Allows the typing job to error and still pass, so we get results, but not failures for now

Co-Authored-By: shamoon <4887959+shamoon@users.noreply.github.com>

.github/workflows/ci-backend.yml

@@ -129,6 +129,7 @@ jobs:
         run: |
           uv pip list
       - name: Check typing (pyrefly)
+        continue-on-error: true
         run: |
           uv run pyrefly \
             check \
@@ -143,6 +144,7 @@ jobs:
             ${{ runner.os }}-mypy-py${{ env.DEFAULT_PYTHON }}-
             ${{ runner.os }}-mypy-
       - name: Check typing (mypy)
+        continue-on-error: true
         run: |
           uv run mypy \
             --show-error-codes \

.mypy-baseline.txt

@@ -2192,34 +2192,34 @@ src/paperless_mail/tests/test_mail.py:0: error: "MailMessage" has no attribute "
 src/paperless_mail/tests/test_mail.py:0: error: "MailMessage" has no attribute "flagged"  [attr-defined]
 src/paperless_mail/tests/test_mail.py:0: error: "MailMessage" has no attribute "seen"  [attr-defined]
 src/paperless_mail/tests/test_mail.py:0: error: "MailMessage" has no attribute "seen"  [attr-defined]
-src/paperless_mail/tests/test_mail.py:0: error: "type[att@480]" has no attribute "filename"  [attr-defined]
-src/paperless_mail/tests/test_mail.py:0: error: "type[message2@426]" has no attribute "from_"  [attr-defined]
-src/paperless_mail/tests/test_mail.py:0: error: "type[message2@426]" has no attribute "from_"  [attr-defined]
-src/paperless_mail/tests/test_mail.py:0: error: "type[message2@426]" has no attribute "from_values"  [attr-defined]
-src/paperless_mail/tests/test_mail.py:0: error: "type[message@419]" has no attribute "from_"  [attr-defined]
-src/paperless_mail/tests/test_mail.py:0: error: "type[message@419]" has no attribute "from_values"  [attr-defined]
-src/paperless_mail/tests/test_mail.py:0: error: "type[message@478]" has no attribute "subject"  [attr-defined]
-src/paperless_mail/tests/test_mail.py:0: error: "type[message@531]" has no attribute "attachments"  [attr-defined]
+src/paperless_mail/tests/test_mail.py:0: error: "type[att@481]" has no attribute "filename"  [attr-defined]
+src/paperless_mail/tests/test_mail.py:0: error: "type[message2@427]" has no attribute "from_"  [attr-defined]
+src/paperless_mail/tests/test_mail.py:0: error: "type[message2@427]" has no attribute "from_"  [attr-defined]
+src/paperless_mail/tests/test_mail.py:0: error: "type[message2@427]" has no attribute "from_values"  [attr-defined]
+src/paperless_mail/tests/test_mail.py:0: error: "type[message@420]" has no attribute "from_"  [attr-defined]
+src/paperless_mail/tests/test_mail.py:0: error: "type[message@420]" has no attribute "from_values"  [attr-defined]
+src/paperless_mail/tests/test_mail.py:0: error: "type[message@479]" has no attribute "subject"  [attr-defined]
+src/paperless_mail/tests/test_mail.py:0: error: "type[message@532]" has no attribute "attachments"  [attr-defined]
 src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "MailboxFolderSelectError" has incompatible type "None"; expected "tuple[Any, ...]"  [arg-type]
 src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "MailboxFolderSelectError" has incompatible type "None"; expected "tuple[Any, ...]"  [arg-type]
 src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "MailboxLoginError" has incompatible type "str"; expected "tuple[Any, ...]"  [arg-type]
 src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "MailboxLoginError" has incompatible type "str"; expected "tuple[Any, ...]"  [arg-type]
 src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "MailboxLoginError" has incompatible type "str"; expected "tuple[Any, ...]"  [arg-type]
 src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "MailboxLoginError" has incompatible type "str"; expected "tuple[Any, ...]"  [arg-type]
-src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_correspondent" of "MailAccountHandler" has incompatible type "type[message2@426]"; expected "MailMessage"  [arg-type]
-src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_correspondent" of "MailAccountHandler" has incompatible type "type[message2@426]"; expected "MailMessage"  [arg-type]
-src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_correspondent" of "MailAccountHandler" has incompatible type "type[message@419]"; expected "MailMessage"  [arg-type]
-src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_correspondent" of "MailAccountHandler" has incompatible type "type[message@419]"; expected "MailMessage"  [arg-type]
