Download from file endpoint returns 403 Forbidden - Access Denied

[bardram]

As a Participant I upload a file, but when trying to download it, I get

CarpServiceException: 403 Forbidden -  Access Denied - GET /api/studies/b7a4d433-c267-4d2c-b182-67bbbc37279b/files/17/download

using the download endpoint = /api/studies/{study-id}/files/{file-id}/download

The get endpoint works fine = /api/studies/{study-id}/files/{file-id}.

Testing on DEV.

[yuanchen233]

Tested with Researcher/Admin account, download endpoint works, FileOwner Claim works, todo: test with participant account

[yuanchen233]

JWT token does not include FileOwner Claim for participant, however, it is set correctly and works properly for researchers. Look into situations where JWT token generation is different for participant and researcher

[davidscavnicky]

Tested with Participant/Admin account. Need to look into scenario for Participant:

Upon uploading file with Participant role, the FileOwner attribute is not assigned to JWT token, even though the participant NEEDS to be owner of that file when the person uploaded it in the first place. somehow the name in generation of JWT token is not done properly, have to investigate further with debugging

[davidscavnicky]

after assigning fileOwner attribute to participant's token (upload), the token needs to be refreshed and get from Keycloak via already established endpoint. backend's setting and getting of attribute from generated JWT token works correctly, when creating access to file system.

[bardram]

Update the Swagger API documentation to include this information.

[davidscavnicky]

Swagger API documentation updated