🔧(backend) setup Docs app dockers to work with Find

Add nginx with 'nginx' alias to the 'lasuite-net' network (keycloak calls) Add celery-dev to the 'lasuite-net' network (Find API calls in jobs) Set app-dev alias as 'impress' in the 'lasuite-net' network Add indexer configuration in common settings Signed-off-by: Fabre Florian <ffabre@hybird.org>
🔧(backend) force a valid key for token storage in development mode
2026-05-09 00:22:46 +02:00 · 2025-10-07 07:14:51 +02:00 · 2025-10-02 16:21:27 +02:00 · 2025-10-02 16:21:27 +02:00 · 2025-10-02 16:21:26 +02:00 · 2025-10-02 16:21:26 +02:00
364 changed files with 14568 additions and 7203 deletions
--- a/.github/workflows/crowdin_upload.yml
+++ b/.github/workflows/crowdin_upload.yml
@@ -23,9 +23,10 @@ jobs:
        uses: actions/checkout@v4
      # Backend i18n
      - name: Install Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
        with:
          python-version: "3.13.3"
+          cache: "pip"
      - name: Upgrade pip and setuptools
        run: pip install --upgrade pip setuptools
      - name: Install development dependencies
--- a/.github/workflows/docker-hub.yml
+++ b/.github/workflows/docker-hub.yml
@@ -32,7 +32,10 @@ jobs:
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
-        run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      -
        name: Run trivy scan
        uses: numerique-gouv/action-trivy-cache@main
@@ -65,7 +68,10 @@ jobs:
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
-        run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      -
        name: Run trivy scan
        uses: numerique-gouv/action-trivy-cache@main
--- a/.github/workflows/impress-frontend.yml
+++ b/.github/workflows/impress-frontend.yml
@@ -101,7 +101,7 @@ jobs:
  test-e2e-other-browser:
    runs-on: ubuntu-latest
    needs: test-e2e-chromium
-    timeout-minutes: 20
+    timeout-minutes: 30
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
@@ -136,3 +136,54 @@ jobs:
          name: playwright-other-report
          path: src/frontend/apps/e2e/report/
          retention-days: 7
+
+  bundle-size-check:
+    runs-on: ubuntu-latest
+    needs: install-dependencies
+    if: github.event_name == 'pull_request'
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Detect relevant changes
+        id: changes
+        uses: dorny/paths-filter@v2
+        with:
+          filters: |
+            lock:
+              - 'src/frontend/**/yarn.lock'
+            app:
+              - 'src/frontend/apps/impress/**'
+
+      - name: Restore the frontend cache
+        uses: actions/cache@v4
+        with:
+          path: "src/frontend/**/node_modules"
+          key: front-node_modules-${{ hashFiles('src/frontend/**/yarn.lock') }}
+          fail-on-cache-miss: true
+
+      - name: Setup Node.js
+        if: steps.changes.outputs.lock == 'true' || steps.changes.outputs.app == 'true'
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22.x"
+
+      - name: Check bundle size changes
+        if: steps.changes.outputs.lock == 'true' || steps.changes.outputs.app == 'true'
+        uses: preactjs/compressed-size-action@v2
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          build-script: "app:build"
+          pattern: "apps/impress/out/**/*.{css,js,html}"
+          exclude: "{**/*.map,**/node_modules/**}"
+          minimum-change-threshold: 500
+          compression: "gzip"
+          cwd: "./src/frontend"
+          show-total: true
+          strip-hash: "[-_.][a-f0-9]{8,}(?=\\.(?:js|css|html)$)"
+          omit-unchanged: true
+          install-script: "yarn install --frozen-lockfile"
--- a/.github/workflows/impress.yml
+++ b/.github/workflows/impress.yml
@@ -25,14 +25,18 @@ jobs:
      - name: show
        run: git log
      - name: Enforce absence of print statements in code
+        if: always()
        run: |
          ! git diff origin/${{ github.event.pull_request.base.ref }}..HEAD -- . ':(exclude)**/impress.yml' | grep "print("
      - name: Check absence of fixup commits
+        if: always()
        run: |
          ! git log | grep 'fixup!'
      - name: Install gitlint
+        if: always()
        run: pip install --user requests gitlint
      - name: Lint commit messages added to main
+        if: always()
        run: ~/.local/bin/gitlint --commits origin/${{ github.event.pull_request.base.ref }}..HEAD

  check-changelog:
@@ -75,6 +79,7 @@ jobs:
            --check-filenames \
            --ignore-words-list "Dokument,afterAll,excpt,statics" \
            --skip "./git/" \
+            --skip "**/*.pdf" \
            --skip "**/*.po" \
            --skip "**/*.pot" \
            --skip "**/*.json" \
@@ -89,9 +94,10 @@ jobs:
      - name: Checkout repository
        uses: actions/checkout@v2
      - name: Install Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
        with:
          python-version: "3.13.3"
+          cache: "pip"
      - name: Upgrade pip and setuptools
        run: pip install --upgrade pip setuptools
      - name: Install development dependencies
@@ -184,9 +190,10 @@ jobs:
            mc version enable impress/impress-media-storage"

      - name: Install Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
        with:
          python-version: "3.13.3"
+          cache: "pip"

      - name: Install development dependencies
        run: pip install --user .[dev]
--- a/.gitignore
+++ b/.gitignore
@@ -43,6 +43,10 @@ venv.bak/
 env.d/development/*.local
 env.d/terraform

+# Docker
+compose.override.yml
+docker/auth/*.local
+
 # npm
 node_modules

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,3 @@
-# Changelog
-
 All notable changes to this project will be documented in this file.

 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0),
@@ -10,12 +8,117 @@ and this project adheres to

 ### Added

- ✨(helm) Service Account support for K8s Resources in Helm Charts #778
- ✨(backend) allow masking documents from the list view #1171
+- ✨(frontend) add pdf block to the editor #1293
+
+### Changed
+
+- ♻️(frontend) replace Arial font-family with token font #1411
+- ♿(frontend) improve accessibility:
+  - #1354
+  - #1349
+  - ♿ improve accessibility by adding landmark roles to layout #1394
+  - ♿ add document visible in list and openable via enter key #1365
+  - ♿ add pdf outline property to enable bookmarks display #1368
+  - ♿ hide decorative icons from assistive tech with aria-hidden #1404
+  - ♿ fix rgaa 1.9.1: convert to figure/figcaption structure #1426
+  - ♿ remove redundant aria-label to avoid over-accessibility #1420
+  - ♿ remove redundant aria-label on hidden icons and update tests #1432
+  - ♿ improve semantic structure and aria roles of leftpanel #1431
+  - ♿ add default background to left panel for better accessibility #1423
+  - ♿ restyle checked checkboxes: removing strikethrough #1439  
+  - ♿ add h1 for SR on 40X pages and remove alt texts #1438
+  - ♿ update labels and shared document icon accessibility #1442
+- ✨(backend) add async indexation of documents on save (or access save) #1276
+- ✨(backend) add debounce mechanism to limit indexation jobs #1276
+- ✨(api) add API route to search for indexed documents in Find #1276
+
+### Fixed
+
+- 🐛(backend) duplicate sub docs as root for reader users
+- ⚗️(service-worker) remove index from cache first strategy #1395
+- 🐛(frontend) fix 404 page when reload 403 page #1402
+- 🐛(frontend) fix legacy role computation #1376
+- 🐛(frontend) scroll back to top when navigate to a document #1406
+
+### Changed
+
+- ♿(frontend) improve accessibility:
+  - ♿improve NVDA navigation in DocShareModal #1396
+
+## [3.7.0] - 2025-09-12
+
+### Added
+
+- ✨(api) add API route to fetch document content #1206
+
+### Changed
+
+- 🔒️(backend) configure throttle on every viewsets #1343
+- ⬆️ Bump eslint to V9 #1071
+- ♿(frontend) improve accessibility:
+  - ♿fix major accessibility issues reported by wave and axe #1344
+  - ✨unify tab focus style for better visual consistency #1341
+  - ✨improve modal a11y: structure, labels, and title #1349
+  - ✨improve accessibility of cdoc content with correct aria tags #1271
+  - ✨unify tab focus style for better visual consistency #1341
+  - ♿hide decorative icons, label menus, avoid accessible name… #1362
+- ♻️(tilt) use helm dev-backend chart
+
+### Removed
+
+- 🔥(frontend) remove multi column drop cursor #1370
+
+### Fixed
+
+- 🐛(frontend) fix callout emoji list #1366
+
+## [3.6.0] - 2025-09-04
+
+### Added
+
+- 👷(CI) add bundle size check job #1268
+- ✨(frontend) use title first emoji as doc icon in tree #1289
+
+### Changed
+
+- ♻️(docs-app) Switch from Jest tests to Vitest #1269
+- ♿(frontend) improve accessibility:
+  - 🌐(frontend) set html lang attribute dynamically #1248
+  - ♿(frontend) inject language attribute to pdf export #1235
+  - ♿(frontend) improve accessibility of search modal #1275
+  - ♿(frontend) add correct attributes to icons #1255
+  - 🎨(frontend) improve nav structure #1262
+  - ♿️(frontend) keyboard interaction with menu #1244
+  - ♿(frontend) improve header accessibility #1270
+  - ♿(frontend) improve accessibility for decorative images in editor #1282
+  - #1338
+  - #1281
+- ♻️(backend) fallback to email identifier when no name #1298
+- 🐛(backend) allow ASCII characters in user sub field #1295
+- ⚡️(frontend) improve fallback width calculation #1333
+
+### Fixed
+
+- 🐛(makefile) Windows compatibility fix for Docker volume mounting #1263
+- 🐛(minio) fix user permission error with Minio and Windows #1263
+- 🐛(frontend) fix export when quote block and inline code #1319
+- 🐛(frontend) fix base64 font #1324
+- 🐛(backend) allow creator to delete subpages #1297
+- 🐛(frontend) fix dnd conflict with tree and Blocknote #1328
+- 🐛(frontend) fix display bug on homepage #1332
+- 🐛link role update #1287
+- 🔧(keycloak) Fix https required issue in dev mode #1286
+
+## [3.5.0] - 2025-07-31
+
+### Added
+
+- ✨(helm) Service Account support for K8s Resources in Helm Charts #780
+- ✨(backend) allow masking documents from the list view #1172
 - ✨(frontend) subdocs can manage link reach #1190
 - ✨(frontend) add duplicate action to doc tree #1175
+- ✨(frontend) Interlinking doc #904
 - ✨(frontend) add multi columns support for editor #1219
- ✨(frontend) Can mask a document from the list view #1233

 ### Changed

@@ -23,6 +126,8 @@ and this project adheres to
 - ♻️(frontend) redirect to doc after duplicate #1175
 - 🔧(project) change env.d system by using local files #1200
 - ⚡️(frontend) improve tree stability #1207
+- ⚡️(frontend) improve accessibility #1232
+- 🛂(frontend) block drag n drop when not desktop #1239

 ### Fixed

@@ -30,6 +135,7 @@ and this project adheres to
 - 🐛(frontend) fix empty left panel after deleting root doc #1197
 - 🐛(helm) charts generate invalid YAML for collaboration API / WS #890
 - 🐛(frontend) 401 redirection overridden #1214
+- 🐛(frontend) include root parent in search #1243

 ## [3.4.2] - 2025-07-18

@@ -46,7 +152,7 @@ and this project adheres to
 ### Fixed

 - 🌐(frontend) keep simple tag during export #1154
- 🐛(back) manage can-edit endpoint without created room 
+- 🐛(back) manage can-edit endpoint without created room
  in the ws #1152
 - 🐛(frontend) fix action buttons not clickable #1162
 - 🐛(frontend) fix crash share modal on grid options #1174
@@ -66,11 +172,11 @@ and this project adheres to
 - 📝(project) add troubleshoot doc #1066
 - 📝(project) add system-requirement doc #1066
 - 🔧(frontend) configure x-frame-options to DENY in nginx conf #1084
- ✨(backend) allow to disable checking unsafe mimetype on 
+- ✨(backend) allow to disable checking unsafe mimetype on
  attachment upload #1099
 - ✨(doc) add documentation to install with compose #855
- ✨ Give priority to users connected to collaboration server 
-  (aka no websocket feature) #1093 
+- ✨ Give priority to users connected to collaboration server
+  (aka no websocket feature) #1093

 ### Changed

@@ -96,7 +202,6 @@ and this project adheres to

 - 🔥(frontend) remove Beta from logo #1095

-
 ## [3.3.0] - 2025-05-06

 ### Added
@@ -122,13 +227,13 @@ and this project adheres to
 - ⬆️(docker) upgrade node images to alpine 3.21 #973

 ### Fixed
+
 - 🐛(y-provider) increase JSON size limits for transcription conversion #989

 ### Removed

 - 🔥(back) remove footer endpoint #948

-
 ## [3.2.1] - 2025-05-06

 ## Fixed
@@ -136,7 +241,6 @@ and this project adheres to
 - 🐛(frontend) fix list copy paste #943
 - 📝(doc) update contributing policy (commit signatures are now mandatory) #895

-
 ## [3.2.0] - 2025-05-05

 ## Added
@@ -147,7 +251,7 @@ and this project adheres to
 - ✨(settings) Allow configuring PKCE for the SSO #886
 - 🌐(i18n) activate chinese and spanish languages #884
 - 🔧(backend) allow overwriting the data directory #893
- ➕(backend) add  `django-lasuite` dependency #839
+- ➕(backend) add `django-lasuite` dependency #839
 - ✨(frontend) advanced table features #908

 ## Changed
@@ -198,7 +302,6 @@ and this project adheres to
 - 🐛(backend) compute ancestor_links in get_abilities if needed #725
 - 🔒️(back) restrict access to document accesses #801

-
 ## [2.6.0] - 2025-03-21

 ## Added
@@ -217,7 +320,6 @@ and this project adheres to
 - 🔒️(back) throttle user list endpoint #636
 - 🔒️(back) remove pagination and limit to 5 for user list endpoint #636

-
 ## [2.5.0] - 2025-03-18

 ## Added
@@ -240,15 +342,14 @@ and this project adheres to
 ## Fixed

 - 🐛(frontend) SVG export #706
- 🐛(frontend) remove scroll listener table content  #688
+- 🐛(frontend) remove scroll listener table content #688
 - 🔒️(back) restrict access to favorite_list endpoint #690
- 🐛(backend) refactor to fix filtering on children 
-    and descendants views #695
+- 🐛(backend) refactor to fix filtering on children
+  and descendants views #695
 - 🐛(action) fix notify-argocd workflow #713
 - 🚨(helm) fix helmfile lint #736
 - 🚚(frontend) redirect to 401 page when 401 error #759

-
 ## [2.4.0] - 2025-03-06

 ## Added
@@ -263,7 +364,6 @@ and this project adheres to

 - 🐛(frontend) fix collaboration error #684

-
 ## [2.3.0] - 2025-03-03

 ## Added
@@ -679,7 +779,10 @@ and this project adheres to
 - ✨(frontend) Coming Soon page (#67)
 - 🚀 Impress, project to manage your documents easily and collaboratively.

-[unreleased]: https://github.com/suitenumerique/docs/compare/v3.4.2...main
+[unreleased]: https://github.com/suitenumerique/docs/compare/v3.7.0...main
+[v3.7.0]: https://github.com/suitenumerique/docs/releases/v3.7.0
+[v3.6.0]: https://github.com/suitenumerique/docs/releases/v3.6.0
+[v3.5.0]: https://github.com/suitenumerique/docs/releases/v3.5.0
 [v3.4.2]: https://github.com/suitenumerique/docs/releases/v3.4.2
 [v3.4.1]: https://github.com/suitenumerique/docs/releases/v3.4.1
 [v3.4.0]: https://github.com/suitenumerique/docs/releases/v3.4.0
--- a/90
+++ b/90
@@ -35,9 +35,13 @@ DB_PORT            = 5432

 # -- Docker
 # Get the current user ID to use for docker run and docker exec commands
-DOCKER_UID          = $(shell id -u)
-DOCKER_GID          = $(shell id -g)
-DOCKER_USER         = $(DOCKER_UID):$(DOCKER_GID)
+ifeq ($(OS),Windows_NT)
+DOCKER_USER         := 0:0     # run containers as root on Windows
+else
+DOCKER_UID          := $(shell id -u)
+DOCKER_GID          := $(shell id -g)
+DOCKER_USER         := $(DOCKER_UID):$(DOCKER_GID)
+endif
 COMPOSE             = DOCKER_USER=$(DOCKER_USER) docker compose
 COMPOSE_E2E         = DOCKER_USER=$(DOCKER_USER) docker compose -f compose.yml -f compose-e2e.yml
 COMPOSE_EXEC        = $(COMPOSE) exec
@@ -48,7 +52,7 @@ COMPOSE_RUN_CROWDIN = $(COMPOSE_RUN) crowdin crowdin

 # -- Backend
 MANAGE              = $(COMPOSE_RUN_APP) python manage.py
-MAIL_YARN           = $(COMPOSE_RUN) -w /app/src/mail node yarn
+MAIL_YARN           = $(COMPOSE_RUN) -w //app/src/mail node yarn

 # -- Frontend
 PATH_FRONT          = ./src/frontend
@@ -89,13 +93,77 @@ post-bootstrap: \
 	mails-build
 .PHONY: post-bootstrap

+pre-beautiful-bootstrap: ## Display a welcome message before bootstrap
+ifeq ($(OS),Windows_NT)
+	@echo ""
+	@echo "================================================================================"
+	@echo ""
+	@echo "  Welcome to Docs - Collaborative Text Editing from La Suite!"
+	@echo ""
+	@echo "  This will set up your development environment with:"
+	@echo "  - Docker containers for all services"
+	@echo "  - Database migrations and static files"
+	@echo "  - Frontend dependencies and build"
+	@echo "  - Environment configuration files"
+	@echo ""
+	@echo "  Services will be available at:"
+	@echo "  - Frontend: http://localhost:3000"
+	@echo "  - API:      http://localhost:8071"
+	@echo "  - Admin:    http://localhost:8071/admin"
+	@echo ""
+	@echo "================================================================================"
+	@echo ""
+	@echo "Starting bootstrap process..."
+else
+	@echo "$(BOLD)"
+	@echo "╔══════════════════════════════════════════════════════════════════════════════╗"
+	@echo "║                                                                              ║"
+	@echo "║  🚀 Welcome to Docs - Collaborative Text Editing from La Suite ! 🚀          ║"
+	@echo "║                                                                              ║"
+	@echo "║  This will set up your development environment with :                        ║"
+	@echo "║  • Docker containers for all services                                        ║"
+	@echo "║  • Database migrations and static files                                      ║"
+	@echo "║  • Frontend dependencies and build                                           ║"
+	@echo "║  • Environment configuration files                                           ║"
+	@echo "║                                                                              ║"
+	@echo "║  Services will be available at:                                              ║"
+	@echo "║  • Frontend: http://localhost:3000                                           ║"
+	@echo "║  • API:      http://localhost:8071                                           ║"
+	@echo "║  • Admin:    http://localhost:8071/admin                                     ║"
+	@echo "║                                                                              ║"
+	@echo "╚══════════════════════════════════════════════════════════════════════════════╝"
+	@echo "$(RESET)"
+	@echo "$(GREEN)Starting bootstrap process...$(RESET)"
+endif
+	@echo "" 
+.PHONY: pre-beautiful-bootstrap

-bootstrap: ## Prepare Docker developmentimages for the project
+post-beautiful-bootstrap: ## Display a success message after bootstrap
+	@echo ""
+ifeq ($(OS),Windows_NT)
+	@echo "Bootstrap completed successfully!"
+	@echo ""
+	@echo "Next steps:"
+	@echo "  - Visit http://localhost:3000 to access the application"
+	@echo "  - Run 'make help' to see all available commands"
+else
+	@echo "$(GREEN)🎉 Bootstrap completed successfully!$(RESET)"
+	@echo ""
+	@echo "$(BOLD)Next steps:$(RESET)"
+	@echo "  • Visit http://localhost:3000 to access the application"
+	@echo "  • Run 'make help' to see all available commands"
+endif
+	@echo ""
+.PHONY: post-beautiful-bootstrap
+
+bootstrap: ## Prepare the project for local development
 bootstrap: \
+	pre-beautiful-bootstrap \
 	pre-bootstrap \
 	build \
 	post-bootstrap \
-	run
+	run \
+	post-beautiful-bootstrap
 .PHONY: bootstrap

 bootstrap-e2e: ## Prepare Docker production images to be used for e2e tests
@@ -179,6 +247,10 @@ demo: ## flush db then create a demo for load testing purpose
 	@$(MANAGE) create_demo
 .PHONY: demo

+index: ## index all documents to remote search
+	@$(MANAGE) index
+.PHONY: index
+
 # Nota bene: Black should come after isort just in case they don't agree...
 lint: ## lint back-end python sources
 lint: \
@@ -338,6 +410,10 @@ run-frontend-development: ## Run the frontend in development mode
 	cd $(PATH_FRONT_IMPRESS) && yarn dev
 .PHONY: run-frontend-development

+frontend-test: ## Run the frontend tests
+	cd $(PATH_FRONT_IMPRESS) && yarn test
+.PHONY: frontend-test
+
 frontend-i18n-extract: ## Extract the frontend translation inside a json to be used for crowdin
 	cd $(PATH_FRONT) && yarn i18n:extract
 .PHONY: frontend-i18n-extract
@@ -368,6 +444,6 @@ bump-packages-version: ## bump the version of the project - VERSION_TYPE can be
 	cd ./src/frontend/apps/e2e/ && yarn version --no-git-tag-version --$(VERSION_TYPE)
 	cd ./src/frontend/apps/impress/ && yarn version --no-git-tag-version --$(VERSION_TYPE)
 	cd ./src/frontend/servers/y-provider/ && yarn version --no-git-tag-version --$(VERSION_TYPE)
-	cd ./src/frontend/packages/eslint-config-impress/ && yarn version --no-git-tag-version --$(VERSION_TYPE)
+	cd ./src/frontend/packages/eslint-plugin-docs/ && yarn version --no-git-tag-version --$(VERSION_TYPE)
 	cd ./src/frontend/packages/i18n/ && yarn version --no-git-tag-version --$(VERSION_TYPE)
 .PHONY: bump-packages-version
--- a/README.md
+++ b/README.md
@@ -49,13 +49,24 @@ Docs is a collaborative text editor designed to address common challenges in kno
 * 📚 Turn your team's collaborative work into organized knowledge with Subpages.

 ### Self-host
-🚀 Docs is easy to install on your own servers

-Available methods: Helm chart, Nix package
+#### 🚀 Docs is easy to install on your own servers
+We use Kubernetes for our [production instance](https://docs.numerique.gouv.fr/) but also support Docker Compose. The community contributed a couple other methods (Nix, YunoHost etc.) check out the [docs](/docs/installation/README.md) to get detailed instructions and examples.

-In the works: Docker Compose, YunoHost
+#### 🌍 Known instances
+We hope to see many more, here is an incomplete list of public Docs instances. Feel free to make a PR to add ones that are not listed below🙏

-⚠️ For some advanced features (ex: Export as PDF) Docs relies on XL packages from BlockNote. These are licenced under AGPL-3.0 and are not MIT compatible. You can perfectly use Docs without these packages by setting the environment variable `PUBLISH_AS_MIT` to true. That way you'll build an image of the application without the features that are not MIT compatible. Read the [environment variables documentation](/docs/env.md) for more information.
+| Url | Org | Public |
+| --- | --- | ------- |
+| [docs.numerique.gouv.fr](https://docs.numerique.gouv.fr/)    | DINUM    | French public agents working for the central administration and the extended public sphere. ProConnect is required to login in or sign up|
+| [docs.suite.anct.gouv.fr](https://docs.suite.anct.gouv.fr/)    | ANCT    | French public agents working for the territorial administration and the extended public sphere. ProConnect is required to login in or sign up|
+| [notes.demo.opendesk.eu](https://notes.demo.opendesk.eu)    | ZenDiS    | Demo instance of OpenDesk. Request access to get credentials |
+| [notes.liiib.re](https://notes.liiib.re/)    | lasuite.coop    | Free and open demo to all. Content and accounts are reset after one month |
+| [docs.federated.nexus](https://docs.federated.nexus/)    | federated.nexus    | Public instance, but you have to [sign up for a Federated Nexus account](https://federated.nexus/register/). |
+| [docs.demo.mosacloud.eu](https://docs.demo.mosacloud.eu/)    | mosa.cloud    | Demo instance of mosa.cloud, a dutch company providing services around La Suite apps. |
+
+#### ⚠️ Advanced features
+For some advanced features (ex: Export as PDF) Docs relies on XL packages from BlockNote. These are licenced under GPL and are not MIT compatible. You can perfectly use Docs without these packages by setting the environment variable `PUBLISH_AS_MIT` to true. That way you'll build an image of the application without the features that are not MIT compatible. Read the [environment variables documentation](/docs/env.md) for more information.

 ## Getting started 🔧

@@ -130,6 +141,12 @@ To start all the services, except the frontend container, you can use the follow
 $ make run-backend
 ```

+To execute frontend tests & linting only
+```shellscript
+$ make frontend-test
+$ make frontend-lint
+```
+
 **Adding content**

 You can create a basic demo site by running this command:
--- a/bin/Tiltfile
+++ b/bin/Tiltfile
@@ -39,9 +39,10 @@ docker_build(
    ]
 )

-k8s_resource('impress-docs-backend-migrate', resource_deps=['postgres-postgresql'])
+k8s_resource('impress-docs-backend-migrate', resource_deps=['dev-backend-postgres'])
 k8s_resource('impress-docs-backend-createsuperuser', resource_deps=['impress-docs-backend-migrate'])
-k8s_resource('impress-docs-backend', resource_deps=['impress-docs-backend-migrate'])
+k8s_resource('dev-backend-keycloak', resource_deps=['dev-backend-keycloak-pg'])
+k8s_resource('impress-docs-backend', resource_deps=['impress-docs-backend-migrate', 'dev-backend-redis', 'dev-backend-keycloak', 'dev-backend-postgres', 'dev-backend-minio:statefulset'])
 k8s_yaml(local('cd ../src/helm && helmfile -n impress -e dev template .'))

 migration = '''
--- a/bin/_config.sh
+++ b/bin/_config.sh
@@ -38,6 +38,10 @@ function _set_user() {
 # options: docker compose command options
 # ARGS   : docker compose command arguments
 function _docker_compose() {
+    # Set DOCKER_USER for Windows compatibility with MinIO
+    if [[ "$OSTYPE" == "msys" || "$OSTYPE" == "cygwin" || -n "${WSL_DISTRO_NAME:-}" ]]; then
+        export DOCKER_USER="0:0"
+    fi

    echo "🐳(compose) file: '${COMPOSE_FILE}'"
    docker compose \
--- a/bin/fernetkey
+++ b/bin/fernetkey
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+# shellcheck source=bin/_config.sh
+source "$(dirname "${BASH_SOURCE[0]}")/_config.sh"
+
+_dc_run app-dev python -c 'from cryptography.fernet import Fernet;import sys; sys.stdout.write("\n" + Fernet.generate_key().decode() + "\n");'
--- a/compose.yml
+++ b/compose.yml
@@ -72,6 +72,11 @@ services:
      - env.d/development/postgresql.local
    ports:
      - "8071:8000"
+    networks:
+      default: {}
+      lasuite-net:
+        aliases:
+          - impress
    volumes:
      - ./src/backend:/app
      - ./data/static:/data/static
@@ -92,6 +97,9 @@ services:
    command: ["celery", "-A", "impress.celery_app", "worker", "-l", "DEBUG"]
    environment:
      - DJANGO_CONFIGURATION=Development
+    networks:
+      - default
+      - lasuite-net
    env_file:
      - env.d/development/common
      - env.d/development/common.local
@@ -107,6 +115,11 @@ services:
    image: nginx:1.25
    ports:
      - "8083:8083"
+    networks:
+      default: {}
+      lasuite-net:
+        aliases:
+          - nginx
    volumes:
      - ./docker/files/etc/nginx/conf.d:/etc/nginx/conf.d:ro
    depends_on:
@@ -184,22 +197,20 @@ services:
      - env.d/development/kc_postgresql.local

  keycloak:
-    image: quay.io/keycloak/keycloak:20.0.1
+    image: quay.io/keycloak/keycloak:26.3
    volumes:
      - ./docker/auth/realm.json:/opt/keycloak/data/import/realm.json
    command:
      - start-dev
      - --features=preview
      - --import-realm
-      - --proxy=edge
-      - --hostname-url=http://localhost:8083
-      - --hostname-admin-url=http://localhost:8083/
+      - --hostname=http://localhost:8083
      - --hostname-strict=false
-      - --hostname-strict-https=false
      - --health-enabled=true
      - --metrics-enabled=true
    healthcheck:
-      test: ["CMD", "curl", "--head", "-fsS", "http://localhost:8080/health/ready"]
+      test: ['CMD-SHELL', 'exec 3<>/dev/tcp/localhost/9000; echo -e "GET /health/live HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n" >&3; grep "HTTP/1.1 200 OK" <&3']
+      start_period: 5s
      interval: 1s
      timeout: 2s
      retries: 300
@@ -219,3 +230,8 @@ services:
      kc_postgresql:
        condition: service_healthy
        restart: true
+
+networks:
+  lasuite-net:
+    name: lasuite-net
+    driver: bridge
--- a/docker/auth/realm.json
+++ b/docker/auth/realm.json
@@ -26,7 +26,7 @@
  "oauth2DeviceCodeLifespan": 600,
  "oauth2DevicePollingInterval": 5,
  "enabled": true,
-  "sslRequired": "external",
+  "sslRequired": "none",
  "registrationAllowed": true,
  "registrationEmailAsUsername": false,
  "rememberMe": true,
@@ -60,7 +60,7 @@
    },
    {
      "username": "user-e2e-chromium",
-      "email": "user@chromium.test",
+      "email": "user.test@chromium.test",
      "firstName": "E2E",
      "lastName": "Chromium",
      "enabled": true,
@@ -74,7 +74,7 @@
    },
    {
      "username": "user-e2e-webkit",
-      "email": "user@webkit.test",
+      "email": "user.test@webkit.test",
      "firstName": "E2E",
      "lastName": "Webkit",
      "enabled": true,
@@ -88,7 +88,7 @@
    },
    {
      "username": "user-e2e-firefox",
-      "email": "user@firefox.test",
+      "email": "user.test@firefox.test",
      "firstName": "E2E",
      "lastName": "Firefox",
      "enabled": true,
@@ -2270,7 +2270,7 @@
    "cibaInterval": "5",
    "realmReusableOtpCode": "false"
  },
-  "keycloakVersion": "20.0.1",
+  "keycloakVersion": "26.3.2",
  "userManagedAccessAllowed": false,
  "clientProfiles": {
    "profiles": []
--- a/docker/files/production/etc/nginx/conf.d/default.conf.template
+++ b/docker/files/production/etc/nginx/conf.d/default.conf.template
@@ -11,6 +11,9 @@ server {
    server_name localhost;
    charset utf-8;

+    # increase max upload size
+    client_max_body_size 10m;
+
    # Disables server version feedback on pages and in headers
    server_tokens off;

@@ -68,7 +71,7 @@ server {
        proxy_set_header Host $host;
    }

-    location  /collaboration/api/ {
+    location /collaboration/api/ {
        # Collaboration server
        proxy_pass http://${YPROVIDER_HOST}:4444;
        proxy_set_header Host $host;
@@ -95,7 +98,7 @@ server {

        add_header Content-Security-Policy "default-src 'none'" always;
    }
-    
+
    location /media-auth {
        proxy_pass http://docs_backend/api/v1.0/documents/media-auth/;
        proxy_set_header X-Forwarded-Proto https;
@@ -109,4 +112,4 @@ server {
        proxy_set_header Content-Length "";
        proxy_set_header X-Original-Method $request_method;
    }
-}
+}
--- a/docs/env.md
+++ b/docs/env.md
@@ -135,9 +135,9 @@ NODE_ENV=production NEXT_PUBLIC_PUBLISH_AS_MIT=false yarn build
 | PUBLISH_AS_MIT                                  | Removes packages whose licences are incompatible with the MIT licence (see  below)                                               | true                                                    |

 Packages with licences incompatible with the MIT licence:
-* `xl-docx-exporter`: [AGPL-3.0](https://github.com/TypeCellOS/BlockNote/blob/main/packages/xl-docx-exporter/LICENSE), 
-* `xl-pdf-exporter`: [AGPL-3.0](https://github.com/TypeCellOS/BlockNote/blob/main/packages/xl-pdf-exporter/LICENSE), 
-* `xl-multi-column`: [AGPL-3.0](https://github.com/TypeCellOS/BlockNote/blob/main/packages/xl-multi-column/LICENSE). 
+* `xl-docx-exporter`: [GPL](https://github.com/TypeCellOS/BlockNote/blob/main/packages/xl-docx-exporter/LICENSE), 
+* `xl-pdf-exporter`: [GPL](https://github.com/TypeCellOS/BlockNote/blob/main/packages/xl-pdf-exporter/LICENSE), 
+* `xl-multi-column`: [GPL](https://github.com/TypeCellOS/BlockNote/blob/main/packages/xl-multi-column/LICENSE). 

 In `.env.development`, `PUBLISH_AS_MIT` is set to `false`, allowing developers to test Docs with all its features.

--- a/docs/examples/compose/compose.yaml
+++ b/docs/examples/compose/compose.yaml
@@ -7,12 +7,12 @@ services:
      timeout: 2s
      retries: 300
    env_file:
-    - env.d/postgresql
-    - env.d/common
+      - env.d/postgresql
+      - env.d/common
    environment:
-    - PGDATA=/var/lib/postgresql/data/pgdata
+      - PGDATA=/var/lib/postgresql/data/pgdata
    volumes:
-    - ./data/databases/backend:/var/lib/postgresql/data/pgdata
+      - ./data/databases/backend:/var/lib/postgresql/data/pgdata

  redis:
    image: redis:8
@@ -22,12 +22,12 @@ services:
    user: ${DOCKER_USER:-1000}
    restart: always
    environment:
-    - DJANGO_CONFIGURATION=Production
+      - DJANGO_CONFIGURATION=Production
    env_file:
-    - env.d/common
-    - env.d/backend
-    - env.d/yprovider
-    - env.d/postgresql
+      - env.d/common
+      - env.d/backend
+      - env.d/yprovider
+      - env.d/postgresql
    healthcheck:
      test: ["CMD", "python", "manage.py", "check"]
      interval: 15s
@@ -45,24 +45,24 @@ services:
    image: lasuite/impress-y-provider:latest
    user: ${DOCKER_USER:-1000}
    env_file:
-    - env.d/common
-    - env.d/yprovider
+      - env.d/common
+      - env.d/yprovider

  frontend:
    image: lasuite/impress-frontend:latest
    user: "101"
    entrypoint:
-    - /docker-entrypoint.sh
+      - /docker-entrypoint.sh
    command: ["nginx", "-g", "daemon off;"]
    env_file:
-    - env.d/common
+      - env.d/common
    # Uncomment and set your values if using our nginx proxy example
    #environment:
-    # - VIRTUAL_HOST=${DOCS_HOST} # used by nginx proxy 
+    # - VIRTUAL_HOST=${DOCS_HOST} # used by nginx proxy
    # - VIRTUAL_PORT=8083 # used by nginx proxy
    # - LETSENCRYPT_HOST=${DOCS_HOST} # used by lets encrypt to generate TLS certificate
    volumes:
-    - ./default.conf.template:/etc/nginx/templates/docs.conf.template
+      - ./default.conf.template:/etc/nginx/templates/docs.conf.template
    depends_on:
      backend:
        condition: service_healthy
--- a/docs/examples/compose/keycloak/README.md
+++ b/docs/examples/compose/keycloak/README.md
@@ -9,9 +9,9 @@

 ```bash
 mkdir keycloak
-curl -o compose.yaml https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/docs/examples/compose/keycloak/compose.yaml
-curl -o env.d/kc_postgresql https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/env.d/production.dist/kc_postgresql
-curl -o env.d/keycloak https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/env.d/production.dist/keycloak
+curl -o keycloak/compose.yaml https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/docs/examples/compose/keycloak/compose.yaml
+curl -o keycloak/env.d/kc_postgresql https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/env.d/production.dist/kc_postgresql
+curl -o keycloak/env.d/keycloak https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/env.d/production.dist/keycloak
 ```

 ### Step 2:. Update `env.d/` files
--- a/docs/examples/compose/keycloak/compose.yaml
+++ b/docs/examples/compose/keycloak/compose.yaml
@@ -7,23 +7,23 @@ services:
      timeout: 2s
      retries: 300
    env_file:
-    - env.d/kc_postgresql
+      - env.d/kc_postgresql
    volumes:
-    - ./data/keycloak:/var/lib/postgresql/data/pgdata
+      - ./data/keycloak:/var/lib/postgresql/data/pgdata

  keycloak:
    image: quay.io/keycloak/keycloak:26.1.3
    command: ["start"]
    env_file:
-    - env.d/kc_postgresql
-    - env.d/keycloak
+      - env.d/kc_postgresql
+      - env.d/keycloak
    # Uncomment and set your values if using our nginx proxy example
    # environment:
-    # - VIRTUAL_HOST=id.yourdomain.tld # used by nginx proxy 
+    # - VIRTUAL_HOST=id.yourdomain.tld # used by nginx proxy
    # - VIRTUAL_PORT=8080 # used by nginx proxy
    # - LETSENCRYPT_HOST=id.yourdomain.tld # used by lets encrypt to generate TLS certificate
    depends_on:
-      kc_postgresql::
+      kc_postgresql:
        condition: service_healthy
        restart: true
 # Uncomment if using our nginx proxy example
@@ -33,4 +33,4 @@ services:
 #
 #networks:
 #  proxy-tier:
-#    external: true
+#    external: true
--- a/docs/examples/compose/minio/README.md
+++ b/docs/examples/compose/minio/README.md
@@ -9,7 +9,7 @@

 ```bash
 mkdir minio
-curl -o compose.yaml https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/docs/examples/compose/minio/compose.yaml 
+curl -o minio/compose.yaml https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/docs/examples/compose/minio/compose.yaml 
 ```

 ### Step 2:. Update compose file with your own values
--- a/docs/examples/compose/minio/compose.yaml
+++ b/docs/examples/compose/minio/compose.yaml
@@ -2,8 +2,8 @@ services:
  minio:
    image: minio/minio
    environment:
-    - MINIO_ROOT_USER=<set minio root username>
-    - MINIO_ROOT_PASSWORD=<set minio root password>
+      - MINIO_ROOT_USER=<set minio root username>
+      - MINIO_ROOT_PASSWORD=<set minio root password>
    # Uncomment and set your values if using our nginx proxy example
    # - VIRTUAL_HOST=storage.yourdomain.tld # used by nginx proxy 
    # - VIRTUAL_PORT=9000 # used by nginx proxy
@@ -16,12 +16,12 @@ services:
    entrypoint: ""
    command: minio server /data
    volumes:
-    - ./data/minio:/data
+      - ./data/minio:/data
 # Uncomment if using our nginx proxy example
 #    networks:
-#    - proxy-tier
+#      - proxy-tier

 # Uncomment if using our nginx proxy example
 #networks:
 #  proxy-tier:
-#    external: true
+#    external: true
--- a/docs/examples/compose/nginx-proxy/README.md
+++ b/docs/examples/compose/nginx-proxy/README.md
@@ -13,7 +13,7 @@ Acme-companion is a lightweight companion container for nginx-proxy. It handles

 ```bash
 mkdir nginx-proxy
-curl -o compose.yaml https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/docs/examples/compose/nginx-proxy/compose.yaml
+curl -o nginx-proxy/compose.yaml https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/docs/examples/compose/nginx-proxy/compose.yaml
 ```

 ### Step 2: Edit `DEFAULT_EMAIL` in the compose file.
--- a/docs/examples/compose/nginx-proxy/compose.yaml
+++ b/docs/examples/compose/nginx-proxy/compose.yaml
@@ -3,28 +3,28 @@ services:
    image: nginxproxy/nginx-proxy
    container_name: nginx-proxy
    ports:
-    - "80:80"
-    - "443:443"
+      - "80:80"
+      - "443:443"
    volumes:
-    - html:/usr/share/nginx/html
-    - certs:/etc/nginx/certs:ro
-    - /var/run/docker.sock:/tmp/docker.sock:ro
+      - html:/usr/share/nginx/html
+      - certs:/etc/nginx/certs:ro
+      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
-    - proxy-tier
+      - proxy-tier

  acme-companion:
    image: nginxproxy/acme-companion
    container_name: nginx-proxy-acme
    environment:
-    - DEFAULT_EMAIL=mail@yourdomain.tld
+      - DEFAULT_EMAIL=mail@yourdomain.tld
    volumes_from:
-    - nginx-proxy
+      - nginx-proxy
    volumes:
-    - certs:/etc/nginx/certs:rw
-    - acme:/etc/acme.sh
-    - /var/run/docker.sock:/var/run/docker.sock:ro
+      - certs:/etc/nginx/certs:rw
+      - acme:/etc/acme.sh
+      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
-    - proxy-tier
+      - proxy-tier

 networks:
  proxy-tier:
--- a/docs/examples/helm/impress.values.yaml
+++ b/docs/examples/helm/impress.values.yaml
@@ -27,7 +27,7 @@ backend:
    OIDC_OP_AUTHORIZATION_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/auth
    OIDC_OP_TOKEN_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/token
    OIDC_OP_USER_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/userinfo
-    OIDC_OP_LOGOUT_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/session/end
+    OIDC_OP_LOGOUT_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/logout
    OIDC_RP_CLIENT_ID: impress
    OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
    OIDC_RP_SIGN_ALGO: RS256
@@ -46,9 +46,6 @@ backend:
    DB_USER: dinum
    DB_PASSWORD: pass
    DB_PORT: 5432
-    POSTGRES_DB: impress
-    POSTGRES_USER: dinum
-    POSTGRES_PASSWORD: pass
    REDIS_URL: redis://default:pass@redis-master:6379/1
    AWS_S3_ENDPOINT_URL: http://minio.impress.svc.cluster.local:9000
    AWS_S3_ACCESS_KEY_ID: root
--- a/docs/installation/README.md
+++ b/docs/installation/README.md
@@ -0,0 +1,32 @@
+# Installation
+If you want to install Docs you've come to the right place.
+Here are a bunch of resources to help you install the project.
+
+## Kubernetes
+We (Docs maintainers) are only using the Kubernetes deployment method in production. We can only provide advanced support for this method.
+Please follow the instructions laid out [here](/docs/installation/kubernetes.md).
+
+## Docker Compose
+We are aware that not everyone has Kubernetes Cluster laying around 😆. 
+We also provide [Docker images](https://hub.docker.com/u/lasuite?page=1&search=impress) that you can deploy using Compose. 
+Please follow the instructions [here](/docs/installation/compose.md). 
+⚠️ Please keep in mind that we do not use it ourselves in production. Let us know in the issues if you run into troubles, we'll try to help.
+
+## Other ways to install Docs
+Community members have contributed several other ways to install Docs. While we owe them a big thanks 🙏, please keep in mind we (Docs maintainers) can't provide support on these installation methods as we don't use them ourselves and there are two many options out there for us to keep track of. Of course you can contact the contributors and the broader community for assistance.
+
+Here is the list of other methods in alphabetical order:
+- Coop-Cloud: [code](https://git.coopcloud.tech/coop-cloud/lasuite-docs)
+- Nix: [Packages](https://search.nixos.org/packages?channel=unstable&query=lasuite-docs), ⚠️ unstable
+- Podman: [code][https://codeberg.org/philo/lasuite-docs-podman], ⚠️ experimental
+- YunoHost: [code](https://github.com/YunoHost-Apps/lasuite-docs_ynh), [app store](https://apps.yunohost.org/app/lasuite-docs)
+
+Feel free to make a PR to add ones that are not listed above 🙏
+
+## Cloud providers
+Some cloud providers are making it easy to deploy Docs on their infrastructure.
+
+Here is the list in alphabetical order:
+- Clever Cloud 🇫🇷 : [market place][https://www.clever-cloud.com/product/docs/], [technical doc](https://www.clever.cloud/developers/guides/docs/#deploy-docs)
+
+Feel free to make a PR to add ones that are not listed above 🙏
--- a/docs/installation/compose.md
+++ b/docs/installation/compose.md
@@ -31,11 +31,17 @@ For older versions of Docker Engine that do not include Docker Compose:

 ```bash
 mkdir -p docs/env.d
+cd docs
 curl -o compose.yaml https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/docs/examples/compose/compose.yaml
 curl -o env.d/common https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/env.d/production.dist/common
 curl -o env.d/backend https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/env.d/production.dist/backend
 curl -o env.d/yprovider https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/env.d/production.dist/yprovider
-curl -o env.d/common https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/env.d/production.dist/postgresql
+curl -o env.d/postgresql https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/env.d/production.dist/postgresql
+```
+
+If you are using the sample nginx-proxy configuration:
+```bash
+curl -o default.conf.template https://raw.githubusercontent.com/suitenumerique/docs/refs/heads/main/docker/files/production/etc/nginx/conf.d/default.conf.template
 ```

 ## Step 2: Configuration
--- a/docs/installation/kubernetes.md
+++ b/docs/installation/kubernetes.md
@@ -124,7 +124,7 @@ OIDC_OP_JWKS_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol
 OIDC_OP_AUTHORIZATION_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/auth
 OIDC_OP_TOKEN_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/token
 OIDC_OP_USER_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/userinfo
-OIDC_OP_LOGOUT_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/session/end
+OIDC_OP_LOGOUT_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/logout
 OIDC_RP_CLIENT_ID: impress
 OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
 OIDC_RP_SIGN_ALGO: RS256
@@ -168,9 +168,6 @@ DB_NAME: impress
 DB_USER: dinum
 DB_PASSWORD: pass
 DB_PORT: 5432
-POSTGRES_DB: impress
-POSTGRES_USER: dinum
-POSTGRES_PASSWORD: pass
 ```

