Merge remote-tracking branch 'origin/buildpack' into anct

Oops

CHANGELOG.md

@@ -8,27 +8,22 @@ and this project adheres to
 
 ## [Unreleased]
 
-### Added
-
-- ✨(backend) Comments on text editor #1309
-
 ### Changed
 
 - ⚡️(frontend) improve accessibility:
   - #1248
   - #1235
-  - #1275
   - #1255
   - #1262
   - #1244
   - #1270
-  - #1282
 
 ### Fixed
 
 - 🐛(makefile) Windows compatibility fix for Docker volume mounting #1264
 - 🐛(minio) fix user permission error with Minio and Windows #1264
 
+
 ## [3.5.0] - 2025-07-31
 
 ### Added
@@ -39,6 +34,7 @@ and this project adheres to
 - ✨(frontend) add duplicate action to doc tree #1175
 - ✨(frontend) Interlinking doc #904
 - ✨(frontend) add multi columns support for editor #1219
+- ✨(api) add API route to fetch document content #1206
 
 ### Changed
 

Procfile

@@ -0,0 +1,2 @@
+web: bin/buildpack_start.sh
+postdeploy: python manage.py migrate

bin/buildpack_postcompile.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -o errexit    # always exit on error
+set -o pipefail   # don't ignore exit codes when piping output
+
+echo "-----> Running post-compile script"
+
+rm -rf docker docs env.d gitlint src/frontend/apps/e2e
+rm -rf src/frontend/apps
+rm -rf src/frontend/packages
+
+# Remove some of the larger packages required by the frontend only
+rm -rf src/frontend/node_modules/@next src/frontend/node_modules/next src/frontend/node_modules/react-icons src/frontend/node_modules/@gouvfr-lasuite 
+
+# du -ch | sort -rh | head -n 100

bin/buildpack_postfrontend.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -o errexit    # always exit on error
+set -o pipefail   # don't ignore exit codes when piping output
+
+echo "-----> Running post-frontend script"
+
+# Move the frontend build to the nginx root and clean up
+mkdir -p build/
+mv src/frontend/apps/impress/out build/frontend-out
+
+mv src/backend/* ./
+mv src/nginx/* ./
+
+echo "3.13" > .python-version

bin/buildpack_start.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Start the Django backend server
+gunicorn -b :8000 impress.wsgi:application --log-file - &
+
+# Start the Y provider service
+cd src/frontend/servers/y-provider && PORT=4444 ../../.scalingo/node/bin/node dist/start-server.js &
+
+# Start the Nginx server
+bin/run &
+
+# if the current shell is killed, also terminate all its children     
+trap "pkill SIGTERM -P $$" SIGTERM                            
+                                                                   
+# wait for a single child to finish,                               
+wait -n                                                  
+# then kill all the other tasks                          
+pkill -P $$

docker/files/production/etc/nginx/conf.d/default.conf.template

@@ -11,9 +11,6 @@ server {
     server_name localhost;
     charset utf-8;
 
-    # increase max upload size
-    client_max_body_size 10m;
-
     # Disables server version feedback on pages and in headers
     server_tokens off;
 
@@ -71,7 +68,7 @@ server {
         proxy_set_header Host $host;
     }
 
-    location /collaboration/api/ {
+    location  /collaboration/api/ {
         # Collaboration server
         proxy_pass http://${YPROVIDER_HOST}:4444;
         proxy_set_header Host $host;
@@ -98,7 +95,7 @@ server {
 
         add_header Content-Security-Policy "default-src 'none'" always;
     }
-
+    
     location /media-auth {
         proxy_pass http://docs_backend/api/v1.0/documents/media-auth/;
         proxy_set_header X-Forwarded-Proto https;
@@ -112,4 +109,4 @@ server {
         proxy_set_header Content-Length "";
         proxy_set_header X-Original-Method $request_method;
     }
-}
+}

docs/examples/compose/compose.yaml

@@ -7,12 +7,12 @@ services:
       timeout: 2s
       retries: 300
     env_file:
-      - env.d/postgresql
-      - env.d/common
+    - env.d/postgresql
+    - env.d/common
     environment:
-      - PGDATA=/var/lib/postgresql/data/pgdata
+    - PGDATA=/var/lib/postgresql/data/pgdata
     volumes:
-      - ./data/databases/backend:/var/lib/postgresql/data/pgdata
+    - ./data/databases/backend:/var/lib/postgresql/data/pgdata
 
   redis:
     image: redis:8
@@ -22,12 +22,12 @@ services:
     user: ${DOCKER_USER:-1000}
     restart: always
     environment:
-      - DJANGO_CONFIGURATION=Production
+    - DJANGO_CONFIGURATION=Production
     env_file:
-      - env.d/common
-      - env.d/backend
-      - env.d/yprovider
-      - env.d/postgresql
+    - env.d/common
+    - env.d/backend
+    - env.d/yprovider
+    - env.d/postgresql
     healthcheck:
       test: ["CMD", "python", "manage.py", "check"]
       interval: 15s
@@ -45,24 +45,24 @@ services:
     image: lasuite/impress-y-provider:latest
     user: ${DOCKER_USER:-1000}
     env_file:
-      - env.d/common
-      - env.d/yprovider
+    - env.d/common
+    - env.d/yprovider
 
   frontend:
     image: lasuite/impress-frontend:latest
     user: "101"
     entrypoint:
-      - /docker-entrypoint.sh
+    - /docker-entrypoint.sh
     command: ["nginx", "-g", "daemon off;"]
     env_file:
-      - env.d/common
+    - env.d/common
     # Uncomment and set your values if using our nginx proxy example
     #environment:
-    # - VIRTUAL_HOST=${DOCS_HOST} # used by nginx proxy
+    # - VIRTUAL_HOST=${DOCS_HOST} # used by nginx proxy 
     # - VIRTUAL_PORT=8083 # used by nginx proxy
     # - LETSENCRYPT_HOST=${DOCS_HOST} # used by lets encrypt to generate TLS certificate
     volumes:
-      - ./default.conf.template:/etc/nginx/templates/docs.conf.template
+    - ./default.conf.template:/etc/nginx/templates/docs.conf.template
     depends_on:
       backend:
         condition: service_healthy

docs/examples/compose/keycloak/compose.yaml

@@ -7,23 +7,23 @@ services:
       timeout: 2s
       retries: 300
     env_file:
-      - env.d/kc_postgresql
+    - env.d/kc_postgresql
     volumes:
-      - ./data/keycloak:/var/lib/postgresql/data/pgdata
+    - ./data/keycloak:/var/lib/postgresql/data/pgdata
 
   keycloak:
     image: quay.io/keycloak/keycloak:26.1.3
     command: ["start"]
     env_file:
-      - env.d/kc_postgresql
-      - env.d/keycloak
+    - env.d/kc_postgresql
+    - env.d/keycloak
     # Uncomment and set your values if using our nginx proxy example
     # environment:
-    # - VIRTUAL_HOST=id.yourdomain.tld # used by nginx proxy
+    # - VIRTUAL_HOST=id.yourdomain.tld # used by nginx proxy 
     # - VIRTUAL_PORT=8080 # used by nginx proxy
     # - LETSENCRYPT_HOST=id.yourdomain.tld # used by lets encrypt to generate TLS certificate
     depends_on:
-      kc_postgresql:
+      kc_postgresql::
         condition: service_healthy
         restart: true
 # Uncomment if using our nginx proxy example
@@ -33,4 +33,4 @@ services:
 #
 #networks:
 #  proxy-tier:
-#    external: true
+#    external: true

docs/examples/compose/minio/compose.yaml

@@ -2,8 +2,8 @@ services:
   minio:
     image: minio/minio
     environment:
-      - MINIO_ROOT_USER=<set minio root username>
-      - MINIO_ROOT_PASSWORD=<set minio root password>
+    - MINIO_ROOT_USER=<set minio root username>
+    - MINIO_ROOT_PASSWORD=<set minio root password>
     # Uncomment and set your values if using our nginx proxy example
     # - VIRTUAL_HOST=storage.yourdomain.tld # used by nginx proxy 
     # - VIRTUAL_PORT=9000 # used by nginx proxy
@@ -16,12 +16,12 @@ services:
     entrypoint: ""
     command: minio server /data
     volumes:
-      - ./data/minio:/data
+    - ./data/minio:/data
 # Uncomment if using our nginx proxy example
 #    networks:
-#      - proxy-tier
+#    - proxy-tier
 
 # Uncomment if using our nginx proxy example
 #networks:
 #  proxy-tier:
-#    external: true
+#    external: true

docs/examples/compose/nginx-proxy/compose.yaml

@@ -3,28 +3,28 @@ services:
     image: nginxproxy/nginx-proxy
     container_name: nginx-proxy
     ports:
-      - "80:80"
-      - "443:443"
+    - "80:80"
+    - "443:443"
     volumes:
-      - html:/usr/share/nginx/html
-      - certs:/etc/nginx/certs:ro
-      - /var/run/docker.sock:/tmp/docker.sock:ro
+    - html:/usr/share/nginx/html
+    - certs:/etc/nginx/certs:ro
+    - /var/run/docker.sock:/tmp/docker.sock:ro
     networks:
-      - proxy-tier
+    - proxy-tier
 
   acme-companion:
     image: nginxproxy/acme-companion
     container_name: nginx-proxy-acme
     environment:
-      - DEFAULT_EMAIL=mail@yourdomain.tld
+    - DEFAULT_EMAIL=mail@yourdomain.tld
     volumes_from:
-      - nginx-proxy
+    - nginx-proxy
     volumes:
-      - certs:/etc/nginx/certs:rw
-      - acme:/etc/acme.sh
-      - /var/run/docker.sock:/var/run/docker.sock:ro
+    - certs:/etc/nginx/certs:rw
+    - acme:/etc/acme.sh
+    - /var/run/docker.sock:/var/run/docker.sock:ro
     networks:
-      - proxy-tier
+    - proxy-tier
 
 networks:
   proxy-tier:

env.d/production.dist/backend

@@ -43,8 +43,8 @@ OIDC_RP_CLIENT_ID=<client_id>
 OIDC_RP_CLIENT_SECRET=<client secret>
 OIDC_RP_SIGN_ALGO=RS256
 OIDC_RP_SCOPES="openid email"
-#OIDC_USERINFO_SHORTNAME_FIELD
-#OIDC_USERINFO_FULLNAME_FIELDS
+#USER_OIDC_FIELD_TO_SHORTNAME
+#USER_OIDC_FIELDS_TO_FULLNAME
 
 LOGIN_REDIRECT_URL=https://${DOCS_HOST}
 LOGIN_REDIRECT_URL_FAILURE=https://${DOCS_HOST}

src/backend/core/api/permissions.py

@@ -171,19 +171,3 @@ class ResourceAccessPermission(IsAuthenticated):
 
         action = view.action
         return abilities.get(action, False)
-
-
-class CommentPermission(permissions.BasePermission):
-    """Permission class for comments."""
-
-    def has_permission(self, request, view):
-        """Check permission for a given object."""
-        if view.action in ["create", "list"]:
-            document_abilities = view.get_document_or_404().get_abilities(request.user)
-            return document_abilities["comment"]
-
-        return True
-
-    def has_object_permission(self, request, view, obj):
-        """Check permission for a given object."""
-        return obj.get_abilities(request.user).get(view.action, False)

src/backend/core/api/serializers.py

@@ -801,47 +801,3 @@ class MoveDocumentSerializer(serializers.Serializer):
         choices=enums.MoveNodePositionChoices.choices,
         default=enums.MoveNodePositionChoices.LAST_CHILD,
     )
-
-
-class CommentSerializer(serializers.ModelSerializer):
-    """Serialize comments."""
-
-    user = UserLightSerializer(read_only=True)
-    abilities = serializers.SerializerMethodField(read_only=True)
-
-    class Meta:
-        model = models.Comment
-        fields = [
-            "id",
-            "content",
-            "created_at",
-            "updated_at",
-            "user",
-            "document",
-            "abilities",
-        ]
-        read_only_fields = [
-            "id",
-            "created_at",
-            "updated_at",
-            "user",
-            "document",
-            "abilities",
-        ]
-
-    def get_abilities(self, comment) -> dict:
-        """Return abilities of the logged-in user on the instance."""
-        request = self.context.get("request")
-        if request:
-            return comment.get_abilities(request.user)
-        return {}
-
-    def validate(self, attrs):
-        """Validate invitation data."""
-        request = self.context.get("request")
-        user = getattr(request, "user", None)
-
-        attrs["document_id"] = self.context["resource_id"]
-        attrs["user_id"] = user.id if user else None
-
-        return attrs

src/backend/core/api/viewsets.py

@@ -1,6 +1,7 @@
 """API endpoints"""
 # pylint: disable=too-many-lines
 
+import base64
 import json
 import logging
 import uuid
@@ -37,6 +38,15 @@ from rest_framework.throttling import UserRateThrottle
 from core import authentication, choices, enums, models
 from core.services.ai_services import AIService
 from core.services.collaboration_services import CollaborationService
+from core.services.converter_services import (
+    ServiceUnavailableError as YProviderServiceUnavailableError,
+)
+from core.services.converter_services import (
+    ValidationError as YProviderValidationError,
+)
+from core.services.converter_services import (
+    YdocConverter,
+)
 from core.tasks.mail import send_ask_for_access_mail
 from core.utils import extract_attachments, filter_descendants
 
@@ -1477,6 +1487,69 @@ class DocumentViewSet(
                 status=status.HTTP_500_INTERNAL_SERVER_ERROR,
             )
 
+    @drf.decorators.action(
+        detail=True,
+        methods=["get"],
+        url_path="content",
+        name="Get document content in different formats",
+    )
+    def content(self, request, pk=None):
+        """
+        Retrieve document content in different formats (JSON, Markdown, HTML).
+
+        Query parameters:
+        - content_format: The desired output format (json, markdown, html)
+
+        Returns:
+            JSON response with content in the specified format.
+        """
+
+        document = self.get_object()
+
+        content_format = request.query_params.get("content_format", "json").lower()
+        if content_format not in {"json", "markdown", "html"}:
+            raise drf.exceptions.ValidationError(
+                "Invalid format. Must be one of: json, markdown, html"
+            )
+
+        # Get the base64 content from the document
+        content = None
+        base64_content = document.content
+        if base64_content is not None:
+            # Convert using the y-provider service
+            try:
+                yprovider = YdocConverter()
+                result = yprovider.convert(
+                    base64.b64decode(base64_content),
+                    "application/vnd.yjs.doc",
+                    {
+                        "markdown": "text/markdown",
+                        "html": "text/html",
+                        "json": "application/json",
+                    }[content_format],
+                )
+                content = result
+            except YProviderValidationError as e:
+                return drf_response.Response(
+                    {"error": str(e)}, status=status.HTTP_400_BAD_REQUEST
+                )
+            except YProviderServiceUnavailableError as e:
+                logger.error("Error getting content for document %s: %s", pk, e)
+                return drf_response.Response(
+                    {"error": "Failed to get document content"},
+                    status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                )
+
+        return drf_response.Response(
+            {
+                "id": str(document.id),
+                "title": document.title,
+                "content": content,
+                "created_at": document.created_at,
+                "updated_at": document.updated_at,
+            }
+        )
+
 
 class DocumentAccessViewSet(
     ResourceAccessViewsetMixin,
@@ -2072,36 +2145,3 @@ class ConfigView(drf.views.APIView):
             )
 
         return theme_customization
-
-
-class CommentViewSet(
-    viewsets.ModelViewSet,
-):
-    """API ViewSet for comments."""
-
-    permission_classes = [permissions.CommentPermission]
-    queryset = models.Comment.objects.select_related("user", "document").all()
-    serializer_class = serializers.CommentSerializer
-    pagination_class = Pagination
-    _document = None
-
-    def get_document_or_404(self):
-        """Get the document related to the viewset or raise a 404 error."""
-        if self._document is None:
-            try:
-                self._document = models.Document.objects.get(
-                    pk=self.kwargs["resource_id"],
-                )
-            except models.Document.DoesNotExist as e:
-                raise drf.exceptions.NotFound("Document not found.") from e
-        return self._document
-
-    def get_serializer_context(self):
-        """Extra context provided to the serializer class."""
-        context = super().get_serializer_context()
-        context["resource_id"] = self.kwargs["resource_id"]
-        return context
-
-    def get_queryset(self):
-        """Return the queryset according to the action."""
-        return super().get_queryset().filter(document=self.kwargs["resource_id"])

src/backend/core/choices.py

@@ -33,7 +33,6 @@ class LinkRoleChoices(PriorityTextChoices):
     """Defines the possible roles a link can offer on a document."""
 
