Greek Salad\n',
+        )
+        assert new_file, 'Result should not be None instead {0}'.format(
+            new_file
+        )
+
+        content_new_file = self.session.query(ContentRevisionRO) \
+            .filter(Content.label == 'greek_salad') \
+            .one()  # It must exist only one revision
+        eq_(
+            False,
+            content_new_file.is_deleted,
+            msg='Content should not be deleted!'
+        )
+        content_new_file_id = content_new_file.content_id
+
+        # Delete if
+        new_file.delete()
+
+        self.session.flush()
+        content_pie = self.session.query(ContentRevisionRO) \
+            .filter(Content.content_id == content_new_file_id) \
+            .order_by(Content.revision_id.desc()) \
+            .first()
+        eq_(
+            True,
+            content_pie.is_deleted,
+            msg='Content should be deleted!'
+        )
+
+        result = provider.getResourceInst(
+            '/Recipes/Salads/greek_salad.txt',
+            self._get_environ(
+                provider,
+                'bob@fsf.local',
+            )
+        )
+        eq_(None, result, msg='Result should be None instead {0}'.format(
+            result
+        ))
+
+        # Then create it again
+        new_file = self._put_new_text_file(
+            provider,
+            environ,
+            '/Recipes/Salads/greek_salad.txt',
+            b'greek_salad\n',
+        )
+        assert new_file, 'Result should not be None instead {0}'.format(
+            new_file
+        )
+
+        # Previous file is still dleeted
+        self.session.flush()
+        content_pie = self.session.query(ContentRevisionRO) \
+            .filter(Content.content_id == content_new_file_id) \
+            .order_by(Content.revision_id.desc()) \
+            .first()
+        eq_(
+            True,
+            content_pie.is_deleted,
+            msg='Content should be deleted!'
+        )
+
+        # And an other file exist for this name
+        content_new_new_file = self.session.query(ContentRevisionRO) \
+            .filter(Content.label == 'greek_salad') \
+            .order_by(Content.revision_id.desc()) \
+            .first()
+        assert content_new_new_file.content_id != content_new_file_id,\
+            'Contents ids should not be same!'
+
+        eq_(
+            False,
+            content_new_new_file.is_deleted,
+            msg='Content should not be deleted!'
+        )
+
+    def test_unit__rename_content__ok(self):
+        provider = self._get_provider(self.app_config)
+        environ = self._get_environ(
+            provider,
+            'bob@fsf.local',
+        )
+        pie = provider.getResourceInst(
+            '/Recipes/Desserts/Apple_Pie.txt',
+            environ,
+        )
+
+        content_pie = self.session.query(ContentRevisionRO) \
+            .filter(Content.label == 'Apple_Pie') \
+            .one()  # It must exist only one revision, cf fixtures
+        assert content_pie, 'Apple_Pie should be exist'
+        content_pie_id = content_pie.content_id
+
+        pie.moveRecursive('/Recipes/Desserts/Apple_Pie_RENAMED.txt')
+
+        # Database content is renamed
+        content_pie = self.session.query(ContentRevisionRO) \
+            .filter(ContentRevisionRO.content_id == content_pie_id) \
+            .order_by(ContentRevisionRO.revision_id.desc()) \
+            .first()
+        eq_(
+            'Apple_Pie_RENAMED',
+            content_pie.label,
+            msg='File should be labeled Apple_Pie_RENAMED, not {0}'.format(
+                content_pie.label
+            )
+        )
+
+    def test_unit__move_content__ok(self):
+        provider = self._get_provider(self.app_config)
+        environ = self._get_environ(
+            provider,
+            'bob@fsf.local',
+        )
+        pie = provider.getResourceInst(
+            '/Recipes/Desserts/Apple_Pie.txt',
+            environ,
+        )
+
+        content_pie = self.session.query(ContentRevisionRO) \
+            .filter(Content.label == 'Apple_Pie') \
+            .one()  # It must exist only one revision, cf fixtures
+        assert content_pie, 'Apple_Pie should be exist'
+        content_pie_id = content_pie.content_id
+        content_pie_parent = content_pie.parent
+        eq_(
+            content_pie_parent.label,
+            'Desserts',
+            msg='field parent should be Desserts',
+        )
+
+        pie.moveRecursive('/Recipes/Salads/Apple_Pie.txt')  # move in f2
+
+        # Database content is moved
+        content_pie = self.session.query(ContentRevisionRO) \
+            .filter(ContentRevisionRO.content_id == content_pie_id) \
