Skip to content

Simplified file access logic

David Sikter requested to merge simplify-file-access into v1.0.0

Simplifies the logic and prepare for version fork, according to #589 (closed).

  • The files module does not check permissions when accessing the content of upload files. The UploadFiles classes no longer take an is_authorized-parameter in the constructors.
  • We expect that, in a published upload, all data (entries and raw files) are going to have the same access, public (=not embargoed) or restricted (=embargoed).
  • POTCAR files are removed when an upload is published (packed), so that the above assumption is fullfilled.
  • When packing, the data is put in files with names indicating the access (we still do this, because it is convenient to be able to tell which data is protected/embargoed and not by just looking at the file names, not needing to check with MongoDB).

Empty files

  • Files with the opposite access of the upload itself may still exist, read operations should work anyway (they will just pick the file that is not empty to read from), but if such files exist, they must be empty.
  • For an upload where this is not the case, we will get exceptions when trying to access the upload files, run pack/re_pack etc.
  • Ultimately we want to get rid of the empty files, so this should hopefully only be a temporary solution. (We should at least be able to get rid of the empty archive files for good. Maybe some POTCAR-like case could come up in the future, which could necessitate that we keep but protect some files also after the upload itself has been published without embargo, but this will have to be handled if and when it actually comes up.)
  • pack and re_pack should not produce any empty files, only files of the right access. They also actively delete files with the wrong access if they exist (but not without validating that they indeed are empty as expected).

Merge request reports