     READER = "reader", _("Reader")  # Can read
-    COMMENTATOR = "commentator", _("Commentator")  # Can read and comment
     EDITOR = "editor", _("Editor")  # Can read and edit
 
 
@@ -41,7 +40,6 @@ class RoleChoices(PriorityTextChoices):
     """Defines the possible roles a user can have in a resource."""
 
     READER = "reader", _("Reader")  # Can read
-    COMMENTATOR = "commentator", _("Commentator")  # Can read and comment
     EDITOR = "editor", _("Editor")  # Can read and edit
     ADMIN = "administrator", _("Administrator")  # Can read, edit, delete and share
     OWNER = "owner", _("Owner")

src/backend/core/factories.py

@@ -256,14 +256,3 @@ class InvitationFactory(factory.django.DjangoModelFactory):
     document = factory.SubFactory(DocumentFactory)
     role = factory.fuzzy.FuzzyChoice([role[0] for role in models.RoleChoices.choices])
     issuer = factory.SubFactory(UserFactory)
-
-
-class CommentFactory(factory.django.DjangoModelFactory):
-    """A factory to create comments for a document"""
-
-    class Meta:
-        model = models.Comment
-
-    document = factory.SubFactory(DocumentFactory)
-    user = factory.SubFactory(UserFactory)
-    content = factory.Faker("text")

src/backend/core/migrations/0025_alter_document_link_role_alter_documentaccess_role_and_more.py

@@ -1,146 +0,0 @@
-# Generated by Django 5.2.4 on 2025-08-26 08:11
-
-import uuid
-
-import django.db.models.deletion
-from django.conf import settings
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("core", "0024_add_is_masked_field_to_link_trace"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="document",
-            name="link_role",
-            field=models.CharField(
-                choices=[
-                    ("reader", "Reader"),
-                    ("commentator", "Commentator"),
-                    ("editor", "Editor"),
-                ],
-                default="reader",
-                max_length=20,
-            ),
-        ),
-        migrations.AlterField(
-            model_name="documentaccess",
-            name="role",
-            field=models.CharField(
-                choices=[
-                    ("reader", "Reader"),
-                    ("commentator", "Commentator"),
-                    ("editor", "Editor"),
-                    ("administrator", "Administrator"),
-                    ("owner", "Owner"),
-                ],
-                default="reader",
-                max_length=20,
-            ),
-        ),
-        migrations.AlterField(
-            model_name="documentaskforaccess",
-            name="role",
-            field=models.CharField(
-                choices=[
-                    ("reader", "Reader"),
-                    ("commentator", "Commentator"),
-                    ("editor", "Editor"),
-                    ("administrator", "Administrator"),
-                    ("owner", "Owner"),
-                ],
-                default="reader",
-                max_length=20,
-            ),
-        ),
-        migrations.AlterField(
-            model_name="invitation",
-            name="role",
-            field=models.CharField(
-                choices=[
-                    ("reader", "Reader"),
-                    ("commentator", "Commentator"),
-                    ("editor", "Editor"),
-                    ("administrator", "Administrator"),
-                    ("owner", "Owner"),
-                ],
-                default="reader",
-                max_length=20,
-            ),
-        ),
-        migrations.AlterField(
-            model_name="templateaccess",
-            name="role",
-            field=models.CharField(
-                choices=[
-                    ("reader", "Reader"),
-                    ("commentator", "Commentator"),
-                    ("editor", "Editor"),
-                    ("administrator", "Administrator"),
-                    ("owner", "Owner"),
-                ],
-                default="reader",
-                max_length=20,
-            ),
-        ),
-        migrations.CreateModel(
-            name="Comment",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        help_text="primary key for the record as UUID",
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="id",
-                    ),
-                ),
-                (
-                    "created_at",
-                    models.DateTimeField(
-                        auto_now_add=True,
-                        help_text="date and time at which a record was created",
-                        verbose_name="created on",
-                    ),
-                ),
-                (
-                    "updated_at",
-                    models.DateTimeField(
-                        auto_now=True,
-                        help_text="date and time at which a record was last updated",
-                        verbose_name="updated on",
-                    ),
-                ),
-                ("content", models.TextField()),
-                (
-                    "document",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        related_name="comments",
-                        to="core.document",
-                    ),
-                ),
-                (
-                    "user",
-                    models.ForeignKey(
-                        blank=True,
-                        null=True,
-                        on_delete=django.db.models.deletion.SET_NULL,
-                        related_name="comments",
-                        to=settings.AUTH_USER_MODEL,
-                    ),
-                ),
-            ],
-            options={
-                "verbose_name": "Comment",
-                "verbose_name_plural": "Comments",
-                "db_table": "impress_comment",
-                "ordering": ("-created_at",),
-            },
-        ),
-    ]

src/backend/core/models.py

@@ -762,7 +762,6 @@ class Document(MP_Node, BaseModel):
         can_update = (
             is_owner_or_admin or role == RoleChoices.EDITOR
         ) and not is_deleted
-        can_comment = (can_update or role == RoleChoices.COMMENTATOR) and not is_deleted
 
         ai_allow_reach_from = settings.AI_ALLOW_REACH_FROM
         ai_access = any(
@@ -787,7 +786,7 @@ class Document(MP_Node, BaseModel):
             "children_list": can_get,
             "children_create": can_update and user.is_authenticated,
             "collaboration_auth": can_get,
-            "comment": can_comment,
+            "content": can_get,
             "cors_proxy": can_get,
             "descendants": can_get,
             "destroy": is_owner,
@@ -1147,12 +1146,7 @@ class DocumentAccess(BaseAccess):
             set_role_to = []
             if is_owner_or_admin:
                 set_role_to.extend(
-                    [
-                        RoleChoices.READER,
-                        RoleChoices.COMMENTATOR,
-                        RoleChoices.EDITOR,
-                        RoleChoices.ADMIN,
-                    ]
+                    [RoleChoices.READER, RoleChoices.EDITOR, RoleChoices.ADMIN]
                 )
             if role == RoleChoices.OWNER:
                 set_role_to.append(RoleChoices.OWNER)
@@ -1284,48 +1278,6 @@ class DocumentAskForAccess(BaseModel):
         self.document.send_email(subject, [email], context, language)
 
 
-class Comment(BaseModel):
-    """User comment on a document."""
-
-    document = models.ForeignKey(
-        Document,
-        on_delete=models.CASCADE,
-        related_name="comments",
-    )
-    user = models.ForeignKey(
-        User,
-        on_delete=models.SET_NULL,
-        related_name="comments",
-        null=True,
-        blank=True,
-    )
-    content = models.TextField()
-
-    class Meta:
-        db_table = "impress_comment"
-        ordering = ("-created_at",)
-        verbose_name = _("Comment")
-        verbose_name_plural = _("Comments")
-
-    def __str__(self):
-        author = self.user or _("Anonymous")
-        return f"{author!s} on {self.document!s}"
-
-    def get_abilities(self, user):
-        """Compute and return abilities for a given user."""
-        role = self.document.get_role(user)
-        can_comment = self.document.get_abilities(user)["comment"]
-        return {
-            "destroy": self.user == user
-            or role in [RoleChoices.OWNER, RoleChoices.ADMIN],
-            "update": self.user == user
-            or role in [RoleChoices.OWNER, RoleChoices.ADMIN],
-            "partial_update": self.user == user
-            or role in [RoleChoices.OWNER, RoleChoices.ADMIN],
-            "retrieve": can_comment,
-        }
-
-
 class Template(BaseModel):
     """HTML and CSS code used for formatting the print around the MarkDown body."""
 

src/backend/core/services/converter_services.py

@@ -1,4 +1,4 @@
-"""Converter services."""
+"""Y-Provider API services."""
 
 from base64 import b64encode
 
@@ -28,25 +28,44 @@ class YdocConverter:
         # Note: Yprovider microservice accepts only raw token, which is not recommended
         return f"Bearer {settings.Y_PROVIDER_API_KEY}"
 
-    def convert(self, text):
+    def _request(self, url, data, content_type, accept):
+        """Make a request to the Y-Provider API."""
+        response = requests.post(
+            url,
+            data=data,
+            headers={
+                "Authorization": self.auth_header,
+                "Content-Type": content_type,
+                "Accept": accept,
+            },
+            timeout=settings.CONVERSION_API_TIMEOUT,
+            verify=settings.CONVERSION_API_SECURE,
+        )
+        response.raise_for_status()
+        return response
+
+    def convert(
+        self, text, content_type="text/markdown", accept="application/vnd.yjs.doc"
+    ):
         """Convert a Markdown text into our internal format using an external microservice."""
 
         if not text:
             raise ValidationError("Input text cannot be empty")
 
         try:
-            response = requests.post(
+            response = self._request(
                 f"{settings.Y_PROVIDER_API_BASE_URL}{settings.CONVERSION_API_ENDPOINT}/",
-                data=text,
-                headers={
-                    "Authorization": self.auth_header,
-                    "Content-Type": "text/markdown",
-                },
-                timeout=settings.CONVERSION_API_TIMEOUT,
-                verify=settings.CONVERSION_API_SECURE,
+                text,
+                content_type,
+                accept,
             )
-            response.raise_for_status()
-            return b64encode(response.content).decode("utf-8")
+            if accept == "application/vnd.yjs.doc":
+                return b64encode(response.content).decode("utf-8")
+            if accept in {"text/markdown", "text/html"}:
+                return response.text
+            if accept == "application/json":
+                return response.json()
+            raise ValidationError("Unsupported format")
         except requests.RequestException as err:
             raise ServiceUnavailableError(
                 "Failed to connect to conversion service",

src/backend/core/tests/documents/test_api_document_accesses.py

@@ -292,7 +292,6 @@ def test_api_document_accesses_retrieve_set_role_to_child():
     }
     assert result_dict[str(document_access_other_user.id)] == [
         "reader",
-        "commentator",
         "editor",
         "administrator",
         "owner",
@@ -301,7 +300,7 @@ def test_api_document_accesses_retrieve_set_role_to_child():
 
     # Add an access for the other user on the parent
     parent_access_other_user = factories.UserDocumentAccessFactory(
-        document=parent, user=other_user, role="commentator"
+        document=parent, user=other_user, role="editor"
     )
 
     response = client.get(f"/api/v1.0/documents/{document.id!s}/accesses/")
@@ -314,7 +313,6 @@ def test_api_document_accesses_retrieve_set_role_to_child():
         result["id"]: result["abilities"]["set_role_to"] for result in content
     }
     assert result_dict[str(document_access_other_user.id)] == [
-        "commentator",
         "editor",
         "administrator",
         "owner",
@@ -322,7 +320,6 @@ def test_api_document_accesses_retrieve_set_role_to_child():
     assert result_dict[str(parent_access.id)] == []
     assert result_dict[str(parent_access_other_user.id)] == [
         "reader",
-        "commentator",
         "editor",
         "administrator",
         "owner",
@@ -335,28 +332,28 @@ def test_api_document_accesses_retrieve_set_role_to_child():
         [
             ["administrator", "reader", "reader", "reader"],
             [
-                ["reader", "commentator", "editor", "administrator"],
+                ["reader", "editor", "administrator"],
                 [],
                 [],
-                ["reader", "commentator", "editor", "administrator"],
+                ["reader", "editor", "administrator"],
             ],
         ],
         [
             ["owner", "reader", "reader", "reader"],
             [
-                ["reader", "commentator", "editor", "administrator", "owner"],
+                ["reader", "editor", "administrator", "owner"],
                 [],
                 [],
-                ["reader", "commentator", "editor", "administrator", "owner"],
+                ["reader", "editor", "administrator", "owner"],
             ],
         ],
         [
             ["owner", "reader", "reader", "owner"],
             [
-                ["reader", "commentator", "editor", "administrator", "owner"],
+                ["reader", "editor", "administrator", "owner"],
                 [],
                 [],
-                ["reader", "commentator", "editor", "administrator", "owner"],
+                ["reader", "editor", "administrator", "owner"],
             ],
         ],
     ],
@@ -417,44 +414,44 @@ def test_api_document_accesses_list_authenticated_related_same_user(roles, resul
         [
             ["administrator", "reader", "reader", "reader"],
             [
-                ["reader", "commentator", "editor", "administrator"],
+                ["reader", "editor", "administrator"],
                 [],
                 [],
-                ["reader", "commentator", "editor", "administrator"],
+                ["reader", "editor", "administrator"],
             ],
         ],
         [
             ["owner", "reader", "reader", "reader"],
             [
-                ["reader", "commentator", "editor", "administrator", "owner"],
+                ["reader", "editor", "administrator", "owner"],
                 [],
                 [],
-                ["reader", "commentator", "editor", "administrator", "owner"],
+                ["reader", "editor", "administrator", "owner"],
             ],
         ],
         [
             ["owner", "reader", "reader", "owner"],
             [
-                ["reader", "commentator", "editor", "administrator", "owner"],
+                ["reader", "editor", "administrator", "owner"],
                 [],
                 [],
-                ["reader", "commentator", "editor", "administrator", "owner"],
+                ["reader", "editor", "administrator", "owner"],
             ],
         ],
         [
             ["reader", "reader", "reader", "owner"],
             [
-                ["reader", "commentator", "editor", "administrator", "owner"],
+                ["reader", "editor", "administrator", "owner"],
                 [],
                 [],
-                ["reader", "commentator", "editor", "administrator", "owner"],
+                ["reader", "editor", "administrator", "owner"],
             ],
         ],
         [
             ["reader", "administrator", "reader", "editor"],
             [
-                ["reader", "commentator", "editor", "administrator"],
-                ["reader", "commentator", "editor", "administrator"],
+                ["reader", "editor", "administrator"],
+                ["reader", "editor", "administrator"],
                 [],
                 [],
             ],
@@ -462,7 +459,7 @@ def test_api_document_accesses_list_authenticated_related_same_user(roles, resul
         [
             ["editor", "editor", "administrator", "editor"],
             [
-                ["reader", "commentator", "editor", "administrator"],
+                ["reader", "editor", "administrator"],
                 [],
                 ["editor", "administrator"],
                 [],

