🔖(minor) release 3.4.0

CHANGELOG.md

@@ -8,19 +8,22 @@ and this project adheres to
 
 ## [Unreleased]
 
+## [3.4.0] - 2025-07-09
+
 ### Added
 
 - ✨(frontend) multi-pages #701
+- ✨(frontend) Duplicate a doc #1078
+- ✨Ask for access #1081
+- ✨(frontend) add customization for translations #857
 - ✨(backend) add ancestors links definitions to document abilities #846
 - ✨(backend) include ancestors accesses on document accesses list view # 846
 - ✨(backend) add ancestors links reach and role to document API #846
-- ✨(frontend) add customization for translations #857
-- ✨(frontend) Duplicate a doc #1078
 - 📝(project) add troubleshoot doc #1066
 - 📝(project) add system-requirement doc #1066
 - 🔧(front) configure x-frame-options to DENY in nginx conf #1084
-- ✨(backend) allow to disable checking unsafe mimetype on attachment upload
-- ✨Ask for access #1081
+- ✨(backend) allow to disable checking unsafe mimetype on 
+  attachment upload #1099
 - ✨(doc) add documentation to install with compose #855
 - ✨ Give priority to users connected to collaboration server 
   (aka no websocket feature) #1093 
@@ -43,8 +46,7 @@ and this project adheres to
 - 🐛(frontend) fix meta title #1017
 - 🔧(git) set LF line endings for all text files #1032
 - 📝(docs) minor fixes to docs/env.md
-- ✨(backend) support `_FILE` environment variables for secrets #912
-- ✨(frontend) support `_FILE` environment variables for secrets #912
+- ✨support `_FILE` environment variables for secrets #912
 
 ### Removed
 
@@ -634,7 +636,8 @@ and this project adheres to
 - ✨(frontend) Coming Soon page (#67)
 - 🚀 Impress, project to manage your documents easily and collaboratively.
 
-[unreleased]: https://github.com/numerique-gouv/impress/compare/v3.3.0...main
+[unreleased]: https://github.com/numerique-gouv/impress/compare/v3.4.0...main
+[v3.4.0]: https://github.com/numerique-gouv/impress/releases/v3.4.0
 [v3.3.0]: https://github.com/numerique-gouv/impress/releases/v3.3.0
 [v3.2.1]: https://github.com/numerique-gouv/impress/releases/v3.2.1
 [v3.2.0]: https://github.com/numerique-gouv/impress/releases/v3.2.0

src/backend/core/api/viewsets.py

@@ -948,33 +948,34 @@ def duplicate(self, request, *args, **kwargs):
             **link_kwargs,
         )
 
-        # Always add the logged-in user as OWNER
-        accesses_to_create = [
-            models.DocumentAccess(
-                document=duplicated_document,
-                user=request.user,
-                role=models.RoleChoices.OWNER,
-            )
-        ]
-
-        # If accesses should be duplicated, add other users' accesses as per original document
-        if with_accesses and is_owner_or_admin:
-            original_accesses = models.DocumentAccess.objects.filter(
-                document=document
-            ).exclude(user=request.user)
-
-            accesses_to_create.extend(
+        # Always add the logged-in user as OWNER for root documents
+        if document.is_root():
+            accesses_to_create = [
                 models.DocumentAccess(
                     document=duplicated_document,
-                    user_id=access.user_id,
-                    team=access.team,
-                    role=access.role,
+                    user=request.user,
+                    role=models.RoleChoices.OWNER,
+                )
+            ]
+
+            # If accesses should be duplicated, add other users' accesses as per original document
+            if with_accesses and is_owner_or_admin:
+                original_accesses = models.DocumentAccess.objects.filter(
+                    document=document
+                ).exclude(user=request.user)
+
+                accesses_to_create.extend(
+                    models.DocumentAccess(
+                        document=duplicated_document,
+                        user_id=access.user_id,
+                        team=access.team,
+                        role=access.role,
+                    )
+                    for access in original_accesses
                 )
-                for access in original_accesses
-            )
 
-        # Bulk create all the duplicated accesses
-        models.DocumentAccess.objects.bulk_create(accesses_to_create)
+            # Bulk create all the duplicated accesses
+            models.DocumentAccess.objects.bulk_create(accesses_to_create)
 
         return drf_response.Response(
             {"id": str(duplicated_document.id)}, status=status.HTTP_201_CREATED

src/backend/core/tests/documents/test_api_documents_ask_for_access.py

@@ -48,7 +48,7 @@ def test_api_documents_ask_for_access_create_authenticated():
     An email should be sent to document owners and admins to notify them.
     """
     owner_user = UserFactory(language="en-us")
-    admin_user = UserFactory(language="fr-fr")
+    admin_user = UserFactory(language="en-us")
     document = DocumentFactory(
         users=[
             (owner_user, RoleChoices.OWNER),

src/backend/core/tests/documents/test_api_documents_duplicate.py

@@ -252,3 +252,44 @@ def test_api_documents_duplicate_with_accesses_non_admin(role):
     duplicated_accesses = duplicated_document.accesses
     assert duplicated_accesses.count() == 1
     assert duplicated_accesses.get(user=user).role == "owner"
+
+
+@pytest.mark.parametrize("role", ["editor", "reader"])
+def test_api_documents_duplicate_non_root_document(role):
+    """
+    Non-root documents can be duplicated but without accesses.
+    """
+    user = factories.UserFactory()
+    client = APIClient()
+    client.force_login(user)
+
+    document = factories.DocumentFactory(users=[(user, "owner")])
+    child = factories.DocumentFactory(
+        parent=document, users=[(user, role)], title="document with accesses"
+    )
+
+    assert child.accesses.count() == 1
+
+    # Duplicate the document via the API endpoint requesting to duplicate accesses
+    response = client.post(
+        f"/api/v1.0/documents/{child.id!s}/duplicate/",
+        {"with_accesses": True},
+        format="json",
+    )
+
+    assert response.status_code == 201
+
+    duplicated_document = models.Document.objects.get(id=response.json()["id"])
+    assert duplicated_document.title == "Copy of document with accesses"
+    assert duplicated_document.content == child.content
+    assert duplicated_document.link_reach == child.link_reach
+    assert duplicated_document.link_role == child.link_role
+    assert duplicated_document.creator == user
+    assert duplicated_document.duplicated_from == child
+    assert duplicated_document.attachments == []
+
+    # No access should be created for non root documents
+    duplicated_accesses = duplicated_document.accesses
+    assert duplicated_accesses.count() == 0
+    assert duplicated_document.is_sibling_of(child)
+    assert duplicated_document.is_child_of(document)