-src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_correspondent" of "MailAccountHandler" has incompatible type "type[message@419]"; expected "MailMessage"  [arg-type]
-src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_correspondent" of "MailAccountHandler" has incompatible type "type[message@419]"; expected "MailMessage"  [arg-type]
-src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_title" of "MailAccountHandler" has incompatible type "type[message@478]"; expected "MailMessage"  [arg-type]
-src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_title" of "MailAccountHandler" has incompatible type "type[message@478]"; expected "MailMessage"  [arg-type]
-src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_title" of "MailAccountHandler" has incompatible type "type[message@478]"; expected "MailMessage"  [arg-type]
+src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_correspondent" of "MailAccountHandler" has incompatible type "type[message2@427]"; expected "MailMessage"  [arg-type]
+src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_correspondent" of "MailAccountHandler" has incompatible type "type[message2@427]"; expected "MailMessage"  [arg-type]
+src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_correspondent" of "MailAccountHandler" has incompatible type "type[message@420]"; expected "MailMessage"  [arg-type]
+src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_correspondent" of "MailAccountHandler" has incompatible type "type[message@420]"; expected "MailMessage"  [arg-type]
+src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_correspondent" of "MailAccountHandler" has incompatible type "type[message@420]"; expected "MailMessage"  [arg-type]
+src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_correspondent" of "MailAccountHandler" has incompatible type "type[message@420]"; expected "MailMessage"  [arg-type]
+src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_title" of "MailAccountHandler" has incompatible type "type[message@479]"; expected "MailMessage"  [arg-type]
+src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_title" of "MailAccountHandler" has incompatible type "type[message@479]"; expected "MailMessage"  [arg-type]
+src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "_get_title" of "MailAccountHandler" has incompatible type "type[message@479]"; expected "MailMessage"  [arg-type]
 src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "filter" has incompatible type "Callable[[Any], bool]"; expected "Callable[[MailMessage], TypeGuard[Never]]"  [arg-type]
 src/paperless_mail/tests/test_mail.py:0: error: Argument 1 to "filter" has incompatible type "Callable[[Any], bool]"; expected "Callable[[MailMessage], TypeGuard[Never]]"  [arg-type]
-src/paperless_mail/tests/test_mail.py:0: error: Argument 2 to "_get_title" of "MailAccountHandler" has incompatible type "type[att@480]"; expected "MailAttachment"  [arg-type]
-src/paperless_mail/tests/test_mail.py:0: error: Argument 2 to "_get_title" of "MailAccountHandler" has incompatible type "type[att@480]"; expected "MailAttachment"  [arg-type]
-src/paperless_mail/tests/test_mail.py:0: error: Argument 2 to "_get_title" of "MailAccountHandler" has incompatible type "type[att@480]"; expected "MailAttachment"  [arg-type]
+src/paperless_mail/tests/test_mail.py:0: error: Argument 2 to "_get_title" of "MailAccountHandler" has incompatible type "type[att@481]"; expected "MailAttachment"  [arg-type]
+src/paperless_mail/tests/test_mail.py:0: error: Argument 2 to "_get_title" of "MailAccountHandler" has incompatible type "type[att@481]"; expected "MailAttachment"  [arg-type]
+src/paperless_mail/tests/test_mail.py:0: error: Argument 2 to "_get_title" of "MailAccountHandler" has incompatible type "type[att@481]"; expected "MailAttachment"  [arg-type]
 src/paperless_mail/tests/test_mail.py:0: error: Argument 2 to "assertIn" of "TestCase" has incompatible type "str | None"; expected "Iterable[Any] | Container[Any]"  [arg-type]
 src/paperless_mail/tests/test_mail.py:0: error: Dict entry 0 has incompatible type "str": "None"; expected "str": "str"  [dict-item]
 src/paperless_mail/tests/test_mail.py:0: error: Dict entry 0 has incompatible type "str": "int"; expected "str": "str"  [dict-item]

docs/advanced_usage.md

@@ -784,9 +784,17 @@ below.
 