src/backend/core/tests/documents/test_api_documents_comments.py

@@ -1,588 +0,0 @@
-"""Test API for comments on documents."""
-
-import random
-
-from django.contrib.auth.models import AnonymousUser
-
-import pytest
-from rest_framework.test import APIClient
-
-from core import factories, models
-
-pytestmark = pytest.mark.django_db
-
-# List comments
-
-
-def test_list_comments_anonymous_user_public_document():
-    """Anonymous users should be allowed to list comments on a public document."""
-    document = factories.DocumentFactory(
-        link_reach="public", link_role=models.LinkRoleChoices.COMMENTATOR
-    )
-    comment1, comment2 = factories.CommentFactory.create_batch(2, document=document)
-    # other comments not linked to the document
-    factories.CommentFactory.create_batch(2)
-
-    response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/comments/")
-    assert response.status_code == 200
-    assert response.json() == {
-        "count": 2,
-        "next": None,
-        "previous": None,
-        "results": [
-            {
-                "id": str(comment2.id),
-                "content": comment2.content,
-                "created_at": comment2.created_at.isoformat().replace("+00:00", "Z"),
-                "updated_at": comment2.updated_at.isoformat().replace("+00:00", "Z"),
-                "user": {
-                    "full_name": comment2.user.full_name,
-                    "short_name": comment2.user.short_name,
-                },
-                "document": str(comment2.document.id),
-                "abilities": comment2.get_abilities(AnonymousUser()),
-            },
-            {
-                "id": str(comment1.id),
-                "content": comment1.content,
-                "created_at": comment1.created_at.isoformat().replace("+00:00", "Z"),
-                "updated_at": comment1.updated_at.isoformat().replace("+00:00", "Z"),
-                "user": {
-                    "full_name": comment1.user.full_name,
-                    "short_name": comment1.user.short_name,
-                },
-                "document": str(comment1.document.id),
-                "abilities": comment1.get_abilities(AnonymousUser()),
-            },
-        ],
-    }
-
-
-@pytest.mark.parametrize("link_reach", ["restricted", "authenticated"])
-def test_list_comments_anonymous_user_non_public_document(link_reach):
-    """Anonymous users should not be allowed to list comments on a non-public document."""
-    document = factories.DocumentFactory(
-        link_reach=link_reach, link_role=models.LinkRoleChoices.COMMENTATOR
-    )
-    factories.CommentFactory(document=document)
-    # other comments not linked to the document
-    factories.CommentFactory.create_batch(2)
-
-    response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/comments/")
-    assert response.status_code == 401
-
-
-def test_list_comments_authenticated_user_accessible_document():
-    """Authenticated users should be allowed to list comments on an accessible document."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTATOR)]
-    )
-    comment1 = factories.CommentFactory(document=document)
-    comment2 = factories.CommentFactory(document=document, user=user)
-    # other comments not linked to the document
-    factories.CommentFactory.create_batch(2)
-
-    client = APIClient()
-    client.force_login(user)
-
-    response = client.get(f"/api/v1.0/documents/{document.id!s}/comments/")
-    assert response.status_code == 200
-    assert response.json() == {
-        "count": 2,
-        "next": None,
-        "previous": None,
-        "results": [
-            {
-                "id": str(comment2.id),
-                "content": comment2.content,
-                "created_at": comment2.created_at.isoformat().replace("+00:00", "Z"),
-                "updated_at": comment2.updated_at.isoformat().replace("+00:00", "Z"),
-                "user": {
-                    "full_name": comment2.user.full_name,
-                    "short_name": comment2.user.short_name,
-                },
-                "document": str(comment2.document.id),
-                "abilities": comment2.get_abilities(user),
-            },
-            {
-                "id": str(comment1.id),
-                "content": comment1.content,
-                "created_at": comment1.created_at.isoformat().replace("+00:00", "Z"),
-                "updated_at": comment1.updated_at.isoformat().replace("+00:00", "Z"),
-                "user": {
-                    "full_name": comment1.user.full_name,
-                    "short_name": comment1.user.short_name,
-                },
-                "document": str(comment1.document.id),
-                "abilities": comment1.get_abilities(user),
-            },
-        ],
-    }
-
-
-def test_list_comments_authenticated_user_non_accessible_document():
-    """Authenticated users should not be allowed to list comments on a non-accessible document."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(link_reach="restricted")
-    factories.CommentFactory(document=document)
-    # other comments not linked to the document
-    factories.CommentFactory.create_batch(2)
-
-    client = APIClient()
-    client.force_login(user)
-
-    response = client.get(f"/api/v1.0/documents/{document.id!s}/comments/")
-    assert response.status_code == 403
-
-
-def test_list_comments_authenticated_user_not_enough_access():
-    """
-    Authenticated users should not be allowed to list comments on a document they don't have
-    comment access to.
-    """
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_reach="restricted", users=[(user, models.LinkRoleChoices.READER)]
-    )
-    factories.CommentFactory(document=document)
-    # other comments not linked to the document
-    factories.CommentFactory.create_batch(2)
-
-    client = APIClient()
-    client.force_login(user)
-
-    response = client.get(f"/api/v1.0/documents/{document.id!s}/comments/")
-    assert response.status_code == 403
-
-
-# Create comment
-
-
-def test_create_comment_anonymous_user_public_document():
-    """Anonymous users should not be allowed to create comments on a public document."""
-    document = factories.DocumentFactory(
-        link_reach="public", link_role=models.LinkRoleChoices.COMMENTATOR
-    )
-    client = APIClient()
-    response = client.post(
-        f"/api/v1.0/documents/{document.id!s}/comments/", {"content": "test"}
-    )
-
-    assert response.status_code == 201
-
-    assert response.json() == {
-        "id": str(response.json()["id"]),
-        "content": "test",
-        "created_at": response.json()["created_at"],
-        "updated_at": response.json()["updated_at"],
-        "user": None,
-        "document": str(document.id),
-        "abilities": {
-            "destroy": False,
-            "update": False,
-            "partial_update": False,
-            "retrieve": True,
-        },
-    }
-
-
-def test_create_comment_anonymous_user_non_accessible_document():
-    """Anonymous users should not be allowed to create comments on a non-accessible document."""
-    document = factories.DocumentFactory(
-        link_reach="public", link_role=models.LinkRoleChoices.READER
-    )
-    client = APIClient()
-    response = client.post(
-        f"/api/v1.0/documents/{document.id!s}/comments/", {"content": "test"}
-    )
-
-    assert response.status_code == 401
-
-
-def test_create_comment_authenticated_user_accessible_document():
-    """Authenticated users should be allowed to create comments on an accessible document."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTATOR)]
-    )
-    client = APIClient()
-    client.force_login(user)
-    response = client.post(
-        f"/api/v1.0/documents/{document.id!s}/comments/", {"content": "test"}
-    )
-    assert response.status_code == 201
-
-    assert response.json() == {
-        "id": str(response.json()["id"]),
-        "content": "test",
-        "created_at": response.json()["created_at"],
-        "updated_at": response.json()["updated_at"],
-        "user": {
-            "full_name": user.full_name,
-            "short_name": user.short_name,
-        },
-        "document": str(document.id),
-        "abilities": {
-            "destroy": True,
-            "update": True,
-            "partial_update": True,
-            "retrieve": True,
-        },
-    }
-
-
-def test_create_comment_authenticated_user_not_enough_access():
-    """
-    Authenticated users should not be allowed to create comments on a document they don't have
-    comment access to.
-    """
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_reach="restricted", users=[(user, models.LinkRoleChoices.READER)]
-    )
-    client = APIClient()
-    client.force_login(user)
-    response = client.post(
-        f"/api/v1.0/documents/{document.id!s}/comments/", {"content": "test"}
-    )
-    assert response.status_code == 403
-
-
-# Retrieve comment
-
-
-def test_retrieve_comment_anonymous_user_public_document():
-    """Anonymous users should be allowed to retrieve comments on a public document."""
-    document = factories.DocumentFactory(
-        link_reach="public", link_role=models.LinkRoleChoices.COMMENTATOR
-    )
-    comment = factories.CommentFactory(document=document)
-    client = APIClient()
-    response = client.get(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
-    )
-    assert response.status_code == 200
-    assert response.json() == {
-        "id": str(comment.id),
-        "content": comment.content,
-        "created_at": comment.created_at.isoformat().replace("+00:00", "Z"),
-        "updated_at": comment.updated_at.isoformat().replace("+00:00", "Z"),
-        "user": {
-            "full_name": comment.user.full_name,
-            "short_name": comment.user.short_name,
-        },
-        "document": str(comment.document.id),
-        "abilities": comment.get_abilities(AnonymousUser()),
-    }
-
-
-def test_retrieve_comment_anonymous_user_non_accessible_document():
-    """Anonymous users should not be allowed to retrieve comments on a non-accessible document."""
-    document = factories.DocumentFactory(
-        link_reach="public", link_role=models.LinkRoleChoices.READER
-    )
-    comment = factories.CommentFactory(document=document)
-    client = APIClient()
-    response = client.get(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
-    )
-    assert response.status_code == 401
-
-
-def test_retrieve_comment_authenticated_user_accessible_document():
-    """Authenticated users should be allowed to retrieve comments on an accessible document."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTATOR)]
-    )
-    comment = factories.CommentFactory(document=document)
-    client = APIClient()
-    client.force_login(user)
-    response = client.get(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
-    )
-    assert response.status_code == 200
-
-
-def test_retrieve_comment_authenticated_user_not_enough_access():
-    """
-    Authenticated users should not be allowed to retrieve comments on a document they don't have
-    comment access to.
-    """
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_reach="restricted", users=[(user, models.LinkRoleChoices.READER)]
-    )
-    comment = factories.CommentFactory(document=document)
-    client = APIClient()
-    client.force_login(user)
-    response = client.get(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
-    )
-    assert response.status_code == 403
-
-
-# Update comment
-
-
-def test_update_comment_anonymous_user_public_document():
-    """Anonymous users should not be allowed to update comments on a public document."""
-    document = factories.DocumentFactory(
-        link_reach="public", link_role=models.LinkRoleChoices.COMMENTATOR
-    )
-    comment = factories.CommentFactory(document=document, content="test")
-    client = APIClient()
-    response = client.put(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
-        {"content": "other content"},
-    )
-    assert response.status_code == 401
-
-
-def test_update_comment_anonymous_user_non_accessible_document():
-    """Anonymous users should not be allowed to update comments on a non-accessible document."""
-    document = factories.DocumentFactory(
-        link_reach="public", link_role=models.LinkRoleChoices.READER
-    )
-    comment = factories.CommentFactory(document=document, content="test")
-    client = APIClient()
-    response = client.put(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
-        {"content": "other content"},
-    )
-    assert response.status_code == 401
-
-
-def test_update_comment_authenticated_user_accessible_document():
-    """Authenticated users should not be able to update comments not their own."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_reach="restricted",
-        users=[
-            (
-                user,
-                random.choice(
-                    [models.LinkRoleChoices.COMMENTATOR, models.LinkRoleChoices.EDITOR]
-                ),
-            )
-        ],
-    )
-    comment = factories.CommentFactory(document=document, content="test")
-    client = APIClient()
-    client.force_login(user)
-    response = client.put(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
-        {"content": "other content"},
-    )
-    assert response.status_code == 403
-
-
-def test_update_comment_authenticated_user_own_comment():
-    """Authenticated users should be able to update comments not their own."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_reach="restricted",
-        users=[
-            (
-                user,
-                random.choice(
-                    [models.LinkRoleChoices.COMMENTATOR, models.LinkRoleChoices.EDITOR]
-                ),
-            )
-        ],
-    )
-    comment = factories.CommentFactory(document=document, content="test", user=user)
-    client = APIClient()
-    client.force_login(user)
-    response = client.put(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
-        {"content": "other content"},
-    )
-    assert response.status_code == 200
-
-    comment.refresh_from_db()
-    assert comment.content == "other content"
-
-
-def test_update_comment_authenticated_user_not_enough_access():
-    """
-    Authenticated users should not be allowed to update comments on a document they don't
-    have comment access to.
-    """
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_reach="restricted", users=[(user, models.LinkRoleChoices.READER)]
-    )
-    comment = factories.CommentFactory(document=document, content="test")
-    client = APIClient()
-    client.force_login(user)
-    response = client.put(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
-        {"content": "other content"},
-    )
-    assert response.status_code == 403
-
-
-def test_update_comment_authenticated_no_access():
-    """
-    Authenticated users should not be allowed to update comments on a document they don't
-    have access to.
-    """
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(link_reach="restricted")
-    comment = factories.CommentFactory(document=document, content="test")
-    client = APIClient()
-    client.force_login(user)
-    response = client.put(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
-        {"content": "other content"},
-    )
-    assert response.status_code == 403
-
-
-@pytest.mark.parametrize("role", [models.RoleChoices.ADMIN, models.RoleChoices.OWNER])
-def test_update_comment_authenticated_admin_or_owner_can_update_any_comment(role):
-    """
-    Authenticated users should be able to update comments on a document they don't have access to.
-    """
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(users=[(user, role)])
-    comment = factories.CommentFactory(document=document, content="test")
-    client = APIClient()
-    client.force_login(user)
-
-    response = client.put(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
-        {"content": "other content"},
-    )
-    assert response.status_code == 200
-
-    comment.refresh_from_db()
-    assert comment.content == "other content"
-
-
-@pytest.mark.parametrize("role", [models.RoleChoices.ADMIN, models.RoleChoices.OWNER])
-def test_update_comment_authenticated_admin_or_owner_can_update_own_comment(role):
-    """
-    Authenticated users should be able to update comments on a document they don't have access to.
-    """
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(users=[(user, role)])
-    comment = factories.CommentFactory(document=document, content="test", user=user)
-    client = APIClient()
-    client.force_login(user)
-
-    response = client.put(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
-        {"content": "other content"},
-    )
-    assert response.status_code == 200
-
-    comment.refresh_from_db()
-    assert comment.content == "other content"
-
-
-# Delete comment
-
-
-def test_delete_comment_anonymous_user_public_document():
-    """Anonymous users should not be allowed to delete comments on a public document."""
-    document = factories.DocumentFactory(
-        link_reach="public", link_role=models.LinkRoleChoices.COMMENTATOR
-    )
-    comment = factories.CommentFactory(document=document)
-    client = APIClient()
-    response = client.delete(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
-    )
-    assert response.status_code == 401
-
-
-def test_delete_comment_anonymous_user_non_accessible_document():
-    """Anonymous users should not be allowed to delete comments on a non-accessible document."""
-    document = factories.DocumentFactory(
-        link_reach="public", link_role=models.LinkRoleChoices.READER
-    )
-    comment = factories.CommentFactory(document=document)
-    client = APIClient()
-    response = client.delete(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
-    )
-    assert response.status_code == 401
-
-
-def test_delete_comment_authenticated_user_accessible_document_own_comment():
-    """Authenticated users should be able to delete comments on an accessible document."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTATOR)]
-    )
-    comment = factories.CommentFactory(document=document, user=user)
-    client = APIClient()
-    client.force_login(user)
-    response = client.delete(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
-    )
-    assert response.status_code == 204
-
-
-def test_delete_comment_authenticated_user_accessible_document_not_own_comment():
-    """Authenticated users should not be able to delete comments on an accessible document."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTATOR)]
-    )
-    comment = factories.CommentFactory(document=document)
-    client = APIClient()
-    client.force_login(user)
-    response = client.delete(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
-    )
-    assert response.status_code == 403
-
-
-@pytest.mark.parametrize("role", [models.RoleChoices.ADMIN, models.RoleChoices.OWNER])
-def test_delete_comment_authenticated_user_admin_or_owner_can_delete_any_comment(role):
-    """Authenticated users should be able to delete comments on a document they have access to."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(users=[(user, role)])
-    comment = factories.CommentFactory(document=document)
-    client = APIClient()
-    client.force_login(user)
-    response = client.delete(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
-    )
-    assert response.status_code == 204
-
-
-@pytest.mark.parametrize("role", [models.RoleChoices.ADMIN, models.RoleChoices.OWNER])
-def test_delete_comment_authenticated_user_admin_or_owner_can_delete_own_comment(role):
-    """Authenticated users should be able to delete comments on a document they have access to."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(users=[(user, role)])
-    comment = factories.CommentFactory(document=document, user=user)
-    client = APIClient()
-    client.force_login(user)
-    response = client.delete(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
-    )
-    assert response.status_code == 204
-
-
-def test_delete_comment_authenticated_user_not_enough_access():
-    """
-    Authenticated users should not be able to delete comments on a document they don't
-    have access to.
-    """
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_reach="restricted", users=[(user, models.LinkRoleChoices.READER)]
-    )
-    comment = factories.CommentFactory(document=document)
-    client = APIClient()
-    client.force_login(user)
-    response = client.delete(
-        f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
-    )
-    assert response.status_code == 403