 ### Find s3 bucket connection values
--- a/docs/troubleshoot.md
+++ b/docs/troubleshoot.md
@@ -83,55 +83,6 @@ If you already have CRLF line endings in your local repository, the **best appro
   git commit -m "✏️(project) Fix line endings to LF"
   ```

-## Minio Permission Issues on Windows
-
-### Problem Description
-
-On Windows, you may encounter permission-related errors when running Minio in development mode with Docker Compose. This typically happens because:
-
- **Windows file permissions** don't map well to Unix-style user IDs used in Docker containers
- **Docker Desktop** may have issues with user mapping when using the `DOCKER_USER` environment variable
- **Minio container** fails to start or access volumes due to permission conflicts
-
-### Common Symptoms
-
- Minio container fails to start with permission denied errors
- Error messages related to file system permissions in Minio logs
- Unable to create or access buckets in the development environment
- Docker Compose showing Minio service as unhealthy or exited
-
-### Solution for Windows Users
-
-If you encounter Minio permission issues on Windows, you can temporarily disable user mapping for the Minio service:
-
-1. **Open the `compose.yml` file**
-
-2. **Comment out the user directive** in the `minio` service section:
-   ```yaml
-   minio:
-     # user: ${DOCKER_USER:-1000}  # Comment this line on Windows if permission issues occur
-     image: minio/minio
-     environment:
-       - MINIO_ROOT_USER=impress
-       - MINIO_ROOT_PASSWORD=password
-     # ... rest of the configuration
-   ```
-
-3. **Restart the services**:
-   ```bash
-   make run
-   ```
-
-### Why This Works
-
- Commenting out the `user` directive allows the Minio container to run with its default user
- This bypasses Windows-specific permission mapping issues
- The container will have the necessary permissions to access and manage the mounted volumes
-
-### Note
-
-This is a **development-only workaround**. In production environments, proper user mapping and security considerations should be maintained according to your deployment requirements.
-
 ## Frontend File Watching Issues on Windows

 ### Problem Description
--- a/env.d/development/common
+++ b/env.d/development/common
@@ -49,6 +49,14 @@ LOGOUT_REDIRECT_URL=http://localhost:3000
 OIDC_REDIRECT_ALLOWED_HOSTS=["http://localhost:8083", "http://localhost:3000"]
 OIDC_AUTH_REQUEST_EXTRA_PARAMS={"acr_values": "eidas1"}

+# Store OIDC tokens in the session
+OIDC_STORE_ACCESS_TOKEN = True
+OIDC_STORE_REFRESH_TOKEN = True # Store the encrypted refresh token in the session.
+
+# Must be a valid Fernet key (32 url-safe base64-encoded bytes)
+# To create one, use the bin/fernetkey command.
+# OIDC_STORE_REFRESH_TOKEN_KEY="your-32-byte-encryption-key=="
+
 # AI
 AI_FEATURE_ENABLED=true
 AI_BASE_URL=https://openaiendpoint.com
@@ -66,3 +74,9 @@ COLLABORATION_WS_URL=ws://localhost:4444/collaboration/ws/
 DJANGO_SERVER_TO_SERVER_API_TOKENS=server-api-token
 Y_PROVIDER_API_BASE_URL=http://y-provider-development:4444/api/
 Y_PROVIDER_API_KEY=yprovider-api-key
+
+# impress
+SEARCH_INDEXER_CLASS="core.services.search_indexers.FindDocumentIndexer"
+SEARCH_INDEXER_SECRET=find-api-key-for-docs-with-exactly-50-chars-length   # Key generated by create_demo in Find app.
+SEARCH_INDEXER_URL="http://find:8000/api/v1.0/documents/index/"
+SEARCH_INDEXER_QUERY_URL="http://find:8000/api/v1.0/documents/search/"
--- a/env.d/development/common.e2e
+++ b/env.d/development/common.e2e
@@ -3,3 +3,7 @@ BURST_THROTTLE_RATES="200/minute"
 COLLABORATION_API_URL=http://y-provider:4444/collaboration/api/
 SUSTAINED_THROTTLE_RATES="200/hour"
 Y_PROVIDER_API_BASE_URL=http://y-provider:4444/api/
+
+# Throttle
+API_DOCUMENT_THROTTLE_RATE=1000/min
+API_CONFIG_THROTTLE_RATE=1000/min
--- a/env.d/production.dist/backend
+++ b/env.d/production.dist/backend
@@ -43,8 +43,8 @@ OIDC_RP_CLIENT_ID=<client_id>
 OIDC_RP_CLIENT_SECRET=<client secret>
 OIDC_RP_SIGN_ALGO=RS256
 OIDC_RP_SCOPES="openid email"
-#USER_OIDC_FIELD_TO_SHORTNAME
-#USER_OIDC_FIELDS_TO_FULLNAME
+#OIDC_USERINFO_SHORTNAME_FIELD
+#OIDC_USERINFO_FULLNAME_FIELDS

 LOGIN_REDIRECT_URL=https://${DOCS_HOST}
 LOGIN_REDIRECT_URL_FAILURE=https://${DOCS_HOST}
--- a/env.d/production.dist/yprovider
+++ b/env.d/production.dist/yprovider
@@ -1,4 +1,4 @@
-Y_PROVIDER_API_BASE_URL=http://${YPROVIDER_HOST}:4444/api
+Y_PROVIDER_API_BASE_URL=http://${YPROVIDER_HOST}:4444/api/
 Y_PROVIDER_API_KEY=<generate a random key>
 COLLABORATION_SERVER_SECRET=<generate a random key>
 COLLABORATION_SERVER_ORIGIN=https://${DOCS_HOST}
--- a/renovate.json
+++ b/renovate.json
@@ -2,6 +2,10 @@
  "extends": ["github>numerique-gouv/renovate-configuration"],
  "dependencyDashboard": true,
  "labels": ["dependencies", "noChangeLog", "automated"],
+  "schedule": ["before 7am on monday"],
+  "prCreation": "not-pending",
+  "rebaseWhen": "conflicted",
+  "updateNotScheduled": false,
  "packageRules": [
    {
      "enabled": false,
@@ -23,7 +27,6 @@
        "@hocuspocus/provider",
        "@hocuspocus/server",
        "docx",
-        "eslint",
        "fetch-mock",
        "node",
        "node-fetch",
--- a/src/backend/core/api/filters.py
+++ b/src/backend/core/api/filters.py
@@ -128,3 +128,11 @@ class ListDocumentFilter(DocumentFilter):

        queryset_method = queryset.filter if bool(value) else queryset.exclude
        return queryset_method(link_traces__user=user, link_traces__is_masked=True)
+
+
+class UserSearchFilter(django_filters.FilterSet):
+    """
+    Custom filter for searching users.
+    """
+
+    q = django_filters.CharFilter(min_length=5, max_length=254)
--- a/src/backend/core/api/serializers.py
+++ b/src/backend/core/api/serializers.py
@@ -7,12 +7,13 @@ from base64 import b64decode
 from django.conf import settings
 from django.db.models import Q
 from django.utils.functional import lazy
+from django.utils.text import slugify
 from django.utils.translation import gettext_lazy as _

 import magic
 from rest_framework import serializers

-from core import choices, enums, models, utils
+from core import choices, enums, models, utils, validators
 from core.services.ai_services import AI_ACTIONS
 from core.services.converter_services import (
    ConversionError,
@@ -32,11 +33,30 @@ class UserSerializer(serializers.ModelSerializer):
 class UserLightSerializer(UserSerializer):
    """Serialize users with limited fields."""

+    full_name = serializers.SerializerMethodField(read_only=True)
+    short_name = serializers.SerializerMethodField(read_only=True)
+
    class Meta:
        model = models.User
        fields = ["full_name", "short_name"]
        read_only_fields = ["full_name", "short_name"]

+    def get_full_name(self, instance):
+        """Return the full name of the user."""
+        if not instance.full_name:
+            email = instance.email.split("@")[0]
+            return slugify(email)
+
+        return instance.full_name
+
+    def get_short_name(self, instance):
+        """Return the short name of the user."""
+        if not instance.short_name:
+            email = instance.email.split("@")[0]
+            return slugify(email)
+
+        return instance.short_name
+

 class TemplateAccessSerializer(serializers.ModelSerializer):
    """Serialize template accesses."""
@@ -66,7 +86,6 @@ class ListDocumentSerializer(serializers.ModelSerializer):
    """Serialize documents with limited fields for display in lists."""

    is_favorite = serializers.BooleanField(read_only=True)
-    is_masked = serializers.BooleanField(read_only=True)
    nb_accesses_ancestors = serializers.IntegerField(read_only=True)
    nb_accesses_direct = serializers.IntegerField(read_only=True)
    user_role = serializers.SerializerMethodField(read_only=True)
@@ -86,7 +105,6 @@ class ListDocumentSerializer(serializers.ModelSerializer):
            "depth",
            "excerpt",
            "is_favorite",
-            "is_masked",
            "link_role",
            "link_reach",
            "nb_accesses_ancestors",
@@ -109,7 +127,6 @@ class ListDocumentSerializer(serializers.ModelSerializer):
            "depth",
            "excerpt",
            "is_favorite",
-            "is_masked",
            "link_role",
            "link_reach",
            "nb_accesses_ancestors",
@@ -179,7 +196,6 @@ class DocumentSerializer(ListDocumentSerializer):
            "depth",
            "excerpt",
            "is_favorite",
-            "is_masked",
            "link_role",
            "link_reach",
            "nb_accesses_ancestors",
@@ -406,7 +422,7 @@ class ServerCreateDocumentSerializer(serializers.Serializer):
    content = serializers.CharField(required=True)
    # User
    sub = serializers.CharField(
-        required=True, validators=[models.User.sub_validator], max_length=255
+        required=True, validators=[validators.sub_validator], max_length=255
    )
    email = serializers.EmailField(required=True)
    language = serializers.ChoiceField(
@@ -490,6 +506,10 @@ class LinkDocumentSerializer(serializers.ModelSerializer):
    We expose it separately from document in order to simplify and secure access control.
    """

+    link_reach = serializers.ChoiceField(
+        choices=models.LinkReachChoices.choices, required=True
+    )
+
    class Meta:
        model = models.Document
        fields = [
@@ -497,6 +517,58 @@ class LinkDocumentSerializer(serializers.ModelSerializer):
            "link_reach",
        ]

+    def validate(self, attrs):
+        """Validate that link_role and link_reach are compatible using get_select_options."""
+        link_reach = attrs.get("link_reach")
+        link_role = attrs.get("link_role")
+
+        if not link_reach:
+            raise serializers.ValidationError(
+                {"link_reach": _("This field is required.")}
+            )
+
+        # Get available options based on ancestors' link definition
+        available_options = models.LinkReachChoices.get_select_options(
+            **self.instance.ancestors_link_definition
+        )
+
+        # Validate link_reach is allowed
+        if link_reach not in available_options:
+            msg = _(
+                "Link reach '%(link_reach)s' is not allowed based on parent document configuration."
+            )
+            raise serializers.ValidationError(
+                {"link_reach": msg % {"link_reach": link_reach}}
+            )
+
+        # Validate link_role is compatible with link_reach
+        allowed_roles = available_options[link_reach]
+
+        # Restricted reach: link_role must be None
+        if link_reach == models.LinkReachChoices.RESTRICTED:
+            if link_role is not None:
+                raise serializers.ValidationError(
+                    {
+                        "link_role": (
+                            "Cannot set link_role when link_reach is 'restricted'. "
+                            "Link role must be null for restricted reach."
+                        )
+                    }
+                )
+            return attrs
+        # Non-restricted: link_role must be in allowed roles
+        if link_role not in allowed_roles:
+            allowed_roles_str = ", ".join(allowed_roles) if allowed_roles else "none"
+            raise serializers.ValidationError(
+                {
+                    "link_role": (
+                        f"Link role '{link_role}' is not allowed for link reach '{link_reach}'. "
+                        f"Allowed roles: {allowed_roles_str}"
+                    )
+                }
+            )
+        return attrs
+

 class DocumentDuplicationSerializer(serializers.Serializer):
    """
@@ -805,3 +877,13 @@ class MoveDocumentSerializer(serializers.Serializer):
        choices=enums.MoveNodePositionChoices.choices,
        default=enums.MoveNodePositionChoices.LAST_CHILD,
    )
+
+
+class FindDocumentSerializer(serializers.Serializer):
+    """Serializer for Find search requests"""
+
+    q = serializers.CharField(required=True, allow_blank=False, trim_whitespace=True)
+    page_size = serializers.IntegerField(
+        required=False, min_value=1, max_value=50, default=20
+    )
+    page = serializers.IntegerField(required=False, min_value=1, default=1)
--- a/src/backend/core/api/throttling.py
+++ b/src/backend/core/api/throttling.py
@@ -0,0 +1,21 @@
+"""Throttling modules for the API."""
+
+from rest_framework.throttling import UserRateThrottle
+from sentry_sdk import capture_message
+
+
+def sentry_monitoring_throttle_failure(message):
+    """Log when a failure occurs to detect rate limiting issues."""
+    capture_message(message, "warning")
+
+
+class UserListThrottleBurst(UserRateThrottle):
+    """Throttle for the user list endpoint."""
+
+    scope = "user_list_burst"
+
+
+class UserListThrottleSustained(UserRateThrottle):
+    """Throttle for the user list endpoint."""
+
+    scope = "user_list_sustained"
--- a/src/backend/core/api/viewsets.py
+++ b/src/backend/core/api/viewsets.py
@@ -1,6 +1,7 @@
 """API endpoints"""
 # pylint: disable=too-many-lines

+import base64
 import json
 import logging
 import uuid
@@ -13,12 +14,14 @@ from django.contrib.postgres.search import TrigramSimilarity
 from django.core.cache import cache
 from django.core.exceptions import ValidationError
 from django.core.files.storage import default_storage
+from django.core.validators import URLValidator
 from django.db import connection, transaction
 from django.db import models as db
 from django.db.models.expressions import RawSQL
 from django.db.models.functions import Left, Length
 from django.http import Http404, StreamingHttpResponse
 from django.urls import reverse
+from django.utils.decorators import method_decorator
 from django.utils.functional import cached_property
 from django.utils.text import capfirst, slugify
 from django.utils.translation import gettext_lazy as _
@@ -29,19 +32,33 @@ from botocore.exceptions import ClientError
 from csp.constants import NONE
 from csp.decorators import csp_update
 from lasuite.malware_detection import malware_detection
+from lasuite.oidc_login.decorators import refresh_oidc_access_token
 from rest_framework import filters, status, viewsets
 from rest_framework import response as drf_response
 from rest_framework.permissions import AllowAny
-from rest_framework.throttling import UserRateThrottle

 from core import authentication, choices, enums, models
 from core.services.ai_services import AIService
 from core.services.collaboration_services import CollaborationService
+from core.services.converter_services import (
+    ServiceUnavailableError as YProviderServiceUnavailableError,
+)
+from core.services.converter_services import (
+    ValidationError as YProviderValidationError,
+)
+from core.services.converter_services import (
+    YdocConverter,
+)
+from core.services.search_indexers import (
+    get_document_indexer,
+    get_visited_document_ids_of,
+)
 from core.tasks.mail import send_ask_for_access_mail
 from core.utils import extract_attachments, filter_descendants

 from . import permissions, serializers, utils
-from .filters import DocumentFilter, ListDocumentFilter
+from .filters import DocumentFilter, ListDocumentFilter, UserSearchFilter
+from .throttling import UserListThrottleBurst, UserListThrottleSustained

 logger = logging.getLogger(__name__)

@@ -135,18 +152,6 @@ class Pagination(drf.pagination.PageNumberPagination):
    page_size_query_param = "page_size"


-class UserListThrottleBurst(UserRateThrottle):
-    """Throttle for the user list endpoint."""
-
-    scope = "user_list_burst"
-
-
-class UserListThrottleSustained(UserRateThrottle):
-    """Throttle for the user list endpoint."""
-
-    scope = "user_list_sustained"
-
-
 class UserViewSet(
    drf.mixins.UpdateModelMixin, viewsets.GenericViewSet, drf.mixins.ListModelMixin
 ):
@@ -177,12 +182,18 @@ class UserViewSet(
        if self.action != "list":
            return queryset

+        filterset = UserSearchFilter(
+            self.request.GET, queryset=queryset, request=self.request
+        )
+        if not filterset.is_valid():
+            raise drf.exceptions.ValidationError(filterset.errors)
+
        # Exclude all users already in the given document
        if document_id := self.request.query_params.get("document_id", ""):
            queryset = queryset.exclude(documentaccess__document_id=document_id)

-        if not (query := self.request.query_params.get("q", "")) or len(query) < 5:
-            return queryset.none()
+        filter_data = filterset.form.cleaned_data
+        query = filter_data["q"]

        # For emails, match emails by Levenstein distance to prevent typing errors
        if "@" in query:
@@ -359,7 +370,8 @@ class DocumentViewSet(
    permission_classes = [
        permissions.DocumentPermission,
    ]
-    queryset = models.Document.objects.all()
+    throttle_scope = "document"
+    queryset = models.Document.objects.select_related("creator").all()
    serializer_class = serializers.DocumentSerializer
    ai_translate_serializer_class = serializers.AITranslateSerializer
    children_serializer_class = serializers.ListDocumentSerializer
@@ -367,6 +379,7 @@ class DocumentViewSet(
    list_serializer_class = serializers.ListDocumentSerializer
    trashbin_serializer_class = serializers.ListDocumentSerializer
    tree_serializer_class = serializers.ListDocumentSerializer
+    search_serializer_class = serializers.ListDocumentSerializer

    def get_queryset(self):
        """Get queryset performing all annotation and filtering on the document tree structure."""
@@ -405,7 +418,6 @@ class DocumentViewSet(
        queryset = super().filter_queryset(queryset)
        user = self.request.user
        queryset = queryset.annotate_is_favorite(user)
-        queryset = queryset.annotate_is_masked(user)
        queryset = queryset.annotate_user_roles(user)
        return queryset

@@ -454,9 +466,8 @@ class DocumentViewSet(
        )
        queryset = queryset.filter(path__in=root_paths)

-        # Annotate favorite and masked status and filter if applicable as late as possible
+        # Annotate favorite status and filter if applicable as late as possible
        queryset = queryset.annotate_is_favorite(user)
-        queryset = queryset.annotate_is_masked(user)
        for field in ["is_favorite", "is_masked"]:
            queryset = filterset.filters[field].filter(queryset, filter_data[field])

@@ -788,7 +799,11 @@ class DocumentViewSet(
            )

        # GET: List children
-        queryset = document.get_children().filter(ancestors_deleted_at__isnull=True)
+        queryset = (
+            document.get_children()
+            .select_related("creator")
+            .filter(ancestors_deleted_at__isnull=True)
+        )
        queryset = self.filter_queryset(queryset)

        filterset = DocumentFilter(request.GET, queryset=queryset)
@@ -842,19 +857,27 @@ class DocumentViewSet(
        user = self.request.user

        try:
-            current_document = self.queryset.only("depth", "path").get(pk=pk)
+            current_document = (
+                self.queryset.select_related(None).only("depth", "path").get(pk=pk)
+            )
        except models.Document.DoesNotExist as excpt:
            raise drf.exceptions.NotFound() from excpt

        ancestors = (
-            (current_document.get_ancestors() | self.queryset.filter(pk=pk))
+            (
+                current_document.get_ancestors()
+                | self.queryset.select_related(None).filter(pk=pk)
+            )
            .filter(ancestors_deleted_at__isnull=True)
            .order_by("path")
        )

        # Get the highest readable ancestor
        highest_readable = (
-            ancestors.readable_per_se(request.user).only("depth", "path").first()
+            ancestors.select_related(None)
+            .readable_per_se(request.user)
+            .only("depth", "path")
+            .first()
        )
        if highest_readable is None:
            raise (
@@ -882,7 +905,12 @@ class DocumentViewSet(

        children = self.queryset.filter(children_clause, deleted_at__isnull=True)

-        queryset = ancestors.filter(depth__gte=highest_readable.depth) | children
+        queryset = (
+            ancestors.select_related("creator").filter(
+                depth__gte=highest_readable.depth
+            )
+            | children
+        )
        queryset = queryset.order_by("path")
        queryset = queryset.annotate_user_roles(user)
        queryset = queryset.annotate_is_favorite(user)
@@ -920,37 +948,64 @@ class DocumentViewSet(
        in the payload.
        """
        # Get document while checking permissions
-        document = self.get_object()
+        document_to_duplicate = self.get_object()

        serializer = serializers.DocumentDuplicationSerializer(
            data=request.data, partial=True
        )
        serializer.is_valid(raise_exception=True)
        with_accesses = serializer.validated_data.get("with_accesses", False)
-        is_owner_or_admin = document.get_role(request.user) in models.PRIVILEGED_ROLES
+        user_role = document_to_duplicate.get_role(request.user)
+        is_owner_or_admin = user_role in models.PRIVILEGED_ROLES

-        base64_yjs_content = document.content
+        base64_yjs_content = document_to_duplicate.content

        # Duplicate the document instance
        link_kwargs = (
-            {"link_reach": document.link_reach, "link_role": document.link_role}
+            {
+                "link_reach": document_to_duplicate.link_reach,
+                "link_role": document_to_duplicate.link_role,
+            }
            if with_accesses
            else {}
        )
-        extracted_attachments = set(extract_attachments(document.content))
-        attachments = list(extracted_attachments & set(document.attachments))
-        duplicated_document = document.add_sibling(
+        extracted_attachments = set(extract_attachments(document_to_duplicate.content))
+        attachments = list(
+            extracted_attachments & set(document_to_duplicate.attachments)
+        )
+        title = capfirst(_("copy of {title}").format(title=document_to_duplicate.title))
+        if not document_to_duplicate.is_root() and choices.RoleChoices.get_priority(
+            user_role
+        ) < choices.RoleChoices.get_priority(models.RoleChoices.EDITOR):
+            duplicated_document = models.Document.add_root(
+                creator=self.request.user,
+                title=title,
+                content=base64_yjs_content,
+                attachments=attachments,
+                duplicated_from=document_to_duplicate,
+                **link_kwargs,
+            )
+            models.DocumentAccess.objects.create(
+                document=duplicated_document,
+                user=self.request.user,
+                role=models.RoleChoices.OWNER,
+            )
+            return drf_response.Response(
+                {"id": str(duplicated_document.id)}, status=status.HTTP_201_CREATED
+            )
+
+        duplicated_document = document_to_duplicate.add_sibling(
            "right",
-            title=capfirst(_("copy of {title}").format(title=document.title)),
+            title=title,
            content=base64_yjs_content,
            attachments=attachments,
-            duplicated_from=document,
+            duplicated_from=document_to_duplicate,
            creator=request.user,
            **link_kwargs,
        )

        # Always add the logged-in user as OWNER for root documents
-        if document.is_root():
+        if document_to_duplicate.is_root():
            accesses_to_create = [
                models.DocumentAccess(
                    document=duplicated_document,
@@ -962,7 +1017,7 @@ class DocumentViewSet(
            # If accesses should be duplicated, add other users' accesses as per original document
            if with_accesses and is_owner_or_admin:
                original_accesses = models.DocumentAccess.objects.filter(
-                    document=document
+                    document=document_to_duplicate
                ).exclude(user=request.user)

                accesses_to_create.extend(
@@ -982,6 +1037,68 @@ class DocumentViewSet(
            {"id": str(duplicated_document.id)}, status=status.HTTP_201_CREATED
        )

+    @drf.decorators.action(detail=False, methods=["get"], url_path="search")
+    @method_decorator(refresh_oidc_access_token)
+    def search(self, request, *args, **kwargs):
+        """
+        Returns a DRF response containing the filtered, annotated and ordered document list.
+
+        Applies filtering based on request parameter 'q' from `FindDocumentSerializer`.
+        Depending of the configuration it can be:
+         - A fulltext search through the opensearch indexation app "find" if the backend is
+           enabled (see SEARCH_BACKEND_CLASS)
+         - A filtering by the model field 'title'.
+
+        The ordering is always by the most recent first.
+        """
+        access_token = request.session.get("oidc_access_token")
+        user = request.user
+
+        serializer = serializers.FindDocumentSerializer(data=request.query_params)
+        serializer.is_valid(raise_exception=True)
+
+        indexer = get_document_indexer()
+        text = serializer.validated_data["q"]
+
+        # The indexer is not configured, so we fallback on a simple filter on the
+        # model field 'title'.
+        if not indexer:
+            # As the 'list' view we get a prefiltered queryset (deleted docs are excluded)
+            queryset = self.get_queryset()
+            filterset = DocumentFilter({"title": text}, queryset=queryset)
+
+            if not filterset.is_valid():
+                raise drf.exceptions.ValidationError(filterset.errors)
+
+            queryset = filterset.filter_queryset(queryset).order_by("-updated_at")
+
+            return self.get_response_for_queryset(
+                queryset,
+                context={
+                    "request": request,
+                },
+            )
+
+        queryset = models.Document.objects.all()
+
+        # Retrieve the documents ids from Find.
+        results = indexer.search(
+            text=text,
+            token=access_token,
+            visited=get_visited_document_ids_of(queryset, user),
+            page=serializer.validated_data.get("page", 1),
+            page_size=serializer.validated_data.get("page_size", 20),
+        )
+
+        queryset = queryset.filter(pk__in=results).order_by("-updated_at")
+
+        return self.get_response_for_queryset(
+            queryset,
+            context={
+                "request": request,
+            },
+        )
+
    @drf.decorators.action(detail=True, methods=["get"], url_path="versions")
    def versions_list(self, request, *args, **kwargs):
        """
@@ -1284,7 +1401,8 @@ class DocumentViewSet(
        )

        attachments_documents = (
-            self.queryset.filter(attachments__contains=[key])
+            self.queryset.select_related(None)
+            .filter(attachments__contains=[key])
            .only("path")
            .order_by("path")
        )
@@ -1443,6 +1561,15 @@ class DocumentViewSet(

        url = unquote(url)

+        url_validator = URLValidator(schemes=["http", "https"])
+        try:
+            url_validator(url)
+        except drf.exceptions.ValidationError as e:
+            return drf.response.Response(
+                {"detail": str(e)},
+                status=drf.status.HTTP_400_BAD_REQUEST,
+            )
+
        try:
            response = requests.get(
                url,
@@ -1473,12 +1600,75 @@ class DocumentViewSet(
            return proxy_response

        except requests.RequestException as e:
-            logger.error("Proxy request failed: %s", str(e))
-            return drf_response.Response(
-                {"error": f"Failed to fetch resource: {e!s}"},
-                status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            logger.exception(e)
+            return drf.response.Response(
+                {"error": f"Failed to fetch resource from {url}"},
+                status=status.HTTP_400_BAD_REQUEST,
            )

+    @drf.decorators.action(
+        detail=True,
+        methods=["get"],
+        url_path="content",
+        name="Get document content in different formats",
+    )
+    def content(self, request, pk=None):
+        """
+        Retrieve document content in different formats (JSON, Markdown, HTML).
+
+        Query parameters:
+        - content_format: The desired output format (json, markdown, html)
+
+        Returns:
+            JSON response with content in the specified format.
+        """
+
+        document = self.get_object()
+
+        content_format = request.query_params.get("content_format", "json").lower()
+        if content_format not in {"json", "markdown", "html"}:
+            raise drf.exceptions.ValidationError(
+                "Invalid format. Must be one of: json, markdown, html"
+            )
+
+        # Get the base64 content from the document
+        content = None
+        base64_content = document.content
+        if base64_content is not None:
+            # Convert using the y-provider service
+            try:
+                yprovider = YdocConverter()
+                result = yprovider.convert(
+                    base64.b64decode(base64_content),
+                    "application/vnd.yjs.doc",
+                    {
+                        "markdown": "text/markdown",
+                        "html": "text/html",
+                        "json": "application/json",
+                    }[content_format],
+                )
+                content = result
+            except YProviderValidationError as e:
+                return drf_response.Response(
+                    {"error": str(e)}, status=status.HTTP_400_BAD_REQUEST
+                )
+            except YProviderServiceUnavailableError as e:
+                logger.error("Error getting content for document %s: %s", pk, e)
+                return drf_response.Response(
+                    {"error": "Failed to get document content"},
+                    status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                )
+
+        return drf_response.Response(
+            {
+                "id": str(document.id),
+                "title": document.title,
+                "content": content,
+                "created_at": document.created_at,
+                "updated_at": document.updated_at,
+            }
+        )
+

 class DocumentAccessViewSet(
    ResourceAccessViewsetMixin,
@@ -1529,6 +1719,7 @@ class DocumentAccessViewSet(
        "document__depth",
    )
    resource_field_name = "document"
+    throttle_scope = "document_access"

    @cached_property
    def document(self):
@@ -1688,6 +1879,7 @@ class TemplateViewSet(
        permissions.IsAuthenticatedOrSafe,
        permissions.ResourceWithAccessPermission,
    ]
+    throttle_scope = "template"
    ordering = ["-created_at"]
    ordering_fields = ["created_at", "updated_at", "title"]
    serializer_class = serializers.TemplateSerializer
@@ -1778,6 +1970,7 @@ class TemplateAccessViewSet(

    lookup_field = "pk"
    permission_classes = [permissions.ResourceAccessPermission]
+    throttle_scope = "template_access"
    queryset = models.TemplateAccess.objects.select_related("user").all()
    resource_field_name = "template"
    serializer_class = serializers.TemplateAccessSerializer
@@ -1860,6 +2053,7 @@ class InvitationViewset(
        permissions.CanCreateInvitationPermission,
        permissions.ResourceWithAccessPermission,
    ]
+    throttle_scope = "invitation"
    queryset = (
        models.Invitation.objects.all()
        .select_related("document")
@@ -1938,6 +2132,7 @@ class DocumentAskForAccessViewSet(
        permissions.IsAuthenticated,
        permissions.ResourceWithAccessPermission,
    ]
+    throttle_scope = "document_ask_for_access"
    queryset = models.DocumentAskForAccess.objects.all()
    serializer_class = serializers.DocumentAskForAccessSerializer
    _document = None
@@ -2010,6 +2205,7 @@ class ConfigView(drf.views.APIView):
    """API ViewSet for sharing some public settings."""

    permission_classes = [AllowAny]
+    throttle_scope = "config"

    def get(self, request):
        """
--- a/src/backend/core/apps.py
+++ b/src/backend/core/apps.py
@@ -1,11 +1,19 @@
 """Impress Core application"""
-# from django.apps import AppConfig
-# from django.utils.translation import gettext_lazy as _
+
+from django.apps import AppConfig
+from django.utils.translation import gettext_lazy as _


-# class CoreConfig(AppConfig):
-#     """Configuration class for the impress core app."""
+class CoreConfig(AppConfig):
+    """Configuration class for the impress core app."""

-#     name = "core"
-#     app_label = "core"
-#     verbose_name = _("impress core application")
+    name = "core"
+    app_label = "core"
+    verbose_name = _("Impress core application")
+
+    def ready(self):
+        """
+        Import signals when the app is ready.
+        """
+        # pylint: disable=import-outside-toplevel, unused-import
+        from . import signals  # noqa: PLC0415
--- a/src/backend/core/management/commands/index.py
+++ b/src/backend/core/management/commands/index.py
@@ -0,0 +1,40 @@
+"""
+Handle search setup that needs to be done at bootstrap time.
+"""
+
+import logging
+import time
+
+from django.core.management.base import BaseCommand, CommandError
+
+from core.services.search_indexers import get_document_indexer
+
+logger = logging.getLogger("docs.search.bootstrap_search")
+
+
+class Command(BaseCommand):
+    """Index all documents to remote search service"""
+
+    help = __doc__
+
+    def handle(self, *args, **options):
+        """Launch and log search index generation."""
+        indexer = get_document_indexer()
+
+        if not indexer:
+            raise CommandError("The indexer is not enabled or properly configured.")
+
+        logger.info("Starting to regenerate Find index...")
+        start = time.perf_counter()
+
+        try:
+            count = indexer.index()
+        except Exception as err:
+            raise CommandError("Unable to regenerate index") from err
+
+        duration = time.perf_counter() - start
+        logger.info(
+            "Search index regenerated from %d document(s) in %.2f seconds.",
+            count,
+            duration,
+        )
--- a/src/backend/core/migrations/0024_add_is_masked_field_to_link_trace.py
+++ b/src/backend/core/migrations/0024_add_is_masked_field_to_link_trace.py
@@ -2,6 +2,8 @@

 from django.db import migrations, models

+import core.validators
+

 class Migration(migrations.Migration):
    dependencies = [
@@ -33,4 +35,17 @@ class Migration(migrations.Migration):
                verbose_name="language",
            ),
        ),
+        migrations.AlterField(
+            model_name="user",
+            name="sub",
+            field=models.CharField(
+                blank=True,
+                help_text="Required. 255 characters or fewer. ASCII characters only.",
+                max_length=255,
+                null=True,
+                unique=True,
+                validators=[core.validators.sub_validator],
+                verbose_name="sub",
+            ),
+        ),
    ]
--- a/src/backend/core/models.py
+++ b/src/backend/core/models.py
@@ -14,7 +14,7 @@ from django.contrib.auth import models as auth_models
 from django.contrib.auth.base_user import AbstractBaseUser
 from django.contrib.postgres.fields import ArrayField
 from django.contrib.sites.models import Site
-from django.core import mail, validators
+from django.core import mail
 from django.core.cache import cache
 from django.core.files.base import ContentFile
 from django.core.files.storage import default_storage
@@ -39,6 +39,7 @@ from .choices import (
    RoleChoices,
    get_equivalent_link_definition,
 )
+from .validators import sub_validator

 logger = getLogger(__name__)

@@ -136,22 +137,12 @@ class UserManager(auth_models.UserManager):
 class User(AbstractBaseUser, BaseModel, auth_models.PermissionsMixin):
    """User model to work with OIDC only authentication."""

-    sub_validator = validators.RegexValidator(
-        regex=r"^[\w.@+-:]+\Z",
-        message=_(
-            "Enter a valid sub. This value may contain only letters, "
-            "numbers, and @/./+/-/_/: characters."
-        ),
-    )
-
    sub = models.CharField(
        _("sub"),
-        help_text=_(
-            "Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
-        ),
+        help_text=_("Required. 255 characters or fewer. ASCII characters only."),
        max_length=255,
-        unique=True,
        validators=[sub_validator],
+        unique=True,
        blank=True,
        null=True,
    )
@@ -326,18 +317,6 @@ class DocumentQuerySet(MP_NodeQuerySet):

        return self.annotate(is_favorite=models.Value(False))

-    def annotate_is_masked(self, user):
-        """
-        Annotate document queryset with the masked status for the current user.
-        """
-        if user.is_authenticated:
-            masked_exists_subquery = LinkTrace.objects.filter(
-                document_id=models.OuterRef("pk"), user=user, is_masked=True
-            )
-            return self.annotate(is_masked=models.Exists(masked_exists_subquery))
-
-        return self.annotate(is_masked=models.Value(False))
-
    def annotate_user_roles(self, user):
        """
        Annotate document queryset with the roles of the current user
@@ -451,32 +430,35 @@ class Document(MP_Node, BaseModel):
    def save(self, *args, **kwargs):
        """Write content to object storage only if _content has changed."""
        super().save(*args, **kwargs)
-
        if self._content:
-            file_key = self.file_key
-            bytes_content = self._content.encode("utf-8")
+            self.save_content(self._content)

-            # Attempt to directly check if the object exists using the storage client.
-            try:
-                response = default_storage.connection.meta.client.head_object(
-                    Bucket=default_storage.bucket_name, Key=file_key
-                )
-            except ClientError as excpt:
-                # If the error is a 404, the object doesn't exist, so we should create it.
-                if excpt.response["Error"]["Code"] == "404":
-                    has_changed = True
-                else:
-                    raise
+    def save_content(self, content):
+        """Save content to object storage."""
+
+        file_key = self.file_key
+        bytes_content = content.encode("utf-8")
+
+        # Attempt to directly check if the object exists using the storage client.
+        try:
+            response = default_storage.connection.meta.client.head_object(
+                Bucket=default_storage.bucket_name, Key=file_key
+            )
+        except ClientError as excpt:
+            # If the error is a 404, the object doesn't exist, so we should create it.
+            if excpt.response["Error"]["Code"] == "404":
+                has_changed = True
            else:
-                # Compare the existing ETag with the MD5 hash of the new content.
-                has_changed = (
-                    response["ETag"].strip('"')
-                    != hashlib.md5(bytes_content).hexdigest()  # noqa: S324
-                )
+                raise
+        else:
+            # Compare the existing ETag with the MD5 hash of the new content.
+            has_changed = (
+                response["ETag"].strip('"') != hashlib.md5(bytes_content).hexdigest()  # noqa: S324
+            )

-            if has_changed:
-                content_file = ContentFile(bytes_content)
-                default_storage.save(file_key, content_file)
+        if has_changed:
+            content_file = ContentFile(bytes_content)
+            default_storage.save(file_key, content_file)

    def is_leaf(self):
        """
@@ -774,6 +756,12 @@ class Document(MP_Node, BaseModel):
        can_update = (
            is_owner_or_admin or role == RoleChoices.EDITOR
        ) and not is_deleted
+        can_create_children = can_update and user.is_authenticated
+        can_destroy = (
+            is_owner
+            if self.is_root()
+            else (is_owner_or_admin or (user.is_authenticated and self.creator == user))
+        )

        ai_allow_reach_from = settings.AI_ALLOW_REACH_FROM
        ai_access = any(
@@ -796,11 +784,12 @@ class Document(MP_Node, BaseModel):
            "media_check": can_get,
            "can_edit": can_update,
            "children_list": can_get,
-            "children_create": can_update and user.is_authenticated,
+            "children_create": can_create_children,
            "collaboration_auth": can_get,
+            "content": can_get,
            "cors_proxy": can_get,
            "descendants": can_get,
-            "destroy": is_owner,
+            "destroy": can_destroy,
            "duplicate": can_get and user.is_authenticated,
            "favorite": can_get and user.is_authenticated,
            "link_configuration": is_owner_or_admin,
--- a/src/backend/core/services/converter_services.py
+++ b/src/backend/core/services/converter_services.py
@@ -1,4 +1,4 @@
-"""Converter services."""
+"""Y-Provider API services."""

 from base64 import b64encode

@@ -28,25 +28,44 @@ class YdocConverter:
        # Note: Yprovider microservice accepts only raw token, which is not recommended
        return f"Bearer {settings.Y_PROVIDER_API_KEY}"

-    def convert(self, text):
+    def _request(self, url, data, content_type, accept):
+        """Make a request to the Y-Provider API."""
+        response = requests.post(
+            url,
+            data=data,
+            headers={
+                "Authorization": self.auth_header,
+                "Content-Type": content_type,
+                "Accept": accept,
+            },
+            timeout=settings.CONVERSION_API_TIMEOUT,
+            verify=settings.CONVERSION_API_SECURE,
+        )
+        response.raise_for_status()
+        return response
+
+    def convert(
+        self, text, content_type="text/markdown", accept="application/vnd.yjs.doc"
+    ):
        """Convert a Markdown text into our internal format using an external microservice."""

        if not text:
            raise ValidationError("Input text cannot be empty")

        try:
-            response = requests.post(
+            response = self._request(
                f"{settings.Y_PROVIDER_API_BASE_URL}{settings.CONVERSION_API_ENDPOINT}/",
-                data=text,
-                headers={
-                    "Authorization": self.auth_header,
-                    "Content-Type": "text/markdown",
-                },
-                timeout=settings.CONVERSION_API_TIMEOUT,
-                verify=settings.CONVERSION_API_SECURE,
+                text,
+                content_type,
+                accept,
            )
-            response.raise_for_status()
-            return b64encode(response.content).decode("utf-8")
+            if accept == "application/vnd.yjs.doc":
+                return b64encode(response.content).decode("utf-8")
+            if accept in {"text/markdown", "text/html"}:
+                return response.text
+            if accept == "application/json":
+                return response.json()
+            raise ValidationError("Unsupported format")
        except requests.RequestException as err:
            raise ServiceUnavailableError(
                "Failed to connect to conversion service",
--- a/src/backend/core/services/search_indexers.py
+++ b/src/backend/core/services/search_indexers.py
@@ -0,0 +1,303 @@
+"""Document search index management utilities and indexers"""
+
+import logging
+from abc import ABC, abstractmethod
+from collections import defaultdict
+from functools import cache
+
+from django.conf import settings
+from django.contrib.auth.models import AnonymousUser
+from django.core.exceptions import ImproperlyConfigured
+from django.db.models import Subquery
+from django.utils.module_loading import import_string
+
+import requests
+
+from core import models, utils
+
+logger = logging.getLogger(__name__)
+
+
+@cache
+def get_document_indexer():
+    """Returns an instance of indexer service if enabled and properly configured."""
+    classpath = settings.SEARCH_INDEXER_CLASS
+
+    # For this usecase an empty indexer class is not an issue but a feature.
+    if not classpath:
+        logger.info("Document indexer is not configured (see SEARCH_INDEXER_CLASS)")
+        return None
+
+    try:
+        indexer_class = import_string(settings.SEARCH_INDEXER_CLASS)
+        return indexer_class()
+    except ImportError as err:
+        logger.error("SEARCH_INDEXER_CLASS setting is not valid : %s", err)
+    except ImproperlyConfigured as err:
+        logger.error("Document indexer is not properly configured : %s", err)
+
+    return None
+
+
+def get_batch_accesses_by_users_and_teams(paths):
+    """
+    Get accesses related to a list of document paths,
+    grouped by users and teams, including all ancestor paths.
+    """
+    ancestor_map = utils.get_ancestor_to_descendants_map(
+        paths, steplen=models.Document.steplen
+    )
+    ancestor_paths = list(ancestor_map.keys())
