From 5b92f2c374627da2ea6d05a4837e887969ffb7b1 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 6 Mar 2024 10:57:42 -0500
Subject: [PATCH 001/131] Add AuditRecord model

---
 dandiapi/api/models/__init__.py |  2 ++
 dandiapi/api/models/audit.py    | 16 ++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 dandiapi/api/models/audit.py

diff --git a/dandiapi/api/models/__init__.py b/dandiapi/api/models/__init__.py
index fdc3bd2b5..ff0c21c61 100644
--- a/dandiapi/api/models/__init__.py
+++ b/dandiapi/api/models/__init__.py
@@ -2,6 +2,7 @@
 
 from .asset import Asset, AssetBlob, EmbargoedAssetBlob
 from .asset_paths import AssetPath, AssetPathRelation
+from .audit import AuditRecord
 from .dandiset import Dandiset
 from .oauth import StagingApplication
 from .upload import EmbargoedUpload, Upload
@@ -13,6 +14,7 @@
     'AssetBlob',
     'AssetPath',
     'AssetPathRelation',
+    'AuditRecord',
     'Dandiset',
     'EmbargoedAssetBlob',
     'EmbargoedUpload',
diff --git a/dandiapi/api/models/audit.py b/dandiapi/api/models/audit.py
new file mode 100644
index 000000000..27bff46da
--- /dev/null
+++ b/dandiapi/api/models/audit.py
@@ -0,0 +1,16 @@
+from __future__ import annotations
+
+from django.db import models
+
+
+class AuditRecord(models.Model):
+    timestamp = models.DateTimeField(auto_now_add=True)
+    dandiset_id = models.IntegerField()
+    username = models.CharField(max_length=39)
+    user_email = models.CharField(max_length=254)
+    user_fullname = models.CharField(max_length=301)
+    record_type = models.CharField(max_length=32, choices=AUDIT_RECORD_CHOICES)
+    details = models.JSONField(blank=True)
+
+    def __str__(self):
+        return f'{self.record_type}/{self.dandiset_id:06}'

From 5ad7856924509e87b24726cb8761563e75883604 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 6 Mar 2024 10:58:05 -0500
Subject: [PATCH 002/131] Add admin model for AuditRecord

---
 dandiapi/api/admin.py | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/dandiapi/api/admin.py b/dandiapi/api/admin.py
index 06abb2e85..b0dc23a7f 100644
--- a/dandiapi/api/admin.py
+++ b/dandiapi/api/admin.py
@@ -19,6 +19,7 @@
 from dandiapi.api.models import (
     Asset,
     AssetBlob,
+    AuditRecord,
     Dandiset,
     EmbargoedAssetBlob,
     Upload,
@@ -240,3 +241,39 @@ class AssetAdmin(admin.ModelAdmin):
 class UploadAdmin(admin.ModelAdmin):
     list_display = ['id', 'upload_id', 'blob', 'etag', 'upload_id', 'size', 'created']
     list_display_links = ['id', 'upload_id']
+
+
+@admin.register(AuditRecord)
+class AuditRecordAdmin(admin.ModelAdmin):
+    actions = None
+    date_hierarchy = 'timestamp'
+    search_fields = [
+        'dandiset_id',
+        'username',
+        'record_type',
+    ]
+    list_display = [
+        'id',
+        'timestamp',
+        'dandiset',
+        'record_type',
+        'details',
+        'username',
+    ]
+
+    @admin.display(description='Dandiset', ordering='dandiset_id')
+    def dandiset(self, obj):
+        return format_html(
+            '<a href="{}">{}</a>',
+            reverse('admin:api_dandiset_change', args=(obj.dandiset_id,)),
+            f'{obj.dandiset_id:06}',
+        )
+
+    def has_add_permission(self, request):
+        return False
+
+    def has_change_permission(self, request, obj=None):
+        return False
+
+    def has_delete_permission(self, request, obj=None):
+        return False

From 31472ee2836c4c40566f69d956090c18a7b4f6b6 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 6 Mar 2024 11:00:12 -0500
Subject: [PATCH 003/131] Generate create_dandiset audit record

---
 dandiapi/api/models/audit.py               | 38 ++++++++++++++++++++++
 dandiapi/api/services/dandiset/__init__.py |  6 ++++
 2 files changed, 44 insertions(+)

diff --git a/dandiapi/api/models/audit.py b/dandiapi/api/models/audit.py
index 27bff46da..039911fa2 100644
--- a/dandiapi/api/models/audit.py
+++ b/dandiapi/api/models/audit.py
@@ -1,7 +1,22 @@
 from __future__ import annotations
 
+from typing import TYPE_CHECKING, Literal, get_args
+
 from django.db import models
 
+if TYPE_CHECKING:
+    from django.contrib.auth.models import User
+
+    from dandiapi.zarr.models import ZarrArchive
+
+    from .asset import Asset
+    from .dandiset import Dandiset
+
+AuditRecordType = Literal[
+    'create_dandiset',
+]
+AUDIT_RECORD_CHOICES = [(t, t) for t in get_args(AuditRecordType)]
+
 
 class AuditRecord(models.Model):
     timestamp = models.DateTimeField(auto_now_add=True)
@@ -14,3 +29,26 @@ class AuditRecord(models.Model):
 
     def __str__(self):
         return f'{self.record_type}/{self.dandiset_id:06}'
+
+    @staticmethod
+    def make_audit_record(
+        *, dandiset: Dandiset, user: User, record_type: AuditRecordType, details: dict
+    ) -> AuditRecord:
+        return AuditRecord(
+            dandiset_id=dandiset.id,
+            username=user.username,
+            user_email=user.email,
+            user_fullname=f'{user.first_name} {user.last_name}',
+            record_type=record_type,
+            details=details,
+        )
+
+    @staticmethod
+    def create_dandiset(*, dandiset: Dandiset, user: User, metadata: dict, embargoed: bool):
+        details = {
+            'metadata': metadata,
+            'embargoed': embargoed,
+        }
+        return AuditRecord.make_audit_record(
+            dandiset=dandiset, user=user, record_type='create_dandiset', details=details
+        )
diff --git a/dandiapi/api/services/dandiset/__init__.py b/dandiapi/api/services/dandiset/__init__.py
index 0cf80d82c..9cc15d35d 100644
--- a/dandiapi/api/services/dandiset/__init__.py
+++ b/dandiapi/api/services/dandiset/__init__.py
@@ -2,6 +2,7 @@
 
 from django.db import transaction
 
+from dandiapi.api.models.audit import AuditRecord
 from dandiapi.api.models.dandiset import Dandiset
 from dandiapi.api.models.version import Version
 from dandiapi.api.services.dandiset.exceptions import DandisetAlreadyExistsError
@@ -45,6 +46,11 @@ def create_dandiset(
         draft_version.full_clean(validate_constraints=False)
         draft_version.save()
 
+        audit_record = AuditRecord.create_dandiset(
+            dandiset=dandiset, user=user, metadata=version_metadata, embargoed=embargo
+        )
+        audit_record.save()
+
     return dandiset, draft_version
 
 

From eccedd9ee410d10bbf2b4017e0605ee4f0882e89 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 6 Mar 2024 11:02:09 -0500
Subject: [PATCH 004/131] Generate change_owners audit record

---
 dandiapi/api/models/audit.py   | 20 ++++++++++++++++++++
 dandiapi/api/views/dandiset.py | 15 +++++++++++++--
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/dandiapi/api/models/audit.py b/dandiapi/api/models/audit.py
index 039911fa2..a790d280a 100644
--- a/dandiapi/api/models/audit.py
+++ b/dandiapi/api/models/audit.py
@@ -14,6 +14,7 @@
 
 AuditRecordType = Literal[
     'create_dandiset',
+    'change_owners',
 ]
 AUDIT_RECORD_CHOICES = [(t, t) for t in get_args(AuditRecordType)]
 
@@ -52,3 +53,22 @@ def create_dandiset(*, dandiset: Dandiset, user: User, metadata: dict, embargoed
         return AuditRecord.make_audit_record(
             dandiset=dandiset, user=user, record_type='create_dandiset', details=details
         )
+
+    @staticmethod
+    def change_owners(
+        *, dandiset: Dandiset, user: User, removed_owners: list[User], added_owners: list[User]
+    ):
+        def glean_user_info(user: User):
+            return {
+                'username': user.username,
+                'email': user.email,
+                'name': f'{user.first_name} {user.last_name}',
+            }
+
+        details = {
+            'removed_owners': [glean_user_info(u) for u in removed_owners],
+            'added_owners': [glean_user_info(u) for u in added_owners],
+        }
+        return AuditRecord.make_audit_record(
+            dandiset=dandiset, user=user, record_type='change_owners', details=details
+        )
diff --git a/dandiapi/api/views/dandiset.py b/dandiapi/api/views/dandiset.py
index 040395aef..1789ee7ad 100644
--- a/dandiapi/api/views/dandiset.py
+++ b/dandiapi/api/views/dandiset.py
@@ -4,6 +4,7 @@
 
 from allauth.socialaccount.models import SocialAccount
 from django.contrib.auth.models import User
+from django.db import transaction
 from django.db.models import Count, Max, OuterRef, Subquery, Sum
 from django.db.models.functions import Coalesce
 from django.db.models.query_utils import Q
@@ -23,7 +24,7 @@
 
 from dandiapi.api.asset_paths import get_root_paths_many
 from dandiapi.api.mail import send_ownership_change_emails
-from dandiapi.api.models import Dandiset, Version
+from dandiapi.api.models import AuditRecord, Dandiset, Version
 from dandiapi.api.services.dandiset import create_dandiset, delete_dandiset
 from dandiapi.api.services.dandiset.exceptions import UnauthorizedEmbargoAccessError
 from dandiapi.api.services.embargo import unembargo_dandiset
@@ -408,7 +409,17 @@ def users(self, request, dandiset__pk):
             # All owners found
             owners = user_owners + [acc.user for acc in socialaccount_owners]
             removed_owners, added_owners = dandiset.set_owners(owners)
-            dandiset.save()
+            with transaction.atomic():
+                dandiset.save()
+
+                if removed_owners or added_owners:
+                    audit_record = AuditRecord.change_owners(
+                        dandiset=dandiset,
+                        user=request.user,
+                        removed_owners=removed_owners,
+                        added_owners=added_owners,
+                    )
+                    audit_record.save()
 
             send_ownership_change_emails(dandiset, removed_owners, added_owners)
 

From c50290bbd2dfb4cbc6bc845a8fec067facfaa70c Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 6 Mar 2024 11:03:56 -0500
Subject: [PATCH 005/131] Generate update_metadata audit record

---
 dandiapi/api/models/audit.py  | 8 ++++++++
 dandiapi/api/views/version.py | 7 ++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/dandiapi/api/models/audit.py b/dandiapi/api/models/audit.py
index a790d280a..9fddf8cc5 100644
--- a/dandiapi/api/models/audit.py
+++ b/dandiapi/api/models/audit.py
@@ -15,6 +15,7 @@
 AuditRecordType = Literal[
     'create_dandiset',
     'change_owners',
+    'update_metadata',
 ]
 AUDIT_RECORD_CHOICES = [(t, t) for t in get_args(AuditRecordType)]
 
@@ -72,3 +73,10 @@ def glean_user_info(user: User):
         return AuditRecord.make_audit_record(
             dandiset=dandiset, user=user, record_type='change_owners', details=details
         )
+
+    @staticmethod
+    def update_metadata(*, dandiset: Dandiset, user: User, metadata: dict) -> AuditRecord:
+        details = {'metadata': metadata}
+        return AuditRecord.make_audit_record(
+            dandiset=dandiset, user=user, record_type='update_metadata', details=details
+        )
diff --git a/dandiapi/api/views/version.py b/dandiapi/api/views/version.py
index b94592414..65678e747 100644
--- a/dandiapi/api/views/version.py
+++ b/dandiapi/api/views/version.py
@@ -13,7 +13,7 @@
 from rest_framework.viewsets import ReadOnlyModelViewSet
 from rest_framework_extensions.mixins import DetailSerializerMixin, NestedViewSetMixin
 
-from dandiapi.api.models import Dandiset, Version
+from dandiapi.api.models import AuditRecord, Dandiset, Version
 from dandiapi.api.services.publish import publish_dandiset
 from dandiapi.api.tasks import delete_doi_task
 from dandiapi.api.views.common import DANDISET_PK_PARAM, VERSION_PARAM, DandiPagination
@@ -116,6 +116,11 @@ def update(self, request, **kwargs):
                 locked_version.status = Version.Status.PENDING
                 locked_version.save()
 
+                audit_record = AuditRecord.update_metadata(
+                    dandiset=locked_version.dandiset, user=request.user, metadata=new_metadata
+                )
+                audit_record.save()
+
         serializer = VersionDetailSerializer(instance=locked_version)
         return Response(serializer.data, status=status.HTTP_200_OK)
 

From fdb49a5931e6c1f8c29029999f6a86cdabd5bac7 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 6 Mar 2024 11:06:52 -0500
Subject: [PATCH 006/131] Generate [add|update|remove]_asset audit records

---
 dandiapi/api/models/audit.py            | 45 +++++++++++++++++++++++++
 dandiapi/api/services/asset/__init__.py | 22 ++++++++++--
 2 files changed, 65 insertions(+), 2 deletions(-)

diff --git a/dandiapi/api/models/audit.py b/dandiapi/api/models/audit.py
index 9fddf8cc5..798255b51 100644
--- a/dandiapi/api/models/audit.py
+++ b/dandiapi/api/models/audit.py
@@ -16,6 +16,9 @@
     'create_dandiset',
     'change_owners',
     'update_metadata',
+    'add_asset',
+    'update_asset',
+    'remove_asset',
 ]
 AUDIT_RECORD_CHOICES = [(t, t) for t in get_args(AuditRecordType)]
 
@@ -80,3 +83,45 @@ def update_metadata(*, dandiset: Dandiset, user: User, metadata: dict) -> AuditR
         return AuditRecord.make_audit_record(
             dandiset=dandiset, user=user, record_type='update_metadata', details=details
         )
+
+    @staticmethod
+    def _asset_details(asset: Asset) -> dict:
+        checksum = (
+            (asset.blob and asset.blob.etag)
+            or (asset.embargoed_blob and asset.embargoed_blob.etag)
+            or (asset.zarr and asset.zarr.checksum)
+        )
+
+        return {
+            'path': asset.path,
+            'asset_blob_id': asset.blob and asset.blob.id,
+            'embargoed_asset_blob_id': asset.embargoed_blob and asset.embargoed_blob.id,
+            'zarr_archive_id': asset.zarr and asset.zarr.id,
+            'asset_id': asset.id,
+            'checksum': checksum,
+            'metadata': asset.metadata,
+        }
+
+    @staticmethod
+    def add_asset(*, dandiset: Dandiset, user: User, asset: Asset) -> AuditRecord:
+        details = AuditRecord._asset_details(asset)
+        return AuditRecord.make_audit_record(
+            dandiset=dandiset, user=user, record_type='add_asset', details=details
+        )
+
+    @staticmethod
+    def update_asset(*, dandiset: Dandiset, user: User, asset: Asset) -> AuditRecord:
+        details = AuditRecord._asset_details(asset)
+        return AuditRecord.make_audit_record(
+            dandiset=dandiset, user=user, record_type='update_asset', details=details
+        )
+
+    @staticmethod
+    def remove_asset(*, dandiset: Dandiset, user: User, asset: Asset) -> AuditRecord:
+        details = {
+            'path': asset.path,
+            'asset_id': asset.id,
+        }
+        return AuditRecord.make_audit_record(
+            dandiset=dandiset, user=user, record_type='remove_asset', details=details
+        )
diff --git a/dandiapi/api/services/asset/__init__.py b/dandiapi/api/services/asset/__init__.py
index 8cedcd739..23beadfd9 100644
--- a/dandiapi/api/services/asset/__init__.py
+++ b/dandiapi/api/services/asset/__init__.py
@@ -6,6 +6,7 @@
 
 from dandiapi.api.asset_paths import add_asset_paths, delete_asset_paths, get_conflicting_paths
 from dandiapi.api.models.asset import Asset, AssetBlob, EmbargoedAssetBlob
+from dandiapi.api.models.audit import AuditRecord
 from dandiapi.api.models.version import Version
 from dandiapi.api.services.asset.exceptions import (
     AssetAlreadyExistsError,
@@ -84,7 +85,7 @@ def change_asset(  # noqa: PLR0913
         raise AssetAlreadyExistsError
 
     with transaction.atomic():
-        remove_asset_from_version(user=user, asset=asset, version=version)
+        remove_asset_from_version(user=user, asset=asset, version=version, audit=False)
 
         new_asset = add_asset_to_version(
             user=user,
@@ -92,11 +93,15 @@ def change_asset(  # noqa: PLR0913
             asset_blob=new_asset_blob,
             zarr_archive=new_zarr_archive,
             metadata=new_metadata,
+            audit=False,
         )
         # Set previous asset and save
         new_asset.previous = asset
         new_asset.save()
 
+        audit_record = AuditRecord.update_asset(dandiset=version.dandiset, user=user, asset=asset)
+        audit_record.save()
+
     return new_asset, True
 
 
@@ -107,6 +112,7 @@ def add_asset_to_version(
     asset_blob: AssetBlob | EmbargoedAssetBlob | None = None,
     zarr_archive: ZarrArchive | None = None,
     metadata: dict,
+    audit: bool = True,
 ) -> Asset:
     """Create an asset, adding it to a version."""
     if not asset_blob and not zarr_archive:
@@ -158,10 +164,16 @@ def add_asset_to_version(
         # Save the version so that the modified field is updated
         version.save()
 
+        if audit:
+            audit_record = AuditRecord.add_asset(dandiset=version.dandiset, user=user, asset=asset)
+            audit_record.save()
+
     return asset
 
 
-def remove_asset_from_version(*, user, asset: Asset, version: Version) -> Version:
+def remove_asset_from_version(
+    *, user, asset: Asset, version: Version, audit: bool = True
+) -> Version:
     if not user.has_perm('owner', version.dandiset):
         raise DandisetOwnerRequiredError
     if version.version != 'draft':
@@ -177,4 +189,10 @@ def remove_asset_from_version(*, user, asset: Asset, version: Version) -> Versio
         # Save the version so that the modified field is updated
         version.save()
 
+        if audit:
+            audit_record = AuditRecord.remove_asset(
+                dandiset=version.dandiset, user=user, asset=asset
+            )
+            audit_record.save()
+
     return version

From 1ad599d6a9a9103e69672923cacb89cd4673a393 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 6 Mar 2024 11:09:52 -0500
Subject: [PATCH 007/131] Generate [create|upload|finalize|delete]_zarr audit
 records

---
 dandiapi/api/models/audit.py    | 47 +++++++++++++++++++++++++++++++++
 dandiapi/zarr/views/__init__.py | 30 ++++++++++++++++++++-
 2 files changed, 76 insertions(+), 1 deletion(-)

diff --git a/dandiapi/api/models/audit.py b/dandiapi/api/models/audit.py
index 798255b51..6ffcfd30f 100644
--- a/dandiapi/api/models/audit.py
+++ b/dandiapi/api/models/audit.py
@@ -19,6 +19,10 @@
     'add_asset',
     'update_asset',
     'remove_asset',
+    'create_zarr',
+    'upload_zarr',
+    'delete_zarr_chunks',
+    'finalize_zarr',
 ]
 AUDIT_RECORD_CHOICES = [(t, t) for t in get_args(AuditRecordType)]
 
@@ -125,3 +129,46 @@ def remove_asset(*, dandiset: Dandiset, user: User, asset: Asset) -> AuditRecord
         return AuditRecord.make_audit_record(
             dandiset=dandiset, user=user, record_type='remove_asset', details=details
         )
+
+    @staticmethod
+    def create_zarr(*, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive) -> AuditRecord:
+        details = {
+            'zarr_id': zarr_archive.id,
+            'name': zarr_archive.name,
+        }
+        return AuditRecord.make_audit_record(
+            dandiset=dandiset, user=user, record_type='create_zarr', details=details
+        )
+
+    @staticmethod
+    def upload_zarr(
+        *, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive, urls: list[str]
+    ) -> AuditRecord:
+        details = {
+            'zarr_id': zarr_archive.id,
+            'num_urls': len(urls),
+        }
+        return AuditRecord.make_audit_record(
+            dandiset=dandiset, user=user, record_type='upload_zarr', details=details
+        )
+
+    @staticmethod
+    def delete_zarr_chunks(
+        *, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive, paths: list[str]
+    ) -> AuditRecord:
+        details = {
+            'zarr_id': zarr_archive.id,
+            'num_chunks': len(paths),
+        }
+        return AuditRecord.make_audit_record(
+            dandiset=dandiset, user=user, record_type='delete_zarr_chunks', details=details
+        )
+
+    @staticmethod
+    def finalize_zarr(*, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive) -> AuditRecord:
+        details = {
+            'zarr_id': zarr_archive.id,
+        }
+        return AuditRecord.make_audit_record(
+            dandiset=dandiset, user=user, record_type='finalize_zarr', details=details
+        )
diff --git a/dandiapi/zarr/views/__init__.py b/dandiapi/zarr/views/__init__.py
index 61a1057c6..19e34f58c 100644
--- a/dandiapi/zarr/views/__init__.py
+++ b/dandiapi/zarr/views/__init__.py
@@ -14,6 +14,7 @@
 from rest_framework.utils.urls import replace_query_param
 from rest_framework.viewsets import ReadOnlyModelViewSet
 
+from dandiapi.api.models.audit import AuditRecord
 from dandiapi.api.models.dandiset import Dandiset
 from dandiapi.api.storage import get_boto_client
 from dandiapi.api.views.common import DandiPagination
@@ -139,7 +140,13 @@ def create(self, request):
             raise ValidationError('Cannot add zarr to embargoed dandiset')
         zarr_archive: ZarrArchive = ZarrArchive(name=name, dandiset=dandiset)
         try:
-            zarr_archive.save()
+            with transaction.atomic():
+                zarr_archive.save()
+
+                audit_record = AuditRecord.create_zarr(
+                    dandiset=dandiset, user=request.user, zarr_archive=zarr_archive
+                )
+                audit_record.save()
         except IntegrityError as e:
             raise ValidationError('Zarr already exists') from e
 
@@ -175,6 +182,11 @@ def finalize(self, request, zarr_id):
             zarr_archive.status = ZarrArchiveStatus.UPLOADED
             zarr_archive.save()
 
+            audit_record = AuditRecord.finalize_zarr(
+                dandiset=zarr_archive.dandiset, user=request.user, zarr_archive=zarr_archive
+            )
+            audit_record.save()
+
         # Dispatch task
         ingest_zarr_archive.delay(zarr_id=zarr_archive.zarr_id)
         return Response(None, status=status.HTTP_204_NO_CONTENT)
@@ -289,6 +301,14 @@ def create_files(self, request, zarr_id):
             zarr_archive.mark_pending()
             zarr_archive.save()
 
+            audit_record = AuditRecord.upload_zarr(
+                dandiset=zarr_archive.dandiset,
+                user=request.user,
+                zarr_archive=zarr_archive,
+                urls=urls,
+            )
+            audit_record.save()
+
         # Return presigned urls
         logger.info(
             'Presigned %d URLs to upload to zarr archive %s', len(urls), zarr_archive.zarr_id
@@ -320,4 +340,12 @@ def delete_files(self, request, zarr_id):
             paths = [file['path'] for file in serializer.validated_data]
             zarr_archive.delete_files(paths)
 
+            audit_record = AuditRecord.delete_zarr_chunks(
+                dandiset=zarr_archive.dandiset,
+                user=request.user,
+                zarr_archive=zarr_archive,
+                paths=paths,
+            )
+            audit_record.save()
+
         return Response(None, status=status.HTTP_204_NO_CONTENT)

From 7f0fc968c8fe3a44dc447275d169a4d63c4fda36 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 6 Mar 2024 11:12:19 -0500
Subject: [PATCH 008/131] Generate unembargo_dandiset audit record

---
 dandiapi/api/models/audit.py              | 7 +++++++
 dandiapi/api/services/embargo/__init__.py | 9 ++++++---
 dandiapi/api/tasks/__init__.py            | 6 ++++--
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/dandiapi/api/models/audit.py b/dandiapi/api/models/audit.py
index 6ffcfd30f..0d2694d29 100644
--- a/dandiapi/api/models/audit.py
+++ b/dandiapi/api/models/audit.py
@@ -23,6 +23,7 @@
     'upload_zarr',
     'delete_zarr_chunks',
     'finalize_zarr',
+    'unembargo_dandiset',
 ]
 AUDIT_RECORD_CHOICES = [(t, t) for t in get_args(AuditRecordType)]
 
@@ -172,3 +173,9 @@ def finalize_zarr(*, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive)
         return AuditRecord.make_audit_record(
             dandiset=dandiset, user=user, record_type='finalize_zarr', details=details
         )
+
+    @staticmethod
+    def unembargo_dandiset(*, dandiset: Dandiset, user: User) -> AuditRecord:
+        return AuditRecord.make_audit_record(
+            dandiset=dandiset, user=user, record_type='unembargo_dandiset', details={}
+        )
diff --git a/dandiapi/api/services/embargo/__init__.py b/dandiapi/api/services/embargo/__init__.py
index 9b3e4425b..0f3bb854f 100644
--- a/dandiapi/api/services/embargo/__init__.py
+++ b/dandiapi/api/services/embargo/__init__.py
@@ -5,7 +5,7 @@
 from django.conf import settings
 
 from dandiapi.api.copy import copy_object_multipart
-from dandiapi.api.models import Asset, AssetBlob, Dandiset, Upload, Version
+from dandiapi.api.models import Asset, AssetBlob, AuditRecord, Dandiset, Upload, Version
 from dandiapi.api.services.asset.exceptions import DandisetOwnerRequiredError
 from dandiapi.api.tasks import unembargo_dandiset_task
 
@@ -56,7 +56,7 @@ def _unembargo_asset(asset: Asset):
     asset.save()
 
 
-def _unembargo_dandiset(dandiset: Dandiset):
+def _unembargo_dandiset(dandiset: Dandiset, user: User):
     draft_version: Version = dandiset.draft_version
     embargoed_assets: QuerySet[Asset] = draft_version.assets.filter(embargoed_blob__isnull=False)
 
@@ -74,6 +74,9 @@ def _unembargo_dandiset(dandiset: Dandiset):
     dandiset.embargo_status = Dandiset.EmbargoStatus.OPEN
     dandiset.save()
 
+    audit_record = AuditRecord.unembargo_dandiset(dandiset=dandiset, user=user)
+    audit_record.save()
+
 
 def unembargo_dandiset(*, user: User, dandiset: Dandiset):
     """Unembargo a dandiset by copying all embargoed asset blobs to the public bucket."""
@@ -83,4 +86,4 @@ def unembargo_dandiset(*, user: User, dandiset: Dandiset):
     if not user.has_perm('owner', dandiset):
         raise DandisetOwnerRequiredError
 
-    unembargo_dandiset_task.delay(dandiset.id)
+    unembargo_dandiset_task.delay(dandiset.id, user.id)
diff --git a/dandiapi/api/tasks/__init__.py b/dandiapi/api/tasks/__init__.py
index 80f8ef87c..817f73e99 100644
--- a/dandiapi/api/tasks/__init__.py
+++ b/dandiapi/api/tasks/__init__.py
@@ -2,6 +2,7 @@
 
 from celery import shared_task
 from celery.utils.log import get_task_logger
+from django.contrib.auth.models import User
 
 from dandiapi.api.doi import delete_doi
 from dandiapi.api.manifests import (
@@ -68,11 +69,12 @@ def delete_doi_task(doi: str) -> None:
 
 
 @shared_task
-def unembargo_dandiset_task(dandiset_id: int):
+def unembargo_dandiset_task(dandiset_id: int, user_id: int):
     from dandiapi.api.services.embargo import _unembargo_dandiset
 
     dandiset = Dandiset.objects.get(id=dandiset_id)
-    _unembargo_dandiset(dandiset)
+    user = User.objects.get(id=user_id)
+    _unembargo_dandiset(dandiset, user)
 
 
 @shared_task

From 2c9c6b38eddd4f470f0089d5b84b7a0b211d268c Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 6 Mar 2024 11:17:23 -0500
Subject: [PATCH 009/131] Generate publish_dandiset audit record

---
 dandiapi/api/models/audit.py              | 10 ++++++++++
 dandiapi/api/services/publish/__init__.py | 14 ++++++++++----
 dandiapi/api/tasks/__init__.py            |  4 ++--
 3 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/dandiapi/api/models/audit.py b/dandiapi/api/models/audit.py
index 0d2694d29..848cbfa0b 100644
--- a/dandiapi/api/models/audit.py
+++ b/dandiapi/api/models/audit.py
@@ -24,6 +24,7 @@
     'delete_zarr_chunks',
     'finalize_zarr',
     'unembargo_dandiset',
+    'publish_dandiset',
 ]
 AUDIT_RECORD_CHOICES = [(t, t) for t in get_args(AuditRecordType)]
 
@@ -179,3 +180,12 @@ def unembargo_dandiset(*, dandiset: Dandiset, user: User) -> AuditRecord:
         return AuditRecord.make_audit_record(
             dandiset=dandiset, user=user, record_type='unembargo_dandiset', details={}
         )
+
+    @staticmethod
+    def publish_dandiset(*, dandiset: Dandiset, user: User, version: str) -> AuditRecord:
+        details = {
+            'version': version,
+        }
+        return AuditRecord.make_audit_record(
+            dandiset=dandiset, user=user, record_type='publish_dandiset', details=details
+        )
diff --git a/dandiapi/api/services/publish/__init__.py b/dandiapi/api/services/publish/__init__.py
index a41ead487..9b4938a45 100644
--- a/dandiapi/api/services/publish/__init__.py
+++ b/dandiapi/api/services/publish/__init__.py
@@ -4,12 +4,13 @@
 from typing import TYPE_CHECKING
 
 from dandischema.metadata import aggregate_assets_summary, validate
+from django.contrib.auth.models import User
 from django.db import transaction
 from more_itertools import ichunked
 
 from dandiapi.api import doi
 from dandiapi.api.asset_paths import add_version_asset_paths
-from dandiapi.api.models import Asset, Dandiset, Version
+from dandiapi.api.models import Asset, AuditRecord, Dandiset, Version
 from dandiapi.api.services.exceptions import NotAllowedError
 from dandiapi.api.services.publish.exceptions import (
     DandisetAlreadyPublishedError,
@@ -22,7 +23,6 @@
 from dandiapi.api.tasks import write_manifest_files
 
 if TYPE_CHECKING:
-    from django.contrib.auth.models import User
     from django.db.models import QuerySet
 
 
@@ -103,7 +103,7 @@ def _build_publishable_version_from_draft(draft_version: Version) -> Version:
     return publishable_version
 
 
-def _publish_dandiset(dandiset_id: int) -> None:
+def _publish_dandiset(dandiset_id: int, user_id: int) -> None:
     """
     Publish a dandiset.
 
@@ -189,10 +189,16 @@ def _create_doi(version_id: int):
 
         transaction.on_commit(lambda: _create_doi(new_version.id))
 
+        user = User.objects.get(id=user_id)
+        audit_record = AuditRecord.publish_dandiset(
+            dandiset=new_version.dandiset, user=user, version=new_version.version
+        )
+        audit_record.save()
+
 
 def publish_dandiset(*, user: User, dandiset: Dandiset) -> None:
     from dandiapi.api.tasks import publish_dandiset_task
 
     with transaction.atomic():
         _lock_dandiset_for_publishing(user=user, dandiset=dandiset)
-        transaction.on_commit(lambda: publish_dandiset_task.delay(dandiset.id))
+        transaction.on_commit(lambda: publish_dandiset_task.delay(dandiset.id, user.id))
diff --git a/dandiapi/api/tasks/__init__.py b/dandiapi/api/tasks/__init__.py
index 817f73e99..31cecc310 100644
--- a/dandiapi/api/tasks/__init__.py
+++ b/dandiapi/api/tasks/__init__.py
@@ -78,7 +78,7 @@ def unembargo_dandiset_task(dandiset_id: int, user_id: int):
 
 
 @shared_task
-def publish_dandiset_task(dandiset_id: int):
+def publish_dandiset_task(dandiset_id: int, user_id: int):
     from dandiapi.api.services.publish import _publish_dandiset
 
-    _publish_dandiset(dandiset_id=dandiset_id)
+    _publish_dandiset(dandiset_id=dandiset_id, user_id=user_id)

From 01f1b85efe13f3b8418359addf3c067ed5e96710 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 6 Mar 2024 11:19:55 -0500
Subject: [PATCH 010/131] Generate delete_dandiset audit record

---
 dandiapi/api/models/audit.py               | 7 +++++++
 dandiapi/api/services/dandiset/__init__.py | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/dandiapi/api/models/audit.py b/dandiapi/api/models/audit.py
index 848cbfa0b..03f6d479b 100644
--- a/dandiapi/api/models/audit.py
+++ b/dandiapi/api/models/audit.py
@@ -25,6 +25,7 @@
     'finalize_zarr',
     'unembargo_dandiset',
     'publish_dandiset',
+    'delete_dandiset',
 ]
 AUDIT_RECORD_CHOICES = [(t, t) for t in get_args(AuditRecordType)]
 
@@ -189,3 +190,9 @@ def publish_dandiset(*, dandiset: Dandiset, user: User, version: str) -> AuditRe
         return AuditRecord.make_audit_record(
             dandiset=dandiset, user=user, record_type='publish_dandiset', details=details
         )
+
+    @staticmethod
+    def delete_dandiset(*, dandiset: Dandiset, user: User):
+        return AuditRecord.make_audit_record(
+            dandiset=dandiset, user=user, record_type='delete_dandiset', details={}
+        )
diff --git a/dandiapi/api/services/dandiset/__init__.py b/dandiapi/api/services/dandiset/__init__.py
index 9cc15d35d..3b28172ac 100644
--- a/dandiapi/api/services/dandiset/__init__.py
+++ b/dandiapi/api/services/dandiset/__init__.py
@@ -65,5 +65,10 @@ def delete_dandiset(*, user, dandiset: Dandiset) -> None:
     # Delete all versions first, so that AssetPath deletion is cascaded
     # through versions, rather than through zarrs directly
     with transaction.atomic():
+        # Record the audit event first so that the AuditRecord instance has a
+        # chance to grab the Dandiset information before it is destroyed.
+        audit_record = AuditRecord.delete_dandiset(dandiset=dandiset, user=user)
+        audit_record.save()
+
         dandiset.versions.all().delete()
         dandiset.delete()

From 52ff47ebcb752f3c605deec06c5179fe6838b8b2 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 6 Mar 2024 11:20:10 -0500
Subject: [PATCH 011/131] Add migration for AuditRecord

---
 dandiapi/api/migrations/0006_auditrecord.py | 51 +++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 dandiapi/api/migrations/0006_auditrecord.py

diff --git a/dandiapi/api/migrations/0006_auditrecord.py b/dandiapi/api/migrations/0006_auditrecord.py
new file mode 100644
index 000000000..4d64a0bff
--- /dev/null
+++ b/dandiapi/api/migrations/0006_auditrecord.py
@@ -0,0 +1,51 @@
+# Generated by Django 4.1.13 on 2024-03-06 15:39
+from __future__ import annotations
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('api', '0005_null_charfield'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AuditRecord',
+            fields=[
+                (
+                    'id',
+                    models.BigAutoField(
+                        auto_created=True, primary_key=True, serialize=False, verbose_name='ID'
+                    ),
+                ),
+                ('timestamp', models.DateTimeField(auto_now_add=True)),
+                ('dandiset_id', models.IntegerField()),
+                ('username', models.CharField(max_length=39)),
+                ('user_email', models.CharField(max_length=254)),
+                ('user_fullname', models.CharField(max_length=301)),
+                (
+                    'record_type',
+                    models.CharField(
+                        choices=[
+                            ('create_dandiset', 'create_dandiset'),
+                            ('change_owners', 'change_owners'),
+                            ('update_metadata', 'update_metadata'),
+                            ('add_asset', 'add_asset'),
+                            ('update_asset', 'update_asset'),
+                            ('remove_asset', 'remove_asset'),
+                            ('create_zarr', 'create_zarr'),
+                            ('upload_zarr', 'upload_zarr'),
+                            ('delete_zarr_chunks', 'delete_zarr_chunks'),
+                            ('finalize_zarr', 'finalize_zarr'),
+                            ('unembargo_dandiset', 'unembargo_dandiset'),
+                            ('publish_dandiset', 'publish_dandiset'),
+                            ('delete_dandiset', 'delete_dandiset'),
+                        ],
+                        max_length=32,
+                    ),
+                ),
+                ('details', models.JSONField(blank=True)),
+            ],
+        ),
+    ]

From 08b26c61b20810446e8067bdbed8fc14edad27bb Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 6 Mar 2024 14:27:13 -0500
Subject: [PATCH 012/131] Fix tests broken by signature changes

---
 dandiapi/api/tests/test_asset_paths.py | 6 ++++--
 dandiapi/api/tests/test_tasks.py       | 5 ++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/dandiapi/api/tests/test_asset_paths.py b/dandiapi/api/tests/test_asset_paths.py
index 3d8f5b1ff..92c5430e5 100644
--- a/dandiapi/api/tests/test_asset_paths.py
+++ b/dandiapi/api/tests/test_asset_paths.py
@@ -295,7 +295,7 @@ def test_asset_path_search_asset_paths(draft_version_factory, asset_factory):
 
 
 @pytest.mark.django_db()
-def test_asset_path_publish_version(draft_version_factory, asset_factory):
+def test_asset_path_publish_version(draft_version_factory, asset_factory, user_factory):
     version: Version = draft_version_factory()
     asset = asset_factory(path='foo/bar.txt', status=Asset.Status.VALID)
     version.assets.add(asset)
@@ -308,8 +308,10 @@ def test_asset_path_publish_version(draft_version_factory, asset_factory):
     version.status = Version.Status.PUBLISHING
     version.save()
 
+    user = user_factory()
+
     # Publish
-    publish_dandiset_task(version.dandiset.id)
+    publish_dandiset_task(version.dandiset.id, user.id)
 
     # Get published version
     published_version = (
diff --git a/dandiapi/api/tests/test_tasks.py b/dandiapi/api/tests/test_tasks.py
index bfffb13f0..e299486d7 100644
--- a/dandiapi/api/tests/test_tasks.py
+++ b/dandiapi/api/tests/test_tasks.py
@@ -305,6 +305,7 @@ def test_publish_task(
     draft_asset_factory,
     published_asset_factory,
     draft_version_factory,
+    user_factory,
     django_capture_on_commit_callbacks,
 ):
     # Create a draft_version in PUBLISHING state
@@ -323,8 +324,10 @@ def test_publish_task(
     # Ensure that the number of versions increases by 1 after publishing
     starting_version_count = draft_version.dandiset.versions.count()
 
+    user = user_factory()
+
     with django_capture_on_commit_callbacks(execute=True):
-        tasks.publish_dandiset_task(draft_version.dandiset.id)
+        tasks.publish_dandiset_task(draft_version.dandiset.id, user.id)
 
     assert draft_version.dandiset.versions.count() == starting_version_count + 1
 

From 2f563f9ac28eac9d52038e6138bdee46ae1e8a87 Mon Sep 17 00:00:00 2001
From: Ben Dichter <ben.dichter@gmail.com>
Date: Fri, 24 May 2024 14:09:09 -0400
Subject: [PATCH 013/131] add handbook to welcome email

---
 dandiapi/api/templates/api/mail/registered_message.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dandiapi/api/templates/api/mail/registered_message.txt b/dandiapi/api/templates/api/mail/registered_message.txt
index aa994d55e..b35668b89 100644
--- a/dandiapi/api/templates/api/mail/registered_message.txt
+++ b/dandiapi/api/templates/api/mail/registered_message.txt
@@ -14,6 +14,7 @@ registered with our Slack workspace.
 
 Please use the following links to post any questions or issues.
 
+DANDI Handbook: https://www.dandiarchive.org/handbook
 Discussions: https://github.com/dandi/helpdesk/discussions
 Issues: https://github.com/dandi/helpdesk/issues/new/choose
 YouTube: https://www.youtube.com/@dandiarchive

From d25837b6de1ba0c399ccabee5501ff0f6cda0551 Mon Sep 17 00:00:00 2001
From: Ben Dichter <ben.dichter@gmail.com>
Date: Fri, 24 May 2024 14:10:12 -0400
Subject: [PATCH 014/131] Update approved_user_message.txt

---
 dandiapi/api/templates/api/mail/approved_user_message.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dandiapi/api/templates/api/mail/approved_user_message.txt b/dandiapi/api/templates/api/mail/approved_user_message.txt
index 7b85297ee..4c1f73de4 100644
--- a/dandiapi/api/templates/api/mail/approved_user_message.txt
+++ b/dandiapi/api/templates/api/mail/approved_user_message.txt
@@ -6,6 +6,7 @@ to start creating dandisets and uploading data.
 
 Please use the following links to post any questions or issues.
 
+DANDI Handbook: https://www.dandiarchive.org/handbook
 Discussions: https://github.com/dandi/helpdesk/discussions
 Issues: https://github.com/dandi/helpdesk/issues/new/choose
 YouTube: https://www.youtube.com/@dandiarchive

From 0b346957702df2aa6cef1d96db00cf82baa93c76 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Fri, 24 May 2024 14:47:01 -0400
Subject: [PATCH 015/131] In 1.14.3 it became client_config and .config was
 announced deprecated, caused it to become None

and I believe that caused our tests to start failing etc
---
 dandiapi/api/storage.py | 2 +-
 setup.py                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dandiapi/api/storage.py b/dandiapi/api/storage.py
index dcaa517ea..0fa1e1a34 100644
--- a/dandiapi/api/storage.py
+++ b/dandiapi/api/storage.py
@@ -155,7 +155,7 @@ class TimeoutS3Storage(S3Storage):
     def __init__(self, **settings):
         super().__init__(**settings)
 
-        self.config = self.config.merge(
+        self.client_config = self.client_config.merge(
             Config(connect_timeout=5, read_timeout=5, retries={'max_attempts': 2})
         )
 
diff --git a/setup.py b/setup.py
index eeab69fe0..15738bcab 100644
--- a/setup.py
+++ b/setup.py
@@ -67,7 +67,7 @@
         # Production-only
         'django-composed-configuration[prod]>=0.23.0',
         'django-s3-file-field[s3]>=1.0.0',
-        'django-storages[s3]>=1.14.2',
+        'django-storages[s3]>=1.14.3',
         'gunicorn',
         # Development-only, but required
         'django-minio-storage',

From 68904eebba631e9e2a0046c8975b15ec07a4d960 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Tue, 28 May 2024 14:58:23 -0400
Subject: [PATCH 016/131] Use normal PageNumber pagination for listing
 endpoints

This retains the behavior of using a custom pagination class for the asset list endpoint
---
 dandiapi/api/tests/test_pagination.py | 86 ---------------------------
 dandiapi/api/views/asset.py           |  9 ++-
 dandiapi/api/views/pagination.py      | 31 ++++++----
 3 files changed, 24 insertions(+), 102 deletions(-)

diff --git a/dandiapi/api/tests/test_pagination.py b/dandiapi/api/tests/test_pagination.py
index bc890be81..2081fc03b 100644
--- a/dandiapi/api/tests/test_pagination.py
+++ b/dandiapi/api/tests/test_pagination.py
@@ -3,65 +3,6 @@
 import pytest
 
 
-@pytest.mark.django_db()
-def test_dandiset_pagination(api_client, dandiset_factory):
-    endpoint = '/api/dandisets/'
-    for _ in range(10):
-        dandiset_factory()
-
-    # First page
-    resp = api_client.get(endpoint, {'order': 'id', 'page_size': 5}).json()
-    assert resp['count'] == 10
-    assert resp['next'] is not None
-    page_one = resp['results']
-    assert len(page_one) == 5
-
-    # Second page
-    resp = api_client.get(endpoint, {'order': 'id', 'page_size': 5, 'page': 2}).json()
-    assert resp['count'] is None
-    assert resp['next'] is None
-    page_two = resp['results']
-    assert len(page_two) == 5
-
-    # Full page
-    resp = api_client.get(endpoint, {'order': 'id', 'page_size': 100}).json()
-    assert resp['count'] == 10
-    assert resp['next'] is None
-    full_page = resp['results']
-    assert len(full_page) == 10
-
-    # Assert full list is ordered the same as both paginated lists
-    assert full_page == page_one + page_two
-
-
-@pytest.mark.django_db()
-def test_version_pagination(api_client, dandiset, published_version_factory):
-    endpoint = f'/api/dandisets/{dandiset.identifier}/versions/'
-
-    for _ in range(10):
-        published_version_factory(dandiset=dandiset)
-
-    resp = api_client.get(endpoint, {'order': 'created', 'page_size': 5}).json()
-
-    assert resp['count'] == 10
-    page_one = resp['results']
-    assert len(page_one) == 5
-
-    resp = api_client.get(endpoint, {'order': 'created', 'page_size': 5, 'page': 2}).json()
-    assert resp['count'] is None
-    assert resp['next'] is None
-    page_two = resp['results']
-    assert len(page_two) == 5
-
-    resp = api_client.get(endpoint, {'order': 'created', 'page_size': 100}).json()
-    assert resp['count'] == 10
-    assert resp['next'] is None
-    full_page = resp['results']
-    assert len(full_page) == 10
-
-    assert full_page == page_one + page_two
-
-
 @pytest.mark.django_db()
 def test_asset_pagination(api_client, version, asset_factory):
     endpoint = f'/api/dandisets/{version.dandiset.identifier}/versions/{version.version}/assets/'
@@ -92,30 +33,3 @@ def test_asset_pagination(api_client, version, asset_factory):
 
     # Assert full list is ordered the same as both paginated lists
     assert full_page == page_one + page_two
-
-
-@pytest.mark.django_db()
-def test_zarr_pagination(api_client, zarr_archive_factory):
-    endpoint = '/api/zarr/'
-
-    for _ in range(10):
-        zarr_archive_factory()
-
-    resp = api_client.get(endpoint, {'page_size': 5}).json()
-    assert resp['count'] == 10
-    page_one = resp['results']
-    assert len(page_one) == 5
-
-    resp = api_client.get(endpoint, {'page_size': 5, 'page': 2}).json()
-    assert resp['count'] is None
-    assert resp['next'] is None
-    page_two = resp['results']
-    assert len(page_two) == 5
-
-    resp = api_client.get(endpoint, {'page_size': 100}).json()
-    assert resp['count'] == 10
-    assert resp['next'] is None
-    full_page = resp['results']
-    assert len(full_page) == 10
-
-    assert full_page == page_one + page_two
diff --git a/dandiapi/api/views/asset.py b/dandiapi/api/views/asset.py
index 4595b9ebd..4e86cf273 100644
--- a/dandiapi/api/views/asset.py
+++ b/dandiapi/api/views/asset.py
@@ -46,7 +46,7 @@
     VERSIONS_DANDISET_PK_PARAM,
     VERSIONS_VERSION_PARAM,
 )
-from dandiapi.api.views.pagination import DandiPagination
+from dandiapi.api.views.pagination import DandiPagination, LazyPagination
 from dandiapi.api.views.serializers import (
     AssetDetailSerializer,
     AssetDownloadQueryParameterSerializer,
@@ -431,7 +431,10 @@ def list(self, request, *args, **kwargs):
             asset_queryset = asset_queryset.filter(path__iregex=glob_pattern.replace('\\*', '.*'))
 
         # Retrieve just the first N asset IDs, and use them for pagination
-        page_of_asset_ids = self.paginate_queryset(asset_queryset.values_list('id', flat=True))
+        # Use custom pagination class to reduce unnecessary counts of assets
+        paginator = LazyPagination()
+        qs = asset_queryset.values_list('id', flat=True)
+        page_of_asset_ids = paginator.paginate_queryset(qs, request=self.request, view=self)
 
         # Not sure when the page is ever None, but this condition is checked for compatibility with
         # the original implementation: https://github.com/encode/django-rest-framework/blob/f4194c4684420ac86485d9610adf760064db381f/rest_framework/mixins.py#L37-L46
@@ -453,7 +456,7 @@ def list(self, request, *args, **kwargs):
 
         # Paginate and return
         serializer = self.get_serializer(queryset, many=True, metadata=include_metadata)
-        return self.get_paginated_response(serializer.data)
+        return paginator.get_paginated_response(serializer.data)
 
     @swagger_auto_schema(
         query_serializer=AssetPathsQueryParameterSerializer,
diff --git a/dandiapi/api/views/pagination.py b/dandiapi/api/views/pagination.py
index c48b76f72..d2efaffbe 100644
--- a/dandiapi/api/views/pagination.py
+++ b/dandiapi/api/views/pagination.py
@@ -1,12 +1,3 @@
-"""
-Implement an optimized pagination scheme.
-
-This module provides a custom pagination implementation, as the existing `PageNumberPagination`
-class returns a `count` field for every page returned. This can be very inefficient on large tables,
-and in reality, the count is only necessary on the first page of results. This module implements
-such a pagination scheme, only returning 'count' on the first page of results.
-"""
-
 from __future__ import annotations
 
 from collections import OrderedDict
@@ -17,6 +8,24 @@ class returns a `count` field for every page returned. This can be very ineffici
 from rest_framework.response import Response
 
 
+class DandiPagination(PageNumberPagination):
+    page_size = 100
+    max_page_size = 1000
+    page_size_query_param = 'page_size'
+
+    @cached_property
+    def page_size_query_description(self):
+        return f'{super().page_size_query_description[:-1]} (maximum {self.max_page_size}).'
+
+
+"""
+The below code provides a custom pagination implementation, as the existing `PageNumberPagination`
+class returns a `count` field for every page returned. This can be very inefficient on large tables,
+and in reality, the count is only necessary on the first page of results. This module implements
+such a pagination scheme, only returning 'count' on the first page of results.
+"""
+
+
 class LazyPage(Page):
     """
     A page class that doesn't call .count() on the queryset it's paging from.
@@ -96,7 +105,3 @@ def get_paginated_response(self, data) -> Response:
         )
 
         return Response(page_dict)
-
-
-# Alias
-DandiPagination = LazyPagination

From d862e6dd2a5f9909756395e19fa2c7348eda0ebd Mon Sep 17 00:00:00 2001
From: Mike VanDenburgh <37340715+mvandenburgh@users.noreply.github.com>
Date: Thu, 9 May 2024 12:56:27 -0400
Subject: [PATCH 017/131] Fix race condition in sha256 calculation task

---
 dandiapi/api/tasks/__init__.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/dandiapi/api/tasks/__init__.py b/dandiapi/api/tasks/__init__.py
index eb3a6ef99..b06a87b2c 100644
--- a/dandiapi/api/tasks/__init__.py
+++ b/dandiapi/api/tasks/__init__.py
@@ -32,8 +32,7 @@ def calculate_sha256(blob_id: str) -> None:
 
     # TODO: Run dandi-cli validation
 
-    asset_blob.sha256 = sha256
-    asset_blob.save()
+    AssetBlob.objects.filter(blob_id=blob_id).update(sha256=sha256)
 
 
 @shared_task(soft_time_limit=180)

From 268eabac01da5ad48c5e9c9895e882b41057bb8e Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Mon, 3 Jun 2024 17:17:54 -0400
Subject: [PATCH 018/131] Empty commit to cut a release


From 94185a031aa96c2f00f8e471c8759a360767c7be Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Mon, 3 Jun 2024 21:21:29 +0000
Subject: [PATCH 019/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c18591607..413e6f55a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,31 @@
+# v0.3.85 (Mon Jun 03 2024)
+
+:tada: This release contains work from a new contributor! :tada:
+
+Thank you, Ben Dichter ([@bendichter](https://github.com/bendichter)), for all your work!
+
+#### 🐛 Bug Fix
+
+- Empty PR to trigger a release [#1951](https://github.com/dandi/dandi-archive/pull/1951) ([@jjnesbitt](https://github.com/jjnesbitt))
+- Only use custom pagination class for asset list endpoint [#1947](https://github.com/dandi/dandi-archive/pull/1947) ([@jjnesbitt](https://github.com/jjnesbitt))
+- In 1.14.3 it became client_config and .config was announced deprecated [#1946](https://github.com/dandi/dandi-archive/pull/1946) ([@yarikoptic](https://github.com/yarikoptic))
+- neurosift external service for .nwb.lindi.json [#1922](https://github.com/dandi/dandi-archive/pull/1922) ([@magland](https://github.com/magland))
+- Fix documentation for server downtime message var [#1927](https://github.com/dandi/dandi-archive/pull/1927) ([@jjnesbitt](https://github.com/jjnesbitt))
+- Revert "Add `workflow_dispatch` trigger to staging deploy workflow" [#1930](https://github.com/dandi/dandi-archive/pull/1930) ([@jjnesbitt](https://github.com/jjnesbitt))
+
+#### 📝 Documentation
+
+- add handbook to welcome email [#1945](https://github.com/dandi/dandi-archive/pull/1945) ([@bendichter](https://github.com/bendichter))
+
+#### Authors: 4
+
+- Ben Dichter ([@bendichter](https://github.com/bendichter))
+- Jacob Nesbitt ([@jjnesbitt](https://github.com/jjnesbitt))
+- Jeremy Magland ([@magland](https://github.com/magland))
+- Yaroslav Halchenko ([@yarikoptic](https://github.com/yarikoptic))
+
+---
+
 # v0.3.84 (Mon Apr 29 2024)
 
 #### 🐛 Bug Fix

From c832cd799debd7bf2cfc26ff0fa9bec72d08af63 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Thu, 6 Jun 2024 16:24:29 -0400
Subject: [PATCH 020/131] Validate updates to access metadata

---
 dandiapi/api/models/dandiset.py           |  4 +
 dandiapi/api/models/version.py            | 24 ++++++
 dandiapi/api/services/embargo/__init__.py |  6 --
 dandiapi/api/services/version/metadata.py |  7 --
 dandiapi/api/tests/factories.py           |  9 +++
 dandiapi/api/tests/test_version.py        | 92 +++++++++++++++++++++++
 6 files changed, 129 insertions(+), 13 deletions(-)

diff --git a/dandiapi/api/models/dandiset.py b/dandiapi/api/models/dandiset.py
index 91267427b..595467dc7 100644
--- a/dandiapi/api/models/dandiset.py
+++ b/dandiapi/api/models/dandiset.py
@@ -58,6 +58,10 @@ def identifier(self) -> str:
         # Compare against None, to allow id 0
         return f'{self.id:06}' if self.id is not None else ''
 