src/backend/core/tests/documents/test_api_documents_content.py

@@ -0,0 +1,176 @@
+"""
+Tests for Documents API endpoint in impress's core app: content
+"""
+
+import base64
+from unittest.mock import patch
+
+import pytest
+import requests
+from rest_framework import status
+from rest_framework.test import APIClient
+
+from core import factories
+
+pytestmark = pytest.mark.django_db
+
+
+@pytest.mark.parametrize(
+    "reach, role",
+    [
+        ("public", "reader"),
+        ("public", "editor"),
+    ],
+)
+@patch("core.services.converter_services.YdocConverter.convert")
+def test_api_documents_content_public(mock_content, reach, role):
+    """Anonymous users should be allowed to access content of public documents."""
+    document = factories.DocumentFactory(link_reach=reach, link_role=role)
+    mock_content.return_value = {"some": "data"}
+
+    response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/content/")
+
+    assert response.status_code == status.HTTP_200_OK
+    data = response.json()
+    assert data["id"] == str(document.id)
+    assert data["title"] == document.title
+    assert data["content"] == {"some": "data"}
+    mock_content.assert_called_once_with(
+        base64.b64decode(document.content),
+        "application/vnd.yjs.doc",
+        "application/json",
+    )
+
+
+@pytest.mark.parametrize(
+    "reach, doc_role, user_role",
+    [
+        ("restricted", "reader", "reader"),
+        ("restricted", "reader", "editor"),
+        ("restricted", "reader", "administrator"),
+        ("restricted", "reader", "owner"),
+        ("restricted", "editor", "reader"),
+        ("restricted", "editor", "editor"),
+        ("restricted", "editor", "administrator"),
+        ("restricted", "editor", "owner"),
+        ("authenticated", "reader", None),
+        ("authenticated", "editor", None),
+    ],
+)
+@patch("core.services.converter_services.YdocConverter.convert")
+def test_api_documents_content_not_public(mock_content, reach, doc_role, user_role):
+    """Authenticated users need access to get non-public document content."""
+    user = factories.UserFactory()
+    document = factories.DocumentFactory(link_reach=reach, link_role=doc_role)
+    mock_content.return_value = {"some": "data"}
+
+    # First anonymous request should fail
+    client = APIClient()
+    response = client.get(f"/api/v1.0/documents/{document.id!s}/content/")
+
+    assert response.status_code == status.HTTP_401_UNAUTHORIZED
+    mock_content.assert_not_called()
+
+    # Login and try again
+    client.force_login(user)
+    response = client.get(f"/api/v1.0/documents/{document.id!s}/content/")
+
+    # If restricted, we still should not have access
+    if user_role is not None:
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+        mock_content.assert_not_called()
+
+        # Create an access as a reader. This should unlock the access.
+        factories.UserDocumentAccessFactory(
+            document=document, user=user, role=user_role
+        )
+
+        response = client.get(f"/api/v1.0/documents/{document.id!s}/content/")
+
+    assert response.status_code == status.HTTP_200_OK
+    data = response.json()
+    assert data["id"] == str(document.id)
+    assert data["title"] == document.title
+    assert data["content"] == {"some": "data"}
+    mock_content.assert_called_once_with(
+        base64.b64decode(document.content),
+        "application/vnd.yjs.doc",
+        "application/json",
+    )
+
+
+@pytest.mark.parametrize(
+    "content_format, accept",
+    [
+        ("markdown", "text/markdown"),
+        ("html", "text/html"),
+        ("json", "application/json"),
+    ],
+)
+@patch("core.services.converter_services.YdocConverter.convert")
+def test_api_documents_content_format(mock_content, content_format, accept):
+    """Test that the content endpoint returns a specific format."""
+    document = factories.DocumentFactory(link_reach="public")
+    mock_content.return_value = {"some": "data"}
+
+    response = APIClient().get(
+        f"/api/v1.0/documents/{document.id!s}/content/?content_format={content_format}"
+    )
+
+    assert response.status_code == status.HTTP_200_OK
+    data = response.json()
+    assert data["id"] == str(document.id)
+    assert data["title"] == document.title
+    assert data["content"] == {"some": "data"}
+    mock_content.assert_called_once_with(
+        base64.b64decode(document.content), "application/vnd.yjs.doc", accept
+    )
+
+
+@patch("core.services.converter_services.YdocConverter._request")
+def test_api_documents_content_invalid_format(mock_request):
+    """Test that the content endpoint rejects invalid formats."""
+    document = factories.DocumentFactory(link_reach="public")
+
+    response = APIClient().get(
+        f"/api/v1.0/documents/{document.id!s}/content/?content_format=invalid"
+    )
+    assert response.status_code == status.HTTP_400_BAD_REQUEST
+    mock_request.assert_not_called()
+
+
+@patch("core.services.converter_services.YdocConverter._request")
+def test_api_documents_content_yservice_error(mock_request):
+    """Test that service errors are handled properly."""
+    document = factories.DocumentFactory(link_reach="public")
+    mock_request.side_effect = requests.RequestException()
+
+    response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/content/")
+    mock_request.assert_called_once()
+    assert response.status_code == status.HTTP_500_INTERNAL_SERVER_ERROR
+
+
+@patch("core.services.converter_services.YdocConverter._request")
+def test_api_documents_content_nonexistent_document(mock_request):
+    """Test that accessing a nonexistent document returns 404."""
+    client = APIClient()
+    response = client.get(
+        "/api/v1.0/documents/00000000-0000-0000-0000-000000000000/content/"
+    )
+    assert response.status_code == status.HTTP_404_NOT_FOUND
+    mock_request.assert_not_called()
+
+
+@patch("core.services.converter_services.YdocConverter._request")
+def test_api_documents_content_empty_document(mock_request):
+    """Test that accessing an empty document returns empty content."""
+    document = factories.DocumentFactory(link_reach="public", content="")
+
+    response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/content/")
+
+    assert response.status_code == status.HTTP_200_OK
+    data = response.json()
+    assert data["id"] == str(document.id)
+    assert data["title"] == document.title
+    assert data["content"] is None
+    mock_request.assert_not_called()

src/backend/core/tests/documents/test_api_documents_retrieve.py

@@ -36,8 +36,8 @@ def test_api_documents_retrieve_anonymous_public_standalone():
             "children_create": False,
             "children_list": True,
             "collaboration_auth": True,
-            "comment": document.link_role in ["commentator", "editor"],
             "cors_proxy": True,
+            "content": True,
             "descendants": True,
             "destroy": False,
             "duplicate": False,
@@ -46,8 +46,8 @@ def test_api_documents_retrieve_anonymous_public_standalone():
             "invite_owner": False,
             "link_configuration": False,
             "link_select_options": {
-                "authenticated": ["reader", "commentator", "editor"],
-                "public": ["reader", "commentator", "editor"],
+                "authenticated": ["reader", "editor"],
+                "public": ["reader", "editor"],
                 "restricted": None,
             },
             "mask": False,
@@ -112,9 +112,9 @@ def test_api_documents_retrieve_anonymous_public_parent():
             "children_create": False,
             "children_list": True,
             "collaboration_auth": True,
-            "comment": grand_parent.link_role in ["commentator", "editor"],
             "descendants": True,
             "cors_proxy": True,
+            "content": True,
             "destroy": False,
             "duplicate": False,
             # Anonymous user can't favorite a document even with read access
@@ -218,17 +218,17 @@ def test_api_documents_retrieve_authenticated_unrelated_public_or_authenticated(
             "children_create": document.link_role == "editor",
             "children_list": True,
             "collaboration_auth": True,
-            "comment": document.link_role in ["commentator", "editor"],
             "descendants": True,
             "cors_proxy": True,
+            "content": True,
             "destroy": False,
             "duplicate": True,
             "favorite": True,
             "invite_owner": False,
             "link_configuration": False,
             "link_select_options": {
-                "authenticated": ["reader", "commentator", "editor"],
-                "public": ["reader", "commentator", "editor"],
+                "authenticated": ["reader", "editor"],
+                "public": ["reader", "editor"],
                 "restricted": None,
             },
             "mask": True,
@@ -301,9 +301,9 @@ def test_api_documents_retrieve_authenticated_public_or_authenticated_parent(rea
             "children_create": grand_parent.link_role == "editor",
             "children_list": True,
             "collaboration_auth": True,
-            "comment": grand_parent.link_role in ["commentator", "editor"],
             "descendants": True,
             "cors_proxy": True,
+            "content": True,
             "destroy": False,
             "duplicate": True,
             "favorite": True,
@@ -492,13 +492,13 @@ def test_api_documents_retrieve_authenticated_related_parent():
             "ai_transform": access.role != "reader",
             "ai_translate": access.role != "reader",
             "attachment_upload": access.role != "reader",
-            "can_edit": access.role not in ["reader", "commentator"],
+            "can_edit": access.role != "reader",
             "children_create": access.role != "reader",
             "children_list": True,
             "collaboration_auth": True,
-            "comment": access.role != "reader",
             "descendants": True,
             "cors_proxy": True,
+            "content": True,
             "destroy": access.role == "owner",
             "duplicate": True,
             "favorite": True,

src/backend/core/tests/documents/test_api_documents_trashbin.py

@@ -79,17 +79,17 @@ def test_api_documents_trashbin_format():
             "children_create": True,
             "children_list": True,
             "collaboration_auth": True,
-            "comment": True,
-            "cors_proxy": True,
             "descendants": True,
+            "cors_proxy": True,
+            "content": True,
             "destroy": True,
             "duplicate": True,
             "favorite": True,
             "invite_owner": True,
             "link_configuration": True,
             "link_select_options": {
-                "authenticated": ["reader", "commentator", "editor"],
-                "public": ["reader", "commentator", "editor"],
+                "authenticated": ["reader", "editor"],
+                "public": ["reader", "editor"],
                 "restricted": None,
             },
             "mask": True,