 ### Document Splitting {#document-splitting}
 
-When enabled, Paperless will look for a barcode with the configured value and create a new document
-starting from the next page. The page with the barcode on it will _not_ be retained. It
-is expected to be a page existing only for triggering the split.
+If document splitting is enabled, Paperless splits _after_ a separator barcode by default.
+This means:
+
+-   any page containing the configured separator barcode starts a new document, starting with the **next** page
+-   pages containing the separator barcode are discarded
+
+This is intended for dedicated separator sheets such as PATCH-T pages.
+
+If [`PAPERLESS_CONSUMER_BARCODE_RETAIN_SPLIT_PAGES`](configuration.md#PAPERLESS_CONSUMER_BARCODE_RETAIN_SPLIT_PAGES)
+is enabled, the page containing the separator barcode is retained instead. In this mode,
+each page containing the separator barcode becomes the **first** page of a new document.
 
 ### Archive Serial Number Assignment
 
@@ -795,8 +803,9 @@ archive serial number, allowing quick reference back to the original, paper docu
 
 If document splitting via barcode is also enabled, documents will be split when an ASN
 barcode is located. However, differing from the splitting, the page with the
-barcode _will_ be retained. This allows application of a barcode to any page, including
-one which holds data to keep in the document.
+barcode _will_ be retained. Each detected ASN barcode starts a new document _starting with
+that page_. This allows placing ASN barcodes on content pages that should remain part of
+the document.
 
 ### Tag Assignment
 

docs/changelog.md

@@ -1,5 +1,7 @@
 # Changelog
 
+## paperless-ngx 2.20.8
+
 ## paperless-ngx 2.20.7
 
 ### Bug Fixes

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "paperless-ngx"
-version = "2.20.7"
+version = "2.20.8"
 description = "A community-supported supercharged document management system: scan, index and archive all your physical documents"
 readme = "README.md"
 requires-python = ">=3.10"

src-ui/messages.xlf

@@ -1781,11 +1781,15 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/components/app-frame/app-frame.component.ts</context>
-          <context context-type="linenumber">216</context>
+          <context context-type="linenumber">156</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/components/app-frame/app-frame.component.ts</context>
-          <context context-type="linenumber">241</context>
+          <context context-type="linenumber">230</context>
+        </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/components/app-frame/app-frame.component.ts</context>
+          <context context-type="linenumber">255</context>
         </context-group>
       </trans-unit>
       <trans-unit id="2991443309752293110" datatype="html">
@@ -3113,21 +3117,21 @@
         <source>Sidebar views updated</source>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/components/app-frame/app-frame.component.ts</context>
-          <context context-type="linenumber">329</context>
+          <context context-type="linenumber">343</context>
         </context-group>
       </trans-unit>
       <trans-unit id="3547923076537026828" datatype="html">
         <source>Error updating sidebar views</source>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/components/app-frame/app-frame.component.ts</context>
-          <context context-type="linenumber">332</context>
+          <context context-type="linenumber">346</context>
         </context-group>
       </trans-unit>
       <trans-unit id="2526035785704676448" datatype="html">
         <source>An error occurred while saving update checking settings.</source>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/components/app-frame/app-frame.component.ts</context>
-          <context context-type="linenumber">353</context>
+          <context context-type="linenumber">367</context>
         </context-group>
       </trans-unit>
       <trans-unit id="4580988005648117665" datatype="html">

src-ui/package.json

@@ -1,6 +1,6 @@
 {
   "name": "paperless-ngx-ui",
-  "version": "2.20.7",
+  "version": "2.20.8",
   "scripts": {
     "preinstall": "npx only-allow pnpm",
     "ng": "ng",

src-ui/src/app/components/app-frame/app-frame.component.spec.ts

@@ -243,9 +243,19 @@ describe('AppFrameComponent', () => {
 
   it('should support toggling slim sidebar and saving', fakeAsync(() => {
     const saveSettingSpy = jest.spyOn(settingsService, 'set')
+    settingsService.set(SETTINGS_KEYS.ATTRIBUTES_SECTIONS_COLLAPSED, [])
     expect(component.slimSidebarEnabled).toBeFalsy()
     expect(component.slimSidebarAnimating).toBeFalsy()
     component.toggleSlimSidebar()
+    const requests = httpTestingController.match(
+      `${environment.apiBaseUrl}ui_settings/`
+    )
+    expect(requests).toHaveLength(1)
+    expect(requests[0].request.body.settings.slim_sidebar).toBe(true)
+    expect(
+      requests[0].request.body.settings.attributes_sections_collapsed
+    ).toEqual(['attributes'])
+    requests[0].flush({ success: true })
     expect(component.slimSidebarAnimating).toBeTruthy()
     tick(200)
     expect(component.slimSidebarAnimating).toBeFalsy()
@@ -254,6 +264,10 @@ describe('AppFrameComponent', () => {
       SETTINGS_KEYS.SLIM_SIDEBAR,
       true
     )
+    expect(saveSettingSpy).toHaveBeenCalledWith(
+      SETTINGS_KEYS.ATTRIBUTES_SECTIONS_COLLAPSED,
+      ['attributes']
+    )
   }))
 