+    @property
+    def embargoed(self) -> bool:
+        return self.embargo_status == self.EmbargoStatus.EMBARGOED
+
     @property
     def most_recent_published_version(self):
         return self.versions.exclude(version='draft').order_by('modified').last()
diff --git a/dandiapi/api/models/version.py b/dandiapi/api/models/version.py
index d52cba3be..6007e732a 100644
--- a/dandiapi/api/models/version.py
+++ b/dandiapi/api/models/version.py
@@ -3,6 +3,7 @@
 import datetime
 import logging
 
+from dandischema.models import AccessType
 from django.conf import settings
 from django.contrib.postgres.indexes import HashIndex
 from django.core.validators import RegexValidator
@@ -167,6 +168,28 @@ def strip_metadata(cls, metadata):
         ]
         return {key: metadata[key] for key in metadata if key not in computed_fields}
 
+    def _populate_access_metadata(self):
+        default_access = [{}]
+        access = self.metadata.get('access', default_access)
+
+        # Ensure access is a non-empty list
+        if not (isinstance(access, list) and access):
+            access = default_access
+
+        # Ensure that every item in access is a dict
+        access = [x for x in access if isinstance(x, dict)] or default_access
+
+        # Set first access item
+        access[0] = {
+            **access[0],
+            'schemaKey': 'AccessRequirements',
+            'status': AccessType.EmbargoedAccess.value
+            if self.dandiset.embargoed
+            else AccessType.OpenAccess.value,
+        }
+
+        return access
+
     def _populate_metadata(self):
         from dandiapi.api.manifests import manifest_location
 
@@ -187,6 +210,7 @@ def _populate_metadata(self):
                 f'{self.dandiset.identifier}/{self.version}'
             ),
             'dateCreated': self.dandiset.created.isoformat(),
+            'access': self._populate_access_metadata(),
         }
 
         if 'assetsSummary' not in metadata:
diff --git a/dandiapi/api/services/embargo/__init__.py b/dandiapi/api/services/embargo/__init__.py
index dd07e04da..bd022b762 100644
--- a/dandiapi/api/services/embargo/__init__.py
+++ b/dandiapi/api/services/embargo/__init__.py
@@ -48,12 +48,6 @@ def _unembargo_dandiset(dandiset: Dandiset):
     embargoed_assets: QuerySet[Asset] = draft_version.assets.filter(blob__embargoed=True)
     AssetBlob.objects.filter(assets__in=embargoed_assets).update(embargoed=False)
 
-    # Update draft version metadata
-    draft_version.metadata['access'] = [
-        {'schemaKey': 'AccessRequirements', 'status': 'dandi:OpenAccess'}
-    ]
-    draft_version.save()
-
     # Set access on dandiset
     dandiset.embargo_status = Dandiset.EmbargoStatus.OPEN
     dandiset.save()
diff --git a/dandiapi/api/services/version/metadata.py b/dandiapi/api/services/version/metadata.py
index bc04c8114..bd82bcc40 100644
--- a/dandiapi/api/services/version/metadata.py
+++ b/dandiapi/api/services/version/metadata.py
@@ -32,13 +32,6 @@ def _normalize_version_metadata(
                 'includeInCitation': True,
             },
         ],
-        # TODO: move this into dandischema
-        'access': [
-            {
-                'schemaKey': 'AccessRequirements',
-                'status': 'dandi:EmbargoedAccess' if embargo else 'dandi:OpenAccess',
-            }
-        ],
         **version_metadata,
     }
     # Run the version_metadata through the pydantic model to automatically include any boilerplate
diff --git a/dandiapi/api/tests/factories.py b/dandiapi/api/tests/factories.py
index a32573e6e..ac0998590 100644
--- a/dandiapi/api/tests/factories.py
+++ b/dandiapi/api/tests/factories.py
@@ -5,6 +5,7 @@
 
 from allauth.socialaccount.models import SocialAccount
 from dandischema.digests.dandietag import DandiETag
+from dandischema.models import AccessType
 from django.conf import settings
 from django.contrib.auth.models import User
 from django.core import files as django_files
@@ -95,6 +96,14 @@ def metadata(self):
             'schemaVersion': settings.DANDI_SCHEMA_VERSION,
             'schemaKey': 'Dandiset',
             'description': faker.Faker().sentence(),
+            'access': [
+                {
+                    'schemaKey': 'AccessRequirements',
+                    'status': AccessType.EmbargoedAccess.value
+                    if self.dandiset.embargoed
+                    else AccessType.OpenAccess.value,
+                }
+            ],
             'contributor': [
                 {
                     'name': f'{faker.Faker().last_name()}, {faker.Faker().first_name()}',
diff --git a/dandiapi/api/tests/test_version.py b/dandiapi/api/tests/test_version.py
index 9c530999d..2879de7c2 100644
--- a/dandiapi/api/tests/test_version.py
+++ b/dandiapi/api/tests/test_version.py
@@ -4,6 +4,7 @@
 from time import sleep
 from typing import TYPE_CHECKING
 
+from dandischema.models import AccessType
 from django.conf import settings
 from freezegun import freeze_time
 from guardian.shortcuts import assign_perm
@@ -84,6 +85,7 @@ def test_draft_version_metadata_computed(draft_version: Version):
         ),
         'repository': settings.DANDI_WEB_APP_URL,
         'dateCreated': draft_version.dandiset.created.isoformat(),
+        'access': [{'schemaKey': 'AccessRequirements', 'status': AccessType.OpenAccess.value}],
         '@context': f'https://raw.githubusercontent.com/dandi/schema/master/releases/{settings.DANDI_SCHEMA_VERSION}/context.json',
         'assetsSummary': {
             'numberOfBytes': 0,
@@ -127,6 +129,7 @@ def test_published_version_metadata_computed(published_version: Version):
         ),
         'repository': settings.DANDI_WEB_APP_URL,
         'dateCreated': published_version.dandiset.created.isoformat(),
+        'access': [{'schemaKey': 'AccessRequirements', 'status': AccessType.OpenAccess.value}],
         '@context': f'https://raw.githubusercontent.com/dandi/schema/master/releases/{settings.DANDI_SCHEMA_VERSION}/context.json',
         'assetsSummary': {
             'numberOfBytes': 0,
@@ -556,6 +559,7 @@ def test_version_rest_update(api_client, user, draft_version):
         'url': url,
         'repository': settings.DANDI_WEB_APP_URL,
         'dateCreated': UTC_ISO_TIMESTAMP_RE,
+        'access': [{'schemaKey': 'AccessRequirements', 'status': AccessType.OpenAccess.value}],
         'citation': f'{new_name} ({year}). (Version draft) [Data set]. DANDI archive. {url}',
         'assetsSummary': {
             'numberOfBytes': 0,
@@ -635,6 +639,94 @@ def test_version_rest_update_not_an_owner(api_client, user, version):
     )
 
 
+@pytest.mark.parametrize(
+    ('access'),
+    [
+        'some value',
+        123,
+        None,
+        [],
+        ['a', 'b'],
+        ['a', 'b', {}],
+        [{'schemaKey': 'AccessRequirements', 'status': 'foobar'}],
+    ],
+)
+@pytest.mark.django_db()
+def test_version_rest_update_access_values(api_client, user, draft_version, access):
+    assign_perm('owner', user, draft_version.dandiset)
+    api_client.force_authenticate(user=user)
+
+    new_metadata = {**draft_version.metadata, 'access': access}
+    resp = api_client.put(
+        f'/api/dandisets/{draft_version.dandiset.identifier}/versions/{draft_version.version}/',
+        {'metadata': new_metadata, 'name': draft_version.name},
+        format='json',
+    )
+    assert resp.status_code == 200
+    draft_version.refresh_from_db()
+
+    access = draft_version.metadata['access']
+    assert access != new_metadata['access']
+    assert access[0]['schemaKey'] == 'AccessRequirements'
+    assert (
+        access[0]['status'] == AccessType.EmbargoedAccess.value
+        if draft_version.dandiset.embargoed
+        else AccessType.OpenAccess.value
+    )
+
+
+@pytest.mark.django_db()
+def test_version_rest_update_access_missing(api_client, user, draft_version):
+    assign_perm('owner', user, draft_version.dandiset)
+    api_client.force_authenticate(user=user)
+
+    # Check that the field missing entirely is also okay
+    new_metadata = {**draft_version.metadata}
+    new_metadata.pop('access', None)
+
+    resp = api_client.put(
+        f'/api/dandisets/{draft_version.dandiset.identifier}/versions/{draft_version.version}/',
+        {'metadata': new_metadata, 'name': draft_version.name},
+        format='json',
+    )
+    assert resp.status_code == 200
+    draft_version.refresh_from_db()
+    assert 'access' in draft_version.metadata
+    access = draft_version.metadata['access']
+    assert access[0]['schemaKey'] == 'AccessRequirements'
+    assert (
+        access[0]['status'] == AccessType.EmbargoedAccess.value
+        if draft_version.dandiset.embargoed
+        else AccessType.OpenAccess.value
+    )
+
+
+@pytest.mark.django_db()
+def test_version_rest_update_access_valid(api_client, user, draft_version):
+    assign_perm('owner', user, draft_version.dandiset)
+    api_client.force_authenticate(user=user)
+
+    # Check that extra fields persist
+    new_metadata = {**draft_version.metadata, 'access': [{'extra': 'field'}]}
+    resp = api_client.put(
+        f'/api/dandisets/{draft_version.dandiset.identifier}/versions/{draft_version.version}/',
+        {'metadata': new_metadata, 'name': draft_version.name},
+        format='json',
+    )
+    assert resp.status_code == 200
+    draft_version.refresh_from_db()
+    access = draft_version.metadata['access']
+    assert access != new_metadata['access']
+    assert access[0]['schemaKey'] == 'AccessRequirements'
+    assert (
+        access[0]['status'] == AccessType.EmbargoedAccess.value
+        if draft_version.dandiset.embargoed
+        else AccessType.OpenAccess.value
+    )
+
+    assert access[0]['extra'] == 'field'
+
+
 @pytest.mark.django_db()
 def test_version_rest_publish(
     api_client: APIClient,

From bb0c841881afc804e77a988d1af02569d7d3e7ca Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Fri, 14 Jun 2024 13:45:25 -0400
Subject: [PATCH 021/131] Add DandisetUnEmbargoInProgressError

---
 dandiapi/api/services/dandiset/exceptions.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/dandiapi/api/services/dandiset/exceptions.py b/dandiapi/api/services/dandiset/exceptions.py
index a71088c1b..00e2d9828 100644
--- a/dandiapi/api/services/dandiset/exceptions.py
+++ b/dandiapi/api/services/dandiset/exceptions.py
@@ -14,3 +14,8 @@ class UnauthorizedEmbargoAccessError(DandiError):
     message = (
         'Authentication credentials must be provided when attempting to access embargoed dandisets'
     )
+
+
+class DandisetUnEmbargoInProgressError(DandiError):
+    http_status_code = status.HTTP_400_BAD_REQUEST
+    message = 'Dandiset modification not allowed during un-embargo'

From b4f94cac2a4ba45450f7caf81e0ee730a8198e85 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Fri, 14 Jun 2024 13:47:27 -0400
Subject: [PATCH 022/131] Prohibit dandiset modification during un-embargo

---
 dandiapi/api/services/dandiset/__init__.py |  7 ++-
 dandiapi/api/tests/test_dandiset.py        | 65 +++++++++++++++++++---
 dandiapi/api/views/dandiset.py             |  8 ++-
 3 files changed, 69 insertions(+), 11 deletions(-)

diff --git a/dandiapi/api/services/dandiset/__init__.py b/dandiapi/api/services/dandiset/__init__.py
index 0cf80d82c..050428375 100644
--- a/dandiapi/api/services/dandiset/__init__.py
+++ b/dandiapi/api/services/dandiset/__init__.py
@@ -4,7 +4,10 @@
 
 from dandiapi.api.models.dandiset import Dandiset
 from dandiapi.api.models.version import Version
-from dandiapi.api.services.dandiset.exceptions import DandisetAlreadyExistsError
+from dandiapi.api.services.dandiset.exceptions import (
+    DandisetAlreadyExistsError,
+    DandisetUnEmbargoInProgressError,
+)
 from dandiapi.api.services.exceptions import AdminOnlyOperationError, NotAllowedError
 from dandiapi.api.services.version.metadata import _normalize_version_metadata
 
@@ -55,6 +58,8 @@ def delete_dandiset(*, user, dandiset: Dandiset) -> None:
         raise NotAllowedError('Cannot delete dandisets with published versions.')
     if dandiset.versions.filter(status=Version.Status.PUBLISHING).exists():
         raise NotAllowedError('Cannot delete dandisets that are currently being published.')
+    if dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
+        raise DandisetUnEmbargoInProgressError
 
     # Delete all versions first, so that AssetPath deletion is cascaded
     # through versions, rather than through zarrs directly
diff --git a/dandiapi/api/tests/test_dandiset.py b/dandiapi/api/tests/test_dandiset.py
index 34e656d2d..18cc1adb1 100644
--- a/dandiapi/api/tests/test_dandiset.py
+++ b/dandiapi/api/tests/test_dandiset.py
@@ -734,22 +734,32 @@ def test_dandiset_rest_create_with_invalid_identifier(api_client, admin_user):
     assert response.data == f'Invalid Identifier {identifier}'
 
 
-@pytest.mark.parametrize(
-    ('embargo_status'),
-    [choice[0] for choice in Dandiset.EmbargoStatus.choices],
-    ids=[choice[1] for choice in Dandiset.EmbargoStatus.choices],
-)
 @pytest.mark.django_db()
-def test_dandiset_rest_delete(api_client, draft_version_factory, user, embargo_status):
-    draft_version = draft_version_factory(dandiset__embargo_status=embargo_status)
+def test_dandiset_rest_delete(api_client, draft_version_factory, user):
     api_client.force_authenticate(user=user)
-    assign_perm('owner', user, draft_version.dandiset)
 
+    # Ensure that open or embargoed dandisets can be deleted
+    draft_version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.OPEN)
+    assign_perm('owner', user, draft_version.dandiset)
     response = api_client.delete(f'/api/dandisets/{draft_version.dandiset.identifier}/')
     assert response.status_code == 204
+    assert not Dandiset.objects.all()
 
+    draft_version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
+    assign_perm('owner', user, draft_version.dandiset)
+    response = api_client.delete(f'/api/dandisets/{draft_version.dandiset.identifier}/')
+    assert response.status_code == 204
     assert not Dandiset.objects.all()
 
+    # Ensure that currently un-embargoing dandisets can't be deleted
+    draft_version = draft_version_factory(
+        dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
+    )
+    assign_perm('owner', user, draft_version.dandiset)
+    response = api_client.delete(f'/api/dandisets/{draft_version.dandiset.identifier}/')
+    assert response.status_code == 400
+    assert Dandiset.objects.count() == 1
+
 
 @pytest.mark.django_db()
 def test_dandiset_rest_delete_with_zarrs(
@@ -831,14 +841,20 @@ def test_dandiset_rest_get_owners_no_social_account(api_client, dandiset, user):
     assert resp.data == [{'username': user.username, 'name': f'{user.first_name} {user.last_name}'}]
 
 
+@pytest.mark.parametrize(
+    'embargo_status',
+    [Dandiset.EmbargoStatus.OPEN, Dandiset.EmbargoStatus.EMBARGOED],
+)
 @pytest.mark.django_db()
 def test_dandiset_rest_change_owner(
     api_client,
-    draft_version,
+    draft_version_factory,
     user_factory,
     social_account_factory,
     mailoutbox,
+    embargo_status,
 ):
+    draft_version = draft_version_factory(dandiset__embargo_status=embargo_status)
     dandiset = draft_version.dandiset
     user1 = user_factory()
     user2 = user_factory()
@@ -868,6 +884,37 @@ def test_dandiset_rest_change_owner(
     assert mailoutbox[1].to == [user2.email]
 
 
+@pytest.mark.django_db()
+def test_dandiset_rest_change_owners_unembargoing(
+    api_client,
+    draft_version_factory,
+    user_factory,
+    social_account_factory,
+):
+    """Test that un-embargoing a dandiset prevents user modification."""
+    draft_version = draft_version_factory(
+        dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
+    )
+    dandiset = draft_version.dandiset
+    user1 = user_factory()
+    user2 = user_factory()
+    social_account1 = social_account_factory(user=user1)
+    social_account2 = social_account_factory(user=user2)
+    assign_perm('owner', user1, dandiset)
+    api_client.force_authenticate(user=user1)
+
+    resp = api_client.put(
+        f'/api/dandisets/{dandiset.identifier}/users/',
+        [
+            {'username': social_account1.extra_data['login']},
+            {'username': social_account2.extra_data['login']},
+        ],
+        format='json',
+    )
+
+    assert resp.status_code == 400
+
+
 @pytest.mark.django_db()
 def test_dandiset_rest_add_owner(
     api_client,
diff --git a/dandiapi/api/views/dandiset.py b/dandiapi/api/views/dandiset.py
index 93bcef604..5cce647d5 100644
--- a/dandiapi/api/views/dandiset.py
+++ b/dandiapi/api/views/dandiset.py
@@ -25,7 +25,10 @@
 from dandiapi.api.mail import send_ownership_change_emails
 from dandiapi.api.models import Dandiset, Version
 from dandiapi.api.services.dandiset import create_dandiset, delete_dandiset
-from dandiapi.api.services.dandiset.exceptions import UnauthorizedEmbargoAccessError
+from dandiapi.api.services.dandiset.exceptions import (
+    DandisetUnEmbargoInProgressError,
+    UnauthorizedEmbargoAccessError,
+)
 from dandiapi.api.services.embargo import unembargo_dandiset
 from dandiapi.api.views.common import DANDISET_PK_PARAM
 from dandiapi.api.views.pagination import DandiPagination
@@ -374,6 +377,9 @@ def unembargo(self, request, dandiset__pk):
     def users(self, request, dandiset__pk):
         dandiset: Dandiset = self.get_object()
         if request.method == 'PUT':
+            if dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
+                raise DandisetUnEmbargoInProgressError
+
             # Verify that the user is currently an owner
             response = get_40x_or_None(request, ['owner'], dandiset, return_403=True)
             if response:

From bc41f887f59ad4e25bd951df056902445792454c Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Fri, 14 Jun 2024 14:03:42 -0400
Subject: [PATCH 023/131] Prohibit asset modification during un-embargo

---
 dandiapi/api/tests/test_asset.py | 75 ++++++++++++++++++++++++++++++++
 dandiapi/api/views/asset.py      | 14 ++++--
 2 files changed, 86 insertions(+), 3 deletions(-)

diff --git a/dandiapi/api/tests/test_asset.py b/dandiapi/api/tests/test_asset.py
index ea70ad969..1da6a32c3 100644
--- a/dandiapi/api/tests/test_asset.py
+++ b/dandiapi/api/tests/test_asset.py
@@ -636,6 +636,35 @@ def test_asset_create_embargo(
     assert draft_version.status == Version.Status.PENDING
 
 
+@pytest.mark.django_db()
+def test_asset_create_unembargoing(
+    api_client, user, draft_version_factory, dandiset_factory, embargoed_asset_blob
+):
+    dandiset = dandiset_factory(embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING)
+    draft_version = draft_version_factory(dandiset=dandiset)
+
+    assign_perm('owner', user, draft_version.dandiset)
+    api_client.force_authenticate(user=user)
+
+    path = 'test/create/asset.txt'
+    metadata = {
+        'encodingFormat': 'application/x-nwb',
+        'path': path,
+        'meta': 'data',
+        'foo': ['bar', 'baz'],
+        '1': 2,
+    }
+
+    resp = api_client.post(
+        f'/api/dandisets/{draft_version.dandiset.identifier}'
+        f'/versions/{draft_version.version}/assets/',
+        {'metadata': metadata, 'blob_id': embargoed_asset_blob.blob_id},
+        format='json',
+    )
+
+    assert resp.status_code == 400
+
+
 @pytest.mark.django_db()
 def test_asset_create_embargoed_asset_blob_open_dandiset(
     api_client, user, draft_version, embargoed_asset_blob, mocker
@@ -1092,6 +1121,35 @@ def test_asset_rest_update_embargo(api_client, user, draft_version, asset, embar
     assert draft_version.status == Version.Status.PENDING
 
 
+@pytest.mark.django_db()
+def test_asset_rest_update_unembargoing(
+    api_client, user, draft_version_factory, asset, embargoed_asset_blob
+):
+    draft_version = draft_version_factory(
+        dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
+    )
+    assign_perm('owner', user, draft_version.dandiset)
+    api_client.force_authenticate(user=user)
+    draft_version.assets.add(asset)
+
+    new_path = 'test/asset/rest/update.txt'
+    new_metadata = {
+        'encodingFormat': 'application/x-nwb',
+        'path': new_path,
+        'foo': 'bar',
+        'num': 123,
+        'list': ['a', 'b', 'c'],
+    }
+
+    resp = api_client.put(
+        f'/api/dandisets/{draft_version.dandiset.identifier}/'
+        f'versions/{draft_version.version}/assets/{asset.asset_id}/',
+        {'metadata': new_metadata, 'blob_id': embargoed_asset_blob.blob_id},
+        format='json',
+    )
+    assert resp.status_code == 400
+
+
 @pytest.mark.django_db()
 def test_asset_rest_update_zarr(
     api_client,
@@ -1266,6 +1324,23 @@ def test_asset_rest_delete(api_client, user, draft_version, asset):
     assert draft_version.status == Version.Status.PENDING
 
 
+@pytest.mark.django_db()
+def test_asset_rest_delete_unembargoing(api_client, user, draft_version_factory, asset):
+    draft_version = draft_version_factory(
+        dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
+    )
+    assign_perm('owner', user, draft_version.dandiset)
+    draft_version.assets.add(asset)
+
+    # Make request
+    api_client.force_authenticate(user=user)
+    response = api_client.delete(
+        f'/api/dandisets/{draft_version.dandiset.identifier}/'
+        f'versions/{draft_version.version}/assets/{asset.asset_id}/'
+    )
+    assert response.status_code == 400
+
+
 @pytest.mark.django_db()
 def test_asset_rest_delete_zarr(
     api_client,
diff --git a/dandiapi/api/views/asset.py b/dandiapi/api/views/asset.py
index 4e86cf273..23d91acf5 100644
--- a/dandiapi/api/views/asset.py
+++ b/dandiapi/api/views/asset.py
@@ -9,6 +9,7 @@
     remove_asset_from_version,
 )
 from dandiapi.api.services.asset.exceptions import DraftDandisetNotModifiableError
+from dandiapi.api.services.dandiset.exceptions import DandisetUnEmbargoInProgressError
 from dandiapi.zarr.models import ZarrArchive
 
 try:
@@ -318,11 +319,14 @@ def validation(self, request, **kwargs):
     )
     def create(self, request, versions__dandiset__pk, versions__version):
         version: Version = get_object_or_404(
-            Version,
+            Version.objects.select_related('dandiset'),
             dandiset=versions__dandiset__pk,
             version=versions__version,
         )
 
+        if version.dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
+            raise DandisetUnEmbargoInProgressError
+
         serializer = AssetRequestSerializer(data=self.request.data)
         serializer.is_valid(raise_exception=True)
 
@@ -351,12 +355,14 @@ def create(self, request, versions__dandiset__pk, versions__version):
     def update(self, request, versions__dandiset__pk, versions__version, **kwargs):
         """Update the metadata of an asset."""
         version: Version = get_object_or_404(
-            Version,
+            Version.objects.select_related('dandiset'),
             dandiset__pk=versions__dandiset__pk,
             version=versions__version,
         )
         if version.version != 'draft':
             raise DraftDandisetNotModifiableError
+        if version.dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
+            raise DandisetUnEmbargoInProgressError
 
         serializer = AssetRequestSerializer(data=self.request.data)
         serializer.is_valid(raise_exception=True)
@@ -389,10 +395,12 @@ def update(self, request, versions__dandiset__pk, versions__version, **kwargs):
     )
     def destroy(self, request, versions__dandiset__pk, versions__version, **kwargs):
         version = get_object_or_404(
-            Version,
+            Version.objects.select_related('dandiset'),
             dandiset__pk=versions__dandiset__pk,
             version=versions__version,
         )
+        if version.dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
+            raise DandisetUnEmbargoInProgressError
 
         # Lock asset for delete
         with transaction.atomic():

From acc1373a4927b5233821adfe4481a83920f25788 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Fri, 14 Jun 2024 14:38:52 -0400
Subject: [PATCH 024/131] Handle embargo status check explicitly during publish

---
 dandiapi/api/services/publish/__init__.py |  9 ++++---
 dandiapi/api/tests/test_version.py        | 31 +++++++++++++++++++++++
 2 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/dandiapi/api/services/publish/__init__.py b/dandiapi/api/services/publish/__init__.py
index a41ead487..10ea61f41 100644
--- a/dandiapi/api/services/publish/__init__.py
+++ b/dandiapi/api/services/publish/__init__.py
@@ -48,11 +48,12 @@ def _lock_dandiset_for_publishing(*, user: User, dandiset: Dandiset) -> None:
 
     This function MUST be called before _publish_dandiset is called.
     """
-    if (
-        not user.has_perm('owner', dandiset)
-        or dandiset.embargo_status != Dandiset.EmbargoStatus.OPEN
-    ):
+    if not user.has_perm('owner', dandiset):
         raise NotAllowedError
+
+    if dandiset.embargo_status != Dandiset.EmbargoStatus.OPEN:
+        raise NotAllowedError('Operation only allowed on OPEN dandisets', 400)
+
     if dandiset.zarr_archives.exists() or dandiset.embargoed_zarr_archives.exists():
         raise NotAllowedError('Cannot publish dandisets which contain zarrs', 400)
 
diff --git a/dandiapi/api/tests/test_version.py b/dandiapi/api/tests/test_version.py
index 9c530999d..144869aae 100644
--- a/dandiapi/api/tests/test_version.py
+++ b/dandiapi/api/tests/test_version.py
@@ -9,6 +9,7 @@
 from guardian.shortcuts import assign_perm
 import pytest
 
+from dandiapi.api.models.dandiset import Dandiset
 from dandiapi.api.services.metadata import version_aggregate_assets_summary
 from dandiapi.api.services.metadata.exceptions import VersionMetadataConcurrentlyModifiedError
 
@@ -669,6 +670,36 @@ def test_version_rest_publish(
     assert draft_version.status == Version.Status.PUBLISHING
 
 
+@pytest.mark.django_db()
+def test_version_rest_publish_embargo(api_client: APIClient, user: User, draft_version_factory):
+    draft_version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
+    assign_perm('owner', user, draft_version.dandiset)
+    api_client.force_authenticate(user=user)
+
+    resp = api_client.post(
+        f'/api/dandisets/{draft_version.dandiset.identifier}'
+        f'/versions/{draft_version.version}/publish/'
+    )
+    assert resp.status_code == 400
+
+
+@pytest.mark.django_db()
+def test_version_rest_publish_unembargoing(
+    api_client: APIClient, user: User, draft_version_factory
+):
+    draft_version = draft_version_factory(
+        dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
+    )
+    assign_perm('owner', user, draft_version.dandiset)
+    api_client.force_authenticate(user=user)
+
+    resp = api_client.post(
+        f'/api/dandisets/{draft_version.dandiset.identifier}'
+        f'/versions/{draft_version.version}/publish/'
+    )
+    assert resp.status_code == 400
+
+
 @pytest.mark.django_db()
 def test_version_rest_publish_zarr(
     api_client,

From 637830dab3ef4f7a8ae2d40d5b1fd48c4230e085 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Fri, 14 Jun 2024 14:39:40 -0400
Subject: [PATCH 025/131] Prohibit version update during un-embargo

---
 dandiapi/api/tests/test_version.py | 26 ++++++++++++++++++++++++++
 dandiapi/api/views/version.py      |  3 +++
 2 files changed, 29 insertions(+)

diff --git a/dandiapi/api/tests/test_version.py b/dandiapi/api/tests/test_version.py
index 144869aae..74e170e99 100644
--- a/dandiapi/api/tests/test_version.py
+++ b/dandiapi/api/tests/test_version.py
@@ -601,6 +601,32 @@ def test_version_rest_update(api_client, user, draft_version):
     assert draft_version.status == Version.Status.PENDING
 
 
+@pytest.mark.django_db()
+def test_version_rest_update_unembargoing(api_client, user, draft_version_factory):
+    draft_version = draft_version_factory(
+        dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
+    )
+    assign_perm('owner', user, draft_version.dandiset)
+    api_client.force_authenticate(user=user)
+
+    new_name = 'A unique and special name!'
+    new_metadata = {
+        '@context': (
+            'https://raw.githubusercontent.com/dandi/schema/master/releases/'
+            f'{settings.DANDI_SCHEMA_VERSION}/context.json'
+        ),
+        'schemaVersion': settings.DANDI_SCHEMA_VERSION,
+        'num': 123,
+    }
+
+    resp = api_client.put(
+        f'/api/dandisets/{draft_version.dandiset.identifier}/versions/{draft_version.version}/',
+        {'metadata': new_metadata, 'name': new_name},
+        format='json',
+    )
+    assert resp.status_code == 400
+
+
 @pytest.mark.django_db()
 def test_version_rest_update_published_version(api_client, user, published_version):
     assign_perm('owner', user, published_version.dandiset)
diff --git a/dandiapi/api/views/version.py b/dandiapi/api/views/version.py
index 2cfc3335a..17dd3a9b6 100644
--- a/dandiapi/api/views/version.py
+++ b/dandiapi/api/views/version.py
@@ -14,6 +14,7 @@
 from rest_framework_extensions.mixins import DetailSerializerMixin, NestedViewSetMixin
 
 from dandiapi.api.models import Dandiset, Version
+from dandiapi.api.services.dandiset.exceptions import DandisetUnEmbargoInProgressError
 from dandiapi.api.services.publish import publish_dandiset
 from dandiapi.api.tasks import delete_doi_task
 from dandiapi.api.views.common import DANDISET_PK_PARAM, VERSION_PARAM
@@ -94,6 +95,8 @@ def update(self, request, **kwargs):
                 'Only draft versions can be modified.',
                 status=status.HTTP_405_METHOD_NOT_ALLOWED,
             )
+        if version.dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
+            raise DandisetUnEmbargoInProgressError
 
         serializer = VersionMetadataSerializer(data=request.data)
         serializer.is_valid(raise_exception=True)

From c5083ff8f42654b48c8e3798647beff4b334c188 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Fri, 14 Jun 2024 16:25:00 -0400
Subject: [PATCH 026/131] Add linter ignores

---
 dandiapi/api/services/publish/__init__.py | 2 +-
 dandiapi/api/views/dandiset.py            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dandiapi/api/services/publish/__init__.py b/dandiapi/api/services/publish/__init__.py
index 10ea61f41..406ab01f6 100644
--- a/dandiapi/api/services/publish/__init__.py
+++ b/dandiapi/api/services/publish/__init__.py
@@ -42,7 +42,7 @@ def publish_asset(*, asset: Asset) -> None:
         locked_asset.save()
 
 
-def _lock_dandiset_for_publishing(*, user: User, dandiset: Dandiset) -> None:
+def _lock_dandiset_for_publishing(*, user: User, dandiset: Dandiset) -> None:  # noqa: C901
     """
     Prepare a dandiset to be published by locking it and setting its status to PUBLISHING.
 
diff --git a/dandiapi/api/views/dandiset.py b/dandiapi/api/views/dandiset.py
index 5cce647d5..46bec9572 100644
--- a/dandiapi/api/views/dandiset.py
+++ b/dandiapi/api/views/dandiset.py
@@ -374,7 +374,7 @@ def unembargo(self, request, dandiset__pk):
     )
     # TODO: move these into a viewset
     @action(methods=['GET', 'PUT'], detail=True)
-    def users(self, request, dandiset__pk):
+    def users(self, request, dandiset__pk):  # noqa: C901
         dandiset: Dandiset = self.get_object()
         if request.method == 'PUT':
             if dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:

From ef7c5308a40576261ec6f3319b0e15dd248b2c24 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Mon, 17 Jun 2024 11:28:37 -0400
Subject: [PATCH 027/131] Prohibit uploads to dandiset during un-embargo

---
 dandiapi/api/tests/test_upload.py | 19 +++++++++++++++++++
 dandiapi/api/views/upload.py      |  5 +++++
 2 files changed, 24 insertions(+)

diff --git a/dandiapi/api/tests/test_upload.py b/dandiapi/api/tests/test_upload.py
index e8a7493f8..133c2ff7a 100644
--- a/dandiapi/api/tests/test_upload.py
+++ b/dandiapi/api/tests/test_upload.py
@@ -109,6 +109,25 @@ def test_upload_initialize(api_client, user, dandiset_factory, embargoed):
     assert upload.blob.name == f'test-prefix/blobs/{upload_id[:3]}/{upload_id[3:6]}/{upload_id}'
 
 
+@pytest.mark.django_db()
+def test_upload_initialize_unembargoing(api_client, user, dandiset_factory):
+    dandiset = dandiset_factory(embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING)
+    api_client.force_authenticate(user=user)
+    assign_perm('owner', user, dandiset)
+
+    content_size = 123
+    resp = api_client.post(
+        '/api/uploads/initialize/',
+        {
+            'contentSize': content_size,
+            'digest': {'algorithm': 'dandi:dandi-etag', 'value': 'f' * 32 + '-1'},
+            'dandiset': dandiset.identifier,
+        },
+        format='json',
+    )
+    assert resp.status_code == 400
+
+
 @pytest.mark.django_db()
 def test_upload_initialize_existing_asset_blob(api_client, user, dandiset, asset_blob):
     api_client.force_authenticate(user=user)
diff --git a/dandiapi/api/views/upload.py b/dandiapi/api/views/upload.py
index 178d9ea16..c9efdac68 100644
--- a/dandiapi/api/views/upload.py
+++ b/dandiapi/api/views/upload.py
@@ -17,6 +17,7 @@
 
 from dandiapi.api.models import AssetBlob, Dandiset, Upload
 from dandiapi.api.permissions import IsApproved
+from dandiapi.api.services.dandiset.exceptions import DandisetUnEmbargoInProgressError
 from dandiapi.api.tasks import calculate_sha256
 from dandiapi.api.views.serializers import AssetBlobSerializer
 
@@ -135,6 +136,10 @@ def upload_initialize_view(request: Request) -> HttpResponseBase:
     if response:
         return response
 
+    # Ensure dandiset not in the process of un-embargo
+    if dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
+        raise DandisetUnEmbargoInProgressError
+
     logging.info(
         'Starting upload initialization of size %s, ETag %s to dandiset %s',
         content_size,

From b7896457e117d1b31604c431721a04ed45db16b2 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Mon, 17 Jun 2024 11:39:01 -0400
Subject: [PATCH 028/131] Prohibit un-embargo if dandiset has active uploads

---
 dandiapi/api/services/embargo/__init__.py   |  9 ++++++++-
 dandiapi/api/services/embargo/exceptions.py |  5 +++++
 dandiapi/api/tests/test_unembargo.py        | 15 +++++++++++++++
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/dandiapi/api/services/embargo/__init__.py b/dandiapi/api/services/embargo/__init__.py
index dd07e04da..954f96098 100644
--- a/dandiapi/api/services/embargo/__init__.py
+++ b/dandiapi/api/services/embargo/__init__.py
@@ -12,7 +12,11 @@
 from dandiapi.api.services.asset.exceptions import DandisetOwnerRequiredError
 from dandiapi.api.storage import get_boto_client
 
-from .exceptions import AssetBlobEmbargoedError, DandisetNotEmbargoedError
+from .exceptions import (
+    AssetBlobEmbargoedError,
+    DandisetActiveUploadsError,
+    DandisetNotEmbargoedError,
+)
 
 if TYPE_CHECKING:
     from django.contrib.auth.models import User
@@ -75,6 +79,9 @@ def unembargo_dandiset(*, user: User, dandiset: Dandiset):
     if not user.has_perm('owner', dandiset):
         raise DandisetOwnerRequiredError
 
+    if dandiset.uploads.count():
+        raise DandisetActiveUploadsError
+
     # A scheduled task will pick up any new dandisets with this status and email the admins to
     # initiate the un-embargo process
     dandiset.embargo_status = Dandiset.EmbargoStatus.UNEMBARGOING
diff --git a/dandiapi/api/services/embargo/exceptions.py b/dandiapi/api/services/embargo/exceptions.py
index b9d58aa2f..c4db7ad72 100644
--- a/dandiapi/api/services/embargo/exceptions.py
+++ b/dandiapi/api/services/embargo/exceptions.py
@@ -13,3 +13,8 @@ class AssetBlobEmbargoedError(DandiError):
 class DandisetNotEmbargoedError(DandiError):
     http_status_code = status.HTTP_400_BAD_REQUEST
     message = 'Dandiset not embargoed'
+
+
+class DandisetActiveUploadsError(DandiError):
+    http_status_code = status.HTTP_400_BAD_REQUEST
+    message = 'Dandiset un-embargo not allowed with active uploads'
diff --git a/dandiapi/api/tests/test_unembargo.py b/dandiapi/api/tests/test_unembargo.py
index ac41a6c41..dae007551 100644
--- a/dandiapi/api/tests/test_unembargo.py
+++ b/dandiapi/api/tests/test_unembargo.py
@@ -39,3 +39,18 @@ def test_unembargo_dandiset_sends_emails(
     assert 'un-embargo' in mailoutbox[0].subject
     assert dandiset.identifier in mailoutbox[0].message().get_payload()
     assert user.username in mailoutbox[0].message().get_payload()
+
+
+@pytest.mark.django_db()
+def test_unembargo_dandiset_lingering_uploads(
+    api_client, user, dandiset_factory, draft_version_factory, upload_factory
+):
+    dandiset = dandiset_factory(embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
+    draft_version_factory(dandiset=dandiset)
+    upload_factory(dandiset=dandiset)
+
+    assign_perm('owner', user, dandiset)
+    api_client.force_authenticate(user=user)
+
+    resp = api_client.post(f'/api/dandisets/{dandiset.identifier}/unembargo/')
+    assert resp.status_code == 400

From 6ae94fcd64f8ee7cc7a984bcebd39a8f16682ac8 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Mon, 17 Jun 2024 11:42:49 -0400
Subject: [PATCH 029/131] Rearrange embargo exceptions

---
 dandiapi/api/services/dandiset/__init__.py   |  6 ++----
 dandiapi/api/services/dandiset/exceptions.py | 12 ------------
 dandiapi/api/services/embargo/exceptions.py  | 12 ++++++++++++
 dandiapi/api/views/asset.py                  |  2 +-
 dandiapi/api/views/dandiset.py               |  4 ++--
 dandiapi/api/views/upload.py                 |  2 +-
 dandiapi/api/views/version.py                |  2 +-
 7 files changed, 19 insertions(+), 21 deletions(-)

diff --git a/dandiapi/api/services/dandiset/__init__.py b/dandiapi/api/services/dandiset/__init__.py
index 050428375..2159c9dbd 100644
--- a/dandiapi/api/services/dandiset/__init__.py
+++ b/dandiapi/api/services/dandiset/__init__.py
@@ -4,10 +4,8 @@
 
 from dandiapi.api.models.dandiset import Dandiset
 from dandiapi.api.models.version import Version
-from dandiapi.api.services.dandiset.exceptions import (
-    DandisetAlreadyExistsError,
-    DandisetUnEmbargoInProgressError,
-)
+from dandiapi.api.services.dandiset.exceptions import DandisetAlreadyExistsError
+from dandiapi.api.services.embargo.exceptions import DandisetUnEmbargoInProgressError
 from dandiapi.api.services.exceptions import AdminOnlyOperationError, NotAllowedError
 from dandiapi.api.services.version.metadata import _normalize_version_metadata
 
diff --git a/dandiapi/api/services/dandiset/exceptions.py b/dandiapi/api/services/dandiset/exceptions.py
index 00e2d9828..361d2e08b 100644
--- a/dandiapi/api/services/dandiset/exceptions.py
+++ b/dandiapi/api/services/dandiset/exceptions.py
@@ -7,15 +7,3 @@
 
 class DandisetAlreadyExistsError(DandiError):
     http_status_code = status.HTTP_400_BAD_REQUEST
-
-
-class UnauthorizedEmbargoAccessError(DandiError):
-    http_status_code = status.HTTP_401_UNAUTHORIZED
-    message = (
-        'Authentication credentials must be provided when attempting to access embargoed dandisets'
-    )
-
-
-class DandisetUnEmbargoInProgressError(DandiError):
-    http_status_code = status.HTTP_400_BAD_REQUEST
-    message = 'Dandiset modification not allowed during un-embargo'
diff --git a/dandiapi/api/services/embargo/exceptions.py b/dandiapi/api/services/embargo/exceptions.py
index c4db7ad72..351522269 100644
--- a/dandiapi/api/services/embargo/exceptions.py
+++ b/dandiapi/api/services/embargo/exceptions.py
@@ -18,3 +18,15 @@ class DandisetNotEmbargoedError(DandiError):
 class DandisetActiveUploadsError(DandiError):
     http_status_code = status.HTTP_400_BAD_REQUEST
     message = 'Dandiset un-embargo not allowed with active uploads'
+
+
+class DandisetUnEmbargoInProgressError(DandiError):
+    http_status_code = status.HTTP_400_BAD_REQUEST
+    message = 'Dandiset modification not allowed during un-embargo'
+
+
+class UnauthorizedEmbargoAccessError(DandiError):
+    http_status_code = status.HTTP_401_UNAUTHORIZED
+    message = (
+        'Authentication credentials must be provided when attempting to access embargoed dandisets'
+    )
diff --git a/dandiapi/api/views/asset.py b/dandiapi/api/views/asset.py
index 23d91acf5..549ce113a 100644
--- a/dandiapi/api/views/asset.py
+++ b/dandiapi/api/views/asset.py
@@ -9,7 +9,7 @@
     remove_asset_from_version,
 )
 from dandiapi.api.services.asset.exceptions import DraftDandisetNotModifiableError
-from dandiapi.api.services.dandiset.exceptions import DandisetUnEmbargoInProgressError
+from dandiapi.api.services.embargo.exceptions import DandisetUnEmbargoInProgressError
 from dandiapi.zarr.models import ZarrArchive
 
 try:
diff --git a/dandiapi/api/views/dandiset.py b/dandiapi/api/views/dandiset.py
index 46bec9572..50d693bfc 100644
--- a/dandiapi/api/views/dandiset.py
+++ b/dandiapi/api/views/dandiset.py
@@ -25,11 +25,11 @@
 from dandiapi.api.mail import send_ownership_change_emails
 from dandiapi.api.models import Dandiset, Version
 from dandiapi.api.services.dandiset import create_dandiset, delete_dandiset
-from dandiapi.api.services.dandiset.exceptions import (
+from dandiapi.api.services.embargo import unembargo_dandiset
+from dandiapi.api.services.embargo.exceptions import (
     DandisetUnEmbargoInProgressError,
     UnauthorizedEmbargoAccessError,
 )
-from dandiapi.api.services.embargo import unembargo_dandiset
 from dandiapi.api.views.common import DANDISET_PK_PARAM
 from dandiapi.api.views.pagination import DandiPagination
 from dandiapi.api.views.serializers import (
diff --git a/dandiapi/api/views/upload.py b/dandiapi/api/views/upload.py
index c9efdac68..7ef0aa0bd 100644
--- a/dandiapi/api/views/upload.py
+++ b/dandiapi/api/views/upload.py
@@ -17,7 +17,7 @@
 
 from dandiapi.api.models import AssetBlob, Dandiset, Upload
 from dandiapi.api.permissions import IsApproved
-from dandiapi.api.services.dandiset.exceptions import DandisetUnEmbargoInProgressError
+from dandiapi.api.services.embargo.exceptions import DandisetUnEmbargoInProgressError
 from dandiapi.api.tasks import calculate_sha256
 from dandiapi.api.views.serializers import AssetBlobSerializer
 
diff --git a/dandiapi/api/views/version.py b/dandiapi/api/views/version.py
index 17dd3a9b6..7ef74d9ed 100644
--- a/dandiapi/api/views/version.py
+++ b/dandiapi/api/views/version.py
@@ -14,7 +14,7 @@
 from rest_framework_extensions.mixins import DetailSerializerMixin, NestedViewSetMixin
 
 from dandiapi.api.models import Dandiset, Version
-from dandiapi.api.services.dandiset.exceptions import DandisetUnEmbargoInProgressError
+from dandiapi.api.services.embargo.exceptions import DandisetUnEmbargoInProgressError
 from dandiapi.api.services.publish import publish_dandiset
 from dandiapi.api.tasks import delete_doi_task
 from dandiapi.api.views.common import DANDISET_PK_PARAM, VERSION_PARAM

From 070d42de1fe9f8b36b7644ead65730f38ce300bf Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Fri, 14 Jun 2024 13:38:37 -0400
Subject: [PATCH 030/131] Strip certain access information in
 Version.strip_metadata

---
 dandiapi/api/models/version.py | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/dandiapi/api/models/version.py b/dandiapi/api/models/version.py
index 6007e732a..a5767b7ec 100644
--- a/dandiapi/api/models/version.py
+++ b/dandiapi/api/models/version.py
@@ -166,7 +166,19 @@ def strip_metadata(cls, metadata):
             'publishedBy',
             'manifestLocation',
         ]
-        return {key: metadata[key] for key in metadata if key not in computed_fields}
+        stripped = {key: metadata[key] for key in metadata if key not in computed_fields}
+
+        # Strip the status and schemaKey fields, as modifying them is not supported
+        if (
+            'access' in stripped
+            and isinstance(stripped['access'], list)
+            and len(stripped['access'])
+            and isinstance(stripped['access'][0], dict)
+        ):
+            stripped['access'][0].pop('schemaKey', None)
+            stripped['access'][0].pop('status', None)
+
+        return stripped
 
     def _populate_access_metadata(self):
         default_access = [{}]

From d224ea8ba538174eb8fb320ca4f6e2955f7db44f Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Tue, 18 Jun 2024 21:36:55 +0000
Subject: [PATCH 031/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 413e6f55a..32c107057 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,17 @@
+# v0.3.86 (Tue Jun 18 2024)
+
+#### 🐛 Bug Fix
+
+- Restrict updates to metadata `access` field [#1954](https://github.com/dandi/dandi-archive/pull/1954) ([@jjnesbitt](https://github.com/jjnesbitt))
+- Fix race condition in sha256 calculation task [#1936](https://github.com/dandi/dandi-archive/pull/1936) ([@mvandenburgh](https://github.com/mvandenburgh))
+
+#### Authors: 2
+
+- Jacob Nesbitt ([@jjnesbitt](https://github.com/jjnesbitt))
+- Mike VanDenburgh ([@mvandenburgh](https://github.com/mvandenburgh))
+
+---
+
 # v0.3.85 (Mon Jun 03 2024)
 
 :tada: This release contains work from a new contributor! :tada:

From 492b48c311ac4b8faac9f2e84a6e9d249f59d2b6 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Tue, 18 Jun 2024 16:42:46 -0400
Subject: [PATCH 032/131] Fix spelling of "unembargo"

---
 dandiapi/api/mail.py                                   | 10 ++++------
 dandiapi/api/migrations/0008_migrate_embargoed_data.py |  2 +-
 dandiapi/api/services/asset/__init__.py                |  4 ++--
 dandiapi/api/services/dandiset/__init__.py             |  4 ++--
 dandiapi/api/services/embargo/__init__.py              |  2 +-
 dandiapi/api/services/embargo/exceptions.py            |  6 +++---
 dandiapi/api/tasks/scheduled.py                        |  4 ++--
 .../api/templates/api/mail/dandiset_unembargoed.html   |  2 +-
 .../api/templates/api/mail/dandisets_to_unembargo.txt  |  2 +-
 dandiapi/api/tests/test_asset.py                       |  2 +-
 dandiapi/api/tests/test_dandiset.py                    |  4 ++--
 dandiapi/api/tests/test_unembargo.py                   |  2 +-
 dandiapi/api/views/asset.py                            |  8 ++++----
 dandiapi/api/views/dandiset.py                         |  4 ++--
 dandiapi/api/views/upload.py                           |  6 +++---
 dandiapi/api/views/version.py                          |  4 ++--
 doc/design/embargo-redesign.md                         | 10 +++++-----
 .../views/DandisetLandingView/DandisetUnembargo.vue    |  4 ++--
 18 files changed, 39 insertions(+), 41 deletions(-)

diff --git a/dandiapi/api/mail.py b/dandiapi/api/mail.py
index 9f05acdb5..d68395d69 100644
--- a/dandiapi/api/mail.py
+++ b/dandiapi/api/mail.py
@@ -194,14 +194,14 @@ def build_dandisets_to_unembargo_message(dandisets: Iterable[Dandiset]):
     ]
     render_context = {**BASE_RENDER_CONTEXT, 'dandisets': dandiset_context}
     return build_message(
-        subject='DANDI: New Dandisets to un-embargo',
+        subject='DANDI: New Dandisets to unembargo',
         message=render_to_string('api/mail/dandisets_to_unembargo.txt', render_context),
         to=[settings.DANDI_DEV_EMAIL],
     )
 
 
 def send_dandisets_to_unembargo_message(dandisets: Iterable[Dandiset]):
-    logger.info('Sending dandisets to un-embargo message to devs at %s', settings.DANDI_DEV_EMAIL)
+    logger.info('Sending dandisets to unembargo message to devs at %s', settings.DANDI_DEV_EMAIL)
     messages = [build_dandisets_to_unembargo_message(dandisets)]
     with mail.get_connection() as connection:
         connection.send_messages(messages)
@@ -219,7 +219,7 @@ def build_dandiset_unembargoed_message(dandiset: Dandiset):
     }
     html_message = render_to_string('api/mail/dandiset_unembargoed.html', render_context)
     return build_message(
-        subject='Your Dandiset has been un-embargoed!',
+        subject='Your Dandiset has been unembargoed!',
         message=strip_tags(html_message),
         html_message=html_message,
         to=[owner.email for owner in dandiset.owners],
@@ -227,9 +227,7 @@ def build_dandiset_unembargoed_message(dandiset: Dandiset):
 
 
 def send_dandiset_unembargoed_message(dandiset: Dandiset):
-    logger.info(
-        'Sending dandisets un-embargoed message to dandiset %s owners.', dandiset.identifier
-    )
+    logger.info('Sending dandisets unembargoed message to dandiset %s owners.', dandiset.identifier)
     messages = [build_dandiset_unembargoed_message(dandiset)]
     with mail.get_connection() as connection:
         connection.send_messages(messages)
diff --git a/dandiapi/api/migrations/0008_migrate_embargoed_data.py b/dandiapi/api/migrations/0008_migrate_embargoed_data.py
index 13943aeaf..d454fe3fb 100644
--- a/dandiapi/api/migrations/0008_migrate_embargoed_data.py
+++ b/dandiapi/api/migrations/0008_migrate_embargoed_data.py
@@ -21,7 +21,7 @@ def migrate_embargoed_blob(embargoed_blob):
         #       as the above case, but between an embargoed and open dandiset, instead of two
         #       embargoed dandisets.
         #
-        # In case #3, the asset will effectively be un-embargoed.
+        # In case #3, the asset will effectively be unembargoed.
         existing_blob = AssetBlob.objects.filter(
             etag=embargoed_blob.etag, size=embargoed_blob.size
         ).first()
diff --git a/dandiapi/api/services/asset/__init__.py b/dandiapi/api/services/asset/__init__.py
index 6c0ee60ed..4e75048b3 100644
--- a/dandiapi/api/services/asset/__init__.py
+++ b/dandiapi/api/services/asset/__init__.py
@@ -136,7 +136,7 @@ def add_asset_to_version(
         raise ZarrArchiveBelongsToDifferentDandisetError
 
     # Creating an asset in an OPEN dandiset that points to an embargoed blob results in that
-    # blob being un-embargoed
+    # blob being unembargoed
     unembargo_asset_blob = (
         asset_blob is not None
         and asset_blob.embargoed
@@ -159,7 +159,7 @@ def add_asset_to_version(
         version.save()
 
     # Perform this after the above transaction has finished, to ensure we only operate on
-    # un-embargoed asset blobs
+    # unembargoed asset blobs
     if asset_blob and unembargo_asset_blob:
         remove_asset_blob_embargoed_tag_task.delay(blob_id=asset_blob.blob_id)
 
diff --git a/dandiapi/api/services/dandiset/__init__.py b/dandiapi/api/services/dandiset/__init__.py
index 2159c9dbd..05450a94f 100644
--- a/dandiapi/api/services/dandiset/__init__.py
+++ b/dandiapi/api/services/dandiset/__init__.py
@@ -5,7 +5,7 @@
 from dandiapi.api.models.dandiset import Dandiset
 from dandiapi.api.models.version import Version
 from dandiapi.api.services.dandiset.exceptions import DandisetAlreadyExistsError
-from dandiapi.api.services.embargo.exceptions import DandisetUnEmbargoInProgressError
+from dandiapi.api.services.embargo.exceptions import DandisetUnembargoInProgressError
 from dandiapi.api.services.exceptions import AdminOnlyOperationError, NotAllowedError
 from dandiapi.api.services.version.metadata import _normalize_version_metadata
 
@@ -57,7 +57,7 @@ def delete_dandiset(*, user, dandiset: Dandiset) -> None:
     if dandiset.versions.filter(status=Version.Status.PUBLISHING).exists():
         raise NotAllowedError('Cannot delete dandisets that are currently being published.')
     if dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
-        raise DandisetUnEmbargoInProgressError
+        raise DandisetUnembargoInProgressError
 
     # Delete all versions first, so that AssetPath deletion is cascaded
     # through versions, rather than through zarrs directly
diff --git a/dandiapi/api/services/embargo/__init__.py b/dandiapi/api/services/embargo/__init__.py
index 954f96098..c4bcf89a3 100644
--- a/dandiapi/api/services/embargo/__init__.py
+++ b/dandiapi/api/services/embargo/__init__.py
@@ -83,7 +83,7 @@ def unembargo_dandiset(*, user: User, dandiset: Dandiset):
         raise DandisetActiveUploadsError
 
     # A scheduled task will pick up any new dandisets with this status and email the admins to
-    # initiate the un-embargo process
+    # initiate the unembargo process
     dandiset.embargo_status = Dandiset.EmbargoStatus.UNEMBARGOING
     dandiset.save()
 
diff --git a/dandiapi/api/services/embargo/exceptions.py b/dandiapi/api/services/embargo/exceptions.py
index 351522269..13038bd59 100644
--- a/dandiapi/api/services/embargo/exceptions.py
+++ b/dandiapi/api/services/embargo/exceptions.py
@@ -17,12 +17,12 @@ class DandisetNotEmbargoedError(DandiError):
 
 class DandisetActiveUploadsError(DandiError):
     http_status_code = status.HTTP_400_BAD_REQUEST
-    message = 'Dandiset un-embargo not allowed with active uploads'
+    message = 'Dandiset unembargo not allowed with active uploads'
 