src/backend/core/tests/test_models_comment.py

@@ -1,273 +0,0 @@
-"""Test the comment model."""
-
-import random
-
-from django.contrib.auth.models import AnonymousUser
-
-import pytest
-
-from core import factories
-from core.models import LinkReachChoices, LinkRoleChoices, RoleChoices
-
-pytestmark = pytest.mark.django_db
-
-
-@pytest.mark.parametrize(
-    "role,can_comment",
-    [
-        (LinkRoleChoices.READER, False),
-        (LinkRoleChoices.COMMENTATOR, True),
-        (LinkRoleChoices.EDITOR, True),
-    ],
-)
-def test_comment_get_abilities_anonymous_user_public_document(role, can_comment):
-    """Anonymous users cannot comment on a document."""
-    document = factories.DocumentFactory(
-        link_role=role, link_reach=LinkReachChoices.PUBLIC
-    )
-    comment = factories.CommentFactory(document=document)
-    user = AnonymousUser()
-
-    assert comment.get_abilities(user) == {
-        "destroy": False,
-        "update": False,
-        "partial_update": False,
-        "retrieve": can_comment,
-    }
-
-
-@pytest.mark.parametrize(
-    "link_reach", [LinkReachChoices.RESTRICTED, LinkReachChoices.AUTHENTICATED]
-)
-def test_comment_get_abilities_anonymous_user_restricted_document(link_reach):
-    """Anonymous users cannot comment on a restricted document."""
-    document = factories.DocumentFactory(link_reach=link_reach)
-    comment = factories.CommentFactory(document=document)
-    user = AnonymousUser()
-
-    assert comment.get_abilities(user) == {
-        "destroy": False,
-        "update": False,
-        "partial_update": False,
-        "retrieve": False,
-    }
-
-
-@pytest.mark.parametrize(
-    "link_role,link_reach,can_comment",
-    [
-        (LinkRoleChoices.READER, LinkReachChoices.PUBLIC, False),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.PUBLIC, True),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.PUBLIC, True),
-        (LinkRoleChoices.READER, LinkReachChoices.RESTRICTED, False),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.RESTRICTED, False),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.RESTRICTED, False),
-        (LinkRoleChoices.READER, LinkReachChoices.AUTHENTICATED, False),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.AUTHENTICATED, True),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.AUTHENTICATED, True),
-    ],
-)
-def test_comment_get_abilities_user_reader(link_role, link_reach, can_comment):
-    """Readers cannot comment on a document."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_role=link_role, link_reach=link_reach, users=[(user, RoleChoices.READER)]
-    )
-    comment = factories.CommentFactory(document=document)
-
-    assert comment.get_abilities(user) == {
-        "destroy": False,
-        "update": False,
-        "partial_update": False,
-        "retrieve": can_comment,
-    }
-
-
-@pytest.mark.parametrize(
-    "link_role,link_reach,can_comment",
-    [
-        (LinkRoleChoices.READER, LinkReachChoices.PUBLIC, False),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.PUBLIC, True),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.PUBLIC, True),
-        (LinkRoleChoices.READER, LinkReachChoices.RESTRICTED, False),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.RESTRICTED, False),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.RESTRICTED, False),
-        (LinkRoleChoices.READER, LinkReachChoices.AUTHENTICATED, False),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.AUTHENTICATED, True),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.AUTHENTICATED, True),
-    ],
-)
-def test_comment_get_abilities_user_reader_own_comment(
-    link_role, link_reach, can_comment
-):
-    """User with reader role on a document has all accesses to its own comment."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_role=link_role, link_reach=link_reach, users=[(user, RoleChoices.READER)]
-    )
-    comment = factories.CommentFactory(
-        document=document, user=user if can_comment else None
-    )
-
-    assert comment.get_abilities(user) == {
-        "destroy": can_comment,
-        "update": can_comment,
-        "partial_update": can_comment,
-        "retrieve": can_comment,
-    }
-
-
-@pytest.mark.parametrize(
-    "link_role,link_reach",
-    [
-        (LinkRoleChoices.READER, LinkReachChoices.PUBLIC),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.PUBLIC),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.PUBLIC),
-        (LinkRoleChoices.READER, LinkReachChoices.RESTRICTED),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.RESTRICTED),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.RESTRICTED),
-        (LinkRoleChoices.READER, LinkReachChoices.AUTHENTICATED),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.AUTHENTICATED),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.AUTHENTICATED),
-    ],
-)
-def test_comment_get_abilities_user_commentator(link_role, link_reach):
-    """Commentators can comment on a document."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_role=link_role,
-        link_reach=link_reach,
-        users=[(user, RoleChoices.COMMENTATOR)],
-    )
-    comment = factories.CommentFactory(document=document)
-
-    assert comment.get_abilities(user) == {
-        "destroy": False,
-        "update": False,
-        "partial_update": False,
-        "retrieve": True,
-    }
-
-
-@pytest.mark.parametrize(
-    "link_role,link_reach",
-    [
-        (LinkRoleChoices.READER, LinkReachChoices.PUBLIC),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.PUBLIC),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.PUBLIC),
-        (LinkRoleChoices.READER, LinkReachChoices.RESTRICTED),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.RESTRICTED),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.RESTRICTED),
-        (LinkRoleChoices.READER, LinkReachChoices.AUTHENTICATED),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.AUTHENTICATED),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.AUTHENTICATED),
-    ],
-)
-def test_comment_get_abilities_user_commentator_own_comment(link_role, link_reach):
-    """Commentators have all accesses to its own comment."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_role=link_role,
-        link_reach=link_reach,
-        users=[(user, RoleChoices.COMMENTATOR)],
-    )
-    comment = factories.CommentFactory(document=document, user=user)
-
-    assert comment.get_abilities(user) == {
-        "destroy": True,
-        "update": True,
-        "partial_update": True,
-        "retrieve": True,
-    }
-
-
-@pytest.mark.parametrize(
-    "link_role,link_reach",
-    [
-        (LinkRoleChoices.READER, LinkReachChoices.PUBLIC),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.PUBLIC),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.PUBLIC),
-        (LinkRoleChoices.READER, LinkReachChoices.RESTRICTED),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.RESTRICTED),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.RESTRICTED),
-        (LinkRoleChoices.READER, LinkReachChoices.AUTHENTICATED),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.AUTHENTICATED),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.AUTHENTICATED),
-    ],
-)
-def test_comment_get_abilities_user_editor(link_role, link_reach):
-    """Editors can comment on a document."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_role=link_role, link_reach=link_reach, users=[(user, RoleChoices.EDITOR)]
-    )
-    comment = factories.CommentFactory(document=document)
-
-    assert comment.get_abilities(user) == {
-        "destroy": False,
-        "update": False,
-        "partial_update": False,
-        "retrieve": True,
-    }
-
-
-@pytest.mark.parametrize(
-    "link_role,link_reach",
-    [
-        (LinkRoleChoices.READER, LinkReachChoices.PUBLIC),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.PUBLIC),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.PUBLIC),
-        (LinkRoleChoices.READER, LinkReachChoices.RESTRICTED),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.RESTRICTED),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.RESTRICTED),
-        (LinkRoleChoices.READER, LinkReachChoices.AUTHENTICATED),
-        (LinkRoleChoices.COMMENTATOR, LinkReachChoices.AUTHENTICATED),
-        (LinkRoleChoices.EDITOR, LinkReachChoices.AUTHENTICATED),
-    ],
-)
-def test_comment_get_abilities_user_editor_own_comment(link_role, link_reach):
-    """Editors have all accesses to its own comment."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(
-        link_role=link_role, link_reach=link_reach, users=[(user, RoleChoices.EDITOR)]
-    )
-    comment = factories.CommentFactory(document=document, user=user)
-
-    assert comment.get_abilities(user) == {
-        "destroy": True,
-        "update": True,
-        "partial_update": True,
-        "retrieve": True,
-    }
-
-
-def test_comment_get_abilities_user_admin():
-    """Admins have all accesses to a comment."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(users=[(user, RoleChoices.ADMIN)])
-    comment = factories.CommentFactory(
-        document=document, user=random.choice([user, None])
-    )
-
-    assert comment.get_abilities(user) == {
-        "destroy": True,
-        "update": True,
-        "partial_update": True,
-        "retrieve": True,
-    }
-
-
-def test_comment_get_abilities_user_owner():
-    """Owners have all accesses to a comment."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(users=[(user, RoleChoices.OWNER)])
-    comment = factories.CommentFactory(
-        document=document, user=random.choice([user, None])
-    )
-
-    assert comment.get_abilities(user) == {
-        "destroy": True,
-        "update": True,
-        "partial_update": True,
-        "retrieve": True,
-    }

src/backend/core/tests/test_models_document_accesses.py

@@ -123,7 +123,7 @@ def test_models_document_access_get_abilities_for_owner_of_self_allowed():
         "retrieve": True,
         "update": True,
         "partial_update": True,
-        "set_role_to": ["reader", "commentator", "editor", "administrator", "owner"],
+        "set_role_to": ["reader", "editor", "administrator", "owner"],
     }
 
 
@@ -166,7 +166,7 @@ def test_models_document_access_get_abilities_for_owner_of_self_last_on_child(
         "retrieve": True,
         "update": True,
         "partial_update": True,
-        "set_role_to": ["reader", "commentator", "editor", "administrator", "owner"],
+        "set_role_to": ["reader", "editor", "administrator", "owner"],
     }
 
 
@@ -183,7 +183,7 @@ def test_models_document_access_get_abilities_for_owner_of_owner():
         "retrieve": True,
         "update": True,
         "partial_update": True,
-        "set_role_to": ["reader", "commentator", "editor", "administrator", "owner"],
+        "set_role_to": ["reader", "editor", "administrator", "owner"],
     }
 
 
@@ -200,7 +200,7 @@ def test_models_document_access_get_abilities_for_owner_of_administrator():
         "retrieve": True,
         "update": True,
         "partial_update": True,
-        "set_role_to": ["reader", "commentator", "editor", "administrator", "owner"],
+        "set_role_to": ["reader", "editor", "administrator", "owner"],
     }
 
 
@@ -217,7 +217,7 @@ def test_models_document_access_get_abilities_for_owner_of_editor():
         "retrieve": True,
         "update": True,
         "partial_update": True,
-        "set_role_to": ["reader", "commentator", "editor", "administrator", "owner"],
+        "set_role_to": ["reader", "editor", "administrator", "owner"],
     }
 
 
@@ -234,7 +234,7 @@ def test_models_document_access_get_abilities_for_owner_of_reader():
         "retrieve": True,
         "update": True,
         "partial_update": True,
-        "set_role_to": ["reader", "commentator", "editor", "administrator", "owner"],
+        "set_role_to": ["reader", "editor", "administrator", "owner"],
     }
 
 
@@ -271,7 +271,7 @@ def test_models_document_access_get_abilities_for_administrator_of_administrator
         "retrieve": True,
         "update": True,
         "partial_update": True,
-        "set_role_to": ["reader", "commentator", "editor", "administrator"],
+        "set_role_to": ["reader", "editor", "administrator"],
     }
 
 
@@ -288,7 +288,7 @@ def test_models_document_access_get_abilities_for_administrator_of_editor():
         "retrieve": True,
         "update": True,
         "partial_update": True,
-        "set_role_to": ["reader", "commentator", "editor", "administrator"],
+        "set_role_to": ["reader", "editor", "administrator"],
     }
 
 
@@ -305,7 +305,7 @@ def test_models_document_access_get_abilities_for_administrator_of_reader():
         "retrieve": True,
         "update": True,
         "partial_update": True,
-        "set_role_to": ["reader", "commentator", "editor", "administrator"],
+        "set_role_to": ["reader", "editor", "administrator"],
     }
 
 

src/backend/core/tests/test_models_documents.py

@@ -134,13 +134,10 @@ def test_models_documents_soft_delete(depth):
     [
         (True, "restricted", "reader"),
         (True, "restricted", "editor"),
-        (True, "restricted", "commentator"),
         (False, "restricted", "reader"),
         (False, "restricted", "editor"),
-        (False, "restricted", "commentator"),
         (False, "authenticated", "reader"),
         (False, "authenticated", "editor"),
-        (False, "authenticated", "commentator"),
     ],
 )
 def test_models_documents_get_abilities_forbidden(
@@ -164,10 +161,10 @@ def test_models_documents_get_abilities_forbidden(
         "collaboration_auth": False,
         "descendants": False,
         "cors_proxy": False,
+        "content": False,
         "destroy": False,
         "duplicate": False,
         "favorite": False,
-        "comment": False,
         "invite_owner": False,
         "mask": False,
         "media_auth": False,
@@ -175,8 +172,8 @@ def test_models_documents_get_abilities_forbidden(
         "move": False,
         "link_configuration": False,
         "link_select_options": {
-            "authenticated": ["reader", "commentator", "editor"],
-            "public": ["reader", "commentator", "editor"],
+            "authenticated": ["reader", "editor"],
+            "public": ["reader", "editor"],
             "restricted": None,
         },
         "partial_update": False,
@@ -226,86 +223,17 @@ def test_models_documents_get_abilities_reader(
         "children_create": False,
         "children_list": True,
         "collaboration_auth": True,
-        "comment": False,
         "descendants": True,
         "cors_proxy": True,
+        "content": True,
         "destroy": False,
         "duplicate": is_authenticated,
         "favorite": is_authenticated,
         "invite_owner": False,
         "link_configuration": False,
         "link_select_options": {
-            "authenticated": ["reader", "commentator", "editor"],
-            "public": ["reader", "commentator", "editor"],
-            "restricted": None,
-        },
-        "mask": is_authenticated,
-        "media_auth": True,
-        "media_check": True,
-        "move": False,
-        "partial_update": False,
-        "restore": False,
-        "retrieve": True,
-        "tree": True,
-        "update": False,
-        "versions_destroy": False,
-        "versions_list": False,
-        "versions_retrieve": False,
-    }
-    nb_queries = 1 if is_authenticated else 0
-    with django_assert_num_queries(nb_queries):
-        assert document.get_abilities(user) == expected_abilities
-
-    document.soft_delete()
-    document.refresh_from_db()
-    assert all(
-        value is False
-        for key, value in document.get_abilities(user).items()
-        if key not in ["link_select_options", "ancestors_links_definition"]
-    )
-
-
-@override_settings(
-    AI_ALLOW_REACH_FROM=random.choice(["public", "authenticated", "restricted"])
-)
-@pytest.mark.parametrize(
-    "is_authenticated,reach",
-    [
-        (True, "public"),
-        (False, "public"),
-        (True, "authenticated"),
-    ],
-)
-def test_models_documents_get_abilities_commentator(
-    is_authenticated, reach, django_assert_num_queries
-):
-    """
-    Check abilities returned for a document giving commentator role to link holders
-    i.e anonymous users or authenticated users who have no specific role on the document.
-    """
-    document = factories.DocumentFactory(link_reach=reach, link_role="commentator")
-    user = factories.UserFactory() if is_authenticated else AnonymousUser()
-    expected_abilities = {
-        "accesses_manage": False,
-        "accesses_view": False,
-        "ai_transform": False,
-        "ai_translate": False,
-        "attachment_upload": False,
-        "can_edit": False,
-        "children_create": False,
-        "children_list": True,
-        "collaboration_auth": True,
-        "comment": True,
-        "descendants": True,
-        "cors_proxy": True,
-        "destroy": False,
-        "duplicate": is_authenticated,
-        "favorite": is_authenticated,
-        "invite_owner": False,
-        "link_configuration": False,
-        "link_select_options": {
-            "authenticated": ["reader", "commentator", "editor"],
-            "public": ["reader", "commentator", "editor"],
+            "authenticated": ["reader", "editor"],
+            "public": ["reader", "editor"],
             "restricted": None,
         },
         "mask": is_authenticated,
@@ -361,17 +289,17 @@ def test_models_documents_get_abilities_editor(
         "children_create": is_authenticated,
         "children_list": True,
         "collaboration_auth": True,
-        "comment": True,
         "descendants": True,
         "cors_proxy": True,
+        "content": True,
         "destroy": False,
         "duplicate": is_authenticated,
         "favorite": is_authenticated,
         "invite_owner": False,
         "link_configuration": False,
         "link_select_options": {
-            "authenticated": ["reader", "commentator", "editor"],
-            "public": ["reader", "commentator", "editor"],
+            "authenticated": ["reader", "editor"],
+            "public": ["reader", "editor"],
             "restricted": None,
         },
         "mask": is_authenticated,
@@ -416,17 +344,17 @@ def test_models_documents_get_abilities_owner(django_assert_num_queries):
         "children_create": True,
         "children_list": True,
         "collaboration_auth": True,
-        "comment": True,
         "descendants": True,
         "cors_proxy": True,
+        "content": True,
         "destroy": True,
         "duplicate": True,
         "favorite": True,
         "invite_owner": True,
         "link_configuration": True,
         "link_select_options": {
-            "authenticated": ["reader", "commentator", "editor"],
-            "public": ["reader", "commentator", "editor"],
+            "authenticated": ["reader", "editor"],
+            "public": ["reader", "editor"],
             "restricted": None,
         },
         "mask": True,
@@ -468,17 +396,17 @@ def test_models_documents_get_abilities_administrator(django_assert_num_queries)
         "children_create": True,
         "children_list": True,
         "collaboration_auth": True,
-        "comment": True,
         "descendants": True,
         "cors_proxy": True,
+        "content": True,
         "destroy": False,
         "duplicate": True,
         "favorite": True,
         "invite_owner": False,
         "link_configuration": True,
         "link_select_options": {
-            "authenticated": ["reader", "commentator", "editor"],
-            "public": ["reader", "commentator", "editor"],
+            "authenticated": ["reader", "editor"],
+            "public": ["reader", "editor"],
             "restricted": None,
         },
         "mask": True,
@@ -523,17 +451,17 @@ def test_models_documents_get_abilities_editor_user(django_assert_num_queries):
         "children_create": True,
         "children_list": True,
         "collaboration_auth": True,
-        "comment": True,
         "descendants": True,
         "cors_proxy": True,
+        "content": True,
         "destroy": False,
         "duplicate": True,
         "favorite": True,
         "invite_owner": False,
         "link_configuration": False,
         "link_select_options": {
-            "authenticated": ["reader", "commentator", "editor"],
-            "public": ["reader", "commentator", "editor"],
+            "authenticated": ["reader", "editor"],
+            "public": ["reader", "editor"],
             "restricted": None,
         },
         "mask": True,
@@ -585,82 +513,17 @@ def test_models_documents_get_abilities_reader_user(
         "children_create": access_from_link,
         "children_list": True,
         "collaboration_auth": True,
-        "comment": document.link_reach != "restricted"
-        and document.link_role in ["commentator", "editor"],
         "descendants": True,
         "cors_proxy": True,
+        "content": True,
         "destroy": False,
         "duplicate": True,
         "favorite": True,
         "invite_owner": False,
         "link_configuration": False,
         "link_select_options": {
-            "authenticated": ["reader", "commentator", "editor"],
-            "public": ["reader", "commentator", "editor"],
-            "restricted": None,
-        },
-        "mask": True,
-        "media_auth": True,
-        "media_check": True,
-        "move": False,
-        "partial_update": access_from_link,
-        "restore": False,
-        "retrieve": True,
-        "tree": True,
-        "update": access_from_link,
-        "versions_destroy": False,
-        "versions_list": True,
-        "versions_retrieve": True,
-    }
-
-    with override_settings(AI_ALLOW_REACH_FROM=ai_access_setting):
-        with django_assert_num_queries(1):
-            assert document.get_abilities(user) == expected_abilities
-
-        document.soft_delete()
-        document.refresh_from_db()
-        assert all(
-            value is False
-            for key, value in document.get_abilities(user).items()
-            if key not in ["link_select_options", "ancestors_links_definition"]
-        )
-
-
-@pytest.mark.parametrize("ai_access_setting", ["public", "authenticated", "restricted"])
-def test_models_documents_get_abilities_commentator_user(
-    ai_access_setting, django_assert_num_queries
-):
-    """Check abilities returned for the commentator of a document."""
-    user = factories.UserFactory()
-    document = factories.DocumentFactory(users=[(user, "commentator")])
-
-    access_from_link = (
-        document.link_reach != "restricted" and document.link_role == "editor"
-    )
-
-    expected_abilities = {
-        "accesses_manage": False,
-        "accesses_view": True,
-        # If you get your editor rights from the link role and not your access role
-        # You should not access AI if it's restricted to users with specific access
-        "ai_transform": access_from_link and ai_access_setting != "restricted",
-        "ai_translate": access_from_link and ai_access_setting != "restricted",
-        "attachment_upload": access_from_link,
-        "can_edit": access_from_link,
-        "children_create": access_from_link,
-        "children_list": True,
-        "collaboration_auth": True,
-        "comment": True,
-        "descendants": True,
-        "cors_proxy": True,
-        "destroy": False,
-        "duplicate": True,
-        "favorite": True,
-        "invite_owner": False,
-        "link_configuration": False,
-        "link_select_options": {
-            "authenticated": ["reader", "commentator", "editor"],
-            "public": ["reader", "commentator", "editor"],
+            "authenticated": ["reader", "editor"],
+            "public": ["reader", "editor"],
             "restricted": None,
         },
         "mask": True,
@@ -710,17 +573,17 @@ def test_models_documents_get_abilities_preset_role(django_assert_num_queries):
         "children_create": False,
         "children_list": True,
         "collaboration_auth": True,
-        "comment": False,
         "descendants": True,
         "cors_proxy": True,
+        "content": True,
         "destroy": False,
         "duplicate": True,
         "favorite": True,
         "invite_owner": False,
         "link_configuration": False,
         "link_select_options": {
-            "authenticated": ["reader", "commentator", "editor"],
-            "public": ["reader", "commentator", "editor"],
+            "authenticated": ["reader", "editor"],
+            "public": ["reader", "editor"],
             "restricted": None,
         },
         "mask": True,
@@ -1343,14 +1206,7 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries):
             "public",
             "reader",
             {
-                "public": ["reader", "commentator", "editor"],
-            },
-        ),
-        (
-            "public",
-            "commentator",
-            {
-                "public": ["commentator", "editor"],
+                "public": ["reader", "editor"],
             },
         ),
         ("public", "editor", {"public": ["editor"]}),
@@ -1358,16 +1214,8 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries):
             "authenticated",
             "reader",
             {
-                "authenticated": ["reader", "commentator", "editor"],
-                "public": ["reader", "commentator", "editor"],
-            },
-        ),
-        (
-            "authenticated",
-            "commentator",
-            {
-                "authenticated": ["commentator", "editor"],
-                "public": ["commentator", "editor"],
+                "authenticated": ["reader", "editor"],
+                "public": ["reader", "editor"],
             },
         ),
         (
@@ -1380,17 +1228,8 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries):
             "reader",
             {
                 "restricted": None,
-                "authenticated": ["reader", "commentator", "editor"],
-                "public": ["reader", "commentator", "editor"],
-            },
-        ),
-        (
-            "restricted",
-            "commentator",
-            {
-                "restricted": None,
-                "authenticated": ["commentator", "editor"],
-                "public": ["commentator", "editor"],
+                "authenticated": ["reader", "editor"],
+                "public": ["reader", "editor"],
             },
         ),
         (
@@ -1407,15 +1246,15 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries):
             "public",
             None,
             {
-                "public": ["reader", "commentator", "editor"],
+                "public": ["reader", "editor"],
             },
         ),
         (
             None,
             "reader",
             {
-                "public": ["reader", "commentator", "editor"],
-                "authenticated": ["reader", "commentator", "editor"],
+                "public": ["reader", "editor"],
+                "authenticated": ["reader", "editor"],
                 "restricted": None,
             },
         ),
@@ -1423,8 +1262,8 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries):
             None,
             None,
             {
-                "public": ["reader", "commentator", "editor"],
-                "authenticated": ["reader", "commentator", "editor"],
+                "public": ["reader", "editor"],
+                "authenticated": ["reader", "editor"],
                 "restricted": None,
             },
         ),