+            .order_by(ContentRevisionRO.revision_id.desc()) \
+            .first()
+
+        assert content_pie.parent.label != content_pie_parent.label,\
+            'file should be moved in Salads but is in {0}'.format(
+                content_pie.parent.label
+        )
+
+    def test_unit__move_and_rename_content__ok(self):
+        provider = self._get_provider(self.app_config)
+        environ = self._get_environ(
+            provider,
+            'bob@fsf.local',
+        )
+        pie = provider.getResourceInst(
+            '/Recipes/Desserts/Apple_Pie.txt',
+            environ,
+        )
+
+        content_pie = self.session.query(ContentRevisionRO) \
+            .filter(Content.label == 'Apple_Pie') \
+            .one()  # It must exist only one revision, cf fixtures
+        assert content_pie, 'Apple_Pie should be exist'
+        content_pie_id = content_pie.content_id
+        content_pie_parent = content_pie.parent
+        eq_(
+            content_pie_parent.label,
+            'Desserts',
+            msg='field parent should be Desserts',
+        )
+
+        pie.moveRecursive('/Others/Infos/Apple_Pie_RENAMED.txt')
+
+        # Database content is moved
+        content_pie = self.session.query(ContentRevisionRO) \
+            .filter(ContentRevisionRO.content_id == content_pie_id) \
+            .order_by(ContentRevisionRO.revision_id.desc()) \
+            .first()
+        assert content_pie.parent.label != content_pie_parent.label,\
+            'file should be moved in Recipesf2 but is in {0}'.format(
+                content_pie.parent.label
+        )
+        eq_(
+            'Apple_Pie_RENAMED',
+            content_pie.label,
+            msg='File should be labeled Apple_Pie_RENAMED, not {0}'.format(
+                content_pie.label
+            )
+        )
+
+    def test_unit__move_content__ok__another_workspace(self):
+        provider = self._get_provider(self.app_config)
+        environ = self._get_environ(
+            provider,
+            'bob@fsf.local',
+        )
+        content_to_move_res = provider.getResourceInst(
+            '/Recipes/Desserts/Apple_Pie.txt',
+            environ,
+        )
+
+        content_to_move = self.session.query(ContentRevisionRO) \
+            .filter(Content.label == 'Apple_Pie') \
+            .one()  # It must exist only one revision, cf fixtures
+        assert content_to_move, 'Apple_Pie should be exist'
+        content_to_move_id = content_to_move.content_id
+        content_to_move_parent = content_to_move.parent
+        eq_(
+            content_to_move_parent.label,
+            'Desserts',
+            msg='field parent should be Desserts',
+        )
+
+        content_to_move_res.moveRecursive('/Others/Infos/Apple_Pie.txt')  # move in Business, f1
+
+        # Database content is moved
+        content_to_move = self.session.query(ContentRevisionRO) \
+            .filter(ContentRevisionRO.content_id == content_to_move_id) \
+            .order_by(ContentRevisionRO.revision_id.desc()) \
+            .first()
+
+        assert content_to_move.parent, 'Content should have a parent'
+
+        assert content_to_move.parent.label == 'Infos',\
+            'file should be moved in Infos but is in {0}'.format(
+                content_to_move.parent.label
+        )
+
+    def test_unit__update_content__ok(self):
+        provider = self._get_provider(self.app_config)
+        environ = self._get_environ(
+            provider,
+            'bob@fsf.local',
+        )
+        result = provider.getResourceInst(
+            '/Recipes/Salads/greek_salad.txt',
+            environ,
+        )
+
+        eq_(None, result, msg='Result should be None instead {0}'.format(
+            result
+        ))
+
+        result = self._put_new_text_file(
+            provider,
+            environ,
+            '/Recipes/Salads/greek_salad.txt',
+            b'hello\n',
+        )
+
+        assert result, 'Result should not be None instead {0}'.format(
+            result
+        )
+        eq_(
+            b'hello\n',
+            result.content.depot_file.file.read(),
+            msg='fiel content should be "hello\n" but it is {0}'.format(
+                result.content.depot_file.file.read()
+            )
+        )
+
+        # ReInit DummyNotifier counter
+        DummyNotifier.send_count = 0
+
+        # Update file content
+        write_object = result.beginWrite(
+            contentType='application/octet-stream',
+        )
+        write_object.write(b'An other line')
+        write_object.close()
+        result.endWrite(withErrors=False)
+
+        eq_(
+            1,
+            DummyNotifier.send_count,
+            msg='DummyNotifier should send 1 mail, not {}'.format(
