If an admin or examiner uploads files with an internal note (only visible to examiners and admins) in the feedback feed the file is inaccessible to everyone except the uploadee, yielding a HTTP 404:
Http404: null
File "django/core/handlers/base.py", line 197, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "cradmin_legacy/crapp.py", line 86, in viewwrapper
return has_access_to_cradmin_instance(cradminview(view))(request, *args, **kwargs)
File "cradmin_legacy/decorators.py", line 32, in wrapper
return view_function(request, *args, **kwargs)
File "cradmin_legacy/decorators.py", line 70, in wrapper
response = view_function(request, *args, **kwargs)
File "django/views/generic/base.py", line 104, in view
return self.dispatch(request, *args, **kwargs)
File "django/views/generic/base.py", line 143, in dispatch
return handler(request, *args, **kwargs)
File "devilry/devilry_group/views/download_files/batch_download_files.py", line 43, in get
raise Http404()
The file should have limited access, but that should include other examiners and admins with access to that particular feedback feed (those who can read the comment to which the files are uploaded with).
torgeirl
commented
6 months ago
If an admin or examiner uploads files with an internal note (only visible to examiners and admins) in the feedback feed the file is inaccessible to everyone except the uploadee, yielding a HTTP 404:
The file should have limited access, but that should include other examiners and admins with access to that particular feedback feed (those who can read the comment to which the files are uploaded with).