src/backend/core/tests/test_services_converter_services.py

@@ -1,4 +1,4 @@
-"""Test converter services."""
+"""Test y-provider services."""
 
 from base64 import b64decode
 from unittest.mock import MagicMock, patch
@@ -84,6 +84,42 @@ def test_convert_full_integration(mock_post, settings):
         headers={
             "Authorization": "Bearer test-key",
             "Content-Type": "text/markdown",
+            "Accept": "application/vnd.yjs.doc",
+        },
+        timeout=5,
+        verify=False,
+    )
+
+
+@patch("requests.post")
+def test_convert_full_integration_with_specific_headers(mock_post, settings):
+    """Test successful conversion with specific content type and accept headers."""
+    settings.Y_PROVIDER_API_BASE_URL = "http://test.com/"
+    settings.Y_PROVIDER_API_KEY = "test-key"
+    settings.CONVERSION_API_ENDPOINT = "conversion-endpoint"
+    settings.CONVERSION_API_TIMEOUT = 5
+    settings.CONVERSION_API_SECURE = False
+
+    converter = YdocConverter()
+
+    expected_response = "# Test Document\n\nThis is test content."
+    mock_response = MagicMock()
+    mock_response.text = expected_response
+    mock_response.raise_for_status.return_value = None
+    mock_post.return_value = mock_response
+
+    result = converter.convert(
+        b"test_content", "application/vnd.yjs.doc", "text/markdown"
+    )
+
+    assert result == expected_response
+    mock_post.assert_called_once_with(
+        "http://test.com/conversion-endpoint/",
+        data=b"test_content",
+        headers={
+            "Authorization": "Bearer test-key",
+            "Content-Type": "application/vnd.yjs.doc",
+            "Accept": "text/markdown",
         },
         timeout=5,
         verify=False,

src/backend/core/urls.py

@@ -26,11 +26,7 @@ document_related_router.register(
     viewsets.InvitationViewset,
     basename="invitations",
 )
-document_related_router.register(
-    "comments",
-    viewsets.CommentViewSet,
-    basename="comments",
-)
+
 document_related_router.register(
     "ask-for-access",
     viewsets.DocumentAskForAccessViewSet,

src/backend/impress/settings.py

@@ -16,6 +16,7 @@ from socket import gethostbyname, gethostname
 
 from django.utils.translation import gettext_lazy as _
 
+import dj_database_url
 import sentry_sdk
 from configurations import Configuration, values
 from csp.constants import NONE
@@ -78,7 +79,9 @@ class Base(Configuration):
 
     # Database
     DATABASES = {
-        "default": {
+        "default": dj_database_url.config()
+        if os.environ.get("DATABASE_URL")
+        else {
             "ENGINE": values.Value(
                 "django.db.backends.postgresql",
                 environ_name="DB_ENGINE",

src/backend/pyproject.toml

@@ -29,6 +29,7 @@ dependencies = [
     "boto3==1.39.4",
     "Brotli==1.1.0",
     "celery[redis]==5.5.3",
+    "dj-database-url==2.3.0",
     "django-configurations==2.5.1",
     "django-cors-headers==4.7.0",
     "django-countries==7.6.1",

src/frontend/apps/e2e/__tests__/app-impress/config.spec.ts

@@ -43,9 +43,7 @@ test.describe('Config', () => {
       path.join(__dirname, 'assets/logo-suite-numerique.png'),
     );
 
-    const image = page
-      .locator('.--docs--editor-container img.bn-visual-media')
-      .first();
+    const image = page.getByRole('img', { name: 'logo-suite-numerique.png' });
 
     await expect(image).toBeVisible();
 

src/frontend/apps/e2e/__tests__/app-impress/doc-editor.spec.ts

@@ -93,7 +93,7 @@ test.describe('Doc Editor', () => {
 
     await page.getByRole('button', { name: 'Share' }).click();
 
-    const selectVisibility = page.getByTestId('doc-visibility');
+    const selectVisibility = page.getByLabel('Visibility', { exact: true });
 
     // When the visibility is changed, the ws should close the connection (backend signal)
     const wsClosePromise = webSocket.waitForEvent('close');
@@ -272,9 +272,7 @@ test.describe('Doc Editor', () => {
       path.join(__dirname, 'assets/logo-suite-numerique.png'),
     );
 
-    const image = page
-      .locator('.--docs--editor-container img.bn-visual-media')
-      .first();
+    const image = page.getByRole('img', { name: 'logo-suite-numerique.png' });
 
     await expect(image).toBeVisible();
 
@@ -286,11 +284,6 @@ test.describe('Doc Editor', () => {
     expect(await image.getAttribute('src')).toMatch(
       /http:\/\/localhost:8083\/media\/.*\/attachments\/.*.png/,
     );
-
-    await expect(image).toHaveAttribute('role', 'presentation');
-    await expect(image).toHaveAttribute('alt', '');
-    await expect(image).toHaveAttribute('tabindex', '-1');
-    await expect(image).toHaveAttribute('aria-hidden', 'true');
   });
 
   test('it checks the AI buttons', async ({ page, browserName }) => {
@@ -568,7 +561,7 @@ test.describe('Doc Editor', () => {
 
     await page.getByRole('button', { name: 'Share' }).click();
 
-    await page.getByTestId('doc-visibility').click();
+    await page.getByLabel('Visibility', { exact: true }).click();
 
     await page
       .getByRole('menuitem', {
@@ -580,7 +573,7 @@ test.describe('Doc Editor', () => {
       page.getByText('The document visibility has been updated.'),
     ).toBeVisible();
 
-    await page.getByTestId('doc-access-mode').click();
+    await page.getByLabel('Visibility mode').click();
     await page.getByRole('menuitem', { name: 'Editing' }).click();
 
     // Close the modal
@@ -662,7 +655,7 @@ test.describe('Doc Editor', () => {
 
     await page.getByRole('button', { name: 'Share' }).click();
 
-    await page.getByTestId('doc-access-mode').click();
+    await page.getByLabel('Visibility mode').click();
     await page.getByRole('menuitem', { name: 'Reading' }).click();
 
     // Close the modal

src/frontend/apps/e2e/__tests__/app-impress/doc-export.spec.ts

@@ -122,9 +122,7 @@ test.describe('Doc Export', () => {
     const fileChooser = await fileChooserPromise;
     await fileChooser.setFiles(path.join(__dirname, 'assets/test.svg'));
 
-    const image = page
-      .locator('.--docs--editor-container img.bn-visual-media')
-      .first();
+    const image = page.getByRole('img', { name: 'test.svg' });
 
     await expect(image).toBeVisible();
 
@@ -184,9 +182,7 @@ test.describe('Doc Export', () => {
     const fileChooser = await fileChooserPromise;
     await fileChooser.setFiles(path.join(__dirname, 'assets/test.svg'));
 
-    const image = page
-      .locator('.--docs--editor-container img.bn-visual-media')
-      .first();
+    const image = page.getByRole('img', { name: 'test.svg' });
 
     await expect(image).toBeVisible();
 

src/frontend/apps/e2e/__tests__/app-impress/doc-header.spec.ts

@@ -30,7 +30,7 @@ test.describe('Doc Header', () => {
 
     await page.getByRole('button', { name: 'Share' }).click();
 
-    await page.getByTestId('doc-visibility').click();
+    await page.getByLabel('Visibility', { exact: true }).click();
 
     await page
       .getByRole('menuitem', {

src/frontend/apps/e2e/__tests__/app-impress/doc-tree.spec.ts

@@ -259,10 +259,6 @@ test.describe('Doc Tree: Inheritance', () => {
   test.use({ storageState: { cookies: [], origins: [] } });
 
   test('A child inherit from the parent', async ({ page, browserName }) => {
-    // test.slow() to extend timeout since this scenario chains Keycloak login + redirects,
-    // doc creation/navigation and async doc-tree loading (/documents/:id/tree), which can exceed 30s (especially in CI).
-    test.slow();
-
     await page.goto('/');
     await keyCloakSignIn(page, browserName);
 
@@ -275,7 +271,7 @@ test.describe('Doc Tree: Inheritance', () => {
     await verifyDocName(page, docParent);
 
     await page.getByRole('button', { name: 'Share' }).click();
-    const selectVisibility = page.getByTestId('doc-visibility');
+    const selectVisibility = page.getByLabel('Visibility', { exact: true });
     await selectVisibility.click();
 
     await page
@@ -311,7 +307,6 @@ test.describe('Doc Tree: Inheritance', () => {
     await expect(page.locator('h2').getByText(docChild)).toBeVisible();
 
     const docTree = page.getByTestId('doc-tree');
-    await expect(docTree).toBeVisible({ timeout: 10000 });
     await expect(docTree.getByText(docParent)).toBeVisible();
   });
 });

src/frontend/apps/e2e/__tests__/app-impress/doc-visibility.spec.ts

@@ -41,7 +41,7 @@ test.describe('Doc Visibility', () => {
 
     await page.getByRole('button', { name: 'Share' }).click();
 
-    const selectVisibility = page.getByTestId('doc-visibility');
+    const selectVisibility = page.getByLabel('Visibility', { exact: true });
 
     await expect(selectVisibility.getByText('Private')).toBeVisible();
 
@@ -51,13 +51,13 @@ test.describe('Doc Visibility', () => {
     await selectVisibility.click();
     await page.getByLabel('Connected').click();
 