   it('should show error on toggle slim sidebar if store settings fails', () => {

src-ui/src/app/components/app-frame/app-frame.component.ts

@@ -140,10 +140,24 @@ export class AppFrameComponent
 
   toggleSlimSidebar(): void {
     this.slimSidebarAnimating = true
-    this.slimSidebarEnabled = !this.slimSidebarEnabled
-    if (this.slimSidebarEnabled) {
-      this.attributesSectionsCollapsed = true
+    const slimSidebarEnabled = !this.slimSidebarEnabled
+    this.settingsService.set(SETTINGS_KEYS.SLIM_SIDEBAR, slimSidebarEnabled)
+    if (slimSidebarEnabled) {
+      this.settingsService.set(SETTINGS_KEYS.ATTRIBUTES_SECTIONS_COLLAPSED, [
+        CollapsibleSection.ATTRIBUTES,
+      ])
     }
+    this.settingsService
+      .storeSettings()
+      .pipe(first())
+      .subscribe({
+        error: (error) => {
+          this.toastService.showError(
+            $localize`An error occurred while saving settings.`
+          )
+          console.warn(error)
+        },
+      })
     setTimeout(() => {
       this.slimSidebarAnimating = false
     }, 200) // slightly longer than css animation for slim sidebar

src-ui/src/environments/environment.prod.ts

@@ -6,7 +6,7 @@ export const environment = {
   apiVersion: '9', // match src/paperless/settings.py
   appTitle: 'Paperless-ngx',
   tag: 'prod',
-  version: '2.20.7',
+  version: '2.20.8',
   webSocketHost: window.location.host,
   webSocketProtocol: window.location.protocol == 'https:' ? 'wss:' : 'ws:',
   webSocketBaseUrl: base_url.pathname + 'ws/',

src/paperless/version.py

@@ -1,6 +1,6 @@
 from typing import Final
 
-__version__: Final[tuple[int, int, int]] = (2, 20, 7)
+__version__: Final[tuple[int, int, int]] = (2, 20, 8)
 # Version string like X.Y.Z
 __full_version_str__: Final[str] = ".".join(map(str, __version__))
 # Version string like X.Y

src/paperless_mail/migrations/0003_mailrule_stop_processing.py

@@ -15,7 +15,7 @@ class Migration(migrations.Migration):
             name="stop_processing",
             field=models.BooleanField(
                 default=False,
-                help_text="If True, no further rules will be processed after this one if any document is consumed.",
+                help_text="If True, no further rules will be processed after this one if any document is queued.",
                 verbose_name="Stop processing further rules",
             ),
         ),

src/paperless_mail/tests/test_api.py

@@ -272,6 +272,24 @@ class TestAPIMailAccounts(DirectoriesMixin, APITestCase):
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertEqual(response.data["success"], True)
 
+    def test_mail_account_test_existing_nonexistent_id_forbidden(self) -> None:
+        response = self.client.post(
+            f"{self.ENDPOINT}test/",
+            json.dumps(
+                {
+                    "id": 999999,
+                    "imap_server": "server.example.com",
+                    "imap_port": 443,
+                    "imap_security": MailAccount.ImapSecurity.SSL,
+                    "username": "admin",
+                    "password": "******",
+                },
+            ),
+            content_type="application/json",
+        )
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertEqual(response.content.decode(), "Insufficient permissions")
+
     def test_get_mail_accounts_owner_aware(self) -> None:
         """
         GIVEN:

src/paperless_mail/tests/test_mail.py

@@ -8,6 +8,7 @@ from datetime import timedelta
 from unittest import mock
 
 import pytest
+from django.contrib.auth.models import Permission
 from django.contrib.auth.models import User
 from django.core.management import call_command
 from django.db import DatabaseError
@@ -1734,6 +1735,10 @@ class TestMailAccountTestView(APITestCase):
             username="testuser",
             password="testpassword",
         )
+        self.user.user_permissions.add(
+            *Permission.objects.filter(codename__in=["add_mailaccount"]),
+        )
+        self.user.save()
         self.client.force_authenticate(user=self.user)
         self.url = "/api/mail_accounts/test/"
 
