Copy file endpoint - Githubissues

aces / cbrain

CBRAIN is a flexible Ruby on Rails framework for accessing and processing of large data on high-performance computing infrastructures.

GNU General Public License v3.0

70 stars 43 forks source link

Copy file endpoint #1382

Closed natacha-beck closed 4 months ago

prioux commented 4 months ago

Rejected. The role of a controller action is to make sure all parameters are valid for the current session!

prioux commented 4 months ago

Check legitimate access for

the DP
the Bourreau
the userfiles (for these, there is a loop, replace this with a mass accessible check instead of going to the database for each and every file ID)

prioux commented 4 months ago

For point 3 of my previous comment, there is an excellent example already in the controllers, e.g. in userfiles_controller for the action manage_compression:

    userfiles = Userfile
      .find_all_accessible_by_user(current_user, :access_requested => :write)
      .where(:id => file_ids)

except you'll have to change the access_requested to :read

prioux commented 4 months ago

Looks good to me. Before I merge, I want to discuss if this action is really a 'bourreau' action, or if it would be more appropriate in a different controller. We are selecting files to be copied to a data provider, so maybe it's userfile action, or a data provider action?