 
-class DandisetUnEmbargoInProgressError(DandiError):
+class DandisetUnembargoInProgressError(DandiError):
     http_status_code = status.HTTP_400_BAD_REQUEST
-    message = 'Dandiset modification not allowed during un-embargo'
+    message = 'Dandiset modification not allowed during unembargo'
 
 
 class UnauthorizedEmbargoAccessError(DandiError):
diff --git a/dandiapi/api/tasks/scheduled.py b/dandiapi/api/tasks/scheduled.py
index bba10340d..9fa8af71d 100644
--- a/dandiapi/api/tasks/scheduled.py
+++ b/dandiapi/api/tasks/scheduled.py
@@ -114,7 +114,7 @@ def send_pending_users_email() -> None:
 
 @shared_task(soft_time_limit=20)
 def send_dandisets_to_unembargo_email() -> None:
-    """Send an email to admins listing dandisets that have requested un-embargo."""
+    """Send an email to admins listing dandisets that have requested unembargo."""
     dandisets = Dandiset.objects.filter(embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING)
     if dandisets.exists():
         send_dandisets_to_unembargo_message(dandisets)
@@ -148,7 +148,7 @@ def register_scheduled_tasks(sender: Celery, **kwargs):
     # Send daily email to admins containing a list of users awaiting approval
     sender.add_periodic_task(crontab(hour=0, minute=0), send_pending_users_email.s())
 
-    # Send daily email to admins containing a list of dandisets to un-embargo
+    # Send daily email to admins containing a list of dandisets to unembargo
     sender.add_periodic_task(crontab(hour=0, minute=0), send_dandisets_to_unembargo_email.s())
 
     # Refresh the materialized view used by asset search every 10 mins.
diff --git a/dandiapi/api/templates/api/mail/dandiset_unembargoed.html b/dandiapi/api/templates/api/mail/dandiset_unembargoed.html
index 978dea42f..236a5281b 100644
--- a/dandiapi/api/templates/api/mail/dandiset_unembargoed.html
+++ b/dandiapi/api/templates/api/mail/dandiset_unembargoed.html
@@ -1,4 +1,4 @@
-Dandiset <a href="{{ dandiset.ui_link }}"> {{ dandiset.identifier }} </a> has been un-embargoed, and is now open for
+Dandiset <a href="{{ dandiset.ui_link }}"> {{ dandiset.identifier }} </a> has been unembargoed, and is now open for
 public access.
 <br><br>
 <em>You are receiving this email because you are an owner of this dandiset.</em>
diff --git a/dandiapi/api/templates/api/mail/dandisets_to_unembargo.txt b/dandiapi/api/templates/api/mail/dandisets_to_unembargo.txt
index 3676f7721..c716839b1 100644
--- a/dandiapi/api/templates/api/mail/dandisets_to_unembargo.txt
+++ b/dandiapi/api/templates/api/mail/dandisets_to_unembargo.txt
@@ -1,5 +1,5 @@
 {% autoescape off %}
-The following new dandisets are awaiting un-embargo:
+The following new dandisets are awaiting unembargo:
 
 {% for ds in dandisets %}
 Dandiset ID: {{ ds.identifier }}
diff --git a/dandiapi/api/tests/test_asset.py b/dandiapi/api/tests/test_asset.py
index 1da6a32c3..68dadca42 100644
--- a/dandiapi/api/tests/test_asset.py
+++ b/dandiapi/api/tests/test_asset.py
@@ -670,7 +670,7 @@ def test_asset_create_embargoed_asset_blob_open_dandiset(
     api_client, user, draft_version, embargoed_asset_blob, mocker
 ):
     # Ensure that creating an asset in an open dandiset that points to an embargoed asset blob
-    # results in that asset blob being un-embargoed
+    # results in that asset blob being unembargoed
     assert draft_version.dandiset.embargo_status == Dandiset.EmbargoStatus.OPEN
     assert embargoed_asset_blob.embargoed
 
diff --git a/dandiapi/api/tests/test_dandiset.py b/dandiapi/api/tests/test_dandiset.py
index 18cc1adb1..9efeed612 100644
--- a/dandiapi/api/tests/test_dandiset.py
+++ b/dandiapi/api/tests/test_dandiset.py
@@ -751,7 +751,7 @@ def test_dandiset_rest_delete(api_client, draft_version_factory, user):
     assert response.status_code == 204
     assert not Dandiset.objects.all()
 
-    # Ensure that currently un-embargoing dandisets can't be deleted
+    # Ensure that currently unembargoing dandisets can't be deleted
     draft_version = draft_version_factory(
         dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
     )
@@ -891,7 +891,7 @@ def test_dandiset_rest_change_owners_unembargoing(
     user_factory,
     social_account_factory,
 ):
-    """Test that un-embargoing a dandiset prevents user modification."""
+    """Test that unembargoing a dandiset prevents user modification."""
     draft_version = draft_version_factory(
         dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
     )
diff --git a/dandiapi/api/tests/test_unembargo.py b/dandiapi/api/tests/test_unembargo.py
index dae007551..b4976d832 100644
--- a/dandiapi/api/tests/test_unembargo.py
+++ b/dandiapi/api/tests/test_unembargo.py
@@ -36,7 +36,7 @@ def test_unembargo_dandiset_sends_emails(
     send_dandisets_to_unembargo_email()
 
     assert mailoutbox
-    assert 'un-embargo' in mailoutbox[0].subject
+    assert 'unembargo' in mailoutbox[0].subject
     assert dandiset.identifier in mailoutbox[0].message().get_payload()
     assert user.username in mailoutbox[0].message().get_payload()
 
diff --git a/dandiapi/api/views/asset.py b/dandiapi/api/views/asset.py
index 549ce113a..d92fa0d0e 100644
--- a/dandiapi/api/views/asset.py
+++ b/dandiapi/api/views/asset.py
@@ -9,7 +9,7 @@
     remove_asset_from_version,
 )
 from dandiapi.api.services.asset.exceptions import DraftDandisetNotModifiableError
-from dandiapi.api.services.embargo.exceptions import DandisetUnEmbargoInProgressError
+from dandiapi.api.services.embargo.exceptions import DandisetUnembargoInProgressError
 from dandiapi.zarr.models import ZarrArchive
 
 try:
@@ -325,7 +325,7 @@ def create(self, request, versions__dandiset__pk, versions__version):
         )
 
         if version.dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
-            raise DandisetUnEmbargoInProgressError
+            raise DandisetUnembargoInProgressError
 
         serializer = AssetRequestSerializer(data=self.request.data)
         serializer.is_valid(raise_exception=True)
@@ -362,7 +362,7 @@ def update(self, request, versions__dandiset__pk, versions__version, **kwargs):
         if version.version != 'draft':
             raise DraftDandisetNotModifiableError
         if version.dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
-            raise DandisetUnEmbargoInProgressError
+            raise DandisetUnembargoInProgressError
 
         serializer = AssetRequestSerializer(data=self.request.data)
         serializer.is_valid(raise_exception=True)
@@ -400,7 +400,7 @@ def destroy(self, request, versions__dandiset__pk, versions__version, **kwargs):
             version=versions__version,
         )
         if version.dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
-            raise DandisetUnEmbargoInProgressError
+            raise DandisetUnembargoInProgressError
 
         # Lock asset for delete
         with transaction.atomic():
diff --git a/dandiapi/api/views/dandiset.py b/dandiapi/api/views/dandiset.py
index 50d693bfc..d202cc11f 100644
--- a/dandiapi/api/views/dandiset.py
+++ b/dandiapi/api/views/dandiset.py
@@ -27,7 +27,7 @@
 from dandiapi.api.services.dandiset import create_dandiset, delete_dandiset
 from dandiapi.api.services.embargo import unembargo_dandiset
 from dandiapi.api.services.embargo.exceptions import (
-    DandisetUnEmbargoInProgressError,
+    DandisetUnembargoInProgressError,
     UnauthorizedEmbargoAccessError,
 )
 from dandiapi.api.views.common import DANDISET_PK_PARAM
@@ -378,7 +378,7 @@ def users(self, request, dandiset__pk):  # noqa: C901
         dandiset: Dandiset = self.get_object()
         if request.method == 'PUT':
             if dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
-                raise DandisetUnEmbargoInProgressError
+                raise DandisetUnembargoInProgressError
 
             # Verify that the user is currently an owner
             response = get_40x_or_None(request, ['owner'], dandiset, return_403=True)
diff --git a/dandiapi/api/views/upload.py b/dandiapi/api/views/upload.py
index 7ef0aa0bd..acdf6a41e 100644
--- a/dandiapi/api/views/upload.py
+++ b/dandiapi/api/views/upload.py
@@ -17,7 +17,7 @@
 
 from dandiapi.api.models import AssetBlob, Dandiset, Upload
 from dandiapi.api.permissions import IsApproved
-from dandiapi.api.services.embargo.exceptions import DandisetUnEmbargoInProgressError
+from dandiapi.api.services.embargo.exceptions import DandisetUnembargoInProgressError
 from dandiapi.api.tasks import calculate_sha256
 from dandiapi.api.views.serializers import AssetBlobSerializer
 
@@ -136,9 +136,9 @@ def upload_initialize_view(request: Request) -> HttpResponseBase:
     if response:
         return response
 
-    # Ensure dandiset not in the process of un-embargo
+    # Ensure dandiset not in the process of unembargo
     if dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
-        raise DandisetUnEmbargoInProgressError
+        raise DandisetUnembargoInProgressError
 
     logging.info(
         'Starting upload initialization of size %s, ETag %s to dandiset %s',
diff --git a/dandiapi/api/views/version.py b/dandiapi/api/views/version.py
index 7ef74d9ed..0a052d9a7 100644
--- a/dandiapi/api/views/version.py
+++ b/dandiapi/api/views/version.py
@@ -14,7 +14,7 @@
 from rest_framework_extensions.mixins import DetailSerializerMixin, NestedViewSetMixin
 
 from dandiapi.api.models import Dandiset, Version
-from dandiapi.api.services.embargo.exceptions import DandisetUnEmbargoInProgressError
+from dandiapi.api.services.embargo.exceptions import DandisetUnembargoInProgressError
 from dandiapi.api.services.publish import publish_dandiset
 from dandiapi.api.tasks import delete_doi_task
 from dandiapi.api.views.common import DANDISET_PK_PARAM, VERSION_PARAM
@@ -96,7 +96,7 @@ def update(self, request, **kwargs):
                 status=status.HTTP_405_METHOD_NOT_ALLOWED,
             )
         if version.dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
-            raise DandisetUnEmbargoInProgressError
+            raise DandisetUnembargoInProgressError
 
         serializer = VersionMetadataSerializer(data=request.data)
         serializer.is_valid(raise_exception=True)
diff --git a/doc/design/embargo-redesign.md b/doc/design/embargo-redesign.md
index 754395afc..d3e783c2b 100644
--- a/doc/design/embargo-redesign.md
+++ b/doc/design/embargo-redesign.md
@@ -71,9 +71,9 @@ sequenceDiagram
     end
 ```
 
-## Change to Un-Embargo Procedure
+## Change to Unembargo Procedure
 
-Once the time comes to *********un-embargo********* those files, all that is required is to remove the `embargoed` tag from all of the objects. This can be achieved by an [S3 Batch Operations Job](https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops-create-job.html), in which the list of files is specified (all files belonging to the dandiset), and the desired action is specified (delete/replace tags).
+Once the time comes to *********unembargo********* those files, all that is required is to remove the `embargoed` tag from all of the objects. This can be achieved by an [S3 Batch Operations Job](https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops-create-job.html), in which the list of files is specified (all files belonging to the dandiset), and the desired action is specified (delete/replace tags).
 
 The benefit of this approach is that once the files are uploaded, no further movement is required to change the embargo state, eliminating the storage, egress, and time costs associated with unembargoing from a second bucket. Using S3 Batch Operations to perform the untagging also means we can rely on AWS’s own error reporting mechanisms, while retrying any failed operations requires only minimal engineering effort within the Archive codebase.
 
@@ -85,7 +85,7 @@ The benefit of this approach is that once the files are uploaded, no further mov
 4. If there are no failures, the Job ID is set to null in the DB model, and the embargo status, metadata, etc. is updated to reflect that the dandiset is now `OPEN`.
 5. Otherwise, an exception is raised and attended to by the developers.
 
-A diagram of the un-embargo procedure (pertaining to just the objects) is shown below
+A diagram of the unembargo procedure (pertaining to just the objects) is shown below
 
 ```mermaid
 sequenceDiagram
@@ -95,8 +95,8 @@ sequenceDiagram
     participant Worker
     participant S3
 
-    Client ->> Server: Un-embargo dandiset
-    Server ->> Worker: Dispatch un-embargo task
+    Client ->> Server: Unembargo dandiset
+    Server ->> Worker: Dispatch unembargo task
     Worker ->> S3: List of all dandiset objects are aggregated into a manifest
     Worker ->> S3: S3 Batch Operation job created
     S3 ->> Worker: Job ID is returned
diff --git a/web/src/views/DandisetLandingView/DandisetUnembargo.vue b/web/src/views/DandisetLandingView/DandisetUnembargo.vue
index 516f3cf77..c6c846a80 100644
--- a/web/src/views/DandisetLandingView/DandisetUnembargo.vue
+++ b/web/src/views/DandisetLandingView/DandisetUnembargo.vue
@@ -17,11 +17,11 @@
         <v-divider class="my-3" />
         <v-card-text>
           <span>
-            This action will un-embargo this dandiset. Note that this is a
+            This action will unembargo this dandiset. Note that this is a
             <span class="font-weight-bold">
               permanent
             </span>
-            action and cannot be undone. Once a dandiset has been un-embargoed,
+            action and cannot be undone. Once a dandiset has been unembargoed,
             it cannot be re-embargoed.
             <br><br>
             Note: this may take several days to complete.

From 1a294062997a79c26e3a91bb4e4a903224f7cc56 Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Fri, 21 Jun 2024 00:46:10 +0000
Subject: [PATCH 033/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 32c107057..75119ee38 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,15 @@
+# v0.3.87 (Fri Jun 21 2024)
+
+#### 🐛 Bug Fix
+
+- Lock dandisets during un-embargo [#1957](https://github.com/dandi/dandi-archive/pull/1957) ([@jjnesbitt](https://github.com/jjnesbitt))
+
+#### Authors: 1
+
+- Jacob Nesbitt ([@jjnesbitt](https://github.com/jjnesbitt))
+
+---
+
 # v0.3.86 (Tue Jun 18 2024)
 
 #### 🐛 Bug Fix

From 6d81e0f4eb77d7e6821f7c1860ec72c02d56048d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Jun 2024 22:00:16 +0000
Subject: [PATCH 034/131] [gh-actions](deps): Bump actions/add-to-project from
 0.6.0 to 1.0.2

Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.6.0 to 1.0.2.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.6.0...v1.0.2)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/auto-add-issues.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/auto-add-issues.yml b/.github/workflows/auto-add-issues.yml
index 79cbb207d..6eca60f09 100644
--- a/.github/workflows/auto-add-issues.yml
+++ b/.github/workflows/auto-add-issues.yml
@@ -11,7 +11,7 @@ jobs:
     name: Add issue to project
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/add-to-project@v0.6.0
+      - uses: actions/add-to-project@v1.0.2
         with:
           project-url: https://github.com/orgs/dandi/projects/16
           github-token: ${{ secrets.AUTO_ADD_ISSUES }}

From 3b5163827d0bdb150e2b9cb7f79725992a6ec4a9 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Wed, 10 Jul 2024 08:30:30 -1000
Subject: [PATCH 035/131] Remove File to avoid confusion (Closes #1971)

---
 web/src/views/DandisetLandingView/DandisetMain.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/views/DandisetLandingView/DandisetMain.vue b/web/src/views/DandisetLandingView/DandisetMain.vue
index 0fd94c030..32828e1ee 100644
--- a/web/src/views/DandisetLandingView/DandisetMain.vue
+++ b/web/src/views/DandisetLandingView/DandisetMain.vue
@@ -118,7 +118,7 @@
         <v-col :cols="$vuetify.breakpoint.xs ? 12 : 3">
           <span>
             <v-icon class="grey--text text--lighten-1">mdi-server</v-icon>
-            File Size <strong>{{ transformFilesize(stats.size) }}</strong>
+            Size <strong>{{ transformFilesize(stats.size) }}</strong>
           </span>
         </v-col>
       </v-row>

From 84c019cb86f28183b946ef5a93edbf818891e97a Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Wed, 10 Jul 2024 16:42:08 -0400
Subject: [PATCH 036/131] Suppress lint error (SIM103)

---
 dandiapi/api/models/asset.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dandiapi/api/models/asset.py b/dandiapi/api/models/asset.py
index cc2bed6ad..7fc106ae4 100644
--- a/dandiapi/api/models/asset.py
+++ b/dandiapi/api/models/asset.py
@@ -218,7 +218,7 @@ def is_different_from(
         if self.path != path:
             return True
 
-        if self.metadata != metadata:
+        if self.metadata != metadata:  # noqa: SIM103
             return True
 
         return False

From 8daeb79b0b9616c86c59044b16a0bea4e73d3592 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Thu, 11 Jul 2024 15:42:27 -0400
Subject: [PATCH 037/131] Pin dandischema to 0.10.1 (schema version 0.6.7)

---
 setup.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index 15738bcab..ba8aafa90 100644
--- a/setup.py
+++ b/setup.py
@@ -40,7 +40,8 @@
     include_package_data=True,
     install_requires=[
         'celery',
-        'dandischema~=0.10.1',
+        # Pin dandischema to exact version to make explicit which schema version is being used
+        'dandischema==0.10.1',  # schema version 0.6.7
         'django~=4.1.0',
         'django-admin-display',
         # Require 0.58.0 as it is the first version to support postgres' native

From 524c835a82ffea9c23a90b128f04c42f9580480e Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Thu, 11 Jul 2024 15:42:57 -0400
Subject: [PATCH 038/131] Pin django-storages to 1.14.3

---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index ba8aafa90..4a988ff8d 100644
--- a/setup.py
+++ b/setup.py
@@ -68,7 +68,7 @@
         # Production-only
         'django-composed-configuration[prod]>=0.23.0',
         'django-s3-file-field[s3]>=1.0.0',
-        'django-storages[s3]>=1.14.3',
+        'django-storages[s3]==1.14.3',
         'gunicorn',
         # Development-only, but required
         'django-minio-storage',

From 0dcef6820d526c4923ac41a39219e8c1e713072a Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Thu, 11 Jul 2024 15:05:49 -0400
Subject: [PATCH 039/131] Bump dandischema to 0.10.2 (schema version 0.6.8)

---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index 4a988ff8d..e7db9cc0a 100644
--- a/setup.py
+++ b/setup.py
@@ -41,7 +41,7 @@
     install_requires=[
         'celery',
         # Pin dandischema to exact version to make explicit which schema version is being used
-        'dandischema==0.10.1',  # schema version 0.6.7
+        'dandischema==0.10.2',  # schema version 0.6.8
         'django~=4.1.0',
         'django-admin-display',
         # Require 0.58.0 as it is the first version to support postgres' native

From e255828fe1838dd06acdb0dd1d10ea1778774132 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Thu, 11 Jul 2024 15:23:49 -0400
Subject: [PATCH 040/131] Fix draft version test factory

Include contact person email in metadata
---
 dandiapi/api/tests/factories.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dandiapi/api/tests/factories.py b/dandiapi/api/tests/factories.py
index ac0998590..7b3f3e09a 100644
--- a/dandiapi/api/tests/factories.py
+++ b/dandiapi/api/tests/factories.py
@@ -108,6 +108,7 @@ def metadata(self):
                 {
                     'name': f'{faker.Faker().last_name()}, {faker.Faker().first_name()}',
                     'roleName': ['dcite:ContactPerson'],
+                    'email': faker.Faker().email(),
                     'schemaKey': 'Person',
                 }
             ],

From 359e70fe8395fdd14b66b0a53664c0a98251fe2b Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Mon, 15 Jul 2024 12:43:56 -0400
Subject: [PATCH 041/131] Remove redundant check against type field

---
 web/src/components/Meditor/types.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/components/Meditor/types.ts b/web/src/components/Meditor/types.ts
index 5ca93b13f..0910a98c2 100644
--- a/web/src/components/Meditor/types.ts
+++ b/web/src/components/Meditor/types.ts
@@ -65,7 +65,7 @@ export const isJSONSchema = (schema: JSONSchemaUnionType): schema is JSONSchema7
 
 export const isBasicSchema = (schema: JSONSchemaUnionType): schema is BasicSchema => (
   isJSONSchema(schema)
-  && (isBasicType(schema.type) || schema.type === undefined)
+  && (isBasicType(schema.type))
 );
 
 export const isObjectSchema = (schema: JSONSchemaUnionType): schema is ObjectSchema => (

From 460da4d49e5510772f865ccaf71c4dacd0ad40a8 Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Mon, 15 Jul 2024 18:50:00 +0000
Subject: [PATCH 042/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 75119ee38..21649c92d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,19 @@
+# v0.3.88 (Mon Jul 15 2024)
+
+#### 🐛 Bug Fix
+
+- Bump dandischema to 0.10.2 (schema version 0.6.8) [#1976](https://github.com/dandi/dandi-archive/pull/1976) ([@jjnesbitt](https://github.com/jjnesbitt))
+- Pin updated dependencies [#1977](https://github.com/dandi/dandi-archive/pull/1977) ([@jjnesbitt](https://github.com/jjnesbitt))
+- Suppress lint error (SIM103) [#1973](https://github.com/dandi/dandi-archive/pull/1973) ([@jjnesbitt](https://github.com/jjnesbitt))
+- Remove File to avoid confusion [#1972](https://github.com/dandi/dandi-archive/pull/1972) ([@yarikoptic](https://github.com/yarikoptic))
+
+#### Authors: 2
+
+- Jacob Nesbitt ([@jjnesbitt](https://github.com/jjnesbitt))
+- Yaroslav Halchenko ([@yarikoptic](https://github.com/yarikoptic))
+
+---
+
 # v0.3.87 (Fri Jun 21 2024)
 
 #### 🐛 Bug Fix

From b816ea2a0a4c6e1356e98b0f59db0a300c014ffc Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Tue, 4 Jun 2024 14:14:11 -0400
Subject: [PATCH 043/131] Automate dandiset unembargo

---
 dandiapi/api/services/embargo/__init__.py   | 82 ++++++++++++++++-----
 dandiapi/api/services/embargo/exceptions.py |  6 ++
 2 files changed, 68 insertions(+), 20 deletions(-)

diff --git a/dandiapi/api/services/embargo/__init__.py b/dandiapi/api/services/embargo/__init__.py
index 773c301fd..dc2827e14 100644
--- a/dandiapi/api/services/embargo/__init__.py
+++ b/dandiapi/api/services/embargo/__init__.py
@@ -1,29 +1,34 @@
 from __future__ import annotations
 
 from concurrent.futures import ThreadPoolExecutor
+import logging
 from typing import TYPE_CHECKING
 
 from botocore.config import Config
 from django.conf import settings
 from django.db import transaction
 
-from dandiapi.api.mail import send_dandisets_to_unembargo_message
-from dandiapi.api.models import Asset, AssetBlob, Dandiset, Version
+from dandiapi.api.mail import send_dandiset_unembargoed_message, send_dandisets_to_unembargo_message
+from dandiapi.api.models import AssetBlob, Dandiset, Version
 from dandiapi.api.services.asset.exceptions import DandisetOwnerRequiredError
+from dandiapi.api.services.exceptions import DandiError
 from dandiapi.api.storage import get_boto_client
 
 from .exceptions import (
     AssetBlobEmbargoedError,
+    AssetTagRemovalError,
     DandisetActiveUploadsError,
     DandisetNotEmbargoedError,
 )
 
 if TYPE_CHECKING:
     from django.contrib.auth.models import User
-    from django.db.models import QuerySet
     from mypy_boto3_s3 import S3Client
 
 
+logger = logging.getLogger(__name__)
+
+
 def _delete_asset_blob_tags(client: S3Client, blob: str):
     client.delete_object_tagging(
         Bucket=settings.DANDI_DANDISETS_BUCKET_NAME,
@@ -33,28 +38,65 @@ def _delete_asset_blob_tags(client: S3Client, blob: str):
 
 # NOTE: In testing this took ~2 minutes for 100,000 files
 def _remove_dandiset_asset_blob_embargo_tags(dandiset: Dandiset):
-    # First we need to generate a CSV manifest containing all asset blobs that need to be untaged
-    embargoed_asset_blobs = AssetBlob.objects.filter(
-        embargoed=True, assets__versions__dandiset=dandiset
-    ).values_list('blob', flat=True)
+    embargoed_asset_blobs = list(
+        AssetBlob.objects.filter(embargoed=True, assets__versions__dandiset=dandiset).values_list(
+            'blob', flat=True
+        )
+    )
 
     client = get_boto_client(config=Config(max_pool_connections=100))
     with ThreadPoolExecutor(max_workers=100) as e:
-        for blob in embargoed_asset_blobs:
+        futures = [
             e.submit(_delete_asset_blob_tags, client=client, blob=blob)
+            for blob in embargoed_asset_blobs
+        ]
+
+    # Check if any failed and raise exception if so
+    failed = [
+        blob for i, blob in enumerate(embargoed_asset_blobs) if futures[i].exception() is not None
+    ]
+    if failed:
+        raise AssetTagRemovalError('Some blobs failed to remove tags', blobs=failed)
 
 
 @transaction.atomic()
-def _unembargo_dandiset(dandiset: Dandiset):
-    # NOTE: Before proceeding, all asset blobs must have their embargoed tags removed in s3
+def _unembargo_dandiset(ds: Dandiset):
+    logger.info('Unembargoing Dandiset %s', ds.identifier)
+    logger.info('\t%s assets', ds.draft_version.assets.count())
+
+    if ds.embargo_status != Dandiset.EmbargoStatus.UNEMBARGOING:
+        raise DandiError(
+            message=f'Expected dandiset state {Dandiset.EmbargoStatus.UNEMBARGOING}, found {ds.embargo_status}',  # noqa: E501
+            http_status_code=500,
+        )
+    if ds.uploads.all().exists():
+        raise DandisetActiveUploadsError(http_status_code=500)
+
+    # Remove tags in S3
+    logger.info('Removing tags...')
+    _remove_dandiset_asset_blob_embargo_tags(ds)
+
+    # Update embargoed flag on asset blobs
+    updated = AssetBlob.objects.filter(embargoed=True, assets__versions__dandiset=ds).update(
+        embargoed=False
+    )
+    logger.info('Updated %s asset blobs', updated)
+
+    # Set status to OPEN
+    Dandiset.objects.filter(pk=ds.pk).update(embargo_status=Dandiset.EmbargoStatus.OPEN)
+    logger.info('Dandiset embargo status updated')
 
-    draft_version: Version = dandiset.draft_version
-    embargoed_assets: QuerySet[Asset] = draft_version.assets.filter(blob__embargoed=True)
-    AssetBlob.objects.filter(assets__in=embargoed_assets).update(embargoed=False)
+    # Fetch version to ensure changed embargo_status is included
+    # Save version to update metadata through populate_metadata
+    v = Version.objects.get(dandiset=ds, version='draft')
+    v.save()
+    logger.info('Version metadata updated')
 
-    # Set access on dandiset
-    dandiset.embargo_status = Dandiset.EmbargoStatus.OPEN
-    dandiset.save()
+    # Notify owners of completed unembargo
+    send_dandiset_unembargoed_message(ds)
+    logger.info('Dandiset owners notified.')
+
+    logger.info('...Done')
 
 
 def remove_asset_blob_embargoed_tag(asset_blob: AssetBlob) -> None:
@@ -76,10 +118,10 @@ def unembargo_dandiset(*, user: User, dandiset: Dandiset):
     if dandiset.uploads.count():
         raise DandisetActiveUploadsError
 
-    # A scheduled task will pick up any new dandisets with this status and email the admins to
-    # initiate the unembargo process
-    dandiset.embargo_status = Dandiset.EmbargoStatus.UNEMBARGOING
-    dandiset.save()
+    # A scheduled task will pick up any new dandisets with this status
+    Dandiset.objects.filter(pk=dandiset.pk).update(
+        embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
+    )
 
     # Send initial email to ensure it's seen in a timely manner
     send_dandisets_to_unembargo_message(dandisets=[dandiset])
diff --git a/dandiapi/api/services/embargo/exceptions.py b/dandiapi/api/services/embargo/exceptions.py
index 13038bd59..1bdc0fb25 100644
--- a/dandiapi/api/services/embargo/exceptions.py
+++ b/dandiapi/api/services/embargo/exceptions.py
@@ -30,3 +30,9 @@ class UnauthorizedEmbargoAccessError(DandiError):
     message = (
         'Authentication credentials must be provided when attempting to access embargoed dandisets'
     )
+
+
+class AssetTagRemovalError(Exception):
+    def __init__(self, message: str, blobs: list[str]) -> None:
+        super().__init__(message)
+        self.blobs = blobs

From c8801941ac8c0a2fcf2c3154d064a54327c271de Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Mon, 1 Jul 2024 14:59:47 -0400
Subject: [PATCH 044/131] Rename unembargo functions

---
 dandiapi/api/services/embargo/__init__.py | 7 ++++---
 dandiapi/api/views/dandiset.py            | 4 ++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/dandiapi/api/services/embargo/__init__.py b/dandiapi/api/services/embargo/__init__.py
index dc2827e14..0a421d368 100644
--- a/dandiapi/api/services/embargo/__init__.py
+++ b/dandiapi/api/services/embargo/__init__.py
@@ -60,7 +60,8 @@ def _remove_dandiset_asset_blob_embargo_tags(dandiset: Dandiset):
 
 
 @transaction.atomic()
-def _unembargo_dandiset(ds: Dandiset):
+def unembargo_dandiset(ds: Dandiset):
+    """Unembargo a dandiset by copying all embargoed asset blobs to the public bucket."""
     logger.info('Unembargoing Dandiset %s', ds.identifier)
     logger.info('\t%s assets', ds.draft_version.assets.count())
 
@@ -107,8 +108,8 @@ def remove_asset_blob_embargoed_tag(asset_blob: AssetBlob) -> None:
     _delete_asset_blob_tags(client=get_boto_client(), blob=asset_blob.blob.name)
 
 
-def unembargo_dandiset(*, user: User, dandiset: Dandiset):
-    """Unembargo a dandiset by copying all embargoed asset blobs to the public bucket."""
+def kickoff_dandiset_unembargo(*, user: User, dandiset: Dandiset):
+    """Set dandiset status to kickoff unembargo."""
     if dandiset.embargo_status != Dandiset.EmbargoStatus.EMBARGOED:
         raise DandisetNotEmbargoedError
 
diff --git a/dandiapi/api/views/dandiset.py b/dandiapi/api/views/dandiset.py
index d202cc11f..770e58366 100644
--- a/dandiapi/api/views/dandiset.py
+++ b/dandiapi/api/views/dandiset.py
@@ -25,7 +25,7 @@
 from dandiapi.api.mail import send_ownership_change_emails
 from dandiapi.api.models import Dandiset, Version
 from dandiapi.api.services.dandiset import create_dandiset, delete_dandiset
-from dandiapi.api.services.embargo import unembargo_dandiset
+from dandiapi.api.services.embargo import kickoff_dandiset_unembargo
 from dandiapi.api.services.embargo.exceptions import (
     DandisetUnembargoInProgressError,
     UnauthorizedEmbargoAccessError,
@@ -349,7 +349,7 @@ def destroy(self, request, dandiset__pk):
     @method_decorator(permission_required_or_403('owner', (Dandiset, 'pk', 'dandiset__pk')))
     def unembargo(self, request, dandiset__pk):
         dandiset: Dandiset = get_object_or_404(Dandiset, pk=dandiset__pk)
-        unembargo_dandiset(user=request.user, dandiset=dandiset)
+        kickoff_dandiset_unembargo(user=request.user, dandiset=dandiset)
 
         return Response(None, status=status.HTTP_200_OK)
 

From 10e81b9130855b31ecb7cc8e4bfd090f535866b4 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Mon, 1 Jul 2024 16:52:33 -0400
Subject: [PATCH 045/131] Add unembargo tests

---
 dandiapi/api/tests/test_unembargo.py | 140 +++++++++++++++++++++++----
 1 file changed, 122 insertions(+), 18 deletions(-)

diff --git a/dandiapi/api/tests/test_unembargo.py b/dandiapi/api/tests/test_unembargo.py
index b4976d832..1d3bdacda 100644
--- a/dandiapi/api/tests/test_unembargo.py
+++ b/dandiapi/api/tests/test_unembargo.py
@@ -1,11 +1,23 @@
 from __future__ import annotations
 
+from typing import TYPE_CHECKING
+
+import dandischema
 from guardian.shortcuts import assign_perm
 import pytest
 
 from dandiapi.api.models.dandiset import Dandiset
-from dandiapi.api.services.embargo import AssetBlobEmbargoedError, remove_asset_blob_embargoed_tag
-from dandiapi.api.tasks.scheduled import send_dandisets_to_unembargo_email
+from dandiapi.api.services.embargo import (
+    AssetBlobEmbargoedError,
+    remove_asset_blob_embargoed_tag,
+    unembargo_dandiset,
+)
+from dandiapi.api.services.embargo.exceptions import DandisetActiveUploadsError
+from dandiapi.api.services.exceptions import DandiError
+
+if TYPE_CHECKING:
+    from dandiapi.api.models.asset import AssetBlob
+    from dandiapi.api.models.version import Version
 
 
 @pytest.mark.django_db()
@@ -18,39 +30,131 @@ def test_remove_asset_blob_embargoed_tag_fails_on_embargod(embargoed_asset_blob,
 
 
 @pytest.mark.django_db()
-def test_unembargo_dandiset_sends_emails(
-    api_client, user, dandiset, draft_version_factory, mailoutbox
+def test_kickoff_dandiset_unembargo_dandiset_not_embargoed(
+    api_client, user, dandiset_factory, draft_version_factory
 ):
+    dandiset = dandiset_factory(embargo_status=Dandiset.EmbargoStatus.OPEN)
     draft_version_factory(dandiset=dandiset)
-
     assign_perm('owner', user, dandiset)
     api_client.force_authenticate(user=user)
 
-    dandiset.embargo_status = Dandiset.EmbargoStatus.EMBARGOED
-    dandiset.save()
-
     resp = api_client.post(f'/api/dandisets/{dandiset.identifier}/unembargo/')
-    assert resp.status_code == 200
+    assert resp.status_code == 400
 
-    # Simulate the scheduled task calling this function
-    send_dandisets_to_unembargo_email()
 
-    assert mailoutbox
-    assert 'unembargo' in mailoutbox[0].subject
-    assert dandiset.identifier in mailoutbox[0].message().get_payload()
-    assert user.username in mailoutbox[0].message().get_payload()
+@pytest.mark.django_db()
+def test_kickoff_dandiset_unembargo_not_owner(
+    api_client, user, dandiset_factory, draft_version_factory
+):
+    dandiset = dandiset_factory(embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
+    draft_version_factory(dandiset=dandiset)
+    api_client.force_authenticate(user=user)
+
+    resp = api_client.post(f'/api/dandisets/{dandiset.identifier}/unembargo/')
+    assert resp.status_code == 403
 
 
 @pytest.mark.django_db()
-def test_unembargo_dandiset_lingering_uploads(
+def test_kickoff_dandiset_unembargo_active_uploads(
     api_client, user, dandiset_factory, draft_version_factory, upload_factory
 ):
     dandiset = dandiset_factory(embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
     draft_version_factory(dandiset=dandiset)
-    upload_factory(dandiset=dandiset)
-
     assign_perm('owner', user, dandiset)
     api_client.force_authenticate(user=user)
 
+    # Test that active uploads prevent unembargp
+    upload_factory(dandiset=dandiset)
     resp = api_client.post(f'/api/dandisets/{dandiset.identifier}/unembargo/')
     assert resp.status_code == 400
+
+
+@pytest.mark.django_db()
+def test_kickoff_dandiset_unembargo(api_client, user, draft_version_factory, mailoutbox):
+    draft_version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
+    ds: Dandiset = draft_version.dandiset
+
+    assign_perm('owner', user, ds)
+    api_client.force_authenticate(user=user)
+
+    resp = api_client.post(f'/api/dandisets/{ds.identifier}/unembargo/')
+    assert resp.status_code == 200
+
+    ds.refresh_from_db()
+    assert ds.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING
+    assert mailoutbox
+    assert 'unembargo' in mailoutbox[0].subject
+    assert ds.identifier in mailoutbox[0].message().get_payload()
+    assert user.username in mailoutbox[0].message().get_payload()
+
+
+@pytest.mark.django_db()
+def test_unembargo_dandiset_not_unembargoing(draft_version_factory):
+    draft_version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
+    ds: Dandiset = draft_version.dandiset
+
+    with pytest.raises(DandiError):
+        unembargo_dandiset(ds)
+
+
+@pytest.mark.django_db()
+def test_unembargo_dandiset_uploads_exist(draft_version_factory, upload_factory):
+    draft_version = draft_version_factory(
+        dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
+    )
+    ds: Dandiset = draft_version.dandiset
+
+    upload_factory(dandiset=ds)
+    with pytest.raises(DandisetActiveUploadsError):
+        unembargo_dandiset(ds)
+
+
+@pytest.mark.django_db()
+def test_unembargo_dandiset(
+    draft_version_factory,
+    asset_factory,
+    embargoed_asset_blob_factory,
+    mocker,
+    mailoutbox,
+    user_factory,
+):
+    draft_version: Version = draft_version_factory(
+        dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
+    )
+    ds: Dandiset = draft_version.dandiset
+    owners = [user_factory() for _ in range(5)]
+    for user in owners:
+        assign_perm('owner', user, ds)
+
+    embargoed_blob: AssetBlob = embargoed_asset_blob_factory()
+    asset = asset_factory(blob=embargoed_blob)
+    draft_version.assets.add(asset)
+    assert embargoed_blob.embargoed
+
+    # Patch this function to check if it's been called, since we can't test the tagging directly
+    patched = mocker.patch('dandiapi.api.services.embargo._delete_asset_blob_tags')
+
+    unembargo_dandiset(ds)
+    patched.assert_called_once()
+
+    embargoed_blob.refresh_from_db()
+    ds.refresh_from_db()
+    draft_version.refresh_from_db()
+    assert not embargoed_blob.embargoed
+    assert ds.embargo_status == Dandiset.EmbargoStatus.OPEN
+    assert (
+        draft_version.metadata['access'][0]['status']
+        == dandischema.models.AccessType.OpenAccess.value
+    )
+
+    # Check that a correct email exists
+    assert mailoutbox
+    assert 'has been unembargoed' in mailoutbox[0].subject
+    payload = mailoutbox[0].message().get_payload()[0].get_payload()
+    assert ds.identifier in payload
+    assert 'has been unembargoed' in payload
+
+    # Check that the email was sent to all owners
+    owner_email_set = {user.email for user in owners}
+    mailoutbox_to_email_set = set(mailoutbox[0].to)
+    assert owner_email_set == mailoutbox_to_email_set

From 3c3669de904047d8cab9ae5e69b11a86d2c1e8b0 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Tue, 2 Jul 2024 13:50:30 -0400
Subject: [PATCH 046/131] Connect unembargo endpoint and task

---
 dandiapi/api/mail.py                          | 25 ------------
 dandiapi/api/models/dandiset.py               |  4 ++
 dandiapi/api/services/dandiset/__init__.py    |  2 +-
 dandiapi/api/services/embargo/__init__.py     | 15 ++++----
 dandiapi/api/tasks/__init__.py                |  9 +++++
 dandiapi/api/tasks/scheduled.py               | 14 +------
 .../api/mail/dandisets_to_unembargo.txt       | 10 -----
 dandiapi/api/tests/test_asset.py              |  6 +--
 dandiapi/api/tests/test_dandiset.py           | 38 +++++++++----------
 dandiapi/api/tests/test_unembargo.py          | 16 +++++---
 dandiapi/api/tests/test_upload.py             |  2 +-
 dandiapi/api/tests/test_version.py            |  4 +-
 dandiapi/api/views/asset.py                   |  6 +--
 dandiapi/api/views/dandiset.py                |  2 +-
 dandiapi/api/views/upload.py                  |  2 +-
 dandiapi/api/views/version.py                 |  2 +-
 .../DandisetLandingView/DandisetActions.vue   |  3 +-
 .../DandisetLandingView/DandisetUnembargo.vue | 10 ++---
 web/src/views/FileBrowserView/FileBrowser.vue |  3 +-
 19 files changed, 71 insertions(+), 102 deletions(-)
 delete mode 100644 dandiapi/api/templates/api/mail/dandisets_to_unembargo.txt

diff --git a/dandiapi/api/mail.py b/dandiapi/api/mail.py
index d68395d69..4d94dfcfb 100644
--- a/dandiapi/api/mail.py
+++ b/dandiapi/api/mail.py
@@ -182,31 +182,6 @@ def send_pending_users_message(users: Iterable[User]):
         connection.send_messages(messages)
 
 
-def build_dandisets_to_unembargo_message(dandisets: Iterable[Dandiset]):
-    dandiset_context = [
-        {
-            'identifier': ds.identifier,
-            'owners': [user.username for user in ds.owners],
-            'asset_count': ds.draft_version.asset_count,
-            'size': ds.draft_version.size,
-        }
-        for ds in dandisets
-    ]
-    render_context = {**BASE_RENDER_CONTEXT, 'dandisets': dandiset_context}
-    return build_message(
-        subject='DANDI: New Dandisets to unembargo',
-        message=render_to_string('api/mail/dandisets_to_unembargo.txt', render_context),
-        to=[settings.DANDI_DEV_EMAIL],
-    )
-
-
-def send_dandisets_to_unembargo_message(dandisets: Iterable[Dandiset]):
-    logger.info('Sending dandisets to unembargo message to devs at %s', settings.DANDI_DEV_EMAIL)
-    messages = [build_dandisets_to_unembargo_message(dandisets)]
-    with mail.get_connection() as connection:
-        connection.send_messages(messages)
-
-
 def build_dandiset_unembargoed_message(dandiset: Dandiset):
     dandiset_context = {
         'identifier': dandiset.identifier,
diff --git a/dandiapi/api/models/dandiset.py b/dandiapi/api/models/dandiset.py
index 595467dc7..4d95b6db4 100644
--- a/dandiapi/api/models/dandiset.py
+++ b/dandiapi/api/models/dandiset.py
@@ -62,6 +62,10 @@ def identifier(self) -> str:
     def embargoed(self) -> bool:
         return self.embargo_status == self.EmbargoStatus.EMBARGOED
 
+    @property
+    def unembargo_in_progress(self) -> bool:
+        return self.embargo_status == self.EmbargoStatus.UNEMBARGOING
+
     @property
     def most_recent_published_version(self):
         return self.versions.exclude(version='draft').order_by('modified').last()
diff --git a/dandiapi/api/services/dandiset/__init__.py b/dandiapi/api/services/dandiset/__init__.py
index 05450a94f..1b8d7f9e5 100644
--- a/dandiapi/api/services/dandiset/__init__.py
+++ b/dandiapi/api/services/dandiset/__init__.py
@@ -56,7 +56,7 @@ def delete_dandiset(*, user, dandiset: Dandiset) -> None:
         raise NotAllowedError('Cannot delete dandisets with published versions.')
     if dandiset.versions.filter(status=Version.Status.PUBLISHING).exists():
         raise NotAllowedError('Cannot delete dandisets that are currently being published.')
-    if dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
+    if dandiset.unembargo_in_progress:
         raise DandisetUnembargoInProgressError
 
     # Delete all versions first, so that AssetPath deletion is cascaded
diff --git a/dandiapi/api/services/embargo/__init__.py b/dandiapi/api/services/embargo/__init__.py
index 0a421d368..2ad9a8aca 100644
--- a/dandiapi/api/services/embargo/__init__.py
+++ b/dandiapi/api/services/embargo/__init__.py
@@ -8,11 +8,12 @@
 from django.conf import settings
 from django.db import transaction
 
-from dandiapi.api.mail import send_dandiset_unembargoed_message, send_dandisets_to_unembargo_message
+from dandiapi.api.mail import send_dandiset_unembargoed_message
 from dandiapi.api.models import AssetBlob, Dandiset, Version
 from dandiapi.api.services.asset.exceptions import DandisetOwnerRequiredError
 from dandiapi.api.services.exceptions import DandiError
 from dandiapi.api.storage import get_boto_client
+from dandiapi.api.tasks import unembargo_dandiset_task
 
 from .exceptions import (
     AssetBlobEmbargoedError,
@@ -119,10 +120,8 @@ def kickoff_dandiset_unembargo(*, user: User, dandiset: Dandiset):
     if dandiset.uploads.count():
         raise DandisetActiveUploadsError
 
-    # A scheduled task will pick up any new dandisets with this status
-    Dandiset.objects.filter(pk=dandiset.pk).update(
-        embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
-    )
-
-    # Send initial email to ensure it's seen in a timely manner
-    send_dandisets_to_unembargo_message(dandisets=[dandiset])
+    with transaction.atomic():
+        Dandiset.objects.filter(pk=dandiset.pk).update(
+            embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
+        )
+        transaction.on_commit(lambda: unembargo_dandiset_task.delay(dandiset.pk))
diff --git a/dandiapi/api/tasks/__init__.py b/dandiapi/api/tasks/__init__.py
index b06a87b2c..2a7fa9318 100644
--- a/dandiapi/api/tasks/__init__.py
+++ b/dandiapi/api/tasks/__init__.py
@@ -12,6 +12,7 @@
     write_dandiset_yaml,
 )
 from dandiapi.api.models import Asset, AssetBlob, Version
+from dandiapi.api.models.dandiset import Dandiset
 
 logger = get_task_logger(__name__)
 
@@ -74,3 +75,11 @@ def publish_dandiset_task(dandiset_id: int):
     from dandiapi.api.services.publish import _publish_dandiset
 
     _publish_dandiset(dandiset_id=dandiset_id)
+
+
+@shared_task
+def unembargo_dandiset_task(dandiset_id: int):
+    from dandiapi.api.services.embargo import unembargo_dandiset
+
+    ds = Dandiset.objects.get(pk=dandiset_id)
+    unembargo_dandiset(ds)
diff --git a/dandiapi/api/tasks/scheduled.py b/dandiapi/api/tasks/scheduled.py
index 9fa8af71d..2b4a100e9 100644
--- a/dandiapi/api/tasks/scheduled.py
+++ b/dandiapi/api/tasks/scheduled.py
@@ -20,10 +20,9 @@
 from django.db.models.query_utils import Q
 
 from dandiapi.analytics.tasks import collect_s3_log_records_task
-from dandiapi.api.mail import send_dandisets_to_unembargo_message, send_pending_users_message
+from dandiapi.api.mail import send_pending_users_message
 from dandiapi.api.models import UserMetadata, Version
 from dandiapi.api.models.asset import Asset
-from dandiapi.api.models.dandiset import Dandiset
 from dandiapi.api.services.metadata import version_aggregate_assets_summary
 from dandiapi.api.services.metadata.exceptions import VersionMetadataConcurrentlyModifiedError
 from dandiapi.api.tasks import (
@@ -112,14 +111,6 @@ def send_pending_users_email() -> None:
         send_pending_users_message(pending_users)
 
 
-@shared_task(soft_time_limit=20)
-def send_dandisets_to_unembargo_email() -> None:
-    """Send an email to admins listing dandisets that have requested unembargo."""
-    dandisets = Dandiset.objects.filter(embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING)
-    if dandisets.exists():
-        send_dandisets_to_unembargo_message(dandisets)
-
-
 @shared_task(soft_time_limit=60)
 def refresh_materialized_view_search() -> None:
     """
@@ -148,9 +139,6 @@ def register_scheduled_tasks(sender: Celery, **kwargs):
     # Send daily email to admins containing a list of users awaiting approval
     sender.add_periodic_task(crontab(hour=0, minute=0), send_pending_users_email.s())
 
-    # Send daily email to admins containing a list of dandisets to unembargo
-    sender.add_periodic_task(crontab(hour=0, minute=0), send_dandisets_to_unembargo_email.s())
-
     # Refresh the materialized view used by asset search every 10 mins.
     sender.add_periodic_task(timedelta(minutes=10), refresh_materialized_view_search.s())
 
diff --git a/dandiapi/api/templates/api/mail/dandisets_to_unembargo.txt b/dandiapi/api/templates/api/mail/dandisets_to_unembargo.txt
deleted file mode 100644
index c716839b1..000000000
--- a/dandiapi/api/templates/api/mail/dandisets_to_unembargo.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-{% autoescape off %}
-The following new dandisets are awaiting unembargo:
-
-{% for ds in dandisets %}
-Dandiset ID: {{ ds.identifier }}
-Owners: {{ ds.owners }}
-Number of Assets: {{ ds.asset_count }}
-Total data size: {{ ds.size }}
-{% endfor %}
-{% endautoescape %}
diff --git a/dandiapi/api/tests/test_asset.py b/dandiapi/api/tests/test_asset.py
index 68dadca42..fc0e32f4a 100644
--- a/dandiapi/api/tests/test_asset.py
+++ b/dandiapi/api/tests/test_asset.py
@@ -637,7 +637,7 @@ def test_asset_create_embargo(
 
 
 @pytest.mark.django_db()
-def test_asset_create_unembargoing(
+def test_asset_create_unembargo_in_progress(
     api_client, user, draft_version_factory, dandiset_factory, embargoed_asset_blob
 ):
     dandiset = dandiset_factory(embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING)
@@ -1122,7 +1122,7 @@ def test_asset_rest_update_embargo(api_client, user, draft_version, asset, embar
 
 
 @pytest.mark.django_db()
-def test_asset_rest_update_unembargoing(
+def test_asset_rest_update_unembargo_in_progress(
     api_client, user, draft_version_factory, asset, embargoed_asset_blob
 ):
     draft_version = draft_version_factory(
@@ -1325,7 +1325,7 @@ def test_asset_rest_delete(api_client, user, draft_version, asset):
 
 
 @pytest.mark.django_db()
-def test_asset_rest_delete_unembargoing(api_client, user, draft_version_factory, asset):
+def test_asset_rest_delete_unembargo_in_progress(api_client, user, draft_version_factory, asset):
     draft_version = draft_version_factory(
         dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
     )
diff --git a/dandiapi/api/tests/test_dandiset.py b/dandiapi/api/tests/test_dandiset.py
index 9efeed612..4ac6d78e1 100644
--- a/dandiapi/api/tests/test_dandiset.py
+++ b/dandiapi/api/tests/test_dandiset.py
@@ -735,30 +735,28 @@ def test_dandiset_rest_create_with_invalid_identifier(api_client, admin_user):
 
 
 @pytest.mark.django_db()
-def test_dandiset_rest_delete(api_client, draft_version_factory, user):
+@pytest.mark.parametrize(
+    ('embargo_status', 'success'),
+    [
+        (Dandiset.EmbargoStatus.OPEN, True),
+        (Dandiset.EmbargoStatus.EMBARGOED, True),
+        (Dandiset.EmbargoStatus.UNEMBARGOING, False),
+    ],
+)
+def test_dandiset_rest_delete(api_client, draft_version_factory, user, embargo_status, success):
     api_client.force_authenticate(user=user)
 
     # Ensure that open or embargoed dandisets can be deleted
-    draft_version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.OPEN)
-    assign_perm('owner', user, draft_version.dandiset)
-    response = api_client.delete(f'/api/dandisets/{draft_version.dandiset.identifier}/')
-    assert response.status_code == 204
-    assert not Dandiset.objects.all()
-
-    draft_version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
+    draft_version = draft_version_factory(dandiset__embargo_status=embargo_status)
     assign_perm('owner', user, draft_version.dandiset)
     response = api_client.delete(f'/api/dandisets/{draft_version.dandiset.identifier}/')
-    assert response.status_code == 204
-    assert not Dandiset.objects.all()
 
-    # Ensure that currently unembargoing dandisets can't be deleted
-    draft_version = draft_version_factory(
-        dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
-    )
-    assign_perm('owner', user, draft_version.dandiset)
-    response = api_client.delete(f'/api/dandisets/{draft_version.dandiset.identifier}/')
-    assert response.status_code == 400
-    assert Dandiset.objects.count() == 1
+    if success:
+        assert response.status_code == 204
+        assert not Dandiset.objects.all()
+    else:
+        assert response.status_code >= 400
+        assert Dandiset.objects.count() == 1
 
 
 @pytest.mark.django_db()
@@ -885,13 +883,13 @@ def test_dandiset_rest_change_owner(
 
 
 @pytest.mark.django_db()
-def test_dandiset_rest_change_owners_unembargoing(
+def test_dandiset_rest_change_owners_unembargo_in_progress(
     api_client,
     draft_version_factory,
     user_factory,
     social_account_factory,
 ):
-    """Test that unembargoing a dandiset prevents user modification."""
+    """Test that a dandiset undergoing unembargo prevents user modification."""
     draft_version = draft_version_factory(
         dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
     )
diff --git a/dandiapi/api/tests/test_unembargo.py b/dandiapi/api/tests/test_unembargo.py
index 1d3bdacda..f59d9fc59 100644
--- a/dandiapi/api/tests/test_unembargo.py
+++ b/dandiapi/api/tests/test_unembargo.py
@@ -69,23 +69,27 @@ def test_kickoff_dandiset_unembargo_active_uploads(
     assert resp.status_code == 400
 
 
-@pytest.mark.django_db()
-def test_kickoff_dandiset_unembargo(api_client, user, draft_version_factory, mailoutbox):
+# transaction=True required due to how `kickoff_dandiset_unembargo` calls `unembargo_dandiset_task`
+@pytest.mark.django_db(transaction=True)
+def test_kickoff_dandiset_unembargo(api_client, user, draft_version_factory, mailoutbox, mocker):
     draft_version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
     ds: Dandiset = draft_version.dandiset
 
     assign_perm('owner', user, ds)
     api_client.force_authenticate(user=user)
 
+    # mock this task to check if called
+    patched_task = mocker.patch('dandiapi.api.services.embargo.unembargo_dandiset_task')
+
     resp = api_client.post(f'/api/dandisets/{ds.identifier}/unembargo/')
     assert resp.status_code == 200
 
     ds.refresh_from_db()
     assert ds.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING
-    assert mailoutbox
-    assert 'unembargo' in mailoutbox[0].subject
-    assert ds.identifier in mailoutbox[0].message().get_payload()
-    assert user.username in mailoutbox[0].message().get_payload()
+
+    # Check that unembargo dandiset task was delayed
+    assert len(patched_task.mock_calls) == 1
+    assert str(patched_task.mock_calls[0]) == f'call.delay({ds.pk})'
 