-    await expect(page.getByTestId('doc-access-mode')).toBeVisible();
+    await expect(page.getByLabel('Visibility mode')).toBeVisible();
 
     await selectVisibility.click();
 
     await page.getByLabel('Public', { exact: true }).click();
 
-    await expect(page.getByTestId('doc-access-mode')).toBeVisible();
+    await expect(page.getByLabel('Visibility mode')).toBeVisible();
   });
 });
 
@@ -205,7 +205,7 @@ test.describe('Doc Visibility: Public', () => {
     await verifyDocName(page, docTitle);
 
     await page.getByRole('button', { name: 'Share' }).click();
-    const selectVisibility = page.getByTestId('doc-visibility');
+    const selectVisibility = page.getByLabel('Visibility', { exact: true });
     await selectVisibility.click();
 
     await page
@@ -218,8 +218,8 @@ test.describe('Doc Visibility: Public', () => {
       page.getByText('The document visibility has been updated.'),
     ).toBeVisible();
 
-    await expect(page.getByTestId('doc-access-mode')).toBeVisible();
-    await page.getByTestId('doc-access-mode').click();
+    await expect(page.getByLabel('Visibility mode')).toBeVisible();
+    await page.getByLabel('Visibility mode').click();
     await page
       .getByRole('menuitem', {
         name: 'Reading',
@@ -289,7 +289,7 @@ test.describe('Doc Visibility: Public', () => {
     await verifyDocName(page, docTitle);
 
     await page.getByRole('button', { name: 'Share' }).click();
-    const selectVisibility = page.getByTestId('doc-visibility');
+    const selectVisibility = page.getByLabel('Visibility', { exact: true });
     await selectVisibility.click();
 
     await page
@@ -302,7 +302,7 @@ test.describe('Doc Visibility: Public', () => {
       page.getByText('The document visibility has been updated.'),
     ).toBeVisible();
 
-    await page.getByTestId('doc-access-mode').click();
+    await page.getByLabel('Visibility mode').click();
     await page.getByLabel('Editing').click();
 
     await expect(
@@ -358,7 +358,7 @@ test.describe('Doc Visibility: Authenticated', () => {
     await verifyDocName(page, docTitle);
 
     await page.getByRole('button', { name: 'Share' }).click();
-    const selectVisibility = page.getByTestId('doc-visibility');
+    const selectVisibility = page.getByLabel('Visibility', { exact: true });
     await selectVisibility.click();
     await page
       .getByRole('menuitem', {
@@ -410,7 +410,7 @@ test.describe('Doc Visibility: Authenticated', () => {
     await verifyDocName(page, docTitle);
 
     await page.getByRole('button', { name: 'Share' }).click();
-    const selectVisibility = page.getByTestId('doc-visibility');
+    const selectVisibility = page.getByLabel('Visibility', { exact: true });
     await selectVisibility.click();
     await page
       .getByRole('menuitem', {
@@ -495,7 +495,6 @@ test.describe('Doc Visibility: Authenticated', () => {
     page,
     browserName,
   }) => {
-    test.slow();
     await page.goto('/');
     await keyCloakSignIn(page, browserName);
 
@@ -509,7 +508,7 @@ test.describe('Doc Visibility: Authenticated', () => {
     await verifyDocName(page, docTitle);
 
     await page.getByRole('button', { name: 'Share' }).click();
-    const selectVisibility = page.getByTestId('doc-visibility');
+    const selectVisibility = page.getByLabel('Visibility', { exact: true });
     await selectVisibility.click();
     await page
       .getByRole('menuitem', {
@@ -522,7 +521,7 @@ test.describe('Doc Visibility: Authenticated', () => {
     ).toBeVisible();
 
     const urlDoc = page.url();
-    await page.getByTestId('doc-access-mode').click();
+    await page.getByLabel('Visibility mode').click();
     await page.getByLabel('Editing').click();
 
     await expect(
@@ -540,17 +539,13 @@ test.describe('Doc Visibility: Authenticated', () => {
     const otherBrowser = BROWSERS.find((b) => b !== browserName);
     await keyCloakSignIn(page, otherBrowser!);
 
-    await expect(page.getByTestId('header-logo-link')).toBeVisible({
-      timeout: 10000,
-    });
+    await expect(page.getByTestId('header-logo-link')).toBeVisible();
 
     await page.goto(urlDoc);
 
     await verifyDocName(page, docTitle);
     await page.getByRole('button', { name: 'Share' }).click();
     await page.getByRole('button', { name: 'Copy link' }).click();
-    await expect(page.getByText('Link Copied !')).toBeVisible({
-      timeout: 10000,
-    });
+    await expect(page.getByText('Link Copied !')).toBeVisible();
   });
 });

src/frontend/apps/e2e/__tests__/app-impress/utils-share.ts

@@ -45,7 +45,7 @@ export const updateShareLink = async (
   linkReach: LinkReach,
   linkRole?: LinkRole | null,
 ) => {
-  await page.getByTestId('doc-visibility').click();
+  await page.getByRole('button', { name: 'Visibility', exact: true }).click();
   await page.getByRole('menuitem', { name: linkReach }).click();
 
   const visibilityUpdatedText = page
@@ -55,7 +55,9 @@ export const updateShareLink = async (
   await expect(visibilityUpdatedText).toBeVisible();
 
   if (linkRole) {
-    await page.getByTestId('doc-access-mode').click();
+    await page
+      .getByRole('button', { name: 'Visibility mode', exact: true })
+      .click();
     await page.getByRole('menuitem', { name: linkRole }).click();
     await expect(visibilityUpdatedText).toBeVisible();
   }

src/frontend/apps/impress/src/components/DropButton.tsx

@@ -48,7 +48,6 @@ export interface DropButtonProps {
   isOpen?: boolean;
   onOpenChange?: (isOpen: boolean) => void;
   label?: string;
-  testId?: string;
 }
 
 export const DropButton = ({
@@ -58,7 +57,6 @@ export const DropButton = ({
   onOpenChange,
   children,
   label,
-  testId,
 }: PropsWithChildren<DropButtonProps>) => {
   const { themeTokens } = useCunninghamTheme();
   const font = themeTokens['font']?.['families']['base'];
@@ -81,7 +79,6 @@ export const DropButton = ({
         ref={triggerRef}
         onPress={() => onOpenChangeHandler(true)}
         aria-label={label}
-        data-testid={testId}
         $css={css`
           font-family: ${font};
           ${buttonCss};

src/frontend/apps/impress/src/components/dropdown-menu/DropdownMenu.tsx

@@ -38,7 +38,6 @@ export type DropdownMenuProps = {
   topMessage?: string;
   selectedValues?: string[];
   afterOpenChange?: (isOpen: boolean) => void;
-  testId?: string;
 };
 
 export const DropdownMenu = ({
@@ -53,7 +52,6 @@ export const DropdownMenu = ({
   topMessage,
   afterOpenChange,
   selectedValues,
-  testId,
 }: PropsWithChildren<DropdownMenuProps>) => {
   const { spacingsTokens, colorsTokens } = useCunninghamTheme();
   const [isOpen, setIsOpen] = useState(opened ?? false);
@@ -102,7 +100,6 @@ export const DropdownMenu = ({
       onOpenChange={onOpenChange}
       label={label}
       buttonCss={buttonCss}
-      testId={testId}
       button={
         showArrow ? (
           <Box

src/frontend/apps/impress/src/components/quick-search/QuickSearchInput.tsx

@@ -46,9 +46,7 @@ export const QuickSearchInput = ({
         $gap={spacingsTokens['2xs']}
         $padding={{ horizontal: 'base', vertical: 'sm' }}
       >
-        {!loading && (
-          <Icon iconName="search" $variation="600" aria-hidden="true" />
-        )}
+        {!loading && <Icon iconName="search" $variation="600" />}
         {loading && (
           <div>
             <Loader size="small" />

src/frontend/apps/impress/src/features/docs/doc-editor/components/BlockNoteEditor.tsx

@@ -33,11 +33,7 @@ import { randomColor } from '../utils';
 
 import { BlockNoteSuggestionMenu } from './BlockNoteSuggestionMenu';
 import { BlockNoteToolbar } from './BlockNoteToolBar/BlockNoteToolbar';
-import {
-  AccessibleImageBlock,
-  CalloutBlock,
-  DividerBlock,
-} from './custom-blocks';
+import { CalloutBlock, DividerBlock } from './custom-blocks';
 import {
   InterlinkingLinkInlineContent,
   InterlinkingSearchInlineContent,
@@ -54,7 +50,6 @@ const baseBlockNoteSchema = withPageBreak(
       ...defaultBlockSpecs,
       callout: CalloutBlock,
       divider: DividerBlock,
-      image: AccessibleImageBlock,
     },
     inlineContentSpecs: {
       ...defaultInlineContentSpecs,

src/frontend/apps/impress/src/features/docs/doc-editor/components/DocEditor.tsx

@@ -119,11 +119,7 @@ export const DocVersionEditor = ({
           causes={error.cause}
           icon={
             error.status === 502 ? (
-              <Text
-                className="material-icons"
-                $theme="danger"
-                aria-hidden={true}
-              >
+              <Text className="material-icons" $theme="danger">
                 wifi_off
               </Text>
             ) : undefined

src/frontend/apps/impress/src/features/docs/doc-editor/components/custom-blocks/AccessibleImageBlock.tsx

@@ -1,43 +0,0 @@
-import {
-  BlockFromConfig,
-  BlockNoteEditor,
-  BlockSchemaWithBlock,
-  InlineContentSchema,
-  StyleSchema,
-  createBlockSpec,
-  imageBlockConfig,
-  imageParse,
-  imageRender,
-  imageToExternalHTML,
-} from '@blocknote/core';
-
-type ImageBlockConfig = typeof imageBlockConfig;
-
-export const accessibleImageRender = (
-  block: BlockFromConfig<ImageBlockConfig, InlineContentSchema, StyleSchema>,
-  editor: BlockNoteEditor<
-    BlockSchemaWithBlock<ImageBlockConfig['type'], ImageBlockConfig>,
-    InlineContentSchema,
-    StyleSchema
-  >,
-) => {
-  const imageRenderComputed = imageRender(block, editor);
-  const dom = imageRenderComputed.dom;
-  const imgSelector = dom.querySelector('img');
-
-  imgSelector?.setAttribute('alt', '');
-  imgSelector?.setAttribute('role', 'presentation');
-  imgSelector?.setAttribute('aria-hidden', 'true');
-  imgSelector?.setAttribute('tabindex', '-1');
-
-  return {
-    ...imageRenderComputed,
-    dom,
-  };
-};
-
-export const AccessibleImageBlock = createBlockSpec(imageBlockConfig, {
-  render: accessibleImageRender,
-  parse: imageParse,
-  toExternalHTML: imageToExternalHTML,
-});

src/frontend/apps/impress/src/features/docs/doc-editor/components/custom-blocks/index.ts

@@ -1,3 +1,2 @@
-export * from './AccessibleImageBlock';
 export * from './CalloutBlock';
 export * from './DividerBlock';

src/frontend/apps/impress/src/features/docs/doc-share/components/DocShareModalFooter.tsx

@@ -39,11 +39,7 @@ export const DocShareModalFooter = ({
           fullWidth={false}
           onClick={copyDocLink}
           color="tertiary"
-          icon={
-            <span className="material-icons" aria-hidden={true}>
-              add_link
-            </span>
-          }
+          icon={<span className="material-icons">add_link</span>}
         >
           {t('Copy link')}
         </Button>

src/frontend/apps/impress/src/features/docs/doc-share/components/DocVisibility.tsx

@@ -129,8 +129,7 @@ export const DocVisibility = ({ doc }: DocVisibilityProps) => {
           $gap={canManage ? spacingsTokens['3xs'] : spacingsTokens['base']}
         >
           <DropdownMenu
-            testId="doc-visibility"
-            label={t('Document visibility')}
+            label={t('Visibility')}
             arrowCss={css`
               color: ${colorsTokens['primary-800']} !important;
             `}
@@ -171,7 +170,6 @@ export const DocVisibility = ({ doc }: DocVisibilityProps) => {
           <Box $direction="row" $align="center" $gap={spacingsTokens['3xs']}>
             {docLinkReach !== LinkReach.RESTRICTED && (
               <DropdownMenu
-                testId="doc-access-mode"
                 disabled={!canManage}
                 showArrow={true}
                 options={linkRoleOptions}
@@ -182,7 +180,7 @@ export const DocVisibility = ({ doc }: DocVisibilityProps) => {
                       )
                     : undefined
                 }
-                label={t('Document access mode')}
+                label={t('Visibility mode')}
               >
                 <Text $weight="initial" $variation="600">
                   {linkModeTranslations[docLinkRole]}

src/frontend/apps/impress/src/i18n/translations.json

@@ -152,8 +152,6 @@
       "Version restored successfully": "Stumm assavet gant berzh",
       "Visibility": "Gwelusted",
       "Visibility mode": "Mod gwelusted",
-      "Document visibility": "Gwelusted an teul",
-      "Document access mode": "Mod aotreet an teul",
       "Warning": "Diwallit",
       "Why you can't edit the document?": "Perak ne c'hellit ket aozañ ar restr?",
       "Write": "Skrivañ"
@@ -356,8 +354,6 @@
       "Version restored successfully": "Version erfolgreich wiederhergestellt",
       "Visibility": "Sichtbarkeit",
       "Visibility mode": "Sichtbarkeitseinstellungen",
-      "Document visibility": "Dokumentensichtbarkeit",
-      "Document access mode": "Dokumentenzugriffsmodus",
       "Warning": "Warnung",
       "Why you can't edit the document?": "Warum können Sie dieses Dokument nicht bearbeiten?",
       "Write": "Schreiben",
@@ -565,8 +561,6 @@
       "Version restored successfully": "Versión restaurada con éxito",
       "Visibility": "Visibilidad",
       "Visibility mode": "Modo de visibilidad",
-      "Document visibility": "Visibilidad del documento",
-      "Document access mode": "Modo de acceso al documento",
       "Warning": "Aviso",
       "Write": "Escribe",
       "You are the sole owner of this group, make another member the group owner before you can change your own role or be removed from your document.": "Eres el único propietario de este grupo, haz que otro miembro sea el propietario del grupo para poder cambiar tu propio rol o ser eliminado del documento.",
@@ -798,8 +792,6 @@
       "Version restored successfully": "Version restaurée avec succès",
       "Visibility": "Visibilité",
       "Visibility mode": "Mode de visibilité",
-      "Document visibility": "Visibilité du document",
-      "Document access mode": "Mode d'accès au document",
       "Warning": "Attention",
       "Why you can't edit the document?": "Pourquoi vous ne pouvez pas modifier le document ?",
       "Write": "Écrire",
@@ -959,8 +951,6 @@
       "Version restored successfully": "Revisione ripristinata correttamente",
       "Visibility": "Visibilità",
       "Visibility mode": "Modalità visibilità",
-      "Document visibility": "Visibilità del documento",
-      "Document access mode": "Modalità di accesso al documento",
       "Warning": "Attenzione",
       "Write": "Scrivi",
       "You are the sole owner of this group, make another member the group owner before you can change your own role or be removed from your document.": "Sei l'unico proprietario di questo gruppo, devi nominare proprietario un altro membro del gruppo prima di poter cambiare il proprio ruolo o di essere rimosso dal documento.",
@@ -1138,8 +1128,6 @@
       "Version restored successfully": "Versie teruggezet",
       "Visibility": "Zichtbaarheid",
       "Visibility mode": "Zichtbaarheid modus",
-      "Document visibility": "Document zichtbaarheid",
-      "Document access mode": "Document toegangsmodus",
       "Warning": "Waarschuwing",
       "Write": "Schrijf",
       "You are the sole owner of this group, make another member the group owner before you can change your own role or be removed from your document.": "U bent de enige eigenaar van deze groep, maak een ander lid de groepseigenaar voordat u uw eigen rol kunt wijzigen of kan worden verwijderd van het document.",
@@ -1427,8 +1415,6 @@
       "Version restored successfully": "已成功还原版本",
       "Visibility": "可见性",
       "Visibility mode": "可见模式",
-      "Document visibility": "文档可见性",
-      "Document access mode": "文档访问模式",
       "Warning": "警告",
       "Write": "写入",
       "You are the sole owner of this group, make another member the group owner before you can change your own role or be removed from your document.": "您是当前群组唯一所有者，需先指定另一管理员，才能更改自身角色或退出文档。",

src/frontend/package.json

@@ -19,6 +19,7 @@
     "app:build": "yarn APP_IMPRESS run build",
     "app:test": "yarn APP_IMPRESS run test",
     "ci:build": "yarn APP_IMPRESS run build:ci",
+    "build": "yarn APP_IMPRESS run build && yarn COLLABORATION_SERVER run build",
     "e2e:test": "yarn APP_E2E run test",
     "lint": "yarn APP_IMPRESS run lint && yarn APP_E2E run lint && yarn workspace eslint-config-impress run lint && yarn I18N run lint && yarn COLLABORATION_SERVER run lint",
     "i18n:extract": "yarn I18N run extract-translation",

src/frontend/servers/y-provider/__tests__/convert.test.ts

@@ -18,6 +18,9 @@ import {
   COLLABORATION_SERVER_ORIGIN as origin,
 } from '../src/env';
 