+                DummyNotifier.send_count
+            ),
+        )

backend/tracim/tests/library/test_workspace.py

@@ -0,0 +1,115 @@
+# -*- coding: utf-8 -*-
+
+from tracim.lib.core.content import ContentApi
+from tracim.lib.core.group import GroupApi
+from tracim.lib.core.user import UserApi
+from tracim.lib.core.userworkspace import RoleApi
+from tracim.lib.core.workspace import WorkspaceApi
+from tracim.models import Content
+from tracim.models import User
+from tracim.models.auth import Group
+from tracim.models.data import UserRoleInWorkspace
+from tracim.models.data import Workspace
+#from tracim.tests import BaseTestThread
+from tracim.tests import DefaultTest
+from tracim.tests import eq_
+
+class TestThread(DefaultTest):
+
+    def test_children(self):
+        admin = self.session.query(User).filter(
+            User.email == 'admin@admin.admin'
+        ).one()
+        self._create_thread_and_test(
+            workspace_name='workspace_1',
+            folder_name='folder_1',
+            thread_name='thread_1',
+            user=admin
+        )
+        workspace = self.session.query(Workspace).filter(
+            Workspace.label == 'workspace_1'
+        ).one()
+        content_api = ContentApi(
+            session=self.session,
+            current_user=admin,
+            config=self.app_config,
+        )
+        folder = content_api.get_canonical_query().filter(
+            Content.label == 'folder_1'
+        ).one()
+        eq_([folder, ], list(workspace.get_valid_children()))
+
+    def test_get_notifiable_roles(self):
+        admin = self.session.query(User) \
+            .filter(User.email == 'admin@admin.admin').one()
+        wapi = WorkspaceApi(
+            session=self.session,
+            config=self.app_config,
+            current_user=admin,
+        )
+        w = wapi.create_workspace(label='workspace w', save_now=True)
+        uapi = UserApi(
+            session=self.session,
+            current_user=admin,
+            config=self.config
+        )
+        u = uapi.create_minimal_user(email='u.u@u.u', save_now=True)
+        eq_([], wapi.get_notifiable_roles(workspace=w))
+        rapi = RoleApi(
+            session=self.session,
+            current_user=admin,
+            config=self.app_config,
+        )
+        r = rapi.create_one(u, w, UserRoleInWorkspace.READER, with_notif=True)
+        eq_([r, ], wapi.get_notifiable_roles(workspace=w))
+        u.is_active = False
+        eq_([], wapi.get_notifiable_roles(workspace=w))
+
+    def test_unit__get_all_manageable(self):
+        admin = self.session.query(User) \
+            .filter(User.email == 'admin@admin.admin').one()
+        uapi = UserApi(
+            session=self.session,
+            current_user=admin,
+            config=self.config,
+        )
+        # Checks a case without workspaces.
+        wapi = WorkspaceApi(
+            session=self.session,
+            current_user=admin,
+            config=self.app_config,
+        )
+        eq_([], wapi.get_all_manageable())
+        # Checks an admin gets all workspaces.
+        w4 = wapi.create_workspace(label='w4')
+        w3 = wapi.create_workspace(label='w3')
+        w2 = wapi.create_workspace(label='w2')
+        w1 = wapi.create_workspace(label='w1')
+        eq_([w1, w2, w3, w4], wapi.get_all_manageable())
+        # Checks a regular user gets none workspace.
+        gapi = GroupApi(
+            session=self.session,
+            current_user=None,
+            config=self.app_config,
+        )
+        u = uapi.create_minimal_user('u.s@e.r', [gapi.get_one(Group.TIM_USER)], True)
+        wapi = WorkspaceApi(
+            session=self.session,
+            current_user=u,
+            config=self.app_config,
+        )
+        rapi = RoleApi(
+            session=self.session,
+            current_user=u,
+            config=self.app_config,
+        )
+        rapi.create_one(u, w4, UserRoleInWorkspace.READER, False)
+        rapi.create_one(u, w3, UserRoleInWorkspace.CONTRIBUTOR, False)
+        rapi.create_one(u, w2, UserRoleInWorkspace.CONTENT_MANAGER, False)
+        rapi.create_one(u, w1, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
+        eq_([], wapi.get_all_manageable())
+        # Checks a manager gets only its own workspaces.
+        u.groups.append(gapi.get_one(Group.TIM_MANAGER))
+        rapi.delete_one(u.user_id, w2.workspace_id)
+        rapi.create_one(u, w2, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
+        eq_([w1, w2], wapi.get_all_manageable())

backend/tracim/tests/models/__init__.py

@@ -0,0 +1,2 @@
+# -*- coding: utf-8 -*-
+"""Unit test suite for the models of the application."""