@@ -1850,6 +1855,56 @@ class TestMailAccountTestView(APITestCase):
             expected_str = "Unable to refresh oauth token"
             self.assertIn(expected_str, error_str)
 
+    def test_mail_account_test_view_existing_forbidden_for_other_owner(self) -> None:
+        other_user = User.objects.create_user(
+            username="otheruser",
+            password="testpassword",
+        )
+        existing_account = MailAccount.objects.create(
+            name="Owned account",
+            imap_server="imap.example.com",
+            imap_port=993,
+            imap_security=MailAccount.ImapSecurity.SSL,
+            username="admin",
+            password="secret",
+            owner=other_user,
+        )
+        data = {
+            "id": existing_account.id,
+            "imap_server": "imap.example.com",
+            "imap_port": 993,
+            "imap_security": MailAccount.ImapSecurity.SSL,
+            "username": "admin",
+            "password": "****",
+            "is_token": False,
+        }
+
+        response = self.client.post(self.url, data, format="json")
+
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertEqual(response.content.decode(), "Insufficient permissions")
+
+    def test_mail_account_test_view_requires_add_permission_without_account_id(
+        self,
+    ) -> None:
+        self.user.user_permissions.remove(
+            *Permission.objects.filter(codename__in=["add_mailaccount"]),
+        )
+        self.user.save()
+        data = {
+            "imap_server": "imap.example.com",
+            "imap_port": 993,
+            "imap_security": MailAccount.ImapSecurity.SSL,
+            "username": "admin",
+            "password": "secret",
+            "is_token": False,
+        }
+
+        response = self.client.post(self.url, data, format="json")
+
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertEqual(response.content.decode(), "Insufficient permissions")
+
 
 class TestMailAccountProcess(APITestCase):
     def setUp(self) -> None:

src/paperless_mail/views.py

@@ -86,13 +86,34 @@ class MailAccountViewSet(ModelViewSet, PassUserMixin):
         request.data["name"] = datetime.datetime.now().isoformat()
         serializer = self.get_serializer(data=request.data)
         serializer.is_valid(raise_exception=True)
+        existing_account = None
+        account_id = request.data.get("id")
 
-        # account exists, use the password from there instead of *** and refresh_token / expiration
+        # testing a new connection requires add permission
+        if account_id is None and not request.user.has_perms(
+            ["paperless_mail.add_mailaccount"],
+        ):
+            return HttpResponseForbidden("Insufficient permissions")
+
+        # testing an existing account requires change permission on that account
+        if account_id is not None:
+            try:
+                existing_account = MailAccount.objects.get(pk=account_id)
+            except (TypeError, ValueError, MailAccount.DoesNotExist):
+                return HttpResponseForbidden("Insufficient permissions")
+
+            if not has_perms_owner_aware(
+                request.user,
+                "change_mailaccount",
+                existing_account,
+            ):
+                return HttpResponseForbidden("Insufficient permissions")
+
+        # account exists, use the password from there instead of ***
         if (
             len(serializer.validated_data.get("password").replace("*", "")) == 0
-            and request.data["id"] is not None
+            and existing_account is not None
         ):
-            existing_account = MailAccount.objects.get(pk=request.data["id"])
             serializer.validated_data["password"] = existing_account.password
             serializer.validated_data["account_type"] = existing_account.account_type
             serializer.validated_data["refresh_token"] = existing_account.refresh_token
@@ -106,7 +127,8 @@ class MailAccountViewSet(ModelViewSet, PassUserMixin):
         ) as M:
             try:
                 if (
-                    account.is_token
+                    existing_account is not None
+                    and account.is_token
                     and account.expiration is not None
                     and account.expiration < timezone.now()
                 ):
@@ -248,6 +270,7 @@ class OauthCallbackView(GenericAPIView):
                 imap_server=imap_server,
                 refresh_token=refresh_token,
                 expiration=timezone.now() + timedelta(seconds=expires_in),
+                owner=request.user,
                 defaults=defaults,
             )
             return HttpResponseRedirect(

uv.lock

@@ -3019,7 +3019,7 @@ wheels = [
 
 [[package]]
 name = "paperless-ngx"
-version = "2.20.7"
+version = "2.20.8"
 source = { virtual = "." }
 dependencies = [
     { name = "azure-ai-documentintelligence", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },