diff --git a/nomad/app/api/archive.py b/nomad/app/api/archive.py
index 327158c96c9c35461a9c7abef7803944400447d4..6e6554fe23b41ebc4b9402c8a6836f545d515ecb 100644
--- a/nomad/app/api/archive.py
+++ b/nomad/app/api/archive.py
@@ -167,6 +167,8 @@ class ArchiveDownloadResource(Resource):
common.logger.error('upload files do not exist', upload_id=upload_id)
continue
+ upload_files._is_authorized = create_authorization_predicate(
+ upload_id=upload_id, calc_id=calc_id)
with upload_files.read_archive(calc_id) as archive:
f = BytesIO(orjson.dumps(
archive[calc_id].to_dict(),
@@ -311,6 +313,8 @@ class ArchiveQueryResource(Resource):
if with_embargo:
access = 'restricted'
+ upload_files._is_authorized = create_authorization_predicate(
+ upload_id=upload_id, calc_id=calc_id)
else:
access = 'public'
@@ -330,8 +334,8 @@ class ArchiveQueryResource(Resource):
# We simply skip this entry
pass
except Restricted:
- # TODO in reality this should not happen
- pass
+ # this should not happen
+ common.logger.error('supposedly unreachable code', upload_id=upload_id, calc_id=calc_id)
except Exception as e:
if raise_errors:
raise e
diff --git a/nomad/app/api/auth.py b/nomad/app/api/auth.py
index 317bd68b1482ad8cbac839583fcc61d7b11cce58..c9099bbcf97fcd7731612bc3aa25f06e09215ba9 100644
--- a/nomad/app/api/auth.py
+++ b/nomad/app/api/auth.py
@@ -320,7 +320,6 @@ def create_authorization_predicate(upload_id, calc_id=None):
if g.user.user_id == upload.user_id:
return True
- # TODO I doubt if shared_with is actually working
if calc_id is not None:
try:
calc = processing.Calc.get(calc_id)