normally I would say you should not be able to set_file_content on deleted record unless for some reason the admin's job requires it. I would ask the zenodo support team for their use cases
I see two options
this endpoint should be protected by permissions, and only admin should be able to set content/commit - in this case we miss a test to check if normal user or owner of the record still can commit files
nobody, even the admin/moderator (except superuse) should be able to commit or set content
kpsherva
commented
11 months ago
I see two options
_Originally posted by @kpsherva in https://github.com/inveniosoftware/invenio-records-resources/pull/511#discussion_r1337075507_