+const expectedMarkdown = '# Example document\n\nLorem ipsum dolor sit amet.';
+const expectedHTML =
+  '<h1>Example document</h1><p>Lorem ipsum dolor sit amet.</p>';
 const expectedBlocks = [
   {
     children: [],
@@ -121,23 +124,43 @@ describe('Server Tests', () => {
     });
   });
 
+  test('POST /api/convert with unsupported Content-Type returns 415', async () => {
+    const app = initApp();
+    const response = await request(app)
+      .post('/api/convert')
+      .set('origin', origin)
+      .set('authorization', apiKey)
+      .set('content-type', 'image/png')
+      .send('randomdata');
+    expect(response.status).toBe(415);
+    expect(response.body).toStrictEqual({ error: 'Unsupported Content-Type' });
+  });
+
+  test('POST /api/convert with unsupported Accept returns 406', async () => {
+    const app = initApp();
+    const response = await request(app)
+      .post('/api/convert')
+      .set('origin', origin)
+      .set('authorization', apiKey)
+      .set('content-type', 'text/markdown')
+      .set('accept', 'image/png')
+      .send('# Header');
+    expect(response.status).toBe(406);
+    expect(response.body).toStrictEqual({ error: 'Unsupported format' });
+  });
+
   test.each([[apiKey], [`Bearer ${apiKey}`]])(
     'POST /api/convert with correct content with Authorization: %s',
     async (authHeader) => {
       const app = initApp();
 
-      const document = [
-        '# Example document',
-        '',
-        'Lorem ipsum dolor sit amet.',
-        '',
-      ].join('\n');
-
       const response = await request(app)
         .post('/api/convert')
         .set('Origin', origin)
         .set('Authorization', authHeader)
-        .send(document);
+        .set('content-type', 'text/markdown')
+        .set('accept', 'application/vnd.yjs.doc')
+        .send(expectedMarkdown);
 
       expect(response.status).toBe(200);
       expect(response.body).toBeInstanceOf(Buffer);
@@ -150,4 +173,95 @@ describe('Server Tests', () => {
       expect(blocks).toStrictEqual(expectedBlocks);
     },
   );
+
+  test('POST /api/convert Yjs to HTML', async () => {
+    const app = initApp();
+    const editor = ServerBlockNoteEditor.create();
+    const blocks = await editor.tryParseMarkdownToBlocks(expectedMarkdown);
+    const yDocument = editor.blocksToYDoc(blocks, 'document-store');
+    const yjsUpdate = Y.encodeStateAsUpdate(yDocument);
+    const response = await request(app)
+      .post('/api/convert')
+      .set('origin', origin)
+      .set('authorization', apiKey)
+      .set('content-type', 'application/vnd.yjs.doc')
+      .set('accept', 'text/html')
+      .send(Buffer.from(yjsUpdate));
+    expect(response.status).toBe(200);
+    expect(response.header['content-type']).toBe('text/html; charset=utf-8');
+    expect(typeof response.text).toBe('string');
+    expect(response.text).toBe(expectedHTML);
+  });
+
+  test('POST /api/convert Yjs to Markdown', async () => {
+    const app = initApp();
+    const editor = ServerBlockNoteEditor.create();
+    const blocks = await editor.tryParseMarkdownToBlocks(expectedMarkdown);
+    const yDocument = editor.blocksToYDoc(blocks, 'document-store');
+    const yjsUpdate = Y.encodeStateAsUpdate(yDocument);
+    const response = await request(app)
+      .post('/api/convert')
+      .set('origin', origin)
+      .set('authorization', apiKey)
+      .set('content-type', 'application/vnd.yjs.doc')
+      .set('accept', 'text/markdown')
+      .send(Buffer.from(yjsUpdate));
+    expect(response.status).toBe(200);
+    expect(response.header['content-type']).toBe(
+      'text/markdown; charset=utf-8',
+    );
+    expect(typeof response.text).toBe('string');
+    expect(response.text.trim()).toBe(expectedMarkdown);
+  });
+
+  test('POST /api/convert Yjs to JSON', async () => {
+    const app = initApp();
+    const editor = ServerBlockNoteEditor.create();
+    const blocks = await editor.tryParseMarkdownToBlocks(expectedMarkdown);
+    const yDocument = editor.blocksToYDoc(blocks, 'document-store');
+    const yjsUpdate = Y.encodeStateAsUpdate(yDocument);
+    const response = await request(app)
+      .post('/api/convert')
+      .set('origin', origin)
+      .set('authorization', apiKey)
+      .set('content-type', 'application/vnd.yjs.doc')
+      .set('accept', 'application/json')
+      .send(Buffer.from(yjsUpdate));
+    expect(response.status).toBe(200);
+    expect(response.header['content-type']).toBe(
+      'application/json; charset=utf-8',
+    );
+    expect(Array.isArray(response.body)).toBe(true);
+    expect(response.body).toStrictEqual(expectedBlocks);
+  });
+
+  test('POST /api/convert Markdown to JSON', async () => {
+    const app = initApp();
+    const response = await request(app)
+      .post('/api/convert')
+      .set('origin', origin)
+      .set('authorization', apiKey)
+      .set('content-type', 'text/markdown')
+      .set('accept', 'application/json')
+      .send(expectedMarkdown);
+    expect(response.status).toBe(200);
+    expect(response.header['content-type']).toBe(
+      'application/json; charset=utf-8',
+    );
+    expect(Array.isArray(response.body)).toBe(true);
+    expect(response.body).toStrictEqual(expectedBlocks);
+  });
+
+  test('POST /api/convert with invalid Yjs content returns 400', async () => {
+    const app = initApp();
+    const response = await request(app)
+      .post('/api/convert')
+      .set('origin', origin)
+      .set('authorization', apiKey)
+      .set('content-type', 'application/vnd.yjs.doc')
+      .set('accept', 'application/json')
+      .send(Buffer.from('notvalidyjs'));
+    expect(response.status).toBe(400);
+    expect(response.body).toStrictEqual({ error: 'Invalid Yjs content' });
+  });
 });

src/frontend/servers/y-provider/package.json

@@ -10,7 +10,7 @@
     "dev": "cross-env COLLABORATION_LOGGING=true && nodemon --config nodemon.json",
     "start": "node ./dist/start-server.js",
     "lint": "eslint . --ext .ts",
-    "test": "vitest --run"
+    "test": "vitest --run --disable-console-intercept"
   },
   "engines": {
     "node": ">=22"

src/frontend/servers/y-provider/src/handlers/convertHandler.ts

@@ -1,3 +1,4 @@
+import { PartialBlock } from '@blocknote/core';
 import { ServerBlockNoteEditor } from '@blocknote/server-util';
 import { Request, Response } from 'express';
 import * as Y from 'yjs';
@@ -12,29 +13,79 @@ const editor = ServerBlockNoteEditor.create();
 
 export const convertHandler = async (
   req: Request<object, Uint8Array | ErrorResponse, Buffer, object>,
-  res: Response<Uint8Array | ErrorResponse>,
+  res: Response<Uint8Array | string | object | ErrorResponse>,
 ) => {
   if (!req.body || req.body.length === 0) {
     res.status(400).json({ error: 'Invalid request: missing content' });
     return;
   }
 
-  try {
-    // Perform the conversion from markdown to Blocknote.js blocks
-    const blocks = await editor.tryParseMarkdownToBlocks(req.body.toString());
+  const contentType = (req.header('content-type') || 'text/markdown').split(
+    ';',
+  )[0];
+  const accept = (req.header('accept') || 'application/vnd.yjs.doc').split(
+    ';',
+  )[0];
 
+  let blocks: PartialBlock[] | null = null;
+  try {
+    // First, convert from the input format to blocks
+    // application/x-www-form-urlencoded is interpreted as Markdown for backward compatibility
+    if (
+      contentType === 'text/markdown' ||
+      contentType === 'application/x-www-form-urlencoded'
+    ) {
+      blocks = await editor.tryParseMarkdownToBlocks(req.body.toString());
+    } else if (
+      contentType === 'application/vnd.yjs.doc' ||
+      contentType === 'application/octet-stream'
+    ) {
+      try {
+        const ydoc = new Y.Doc();
+        Y.applyUpdate(ydoc, req.body);
+        blocks = editor.yDocToBlocks(ydoc, 'document-store') as PartialBlock[];
+      } catch (e) {
+        logger('Invalid Yjs content:', e);
+        res.status(400).json({ error: 'Invalid Yjs content' });
+        return;
+      }
+    } else {
+      res.status(415).json({ error: 'Unsupported Content-Type' });
+      return;
+    }
     if (!blocks || blocks.length === 0) {
       res.status(500).json({ error: 'No valid blocks were generated' });
       return;
     }
 
-    // Create a Yjs Document from blocks
-    const yDocument = editor.blocksToYDoc(blocks, 'document-store');
+    // Then, convert from blocks to the output format
+    if (accept === 'application/json') {
+      res.status(200).json(blocks);
+    } else {
+      const yDocument = editor.blocksToYDoc(blocks, 'document-store');
 
-    res
-      .status(200)
-      .setHeader('content-type', 'application/octet-stream')
-      .send(Y.encodeStateAsUpdate(yDocument));
+      if (
+        accept === 'application/vnd.yjs.doc' ||
+        accept === 'application/octet-stream'
+      ) {
+        res
+          .status(200)
+          .setHeader('content-type', 'application/octet-stream')
+          .send(Y.encodeStateAsUpdate(yDocument));
+      } else if (accept === 'text/markdown') {
+        res
+          .status(200)
+          .setHeader('content-type', 'text/markdown')
+          .send(await editor.blocksToMarkdownLossy(blocks));
+      } else if (accept === 'text/html') {
+        res
+          .status(200)
+          .setHeader('content-type', 'text/html')
+          .send(await editor.blocksToHTMLLossy(blocks));
+      } else {
+        res.status(406).json({ error: 'Unsupported format' });
+      }
+    }
   } catch (e) {
     logger('conversion failed:', e);
     res.status(500).json({ error: 'An error occurred' });

src/frontend/servers/y-provider/src/servers/appServer.ts

@@ -49,7 +49,7 @@ export const initApp = () => {
   );
 
   /**
-   * Route to convert Markdown or BlockNote blocks
+   * Route to convert Markdown or BlockNote blocks and Yjs content
    */
   app.post(
     routes.CONVERT,

src/nginx/servers.conf.erb

@@ -0,0 +1,114 @@
+# ERB templated nginx configuration
+# see https://doc.scalingo.com/platform/deployment/buildpacks/nginx
+
+upstream backend_server {
+	server localhost:8000 fail_timeout=0;
+}
+
+upstream collaboration_server {
+	server localhost:4444 fail_timeout=0;
+}
+
+server {
+	
+	listen <%= ENV["PORT"] %>;
+	server_name _;
+
+    root /app/build/frontend-out;
+    
+    error_page 404 /404.html;
+
+    location /collaboration/api/ {
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_redirect off;
+		proxy_pass http://collaboration_server;
+    }
+
+    location /collaboration/ws/ {
+    
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        
+        # Set appropriate timeout for WebSocketAdd commentMore actions
+        proxy_read_timeout 86400;
+        proxy_send_timeout 86400;
+        
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_redirect off;
+		proxy_pass http://collaboration_server;
+    }
+
+    # Django rest framework
+    location ^~ /api/ {
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_redirect off;
+		proxy_pass http://backend_server;
+	}
+    
+    # Django admin
+    location ^~ /admin/ {
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_redirect off;
+		proxy_pass http://backend_server;
+	}
+
+    # Proxy auth for media
+    location /media/ {
+        # Auth request configuration
+        auth_request /media-auth;
+        auth_request_set $authHeader $upstream_http_authorization;
+        auth_request_set $authDate $upstream_http_x_amz_date;
+        auth_request_set $authContentSha256 $upstream_http_x_amz_content_sha256;
+
+        # Pass specific headers from the auth response
+        proxy_set_header Authorization $authHeader;
+        proxy_set_header X-Amz-Date $authDate;
+        proxy_set_header X-Amz-Content-SHA256 $authContentSha256;
+
+        # Get resource from Object Storage
+        proxy_pass <%= ENV["AWS_S3_ENDPOINT_URL"] %>/<%= ENV["AWS_STORAGE_BUCKET_NAME"] %>/;
+        proxy_set_header Host <%= ENV["AWS_S3_ENDPOINT_URL"].split("://")[1] %>;
+
+        add_header Content-Security-Policy "default-src 'none'" always;
+    }
+
+    location /media-auth {
+        proxy_pass http://backend_server/api/v1.0/documents/media-auth/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Original-URL $request_uri;
+        
+        # Prevent the body from being passed
+        proxy_pass_request_body off;
+        proxy_set_header Content-Length "";
+        proxy_set_header X-Original-Method $request_method;
+    }
+
+
+    location / {
+        try_files $uri index.html $uri/ =404;
+    }
+  
+    location ~ "^/docs/[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}/?$" {
+        try_files $uri /docs/[id]/index.html;
+    }
+  
+    location = /404.html {
+        internal;
+    }
+
+}