+
+    access_qs = models.DocumentAccess.objects.filter(
+        document__path__in=ancestor_paths
+    ).values("document__path", "user__sub", "team")
+
+    access_by_document_path = defaultdict(lambda: {"users": set(), "teams": set()})
+
+    for access in access_qs:
+        ancestor_path = access["document__path"]
+        user_sub = access["user__sub"]
+        team = access["team"]
+
+        for descendant_path in ancestor_map.get(ancestor_path, []):
+            if user_sub:
+                access_by_document_path[descendant_path]["users"].add(str(user_sub))
+            if team:
+                access_by_document_path[descendant_path]["teams"].add(team)
+
+    return dict(access_by_document_path)
+
+
+def get_visited_document_ids_of(queryset, user):
+    """
+    Returns the ids of the documents that have a linktrace to the user and NOT owned.
+    It will be use to limit the opensearch responses to the public documents already
+    "visited" by the user.
+    """
+    if isinstance(user, AnonymousUser):
+        return []
+
+    qs = models.LinkTrace.objects.filter(user=user)
+
+    docs = (
+        queryset.exclude(accesses__user=user)
+        .filter(
+            deleted_at__isnull=True,
+            ancestors_deleted_at__isnull=True,
+        )
+        .filter(pk__in=Subquery(qs.values("document_id")))
+        .order_by("pk")
+        .distinct("pk")
+    )
+
+    return [str(id) for id in docs.values_list("pk", flat=True)]
+
+
+class BaseDocumentIndexer(ABC):
+    """
+    Base class for document indexers.
+
+    Handles batching and access resolution. Subclasses must implement both
+    `serialize_document()` and `push()` to define backend-specific behavior.
+    """
+
+    def __init__(self, batch_size=None):
+        """
+        Initialize the indexer.
+
+        Args:
+            batch_size (int, optional): Number of documents per batch.
+                Defaults to settings.SEARCH_INDEXER_BATCH_SIZE.
+        """
+        self.batch_size = batch_size or settings.SEARCH_INDEXER_BATCH_SIZE
+        self.indexer_url = settings.SEARCH_INDEXER_URL
+        self.indexer_secret = settings.SEARCH_INDEXER_SECRET
+        self.search_url = settings.SEARCH_INDEXER_QUERY_URL
+
+        if not self.indexer_url:
+            raise ImproperlyConfigured(
+                "SEARCH_INDEXER_URL must be set in Django settings."
+            )
+
+        if not self.indexer_secret:
+            raise ImproperlyConfigured(
+                "SEARCH_INDEXER_SECRET must be set in Django settings."
+            )
+
+        if not self.search_url:
+            raise ImproperlyConfigured(
+                "SEARCH_INDEXER_QUERY_URL must be set in Django settings."
+            )
+
+    def index(self):
+        """
+        Fetch documents in batches, serialize them, and push to the search backend.
+        """
+        last_id = 0
+        count = 0
+
+        while True:
+            documents_batch = list(
+                models.Document.objects.filter(
+                    id__gt=last_id,
+                ).order_by("id")[: self.batch_size]
+            )
+
+            if not documents_batch:
+                break
+
+            doc_paths = [doc.path for doc in documents_batch]
+            last_id = documents_batch[-1].id
+            accesses_by_document_path = get_batch_accesses_by_users_and_teams(doc_paths)
+
+            serialized_batch = [
+                self.serialize_document(document, accesses_by_document_path)
+                for document in documents_batch
+                if document.content or document.title
+            ]
+
+            self.push(serialized_batch)
+            count += len(serialized_batch)
+
+        return count
+
+    @abstractmethod
+    def serialize_document(self, document, accesses):
+        """
+        Convert a Document instance to a JSON-serializable format for indexing.
+
+        Must be implemented by subclasses.
+        """
+
+    @abstractmethod
+    def push(self, data):
+        """
+        Push a batch of serialized documents to the backend.
+
+        Must be implemented by subclasses.
+        """
+
+    # pylint: disable-next=too-many-arguments,too-many-positional-arguments
+    def search(self, text, token, visited=(), page=1, page_size=50):
+        """
+        Search for documents in Find app.
+        Ensure the same default ordering as "Docs" list : -updated_at
+
+        Returns ids of the documents
+
+        Args:
+            text (str): Text search content.
+            token (str): OIDC Authentication token.
+            visited (list, optional):
+                List of ids of active public documents with LinkTrace
+                Defaults to settings.SEARCH_INDEXER_BATCH_SIZE.
+            page (int, optional):
+                The page number to retrieve.
+                Defaults to 1 if not specified.
+            page_size (int, optional):
+                The number of results to return per page.
+                Defaults to 50 if not specified.
+        """
+        response = self.search_query(
+            data={
+                "q": text,
+                "visited": visited,
+                "services": ["docs"],
+                "page_number": page,
+                "page_size": page_size,
+                "order_by": "updated_at",
+                "order_direction": "desc",
+            },
+            token=token,
+        )
+
+        return [d["_id"] for d in response]
+
+    @abstractmethod
+    def search_query(self, data, token) -> dict:
+        """
+        Retrieve documents from the Find app API.
+
+        Must be implemented by subclasses.
+        """
+
+
+class FindDocumentIndexer(BaseDocumentIndexer):
+    """
+    Document indexer that pushes documents to La Suite Find app.
+    """
+
+    def serialize_document(self, document, accesses):
+        """
+        Convert a Document to the JSON format expected by La Suite Find.
+
+        Args:
+            document (Document): The document instance.
+            accesses (dict): Mapping of document ID to user/team access.
+
+        Returns:
+            dict: A JSON-serializable dictionary.
+        """
+        doc_path = document.path
+        doc_content = document.content
+        text_content = utils.base64_yjs_to_text(doc_content) if doc_content else ""
+
+        return {
+            "id": str(document.id),
+            "title": document.title or "",
+            "content": text_content,
+            "depth": document.depth,
+            "path": document.path,
+            "numchild": document.numchild,
+            "created_at": document.created_at.isoformat(),
+            "updated_at": document.updated_at.isoformat(),
+            "users": list(accesses.get(doc_path, {}).get("users", set())),
+            "groups": list(accesses.get(doc_path, {}).get("teams", set())),
+            "reach": document.computed_link_reach,
+            "size": len(text_content.encode("utf-8")),
+            "is_active": not bool(document.ancestors_deleted_at),
+        }
+
+    def search_query(self, data, token) -> requests.Response:
+        """
+        Retrieve documents from the Find app API.
+
+        Args:
+            data (dict): search data
+            token (str): OICD token
+
+        Returns:
+            dict: A JSON-serializable dictionary.
+        """
+        try:
+            response = requests.post(
+                self.search_url,
+                json=data,
+                headers={"Authorization": f"Bearer {token}"},
+                timeout=10,
+            )
+            response.raise_for_status()
+            return response.json()
+        except requests.exceptions.HTTPError as e:
+            logger.error("HTTPError: %s", e)
+            raise
+
+    def push(self, data):
+        """
+        Push a batch of documents to the Find backend.
+
+        Args:
+            data (list): List of document dictionaries.
+        """
+        try:
+            response = requests.post(
+                self.indexer_url,
+                json=data,
+                headers={"Authorization": f"Bearer {self.indexer_secret}"},
+                timeout=10,
+            )
+            response.raise_for_status()
+        except requests.exceptions.HTTPError as e:
+            logger.error("HTTPError: %s", e)
+            raise
--- a/src/backend/core/signals.py
+++ b/src/backend/core/signals.py
@@ -0,0 +1,31 @@
+"""
+Declare and configure the signals for the impress core application
+"""
+
+from functools import partial
+
+from django.db import transaction
+from django.db.models import signals
+from django.dispatch import receiver
+
+from . import models
+from .tasks.find import trigger_document_indexer
+
+
+@receiver(signals.post_save, sender=models.Document)
+def document_post_save(sender, instance, **kwargs):  # pylint: disable=unused-argument
+    """
+    Asynchronous call to the document indexer at the end of the transaction.
+    Note : Within the transaction we can have an empty content and a serialization
+    error.
+    """
+    transaction.on_commit(partial(trigger_document_indexer, instance))
+
+
+@receiver(signals.post_save, sender=models.DocumentAccess)
+def document_access_post_save(sender, instance, created, **kwargs):  # pylint: disable=unused-argument
+    """
+    Asynchronous call to the document indexer at the end of the transaction.
+    """
+    if not created:
+        transaction.on_commit(partial(trigger_document_indexer, instance.document))
--- a/src/backend/core/tasks/find.py
+++ b/src/backend/core/tasks/find.py
@@ -0,0 +1,89 @@
+"""Trigger document indexation using celery task."""
+
+from logging import getLogger
+
+from django.conf import settings
+from django.core.cache import cache
+
+from impress.celery_app import app
+
+logger = getLogger(__file__)
+
+
+def indexer_debounce_lock(document_id):
+    """Increase or reset counter"""
+    key = f"doc-indexer-debounce-{document_id}"
+
+    try:
+        return cache.incr(key)
+    except ValueError:
+        cache.set(key, 1)
+        return 1
+
+
+def indexer_debounce_release(document_id):
+    """Decrease or reset counter"""
+    key = f"doc-indexer-debounce-{document_id}"
+
+    try:
+        return cache.decr(key)
+    except ValueError:
+        cache.set(key, 0)
+        return 0
+
+
+@app.task
+def document_indexer_task(document_id):
+    """Celery Task : Sends indexation query for a document."""
+    # Prevents some circular imports
+    # pylint: disable=import-outside-toplevel
+    from core import models  # noqa : PLC0415
+    from core.services.search_indexers import (  # noqa : PLC0415
+        get_batch_accesses_by_users_and_teams,
+        get_document_indexer,
+    )
+
+    # check if the counter : if still up, skip the task. only the last one
+    # within the countdown delay will do the query.
+    if indexer_debounce_release(document_id) > 0:
+        logger.info("Skip document %s indexation", document_id)
+        return
+
+    indexer = get_document_indexer()
+
+    if indexer is None:
+        return
+
+    doc = models.Document.objects.get(pk=document_id)
+    accesses = get_batch_accesses_by_users_and_teams((doc.path,))
+
+    data = indexer.serialize_document(document=doc, accesses=accesses)
+
+    logger.info("Start document %s indexation", document_id)
+    indexer.push(data)
+
+
+def trigger_document_indexer(document):
+    """
+    Trigger indexation task with debounce a delay set by the SEARCH_INDEXER_COUNTDOWN setting.
+
+    Args:
+        document (Document): The document instance.
+    """
+    countdown = settings.SEARCH_INDEXER_COUNTDOWN
+
+    # DO NOT create a task if indexation if disabled
+    if not settings.SEARCH_INDEXER_CLASS:
+        return
+
+    logger.info(
+        "Add task for document %s indexation in %.2f seconds",
+        document.pk,
+        countdown,
+    )
+
+    # Each time this method is called during the countdown, we increment the
+    # counter and each task decrease it, so the index be run only once.
+    indexer_debounce_lock(document.pk)
+
+    document_indexer_task.apply_async(args=[document.pk], countdown=countdown)
--- a/src/backend/core/tests/commands/test_index.py
+++ b/src/backend/core/tests/commands/test_index.py
@@ -0,0 +1,65 @@
+"""
+Unit test for `index` command.
+"""
+
+from operator import itemgetter
+from unittest import mock
+
+from django.core.management import CommandError, call_command
+from django.db import transaction
+
+import pytest
+
+from core import factories
+from core.services.search_indexers import FindDocumentIndexer
+
+
+@pytest.mark.django_db
+@pytest.mark.usefixtures("indexer_settings")
+def test_index():
+    """Test the command `index` that run the Find app indexer for all the available documents."""
+    user = factories.UserFactory()
+    indexer = FindDocumentIndexer()
+
+    with transaction.atomic():
+        doc = factories.DocumentFactory()
+        empty_doc = factories.DocumentFactory(title=None, content="")
+        no_title_doc = factories.DocumentFactory(title=None)
+
+        factories.UserDocumentAccessFactory(document=doc, user=user)
+        factories.UserDocumentAccessFactory(document=empty_doc, user=user)
+        factories.UserDocumentAccessFactory(document=no_title_doc, user=user)
+
+    accesses = {
+        str(doc.path): {"users": [user.sub]},
+        str(empty_doc.path): {"users": [user.sub]},
+        str(no_title_doc.path): {"users": [user.sub]},
+    }
+
+    with mock.patch.object(FindDocumentIndexer, "push") as mock_push:
+        call_command("index")
+
+        push_call_args = [call.args[0] for call in mock_push.call_args_list]
+
+        # called once but with a batch of docs
+        mock_push.assert_called_once()
+
+        assert sorted(push_call_args[0], key=itemgetter("id")) == sorted(
+            [
+                indexer.serialize_document(doc, accesses),
+                indexer.serialize_document(no_title_doc, accesses),
+            ],
+            key=itemgetter("id"),
+        )
+
+
+@pytest.mark.django_db
+@pytest.mark.usefixtures("indexer_settings")
+def test_index_improperly_configured(indexer_settings):
+    """The command should raise an exception if the indexer is not configured"""
+    indexer_settings.SEARCH_INDEXER_CLASS = None
+
+    with pytest.raises(CommandError) as err:
+        call_command("index")
+
+    assert str(err.value) == "The indexer is not enabled or properly configured."
--- a/src/backend/core/tests/conftest.py
+++ b/src/backend/core/tests/conftest.py
@@ -24,3 +24,29 @@ def mock_user_teams():
        "core.models.User.teams", new_callable=mock.PropertyMock
    ) as mock_teams:
        yield mock_teams
+
+
+@pytest.fixture(name="indexer_settings")
+def indexer_settings_fixture(settings):
+    """
+    Setup valid settings for the document indexer. Clear the indexer cache.
+    """
+
+    # pylint: disable-next=import-outside-toplevel
+    from core.services.search_indexers import (  # noqa: PLC0415
+        get_document_indexer,
+    )
+
+    get_document_indexer.cache_clear()
+
+    settings.SEARCH_INDEXER_CLASS = "core.services.search_indexers.FindDocumentIndexer"
+    settings.SEARCH_INDEXER_SECRET = "ThisIsAKeyForTest"
+    settings.SEARCH_INDEXER_URL = "http://localhost:8081/api/v1.0/documents/index/"
+    settings.SEARCH_INDEXER_QUERY_URL = (
+        "http://localhost:8081/api/v1.0/documents/search/"
+    )
+
+    yield settings
+
+    # clear cache to prevent issues with other tests
+    get_document_indexer.cache_clear()
--- a/src/backend/core/tests/documents/test_api_document_accesses.py
+++ b/src/backend/core/tests/documents/test_api_document_accesses.py
@@ -4,6 +4,7 @@ Test document accesses API endpoints for users in impress's core app.
 # pylint: disable=too-many-lines

 import random
+from unittest import mock
 from uuid import uuid4

 import pytest
@@ -1344,3 +1345,24 @@ def test_api_document_accesses_delete_owners_last_owner_child_team(

    assert response.status_code == 204
    assert models.DocumentAccess.objects.count() == 1
+
+
+def test_api_document_accesses_throttling(settings):
+    """Test api document accesses throttling."""
+    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["document_access"] = "2/minute"
+    user = factories.UserFactory()
+    document = factories.DocumentFactory()
+    factories.UserDocumentAccessFactory(
+        document=document, user=user, role="administrator"
+    )
+    client = APIClient()
+    client.force_login(user)
+    for _i in range(2):
+        response = client.get(f"/api/v1.0/documents/{document.id!s}/accesses/")
+        assert response.status_code == 200
+    with mock.patch("core.api.throttling.capture_message") as mock_capture_message:
+        response = client.get(f"/api/v1.0/documents/{document.id!s}/accesses/")
+        assert response.status_code == 429
+        mock_capture_message.assert_called_once_with(
+            "Rate limit exceeded for scope document_access", "warning"
+        )
--- a/src/backend/core/tests/documents/test_api_document_invitations.py
+++ b/src/backend/core/tests/documents/test_api_document_invitations.py
@@ -824,3 +824,29 @@ def test_api_document_invitations_delete_readers_or_editors(via, role, mock_user
        response.json()["detail"]
        == "You do not have permission to perform this action."
    )
+
+
+def test_api_document_invitations_throttling(settings):
+    """Test api document ask for access throttling."""
+    current_rate = settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["invitation"]
+    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["invitation"] = "2/minute"
+    user = factories.UserFactory()
+    document = factories.DocumentFactory()
+
+    factories.UserDocumentAccessFactory(document=document, user=user, role="owner")
+
+    factories.InvitationFactory(document=document, issuer=user)
+
+    client = APIClient()
+    client.force_login(user)
+
+    for _i in range(2):
+        response = client.get(f"/api/v1.0/documents/{document.id}/invitations/")
+        assert response.status_code == 200
+    with mock.patch("core.api.throttling.capture_message") as mock_capture_message:
+        response = client.get(f"/api/v1.0/documents/{document.id}/invitations/")
+        assert response.status_code == 429
+        mock_capture_message.assert_called_once_with(
+            "Rate limit exceeded for scope invitation", "warning"
+        )
+    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["invitation"] = current_rate
--- a/src/backend/core/tests/documents/test_api_documents_ask_for_access.py
+++ b/src/backend/core/tests/documents/test_api_documents_ask_for_access.py
@@ -1,6 +1,7 @@
 """Test API for document ask for access."""

 import uuid
+from unittest import mock

 from django.core import mail

@@ -768,3 +769,35 @@ def test_api_documents_ask_for_access_accept_authenticated_non_root_document(rol
        f"/api/v1.0/documents/{child.id}/ask-for-access/{document_ask_for_access.id}/accept/"
    )
    assert response.status_code == 404
+
+
+def test_api_document_ask_for_access_throttling(settings):
+    """Test api document ask for access throttling."""
+    current_rate = settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"][
+        "document_ask_for_access"
+    ]
+    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["document_ask_for_access"] = (
+        "2/minute"
+    )
+    document = DocumentFactory()
+    DocumentAskForAccessFactory.create_batch(
+        3, document=document, role=RoleChoices.READER
+    )
+
+    user = UserFactory()
+
+    client = APIClient()
+    client.force_login(user)
+
+    for _i in range(2):
+        response = client.get(f"/api/v1.0/documents/{document.id}/ask-for-access/")
+        assert response.status_code == 200
+    with mock.patch("core.api.throttling.capture_message") as mock_capture_message:
+        response = client.get(f"/api/v1.0/documents/{document.id}/ask-for-access/")
+        assert response.status_code == 429
+        mock_capture_message.assert_called_once_with(
+            "Rate limit exceeded for scope document_ask_for_access", "warning"
+        )
+    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["document_ask_for_access"] = (
+        current_rate
+    )
--- a/src/backend/core/tests/documents/test_api_documents_children_list.py
+++ b/src/backend/core/tests/documents/test_api_documents_children_list.py
@@ -45,7 +45,6 @@ def test_api_documents_children_list_anonymous_public_standalone(
                "excerpt": child1.excerpt,
                "id": str(child1.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child1.link_reach,
                "link_role": child1.link_role,
                "numchild": 0,
@@ -68,7 +67,6 @@ def test_api_documents_children_list_anonymous_public_standalone(
                "excerpt": child2.excerpt,
                "id": str(child2.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child2.link_reach,
                "link_role": child2.link_role,
                "numchild": 0,
@@ -121,7 +119,6 @@ def test_api_documents_children_list_anonymous_public_parent(django_assert_num_q
                "excerpt": child1.excerpt,
                "id": str(child1.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child1.link_reach,
                "link_role": child1.link_role,
                "numchild": 0,
@@ -144,7 +141,6 @@ def test_api_documents_children_list_anonymous_public_parent(django_assert_num_q
                "excerpt": child2.excerpt,
                "id": str(child2.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child2.link_reach,
                "link_role": child2.link_role,
                "numchild": 0,
@@ -216,7 +212,6 @@ def test_api_documents_children_list_authenticated_unrelated_public_or_authentic
                "excerpt": child1.excerpt,
                "id": str(child1.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child1.link_reach,
                "link_role": child1.link_role,
                "numchild": 0,
@@ -239,7 +234,6 @@ def test_api_documents_children_list_authenticated_unrelated_public_or_authentic
                "excerpt": child2.excerpt,
                "id": str(child2.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child2.link_reach,
                "link_role": child2.link_role,
                "numchild": 0,
@@ -297,7 +291,6 @@ def test_api_documents_children_list_authenticated_public_or_authenticated_paren
                "excerpt": child1.excerpt,
                "id": str(child1.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child1.link_reach,
                "link_role": child1.link_role,
                "numchild": 0,
@@ -320,7 +313,6 @@ def test_api_documents_children_list_authenticated_public_or_authenticated_paren
                "excerpt": child2.excerpt,
                "id": str(child2.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child2.link_reach,
                "link_role": child2.link_role,
                "numchild": 0,
@@ -405,7 +397,6 @@ def test_api_documents_children_list_authenticated_related_direct(
                "excerpt": child1.excerpt,
                "id": str(child1.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child1.link_reach,
                "link_role": child1.link_role,
                "numchild": 0,
@@ -428,7 +419,6 @@ def test_api_documents_children_list_authenticated_related_direct(
                "excerpt": child2.excerpt,
                "id": str(child2.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child2.link_reach,
                "link_role": child2.link_role,
                "numchild": 0,
@@ -489,7 +479,6 @@ def test_api_documents_children_list_authenticated_related_parent(
                "excerpt": child1.excerpt,
                "id": str(child1.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child1.link_reach,
                "link_role": child1.link_role,
                "numchild": 0,
@@ -512,7 +501,6 @@ def test_api_documents_children_list_authenticated_related_parent(
                "excerpt": child2.excerpt,
                "id": str(child2.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child2.link_reach,
                "link_role": child2.link_role,
                "numchild": 0,
@@ -625,7 +613,6 @@ def test_api_documents_children_list_authenticated_related_team_members(
                "excerpt": child1.excerpt,
                "id": str(child1.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child1.link_reach,
                "link_role": child1.link_role,
                "numchild": 0,
@@ -648,7 +635,6 @@ def test_api_documents_children_list_authenticated_related_team_members(
                "excerpt": child2.excerpt,
                "id": str(child2.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child2.link_reach,
                "link_role": child2.link_role,
                "numchild": 0,
--- a/src/backend/core/tests/documents/test_api_documents_content.py
+++ b/src/backend/core/tests/documents/test_api_documents_content.py
@@ -0,0 +1,176 @@
+"""
+Tests for Documents API endpoint in impress's core app: content
+"""
+
+import base64
+from unittest.mock import patch
+
+import pytest
+import requests
+from rest_framework import status
+from rest_framework.test import APIClient
+
+from core import factories
+
+pytestmark = pytest.mark.django_db
+
+
+@pytest.mark.parametrize(
+    "reach, role",
+    [
+        ("public", "reader"),
+        ("public", "editor"),
+    ],
+)
+@patch("core.services.converter_services.YdocConverter.convert")
+def test_api_documents_content_public(mock_content, reach, role):
+    """Anonymous users should be allowed to access content of public documents."""
+    document = factories.DocumentFactory(link_reach=reach, link_role=role)
+    mock_content.return_value = {"some": "data"}
+
+    response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/content/")
+
+    assert response.status_code == status.HTTP_200_OK
+    data = response.json()
+    assert data["id"] == str(document.id)
+    assert data["title"] == document.title
+    assert data["content"] == {"some": "data"}
+    mock_content.assert_called_once_with(
+        base64.b64decode(document.content),
+        "application/vnd.yjs.doc",
+        "application/json",
+    )
+
+
+@pytest.mark.parametrize(
+    "reach, doc_role, user_role",
+    [
+        ("restricted", "reader", "reader"),
+        ("restricted", "reader", "editor"),
+        ("restricted", "reader", "administrator"),
+        ("restricted", "reader", "owner"),
+        ("restricted", "editor", "reader"),
+        ("restricted", "editor", "editor"),
+        ("restricted", "editor", "administrator"),
+        ("restricted", "editor", "owner"),
+        ("authenticated", "reader", None),
+        ("authenticated", "editor", None),
+    ],
+)
+@patch("core.services.converter_services.YdocConverter.convert")
+def test_api_documents_content_not_public(mock_content, reach, doc_role, user_role):
+    """Authenticated users need access to get non-public document content."""
+    user = factories.UserFactory()
+    document = factories.DocumentFactory(link_reach=reach, link_role=doc_role)
+    mock_content.return_value = {"some": "data"}
+
+    # First anonymous request should fail
+    client = APIClient()
+    response = client.get(f"/api/v1.0/documents/{document.id!s}/content/")
+
+    assert response.status_code == status.HTTP_401_UNAUTHORIZED
+    mock_content.assert_not_called()
+
+    # Login and try again
+    client.force_login(user)
+    response = client.get(f"/api/v1.0/documents/{document.id!s}/content/")
+
+    # If restricted, we still should not have access
+    if user_role is not None:
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+        mock_content.assert_not_called()
+
+        # Create an access as a reader. This should unlock the access.
+        factories.UserDocumentAccessFactory(
+            document=document, user=user, role=user_role
+        )
+
+        response = client.get(f"/api/v1.0/documents/{document.id!s}/content/")
+
+    assert response.status_code == status.HTTP_200_OK
+    data = response.json()
+    assert data["id"] == str(document.id)
+    assert data["title"] == document.title
+    assert data["content"] == {"some": "data"}
+    mock_content.assert_called_once_with(
+        base64.b64decode(document.content),
+        "application/vnd.yjs.doc",
+        "application/json",
+    )
+
+
+@pytest.mark.parametrize(
+    "content_format, accept",
+    [
+        ("markdown", "text/markdown"),
+        ("html", "text/html"),
+        ("json", "application/json"),
+    ],
+)
+@patch("core.services.converter_services.YdocConverter.convert")
+def test_api_documents_content_format(mock_content, content_format, accept):
+    """Test that the content endpoint returns a specific format."""
+    document = factories.DocumentFactory(link_reach="public")
+    mock_content.return_value = {"some": "data"}
+
+    response = APIClient().get(
+        f"/api/v1.0/documents/{document.id!s}/content/?content_format={content_format}"
+    )
+
+    assert response.status_code == status.HTTP_200_OK
+    data = response.json()
+    assert data["id"] == str(document.id)
+    assert data["title"] == document.title
+    assert data["content"] == {"some": "data"}
+    mock_content.assert_called_once_with(
+        base64.b64decode(document.content), "application/vnd.yjs.doc", accept
+    )
+
+
+@patch("core.services.converter_services.YdocConverter._request")
+def test_api_documents_content_invalid_format(mock_request):
+    """Test that the content endpoint rejects invalid formats."""
+    document = factories.DocumentFactory(link_reach="public")
+
+    response = APIClient().get(
+        f"/api/v1.0/documents/{document.id!s}/content/?content_format=invalid"
+    )
+    assert response.status_code == status.HTTP_400_BAD_REQUEST
+    mock_request.assert_not_called()
+
+
+@patch("core.services.converter_services.YdocConverter._request")
+def test_api_documents_content_yservice_error(mock_request):
+    """Test that service errors are handled properly."""
+    document = factories.DocumentFactory(link_reach="public")
+    mock_request.side_effect = requests.RequestException()
+
+    response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/content/")
+    mock_request.assert_called_once()
+    assert response.status_code == status.HTTP_500_INTERNAL_SERVER_ERROR
+
+
+@patch("core.services.converter_services.YdocConverter._request")
+def test_api_documents_content_nonexistent_document(mock_request):
+    """Test that accessing a nonexistent document returns 404."""
+    client = APIClient()
+    response = client.get(
+        "/api/v1.0/documents/00000000-0000-0000-0000-000000000000/content/"
+    )
+    assert response.status_code == status.HTTP_404_NOT_FOUND
+    mock_request.assert_not_called()
+
+
+@patch("core.services.converter_services.YdocConverter._request")
+def test_api_documents_content_empty_document(mock_request):
+    """Test that accessing an empty document returns empty content."""
+    document = factories.DocumentFactory(link_reach="public", content="")
+
+    response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/content/")
+
+    assert response.status_code == status.HTTP_200_OK
+    data = response.json()
+    assert data["id"] == str(document.id)
+    assert data["title"] == document.title
+    assert data["content"] is None
+    mock_request.assert_not_called()
--- a/src/backend/core/tests/documents/test_api_documents_cors_proxy.py
+++ b/src/backend/core/tests/documents/test_api_documents_cors_proxy.py
@@ -2,6 +2,7 @@

 import pytest
 import responses
+from requests.exceptions import RequestException
 from rest_framework.test import APIClient

 from core import factories
@@ -149,3 +150,41 @@ def test_api_docs_cors_proxy_unsupported_media_type():
        f"/api/v1.0/documents/{document.id!s}/cors-proxy/?url={url_to_fetch}"
    )
    assert response.status_code == 415
+
+
+@pytest.mark.parametrize(
+    "url_to_fetch",
+    [
+        "ftp://external-url.com/assets/index.html",
+        "ftps://external-url.com/assets/index.html",
+        "invalid-url.com",
+        "ssh://external-url.com/assets/index.html",
+    ],
+)
+def test_api_docs_cors_proxy_invalid_url(url_to_fetch):
+    """Test the CORS proxy API for documents with an invalid URL."""
+    document = factories.DocumentFactory(link_reach="public")
+
+    client = APIClient()
+    response = client.get(
+        f"/api/v1.0/documents/{document.id!s}/cors-proxy/?url={url_to_fetch}"
+    )
+    assert response.status_code == 400
+    assert response.json() == ["Enter a valid URL."]
+
+
+@responses.activate
+def test_api_docs_cors_proxy_request_failed():
+    """Test the CORS proxy API for documents with a request failed."""
+    document = factories.DocumentFactory(link_reach="public")
+
+    client = APIClient()
+    url_to_fetch = "https://external-url.com/assets/index.html"
+    responses.get(url_to_fetch, body=RequestException("Connection refused"))
+    response = client.get(
+        f"/api/v1.0/documents/{document.id!s}/cors-proxy/?url={url_to_fetch}"
+    )
+    assert response.status_code == 400
+    assert response.json() == {
+        "error": "Failed to fetch resource from https://external-url.com/assets/index.html"
+    }
--- a/src/backend/core/tests/documents/test_api_documents_create_for_owner.py
+++ b/src/backend/core/tests/documents/test_api_documents_create_for_owner.py
@@ -148,7 +148,7 @@ def test_api_documents_create_for_owner_invalid_sub():
    data = {
        "title": "My Document",
        "content": "Document content",
-        "sub": "123!!",
+        "sub": "invalid süb",
        "email": "john.doe@example.com",
    }

@@ -163,10 +163,7 @@ def test_api_documents_create_for_owner_invalid_sub():
    assert not Document.objects.exists()

    assert response.json() == {
-        "sub": [
-            "Enter a valid sub. This value may contain only letters, "
-            "numbers, and @/./+/-/_/: characters."
-        ]
+        "sub": ["Enter a valid sub. This value should be ASCII only."]
    }


--- a/src/backend/core/tests/documents/test_api_documents_descendants.py
+++ b/src/backend/core/tests/documents/test_api_documents_descendants.py
@@ -42,7 +42,6 @@ def test_api_documents_descendants_list_anonymous_public_standalone():
                "excerpt": child1.excerpt,
                "id": str(child1.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child1.link_reach,
                "link_role": child1.link_role,
                "numchild": 1,
@@ -67,7 +66,6 @@ def test_api_documents_descendants_list_anonymous_public_standalone():
                "excerpt": grand_child.excerpt,
                "id": str(grand_child.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": grand_child.link_reach,
                "link_role": grand_child.link_role,
                "numchild": 0,
@@ -90,7 +88,6 @@ def test_api_documents_descendants_list_anonymous_public_standalone():
                "excerpt": child2.excerpt,
                "id": str(child2.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child2.link_reach,
                "link_role": child2.link_role,
                "numchild": 0,
@@ -142,7 +139,6 @@ def test_api_documents_descendants_list_anonymous_public_parent():
                "excerpt": child1.excerpt,
                "id": str(child1.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child1.link_reach,
                "link_role": child1.link_role,
                "numchild": 1,
@@ -165,7 +161,6 @@ def test_api_documents_descendants_list_anonymous_public_parent():
                "excerpt": grand_child.excerpt,
                "id": str(grand_child.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": grand_child.link_reach,
                "link_role": grand_child.link_role,
                "numchild": 0,
@@ -188,7 +183,6 @@ def test_api_documents_descendants_list_anonymous_public_parent():
                "excerpt": child2.excerpt,
                "id": str(child2.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child2.link_reach,
                "link_role": child2.link_role,
                "numchild": 0,
@@ -261,7 +255,6 @@ def test_api_documents_descendants_list_authenticated_unrelated_public_or_authen
                "excerpt": child1.excerpt,
                "id": str(child1.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child1.link_reach,
                "link_role": child1.link_role,
                "numchild": 1,
@@ -284,7 +277,6 @@ def test_api_documents_descendants_list_authenticated_unrelated_public_or_authen
                "excerpt": grand_child.excerpt,
                "id": str(grand_child.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": grand_child.link_reach,
                "link_role": grand_child.link_role,
                "numchild": 0,
@@ -307,7 +299,6 @@ def test_api_documents_descendants_list_authenticated_unrelated_public_or_authen
                "excerpt": child2.excerpt,
                "id": str(child2.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child2.link_reach,
                "link_role": child2.link_role,
                "numchild": 0,
@@ -365,7 +356,6 @@ def test_api_documents_descendants_list_authenticated_public_or_authenticated_pa
                "excerpt": child1.excerpt,
                "id": str(child1.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child1.link_reach,
                "link_role": child1.link_role,
                "numchild": 1,
@@ -388,7 +378,6 @@ def test_api_documents_descendants_list_authenticated_public_or_authenticated_pa
                "excerpt": grand_child.excerpt,
                "id": str(grand_child.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": grand_child.link_reach,
                "link_role": grand_child.link_role,
                "numchild": 0,
@@ -411,7 +400,6 @@ def test_api_documents_descendants_list_authenticated_public_or_authenticated_pa
                "excerpt": child2.excerpt,
                "id": str(child2.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child2.link_reach,
                "link_role": child2.link_role,
                "numchild": 0,
@@ -490,7 +478,6 @@ def test_api_documents_descendants_list_authenticated_related_direct():
                "excerpt": child1.excerpt,
                "id": str(child1.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child1.link_reach,
                "link_role": child1.link_role,
                "numchild": 1,
@@ -513,7 +500,6 @@ def test_api_documents_descendants_list_authenticated_related_direct():
                "excerpt": grand_child.excerpt,
                "id": str(grand_child.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": grand_child.link_reach,
                "link_role": grand_child.link_role,
                "numchild": 0,
@@ -536,7 +522,6 @@ def test_api_documents_descendants_list_authenticated_related_direct():
                "excerpt": child2.excerpt,
                "id": str(child2.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child2.link_reach,
                "link_role": child2.link_role,
                "numchild": 0,
@@ -595,7 +580,6 @@ def test_api_documents_descendants_list_authenticated_related_parent():
                "excerpt": child1.excerpt,
                "id": str(child1.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child1.link_reach,
                "link_role": child1.link_role,
                "numchild": 1,
@@ -618,7 +602,6 @@ def test_api_documents_descendants_list_authenticated_related_parent():
                "excerpt": grand_child.excerpt,
                "id": str(grand_child.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": grand_child.link_reach,
                "link_role": grand_child.link_role,
                "numchild": 0,
@@ -641,7 +624,6 @@ def test_api_documents_descendants_list_authenticated_related_parent():
                "excerpt": child2.excerpt,
                "id": str(child2.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child2.link_reach,
                "link_role": child2.link_role,
                "numchild": 0,
@@ -746,7 +728,6 @@ def test_api_documents_descendants_list_authenticated_related_team_members(
                "excerpt": child1.excerpt,
                "id": str(child1.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child1.link_reach,
                "link_role": child1.link_role,
                "numchild": 1,
@@ -769,7 +750,6 @@ def test_api_documents_descendants_list_authenticated_related_team_members(
                "excerpt": grand_child.excerpt,
                "id": str(grand_child.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": grand_child.link_reach,
                "link_role": grand_child.link_role,
                "numchild": 0,
@@ -792,7 +772,6 @@ def test_api_documents_descendants_list_authenticated_related_team_members(
                "excerpt": child2.excerpt,
                "id": str(child2.id),
                "is_favorite": False,
-                "is_masked": False,
                "link_reach": child2.link_reach,
                "link_role": child2.link_role,
                "numchild": 0,
--- a/src/backend/core/tests/documents/test_api_documents_duplicate.py
+++ b/src/backend/core/tests/documents/test_api_documents_duplicate.py
@@ -293,3 +293,28 @@ def test_api_documents_duplicate_non_root_document(role):
    assert duplicated_accesses.count() == 0
    assert duplicated_document.is_sibling_of(child)
    assert duplicated_document.is_child_of(document)
+
+
+def test_api_documents_duplicate_reader_non_root_document():
+    """
+    Reader users should be able to duplicate non-root documents but will be
+    created as a root document.
+    """
+    user = factories.UserFactory()
+    client = APIClient()
+    client.force_login(user)
+
+    document = factories.DocumentFactory(users=[(user, "reader")])
+    child = factories.DocumentFactory(parent=document)
+
+    assert child.get_role(user) == "reader"
+
+    response = client.post(
+        f"/api/v1.0/documents/{child.id!s}/duplicate/", format="json"
+    )
+    assert response.status_code == 201
+
+    duplicated_document = models.Document.objects.get(id=response.json()["id"])
+    assert duplicated_document.is_root()
+    assert duplicated_document.accesses.count() == 1
+    assert duplicated_document.accesses.get(user=user).role == "owner"
--- a/src/backend/core/tests/documents/test_api_documents_link_configuration.py
+++ b/src/backend/core/tests/documents/test_api_documents_link_configuration.py
@@ -133,7 +133,10 @@ def test_api_documents_link_configuration_update_authenticated_related_success(
    client = APIClient()
    client.force_login(user)

-    document = factories.DocumentFactory()
+    document = factories.DocumentFactory(
+        link_reach=models.LinkReachChoices.AUTHENTICATED,
+        link_role=models.LinkRoleChoices.READER,
+    )
    if via == USER:
        factories.UserDocumentAccessFactory(document=document, user=user, role=role)
    elif via == TEAM:
@@ -143,7 +146,10 @@ def test_api_documents_link_configuration_update_authenticated_related_success(
        )

    new_document_values = serializers.LinkDocumentSerializer(
-        instance=factories.DocumentFactory()
+        instance=factories.DocumentFactory(
+            link_reach=models.LinkReachChoices.PUBLIC,
+            link_role=models.LinkRoleChoices.EDITOR,
+        )
    ).data

    with mock_reset_connections(document.id):
@@ -158,3 +164,240 @@ def test_api_documents_link_configuration_update_authenticated_related_success(
        document_values = serializers.LinkDocumentSerializer(instance=document).data
        for key, value in document_values.items():
            assert value == new_document_values[key]
+
+
+def test_api_documents_link_configuration_update_role_restricted_forbidden():
+    """
+    Test that trying to set link_role on a document with restricted link_reach
+    returns a validation error.
+    """
+    user = factories.UserFactory()
+    client = APIClient()
+    client.force_login(user)
+
+    document = factories.DocumentFactory(
+        link_reach=models.LinkReachChoices.RESTRICTED,
+        link_role=models.LinkRoleChoices.READER,
+    )
+
+    factories.UserDocumentAccessFactory(
+        document=document, user=user, role=models.RoleChoices.OWNER
+    )
+
+    # Try to set a meaningful role on a restricted document
+    new_data = {
+        "link_reach": models.LinkReachChoices.RESTRICTED,
+        "link_role": models.LinkRoleChoices.EDITOR,
+    }
+
+    response = client.put(
+        f"/api/v1.0/documents/{document.id!s}/link-configuration/",
+        new_data,
+        format="json",
+    )
+
+    assert response.status_code == 400
+    assert "link_role" in response.json()
+    assert (
+        "Cannot set link_role when link_reach is 'restricted'"
+        in response.json()["link_role"][0]
+    )
+
+
+def test_api_documents_link_configuration_update_link_reach_required():
+    """
+    Test that link_reach is required when updating link configuration.
+    """
+    user = factories.UserFactory()
+    client = APIClient()
+    client.force_login(user)
+
+    document = factories.DocumentFactory(
+        link_reach=models.LinkReachChoices.PUBLIC,
+        link_role=models.LinkRoleChoices.READER,
+    )
+
+    factories.UserDocumentAccessFactory(
+        document=document, user=user, role=models.RoleChoices.OWNER
+    )
+
+    # Try to update without providing link_reach
+    new_data = {"link_role": models.LinkRoleChoices.EDITOR}
+
+    response = client.put(
+        f"/api/v1.0/documents/{document.id!s}/link-configuration/",
+        new_data,
+        format="json",
+    )
+
+    assert response.status_code == 400
+    assert "link_reach" in response.json()
+    assert "This field is required" in response.json()["link_reach"][0]
+
+
+def test_api_documents_link_configuration_update_restricted_without_role_success(
+    mock_reset_connections,  # pylint: disable=redefined-outer-name
+):
+    """
+    Test that setting link_reach to restricted without specifying link_role succeeds.
+    """
+    user = factories.UserFactory()
+    client = APIClient()
+    client.force_login(user)
+
+    document = factories.DocumentFactory(
+        link_reach=models.LinkReachChoices.PUBLIC,
+        link_role=models.LinkRoleChoices.READER,
+    )
+
+    factories.UserDocumentAccessFactory(
+        document=document, user=user, role=models.RoleChoices.OWNER
+    )
+
+    # Only specify link_reach, not link_role
+    new_data = {
+        "link_reach": models.LinkReachChoices.RESTRICTED,
+    }
+
+    with mock_reset_connections(document.id):
+        response = client.put(
+            f"/api/v1.0/documents/{document.id!s}/link-configuration/",
+            new_data,
+            format="json",
+        )
+
+        assert response.status_code == 200
+        document.refresh_from_db()
+        assert document.link_reach == models.LinkReachChoices.RESTRICTED
+
+
+@pytest.mark.parametrize(
+    "reach", [models.LinkReachChoices.PUBLIC, models.LinkReachChoices.AUTHENTICATED]
+)
+@pytest.mark.parametrize("role", models.LinkRoleChoices.values)
+def test_api_documents_link_configuration_update_non_restricted_with_valid_role_success(
+    reach,
+    role,
+    mock_reset_connections,  # pylint: disable=redefined-outer-name
+):
+    """
+    Test that setting non-restricted link_reach with valid link_role succeeds.
+    """
+    user = factories.UserFactory()
+    client = APIClient()
+    client.force_login(user)
+
+    document = factories.DocumentFactory(
+        link_reach=models.LinkReachChoices.RESTRICTED,
+        link_role=models.LinkRoleChoices.READER,
+    )
+
+    factories.UserDocumentAccessFactory(
+        document=document, user=user, role=models.RoleChoices.OWNER
+    )
+
+    new_data = {
+        "link_reach": reach,
+        "link_role": role,
+    }
+
+    with mock_reset_connections(document.id):
+        response = client.put(
+            f"/api/v1.0/documents/{document.id!s}/link-configuration/",
+            new_data,
+            format="json",
+        )
+
+        assert response.status_code == 200
+        document.refresh_from_db()
+        assert document.link_reach == reach
+        assert document.link_role == role
+
+
+def test_api_documents_link_configuration_update_with_ancestor_constraints():
+    """
+    Test that link configuration respects ancestor constraints using get_select_options.
+    This test may need adjustment based on the actual get_select_options implementation.
+    """
+    user = factories.UserFactory()
+    client = APIClient()
+    client.force_login(user)
+
+    parent_document = factories.DocumentFactory(
+        link_reach=models.LinkReachChoices.PUBLIC,
+        link_role=models.LinkRoleChoices.READER,
+    )
+
+    child_document = factories.DocumentFactory(
+        parent=parent_document,
+        link_reach=models.LinkReachChoices.PUBLIC,
+        link_role=models.LinkRoleChoices.READER,
+    )
+
+    factories.UserDocumentAccessFactory(
+        document=child_document, user=user, role=models.RoleChoices.OWNER
+    )
+
+    # Try to set child to PUBLIC when parent is RESTRICTED
+    new_data = {
+        "link_reach": models.LinkReachChoices.RESTRICTED,
+        "link_role": models.LinkRoleChoices.READER,
+    }
+
+    response = client.put(
+        f"/api/v1.0/documents/{child_document.id!s}/link-configuration/",
+        new_data,
+        format="json",
+    )
+
+    assert response.status_code == 400
+    assert "link_reach" in response.json()
+    assert (
+        "Link reach 'restricted' is not allowed based on parent"
+        in response.json()["link_reach"][0]
+    )
+
+
+def test_api_documents_link_configuration_update_invalid_role_for_reach_validation():
+    """
+    Test the specific validation logic that checks if link_role is allowed for link_reach.
+    This tests the code section that validates allowed_roles from get_select_options.
+    """
+    user = factories.UserFactory()
+    client = APIClient()
+    client.force_login(user)
+
+    parent_document = factories.DocumentFactory(
+        link_reach=models.LinkReachChoices.AUTHENTICATED,
+        link_role=models.LinkRoleChoices.EDITOR,
+    )
+
+    child_document = factories.DocumentFactory(
+        parent=parent_document,
+        link_reach=models.LinkReachChoices.RESTRICTED,
+        link_role=models.LinkRoleChoices.READER,
+    )
+
+    factories.UserDocumentAccessFactory(
+        document=child_document, user=user, role=models.RoleChoices.OWNER
+    )
+
+    new_data = {
+        "link_reach": models.LinkReachChoices.AUTHENTICATED,
+        "link_role": models.LinkRoleChoices.READER,  # This should be rejected
+    }
+
+    response = client.put(
+        f"/api/v1.0/documents/{child_document.id!s}/link-configuration/",
+        new_data,
+        format="json",
+    )
+
+    assert response.status_code == 400
+    assert "link_role" in response.json()
+    error_message = response.json()["link_role"][0]
+    assert (
+        "Link role 'reader' is not allowed for link reach 'authenticated'"
+        in error_message
+    )
+    assert "Allowed roles: editor" in error_message
--- a/src/backend/core/tests/documents/test_api_documents_list.py
+++ b/src/backend/core/tests/documents/test_api_documents_list.py
@@ -72,7 +72,6 @@ def test_api_documents_list_format():
        "depth": 1,
        "excerpt": document.excerpt,
        "is_favorite": True,
-        "is_masked": False,
        "link_reach": document.link_reach,
        "link_role": document.link_role,
        "nb_accesses_ancestors": 3,
@@ -409,7 +408,6 @@ def test_api_documents_list_favorites_no_extra_queries(django_assert_num_queries
    assert len(results) == 5

    assert all(result["is_favorite"] is False for result in results)
-    assert all(result["is_masked"] is False for result in results)

    # Mark documents as favorite and check results again
    for document in special_documents:
@@ -429,5 +427,20 @@ def test_api_documents_list_favorites_no_extra_queries(django_assert_num_queries
            assert result["is_favorite"] is True
        else:
            assert result["is_favorite"] is False
-        # All documents should be unmasked in this test
-        assert result["is_masked"] is False
+
+
+def test_api_documents_list_throttling(settings):
+    """Test api documents throttling."""
+    current_rate = settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["document"]
+    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["document"] = "2/minute"
+    client = APIClient()
+    for _i in range(2):
+        response = client.get("/api/v1.0/documents/")
+        assert response.status_code == 200
+    with mock.patch("core.api.throttling.capture_message") as mock_capture_message:
+        response = client.get("/api/v1.0/documents/")
+        assert response.status_code == 429
+        mock_capture_message.assert_called_once_with(
+            "Rate limit exceeded for scope document", "warning"
+        )
+    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["document"] = current_rate
--- a/src/backend/core/tests/documents/test_api_documents_retrieve.py
+++ b/src/backend/core/tests/documents/test_api_documents_retrieve.py
@@ -37,6 +37,7 @@ def test_api_documents_retrieve_anonymous_public_standalone():
            "children_list": True,
            "collaboration_auth": True,
            "cors_proxy": True,
+            "content": True,
            "descendants": True,
            "destroy": False,
            "duplicate": False,
@@ -113,6 +114,7 @@ def test_api_documents_retrieve_anonymous_public_parent():
            "collaboration_auth": True,
            "descendants": True,
            "cors_proxy": True,
+            "content": True,
            "destroy": False,
            "duplicate": False,
            # Anonymous user can't favorite a document even with read access
@@ -218,6 +220,7 @@ def test_api_documents_retrieve_authenticated_unrelated_public_or_authenticated(
            "collaboration_auth": True,
            "descendants": True,
            "cors_proxy": True,
+            "content": True,
            "destroy": False,
            "duplicate": True,
            "favorite": True,
@@ -300,6 +303,7 @@ def test_api_documents_retrieve_authenticated_public_or_authenticated_parent(rea
            "collaboration_auth": True,
            "descendants": True,
            "cors_proxy": True,
+            "content": True,
            "destroy": False,
            "duplicate": True,
            "favorite": True,
@@ -494,7 +498,8 @@ def test_api_documents_retrieve_authenticated_related_parent():
            "collaboration_auth": True,
            "descendants": True,
            "cors_proxy": True,
-            "destroy": access.role == "owner",
+            "content": True,
+            "destroy": access.role in ["administrator", "owner"],
            "duplicate": True,
            "favorite": True,
            "invite_owner": access.role == "owner",
--- a/src/backend/core/tests/documents/test_api_documents_search.py
+++ b/src/backend/core/tests/documents/test_api_documents_search.py
@@ -0,0 +1,234 @@
+"""
+Tests for Documents API endpoint in impress's core app: list
+"""
+
+from json import loads as json_loads
+
+import pytest
+import responses
+from faker import Faker
+from rest_framework.test import APIClient
+
+from core import factories, models
+from core.services.search_indexers import get_document_indexer
+
+fake = Faker()
+pytestmark = pytest.mark.django_db
+
+
+@pytest.mark.parametrize("role", models.LinkRoleChoices.values)
+@pytest.mark.parametrize("reach", models.LinkReachChoices.values)
+@responses.activate
+def test_api_documents_search_anonymous(reach, role, indexer_settings):
+    """
+    Anonymous users should not be allowed to search documents whatever the
+    link reach and link role
+    """
+    indexer_settings.SEARCH_INDEXER_QUERY_URL = "http://find/api/v1.0/search"
+
+    factories.DocumentFactory(link_reach=reach, link_role=role)
+
+    # Find response
+    responses.add(
+        responses.POST,
+        "http://find/api/v1.0/search",
+        json=[],
+        status=200,
+    )
+
+    response = APIClient().get("/api/v1.0/documents/search/", data={"q": "alpha"})
+
+    assert response.status_code == 200
+    assert response.json() == {
+        "count": 0,
+        "next": None,
+        "previous": None,
+        "results": [],
+    }
+
+
+def test_api_documents_search_endpoint_is_none(indexer_settings):
+    """
+    Missing SEARCH_INDEXER_QUERY_URL, so the indexer is not properly configured.
+    Should fallback on title filter
+    """
+    indexer_settings.SEARCH_INDEXER_QUERY_URL = None
+
+    assert get_document_indexer() is None
+
+    user = factories.UserFactory()
+    document = factories.DocumentFactory(title="alpha")
+    access = factories.UserDocumentAccessFactory(document=document, user=user)
+
+    client = APIClient()
+    client.force_login(user)
+
+    response = client.get("/api/v1.0/documents/search/", data={"q": "alpha"})
+
+    assert response.status_code == 200
+    content = response.json()
+    results = content.pop("results")
+    assert content == {
+        "count": 1,
+        "next": None,
+        "previous": None,
+    }
+    assert len(results) == 1
+    assert results[0] == {
+        "id": str(document.id),
+        "abilities": document.get_abilities(user),
+        "ancestors_link_reach": None,
+        "ancestors_link_role": None,
+        "computed_link_reach": document.computed_link_reach,
+        "computed_link_role": document.computed_link_role,
+        "created_at": document.created_at.isoformat().replace("+00:00", "Z"),
+        "creator": str(document.creator.id),
+        "depth": 1,
+        "excerpt": document.excerpt,
+        "link_reach": document.link_reach,
+        "link_role": document.link_role,
+        "nb_accesses_ancestors": 1,
+        "nb_accesses_direct": 1,
+        "numchild": 0,
+        "path": document.path,
+        "title": document.title,
+        "updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
+        "user_role": access.role,
+    }
+
+
+@responses.activate
+def test_api_documents_search_invalid_params(indexer_settings):
+    """Validate the format of documents as returned by the search view."""
+    indexer_settings.SEARCH_INDEXER_QUERY_URL = "http://find/api/v1.0/search"
+
+    user = factories.UserFactory()
+
+    client = APIClient()
+    client.force_login(user)
+
+    response = client.get("/api/v1.0/documents/search/")
+
+    assert response.status_code == 400
+    assert response.json() == {"q": ["This field is required."]}
+
+    response = client.get("/api/v1.0/documents/search/", data={"q": "    "})
+
+    assert response.status_code == 400
+    assert response.json() == {"q": ["This field may not be blank."]}
+
+    response = client.get(
+        "/api/v1.0/documents/search/", data={"q": "any", "page": "NaN"}
+    )
+
+    assert response.status_code == 400
+    assert response.json() == {"page": ["A valid integer is required."]}
+
+
+@responses.activate
+def test_api_documents_search_format(indexer_settings):
+    """Validate the format of documents as returned by the search view."""
+    indexer_settings.SEARCH_INDEXER_QUERY_URL = "http://find/api/v1.0/search"
+
+    assert get_document_indexer() is not None
+
+    user = factories.UserFactory()
+
+    client = APIClient()
+    client.force_login(user)
+
+    user_a, user_b, user_c = factories.UserFactory.create_batch(3)
+    document = factories.DocumentFactory(
+        title="alpha",
+        users=(user_a, user_c),
+        link_traces=(user, user_b),
+    )
+    access = factories.UserDocumentAccessFactory(document=document, user=user)
+
+    # Find response
+    responses.add(
+        responses.POST,
+        "http://find/api/v1.0/search",
+        json=[
+            {"_id": str(document.pk)},
+        ],
+        status=200,
+    )
+    response = client.get("/api/v1.0/documents/search/", data={"q": "alpha"})
+
+    assert response.status_code == 200
+    content = response.json()
+    results = content.pop("results")
+    assert content == {
+        "count": 1,
+        "next": None,
+        "previous": None,
+    }
+    assert len(results) == 1
+    assert results[0] == {
+        "id": str(document.id),
+        "abilities": document.get_abilities(user),
+        "ancestors_link_reach": None,
+        "ancestors_link_role": None,
+        "computed_link_reach": document.computed_link_reach,
+        "computed_link_role": document.computed_link_role,
+        "created_at": document.created_at.isoformat().replace("+00:00", "Z"),
+        "creator": str(document.creator.id),
+        "depth": 1,
+        "excerpt": document.excerpt,
+        "link_reach": document.link_reach,
+        "link_role": document.link_role,
+        "nb_accesses_ancestors": 3,
+        "nb_accesses_direct": 3,
+        "numchild": 0,
+        "path": document.path,
+        "title": document.title,
+        "updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
+        "user_role": access.role,
+    }
+
+
+@responses.activate
+def test_api_documents_search_pagination(indexer_settings):
+    """Documents should be ordered by descending "updated_at" by default"""
+    indexer_settings.SEARCH_INDEXER_QUERY_URL = "http://find/api/v1.0/search"
+
+    assert get_document_indexer() is not None
+
+    user = factories.UserFactory()
+
+    client = APIClient()
+    client.force_login(user)
+
+    docs = factories.DocumentFactory.create_batch(10)
+
+    # Find response
+    # pylint: disable-next=assignment-from-none
+    api_search = responses.add(
+        responses.POST,
+        "http://find/api/v1.0/search",
+        json=[{"_id": str(doc.pk)} for doc in docs],
+        status=200,
+    )
+
+    response = client.get(
+        "/api/v1.0/documents/search/", data={"q": "alpha", "page": 2, "page_size": 5}
+    )
+
+    assert response.status_code == 200
+    content = response.json()
+    results = content.pop("results")
+    assert len(results) == 5
+
+    # Check the query parameters.
+    assert api_search.call_count == 1
+    assert api_search.calls[0].response.status_code == 200
+    assert json_loads(api_search.calls[0].request.body) == {
+        "q": "alpha",
+        "visited": [],
+        "services": ["docs"],
+        "page_number": 2,
+        "page_size": 5,
+        "order_by": "updated_at",
+        "order_direction": "desc",
+    }
--- a/src/backend/core/tests/documents/test_api_documents_trashbin.py
+++ b/src/backend/core/tests/documents/test_api_documents_trashbin.py
@@ -81,6 +81,7 @@ def test_api_documents_trashbin_format():
            "collaboration_auth": True,
            "descendants": True,
            "cors_proxy": True,
+            "content": True,
            "destroy": True,
            "duplicate": True,
            "favorite": True,
--- a/src/backend/core/tests/serializers/test_user_light_serializer.py
+++ b/src/backend/core/tests/serializers/test_user_light_serializer.py
@@ -0,0 +1,44 @@
+"""Test user light serializer."""
+
+import pytest
+
+from core import factories
+from core.api.serializers import UserLightSerializer
+
+pytestmark = pytest.mark.django_db
+
+
+def test_user_light_serializer():
+    """Test user light serializer."""
+    user = factories.UserFactory(
+        email="test@test.com",
+        full_name="John Doe",
+        short_name="John",
+    )
+    serializer = UserLightSerializer(user)
+    assert serializer.data["full_name"] == "John Doe"
+    assert serializer.data["short_name"] == "John"
+
+
+def test_user_light_serializer_no_full_name():
+    """Test user light serializer without full name."""
+    user = factories.UserFactory(
+        email="test_foo@test.com",
+        full_name=None,
+        short_name="John",
+    )
+    serializer = UserLightSerializer(user)
+    assert serializer.data["full_name"] == "test_foo"
+    assert serializer.data["short_name"] == "John"
+
+
+def test_user_light_serializer_no_short_name():
+    """Test user light serializer without short name."""
+    user = factories.UserFactory(
+        email="test_foo@test.com",
+        full_name=None,
+        short_name=None,
+    )
+    serializer = UserLightSerializer(user)
+    assert serializer.data["full_name"] == "test_foo"
+    assert serializer.data["short_name"] == "test_foo"
--- a/src/backend/core/tests/templates/test_api_template_accesses.py
+++ b/src/backend/core/tests/templates/test_api_template_accesses.py
@@ -3,6 +3,7 @@ Test template accesses API endpoints for users in impress's core app.
 """

 import random
+from unittest import mock
 from uuid import uuid4

 import pytest
@@ -773,3 +774,26 @@ def test_api_template_accesses_delete_owners_last_owner(via, mock_user_teams):

    assert response.status_code == 403
    assert models.TemplateAccess.objects.count() == 2
+
+
+def test_api_template_accesses_throttling(settings):
+    """Test api template accesses throttling."""
+    current_rate = settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["template_access"]
+    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["template_access"] = "2/minute"
+    template = factories.TemplateFactory()
+    user = factories.UserFactory()
+    factories.UserTemplateAccessFactory(
+        template=template, user=user, role="administrator"
+    )
+    client = APIClient()
+    client.force_login(user)
+    for _i in range(2):
+        response = client.get(f"/api/v1.0/templates/{template.id!s}/accesses/")
+        assert response.status_code == 200
+    with mock.patch("core.api.throttling.capture_message") as mock_capture_message:
+        response = client.get(f"/api/v1.0/templates/{template.id!s}/accesses/")
+        assert response.status_code == 429
+        mock_capture_message.assert_called_once_with(
+            "Rate limit exceeded for scope template_access", "warning"
+        )
+    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["template_access"] = current_rate
--- a/src/backend/core/tests/templates/test_api_templates_list.py
+++ b/src/backend/core/tests/templates/test_api_templates_list.py
@@ -218,3 +218,20 @@ def test_api_templates_list_order_param():
    assert response_template_ids == templates_ids, (
        "created_at values are not sorted from oldest to newest"
    )
+
+
+def test_api_template_throttling(settings):
+    """Test api template throttling."""
+    current_rate = settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["template"]
+    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["template"] = "2/minute"
+    client = APIClient()
+    for _i in range(2):
+        response = client.get("/api/v1.0/templates/")
+        assert response.status_code == 200
+    with mock.patch("core.api.throttling.capture_message") as mock_capture_message:
+        response = client.get("/api/v1.0/templates/")
+        assert response.status_code == 429
+        mock_capture_message.assert_called_once_with(
+            "Rate limit exceeded for scope template", "warning"
+        )
+    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["template"] = current_rate
--- a/src/backend/core/tests/test_api_config.py
+++ b/src/backend/core/tests/test_api_config.py
@@ -3,6 +3,7 @@ Test config API endpoints in the Impress core app.
 """

 import json
+from unittest.mock import patch

 from django.test import override_settings

@@ -174,3 +175,20 @@ def test_api_config_with_original_theme_customization(is_authenticated, settings
        theme_customization = json.load(f)

    assert content["theme_customization"] == theme_customization
+
+
+def test_api_config_throttling(settings):
+    """Test api config throttling."""
+    current_rate = settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["config"]
+    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["config"] = "2/minute"
+    client = APIClient()
+    for _i in range(2):
+        response = client.get("/api/v1.0/config/")
+        assert response.status_code == 200
+    with patch("core.api.throttling.capture_message") as mock_capture_message:
+        response = client.get("/api/v1.0/config/")
+        assert response.status_code == 429
+        mock_capture_message.assert_called_once_with(
+            "Rate limit exceeded for scope config", "warning"
+        )
+    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["config"] = current_rate
--- a/src/backend/core/tests/test_api_users.py
+++ b/src/backend/core/tests/test_api_users.py
@@ -194,18 +194,41 @@ def test_api_users_list_query_short_queries():
    factories.UserFactory(email="john.lennon@example.com")

    response = client.get("/api/v1.0/users/?q=jo")
-    assert response.status_code == 200
-    assert response.json() == []
+    assert response.status_code == 400
+    assert response.json() == {
+        "q": ["Ensure this value has at least 5 characters (it has 2)."]
+    }

    response = client.get("/api/v1.0/users/?q=john")
-    assert response.status_code == 200
-    assert response.json() == []
+    assert response.status_code == 400
+    assert response.json() == {
+        "q": ["Ensure this value has at least 5 characters (it has 4)."]
+    }

    response = client.get("/api/v1.0/users/?q=john.")
    assert response.status_code == 200
    assert len(response.json()) == 2


+def test_api_users_list_query_long_queries():
+    """
+    Queries longer than 255 characters should return an empty result set.
+    """
+    user = factories.UserFactory(email="paul@example.com")
+    client = APIClient()
+    client.force_login(user)
+
+    factories.UserFactory(email="john.doe@example.com")
+    factories.UserFactory(email="john.lennon@example.com")
+
+    query = "a" * 244
+    response = client.get(f"/api/v1.0/users/?q={query}@example.com")
+    assert response.status_code == 400
+    assert response.json() == {
+        "q": ["Ensure this value has at most 254 characters (it has 256)."]
+    }
+
+
 def test_api_users_list_query_inactive():
    """Inactive users should not be listed."""
    user = factories.UserFactory()
--- a/src/backend/core/tests/test_models_documents.py
+++ b/src/backend/core/tests/test_models_documents.py
@@ -6,6 +6,7 @@ Unit tests for the Document model
 import random
 import smtplib
 from logging import Logger
+from operator import itemgetter
 from unittest import mock

 from django.contrib.auth.models import AnonymousUser
@@ -13,12 +14,14 @@ from django.core import mail
 from django.core.cache import cache
 from django.core.exceptions import ValidationError
 from django.core.files.storage import default_storage
+from django.db import transaction
 from django.test.utils import override_settings
 from django.utils import timezone

 import pytest

 from core import factories, models
+from core.services.search_indexers import FindDocumentIndexer

 pytestmark = pytest.mark.django_db

@@ -161,6 +164,7 @@ def test_models_documents_get_abilities_forbidden(
        "collaboration_auth": False,
        "descendants": False,
        "cors_proxy": False,
+        "content": False,
        "destroy": False,
        "duplicate": False,
        "favorite": False,
@@ -224,6 +228,7 @@ def test_models_documents_get_abilities_reader(
        "collaboration_auth": True,
        "descendants": True,
        "cors_proxy": True,
+        "content": True,
        "destroy": False,
        "duplicate": is_authenticated,
        "favorite": is_authenticated,
@@ -289,6 +294,7 @@ def test_models_documents_get_abilities_editor(
        "collaboration_auth": True,
        "descendants": True,
        "cors_proxy": True,
+        "content": True,
        "destroy": False,
        "duplicate": is_authenticated,
        "favorite": is_authenticated,
@@ -343,6 +349,7 @@ def test_models_documents_get_abilities_owner(django_assert_num_queries):
        "collaboration_auth": True,
        "descendants": True,
        "cors_proxy": True,
+        "content": True,
        "destroy": True,
        "duplicate": True,
        "favorite": True,
@@ -394,6 +401,7 @@ def test_models_documents_get_abilities_administrator(django_assert_num_queries)
        "collaboration_auth": True,
        "descendants": True,
        "cors_proxy": True,
+        "content": True,
        "destroy": False,
        "duplicate": True,
        "favorite": True,
@@ -448,6 +456,7 @@ def test_models_documents_get_abilities_editor_user(django_assert_num_queries):
        "collaboration_auth": True,
        "descendants": True,
        "cors_proxy": True,
+        "content": True,
        "destroy": False,
        "duplicate": True,
        "favorite": True,
@@ -509,6 +518,7 @@ def test_models_documents_get_abilities_reader_user(
        "collaboration_auth": True,
        "descendants": True,
        "cors_proxy": True,
+        "content": True,
        "destroy": False,
        "duplicate": True,
        "favorite": True,
@@ -568,6 +578,7 @@ def test_models_documents_get_abilities_preset_role(django_assert_num_queries):
        "collaboration_auth": True,
        "descendants": True,
        "cors_proxy": True,
+        "content": True,
        "destroy": False,
        "duplicate": True,
        "favorite": True,
@@ -593,6 +604,86 @@ def test_models_documents_get_abilities_preset_role(django_assert_num_queries):
    }


+@pytest.mark.parametrize(
+    "is_authenticated, is_creator,role,link_reach,link_role,can_destroy",
+    [
+        (True, False, "owner", "restricted", "editor", True),
+        (True, True, "owner", "restricted", "editor", True),
+        (True, False, "owner", "restricted", "reader", True),
+        (True, True, "owner", "restricted", "reader", True),
+        (True, False, "owner", "authenticated", "editor", True),
+        (True, True, "owner", "authenticated", "editor", True),
+        (True, False, "owner", "authenticated", "reader", True),
+        (True, True, "owner", "authenticated", "reader", True),
+        (True, False, "owner", "public", "editor", True),
+        (True, True, "owner", "public", "editor", True),
+        (True, False, "owner", "public", "reader", True),
+        (True, True, "owner", "public", "reader", True),
+        (True, False, "administrator", "restricted", "editor", True),
+        (True, True, "administrator", "restricted", "editor", True),
+        (True, False, "administrator", "restricted", "reader", True),
+        (True, True, "administrator", "restricted", "reader", True),
+        (True, False, "administrator", "authenticated", "editor", True),
+        (True, True, "administrator", "authenticated", "editor", True),
+        (True, False, "administrator", "authenticated", "reader", True),
+        (True, True, "administrator", "authenticated", "reader", True),
+        (True, False, "administrator", "public", "editor", True),
+        (True, True, "administrator", "public", "editor", True),
+        (True, False, "administrator", "public", "reader", True),
+        (True, True, "administrator", "public", "reader", True),
+        (True, False, "editor", "restricted", "editor", False),
+        (True, True, "editor", "restricted", "editor", True),
+        (True, False, "editor", "restricted", "reader", False),
+        (True, True, "editor", "restricted", "reader", True),
+        (True, False, "editor", "authenticated", "editor", False),
+        (True, True, "editor", "authenticated", "editor", True),
+        (True, False, "editor", "authenticated", "reader", False),
+        (True, True, "editor", "authenticated", "reader", True),
+        (True, False, "editor", "public", "editor", False),
+        (True, True, "editor", "public", "editor", True),
+        (True, False, "editor", "public", "reader", False),
+        (True, True, "editor", "public", "reader", True),
+        (True, False, "reader", "restricted", "editor", False),
+        (True, False, "reader", "restricted", "reader", False),
+        (True, False, "reader", "authenticated", "editor", False),
+        (True, True, "reader", "authenticated", "editor", True),
+        (True, False, "reader", "authenticated", "reader", False),
+        (True, False, "reader", "public", "editor", False),
+        (True, True, "reader", "public", "editor", True),
+        (True, False, "reader", "public", "reader", False),
+        (False, False, None, "restricted", "editor", False),
+        (False, False, None, "restricted", "reader", False),
+        (False, False, None, "authenticated", "editor", False),
+        (False, False, None, "authenticated", "reader", False),
+        (False, False, None, "public", "editor", False),
+        (False, False, None, "public", "reader", False),
+    ],
+)
+# pylint: disable=too-many-arguments, too-many-positional-arguments
+def test_models_documents_get_abilities_children_destroy(  # noqa: PLR0913
+    is_authenticated,
+    is_creator,
+    role,
+    link_reach,
+    link_role,
+    can_destroy,
+):
+    """For a sub document, if a user can create children, he can destroy it."""
+    user = factories.UserFactory() if is_authenticated else AnonymousUser()
+    parent = factories.DocumentFactory(link_reach=link_reach, link_role=link_role)
+    document = factories.DocumentFactory(
+        link_reach=link_reach,
+        link_role=link_role,
+        parent=parent,
+        creator=user if is_creator else None,
+    )
+    if is_authenticated:
+        factories.UserDocumentAccessFactory(document=parent, user=user, role=role)
+
+    abilities = document.get_abilities(user)
+    assert abilities["destroy"] is can_destroy
+
+
@override_settings(AI_ALLOW_REACH_FROM="public")
@pytest.mark.parametrize(
    "is_authenticated,reach",
@@ -1323,3 +1414,285 @@ def test_models_documents_compute_ancestors_links_paths_mapping_structure(
                {"link_reach": sibling.link_reach, "link_role": sibling.link_role},
            ],
        }
+
+
+@mock.patch.object(FindDocumentIndexer, "push")
+@pytest.mark.django_db(transaction=True)
+def test_models_documents_post_save_indexer(mock_push, indexer_settings):
+    """Test indexation task on document creation"""
+    indexer_settings.SEARCH_INDEXER_COUNTDOWN = 0
+
+    with transaction.atomic():
+        doc1, doc2, doc3 = factories.DocumentFactory.create_batch(3)
+
+    accesses = {}
+    data = [call.args[0] for call in mock_push.call_args_list]
+
+    indexer = FindDocumentIndexer()
+
+    assert sorted(data, key=itemgetter("id")) == sorted(
+        [
+            indexer.serialize_document(doc1, accesses),
+            indexer.serialize_document(doc2, accesses),
+            indexer.serialize_document(doc3, accesses),
+        ],
+        key=itemgetter("id"),
+    )
+
+    # The debounce counters should be reset
+    assert cache.get(f"doc-indexer-debounce-{doc1.pk}") == 0
+    assert cache.get(f"doc-indexer-debounce-{doc2.pk}") == 0
+    assert cache.get(f"doc-indexer-debounce-{doc3.pk}") == 0
+
+
+@mock.patch.object(FindDocumentIndexer, "push")
+@pytest.mark.django_db(transaction=True)
+def test_models_documents_post_save_indexer_not_configured(mock_push, indexer_settings):
+    """Task should not start an indexation when disabled"""
+    indexer_settings.SEARCH_INDEXER_COUNTDOWN = 0
+    indexer_settings.SEARCH_INDEXER_CLASS = None
+
+    with transaction.atomic():
+        factories.DocumentFactory()
+
+    assert mock_push.call_args_list == []
+
+
+@mock.patch.object(FindDocumentIndexer, "push")
+@pytest.mark.django_db(transaction=True)
+def test_models_documents_post_save_indexer_with_accesses(mock_push, indexer_settings):
+    """Test indexation task on document creation"""
+    indexer_settings.SEARCH_INDEXER_COUNTDOWN = 0
+
+    user = factories.UserFactory()
+
+    with transaction.atomic():
+        doc1, doc2, doc3 = factories.DocumentFactory.create_batch(3)
+
+        factories.UserDocumentAccessFactory(document=doc1, user=user)
+        factories.UserDocumentAccessFactory(document=doc2, user=user)
+        factories.UserDocumentAccessFactory(document=doc3, user=user)
+
+    accesses = {
+        str(doc1.path): {"users": [user.sub]},
+        str(doc2.path): {"users": [user.sub]},
+        str(doc3.path): {"users": [user.sub]},
+    }
+
+    data = [call.args[0] for call in mock_push.call_args_list]
+
+    indexer = FindDocumentIndexer()
+
+    assert sorted(data, key=itemgetter("id")) == sorted(
+        [
+            indexer.serialize_document(doc1, accesses),
+            indexer.serialize_document(doc2, accesses),
+            indexer.serialize_document(doc3, accesses),
+        ],
+        key=itemgetter("id"),
+    )
+
+    # The debounce counters should be reset
+    assert cache.get(f"doc-indexer-debounce-{doc1.pk}") == 0
+    assert cache.get(f"doc-indexer-debounce-{doc2.pk}") == 0
+    assert cache.get(f"doc-indexer-debounce-{doc3.pk}") == 0
+
+
+@mock.patch.object(FindDocumentIndexer, "push")
+@pytest.mark.django_db(transaction=True)
+def test_models_documents_post_save_indexer_deleted(mock_push, indexer_settings):
+    """Indexation task on deleted or ancestor_deleted documents"""
+    indexer_settings.SEARCH_INDEXER_COUNTDOWN = 0
+
+    user = factories.UserFactory()
+
+    with transaction.atomic():
+        doc = factories.DocumentFactory(
+            link_reach=models.LinkReachChoices.AUTHENTICATED
+        )
+        doc_deleted = factories.DocumentFactory(
+            link_reach=models.LinkReachChoices.AUTHENTICATED
+        )
+        doc_ancestor_deleted = factories.DocumentFactory(
+            parent=doc_deleted,
+            link_reach=models.LinkReachChoices.AUTHENTICATED,
+        )
+        doc_deleted.soft_delete()
+        doc_ancestor_deleted.ancestors_deleted_at = doc_deleted.deleted_at
+
+        factories.UserDocumentAccessFactory(document=doc, user=user)
+        factories.UserDocumentAccessFactory(document=doc_deleted, user=user)
+        factories.UserDocumentAccessFactory(document=doc_ancestor_deleted, user=user)
+
+    doc_deleted.refresh_from_db()
+    doc_ancestor_deleted.refresh_from_db()
+
+    assert doc_deleted.deleted_at is not None
+    assert doc_deleted.ancestors_deleted_at is not None
+
+    assert doc_ancestor_deleted.deleted_at is None
+    assert doc_ancestor_deleted.ancestors_deleted_at is not None
+
+    accesses = {
+        str(doc.path): {"users": [user.sub]},
+        str(doc_deleted.path): {"users": [user.sub]},
+        str(doc_ancestor_deleted.path): {"users": [user.sub]},
+    }
+
+    data = [call.args[0] for call in mock_push.call_args_list]
+
+    indexer = FindDocumentIndexer()
+
+    # Even deleted document are re-indexed : only update their status in the future ?
+    assert sorted(data, key=itemgetter("id")) == sorted(
+        [
+            indexer.serialize_document(doc, accesses),
+            indexer.serialize_document(doc_deleted, accesses),
+            indexer.serialize_document(doc_ancestor_deleted, accesses),
+            indexer.serialize_document(doc_deleted, accesses),  # soft_delete()
+        ],
+        key=itemgetter("id"),
+    )
+
+    # The debounce counters should be reset
+    assert cache.get(f"doc-indexer-debounce-{doc.pk}") == 0
+    assert cache.get(f"doc-indexer-debounce-{doc_deleted.pk}") == 0
+    assert cache.get(f"doc-indexer-debounce-{doc_ancestor_deleted.pk}") == 0
+
+
+@mock.patch.object(FindDocumentIndexer, "push")
+@pytest.mark.django_db(transaction=True)
+def test_models_documents_post_save_indexer_restored(mock_push, indexer_settings):
+    """Restart indexation task on restored documents"""
+    indexer_settings.SEARCH_INDEXER_COUNTDOWN = 0
+
+    user = factories.UserFactory()
+
+    with transaction.atomic():
+        doc = factories.DocumentFactory(
+            link_reach=models.LinkReachChoices.AUTHENTICATED
+        )
+        doc_deleted = factories.DocumentFactory(
+            link_reach=models.LinkReachChoices.AUTHENTICATED
+        )
+        doc_ancestor_deleted = factories.DocumentFactory(
+            parent=doc_deleted,
+            link_reach=models.LinkReachChoices.AUTHENTICATED,
+        )
+        doc_deleted.soft_delete()
+        doc_ancestor_deleted.ancestors_deleted_at = doc_deleted.deleted_at
+
+        factories.UserDocumentAccessFactory(document=doc, user=user)
+        factories.UserDocumentAccessFactory(document=doc_deleted, user=user)
+        factories.UserDocumentAccessFactory(document=doc_ancestor_deleted, user=user)
+
+    doc_deleted.refresh_from_db()
+    doc_ancestor_deleted.refresh_from_db()
+
+    assert doc_deleted.deleted_at is not None
+    assert doc_deleted.ancestors_deleted_at is not None
+
+    assert doc_ancestor_deleted.deleted_at is None
+    assert doc_ancestor_deleted.ancestors_deleted_at is not None
+
+    doc_restored = models.Document.objects.get(pk=doc_deleted.pk)
+    doc_restored.restore()
+
+    doc_ancestor_restored = models.Document.objects.get(pk=doc_ancestor_deleted.pk)
+
+    assert doc_restored.deleted_at is None
+    assert doc_restored.ancestors_deleted_at is None
+
+    assert doc_ancestor_restored.deleted_at is None
+    assert doc_ancestor_restored.ancestors_deleted_at is None
+
+    accesses = {
+        str(doc.path): {"users": [user.sub]},
+        str(doc_deleted.path): {"users": [user.sub]},
+        str(doc_ancestor_deleted.path): {"users": [user.sub]},
+    }
+
+    data = [call.args[0] for call in mock_push.call_args_list]
+
+    indexer = FindDocumentIndexer()
+
+    # All docs are re-indexed
+    assert sorted(data, key=itemgetter("id")) == sorted(
+        [
+            indexer.serialize_document(doc, accesses),
+            indexer.serialize_document(doc_deleted, accesses),
+            indexer.serialize_document(doc_deleted, accesses),  # soft_delete()
+            indexer.serialize_document(doc_restored, accesses),  # restore()
+            indexer.serialize_document(doc_ancestor_deleted, accesses),
+        ],
+        key=itemgetter("id"),
+    )
+
+
+@pytest.mark.django_db(transaction=True)
+def test_models_documents_post_save_indexer_debounce(indexer_settings):
+    """Test indexation task skipping on document update"""
+    indexer_settings.SEARCH_INDEXER_COUNTDOWN = 0
+
+    indexer = FindDocumentIndexer()
+    user = factories.UserFactory()
+
+    with mock.patch.object(FindDocumentIndexer, "push"):
+        with transaction.atomic():
+            doc = factories.DocumentFactory()
+            factories.UserDocumentAccessFactory(document=doc, user=user)
+
+    accesses = {
+        str(doc.path): {"users": [user.sub]},
+    }
+
+    with mock.patch.object(FindDocumentIndexer, "push") as mock_push:
+        # Simulate 1 waiting task
+        cache.set(f"doc-indexer-debounce-{doc.pk}", 1)
+
+        # save doc to trigger the indexer, but nothing should be done since
+        # the counter is over 0
+        with transaction.atomic():
+            doc.save()
+
+        assert [call.args[0] for call in mock_push.call_args_list] == []
+
+    with mock.patch.object(FindDocumentIndexer, "push") as mock_push:
+        # No waiting task
+        cache.set(f"doc-indexer-debounce-{doc.pk}", 0)
+
+        with transaction.atomic():
+            doc = models.Document.objects.get(pk=doc.pk)
+            doc.save()
+
+        assert [call.args[0] for call in mock_push.call_args_list] == [
+            indexer.serialize_document(doc, accesses),
+        ]
+
+
+@pytest.mark.django_db(transaction=True)
+def test_models_documents_access_post_save_indexer(indexer_settings):
+    """Test indexation task on DocumentAccess update"""
+    indexer_settings.SEARCH_INDEXER_COUNTDOWN = 0
+
+    indexer = FindDocumentIndexer()
+    user = factories.UserFactory()
+
+    with mock.patch.object(FindDocumentIndexer, "push"):
+        with transaction.atomic():
+            doc = factories.DocumentFactory()
+            doc_access = factories.UserDocumentAccessFactory(document=doc, user=user)
+
+    accesses = {
+        str(doc.path): {"users": [user.sub]},
+    }
+
+    indexer = FindDocumentIndexer()
+
+    with mock.patch.object(FindDocumentIndexer, "push") as mock_push:
+        with transaction.atomic():
+            doc_access.save()
+
+        assert [call.args[0] for call in mock_push.call_args_list] == [
+            indexer.serialize_document(doc, accesses),
+        ]
--- a/src/backend/core/tests/test_models_users.py
+++ b/src/backend/core/tests/test_models_users.py
@@ -44,3 +44,25 @@ def test_models_users_send_mail_main_missing():
        user.email_user("my subject", "my message")

    assert str(excinfo.value) == "User has no email address."
+
+
+@pytest.mark.parametrize(
+    "sub,is_valid",
+    [
+        ("valid_sub.@+-:=/", True),
+        ("invalid süb", False),
+        (12345, True),
+    ],
+)
+def test_models_users_sub_validator(sub, is_valid):
+    """The "sub" field should be validated."""
+    user = factories.UserFactory()
+    user.sub = sub
+    if is_valid:
+        user.full_clean()
+    else:
+        with pytest.raises(
+            ValidationError,
+            match=("Enter a valid sub. This value should be ASCII only."),
+        ):
+            user.full_clean()
--- a/src/backend/core/tests/test_services_converter_services.py
+++ b/src/backend/core/tests/test_services_converter_services.py
@@ -1,4 +1,4 @@
-"""Test converter services."""
+"""Test y-provider services."""

 from base64 import b64decode
 from unittest.mock import MagicMock, patch
@@ -84,6 +84,42 @@ def test_convert_full_integration(mock_post, settings):
        headers={
            "Authorization": "Bearer test-key",
            "Content-Type": "text/markdown",
+            "Accept": "application/vnd.yjs.doc",
+        },
+        timeout=5,
+        verify=False,
+    )
+
+
+@patch("requests.post")
+def test_convert_full_integration_with_specific_headers(mock_post, settings):
+    """Test successful conversion with specific content type and accept headers."""
+    settings.Y_PROVIDER_API_BASE_URL = "http://test.com/"
+    settings.Y_PROVIDER_API_KEY = "test-key"
+    settings.CONVERSION_API_ENDPOINT = "conversion-endpoint"
+    settings.CONVERSION_API_TIMEOUT = 5
+    settings.CONVERSION_API_SECURE = False
+
+    converter = YdocConverter()
+
+    expected_response = "# Test Document\n\nThis is test content."
+    mock_response = MagicMock()
+    mock_response.text = expected_response
+    mock_response.raise_for_status.return_value = None
+    mock_post.return_value = mock_response
+
+    result = converter.convert(
+        b"test_content", "application/vnd.yjs.doc", "text/markdown"
+    )
+
+    assert result == expected_response
+    mock_post.assert_called_once_with(
+        "http://test.com/conversion-endpoint/",
+        data=b"test_content",
+        headers={
+            "Authorization": "Bearer test-key",
+            "Content-Type": "application/vnd.yjs.doc",
+            "Accept": "text/markdown",
        },
        timeout=5,
        verify=False,
--- a/src/backend/core/tests/test_services_search_indexers.py
+++ b/src/backend/core/tests/test_services_search_indexers.py
@@ -0,0 +1,540 @@
+"""Tests for Documents search indexers"""
+
+from functools import partial
+from json import dumps as json_dumps
+from unittest.mock import patch
+
+from django.contrib.auth.models import AnonymousUser
+from django.core.exceptions import ImproperlyConfigured
+from django.utils.module_loading import import_string
+
+import pytest
+import responses
+from requests import HTTPError
+
+from core import factories, models, utils
+from core.services.search_indexers import (
+    BaseDocumentIndexer,
+    FindDocumentIndexer,
+    get_document_indexer,
+    get_visited_document_ids_of,
+)
+
+pytestmark = pytest.mark.django_db
+
+
+class FakeDocumentIndexer(BaseDocumentIndexer):
+    """Fake indexer for test purpose"""
+
+    def serialize_document(self, document, accesses):
+        return {}
+
+    def push(self, data):
+        pass
+
+    def search_query(self, data, token):
+        return {}
+
+
+def test_services_search_indexer_class_invalid(indexer_settings):
+    """
+    Should raise RuntimeError if SEARCH_INDEXER_CLASS cannot be imported.
+    """
+    indexer_settings.SEARCH_INDEXER_CLASS = "unknown.Unknown"
+
+    assert get_document_indexer() is None
+
+
+def test_services_search_indexer_class(indexer_settings):
+    """
+    Import indexer class defined in setting SEARCH_INDEXER_CLASS.
+    """
+    indexer_settings.SEARCH_INDEXER_CLASS = (
+        "core.tests.test_services_search_indexers.FakeDocumentIndexer"
+    )
+
+    assert isinstance(
+        get_document_indexer(),
+        import_string("core.tests.test_services_search_indexers.FakeDocumentIndexer"),
+    )
+
+
+def test_services_search_indexer_is_configured(indexer_settings):
+    """
+    Should return true only when the indexer class and other configuration settings
+    are valid.
+    """
+    indexer_settings.SEARCH_INDEXER_CLASS = None
+
+    # None
+    get_document_indexer.cache_clear()
+    assert not get_document_indexer()
+
+    # Empty
+    indexer_settings.SEARCH_INDEXER_CLASS = ""
+
+    get_document_indexer.cache_clear()
+    assert not get_document_indexer()
+
+    # Valid class
+    indexer_settings.SEARCH_INDEXER_CLASS = (
+        "core.services.search_indexers.FindDocumentIndexer"
+    )
+
+    get_document_indexer.cache_clear()
+    assert get_document_indexer() is not None
+
+    indexer_settings.SEARCH_INDEXER_URL = ""
+
+    # Invalid url
+    get_document_indexer.cache_clear()
+    assert not get_document_indexer()
+
+
+def test_services_search_indexer_url_is_none(indexer_settings):
+    """
+    Indexer should raise RuntimeError if SEARCH_INDEXER_URL is None or empty.
+    """
+    indexer_settings.SEARCH_INDEXER_URL = None
+
+    with pytest.raises(ImproperlyConfigured) as exc_info:
+        FindDocumentIndexer()
+
+    assert "SEARCH_INDEXER_URL must be set in Django settings." in str(exc_info.value)
+
+
+def test_services_search_indexer_url_is_empty(indexer_settings):
+    """
+    Indexer should raise RuntimeError if SEARCH_INDEXER_URL is empty string.
+    """
+    indexer_settings.SEARCH_INDEXER_URL = ""
+
+    with pytest.raises(ImproperlyConfigured) as exc_info:
+        FindDocumentIndexer()
+
+    assert "SEARCH_INDEXER_URL must be set in Django settings." in str(exc_info.value)
+
+
+def test_services_search_indexer_secret_is_none(indexer_settings):
+    """
+    Indexer should raise RuntimeError if SEARCH_INDEXER_SECRET is None.
+    """
+    indexer_settings.SEARCH_INDEXER_SECRET = None
+
+    with pytest.raises(ImproperlyConfigured) as exc_info:
+        FindDocumentIndexer()
+
+    assert "SEARCH_INDEXER_SECRET must be set in Django settings." in str(
+        exc_info.value
+    )
+
+
+def test_services_search_indexer_secret_is_empty(indexer_settings):
+    """
+    Indexer should raise RuntimeError if SEARCH_INDEXER_SECRET is empty string.
+    """
+    indexer_settings.SEARCH_INDEXER_SECRET = ""
+
+    with pytest.raises(ImproperlyConfigured) as exc_info:
+        FindDocumentIndexer()
+
+    assert "SEARCH_INDEXER_SECRET must be set in Django settings." in str(
+        exc_info.value
+    )
+
+
+def test_services_search_endpoint_is_none(indexer_settings):
+    """
+    Indexer should raise RuntimeError if SEARCH_INDEXER_QUERY_URL is None.
+    """
+    indexer_settings.SEARCH_INDEXER_QUERY_URL = None
+
+    with pytest.raises(ImproperlyConfigured) as exc_info:
+        FindDocumentIndexer()
+
+    assert "SEARCH_INDEXER_QUERY_URL must be set in Django settings." in str(
+        exc_info.value
+    )
+
+
+def test_services_search_endpoint_is_empty(indexer_settings):
+    """
+    Indexer should raise RuntimeError if SEARCH_INDEXER_QUERY_URL is empty.
+    """
+    indexer_settings.SEARCH_INDEXER_QUERY_URL = ""
+
+    with pytest.raises(ImproperlyConfigured) as exc_info:
+        FindDocumentIndexer()
+
+    assert "SEARCH_INDEXER_QUERY_URL must be set in Django settings." in str(
+        exc_info.value
+    )
+
+
+@pytest.mark.usefixtures("indexer_settings")
+def test_services_search_indexers_serialize_document_returns_expected_json():
+    """
+    It should serialize documents with correct metadata and access control.
+    """
+    user_a, user_b = factories.UserFactory.create_batch(2)
+    document = factories.DocumentFactory()
+    factories.DocumentFactory(parent=document)
+
+    factories.UserDocumentAccessFactory(document=document, user=user_a)
+    factories.UserDocumentAccessFactory(document=document, user=user_b)
+    factories.TeamDocumentAccessFactory(document=document, team="team1")
+    factories.TeamDocumentAccessFactory(document=document, team="team2")
+
+    accesses = {
+        document.path: {
+            "users": {str(user_a.sub), str(user_b.sub)},
+            "teams": {"team1", "team2"},
+        }
+    }
+
+    indexer = FindDocumentIndexer()
+    result = indexer.serialize_document(document, accesses)
+
+    assert set(result.pop("users")) == {str(user_a.sub), str(user_b.sub)}
+    assert set(result.pop("groups")) == {"team1", "team2"}
+    assert result == {
+        "id": str(document.id),
+        "title": document.title,
+        "depth": 1,
+        "path": document.path,
+        "numchild": 1,
+        "content": utils.base64_yjs_to_text(document.content),
+        "created_at": document.created_at.isoformat(),
+        "updated_at": document.updated_at.isoformat(),
+        "reach": document.link_reach,
+        "size": 13,
+        "is_active": True,
+    }
+
+
+@pytest.mark.usefixtures("indexer_settings")
+def test_services_search_indexers_serialize_document_deleted():
+    """Deleted documents are marked as just in the serialized json."""
+    parent = factories.DocumentFactory()
+    document = factories.DocumentFactory(parent=parent)
+
+    parent.soft_delete()
+    document.refresh_from_db()
+
+    indexer = FindDocumentIndexer()
+    result = indexer.serialize_document(document, {})
+
+    assert result["is_active"] is False
+
+
+@pytest.mark.usefixtures("indexer_settings")
+def test_services_search_indexers_serialize_document_empty():
+    """Empty documents returns empty content in the serialized json."""
+    document = factories.DocumentFactory(content="", title=None)
+
+    indexer = FindDocumentIndexer()
+    result = indexer.serialize_document(document, {})
+
+    assert result["content"] == ""
+    assert result["title"] == ""
+
+
+@responses.activate
+def test_services_search_indexers_index_errors(indexer_settings):
+    """
+    Documents indexing response handling on Find API HTTP errors.
+    """
+    factories.DocumentFactory()
+
+    indexer_settings.SEARCH_INDEXER_URL = "http://app-find/api/v1.0/documents/index/"
+
+    responses.add(
+        responses.POST,
+        "http://app-find/api/v1.0/documents/index/",
+        status=401,
+        body=json_dumps({"message": "Authentication failed."}),
+    )
+
+    with pytest.raises(HTTPError):
+        FindDocumentIndexer().index()
+
+
+@patch.object(FindDocumentIndexer, "push")
+def test_services_search_indexers_batches_pass_only_batch_accesses(
+    mock_push, indexer_settings
+):
+    """
+    Documents indexing should be processed in batches,
+    and only the access data relevant to each batch should be used.
+    """
+    indexer_settings.SEARCH_INDEXER_BATCH_SIZE = 2
+    documents = factories.DocumentFactory.create_batch(5)
+
+    # Attach a single user access to each document
+    expected_user_subs = {}
+    for document in documents:
+        access = factories.UserDocumentAccessFactory(document=document)
+        expected_user_subs[str(document.id)] = str(access.user.sub)
+
+    assert FindDocumentIndexer().index() == 5
+
+    # Should be 3 batches: 2 + 2 + 1
+    assert mock_push.call_count == 3
+
+    seen_doc_ids = set()
+
+    for call in mock_push.call_args_list:
+        batch = call.args[0]
+        assert isinstance(batch, list)
+
+        for doc_json in batch:
+            doc_id = doc_json["id"]
+            seen_doc_ids.add(doc_id)
+
+            # Only one user expected per document
+            assert doc_json["users"] == [expected_user_subs[doc_id]]
+            assert doc_json["groups"] == []
+
+    # Make sure all 5 documents were indexed
+    assert seen_doc_ids == {str(d.id) for d in documents}
+
+
+@patch.object(FindDocumentIndexer, "push")
+@pytest.mark.usefixtures("indexer_settings")
+def test_services_search_indexers_ignore_empty_documents(mock_push):
+    """
+    Documents indexing should be processed in batches,
+    and only the access data relevant to each batch should be used.
+    """
+    document = factories.DocumentFactory()
+    factories.DocumentFactory(content="", title="")
+    empty_title = factories.DocumentFactory(title="")
+    empty_content = factories.DocumentFactory(content="")
+
+    assert FindDocumentIndexer().index() == 3
+
+    assert mock_push.call_count == 1
+
+    # Make sure only not eempty documents are indexed
+    results = {doc["id"] for doc in mock_push.call_args[0][0]}
+    assert results == {
+        str(d.id)
+        for d in (
+            document,
+            empty_content,
+            empty_title,
+        )
+    }
+
+
+@patch.object(FindDocumentIndexer, "push")
+@pytest.mark.usefixtures("indexer_settings")
+def test_services_search_indexers_ancestors_link_reach(mock_push):
+    """Document accesses and reach should take into account ancestors link reaches."""
+    great_grand_parent = factories.DocumentFactory(link_reach="restricted")
+    grand_parent = factories.DocumentFactory(
+        parent=great_grand_parent, link_reach="authenticated"
+    )
+    parent = factories.DocumentFactory(parent=grand_parent, link_reach="public")
+    document = factories.DocumentFactory(parent=parent, link_reach="restricted")
+
+    assert FindDocumentIndexer().index() == 4
+
+    results = {doc["id"]: doc for doc in mock_push.call_args[0][0]}
+    assert len(results) == 4
+    assert results[str(great_grand_parent.id)]["reach"] == "restricted"
+    assert results[str(grand_parent.id)]["reach"] == "authenticated"
+    assert results[str(parent.id)]["reach"] == "public"
+    assert results[str(document.id)]["reach"] == "public"
+
+
+@patch.object(FindDocumentIndexer, "push")
+@pytest.mark.usefixtures("indexer_settings")
+def test_services_search_indexers_ancestors_users(mock_push):
+    """Document accesses and reach should include users from ancestors."""
+    user_gp, user_p, user_d = factories.UserFactory.create_batch(3)
+
+    grand_parent = factories.DocumentFactory(users=[user_gp])
+    parent = factories.DocumentFactory(parent=grand_parent, users=[user_p])
+    document = factories.DocumentFactory(parent=parent, users=[user_d])
+
+    assert FindDocumentIndexer().index() == 3
+
+    results = {doc["id"]: doc for doc in mock_push.call_args[0][0]}
+    assert len(results) == 3
+    assert results[str(grand_parent.id)]["users"] == [str(user_gp.sub)]
+    assert set(results[str(parent.id)]["users"]) == {str(user_gp.sub), str(user_p.sub)}
+    assert set(results[str(document.id)]["users"]) == {
+        str(user_gp.sub),
+        str(user_p.sub),
+        str(user_d.sub),
+    }
+
+
+@patch.object(FindDocumentIndexer, "push")
+@pytest.mark.usefixtures("indexer_settings")
+def test_services_search_indexers_ancestors_teams(mock_push):
+    """Document accesses and reach should include teams from ancestors."""
+    grand_parent = factories.DocumentFactory(teams=["team_gp"])
+    parent = factories.DocumentFactory(parent=grand_parent, teams=["team_p"])
+    document = factories.DocumentFactory(parent=parent, teams=["team_d"])
+
+    assert FindDocumentIndexer().index() == 3
+
+    results = {doc["id"]: doc for doc in mock_push.call_args[0][0]}
+    assert len(results) == 3
+    assert results[str(grand_parent.id)]["groups"] == ["team_gp"]
+    assert set(results[str(parent.id)]["groups"]) == {"team_gp", "team_p"}
+    assert set(results[str(document.id)]["groups"]) == {"team_gp", "team_p", "team_d"}
+
+
+@patch("requests.post")
+def test_push_uses_correct_url_and_data(mock_post, indexer_settings):
+    """
+    push() should call requests.post with the correct URL from settings
+    the timeout set to 10 seconds and the data as JSON.
+    """
+    indexer_settings.SEARCH_INDEXER_URL = "http://example.com/index"
+
+    indexer = FindDocumentIndexer()
+    sample_data = [{"id": "123", "title": "Test"}]
+
+    mock_response = mock_post.return_value
+    mock_response.raise_for_status.return_value = None  # No error
+
+    indexer.push(sample_data)
+
+    mock_post.assert_called_once()
+    args, kwargs = mock_post.call_args
+
+    assert args[0] == indexer_settings.SEARCH_INDEXER_URL
+    assert kwargs.get("json") == sample_data
+    assert kwargs.get("timeout") == 10
+
+
+def test_get_visited_document_ids_of():
+    """
+    get_visited_document_ids_of() returns the ids of the documents viewed
+    by the user BUT without specific access configuration (like public ones)
+    """
+    user = factories.UserFactory()
+    other = factories.UserFactory()
+    anonymous = AnonymousUser()
+    queryset = models.Document.objects.all()
+
+    assert not get_visited_document_ids_of(queryset, anonymous)
+    assert not get_visited_document_ids_of(queryset, user)
+
+    doc1, doc2, _ = factories.DocumentFactory.create_batch(3)
+
+    create_link = partial(models.LinkTrace.objects.create, user=user, is_masked=False)
+
+    create_link(document=doc1)
+    create_link(document=doc2)
+
+    # The third document is not visited
+    assert sorted(get_visited_document_ids_of(queryset, user)) == sorted(
+        [str(doc1.pk), str(doc2.pk)]
+    )
+
+    factories.UserDocumentAccessFactory(user=other, document=doc1)
+    factories.UserDocumentAccessFactory(user=user, document=doc2)
+
+    # The second document have an access for the user
+    assert get_visited_document_ids_of(queryset, user) == [str(doc1.pk)]
+
+
+@pytest.mark.usefixtures("indexer_settings")
+def test_get_visited_document_ids_of_deleted():
+    """
+    get_visited_document_ids_of() returns the ids of the documents viewed
+    by the user if they are not deleted.
+    """
+    user = factories.UserFactory()
+    anonymous = AnonymousUser()
+    queryset = models.Document.objects.all()
+
+    assert not get_visited_document_ids_of(queryset, anonymous)
+    assert not get_visited_document_ids_of(queryset, user)
+
+    doc = factories.DocumentFactory()
+    doc_deleted = factories.DocumentFactory()
+    doc_ancestor_deleted = factories.DocumentFactory(parent=doc_deleted)
+
+    create_link = partial(models.LinkTrace.objects.create, user=user, is_masked=False)
+
+    create_link(document=doc)
+    create_link(document=doc_deleted)
+    create_link(document=doc_ancestor_deleted)
+
+    # The all documents are visited
+    assert sorted(get_visited_document_ids_of(queryset, user)) == sorted(
+        [str(doc.pk), str(doc_deleted.pk), str(doc_ancestor_deleted.pk)]
+    )
+
+    doc_deleted.soft_delete()
+
+    # Only the first document is not deleted
+    assert get_visited_document_ids_of(queryset, user) == [str(doc.pk)]
+
+
+@responses.activate
+def test_services_search_indexers_search_errors(indexer_settings):
+    """
+    Documents indexing response handling on Find API HTTP errors.
+    """
+    factories.DocumentFactory()
+
+    indexer_settings.SEARCH_INDEXER_QUERY_URL = (
+        "http://app-find/api/v1.0/documents/search/"
+    )
+
+    responses.add(
+        responses.POST,
+        "http://app-find/api/v1.0/documents/search/",
+        status=401,
+        body=json_dumps({"message": "Authentication failed."}),
+    )
+
+    with pytest.raises(HTTPError):
+        FindDocumentIndexer().search("alpha", token="mytoken")
+
+
+@patch("requests.post")
+def test_services_search_indexers_search(mock_post, indexer_settings):
+    """
+    search() should call requests.post to SEARCH_INDEXER_QUERY_URL with the
+    document ids from linktraces.
+    """
+    user = factories.UserFactory()
+    indexer = FindDocumentIndexer()
+
+    mock_response = mock_post.return_value
+    mock_response.raise_for_status.return_value = None  # No error
+
+    doc1, doc2, _ = factories.DocumentFactory.create_batch(3)
+
+    create_link = partial(models.LinkTrace.objects.create, user=user, is_masked=False)
+
+    create_link(document=doc1)
+    create_link(document=doc2)
+
+    visited = get_visited_document_ids_of(models.Document.objects.all(), user)
+
+    indexer.search("alpha", visited=visited, token="mytoken")
+
+    args, kwargs = mock_post.call_args
+
+    assert args[0] == indexer_settings.SEARCH_INDEXER_QUERY_URL
+
+    query_data = kwargs.get("json")
+    assert query_data["q"] == "alpha"
+    assert sorted(query_data["visited"]) == sorted([str(doc1.pk), str(doc2.pk)])
+    assert query_data["services"] == ["docs"]
+    assert query_data["page_number"] == 1
+    assert query_data["page_size"] == 50
+    assert query_data["order_by"] == "updated_at"
+    assert query_data["order_direction"] == "desc"
+
+    assert kwargs.get("headers") == {"Authorization": "Bearer mytoken"}
+    assert kwargs.get("timeout") == 10
--- a/src/backend/core/tests/test_utils.py
+++ b/src/backend/core/tests/test_utils.py
@@ -75,3 +75,28 @@ def test_utils_extract_attachments():
    base64_string = base64.b64encode(update).decode("utf-8")
    # image_key2 is missing the "/media/" part and shouldn't get extracted
    assert utils.extract_attachments(base64_string) == [image_key1, image_key3]
+
+
+def test_utils_get_ancestor_to_descendants_map_single_path():
+    """Test ancestor mapping of a single path."""
+    paths = ["000100020005"]
+    result = utils.get_ancestor_to_descendants_map(paths, steplen=4)
+
+    assert result == {
+        "0001": {"000100020005"},
+        "00010002": {"000100020005"},
+        "000100020005": {"000100020005"},
+    }
+
+
+def test_utils_get_ancestor_to_descendants_map_multiple_paths():
+    """Test ancestor mapping of multiple paths with shared prefixes."""
+    paths = ["000100020005", "00010003"]
+    result = utils.get_ancestor_to_descendants_map(paths, steplen=4)
+
+    assert result == {
+        "0001": {"000100020005", "00010003"},
+        "00010002": {"000100020005"},
+        "000100020005": {"000100020005"},
+        "00010003": {"00010003"},
+    }
--- a/src/backend/core/utils.py
+++ b/src/backend/core/utils.py
@@ -2,6 +2,7 @@

 import base64
 import re
+from collections import defaultdict

 import pycrdt
 from bs4 import BeautifulSoup
@@ -9,6 +10,27 @@ from bs4 import BeautifulSoup
 from core import enums


+def get_ancestor_to_descendants_map(paths, steplen):
+    """
+    Given a list of document paths, return a mapping of ancestor_path -> set of descendant_paths.
+
+    Each path is assumed to use materialized path format with fixed-length segments.
+
+    Args:
+        paths (list of str): List of full document paths.
+        steplen (int): Length of each path segment.
+
+    Returns:
+        dict[str, set[str]]: Mapping from ancestor path to its descendant paths (including itself).
+    """
+    ancestor_map = defaultdict(set)
+    for path in paths:
+        for i in range(steplen, len(path) + 1, steplen):
+            ancestor = path[:i]
+            ancestor_map[ancestor].add(path)
+    return ancestor_map
+
+
 def filter_descendants(paths, root_paths, skip_sorting=False):
    """
    Filters paths to keep only those that are descendants of any path in root_paths.
--- a/src/backend/core/validators.py
+++ b/src/backend/core/validators.py
@@ -0,0 +1,9 @@
+"""Custom validators for the core app."""
+
+from django.core.exceptions import ValidationError
+
+
+def sub_validator(value):
+    """Validate that the sub is ASCII only."""
+    if not value.isascii():
+        raise ValidationError("Enter a valid sub. This value should be ASCII only.")
--- a/src/backend/demo/defaults.py
+++ b/src/backend/demo/defaults.py
@@ -8,11 +8,19 @@ NB_OBJECTS = {

 DEV_USERS = [
    {"username": "impress", "email": "impress@impress.world", "language": "en-us"},
-    {"username": "user-e2e-webkit", "email": "user@webkit.test", "language": "en-us"},
-    {"username": "user-e2e-firefox", "email": "user@firefox.test", "language": "en-us"},
+    {
+        "username": "user-e2e-webkit",
+        "email": "user.test@webkit.test",
+        "language": "en-us",
+    },
+    {
+        "username": "user-e2e-firefox",
+        "email": "user.test@firefox.test",
+        "language": "en-us",
+    },
    {
        "username": "user-e2e-chromium",
-        "email": "user@chromium.test",
+        "email": "user.test@chromium.test",
        "language": "en-us",
    },
 ]
--- a/src/backend/demo/management/commands/create_demo.py
+++ b/src/backend/demo/management/commands/create_demo.py
@@ -1,16 +1,19 @@
 # ruff: noqa: S311, S106
 """create_demo management command"""

+import base64
 import logging
 import math
 import random
 import time
 from collections import defaultdict
+from uuid import uuid4

 from django import db
 from django.conf import settings
 from django.core.management.base import BaseCommand, CommandError

+import pycrdt
 from faker import Faker

 from core import models
@@ -27,6 +30,16 @@ def random_true_with_probability(probability):
    return random.random() < probability


+def get_ydoc_for_text(text):
+    """Return a ydoc from plain text for demo purposes."""
+    ydoc = pycrdt.Doc()
+    paragraph = pycrdt.XmlElement("p", {}, [pycrdt.XmlText(text)])
+    fragment = pycrdt.XmlFragment([paragraph])
+    ydoc["document-store"] = fragment
+    update = ydoc.get_update()
+    return base64.b64encode(update).decode("utf-8")
+
+
 class BulkQueue:
    """A utility class to create Django model instances in bulk by just pushing to a queue."""

@@ -48,7 +61,7 @@ class BulkQueue:
        self.queue[objects[0]._meta.model.__name__] = []  # noqa: SLF001

    def push(self, obj):
-        """Add a model instance to queue to that it gets created in bulk."""
+        """Add a model instance to queue so that it gets created in bulk."""
        objects = self.queue[obj._meta.model.__name__]  # noqa: SLF001
        objects.append(obj)
        if len(objects) > self.BATCH_SIZE:
@@ -119,8 +132,8 @@ def create_demo(stdout):
            first_name = random.choice(first_names)
            queue.push(
                models.User(
-                    admin_email=f"user{i:d}@example.com",
-                    email=f"user{i:d}@example.com",
+                    admin_email=f"user.test{i:d}@example.com",
+                    email=f"user.test{i:d}@example.com",
                    password="!",
                    is_superuser=False,
                    is_active=True,
@@ -139,17 +152,19 @@ def create_demo(stdout):
            # pylint: disable=protected-access
            key = models.Document._int2str(i)  # noqa: SLF001
            padding = models.Document.alphabet[0] * (models.Document.steplen - len(key))
-            queue.push(
-                models.Document(
-                    depth=1,
-                    path=f"{padding}{key}",
-                    creator_id=random.choice(users_ids),
-                    title=fake.sentence(nb_words=4),
-                    link_reach=models.LinkReachChoices.AUTHENTICATED
-                    if random_true_with_probability(0.5)
-                    else random.choice(models.LinkReachChoices.values),
-                )
+            title = fake.sentence(nb_words=4)
+            document = models.Document(
+                id=uuid4(),
+                depth=1,
+                path=f"{padding}{key}",
+                creator_id=random.choice(users_ids),
+                title=title,
+                link_reach=models.LinkReachChoices.AUTHENTICATED
+                if random_true_with_probability(0.5)
+                else random.choice(models.LinkReachChoices.values),
            )
+            document.save_content(get_ydoc_for_text(f"Content for {title:s}"))
+            queue.push(document)

        queue.flush()

--- a/src/backend/demo/tests/test_commands_create_demo.py
+++ b/src/backend/demo/tests/test_commands_create_demo.py
@@ -33,9 +33,9 @@ def test_commands_create_demo():
    # assert dev users have doc accesses
    user = models.User.objects.get(email="impress@impress.world")
    assert models.DocumentAccess.objects.filter(user=user).exists()
-    user = models.User.objects.get(email="user@webkit.test")
+    user = models.User.objects.get(email="user.test@webkit.test")
    assert models.DocumentAccess.objects.filter(user=user).exists()
-    user = models.User.objects.get(email="user@firefox.test")
+    user = models.User.objects.get(email="user.test@firefox.test")
    assert models.DocumentAccess.objects.filter(user=user).exists()
-    user = models.User.objects.get(email="user@chromium.test")
+    user = models.User.objects.get(email="user.test@chromium.test")
    assert models.DocumentAccess.objects.filter(user=user).exists()
--- a/src/backend/impress/configuration/theme/default.json
+++ b/src/backend/impress/configuration/theme/default.json
@@ -9,7 +9,7 @@
      },
      "externalLinks": [
        {
-          "label": "Github",
+          "label": "GitHub",
          "href": "https://github.com/suitenumerique/docs/"
        },
        {
--- a/src/backend/impress/settings.py
+++ b/src/backend/impress/settings.py
@@ -18,6 +18,7 @@ from django.utils.translation import gettext_lazy as _

 import sentry_sdk
 from configurations import Configuration, values
+from cryptography.fernet import Fernet
 from csp.constants import NONE
 from lasuite.configuration.values import SecretFileValue
 from sentry_sdk.integrations.django import DjangoIntegration
@@ -99,6 +100,28 @@ class Base(Configuration):
    }
    DEFAULT_AUTO_FIELD = "django.db.models.AutoField"

+    # Search
+    SEARCH_INDEXER_CLASS = values.Value(
+        default=None,
+        environ_name="SEARCH_INDEXER_CLASS",
+        environ_prefix=None,
+    )
+    SEARCH_INDEXER_BATCH_SIZE = values.IntegerValue(
+        default=100_000, environ_name="SEARCH_INDEXER_BATCH_SIZE", environ_prefix=None
+    )
+    SEARCH_INDEXER_URL = values.Value(
+        default=None, environ_name="SEARCH_INDEXER_URL", environ_prefix=None
+    )
+    SEARCH_INDEXER_COUNTDOWN = values.IntegerValue(
+        default=1, environ_name="SEARCH_INDEXER_COUNTDOWN", environ_prefix=None
+    )
+    SEARCH_INDEXER_SECRET = values.Value(
+        default=None, environ_name="SEARCH_INDEXER_SECRET", environ_prefix=None
+    )
+    SEARCH_INDEXER_QUERY_URL = values.Value(
+        default=None, environ_name="SEARCH_INDEXER_QUERY_URL", environ_prefix=None
+    )
+
    # Static files (CSS, JavaScript, Images)
    STATIC_URL = "/static/"
    STATIC_ROOT = os.path.join(DATA_DIR, "static")
@@ -142,7 +165,7 @@ class Base(Configuration):
    )

    # Document images
-    DOCUMENT_IMAGE_MAX_SIZE = values.Value(
+    DOCUMENT_IMAGE_MAX_SIZE = values.IntegerValue(
        10 * (2**20),  # 10MB
        environ_name="DOCUMENT_IMAGE_MAX_SIZE",
        environ_prefix=None,
@@ -356,6 +379,9 @@ class Base(Configuration):
        "PAGE_SIZE": 20,
        "DEFAULT_VERSIONING_CLASS": "rest_framework.versioning.URLPathVersioning",
        "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
+        "DEFAULT_THROTTLE_CLASSES": [
+            "lasuite.drf.throttling.MonitoredScopedRateThrottle",
+        ],
        "DEFAULT_THROTTLE_RATES": {
            "user_list_sustained": values.Value(
                default="180/hour",
@@ -367,8 +393,46 @@ class Base(Configuration):
                environ_name="API_USERS_LIST_THROTTLE_RATE_BURST",
                environ_prefix=None,
            ),
+            "document": values.Value(
+                default="80/minute",
+                environ_name="API_DOCUMENT_THROTTLE_RATE",
+                environ_prefix=None,
+            ),
+            "document_access": values.Value(
+                default="50/minute",
+                environ_name="API_DOCUMENT_ACCESS_THROTTLE_RATE",
+                environ_prefix=None,
+            ),
+            "template": values.Value(
+                default="30/minute",
+                environ_name="API_TEMPLATE_THROTTLE_RATE",
+                environ_prefix=None,
+            ),
+            "template_access": values.Value(
+                default="30/minute",
+                environ_name="API_TEMPLATE_ACCESS_THROTTLE_RATE",
+                environ_prefix=None,
+            ),
+            "invitation": values.Value(
+                default="60/minute",
+                environ_name="API_INVITATION_THROTTLE_RATE",
+                environ_prefix=None,
+            ),
+            "document_ask_for_access": values.Value(
+                default="30/minute",
+                environ_name="API_DOCUMENT_ASK_FOR_ACCESS_THROTTLE_RATE",
+                environ_prefix=None,
+            ),
+            "config": values.Value(
+                default="30/minute",
+                environ_name="API_CONFIG_THROTTLE_RATE",
+                environ_prefix=None,
+            ),
        },
    }
+    MONITORED_THROTTLE_FAILURE_CALLBACK = (
+        "core.api.throttling.sentry_monitoring_throttle_failure"
+    )

    SPECTACULAR_SETTINGS = {
        "TITLE": "Impress API",
@@ -881,6 +945,14 @@ class Development(Base):
        },
    }

+    # There is no key for token storage in default configuration.
+    # In development environment we can create one if needed.
+    OIDC_STORE_REFRESH_TOKEN_KEY = values.Value(
+        default=Fernet.generate_key().decode(),
+        environ_name="OIDC_STORE_REFRESH_TOKEN_KEY",
+        environ_prefix=None,
+    )
+
    def __init__(self):
        # pylint: disable=invalid-name
        self.INSTALLED_APPS += ["django_extensions", "drf_spectacular_sidecar"]
--- a/src/backend/locale/br_FR/LC_MESSAGES/django.po
+++ b/src/backend/locale/br_FR/LC_MESSAGES/django.po
@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-docs\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-07-08 15:21+0000\n"
-"PO-Revision-Date: 2025-07-18 10:25\n"
+"POT-Creation-Date: 2025-09-10 14:29+0000\n"
+"PO-Revision-Date: 2025-09-12 09:50\n"
 "Last-Translator: \n"
 "Language-Team: Breton\n"
 "Language: br_FR\n"
@@ -43,30 +43,34 @@ msgid "Creator is me"
 msgstr "Me eo an aozer"

 #: build/lib/core/api/filters.py:64 core/api/filters.py:64
+msgid "Masked"
+msgstr "Kuzhet"
+
+#: build/lib/core/api/filters.py:67 core/api/filters.py:67
 msgid "Favorite"
 msgstr "Sinedoù"

-#: build/lib/core/api/serializers.py:467 core/api/serializers.py:467
+#: build/lib/core/api/serializers.py:487 core/api/serializers.py:487
 msgid "A new document was created on your behalf!"
 msgstr "Ur restr nevez a zo bet krouet ganeoc'h!"

-#: build/lib/core/api/serializers.py:471 core/api/serializers.py:471
+#: build/lib/core/api/serializers.py:491 core/api/serializers.py:491
 msgid "You have been granted ownership of a new document:"
 msgstr "C'hwi zo bet disklaeriet perc'henn ur restr nevez:"

-#: build/lib/core/api/serializers.py:608 core/api/serializers.py:608
+#: build/lib/core/api/serializers.py:628 core/api/serializers.py:628
 msgid "Body"
 msgstr "Korf"

-#: build/lib/core/api/serializers.py:611 core/api/serializers.py:611
+#: build/lib/core/api/serializers.py:631 core/api/serializers.py:631
 msgid "Body type"
 msgstr "Doare korf"

-#: build/lib/core/api/serializers.py:617 core/api/serializers.py:617
+#: build/lib/core/api/serializers.py:637 core/api/serializers.py:637
 msgid "Format"
 msgstr "Stumm"

-#: build/lib/core/api/viewsets.py:943 core/api/viewsets.py:943
+#: build/lib/core/api/viewsets.py:965 core/api/viewsets.py:965
 #, python-brace-format
 msgid "copy of {title}"
 msgstr "eilenn {title}"
@@ -125,182 +129,178 @@ msgstr "Kleiz"
 msgid "Right"
 msgstr "Dehoù"

-#: build/lib/core/models.py:79 core/models.py:79
+#: build/lib/core/models.py:80 core/models.py:80
 msgid "id"
 msgstr "id"

-#: build/lib/core/models.py:80 core/models.py:80
+#: build/lib/core/models.py:81 core/models.py:81
 msgid "primary key for the record as UUID"
 msgstr "alc'hwez kentañ evit an enrollañ evel UIID"

-#: build/lib/core/models.py:86 core/models.py:86
+#: build/lib/core/models.py:87 core/models.py:87
 msgid "created on"
 msgstr "krouet d'ar/al"

-#: build/lib/core/models.py:87 core/models.py:87
+#: build/lib/core/models.py:88 core/models.py:88
 msgid "date and time at which a record was created"
 msgstr "deiziad hag eurvezh krouidigezh an enrolladenn"

-#: build/lib/core/models.py:92 core/models.py:92
+#: build/lib/core/models.py:93 core/models.py:93
 msgid "updated on"
 msgstr "hizivaet d'ar/al"

-#: build/lib/core/models.py:93 core/models.py:93
+#: build/lib/core/models.py:94 core/models.py:94
 msgid "date and time at which a record was last updated"
 msgstr "deiziad hag eurvezh m'eo bet hizivaet an enrolladenn"

-#: build/lib/core/models.py:129 core/models.py:129
+#: build/lib/core/models.py:130 core/models.py:130
 msgid "We couldn't find a user with this sub but the email is already associated with a registered user."
 msgstr "N'hon eus kavet implijer ebet gant an isstrollad-mañ met ar postel a zo liammet ouzh un implijer enrollet."

-#: build/lib/core/models.py:142 core/models.py:142
-msgid "Enter a valid sub. This value may contain only letters, numbers, and @/./+/-/_/: characters."
-msgstr "Ebarzhit un isstrollad mat. An talvoud-mañ a c'hall enderc'hel lizhiri, sifroù hag arouezioù @/./+/-/_/: hepken."
-
-#: build/lib/core/models.py:148 core/models.py:148
+#: build/lib/core/models.py:141 core/models.py:141
 msgid "sub"
 msgstr "isstrollad"

-#: build/lib/core/models.py:150 core/models.py:150
-msgid "Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
-msgstr "Rekis. 255 arouezenn pe nebeutoc'h. Lizhiri, sifroù hag arouezioù @/./+/-/_/: hepken."
+#: build/lib/core/models.py:142 core/models.py:142
+msgid "Required. 255 characters or fewer. ASCII characters only."
+msgstr ""

-#: build/lib/core/models.py:159 core/models.py:159
+#: build/lib/core/models.py:150 core/models.py:150
 msgid "full name"
 msgstr "anv klok"

-#: build/lib/core/models.py:160 core/models.py:160
+#: build/lib/core/models.py:151 core/models.py:151
 msgid "short name"
 msgstr "anv berr"

-#: build/lib/core/models.py:162 core/models.py:162
+#: build/lib/core/models.py:153 core/models.py:153
 msgid "identity email address"
 msgstr "postel identelezh"

-#: build/lib/core/models.py:167 core/models.py:167
+#: build/lib/core/models.py:158 core/models.py:158
 msgid "admin email address"
 msgstr "postel ar merour"

-#: build/lib/core/models.py:174 core/models.py:174
+#: build/lib/core/models.py:165 core/models.py:165
 msgid "language"
 msgstr "yezh"

-#: build/lib/core/models.py:175 core/models.py:175
+#: build/lib/core/models.py:166 core/models.py:166
 msgid "The language in which the user wants to see the interface."
-msgstr "Ar yezh en deus c'hoant da welet an implijer an etrefas enni."
+msgstr "Ar yezh a vo implijet evit etrefas an implijer."

-#: build/lib/core/models.py:183 core/models.py:183
+#: build/lib/core/models.py:174 core/models.py:174
 msgid "The timezone in which the user wants to see times."
-msgstr "Ar gwerzhid-eur en deus c'hoant da welet an implijer an eur drezañ."
+msgstr "Ar gwerzhid-eur a vo implijet evit etrefas an implijer."

-#: build/lib/core/models.py:186 core/models.py:186
+#: build/lib/core/models.py:177 core/models.py:177
 msgid "device"
 msgstr "trevnad"

-#: build/lib/core/models.py:188 core/models.py:188
+#: build/lib/core/models.py:179 core/models.py:179
 msgid "Whether the user is a device or a real user."
 msgstr "Pe vefe an implijer un aparailh pe un implijer gwirion."

-#: build/lib/core/models.py:191 core/models.py:191
+#: build/lib/core/models.py:182 core/models.py:182
 msgid "staff status"
 msgstr "statud ar skipailh"

-#: build/lib/core/models.py:193 core/models.py:193
+#: build/lib/core/models.py:184 core/models.py:184
 msgid "Whether the user can log into this admin site."
 msgstr "Ma c'hall an implijer kevreañ ouzh al lec'hienn verañ-mañ."

-#: build/lib/core/models.py:196 core/models.py:196
+#: build/lib/core/models.py:187 core/models.py:187
 msgid "active"
 msgstr "oberiant"

-#: build/lib/core/models.py:199 core/models.py:199
+#: build/lib/core/models.py:190 core/models.py:190
 msgid "Whether this user should be treated as active. Unselect this instead of deleting accounts."
 msgstr "Ma rank bezañ tretet an implijer-mañ evel oberiant. Diziuzit an dra-mañ e-plas dilemel kontoù."

-#: build/lib/core/models.py:211 core/models.py:211
+#: build/lib/core/models.py:202 core/models.py:202
 msgid "user"
 msgstr "implijer"

-#: build/lib/core/models.py:212 core/models.py:212
+#: build/lib/core/models.py:203 core/models.py:203
 msgid "users"
 msgstr "implijerien"

-#: build/lib/core/models.py:368 build/lib/core/models.py:1281
-#: core/models.py:368 core/models.py:1281
+#: build/lib/core/models.py:359 build/lib/core/models.py:1281
+#: core/models.py:359 core/models.py:1281
 msgid "title"
 msgstr "titl"

-#: build/lib/core/models.py:369 core/models.py:369
+#: build/lib/core/models.py:360 core/models.py:360
 msgid "excerpt"
 msgstr "bomm"

-#: build/lib/core/models.py:418 core/models.py:418
+#: build/lib/core/models.py:409 core/models.py:409
 msgid "Document"
-msgstr "Teul"
+msgstr "Restr"

-#: build/lib/core/models.py:419 core/models.py:419
+#: build/lib/core/models.py:410 core/models.py:410
 msgid "Documents"
-msgstr "Teulioù"
+msgstr "Restroù"

-#: build/lib/core/models.py:431 build/lib/core/models.py:820 core/models.py:431
-#: core/models.py:820
+#: build/lib/core/models.py:422 build/lib/core/models.py:819 core/models.py:422
+#: core/models.py:819
 msgid "Untitled Document"
-msgstr "Teuliad hep titl"
+msgstr "Restr hep titl"

-#: build/lib/core/models.py:855 core/models.py:855
+#: build/lib/core/models.py:854 core/models.py:854
 #, python-brace-format
 msgid "{name} shared a document with you!"
-msgstr "{name} en deus rannet un teul ganeoc'h!"
+msgstr "{name} en deus rannet ur restr ganeoc'h!"

-#: build/lib/core/models.py:859 core/models.py:859
+#: build/lib/core/models.py:858 core/models.py:858
 #, python-brace-format
 msgid "{name} invited you with the role \"{role}\" on the following document:"
-msgstr "{name} en deus pedet ac'hanoc'h gant ar rol \"{role}\" war an teul da-heul:"
+msgstr "{name} en deus pedet ac'hanoc'h gant ar rol \"{role}\" war ar restr da-heul:"

-#: build/lib/core/models.py:865 core/models.py:865
+#: build/lib/core/models.py:864 core/models.py:864
 #, python-brace-format
 msgid "{name} shared a document with you: {title}"
-msgstr "{name} en deus rannet un teul ganeoc'h: {title}"
+msgstr "{name} en deus rannet ur restr ganeoc'h: {title}"

 #: build/lib/core/models.py:964 core/models.py:964
 msgid "Document/user link trace"
-msgstr "Roud liamm an teuliad/an implijer"
+msgstr "Roud liamm ar restr/an implijer"

 #: build/lib/core/models.py:965 core/models.py:965
 msgid "Document/user link traces"
-msgstr "Roudoù liamm an teuliad/an implijer"
+msgstr "Roudoù liamm ar restr/an implijer"

 #: build/lib/core/models.py:971 core/models.py:971
 msgid "A link trace already exists for this document/user."
-msgstr "Ur roud liamm a zo dija evit an teul/an implijer."
+msgstr "Ur roud liamm a zo dija evit an restr/an implijer."

 #: build/lib/core/models.py:994 core/models.py:994
 msgid "Document favorite"
-msgstr "Teuliad muiañ-karet"
+msgstr "Restr muiañ-karet"

 #: build/lib/core/models.py:995 core/models.py:995
 msgid "Document favorites"
-msgstr "Teuliadoù muiañ-karet"
+msgstr "Restroù muiañ-karet"

 #: build/lib/core/models.py:1001 core/models.py:1001
 msgid "This document is already targeted by a favorite relation instance for the same user."
-msgstr "An teul-mañ a zo un teul muiañ karet gant an implijer-mañ."
+msgstr "Ar restr-mañ a zo ur restr muiañ karet gant an implijer-mañ."

 #: build/lib/core/models.py:1023 core/models.py:1023
 msgid "Document/user relation"
-msgstr "Liamm teul/implijer"
+msgstr "Liamm restr/implijer"

 #: build/lib/core/models.py:1024 core/models.py:1024
 msgid "Document/user relations"
-msgstr "Liammoù teul/implijer"
+msgstr "Liammoù restr/implijer"

 #: build/lib/core/models.py:1030 core/models.py:1030
 msgid "This user is already in this document."
-msgstr "An implijer-mañ a zo dija en teul-mañ."
+msgstr "An implijer-mañ a zo dija er restr-mañ."

 #: build/lib/core/models.py:1036 core/models.py:1036
 msgid "This team is already in this document."
-msgstr "Ar skipailh-mañ a zo dija en teul-mañ."
+msgstr "Ar skipailh-mañ a zo dija en restr-mañ."

 #: build/lib/core/models.py:1042 build/lib/core/models.py:1367
 #: core/models.py:1042 core/models.py:1367
@@ -309,30 +309,30 @@ msgstr "An implijer pe ar skipailh a rank bezañ termenet, ket an daou avat."

 #: build/lib/core/models.py:1188 core/models.py:1188
 msgid "Document ask for access"
-msgstr "Goulenn tizhout an teul"
+msgstr "Goulenn tizhout ar restr"

 #: build/lib/core/models.py:1189 core/models.py:1189
 msgid "Document ask for accesses"
-msgstr "Goulennoù tizhout an teul"
+msgstr "Goulennoù tizhout ar restr"

 #: build/lib/core/models.py:1195 core/models.py:1195
 msgid "This user has already asked for access to this document."
-msgstr "An implijer en deus goulennet tizhout an teul-mañ."
+msgstr "An implijer en deus goulennet tizhout ar restr-mañ."

 #: build/lib/core/models.py:1260 core/models.py:1260
 #, python-brace-format
 msgid "{name} would like access to a document!"
-msgstr "{name} en defe c'hoant da dizhout an teul-mañ!"
+msgstr "{name} en defe c'hoant da dizhout ar restr-mañ!"

 #: build/lib/core/models.py:1264 core/models.py:1264
 #, python-brace-format
 msgid "{name} would like access to the following document:"
-msgstr "{name} en defe c'hoant da dizhout an teul da-heul:"
+msgstr "{name} en defe c'hoant da dizhout ar restr da-heul:"

 #: build/lib/core/models.py:1270 core/models.py:1270
 #, python-brace-format
 msgid "{name} is asking for access to the document: {title}"
-msgstr "{name} en defe c'hoant da dizhout an teul: {title}"
+msgstr "{name} en defe c'hoant da dizhout ar restr: {title}"

 #: build/lib/core/models.py:1282 core/models.py:1282
 msgid "description"
@@ -384,11 +384,11 @@ msgstr "postel"

 #: build/lib/core/models.py:1457 core/models.py:1457
 msgid "Document invitation"
-msgstr "Pedadenn d'un teul"
+msgstr "Pedadenn d'ur restr"

 #: build/lib/core/models.py:1458 core/models.py:1458
 msgid "Document invitations"
-msgstr "Pedadennoù d'un teul"
+msgstr "Pedadennoù d'ur restr"

 #: build/lib/core/models.py:1478 core/models.py:1478
 msgid "This email is already associated to a registered user."
@@ -407,7 +407,7 @@ msgstr "Digeriñ"
 #: core/templates/mail/html/template.html:226
 #: core/templates/mail/text/template.txt:14
 msgid " Docs, your new essential tool for organizing, sharing and collaborating on your documents as a team. "
-msgstr " Docs, hoc'h ostilh nevez ret-holl evit aozañ, rannañ ha kenlabourat war an teulioù e skipailh. "
+msgstr " Docs, hoc'h ostilh nevez ret-holl evit aozañ, rannañ ha kenlabourat war ar restr e skipailh. "

 #: core/templates/mail/html/template.html:233
 #: core/templates/mail/text/template.txt:16
--- a/src/backend/locale/de_DE/LC_MESSAGES/django.po
+++ b/src/backend/locale/de_DE/LC_MESSAGES/django.po
@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-docs\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-07-08 15:21+0000\n"
-"PO-Revision-Date: 2025-07-18 10:25\n"
+"POT-Creation-Date: 2025-09-10 14:29+0000\n"
+"PO-Revision-Date: 2025-09-12 09:50\n"
 "Last-Translator: \n"
 "Language-Team: German\n"
 "Language: de_DE\n"
@@ -43,30 +43,34 @@ msgid "Creator is me"
 msgstr "Ersteller bin ich"

 #: build/lib/core/api/filters.py:64 core/api/filters.py:64
+msgid "Masked"
+msgstr ""
+
+#: build/lib/core/api/filters.py:67 core/api/filters.py:67
 msgid "Favorite"
 msgstr "Favorit"

-#: build/lib/core/api/serializers.py:467 core/api/serializers.py:467
+#: build/lib/core/api/serializers.py:487 core/api/serializers.py:487
 msgid "A new document was created on your behalf!"
 msgstr "Ein neues Dokument wurde in Ihrem Namen erstellt!"

-#: build/lib/core/api/serializers.py:471 core/api/serializers.py:471
+#: build/lib/core/api/serializers.py:491 core/api/serializers.py:491
 msgid "You have been granted ownership of a new document:"
 msgstr "Sie sind Besitzer eines neuen Dokuments:"

-#: build/lib/core/api/serializers.py:608 core/api/serializers.py:608
+#: build/lib/core/api/serializers.py:628 core/api/serializers.py:628
 msgid "Body"
 msgstr "Inhalt"

-#: build/lib/core/api/serializers.py:611 core/api/serializers.py:611
+#: build/lib/core/api/serializers.py:631 core/api/serializers.py:631
 msgid "Body type"
 msgstr "Typ"

-#: build/lib/core/api/serializers.py:617 core/api/serializers.py:617
+#: build/lib/core/api/serializers.py:637 core/api/serializers.py:637
 msgid "Format"
 msgstr "Format"

-#: build/lib/core/api/viewsets.py:943 core/api/viewsets.py:943
+#: build/lib/core/api/viewsets.py:965 core/api/viewsets.py:965
 #, python-brace-format
 msgid "copy of {title}"
 msgstr "Kopie von {title}"
@@ -125,139 +129,135 @@ msgstr "Links"
 msgid "Right"
 msgstr "Rechts"

-#: build/lib/core/models.py:79 core/models.py:79
+#: build/lib/core/models.py:80 core/models.py:80
 msgid "id"
 msgstr "id"

-#: build/lib/core/models.py:80 core/models.py:80
+#: build/lib/core/models.py:81 core/models.py:81
 msgid "primary key for the record as UUID"
 msgstr "primärer Schlüssel für den Datensatz als UUID"

-#: build/lib/core/models.py:86 core/models.py:86
+#: build/lib/core/models.py:87 core/models.py:87
 msgid "created on"
 msgstr "Erstellt"

-#: build/lib/core/models.py:87 core/models.py:87
+#: build/lib/core/models.py:88 core/models.py:88
 msgid "date and time at which a record was created"
 msgstr "Datum und Uhrzeit, an dem ein Datensatz erstellt wurde"

-#: build/lib/core/models.py:92 core/models.py:92
+#: build/lib/core/models.py:93 core/models.py:93
 msgid "updated on"
 msgstr "Aktualisiert"

-#: build/lib/core/models.py:93 core/models.py:93
+#: build/lib/core/models.py:94 core/models.py:94
 msgid "date and time at which a record was last updated"
 msgstr "Datum und Uhrzeit, an dem zuletzt aktualisiert wurde"

-#: build/lib/core/models.py:129 core/models.py:129
+#: build/lib/core/models.py:130 core/models.py:130
 msgid "We couldn't find a user with this sub but the email is already associated with a registered user."
 msgstr "Wir konnten keinen Benutzer mit diesem Abo finden, aber die E-Mail-Adresse ist bereits einem registrierten Benutzer zugeordnet."

-#: build/lib/core/models.py:142 core/models.py:142
-msgid "Enter a valid sub. This value may contain only letters, numbers, and @/./+/-/_/: characters."
-msgstr "Geben Sie eine gültige Unterseite ein. Dieser Wert darf nur Buchstaben, Zahlen und die @/./+/-/_/: Zeichen enthalten."
-
-#: build/lib/core/models.py:148 core/models.py:148
+#: build/lib/core/models.py:141 core/models.py:141
 msgid "sub"
 msgstr "unter"

-#: build/lib/core/models.py:150 core/models.py:150
-msgid "Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
-msgstr "Erforderlich. 255 Zeichen oder weniger. Buchstaben, Zahlen und die Zeichen @/./+/-/_/:"
+#: build/lib/core/models.py:142 core/models.py:142
+msgid "Required. 255 characters or fewer. ASCII characters only."
+msgstr ""

-#: build/lib/core/models.py:159 core/models.py:159
+#: build/lib/core/models.py:150 core/models.py:150
 msgid "full name"
 msgstr "Name"

-#: build/lib/core/models.py:160 core/models.py:160
+#: build/lib/core/models.py:151 core/models.py:151
 msgid "short name"
 msgstr "Kurzbezeichnung"

-#: build/lib/core/models.py:162 core/models.py:162
+#: build/lib/core/models.py:153 core/models.py:153
 msgid "identity email address"
 msgstr "Identitäts-E-Mail-Adresse"

-#: build/lib/core/models.py:167 core/models.py:167
+#: build/lib/core/models.py:158 core/models.py:158
 msgid "admin email address"
 msgstr "Admin E-Mail-Adresse"

-#: build/lib/core/models.py:174 core/models.py:174
+#: build/lib/core/models.py:165 core/models.py:165
 msgid "language"
 msgstr "Sprache"

-#: build/lib/core/models.py:175 core/models.py:175
+#: build/lib/core/models.py:166 core/models.py:166
 msgid "The language in which the user wants to see the interface."
 msgstr "Die Sprache, in der der Benutzer die Benutzeroberfläche sehen möchte."

-#: build/lib/core/models.py:183 core/models.py:183
+#: build/lib/core/models.py:174 core/models.py:174
 msgid "The timezone in which the user wants to see times."
 msgstr "Die Zeitzone, in der der Nutzer Zeiten sehen möchte."

-#: build/lib/core/models.py:186 core/models.py:186
+#: build/lib/core/models.py:177 core/models.py:177
 msgid "device"
 msgstr "Gerät"

-#: build/lib/core/models.py:188 core/models.py:188
+#: build/lib/core/models.py:179 core/models.py:179
 msgid "Whether the user is a device or a real user."
 msgstr "Ob der Benutzer ein Gerät oder ein echter Benutzer ist."

-#: build/lib/core/models.py:191 core/models.py:191
+#: build/lib/core/models.py:182 core/models.py:182
 msgid "staff status"
 msgstr "Status des Teammitgliedes"

-#: build/lib/core/models.py:193 core/models.py:193
+#: build/lib/core/models.py:184 core/models.py:184
 msgid "Whether the user can log into this admin site."
 msgstr "Gibt an, ob der Benutzer sich in diese Admin-Seite einloggen kann."

-#: build/lib/core/models.py:196 core/models.py:196
+#: build/lib/core/models.py:187 core/models.py:187
 msgid "active"
 msgstr "aktiviert"

-#: build/lib/core/models.py:199 core/models.py:199
+#: build/lib/core/models.py:190 core/models.py:190
 msgid "Whether this user should be treated as active. Unselect this instead of deleting accounts."
 msgstr "Ob dieser Benutzer als aktiviert behandelt werden soll. Deaktivieren Sie diese Option, anstatt Konten zu löschen."

-#: build/lib/core/models.py:211 core/models.py:211
+#: build/lib/core/models.py:202 core/models.py:202
 msgid "user"
 msgstr "Benutzer"

-#: build/lib/core/models.py:212 core/models.py:212
+#: build/lib/core/models.py:203 core/models.py:203
 msgid "users"
 msgstr "Benutzer"

-#: build/lib/core/models.py:368 build/lib/core/models.py:1281
-#: core/models.py:368 core/models.py:1281
+#: build/lib/core/models.py:359 build/lib/core/models.py:1281
+#: core/models.py:359 core/models.py:1281
 msgid "title"
 msgstr "Titel"

-#: build/lib/core/models.py:369 core/models.py:369
+#: build/lib/core/models.py:360 core/models.py:360
 msgid "excerpt"
 msgstr "Auszug"

-#: build/lib/core/models.py:418 core/models.py:418
+#: build/lib/core/models.py:409 core/models.py:409
 msgid "Document"
 msgstr "Dokument"

-#: build/lib/core/models.py:419 core/models.py:419
+#: build/lib/core/models.py:410 core/models.py:410
 msgid "Documents"
 msgstr "Dokumente"

-#: build/lib/core/models.py:431 build/lib/core/models.py:820 core/models.py:431
-#: core/models.py:820
+#: build/lib/core/models.py:422 build/lib/core/models.py:819 core/models.py:422
+#: core/models.py:819
 msgid "Untitled Document"
 msgstr "Unbenanntes Dokument"

-#: build/lib/core/models.py:855 core/models.py:855
+#: build/lib/core/models.py:854 core/models.py:854
 #, python-brace-format
 msgid "{name} shared a document with you!"
 msgstr "{name} hat ein Dokument mit Ihnen geteilt!"

-#: build/lib/core/models.py:859 core/models.py:859
+#: build/lib/core/models.py:858 core/models.py:858
 #, python-brace-format
 msgid "{name} invited you with the role \"{role}\" on the following document:"
 msgstr "{name} hat Sie mit der Rolle \"{role}\" zu folgendem Dokument eingeladen:"

-#: build/lib/core/models.py:865 core/models.py:865
+#: build/lib/core/models.py:864 core/models.py:864
 #, python-brace-format
 msgid "{name} shared a document with you: {title}"
 msgstr "{name} hat ein Dokument mit Ihnen geteilt: {title}"
--- a/src/backend/locale/en_US/LC_MESSAGES/django.po
+++ b/src/backend/locale/en_US/LC_MESSAGES/django.po
@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-docs\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-07-08 15:21+0000\n"
-"PO-Revision-Date: 2025-07-18 10:25\n"
+"POT-Creation-Date: 2025-09-10 14:29+0000\n"
+"PO-Revision-Date: 2025-09-12 09:50\n"
 "Last-Translator: \n"
 "Language-Team: English\n"
 "Language: en_US\n"
@@ -43,30 +43,34 @@ msgid "Creator is me"
 msgstr ""

 #: build/lib/core/api/filters.py:64 core/api/filters.py:64
+msgid "Masked"
+msgstr ""
+
+#: build/lib/core/api/filters.py:67 core/api/filters.py:67
 msgid "Favorite"
 msgstr ""

-#: build/lib/core/api/serializers.py:467 core/api/serializers.py:467
+#: build/lib/core/api/serializers.py:487 core/api/serializers.py:487
 msgid "A new document was created on your behalf!"
 msgstr ""

-#: build/lib/core/api/serializers.py:471 core/api/serializers.py:471
+#: build/lib/core/api/serializers.py:491 core/api/serializers.py:491
 msgid "You have been granted ownership of a new document:"
 msgstr ""

-#: build/lib/core/api/serializers.py:608 core/api/serializers.py:608
+#: build/lib/core/api/serializers.py:628 core/api/serializers.py:628
 msgid "Body"
 msgstr ""

-#: build/lib/core/api/serializers.py:611 core/api/serializers.py:611
+#: build/lib/core/api/serializers.py:631 core/api/serializers.py:631
 msgid "Body type"
 msgstr ""

-#: build/lib/core/api/serializers.py:617 core/api/serializers.py:617
+#: build/lib/core/api/serializers.py:637 core/api/serializers.py:637
 msgid "Format"
 msgstr ""

-#: build/lib/core/api/viewsets.py:943 core/api/viewsets.py:943
+#: build/lib/core/api/viewsets.py:965 core/api/viewsets.py:965
 #, python-brace-format
 msgid "copy of {title}"
 msgstr ""
@@ -125,139 +129,135 @@ msgstr ""
 msgid "Right"
 msgstr ""

-#: build/lib/core/models.py:79 core/models.py:79
+#: build/lib/core/models.py:80 core/models.py:80
 msgid "id"
 msgstr ""

-#: build/lib/core/models.py:80 core/models.py:80
+#: build/lib/core/models.py:81 core/models.py:81
 msgid "primary key for the record as UUID"
 msgstr ""

-#: build/lib/core/models.py:86 core/models.py:86
+#: build/lib/core/models.py:87 core/models.py:87
 msgid "created on"
 msgstr ""

-#: build/lib/core/models.py:87 core/models.py:87
+#: build/lib/core/models.py:88 core/models.py:88
 msgid "date and time at which a record was created"
 msgstr ""

-#: build/lib/core/models.py:92 core/models.py:92
+#: build/lib/core/models.py:93 core/models.py:93
 msgid "updated on"
 msgstr ""

-#: build/lib/core/models.py:93 core/models.py:93
+#: build/lib/core/models.py:94 core/models.py:94
 msgid "date and time at which a record was last updated"
 msgstr ""

-#: build/lib/core/models.py:129 core/models.py:129
+#: build/lib/core/models.py:130 core/models.py:130
 msgid "We couldn't find a user with this sub but the email is already associated with a registered user."
 msgstr ""

-#: build/lib/core/models.py:142 core/models.py:142
-msgid "Enter a valid sub. This value may contain only letters, numbers, and @/./+/-/_/: characters."
-msgstr ""
-
-#: build/lib/core/models.py:148 core/models.py:148
+#: build/lib/core/models.py:141 core/models.py:141
 msgid "sub"
 msgstr ""

-#: build/lib/core/models.py:150 core/models.py:150
-msgid "Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
+#: build/lib/core/models.py:142 core/models.py:142
+msgid "Required. 255 characters or fewer. ASCII characters only."
 msgstr ""

-#: build/lib/core/models.py:159 core/models.py:159
+#: build/lib/core/models.py:150 core/models.py:150
 msgid "full name"
 msgstr ""

-#: build/lib/core/models.py:160 core/models.py:160
+#: build/lib/core/models.py:151 core/models.py:151
 msgid "short name"
 msgstr ""

-#: build/lib/core/models.py:162 core/models.py:162
+#: build/lib/core/models.py:153 core/models.py:153
 msgid "identity email address"
 msgstr ""

-#: build/lib/core/models.py:167 core/models.py:167
+#: build/lib/core/models.py:158 core/models.py:158
 msgid "admin email address"
 msgstr ""

-#: build/lib/core/models.py:174 core/models.py:174
+#: build/lib/core/models.py:165 core/models.py:165
 msgid "language"
 msgstr ""

-#: build/lib/core/models.py:175 core/models.py:175
+#: build/lib/core/models.py:166 core/models.py:166
 msgid "The language in which the user wants to see the interface."
 msgstr ""

-#: build/lib/core/models.py:183 core/models.py:183
+#: build/lib/core/models.py:174 core/models.py:174
 msgid "The timezone in which the user wants to see times."
 msgstr ""

-#: build/lib/core/models.py:186 core/models.py:186
+#: build/lib/core/models.py:177 core/models.py:177
 msgid "device"
 msgstr ""

-#: build/lib/core/models.py:188 core/models.py:188
+#: build/lib/core/models.py:179 core/models.py:179
 msgid "Whether the user is a device or a real user."
 msgstr ""

-#: build/lib/core/models.py:191 core/models.py:191
+#: build/lib/core/models.py:182 core/models.py:182
 msgid "staff status"
 msgstr ""

-#: build/lib/core/models.py:193 core/models.py:193
+#: build/lib/core/models.py:184 core/models.py:184
 msgid "Whether the user can log into this admin site."
 msgstr ""

-#: build/lib/core/models.py:196 core/models.py:196
+#: build/lib/core/models.py:187 core/models.py:187
 msgid "active"
 msgstr ""

-#: build/lib/core/models.py:199 core/models.py:199
+#: build/lib/core/models.py:190 core/models.py:190
 msgid "Whether this user should be treated as active. Unselect this instead of deleting accounts."
 msgstr ""

-#: build/lib/core/models.py:211 core/models.py:211
+#: build/lib/core/models.py:202 core/models.py:202
 msgid "user"
 msgstr ""

-#: build/lib/core/models.py:212 core/models.py:212
+#: build/lib/core/models.py:203 core/models.py:203
 msgid "users"
 msgstr ""

-#: build/lib/core/models.py:368 build/lib/core/models.py:1281
-#: core/models.py:368 core/models.py:1281
+#: build/lib/core/models.py:359 build/lib/core/models.py:1281
+#: core/models.py:359 core/models.py:1281
 msgid "title"
 msgstr ""

-#: build/lib/core/models.py:369 core/models.py:369
+#: build/lib/core/models.py:360 core/models.py:360
 msgid "excerpt"
 msgstr ""

-#: build/lib/core/models.py:418 core/models.py:418
+#: build/lib/core/models.py:409 core/models.py:409
 msgid "Document"
 msgstr ""

-#: build/lib/core/models.py:419 core/models.py:419
+#: build/lib/core/models.py:410 core/models.py:410
 msgid "Documents"
 msgstr ""

-#: build/lib/core/models.py:431 build/lib/core/models.py:820 core/models.py:431
-#: core/models.py:820
+#: build/lib/core/models.py:422 build/lib/core/models.py:819 core/models.py:422
+#: core/models.py:819
 msgid "Untitled Document"
 msgstr ""

-#: build/lib/core/models.py:855 core/models.py:855
+#: build/lib/core/models.py:854 core/models.py:854
 #, python-brace-format
 msgid "{name} shared a document with you!"
 msgstr ""

-#: build/lib/core/models.py:859 core/models.py:859
+#: build/lib/core/models.py:858 core/models.py:858
 #, python-brace-format
 msgid "{name} invited you with the role \"{role}\" on the following document:"
 msgstr ""

-#: build/lib/core/models.py:865 core/models.py:865
+#: build/lib/core/models.py:864 core/models.py:864
 #, python-brace-format
 msgid "{name} shared a document with you: {title}"
 msgstr ""
--- a/src/backend/locale/es_ES/LC_MESSAGES/django.po
+++ b/src/backend/locale/es_ES/LC_MESSAGES/django.po
@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-docs\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-07-08 15:21+0000\n"
-"PO-Revision-Date: 2025-07-18 10:25\n"
+"POT-Creation-Date: 2025-09-10 14:29+0000\n"
+"PO-Revision-Date: 2025-09-12 09:50\n"
 "Last-Translator: \n"
 "Language-Team: Spanish\n"
 "Language: es_ES\n"
@@ -43,30 +43,34 @@ msgid "Creator is me"
 msgstr "Yo soy el creador"

 #: build/lib/core/api/filters.py:64 core/api/filters.py:64
+msgid "Masked"
+msgstr ""
+
+#: build/lib/core/api/filters.py:67 core/api/filters.py:67
 msgid "Favorite"
 msgstr "Favorito"

-#: build/lib/core/api/serializers.py:467 core/api/serializers.py:467
+#: build/lib/core/api/serializers.py:487 core/api/serializers.py:487
 msgid "A new document was created on your behalf!"
 msgstr "¡Un nuevo documento se ha creado por ti!"

-#: build/lib/core/api/serializers.py:471 core/api/serializers.py:471
+#: build/lib/core/api/serializers.py:491 core/api/serializers.py:491
 msgid "You have been granted ownership of a new document:"
 msgstr "Se le ha concedido la propiedad de un nuevo documento :"

-#: build/lib/core/api/serializers.py:608 core/api/serializers.py:608
+#: build/lib/core/api/serializers.py:628 core/api/serializers.py:628
 msgid "Body"
 msgstr "Cuerpo"

-#: build/lib/core/api/serializers.py:611 core/api/serializers.py:611
+#: build/lib/core/api/serializers.py:631 core/api/serializers.py:631
 msgid "Body type"
 msgstr "Tipo de Cuerpo"

-#: build/lib/core/api/serializers.py:617 core/api/serializers.py:617
+#: build/lib/core/api/serializers.py:637 core/api/serializers.py:637
 msgid "Format"
 msgstr "Formato"

-#: build/lib/core/api/viewsets.py:943 core/api/viewsets.py:943
+#: build/lib/core/api/viewsets.py:965 core/api/viewsets.py:965
 #, python-brace-format
 msgid "copy of {title}"
 msgstr "copia de {title}"
@@ -125,139 +129,135 @@ msgstr "Izquierda"
 msgid "Right"
 msgstr "Derecha"

-#: build/lib/core/models.py:79 core/models.py:79
+#: build/lib/core/models.py:80 core/models.py:80
 msgid "id"
 msgstr "id"

-#: build/lib/core/models.py:80 core/models.py:80
+#: build/lib/core/models.py:81 core/models.py:81
 msgid "primary key for the record as UUID"
 msgstr "clave primaria para el registro como UUID"

-#: build/lib/core/models.py:86 core/models.py:86
+#: build/lib/core/models.py:87 core/models.py:87
 msgid "created on"
 msgstr "creado el"

-#: build/lib/core/models.py:87 core/models.py:87
+#: build/lib/core/models.py:88 core/models.py:88
 msgid "date and time at which a record was created"
 msgstr "fecha y hora en la que se creó un registro"

-#: build/lib/core/models.py:92 core/models.py:92
+#: build/lib/core/models.py:93 core/models.py:93
 msgid "updated on"
 msgstr "actualizado el"

-#: build/lib/core/models.py:93 core/models.py:93
+#: build/lib/core/models.py:94 core/models.py:94
 msgid "date and time at which a record was last updated"
 msgstr "fecha y hora en la que un registro fue actualizado por última vez"

-#: build/lib/core/models.py:129 core/models.py:129
+#: build/lib/core/models.py:130 core/models.py:130
 msgid "We couldn't find a user with this sub but the email is already associated with a registered user."
 msgstr "No se ha podido encontrar un usuario con este sub (UUID), pero el correo electrónico ya está asociado con un usuario."

-#: build/lib/core/models.py:142 core/models.py:142
-msgid "Enter a valid sub. This value may contain only letters, numbers, and @/./+/-/_/: characters."
-msgstr "Introduzca un sub (UUID) válido. Este valor solo puede contener letras, números y los siguientes caracteres @/./+/-/_/:"
-
-#: build/lib/core/models.py:148 core/models.py:148
+#: build/lib/core/models.py:141 core/models.py:141
 msgid "sub"
 msgstr "sub (UUID)"

-#: build/lib/core/models.py:150 core/models.py:150
-msgid "Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
-msgstr "Requerido. 255 caracteres o menos. Letras, números y los siguientes caracteres @/./+/-/_/: solamente."
+#: build/lib/core/models.py:142 core/models.py:142
+msgid "Required. 255 characters or fewer. ASCII characters only."
+msgstr "Obligatorio. 255 caracteres o menos. Solo caracteres ASCII."

-#: build/lib/core/models.py:159 core/models.py:159
+#: build/lib/core/models.py:150 core/models.py:150
 msgid "full name"
 msgstr "nombre completo"

-#: build/lib/core/models.py:160 core/models.py:160
+#: build/lib/core/models.py:151 core/models.py:151
 msgid "short name"
 msgstr "nombre abreviado"

-#: build/lib/core/models.py:162 core/models.py:162
+#: build/lib/core/models.py:153 core/models.py:153
 msgid "identity email address"
 msgstr "correo electrónico de identidad"

-#: build/lib/core/models.py:167 core/models.py:167
+#: build/lib/core/models.py:158 core/models.py:158
 msgid "admin email address"
 msgstr "correo electrónico del administrador"

-#: build/lib/core/models.py:174 core/models.py:174
+#: build/lib/core/models.py:165 core/models.py:165
 msgid "language"
 msgstr "idioma"

-#: build/lib/core/models.py:175 core/models.py:175
+#: build/lib/core/models.py:166 core/models.py:166
 msgid "The language in which the user wants to see the interface."
 msgstr "El idioma en el que el usuario desea ver la interfaz."

-#: build/lib/core/models.py:183 core/models.py:183
+#: build/lib/core/models.py:174 core/models.py:174
 msgid "The timezone in which the user wants to see times."
 msgstr "La zona horaria en la que el usuario quiere ver los tiempos."

-#: build/lib/core/models.py:186 core/models.py:186
+#: build/lib/core/models.py:177 core/models.py:177
 msgid "device"
 msgstr "dispositivo"

-#: build/lib/core/models.py:188 core/models.py:188
+#: build/lib/core/models.py:179 core/models.py:179
 msgid "Whether the user is a device or a real user."
 msgstr "Si el usuario es un dispositivo o un usuario real."

-#: build/lib/core/models.py:191 core/models.py:191
+#: build/lib/core/models.py:182 core/models.py:182
 msgid "staff status"
 msgstr "rol en el equipo"

-#: build/lib/core/models.py:193 core/models.py:193
+#: build/lib/core/models.py:184 core/models.py:184
 msgid "Whether the user can log into this admin site."
 msgstr "Si el usuario puede iniciar sesión en esta página web de administración."

-#: build/lib/core/models.py:196 core/models.py:196
+#: build/lib/core/models.py:187 core/models.py:187
 msgid "active"
 msgstr "activo"

-#: build/lib/core/models.py:199 core/models.py:199
+#: build/lib/core/models.py:190 core/models.py:190
 msgid "Whether this user should be treated as active. Unselect this instead of deleting accounts."
 msgstr "Si este usuario debe ser considerado como activo. Deseleccionar en lugar de eliminar cuentas."

-#: build/lib/core/models.py:211 core/models.py:211
+#: build/lib/core/models.py:202 core/models.py:202
 msgid "user"
 msgstr "usuario"

-#: build/lib/core/models.py:212 core/models.py:212
+#: build/lib/core/models.py:203 core/models.py:203
 msgid "users"
 msgstr "usuarios"

-#: build/lib/core/models.py:368 build/lib/core/models.py:1281
-#: core/models.py:368 core/models.py:1281
+#: build/lib/core/models.py:359 build/lib/core/models.py:1281
+#: core/models.py:359 core/models.py:1281
 msgid "title"
 msgstr "título"

-#: build/lib/core/models.py:369 core/models.py:369
+#: build/lib/core/models.py:360 core/models.py:360
 msgid "excerpt"
 msgstr "resumen"

-#: build/lib/core/models.py:418 core/models.py:418
+#: build/lib/core/models.py:409 core/models.py:409
 msgid "Document"
 msgstr "Documento"

-#: build/lib/core/models.py:419 core/models.py:419
+#: build/lib/core/models.py:410 core/models.py:410
 msgid "Documents"
 msgstr "Documentos"

-#: build/lib/core/models.py:431 build/lib/core/models.py:820 core/models.py:431
-#: core/models.py:820
+#: build/lib/core/models.py:422 build/lib/core/models.py:819 core/models.py:422
+#: core/models.py:819
 msgid "Untitled Document"
 msgstr "Documento sin título"

-#: build/lib/core/models.py:855 core/models.py:855
+#: build/lib/core/models.py:854 core/models.py:854
 #, python-brace-format
 msgid "{name} shared a document with you!"
 msgstr "¡{name} ha compartido un documento contigo!"

-#: build/lib/core/models.py:859 core/models.py:859
+#: build/lib/core/models.py:858 core/models.py:858
 #, python-brace-format
 msgid "{name} invited you with the role \"{role}\" on the following document:"
 msgstr "Te ha invitado {name} al siguiente documento con el rol \"{role}\" :"

-#: build/lib/core/models.py:865 core/models.py:865
+#: build/lib/core/models.py:864 core/models.py:864
 #, python-brace-format
 msgid "{name} shared a document with you: {title}"
 msgstr "{name} ha compartido un documento contigo: {title}"
@@ -309,11 +309,11 @@ msgstr "Debe establecerse un usuario o un equipo, no ambos."

 #: build/lib/core/models.py:1188 core/models.py:1188
 msgid "Document ask for access"
-msgstr ""
+msgstr "Solicitud de acceso"

 #: build/lib/core/models.py:1189 core/models.py:1189
 msgid "Document ask for accesses"
-msgstr ""
+msgstr "Solicitud de accesos"

 #: build/lib/core/models.py:1195 core/models.py:1195
 msgid "This user has already asked for access to this document."
@@ -327,12 +327,12 @@ msgstr "¡{name} desea acceder a un documento!"
 #: build/lib/core/models.py:1264 core/models.py:1264
 #, python-brace-format
 msgid "{name} would like access to the following document:"
-msgstr ""
+msgstr "{name} desea acceso al siguiente documento:"

 #: build/lib/core/models.py:1270 core/models.py:1270
 #, python-brace-format
 msgid "{name} is asking for access to the document: {title}"
-msgstr ""
+msgstr "{name} está pidiendo acceso al documento: {title}"

 #: build/lib/core/models.py:1282 core/models.py:1282
 msgid "description"
--- a/src/backend/locale/fr_FR/LC_MESSAGES/django.po
+++ b/src/backend/locale/fr_FR/LC_MESSAGES/django.po
@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-docs\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-07-08 15:21+0000\n"
-"PO-Revision-Date: 2025-07-18 10:25\n"
+"POT-Creation-Date: 2025-09-10 14:29+0000\n"
+"PO-Revision-Date: 2025-09-12 09:50\n"
 "Last-Translator: \n"
 "Language-Team: French\n"
 "Language: fr_FR\n"
@@ -43,30 +43,34 @@ msgid "Creator is me"
 msgstr "Je suis l'auteur"

 #: build/lib/core/api/filters.py:64 core/api/filters.py:64
+msgid "Masked"
+msgstr "Masqué"
+
+#: build/lib/core/api/filters.py:67 core/api/filters.py:67
 msgid "Favorite"
 msgstr "Favoris"

-#: build/lib/core/api/serializers.py:467 core/api/serializers.py:467
+#: build/lib/core/api/serializers.py:487 core/api/serializers.py:487
 msgid "A new document was created on your behalf!"
 msgstr "Un nouveau document a été créé pour vous !"

-#: build/lib/core/api/serializers.py:471 core/api/serializers.py:471
+#: build/lib/core/api/serializers.py:491 core/api/serializers.py:491
 msgid "You have been granted ownership of a new document:"
 msgstr "Vous avez été déclaré propriétaire d'un nouveau document :"

-#: build/lib/core/api/serializers.py:608 core/api/serializers.py:608
+#: build/lib/core/api/serializers.py:628 core/api/serializers.py:628
 msgid "Body"
 msgstr "Corps"

-#: build/lib/core/api/serializers.py:611 core/api/serializers.py:611
+#: build/lib/core/api/serializers.py:631 core/api/serializers.py:631
 msgid "Body type"
 msgstr "Type de corps"

-#: build/lib/core/api/serializers.py:617 core/api/serializers.py:617
+#: build/lib/core/api/serializers.py:637 core/api/serializers.py:637
 msgid "Format"
 msgstr "Format"

-#: build/lib/core/api/viewsets.py:943 core/api/viewsets.py:943
+#: build/lib/core/api/viewsets.py:965 core/api/viewsets.py:965
 #, python-brace-format
 msgid "copy of {title}"
 msgstr "copie de {title}"
@@ -125,139 +129,135 @@ msgstr "Gauche"
 msgid "Right"
 msgstr "Droite"

-#: build/lib/core/models.py:79 core/models.py:79
+#: build/lib/core/models.py:80 core/models.py:80
 msgid "id"
 msgstr "identifiant/id"

-#: build/lib/core/models.py:80 core/models.py:80
+#: build/lib/core/models.py:81 core/models.py:81
 msgid "primary key for the record as UUID"
 msgstr "clé primaire pour l'enregistrement en tant que UUID"

-#: build/lib/core/models.py:86 core/models.py:86
+#: build/lib/core/models.py:87 core/models.py:87
 msgid "created on"
 msgstr "créé le"

-#: build/lib/core/models.py:87 core/models.py:87
+#: build/lib/core/models.py:88 core/models.py:88
 msgid "date and time at which a record was created"
 msgstr "date et heure de création de l'enregistrement"

-#: build/lib/core/models.py:92 core/models.py:92
+#: build/lib/core/models.py:93 core/models.py:93
 msgid "updated on"
 msgstr "mis à jour le"

-#: build/lib/core/models.py:93 core/models.py:93
+#: build/lib/core/models.py:94 core/models.py:94
 msgid "date and time at which a record was last updated"
 msgstr "date et heure de la dernière mise à jour de l'enregistrement"

-#: build/lib/core/models.py:129 core/models.py:129
+#: build/lib/core/models.py:130 core/models.py:130
 msgid "We couldn't find a user with this sub but the email is already associated with a registered user."
 msgstr "Nous n'avons pas pu trouver un utilisateur avec ce sous-groupe mais l'e-mail est déjà associé à un utilisateur enregistré."

-#: build/lib/core/models.py:142 core/models.py:142
-msgid "Enter a valid sub. This value may contain only letters, numbers, and @/./+/-/_/: characters."
-msgstr "Saisissez un sous-groupe valide. Cette valeur ne peut contenir que des lettres, des chiffres et les caractères @/./+/-/_/: uniquement."
-
-#: build/lib/core/models.py:148 core/models.py:148
+#: build/lib/core/models.py:141 core/models.py:141
 msgid "sub"
 msgstr "sous-groupe"

-#: build/lib/core/models.py:150 core/models.py:150
-msgid "Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
-msgstr "Obligatoire. 255 caractères ou moins. Lettres, chiffres et caractères @/./+/-/_/: uniquement."
+#: build/lib/core/models.py:142 core/models.py:142
+msgid "Required. 255 characters or fewer. ASCII characters only."
+msgstr "Obligatoire. 255 caractères ou moins. Caractères ASCII uniquement."

-#: build/lib/core/models.py:159 core/models.py:159
+#: build/lib/core/models.py:150 core/models.py:150
 msgid "full name"
 msgstr "nom complet"

-#: build/lib/core/models.py:160 core/models.py:160
+#: build/lib/core/models.py:151 core/models.py:151
 msgid "short name"
 msgstr "nom court"

-#: build/lib/core/models.py:162 core/models.py:162
+#: build/lib/core/models.py:153 core/models.py:153
 msgid "identity email address"
 msgstr "adresse e-mail d'identité"

-#: build/lib/core/models.py:167 core/models.py:167
+#: build/lib/core/models.py:158 core/models.py:158
 msgid "admin email address"
 msgstr "adresse e-mail de l'administrateur"

-#: build/lib/core/models.py:174 core/models.py:174
+#: build/lib/core/models.py:165 core/models.py:165
 msgid "language"
 msgstr "langue"

-#: build/lib/core/models.py:175 core/models.py:175
+#: build/lib/core/models.py:166 core/models.py:166
 msgid "The language in which the user wants to see the interface."
 msgstr "La langue dans laquelle l'utilisateur veut voir l'interface."

-#: build/lib/core/models.py:183 core/models.py:183
+#: build/lib/core/models.py:174 core/models.py:174
 msgid "The timezone in which the user wants to see times."
 msgstr "Le fuseau horaire dans lequel l'utilisateur souhaite voir les heures."

-#: build/lib/core/models.py:186 core/models.py:186
+#: build/lib/core/models.py:177 core/models.py:177
 msgid "device"
 msgstr "appareil"

-#: build/lib/core/models.py:188 core/models.py:188
+#: build/lib/core/models.py:179 core/models.py:179
 msgid "Whether the user is a device or a real user."
 msgstr "Si l'utilisateur est un appareil ou un utilisateur réel."

-#: build/lib/core/models.py:191 core/models.py:191
+#: build/lib/core/models.py:182 core/models.py:182
 msgid "staff status"
 msgstr "statut d'équipe"

-#: build/lib/core/models.py:193 core/models.py:193
+#: build/lib/core/models.py:184 core/models.py:184
 msgid "Whether the user can log into this admin site."
 msgstr "Si l'utilisateur peut se connecter à ce site d'administration."

-#: build/lib/core/models.py:196 core/models.py:196
+#: build/lib/core/models.py:187 core/models.py:187
 msgid "active"
 msgstr "actif"

-#: build/lib/core/models.py:199 core/models.py:199
+#: build/lib/core/models.py:190 core/models.py:190
 msgid "Whether this user should be treated as active. Unselect this instead of deleting accounts."
 msgstr "Si cet utilisateur doit être traité comme actif. Désélectionnez ceci au lieu de supprimer des comptes."

-#: build/lib/core/models.py:211 core/models.py:211
+#: build/lib/core/models.py:202 core/models.py:202
 msgid "user"
 msgstr "utilisateur"

-#: build/lib/core/models.py:212 core/models.py:212
+#: build/lib/core/models.py:203 core/models.py:203
 msgid "users"
 msgstr "utilisateurs"

-#: build/lib/core/models.py:368 build/lib/core/models.py:1281
-#: core/models.py:368 core/models.py:1281
+#: build/lib/core/models.py:359 build/lib/core/models.py:1281
+#: core/models.py:359 core/models.py:1281
 msgid "title"
 msgstr "titre"

-#: build/lib/core/models.py:369 core/models.py:369
+#: build/lib/core/models.py:360 core/models.py:360
 msgid "excerpt"
 msgstr "extrait"

-#: build/lib/core/models.py:418 core/models.py:418
+#: build/lib/core/models.py:409 core/models.py:409
 msgid "Document"
 msgstr "Document"

-#: build/lib/core/models.py:419 core/models.py:419
+#: build/lib/core/models.py:410 core/models.py:410
 msgid "Documents"
 msgstr "Documents"

-#: build/lib/core/models.py:431 build/lib/core/models.py:820 core/models.py:431
-#: core/models.py:820
+#: build/lib/core/models.py:422 build/lib/core/models.py:819 core/models.py:422
+#: core/models.py:819
 msgid "Untitled Document"
 msgstr "Document sans titre"

-#: build/lib/core/models.py:855 core/models.py:855
+#: build/lib/core/models.py:854 core/models.py:854
 #, python-brace-format
 msgid "{name} shared a document with you!"
 msgstr "{name} a partagé un document avec vous!"

-#: build/lib/core/models.py:859 core/models.py:859
+#: build/lib/core/models.py:858 core/models.py:858
 #, python-brace-format
 msgid "{name} invited you with the role \"{role}\" on the following document:"
 msgstr "{name} vous a invité avec le rôle \"{role}\" sur le document suivant :"

-#: build/lib/core/models.py:865 core/models.py:865
+#: build/lib/core/models.py:864 core/models.py:864
 #, python-brace-format
 msgid "{name} shared a document with you: {title}"
 msgstr "{name} a partagé un document avec vous : {title}"
--- a/src/backend/locale/it_IT/LC_MESSAGES/django.po
+++ b/src/backend/locale/it_IT/LC_MESSAGES/django.po
@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-docs\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-07-08 15:21+0000\n"
-"PO-Revision-Date: 2025-07-18 10:25\n"
+"POT-Creation-Date: 2025-09-10 14:29+0000\n"
+"PO-Revision-Date: 2025-09-12 09:50\n"
 "Last-Translator: \n"
 "Language-Team: Italian\n"
 "Language: it_IT\n"
@@ -43,30 +43,34 @@ msgid "Creator is me"
 msgstr "Il creatore sono io"

 #: build/lib/core/api/filters.py:64 core/api/filters.py:64
+msgid "Masked"
+msgstr ""
+
+#: build/lib/core/api/filters.py:67 core/api/filters.py:67
 msgid "Favorite"
 msgstr "Preferiti"

-#: build/lib/core/api/serializers.py:467 core/api/serializers.py:467
+#: build/lib/core/api/serializers.py:487 core/api/serializers.py:487
 msgid "A new document was created on your behalf!"
 msgstr "Un nuovo documento è stato creato a tuo nome!"

-#: build/lib/core/api/serializers.py:471 core/api/serializers.py:471
+#: build/lib/core/api/serializers.py:491 core/api/serializers.py:491
 msgid "You have been granted ownership of a new document:"
 msgstr "Sei ora proprietario di un nuovo documento:"

-#: build/lib/core/api/serializers.py:608 core/api/serializers.py:608
+#: build/lib/core/api/serializers.py:628 core/api/serializers.py:628
 msgid "Body"
 msgstr "Corpo"

-#: build/lib/core/api/serializers.py:611 core/api/serializers.py:611
+#: build/lib/core/api/serializers.py:631 core/api/serializers.py:631
 msgid "Body type"
 msgstr ""

-#: build/lib/core/api/serializers.py:617 core/api/serializers.py:617
+#: build/lib/core/api/serializers.py:637 core/api/serializers.py:637
 msgid "Format"
 msgstr "Formato"

-#: build/lib/core/api/viewsets.py:943 core/api/viewsets.py:943
+#: build/lib/core/api/viewsets.py:965 core/api/viewsets.py:965
 #, python-brace-format
 msgid "copy of {title}"
 msgstr "copia di {title}"
@@ -125,139 +129,135 @@ msgstr "Sinistra"
 msgid "Right"
 msgstr "Destra"

-#: build/lib/core/models.py:79 core/models.py:79
+#: build/lib/core/models.py:80 core/models.py:80
 msgid "id"
 msgstr "Id"

-#: build/lib/core/models.py:80 core/models.py:80
+#: build/lib/core/models.py:81 core/models.py:81
 msgid "primary key for the record as UUID"
 msgstr "chiave primaria per il record come UUID"

-#: build/lib/core/models.py:86 core/models.py:86
+#: build/lib/core/models.py:87 core/models.py:87
 msgid "created on"
 msgstr "creato il"

-#: build/lib/core/models.py:87 core/models.py:87
+#: build/lib/core/models.py:88 core/models.py:88
 msgid "date and time at which a record was created"
 msgstr "data e ora in cui è stato creato un record"

-#: build/lib/core/models.py:92 core/models.py:92
+#: build/lib/core/models.py:93 core/models.py:93
 msgid "updated on"
 msgstr "aggiornato il"

-#: build/lib/core/models.py:93 core/models.py:93
+#: build/lib/core/models.py:94 core/models.py:94
 msgid "date and time at which a record was last updated"
 msgstr "data e ora in cui l’ultimo record è stato aggiornato"

-#: build/lib/core/models.py:129 core/models.py:129
+#: build/lib/core/models.py:130 core/models.py:130
 msgid "We couldn't find a user with this sub but the email is already associated with a registered user."
 msgstr ""

-#: build/lib/core/models.py:142 core/models.py:142
-msgid "Enter a valid sub. This value may contain only letters, numbers, and @/./+/-/_/: characters."
-msgstr ""
-
-#: build/lib/core/models.py:148 core/models.py:148
+#: build/lib/core/models.py:141 core/models.py:141
 msgid "sub"
 msgstr ""

-#: build/lib/core/models.py:150 core/models.py:150
-msgid "Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
-msgstr "Richiesto. 255 caratteri o meno. Solo lettere, numeri e @/./+/-/_/: caratteri."
+#: build/lib/core/models.py:142 core/models.py:142
+msgid "Required. 255 characters or fewer. ASCII characters only."
+msgstr ""

-#: build/lib/core/models.py:159 core/models.py:159
+#: build/lib/core/models.py:150 core/models.py:150
 msgid "full name"
 msgstr "nome completo"

-#: build/lib/core/models.py:160 core/models.py:160
+#: build/lib/core/models.py:151 core/models.py:151
 msgid "short name"
 msgstr "nome"

-#: build/lib/core/models.py:162 core/models.py:162
+#: build/lib/core/models.py:153 core/models.py:153
 msgid "identity email address"
 msgstr "indirizzo email di identità"

-#: build/lib/core/models.py:167 core/models.py:167
+#: build/lib/core/models.py:158 core/models.py:158
 msgid "admin email address"
 msgstr "Indirizzo email dell'amministratore"

-#: build/lib/core/models.py:174 core/models.py:174
+#: build/lib/core/models.py:165 core/models.py:165
 msgid "language"
 msgstr "lingua"

-#: build/lib/core/models.py:175 core/models.py:175
+#: build/lib/core/models.py:166 core/models.py:166
 msgid "The language in which the user wants to see the interface."
 msgstr "La lingua in cui l'utente vuole vedere l'interfaccia."

-#: build/lib/core/models.py:183 core/models.py:183
+#: build/lib/core/models.py:174 core/models.py:174
 msgid "The timezone in which the user wants to see times."
 msgstr "Il fuso orario in cui l'utente vuole vedere gli orari."

-#: build/lib/core/models.py:186 core/models.py:186
+#: build/lib/core/models.py:177 core/models.py:177
 msgid "device"
 msgstr "dispositivo"

-#: build/lib/core/models.py:188 core/models.py:188
+#: build/lib/core/models.py:179 core/models.py:179
 msgid "Whether the user is a device or a real user."
 msgstr "Se l'utente è un dispositivo o un utente reale."

-#: build/lib/core/models.py:191 core/models.py:191
+#: build/lib/core/models.py:182 core/models.py:182
 msgid "staff status"
 msgstr "stato del personale"

-#: build/lib/core/models.py:193 core/models.py:193
+#: build/lib/core/models.py:184 core/models.py:184
 msgid "Whether the user can log into this admin site."
 msgstr "Indica se l'utente può accedere a questo sito amministratore."

-#: build/lib/core/models.py:196 core/models.py:196
+#: build/lib/core/models.py:187 core/models.py:187
 msgid "active"
 msgstr "attivo"

-#: build/lib/core/models.py:199 core/models.py:199
+#: build/lib/core/models.py:190 core/models.py:190
 msgid "Whether this user should be treated as active. Unselect this instead of deleting accounts."
 msgstr "Indica se questo utente deve essere trattato come attivo. Deseleziona invece di eliminare gli account."

-#: build/lib/core/models.py:211 core/models.py:211
+#: build/lib/core/models.py:202 core/models.py:202
 msgid "user"
 msgstr "utente"

-#: build/lib/core/models.py:212 core/models.py:212
+#: build/lib/core/models.py:203 core/models.py:203
 msgid "users"
 msgstr "utenti"

-#: build/lib/core/models.py:368 build/lib/core/models.py:1281
-#: core/models.py:368 core/models.py:1281
+#: build/lib/core/models.py:359 build/lib/core/models.py:1281
+#: core/models.py:359 core/models.py:1281
 msgid "title"
 msgstr "titolo"

-#: build/lib/core/models.py:369 core/models.py:369
+#: build/lib/core/models.py:360 core/models.py:360
 msgid "excerpt"
 msgstr ""

-#: build/lib/core/models.py:418 core/models.py:418
+#: build/lib/core/models.py:409 core/models.py:409
 msgid "Document"
 msgstr "Documento"

-#: build/lib/core/models.py:419 core/models.py:419
+#: build/lib/core/models.py:410 core/models.py:410
 msgid "Documents"
 msgstr "Documenti"

-#: build/lib/core/models.py:431 build/lib/core/models.py:820 core/models.py:431
-#: core/models.py:820
+#: build/lib/core/models.py:422 build/lib/core/models.py:819 core/models.py:422
+#: core/models.py:819
 msgid "Untitled Document"
 msgstr "Documento senza titolo"

-#: build/lib/core/models.py:855 core/models.py:855
+#: build/lib/core/models.py:854 core/models.py:854
 #, python-brace-format
 msgid "{name} shared a document with you!"
 msgstr "{name} ha condiviso un documento con te!"

-#: build/lib/core/models.py:859 core/models.py:859
+#: build/lib/core/models.py:858 core/models.py:858
 #, python-brace-format
 msgid "{name} invited you with the role \"{role}\" on the following document:"
 msgstr "{name} ti ha invitato con il ruolo \"{role}\" nel seguente documento:"

-#: build/lib/core/models.py:865 core/models.py:865
+#: build/lib/core/models.py:864 core/models.py:864
 #, python-brace-format
 msgid "{name} shared a document with you: {title}"
 msgstr "{name} ha condiviso un documento con te: {title}"
--- a/src/backend/locale/nl_NL/LC_MESSAGES/django.po
+++ b/src/backend/locale/nl_NL/LC_MESSAGES/django.po
@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-docs\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-07-08 15:21+0000\n"
-"PO-Revision-Date: 2025-07-18 10:25\n"
+"POT-Creation-Date: 2025-09-10 14:29+0000\n"
+"PO-Revision-Date: 2025-09-12 09:50\n"
 "Last-Translator: \n"
 "Language-Team: Dutch\n"
 "Language: nl_NL\n"
@@ -43,30 +43,34 @@ msgid "Creator is me"
 msgstr "Ik ben Eigenaar"

 #: build/lib/core/api/filters.py:64 core/api/filters.py:64
+msgid "Masked"
+msgstr ""
+
+#: build/lib/core/api/filters.py:67 core/api/filters.py:67
 msgid "Favorite"
 msgstr "Favoriete"

-#: build/lib/core/api/serializers.py:467 core/api/serializers.py:467
+#: build/lib/core/api/serializers.py:487 core/api/serializers.py:487
 msgid "A new document was created on your behalf!"
 msgstr "Een nieuw document was gecreëerd voor u!"

-#: build/lib/core/api/serializers.py:471 core/api/serializers.py:471
+#: build/lib/core/api/serializers.py:491 core/api/serializers.py:491
 msgid "You have been granted ownership of a new document:"
 msgstr "U heeft eigenaarschap van een nieuw document:"

-#: build/lib/core/api/serializers.py:608 core/api/serializers.py:608
+#: build/lib/core/api/serializers.py:628 core/api/serializers.py:628
 msgid "Body"
 msgstr "Text"

-#: build/lib/core/api/serializers.py:611 core/api/serializers.py:611
+#: build/lib/core/api/serializers.py:631 core/api/serializers.py:631
 msgid "Body type"
 msgstr "Text type"

-#: build/lib/core/api/serializers.py:617 core/api/serializers.py:617
+#: build/lib/core/api/serializers.py:637 core/api/serializers.py:637
 msgid "Format"
 msgstr "Formaat"

-#: build/lib/core/api/viewsets.py:943 core/api/viewsets.py:943
+#: build/lib/core/api/viewsets.py:965 core/api/viewsets.py:965
 #, python-brace-format
 msgid "copy of {title}"
 msgstr "kopie van {title}"
@@ -125,139 +129,135 @@ msgstr "Links"
 msgid "Right"
 msgstr "Rechts"

-#: build/lib/core/models.py:79 core/models.py:79
+#: build/lib/core/models.py:80 core/models.py:80
 msgid "id"
 msgstr "id"

-#: build/lib/core/models.py:80 core/models.py:80
+#: build/lib/core/models.py:81 core/models.py:81
 msgid "primary key for the record as UUID"
 msgstr "primaire sleutel voor dossier als UUID"

-#: build/lib/core/models.py:86 core/models.py:86
+#: build/lib/core/models.py:87 core/models.py:87
 msgid "created on"
 msgstr "gemaakt op"

-#: build/lib/core/models.py:87 core/models.py:87
+#: build/lib/core/models.py:88 core/models.py:88
 msgid "date and time at which a record was created"
 msgstr "datum en tijd wanneer dossier was gecreëerd"

-#: build/lib/core/models.py:92 core/models.py:92
+#: build/lib/core/models.py:93 core/models.py:93
 msgid "updated on"
 msgstr "Laatst gewijzigd op"

-#: build/lib/core/models.py:93 core/models.py:93
+#: build/lib/core/models.py:94 core/models.py:94
 msgid "date and time at which a record was last updated"
 msgstr "datum en tijd waarop dossier laatst was gewijzigd"

-#: build/lib/core/models.py:129 core/models.py:129
+#: build/lib/core/models.py:130 core/models.py:130
 msgid "We couldn't find a user with this sub but the email is already associated with a registered user."
 msgstr "Wij konden geen gebruiker vinden met deze id, maar de email is al geassocieerd met een geregistreerde gebruiker."

-#: build/lib/core/models.py:142 core/models.py:142
-msgid "Enter a valid sub. This value may contain only letters, numbers, and @/./+/-/_/: characters."
-msgstr ".Geef een valide id. De waarde mag alleen letters, nummers en @/./.+/-/_: karakters bevatten."
-
-#: build/lib/core/models.py:148 core/models.py:148
+#: build/lib/core/models.py:141 core/models.py:141
 msgid "sub"
 msgstr "id"

-#: build/lib/core/models.py:150 core/models.py:150
-msgid "Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
-msgstr "Verplicht. 255 karakters of minder. Alleen letters, nummers en @/./+/-/_/: karakters zijn toegestaan."
+#: build/lib/core/models.py:142 core/models.py:142
+msgid "Required. 255 characters or fewer. ASCII characters only."
+msgstr ""

-#: build/lib/core/models.py:159 core/models.py:159
+#: build/lib/core/models.py:150 core/models.py:150
 msgid "full name"
 msgstr "volledige naam"

-#: build/lib/core/models.py:160 core/models.py:160
+#: build/lib/core/models.py:151 core/models.py:151
 msgid "short name"
 msgstr "gebruikersnaam"

-#: build/lib/core/models.py:162 core/models.py:162
+#: build/lib/core/models.py:153 core/models.py:153
 msgid "identity email address"
 msgstr "identiteit email adres"

-#: build/lib/core/models.py:167 core/models.py:167
+#: build/lib/core/models.py:158 core/models.py:158
 msgid "admin email address"
 msgstr "admin email adres"

-#: build/lib/core/models.py:174 core/models.py:174
+#: build/lib/core/models.py:165 core/models.py:165
 msgid "language"
 msgstr "taal"

-#: build/lib/core/models.py:175 core/models.py:175
+#: build/lib/core/models.py:166 core/models.py:166
 msgid "The language in which the user wants to see the interface."
 msgstr "De taal waarin de gebruiker de interface wilt zien."

-#: build/lib/core/models.py:183 core/models.py:183
+#: build/lib/core/models.py:174 core/models.py:174
 msgid "The timezone in which the user wants to see times."
 msgstr "De tijdzone waarin de gebruiker de tijden wilt zien."

-#: build/lib/core/models.py:186 core/models.py:186
+#: build/lib/core/models.py:177 core/models.py:177
 msgid "device"
 msgstr "apparaat"

-#: build/lib/core/models.py:188 core/models.py:188
+#: build/lib/core/models.py:179 core/models.py:179
 msgid "Whether the user is a device or a real user."
 msgstr "Of de gebruiker een apparaat is of een echte gebruiker."

-#: build/lib/core/models.py:191 core/models.py:191
+#: build/lib/core/models.py:182 core/models.py:182
 msgid "staff status"
 msgstr "beheerder status"

-#: build/lib/core/models.py:193 core/models.py:193
+#: build/lib/core/models.py:184 core/models.py:184
 msgid "Whether the user can log into this admin site."
 msgstr "Of de gebruiker kan inloggen in het admin gedeelte."

-#: build/lib/core/models.py:196 core/models.py:196
+#: build/lib/core/models.py:187 core/models.py:187
 msgid "active"
 msgstr "actief"

-#: build/lib/core/models.py:199 core/models.py:199
+#: build/lib/core/models.py:190 core/models.py:190
 msgid "Whether this user should be treated as active. Unselect this instead of deleting accounts."
 msgstr "Of een gebruiker als actief moet worden beschouwd. Deselecteer dit in plaats van het account te deleten."

-#: build/lib/core/models.py:211 core/models.py:211
+#: build/lib/core/models.py:202 core/models.py:202
 msgid "user"
 msgstr "gebruiker"

-#: build/lib/core/models.py:212 core/models.py:212
+#: build/lib/core/models.py:203 core/models.py:203
 msgid "users"
 msgstr "gebruikers"

-#: build/lib/core/models.py:368 build/lib/core/models.py:1281
-#: core/models.py:368 core/models.py:1281
+#: build/lib/core/models.py:359 build/lib/core/models.py:1281
+#: core/models.py:359 core/models.py:1281
 msgid "title"
 msgstr "titel"

-#: build/lib/core/models.py:369 core/models.py:369
+#: build/lib/core/models.py:360 core/models.py:360
 msgid "excerpt"
 msgstr "uittreksel"

-#: build/lib/core/models.py:418 core/models.py:418
+#: build/lib/core/models.py:409 core/models.py:409
 msgid "Document"
 msgstr "Document"

-#: build/lib/core/models.py:419 core/models.py:419
+#: build/lib/core/models.py:410 core/models.py:410
 msgid "Documents"
 msgstr "Documenten"

-#: build/lib/core/models.py:431 build/lib/core/models.py:820 core/models.py:431
-#: core/models.py:820
+#: build/lib/core/models.py:422 build/lib/core/models.py:819 core/models.py:422
+#: core/models.py:819
 msgid "Untitled Document"
 msgstr "Naamloos Document"

-#: build/lib/core/models.py:855 core/models.py:855
+#: build/lib/core/models.py:854 core/models.py:854
 #, python-brace-format
 msgid "{name} shared a document with you!"
 msgstr "{name} heeft een document met gedeeld!"

-#: build/lib/core/models.py:859 core/models.py:859
+#: build/lib/core/models.py:858 core/models.py:858
 #, python-brace-format
 msgid "{name} invited you with the role \"{role}\" on the following document:"
 msgstr "{name} heeft u uitgenodigd met de rol \"{role}\" op het volgende document:"

-#: build/lib/core/models.py:865 core/models.py:865
+#: build/lib/core/models.py:864 core/models.py:864
 #, python-brace-format
 msgid "{name} shared a document with you: {title}"
 msgstr "{name} heeft een document met u gedeeld: {title}"
--- a/src/backend/locale/pt_PT/LC_MESSAGES/django.po
+++ b/src/backend/locale/pt_PT/LC_MESSAGES/django.po
@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-docs\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-07-08 15:21+0000\n"
-"PO-Revision-Date: 2025-07-18 10:25\n"
+"POT-Creation-Date: 2025-09-10 14:29+0000\n"
+"PO-Revision-Date: 2025-09-12 09:50\n"
 "Last-Translator: \n"
 "Language-Team: Portuguese\n"
 "Language: pt_PT\n"
@@ -43,30 +43,34 @@ msgid "Creator is me"
 msgstr "Eu sou o criador"

 #: build/lib/core/api/filters.py:64 core/api/filters.py:64
+msgid "Masked"
+msgstr ""
+
+#: build/lib/core/api/filters.py:67 core/api/filters.py:67
 msgid "Favorite"
 msgstr "Favorito"

-#: build/lib/core/api/serializers.py:467 core/api/serializers.py:467
+#: build/lib/core/api/serializers.py:487 core/api/serializers.py:487
 msgid "A new document was created on your behalf!"
 msgstr "Um novo documento foi criado em seu nome!"

-#: build/lib/core/api/serializers.py:471 core/api/serializers.py:471
+#: build/lib/core/api/serializers.py:491 core/api/serializers.py:491
 msgid "You have been granted ownership of a new document:"
 msgstr "A propriedade de um novo documento foi concedida a você:"

-#: build/lib/core/api/serializers.py:608 core/api/serializers.py:608
+#: build/lib/core/api/serializers.py:628 core/api/serializers.py:628
 msgid "Body"
 msgstr "Corpo"

-#: build/lib/core/api/serializers.py:611 core/api/serializers.py:611
+#: build/lib/core/api/serializers.py:631 core/api/serializers.py:631
 msgid "Body type"
 msgstr "Tipo de corpo"

-#: build/lib/core/api/serializers.py:617 core/api/serializers.py:617
+#: build/lib/core/api/serializers.py:637 core/api/serializers.py:637
 msgid "Format"
 msgstr "Formato"

-#: build/lib/core/api/viewsets.py:943 core/api/viewsets.py:943
+#: build/lib/core/api/viewsets.py:965 core/api/viewsets.py:965
 #, python-brace-format
 msgid "copy of {title}"
 msgstr "cópia de {title}"
@@ -125,139 +129,135 @@ msgstr ""
 msgid "Right"
 msgstr ""

-#: build/lib/core/models.py:79 core/models.py:79
+#: build/lib/core/models.py:80 core/models.py:80
 msgid "id"
 msgstr ""

-#: build/lib/core/models.py:80 core/models.py:80
+#: build/lib/core/models.py:81 core/models.py:81
 msgid "primary key for the record as UUID"
 msgstr ""

-#: build/lib/core/models.py:86 core/models.py:86
+#: build/lib/core/models.py:87 core/models.py:87
 msgid "created on"
 msgstr ""

-#: build/lib/core/models.py:87 core/models.py:87
+#: build/lib/core/models.py:88 core/models.py:88
 msgid "date and time at which a record was created"
 msgstr ""

-#: build/lib/core/models.py:92 core/models.py:92
+#: build/lib/core/models.py:93 core/models.py:93
 msgid "updated on"
 msgstr ""

-#: build/lib/core/models.py:93 core/models.py:93
+#: build/lib/core/models.py:94 core/models.py:94
 msgid "date and time at which a record was last updated"
 msgstr ""

-#: build/lib/core/models.py:129 core/models.py:129
+#: build/lib/core/models.py:130 core/models.py:130
 msgid "We couldn't find a user with this sub but the email is already associated with a registered user."
 msgstr ""

-#: build/lib/core/models.py:142 core/models.py:142
-msgid "Enter a valid sub. This value may contain only letters, numbers, and @/./+/-/_/: characters."
-msgstr ""
-
-#: build/lib/core/models.py:148 core/models.py:148
+#: build/lib/core/models.py:141 core/models.py:141
 msgid "sub"
 msgstr ""

-#: build/lib/core/models.py:150 core/models.py:150
-msgid "Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
+#: build/lib/core/models.py:142 core/models.py:142
+msgid "Required. 255 characters or fewer. ASCII characters only."
 msgstr ""

-#: build/lib/core/models.py:159 core/models.py:159
+#: build/lib/core/models.py:150 core/models.py:150
 msgid "full name"
 msgstr ""

-#: build/lib/core/models.py:160 core/models.py:160
+#: build/lib/core/models.py:151 core/models.py:151
 msgid "short name"
 msgstr ""

-#: build/lib/core/models.py:162 core/models.py:162
+#: build/lib/core/models.py:153 core/models.py:153
 msgid "identity email address"
 msgstr ""

-#: build/lib/core/models.py:167 core/models.py:167
+#: build/lib/core/models.py:158 core/models.py:158
 msgid "admin email address"
 msgstr ""

-#: build/lib/core/models.py:174 core/models.py:174
+#: build/lib/core/models.py:165 core/models.py:165
 msgid "language"
 msgstr ""

-#: build/lib/core/models.py:175 core/models.py:175
+#: build/lib/core/models.py:166 core/models.py:166
 msgid "The language in which the user wants to see the interface."
 msgstr ""

-#: build/lib/core/models.py:183 core/models.py:183
+#: build/lib/core/models.py:174 core/models.py:174
 msgid "The timezone in which the user wants to see times."
 msgstr ""

-#: build/lib/core/models.py:186 core/models.py:186
+#: build/lib/core/models.py:177 core/models.py:177
 msgid "device"
 msgstr ""

-#: build/lib/core/models.py:188 core/models.py:188
+#: build/lib/core/models.py:179 core/models.py:179
 msgid "Whether the user is a device or a real user."
 msgstr ""

-#: build/lib/core/models.py:191 core/models.py:191
+#: build/lib/core/models.py:182 core/models.py:182
 msgid "staff status"
 msgstr ""

-#: build/lib/core/models.py:193 core/models.py:193
+#: build/lib/core/models.py:184 core/models.py:184
 msgid "Whether the user can log into this admin site."
 msgstr ""

-#: build/lib/core/models.py:196 core/models.py:196
+#: build/lib/core/models.py:187 core/models.py:187
 msgid "active"
 msgstr ""

-#: build/lib/core/models.py:199 core/models.py:199
+#: build/lib/core/models.py:190 core/models.py:190
 msgid "Whether this user should be treated as active. Unselect this instead of deleting accounts."
 msgstr ""

-#: build/lib/core/models.py:211 core/models.py:211
+#: build/lib/core/models.py:202 core/models.py:202
 msgid "user"
 msgstr ""

-#: build/lib/core/models.py:212 core/models.py:212
+#: build/lib/core/models.py:203 core/models.py:203
 msgid "users"
 msgstr ""

-#: build/lib/core/models.py:368 build/lib/core/models.py:1281
-#: core/models.py:368 core/models.py:1281
+#: build/lib/core/models.py:359 build/lib/core/models.py:1281
+#: core/models.py:359 core/models.py:1281
 msgid "title"
 msgstr ""

-#: build/lib/core/models.py:369 core/models.py:369
+#: build/lib/core/models.py:360 core/models.py:360
 msgid "excerpt"
 msgstr ""

-#: build/lib/core/models.py:418 core/models.py:418
+#: build/lib/core/models.py:409 core/models.py:409
 msgid "Document"
 msgstr ""

-#: build/lib/core/models.py:419 core/models.py:419
+#: build/lib/core/models.py:410 core/models.py:410
 msgid "Documents"
 msgstr ""

-#: build/lib/core/models.py:431 build/lib/core/models.py:820 core/models.py:431
-#: core/models.py:820
+#: build/lib/core/models.py:422 build/lib/core/models.py:819 core/models.py:422
+#: core/models.py:819
 msgid "Untitled Document"
 msgstr ""

-#: build/lib/core/models.py:855 core/models.py:855
+#: build/lib/core/models.py:854 core/models.py:854
 #, python-brace-format
 msgid "{name} shared a document with you!"
 msgstr ""

-#: build/lib/core/models.py:859 core/models.py:859
+#: build/lib/core/models.py:858 core/models.py:858
 #, python-brace-format
 msgid "{name} invited you with the role \"{role}\" on the following document:"
 msgstr ""

-#: build/lib/core/models.py:865 core/models.py:865
+#: build/lib/core/models.py:864 core/models.py:864
 #, python-brace-format
 msgid "{name} shared a document with you: {title}"
 msgstr ""
--- a/src/backend/locale/ru_RU/LC_MESSAGES/django.po
+++ b/src/backend/locale/ru_RU/LC_MESSAGES/django.po
@@ -0,0 +1,417 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: lasuite-docs\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2025-09-10 14:29+0000\n"
+"PO-Revision-Date: 2025-09-12 09:50\n"
+"Last-Translator: \n"
+"Language-Team: Russian\n"
+"Language: ru_RU\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=4; plural=((n%10==1 && n%100!=11) ? 0 : ((n%10 >= 2 && n%10 <=4 && (n%100 < 12 || n%100 > 14)) ? 1 : ((n%10 == 0 || (n%10 >= 5 && n%10 <=9)) || (n%100 >= 11 && n%100 <= 14)) ? 2 : 3));\n"
+"X-Crowdin-Project: lasuite-docs\n"
+"X-Crowdin-Project-ID: 754523\n"
+"X-Crowdin-Language: ru\n"
+"X-Crowdin-File: backend-impress.pot\n"
+"X-Crowdin-File-ID: 18\n"
+
+#: build/lib/core/admin.py:37 core/admin.py:37
+msgid "Personal info"
+msgstr "Личная информация"
+
+#: build/lib/core/admin.py:50 build/lib/core/admin.py:138 core/admin.py:50
+#: core/admin.py:138
+msgid "Permissions"
+msgstr "Разрешения"
+
+#: build/lib/core/admin.py:62 core/admin.py:62
+msgid "Important dates"
+msgstr "Важные даты"
+
+#: build/lib/core/admin.py:148 core/admin.py:148
+msgid "Tree structure"
+msgstr "Древовидная структура"
+
+#: build/lib/core/api/filters.py:47 core/api/filters.py:47
+msgid "Title"
+msgstr "Заголовок"
+
+#: build/lib/core/api/filters.py:61 core/api/filters.py:61
+msgid "Creator is me"
+msgstr "Создатель - я"
+
+#: build/lib/core/api/filters.py:64 core/api/filters.py:64
+msgid "Masked"
+msgstr "Скрытый"
+
+#: build/lib/core/api/filters.py:67 core/api/filters.py:67
+msgid "Favorite"
+msgstr "Избранное"
+
+#: build/lib/core/api/serializers.py:487 core/api/serializers.py:487
+msgid "A new document was created on your behalf!"
+msgstr "Новый документ был создан от вашего имени!"
+
+#: build/lib/core/api/serializers.py:491 core/api/serializers.py:491
+msgid "You have been granted ownership of a new document:"
+msgstr "Вы назначены владельцем для нового документа:"
+
+#: build/lib/core/api/serializers.py:628 core/api/serializers.py:628
+msgid "Body"
+msgstr "Текст сообщения"
+
+#: build/lib/core/api/serializers.py:631 core/api/serializers.py:631
+msgid "Body type"
+msgstr "Тип сообщения"
+
+#: build/lib/core/api/serializers.py:637 core/api/serializers.py:637
+msgid "Format"
+msgstr "Формат"
+
+#: build/lib/core/api/viewsets.py:965 core/api/viewsets.py:965
+#, python-brace-format
+msgid "copy of {title}"
+msgstr "копия {title}"
+
+#: build/lib/core/choices.py:35 build/lib/core/choices.py:42 core/choices.py:35
+#: core/choices.py:42
+msgid "Reader"
+msgstr "Читатель"
+
+#: build/lib/core/choices.py:36 build/lib/core/choices.py:43 core/choices.py:36
+#: core/choices.py:43
+msgid "Editor"
+msgstr "Редактор"
+
+#: build/lib/core/choices.py:44 core/choices.py:44
+msgid "Administrator"
+msgstr "Администратор"
+
+#: build/lib/core/choices.py:45 core/choices.py:45
+msgid "Owner"
+msgstr "Владелец"
+
+#: build/lib/core/choices.py:56 core/choices.py:56
+msgid "Restricted"
+msgstr "Доступ ограничен"
+
+#: build/lib/core/choices.py:60 core/choices.py:60
+msgid "Authenticated"
+msgstr "Аутентификация выполнена"
+
+#: build/lib/core/choices.py:62 core/choices.py:62
+msgid "Public"
+msgstr "Доступно всем"
+
+#: build/lib/core/enums.py:36 core/enums.py:36
+msgid "First child"
+msgstr "Первый потомок"
+
+#: build/lib/core/enums.py:37 core/enums.py:37
+msgid "Last child"
+msgstr "Последний потомок"
+
+#: build/lib/core/enums.py:38 core/enums.py:38
+msgid "First sibling"
+msgstr "Первый предок"
+
+#: build/lib/core/enums.py:39 core/enums.py:39
+msgid "Last sibling"
+msgstr "Последний предок"
+
+#: build/lib/core/enums.py:40 core/enums.py:40
+msgid "Left"
+msgstr "Слева"
+
+#: build/lib/core/enums.py:41 core/enums.py:41
+msgid "Right"
+msgstr "Справа"
+
+#: build/lib/core/models.py:80 core/models.py:80
+msgid "id"
+msgstr "id"
+
+#: build/lib/core/models.py:81 core/models.py:81
+msgid "primary key for the record as UUID"
+msgstr "первичный ключ для записи как UUID"
+
+#: build/lib/core/models.py:87 core/models.py:87
+msgid "created on"
+msgstr "создано"
+
+#: build/lib/core/models.py:88 core/models.py:88
+msgid "date and time at which a record was created"
+msgstr "дата и время создания записи"
+
+#: build/lib/core/models.py:93 core/models.py:93
+msgid "updated on"
+msgstr "обновлено"
+
+#: build/lib/core/models.py:94 core/models.py:94
+msgid "date and time at which a record was last updated"
+msgstr "дата и время последнего обновления записи"
+
+#: build/lib/core/models.py:130 core/models.py:130
+msgid "We couldn't find a user with this sub but the email is already associated with a registered user."
+msgstr "Мы не смогли найти пользователя с этими данными, но этот адрес уже связан с зарегистрированным пользователем."
+
+#: build/lib/core/models.py:141 core/models.py:141
+msgid "sub"
+msgstr "вложение"
+
+#: build/lib/core/models.py:142 core/models.py:142
+msgid "Required. 255 characters or fewer. ASCII characters only."
+msgstr "Обязательно. 255 символов или меньше. Только ASCII символы."
+
+#: build/lib/core/models.py:150 core/models.py:150
+msgid "full name"
+msgstr "полное имя"
+
+#: build/lib/core/models.py:151 core/models.py:151
+msgid "short name"
+msgstr "короткое имя"
+
+#: build/lib/core/models.py:153 core/models.py:153
+msgid "identity email address"
+msgstr "личный адрес электронной почты"
+
+#: build/lib/core/models.py:158 core/models.py:158
+msgid "admin email address"
+msgstr "e-mail администратора"
+
+#: build/lib/core/models.py:165 core/models.py:165
+msgid "language"
+msgstr "язык"
+
+#: build/lib/core/models.py:166 core/models.py:166
+msgid "The language in which the user wants to see the interface."
+msgstr "Язык, на котором пользователь хочет видеть интерфейс."
+
+#: build/lib/core/models.py:174 core/models.py:174
+msgid "The timezone in which the user wants to see times."
+msgstr "Часовой пояс, в котором пользователь хочет видеть время."
+
+#: build/lib/core/models.py:177 core/models.py:177
+msgid "device"
+msgstr "устройство"
+
+#: build/lib/core/models.py:179 core/models.py:179
+msgid "Whether the user is a device or a real user."
+msgstr "Пользователь является устройством или человеком."
+
+#: build/lib/core/models.py:182 core/models.py:182
+msgid "staff status"
+msgstr "статус сотрудника"
+
+#: build/lib/core/models.py:184 core/models.py:184
+msgid "Whether the user can log into this admin site."
+msgstr "Может ли пользователь войти на этот административный сайт."
+
+#: build/lib/core/models.py:187 core/models.py:187
+msgid "active"
+msgstr "активный"
+
+#: build/lib/core/models.py:190 core/models.py:190
+msgid "Whether this user should be treated as active. Unselect this instead of deleting accounts."
+msgstr "Должен ли пользователь рассматриваться как активный. Альтернатива удалению учётных записей."
+
+#: build/lib/core/models.py:202 core/models.py:202
+msgid "user"
+msgstr "пользователь"
+
+#: build/lib/core/models.py:203 core/models.py:203
+msgid "users"
+msgstr "пользователи"
+
+#: build/lib/core/models.py:359 build/lib/core/models.py:1281
+#: core/models.py:359 core/models.py:1281
+msgid "title"
+msgstr "заголовок"
+
+#: build/lib/core/models.py:360 core/models.py:360
+msgid "excerpt"
+msgstr "отрывок"
+
+#: build/lib/core/models.py:409 core/models.py:409
+msgid "Document"
+msgstr "Документ"
+
+#: build/lib/core/models.py:410 core/models.py:410
+msgid "Documents"
+msgstr "Документы"
+
+#: build/lib/core/models.py:422 build/lib/core/models.py:819 core/models.py:422
+#: core/models.py:819
+msgid "Untitled Document"
+msgstr "Безымянный документ"
+
+#: build/lib/core/models.py:854 core/models.py:854
+#, python-brace-format
+msgid "{name} shared a document with you!"
+msgstr "{name} делится с вами документом!"
+
+#: build/lib/core/models.py:858 core/models.py:858
+#, python-brace-format
+msgid "{name} invited you with the role \"{role}\" on the following document:"
+msgstr "{name} приглашает вас присоединиться к следующему документу с ролью \"{role}\":"
+
+#: build/lib/core/models.py:864 core/models.py:864
+#, python-brace-format
+msgid "{name} shared a document with you: {title}"
+msgstr "{name} делится с вами документом: {title}"
+
+#: build/lib/core/models.py:964 core/models.py:964
+msgid "Document/user link trace"
+msgstr "Трассировка связи документ/пользователь"
+
+#: build/lib/core/models.py:965 core/models.py:965
+msgid "Document/user link traces"
+msgstr "Трассировка связей документ/пользователь"
+
+#: build/lib/core/models.py:971 core/models.py:971
+msgid "A link trace already exists for this document/user."
+msgstr "Для этого документа/пользователя уже существует трассировка ссылки."
+
+#: build/lib/core/models.py:994 core/models.py:994
+msgid "Document favorite"
+msgstr "Избранный документ"
+
+#: build/lib/core/models.py:995 core/models.py:995
+msgid "Document favorites"
+msgstr "Избранные документы"
+
+#: build/lib/core/models.py:1001 core/models.py:1001
+msgid "This document is already targeted by a favorite relation instance for the same user."
+msgstr "Этот документ уже помечен как избранный для этого пользователя."
+
+#: build/lib/core/models.py:1023 core/models.py:1023
+msgid "Document/user relation"
+msgstr "Отношение документ/пользователь"
+
+#: build/lib/core/models.py:1024 core/models.py:1024
+msgid "Document/user relations"
+msgstr "Отношения документ/пользователь"
+
+#: build/lib/core/models.py:1030 core/models.py:1030
+msgid "This user is already in this document."
+msgstr "Этот пользователь уже имеет доступ к этому документу."
+
+#: build/lib/core/models.py:1036 core/models.py:1036
+msgid "This team is already in this document."
+msgstr "Эта команда уже имеет доступ к этому документу."
+
+#: build/lib/core/models.py:1042 build/lib/core/models.py:1367
+#: core/models.py:1042 core/models.py:1367
+msgid "Either user or team must be set, not both."
+msgstr "Может быть выбран либо пользователь, либо команда, но не оба варианта сразу."
+
+#: build/lib/core/models.py:1188 core/models.py:1188
+msgid "Document ask for access"
+msgstr "Документ запрашивает доступ"
+
+#: build/lib/core/models.py:1189 core/models.py:1189
+msgid "Document ask for accesses"
+msgstr "Документ запрашивает доступы"
+
+#: build/lib/core/models.py:1195 core/models.py:1195
+msgid "This user has already asked for access to this document."
+msgstr "Этот пользователь уже запросил доступ к этому документу."
+
+#: build/lib/core/models.py:1260 core/models.py:1260
+#, python-brace-format
+msgid "{name} would like access to a document!"
+msgstr "{name} хочет получить доступ к документу!"
+
+#: build/lib/core/models.py:1264 core/models.py:1264
+#, python-brace-format
+msgid "{name} would like access to the following document:"
+msgstr "{name} хочет получить доступ к следующему документу:"
+
+#: build/lib/core/models.py:1270 core/models.py:1270
+#, python-brace-format
+msgid "{name} is asking for access to the document: {title}"
+msgstr "{name} запрашивает доступ к документу: {title}"
+
+#: build/lib/core/models.py:1282 core/models.py:1282
+msgid "description"
+msgstr "описание"
+
+#: build/lib/core/models.py:1283 core/models.py:1283
+msgid "code"
+msgstr "код"
+
+#: build/lib/core/models.py:1284 core/models.py:1284
+msgid "css"
+msgstr "css"
+
+#: build/lib/core/models.py:1286 core/models.py:1286
+msgid "public"
+msgstr "доступно всем"
+
+#: build/lib/core/models.py:1288 core/models.py:1288
+msgid "Whether this template is public for anyone to use."
+msgstr "Этот шаблон доступен всем пользователям."
+
+#: build/lib/core/models.py:1294 core/models.py:1294
+msgid "Template"
+msgstr "Шаблон"
+
+#: build/lib/core/models.py:1295 core/models.py:1295
+msgid "Templates"
+msgstr "Шаблоны"
+
+#: build/lib/core/models.py:1348 core/models.py:1348
+msgid "Template/user relation"
+msgstr "Отношение шаблон/пользователь"
+
+#: build/lib/core/models.py:1349 core/models.py:1349
+msgid "Template/user relations"
+msgstr "Отношения шаблон/пользователь"
+
+#: build/lib/core/models.py:1355 core/models.py:1355
+msgid "This user is already in this template."
+msgstr "Этот пользователь уже указан в этом шаблоне."
+
+#: build/lib/core/models.py:1361 core/models.py:1361
+msgid "This team is already in this template."
+msgstr "Эта команда уже указана в этом шаблоне."
+
+#: build/lib/core/models.py:1438 core/models.py:1438
+msgid "email address"
+msgstr "адрес электронной почты"
+
+#: build/lib/core/models.py:1457 core/models.py:1457
+msgid "Document invitation"
+msgstr "Приглашение для документа"
+
+#: build/lib/core/models.py:1458 core/models.py:1458
+msgid "Document invitations"
+msgstr "Приглашения для документов"
+
+#: build/lib/core/models.py:1478 core/models.py:1478
+msgid "This email is already associated to a registered user."
+msgstr "Этот адрес уже связан с зарегистрированным пользователем."
+
+#: core/templates/mail/html/template.html:162
+#: core/templates/mail/text/template.txt:3
+msgid "Logo email"
+msgstr "Логотип email"
+
+#: core/templates/mail/html/template.html:209
+#: core/templates/mail/text/template.txt:10
+msgid "Open"
+msgstr "Открыть"
+
+#: core/templates/mail/html/template.html:226
+#: core/templates/mail/text/template.txt:14
+msgid " Docs, your new essential tool for organizing, sharing and collaborating on your documents as a team. "
+msgstr " Docs, ваш новый инструмент для организации и совместного использования документов в вашей команде. "
+
+#: core/templates/mail/html/template.html:233
+#: core/templates/mail/text/template.txt:16
+#, python-format
+msgid " Brought to you by %(brandname)s "
+msgstr " Доступ получен от %(brandname)s "
+
--- a/src/backend/locale/sl_SI/LC_MESSAGES/django.po
+++ b/src/backend/locale/sl_SI/LC_MESSAGES/django.po
@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-docs\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-07-08 15:21+0000\n"
-"PO-Revision-Date: 2025-07-18 10:25\n"
+"POT-Creation-Date: 2025-09-10 14:29+0000\n"
+"PO-Revision-Date: 2025-09-12 09:50\n"
 "Last-Translator: \n"
 "Language-Team: Slovenian\n"
 "Language: sl_SI\n"
@@ -43,30 +43,34 @@ msgid "Creator is me"
 msgstr "Ustvaril sem jaz"

 #: build/lib/core/api/filters.py:64 core/api/filters.py:64
+msgid "Masked"
+msgstr ""
+
+#: build/lib/core/api/filters.py:67 core/api/filters.py:67
 msgid "Favorite"
 msgstr "Priljubljena"

-#: build/lib/core/api/serializers.py:467 core/api/serializers.py:467
+#: build/lib/core/api/serializers.py:487 core/api/serializers.py:487
 msgid "A new document was created on your behalf!"
 msgstr "Nov dokument je bil ustvarjen v vašem imenu!"

-#: build/lib/core/api/serializers.py:471 core/api/serializers.py:471
+#: build/lib/core/api/serializers.py:491 core/api/serializers.py:491
 msgid "You have been granted ownership of a new document:"
 msgstr "Dodeljeno vam je bilo lastništvo nad novim dokumentom:"

-#: build/lib/core/api/serializers.py:608 core/api/serializers.py:608
+#: build/lib/core/api/serializers.py:628 core/api/serializers.py:628
 msgid "Body"
 msgstr "Telo"

-#: build/lib/core/api/serializers.py:611 core/api/serializers.py:611
+#: build/lib/core/api/serializers.py:631 core/api/serializers.py:631
 msgid "Body type"
 msgstr "Vrsta telesa"

-#: build/lib/core/api/serializers.py:617 core/api/serializers.py:617
+#: build/lib/core/api/serializers.py:637 core/api/serializers.py:637
 msgid "Format"
 msgstr "Oblika"

-#: build/lib/core/api/viewsets.py:943 core/api/viewsets.py:943
+#: build/lib/core/api/viewsets.py:965 core/api/viewsets.py:965
 #, python-brace-format
 msgid "copy of {title}"
 msgstr ""
@@ -125,139 +129,135 @@ msgstr "Levo"
 msgid "Right"
 msgstr "Desno"

-#: build/lib/core/models.py:79 core/models.py:79
+#: build/lib/core/models.py:80 core/models.py:80
 msgid "id"
 msgstr ""

-#: build/lib/core/models.py:80 core/models.py:80
+#: build/lib/core/models.py:81 core/models.py:81
 msgid "primary key for the record as UUID"
 msgstr "primarni ključ za zapis kot UUID"

-#: build/lib/core/models.py:86 core/models.py:86
+#: build/lib/core/models.py:87 core/models.py:87
 msgid "created on"
 msgstr "ustvarjen na"

-#: build/lib/core/models.py:87 core/models.py:87
+#: build/lib/core/models.py:88 core/models.py:88
 msgid "date and time at which a record was created"
 msgstr "datum in čas, ko je bil zapis ustvarjen"

-#: build/lib/core/models.py:92 core/models.py:92
+#: build/lib/core/models.py:93 core/models.py:93
 msgid "updated on"
 msgstr "posodobljeno dne"

-#: build/lib/core/models.py:93 core/models.py:93
+#: build/lib/core/models.py:94 core/models.py:94
 msgid "date and time at which a record was last updated"
 msgstr "datum in čas, ko je bil zapis nazadnje posodobljen"

-#: build/lib/core/models.py:129 core/models.py:129
+#: build/lib/core/models.py:130 core/models.py:130
 msgid "We couldn't find a user with this sub but the email is already associated with a registered user."
 msgstr "Nismo mogli najti uporabnika s tem sub, vendar je e-poštni naslov že povezan z registriranim uporabnikom."

-#: build/lib/core/models.py:142 core/models.py:142
-msgid "Enter a valid sub. This value may contain only letters, numbers, and @/./+/-/_/: characters."
-msgstr "Vnesite veljavno sub. Ta vrednost lahko vsebuje samo črke, številke in znake @/./+/-/_/:."
-
-#: build/lib/core/models.py:148 core/models.py:148
+#: build/lib/core/models.py:141 core/models.py:141
 msgid "sub"
 msgstr ""

-#: build/lib/core/models.py:150 core/models.py:150
-msgid "Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
-msgstr "Obvezno. 255 znakov ali manj. Samo črke, številke in znaki @/./+/-/_/: ."
+#: build/lib/core/models.py:142 core/models.py:142
+msgid "Required. 255 characters or fewer. ASCII characters only."
+msgstr ""

-#: build/lib/core/models.py:159 core/models.py:159
+#: build/lib/core/models.py:150 core/models.py:150
 msgid "full name"
 msgstr "polno ime"

-#: build/lib/core/models.py:160 core/models.py:160
+#: build/lib/core/models.py:151 core/models.py:151
 msgid "short name"
 msgstr "kratko ime"

-#: build/lib/core/models.py:162 core/models.py:162
+#: build/lib/core/models.py:153 core/models.py:153
 msgid "identity email address"
 msgstr "elektronski naslov identitete"

-#: build/lib/core/models.py:167 core/models.py:167
+#: build/lib/core/models.py:158 core/models.py:158
 msgid "admin email address"
 msgstr "elektronski naslov skrbnika"

-#: build/lib/core/models.py:174 core/models.py:174
+#: build/lib/core/models.py:165 core/models.py:165
 msgid "language"
 msgstr "jezik"

-#: build/lib/core/models.py:175 core/models.py:175
+#: build/lib/core/models.py:166 core/models.py:166
 msgid "The language in which the user wants to see the interface."
 msgstr "Jezik, v katerem uporabnik želi videti vmesnik."

-#: build/lib/core/models.py:183 core/models.py:183
+#: build/lib/core/models.py:174 core/models.py:174
 msgid "The timezone in which the user wants to see times."
 msgstr "Časovni pas, v katerem želi uporabnik videti uro."

-#: build/lib/core/models.py:186 core/models.py:186
+#: build/lib/core/models.py:177 core/models.py:177
 msgid "device"
 msgstr "naprava"

-#: build/lib/core/models.py:188 core/models.py:188
+#: build/lib/core/models.py:179 core/models.py:179
 msgid "Whether the user is a device or a real user."
 msgstr "Ali je uporabnik naprava ali pravi uporabnik."

-#: build/lib/core/models.py:191 core/models.py:191
+#: build/lib/core/models.py:182 core/models.py:182
 msgid "staff status"
 msgstr "kadrovski status"

-#: build/lib/core/models.py:193 core/models.py:193
+#: build/lib/core/models.py:184 core/models.py:184
 msgid "Whether the user can log into this admin site."
 msgstr "Ali se uporabnik lahko prijavi na to skrbniško mesto."

-#: build/lib/core/models.py:196 core/models.py:196
+#: build/lib/core/models.py:187 core/models.py:187
 msgid "active"
 msgstr "aktivni"

-#: build/lib/core/models.py:199 core/models.py:199
+#: build/lib/core/models.py:190 core/models.py:190
 msgid "Whether this user should be treated as active. Unselect this instead of deleting accounts."
 msgstr "Ali je treba tega uporabnika obravnavati kot aktivnega. Namesto brisanja računov počistite to izbiro."

-#: build/lib/core/models.py:211 core/models.py:211
+#: build/lib/core/models.py:202 core/models.py:202
 msgid "user"
 msgstr "uporabnik"

-#: build/lib/core/models.py:212 core/models.py:212
+#: build/lib/core/models.py:203 core/models.py:203
 msgid "users"
 msgstr "uporabniki"

-#: build/lib/core/models.py:368 build/lib/core/models.py:1281
-#: core/models.py:368 core/models.py:1281
+#: build/lib/core/models.py:359 build/lib/core/models.py:1281
+#: core/models.py:359 core/models.py:1281
 msgid "title"
 msgstr "naslov"

-#: build/lib/core/models.py:369 core/models.py:369
+#: build/lib/core/models.py:360 core/models.py:360
 msgid "excerpt"
 msgstr "odlomek"

-#: build/lib/core/models.py:418 core/models.py:418
+#: build/lib/core/models.py:409 core/models.py:409
 msgid "Document"
 msgstr "Dokument"

-#: build/lib/core/models.py:419 core/models.py:419
+#: build/lib/core/models.py:410 core/models.py:410
 msgid "Documents"
 msgstr "Dokumenti"

-#: build/lib/core/models.py:431 build/lib/core/models.py:820 core/models.py:431
-#: core/models.py:820
+#: build/lib/core/models.py:422 build/lib/core/models.py:819 core/models.py:422
+#: core/models.py:819
 msgid "Untitled Document"
 msgstr "Dokument brez naslova"

-#: build/lib/core/models.py:855 core/models.py:855
+#: build/lib/core/models.py:854 core/models.py:854
 #, python-brace-format
 msgid "{name} shared a document with you!"
 msgstr "{name} je delil dokument z vami!"

-#: build/lib/core/models.py:859 core/models.py:859
+#: build/lib/core/models.py:858 core/models.py:858
 #, python-brace-format
 msgid "{name} invited you with the role \"{role}\" on the following document:"
 msgstr "{name} vas je povabil z vlogo \"{role}\" na naslednjem dokumentu:"

-#: build/lib/core/models.py:865 core/models.py:865
+#: build/lib/core/models.py:864 core/models.py:864
 #, python-brace-format
 msgid "{name} shared a document with you: {title}"
 msgstr "{name} je delil dokument z vami: {title}"
--- a/src/backend/locale/sv_SE/LC_MESSAGES/django.po
+++ b/src/backend/locale/sv_SE/LC_MESSAGES/django.po
@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-docs\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-07-08 15:21+0000\n"
-"PO-Revision-Date: 2025-07-18 10:25\n"
+"POT-Creation-Date: 2025-09-10 14:29+0000\n"
+"PO-Revision-Date: 2025-09-12 09:50\n"
 "Last-Translator: \n"
 "Language-Team: Swedish\n"
 "Language: sv_SE\n"
@@ -43,30 +43,34 @@ msgid "Creator is me"
 msgstr "Skaparen är jag"

 #: build/lib/core/api/filters.py:64 core/api/filters.py:64
+msgid "Masked"
+msgstr ""
+
+#: build/lib/core/api/filters.py:67 core/api/filters.py:67
 msgid "Favorite"
 msgstr "Favoriter"

-#: build/lib/core/api/serializers.py:467 core/api/serializers.py:467
+#: build/lib/core/api/serializers.py:487 core/api/serializers.py:487
 msgid "A new document was created on your behalf!"
 msgstr "Ett nytt dokument skapades åt dig!"

-#: build/lib/core/api/serializers.py:471 core/api/serializers.py:471
+#: build/lib/core/api/serializers.py:491 core/api/serializers.py:491
 msgid "You have been granted ownership of a new document:"
 msgstr "Du har beviljats äganderätt till ett nytt dokument:"

-#: build/lib/core/api/serializers.py:608 core/api/serializers.py:608
+#: build/lib/core/api/serializers.py:628 core/api/serializers.py:628
 msgid "Body"
 msgstr ""

-#: build/lib/core/api/serializers.py:611 core/api/serializers.py:611
+#: build/lib/core/api/serializers.py:631 core/api/serializers.py:631
 msgid "Body type"
 msgstr ""

-#: build/lib/core/api/serializers.py:617 core/api/serializers.py:617
+#: build/lib/core/api/serializers.py:637 core/api/serializers.py:637
 msgid "Format"
 msgstr "Format"

-#: build/lib/core/api/viewsets.py:943 core/api/viewsets.py:943
+#: build/lib/core/api/viewsets.py:965 core/api/viewsets.py:965
 #, python-brace-format
 msgid "copy of {title}"
 msgstr ""
@@ -125,139 +129,135 @@ msgstr ""
 msgid "Right"
 msgstr ""

-#: build/lib/core/models.py:79 core/models.py:79
+#: build/lib/core/models.py:80 core/models.py:80
 msgid "id"
 msgstr ""

-#: build/lib/core/models.py:80 core/models.py:80
+#: build/lib/core/models.py:81 core/models.py:81
 msgid "primary key for the record as UUID"
 msgstr ""

-#: build/lib/core/models.py:86 core/models.py:86
+#: build/lib/core/models.py:87 core/models.py:87
 msgid "created on"
 msgstr ""

-#: build/lib/core/models.py:87 core/models.py:87
+#: build/lib/core/models.py:88 core/models.py:88
 msgid "date and time at which a record was created"
 msgstr ""

-#: build/lib/core/models.py:92 core/models.py:92
+#: build/lib/core/models.py:93 core/models.py:93
 msgid "updated on"
 msgstr ""

-#: build/lib/core/models.py:93 core/models.py:93
+#: build/lib/core/models.py:94 core/models.py:94
 msgid "date and time at which a record was last updated"
 msgstr ""

-#: build/lib/core/models.py:129 core/models.py:129
+#: build/lib/core/models.py:130 core/models.py:130
 msgid "We couldn't find a user with this sub but the email is already associated with a registered user."
 msgstr ""

-#: build/lib/core/models.py:142 core/models.py:142
-msgid "Enter a valid sub. This value may contain only letters, numbers, and @/./+/-/_/: characters."
-msgstr ""
-
-#: build/lib/core/models.py:148 core/models.py:148
+#: build/lib/core/models.py:141 core/models.py:141
 msgid "sub"
 msgstr ""

-#: build/lib/core/models.py:150 core/models.py:150
-msgid "Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
+#: build/lib/core/models.py:142 core/models.py:142
+msgid "Required. 255 characters or fewer. ASCII characters only."
 msgstr ""

-#: build/lib/core/models.py:159 core/models.py:159
+#: build/lib/core/models.py:150 core/models.py:150
 msgid "full name"
 msgstr ""

-#: build/lib/core/models.py:160 core/models.py:160
+#: build/lib/core/models.py:151 core/models.py:151
 msgid "short name"
 msgstr ""

-#: build/lib/core/models.py:162 core/models.py:162
+#: build/lib/core/models.py:153 core/models.py:153
 msgid "identity email address"
 msgstr ""

-#: build/lib/core/models.py:167 core/models.py:167
+#: build/lib/core/models.py:158 core/models.py:158
 msgid "admin email address"
 msgstr ""

-#: build/lib/core/models.py:174 core/models.py:174
+#: build/lib/core/models.py:165 core/models.py:165
 msgid "language"
 msgstr ""

-#: build/lib/core/models.py:175 core/models.py:175
+#: build/lib/core/models.py:166 core/models.py:166
 msgid "The language in which the user wants to see the interface."
 msgstr ""

-#: build/lib/core/models.py:183 core/models.py:183
+#: build/lib/core/models.py:174 core/models.py:174
 msgid "The timezone in which the user wants to see times."
 msgstr ""

-#: build/lib/core/models.py:186 core/models.py:186
+#: build/lib/core/models.py:177 core/models.py:177
 msgid "device"
 msgstr ""

-#: build/lib/core/models.py:188 core/models.py:188
+#: build/lib/core/models.py:179 core/models.py:179
 msgid "Whether the user is a device or a real user."
 msgstr ""

-#: build/lib/core/models.py:191 core/models.py:191
+#: build/lib/core/models.py:182 core/models.py:182
 msgid "staff status"
 msgstr ""

-#: build/lib/core/models.py:193 core/models.py:193
+#: build/lib/core/models.py:184 core/models.py:184
 msgid "Whether the user can log into this admin site."
 msgstr ""

-#: build/lib/core/models.py:196 core/models.py:196
+#: build/lib/core/models.py:187 core/models.py:187
 msgid "active"
 msgstr "aktiv"

-#: build/lib/core/models.py:199 core/models.py:199
+#: build/lib/core/models.py:190 core/models.py:190
 msgid "Whether this user should be treated as active. Unselect this instead of deleting accounts."
 msgstr ""

-#: build/lib/core/models.py:211 core/models.py:211
+#: build/lib/core/models.py:202 core/models.py:202
 msgid "user"
 msgstr ""

-#: build/lib/core/models.py:212 core/models.py:212
+#: build/lib/core/models.py:203 core/models.py:203
 msgid "users"
 msgstr ""

-#: build/lib/core/models.py:368 build/lib/core/models.py:1281
-#: core/models.py:368 core/models.py:1281
+#: build/lib/core/models.py:359 build/lib/core/models.py:1281
+#: core/models.py:359 core/models.py:1281
 msgid "title"
 msgstr ""

-#: build/lib/core/models.py:369 core/models.py:369
+#: build/lib/core/models.py:360 core/models.py:360
 msgid "excerpt"
 msgstr ""

-#: build/lib/core/models.py:418 core/models.py:418
+#: build/lib/core/models.py:409 core/models.py:409
 msgid "Document"
 msgstr ""

-#: build/lib/core/models.py:419 core/models.py:419
+#: build/lib/core/models.py:410 core/models.py:410
 msgid "Documents"
 msgstr ""

-#: build/lib/core/models.py:431 build/lib/core/models.py:820 core/models.py:431
-#: core/models.py:820
+#: build/lib/core/models.py:422 build/lib/core/models.py:819 core/models.py:422
+#: core/models.py:819
 msgid "Untitled Document"
 msgstr ""

-#: build/lib/core/models.py:855 core/models.py:855
+#: build/lib/core/models.py:854 core/models.py:854
 #, python-brace-format
 msgid "{name} shared a document with you!"
 msgstr ""

-#: build/lib/core/models.py:859 core/models.py:859
+#: build/lib/core/models.py:858 core/models.py:858
 #, python-brace-format
 msgid "{name} invited you with the role \"{role}\" on the following document:"
 msgstr ""

-#: build/lib/core/models.py:865 core/models.py:865
+#: build/lib/core/models.py:864 core/models.py:864
 #, python-brace-format
 msgid "{name} shared a document with you: {title}"
 msgstr ""
--- a/src/backend/locale/tr_TR/LC_MESSAGES/django.po
+++ b/src/backend/locale/tr_TR/LC_MESSAGES/django.po
@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-docs\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-07-08 15:21+0000\n"
-"PO-Revision-Date: 2025-07-18 10:25\n"
+"POT-Creation-Date: 2025-09-10 14:29+0000\n"
+"PO-Revision-Date: 2025-09-12 09:50\n"
 "Last-Translator: \n"
 "Language-Team: Turkish\n"
 "Language: tr_TR\n"
@@ -43,30 +43,34 @@ msgid "Creator is me"
 msgstr ""

 #: build/lib/core/api/filters.py:64 core/api/filters.py:64
+msgid "Masked"
+msgstr ""
+
+#: build/lib/core/api/filters.py:67 core/api/filters.py:67
 msgid "Favorite"
 msgstr ""

-#: build/lib/core/api/serializers.py:467 core/api/serializers.py:467
+#: build/lib/core/api/serializers.py:487 core/api/serializers.py:487
 msgid "A new document was created on your behalf!"
 msgstr ""

-#: build/lib/core/api/serializers.py:471 core/api/serializers.py:471
+#: build/lib/core/api/serializers.py:491 core/api/serializers.py:491
 msgid "You have been granted ownership of a new document:"
 msgstr ""

-#: build/lib/core/api/serializers.py:608 core/api/serializers.py:608
+#: build/lib/core/api/serializers.py:628 core/api/serializers.py:628
 msgid "Body"
 msgstr ""

-#: build/lib/core/api/serializers.py:611 core/api/serializers.py:611
+#: build/lib/core/api/serializers.py:631 core/api/serializers.py:631
 msgid "Body type"
 msgstr ""

-#: build/lib/core/api/serializers.py:617 core/api/serializers.py:617
+#: build/lib/core/api/serializers.py:637 core/api/serializers.py:637
 msgid "Format"
 msgstr ""

-#: build/lib/core/api/viewsets.py:943 core/api/viewsets.py:943
+#: build/lib/core/api/viewsets.py:965 core/api/viewsets.py:965
 #, python-brace-format
 msgid "copy of {title}"
 msgstr ""
@@ -125,139 +129,135 @@ msgstr ""
 msgid "Right"
 msgstr ""

-#: build/lib/core/models.py:79 core/models.py:79
+#: build/lib/core/models.py:80 core/models.py:80
 msgid "id"
 msgstr ""

-#: build/lib/core/models.py:80 core/models.py:80
+#: build/lib/core/models.py:81 core/models.py:81
 msgid "primary key for the record as UUID"
 msgstr ""

-#: build/lib/core/models.py:86 core/models.py:86
+#: build/lib/core/models.py:87 core/models.py:87
 msgid "created on"
 msgstr ""

-#: build/lib/core/models.py:87 core/models.py:87
+#: build/lib/core/models.py:88 core/models.py:88
 msgid "date and time at which a record was created"
 msgstr ""

-#: build/lib/core/models.py:92 core/models.py:92
+#: build/lib/core/models.py:93 core/models.py:93
 msgid "updated on"
 msgstr ""

-#: build/lib/core/models.py:93 core/models.py:93
+#: build/lib/core/models.py:94 core/models.py:94
 msgid "date and time at which a record was last updated"
 msgstr ""

-#: build/lib/core/models.py:129 core/models.py:129
+#: build/lib/core/models.py:130 core/models.py:130
 msgid "We couldn't find a user with this sub but the email is already associated with a registered user."
 msgstr ""

-#: build/lib/core/models.py:142 core/models.py:142
-msgid "Enter a valid sub. This value may contain only letters, numbers, and @/./+/-/_/: characters."
-msgstr ""
-
-#: build/lib/core/models.py:148 core/models.py:148
+#: build/lib/core/models.py:141 core/models.py:141
 msgid "sub"
 msgstr ""

-#: build/lib/core/models.py:150 core/models.py:150
-msgid "Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
+#: build/lib/core/models.py:142 core/models.py:142
+msgid "Required. 255 characters or fewer. ASCII characters only."
 msgstr ""

-#: build/lib/core/models.py:159 core/models.py:159
+#: build/lib/core/models.py:150 core/models.py:150
 msgid "full name"
 msgstr ""

-#: build/lib/core/models.py:160 core/models.py:160
+#: build/lib/core/models.py:151 core/models.py:151
 msgid "short name"
 msgstr ""

-#: build/lib/core/models.py:162 core/models.py:162
+#: build/lib/core/models.py:153 core/models.py:153
 msgid "identity email address"
 msgstr ""

-#: build/lib/core/models.py:167 core/models.py:167
+#: build/lib/core/models.py:158 core/models.py:158
 msgid "admin email address"
 msgstr ""

-#: build/lib/core/models.py:174 core/models.py:174
+#: build/lib/core/models.py:165 core/models.py:165
 msgid "language"
 msgstr ""

-#: build/lib/core/models.py:175 core/models.py:175
+#: build/lib/core/models.py:166 core/models.py:166
 msgid "The language in which the user wants to see the interface."
 msgstr ""

-#: build/lib/core/models.py:183 core/models.py:183
+#: build/lib/core/models.py:174 core/models.py:174
 msgid "The timezone in which the user wants to see times."
 msgstr ""

-#: build/lib/core/models.py:186 core/models.py:186
+#: build/lib/core/models.py:177 core/models.py:177
 msgid "device"
 msgstr ""

-#: build/lib/core/models.py:188 core/models.py:188
+#: build/lib/core/models.py:179 core/models.py:179
 msgid "Whether the user is a device or a real user."
 msgstr ""

-#: build/lib/core/models.py:191 core/models.py:191
+#: build/lib/core/models.py:182 core/models.py:182
 msgid "staff status"
 msgstr ""

-#: build/lib/core/models.py:193 core/models.py:193
+#: build/lib/core/models.py:184 core/models.py:184
 msgid "Whether the user can log into this admin site."
 msgstr ""

-#: build/lib/core/models.py:196 core/models.py:196
+#: build/lib/core/models.py:187 core/models.py:187
 msgid "active"
 msgstr ""

-#: build/lib/core/models.py:199 core/models.py:199
+#: build/lib/core/models.py:190 core/models.py:190
 msgid "Whether this user should be treated as active. Unselect this instead of deleting accounts."
 msgstr ""

-#: build/lib/core/models.py:211 core/models.py:211
+#: build/lib/core/models.py:202 core/models.py:202
 msgid "user"
 msgstr ""

-#: build/lib/core/models.py:212 core/models.py:212
+#: build/lib/core/models.py:203 core/models.py:203
 msgid "users"
 msgstr ""

-#: build/lib/core/models.py:368 build/lib/core/models.py:1281
-#: core/models.py:368 core/models.py:1281
+#: build/lib/core/models.py:359 build/lib/core/models.py:1281
+#: core/models.py:359 core/models.py:1281
 msgid "title"
 msgstr ""

-#: build/lib/core/models.py:369 core/models.py:369
+#: build/lib/core/models.py:360 core/models.py:360
 msgid "excerpt"
 msgstr ""

-#: build/lib/core/models.py:418 core/models.py:418
+#: build/lib/core/models.py:409 core/models.py:409
 msgid "Document"
 msgstr ""

-#: build/lib/core/models.py:419 core/models.py:419
+#: build/lib/core/models.py:410 core/models.py:410
 msgid "Documents"
 msgstr ""

-#: build/lib/core/models.py:431 build/lib/core/models.py:820 core/models.py:431
-#: core/models.py:820
+#: build/lib/core/models.py:422 build/lib/core/models.py:819 core/models.py:422
+#: core/models.py:819
 msgid "Untitled Document"
 msgstr ""

-#: build/lib/core/models.py:855 core/models.py:855
+#: build/lib/core/models.py:854 core/models.py:854
 #, python-brace-format
 msgid "{name} shared a document with you!"
 msgstr ""

-#: build/lib/core/models.py:859 core/models.py:859
+#: build/lib/core/models.py:858 core/models.py:858
 #, python-brace-format
 msgid "{name} invited you with the role \"{role}\" on the following document:"
 msgstr ""

-#: build/lib/core/models.py:865 core/models.py:865
+#: build/lib/core/models.py:864 core/models.py:864
 #, python-brace-format
 msgid "{name} shared a document with you: {title}"
 msgstr ""
--- a/src/backend/locale/uk_UA/LC_MESSAGES/django.po
+++ b/src/backend/locale/uk_UA/LC_MESSAGES/django.po
@@ -0,0 +1,417 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: lasuite-docs\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2025-09-10 14:29+0000\n"
+"PO-Revision-Date: 2025-09-12 09:50\n"
+"Last-Translator: \n"
+"Language-Team: Ukrainian\n"
+"Language: uk_UA\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=4; plural=((n%10==1 && n%100!=11) ? 0 : ((n%10 >= 2 && n%10 <=4 && (n%100 < 12 || n%100 > 14)) ? 1 : ((n%10 == 0 || (n%10 >= 5 && n%10 <=9)) || (n%100 >= 11 && n%100 <= 14)) ? 2 : 3));\n"
+"X-Crowdin-Project: lasuite-docs\n"
+"X-Crowdin-Project-ID: 754523\n"
+"X-Crowdin-Language: uk\n"
+"X-Crowdin-File: backend-impress.pot\n"
+"X-Crowdin-File-ID: 18\n"
+
+#: build/lib/core/admin.py:37 core/admin.py:37
+msgid "Personal info"
+msgstr "Особисті дані"
+
+#: build/lib/core/admin.py:50 build/lib/core/admin.py:138 core/admin.py:50
+#: core/admin.py:138
+msgid "Permissions"
+msgstr "Дозволи"
+
+#: build/lib/core/admin.py:62 core/admin.py:62
+msgid "Important dates"
+msgstr "Важливі дати"
+
+#: build/lib/core/admin.py:148 core/admin.py:148
+msgid "Tree structure"
+msgstr "Ієрархічна структура"
+
+#: build/lib/core/api/filters.py:47 core/api/filters.py:47
+msgid "Title"
+msgstr "Заголовок"
+
+#: build/lib/core/api/filters.py:61 core/api/filters.py:61
+msgid "Creator is me"
+msgstr "Творець — я"
+
+#: build/lib/core/api/filters.py:64 core/api/filters.py:64
+msgid "Masked"
+msgstr "Приховано"
+
+#: build/lib/core/api/filters.py:67 core/api/filters.py:67
+msgid "Favorite"
+msgstr "Обране"
+
+#: build/lib/core/api/serializers.py:487 core/api/serializers.py:487
+msgid "A new document was created on your behalf!"
+msgstr "Новий документ був створений від вашого імені!"
+
+#: build/lib/core/api/serializers.py:491 core/api/serializers.py:491
+msgid "You have been granted ownership of a new document:"
+msgstr "Ви тепер є власником нового документа:"
+
+#: build/lib/core/api/serializers.py:628 core/api/serializers.py:628
+msgid "Body"
+msgstr "Вміст"
+
+#: build/lib/core/api/serializers.py:631 core/api/serializers.py:631
+msgid "Body type"
+msgstr "Тип вмісту"
+
+#: build/lib/core/api/serializers.py:637 core/api/serializers.py:637
+msgid "Format"
+msgstr "Формат"
+
+#: build/lib/core/api/viewsets.py:965 core/api/viewsets.py:965
+#, python-brace-format
+msgid "copy of {title}"
+msgstr "копія {title}"
+
+#: build/lib/core/choices.py:35 build/lib/core/choices.py:42 core/choices.py:35
+#: core/choices.py:42
+msgid "Reader"
+msgstr "Читач"
+
+#: build/lib/core/choices.py:36 build/lib/core/choices.py:43 core/choices.py:36
+#: core/choices.py:43
+msgid "Editor"
+msgstr "Редактор"
+
+#: build/lib/core/choices.py:44 core/choices.py:44
+msgid "Administrator"
+msgstr "Адміністратор"
+
+#: build/lib/core/choices.py:45 core/choices.py:45
+msgid "Owner"
+msgstr "Власник"
+
+#: build/lib/core/choices.py:56 core/choices.py:56
+msgid "Restricted"
+msgstr "Обмежено"
+
+#: build/lib/core/choices.py:60 core/choices.py:60
+msgid "Authenticated"
+msgstr "Підтверджено"
+
+#: build/lib/core/choices.py:62 core/choices.py:62
+msgid "Public"
+msgstr "Публічне"
+
+#: build/lib/core/enums.py:36 core/enums.py:36
+msgid "First child"
+msgstr "Перший нащадок"
+
+#: build/lib/core/enums.py:37 core/enums.py:37
+msgid "Last child"
+msgstr "Останній нащадок"
+
+#: build/lib/core/enums.py:38 core/enums.py:38
+msgid "First sibling"
+msgstr "Перший пращур"
+
+#: build/lib/core/enums.py:39 core/enums.py:39
+msgid "Last sibling"
+msgstr "Останній пращур"
+
+#: build/lib/core/enums.py:40 core/enums.py:40
+msgid "Left"
+msgstr "Ліворуч"
+
+#: build/lib/core/enums.py:41 core/enums.py:41
+msgid "Right"
+msgstr "Праворуч"
+
+#: build/lib/core/models.py:80 core/models.py:80
+msgid "id"
+msgstr "id"
+
+#: build/lib/core/models.py:81 core/models.py:81
+msgid "primary key for the record as UUID"
+msgstr "первинний ключ для запису як UUID"
+
+#: build/lib/core/models.py:87 core/models.py:87
+msgid "created on"
+msgstr "створено"
+
+#: build/lib/core/models.py:88 core/models.py:88
+msgid "date and time at which a record was created"
+msgstr "дата і час, коли запис було створено"
+
+#: build/lib/core/models.py:93 core/models.py:93
+msgid "updated on"
+msgstr "оновлено"
+
+#: build/lib/core/models.py:94 core/models.py:94
+msgid "date and time at which a record was last updated"
+msgstr "дата і час, коли запис був востаннє оновлений"
+
+#: build/lib/core/models.py:130 core/models.py:130
+msgid "We couldn't find a user with this sub but the email is already associated with a registered user."
+msgstr "Ми не змогли знайти користувача з цими даними, але адреса вже пов'язана з зареєстрованим користувачем."
+
+#: build/lib/core/models.py:141 core/models.py:141
+msgid "sub"
+msgstr "вкладений документ"
+
+#: build/lib/core/models.py:142 core/models.py:142
+msgid "Required. 255 characters or fewer. ASCII characters only."
+msgstr "Обов'язкове. 255 символів або менше. Тільки символи ASCII."
+
+#: build/lib/core/models.py:150 core/models.py:150
+msgid "full name"
+msgstr "повне ім'я"
+
+#: build/lib/core/models.py:151 core/models.py:151
+msgid "short name"
+msgstr "коротке ім'я"
+
+#: build/lib/core/models.py:153 core/models.py:153
+msgid "identity email address"
+msgstr "адреса електронної пошти особи"
+
+#: build/lib/core/models.py:158 core/models.py:158
+msgid "admin email address"
+msgstr "електронна адреса адміністратора"
+
+#: build/lib/core/models.py:165 core/models.py:165
+msgid "language"
+msgstr "мова"
+
+#: build/lib/core/models.py:166 core/models.py:166
+msgid "The language in which the user wants to see the interface."
+msgstr "Мова, якою користувач хоче бачити інтерфейс."
+
+#: build/lib/core/models.py:174 core/models.py:174
+msgid "The timezone in which the user wants to see times."
+msgstr "Часовий пояс, в якому користувач хоче бачити час."
+
+#: build/lib/core/models.py:177 core/models.py:177
+msgid "device"
+msgstr "пристрій"
+
+#: build/lib/core/models.py:179 core/models.py:179
+msgid "Whether the user is a device or a real user."
+msgstr "Чи є користувач пристроєм чи реальним користувачем."
+
+#: build/lib/core/models.py:182 core/models.py:182
+msgid "staff status"
+msgstr "статус співробітника"
+
+#: build/lib/core/models.py:184 core/models.py:184
+msgid "Whether the user can log into this admin site."
+msgstr "Чи може користувач увійти на цей сайт адміністратора."
+
+#: build/lib/core/models.py:187 core/models.py:187
+msgid "active"
+msgstr "активний"
+
+#: build/lib/core/models.py:190 core/models.py:190
+msgid "Whether this user should be treated as active. Unselect this instead of deleting accounts."
+msgstr "Чи слід ставитися до цього користувача як до активного. Зніміть вибір замість видалення облікового запису."
+
+#: build/lib/core/models.py:202 core/models.py:202
+msgid "user"
+msgstr "користувач"
+
+#: build/lib/core/models.py:203 core/models.py:203
+msgid "users"
+msgstr "користувачі"
+
+#: build/lib/core/models.py:359 build/lib/core/models.py:1281
+#: core/models.py:359 core/models.py:1281
+msgid "title"
+msgstr "заголовок"
+
+#: build/lib/core/models.py:360 core/models.py:360
+msgid "excerpt"
+msgstr "уривок"
+
+#: build/lib/core/models.py:409 core/models.py:409
+msgid "Document"
+msgstr "Документ"
+
+#: build/lib/core/models.py:410 core/models.py:410
+msgid "Documents"
+msgstr "Документи"
+
+#: build/lib/core/models.py:422 build/lib/core/models.py:819 core/models.py:422
+#: core/models.py:819
+msgid "Untitled Document"
+msgstr "Документ без назви"
+
+#: build/lib/core/models.py:854 core/models.py:854
+#, python-brace-format
+msgid "{name} shared a document with you!"
+msgstr "{name} ділиться з вами документом!"
+
+#: build/lib/core/models.py:858 core/models.py:858
+#, python-brace-format
+msgid "{name} invited you with the role \"{role}\" on the following document:"
+msgstr "{name} запрошує вас для роботи з документом із роллю \"{role}\":"
+
+#: build/lib/core/models.py:864 core/models.py:864
+#, python-brace-format
+msgid "{name} shared a document with you: {title}"
+msgstr "{name} ділиться з вами документом: {title}"
+
+#: build/lib/core/models.py:964 core/models.py:964
+msgid "Document/user link trace"
+msgstr "Трасування посилання Документ/користувач"
+
+#: build/lib/core/models.py:965 core/models.py:965
+msgid "Document/user link traces"
+msgstr "Трасування посилань Документ/користувач"
+
+#: build/lib/core/models.py:971 core/models.py:971
+msgid "A link trace already exists for this document/user."
+msgstr "Відстеження вже існуючих посилань для цього документа/користувача."
+
+#: build/lib/core/models.py:994 core/models.py:994
+msgid "Document favorite"
+msgstr "Обраний документ"
+
+#: build/lib/core/models.py:995 core/models.py:995
+msgid "Document favorites"
+msgstr "Обрані документи"
+
+#: build/lib/core/models.py:1001 core/models.py:1001
+msgid "This document is already targeted by a favorite relation instance for the same user."
+msgstr "Цей документ вже вказаний як обраний для одного користувача."
+
+#: build/lib/core/models.py:1023 core/models.py:1023
+msgid "Document/user relation"
+msgstr "Відносини документ/користувач"
+
+#: build/lib/core/models.py:1024 core/models.py:1024
+msgid "Document/user relations"
+msgstr "Відносини документ/користувач"
+
+#: build/lib/core/models.py:1030 core/models.py:1030
+msgid "This user is already in this document."
+msgstr "Цей користувач вже має доступ до цього документу."
+
+#: build/lib/core/models.py:1036 core/models.py:1036
+msgid "This team is already in this document."
+msgstr "Ця команда вже має доступ до цього документа."
+
+#: build/lib/core/models.py:1042 build/lib/core/models.py:1367
+#: core/models.py:1042 core/models.py:1367
+msgid "Either user or team must be set, not both."
+msgstr "Вкажіть користувача або команду, а не обох."
+
+#: build/lib/core/models.py:1188 core/models.py:1188
+msgid "Document ask for access"
+msgstr "Запит доступу до документа"
+
+#: build/lib/core/models.py:1189 core/models.py:1189
+msgid "Document ask for accesses"
+msgstr "Запит доступу для документа"
+
+#: build/lib/core/models.py:1195 core/models.py:1195
+msgid "This user has already asked for access to this document."
+msgstr "Цей користувач вже попросив доступ до цього документа."
+
+#: build/lib/core/models.py:1260 core/models.py:1260
+#, python-brace-format
+msgid "{name} would like access to a document!"
+msgstr "{name} хоче отримати доступ до документа!"
+
+#: build/lib/core/models.py:1264 core/models.py:1264
+#, python-brace-format
+msgid "{name} would like access to the following document:"
+msgstr "{name} бажає отримати доступ до наступного документа:"
+
+#: build/lib/core/models.py:1270 core/models.py:1270
+#, python-brace-format
+msgid "{name} is asking for access to the document: {title}"
+msgstr "{name} запитує доступ до документа: {title}"
+
+#: build/lib/core/models.py:1282 core/models.py:1282
+msgid "description"
+msgstr "опис"
+
+#: build/lib/core/models.py:1283 core/models.py:1283
+msgid "code"
+msgstr "код"
+
+#: build/lib/core/models.py:1284 core/models.py:1284
+msgid "css"
+msgstr "css"
+
+#: build/lib/core/models.py:1286 core/models.py:1286
+msgid "public"
+msgstr "публічне"
+
+#: build/lib/core/models.py:1288 core/models.py:1288
+msgid "Whether this template is public for anyone to use."
+msgstr "Чи є цей шаблон публічним для будь-кого користувача."
+
+#: build/lib/core/models.py:1294 core/models.py:1294
+msgid "Template"
+msgstr "Шаблон"
+
+#: build/lib/core/models.py:1295 core/models.py:1295
+msgid "Templates"
+msgstr "Шаблони"
+
+#: build/lib/core/models.py:1348 core/models.py:1348
+msgid "Template/user relation"
+msgstr "Відношення шаблон/користувач"
+
+#: build/lib/core/models.py:1349 core/models.py:1349
+msgid "Template/user relations"
+msgstr "Відношення шаблон/користувач"
+
+#: build/lib/core/models.py:1355 core/models.py:1355
+msgid "This user is already in this template."
+msgstr "Цей користувач вже має доступ до цього шаблону."
+
+#: build/lib/core/models.py:1361 core/models.py:1361
+msgid "This team is already in this template."
+msgstr "Ця команда вже має доступ до цього шаблону."
+
+#: build/lib/core/models.py:1438 core/models.py:1438
+msgid "email address"
+msgstr "електронна адреса"
+
+#: build/lib/core/models.py:1457 core/models.py:1457
+msgid "Document invitation"
+msgstr "Запрошення до редагування документа"
+
+#: build/lib/core/models.py:1458 core/models.py:1458
+msgid "Document invitations"
+msgstr "Запрошення до редагування документів"
+
+#: build/lib/core/models.py:1478 core/models.py:1478
+msgid "This email is already associated to a registered user."
+msgstr "Ця електронна пошта вже пов'язана з зареєстрованим користувачем."
+
+#: core/templates/mail/html/template.html:162
+#: core/templates/mail/text/template.txt:3
+msgid "Logo email"
+msgstr "Логотип пошти"
+
+#: core/templates/mail/html/template.html:209
+#: core/templates/mail/text/template.txt:10
+msgid "Open"
+msgstr "Відкрити"
+
+#: core/templates/mail/html/template.html:226
+#: core/templates/mail/text/template.txt:14
+msgid " Docs, your new essential tool for organizing, sharing and collaborating on your documents as a team. "
+msgstr " Docs, ваш новий важливий інструмент для організації, обміну та командної співпраці над вашими документами. "
+
+#: core/templates/mail/html/template.html:233
+#: core/templates/mail/text/template.txt:16
+#, python-format
+msgid " Brought to you by %(brandname)s "
+msgstr " Запрошення отримане від %(brandname)s "
+
--- a/src/backend/locale/zh_CN/LC_MESSAGES/django.po
+++ b/src/backend/locale/zh_CN/LC_MESSAGES/django.po
@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-docs\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-07-08 15:21+0000\n"
-"PO-Revision-Date: 2025-07-18 10:25\n"
+"POT-Creation-Date: 2025-09-10 14:29+0000\n"
+"PO-Revision-Date: 2025-09-12 09:50\n"
 "Last-Translator: \n"
 "Language-Team: Chinese Simplified\n"
 "Language: zh_CN\n"
@@ -43,30 +43,34 @@ msgid "Creator is me"
 msgstr "创建者是我"

 #: build/lib/core/api/filters.py:64 core/api/filters.py:64
+msgid "Masked"
+msgstr ""
+
+#: build/lib/core/api/filters.py:67 core/api/filters.py:67
 msgid "Favorite"
 msgstr "收藏"

-#: build/lib/core/api/serializers.py:467 core/api/serializers.py:467
+#: build/lib/core/api/serializers.py:487 core/api/serializers.py:487
 msgid "A new document was created on your behalf!"
 msgstr "已为您创建了一份新文档！"

-#: build/lib/core/api/serializers.py:471 core/api/serializers.py:471
+#: build/lib/core/api/serializers.py:491 core/api/serializers.py:491
 msgid "You have been granted ownership of a new document:"
 msgstr "您已被授予新文档的所有权："

-#: build/lib/core/api/serializers.py:608 core/api/serializers.py:608
+#: build/lib/core/api/serializers.py:628 core/api/serializers.py:628
 msgid "Body"
 msgstr "正文"

-#: build/lib/core/api/serializers.py:611 core/api/serializers.py:611
+#: build/lib/core/api/serializers.py:631 core/api/serializers.py:631
 msgid "Body type"
 msgstr "正文类型"

-#: build/lib/core/api/serializers.py:617 core/api/serializers.py:617
+#: build/lib/core/api/serializers.py:637 core/api/serializers.py:637
 msgid "Format"
 msgstr "格式"

-#: build/lib/core/api/viewsets.py:943 core/api/viewsets.py:943
+#: build/lib/core/api/viewsets.py:965 core/api/viewsets.py:965
 #, python-brace-format
 msgid "copy of {title}"
 msgstr "{title} 的副本"
@@ -125,139 +129,135 @@ msgstr "左"
 msgid "Right"
 msgstr "右"

-#: build/lib/core/models.py:79 core/models.py:79
+#: build/lib/core/models.py:80 core/models.py:80
 msgid "id"
 msgstr "id"

-#: build/lib/core/models.py:80 core/models.py:80
+#: build/lib/core/models.py:81 core/models.py:81
 msgid "primary key for the record as UUID"
 msgstr "记录的主密钥为 UUID"

-#: build/lib/core/models.py:86 core/models.py:86
+#: build/lib/core/models.py:87 core/models.py:87
 msgid "created on"
 msgstr "创建时间"

-#: build/lib/core/models.py:87 core/models.py:87
+#: build/lib/core/models.py:88 core/models.py:88
 msgid "date and time at which a record was created"
 msgstr "记录的创建日期和时间"

-#: build/lib/core/models.py:92 core/models.py:92
+#: build/lib/core/models.py:93 core/models.py:93
 msgid "updated on"
 msgstr "更新时间"

-#: build/lib/core/models.py:93 core/models.py:93
+#: build/lib/core/models.py:94 core/models.py:94
 msgid "date and time at which a record was last updated"
 msgstr "记录的最后更新时间"

-#: build/lib/core/models.py:129 core/models.py:129
+#: build/lib/core/models.py:130 core/models.py:130
 msgid "We couldn't find a user with this sub but the email is already associated with a registered user."
 msgstr "未找到具有该 sub 的用户，但该邮箱已关联到一个注册用户。"

-#: build/lib/core/models.py:142 core/models.py:142
-msgid "Enter a valid sub. This value may contain only letters, numbers, and @/./+/-/_/: characters."
-msgstr "请输入有效的 sub。该值只能包含字母、数字及 @/./+/-/_/: 字符。"
-
-#: build/lib/core/models.py:148 core/models.py:148
+#: build/lib/core/models.py:141 core/models.py:141
 msgid "sub"
 msgstr "sub"

-#: build/lib/core/models.py:150 core/models.py:150
-msgid "Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
-msgstr "必填。最多 255 个字符，仅允许字母、数字及 @/./+/-/_/: 字符。"
+#: build/lib/core/models.py:142 core/models.py:142
+msgid "Required. 255 characters or fewer. ASCII characters only."
+msgstr ""

-#: build/lib/core/models.py:159 core/models.py:159
+#: build/lib/core/models.py:150 core/models.py:150
 msgid "full name"
 msgstr "全名"

-#: build/lib/core/models.py:160 core/models.py:160
+#: build/lib/core/models.py:151 core/models.py:151
 msgid "short name"
 msgstr "简称"

-#: build/lib/core/models.py:162 core/models.py:162
+#: build/lib/core/models.py:153 core/models.py:153
 msgid "identity email address"
 msgstr "身份电子邮件地址"

-#: build/lib/core/models.py:167 core/models.py:167
+#: build/lib/core/models.py:158 core/models.py:158
 msgid "admin email address"
 msgstr "管理员电子邮件地址"

-#: build/lib/core/models.py:174 core/models.py:174
+#: build/lib/core/models.py:165 core/models.py:165
 msgid "language"
 msgstr "语言"

-#: build/lib/core/models.py:175 core/models.py:175
+#: build/lib/core/models.py:166 core/models.py:166
 msgid "The language in which the user wants to see the interface."
 msgstr "用户希望看到的界面语言。"

-#: build/lib/core/models.py:183 core/models.py:183
+#: build/lib/core/models.py:174 core/models.py:174
 msgid "The timezone in which the user wants to see times."
 msgstr "用户查看时间希望的时区。"

-#: build/lib/core/models.py:186 core/models.py:186
+#: build/lib/core/models.py:177 core/models.py:177
 msgid "device"
 msgstr "设备"

-#: build/lib/core/models.py:188 core/models.py:188
+#: build/lib/core/models.py:179 core/models.py:179
 msgid "Whether the user is a device or a real user."
 msgstr "用户是设备还是真实用户。"

-#: build/lib/core/models.py:191 core/models.py:191
+#: build/lib/core/models.py:182 core/models.py:182
 msgid "staff status"
 msgstr "员工状态"

-#: build/lib/core/models.py:193 core/models.py:193
+#: build/lib/core/models.py:184 core/models.py:184
 msgid "Whether the user can log into this admin site."
 msgstr "用户是否可以登录该管理员站点。"

-#: build/lib/core/models.py:196 core/models.py:196
+#: build/lib/core/models.py:187 core/models.py:187
 msgid "active"
 msgstr "激活"

-#: build/lib/core/models.py:199 core/models.py:199
+#: build/lib/core/models.py:190 core/models.py:190
 msgid "Whether this user should be treated as active. Unselect this instead of deleting accounts."
 msgstr "是否应将此用户视为活跃用户。取消选择此选项而不是删除账户。"

-#: build/lib/core/models.py:211 core/models.py:211
+#: build/lib/core/models.py:202 core/models.py:202
 msgid "user"
 msgstr "用户"

-#: build/lib/core/models.py:212 core/models.py:212
+#: build/lib/core/models.py:203 core/models.py:203
 msgid "users"
 msgstr "个用户"

-#: build/lib/core/models.py:368 build/lib/core/models.py:1281
-#: core/models.py:368 core/models.py:1281
+#: build/lib/core/models.py:359 build/lib/core/models.py:1281
+#: core/models.py:359 core/models.py:1281
 msgid "title"
 msgstr "标题"

-#: build/lib/core/models.py:369 core/models.py:369
+#: build/lib/core/models.py:360 core/models.py:360
 msgid "excerpt"
 msgstr "摘要"

-#: build/lib/core/models.py:418 core/models.py:418
+#: build/lib/core/models.py:409 core/models.py:409
 msgid "Document"
 msgstr "文档"

-#: build/lib/core/models.py:419 core/models.py:419
+#: build/lib/core/models.py:410 core/models.py:410
 msgid "Documents"
 msgstr "个文档"

-#: build/lib/core/models.py:431 build/lib/core/models.py:820 core/models.py:431
-#: core/models.py:820
+#: build/lib/core/models.py:422 build/lib/core/models.py:819 core/models.py:422
+#: core/models.py:819
 msgid "Untitled Document"
 msgstr "未命名文档"

-#: build/lib/core/models.py:855 core/models.py:855
+#: build/lib/core/models.py:854 core/models.py:854
 #, python-brace-format
 msgid "{name} shared a document with you!"
 msgstr "{name} 与您共享了一个文档！"

-#: build/lib/core/models.py:859 core/models.py:859
+#: build/lib/core/models.py:858 core/models.py:858
 #, python-brace-format
 msgid "{name} invited you with the role \"{role}\" on the following document:"
 msgstr "{name} 邀请您以“{role}”角色访问以下文档："

-#: build/lib/core/models.py:865 core/models.py:865
+#: build/lib/core/models.py:864 core/models.py:864
 #, python-brace-format
 msgid "{name} shared a document with you: {title}"
 msgstr "{name} 与您共享了一个文档：{title}"
--- a/src/backend/pyproject.toml
+++ b/src/backend/pyproject.toml
@@ -7,7 +7,7 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "impress"
-version = "3.4.2"
+version = "3.7.0"
 authors = [{ "name" = "DINUM", "email" = "dev@mail.numerique.gouv.fr" }]
 classifiers = [
    "Development Status :: 5 - Production/Stable",
@@ -34,12 +34,12 @@ dependencies = [
    "django-countries==7.6.1",
    "django-csp==4.0",
    "django-filter==25.1",
-    "django-lasuite[all]==0.0.11",
+    "django-lasuite[all]==0.0.14",
    "django-parler==2.3",
    "django-redis==6.0.0",
    "django-storages[s3]==1.14.6",
    "django-timezone-field>=5.1",
-    "django==5.2.4",
+    "django==5.2.6",
    "django-treebeard==4.7.1",
    "djangorestframework==3.16.0",
    "drf_spectacular==0.28.0",
--- a/src/frontend/Dockerfile
+++ b/src/frontend/Dockerfile
@@ -10,13 +10,13 @@ WORKDIR /home/frontend/
 COPY ./src/frontend/package.json ./package.json
 COPY ./src/frontend/yarn.lock ./yarn.lock
 COPY ./src/frontend/apps/impress/package.json ./apps/impress/package.json
-COPY ./src/frontend/packages/eslint-config-impress/package.json ./packages/eslint-config-impress/package.json
+COPY ./src/frontend/packages/eslint-plugin-docs/package.json ./packages/eslint-plugin-docs/package.json

 RUN yarn install --frozen-lockfile

 COPY .dockerignore ./.dockerignore
 COPY ./src/frontend/.prettierrc.js ./.prettierrc.js
-COPY ./src/frontend/packages/eslint-config-impress ./packages/eslint-config-impress
+COPY ./src/frontend/packages/eslint-plugin-docs ./packages/eslint-plugin-docs
 COPY ./src/frontend/apps/impress ./apps/impress

 ### ---- Front-end builder image ----
@@ -50,7 +50,13 @@ ENV NEXT_PUBLIC_PUBLISH_AS_MIT=${PUBLISH_AS_MIT}
 RUN yarn build

 # ---- Front-end image ----
-FROM nginxinc/nginx-unprivileged:alpine3.21 AS frontend-production
+FROM nginxinc/nginx-unprivileged:alpine3.22 AS frontend-production
+
+# Upgrade system packages to install security updates
+USER root
+RUN apk update && \
+  apk upgrade && \
+  rm -rf /var/cache/apk/*

 # Un-privileged user running the application
 ARG DOCKER_USER
--- a/src/frontend/apps/e2e/.eslintrc.js
+++ b/src/frontend/apps/e2e/.eslintrc.js
@@ -1,9 +0,0 @@
-module.exports = {
-  root: true,
-  extends: ['impress/playwright'],
-  parserOptions: {
-    tsconfigRootDir: __dirname,
-    project: ['./tsconfig.json'],
-  },
-  ignorePatterns: ['node_modules'],
-};
--- a/src/frontend/apps/e2e/tests/app-impress/404.spec.ts
+++ b/src/frontend/apps/e2e/tests/app-impress/404.spec.ts
@@ -3,7 +3,7 @@ import { expect, test } from '@playwright/test';
 test.beforeEach(async ({ page }) => {
  await page.goto('/');
  await expect(
-    page.locator('header').first().locator('h2').getByText('Docs'),
+    page.locator('header').first().locator('h1').getByText('Docs'),
  ).toBeVisible();
  await page.goto('unknown-page404');
 });
--- a/src/frontend/apps/e2e/tests/app-impress/assets/test-pdf.pdf
+++ b/src/frontend/apps/e2e/tests/app-impress/assets/test-pdf.pdf
--- a/src/frontend/apps/e2e/tests/app-impress/auth.setup.ts
+++ b/src/frontend/apps/e2e/tests/app-impress/auth.setup.ts
@@ -5,14 +5,19 @@ import { keyCloakSignIn } from './utils-common';
 const saveStorageState = async (
  browserConfig: FullProject<unknown, unknown>,
 ) => {
-  const browserName = browserConfig?.name || 'chromium';
+  if (!browserConfig) {
+    throw new Error('No browser config found');
+  }

-  const { storageState, ...useConfig } = browserConfig?.use;
+  const browserName = browserConfig.name || 'chromium';
+
+  const { storageState, ...useConfig } = browserConfig.use;
  const browser = await chromium.launch();
  const context = await browser.newContext(useConfig);
  const page = await context.newPage();

  try {
+    // eslint-disable-next-line playwright/no-networkidle
    await page.goto('/', { waitUntil: 'networkidle' });
    await page.content();
    await expect(page.getByText('Docs').first()).toBeVisible();
@@ -23,7 +28,7 @@ const saveStorageState = async (
      page.locator('header').first().getByRole('button', {
        name: 'Logout',
      }),
-    ).toBeVisible();
+    ).toBeVisible({ timeout: 10000 });

    await page.context().storageState({
      path: storageState as string,
@@ -45,11 +50,9 @@ const saveStorageState = async (
 };

 async function globalSetup(config: FullConfig) {
-  /* eslint-disable @typescript-eslint/no-non-null-assertion */
  const chromeConfig = config.projects.find((p) => p.name === 'chromium')!;
  const firefoxConfig = config.projects.find((p) => p.name === 'firefox')!;
  const webkitConfig = config.projects.find((p) => p.name === 'webkit')!;
-  /* eslint-enable @typescript-eslint/no-non-null-assertion */

  await saveStorageState(chromeConfig);
  await saveStorageState(webkitConfig);
--- a/src/frontend/apps/e2e/tests/app-impress/config.spec.ts
+++ b/src/frontend/apps/e2e/tests/app-impress/config.spec.ts
@@ -43,12 +43,14 @@ test.describe('Config', () => {
      path.join(__dirname, 'assets/logo-suite-numerique.png'),
    );

-    const image = page.getByRole('img', { name: 'logo-suite-numerique.png' });
+    const image = page
+      .locator('.--docs--editor-container img.bn-visual-media')
+      .first();

    await expect(image).toBeVisible();

    // Wait for the media-check to be processed
-    // eslint-disable-next-line playwright/no-wait-for-timeout
+
    await page.waitForTimeout(1000);

    // Check src of image
--- a/src/frontend/apps/e2e/tests/app-impress/doc-create.spec.ts
+++ b/src/frontend/apps/e2e/tests/app-impress/doc-create.spec.ts
@@ -22,13 +22,57 @@ test.describe('Doc Create', () => {
    );

    const header = page.locator('header').first();
-    await header.locator('h2').getByText('Docs').click();
+    await header.locator('h1').getByText('Docs').click();

    const docsGrid = page.getByTestId('docs-grid');
    await expect(docsGrid).toBeVisible();
    await expect(page.getByTestId('grid-loader')).toBeHidden();
    await expect(docsGrid.getByText(docTitle)).toBeVisible();
  });
+
+  test('it creates a sub doc from slash menu editor', async ({
+    page,
+    browserName,
+  }) => {
+    const [title] = await createDoc(page, 'my-new-slash-doc', browserName, 1);
+
+    await verifyDocName(page, title);
+
+    await page.locator('.bn-block-outer').last().fill('/');
+    await page
+      .getByText('New sub-doc', {
+        exact: true,
+      })
+      .click();
+
+    const input = page.getByRole('textbox', { name: 'Document title' });
+    await expect(input).toHaveText('', { timeout: 10000 });
+    await expect(
+      page.locator('.c__tree-view--row-content').getByText('Untitled document'),
+    ).toBeVisible();
+  });
+
+  test('it creates a sub doc from interlinking dropdown', async ({
+    page,
+    browserName,
+  }) => {
+    const [title] = await createDoc(page, 'my-new-slash-doc', browserName, 1);
+
+    await verifyDocName(page, title);
+
+    await page.locator('.bn-block-outer').last().fill('/');
+    await page.getByText('Link a doc').first().click();
+    await page
+      .locator('.quick-search-container')
+      .getByText('New sub-doc')
+      .click();
+
+    const input = page.getByRole('textbox', { name: 'Document title' });
+    await expect(input).toHaveText('', { timeout: 10000 });
+    await expect(
+      page.locator('.c__tree-view--row-content').getByText('Untitled document'),
+    ).toBeVisible();
+  });
 });

 test.describe('Doc Create: Not logged', () => {
@@ -45,8 +89,8 @@ test.describe('Doc Create: Not logged', () => {
    const data = {
      title,
      content: markdown,
-      sub: `user@${browserName}.test`,
-      email: `user@${browserName}.test`,
+      sub: `user.test@${browserName}.test`,
+      email: `user.test@${browserName}.test`,
    };

    const newDoc = await request.post(
--- a/src/frontend/apps/e2e/tests/app-impress/doc-editor.spec.ts
+++ b/src/frontend/apps/e2e/tests/app-impress/doc-editor.spec.ts
@@ -1,3 +1,4 @@
+/* eslint-disable playwright/no-conditional-expect */
 import path from 'path';

 import { chromium, expect, test } from '@playwright/test';
@@ -10,7 +11,8 @@ import {
  overrideConfig,
  verifyDocName,
 } from './utils-common';
-import { createRootSubPage } from './utils-sub-pages';
+import { getEditor, openSuggestionMenu, writeInEditor } from './utils-editor';
+import { createRootSubPage, navigateToPageFromTree } from './utils-sub-pages';

 test.beforeEach(async ({ page }) => {
  await page.goto('/');
@@ -85,21 +87,20 @@ test.describe('Doc Editor', () => {
    // Is connected
    let framesentPromise = webSocket.waitForEvent('framesent');

-    await page.locator('.ProseMirror.bn-editor').click();
-    await page.locator('.ProseMirror.bn-editor').fill('Hello World');
+    await writeInEditor({ page, text: 'Hello World' });

    let framesent = await framesentPromise;
    expect(framesent.payload).not.toBeNull();

    await page.getByRole('button', { name: 'Share' }).click();

-    const selectVisibility = page.getByLabel('Visibility', { exact: true });
+    const selectVisibility = page.getByTestId('doc-visibility');

    // When the visibility is changed, the ws should close the connection (backend signal)
    const wsClosePromise = webSocket.waitForEvent('close');

    await selectVisibility.click();
-    await page.getByLabel('Connected').click();
+    await page.getByRole('menuitem', { name: 'Connected' }).click();

    // Assert that the doc reconnects to the ws
    const wsClose = await wsClosePromise;
@@ -214,7 +215,6 @@ test.describe('Doc Editor', () => {
  });

  test('it saves the doc when we quit pages', async ({ page, browserName }) => {
-    // eslint-disable-next-line playwright/no-skipped-test
    test.skip(browserName === 'webkit', 'This test is very flaky with webkit');

    // Check the first doc
@@ -226,25 +226,19 @@ test.describe('Doc Editor', () => {
    await editor.fill('Hello World Doc persisted 2');
    await expect(editor.getByText('Hello World Doc persisted 2')).toBeVisible();

+    await page.waitForTimeout(1000);
+
    const urlDoc = page.url();
    await page.goto(urlDoc);

+    // Wait for editor to load
+    await expect(editor).toBeVisible();
    await expect(editor.getByText('Hello World Doc persisted 2')).toBeVisible();
  });

  test('it cannot edit if viewer', async ({ page }) => {
    await mockedDocument(page, {
-      abilities: {
-        destroy: false, // Means not owner
-        link_configuration: false,
-        versions_destroy: false,
-        versions_list: true,
-        versions_retrieve: true,
-        accesses_manage: false, // Means not admin
-        update: false,
-        partial_update: false, // Means not editor
-        retrieve: true,
-      },
+      user_role: 'reader',
    });

    await goToGridDoc(page);
@@ -253,6 +247,9 @@ test.describe('Doc Editor', () => {
    await expect(card).toBeVisible();

    await expect(card.getByText('Reader')).toBeVisible();
+
+    const editor = page.locator('.ProseMirror');
+    await expect(editor).toHaveAttribute('contenteditable', 'false');
  });

  test('it adds an image to the doc editor', async ({ page, browserName }) => {
@@ -272,18 +269,25 @@ test.describe('Doc Editor', () => {
      path.join(__dirname, 'assets/logo-suite-numerique.png'),
    );

-    const image = page.getByRole('img', { name: 'logo-suite-numerique.png' });
+    const image = page
+      .locator('.--docs--editor-container img.bn-visual-media')
+      .first();

    await expect(image).toBeVisible();

    // Wait for the media-check to be processed
-    // eslint-disable-next-line playwright/no-wait-for-timeout
+
    await page.waitForTimeout(1000);

    // Check src of image
    expect(await image.getAttribute('src')).toMatch(
      /http:\/\/localhost:8083\/media\/.*\/attachments\/.*.png/,
    );
+
+    await expect(image).toHaveAttribute('role', 'presentation');
+    await expect(image).toHaveAttribute('alt', '');
+    await expect(image).toHaveAttribute('tabindex', '-1');
+    await expect(image).toHaveAttribute('aria-hidden', 'true');
  });

  test('it checks the AI buttons', async ({ page, browserName }) => {
@@ -390,8 +394,6 @@ test.describe('Doc Editor', () => {
      const editor = page.locator('.ProseMirror');
      await editor.getByText('Hello').selectText();

-      /* eslint-disable playwright/no-conditional-expect */
-      /* eslint-disable playwright/no-conditional-in-test */
      if (!ai_transform && !ai_translate) {
        await expect(page.getByRole('button', { name: 'AI' })).toBeHidden();
        return;
@@ -418,8 +420,6 @@ test.describe('Doc Editor', () => {
          page.getByRole('menuitem', { name: 'Language' }),
        ).toBeHidden();
      }
-      /* eslint-enable playwright/no-conditional-expect */
-      /* eslint-enable playwright/no-conditional-in-test */
    });
  });

@@ -460,12 +460,14 @@ test.describe('Doc Editor', () => {
    await expect(
      page.getByRole('button', {
        name: 'Download',
+        exact: true,
      }),
    ).toBeVisible();

    void page
      .getByRole('button', {
        name: 'Download',
+        exact: true,
      })
      .click();

@@ -503,10 +505,7 @@ test.describe('Doc Editor', () => {

    await verifyDocName(page, randomDoc);

-    const editor = page.locator('.ProseMirror.bn-editor');
-
-    await editor.click();
-    await editor.locator('.bn-block-outer').last().fill('/');
+    const editor = await openSuggestionMenu({ page });
    await page.getByText('Embedded file').click();
    await page.getByText('Upload file').click();

@@ -561,7 +560,7 @@ test.describe('Doc Editor', () => {

    await page.getByRole('button', { name: 'Share' }).click();

-    await page.getByLabel('Visibility', { exact: true }).click();
+    await page.getByTestId('doc-visibility').click();

    await page
      .getByRole('menuitem', {
@@ -573,7 +572,7 @@ test.describe('Doc Editor', () => {
      page.getByText('The document visibility has been updated.'),
    ).toBeVisible();

-    await page.getByLabel('Visibility mode').click();
+    await page.getByTestId('doc-access-mode').click();
    await page.getByRole('menuitem', { name: 'Editing' }).click();

    // Close the modal
@@ -655,7 +654,7 @@ test.describe('Doc Editor', () => {

    await page.getByRole('button', { name: 'Share' }).click();

-    await page.getByLabel('Visibility mode').click();
+    await page.getByTestId('doc-access-mode').click();
    await page.getByRole('menuitem', { name: 'Reading' }).click();

    // Close the modal
@@ -673,9 +672,7 @@ test.describe('Doc Editor', () => {
  test('it checks if callout custom block', async ({ page, browserName }) => {
    await createDoc(page, 'doc-toolbar', browserName, 1);

-    const editor = page.locator('.ProseMirror');
-    await editor.click();
-    await page.locator('.bn-block-outer').last().fill('/');
+    await openSuggestionMenu({ page });
    await page.getByText('Add a callout block').click();

    const calloutBlock = page
@@ -694,8 +691,20 @@ test.describe('Doc Editor', () => {
    const emojiButton = calloutBlock.getByRole('button');
    await expect(emojiButton).toHaveText('💡');
    await emojiButton.click();
-    await page.locator('button[aria-label="⚠️"]').click();
-    await expect(emojiButton).toHaveText('⚠️');
+    // Group smiley
+    await expect(page.getByRole('button', { name: '🤠' })).toBeVisible();
+    // Group animals
+    await page.getByText('Animals & Nature').scrollIntoViewIfNeeded();
+    await expect(page.getByRole('button', { name: '🦆' })).toBeVisible();
+    // Group travel
+    await page.getByText('Travel & Places').scrollIntoViewIfNeeded();
+    await expect(page.getByRole('button', { name: '🚝' })).toBeVisible();
+    // Group objects
+    await page.getByText('Objects').scrollIntoViewIfNeeded();
+    await expect(page.getByRole('button', { name: '🪇' })).toBeVisible();
+    // Group symbol
+    await page.getByText('Symbols').scrollIntoViewIfNeeded();
+    await expect(page.getByRole('button', { name: '🛃' })).toBeVisible();

    await page.locator('.bn-side-menu > button').last().click();
    await page.locator('.mantine-Menu-dropdown > button').last().click();
@@ -706,4 +715,163 @@ test.describe('Doc Editor', () => {
      'pink',
    );
  });
+
+  test('it checks interlink feature', async ({ page, browserName }) => {
+    const [randomDoc] = await createDoc(page, 'doc-interlink', browserName, 1);
+
+    await verifyDocName(page, randomDoc);
+
+    const { name: docChild1 } = await createRootSubPage(
+      page,
+      browserName,
+      'doc-interlink-child-1',
+    );
+
+    await verifyDocName(page, docChild1);
+
+    const { name: docChild2 } = await createRootSubPage(
+      page,
+      browserName,
+      'doc-interlink-child-2',
+    );
+
+    await verifyDocName(page, docChild2);
+
+    await page.locator('.bn-block-outer').last().fill('/');
+    await page.getByText('Link a doc').first().click();
+
+    const input = page.locator(
+      "span[data-inline-content-type='interlinkingSearchInline'] input",
+    );
+    const searchContainer = page.locator('.quick-search-container');
+
+    await input.fill('doc-interlink');
+
+    await expect(searchContainer.getByText(randomDoc)).toBeVisible();
+    await expect(searchContainer.getByText(docChild1)).toBeVisible();
+    await expect(searchContainer.getByText(docChild2)).toBeVisible();
+
+    await input.pressSequentially('-child');
+
+    await expect(searchContainer.getByText(docChild1)).toBeVisible();
+    await expect(searchContainer.getByText(docChild2)).toBeVisible();
+    await expect(searchContainer.getByText(randomDoc)).toBeHidden();
+
+    await page.keyboard.press('ArrowDown');
+    await page.keyboard.press('ArrowDown');
+    await page.keyboard.press('Enter');
+
+    // Wait for the search container to disappear, indicating selection was made
+    await expect(searchContainer).toBeHidden();
+
+    // Wait for the interlink to be created and rendered
+    const editor = page.locator('.ProseMirror.bn-editor');
+
+    const interlink = editor.getByRole('link', {
+      name: docChild2,
+    });
+
+    await expect(interlink).toBeVisible({ timeout: 10000 });
+    await interlink.click();
+
+    await verifyDocName(page, docChild2);
+  });
+
+  test('it checks interlink shortcut @', async ({ page, browserName }) => {
+    const [randomDoc] = await createDoc(page, 'doc-interlink', browserName, 1);
+
+    await verifyDocName(page, randomDoc);
+
+    const editor = page.locator('.bn-block-outer').last();
+    await editor.click();
+    await page.keyboard.press('@');
+
+    await expect(
+      page.locator(
+        "span[data-inline-content-type='interlinkingSearchInline'] input",
+      ),
+    ).toBeVisible();
+  });
+
+  test('it checks multiple big doc scroll to the top', async ({
+    page,
+    browserName,
+  }) => {
+    const [randomDoc] = await createDoc(page, 'doc-scroll', browserName, 1);
+
+    for (let i = 0; i < 15; i++) {
+      await page.keyboard.press('Enter');
+      await writeInEditor({ page, text: 'Hello Parent ' + i });
+    }
+
+    const editor = await getEditor({ page });
+    await expect(
+      editor.getByText('Hello Parent 1', { exact: true }),
+    ).not.toBeInViewport();
+    await expect(editor.getByText('Hello Parent 14')).toBeInViewport();
+
+    const { name: docChild } = await createRootSubPage(
+      page,
+      browserName,
+      'doc-scroll-child',
+    );
+
+    for (let i = 0; i < 15; i++) {
+      await page.keyboard.press('Enter');
+      await writeInEditor({ page, text: 'Hello Child ' + i });
+    }
+
+    await expect(
+      editor.getByText('Hello Child 1', { exact: true }),
+    ).not.toBeInViewport();
+    await expect(editor.getByText('Hello Child 14')).toBeInViewport();
+
+    await navigateToPageFromTree({ page, title: randomDoc });
+
+    await expect(
+      editor.getByText('Hello Parent 1', { exact: true }),
+    ).toBeInViewport();
+    await expect(editor.getByText('Hello Parent 14')).not.toBeInViewport();
+
+    await navigateToPageFromTree({ page, title: docChild });
+
+    await expect(
+      editor.getByText('Hello Child 1', { exact: true }),
+    ).toBeInViewport();
+    await expect(editor.getByText('Hello Child 14')).not.toBeInViewport();
+  });
+
+  test('it embeds PDF', async ({ page, browserName }) => {
+    await createDoc(page, 'doc-toolbar', browserName, 1);
+
+    await openSuggestionMenu({ page });
+    await page.getByText('Embed a PDF file').click();
+
+    const pdfBlock = page.locator('div[data-content-type="pdf"]').first();
+
+    await expect(pdfBlock).toBeVisible();
+
+    await page.getByText('Add PDF').click();
+    const fileChooserPromise = page.waitForEvent('filechooser');
+    await page.getByText('Upload file').click();
+    const fileChooser = await fileChooserPromise;
+
+    console.log(path.join(__dirname, 'assets/test-pdf.pdf'));
+    await fileChooser.setFiles(path.join(__dirname, 'assets/test-pdf.pdf'));
+
+    // Wait for the media-check to be processed
+    await page.waitForTimeout(1000);
+
+    const pdfEmbed = page
+      .locator('.--docs--editor-container embed.bn-visual-media')
+      .first();
+
+    // Check src of pdf
+    expect(await pdfEmbed.getAttribute('src')).toMatch(
+      /http:\/\/localhost:8083\/media\/.*\/attachments\/.*.pdf/,
+    );
+
+    await expect(pdfEmbed).toHaveAttribute('type', 'application/pdf');
+    await expect(pdfEmbed).toHaveAttribute('role', 'presentation');
+  });
 });
--- a/Show More
+++ b/Show More