 
 @pytest.mark.django_db()
diff --git a/dandiapi/api/tests/test_upload.py b/dandiapi/api/tests/test_upload.py
index 133c2ff7a..84c1b7bb2 100644
--- a/dandiapi/api/tests/test_upload.py
+++ b/dandiapi/api/tests/test_upload.py
@@ -110,7 +110,7 @@ def test_upload_initialize(api_client, user, dandiset_factory, embargoed):
 
 
 @pytest.mark.django_db()
-def test_upload_initialize_unembargoing(api_client, user, dandiset_factory):
+def test_upload_initialize_unembargo_in_progress(api_client, user, dandiset_factory):
     dandiset = dandiset_factory(embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING)
     api_client.force_authenticate(user=user)
     assign_perm('owner', user, dandiset)
diff --git a/dandiapi/api/tests/test_version.py b/dandiapi/api/tests/test_version.py
index f25ae29cb..08b615ebc 100644
--- a/dandiapi/api/tests/test_version.py
+++ b/dandiapi/api/tests/test_version.py
@@ -606,7 +606,7 @@ def test_version_rest_update(api_client, user, draft_version):
 
 
 @pytest.mark.django_db()
-def test_version_rest_update_unembargoing(api_client, user, draft_version_factory):
+def test_version_rest_update_unembargo_in_progress(api_client, user, draft_version_factory):
     draft_version = draft_version_factory(
         dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
     )
@@ -802,7 +802,7 @@ def test_version_rest_publish_embargo(api_client: APIClient, user: User, draft_v
 
 
 @pytest.mark.django_db()
-def test_version_rest_publish_unembargoing(
+def test_version_rest_publish_unembargo_in_progress(
     api_client: APIClient, user: User, draft_version_factory
 ):
     draft_version = draft_version_factory(
diff --git a/dandiapi/api/views/asset.py b/dandiapi/api/views/asset.py
index d92fa0d0e..5a3502e53 100644
--- a/dandiapi/api/views/asset.py
+++ b/dandiapi/api/views/asset.py
@@ -324,7 +324,7 @@ def create(self, request, versions__dandiset__pk, versions__version):
             version=versions__version,
         )
 
-        if version.dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
+        if version.dandiset.unembargo_in_progress:
             raise DandisetUnembargoInProgressError
 
         serializer = AssetRequestSerializer(data=self.request.data)
@@ -361,7 +361,7 @@ def update(self, request, versions__dandiset__pk, versions__version, **kwargs):
         )
         if version.version != 'draft':
             raise DraftDandisetNotModifiableError
-        if version.dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
+        if version.dandiset.unembargo_in_progress:
             raise DandisetUnembargoInProgressError
 
         serializer = AssetRequestSerializer(data=self.request.data)
@@ -399,7 +399,7 @@ def destroy(self, request, versions__dandiset__pk, versions__version, **kwargs):
             dandiset__pk=versions__dandiset__pk,
             version=versions__version,
         )
-        if version.dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
+        if version.dandiset.unembargo_in_progress:
             raise DandisetUnembargoInProgressError
 
         # Lock asset for delete
diff --git a/dandiapi/api/views/dandiset.py b/dandiapi/api/views/dandiset.py
index 770e58366..984b80d2c 100644
--- a/dandiapi/api/views/dandiset.py
+++ b/dandiapi/api/views/dandiset.py
@@ -377,7 +377,7 @@ def unembargo(self, request, dandiset__pk):
     def users(self, request, dandiset__pk):  # noqa: C901
         dandiset: Dandiset = self.get_object()
         if request.method == 'PUT':
-            if dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
+            if dandiset.unembargo_in_progress:
                 raise DandisetUnembargoInProgressError
 
             # Verify that the user is currently an owner
diff --git a/dandiapi/api/views/upload.py b/dandiapi/api/views/upload.py
index acdf6a41e..433195716 100644
--- a/dandiapi/api/views/upload.py
+++ b/dandiapi/api/views/upload.py
@@ -137,7 +137,7 @@ def upload_initialize_view(request: Request) -> HttpResponseBase:
         return response
 
     # Ensure dandiset not in the process of unembargo
-    if dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
+    if dandiset.unembargo_in_progress:
         raise DandisetUnembargoInProgressError
 
     logging.info(
diff --git a/dandiapi/api/views/version.py b/dandiapi/api/views/version.py
index 0a052d9a7..d37adc931 100644
--- a/dandiapi/api/views/version.py
+++ b/dandiapi/api/views/version.py
@@ -95,7 +95,7 @@ def update(self, request, **kwargs):
                 'Only draft versions can be modified.',
                 status=status.HTTP_405_METHOD_NOT_ALLOWED,
             )
-        if version.dandiset.embargo_status == Dandiset.EmbargoStatus.UNEMBARGOING:
+        if version.dandiset.unembargo_in_progress:
             raise DandisetUnembargoInProgressError
 
         serializer = VersionMetadataSerializer(data=request.data)
diff --git a/web/src/views/DandisetLandingView/DandisetActions.vue b/web/src/views/DandisetLandingView/DandisetActions.vue
index fc9ae4391..9249090ee 100644
--- a/web/src/views/DandisetLandingView/DandisetActions.vue
+++ b/web/src/views/DandisetLandingView/DandisetActions.vue
@@ -72,7 +72,7 @@
           id="view-data"
           outlined
           block
-          :disabled="currentDandiset.dandiset.embargo_status === 'UNEMBARGOING'"
+          :disabled="unembargo_in_progress"
           :to="fileBrowserLink"
           exact
         >
@@ -156,6 +156,7 @@ const store = useDandisetStore();
 
 const currentDandiset = computed(() => store.dandiset);
 const currentVersion = computed(() => store.version);
+const unembargo_in_progress = computed(() => currentDandiset.value && currentDandiset.value.dandiset.embargo_status === 'UNEMBARGOING')
 
 const fileBrowserLink: ComputedRef<Location|null> = computed(() => {
   if (!currentDandiset.value) {
diff --git a/web/src/views/DandisetLandingView/DandisetUnembargo.vue b/web/src/views/DandisetLandingView/DandisetUnembargo.vue
index c6c846a80..e1fbfc520 100644
--- a/web/src/views/DandisetLandingView/DandisetUnembargo.vue
+++ b/web/src/views/DandisetLandingView/DandisetUnembargo.vue
@@ -65,7 +65,7 @@
     >
       <v-tooltip
         left
-        :disabled="!unembargoing"
+        :disabled="!unembargo_in_progress"
       >
         <template #activator="{ on }">
           <div
@@ -77,16 +77,16 @@
               block
               color="info"
               depressed
-              :disabled="unembargoing"
+              :disabled="unembargo_in_progress"
               @click="unembargo()"
             >
-              {{ unembargoing ? 'Unembargoing' : 'Unembargo' }}
+              {{ unembargo_in_progress ? 'Unembargoing' : 'Unembargo' }}
               <v-spacer />
               <v-icon>mdi-lock-open</v-icon>
             </v-btn>
           </div>
         </template>
-        <span v-if="unembargoing">This dandiset is being unembargoed, please wait.</span>
+        <span v-if="unembargo_in_progress">This dandiset is being unembargoed, please wait.</span>
       </v-tooltip>
     </v-row>
     <v-row>
@@ -126,7 +126,7 @@ function formatDate(date: string): string {
 const store = useDandisetStore();
 
 const currentDandiset = computed(() => store.dandiset);
-const unembargoing = computed(() => currentDandiset.value?.dandiset.embargo_status === 'UNEMBARGOING');
+const unembargo_in_progress = computed(() => currentDandiset.value?.dandiset.embargo_status === 'UNEMBARGOING');
 const showWarningDialog = ref(false);
 const confirmationPhrase = ref('');
 
diff --git a/web/src/views/FileBrowserView/FileBrowser.vue b/web/src/views/FileBrowserView/FileBrowser.vue
index 0a7c6a89e..55f19a143 100644
--- a/web/src/views/FileBrowserView/FileBrowser.vue
+++ b/web/src/views/FileBrowserView/FileBrowser.vue
@@ -1,5 +1,5 @@
 <template>
-  <div v-if="currentDandiset && currentDandiset.dandiset.embargo_status !== 'UNEMBARGOING'">
+  <div v-if="!unembargo_in_progress">
     <v-progress-linear
       v-if="!currentDandiset"
       indeterminate
@@ -390,6 +390,7 @@ const updating = ref(false);
 const owners = computed(() => store.owners?.map((u) => u.username) || null);
 const currentDandiset = computed(() => store.dandiset);
 const embargoed = computed(() => currentDandiset.value?.dandiset.embargo_status === 'EMBARGOED');
+const unembargo_in_progress = computed(() => currentDandiset.value?.dandiset.embargo_status === 'UNEMBARGOING')
 const splitLocation = computed(() => location.value.split('/'));
 const isAdmin = computed(() => user.value?.admin || false);
 const isOwner = computed(() => !!(

From bc1be9b915adca060194dca4390f5f7205778269 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Tue, 2 Jul 2024 17:30:39 -0400
Subject: [PATCH 047/131] Send email to dandiset owners and admins if unembargo
 fails

---
 dandiapi/api/mail.py                          | 39 ++++++++++++++++++-
 dandiapi/api/tasks/__init__.py                |  9 ++++-
 .../api/mail/dandiset_unembargo_failed.html   |  6 +++
 dandiapi/api/tests/test_unembargo.py          | 17 ++++++++
 4 files changed, 68 insertions(+), 3 deletions(-)
 create mode 100644 dandiapi/api/templates/api/mail/dandiset_unembargo_failed.html

diff --git a/dandiapi/api/mail.py b/dandiapi/api/mail.py
index 4d94dfcfb..63d5192f4 100644
--- a/dandiapi/api/mail.py
+++ b/dandiapi/api/mail.py
@@ -43,8 +43,17 @@ def user_greeting_name(user: User, socialaccount: SocialAccount = None) -> str:
     return social_user['username']
 
 
-def build_message(subject: str, message: str, to: list[str], html_message: str | None = None):
-    email_message = mail.EmailMultiAlternatives(subject=subject, body=message, to=to)
+def build_message(  # noqa: PLR0913
+    to: list[str],
+    subject: str,
+    message: str,
+    html_message: str | None = None,
+    cc: list[str] | None = None,
+    bcc: list[str] | None = None,
+):
+    email_message = mail.EmailMultiAlternatives(
+        subject=subject, body=message, to=to, cc=cc, bcc=bcc
+    )
     if html_message is not None:
         email_message.attach_alternative(html_message, 'text/html')
     return email_message
@@ -206,3 +215,29 @@ def send_dandiset_unembargoed_message(dandiset: Dandiset):
     messages = [build_dandiset_unembargoed_message(dandiset)]
     with mail.get_connection() as connection:
         connection.send_messages(messages)
+
+
+def build_dandiset_unembargo_failed_message(dandiset: Dandiset):
+    dandiset_context = {
+        'identifier': dandiset.identifier,
+    }
+
+    render_context = {**BASE_RENDER_CONTEXT, 'dandiset': dandiset_context}
+    html_message = render_to_string('api/mail/dandiset_unembargo_failed.html', render_context)
+    return build_message(
+        subject=f'DANDI: Unembargo failed for dandiset {dandiset.identifier}',
+        message=strip_tags(html_message),
+        html_message=html_message,
+        to=[owner.email for owner in dandiset.owners],
+        bcc=[settings.DANDI_DEV_EMAIL],
+    )
+
+
+def send_dandiset_unembargo_failed_message(dandiset: Dandiset):
+    logger.info(
+        'Sending dandiset unembargo failed message for dandiset %s to dandiset owners and devs',
+        dandiset.identifier,
+    )
+    messages = [build_dandiset_unembargo_failed_message(dandiset)]
+    with mail.get_connection() as connection:
+        connection.send_messages(messages)
diff --git a/dandiapi/api/tasks/__init__.py b/dandiapi/api/tasks/__init__.py
index 2a7fa9318..98b919604 100644
--- a/dandiapi/api/tasks/__init__.py
+++ b/dandiapi/api/tasks/__init__.py
@@ -4,6 +4,7 @@
 from celery.utils.log import get_task_logger
 
 from dandiapi.api.doi import delete_doi
+from dandiapi.api.mail import send_dandiset_unembargo_failed_message
 from dandiapi.api.manifests import (
     write_assets_jsonld,
     write_assets_yaml,
@@ -82,4 +83,10 @@ def unembargo_dandiset_task(dandiset_id: int):
     from dandiapi.api.services.embargo import unembargo_dandiset
 
     ds = Dandiset.objects.get(pk=dandiset_id)
-    unembargo_dandiset(ds)
+
+    # If the unembargo fails for any reason, send an email, but continue the error propagation
+    try:
+        unembargo_dandiset(ds)
+    except Exception:
+        send_dandiset_unembargo_failed_message(ds)
+        raise
diff --git a/dandiapi/api/templates/api/mail/dandiset_unembargo_failed.html b/dandiapi/api/templates/api/mail/dandiset_unembargo_failed.html
new file mode 100644
index 000000000..176a49476
--- /dev/null
+++ b/dandiapi/api/templates/api/mail/dandiset_unembargo_failed.html
@@ -0,0 +1,6 @@
+There was an error during the unembargo of dandiset
+<a href="{{ dandiset.ui_link }}">{{dandiset.identifier }}</a>. This has been reported to the developers, and will be
+investigated as soon as possible. We hope to have this resolved soon! Please avoid making any major changes to this
+dandiset in the meantime, as that may hinder or delay the process of resolving this issue.
+<br><br><br>
+<em>You are receiving this email because you are an owner of this dandiset.</em>
\ No newline at end of file
diff --git a/dandiapi/api/tests/test_unembargo.py b/dandiapi/api/tests/test_unembargo.py
index f59d9fc59..9740ecebf 100644
--- a/dandiapi/api/tests/test_unembargo.py
+++ b/dandiapi/api/tests/test_unembargo.py
@@ -14,6 +14,7 @@
 )
 from dandiapi.api.services.embargo.exceptions import DandisetActiveUploadsError
 from dandiapi.api.services.exceptions import DandiError
+from dandiapi.api.tasks import unembargo_dandiset_task
 
 if TYPE_CHECKING:
     from dandiapi.api.models.asset import AssetBlob
@@ -162,3 +163,19 @@ def test_unembargo_dandiset(
     owner_email_set = {user.email for user in owners}
     mailoutbox_to_email_set = set(mailoutbox[0].to)
     assert owner_email_set == mailoutbox_to_email_set
+
+
+@pytest.mark.django_db()
+def test_unembargo_dandiset_task_failure(draft_version_factory, mailoutbox):
+    # Intentionally set the status to embargoed so the task will fail
+    draft_version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
+    ds: Dandiset = draft_version.dandiset
+
+    with pytest.raises(DandiError):
+        unembargo_dandiset_task.delay(ds.pk)
+
+    assert mailoutbox
+    assert 'Unembargo failed' in mailoutbox[0].subject
+    payload = mailoutbox[0].message().get_payload()[0].get_payload()
+    assert ds.identifier in payload
+    assert 'error during the unembargo' in payload

From 1f165ae062a905e4290d847c160aef8b025a0322 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Tue, 16 Jul 2024 21:20:44 -0400
Subject: [PATCH 048/131] Add custom admin view to generate a Mailchimp CSV of
 all active users

---
 dandiapi/api/templates/dashboard/base.html |  1 +
 dandiapi/api/views/__init__.py             |  3 ++-
 dandiapi/api/views/dashboard.py            | 23 +++++++++++++++++++++-
 dandiapi/urls.py                           |  2 ++
 4 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/dandiapi/api/templates/dashboard/base.html b/dandiapi/api/templates/dashboard/base.html
index 16e353803..3cbceb8be 100644
--- a/dandiapi/api/templates/dashboard/base.html
+++ b/dandiapi/api/templates/dashboard/base.html
@@ -16,6 +16,7 @@ <h1 id="site-name"><a href="{% url 'admin:index' %}">{{ site_header|default:_('D
   <a class="dandi-navbar-link" href="{% url 'dashboard-index' %}">Dashboard Home</a>
   <a class="dandi-navbar-link" href="{% url "admin:auth_user_changelist" %}">Users</a>
   <a class="dandi-navbar-link" href="{% url 'admin:index' %}">Admin</a>
+  <a class="dandi-navbar-link" href="{% url 'mailchimp-csv' %}">Mailchimp CSV</a>
   {% if title %} &rsaquo; {{ title }}{% endif %}
 </div>
 {% endblock %}
diff --git a/dandiapi/api/views/__init__.py b/dandiapi/api/views/__init__.py
index 7254ba465..4e7b90cdc 100644
--- a/dandiapi/api/views/__init__.py
+++ b/dandiapi/api/views/__init__.py
@@ -3,7 +3,7 @@
 from .asset import AssetViewSet, NestedAssetViewSet
 from .auth import auth_token_view, authorize_view, user_questionnaire_form_view
 from .dandiset import DandisetViewSet
-from .dashboard import DashboardView, user_approval_view
+from .dashboard import DashboardView, mailchimp_csv_view, user_approval_view
 from .info import info_view
 from .root import root_content_view
 from .stats import stats_view
@@ -25,6 +25,7 @@
     'authorize_view',
     'auth_token_view',
     'blob_read_view',
+    'mailchimp_csv_view',
     'upload_initialize_view',
     'upload_complete_view',
     'upload_validate_view',
diff --git a/dandiapi/api/views/dashboard.py b/dandiapi/api/views/dashboard.py
index 6a595e086..29d122499 100644
--- a/dandiapi/api/views/dashboard.py
+++ b/dandiapi/api/views/dashboard.py
@@ -1,5 +1,6 @@
 from __future__ import annotations
 
+import csv
 from typing import TYPE_CHECKING
 
 from django.conf import settings
@@ -7,7 +8,7 @@
 from django.contrib.auth.models import User
 from django.core.exceptions import PermissionDenied, ValidationError
 from django.db.models import Exists, OuterRef
-from django.http import HttpRequest, HttpResponseRedirect
+from django.http import HttpRequest, HttpResponse, HttpResponseRedirect
 from django.shortcuts import get_object_or_404, render
 from django.views.decorators.http import require_http_methods
 from django.views.generic.base import TemplateView
@@ -82,6 +83,26 @@ def _users(self):
         )
 
 
+def mailchimp_csv_view(request: HttpRequest) -> HttpResponse:
+    """Generate a Mailchimp-compatible CSV file of all active users."""
+    # In production, there's a placeholder user with a blank email that we want
+    # to avoid.
+    users = User.objects.filter(is_active=True).exclude(email='')
+    data = users.values_list('email', 'first_name', 'last_name')
+
+    response = HttpResponse(
+        content_type='text/csv',
+        headers={
+            'Content-Disposition': 'attachment; filename="dandi_users_mailchimp.csv"',
+        },
+    )
+    writer = csv.writer(response)
+    writer.writerow(('Email Address', 'First Name', 'Last Name'))
+    writer.writerows(data)
+
+    return response
+
+
 @require_http_methods(['GET', 'POST'])
 def user_approval_view(request: HttpRequest, username: str):
     # Redirect user to login if they're not authenticated
diff --git a/dandiapi/urls.py b/dandiapi/urls.py
index 32267b165..d4ae45c8a 100644
--- a/dandiapi/urls.py
+++ b/dandiapi/urls.py
@@ -18,6 +18,7 @@
     authorize_view,
     blob_read_view,
     info_view,
+    mailchimp_csv_view,
     root_content_view,
     stats_view,
     upload_complete_view,
@@ -105,6 +106,7 @@ def to_url(self, value):
     path('admin/', admin.site.urls),
     path('dashboard/', DashboardView.as_view(), name='dashboard-index'),
     path('dashboard/user/<str:username>/', user_approval_view, name='user-approval'),
+    path('dashboard/mailchimp', mailchimp_csv_view, name='mailchimp-csv'),
     # this url overrides the authorize url in oauth2_provider.urls to
     # support our user signup workflow
     re_path(r'^oauth/authorize/$', authorize_view, name='authorize'),

From e2808d15baf4643352924eaecffea9643a26d9af Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 17 Jul 2024 16:49:59 -0400
Subject: [PATCH 049/131] Use .iterator() to avoid memory blowup

---
 dandiapi/api/views/dashboard.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dandiapi/api/views/dashboard.py b/dandiapi/api/views/dashboard.py
index 29d122499..fef980702 100644
--- a/dandiapi/api/views/dashboard.py
+++ b/dandiapi/api/views/dashboard.py
@@ -88,7 +88,7 @@ def mailchimp_csv_view(request: HttpRequest) -> HttpResponse:
     # In production, there's a placeholder user with a blank email that we want
     # to avoid.
     users = User.objects.filter(is_active=True).exclude(email='')
-    data = users.values_list('email', 'first_name', 'last_name')
+    data = users.values_list('email', 'first_name', 'last_name').iterator()
 
     response = HttpResponse(
         content_type='text/csv',

From 42ae9de071ff83cb7a45e1c062e33ea4a1e27afe Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 17 Jul 2024 16:50:28 -0400
Subject: [PATCH 050/131] Use a streaming response in case CSV gets very big

---
 dandiapi/api/views/dashboard.py | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/dandiapi/api/views/dashboard.py b/dandiapi/api/views/dashboard.py
index fef980702..377c45682 100644
--- a/dandiapi/api/views/dashboard.py
+++ b/dandiapi/api/views/dashboard.py
@@ -8,7 +8,7 @@
 from django.contrib.auth.models import User
 from django.core.exceptions import PermissionDenied, ValidationError
 from django.db.models import Exists, OuterRef
-from django.http import HttpRequest, HttpResponse, HttpResponseRedirect
+from django.http import HttpRequest, HttpResponseRedirect, StreamingHttpResponse
 from django.shortcuts import get_object_or_404, render
 from django.views.decorators.http import require_http_methods
 from django.views.generic.base import TemplateView
@@ -83,22 +83,35 @@ def _users(self):
         )
 
 
-def mailchimp_csv_view(request: HttpRequest) -> HttpResponse:
+def mailchimp_csv_view(request: HttpRequest) -> StreamingHttpResponse:
     """Generate a Mailchimp-compatible CSV file of all active users."""
     # In production, there's a placeholder user with a blank email that we want
     # to avoid.
     users = User.objects.filter(is_active=True).exclude(email='')
     data = users.values_list('email', 'first_name', 'last_name').iterator()
 
-    response = HttpResponse(
-        content_type='text/csv',
+    def streaming_output():
+        """A generator that "streams" CSV rows using a pseudo-buffer."""
+
+        # This class implements a filelike's write() interface to provide a way
+        # for the CSV writer to "return" the CSV lines as strings.
+        class Echo:
+            def write(self, value):
+                return value
+
+        # Yield back the rows of the CSV file.
+        writer = csv.writer(Echo())
+        yield writer.writerow(('Email Address', 'First Name', 'Last Name'))
+        for row in data:
+            yield writer.writerow(data)
+
+    response = StreamingHttpResponse(
+        streaming_output(),
+        content_type='text/plain',
         headers={
             'Content-Disposition': 'attachment; filename="dandi_users_mailchimp.csv"',
         },
     )
-    writer = csv.writer(response)
-    writer.writerow(('Email Address', 'First Name', 'Last Name'))
-    writer.writerows(data)
 
     return response
 

From 47576f938c1b35504572af18b40f7a59f995c285 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Thu, 18 Jul 2024 15:11:46 -0400
Subject: [PATCH 051/131] Switch to DictWriter for its safety features

---
 dandiapi/api/views/dashboard.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/dandiapi/api/views/dashboard.py b/dandiapi/api/views/dashboard.py
index 377c45682..92df54ad6 100644
--- a/dandiapi/api/views/dashboard.py
+++ b/dandiapi/api/views/dashboard.py
@@ -88,7 +88,9 @@ def mailchimp_csv_view(request: HttpRequest) -> StreamingHttpResponse:
     # In production, there's a placeholder user with a blank email that we want
     # to avoid.
     users = User.objects.filter(is_active=True).exclude(email='')
-    data = users.values_list('email', 'first_name', 'last_name').iterator()
+
+    fieldnames = ['email', 'first_name', 'last_name']
+    data = users.values(*fieldnames).iterator()
 
     def streaming_output():
         """A generator that "streams" CSV rows using a pseudo-buffer."""
@@ -100,10 +102,10 @@ def write(self, value):
                 return value
 
         # Yield back the rows of the CSV file.
-        writer = csv.writer(Echo())
-        yield writer.writerow(('Email Address', 'First Name', 'Last Name'))
+        writer = csv.DictWriter(Echo(), fieldnames=fieldnames)
+        yield writer.writeheader()
         for row in data:
-            yield writer.writerow(data)
+            yield writer.writerow(row)
 
     response = StreamingHttpResponse(
         streaming_output(),

From 388adb0fa7a9c4211939140383f1ce8f786e43e3 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <2903332+waxlamp@users.noreply.github.com>
Date: Thu, 18 Jul 2024 15:44:29 -0400
Subject: [PATCH 052/131] Use trailing slash on route

Co-authored-by: Mike VanDenburgh <37340715+mvandenburgh@users.noreply.github.com>
---
 dandiapi/urls.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dandiapi/urls.py b/dandiapi/urls.py
index d4ae45c8a..55eb92632 100644
--- a/dandiapi/urls.py
+++ b/dandiapi/urls.py
@@ -106,7 +106,7 @@ def to_url(self, value):
     path('admin/', admin.site.urls),
     path('dashboard/', DashboardView.as_view(), name='dashboard-index'),
     path('dashboard/user/<str:username>/', user_approval_view, name='user-approval'),
-    path('dashboard/mailchimp', mailchimp_csv_view, name='mailchimp-csv'),
+    path('dashboard/mailchimp/', mailchimp_csv_view, name='mailchimp-csv'),
     # this url overrides the authorize url in oauth2_provider.urls to
     # support our user signup workflow
     re_path(r'^oauth/authorize/$', authorize_view, name='authorize'),

From a19b2ce9b9a168e7ff501951aee5efc56ed69b36 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <2903332+waxlamp@users.noreply.github.com>
Date: Thu, 18 Jul 2024 16:15:44 -0400
Subject: [PATCH 053/131] Restrict Mailchimpable users to just APPROVED

Co-authored-by: Mike VanDenburgh <37340715+mvandenburgh@users.noreply.github.com>
---
 dandiapi/api/views/dashboard.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dandiapi/api/views/dashboard.py b/dandiapi/api/views/dashboard.py
index 92df54ad6..5ad93b99a 100644
--- a/dandiapi/api/views/dashboard.py
+++ b/dandiapi/api/views/dashboard.py
@@ -87,7 +87,7 @@ def mailchimp_csv_view(request: HttpRequest) -> StreamingHttpResponse:
     """Generate a Mailchimp-compatible CSV file of all active users."""
     # In production, there's a placeholder user with a blank email that we want
     # to avoid.
-    users = User.objects.filter(is_active=True).exclude(email='')
+    users = User.objects.filter(metadata__status=UserMetadata.Status.APPROVED).exclude(email='')
 
     fieldnames = ['email', 'first_name', 'last_name']
     data = users.values(*fieldnames).iterator()

From cd064b738e5c15293e46378f57ef577ee2ddc2b3 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <2903332+waxlamp@users.noreply.github.com>
Date: Thu, 18 Jul 2024 16:17:09 -0400
Subject: [PATCH 054/131] Add return type annotation to generator function

Co-authored-by: Mike VanDenburgh <37340715+mvandenburgh@users.noreply.github.com>
---
 dandiapi/api/views/dashboard.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dandiapi/api/views/dashboard.py b/dandiapi/api/views/dashboard.py
index 5ad93b99a..749a55209 100644
--- a/dandiapi/api/views/dashboard.py
+++ b/dandiapi/api/views/dashboard.py
@@ -92,7 +92,7 @@ def mailchimp_csv_view(request: HttpRequest) -> StreamingHttpResponse:
     fieldnames = ['email', 'first_name', 'last_name']
     data = users.values(*fieldnames).iterator()
 
-    def streaming_output():
+    def streaming_output() -> Iterator[str]:
         """A generator that "streams" CSV rows using a pseudo-buffer."""
 
         # This class implements a filelike's write() interface to provide a way

From cb8cb4ec233121d4cce48dd09f44143cf4313b9c Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Thu, 18 Jul 2024 20:04:20 -0400
Subject: [PATCH 055/131] Fix linting errors

---
 dandiapi/api/views/dashboard.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/dandiapi/api/views/dashboard.py b/dandiapi/api/views/dashboard.py
index 749a55209..2d06b8b11 100644
--- a/dandiapi/api/views/dashboard.py
+++ b/dandiapi/api/views/dashboard.py
@@ -18,6 +18,8 @@
 from dandiapi.api.views.users import social_account_to_dict
 
 if TYPE_CHECKING:
+    from collections.abc import Iterator
+
     from allauth.socialaccount.models import SocialAccount
 
 
@@ -93,7 +95,7 @@ def mailchimp_csv_view(request: HttpRequest) -> StreamingHttpResponse:
     data = users.values(*fieldnames).iterator()
 
     def streaming_output() -> Iterator[str]:
-        """A generator that "streams" CSV rows using a pseudo-buffer."""
+        """Stream out the header and CSV rows (for consumption by streaming response)."""
 
         # This class implements a filelike's write() interface to provide a way
         # for the CSV writer to "return" the CSV lines as strings.
@@ -107,7 +109,7 @@ def write(self, value):
         for row in data:
             yield writer.writerow(row)
 
-    response = StreamingHttpResponse(
+    return StreamingHttpResponse(
         streaming_output(),
         content_type='text/plain',
         headers={
@@ -115,8 +117,6 @@ def write(self, value):
         },
     )
 
-    return response
-
 
 @require_http_methods(['GET', 'POST'])
 def user_approval_view(request: HttpRequest, username: str):

From 8f941103876359d2082c389d23c820b701ee5b51 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Thu, 18 Jul 2024 20:11:07 -0400
Subject: [PATCH 056/131] Use a more precise exclude filter

---
 dandiapi/api/views/dashboard.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/dandiapi/api/views/dashboard.py b/dandiapi/api/views/dashboard.py
index 2d06b8b11..1a55f629b 100644
--- a/dandiapi/api/views/dashboard.py
+++ b/dandiapi/api/views/dashboard.py
@@ -87,9 +87,10 @@ def _users(self):
 
 def mailchimp_csv_view(request: HttpRequest) -> StreamingHttpResponse:
     """Generate a Mailchimp-compatible CSV file of all active users."""
-    # In production, there's a placeholder user with a blank email that we want
-    # to avoid.
-    users = User.objects.filter(metadata__status=UserMetadata.Status.APPROVED).exclude(email='')
+    # Exclude the django-guardian anonymous user account.
+    users = User.objects.filter(metadata__status=UserMetadata.Status.APPROVED).exclude(
+        username='AnonymousUser'
+    )
 
     fieldnames = ['email', 'first_name', 'last_name']
     data = users.values(*fieldnames).iterator()

From b6884ef9826fdabe31c45089638154f01caec45e Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Thu, 18 Jul 2024 20:11:27 -0400
Subject: [PATCH 057/131] Use a more precise content type

---
 dandiapi/api/views/dashboard.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dandiapi/api/views/dashboard.py b/dandiapi/api/views/dashboard.py
index 1a55f629b..4f567cbce 100644
--- a/dandiapi/api/views/dashboard.py
+++ b/dandiapi/api/views/dashboard.py
@@ -112,7 +112,7 @@ def write(self, value):
 
     return StreamingHttpResponse(
         streaming_output(),
-        content_type='text/plain',
+        content_type='text/csv',
         headers={
             'Content-Disposition': 'attachment; filename="dandi_users_mailchimp.csv"',
         },

From ed194fca2453dde4361fbac5b34fb4a53d5fc9ed Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Fri, 19 Jul 2024 17:37:22 +0000
Subject: [PATCH 058/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 21649c92d..0a670f4d4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,15 @@
+# v0.3.89 (Fri Jul 19 2024)
+
+#### 🐛 Bug Fix
+
+- Add dashboard link to view to emit user list as Mailchimp-compatible CSV [#1979](https://github.com/dandi/dandi-archive/pull/1979) ([@waxlamp](https://github.com/waxlamp))
+
+#### Authors: 1
+
+- Roni Choudhury ([@waxlamp](https://github.com/waxlamp))
+
+---
+
 # v0.3.88 (Mon Jul 15 2024)
 
 #### 🐛 Bug Fix

From 720018b09785d49f760380c85e187243c7b61fd8 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Fri, 19 Jul 2024 15:46:45 -0400
Subject: [PATCH 059/131] Use select_for_update when updating dandiset version

---
 dandiapi/api/services/embargo/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dandiapi/api/services/embargo/__init__.py b/dandiapi/api/services/embargo/__init__.py
index 2ad9a8aca..b4c2c1aab 100644
--- a/dandiapi/api/services/embargo/__init__.py
+++ b/dandiapi/api/services/embargo/__init__.py
@@ -90,7 +90,7 @@ def unembargo_dandiset(ds: Dandiset):
 
     # Fetch version to ensure changed embargo_status is included
     # Save version to update metadata through populate_metadata
-    v = Version.objects.get(dandiset=ds, version='draft')
+    v = Version.objects.select_for_update().get(dandiset=ds, version='draft')
     v.save()
     logger.info('Version metadata updated')
 

From 566295a9c2461cc2bdecc1cbc4224c46c834651e Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Fri, 19 Jul 2024 17:58:12 -0400
Subject: [PATCH 060/131] Chunk asset blob list in
 _remove_dandiset_asset_blob_embargo_tags

---
 dandiapi/api/services/embargo/__init__.py | 36 ++++++++-------
 dandiapi/api/tests/test_unembargo.py      | 54 ++++++++++++++++++++++-
 2 files changed, 72 insertions(+), 18 deletions(-)

diff --git a/dandiapi/api/services/embargo/__init__.py b/dandiapi/api/services/embargo/__init__.py
index b4c2c1aab..77c31d048 100644
--- a/dandiapi/api/services/embargo/__init__.py
+++ b/dandiapi/api/services/embargo/__init__.py
@@ -7,6 +7,7 @@
 from botocore.config import Config
 from django.conf import settings
 from django.db import transaction
+from more_itertools import chunked
 
 from dandiapi.api.mail import send_dandiset_unembargoed_message
 from dandiapi.api.models import AssetBlob, Dandiset, Version
@@ -28,6 +29,7 @@
 
 
 logger = logging.getLogger(__name__)
+ASSET_BLOB_TAG_REMOVAL_CHUNK_SIZE = 5000
 
 
 def _delete_asset_blob_tags(client: S3Client, blob: str):
@@ -39,25 +41,25 @@ def _delete_asset_blob_tags(client: S3Client, blob: str):
 
 # NOTE: In testing this took ~2 minutes for 100,000 files
 def _remove_dandiset_asset_blob_embargo_tags(dandiset: Dandiset):
-    embargoed_asset_blobs = list(
-        AssetBlob.objects.filter(embargoed=True, assets__versions__dandiset=dandiset).values_list(
-            'blob', flat=True
-        )
+    client = get_boto_client(config=Config(max_pool_connections=100))
+    embargoed_asset_blobs = (
+        AssetBlob.objects.filter(embargoed=True, assets__versions__dandiset=dandiset)
+        .values_list('blob', flat=True)
+        .iterator(chunk_size=ASSET_BLOB_TAG_REMOVAL_CHUNK_SIZE)
     )
 
-    client = get_boto_client(config=Config(max_pool_connections=100))
-    with ThreadPoolExecutor(max_workers=100) as e:
-        futures = [
-            e.submit(_delete_asset_blob_tags, client=client, blob=blob)
-            for blob in embargoed_asset_blobs
-        ]
-
-    # Check if any failed and raise exception if so
-    failed = [
-        blob for i, blob in enumerate(embargoed_asset_blobs) if futures[i].exception() is not None
-    ]
-    if failed:
-        raise AssetTagRemovalError('Some blobs failed to remove tags', blobs=failed)
+    # Chunk the blobs so we're never storing a list of all embargoed blobs
+    chunks = chunked(embargoed_asset_blobs, ASSET_BLOB_TAG_REMOVAL_CHUNK_SIZE)
+    for chunk in chunks:
+        with ThreadPoolExecutor(max_workers=100) as e:
+            futures = [
+                e.submit(_delete_asset_blob_tags, client=client, blob=blob) for blob in chunk
+            ]
+
+        # Check if any failed and raise exception if so
+        failed = [blob for i, blob in enumerate(chunk) if futures[i].exception() is not None]
+        if failed:
+            raise AssetTagRemovalError('Some blobs failed to remove tags', blobs=failed)
 
 
 @transaction.atomic()
diff --git a/dandiapi/api/tests/test_unembargo.py b/dandiapi/api/tests/test_unembargo.py
index 9740ecebf..0d6eff3e8 100644
--- a/dandiapi/api/tests/test_unembargo.py
+++ b/dandiapi/api/tests/test_unembargo.py
@@ -9,10 +9,14 @@
 from dandiapi.api.models.dandiset import Dandiset
 from dandiapi.api.services.embargo import (
     AssetBlobEmbargoedError,
+    _remove_dandiset_asset_blob_embargo_tags,
     remove_asset_blob_embargoed_tag,
     unembargo_dandiset,
 )
-from dandiapi.api.services.embargo.exceptions import DandisetActiveUploadsError
+from dandiapi.api.services.embargo.exceptions import (
+    AssetTagRemovalError,
+    DandisetActiveUploadsError,
+)
 from dandiapi.api.services.exceptions import DandiError
 from dandiapi.api.tasks import unembargo_dandiset_task
 
@@ -114,6 +118,54 @@ def test_unembargo_dandiset_uploads_exist(draft_version_factory, upload_factory)
         unembargo_dandiset(ds)
 
 
+@pytest.mark.django_db()
+def test_remove_dandiset_asset_blob_embargo_tags_chunks(
+    draft_version_factory,
+    asset_factory,
+    embargoed_asset_blob_factory,
+    mocker,
+):
+    delete_asset_blob_tags_mock = mocker.patch(
+        'dandiapi.api.services.embargo._delete_asset_blob_tags'
+    )
+    chunk_size = mocker.patch('dandiapi.api.services.embargo.ASSET_BLOB_TAG_REMOVAL_CHUNK_SIZE', 2)
+
+    draft_version: Version = draft_version_factory(
+        dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
+    )
+    ds: Dandiset = draft_version.dandiset
+    for _ in range(chunk_size + 1):
+        asset = asset_factory(blob=embargoed_asset_blob_factory())
+        draft_version.assets.add(asset)
+
+    _remove_dandiset_asset_blob_embargo_tags(dandiset=ds)
+
+    # Assert that _delete_asset_blob_tags was called chunk_size +1 times, to ensure that it works
+    # correctly across chunks
+    assert len(delete_asset_blob_tags_mock.mock_calls) == chunk_size + 1
+
+
+@pytest.mark.django_db()
+def test_delete_asset_blob_tags_fails(
+    draft_version_factory,
+    asset_factory,
+    embargoed_asset_blob_factory,
+    mocker,
+):
+    mocker.patch('dandiapi.api.services.embargo._delete_asset_blob_tags', side_effect=ValueError)
+    draft_version: Version = draft_version_factory(
+        dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
+    )
+    ds: Dandiset = draft_version.dandiset
+    asset = asset_factory(blob=embargoed_asset_blob_factory())
+    draft_version.assets.add(asset)
+
+    # Check that if an exception within `_delete_asset_blob_tags` is raised, it's propagated upwards
+    # as an AssetTagRemovalError
+    with pytest.raises(AssetTagRemovalError):
+        _remove_dandiset_asset_blob_embargo_tags(dandiset=ds)
+
+
 @pytest.mark.django_db()
 def test_unembargo_dandiset(
     draft_version_factory,

From 5a521bbba12971677af435f5620a3da78c33f8cc Mon Sep 17 00:00:00 2001
From: Jeremy Magland <jmagland@flatironinstitute.org>
Date: Sat, 20 Jul 2024 11:41:01 -0700
Subject: [PATCH 061/131] Add Neurosift service for AVI files in
 FileBrowser.vue

---
 web/src/views/FileBrowserView/FileBrowser.vue | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/web/src/views/FileBrowserView/FileBrowser.vue b/web/src/views/FileBrowserView/FileBrowser.vue
index 0a7c6a89e..5cbe8e14b 100644
--- a/web/src/views/FileBrowserView/FileBrowser.vue
+++ b/web/src/views/FileBrowserView/FileBrowser.vue
@@ -357,6 +357,13 @@ const EXTERNAL_SERVICES = [
     regex: /\.nwb.lindi.json$/,
     maxsize: Infinity,
     endpoint: 'https://neurosift.app?p=/nwb&url=$asset_dandi_url$&st=lindi&dandisetId=$dandiset_id$&dandisetVersion=$dandiset_version$', // eslint-disable-line max-len
+  },
+
+  {
+    name: 'Neurosift',
+    regex: /\.avi$/,
+    maxsize: Infinity,
+    endpoint: 'https://neurosift.app?p=/avi&url=$asset_dandi_url$&dandisetId=$dandiset_id$&dandisetVersion=$dandiset_version$', // eslint-disable-line max-len
   }
 ];
 type Service = typeof EXTERNAL_SERVICES[0];

From 93d93927d86fd10858ae6f51f5304ff9f848b77b Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Mon, 22 Jul 2024 13:41:09 -0400
Subject: [PATCH 062/131] Add reply-to to failed unembargo email

---
 dandiapi/api/mail.py                                          | 4 +++-
 .../api/templates/api/mail/dandiset_unembargo_failed.html     | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/dandiapi/api/mail.py b/dandiapi/api/mail.py
index 63d5192f4..7b0a5b4d1 100644
--- a/dandiapi/api/mail.py
+++ b/dandiapi/api/mail.py
@@ -50,9 +50,10 @@ def build_message(  # noqa: PLR0913
     html_message: str | None = None,
     cc: list[str] | None = None,
     bcc: list[str] | None = None,
+    reply_to: list[str] | None = None,
 ):
     email_message = mail.EmailMultiAlternatives(
-        subject=subject, body=message, to=to, cc=cc, bcc=bcc
+        subject=subject, body=message, to=to, cc=cc, bcc=bcc, reply_to=reply_to
     )
     if html_message is not None:
         email_message.attach_alternative(html_message, 'text/html')
@@ -230,6 +231,7 @@ def build_dandiset_unembargo_failed_message(dandiset: Dandiset):
         html_message=html_message,
         to=[owner.email for owner in dandiset.owners],
         bcc=[settings.DANDI_DEV_EMAIL],
+        reply_to=[ADMIN_EMAIL],
     )
 
 
diff --git a/dandiapi/api/templates/api/mail/dandiset_unembargo_failed.html b/dandiapi/api/templates/api/mail/dandiset_unembargo_failed.html
index 176a49476..7a4b1356c 100644
--- a/dandiapi/api/templates/api/mail/dandiset_unembargo_failed.html
+++ b/dandiapi/api/templates/api/mail/dandiset_unembargo_failed.html
@@ -2,5 +2,6 @@
 <a href="{{ dandiset.ui_link }}">{{dandiset.identifier }}</a>. This has been reported to the developers, and will be
 investigated as soon as possible. We hope to have this resolved soon! Please avoid making any major changes to this
 dandiset in the meantime, as that may hinder or delay the process of resolving this issue.
+If in two business days your dandiset is still embargoed, please reply to this email.
 <br><br><br>
 <em>You are receiving this email because you are an owner of this dandiset.</em>
\ No newline at end of file

From bcbb10bb96d59938b2dd317c3abdee6d59d8f766 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Mon, 22 Jul 2024 13:52:42 -0400
Subject: [PATCH 063/131] Add time limit on unembargo task

---
 dandiapi/api/tasks/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dandiapi/api/tasks/__init__.py b/dandiapi/api/tasks/__init__.py
index 98b919604..7be0b8ab3 100644
--- a/dandiapi/api/tasks/__init__.py
+++ b/dandiapi/api/tasks/__init__.py
@@ -78,7 +78,7 @@ def publish_dandiset_task(dandiset_id: int):
     _publish_dandiset(dandiset_id=dandiset_id)
 
 
-@shared_task
+@shared_task(soft_time_limit=1200)
 def unembargo_dandiset_task(dandiset_id: int):
     from dandiapi.api.services.embargo import unembargo_dandiset
 

From 38f2d7522ae17e820ae8e2da61fd0fa03bf59ac6 Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Mon, 22 Jul 2024 18:15:08 +0000
Subject: [PATCH 064/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0a670f4d4..067e123e1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,15 @@
+# v0.3.90 (Mon Jul 22 2024)
+
+#### 🐛 Bug Fix
+
+- Automate dandiset unembargo [#1965](https://github.com/dandi/dandi-archive/pull/1965) ([@jjnesbitt](https://github.com/jjnesbitt))
+
+#### Authors: 1
+
+- Jacob Nesbitt ([@jjnesbitt](https://github.com/jjnesbitt))
+
+---
+
 # v0.3.89 (Fri Jul 19 2024)
 
 #### 🐛 Bug Fix

From df0dec55d815d131ad3aad2bb61c6d0e13d1fe9b Mon Sep 17 00:00:00 2001
From: Mary Salvi <mary.salvi@kitware.com>
Date: Mon, 29 Jan 2024 11:52:00 -0500
Subject: [PATCH 065/131] Add the ability to contact the owner or contact
 person of a dandiset

---
 .../DandisetLandingView/ContactDialog.vue     | 85 +++++++++++++++++++
 .../DandisetLandingView/DandisetActions.vue   | 12 ++-
 2 files changed, 95 insertions(+), 2 deletions(-)
 create mode 100644 web/src/views/DandisetLandingView/ContactDialog.vue

diff --git a/web/src/views/DandisetLandingView/ContactDialog.vue b/web/src/views/DandisetLandingView/ContactDialog.vue
new file mode 100644
index 000000000..22d5e6fef
--- /dev/null
+++ b/web/src/views/DandisetLandingView/ContactDialog.vue
@@ -0,0 +1,85 @@
+<template>
+  <v-menu
+    offset-y
+    left
+  >
+    <template
+      #activator="{ on, attrs }"
+    >
+      <v-btn
+        id="download"
+        outlined
+        block
+        v-bind="attrs"
+        v-on="on"
+      >
+        <v-icon
+          color="primary"
+          left
+        >
+          mdi-card-account-mail
+        </v-icon>
+        <span>Contact</span>
+        <v-spacer />
+        <v-icon right>
+          mdi-chevron-down
+        </v-icon>
+      </v-btn>
+    </template>
+    <v-card
+    >
+      <v-card-title class="pb-0" style="min-width: fit-content;">
+        Select an e-mail Recipient
+      </v-card-title>
+      <v-list>
+        <v-list-item
+          :href="`mailto:${owners}?subject=Regarding%20Dandiset%20${currentDandiset?.name}%20${currentDandiset?.metadata?.id} &body=${currentUser?.value?.username}`"
+        >
+        <v-icon
+          color="primary"
+          left
+          small
+        >
+          mdi-card-account-mail
+        </v-icon>
+          Dandiset Owners
+        </v-list-item>
+      <v-divider />
+
+        <v-list-item
+          :href="`mailto:${contacts}?subject=Regarding%20Dandiset%20${currentDandiset?.name}%20${currentDandiset?.metadata?.id} &body=${currentUser?.value?.username}`"
+        >
+        <v-icon
+          color="primary"
+          left
+          small
+        >
+          mdi-card-account-mail
+        </v-icon>
+          Contact Person
+        </v-list-item>
+
+      </v-list>
+    </v-card>
+  </v-menu>
+</template>
+<script setup lang="ts">
+import { computed } from 'vue';
+import { useDandisetStore } from '@/stores/dandiset';
+import { user } from '@/rest';
+
+const store = useDandisetStore();
+const owners = computed(() => store.owners?.map((owner) => owner.username).toString());
+const contacts = computed(() => store.dandiset?.metadata?.contributor?.map((contact) => contact.roleName?.includes("dcite:ContactPerson") ? contact.email: '').toString());
+const currentUser = computed(() => user);
+const currentDandiset = computed(() => store.dandiset);
+currentDandiset.value?.metadata?.id
+
+</script>
+<style scoped>
+.v-btn--outlined {
+  border: thin solid #E0E0E0;
+  color: #424242;
+  font-weight: 400;
+}
+</style>
diff --git a/web/src/views/DandisetLandingView/DandisetActions.vue b/web/src/views/DandisetLandingView/DandisetActions.vue
index 9249090ee..02b7647ca 100644
--- a/web/src/views/DandisetLandingView/DandisetActions.vue
+++ b/web/src/views/DandisetLandingView/DandisetActions.vue
@@ -37,13 +37,15 @@
           </template>
         </DownloadDialog>
       </v-row>
-      <v-row no-gutters>
+      <v-row
+        no-gutters
+      >
         <CiteAsDialog>
           <template
             #activator="{ on }"
           >
             <v-btn
-              id="download"
+              id="cite_as"
               outlined
               block
               v-on="on"
@@ -63,6 +65,11 @@
           </template>
         </CiteAsDialog>
       </v-row>
+      <v-row
+        no-gutters
+      >
+        <ContactDialog />
+      </v-row>
     </div>
 
     <!-- Files and Metadata buttons -->
@@ -151,6 +158,7 @@ import { open as openMeditor } from '@/components/Meditor/state';
 import DownloadDialog from './DownloadDialog.vue';
 import CiteAsDialog from './CiteAsDialog.vue';
 import ShareDialog from './ShareDialog.vue';
+import ContactDialog from './ContactDialog.vue';
 
 const store = useDandisetStore();
 

From 4eb225b80b671a1c88b013e0a85d1352aea0bc10 Mon Sep 17 00:00:00 2001
From: Mary Salvi <mary.salvi@kitware.com>
Date: Mon, 29 Jan 2024 12:53:06 -0500
Subject: [PATCH 066/131] Restrict contacting owners to logged in users

---
 .../DandisetLandingView/ContactDialog.vue     | 36 ++++++++++++-------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/web/src/views/DandisetLandingView/ContactDialog.vue b/web/src/views/DandisetLandingView/ContactDialog.vue
index 22d5e6fef..b9870e1b1 100644
--- a/web/src/views/DandisetLandingView/ContactDialog.vue
+++ b/web/src/views/DandisetLandingView/ContactDialog.vue
@@ -32,18 +32,30 @@
         Select an e-mail Recipient
       </v-card-title>
       <v-list>
-        <v-list-item
-          :href="`mailto:${owners}?subject=Regarding%20Dandiset%20${currentDandiset?.name}%20${currentDandiset?.metadata?.id} &body=${currentUser?.value?.username}`"
+        <v-tooltip
+          :disabled="loggedIn()"
+          open-on-hover
+          right
         >
-        <v-icon
-          color="primary"
-          left
-          small
-        >
-          mdi-card-account-mail
-        </v-icon>
-          Dandiset Owners
-        </v-list-item>
+          <template #activator="{ on }">
+            <v-list-item
+              v-on="on"
+              :class="loggedIn() ? 'black--text' : 'grey--text'"
+              :selectable="!loggedIn()"
+              :href="`mailto:${owners}?subject=Regarding%20Dandiset%20${currentDandiset?.name}%20${currentDandiset?.metadata?.id} &body=${currentUser?.value?.username}`"
+            >
+            <v-icon
+              color="primary"
+              left
+              small
+            >
+              mdi-card-account-mail
+            </v-icon>
+              Dandiset Owners
+            </v-list-item>
+          </template>
+          <span> You must me logged in to contact the owner </span>
+        </v-tooltip>
       <v-divider />
 
         <v-list-item
@@ -66,7 +78,7 @@
 <script setup lang="ts">
 import { computed } from 'vue';
 import { useDandisetStore } from '@/stores/dandiset';
-import { user } from '@/rest';
+import { loggedIn, user } from '@/rest';
 
 const store = useDandisetStore();
 const owners = computed(() => store.owners?.map((owner) => owner.username).toString());

From c055e2a16942b4d0cc5ee97b97df79e6959e84db Mon Sep 17 00:00:00 2001
From: Mary Salvi <mary.salvi@kitware.com>
Date: Thu, 15 Feb 2024 14:14:14 -0500
Subject: [PATCH 067/131] Refactor e-mail template and add guarding for missing
 e-mails

---
 .../DandisetLandingView/ContactDialog.vue     | 59 ++++++++++++-------
 1 file changed, 39 insertions(+), 20 deletions(-)

diff --git a/web/src/views/DandisetLandingView/ContactDialog.vue b/web/src/views/DandisetLandingView/ContactDialog.vue
index b9870e1b1..5ffac7b39 100644
--- a/web/src/views/DandisetLandingView/ContactDialog.vue
+++ b/web/src/views/DandisetLandingView/ContactDialog.vue
@@ -33,16 +33,16 @@
       </v-card-title>
       <v-list>
         <v-tooltip
-          :disabled="loggedIn()"
+          :disabled="loggedIn() || !owners"
           open-on-hover
           right
         >
           <template #activator="{ on }">
             <v-list-item
               v-on="on"
-              :class="loggedIn() ? 'black--text' : 'grey--text'"
+              :class="(loggedIn() || !owners) ? 'black--text' : 'grey--text'"
               :selectable="!loggedIn()"
-              :href="`mailto:${owners}?subject=Regarding%20Dandiset%20${currentDandiset?.name}%20${currentDandiset?.metadata?.id} &body=${currentUser?.value?.username}`"
+              :href="makeTemplate(owners)"
             >
             <v-icon
               color="primary"
@@ -54,23 +54,35 @@
               Dandiset Owners
             </v-list-item>
           </template>
-          <span> You must me logged in to contact the owner </span>
+          <span v-if="!loggedIn()"> You must me logged in to contact the owner </span>
+          <span v-else> No owner e-mail available </span>
         </v-tooltip>
       <v-divider />
+        <v-tooltip
+            :disabled="contacts"
+            open-on-hover
+            right
+          >
 
-        <v-list-item
-          :href="`mailto:${contacts}?subject=Regarding%20Dandiset%20${currentDandiset?.name}%20${currentDandiset?.metadata?.id} &body=${currentUser?.value?.username}`"
-        >
-        <v-icon
-          color="primary"
-          left
-          small
-        >
-          mdi-card-account-mail
-        </v-icon>
-          Contact Person
-        </v-list-item>
-
+          <template #activator="{ on }">
+          <v-list-item
+            v-on="on"
+            :class=" !owners ? 'black--text' : 'grey--text'"
+            :selectable="!owners"
+            :href="makeTemplate(contacts)"
+          >
+          <v-icon
+            color="primary"
+            left
+            small
+          >
+            mdi-card-account-mail
+          </v-icon>
+            Contact Person
+          </v-list-item>
+            </template>
+          <span> No contact e-mail available </span>
+        </v-tooltip>
       </v-list>
     </v-card>
   </v-menu>
@@ -78,14 +90,21 @@
 <script setup lang="ts">
 import { computed } from 'vue';
 import { useDandisetStore } from '@/stores/dandiset';
-import { loggedIn, user } from '@/rest';
+import { loggedIn } from '@/rest';
 
 const store = useDandisetStore();
 const owners = computed(() => store.owners?.map((owner) => owner.username).toString());
 const contacts = computed(() => store.dandiset?.metadata?.contributor?.map((contact) => contact.roleName?.includes("dcite:ContactPerson") ? contact.email: '').toString());
-const currentUser = computed(() => user);
 const currentDandiset = computed(() => store.dandiset);
-currentDandiset.value?.metadata?.id
+
+const makeTemplate = (contact: string | undefined) => {
+  if (!contact) {
+    return '';
+  }
+  // Subject is: Regarding [dandiset_name]  [dandiset_id]
+  return `mailto:${contact}?subject=Regarding%20Dandiset%20${currentDandiset?.value?.name}%20${currentDandiset?.value?.metadata?.id}`;
+};
+
 
 </script>
 <style scoped>

From 279fe010f286491089ac0ecb1df6cb45c8338844 Mon Sep 17 00:00:00 2001
From: Mary Salvi <mary.salvi@kitware.com>
Date: Fri, 23 Feb 2024 17:32:54 -0500
Subject: [PATCH 068/131] Add owners email to response for logged in users

---
 dandiapi/api/views/dandiset.py | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/dandiapi/api/views/dandiset.py b/dandiapi/api/views/dandiset.py
index 984b80d2c..35e0129a7 100644
--- a/dandiapi/api/views/dandiset.py
+++ b/dandiapi/api/views/dandiset.py
@@ -374,7 +374,7 @@ def unembargo(self, request, dandiset__pk):
     )
     # TODO: move these into a viewset
     @action(methods=['GET', 'PUT'], detail=True)
-    def users(self, request, dandiset__pk):  # noqa: C901
+    def users(self, request, dandiset__pk):
         dandiset: Dandiset = self.get_object()
         if request.method == 'PUT':
             if dandiset.unembargo_in_progress:
@@ -423,15 +423,20 @@ def users(self, request, dandiset__pk):  # noqa: C901
             try:
                 owner_account = SocialAccount.objects.get(user=owner_user)
                 owner_dict = {'username': owner_account.extra_data['login']}
-                if 'name' in owner_account.extra_data:
-                    owner_dict['name'] = owner_account.extra_data['name']
+                owner_dict['name'] = owner_account.extra_data.get('name', None)
+                owner_dict['email'] = (
+                    owner_account.extra_data['email']
+                    if request.user.is_authenticated and 'email' in owner_account.extra_data
+                    else None
+                )
                 owners.append(owner_dict)
             except SocialAccount.DoesNotExist:
                 # Just in case some users aren't using social accounts, have a fallback
-                owners.append(
-                    {
-                        'username': owner_user.username,
-                        'name': f'{owner_user.first_name} {owner_user.last_name}',
-                    }
-                )
+                owner_dict = {
+                    'username': owner_user.username,
+                    'name': f'{owner_user.first_name} {owner_user.last_name}',
+                    'email': owner_user.email if request.user.is_authenticated else None,
+                }
+                owners.append(owner_dict)
+
         return Response(owners, status=status.HTTP_200_OK)

From eaf64ba444db7c6bfc48819a49862d97af766f34 Mon Sep 17 00:00:00 2001
From: Mary Salvi <mary.salvi@kitware.com>
Date: Fri, 23 Feb 2024 19:03:49 -0500
Subject: [PATCH 069/131] Use owner e-mail field and add guarding for null
 values

---
 web/src/types/index.ts                         |  1 +
 .../DandisetLandingView/ContactDialog.vue      | 18 +++++++++---------
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/web/src/types/index.ts b/web/src/types/index.ts
index 6be6486c4..9d42d5533 100644
--- a/web/src/types/index.ts
+++ b/web/src/types/index.ts
@@ -7,6 +7,7 @@ export interface User {
   username: string,
   name: string,
   admin?: boolean,
+  email?: string,
   status: 'INCOMPLETE' | 'PENDING' | 'APPROVED' | 'REJECTED',
   approved: boolean,
 }
diff --git a/web/src/views/DandisetLandingView/ContactDialog.vue b/web/src/views/DandisetLandingView/ContactDialog.vue
index 5ffac7b39..a7e77e391 100644
--- a/web/src/views/DandisetLandingView/ContactDialog.vue
+++ b/web/src/views/DandisetLandingView/ContactDialog.vue
@@ -29,19 +29,19 @@
     <v-card
     >
       <v-card-title class="pb-0" style="min-width: fit-content;">
-        Select an e-mail Recipient
+        Select an e-mail Recipient!
       </v-card-title>
       <v-list>
         <v-tooltip
-          :disabled="loggedIn() || !owners"
+          :disabled="!owners ? false : loggedIn()"
           open-on-hover
           right
         >
           <template #activator="{ on }">
             <v-list-item
               v-on="on"
-              :class="(loggedIn() || !owners) ? 'black--text' : 'grey--text'"
-              :selectable="!loggedIn()"
+              :class="(!loggedIn() || !owners) ? 'grey--text': 'black--text'"
+              :selectable="!loggedIn() || !owners"
               :href="makeTemplate(owners)"
             >
             <v-icon
@@ -55,11 +55,11 @@
             </v-list-item>
           </template>
           <span v-if="!loggedIn()"> You must me logged in to contact the owner </span>
-          <span v-else> No owner e-mail available </span>
+          <span v-if="!owners"> No owner e-mail available </span>
         </v-tooltip>
       <v-divider />
         <v-tooltip
-            :disabled="contacts"
+            :disabled="!contacts ? false : true"
             open-on-hover
             right
           >
@@ -67,8 +67,8 @@
           <template #activator="{ on }">
           <v-list-item
             v-on="on"
-            :class=" !owners ? 'black--text' : 'grey--text'"
-            :selectable="!owners"
+            :class=" contacts ? 'black--text' : 'grey--text'"
+            :selectable="!contacts"
             :href="makeTemplate(contacts)"
           >
           <v-icon
@@ -93,7 +93,7 @@ import { useDandisetStore } from '@/stores/dandiset';
 import { loggedIn } from '@/rest';
 
 const store = useDandisetStore();
-const owners = computed(() => store.owners?.map((owner) => owner.username).toString());
+const owners = computed(() => store.owners?.map((owner) => owner.email).toString());
 const contacts = computed(() => store.dandiset?.metadata?.contributor?.map((contact) => contact.roleName?.includes("dcite:ContactPerson") ? contact.email: '').toString());
 const currentDandiset = computed(() => store.dandiset);
 

From 0add1ba28d0577b327614c54f51edfba59622bcb Mon Sep 17 00:00:00 2001
From: Mary Salvi <mary.salvi@kitware.com>
Date: Mon, 4 Mar 2024 15:43:39 -0500
Subject: [PATCH 070/131] Add types and correct button id

---
 web/src/views/DandisetLandingView/ContactDialog.vue | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/web/src/views/DandisetLandingView/ContactDialog.vue b/web/src/views/DandisetLandingView/ContactDialog.vue
index a7e77e391..5ce947c72 100644
--- a/web/src/views/DandisetLandingView/ContactDialog.vue
+++ b/web/src/views/DandisetLandingView/ContactDialog.vue
@@ -7,7 +7,7 @@
       #activator="{ on, attrs }"
     >
       <v-btn
-        id="download"
+        id="contact"
         outlined
         block
         v-bind="attrs"
@@ -91,10 +91,11 @@
 import { computed } from 'vue';
 import { useDandisetStore } from '@/stores/dandiset';
 import { loggedIn } from '@/rest';
+import type { User, Person, Organization} from '@/types';
 
 const store = useDandisetStore();
-const owners = computed(() => store.owners?.map((owner) => owner.email).toString());
-const contacts = computed(() => store.dandiset?.metadata?.contributor?.map((contact) => contact.roleName?.includes("dcite:ContactPerson") ? contact.email: '').toString());
+const owners = computed(() => store.owners?.map((owner: User) => owner.email).toString());
+const contacts = computed(() => store.dandiset?.metadata?.contributor?.map((contact: Person | Organization) => contact.roleName?.includes("dcite:ContactPerson") ? contact.email: '').toString());
 const currentDandiset = computed(() => store.dandiset);
 
 const makeTemplate = (contact: string | undefined) => {
@@ -105,7 +106,6 @@ const makeTemplate = (contact: string | undefined) => {
   return `mailto:${contact}?subject=Regarding%20Dandiset%20${currentDandiset?.value?.name}%20${currentDandiset?.value?.metadata?.id}`;
 };
 
-
 </script>
 <style scoped>
 .v-btn--outlined {

From f1316c2bbd5e05d20f0a1d23e71e15bea8ecebf6 Mon Sep 17 00:00:00 2001
From: Mary Salvi <mary.salvi@kitware.com>
Date: Mon, 4 Mar 2024 17:54:59 -0500
Subject: [PATCH 071/131] Encode subject. Guard against undefined

Adds uri endcoding for email subject. Guard against undefined and throw an error if it still occurs
---
 web/src/types/index.ts                        |  2 +-
 .../DandisetLandingView/ContactDialog.vue     | 26 +++++++++++++------
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/web/src/types/index.ts b/web/src/types/index.ts
index 9d42d5533..1e2f9b384 100644
--- a/web/src/types/index.ts
+++ b/web/src/types/index.ts
@@ -7,7 +7,7 @@ export interface User {
   username: string,
   name: string,
   admin?: boolean,
-  email?: string,
+  email: string,
   status: 'INCOMPLETE' | 'PENDING' | 'APPROVED' | 'REJECTED',
   approved: boolean,
 }
diff --git a/web/src/views/DandisetLandingView/ContactDialog.vue b/web/src/views/DandisetLandingView/ContactDialog.vue
index 5ce947c72..d5adff1ea 100644
--- a/web/src/views/DandisetLandingView/ContactDialog.vue
+++ b/web/src/views/DandisetLandingView/ContactDialog.vue
@@ -91,19 +91,29 @@
 import { computed } from 'vue';
 import { useDandisetStore } from '@/stores/dandiset';
 import { loggedIn } from '@/rest';
-import type { User, Person, Organization} from '@/types';
+import type { User, Person, Organization, Email} from '@/types';
 
 const store = useDandisetStore();
-const owners = computed(() => store.owners?.map((owner: User) => owner.email).toString());
-const contacts = computed(() => store.dandiset?.metadata?.contributor?.map((contact: Person | Organization) => contact.roleName?.includes("dcite:ContactPerson") ? contact.email: '').toString());
+const owners = computed(() => store.owners?.map((owner: User) => owner.email));
+const contacts = computed(() =>
+  store.dandiset?.metadata?.contributor?.filter(
+    (contact: Person | Organization) =>
+      contact.roleName?.includes("dcite:ContactPerson"))
+    .map((contact: Person | Organization) =>
+      contact.email as Email
+    )
+);
 const currentDandiset = computed(() => store.dandiset);
 
-const makeTemplate = (contact: string | undefined) => {
-  if (!contact) {
-    return '';
+const makeTemplate = (contacts: string[] | undefined) => {
+  if (contacts === undefined) {
+    throw new Error('Contact is undefined.');
+  }
+  if (currentDandiset.value){
+    const subject = encodeURIComponent(`Regarding Dandiset ${currentDandiset.value.name} ${currentDandiset.value.metadata?.id}`);
+    const contact = contacts.join(',');
+    return `mailto:${contact}?subject=${subject}`;
   }
-  // Subject is: Regarding [dandiset_name]  [dandiset_id]
-  return `mailto:${contact}?subject=Regarding%20Dandiset%20${currentDandiset?.value?.name}%20${currentDandiset?.value?.metadata?.id}`;
 };
 
 </script>

From c82b24fe9666568fb637ec7164ebe0f5a943b66d Mon Sep 17 00:00:00 2001
From: Mary Salvi <mary.salvi@kitware.com>
Date: Tue, 5 Mar 2024 12:07:34 -0500
Subject: [PATCH 072/131] Update tooltip to activate on div wrapper

---
 .../DandisetLandingView/ContactDialog.vue     | 64 ++++++++++---------
 1 file changed, 34 insertions(+), 30 deletions(-)

diff --git a/web/src/views/DandisetLandingView/ContactDialog.vue b/web/src/views/DandisetLandingView/ContactDialog.vue
index d5adff1ea..610a20180 100644
--- a/web/src/views/DandisetLandingView/ContactDialog.vue
+++ b/web/src/views/DandisetLandingView/ContactDialog.vue
@@ -38,48 +38,52 @@
           right
         >
           <template #activator="{ on }">
-            <v-list-item
-              v-on="on"
-              :class="(!loggedIn() || !owners) ? 'grey--text': 'black--text'"
-              :selectable="!loggedIn() || !owners"
-              :href="makeTemplate(owners)"
-            >
-            <v-icon
-              color="primary"
-              left
-              small
+            <div
+            v-on="on"
             >
-              mdi-card-account-mail
-            </v-icon>
-              Dandiset Owners
-            </v-list-item>
+              <v-list-item
+                :disabled="!loggedIn() || !owners"
+                :selectable="!loggedIn() || !owners"
+                :href="makeTemplate(owners)"
+              >
+                <v-icon
+                  color="primary"
+                  left
+                  small
+                >
+                  mdi-card-account-mail
+                </v-icon>
+                Dandiset Owners
+              </v-list-item>
+            </div>
           </template>
           <span v-if="!loggedIn()"> You must me logged in to contact the owner </span>
           <span v-if="!owners"> No owner e-mail available </span>
         </v-tooltip>
       <v-divider />
         <v-tooltip
-            :disabled="!contacts ? false : true"
+            :disabled="contacts === undefined || contacts?.length > 0 "
             open-on-hover
             right
           >
 
           <template #activator="{ on }">
-          <v-list-item
-            v-on="on"
-            :class=" contacts ? 'black--text' : 'grey--text'"
-            :selectable="!contacts"
-            :href="makeTemplate(contacts)"
-          >
-          <v-icon
-            color="primary"
-            left
-            small
-          >
-            mdi-card-account-mail
-          </v-icon>
-            Contact Person
-          </v-list-item>
+            <div v-on="on">
+              <v-list-item
+                :disabled=" contacts?.length === 0 || !contacts"
+                :selectable="!contacts"
+                :href="makeTemplate(contacts)"
+              >
+                <v-icon
+                  color="primary"
+                  left
+                  small
+                >
+                  mdi-card-account-mail
+                </v-icon>
+                Contact Person
+              </v-list-item>
+            </div>
             </template>
           <span> No contact e-mail available </span>
         </v-tooltip>

From 39d99967f33d0a3541773b5bdbf8e0723fc1161f Mon Sep 17 00:00:00 2001
From: Mary Salvi <mary.salvi@kitware.com>
Date: Wed, 13 Mar 2024 14:45:12 -0400
Subject: [PATCH 073/131] Simplify disabled logic and simplify owners dict
 logic

---
 dandiapi/api/views/dandiset.py                | 13 ++++++-----
 .../DandisetLandingView/ContactDialog.vue     | 22 +++++++++++--------
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/dandiapi/api/views/dandiset.py b/dandiapi/api/views/dandiset.py
index 35e0129a7..a905da23e 100644
--- a/dandiapi/api/views/dandiset.py
+++ b/dandiapi/api/views/dandiset.py
@@ -432,11 +432,12 @@ def users(self, request, dandiset__pk):
                 owners.append(owner_dict)
             except SocialAccount.DoesNotExist:
                 # Just in case some users aren't using social accounts, have a fallback
-                owner_dict = {
-                    'username': owner_user.username,
-                    'name': f'{owner_user.first_name} {owner_user.last_name}',
-                    'email': owner_user.email if request.user.is_authenticated else None,
-                }
-                owners.append(owner_dict)
+                owners.append(
+                    {
+                        'username': owner_user.username,
+                        'name': f'{owner_user.first_name} {owner_user.last_name}',
+                        'email': owner_user.email if request.user.is_authenticated else None,
+                    }
+                )
 
         return Response(owners, status=status.HTTP_200_OK)
diff --git a/web/src/views/DandisetLandingView/ContactDialog.vue b/web/src/views/DandisetLandingView/ContactDialog.vue
index 610a20180..0a701f9c7 100644
--- a/web/src/views/DandisetLandingView/ContactDialog.vue
+++ b/web/src/views/DandisetLandingView/ContactDialog.vue
@@ -33,7 +33,7 @@
       </v-card-title>
       <v-list>
         <v-tooltip
-          :disabled="!owners ? false : loggedIn()"
+          :disabled="!(loggedIn() || !isDisabled(owners))"
           open-on-hover
           right
         >
@@ -42,8 +42,7 @@
             v-on="on"
             >
               <v-list-item
-                :disabled="!loggedIn() || !owners"
-                :selectable="!loggedIn() || !owners"
+                :disabled="!loggedIn() || isDisabled(owners)"
                 :href="makeTemplate(owners)"
               >
                 <v-icon
@@ -57,12 +56,12 @@
               </v-list-item>
             </div>
           </template>
-          <span v-if="!loggedIn()"> You must me logged in to contact the owner </span>
-          <span v-if="!owners"> No owner e-mail available </span>
+          <span v-if="!loggedIn()"> You must be logged in to contact the owner </span>
+          <span v-if="isDisabled(owners)"> No owner e-mail available </span>
         </v-tooltip>
       <v-divider />
         <v-tooltip
-            :disabled="contacts === undefined || contacts?.length > 0 "
+            :disabled=!isDisabled(contacts)
             open-on-hover
             right
           >
@@ -70,8 +69,7 @@
           <template #activator="{ on }">
             <div v-on="on">
               <v-list-item
-                :disabled=" contacts?.length === 0 || !contacts"
-                :selectable="!contacts"
+                :disabled="isDisabled(contacts)"
                 :href="makeTemplate(contacts)"
               >
                 <v-icon
@@ -113,13 +111,19 @@ const makeTemplate = (contacts: string[] | undefined) => {
   if (contacts === undefined) {
     throw new Error('Contact is undefined.');
   }
+  if (currentDandiset.value === undefined) {
+    throw new Error('Dandiset is undefined.');
+  }
   if (currentDandiset.value){
-    const subject = encodeURIComponent(`Regarding Dandiset ${currentDandiset.value.name} ${currentDandiset.value.metadata?.id}`);
+    const subject = encodeURIComponent(`Regarding Dandiset ${currentDandiset.value.dandiset.identifier} ("${currentDandiset.value.name}")`);
     const contact = contacts.join(',');
     return `mailto:${contact}?subject=${subject}`;
   }
 };
 
+const isDisabled = (contacts: string[] | undefined): boolean =>
+  contacts === undefined || contacts.length === 0 || contacts[0] === '';
+
 </script>
 <style scoped>
 .v-btn--outlined {

From f1cd57f79244849f5120c91a64a63cb3393dfd91 Mon Sep 17 00:00:00 2001
From: Mary Salvi <mary.salvi@kitware.com>
Date: Tue, 5 Mar 2024 11:28:26 -0500
Subject: [PATCH 074/131] Update tests to include new `email` field

---
 dandiapi/api/tests/test_dandiset.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/dandiapi/api/tests/test_dandiset.py b/dandiapi/api/tests/test_dandiset.py
index 4ac6d78e1..e71c7ebf5 100644
--- a/dandiapi/api/tests/test_dandiset.py
+++ b/dandiapi/api/tests/test_dandiset.py
@@ -825,6 +825,7 @@ def test_dandiset_rest_get_owners(api_client, dandiset, social_account):
         {
             'username': social_account.extra_data['login'],
             'name': social_account.extra_data['name'],
+            'email': None,
         }
     ]
 
@@ -836,7 +837,13 @@ def test_dandiset_rest_get_owners_no_social_account(api_client, dandiset, user):
     resp = api_client.get(f'/api/dandisets/{dandiset.identifier}/users/')
 
     assert resp.status_code == 200
-    assert resp.data == [{'username': user.username, 'name': f'{user.first_name} {user.last_name}'}]
+    assert resp.data == [
+        {
+            'username': user.username,
+            'name': f'{user.first_name} {user.last_name}',
+            'email': None,
+        }
+    ]
 
 
 @pytest.mark.parametrize(
@@ -871,6 +878,7 @@ def test_dandiset_rest_change_owner(
         {
             'username': social_account2.extra_data['login'],
             'name': social_account2.extra_data['name'],
+            'email': social_account2.extra_data['email'],
         }
     ]
     assert list(dandiset.owners) == [user2]
@@ -943,10 +951,12 @@ def test_dandiset_rest_add_owner(
         {
             'username': social_account1.extra_data['login'],
             'name': social_account1.extra_data['name'],
+            'email': social_account1.extra_data['email'],
         },
         {
             'username': social_account2.extra_data['login'],
             'name': social_account2.extra_data['name'],
+            'email': social_account2.extra_data['email'],
         },
     ]
     assert list(dandiset.owners) == [user1, user2]
@@ -983,6 +993,7 @@ def test_dandiset_rest_remove_owner(
         {
             'username': social_account1.extra_data['login'],
             'name': social_account1.extra_data['name'],
+            'email': social_account1.extra_data['email'],
         }
     ]
     assert list(dandiset.owners) == [user1]

From 2fd9fc9001ce0176116eaa32480e8d5ef2fad25e Mon Sep 17 00:00:00 2001
From: Mike VanDenburgh <michael.vandenburgh@kitware.com>
Date: Tue, 23 Jul 2024 13:09:24 -0400
Subject: [PATCH 075/131] Add comment explaining owner email policy

---
 dandiapi/api/views/dandiset.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dandiapi/api/views/dandiset.py b/dandiapi/api/views/dandiset.py
index a905da23e..f9f6401fb 100644
--- a/dandiapi/api/views/dandiset.py
+++ b/dandiapi/api/views/dandiset.py
@@ -426,6 +426,7 @@ def users(self, request, dandiset__pk):
                 owner_dict['name'] = owner_account.extra_data.get('name', None)
                 owner_dict['email'] = (
                     owner_account.extra_data['email']
+                    # Only logged-in users can see owners' email addresses
                     if request.user.is_authenticated and 'email' in owner_account.extra_data
                     else None
                 )

From 778efa5bf09a657ca435ee82dc42d3537e2a9ded Mon Sep 17 00:00:00 2001
From: Mike VanDenburgh <michael.vandenburgh@kitware.com>
Date: Tue, 23 Jul 2024 17:58:25 -0400
Subject: [PATCH 076/131] Minor wording changes

---
 web/src/views/DandisetLandingView/ContactDialog.vue | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/src/views/DandisetLandingView/ContactDialog.vue b/web/src/views/DandisetLandingView/ContactDialog.vue
index 0a701f9c7..eb0f71fcf 100644
--- a/web/src/views/DandisetLandingView/ContactDialog.vue
+++ b/web/src/views/DandisetLandingView/ContactDialog.vue
@@ -29,7 +29,7 @@
     <v-card
     >
       <v-card-title class="pb-0" style="min-width: fit-content;">
-        Select an e-mail Recipient!
+        Select an e-mail recipient:
       </v-card-title>
       <v-list>
         <v-tooltip
@@ -79,7 +79,7 @@
                 >
                   mdi-card-account-mail
                 </v-icon>
-                Contact Person
+                Dandiset Contact Person
               </v-list-item>
             </div>
             </template>

From afa778e5590581a03cb1375c0fda216d78685197 Mon Sep 17 00:00:00 2001
From: Mike VanDenburgh <michael.vandenburgh@kitware.com>
Date: Tue, 23 Jul 2024 17:59:49 -0400
Subject: [PATCH 077/131] Make tooltips open to left

Making these tooltips open to the right caused text wrapping issues.
---
 web/src/views/DandisetLandingView/ContactDialog.vue | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/src/views/DandisetLandingView/ContactDialog.vue b/web/src/views/DandisetLandingView/ContactDialog.vue
index eb0f71fcf..c4b9ad9c1 100644
--- a/web/src/views/DandisetLandingView/ContactDialog.vue
+++ b/web/src/views/DandisetLandingView/ContactDialog.vue
@@ -35,7 +35,7 @@
         <v-tooltip
           :disabled="!(loggedIn() || !isDisabled(owners))"
           open-on-hover
-          right
+          left
         >
           <template #activator="{ on }">
             <div
@@ -63,7 +63,7 @@
         <v-tooltip
             :disabled=!isDisabled(contacts)
             open-on-hover
-            right
+            left
           >
 
           <template #activator="{ on }">

From 55975765b8ff965c0e3114053226e4c85e8aac92 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Tue, 23 Jul 2024 19:27:07 -0400
Subject: [PATCH 078/131] Fix N query problem with VersionStatusFilter

---
 dandiapi/api/admin.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/dandiapi/api/admin.py b/dandiapi/api/admin.py
index 936c561ea..2e9b81547 100644
--- a/dandiapi/api/admin.py
+++ b/dandiapi/api/admin.py
@@ -135,12 +135,17 @@ class VersionStatusFilter(admin.SimpleListFilter):
     title = 'status'
     parameter_name = 'status'
 
-    def lookups(self, request, model_admin):
-        qs = model_admin.get_queryset(request)
-        for status in qs.values_list('status', flat=True).distinct():
-            count = qs.filter(status=status).count()
-            if count:
-                yield (status, f'{status} ({count})')
+    def lookups(self, *args, **kwargs):
+        # The queryset for VersionAdmin contains unnecessary data,
+        # so just use base queryset from Version.objects
+        qs = (
+            Version.objects.values_list('status')
+            .distinct()
+            .annotate(total=Count('status'))
+            .order_by()
+        )
+        for status, count in qs:
+            yield (status, f'{status} ({count})')
 
     def queryset(self, request, queryset):
         status = self.value()

From 2d53a2f60521f303b68cfb73b0f78a74f6710618 Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Wed, 24 Jul 2024 00:15:21 +0000
Subject: [PATCH 079/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 067e123e1..900028294 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,15 @@
+# v0.3.91 (Wed Jul 24 2024)
+
+#### 🐛 Bug Fix
+
+- Fix N query problem with VersionStatusFilter [#1986](https://github.com/dandi/dandi-archive/pull/1986) ([@jjnesbitt](https://github.com/jjnesbitt))
+
+#### Authors: 1
+
+- Jacob Nesbitt ([@jjnesbitt](https://github.com/jjnesbitt))
+
+---
+
 # v0.3.90 (Mon Jul 22 2024)
 
 #### 🐛 Bug Fix

From 7f21061e75ed57af72420c832e8844bc31161853 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Tue, 23 Jul 2024 21:31:35 -0400
Subject: [PATCH 080/131] Rename upload_zarr to upload_zarr_chunks

---
 dandiapi/api/migrations/0006_auditrecord.py | 51 ---------------------
 dandiapi/api/migrations/0010_auditrecord.py | 26 +++++++++++
 dandiapi/api/models/audit.py                |  6 +--
 3 files changed, 29 insertions(+), 54 deletions(-)
 delete mode 100644 dandiapi/api/migrations/0006_auditrecord.py
 create mode 100644 dandiapi/api/migrations/0010_auditrecord.py

diff --git a/dandiapi/api/migrations/0006_auditrecord.py b/dandiapi/api/migrations/0006_auditrecord.py
deleted file mode 100644
index 4d64a0bff..000000000
--- a/dandiapi/api/migrations/0006_auditrecord.py
+++ /dev/null
@@ -1,51 +0,0 @@
-# Generated by Django 4.1.13 on 2024-03-06 15:39
-from __future__ import annotations
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ('api', '0005_null_charfield'),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name='AuditRecord',
-            fields=[
-                (
-                    'id',
-                    models.BigAutoField(
-                        auto_created=True, primary_key=True, serialize=False, verbose_name='ID'
-                    ),
-                ),
-                ('timestamp', models.DateTimeField(auto_now_add=True)),
-                ('dandiset_id', models.IntegerField()),
-                ('username', models.CharField(max_length=39)),
-                ('user_email', models.CharField(max_length=254)),
-                ('user_fullname', models.CharField(max_length=301)),
-                (
-                    'record_type',
-                    models.CharField(
-                        choices=[
-                            ('create_dandiset', 'create_dandiset'),
-                            ('change_owners', 'change_owners'),
-                            ('update_metadata', 'update_metadata'),
-                            ('add_asset', 'add_asset'),
-                            ('update_asset', 'update_asset'),
-                            ('remove_asset', 'remove_asset'),
-                            ('create_zarr', 'create_zarr'),
-                            ('upload_zarr', 'upload_zarr'),
-                            ('delete_zarr_chunks', 'delete_zarr_chunks'),
-                            ('finalize_zarr', 'finalize_zarr'),
-                            ('unembargo_dandiset', 'unembargo_dandiset'),
-                            ('publish_dandiset', 'publish_dandiset'),
-                            ('delete_dandiset', 'delete_dandiset'),
-                        ],
-                        max_length=32,
-                    ),
-                ),
-                ('details', models.JSONField(blank=True)),
-            ],
-        ),
-    ]
diff --git a/dandiapi/api/migrations/0010_auditrecord.py b/dandiapi/api/migrations/0010_auditrecord.py
new file mode 100644
index 000000000..a929ca58c
--- /dev/null
+++ b/dandiapi/api/migrations/0010_auditrecord.py
@@ -0,0 +1,26 @@
+# Generated by Django 4.1.13 on 2024-07-24 01:30
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('api', '0009_remove_embargoedassetblob_dandiset_and_more'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AuditRecord',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('timestamp', models.DateTimeField(auto_now_add=True)),
+                ('dandiset_id', models.IntegerField()),
+                ('username', models.CharField(max_length=39)),
+                ('user_email', models.CharField(max_length=254)),
+                ('user_fullname', models.CharField(max_length=301)),
+                ('record_type', models.CharField(choices=[('create_dandiset', 'create_dandiset'), ('change_owners', 'change_owners'), ('update_metadata', 'update_metadata'), ('add_asset', 'add_asset'), ('update_asset', 'update_asset'), ('remove_asset', 'remove_asset'), ('create_zarr', 'create_zarr'), ('upload_zarr_chunks', 'upload_zarr_chunks'), ('delete_zarr_chunks', 'delete_zarr_chunks'), ('finalize_zarr', 'finalize_zarr'), ('unembargo_dandiset', 'unembargo_dandiset'), ('publish_dandiset', 'publish_dandiset'), ('delete_dandiset', 'delete_dandiset')], max_length=32)),
+                ('details', models.JSONField(blank=True)),
+            ],
+        ),
+    ]
diff --git a/dandiapi/api/models/audit.py b/dandiapi/api/models/audit.py
index 03f6d479b..ca691aca3 100644
--- a/dandiapi/api/models/audit.py
+++ b/dandiapi/api/models/audit.py
@@ -20,7 +20,7 @@
     'update_asset',
     'remove_asset',
     'create_zarr',
-    'upload_zarr',
+    'upload_zarr_chunks',
     'delete_zarr_chunks',
     'finalize_zarr',
     'unembargo_dandiset',
@@ -144,7 +144,7 @@ def create_zarr(*, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive) ->
         )
 
     @staticmethod
-    def upload_zarr(
+    def upload_zarr_chunks(
         *, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive, urls: list[str]
     ) -> AuditRecord:
         details = {
@@ -152,7 +152,7 @@ def upload_zarr(
             'num_urls': len(urls),
         }
         return AuditRecord.make_audit_record(
-            dandiset=dandiset, user=user, record_type='upload_zarr', details=details
+            dandiset=dandiset, user=user, record_type='upload_zarr_chunks', details=details
         )
 
     @staticmethod

From 38d1a29a0ef66dd4c987b378d920a9fb8105910c Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Tue, 23 Jul 2024 21:40:56 -0400
Subject: [PATCH 081/131] Use the `user` fixture directly

---
 dandiapi/api/tests/test_asset_paths.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/dandiapi/api/tests/test_asset_paths.py b/dandiapi/api/tests/test_asset_paths.py
index 92c5430e5..9e1a31126 100644
--- a/dandiapi/api/tests/test_asset_paths.py
+++ b/dandiapi/api/tests/test_asset_paths.py
@@ -295,7 +295,7 @@ def test_asset_path_search_asset_paths(draft_version_factory, asset_factory):
 
 
 @pytest.mark.django_db()
-def test_asset_path_publish_version(draft_version_factory, asset_factory, user_factory):
+def test_asset_path_publish_version(draft_version_factory, asset_factory, user):
     version: Version = draft_version_factory()
     asset = asset_factory(path='foo/bar.txt', status=Asset.Status.VALID)
     version.assets.add(asset)
@@ -308,8 +308,6 @@ def test_asset_path_publish_version(draft_version_factory, asset_factory, user_f
     version.status = Version.Status.PUBLISHING
     version.save()
 
-    user = user_factory()
-
     # Publish
     publish_dandiset_task(version.dandiset.id, user.id)
 

From 50d80e61f3397ce9912825c12218a2e4d066538a Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 24 Jul 2024 10:59:14 -0400
Subject: [PATCH 082/131] Add explanatory comments for weird char field length
 limits

---
 dandiapi/api/models/audit.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/dandiapi/api/models/audit.py b/dandiapi/api/models/audit.py
index ca691aca3..b96cacc67 100644
--- a/dandiapi/api/models/audit.py
+++ b/dandiapi/api/models/audit.py
@@ -33,8 +33,20 @@
 class AuditRecord(models.Model):
     timestamp = models.DateTimeField(auto_now_add=True)
     dandiset_id = models.IntegerField()
+
+    # GitHub enforces a 39 character limit on usernames (see, e.g.,
+    # https://docs.github.com/en/enterprise-cloud@latest/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication).
     username = models.CharField(max_length=39)
+
+    # According to RFC 5321 (https://www.rfc-editor.org/rfc/rfc5321.txt),
+    # section 4.5.3.1.3, an email address "path" is limited to 256 octets,
+    # including the surrounding angle brackets. Without the brackets, that
+    # leaves 254 characters for the email address itself.
     user_email = models.CharField(max_length=254)
+
+    # The signup questionnaire imposes a 150 character limit on both first and
+    # last names; together with a space to separate them, that makes a 301
+    # character limit on the full name.
     user_fullname = models.CharField(max_length=301)
     record_type = models.CharField(max_length=32, choices=AUDIT_RECORD_CHOICES)
     details = models.JSONField(blank=True)

From 6e204c5e8e19fdd69d1e9ae9dc4d949c340a4ee8 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 24 Jul 2024 11:45:23 -0400
Subject: [PATCH 083/131] Apply formatting to new migration

---
 dandiapi/api/migrations/0010_auditrecord.py | 31 +++++++++++++++++++--
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/dandiapi/api/migrations/0010_auditrecord.py b/dandiapi/api/migrations/0010_auditrecord.py
index a929ca58c..a58f12eb3 100644
--- a/dandiapi/api/migrations/0010_auditrecord.py
+++ b/dandiapi/api/migrations/0010_auditrecord.py
@@ -1,10 +1,10 @@
 # Generated by Django 4.1.13 on 2024-07-24 01:30
+from __future__ import annotations
 
 from django.db import migrations, models
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
         ('api', '0009_remove_embargoedassetblob_dandiset_and_more'),
     ]
@@ -13,13 +13,38 @@ class Migration(migrations.Migration):
         migrations.CreateModel(
             name='AuditRecord',
             fields=[
-                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                (
+                    'id',
+                    models.BigAutoField(
+                        auto_created=True, primary_key=True, serialize=False, verbose_name='ID'
+                    ),
+                ),
                 ('timestamp', models.DateTimeField(auto_now_add=True)),
                 ('dandiset_id', models.IntegerField()),
                 ('username', models.CharField(max_length=39)),
                 ('user_email', models.CharField(max_length=254)),
                 ('user_fullname', models.CharField(max_length=301)),
-                ('record_type', models.CharField(choices=[('create_dandiset', 'create_dandiset'), ('change_owners', 'change_owners'), ('update_metadata', 'update_metadata'), ('add_asset', 'add_asset'), ('update_asset', 'update_asset'), ('remove_asset', 'remove_asset'), ('create_zarr', 'create_zarr'), ('upload_zarr_chunks', 'upload_zarr_chunks'), ('delete_zarr_chunks', 'delete_zarr_chunks'), ('finalize_zarr', 'finalize_zarr'), ('unembargo_dandiset', 'unembargo_dandiset'), ('publish_dandiset', 'publish_dandiset'), ('delete_dandiset', 'delete_dandiset')], max_length=32)),
+                (
+                    'record_type',
+                    models.CharField(
+                        choices=[
+                            ('create_dandiset', 'create_dandiset'),
+                            ('change_owners', 'change_owners'),
+                            ('update_metadata', 'update_metadata'),
+                            ('add_asset', 'add_asset'),
+                            ('update_asset', 'update_asset'),
+                            ('remove_asset', 'remove_asset'),
+                            ('create_zarr', 'create_zarr'),
+                            ('upload_zarr_chunks', 'upload_zarr_chunks'),
+                            ('delete_zarr_chunks', 'delete_zarr_chunks'),
+                            ('finalize_zarr', 'finalize_zarr'),
+                            ('unembargo_dandiset', 'unembargo_dandiset'),
+                            ('publish_dandiset', 'publish_dandiset'),
+                            ('delete_dandiset', 'delete_dandiset'),
+                        ],
+                        max_length=32,
+                    ),
+                ),
                 ('details', models.JSONField(blank=True)),
             ],
         ),

From f772fc5481f3b1a02f95da850bd618035f941311 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 24 Jul 2024 12:04:23 -0400
Subject: [PATCH 084/131] Remove Dandiset add_owner() and remove_owner()
 methods

This came up during development of the audit functionality. It turns out
that add_owner() was only called during Dandiset creation to add the
creating user as the only owner, and remove_owner() is never called.
Instead, in the method that changes the owner set, assign_perm() is used
in all cases to add and remove owners as needed. Since no other point of
use exists for adding/removing users, it makes sense to remove these
methods.
---
 dandiapi/api/models/dandiset.py            | 10 ----------
 dandiapi/api/services/dandiset/__init__.py |  3 ++-
 2 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/dandiapi/api/models/dandiset.py b/dandiapi/api/models/dandiset.py
index 4d95b6db4..97cb8bff3 100644
--- a/dandiapi/api/models/dandiset.py
+++ b/dandiapi/api/models/dandiset.py
@@ -99,16 +99,6 @@ def set_owners(self, new_owners):
         # Return the owners added/removed so they can be emailed
         return removed_owners, added_owners
 
-    def add_owner(self, new_owner):
-        old_owners = get_users_with_perms(self, only_with_perms_in=['owner'])
-        if new_owner not in old_owners:
-            assign_perm('owner', new_owner, self)
-
-    def remove_owner(self, owner):
-        owners = get_users_with_perms(self, only_with_perms_in=['owner'])
-        if owner in owners:
-            remove_perm('owner', owner, self)
-
     @classmethod
     def published_count(cls):
         """Return the number of Dandisets with published Versions."""
diff --git a/dandiapi/api/services/dandiset/__init__.py b/dandiapi/api/services/dandiset/__init__.py
index f3016734b..f575f7f63 100644
--- a/dandiapi/api/services/dandiset/__init__.py
+++ b/dandiapi/api/services/dandiset/__init__.py
@@ -1,6 +1,7 @@
 from __future__ import annotations
 
 from django.db import transaction
+from guardian.shortcuts import assign_perm
 
 from dandiapi.api.models.audit import AuditRecord
 from dandiapi.api.models.dandiset import Dandiset
@@ -37,7 +38,7 @@ def create_dandiset(
         dandiset = Dandiset(id=identifier, embargo_status=embargo_status)
         dandiset.full_clean()
         dandiset.save()
-        dandiset.add_owner(user)
+        assign_perm('owner', user, dandiset)
         draft_version = Version(
             dandiset=dandiset,
             name=version_name,

From 0337f41c67ff92bcde3bf20ea970328cde7d6124 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 24 Jul 2024 12:27:00 -0400
Subject: [PATCH 085/131] Move "set new owners" operation inside of transaction

---
 dandiapi/api/views/dandiset.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dandiapi/api/views/dandiset.py b/dandiapi/api/views/dandiset.py
index 6d6f9fa48..c6c1867b4 100644
--- a/dandiapi/api/views/dandiset.py
+++ b/dandiapi/api/views/dandiset.py
@@ -413,9 +413,9 @@ def users(self, request, dandiset__pk):  # noqa: C901
                         raise ValidationError(f'User {username} not found')
 
             # All owners found
-            owners = user_owners + [acc.user for acc in socialaccount_owners]
-            removed_owners, added_owners = dandiset.set_owners(owners)
             with transaction.atomic():
+                owners = user_owners + [acc.user for acc in socialaccount_owners]
+                removed_owners, added_owners = dandiset.set_owners(owners)
                 dandiset.save()
 
                 if removed_owners or added_owners:

From 751d8b5ec435866b34078a279288b20783f8af40 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 24 Jul 2024 14:40:24 -0400
Subject: [PATCH 086/131] Report live metadata to audit records

Retrieving the metadata fresh from the model enables two things:
1. To report all "computed" metadata values that are derived from the
   supplied metadata.
2. To enable a changed `name` field on the Dandiset model to be properly
   reported via the metadata.
---
 dandiapi/api/services/dandiset/__init__.py | 2 +-
 dandiapi/api/views/version.py              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dandiapi/api/services/dandiset/__init__.py b/dandiapi/api/services/dandiset/__init__.py
index f575f7f63..3f8785c03 100644
--- a/dandiapi/api/services/dandiset/__init__.py
+++ b/dandiapi/api/services/dandiset/__init__.py
@@ -49,7 +49,7 @@ def create_dandiset(
         draft_version.save()
 
         audit_record = AuditRecord.create_dandiset(
-            dandiset=dandiset, user=user, metadata=version_metadata, embargoed=embargo
+            dandiset=dandiset, user=user, metadata=draft_version.metadata, embargoed=embargo
         )
         audit_record.save()
 
diff --git a/dandiapi/api/views/version.py b/dandiapi/api/views/version.py
index dffec235b..0287dd5f3 100644
--- a/dandiapi/api/views/version.py
+++ b/dandiapi/api/views/version.py
@@ -121,7 +121,7 @@ def update(self, request, **kwargs):
                 locked_version.save()
 
                 audit_record = AuditRecord.update_metadata(
-                    dandiset=locked_version.dandiset, user=request.user, metadata=new_metadata
+                    dandiset=locked_version.dandiset, user=request.user, metadata=locked_version.metadata
                 )
                 audit_record.save()
 

From 6c125bdbc3557f84c19deb4be6524b5743281062 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 24 Jul 2024 15:07:03 -0400
Subject: [PATCH 087/131] Report list of paths to zarr chunk audit records

---
 dandiapi/api/models/audit.py    | 6 +++---
 dandiapi/zarr/views/__init__.py | 7 ++++---
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/dandiapi/api/models/audit.py b/dandiapi/api/models/audit.py
index b96cacc67..ba7d9ed0d 100644
--- a/dandiapi/api/models/audit.py
+++ b/dandiapi/api/models/audit.py
@@ -157,11 +157,11 @@ def create_zarr(*, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive) ->
 
     @staticmethod
     def upload_zarr_chunks(
-        *, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive, urls: list[str]
+        *, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive, paths: list[str]
     ) -> AuditRecord:
         details = {
             'zarr_id': zarr_archive.id,
-            'num_urls': len(urls),
+            'paths': paths,
         }
         return AuditRecord.make_audit_record(
             dandiset=dandiset, user=user, record_type='upload_zarr_chunks', details=details
@@ -173,7 +173,7 @@ def delete_zarr_chunks(
     ) -> AuditRecord:
         details = {
             'zarr_id': zarr_archive.id,
-            'num_chunks': len(paths),
+            'paths': paths,
         }
         return AuditRecord.make_audit_record(
             dandiset=dandiset, user=user, record_type='delete_zarr_chunks', details=details
diff --git a/dandiapi/zarr/views/__init__.py b/dandiapi/zarr/views/__init__.py
index e106e888d..986a83401 100644
--- a/dandiapi/zarr/views/__init__.py
+++ b/dandiapi/zarr/views/__init__.py
@@ -292,20 +292,21 @@ def create_files(self, request, zarr_id):
 
             serializer = ZarrFileCreationSerializer(data=request.data, many=True)
             serializer.is_valid(raise_exception=True)
+            paths = serializer.validated_data
 
             # Generate presigned urls
             logger.info('Beginning upload to zarr archive %s', zarr_archive.zarr_id)
-            urls = zarr_archive.generate_upload_urls(serializer.validated_data)
+            urls = zarr_archive.generate_upload_urls(paths)
 
             # Set status back to pending, since with these URLs the zarr could have been changed
             zarr_archive.mark_pending()
             zarr_archive.save()
 
-            audit_record = AuditRecord.upload_zarr(
+            audit_record = AuditRecord.upload_zarr_chunks(
                 dandiset=zarr_archive.dandiset,
                 user=request.user,
                 zarr_archive=zarr_archive,
-                urls=urls,
+                paths=[p['path'] for p in paths],
             )
             audit_record.save()
 

From fcd288cc5df05a1c861e291e90ab676586cabe63 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 24 Jul 2024 15:16:58 -0400
Subject: [PATCH 088/131] Suppress ruff warnings for complexity and number of
 arguments

The `add_asset_to_version()` service function represents essential
complexity in the actual domain. We may be able to simplify it by
refactoring the function into smaller parts, but we will look into that
independently.
---
 dandiapi/api/services/asset/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dandiapi/api/services/asset/__init__.py b/dandiapi/api/services/asset/__init__.py
index ae4509870..a99243d2e 100644
--- a/dandiapi/api/services/asset/__init__.py
+++ b/dandiapi/api/services/asset/__init__.py
@@ -105,7 +105,7 @@ def change_asset(  # noqa: PLR0913
     return new_asset, True
 
 
-def add_asset_to_version(
+def add_asset_to_version(  # noqa: PLR0913, C901
     *,
     user,
     version: Version,

From cbff89003be0744bf0309812840ff367370b175b Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 24 Jul 2024 15:20:01 -0400
Subject: [PATCH 089/131] Reformat long line

---
 dandiapi/api/views/version.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/dandiapi/api/views/version.py b/dandiapi/api/views/version.py
index 0287dd5f3..f065f62d5 100644
--- a/dandiapi/api/views/version.py
+++ b/dandiapi/api/views/version.py
@@ -121,7 +121,9 @@ def update(self, request, **kwargs):
                 locked_version.save()
 
                 audit_record = AuditRecord.update_metadata(
-                    dandiset=locked_version.dandiset, user=request.user, metadata=locked_version.metadata
+                    dandiset=locked_version.dandiset,
+                    user=request.user,
+                    metadata=locked_version.metadata,
                 )
                 audit_record.save()
 

From a6489b62870db815450d59213e7a5e0b65088c44 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 24 Jul 2024 15:39:17 -0400
Subject: [PATCH 090/131] Use the `user` fixture directly

---
 dandiapi/api/tests/test_tasks.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/dandiapi/api/tests/test_tasks.py b/dandiapi/api/tests/test_tasks.py
index 1df58defb..8e7e11d98 100644
--- a/dandiapi/api/tests/test_tasks.py
+++ b/dandiapi/api/tests/test_tasks.py
@@ -308,7 +308,6 @@ def test_publish_task(
     draft_asset_factory,
     published_asset_factory,
     draft_version_factory,
-    user_factory,
     django_capture_on_commit_callbacks,
 ):
     # Create a draft_version in PUBLISHING state
@@ -327,8 +326,6 @@ def test_publish_task(
     # Ensure that the number of versions increases by 1 after publishing
     starting_version_count = draft_version.dandiset.versions.count()
 
-    user = user_factory()
-
     with django_capture_on_commit_callbacks(execute=True):
         tasks.publish_dandiset_task(draft_version.dandiset.id, user.id)
 

From e120f861a9f2cfad5024a1695eb9a8cfe4dece7b Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 24 Jul 2024 20:56:53 -0400
Subject: [PATCH 091/131] Create a service layer module for audit

---
 dandiapi/api/models/audit.py               | 165 +-------------------
 dandiapi/api/services/asset/__init__.py    |  22 ++-
 dandiapi/api/services/audit/__init__.py    | 168 +++++++++++++++++++++
 dandiapi/api/services/dandiset/__init__.py |   6 +-
 dandiapi/api/services/embargo/__init__.py  |   5 +-
 dandiapi/api/services/publish/__init__.py  |   5 +-
 dandiapi/api/views/dandiset.py             |   5 +-
 dandiapi/api/views/version.py              |   5 +-
 8 files changed, 194 insertions(+), 187 deletions(-)
 create mode 100644 dandiapi/api/services/audit/__init__.py

diff --git a/dandiapi/api/models/audit.py b/dandiapi/api/models/audit.py
index ba7d9ed0d..56d5254f7 100644
--- a/dandiapi/api/models/audit.py
+++ b/dandiapi/api/models/audit.py
@@ -1,17 +1,9 @@
 from __future__ import annotations
 
-from typing import TYPE_CHECKING, Literal, get_args
+from typing import Literal, get_args
 
 from django.db import models
 
-if TYPE_CHECKING:
-    from django.contrib.auth.models import User
-
-    from dandiapi.zarr.models import ZarrArchive
-
-    from .asset import Asset
-    from .dandiset import Dandiset
-
 AuditRecordType = Literal[
     'create_dandiset',
     'change_owners',
@@ -53,158 +45,3 @@ class AuditRecord(models.Model):
 
     def __str__(self):
         return f'{self.record_type}/{self.dandiset_id:06}'
-
-    @staticmethod
-    def make_audit_record(
-        *, dandiset: Dandiset, user: User, record_type: AuditRecordType, details: dict
-    ) -> AuditRecord:
-        return AuditRecord(
-            dandiset_id=dandiset.id,
-            username=user.username,
-            user_email=user.email,
-            user_fullname=f'{user.first_name} {user.last_name}',
-            record_type=record_type,
-            details=details,
-        )
-
-    @staticmethod
-    def create_dandiset(*, dandiset: Dandiset, user: User, metadata: dict, embargoed: bool):
-        details = {
-            'metadata': metadata,
-            'embargoed': embargoed,
-        }
-        return AuditRecord.make_audit_record(
-            dandiset=dandiset, user=user, record_type='create_dandiset', details=details
-        )
-
-    @staticmethod
-    def change_owners(
-        *, dandiset: Dandiset, user: User, removed_owners: list[User], added_owners: list[User]
-    ):
-        def glean_user_info(user: User):
-            return {
-                'username': user.username,
-                'email': user.email,
-                'name': f'{user.first_name} {user.last_name}',
-            }
-
-        details = {
-            'removed_owners': [glean_user_info(u) for u in removed_owners],
-            'added_owners': [glean_user_info(u) for u in added_owners],
-        }
-        return AuditRecord.make_audit_record(
-            dandiset=dandiset, user=user, record_type='change_owners', details=details
-        )
-
-    @staticmethod
-    def update_metadata(*, dandiset: Dandiset, user: User, metadata: dict) -> AuditRecord:
-        details = {'metadata': metadata}
-        return AuditRecord.make_audit_record(
-            dandiset=dandiset, user=user, record_type='update_metadata', details=details
-        )
-
-    @staticmethod
-    def _asset_details(asset: Asset) -> dict:
-        checksum = (
-            (asset.blob and asset.blob.etag)
-            or (asset.embargoed_blob and asset.embargoed_blob.etag)
-            or (asset.zarr and asset.zarr.checksum)
-        )
-
-        return {
-            'path': asset.path,
-            'asset_blob_id': asset.blob and asset.blob.id,
-            'embargoed_asset_blob_id': asset.embargoed_blob and asset.embargoed_blob.id,
-            'zarr_archive_id': asset.zarr and asset.zarr.id,
-            'asset_id': asset.id,
-            'checksum': checksum,
-            'metadata': asset.metadata,
-        }
-
-    @staticmethod
-    def add_asset(*, dandiset: Dandiset, user: User, asset: Asset) -> AuditRecord:
-        details = AuditRecord._asset_details(asset)
-        return AuditRecord.make_audit_record(
-            dandiset=dandiset, user=user, record_type='add_asset', details=details
-        )
-
-    @staticmethod
-    def update_asset(*, dandiset: Dandiset, user: User, asset: Asset) -> AuditRecord:
-        details = AuditRecord._asset_details(asset)
-        return AuditRecord.make_audit_record(
-            dandiset=dandiset, user=user, record_type='update_asset', details=details
-        )
-
-    @staticmethod
-    def remove_asset(*, dandiset: Dandiset, user: User, asset: Asset) -> AuditRecord:
-        details = {
-            'path': asset.path,
-            'asset_id': asset.id,
-        }
-        return AuditRecord.make_audit_record(
-            dandiset=dandiset, user=user, record_type='remove_asset', details=details
-        )
-
-    @staticmethod
-    def create_zarr(*, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive) -> AuditRecord:
-        details = {
-            'zarr_id': zarr_archive.id,
-            'name': zarr_archive.name,
-        }
-        return AuditRecord.make_audit_record(
-            dandiset=dandiset, user=user, record_type='create_zarr', details=details
-        )
-
-    @staticmethod
-    def upload_zarr_chunks(
-        *, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive, paths: list[str]
-    ) -> AuditRecord:
-        details = {
-            'zarr_id': zarr_archive.id,
-            'paths': paths,
-        }
-        return AuditRecord.make_audit_record(
-            dandiset=dandiset, user=user, record_type='upload_zarr_chunks', details=details
-        )
-
-    @staticmethod
-    def delete_zarr_chunks(
-        *, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive, paths: list[str]
-    ) -> AuditRecord:
-        details = {
-            'zarr_id': zarr_archive.id,
-            'paths': paths,
-        }
-        return AuditRecord.make_audit_record(
-            dandiset=dandiset, user=user, record_type='delete_zarr_chunks', details=details
-        )
-
-    @staticmethod
-    def finalize_zarr(*, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive) -> AuditRecord:
-        details = {
-            'zarr_id': zarr_archive.id,
-        }
-        return AuditRecord.make_audit_record(
-            dandiset=dandiset, user=user, record_type='finalize_zarr', details=details
-        )
-
-    @staticmethod
-    def unembargo_dandiset(*, dandiset: Dandiset, user: User) -> AuditRecord:
-        return AuditRecord.make_audit_record(
-            dandiset=dandiset, user=user, record_type='unembargo_dandiset', details={}
-        )
-
-    @staticmethod
-    def publish_dandiset(*, dandiset: Dandiset, user: User, version: str) -> AuditRecord:
-        details = {
-            'version': version,
-        }
-        return AuditRecord.make_audit_record(
-            dandiset=dandiset, user=user, record_type='publish_dandiset', details=details
-        )
-
-    @staticmethod
-    def delete_dandiset(*, dandiset: Dandiset, user: User):
-        return AuditRecord.make_audit_record(
-            dandiset=dandiset, user=user, record_type='delete_dandiset', details={}
-        )
diff --git a/dandiapi/api/services/asset/__init__.py b/dandiapi/api/services/asset/__init__.py
index a99243d2e..d295517e8 100644
--- a/dandiapi/api/services/asset/__init__.py
+++ b/dandiapi/api/services/asset/__init__.py
@@ -6,9 +6,9 @@
 
 from dandiapi.api.asset_paths import add_asset_paths, delete_asset_paths, get_conflicting_paths
 from dandiapi.api.models.asset import Asset, AssetBlob
-from dandiapi.api.models.audit import AuditRecord
 from dandiapi.api.models.dandiset import Dandiset
 from dandiapi.api.models.version import Version
+from dandiapi.api.services import audit
 from dandiapi.api.services.asset.exceptions import (
     AssetAlreadyExistsError,
     AssetPathConflictError,
@@ -85,7 +85,7 @@ def change_asset(  # noqa: PLR0913
         raise AssetAlreadyExistsError
 
     with transaction.atomic():
-        remove_asset_from_version(user=user, asset=asset, version=version, audit=False)
+        remove_asset_from_version(user=user, asset=asset, version=version, do_audit=False)
 
         new_asset = add_asset_to_version(
             user=user,
@@ -93,13 +93,13 @@ def change_asset(  # noqa: PLR0913
             asset_blob=new_asset_blob,
             zarr_archive=new_zarr_archive,
             metadata=new_metadata,
-            audit=False,
+            do_audit=False,
         )
         # Set previous asset and save
         new_asset.previous = asset
         new_asset.save()
 
-        audit_record = AuditRecord.update_asset(dandiset=version.dandiset, user=user, asset=asset)
+        audit_record = audit.update_asset(dandiset=version.dandiset, user=user, asset=asset)
         audit_record.save()
 
     return new_asset, True
@@ -112,7 +112,7 @@ def add_asset_to_version(  # noqa: PLR0913, C901
     asset_blob: AssetBlob | None = None,
     zarr_archive: ZarrArchive | None = None,
     metadata: dict,
-    audit: bool = True,
+    do_audit: bool = True,
 ) -> Asset:
     """Create an asset, adding it to a version."""
     if not asset_blob and not zarr_archive:
@@ -164,8 +164,8 @@ def add_asset_to_version(  # noqa: PLR0913, C901
         # Save the version so that the modified field is updated
         version.save()
 
-        if audit:
-            audit_record = AuditRecord.add_asset(dandiset=version.dandiset, user=user, asset=asset)
+        if do_audit:
+            audit_record = audit.add_asset(dandiset=version.dandiset, user=user, asset=asset)
             audit_record.save()
 
     # Perform this after the above transaction has finished, to ensure we only
@@ -177,7 +177,7 @@ def add_asset_to_version(  # noqa: PLR0913, C901
 
 
 def remove_asset_from_version(
-    *, user, asset: Asset, version: Version, audit: bool = True
+    *, user, asset: Asset, version: Version, do_audit: bool = True
 ) -> Version:
     if not user.has_perm('owner', version.dandiset):
         raise DandisetOwnerRequiredError
@@ -194,10 +194,8 @@ def remove_asset_from_version(
         # Save the version so that the modified field is updated
         version.save()
 
-        if audit:
-            audit_record = AuditRecord.remove_asset(
-                dandiset=version.dandiset, user=user, asset=asset
-            )
+        if do_audit:
+            audit_record = audit.remove_asset(dandiset=version.dandiset, user=user, asset=asset)
             audit_record.save()
 
     return version
diff --git a/dandiapi/api/services/audit/__init__.py b/dandiapi/api/services/audit/__init__.py
new file mode 100644
index 000000000..f595a8996
--- /dev/null
+++ b/dandiapi/api/services/audit/__init__.py
@@ -0,0 +1,168 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from dandiapi.api.models.audit import AuditRecord
+
+if TYPE_CHECKING:
+    from django.contrib.auth.models import User
+
+    from dandiapi.api.models.asset import Asset
+    from dandiapi.api.models.audit import AuditRecordType
+    from dandiapi.api.models.dandiset import Dandiset
+    from dandiapi.zarr.models import ZarrArchive
+
+
+def _make_audit_record(
+    *, dandiset: Dandiset, user: User, record_type: AuditRecordType, details: dict
+) -> AuditRecord:
+    return AuditRecord(
+        dandiset_id=dandiset.id,
+        username=user.username,
+        user_email=user.email,
+        user_fullname=f'{user.first_name} {user.last_name}',
+        record_type=record_type,
+        details=details,
+    )
+
+
+def create_dandiset(*, dandiset: Dandiset, user: User, metadata: dict, embargoed: bool):
+    details = {
+        'metadata': metadata,
+        'embargoed': embargoed,
+    }
+    return _make_audit_record(
+        dandiset=dandiset, user=user, record_type='create_dandiset', details=details
+    )
+
+
+def change_owners(
+    *, dandiset: Dandiset, user: User, removed_owners: list[User], added_owners: list[User]
+):
+    def glean_user_info(user: User):
+        return {
+            'username': user.username,
+            'email': user.email,
+            'name': f'{user.first_name} {user.last_name}',
+        }
+
+    details = {
+        'removed_owners': [glean_user_info(u) for u in removed_owners],
+        'added_owners': [glean_user_info(u) for u in added_owners],
+    }
+    return _make_audit_record(
+        dandiset=dandiset, user=user, record_type='change_owners', details=details
+    )
+
+
+def update_metadata(*, dandiset: Dandiset, user: User, metadata: dict) -> AuditRecord:
+    details = {'metadata': metadata}
+    return _make_audit_record(
+        dandiset=dandiset, user=user, record_type='update_metadata', details=details
+    )
+
+
+def _asset_details(asset: Asset) -> dict:
+    checksum = (
+        (asset.blob and asset.blob.etag)
+        or (asset.embargoed_blob and asset.embargoed_blob.etag)
+        or (asset.zarr and asset.zarr.checksum)
+    )
+
+    return {
+        'path': asset.path,
+        'asset_blob_id': asset.blob and asset.blob.id,
+        'embargoed_asset_blob_id': asset.embargoed_blob and asset.embargoed_blob.id,
+        'zarr_archive_id': asset.zarr and asset.zarr.id,
+        'asset_id': asset.id,
+        'checksum': checksum,
+        'metadata': asset.metadata,
+    }
+
+
+def add_asset(*, dandiset: Dandiset, user: User, asset: Asset) -> AuditRecord:
+    details = _asset_details(asset)
+    return _make_audit_record(
+        dandiset=dandiset, user=user, record_type='add_asset', details=details
+    )
+
+
+def update_asset(*, dandiset: Dandiset, user: User, asset: Asset) -> AuditRecord:
+    details = _asset_details(asset)
+    return _make_audit_record(
+        dandiset=dandiset, user=user, record_type='update_asset', details=details
+    )
+
+
+def remove_asset(*, dandiset: Dandiset, user: User, asset: Asset) -> AuditRecord:
+    details = {
+        'path': asset.path,
+        'asset_id': asset.id,
+    }
+    return _make_audit_record(
+        dandiset=dandiset, user=user, record_type='remove_asset', details=details
+    )
+
+
+def create_zarr(*, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive) -> AuditRecord:
+    details = {
+        'zarr_id': zarr_archive.id,
+        'name': zarr_archive.name,
+    }
+    return _make_audit_record(
+        dandiset=dandiset, user=user, record_type='create_zarr', details=details
+    )
+
+
+def upload_zarr_chunks(
+    *, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive, paths: list[str]
+) -> AuditRecord:
+    details = {
+        'zarr_id': zarr_archive.id,
+        'paths': paths,
+    }
+    return _make_audit_record(
+        dandiset=dandiset, user=user, record_type='upload_zarr_chunks', details=details
+    )
+
+
+def delete_zarr_chunks(
+    *, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive, paths: list[str]
+) -> AuditRecord:
+    details = {
+        'zarr_id': zarr_archive.id,
+        'paths': paths,
+    }
+    return _make_audit_record(
+        dandiset=dandiset, user=user, record_type='delete_zarr_chunks', details=details
+    )
+
+
+def finalize_zarr(*, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive) -> AuditRecord:
+    details = {
+        'zarr_id': zarr_archive.id,
+    }
+    return _make_audit_record(
+        dandiset=dandiset, user=user, record_type='finalize_zarr', details=details
+    )
+
+
+def unembargo_dandiset(*, dandiset: Dandiset, user: User) -> AuditRecord:
+    return _make_audit_record(
+        dandiset=dandiset, user=user, record_type='unembargo_dandiset', details={}
+    )
+
+
+def publish_dandiset(*, dandiset: Dandiset, user: User, version: str) -> AuditRecord:
+    details = {
+        'version': version,
+    }
+    return _make_audit_record(
+        dandiset=dandiset, user=user, record_type='publish_dandiset', details=details
+    )
+
+
+def delete_dandiset(*, dandiset: Dandiset, user: User):
+    return _make_audit_record(
+        dandiset=dandiset, user=user, record_type='delete_dandiset', details={}
+    )
diff --git a/dandiapi/api/services/dandiset/__init__.py b/dandiapi/api/services/dandiset/__init__.py
index 3f8785c03..273acdc57 100644
--- a/dandiapi/api/services/dandiset/__init__.py
+++ b/dandiapi/api/services/dandiset/__init__.py
@@ -3,9 +3,9 @@
 from django.db import transaction
 from guardian.shortcuts import assign_perm
 
-from dandiapi.api.models.audit import AuditRecord
 from dandiapi.api.models.dandiset import Dandiset
 from dandiapi.api.models.version import Version
+from dandiapi.api.services import audit
 from dandiapi.api.services.dandiset.exceptions import DandisetAlreadyExistsError
 from dandiapi.api.services.embargo.exceptions import DandisetUnembargoInProgressError
 from dandiapi.api.services.exceptions import AdminOnlyOperationError, NotAllowedError
@@ -48,7 +48,7 @@ def create_dandiset(
         draft_version.full_clean(validate_constraints=False)
         draft_version.save()
 
-        audit_record = AuditRecord.create_dandiset(
+        audit_record = audit.create_dandiset(
             dandiset=dandiset, user=user, metadata=draft_version.metadata, embargoed=embargo
         )
         audit_record.save()
@@ -71,7 +71,7 @@ def delete_dandiset(*, user, dandiset: Dandiset) -> None:
     with transaction.atomic():
         # Record the audit event first so that the AuditRecord instance has a
         # chance to grab the Dandiset information before it is destroyed.
-        audit_record = AuditRecord.delete_dandiset(dandiset=dandiset, user=user)
+        audit_record = audit.delete_dandiset(dandiset=dandiset, user=user)
         audit_record.save()
 
         dandiset.versions.all().delete()
diff --git a/dandiapi/api/services/embargo/__init__.py b/dandiapi/api/services/embargo/__init__.py
index 2dfe3429a..6afb8395c 100644
--- a/dandiapi/api/services/embargo/__init__.py
+++ b/dandiapi/api/services/embargo/__init__.py
@@ -10,7 +10,8 @@
 from more_itertools import chunked
 
 from dandiapi.api.mail import send_dandiset_unembargoed_message
-from dandiapi.api.models import AssetBlob, AuditRecord, Dandiset, Version
+from dandiapi.api.models import AssetBlob, Dandiset, Version
+from dandiapi.api.services import audit
 from dandiapi.api.services.asset.exceptions import DandisetOwnerRequiredError
 from dandiapi.api.services.exceptions import DandiError
 from dandiapi.api.storage import get_boto_client
@@ -102,7 +103,7 @@ def unembargo_dandiset(ds: Dandiset, user: User):
 
     logger.info('...Done')
 
-    audit_record = AuditRecord.unembargo_dandiset(dandiset=ds, user=user)
+    audit_record = audit.unembargo_dandiset(dandiset=ds, user=user)
     audit_record.save()
 
 
diff --git a/dandiapi/api/services/publish/__init__.py b/dandiapi/api/services/publish/__init__.py
index e1a559458..b62da5090 100644
--- a/dandiapi/api/services/publish/__init__.py
+++ b/dandiapi/api/services/publish/__init__.py
@@ -10,7 +10,8 @@
 
 from dandiapi.api import doi
 from dandiapi.api.asset_paths import add_version_asset_paths
-from dandiapi.api.models import Asset, AuditRecord, Dandiset, Version
+from dandiapi.api.models import Asset, Dandiset, Version
+from dandiapi.api.services import audit
 from dandiapi.api.services.exceptions import NotAllowedError
 from dandiapi.api.services.publish.exceptions import (
     DandisetAlreadyPublishedError,
@@ -191,7 +192,7 @@ def _create_doi(version_id: int):
         transaction.on_commit(lambda: _create_doi(new_version.id))
 
         user = User.objects.get(id=user_id)
-        audit_record = AuditRecord.publish_dandiset(
+        audit_record = audit.publish_dandiset(
             dandiset=new_version.dandiset, user=user, version=new_version.version
         )
         audit_record.save()
diff --git a/dandiapi/api/views/dandiset.py b/dandiapi/api/views/dandiset.py
index c6c1867b4..cc1755476 100644
--- a/dandiapi/api/views/dandiset.py
+++ b/dandiapi/api/views/dandiset.py
@@ -24,7 +24,8 @@
 
 from dandiapi.api.asset_paths import get_root_paths_many
 from dandiapi.api.mail import send_ownership_change_emails
-from dandiapi.api.models import AuditRecord, Dandiset, Version
+from dandiapi.api.models import Dandiset, Version
+from dandiapi.api.services import audit
 from dandiapi.api.services.dandiset import create_dandiset, delete_dandiset
 from dandiapi.api.services.embargo import kickoff_dandiset_unembargo
 from dandiapi.api.services.embargo.exceptions import (
@@ -419,7 +420,7 @@ def users(self, request, dandiset__pk):  # noqa: C901
                 dandiset.save()
 
                 if removed_owners or added_owners:
-                    audit_record = AuditRecord.change_owners(
+                    audit_record = audit.change_owners(
                         dandiset=dandiset,
                         user=request.user,
                         removed_owners=removed_owners,
diff --git a/dandiapi/api/views/version.py b/dandiapi/api/views/version.py
index f065f62d5..e24fd2c0a 100644
--- a/dandiapi/api/views/version.py
+++ b/dandiapi/api/views/version.py
@@ -13,7 +13,8 @@
 from rest_framework.viewsets import ReadOnlyModelViewSet
 from rest_framework_extensions.mixins import DetailSerializerMixin, NestedViewSetMixin
 
-from dandiapi.api.models import AuditRecord, Dandiset, Version
+from dandiapi.api.models import Dandiset, Version
+from dandiapi.api.services import audit
 from dandiapi.api.services.embargo.exceptions import DandisetUnembargoInProgressError
 from dandiapi.api.services.publish import publish_dandiset
 from dandiapi.api.tasks import delete_doi_task
@@ -120,7 +121,7 @@ def update(self, request, **kwargs):
                 locked_version.status = Version.Status.PENDING
                 locked_version.save()
 
-                audit_record = AuditRecord.update_metadata(
+                audit_record = audit.update_metadata(
                     dandiset=locked_version.dandiset,
                     user=request.user,
                     metadata=locked_version.metadata,

From 6e4c2bb964aa6b3ac55c8a567591cef06e40a23b Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 24 Jul 2024 21:07:09 -0400
Subject: [PATCH 092/131] Eliminate the need for manually calling .save()

Now that the audit records are generated within service functions, it
makes less sense to leak the detail of an AuditRecord instance coming
from the function that must then be saved to the database--the service
itself can just take care of this.
---
 dandiapi/api/services/asset/__init__.py    | 9 +++------
 dandiapi/api/services/audit/__init__.py    | 5 ++++-
 dandiapi/api/services/dandiset/__init__.py | 6 ++----
 dandiapi/api/services/embargo/__init__.py  | 3 +--
 dandiapi/api/services/publish/__init__.py  | 3 +--
 dandiapi/api/views/dandiset.py             | 3 +--
 dandiapi/api/views/version.py              | 3 +--
 7 files changed, 13 insertions(+), 19 deletions(-)

diff --git a/dandiapi/api/services/asset/__init__.py b/dandiapi/api/services/asset/__init__.py
index d295517e8..3025eafd2 100644
--- a/dandiapi/api/services/asset/__init__.py
+++ b/dandiapi/api/services/asset/__init__.py
@@ -99,8 +99,7 @@ def change_asset(  # noqa: PLR0913
         new_asset.previous = asset
         new_asset.save()
 
-        audit_record = audit.update_asset(dandiset=version.dandiset, user=user, asset=asset)
-        audit_record.save()
+        audit.update_asset(dandiset=version.dandiset, user=user, asset=asset)
 
     return new_asset, True
 
@@ -165,8 +164,7 @@ def add_asset_to_version(  # noqa: PLR0913, C901
         version.save()
 
         if do_audit:
-            audit_record = audit.add_asset(dandiset=version.dandiset, user=user, asset=asset)
-            audit_record.save()
+            audit.add_asset(dandiset=version.dandiset, user=user, asset=asset)
 
     # Perform this after the above transaction has finished, to ensure we only
     # operate on unembargoed asset blobs
@@ -195,7 +193,6 @@ def remove_asset_from_version(
         version.save()
 
         if do_audit:
-            audit_record = audit.remove_asset(dandiset=version.dandiset, user=user, asset=asset)
-            audit_record.save()
+            audit.remove_asset(dandiset=version.dandiset, user=user, asset=asset)
 
     return version
diff --git a/dandiapi/api/services/audit/__init__.py b/dandiapi/api/services/audit/__init__.py
index f595a8996..7cef6fda4 100644
--- a/dandiapi/api/services/audit/__init__.py
+++ b/dandiapi/api/services/audit/__init__.py
@@ -16,7 +16,7 @@
 def _make_audit_record(
     *, dandiset: Dandiset, user: User, record_type: AuditRecordType, details: dict
 ) -> AuditRecord:
-    return AuditRecord(
+    audit_record = AuditRecord(
         dandiset_id=dandiset.id,
         username=user.username,
         user_email=user.email,
@@ -24,6 +24,9 @@ def _make_audit_record(
         record_type=record_type,
         details=details,
     )
+    audit_record.save()
+
+    return audit_record
 
 
 def create_dandiset(*, dandiset: Dandiset, user: User, metadata: dict, embargoed: bool):
diff --git a/dandiapi/api/services/dandiset/__init__.py b/dandiapi/api/services/dandiset/__init__.py
index 273acdc57..20067be60 100644
--- a/dandiapi/api/services/dandiset/__init__.py
+++ b/dandiapi/api/services/dandiset/__init__.py
@@ -48,10 +48,9 @@ def create_dandiset(
         draft_version.full_clean(validate_constraints=False)
         draft_version.save()
 
-        audit_record = audit.create_dandiset(
+        audit.create_dandiset(
             dandiset=dandiset, user=user, metadata=draft_version.metadata, embargoed=embargo
         )
-        audit_record.save()
 
     return dandiset, draft_version
 
@@ -71,8 +70,7 @@ def delete_dandiset(*, user, dandiset: Dandiset) -> None:
     with transaction.atomic():
         # Record the audit event first so that the AuditRecord instance has a
         # chance to grab the Dandiset information before it is destroyed.
-        audit_record = audit.delete_dandiset(dandiset=dandiset, user=user)
-        audit_record.save()
+        audit.delete_dandiset(dandiset=dandiset, user=user)
 
         dandiset.versions.all().delete()
         dandiset.delete()
diff --git a/dandiapi/api/services/embargo/__init__.py b/dandiapi/api/services/embargo/__init__.py
index 6afb8395c..4f6791d16 100644
--- a/dandiapi/api/services/embargo/__init__.py
+++ b/dandiapi/api/services/embargo/__init__.py
@@ -103,8 +103,7 @@ def unembargo_dandiset(ds: Dandiset, user: User):
 
     logger.info('...Done')
 
-    audit_record = audit.unembargo_dandiset(dandiset=ds, user=user)
-    audit_record.save()
+    audit.unembargo_dandiset(dandiset=ds, user=user)
 
 
 def remove_asset_blob_embargoed_tag(asset_blob: AssetBlob) -> None:
diff --git a/dandiapi/api/services/publish/__init__.py b/dandiapi/api/services/publish/__init__.py
index b62da5090..882fa0c7c 100644
--- a/dandiapi/api/services/publish/__init__.py
+++ b/dandiapi/api/services/publish/__init__.py
@@ -192,10 +192,9 @@ def _create_doi(version_id: int):
         transaction.on_commit(lambda: _create_doi(new_version.id))
 
         user = User.objects.get(id=user_id)
-        audit_record = audit.publish_dandiset(
+        audit.publish_dandiset(
             dandiset=new_version.dandiset, user=user, version=new_version.version
         )
-        audit_record.save()
 
 
 def publish_dandiset(*, user: User, dandiset: Dandiset) -> None:
diff --git a/dandiapi/api/views/dandiset.py b/dandiapi/api/views/dandiset.py
index cc1755476..282523d47 100644
--- a/dandiapi/api/views/dandiset.py
+++ b/dandiapi/api/views/dandiset.py
@@ -420,13 +420,12 @@ def users(self, request, dandiset__pk):  # noqa: C901
                 dandiset.save()
 
                 if removed_owners or added_owners:
-                    audit_record = audit.change_owners(
+                    audit.change_owners(
                         dandiset=dandiset,
                         user=request.user,
                         removed_owners=removed_owners,
                         added_owners=added_owners,
                     )
-                    audit_record.save()
 
             send_ownership_change_emails(dandiset, removed_owners, added_owners)
 
diff --git a/dandiapi/api/views/version.py b/dandiapi/api/views/version.py
index e24fd2c0a..51a6542d2 100644
--- a/dandiapi/api/views/version.py
+++ b/dandiapi/api/views/version.py
@@ -121,12 +121,11 @@ def update(self, request, **kwargs):
                 locked_version.status = Version.Status.PENDING
                 locked_version.save()
 
-                audit_record = audit.update_metadata(
+                audit.update_metadata(
                     dandiset=locked_version.dandiset,
                     user=request.user,
                     metadata=locked_version.metadata,
                 )
-                audit_record.save()
 
         serializer = VersionDetailSerializer(instance=locked_version)
         return Response(serializer.data, status=status.HTTP_200_OK)

From 2c2ce5d74b82ab971aadf0a878e1cd49b8eb5852 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 24 Jul 2024 21:10:39 -0400
Subject: [PATCH 093/131] Use audit service in zarr views

---
 dandiapi/zarr/views/__init__.py | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/dandiapi/zarr/views/__init__.py b/dandiapi/zarr/views/__init__.py
index 986a83401..a6110107f 100644
--- a/dandiapi/zarr/views/__init__.py
+++ b/dandiapi/zarr/views/__init__.py
@@ -14,8 +14,8 @@
 from rest_framework.utils.urls import replace_query_param
 from rest_framework.viewsets import ReadOnlyModelViewSet
 
-from dandiapi.api.models.audit import AuditRecord
 from dandiapi.api.models.dandiset import Dandiset
+from dandiapi.api.services import audit
 from dandiapi.api.storage import get_boto_client
 from dandiapi.api.views.pagination import DandiPagination
 from dandiapi.zarr.models import ZarrArchive, ZarrArchiveStatus
@@ -143,10 +143,7 @@ def create(self, request):
             with transaction.atomic():
                 zarr_archive.save()
 
-                audit_record = AuditRecord.create_zarr(
-                    dandiset=dandiset, user=request.user, zarr_archive=zarr_archive
-                )
-                audit_record.save()
+                audit.create_zarr(dandiset=dandiset, user=request.user, zarr_archive=zarr_archive)
         except IntegrityError as e:
             raise ValidationError('Zarr already exists') from e
 
@@ -182,10 +179,9 @@ def finalize(self, request, zarr_id):
             zarr_archive.status = ZarrArchiveStatus.UPLOADED
             zarr_archive.save()
 
-            audit_record = AuditRecord.finalize_zarr(
+            audit.finalize_zarr(
                 dandiset=zarr_archive.dandiset, user=request.user, zarr_archive=zarr_archive
             )
-            audit_record.save()
 
         # Dispatch task
         ingest_zarr_archive.delay(zarr_id=zarr_archive.zarr_id)
@@ -302,13 +298,12 @@ def create_files(self, request, zarr_id):
             zarr_archive.mark_pending()
             zarr_archive.save()
 
-            audit_record = AuditRecord.upload_zarr_chunks(
+            audit.upload_zarr_chunks(
                 dandiset=zarr_archive.dandiset,
                 user=request.user,
                 zarr_archive=zarr_archive,
                 paths=[p['path'] for p in paths],
             )
-            audit_record.save()
 
         # Return presigned urls
         logger.info(
@@ -341,12 +336,11 @@ def delete_files(self, request, zarr_id):
             paths = [file['path'] for file in serializer.validated_data]
             zarr_archive.delete_files(paths)
 
-            audit_record = AuditRecord.delete_zarr_chunks(
+            audit.delete_zarr_chunks(
                 dandiset=zarr_archive.dandiset,
                 user=request.user,
                 zarr_archive=zarr_archive,
                 paths=paths,
             )
-            audit_record.save()
 
         return Response(None, status=status.HTTP_204_NO_CONTENT)

From c5380dec75454479397242c3a3727d3929f2c2bc Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Thu, 25 Jul 2024 20:02:02 -0400
Subject: [PATCH 094/131] Remove references to deleted model fields

The `blob`/`embargoed_blob` distinction was removed in the embargo
redesign.
---
 dandiapi/api/services/audit/__init__.py | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/dandiapi/api/services/audit/__init__.py b/dandiapi/api/services/audit/__init__.py
index 7cef6fda4..12f49d892 100644
--- a/dandiapi/api/services/audit/__init__.py
+++ b/dandiapi/api/services/audit/__init__.py
@@ -66,16 +66,11 @@ def update_metadata(*, dandiset: Dandiset, user: User, metadata: dict) -> AuditR
 
 
 def _asset_details(asset: Asset) -> dict:
-    checksum = (
-        (asset.blob and asset.blob.etag)
-        or (asset.embargoed_blob and asset.embargoed_blob.etag)
-        or (asset.zarr and asset.zarr.checksum)
-    )
+    checksum = (asset.blob and asset.blob.etag) or (asset.zarr and asset.zarr.checksum)
 
     return {
         'path': asset.path,
         'asset_blob_id': asset.blob and asset.blob.id,
-        'embargoed_asset_blob_id': asset.embargoed_blob and asset.embargoed_blob.id,
         'zarr_archive_id': asset.zarr and asset.zarr.id,
         'asset_id': asset.id,
         'checksum': checksum,

From 9501e0331b4eb61d9dba1d5edb4055c35e527137 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Thu, 25 Jul 2024 20:03:04 -0400
Subject: [PATCH 095/131] Remove duplicate task launch line

---
 dandiapi/api/services/embargo/__init__.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/dandiapi/api/services/embargo/__init__.py b/dandiapi/api/services/embargo/__init__.py
index 4f6791d16..0452174db 100644
--- a/dandiapi/api/services/embargo/__init__.py
+++ b/dandiapi/api/services/embargo/__init__.py
@@ -122,7 +122,6 @@ def kickoff_dandiset_unembargo(*, user: User, dandiset: Dandiset):
     if not user.has_perm('owner', dandiset):
         raise DandisetOwnerRequiredError
 
-    unembargo_dandiset_task.delay(dandiset.id, user.id)
     if dandiset.uploads.count():
         raise DandisetActiveUploadsError
 

From 9fa7b416ceeaaff8c0186f5eb5d76dfe780a7ccd Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Thu, 25 Jul 2024 20:04:13 -0400
Subject: [PATCH 096/131] Fix invocation of unembargo routines in tests

---
 dandiapi/api/services/embargo/__init__.py |  2 +-
 dandiapi/api/tests/test_unembargo.py      | 25 +++++++++++++++--------
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/dandiapi/api/services/embargo/__init__.py b/dandiapi/api/services/embargo/__init__.py
index 0452174db..565a518fe 100644
--- a/dandiapi/api/services/embargo/__init__.py
+++ b/dandiapi/api/services/embargo/__init__.py
@@ -129,4 +129,4 @@ def kickoff_dandiset_unembargo(*, user: User, dandiset: Dandiset):
         Dandiset.objects.filter(pk=dandiset.pk).update(
             embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
         )
-        transaction.on_commit(lambda: unembargo_dandiset_task.delay(dandiset.pk))
+        transaction.on_commit(lambda: unembargo_dandiset_task.delay(dandiset.pk, user.id))
diff --git a/dandiapi/api/tests/test_unembargo.py b/dandiapi/api/tests/test_unembargo.py
index 0d6eff3e8..3fd7a878e 100644
--- a/dandiapi/api/tests/test_unembargo.py
+++ b/dandiapi/api/tests/test_unembargo.py
@@ -94,28 +94,34 @@ def test_kickoff_dandiset_unembargo(api_client, user, draft_version_factory, mai
 
     # Check that unembargo dandiset task was delayed
     assert len(patched_task.mock_calls) == 1
-    assert str(patched_task.mock_calls[0]) == f'call.delay({ds.pk})'
+    assert str(patched_task.mock_calls[0]) == f'call.delay({ds.pk}, {user.id})'
 
 
 @pytest.mark.django_db()
-def test_unembargo_dandiset_not_unembargoing(draft_version_factory):
+def test_unembargo_dandiset_not_unembargoing(draft_version_factory, user, api_client):
     draft_version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
     ds: Dandiset = draft_version.dandiset
 
+    assign_perm('owner', user, ds)
+    api_client.force_authenticate(user=user)
+
     with pytest.raises(DandiError):
-        unembargo_dandiset(ds)
+        unembargo_dandiset(ds, user)
 
 
 @pytest.mark.django_db()
-def test_unembargo_dandiset_uploads_exist(draft_version_factory, upload_factory):
+def test_unembargo_dandiset_uploads_exist(draft_version_factory, upload_factory, user, api_client):
     draft_version = draft_version_factory(
         dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
     )
     ds: Dandiset = draft_version.dandiset
 
+    assign_perm('owner', user, ds)
+    api_client.force_authenticate(user=user)
+
     upload_factory(dandiset=ds)
     with pytest.raises(DandisetActiveUploadsError):
-        unembargo_dandiset(ds)
+        unembargo_dandiset(ds, user)
 
 
 @pytest.mark.django_db()
@@ -191,7 +197,7 @@ def test_unembargo_dandiset(
     # Patch this function to check if it's been called, since we can't test the tagging directly
     patched = mocker.patch('dandiapi.api.services.embargo._delete_asset_blob_tags')
 
-    unembargo_dandiset(ds)
+    unembargo_dandiset(ds, owners[0])
     patched.assert_called_once()
 
     embargoed_blob.refresh_from_db()
@@ -218,13 +224,16 @@ def test_unembargo_dandiset(
 
 
 @pytest.mark.django_db()
-def test_unembargo_dandiset_task_failure(draft_version_factory, mailoutbox):
+def test_unembargo_dandiset_task_failure(draft_version_factory, mailoutbox, user, api_client):
     # Intentionally set the status to embargoed so the task will fail
     draft_version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
     ds: Dandiset = draft_version.dandiset
 
+    assign_perm('owner', user, ds)
+    api_client.force_authenticate(user=user)
+
     with pytest.raises(DandiError):
-        unembargo_dandiset_task.delay(ds.pk)
+        unembargo_dandiset_task.delay(ds.pk, user.id)
 
     assert mailoutbox
     assert 'Unembargo failed' in mailoutbox[0].subject

From ae6846238554e4b5da121109a701799d1170e8c2 Mon Sep 17 00:00:00 2001
From: Mike VanDenburgh <michael.vandenburgh@kitware.com>
Date: Fri, 26 Jul 2024 10:55:23 -0400
Subject: [PATCH 097/131] RF to make template boolean expressions cleaner

---
 .../DandisetLandingView/ContactDialog.vue     | 39 ++++++++++++-------
 1 file changed, 25 insertions(+), 14 deletions(-)

diff --git a/web/src/views/DandisetLandingView/ContactDialog.vue b/web/src/views/DandisetLandingView/ContactDialog.vue
index c4b9ad9c1..301b2f752 100644
--- a/web/src/views/DandisetLandingView/ContactDialog.vue
+++ b/web/src/views/DandisetLandingView/ContactDialog.vue
@@ -33,7 +33,7 @@
       </v-card-title>
       <v-list>
         <v-tooltip
-          :disabled="!(loggedIn() || !isDisabled(owners))"
+          :disabled="!disableDandisetOwnersButton"
           open-on-hover
           left
         >
@@ -42,8 +42,8 @@
             v-on="on"
             >
               <v-list-item
-                :disabled="!loggedIn() || isDisabled(owners)"
-                :href="makeTemplate(owners)"
+                :disabled="disableDandisetOwnersButton"
+                :href="makeTemplate(dandisetOwnerEmails)"
               >
                 <v-icon
                   color="primary"
@@ -57,11 +57,11 @@
             </div>
           </template>
           <span v-if="!loggedIn()"> You must be logged in to contact the owner </span>
-          <span v-if="isDisabled(owners)"> No owner e-mail available </span>
+          <span v-if="!dandisetOwnerEmails?.length"> No owner e-mail available </span>
         </v-tooltip>
       <v-divider />
         <v-tooltip
-            :disabled=!isDisabled(contacts)
+            :disabled="!disableContactPersonButton"
             open-on-hover
             left
           >
@@ -69,8 +69,8 @@
           <template #activator="{ on }">
             <div v-on="on">
               <v-list-item
-                :disabled="isDisabled(contacts)"
-                :href="makeTemplate(contacts)"
+                :disabled="disableContactPersonButton"
+                :href="makeTemplate(dandisetContactPersonEmails)"
               >
                 <v-icon
                   color="primary"
@@ -96,16 +96,24 @@ import { loggedIn } from '@/rest';
 import type { User, Person, Organization, Email} from '@/types';
 
 const store = useDandisetStore();
-const owners = computed(() => store.owners?.map((owner: User) => owner.email));
-const contacts = computed(() =>
-  store.dandiset?.metadata?.contributor?.filter(
+
+const currentDandiset = computed(() => store.dandiset);
+
+const dandisetOwnerEmails = computed(() => store.owners?.map((owner: User) => owner.email));
+
+const dandisetContactPersonEmails = computed(() =>
+  currentDandiset.value?.metadata?.contributor?.filter(
     (contact: Person | Organization) =>
-      contact.roleName?.includes("dcite:ContactPerson"))
+      contact.roleName?.includes("dcite:ContactPerson")
+    )
     .map((contact: Person | Organization) =>
       contact.email as Email
     )
+    // Exclude users missing an email
+    .filter((email?: Email) => email !== undefined)
+    // Exclude users with an empty email
+    .filter((email: Email) => email !== '')
 );
-const currentDandiset = computed(() => store.dandiset);
 
 const makeTemplate = (contacts: string[] | undefined) => {
   if (contacts === undefined) {
@@ -121,8 +129,11 @@ const makeTemplate = (contacts: string[] | undefined) => {
   }
 };
 
-const isDisabled = (contacts: string[] | undefined): boolean =>
-  contacts === undefined || contacts.length === 0 || contacts[0] === '';
+const disableContactPersonButton = computed(() => !dandisetContactPersonEmails.value?.length)
+const disableDandisetOwnersButton = computed(
+  // Only logged in users can access owners' emails
+  () => !loggedIn() || !dandisetOwnerEmails.value?.length
+);
 
 </script>
 <style scoped>

From a5741ddad1a586bf2ebcdc63f6f0865baac1a4ae Mon Sep 17 00:00:00 2001
From: Mike VanDenburgh <michael.vandenburgh@kitware.com>
Date: Fri, 26 Jul 2024 11:00:08 -0400
Subject: [PATCH 098/131] Simplify types

This forces the email arrays to be just `string[]` instead of
`string[] | null`, which makes handling types easier.
---
 web/src/views/DandisetLandingView/ContactDialog.vue | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/web/src/views/DandisetLandingView/ContactDialog.vue b/web/src/views/DandisetLandingView/ContactDialog.vue
index 301b2f752..0ab319ae6 100644
--- a/web/src/views/DandisetLandingView/ContactDialog.vue
+++ b/web/src/views/DandisetLandingView/ContactDialog.vue
@@ -99,7 +99,7 @@ const store = useDandisetStore();
 
 const currentDandiset = computed(() => store.dandiset);
 
-const dandisetOwnerEmails = computed(() => store.owners?.map((owner: User) => owner.email));
+const dandisetOwnerEmails = computed(() => store.owners?.map((owner: User) => owner.email) || []);
 
 const dandisetContactPersonEmails = computed(() =>
   currentDandiset.value?.metadata?.contributor?.filter(
@@ -113,12 +113,10 @@ const dandisetContactPersonEmails = computed(() =>
     .filter((email?: Email) => email !== undefined)
     // Exclude users with an empty email
     .filter((email: Email) => email !== '')
+    || []
 );
 
-const makeTemplate = (contacts: string[] | undefined) => {
-  if (contacts === undefined) {
-    throw new Error('Contact is undefined.');
-  }
+const makeTemplate = (contacts: string[]) => {
   if (currentDandiset.value === undefined) {
     throw new Error('Dandiset is undefined.');
   }

From d4d5010a8c1e2c39f9bff61fff31d0660da234f1 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Thu, 9 May 2024 13:59:54 -0400
Subject: [PATCH 099/131] Add retries to calculate_sha256 task

---
 dandiapi/api/tasks/__init__.py | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/dandiapi/api/tasks/__init__.py b/dandiapi/api/tasks/__init__.py
index 7be0b8ab3..c919debf5 100644
--- a/dandiapi/api/tasks/__init__.py
+++ b/dandiapi/api/tasks/__init__.py
@@ -1,6 +1,9 @@
 from __future__ import annotations
 
+from typing import TYPE_CHECKING
+
 from celery import shared_task
+from celery.exceptions import SoftTimeLimitExceeded
 from celery.utils.log import get_task_logger
 
 from dandiapi.api.doi import delete_doi
@@ -15,6 +18,9 @@
 from dandiapi.api.models import Asset, AssetBlob, Version
 from dandiapi.api.models.dandiset import Dandiset
 
+if TYPE_CHECKING:
+    from uuid import UUID
+
 logger = get_task_logger(__name__)
 
 
@@ -26,10 +32,16 @@ def remove_asset_blob_embargoed_tag_task(blob_id: str) -> None:
     remove_asset_blob_embargoed_tag(asset_blob)
 
 
-@shared_task(queue='calculate_sha256', soft_time_limit=86_400)
-def calculate_sha256(blob_id: str) -> None:
+@shared_task(
+    queue='calculate_sha256',
+    soft_time_limit=86_400,  # 24 hours
+    autoretry_for=(SoftTimeLimitExceeded,),
+    retry_backoff=True,
+    max_retries=3,
+)
+def calculate_sha256(blob_id: str | UUID) -> None:
     asset_blob = AssetBlob.objects.get(blob_id=blob_id)
-    logger.info('Found AssetBlob %s', blob_id)
+    logger.info('Calculating sha256 checksum for asset blob %s', blob_id)
     sha256 = asset_blob.blob.storage.sha256_checksum(asset_blob.blob.name)
 
     # TODO: Run dandi-cli validation

From 83d0c44e01b8ba6580ef94163e54441ac9751443 Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Tue, 30 Jul 2024 14:23:42 +0000
Subject: [PATCH 100/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 900028294..192711626 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,18 @@
+# v0.3.92 (Tue Jul 30 2024)
+
+#### 🐛 Bug Fix
+
+- Add retries to sha256 checksum calculation task [#1937](https://github.com/dandi/dandi-archive/pull/1937) ([@jjnesbitt](https://github.com/jjnesbitt))
+- Contact owner [#1840](https://github.com/dandi/dandi-archive/pull/1840) ([@marySalvi](https://github.com/marySalvi) [@mvandenburgh](https://github.com/mvandenburgh))
+
+#### Authors: 3
+
+- Jacob Nesbitt ([@jjnesbitt](https://github.com/jjnesbitt))
+- Mary Salvi ([@marySalvi](https://github.com/marySalvi))
+- Mike VanDenburgh ([@mvandenburgh](https://github.com/mvandenburgh))
+
+---
+
 # v0.3.91 (Wed Jul 24 2024)
 
 #### 🐛 Bug Fix

From 222a15f80a46d7afab059791bc5a918d5e762ebb Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Fri, 26 Jul 2024 15:23:37 -0400
Subject: [PATCH 101/131] Add tests

---
 dandiapi/api/tests/test_audit.py | 293 +++++++++++++++++++++++++++++++
 1 file changed, 293 insertions(+)
 create mode 100644 dandiapi/api/tests/test_audit.py

diff --git a/dandiapi/api/tests/test_audit.py b/dandiapi/api/tests/test_audit.py
new file mode 100644
index 000000000..deec0fa60
--- /dev/null
+++ b/dandiapi/api/tests/test_audit.py
@@ -0,0 +1,293 @@
+from __future__ import annotations
+
+import base64
+import hashlib
+from typing import TYPE_CHECKING
+
+import pytest
+
+from dandiapi.api.models import AuditRecord, Dandiset
+from dandiapi.api.storage import get_boto_client
+from dandiapi.zarr.models import ZarrArchive
+
+if TYPE_CHECKING:
+    from django.contrib.auth import User
+
+    from dandiapi.api.models.audit import AuditRecordType
+
+
+def verify_model_properties(rec: AuditRecord, user: User):
+    """Assert the correct content of the common AuditRecord fields."""
+    assert rec.username == user.username
+    assert rec.user_email == user.email
+    assert rec.user_fullname == f'{user.first_name} {user.last_name}'
+
+
+def get_latest_audit_record(*, dandiset: Dandiset, record_type: AuditRecordType):
+    """Get the most recent AuditRecord associated with a given Dandiset and record type."""
+    record = (
+        AuditRecord.objects.filter(dandiset_id=dandiset.id, record_type=record_type)
+        .order_by('-timestamp')
+        .first()
+    )
+    assert record is not None
+
+    return record
+
+
+def create_dandiset(
+    api_client,
+    *,
+    user: User,
+    name: str | None = None,
+    metadata: dict | None = None,
+    embargoed: bool = False,
+) -> Dandiset:
+    """Create a Dandiset for testing through the REST API."""
+    name = name or 'Test Dandiset'
+    metadata = metadata or {}
+
+    api_client.force_authenticate(user=user)
+    resp = api_client.post(
+        f'/api/dandisets/{"?embargo=true" if embargoed else ""}',
+        {'name': name, 'metadata': metadata},
+        format='json',
+    )
+    assert resp.status_code == 200
+
+    dandiset_id = int(resp.json()['identifier'])
+    return Dandiset.objects.get(pk=dandiset_id)
+
+
+@pytest.mark.django_db()
+def test_audit_dandiset_lifecycle(user_factory, api_client):
+    """Test the audit records generated during the mainline Dandiset lifecycle."""
+    # Create some users.
+    alice = user_factory()
+    bob = user_factory()
+    charlie = user_factory()
+
+    # Create a Dandiset with specified name and metadata.
+    name = 'Dandiset Extraordinaire'
+    metadata = {'foo': 'bar'}
+    dandiset = create_dandiset(api_client, user=alice, name=name, metadata=metadata)
+
+    # Verify the create_dandiset audit record.
+    rec = get_latest_audit_record(dandiset=dandiset, record_type='create_dandiset')
+    verify_model_properties(rec, alice)
+    assert rec.details['embargoed'] is False
+    for key, value in metadata.items():
+        assert rec.details['metadata'][key] == value
+    assert rec.details['metadata']['name'] == name
+
+    # Change the owners.
+    new_owners = [bob, charlie]
+    resp = api_client.put(
+        f'/api/dandisets/{dandiset.identifier}/users/',
+        [{'username': u.username} for u in new_owners],
+        format='json',
+    )
+    assert resp.status_code == 200
+
+    # Verify the change_owners audit record.
+    def user_info(u):
+        return {
+            'username': u.username,
+            'email': u.email,
+            'name': f'{u.first_name} {u.last_name}',
+        }
+
+    rec = get_latest_audit_record(dandiset=dandiset, record_type='change_owners')
+    verify_model_properties(rec, alice)
+    assert rec.details == {
+        'added_owners': [user_info(u) for u in [bob, charlie]],
+        'removed_owners': [user_info(u) for u in [alice]],
+    }
+
+    # Edit the metadata.
+    metadata = dandiset.draft_version.metadata
+    metadata['foo'] = 'baz'
+
+    api_client.force_authenticate(user=bob)
+    resp = api_client.put(
+        f'/api/dandisets/{dandiset.identifier}/versions/draft/',
+        {
+            'name': 'bar',
+            'metadata': metadata,
+        },
+        format='json',
+    )
+    assert resp.status_code == 200
+
+    # Verify the update_metadata audit record.
+    rec = get_latest_audit_record(dandiset=dandiset, record_type='update_metadata')
+    verify_model_properties(rec, bob)
+    metadata = rec.details['metadata']
+    assert metadata['name'] == 'bar'
+    assert metadata['foo'] == 'baz'
+
+    # Delete the dandiset.
+    resp = api_client.delete(f'/api/dandisets/{dandiset.identifier}/')
+    assert resp.status_code == 204
+
+    # Verify the delete_dandiset audit record
+    rec = get_latest_audit_record(dandiset=dandiset, record_type='delete_dandiset')
+    verify_model_properties(rec, bob)
+    assert rec.details == {}
+
+
+@pytest.mark.django_db(transaction=True)
+def test_audit_unembargo(user, api_client):
+    """Test the unembargo audit record."""
+    # Create an embargoed Dandiset.
+    dandiset = create_dandiset(api_client, user=user, embargoed=True)
+
+    # Verify the create_dandiset record's embargoed field.
+    rec = get_latest_audit_record(dandiset=dandiset, record_type='create_dandiset')
+    verify_model_properties(rec, user)
+    assert rec.details['embargoed'] is True
+
+    # Unembargo the Dandiset.
+    resp = api_client.post(f'/api/dandisets/{dandiset.identifier}/unembargo/')
+    assert resp.status_code == 200
+
+    # Verify the unembargo_dandiset audit record.
+    rec = get_latest_audit_record(dandiset=dandiset, record_type='unembargo_dandiset')
+    verify_model_properties(rec, user)
+    assert rec.details == {}
+
+
+@pytest.mark.django_db()
+def test_audit_asset(user, api_client, asset_blob_factory):
+    """Test the blob-based asset audit records."""
+    # Create a dandiset and some asset blobs.
+    dandiset = create_dandiset(api_client, user=user)
+    blob1 = asset_blob_factory()
+    blob2 = asset_blob_factory()
+
+    # Create a new asset.
+    path = 'foo/bar.txt'
+    resp = api_client.post(
+        f'/api/dandisets/{dandiset.identifier}/versions/draft/assets/',
+        {
+            'blob_id': str(blob1.blob_id),
+            'metadata': {
+                'path': path,
+            },
+        },
+    )
+    assert resp.status_code == 200
+
+    # Verify add_asset audit record.
+    rec = get_latest_audit_record(dandiset=dandiset, record_type='add_asset')
+    verify_model_properties(rec, user)
+    assert rec.details['path'] == path
+    assert rec.details['asset_blob_id'] == blob1.blob_id
+
+    # Update the asset "in place".
+    asset_id = rec.details['asset_id']
+    resp = api_client.put(
+        f'/api/dandisets/{dandiset.identifier}/versions/draft/assets/{asset_id}/',
+        {
+            'blob_id': str(blob2.blob_id),
+            'metadata': {
+                'path': path,
+            },
+        },
+    )
+    assert resp.status_code == 200
+
+    # Verify update_asset audit record.
+    rec = get_latest_audit_record(dandiset=dandiset, record_type='update_asset')
+    verify_model_properties(rec, user)
+    assert rec.details['path'] == path
+    assert rec.details['asset_blob_id'] == blob2.blob_id
+
+    # Delete the asset.
+    asset_id = rec.details['asset_id']
+    resp = api_client.delete(
+        f'/api/dandisets/{dandiset.identifier}/versions/draft/assets/{rec.details["asset_id"]}/',
+    )
+    assert resp.status_code == 204
+
+    # Verify remove_asset audit record.
+    rec = get_latest_audit_record(dandiset=dandiset, record_type='remove_asset')
+    verify_model_properties(rec, user)
+    assert rec.details['path'] == path
+    assert rec.details['asset_id'] == asset_id
+
+
+@pytest.mark.django_db()
+def test_audit_zarr(user, api_client, storage, monkeypatch, settings):
+    """Test the Zarr-based audit records."""
+    # Monkeypatch ZarrArchive so that foobar.
+    monkeypatch.setattr(ZarrArchive, 'storage', storage)
+
+    # Create a Dandiset.
+    dandiset = create_dandiset(api_client, user=user)
+
+    # Create a Zarr archive.
+    resp = api_client.post(
+        '/api/zarr/',
+        {
+            'name': 'Test Zarr',
+            'dandiset': dandiset.identifier,
+        },
+    )
+    assert resp.status_code == 200
+
+    # Verify the create_zarr audit record.
+    zarr_id = resp.json()['zarr_id']
+
+    rec = get_latest_audit_record(dandiset=dandiset, record_type='create_zarr')
+    verify_model_properties(rec, user)
+    assert rec.details['name'] == 'Test Zarr'
+    assert rec.details['zarr_id'] == zarr_id
+
+    # Request some chunk uploads.
+    b64hash = base64.b64encode(hashlib.md5(b'a').hexdigest().encode())
+    paths = ['a.txt', 'b.txt', 'c.txt']
+    resp = api_client.post(
+        f'/api/zarr/{zarr_id}/files/',
+        [{'path': path, 'base64md5': b64hash} for path in paths],
+    )
+    assert resp.status_code == 200
+
+    # Verify the upload_zarr_chunks audit record.
+    rec = get_latest_audit_record(dandiset=dandiset, record_type='upload_zarr_chunks')
+    verify_model_properties(rec, user)
+    assert rec.details['zarr_id'] == zarr_id
+    assert rec.details['paths'] == paths
+
+    # Upload to the presigned URLs.
+    boto = get_boto_client()
+    zarr_archive = ZarrArchive.objects.get(zarr_id=zarr_id)
+    for path in paths:
+        boto.put_object(
+            Bucket=settings.DANDI_DANDISETS_BUCKET_NAME, Key=zarr_archive.s3_path(path), Body=b'a'
+        )
+
+    # Finalize the zarr.
+    resp = api_client.post(
+        f'/api/zarr/{zarr_id}/finalize/',
+    )
+    assert resp.status_code == 204
+
+    # Verify the finalize_zarr audit record.
+    rec = get_latest_audit_record(dandiset=dandiset, record_type='finalize_zarr')
+    verify_model_properties(rec, user)
+    assert rec.details['zarr_id'] == zarr_id
+
+    # Delete some zarr chunks.
+    deleted = ['b.txt', 'c.txt']
+    resp = api_client.delete(
+        f'/api/zarr/{zarr_id}/files/',
+        [{'path': path} for path in deleted],
+    )
+    assert resp.status_code == 204
+
+    # Verify the delete_zarr_chunks audit record.
+    rec = get_latest_audit_record(dandiset=dandiset, record_type='delete_zarr_chunks')
+    verify_model_properties(rec, user)
+    assert rec.details['zarr_id'] == zarr_id
+    assert rec.details['paths'] == deleted

From 3483e503a4b6854fe8362ee14fe49e5fbfe9860d Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Tue, 30 Jul 2024 15:00:01 -0400
Subject: [PATCH 102/131] bugfix: Include correct asset in update_asset record

---
 dandiapi/api/services/asset/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dandiapi/api/services/asset/__init__.py b/dandiapi/api/services/asset/__init__.py
index 3025eafd2..7e10c7d3b 100644
--- a/dandiapi/api/services/asset/__init__.py
+++ b/dandiapi/api/services/asset/__init__.py
@@ -99,7 +99,7 @@ def change_asset(  # noqa: PLR0913
         new_asset.previous = asset
         new_asset.save()
 
-        audit.update_asset(dandiset=version.dandiset, user=user, asset=asset)
+        audit.update_asset(dandiset=version.dandiset, user=user, asset=new_asset)
 
     return new_asset, True
 

From 4a33a6bbb21b6b9ed6a3e6ea36c1c6a5b732598c Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Tue, 30 Jul 2024 15:00:33 -0400
Subject: [PATCH 103/131] bugfix: Pass correct and stringified ID values in
 asset/zarr records

---
 dandiapi/api/services/audit/__init__.py | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/dandiapi/api/services/audit/__init__.py b/dandiapi/api/services/audit/__init__.py
index 12f49d892..adad72b1a 100644
--- a/dandiapi/api/services/audit/__init__.py
+++ b/dandiapi/api/services/audit/__init__.py
@@ -70,9 +70,9 @@ def _asset_details(asset: Asset) -> dict:
 
     return {
         'path': asset.path,
-        'asset_blob_id': asset.blob and asset.blob.id,
-        'zarr_archive_id': asset.zarr and asset.zarr.id,
-        'asset_id': asset.id,
+        'asset_blob_id': asset.blob and str(asset.blob.blob_id),
+        'zarr_archive_id': asset.zarr and str(asset.zarr.zarr_id),
+        'asset_id': str(asset.asset_id),
         'checksum': checksum,
         'metadata': asset.metadata,
     }
@@ -95,7 +95,7 @@ def update_asset(*, dandiset: Dandiset, user: User, asset: Asset) -> AuditRecord
 def remove_asset(*, dandiset: Dandiset, user: User, asset: Asset) -> AuditRecord:
     details = {
         'path': asset.path,
-        'asset_id': asset.id,
+        'asset_id': str(asset.asset_id),
     }
     return _make_audit_record(
         dandiset=dandiset, user=user, record_type='remove_asset', details=details
@@ -104,7 +104,7 @@ def remove_asset(*, dandiset: Dandiset, user: User, asset: Asset) -> AuditRecord
 
 def create_zarr(*, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive) -> AuditRecord:
     details = {
-        'zarr_id': zarr_archive.id,
+        'zarr_id': str(zarr_archive.zarr_id),
         'name': zarr_archive.name,
     }
     return _make_audit_record(
@@ -116,7 +116,7 @@ def upload_zarr_chunks(
     *, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive, paths: list[str]
 ) -> AuditRecord:
     details = {
-        'zarr_id': zarr_archive.id,
+        'zarr_id': str(zarr_archive.zarr_id),
         'paths': paths,
     }
     return _make_audit_record(
@@ -128,7 +128,7 @@ def delete_zarr_chunks(
     *, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive, paths: list[str]
 ) -> AuditRecord:
     details = {
-        'zarr_id': zarr_archive.id,
+        'zarr_id': str(zarr_archive.zarr_id),
         'paths': paths,
     }
     return _make_audit_record(
@@ -138,7 +138,7 @@ def delete_zarr_chunks(
 
 def finalize_zarr(*, dandiset: Dandiset, user: User, zarr_archive: ZarrArchive) -> AuditRecord:
     details = {
-        'zarr_id': zarr_archive.id,
+        'zarr_id': str(zarr_archive.zarr_id),
     }
     return _make_audit_record(
         dandiset=dandiset, user=user, record_type='finalize_zarr', details=details

From b5ad8b2ee8b0f8ac78f063546b612bf45c7bfa1b Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 7 Aug 2024 10:09:43 -0400
Subject: [PATCH 104/131] Split long tests up into individual tests

---
 dandiapi/api/tests/test_audit.py | 218 ++++++++++++++++++++++++-------
 1 file changed, 169 insertions(+), 49 deletions(-)

diff --git a/dandiapi/api/tests/test_audit.py b/dandiapi/api/tests/test_audit.py
index deec0fa60..19fcd89f1 100644
--- a/dandiapi/api/tests/test_audit.py
+++ b/dandiapi/api/tests/test_audit.py
@@ -4,6 +4,7 @@
 import hashlib
 from typing import TYPE_CHECKING
 
+from guardian.shortcuts import assign_perm
 import pytest
 
 from dandiapi.api.models import AuditRecord, Dandiset
@@ -60,28 +61,36 @@ def create_dandiset(
 
 
 @pytest.mark.django_db()
-def test_audit_dandiset_lifecycle(user_factory, api_client):
-    """Test the audit records generated during the mainline Dandiset lifecycle."""
-    # Create some users.
-    alice = user_factory()
-    bob = user_factory()
-    charlie = user_factory()
-
+def test_audit_create_dandiset(api_client, user):
+    """Test create_dandiset audit record."""
     # Create a Dandiset with specified name and metadata.
     name = 'Dandiset Extraordinaire'
     metadata = {'foo': 'bar'}
-    dandiset = create_dandiset(api_client, user=alice, name=name, metadata=metadata)
+    dandiset = create_dandiset(api_client, user=user, name=name, metadata=metadata)
 
     # Verify the create_dandiset audit record.
     rec = get_latest_audit_record(dandiset=dandiset, record_type='create_dandiset')
-    verify_model_properties(rec, alice)
+    verify_model_properties(rec, user)
     assert rec.details['embargoed'] is False
     for key, value in metadata.items():
         assert rec.details['metadata'][key] == value
     assert rec.details['metadata']['name'] == name
 
+
+@pytest.mark.django_db()
+def test_audit_change_owners(api_client, user_factory, draft_version):
+    """Test the change_owners audit record."""
+    # Create some users.
+    alice = user_factory()
+    bob = user_factory()
+    charlie = user_factory()
+
+    dandiset = draft_version.dandiset
+    assign_perm('owner', alice, dandiset)
+
     # Change the owners.
     new_owners = [bob, charlie]
+    api_client.force_authenticate(user=alice)
     resp = api_client.put(
         f'/api/dandisets/{dandiset.identifier}/users/',
         [{'username': u.username} for u in new_owners],
@@ -104,15 +113,22 @@ def user_info(u):
         'removed_owners': [user_info(u) for u in [alice]],
     }
 
-    # Edit the metadata.
-    metadata = dandiset.draft_version.metadata
-    metadata['foo'] = 'baz'
 
-    api_client.force_authenticate(user=bob)
+@pytest.mark.django_db()
+def test_audit_update_metadata(api_client, draft_version, user):
+    # Create a Dandiset.
+    dandiset = draft_version.dandiset
+    assign_perm('owner', user, dandiset)
+
+    # Edit its metadata.
+    metadata = draft_version.metadata
+    metadata['foo'] = 'bar'
+
+    api_client.force_authenticate(user=user)
     resp = api_client.put(
         f'/api/dandisets/{dandiset.identifier}/versions/draft/',
         {
-            'name': 'bar',
+            'name': 'baz',
             'metadata': metadata,
         },
         format='json',
@@ -121,23 +137,31 @@ def user_info(u):
 
     # Verify the update_metadata audit record.
     rec = get_latest_audit_record(dandiset=dandiset, record_type='update_metadata')
-    verify_model_properties(rec, bob)
+    verify_model_properties(rec, user)
     metadata = rec.details['metadata']
-    assert metadata['name'] == 'bar'
-    assert metadata['foo'] == 'baz'
+    assert metadata['name'] == 'baz'
+    assert metadata['foo'] == 'bar'
+
+
+@pytest.mark.django_db()
+def test_audit_delete_dandiset(api_client, user, draft_version):
+    # Create a Dandiset.
+    dandiset = draft_version.dandiset
+    assign_perm('owner', user, dandiset)
 
     # Delete the dandiset.
+    api_client.force_authenticate(user=user)
     resp = api_client.delete(f'/api/dandisets/{dandiset.identifier}/')
     assert resp.status_code == 204
 
     # Verify the delete_dandiset audit record
     rec = get_latest_audit_record(dandiset=dandiset, record_type='delete_dandiset')
-    verify_model_properties(rec, bob)
+    verify_model_properties(rec, user)
     assert rec.details == {}
 
 
 @pytest.mark.django_db(transaction=True)
-def test_audit_unembargo(user, api_client):
+def test_audit_unembargo(api_client, user):
     """Test the unembargo audit record."""
     # Create an embargoed Dandiset.
     dandiset = create_dandiset(api_client, user=user, embargoed=True)
@@ -158,19 +182,19 @@ def test_audit_unembargo(user, api_client):
 
 
 @pytest.mark.django_db()
-def test_audit_asset(user, api_client, asset_blob_factory):
-    """Test the blob-based asset audit records."""
-    # Create a dandiset and some asset blobs.
-    dandiset = create_dandiset(api_client, user=user)
-    blob1 = asset_blob_factory()
-    blob2 = asset_blob_factory()
-
-    # Create a new asset.
+def test_audit_add_asset(api_client, user, draft_version, asset_blob_factory):
+    # Create a Dandiset.
+    dandiset = draft_version.dandiset
+    assign_perm('owner', user, dandiset)
+
+    # Add a new asset.
+    blob = asset_blob_factory()
     path = 'foo/bar.txt'
+    api_client.force_authenticate(user=user)
     resp = api_client.post(
         f'/api/dandisets/{dandiset.identifier}/versions/draft/assets/',
         {
-            'blob_id': str(blob1.blob_id),
+            'blob_id': str(blob.blob_id),
             'metadata': {
                 'path': path,
             },
@@ -182,14 +206,29 @@ def test_audit_asset(user, api_client, asset_blob_factory):
     rec = get_latest_audit_record(dandiset=dandiset, record_type='add_asset')
     verify_model_properties(rec, user)
     assert rec.details['path'] == path
-    assert rec.details['asset_blob_id'] == blob1.blob_id
+    assert rec.details['asset_blob_id'] == blob.blob_id
+
+
+@pytest.mark.django_db()
+def test_audit_update_asset(
+    api_client, user, draft_version, asset_blob_factory, draft_asset_factory
+):
+    # Create a Dandiset with an asset.
+    dandiset = draft_version.dandiset
+    assign_perm('owner', user, dandiset)
+
+    path = 'foo/bar.txt'
+    asset = draft_asset_factory(path=path)
+    asset.versions.add(draft_version)
 
-    # Update the asset "in place".
-    asset_id = rec.details['asset_id']
+    # Replace the asset.
+    asset_id = asset.asset_id
+    blob = asset_blob_factory()
+    api_client.force_authenticate(user=user)
     resp = api_client.put(
         f'/api/dandisets/{dandiset.identifier}/versions/draft/assets/{asset_id}/',
         {
-            'blob_id': str(blob2.blob_id),
+            'blob_id': str(blob.blob_id),
             'metadata': {
                 'path': path,
             },
@@ -201,12 +240,26 @@ def test_audit_asset(user, api_client, asset_blob_factory):
     rec = get_latest_audit_record(dandiset=dandiset, record_type='update_asset')
     verify_model_properties(rec, user)
     assert rec.details['path'] == path
-    assert rec.details['asset_blob_id'] == blob2.blob_id
+    assert rec.details['asset_blob_id'] == blob.blob_id
+
+
+@pytest.mark.django_db()
+def test_audit_remove_asset(
+    api_client, user, draft_version, asset_blob_factory, draft_asset_factory
+):
+    # Create a Dandiset with an asset.
+    dandiset = draft_version.dandiset
+    assign_perm('owner', user, dandiset)
+
+    path = 'foo/bar.txt'
+    asset = draft_asset_factory(path=path)
+    asset.versions.add(draft_version)
 
     # Delete the asset.
-    asset_id = rec.details['asset_id']
+    asset_id = asset.asset_id
+    api_client.force_authenticate(user=user)
     resp = api_client.delete(
-        f'/api/dandisets/{dandiset.identifier}/versions/draft/assets/{rec.details["asset_id"]}/',
+        f'/api/dandisets/{dandiset.identifier}/versions/draft/assets/{asset_id}/',
     )
     assert resp.status_code == 204
 
@@ -214,19 +267,17 @@ def test_audit_asset(user, api_client, asset_blob_factory):
     rec = get_latest_audit_record(dandiset=dandiset, record_type='remove_asset')
     verify_model_properties(rec, user)
     assert rec.details['path'] == path
-    assert rec.details['asset_id'] == asset_id
+    assert rec.details['asset_id'] == str(asset_id)
 
 
 @pytest.mark.django_db()
-def test_audit_zarr(user, api_client, storage, monkeypatch, settings):
-    """Test the Zarr-based audit records."""
-    # Monkeypatch ZarrArchive so that foobar.
-    monkeypatch.setattr(ZarrArchive, 'storage', storage)
-
+def test_audit_zarr_create(api_client, user, draft_version):
     # Create a Dandiset.
-    dandiset = create_dandiset(api_client, user=user)
+    dandiset = draft_version.dandiset
+    assign_perm('owner', user, dandiset)
 
     # Create a Zarr archive.
+    api_client.force_authenticate(user=user)
     resp = api_client.post(
         '/api/zarr/',
         {
@@ -244,11 +295,22 @@ def test_audit_zarr(user, api_client, storage, monkeypatch, settings):
     assert rec.details['name'] == 'Test Zarr'
     assert rec.details['zarr_id'] == zarr_id
 
+
+@pytest.mark.django_db()
+def test_audit_upload_zarr_chunks(api_client, user, draft_version, zarr_archive_factory, storage):
+    ZarrArchive.storage = storage
+
+    # Create a Dandiset and a Zarr archive.
+    dandiset = draft_version.dandiset
+    assign_perm('owner', user, dandiset)
+    zarr = zarr_archive_factory(dandiset=dandiset)
+
     # Request some chunk uploads.
     b64hash = base64.b64encode(hashlib.md5(b'a').hexdigest().encode())
     paths = ['a.txt', 'b.txt', 'c.txt']
+    api_client.force_authenticate(user=user)
     resp = api_client.post(
-        f'/api/zarr/{zarr_id}/files/',
+        f'/api/zarr/{zarr.zarr_id}/files/',
         [{'path': path, 'base64md5': b64hash} for path in paths],
     )
     assert resp.status_code == 200
@@ -256,12 +318,34 @@ def test_audit_zarr(user, api_client, storage, monkeypatch, settings):
     # Verify the upload_zarr_chunks audit record.
     rec = get_latest_audit_record(dandiset=dandiset, record_type='upload_zarr_chunks')
     verify_model_properties(rec, user)
-    assert rec.details['zarr_id'] == zarr_id
+    assert rec.details['zarr_id'] == zarr.zarr_id
     assert rec.details['paths'] == paths
 
+
+@pytest.mark.django_db()
+def test_audit_finalize_zarr(
+    api_client, user, draft_version, zarr_archive_factory, storage, settings
+):
+    ZarrArchive.storage = storage
+
+    # Create a Dandiset and a Zarr archive.
+    dandiset = draft_version.dandiset
+    assign_perm('owner', user, dandiset)
+    zarr = zarr_archive_factory(dandiset=dandiset)
+
+    # Request some chunk uploads.
+    b64hash = base64.b64encode(hashlib.md5(b'a').hexdigest().encode())
+    paths = ['a.txt', 'b.txt', 'c.txt']
+    api_client.force_authenticate(user=user)
+    resp = api_client.post(
+        f'/api/zarr/{zarr.zarr_id}/files/',
+        [{'path': path, 'base64md5': b64hash} for path in paths],
+    )
+    assert resp.status_code == 200
+
     # Upload to the presigned URLs.
     boto = get_boto_client()
-    zarr_archive = ZarrArchive.objects.get(zarr_id=zarr_id)
+    zarr_archive = ZarrArchive.objects.get(zarr_id=zarr.zarr_id)
     for path in paths:
         boto.put_object(
             Bucket=settings.DANDI_DANDISETS_BUCKET_NAME, Key=zarr_archive.s3_path(path), Body=b'a'
@@ -269,19 +353,55 @@ def test_audit_zarr(user, api_client, storage, monkeypatch, settings):
 
     # Finalize the zarr.
     resp = api_client.post(
-        f'/api/zarr/{zarr_id}/finalize/',
+        f'/api/zarr/{zarr.zarr_id}/finalize/',
     )
     assert resp.status_code == 204
 
     # Verify the finalize_zarr audit record.
     rec = get_latest_audit_record(dandiset=dandiset, record_type='finalize_zarr')
     verify_model_properties(rec, user)
-    assert rec.details['zarr_id'] == zarr_id
+    assert rec.details['zarr_id'] == zarr.zarr_id
+
+
+@pytest.mark.django_db()
+def test_audit_delete_zarr_chunks(
+    api_client, user, draft_version, zarr_archive_factory, storage, settings
+):
+    ZarrArchive.storage = storage
+
+    # Create a Dandiset and a Zarr archive.
+    dandiset = draft_version.dandiset
+    assign_perm('owner', user, dandiset)
+    zarr = zarr_archive_factory(dandiset=dandiset)
+
+    # Request some chunk uploads.
+    b64hash = base64.b64encode(hashlib.md5(b'a').hexdigest().encode())
+    paths = ['a.txt', 'b.txt', 'c.txt']
+    api_client.force_authenticate(user=user)
+    resp = api_client.post(
+        f'/api/zarr/{zarr.zarr_id}/files/',
+        [{'path': path, 'base64md5': b64hash} for path in paths],
+    )
+    assert resp.status_code == 200
+
+    # Upload to the presigned URLs.
+    boto = get_boto_client()
+    zarr_archive = ZarrArchive.objects.get(zarr_id=zarr.zarr_id)
+    for path in paths:
+        boto.put_object(
+            Bucket=settings.DANDI_DANDISETS_BUCKET_NAME, Key=zarr_archive.s3_path(path), Body=b'a'
+        )
+
+    # Finalize the zarr.
+    resp = api_client.post(
+        f'/api/zarr/{zarr.zarr_id}/finalize/',
+    )
+    assert resp.status_code == 204
 
     # Delete some zarr chunks.
     deleted = ['b.txt', 'c.txt']
     resp = api_client.delete(
-        f'/api/zarr/{zarr_id}/files/',
+        f'/api/zarr/{zarr.zarr_id}/files/',
         [{'path': path} for path in deleted],
     )
     assert resp.status_code == 204
@@ -289,5 +409,5 @@ def test_audit_zarr(user, api_client, storage, monkeypatch, settings):
     # Verify the delete_zarr_chunks audit record.
     rec = get_latest_audit_record(dandiset=dandiset, record_type='delete_zarr_chunks')
     verify_model_properties(rec, user)
-    assert rec.details['zarr_id'] == zarr_id
+    assert rec.details['zarr_id'] == zarr.zarr_id
     assert rec.details['paths'] == deleted

From 7e04c83b8d4c0e081f6cc7b0420dd721731ea014 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Thu, 8 Aug 2024 11:31:31 -0400
Subject: [PATCH 105/131] Use nested transaction to handle integrity error

The notes in the "avoid catching exceptions" callout here
(https://docs.djangoproject.com/en/5.0/topics/db/transactions/#controlling-transactions-explicitly)
say to do something like this to isolate error handling without stepping
on the operation of the transactions themselves.
---
 dandiapi/zarr/views/__init__.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/dandiapi/zarr/views/__init__.py b/dandiapi/zarr/views/__init__.py
index a6110107f..3b9ed48ff 100644
--- a/dandiapi/zarr/views/__init__.py
+++ b/dandiapi/zarr/views/__init__.py
@@ -139,13 +139,14 @@ def create(self, request):
         if dandiset.embargo_status != Dandiset.EmbargoStatus.OPEN:
             raise ValidationError('Cannot add zarr to embargoed dandiset')
         zarr_archive: ZarrArchive = ZarrArchive(name=name, dandiset=dandiset)
-        try:
-            with transaction.atomic():
-                zarr_archive.save()
+        with transaction.atomic():
+            try:
+                with transaction.atomic():
+                    zarr_archive.save()
+            except IntegrityError as e:
+                raise ValidationError('Zarr already exists') from e
 
-                audit.create_zarr(dandiset=dandiset, user=request.user, zarr_archive=zarr_archive)
-        except IntegrityError as e:
-            raise ValidationError('Zarr already exists') from e
+            audit.create_zarr(dandiset=dandiset, user=request.user, zarr_archive=zarr_archive)
 
         serializer = ZarrSerializer(instance=zarr_archive)
         return Response(serializer.data, status=status.HTTP_200_OK)

From 1a0faf7a49ceafd1db19e0e3113d2c1c792213ad Mon Sep 17 00:00:00 2001
From: Roni Choudhury <2903332+waxlamp@users.noreply.github.com>
Date: Thu, 8 Aug 2024 16:48:25 -0400
Subject: [PATCH 106/131] Add explanatory comment

Co-authored-by: Jacob Nesbitt <jjnesbitt2@gmail.com>
---
 dandiapi/zarr/views/__init__.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dandiapi/zarr/views/__init__.py b/dandiapi/zarr/views/__init__.py
index 3b9ed48ff..39510008d 100644
--- a/dandiapi/zarr/views/__init__.py
+++ b/dandiapi/zarr/views/__init__.py
@@ -140,6 +140,7 @@ def create(self, request):
             raise ValidationError('Cannot add zarr to embargoed dandiset')
         zarr_archive: ZarrArchive = ZarrArchive(name=name, dandiset=dandiset)
         with transaction.atomic():
+            # Use nested transaction block to prevent zarr creation race condition
             try:
                 with transaction.atomic():
                     zarr_archive.save()

From 9a2a2b2084c7031783a6d0e547e467e13b336726 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Thu, 8 Aug 2024 20:06:10 -0400
Subject: [PATCH 107/131] Disable complexity warning on users view

---
 dandiapi/api/views/dandiset.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dandiapi/api/views/dandiset.py b/dandiapi/api/views/dandiset.py
index f78c57b63..0e6790ee3 100644
--- a/dandiapi/api/views/dandiset.py
+++ b/dandiapi/api/views/dandiset.py
@@ -376,7 +376,7 @@ def unembargo(self, request, dandiset__pk):
     )
     # TODO: move these into a viewset
     @action(methods=['GET', 'PUT'], detail=True)
-    def users(self, request, dandiset__pk):
+    def users(self, request, dandiset__pk):  # noqa: C901
         dandiset: Dandiset = self.get_object()
         if request.method == 'PUT':
             if dandiset.unembargo_in_progress:

From 38c2d10cb523659f430d1d902cc4bee496f58e84 Mon Sep 17 00:00:00 2001
From: Mike VanDenburgh <michael.vandenburgh@kitware.com>
Date: Fri, 9 Aug 2024 12:05:56 -0400
Subject: [PATCH 108/131] Upgrade oauth client package

---
 web/package.json |  2 +-
 web/src/rest.ts  |  2 +-
 web/yarn.lock    | 57 ++++++++++++++++++++++++++----------------------
 3 files changed, 33 insertions(+), 28 deletions(-)

diff --git a/web/package.json b/web/package.json
index 543fd2205..8f1bbee11 100644
--- a/web/package.json
+++ b/web/package.json
@@ -10,8 +10,8 @@
   },
   "dependencies": {
     "@apidevtools/json-schema-ref-parser": "^9.0.7",
-    "@girder/oauth-client": "^0.8.0",
     "@koumoul/vjsf": "2.23.3",
+    "@resonant/oauth-client": "^0.9.0",
     "@sentry/integrations": "^7.88.0",
     "@sentry/vue": "^7.88.0",
     "ajv": "^8.12.0",
diff --git a/web/src/rest.ts b/web/src/rest.ts
index 4e3775d17..69922b1e3 100644
--- a/web/src/rest.ts
+++ b/web/src/rest.ts
@@ -1,7 +1,7 @@
 import type { AxiosRequestConfig, AxiosResponse } from 'axios';
 import axios from 'axios';
 import { ref } from 'vue';
-import OAuthClient from '@girder/oauth-client';
+import OAuthClient from '@resonant/oauth-client';
 import type {
   Asset,
   Dandiset,
diff --git a/web/yarn.lock b/web/yarn.lock
index 8ea2800e3..74f8fe755 100644
--- a/web/yarn.lock
+++ b/web/yarn.lock
@@ -81,13 +81,6 @@
   resolved "https://registry.yarnpkg.com/@eslint/js/-/js-8.53.0.tgz#bea56f2ed2b5baea164348ff4d5a879f6f81f20d"
   integrity sha512-Kn7K8dx/5U6+cT1yEhpX1w4PCSg0M+XyRILPgvwcEBjerFWCwQj5sbr3/VmxqV0JGHCBCzyd6LxypEuehypY1w==
 
-"@girder/oauth-client@^0.8.0":
-  version "0.8.0"
-  resolved "https://registry.yarnpkg.com/@girder/oauth-client/-/oauth-client-0.8.0.tgz#6bb6c85edd6cf7892c35ff2951076c49809b048c"
-  integrity sha512-uOEKyerB3BArN/t4UJxA2+L35ykidk60RNN+XwFXlVUVjZMuajaLFB6/r53Tr977/k8D1RJnBjosAfgl7oLTzg==
-  dependencies:
-    "@openid/appauth" "^1.3.0"
-
 "@humanwhocodes/config-array@^0.11.13":
   version "0.11.13"
   resolved "https://registry.yarnpkg.com/@humanwhocodes/config-array/-/config-array-0.11.13.tgz#075dc9684f40a531d9b26b0822153c1e832ee297"
@@ -213,18 +206,25 @@
     "@nodelib/fs.scandir" "2.1.5"
     fastq "^1.6.0"
 
-"@openid/appauth@^1.3.0":
-  version "1.3.1"
-  resolved "https://registry.yarnpkg.com/@openid/appauth/-/appauth-1.3.1.tgz#851e86507b95f9bbe1d05374eb62aaf9b2378f9b"
-  integrity sha512-e54kpi219wES2ijPzeHe1kMnT8VKH8YeTd1GAn9BzVBmutz3tBgcG1y8a4pziNr4vNjFnuD4W446Ua7ELnNDiA==
+"@openid/appauth@^1.3.2":
+  version "1.3.2"
+  resolved "https://registry.yarnpkg.com/@openid/appauth/-/appauth-1.3.2.tgz#d4deb26717e79fc291208df9eaf92eb1b7812877"
+  integrity sha512-NoOejniaqzOEbHg3RcBZtTriYqhqpQFgTC4lDNaRbgRCnpz6n8PlxWlCbh2N1K5qKawfxRP29/Wiho3FrXQ3Qw==
   dependencies:
-    "@types/base64-js" "^1.3.0"
-    "@types/jquery" "^3.5.5"
+    "@types/base64-js" "^1.3.2"
+    "@types/jquery" "^3.5.29"
     base64-js "^1.5.1"
-    follow-redirects "^1.13.3"
+    follow-redirects "^1.15.6"
     form-data "^4.0.0"
     opener "^1.5.2"
 
+"@resonant/oauth-client@^0.9.0":
+  version "0.9.0"
+  resolved "https://registry.yarnpkg.com/@resonant/oauth-client/-/oauth-client-0.9.0.tgz#cb8630ae7f6f59c35da8f405e4a62b10da05fcfc"
+  integrity sha512-7WaDZeukUw11AlmMD9xJn3fuzWn6YdldfcOFL/IwNNDCbnj2l2LP+0r3Q0PfsAKSAdMiF8Eir7v9Kw3PFJ0buQ==
+  dependencies:
+    "@openid/appauth" "^1.3.2"
+
 "@rollup/plugin-inject@^5.0.5":
   version "5.0.5"
   resolved "https://registry.yarnpkg.com/@rollup/plugin-inject/-/plugin-inject-5.0.5.tgz#616f3a73fe075765f91c5bec90176608bed277a3"
@@ -348,10 +348,10 @@
   resolved "https://registry.yarnpkg.com/@tsconfig/node16/-/node16-1.0.4.tgz#0b92dcc0cc1c81f6f306a381f28e31b1a56536e9"
   integrity sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==
 
-"@types/base64-js@^1.3.0":
-  version "1.3.1"
-  resolved "https://registry.yarnpkg.com/@types/base64-js/-/base64-js-1.3.1.tgz#aac34ef23bfb96c33185642c11277a98007f4ecb"
-  integrity sha512-7fyfhnFLgedv3df+c6XkOQOOPrcCCFSxVfxY+HJwSXFp3GixW+DjArUIGXz8/Nqygcrl7mJLgZCO99BkRvaDYw==
+"@types/base64-js@^1.3.2":
+  version "1.3.2"
+  resolved "https://registry.yarnpkg.com/@types/base64-js/-/base64-js-1.3.2.tgz#9e94abe3c521f4127f2e6a8b537b63bbc04d0956"
+  integrity sha512-Q2Xn2/vQHRGLRXhQ5+BSLwhHkR3JVflxVKywH0Q6fVoAiUE8fFYL2pE5/l2ZiOiBDfA8qUqRnSxln4G/NFz1Sg==
 
 "@types/dompurify@^3.0.1":
   version "3.0.4"
@@ -365,10 +365,10 @@
   resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.4.tgz#d9748f5742171b26218516cf1828b8eafaf8a9fa"
   integrity sha512-2JwWnHK9H+wUZNorf2Zr6ves96WHoWDJIftkcxPKsS7Djta6Zu519LarhRNljPXkpsZR2ZMwNCPeW7omW07BJw==
 
-"@types/jquery@^3.5.5":
-  version "3.5.26"
-  resolved "https://registry.yarnpkg.com/@types/jquery/-/jquery-3.5.26.tgz#af9e5bf442b2ed813eb6a73c06c714621f68e9de"
-  integrity sha512-wWYf2NBI6b+1RPQY86B74HSgZNsLAUtr4eFlGQoOQPJw/B3mCMfwWCflZWQ7OKtAB18MJCcYpL6+0NZbMIXl5g==
+"@types/jquery@^3.5.29":
+  version "3.5.30"
+  resolved "https://registry.yarnpkg.com/@types/jquery/-/jquery-3.5.30.tgz#888d584cbf844d3df56834b69925085038fd80f7"
+  integrity sha512-nbWKkkyb919DOUxjmRVk8vwtDb0/k8FKncmUKFi+NY+QXqWltooxTrswvz4LspQwxvLdvzBN1TImr6cw3aQx2A==
   dependencies:
     "@types/sizzle" "*"
 
@@ -408,9 +408,9 @@
   integrity sha512-MMzuxN3GdFwskAnb6fz0orFvhfqi752yjaXylr0Rp4oDg5H0Zn1IuyRhDVvYOwAXoJirx2xuS16I3WjxnAIHiQ==
 
 "@types/sizzle@*":
-  version "2.3.5"
-  resolved "https://registry.yarnpkg.com/@types/sizzle/-/sizzle-2.3.5.tgz#d93dd29cdcd5801d90be968073b09a6b370780e4"
-  integrity sha512-tAe4Q+OLFOA/AMD+0lq8ovp8t3ysxAOeaScnfNdZpUxaGl51ZMDEITxkvFl1STudQ58mz6gzVGl9VhMKhwRnZQ==
+  version "2.3.8"
+  resolved "https://registry.yarnpkg.com/@types/sizzle/-/sizzle-2.3.8.tgz#518609aefb797da19bf222feb199e8f653ff7627"
+  integrity sha512-0vWLNK2D5MT9dg0iOo8GlKguPAU02QjmZitPEsXRuJXU/OGIOt9vT9Fc26wtYuavLxtO45v9PGleoL9Z0k1LHg==
 
 "@types/trusted-types@*":
   version "2.0.5"
@@ -1879,11 +1879,16 @@ flatted@^3.2.9:
   resolved "https://registry.yarnpkg.com/flatted/-/flatted-3.2.9.tgz#7eb4c67ca1ba34232ca9d2d93e9886e611ad7daf"
   integrity sha512-36yxDn5H7OFZQla0/jFJmbIKTdZAQHngCedGxiMmpNfEZM0sdEeT+WczLQrjK6D7o2aiyLYDnkw0R3JK0Qv1RQ==
 
-follow-redirects@^1.13.3, follow-redirects@^1.14.0:
+follow-redirects@^1.14.0:
   version "1.15.3"
   resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.3.tgz#fe2f3ef2690afce7e82ed0b44db08165b207123a"
   integrity sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==
 
+follow-redirects@^1.15.6:
+  version "1.15.6"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.6.tgz#7f815c0cda4249c74ff09e95ef97c23b5fd0399b"
+  integrity sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==
+
 for-each@^0.3.3:
   version "0.3.3"
   resolved "https://registry.yarnpkg.com/for-each/-/for-each-0.3.3.tgz#69b447e88a0a5d32c3e7084f3f1710034b21376e"

From 49a61f665c825f07f57d9a7e77ec786bee72c6e4 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Fri, 9 Aug 2024 09:56:24 -0400
Subject: [PATCH 109/131] Change `docker-compose` to `docker compose` in CI
 specs

This change fixes failing tests in CI (where the `docker-compose`
program has been replaced with the `docker compose` suite of commands).
---
 .github/workflows/cli-integration.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/cli-integration.yml b/.github/workflows/cli-integration.yml
index 7853a2628..b459b60da 100644
--- a/.github/workflows/cli-integration.yml
+++ b/.github/workflows/cli-integration.yml
@@ -84,12 +84,12 @@ jobs:
       - name: Dump Docker Compose logs
         if: failure()
         run: |
-          docker-compose \
+          docker compose \
             -f "$pythonLocation/lib/python${{ matrix.python }}/site-packages/dandi/tests/data/dandiarchive-docker/docker-compose.yml" \
             logs --timestamps
 
       - name: Shut down Docker Compose
         run: |
-          docker-compose \
+          docker compose \
             -f "$pythonLocation/lib/python${{ matrix.python }}/site-packages/dandi/tests/data/dandiarchive-docker/docker-compose.yml" \
             down -v

From 5f488516649dc0da8469f7add712257d627ef6cb Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Fri, 9 Aug 2024 16:10:14 -0400
Subject: [PATCH 110/131] Change "docker-compose" to "docker compose"
 throughout documentation

---
 DEVELOPMENT.md        | 26 +++++++++++++-------------
 dev/django.Dockerfile |  2 +-
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
index a6efafff4..3484b8c9d 100644
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@@ -4,25 +4,25 @@
 This is the simplest configuration for developers to start with.
 
 ### Initial Setup
-1. Run `docker-compose run --rm django ./manage.py migrate`
-2. Run `docker-compose run --rm django ./manage.py createcachetable`
-3. Run `docker-compose run --rm django ./manage.py createsuperuser --email $(git config user.email)`
+1. Run `docker compose run --rm django ./manage.py migrate`
+2. Run `docker compose run --rm django ./manage.py createcachetable`
+3. Run `docker compose run --rm django ./manage.py createsuperuser --email $(git config user.email)`
    and follow the prompts to create your own user.
    This sets your username to your git email to ensure parity with how GitHub logins work. You can also replace the command substitution expression with a literal email address, or omit the `--email` option entirely to run the command in interactive mode.
-4. Run `docker-compose run --rm django ./manage.py create_dev_dandiset --owner $(git config user.email)`
+4. Run `docker compose run --rm django ./manage.py create_dev_dandiset --owner $(git config user.email)`
    to create a dummy dandiset to start working with.
 
 ### Run Application
-1. Run `docker-compose up`
+1. Run `docker compose up`
 2. Access the site, starting at http://localhost:8000/admin/
 3. When finished, use `Ctrl+C`
 
 ### Application Maintenance
 Occasionally, new package dependencies or schema changes will necessitate
 maintenance. To non-destructively update your development stack at any time:
-1. Run `docker-compose pull`
-2. Run `docker-compose build --pull --no-cache`
-3. Run `docker-compose run --rm django ./manage.py migrate`
+1. Run `docker compose pull`
+2. Run `docker compose build --pull --no-cache`
+3. Run `docker compose run --rm django ./manage.py migrate`
 
 ## Develop Natively (advanced)
 This configuration still uses Docker to run attached services in the background,
@@ -30,7 +30,7 @@ but allows developers to run Python code on their native system.
 
 ### Initial Setup
 1. Install [Docker](https://docs.docker.com/engine/install/) and [Docker Compose](https://docs.docker.com/compose/install/)
-2. Run `docker-compose -f ./docker-compose.yml up -d`
+2. Run `docker compose -f ./docker-compose.yml up -d`
 3. Install Python 3.11
 4. Install
   [`psycopg2` build prerequisites](https://www.psycopg.org/docs/install.html#build-prerequisites).
@@ -50,20 +50,20 @@ but allows developers to run Python code on their native system.
    to create a dummy dandiset to start working with.
 
 ### Run Application
-1. Ensure `docker-compose -f ./docker-compose.yml up -d` is still active
+1. Ensure `docker compose -f ./docker-compose.yml up -d` is still active
 2. Run:
    1. `source ./dev/export-env.sh`
    2. `./manage.py runserver`
 3. Run in a separate terminal:
    1. `source ./dev/export-env.sh`
    2. `celery --app dandiapi.celery worker --loglevel INFO --without-heartbeat -Q celery,calculate_sha256,ingest_zarr_archive -B`
-4. When finished, run `docker-compose stop`
+4. When finished, run `docker compose stop`
 
 ## Remap Service Ports (optional)
 Attached services may be exposed to the host system via alternative ports. Developers who work
 on multiple software projects concurrently may find this helpful to avoid port conflicts.
 
-To do so, before running any `docker-compose` commands, set any of the environment variables:
+To do so, before running any `docker compose` commands, set any of the environment variables:
 * `DOCKER_POSTGRES_PORT`
 * `DOCKER_RABBITMQ_PORT`
 * `DOCKER_MINIO_PORT`
@@ -87,7 +87,7 @@ To install the tox pytest dependencies into your environment, run `pip install -
 These are useful for IDE autocompletion or if you want to run `pytest` directly (not recommended).
 
 When running the "Develop with Docker" configuration, all tox commands must be run as
-`docker-compose run --rm django tox`; extra arguments may also be appended to this form.
+`docker compose run --rm django tox`; extra arguments may also be appended to this form.
 
 ### Running Tests
 Run `tox` to launch the full test suite.
diff --git a/dev/django.Dockerfile b/dev/django.Dockerfile
index 9ac4d9ac2..069a9105d 100644
--- a/dev/django.Dockerfile
+++ b/dev/django.Dockerfile
@@ -20,7 +20,7 @@ COPY ./setup.py /opt/django-project/setup.py
 # Copy git folder for setuptools_scm
 COPY ./.git/ /opt/django-project/.git/
 
-# Don't install as editable, so that when the directory is mounted over with docker-compose, the
+# Don't install as editable, so that when the directory is mounted over with `docker compose`, the
 # installation still exists (otherwise the dandiapi.egg-info/ directory would be overwritten, and
 # the installation would no longer exist)
 RUN pip install /opt/django-project[dev]

From 8af0957985aabdd2839c4fda9b91d2a850ed9e45 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Fri, 9 Aug 2024 15:18:25 -0400
Subject: [PATCH 111/131] Add test for publish_dandiset audit record

---
 dandiapi/api/tests/test_audit.py | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/dandiapi/api/tests/test_audit.py b/dandiapi/api/tests/test_audit.py
index 19fcd89f1..ced98fc70 100644
--- a/dandiapi/api/tests/test_audit.py
+++ b/dandiapi/api/tests/test_audit.py
@@ -7,7 +7,9 @@
 from guardian.shortcuts import assign_perm
 import pytest
 
+from dandiapi.api.asset_paths import add_version_asset_paths
 from dandiapi.api.models import AuditRecord, Dandiset
+from dandiapi.api.services.metadata import validate_asset_metadata, validate_version_metadata
 from dandiapi.api.storage import get_boto_client
 from dandiapi.zarr.models import ZarrArchive
 
@@ -270,6 +272,36 @@ def test_audit_remove_asset(
     assert rec.details['asset_id'] == str(asset_id)
 
 
+@pytest.mark.django_db(transaction=True)
+def test_audit_publish_dandiset(
+    api_client, user, dandiset_factory, draft_version_factory, draft_asset_factory
+):
+    # Create a Dandiset whose draft version has one asset.
+    dandiset = dandiset_factory()
+    assign_perm('owner', user, dandiset)
+    draft_version = draft_version_factory(dandiset=dandiset)
+    draft_asset = draft_asset_factory()
+    draft_version.assets.add(draft_asset)
+    add_version_asset_paths(draft_version)
+
+    # Validate the asset and then the draft version (to make it publishable
+    # through the API).
+    validate_asset_metadata(asset=draft_asset)
+    validate_version_metadata(version=draft_version)
+
+    # Publish the Dandiset.
+    api_client.force_authenticate(user=user)
+    resp = api_client.post(
+        f'/api/dandisets/{dandiset.identifier}/versions/draft/publish/',
+    )
+    assert resp.status_code == 202
+
+    # Verify publish_dandiset audit record.
+    rec = get_latest_audit_record(dandiset=dandiset, record_type='publish_dandiset')
+    verify_model_properties(rec, user)
+    assert rec.details['version'] == dandiset.most_recent_published_version.version
+
+
 @pytest.mark.django_db()
 def test_audit_zarr_create(api_client, user, draft_version):
     # Create a Dandiset.

From 89e19f900a88d17a951cde49d67aa71bb462cd0b Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Mon, 12 Aug 2024 17:21:04 -0400
Subject: [PATCH 112/131] Fix admin access to embargoed asset blobs

---
 dandiapi/api/tests/test_asset.py | 60 ++++++++++++++++++++++++++++++++
 dandiapi/api/views/asset.py      |  4 +++
 2 files changed, 64 insertions(+)

diff --git a/dandiapi/api/tests/test_asset.py b/dandiapi/api/tests/test_asset.py
index fc0e32f4a..44bc03bdb 100644
--- a/dandiapi/api/tests/test_asset.py
+++ b/dandiapi/api/tests/test_asset.py
@@ -420,6 +420,66 @@ def test_asset_rest_retrieve_no_sha256(api_client, version, asset):
     )
 
 
+@pytest.mark.django_db()
+def test_asset_rest_retrieve_embargoed_admin(
+    api_client,
+    draft_version_factory,
+    draft_asset_factory,
+    admin_user,
+    storage,
+    monkeypatch,
+):
+    monkeypatch.setattr(AssetBlob.blob.field, 'storage', storage)
+
+    api_client.force_authenticate(user=admin_user)
+    version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
+    ds = version.dandiset
+
+    # Create an extra asset so that there are multiple assets to filter down
+    asset = draft_asset_factory(blob__embargoed=True)
+    version.assets.add(asset)
+
+    # Asset View
+    r = api_client.get(f'/api/assets/{asset.asset_id}/')
+    assert r.status_code == 200
+
+    # Nested Asset View
+    r = api_client.get(
+        f'/api/dandisets/{ds.identifier}/versions/{version.version}/assets/{asset.asset_id}/'
+    )
+    assert r.status_code == 200
+
+
+@pytest.mark.django_db()
+def test_asset_rest_download_embargoed_admin(
+    api_client,
+    draft_version_factory,
+    draft_asset_factory,
+    admin_user,
+    storage,
+    monkeypatch,
+):
+    monkeypatch.setattr(AssetBlob.blob.field, 'storage', storage)
+
+    api_client.force_authenticate(user=admin_user)
+    version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
+    ds = version.dandiset
+
+    # Create an extra asset so that there are multiple assets to filter down
+    asset = draft_asset_factory(blob__embargoed=True)
+    version.assets.add(asset)
+
+    # Asset View
+    r = api_client.get(f'/api/assets/{asset.asset_id}/download/')
+    assert r.status_code == 302
+
+    # Nested Asset View
+    r = api_client.get(
+        f'/api/dandisets/{ds.identifier}/versions/{version.version}/assets/{asset.asset_id}/download/'
+    )
+    assert r.status_code == 302
+
+
 @pytest.mark.django_db()
 def test_asset_rest_info(api_client, version, asset):
     version.assets.add(asset)
diff --git a/dandiapi/api/views/asset.py b/dandiapi/api/views/asset.py
index 5a3502e53..76de6c768 100644
--- a/dandiapi/api/views/asset.py
+++ b/dandiapi/api/views/asset.py
@@ -92,6 +92,10 @@ def raise_if_unauthorized(self):
                     # Clients must be authenticated to access it
                     raise NotAuthenticated
 
+                # Admins are allowed to access any embargoed asset blob
+                if self.request.user.is_superuser:
+                    return
+
                 # User must be an owner on any of the dandisets this asset belongs to
                 asset_dandisets = Dandiset.objects.filter(versions__in=asset.versions.all())
                 asset_dandisets_owned_by_user = DandisetUserObjectPermission.objects.filter(

From 71b9bc891a9156526d43563685cc40fd08dbafc2 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Mon, 12 Aug 2024 17:23:46 -0400
Subject: [PATCH 113/131] Un-nest and re-format
 AssetViewSet.raise_if_unauthorized

---
 dandiapi/api/views/asset.py | 47 ++++++++++++++++++++-----------------
 1 file changed, 26 insertions(+), 21 deletions(-)

diff --git a/dandiapi/api/views/asset.py b/dandiapi/api/views/asset.py
index 76de6c768..814c98dea 100644
--- a/dandiapi/api/views/asset.py
+++ b/dandiapi/api/views/asset.py
@@ -84,27 +84,32 @@ def raise_if_unauthorized(self):
         # We need to check the dandiset to see if it's embargoed, and if so whether or not the
         # user has ownership
         asset_id = self.kwargs.get('asset_id')
-        if asset_id is not None:
-            asset = get_object_or_404(Asset.objects.select_related('blob'), asset_id=asset_id)
-            # TODO: When EmbargoedZarrArchive is implemented, check that as well
-            if asset.blob and asset.blob.embargoed:
-                if not self.request.user.is_authenticated:
-                    # Clients must be authenticated to access it
-                    raise NotAuthenticated
-
-                # Admins are allowed to access any embargoed asset blob
-                if self.request.user.is_superuser:
-                    return
-
-                # User must be an owner on any of the dandisets this asset belongs to
-                asset_dandisets = Dandiset.objects.filter(versions__in=asset.versions.all())
-                asset_dandisets_owned_by_user = DandisetUserObjectPermission.objects.filter(
-                    content_object__in=asset_dandisets,
-                    user=self.request.user,
-                    permission__codename='owner',
-                )
-                if not asset_dandisets_owned_by_user.exists():
-                    raise PermissionDenied
+        if asset_id is None:
+            return
+
+        asset = get_object_or_404(Asset.objects.select_related('blob'), asset_id=asset_id)
+
+        # TODO: When EmbargoedZarrArchive is implemented, check that as well
+        if not (asset.blob and asset.blob.embargoed):
+            return
+
+        # Clients must be authenticated to access it
+        if not self.request.user.is_authenticated:
+            raise NotAuthenticated
+
+        # Admins are allowed to access any embargoed asset blob
+        if self.request.user.is_superuser:
+            return
+
+        # User must be an owner on any of the dandisets this asset belongs to
+        asset_dandisets = Dandiset.objects.filter(versions__in=asset.versions.all())
+        asset_dandisets_owned_by_user = DandisetUserObjectPermission.objects.filter(
+            content_object__in=asset_dandisets,
+            user=self.request.user,
+            permission__codename='owner',
+        )
+        if not asset_dandisets_owned_by_user.exists():
+            raise PermissionDenied
 
     def get_queryset(self):
         self.raise_if_unauthorized()

From f60b21b02609fdd0a317573b0d9960ce300364c8 Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Wed, 14 Aug 2024 14:20:08 -0400
Subject: [PATCH 114/131] Empty commit to trigger release process


From 954cc5170f2fb5929a8fa8d7b2e230cd6dfdba5f Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Wed, 14 Aug 2024 18:23:25 +0000
Subject: [PATCH 115/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 192711626..458f6587f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,56 @@
+# v0.3.93 (Wed Aug 14 2024)
+
+#### 🐛 Bug Fix
+
+- Empty commit to trigger release process [#2005](https://github.com/dandi/dandi-archive/pull/2005) ([@waxlamp](https://github.com/waxlamp))
+- Upgrade oauth client package [#1998](https://github.com/dandi/dandi-archive/pull/1998) ([@mvandenburgh](https://github.com/mvandenburgh))
+- Merge remote-tracking branch 'origin/master' into audit-backend [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Replace `docker-compose` with `docker compose` to fix newly failing CI tests [#1999](https://github.com/dandi/dandi-archive/pull/1999) ([@waxlamp](https://github.com/waxlamp))
+- Merge remote-tracking branch 'origin/fix-docker-compose' into audit-backend [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Add test for publish_dandiset audit record [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Disable complexity warning on users view [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Add explanatory comment [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Use nested transaction to handle integrity error [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Split long tests up into individual tests [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- bugfix: Pass correct and stringified ID values in asset/zarr records [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- bugfix: Include correct asset in update_asset record [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Add tests [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Fix invocation of unembargo routines in tests [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Remove duplicate task launch line [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Remove references to deleted model fields [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Use audit service in zarr views [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Eliminate the need for manually calling .save() [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Create a service layer module for audit [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Use the `user` fixture directly [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Reformat long line [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Suppress ruff warnings for complexity and number of arguments [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Report list of paths to zarr chunk audit records [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Report live metadata to audit records [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Move "set new owners" operation inside of transaction [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Remove Dandiset add_owner() and remove_owner() methods [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Apply formatting to new migration [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Add explanatory comments for weird char field length limits [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Rename upload_zarr to upload_zarr_chunks [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Fix tests broken by signature changes [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Add migration for AuditRecord [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Generate delete_dandiset audit record [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Generate publish_dandiset audit record [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Generate unembargo_dandiset audit record [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Generate [create|upload|finalize|delete]_zarr audit records [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Generate [add|update|remove]_asset audit records [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Generate update_metadata audit record [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Generate change_owners audit record [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Generate create_dandiset audit record [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Add admin model for AuditRecord [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+- Add AuditRecord model [#1886](https://github.com/dandi/dandi-archive/pull/1886) ([@waxlamp](https://github.com/waxlamp))
+
+#### Authors: 2
+
+- Mike VanDenburgh ([@mvandenburgh](https://github.com/mvandenburgh))
+- Roni Choudhury ([@waxlamp](https://github.com/waxlamp))
+
+---
+
 # v0.3.92 (Tue Jul 30 2024)
 
 #### 🐛 Bug Fix

From 060d9da74bd96b07394a96a2e372670d3738cc56 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Sun, 4 Aug 2024 12:44:11 -0400
Subject: [PATCH 116/131] Separate core model logic from top-level asset
 service layer functions

---
 dandiapi/api/services/asset/__init__.py | 102 +++++++++++++-----------
 dandiapi/api/tests/test_asset.py        |   2 +-
 2 files changed, 57 insertions(+), 47 deletions(-)

diff --git a/dandiapi/api/services/asset/__init__.py b/dandiapi/api/services/asset/__init__.py
index 7e10c7d3b..c337a81f8 100644
--- a/dandiapi/api/services/asset/__init__.py
+++ b/dandiapi/api/services/asset/__init__.py
@@ -44,6 +44,39 @@ def _create_asset(
     return asset
 
 
+def _add_asset_to_version(
+    *,
+    version: Version,
+    asset_blob: AssetBlob | None,
+    zarr_archive: ZarrArchive | None,
+    metadata: dict,
+) -> Asset:
+    path = metadata['path']
+    asset = _create_asset(
+        path=path, asset_blob=asset_blob, zarr_archive=zarr_archive, metadata=metadata
+    )
+    version.assets.add(asset)
+    add_asset_paths(asset, version)
+
+    # Trigger a version metadata validation, as saving the version might change the metadata
+    version.status = Version.Status.PENDING
+    # Save the version so that the modified field is updated
+    version.save()
+
+    return asset
+
+
+def _remove_asset_from_version(*, asset: Asset, version: Version):
+    # Remove asset paths and asset itself from version
+    delete_asset_paths(asset, version)
+    version.assets.remove(asset)
+
+    # Trigger a version metadata validation, as saving the version might change the metadata
+    version.status = Version.Status.PENDING
+    # Save the version so that the modified field is updated
+    version.save()
+
+
 def change_asset(  # noqa: PLR0913
     *,
     user,
@@ -85,16 +118,14 @@ def change_asset(  # noqa: PLR0913
         raise AssetAlreadyExistsError
 
     with transaction.atomic():
-        remove_asset_from_version(user=user, asset=asset, version=version, do_audit=False)
-
-        new_asset = add_asset_to_version(
-            user=user,
+        _remove_asset_from_version(asset=asset, version=version)
+        new_asset = _add_asset_to_version(
             version=version,
             asset_blob=new_asset_blob,
             zarr_archive=new_zarr_archive,
             metadata=new_metadata,
-            do_audit=False,
         )
+
         # Set previous asset and save
         new_asset.previous = asset
         new_asset.save()
@@ -104,14 +135,13 @@ def change_asset(  # noqa: PLR0913
     return new_asset, True
 
 
-def add_asset_to_version(  # noqa: PLR0913, C901
+def add_asset_to_version(
     *,
     user,
     version: Version,
     asset_blob: AssetBlob | None = None,
     zarr_archive: ZarrArchive | None = None,
     metadata: dict,
-    do_audit: bool = True,
 ) -> Asset:
     """Create an asset, adding it to a version."""
     if not asset_blob and not zarr_archive:
@@ -140,59 +170,39 @@ def add_asset_to_version(  # noqa: PLR0913, C901
     if zarr_archive and zarr_archive.dandiset != version.dandiset:
         raise ZarrArchiveBelongsToDifferentDandisetError
 
-    # Creating an asset in an OPEN dandiset that points to an embargoed blob results in that
-    # blob being unembargoed
-    unembargo_asset_blob = (
-        asset_blob is not None
-        and asset_blob.embargoed
-        and version.dandiset.embargo_status == Dandiset.EmbargoStatus.OPEN
-    )
     with transaction.atomic():
-        if asset_blob and unembargo_asset_blob:
+        # Creating an asset in an OPEN dandiset that points to an embargoed blob results in that
+        # blob being unembargoed
+        if (
+            asset_blob is not None
+            and asset_blob.embargoed
+            and version.dandiset.embargo_status == Dandiset.EmbargoStatus.OPEN
+        ):
             asset_blob.embargoed = False
             asset_blob.save()
+            transaction.on_commit(
+                lambda: remove_asset_blob_embargoed_tag_task.delay(blob_id=asset_blob.blob_id)
+            )
 
-        asset = _create_asset(
-            path=path, asset_blob=asset_blob, zarr_archive=zarr_archive, metadata=metadata
+        asset = _add_asset_to_version(
+            version=version,
+            asset_blob=asset_blob,
+            zarr_archive=zarr_archive,
+            metadata=metadata,
         )
-        version.assets.add(asset)
-        add_asset_paths(asset, version)
-
-        # Trigger a version metadata validation, as saving the version might change the metadata
-        version.status = Version.Status.PENDING
-        # Save the version so that the modified field is updated
-        version.save()
-
-        if do_audit:
-            audit.add_asset(dandiset=version.dandiset, user=user, asset=asset)
-
-    # Perform this after the above transaction has finished, to ensure we only
-    # operate on unembargoed asset blobs
-    if asset_blob and unembargo_asset_blob:
-        remove_asset_blob_embargoed_tag_task.delay(blob_id=asset_blob.blob_id)
+        audit.add_asset(dandiset=version.dandiset, user=user, asset=asset)
 
     return asset
 
 
-def remove_asset_from_version(
-    *, user, asset: Asset, version: Version, do_audit: bool = True
-) -> Version:
+def remove_asset_from_version(*, user, asset: Asset, version: Version) -> Version:
     if not user.has_perm('owner', version.dandiset):
         raise DandisetOwnerRequiredError
     if version.version != 'draft':
         raise DraftDandisetNotModifiableError
 
     with transaction.atomic():
-        # Remove asset paths and asset itself from version
-        delete_asset_paths(asset, version)
-        version.assets.remove(asset)
-
-        # Trigger a version metadata validation, as saving the version might change the metadata
-        version.status = Version.Status.PENDING
-        # Save the version so that the modified field is updated
-        version.save()
-
-        if do_audit:
-            audit.remove_asset(dandiset=version.dandiset, user=user, asset=asset)
+        _remove_asset_from_version(asset=asset, version=version)
+        audit.remove_asset(dandiset=version.dandiset, user=user, asset=asset)
 
     return version
diff --git a/dandiapi/api/tests/test_asset.py b/dandiapi/api/tests/test_asset.py
index fc0e32f4a..d75f02d8e 100644
--- a/dandiapi/api/tests/test_asset.py
+++ b/dandiapi/api/tests/test_asset.py
@@ -665,7 +665,7 @@ def test_asset_create_unembargo_in_progress(
     assert resp.status_code == 400
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db(transaction=True)
 def test_asset_create_embargoed_asset_blob_open_dandiset(
     api_client, user, draft_version, embargoed_asset_blob, mocker
 ):

From a52b6cb0c0beb7de3d875500bf64ea42a6274fd5 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Mon, 29 Jul 2024 15:35:52 -0400
Subject: [PATCH 117/131] Update log message in validate_version_metadata

Also add test to check that versions validated with a status besides
`PENDING` are skipped
---
 dandiapi/api/services/metadata/__init__.py |  2 +-
 dandiapi/api/tests/test_tasks.py           | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/dandiapi/api/services/metadata/__init__.py b/dandiapi/api/services/metadata/__init__.py
index 985c04ff8..0656916a1 100644
--- a/dandiapi/api/services/metadata/__init__.py
+++ b/dandiapi/api/services/metadata/__init__.py
@@ -172,7 +172,7 @@ def _get_version_validation_result(
         # If the version has since been modified, return early
         if current_version.status != Version.Status.PENDING:
             logger.info(
-                'Skipping validation for version %s due to concurrent modification', version_id
+                'Skipping validation for version with a status of %s', current_version.status
             )
             return
 
diff --git a/dandiapi/api/tests/test_tasks.py b/dandiapi/api/tests/test_tasks.py
index 8e7e11d98..b83945e0e 100644
--- a/dandiapi/api/tests/test_tasks.py
+++ b/dandiapi/api/tests/test_tasks.py
@@ -210,6 +210,26 @@ def test_validate_version_metadata(draft_version: Version, asset: Asset):
     assert draft_version.modified > old_modified
 
 
+@pytest.mark.django_db()
+def test_validate_version_metadata_non_pending_version(draft_version: Version, asset: Asset):
+    # Bypass .save to manually set an older timestamp, set status to INVALID
+    old_modified = timezone.now() - datetime.timedelta(minutes=10)
+    updated = Version.objects.filter(id=draft_version.id).update(
+        modified=old_modified, status=Version.Status.INVALID, validation_errors=['foobar']
+    )
+    assert updated == 1
+
+    draft_version.refresh_from_db()
+    old_validation_errors = draft_version.validation_errors
+    tasks.validate_version_metadata_task(draft_version.id)
+    draft_version.refresh_from_db()
+
+    # Assert fields not updated
+    assert draft_version.status == Version.Status.INVALID
+    assert draft_version.validation_errors == old_validation_errors
+    assert draft_version.modified == old_modified
+
+
 @pytest.mark.django_db()
 def test_validate_version_metadata_no_side_effects(draft_version: Version, asset: Asset):
     draft_version.assets.add(asset)

From c9ffca173cac981f303ed4d1633a4c874ef96f53 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Mon, 29 Jul 2024 15:36:54 -0400
Subject: [PATCH 118/131] Re-validate version metadata during unembargo

---
 dandiapi/api/services/embargo/__init__.py |  7 ++++++
 dandiapi/api/tests/test_unembargo.py      | 29 ++++++++++++++++++++++-
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/dandiapi/api/services/embargo/__init__.py b/dandiapi/api/services/embargo/__init__.py
index 565a518fe..e2f671998 100644
--- a/dandiapi/api/services/embargo/__init__.py
+++ b/dandiapi/api/services/embargo/__init__.py
@@ -14,6 +14,7 @@
 from dandiapi.api.services import audit
 from dandiapi.api.services.asset.exceptions import DandisetOwnerRequiredError
 from dandiapi.api.services.exceptions import DandiError
+from dandiapi.api.services.metadata import validate_version_metadata
 from dandiapi.api.storage import get_boto_client
 from dandiapi.api.tasks import unembargo_dandiset_task
 
@@ -94,9 +95,15 @@ def unembargo_dandiset(ds: Dandiset, user: User):
     # Fetch version to ensure changed embargo_status is included
     # Save version to update metadata through populate_metadata
     v = Version.objects.select_for_update().get(dandiset=ds, version='draft')
+    v.status = Version.Status.PENDING
     v.save()
     logger.info('Version metadata updated')
 
+    # Pre-emptively validate version metadata, so that old validation
+    # errors don't show up once un-embargo is finished
+    validate_version_metadata(version=v)
+    logger.info('Version metadata validated')
+
     # Notify owners of completed unembargo
     send_dandiset_unembargoed_message(ds)
     logger.info('Dandiset owners notified.')
diff --git a/dandiapi/api/tests/test_unembargo.py b/dandiapi/api/tests/test_unembargo.py
index 3fd7a878e..86c656dfd 100644
--- a/dandiapi/api/tests/test_unembargo.py
+++ b/dandiapi/api/tests/test_unembargo.py
@@ -7,6 +7,7 @@
 import pytest
 
 from dandiapi.api.models.dandiset import Dandiset
+from dandiapi.api.models.version import Version
 from dandiapi.api.services.embargo import (
     AssetBlobEmbargoedError,
     _remove_dandiset_asset_blob_embargo_tags,
@@ -22,7 +23,6 @@
 
 if TYPE_CHECKING:
     from dandiapi.api.models.asset import AssetBlob
-    from dandiapi.api.models.version import Version
 
 
 @pytest.mark.django_db()
@@ -223,6 +223,33 @@ def test_unembargo_dandiset(
     assert owner_email_set == mailoutbox_to_email_set
 
 
+@pytest.mark.django_db()
+def test_unembargo_dandiset_validate_version_metadata(
+    draft_version_factory, asset_factory, user, mocker
+):
+    from dandiapi.api.services import embargo as embargo_service
+
+    draft_version: Version = draft_version_factory(
+        dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
+    )
+    ds: Dandiset = draft_version.dandiset
+    assign_perm('owner', user, ds)
+
+    draft_version.validation_errors = ['error ajhh']
+    draft_version.status = Version.Status.INVALID
+    draft_version.save()
+    draft_version.assets.add(asset_factory())
+
+    # Spy on the imported function in the embargo service
+    validate_version_spy = mocker.spy(embargo_service, 'validate_version_metadata')
+
+    unembargo_dandiset(ds, user=user)
+
+    assert validate_version_spy.call_count == 1
+    draft_version.refresh_from_db()
+    assert not draft_version.validation_errors
+
+
 @pytest.mark.django_db()
 def test_unembargo_dandiset_task_failure(draft_version_factory, mailoutbox, user, api_client):
     # Intentionally set the status to embargoed so the task will fail

From 4050ae3aa92b1a0fb213228134ef308cdf167bc4 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Fri, 16 Aug 2024 12:21:59 -0400
Subject: [PATCH 119/131] Replace version save calls with update calls

---
 dandiapi/api/services/asset/__init__.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/dandiapi/api/services/asset/__init__.py b/dandiapi/api/services/asset/__init__.py
index c337a81f8..5ea352e8f 100644
--- a/dandiapi/api/services/asset/__init__.py
+++ b/dandiapi/api/services/asset/__init__.py
@@ -3,6 +3,7 @@
 from typing import TYPE_CHECKING
 
 from django.db import transaction
+from django.utils import timezone
 
 from dandiapi.api.asset_paths import add_asset_paths, delete_asset_paths, get_conflicting_paths
 from dandiapi.api.models.asset import Asset, AssetBlob
@@ -59,9 +60,9 @@ def _add_asset_to_version(
     add_asset_paths(asset, version)
 
     # Trigger a version metadata validation, as saving the version might change the metadata
-    version.status = Version.Status.PENDING
-    # Save the version so that the modified field is updated
-    version.save()
+    Version.objects.filter(id=version.id).update(
+        status=Version.Status.PENDING, modified=timezone.now()
+    )
 
     return asset
 
@@ -72,9 +73,9 @@ def _remove_asset_from_version(*, asset: Asset, version: Version):
     version.assets.remove(asset)
 
     # Trigger a version metadata validation, as saving the version might change the metadata
-    version.status = Version.Status.PENDING
-    # Save the version so that the modified field is updated
-    version.save()
+    Version.objects.filter(id=version.id).update(
+        status=Version.Status.PENDING, modified=timezone.now()
+    )
 
 
 def change_asset(  # noqa: PLR0913

From 1d94f197e709ae701e12bd2a1d2fef9befb55abf Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Fri, 16 Aug 2024 18:14:51 +0000
Subject: [PATCH 120/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 458f6587f..effd1a577 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,17 @@
+# v0.3.94 (Fri Aug 16 2024)
+
+#### 🐛 Bug Fix
+
+- Fix admin access to embargoed asset blobs [#2004](https://github.com/dandi/dandi-archive/pull/2004) ([@jjnesbitt](https://github.com/jjnesbitt))
+- Re-validate version metadata during unembargo [#1989](https://github.com/dandi/dandi-archive/pull/1989) ([@jjnesbitt](https://github.com/jjnesbitt))
+- Separate core model logic from top-level asset service layer functions [#1991](https://github.com/dandi/dandi-archive/pull/1991) ([@jjnesbitt](https://github.com/jjnesbitt))
+
+#### Authors: 1
+
+- Jacob Nesbitt ([@jjnesbitt](https://github.com/jjnesbitt))
+
+---
+
 # v0.3.93 (Wed Aug 14 2024)
 
 #### 🐛 Bug Fix

From 9ad11899b4aee440e4a0fd19516c46f21435443e Mon Sep 17 00:00:00 2001
From: Mike VanDenburgh <michael.vandenburgh@kitware.com>
Date: Tue, 20 Aug 2024 11:19:41 -0400
Subject: [PATCH 121/131] Apply new `ruff` rules to decorators

---
 .../analytics/tests/test_download_counts.py   |  10 +-
 dandiapi/api/tests/test_asset.py              | 116 +++++++++---------
 dandiapi/api/tests/test_asset_paths.py        |  30 ++---
 dandiapi/api/tests/test_audit.py              |  22 ++--
 dandiapi/api/tests/test_auth.py               |  10 +-
 .../api/tests/test_create_dev_dandiset.py     |   2 +-
 dandiapi/api/tests/test_dandiset.py           |  66 +++++-----
 dandiapi/api/tests/test_embargo.py            |   4 +-
 dandiapi/api/tests/test_garbage.py            |   2 +-
 dandiapi/api/tests/test_manifests.py          |  14 +--
 dandiapi/api/tests/test_pagination.py         |   2 +-
 dandiapi/api/tests/test_permission.py         |   2 +-
 dandiapi/api/tests/test_search.py             |   2 +-
 dandiapi/api/tests/test_stats.py              |  14 +--
 dandiapi/api/tests/test_tasks.py              |  34 ++---
 dandiapi/api/tests/test_unembargo.py          |  22 ++--
 dandiapi/api/tests/test_upload.py             |  24 ++--
 dandiapi/api/tests/test_users.py              |  28 ++---
 dandiapi/api/tests/test_version.py            |  88 ++++++-------
 dandiapi/conftest.py                          |  14 +--
 dandiapi/search/tests/test_permissions.py     |   2 +-
 dandiapi/search/tests/test_views.py           |   4 +-
 dandiapi/zarr/tests/test_zarr.py              |  32 ++---
 dandiapi/zarr/tests/test_zarr_upload.py       |  10 +-
 24 files changed, 277 insertions(+), 277 deletions(-)

diff --git a/dandiapi/analytics/tests/test_download_counts.py b/dandiapi/analytics/tests/test_download_counts.py
index efde429c7..679c21478 100644
--- a/dandiapi/analytics/tests/test_download_counts.py
+++ b/dandiapi/analytics/tests/test_download_counts.py
@@ -8,12 +8,12 @@
 from dandiapi.api.storage import create_s3_storage, get_boto_client
 
 
-@pytest.fixture()
+@pytest.fixture
 def s3_log_bucket():
     return create_s3_storage(settings.DANDI_DANDISETS_LOG_BUCKET_NAME).bucket_name
 
 
-@pytest.fixture()
+@pytest.fixture
 def s3_log_file(s3_log_bucket, asset_blob):
     s3 = get_boto_client()
 
@@ -44,7 +44,7 @@ def s3_log_file(s3_log_bucket, asset_blob):
     s3.delete_object(Bucket=s3_log_bucket, Key=log_file_name)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_processing_s3_log_files(s3_log_file, asset_blob):
     collect_s3_log_records_task()
     asset_blob.refresh_from_db()
@@ -53,7 +53,7 @@ def test_processing_s3_log_files(s3_log_file, asset_blob):
     assert asset_blob.download_count == 1
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_processing_s3_log_files_idempotent(s3_log_file, asset_blob):
     # this tests that the outer task which collects the log files to process is
     # idempotent, in other words, it uses StartAfter correctly.
@@ -66,7 +66,7 @@ def test_processing_s3_log_files_idempotent(s3_log_file, asset_blob):
     assert asset_blob.download_count == 1
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_processing_s3_log_file_task_idempotent(s3_log_file, asset_blob):
     # this tests that the inner task which processes a single log file is
     # idempotent, utilizing the unique constraint on ProcessedS3Log correctly.
diff --git a/dandiapi/api/tests/test_asset.py b/dandiapi/api/tests/test_asset.py
index 4d9dd19e7..c2f8889a4 100644
--- a/dandiapi/api/tests/test_asset.py
+++ b/dandiapi/api/tests/test_asset.py
@@ -26,7 +26,7 @@
 # Model tests
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_no_blob_zarr(draft_asset_factory):
     asset = draft_asset_factory()
 
@@ -38,7 +38,7 @@ def test_asset_no_blob_zarr(draft_asset_factory):
     assert 'blob-xor-zarr' in str(excinfo.value)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_blob_and_zarr(draft_asset, zarr_archive):
     # An integrity error is thrown by the constraint that both blob and zarr cannot both be defined
     draft_asset.zarr = zarr_archive
@@ -48,7 +48,7 @@ def test_asset_blob_and_zarr(draft_asset, zarr_archive):
     assert 'blob-xor-zarr' in str(excinfo.value)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_path(api_client, draft_version_factory, asset_factory):
     # Initialize version and contained assets
     version: Version = draft_version_factory()
@@ -69,7 +69,7 @@ def test_asset_rest_path(api_client, draft_version_factory, asset_factory):
     assert val['aggregate_files'] == 1
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_path_not_found(api_client, draft_version_factory, asset_factory):
     # Initialize version and contained assets
     version: Version = draft_version_factory()
@@ -89,7 +89,7 @@ def test_asset_rest_path_not_found(api_client, draft_version_factory, asset_fact
     assert resp.json() == {'detail': 'Specified path not found.'}
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_s3_url(asset_blob):
     signed_url = asset_blob.blob.url
     s3_url = asset_blob.s3_url
@@ -97,7 +97,7 @@ def test_asset_s3_url(asset_blob):
     assert signed_url.split('?')[0] == s3_url
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_publish_asset(draft_asset: Asset):
     draft_asset_id = draft_asset.asset_id
     draft_blob = draft_asset.blob
@@ -139,7 +139,7 @@ def test_publish_asset(draft_asset: Asset):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_total_size(
     draft_version_factory, asset_factory, asset_blob_factory, zarr_archive_factory
 ):
@@ -176,7 +176,7 @@ def test_asset_total_size(
     # supported, ATM they are not and tested by test_zarr_rest_create_embargoed_dandiset
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_full_metadata(draft_asset_factory):
     raw_metadata = {
         'foo': 'bar',
@@ -202,7 +202,7 @@ def test_asset_full_metadata(draft_asset_factory):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_full_metadata_zarr(draft_asset_factory, zarr_archive):
     raw_metadata = {
         'foo': 'bar',
@@ -233,7 +233,7 @@ def test_asset_full_metadata_zarr(draft_asset_factory, zarr_archive):
 # API Tests
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_list(api_client, version, asset, asset_factory):
     version.assets.add(asset)
 
@@ -260,7 +260,7 @@ def test_asset_rest_list(api_client, version, asset, asset_factory):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_list_include_metadata(api_client, version, asset, asset_factory):
     version.assets.add(asset)
 
@@ -301,7 +301,7 @@ def test_asset_rest_list_include_metadata(api_client, version, asset, asset_fact
         'no-match',
     ],
 )
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_list_path_filter(api_client, version, asset_factory, path, result_indices):
     assets = [
         asset_factory(path='foo.txt'),
@@ -348,7 +348,7 @@ def test_asset_rest_list_path_filter(api_client, version, asset_factory, path, r
     ],
     ids=['created', '-created', 'modified', '-modified', 'path', '-path'],
 )
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_list_ordering(api_client, version, asset_factory, order_param, ordering):
     # Create asset B first so that the path ordering is different from the created ordering.
     b = asset_factory(path='b')
@@ -369,7 +369,7 @@ def test_asset_rest_list_ordering(api_client, version, asset_factory, order_para
     assert result_paths == ordering
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_ordering(api_client, version, asset_factory):
     # The default collation will ignore special characters, including slashes, on the first pass. If
     # there are ties, it uses these characters to break ties. This means that in the below example,
@@ -388,7 +388,7 @@ def test_asset_path_ordering(api_client, version, asset_factory):
     assert asset_listing[1].pk == b.pk
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_retrieve(api_client, version, asset, asset_factory):
     version.assets.add(asset)
 
@@ -404,7 +404,7 @@ def test_asset_rest_retrieve(api_client, version, asset, asset_factory):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_retrieve_no_sha256(api_client, version, asset):
     version.assets.add(asset)
     # Remove the sha256 from the factory asset
@@ -420,7 +420,7 @@ def test_asset_rest_retrieve_no_sha256(api_client, version, asset):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_retrieve_embargoed_admin(
     api_client,
     draft_version_factory,
@@ -450,7 +450,7 @@ def test_asset_rest_retrieve_embargoed_admin(
     assert r.status_code == 200
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_download_embargoed_admin(
     api_client,
     draft_version_factory,
@@ -480,7 +480,7 @@ def test_asset_rest_download_embargoed_admin(
     assert r.status_code == 302
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_info(api_client, version, asset):
     version.assets.add(asset)
 
@@ -499,7 +499,7 @@ def test_asset_rest_info(api_client, version, asset):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 @pytest.mark.parametrize(
     ('status', 'validation_error'),
     [
@@ -525,7 +525,7 @@ def test_asset_rest_validation(api_client, version, asset, status, validation_er
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_create(api_client, user, draft_version, asset_blob):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -597,7 +597,7 @@ def test_asset_create(api_client, user, draft_version, asset_blob):
         ('foo/.bar', 200),
     ],
 )
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_create_path_validation(
     api_client, user, draft_version, asset_blob, path, expected_status_code
 ):
@@ -620,7 +620,7 @@ def test_asset_create_path_validation(
     assert resp.status_code == expected_status_code, resp.data
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_create_conflicting_path(api_client, user, draft_version, asset_blob):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -661,7 +661,7 @@ def test_asset_create_conflicting_path(api_client, user, draft_version, asset_bl
         )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_create_embargo(
     api_client, user, draft_version_factory, dandiset_factory, embargoed_asset_blob
 ):
@@ -696,7 +696,7 @@ def test_asset_create_embargo(
     assert draft_version.status == Version.Status.PENDING
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_create_unembargo_in_progress(
     api_client, user, draft_version_factory, dandiset_factory, embargoed_asset_blob
 ):
@@ -768,7 +768,7 @@ def test_asset_create_embargoed_asset_blob_open_dandiset(
     assert draft_version.status == Version.Status.PENDING
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_create_zarr(api_client, user, draft_version, zarr_archive):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -865,7 +865,7 @@ def test_asset_create_zarr_validated(
     assert asset2.status == Asset.Status.VALID
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_create_zarr_wrong_dandiset(
     api_client, user, draft_version, zarr_archive_factory, dandiset_factory
 ):
@@ -894,7 +894,7 @@ def test_asset_create_zarr_wrong_dandiset(
     assert resp.json() == 'The zarr archive belongs to a different dandiset'
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_create_no_blob_or_zarr(api_client, user, draft_version):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -918,7 +918,7 @@ def test_asset_create_no_blob_or_zarr(api_client, user, draft_version):
     assert resp.json() == {'blob_id': ['Exactly one of blob_id or zarr_id must be specified.']}
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_create_blob_and_zarr(api_client, user, draft_version, asset_blob, zarr_archive):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -942,7 +942,7 @@ def test_asset_create_blob_and_zarr(api_client, user, draft_version, asset_blob,
     assert resp.json() == {'blob_id': ['Exactly one of blob_id or zarr_id must be specified.']}
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_create_no_valid_blob(api_client, user, draft_version):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -960,7 +960,7 @@ def test_asset_create_no_valid_blob(api_client, user, draft_version):
     assert resp.status_code == 404
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_create_no_path(api_client, user, draft_version, asset_blob):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -977,7 +977,7 @@ def test_asset_create_no_path(api_client, user, draft_version, asset_blob):
     assert resp.data == {'metadata': ['No path specified in metadata.']}, resp.data
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_create_not_an_owner(api_client, user, version):
     api_client.force_authenticate(user=user)
 
@@ -991,7 +991,7 @@ def test_asset_create_not_an_owner(api_client, user, version):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_create_published_version(api_client, user, published_version, asset):
     assign_perm('owner', user, published_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -1012,7 +1012,7 @@ def test_asset_create_published_version(api_client, user, published_version, ass
     assert resp.data == 'Only draft versions can be modified.'
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_create_existing_path(api_client, user, draft_version, asset_blob, asset_factory):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -1038,7 +1038,7 @@ def test_asset_create_existing_path(api_client, user, draft_version, asset_blob,
     assert resp.status_code == 409
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_rename(api_client, user, draft_version, asset_blob):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -1064,7 +1064,7 @@ def test_asset_rest_rename(api_client, user, draft_version, asset_blob):
     assert resp.json()['asset_id'] != str(asset.asset_id)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_update(api_client, user, draft_version, asset, asset_blob):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -1125,7 +1125,7 @@ def test_asset_rest_update(api_client, user, draft_version, asset, asset_blob):
     assert draft_version.status == Version.Status.PENDING
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_update_embargo(api_client, user, draft_version, asset, embargoed_asset_blob):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -1181,7 +1181,7 @@ def test_asset_rest_update_embargo(api_client, user, draft_version, asset, embar
     assert draft_version.status == Version.Status.PENDING
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_update_unembargo_in_progress(
     api_client, user, draft_version_factory, asset, embargoed_asset_blob
 ):
@@ -1210,7 +1210,7 @@ def test_asset_rest_update_unembargo_in_progress(
     assert resp.status_code == 400
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_update_zarr(
     api_client,
     user,
@@ -1279,7 +1279,7 @@ def test_asset_rest_update_zarr(
     assert draft_version.status == Version.Status.PENDING
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_update_unauthorized(api_client, draft_version, asset):
     draft_version.assets.add(asset)
     new_metadata = asset.metadata
@@ -1295,7 +1295,7 @@ def test_asset_rest_update_unauthorized(api_client, draft_version, asset):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_update_not_an_owner(api_client, user, draft_version, asset):
     api_client.force_authenticate(user=user)
     draft_version.assets.add(asset)
@@ -1313,7 +1313,7 @@ def test_asset_rest_update_not_an_owner(api_client, user, draft_version, asset):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_update_published_version(api_client, user, published_version, asset):
     assign_perm('owner', user, published_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -1331,7 +1331,7 @@ def test_asset_rest_update_published_version(api_client, user, published_version
     assert resp.data == 'Only draft versions can be modified.'
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_update_to_existing(api_client, user, draft_version, asset_factory):
     old_asset = asset_factory()
     existing_asset = asset_factory()
@@ -1352,7 +1352,7 @@ def test_asset_rest_update_to_existing(api_client, user, draft_version, asset_fa
     assert resp.status_code == 409
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_delete(api_client, user, draft_version, asset):
     assign_perm('owner', user, draft_version.dandiset)
     draft_version.assets.add(asset)
@@ -1384,7 +1384,7 @@ def test_asset_rest_delete(api_client, user, draft_version, asset):
     assert draft_version.status == Version.Status.PENDING
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_delete_unembargo_in_progress(api_client, user, draft_version_factory, asset):
     draft_version = draft_version_factory(
         dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
@@ -1401,7 +1401,7 @@ def test_asset_rest_delete_unembargo_in_progress(api_client, user, draft_version
     assert response.status_code == 400
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_delete_zarr(
     api_client,
     user,
@@ -1431,7 +1431,7 @@ def test_asset_rest_delete_zarr(
     assert resp.status_code == 204
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_delete_zarr_modified(
     api_client,
     user,
@@ -1490,7 +1490,7 @@ def test_asset_rest_delete_zarr_modified(
     assert resp.status_code == 204
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_delete_not_an_owner(api_client, user, version, asset):
     api_client.force_authenticate(user=user)
     version.assets.add(asset)
@@ -1504,7 +1504,7 @@ def test_asset_rest_delete_not_an_owner(api_client, user, version, asset):
     assert asset in Asset.objects.all()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_rest_delete_published_version(api_client, user, published_version, asset):
     api_client.force_authenticate(user=user)
     assign_perm('owner', user, published_version.dandiset)
@@ -1518,7 +1518,7 @@ def test_asset_rest_delete_published_version(api_client, user, published_version
     assert response.data == 'Only draft versions can be modified.'
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_download(api_client, storage, version, asset):
     # Pretend like AssetBlob was defined with the given storage
     AssetBlob.blob.field.storage = storage
@@ -1544,7 +1544,7 @@ def test_asset_download(api_client, storage, version, asset):
         assert download.content == reader.read()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_download_embargo(
     authenticated_api_client,
     user,
@@ -1590,7 +1590,7 @@ def test_asset_download_embargo(
         assert download.content == reader.read()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_download_zarr(api_client, version, asset_factory, zarr_archive):
     asset = asset_factory(blob=None, zarr=zarr_archive)
     version.assets.add(asset)
@@ -1602,7 +1602,7 @@ def test_asset_download_zarr(api_client, version, asset_factory, zarr_archive):
     assert response.status_code == 400
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_direct_download(api_client, storage, version, asset):
     # Pretend like AssetBlob was defined with the given storage
     AssetBlob.blob.field.storage = storage
@@ -1625,7 +1625,7 @@ def test_asset_direct_download(api_client, storage, version, asset):
         assert download.content == reader.read()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_direct_download_zarr(api_client, version, asset_factory, zarr_archive):
     asset = asset_factory(blob=None, zarr=zarr_archive)
     version.assets.add(asset)
@@ -1634,7 +1634,7 @@ def test_asset_direct_download_zarr(api_client, version, asset_factory, zarr_arc
     assert response.status_code == 400
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_direct_download_head(api_client, storage, version, asset):
     # Pretend like AssetBlob was defined with the given storage
     AssetBlob.blob.field.storage = storage
@@ -1657,14 +1657,14 @@ def test_asset_direct_download_head(api_client, storage, version, asset):
         assert download.content == reader.read()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_direct_metadata(api_client, asset):
     assert (
         json.loads(api_client.get(f'/api/assets/{asset.asset_id}/').content) == asset.full_metadata
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_direct_info(api_client, asset):
     assert api_client.get(f'/api/assets/{asset.asset_id}/info/').json() == {
         'asset_id': str(asset.asset_id),
@@ -1678,7 +1678,7 @@ def test_asset_direct_info(api_client, asset):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 @pytest.mark.parametrize(
     ('glob_pattern', 'expected_paths'),
     [
diff --git a/dandiapi/api/tests/test_asset_paths.py b/dandiapi/api/tests/test_asset_paths.py
index 9e1a31126..3bd35bcf4 100644
--- a/dandiapi/api/tests/test_asset_paths.py
+++ b/dandiapi/api/tests/test_asset_paths.py
@@ -19,7 +19,7 @@
 from dandiapi.api.tasks import publish_dandiset_task
 
 
-@pytest.fixture()
+@pytest.fixture
 def ingested_asset(draft_version_factory, asset_factory) -> Asset:
     asset: Asset = asset_factory()
     version: Version = draft_version_factory()
@@ -43,7 +43,7 @@ def test_extract_paths(path, expected):
     assert extract_paths(path) == expected
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_add_asset(draft_version_factory, asset_factory):
     # Create asset with version
     asset: Asset = asset_factory()
@@ -84,7 +84,7 @@ def test_asset_path_add_asset(draft_version_factory, asset_factory):
         )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_add_asset_idempotent(draft_version_factory, asset_factory):
     # Create asset with version
     asset: Asset = asset_factory()
@@ -101,7 +101,7 @@ def test_asset_path_add_asset_idempotent(draft_version_factory, asset_factory):
     assert path.aggregate_size == asset.size
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_add_asset_conflicting_path(draft_version_factory, asset_factory):
     # Create asset with version
     asset1: Asset = asset_factory()
@@ -122,7 +122,7 @@ def test_asset_path_add_asset_conflicting_path(draft_version_factory, asset_fact
     assert version.asset_paths.filter(asset__isnull=False).count() == 1
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_add_version_asset_paths(draft_version_factory, asset_factory):
     # Create asset with version
     version: Version = draft_version_factory()
@@ -156,7 +156,7 @@ def test_asset_path_add_version_asset_paths(draft_version_factory, asset_factory
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_add_version_asset_paths_idempotent(draft_version_factory, asset_factory):
     # Create asset with version
     version: Version = draft_version_factory()
@@ -178,7 +178,7 @@ def test_asset_path_add_version_asset_paths_idempotent(draft_version_factory, as
         assert path.aggregate_size == path.asset.size
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_add_asset_shared_paths(draft_version_factory, asset_factory):
     # Create asset with version
     version: Version = draft_version_factory()
@@ -197,7 +197,7 @@ def test_asset_path_add_asset_shared_paths(draft_version_factory, asset_factory)
     assert path.aggregate_files == 2
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_delete_asset(ingested_asset):
     asset = ingested_asset
     version = ingested_asset.versions.first()
@@ -210,7 +210,7 @@ def test_asset_path_delete_asset(ingested_asset):
     assert not AssetPath.objects.filter(path=asset.path, version=version).exists()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_delete_asset_idempotent(ingested_asset):
     asset = ingested_asset
     version = ingested_asset.versions.first()
@@ -220,7 +220,7 @@ def test_asset_path_delete_asset_idempotent(ingested_asset):
     delete_asset_paths(asset, version)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_update_asset(draft_version_factory, asset_factory):
     # Create asset with version
     version: Version = draft_version_factory()
@@ -248,7 +248,7 @@ def test_asset_path_update_asset(draft_version_factory, asset_factory):
         assert AssetPath.objects.filter(path=path, version=version).exists()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_delete_asset_shared_paths(
     draft_version_factory, asset_factory, asset_blob_factory
 ):
@@ -272,7 +272,7 @@ def test_asset_path_delete_asset_shared_paths(
     assert path.aggregate_files == 1
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_search_asset_paths(draft_version_factory, asset_factory):
     version: Version = draft_version_factory()
     assets = [asset_factory(path=path) for path in ['foo/bar.txt', 'foo/baz.txt', 'bar/foo.txt']]
@@ -294,7 +294,7 @@ def test_asset_path_search_asset_paths(draft_version_factory, asset_factory):
     assert all(x.asset is not None for x in qs)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_publish_version(draft_version_factory, asset_factory, user):
     version: Version = draft_version_factory()
     asset = asset_factory(path='foo/bar.txt', status=Asset.Status.VALID)
@@ -325,7 +325,7 @@ def test_asset_path_publish_version(draft_version_factory, asset_factory, user):
         AssetPath.objects.get(path=path, version=published_version)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_get_root_paths(draft_version_factory, asset_factory):
     version = draft_version_factory()
     version.assets.add(asset_factory(path='a'))
@@ -337,7 +337,7 @@ def test_asset_path_get_root_paths(draft_version_factory, asset_factory):
     assert get_root_paths(version).count() == 4
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_path_get_root_paths_many(draft_version_factory, asset_factory):
     version = draft_version_factory()
     version.assets.add(asset_factory(path='a'))
diff --git a/dandiapi/api/tests/test_audit.py b/dandiapi/api/tests/test_audit.py
index ced98fc70..6562755b6 100644
--- a/dandiapi/api/tests/test_audit.py
+++ b/dandiapi/api/tests/test_audit.py
@@ -62,7 +62,7 @@ def create_dandiset(
     return Dandiset.objects.get(pk=dandiset_id)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_audit_create_dandiset(api_client, user):
     """Test create_dandiset audit record."""
     # Create a Dandiset with specified name and metadata.
@@ -79,7 +79,7 @@ def test_audit_create_dandiset(api_client, user):
     assert rec.details['metadata']['name'] == name
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_audit_change_owners(api_client, user_factory, draft_version):
     """Test the change_owners audit record."""
     # Create some users.
@@ -116,7 +116,7 @@ def user_info(u):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_audit_update_metadata(api_client, draft_version, user):
     # Create a Dandiset.
     dandiset = draft_version.dandiset
@@ -145,7 +145,7 @@ def test_audit_update_metadata(api_client, draft_version, user):
     assert metadata['foo'] == 'bar'
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_audit_delete_dandiset(api_client, user, draft_version):
     # Create a Dandiset.
     dandiset = draft_version.dandiset
@@ -183,7 +183,7 @@ def test_audit_unembargo(api_client, user):
     assert rec.details == {}
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_audit_add_asset(api_client, user, draft_version, asset_blob_factory):
     # Create a Dandiset.
     dandiset = draft_version.dandiset
@@ -211,7 +211,7 @@ def test_audit_add_asset(api_client, user, draft_version, asset_blob_factory):
     assert rec.details['asset_blob_id'] == blob.blob_id
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_audit_update_asset(
     api_client, user, draft_version, asset_blob_factory, draft_asset_factory
 ):
@@ -245,7 +245,7 @@ def test_audit_update_asset(
     assert rec.details['asset_blob_id'] == blob.blob_id
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_audit_remove_asset(
     api_client, user, draft_version, asset_blob_factory, draft_asset_factory
 ):
@@ -302,7 +302,7 @@ def test_audit_publish_dandiset(
     assert rec.details['version'] == dandiset.most_recent_published_version.version
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_audit_zarr_create(api_client, user, draft_version):
     # Create a Dandiset.
     dandiset = draft_version.dandiset
@@ -328,7 +328,7 @@ def test_audit_zarr_create(api_client, user, draft_version):
     assert rec.details['zarr_id'] == zarr_id
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_audit_upload_zarr_chunks(api_client, user, draft_version, zarr_archive_factory, storage):
     ZarrArchive.storage = storage
 
@@ -354,7 +354,7 @@ def test_audit_upload_zarr_chunks(api_client, user, draft_version, zarr_archive_
     assert rec.details['paths'] == paths
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_audit_finalize_zarr(
     api_client, user, draft_version, zarr_archive_factory, storage, settings
 ):
@@ -395,7 +395,7 @@ def test_audit_finalize_zarr(
     assert rec.details['zarr_id'] == zarr.zarr_id
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_audit_delete_zarr_chunks(
     api_client, user, draft_version, zarr_archive_factory, storage, settings
 ):
diff --git a/dandiapi/api/tests/test_auth.py b/dandiapi/api/tests/test_auth.py
index 24cd3a9f5..f9a13ad08 100644
--- a/dandiapi/api/tests/test_auth.py
+++ b/dandiapi/api/tests/test_auth.py
@@ -4,24 +4,24 @@
 from rest_framework.authtoken.models import Token
 
 
-@pytest.fixture()
+@pytest.fixture
 def token(user) -> Token:
     return Token.objects.get(user=user)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_auth_token_retrieve(api_client, user, token):
     api_client.force_authenticate(user=user)
 
     assert api_client.get('/api/auth/token/').data == token.key
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_auth_token_retrieve_unauthorized(api_client, user, token):
     assert api_client.get('/api/auth/token/').status_code == 401
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_auth_token_refresh(api_client, user, token):
     api_client.force_authenticate(user=user)
 
@@ -32,6 +32,6 @@ def test_auth_token_refresh(api_client, user, token):
     assert new_token_key == new_token.key
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_auth_token_reset_unauthorized(api_client, user, token):
     assert api_client.post('/api/auth/token/').status_code == 401
diff --git a/dandiapi/api/tests/test_create_dev_dandiset.py b/dandiapi/api/tests/test_create_dev_dandiset.py
index 6a738bf50..b3204870b 100644
--- a/dandiapi/api/tests/test_create_dev_dandiset.py
+++ b/dandiapi/api/tests/test_create_dev_dandiset.py
@@ -6,7 +6,7 @@
 from dandiapi.api.models import Asset, AssetBlob, Dandiset, Version
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_create_dev_dandiset(user):
     create_dev_dandiset('--name', 'My Test Dandiset', '--owner', user.email)
 
diff --git a/dandiapi/api/tests/test_dandiset.py b/dandiapi/api/tests/test_dandiset.py
index e71c7ebf5..06ac8b807 100644
--- a/dandiapi/api/tests/test_dandiset.py
+++ b/dandiapi/api/tests/test_dandiset.py
@@ -13,7 +13,7 @@
 from .fuzzy import DANDISET_ID_RE, DANDISET_SCHEMA_ID_RE, TIMESTAMP_RE, UTC_ISO_TIMESTAMP_RE
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_identifier(dandiset):
     assert int(dandiset.identifier) == dandiset.id
 
@@ -24,7 +24,7 @@ def test_dandiset_identifer_missing(dandiset_factory):
     assert dandiset.identifier == ''
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_published_count(
     dandiset_factory, draft_version_factory, published_version_factory
 ):
@@ -52,7 +52,7 @@ def test_dandiset_published_count(
         ('UNEMBARGOING', 'not-owner', False),
     ],
 )
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_manager_visible_to(
     dandiset_factory, user_factory, embargo_status, user_status, visible
 ):
@@ -64,7 +64,7 @@ def test_dandiset_manager_visible_to(
     assert list(Dandiset.objects.visible_to(user)) == ([dandiset] if visible else [])
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_list(api_client, user, dandiset):
     # Test un-authenticated request
     assert api_client.get('/api/dandisets/', {'draft': 'true', 'empty': 'true'}).json() == {
@@ -113,7 +113,7 @@ def test_dandiset_rest_list(api_client, user, dandiset):
         'draft-false-empty-false',
     ],
 )
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_versions(
     api_client,
     dandiset_factory,
@@ -203,7 +203,7 @@ def expected_serialization(dandiset: Dandiset):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_list_for_user(api_client, user, dandiset_factory):
     dandiset = dandiset_factory()
     # Create an extra dandiset that should not be included in the response
@@ -228,7 +228,7 @@ def test_dandiset_rest_list_for_user(api_client, user, dandiset_factory):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_retrieve(api_client, dandiset):
     assert api_client.get(f'/api/dandisets/{dandiset.identifier}/').data == {
         'identifier': dandiset.identifier,
@@ -246,7 +246,7 @@ def test_dandiset_rest_retrieve(api_client, dandiset):
     [choice[0] for choice in Dandiset.EmbargoStatus.choices],
     ids=[choice[1] for choice in Dandiset.EmbargoStatus.choices],
 )
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_embargo_access(
     api_client, user_factory, dandiset_factory, embargo_status: str
 ):
@@ -321,7 +321,7 @@ def test_dandiset_rest_embargo_access(
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_create(api_client, user):
     user.first_name = 'John'
     user.last_name = 'Doe'
@@ -412,7 +412,7 @@ def test_dandiset_rest_create(api_client, user):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_create_with_identifier(api_client, admin_user):
     admin_user.first_name = 'John'
     admin_user.last_name = 'Doe'
@@ -505,7 +505,7 @@ def test_dandiset_rest_create_with_identifier(api_client, admin_user):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_create_with_contributor(api_client, admin_user):
     admin_user.first_name = 'John'
     admin_user.last_name = 'Doe'
@@ -611,7 +611,7 @@ def test_dandiset_rest_create_with_contributor(api_client, admin_user):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_create_embargoed(api_client, user):
     user.first_name = 'John'
     user.last_name = 'Doe'
@@ -702,7 +702,7 @@ def test_dandiset_rest_create_embargoed(api_client, user):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_create_with_duplicate_identifier(api_client, admin_user, dandiset):
     api_client.force_authenticate(user=admin_user)
     name = 'Test Dandiset'
@@ -718,7 +718,7 @@ def test_dandiset_rest_create_with_duplicate_identifier(api_client, admin_user,
     assert response.data == f'Dandiset {identifier} already exists'
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_create_with_invalid_identifier(api_client, admin_user):
     api_client.force_authenticate(user=admin_user)
     name = 'Test Dandiset'
@@ -734,7 +734,7 @@ def test_dandiset_rest_create_with_invalid_identifier(api_client, admin_user):
     assert response.data == f'Invalid Identifier {identifier}'
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 @pytest.mark.parametrize(
     ('embargo_status', 'success'),
     [
@@ -759,7 +759,7 @@ def test_dandiset_rest_delete(api_client, draft_version_factory, user, embargo_s
         assert Dandiset.objects.count() == 1
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_delete_with_zarrs(
     api_client,
     draft_version,
@@ -781,7 +781,7 @@ def test_dandiset_rest_delete_with_zarrs(
     assert not Dandiset.objects.all()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_delete_not_an_owner(api_client, draft_version, user):
     api_client.force_authenticate(user=user)
 
@@ -791,7 +791,7 @@ def test_dandiset_rest_delete_not_an_owner(api_client, draft_version, user):
     assert draft_version.dandiset in Dandiset.objects.all()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_delete_published(api_client, published_version, user):
     api_client.force_authenticate(user=user)
     assign_perm('owner', user, published_version.dandiset)
@@ -803,7 +803,7 @@ def test_dandiset_rest_delete_published(api_client, published_version, user):
     assert published_version.dandiset in Dandiset.objects.all()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_delete_published_admin(api_client, published_version, admin_user):
     api_client.force_authenticate(user=admin_user)
 
@@ -814,7 +814,7 @@ def test_dandiset_rest_delete_published_admin(api_client, published_version, adm
     assert published_version.dandiset in Dandiset.objects.all()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_get_owners(api_client, dandiset, social_account):
     assign_perm('owner', social_account.user, dandiset)
 
@@ -830,7 +830,7 @@ def test_dandiset_rest_get_owners(api_client, dandiset, social_account):
     ]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_get_owners_no_social_account(api_client, dandiset, user):
     assign_perm('owner', user, dandiset)
 
@@ -850,7 +850,7 @@ def test_dandiset_rest_get_owners_no_social_account(api_client, dandiset, user):
     'embargo_status',
     [Dandiset.EmbargoStatus.OPEN, Dandiset.EmbargoStatus.EMBARGOED],
 )
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_change_owner(
     api_client,
     draft_version_factory,
@@ -890,7 +890,7 @@ def test_dandiset_rest_change_owner(
     assert mailoutbox[1].to == [user2.email]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_change_owners_unembargo_in_progress(
     api_client,
     draft_version_factory,
@@ -921,7 +921,7 @@ def test_dandiset_rest_change_owners_unembargo_in_progress(
     assert resp.status_code == 400
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_add_owner(
     api_client,
     draft_version,
@@ -966,7 +966,7 @@ def test_dandiset_rest_add_owner(
     assert mailoutbox[0].to == [user2.email]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_remove_owner(
     api_client,
     draft_version,
@@ -1003,7 +1003,7 @@ def test_dandiset_rest_remove_owner(
     assert mailoutbox[0].to == [user2.email]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_not_an_owner(api_client, dandiset, user):
     api_client.force_authenticate(user=user)
 
@@ -1015,7 +1015,7 @@ def test_dandiset_rest_not_an_owner(api_client, dandiset, user):
     assert resp.status_code == 403
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_delete_all_owners_fails(api_client, dandiset, user):
     assign_perm('owner', user, dandiset)
     api_client.force_authenticate(user=user)
@@ -1029,7 +1029,7 @@ def test_dandiset_rest_delete_all_owners_fails(api_client, dandiset, user):
     assert resp.data == ['Cannot remove all draft owners']
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_add_owner_does_not_exist(api_client, dandiset, user):
     assign_perm('owner', user, dandiset)
     api_client.force_authenticate(user=user)
@@ -1044,7 +1044,7 @@ def test_dandiset_rest_add_owner_does_not_exist(api_client, dandiset, user):
     assert resp.data == [f'User {fake_name} not found']
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_add_malformed(api_client, dandiset, user):
     assign_perm('owner', user, dandiset)
     api_client.force_authenticate(user=user)
@@ -1058,17 +1058,17 @@ def test_dandiset_rest_add_malformed(api_client, dandiset, user):
     assert resp.data == [{'username': ['This field is required.']}]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_search_no_query(api_client):
     assert api_client.get('/api/dandisets/').data['results'] == []
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_search_empty_query(api_client):
     assert api_client.get('/api/dandisets/', {'search': ''}).data['results'] == []
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_dandiset_rest_search_identifier(api_client, draft_version):
     results = api_client.get(
         '/api/dandisets/',
@@ -1083,7 +1083,7 @@ def test_dandiset_rest_search_identifier(api_client, draft_version):
     assert results[0]['draft_version']['name'] == draft_version.name
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 @pytest.mark.parametrize(
     'contributors',
     [None, 'string', 1, [], {}],
diff --git a/dandiapi/api/tests/test_embargo.py b/dandiapi/api/tests/test_embargo.py
index ff249c30e..206510e8e 100644
--- a/dandiapi/api/tests/test_embargo.py
+++ b/dandiapi/api/tests/test_embargo.py
@@ -61,7 +61,7 @@ def embargo_status(request):
         ),
     ],
 )
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_embargo_visibility(
     api_client,
     user,
@@ -89,7 +89,7 @@ def test_embargo_visibility(
     assert response.status_code == 403
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_remove_asset_blob_embargoed_tag_fails_on_embargod(embargoed_asset_blob, asset_blob):
     with pytest.raises(AssetBlobEmbargoedError):
         remove_asset_blob_embargoed_tag(embargoed_asset_blob)
diff --git a/dandiapi/api/tests/test_garbage.py b/dandiapi/api/tests/test_garbage.py
index 0a191cef9..853c7b46d 100644
--- a/dandiapi/api/tests/test_garbage.py
+++ b/dandiapi/api/tests/test_garbage.py
@@ -9,7 +9,7 @@
 from dandiapi.api.models import Asset, Version
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_stale_assets(version: Version, draft_asset_factory, published_asset_factory):
     stale_date = timezone.now() - timedelta(days=8)
 
diff --git a/dandiapi/api/tests/test_manifests.py b/dandiapi/api/tests/test_manifests.py
index a148479f3..bd9ac342c 100644
--- a/dandiapi/api/tests/test_manifests.py
+++ b/dandiapi/api/tests/test_manifests.py
@@ -21,7 +21,7 @@
     from django.core.files.storage import Storage
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_write_dandiset_jsonld(storage: Storage, version: Version):
     # Pretend like AssetBlob was defined with the given storage
     # The task piggybacks off of the AssetBlob storage to write the yamls
@@ -38,7 +38,7 @@ def test_write_dandiset_jsonld(storage: Storage, version: Version):
         assert f.read() == expected
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_write_assets_jsonld(storage: Storage, version: Version, asset_factory):
     # Pretend like AssetBlob was defined with the given storage
     # The task piggybacks off of the AssetBlob storage to write the yamls
@@ -58,7 +58,7 @@ def test_write_assets_jsonld(storage: Storage, version: Version, asset_factory):
         assert f.read() == expected
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_write_collection_jsonld(storage: Storage, version: Version, asset):
     # Pretend like AssetBlob was defined with the given storage
     # The task piggybacks off of the AssetBlob storage to write the yamls
@@ -85,7 +85,7 @@ def test_write_collection_jsonld(storage: Storage, version: Version, asset):
         assert f.read() == expected
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_write_dandiset_yaml(storage: Storage, version: Version):
     # Pretend like AssetBlob was defined with the given storage
     # The task piggybacks off of the AssetBlob storage to write the yamls
@@ -102,7 +102,7 @@ def test_write_dandiset_yaml(storage: Storage, version: Version):
         assert f.read() == expected
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_write_assets_yaml(storage: Storage, version: Version, asset_factory):
     # Pretend like AssetBlob was defined with the given storage
     # The task piggybacks off of the AssetBlob storage to write the yamls
@@ -122,7 +122,7 @@ def test_write_assets_yaml(storage: Storage, version: Version, asset_factory):
         assert f.read() == expected
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_write_dandiset_yaml_already_exists(storage: Storage, version: Version):
     # Pretend like AssetBlob was defined with the given storage
     # The task piggybacks off of the AssetBlob storage to write the yamls
@@ -142,7 +142,7 @@ def test_write_dandiset_yaml_already_exists(storage: Storage, version: Version):
         assert f.read() == expected
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_write_assets_yaml_already_exists(storage: Storage, version: Version, asset_factory):
     # Pretend like AssetBlob was defined with the given storage
     # The task piggybacks off of the AssetBlob storage to write the yamls
diff --git a/dandiapi/api/tests/test_pagination.py b/dandiapi/api/tests/test_pagination.py
index 2081fc03b..f6ec4ffcd 100644
--- a/dandiapi/api/tests/test_pagination.py
+++ b/dandiapi/api/tests/test_pagination.py
@@ -3,7 +3,7 @@
 import pytest
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_asset_pagination(api_client, version, asset_factory):
     endpoint = f'/api/dandisets/{version.dandiset.identifier}/versions/{version.version}/assets/'
 
diff --git a/dandiapi/api/tests/test_permission.py b/dandiapi/api/tests/test_permission.py
index 14ea28dc2..af744ce2f 100644
--- a/dandiapi/api/tests/test_permission.py
+++ b/dandiapi/api/tests/test_permission.py
@@ -67,7 +67,7 @@
         ('post', '/api/zarr/{zarr.zarr_id}/files/', True),
     ],
 )
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_approved_or_readonly(
     api_client,
     user,
diff --git a/dandiapi/api/tests/test_search.py b/dandiapi/api/tests/test_search.py
index bd5511774..d94cef3c9 100644
--- a/dandiapi/api/tests/test_search.py
+++ b/dandiapi/api/tests/test_search.py
@@ -8,7 +8,7 @@
     from rest_framework.test import APIClient
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_search_rest(api_client: APIClient) -> None:
     resp = api_client.get('/api/dandisets/search/')
     assert resp.status_code == 200
diff --git a/dandiapi/api/tests/test_stats.py b/dandiapi/api/tests/test_stats.py
index 546d36a70..e79feea56 100644
--- a/dandiapi/api/tests/test_stats.py
+++ b/dandiapi/api/tests/test_stats.py
@@ -3,7 +3,7 @@
 import pytest
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_stats_baseline(api_client):
     assert api_client.get('/api/stats/').data == {
         'dandiset_count': 0,
@@ -14,7 +14,7 @@ def test_stats_baseline(api_client):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_stats_draft(api_client, dandiset):
     stats = api_client.get('/api/stats/').data
 
@@ -22,7 +22,7 @@ def test_stats_draft(api_client, dandiset):
     assert stats['published_dandiset_count'] == 0
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_stats_published(api_client, published_version_factory):
     published_version_factory()
     stats = api_client.get('/api/stats/').data
@@ -31,7 +31,7 @@ def test_stats_published(api_client, published_version_factory):
     assert stats['published_dandiset_count'] == 1
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_stats_user(api_client, user):
     stats = api_client.get('/api/stats/').data
 
@@ -39,7 +39,7 @@ def test_stats_user(api_client, user):
     assert stats['user_count'] == 2
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_stats_asset(api_client, version, asset):
     version.assets.add(asset)
     stats = api_client.get('/api/stats/').data
@@ -47,7 +47,7 @@ def test_stats_asset(api_client, version, asset):
     assert stats['size'] == asset.size
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_stats_embargoed_asset(api_client, version, asset_factory, embargoed_asset_blob_factory):
     embargoed_asset = asset_factory()
     embargoed_asset.blob = embargoed_asset_blob_factory()
@@ -57,7 +57,7 @@ def test_stats_embargoed_asset(api_client, version, asset_factory, embargoed_ass
     assert stats['size'] == embargoed_asset.size
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_stats_embargoed_and_regular_blobs(
     api_client, version, asset_factory, asset_blob_factory, embargoed_asset_blob_factory
 ):
diff --git a/dandiapi/api/tests/test_tasks.py b/dandiapi/api/tests/test_tasks.py
index b83945e0e..3cb632bb9 100644
--- a/dandiapi/api/tests/test_tasks.py
+++ b/dandiapi/api/tests/test_tasks.py
@@ -22,7 +22,7 @@
     from rest_framework.test import APIClient
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_calculate_checksum_task(storage: Storage, asset_blob_factory):
     # Pretend like AssetBlob was defined with the given storage
     AssetBlob.blob.field.storage = storage
@@ -40,7 +40,7 @@ def test_calculate_checksum_task(storage: Storage, asset_blob_factory):
     assert asset_blob.sha256 == sha256
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_calculate_checksum_task_embargo(
     storage: Storage, embargoed_asset_blob_factory, monkeypatch
 ):
@@ -60,7 +60,7 @@ def test_calculate_checksum_task_embargo(
     assert asset_blob.sha256 == sha256
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_write_manifest_files(storage: Storage, version: Version, asset_factory):
     # Pretend like AssetBlob was defined with the given storage
     # The task piggybacks off of the AssetBlob storage to write the yamls
@@ -100,7 +100,7 @@ def test_write_manifest_files(storage: Storage, version: Version, asset_factory)
     assert storage.exists(collection_jsonld_path)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_validate_asset_metadata(draft_asset: Asset):
     tasks.validate_asset_metadata_task(draft_asset.id)
 
@@ -110,7 +110,7 @@ def test_validate_asset_metadata(draft_asset: Asset):
     assert draft_asset.validation_errors == []
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_validate_asset_metadata_malformed_schema_version(draft_asset: Asset):
     draft_asset.metadata['schemaVersion'] = 'xxx'
     draft_asset.save()
@@ -127,7 +127,7 @@ def test_validate_asset_metadata_malformed_schema_version(draft_asset: Asset):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_validate_asset_metadata_no_encoding_format(draft_asset: Asset):
     del draft_asset.metadata['encodingFormat']
     draft_asset.save()
@@ -142,7 +142,7 @@ def test_validate_asset_metadata_no_encoding_format(draft_asset: Asset):
     ]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_validate_asset_metadata_no_digest(draft_asset: Asset):
     draft_asset.blob.sha256 = None
     draft_asset.blob.save()
@@ -160,7 +160,7 @@ def test_validate_asset_metadata_no_digest(draft_asset: Asset):
     ]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_validate_asset_metadata_malformed_keywords(draft_asset: Asset):
     draft_asset.metadata['keywords'] = 'foo'
     draft_asset.save()
@@ -175,7 +175,7 @@ def test_validate_asset_metadata_malformed_keywords(draft_asset: Asset):
     ]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_validate_asset_metadata_saves_version(draft_asset: Asset, draft_version: Version):
     draft_version.assets.add(draft_asset)
 
@@ -191,7 +191,7 @@ def test_validate_asset_metadata_saves_version(draft_asset: Asset, draft_version
     assert draft_version.modified != old_datetime
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_validate_version_metadata(draft_version: Version, asset: Asset):
     draft_version.assets.add(asset)
 
@@ -210,7 +210,7 @@ def test_validate_version_metadata(draft_version: Version, asset: Asset):
     assert draft_version.modified > old_modified
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_validate_version_metadata_non_pending_version(draft_version: Version, asset: Asset):
     # Bypass .save to manually set an older timestamp, set status to INVALID
     old_modified = timezone.now() - datetime.timedelta(minutes=10)
@@ -230,7 +230,7 @@ def test_validate_version_metadata_non_pending_version(draft_version: Version, a
     assert draft_version.modified == old_modified
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_validate_version_metadata_no_side_effects(draft_version: Version, asset: Asset):
     draft_version.assets.add(asset)
 
@@ -252,7 +252,7 @@ def test_validate_version_metadata_no_side_effects(draft_version: Version, asset
     assert old_data == new_data
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_validate_version_metadata_malformed_schema_version(draft_version: Version, asset: Asset):
     draft_version.assets.add(asset)
 
@@ -270,7 +270,7 @@ def test_validate_version_metadata_malformed_schema_version(draft_version: Versi
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_validate_version_metadata_no_description(draft_version: Version, asset: Asset):
     draft_version.assets.add(asset)
 
@@ -287,7 +287,7 @@ def test_validate_version_metadata_no_description(draft_version: Version, asset:
     ]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_validate_version_metadata_malformed_license(draft_version: Version, asset: Asset):
     draft_version.assets.add(asset)
 
@@ -304,7 +304,7 @@ def test_validate_version_metadata_malformed_license(draft_version: Version, ass
     ]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_validate_version_metadata_no_assets(
     draft_version: Version,
 ):
@@ -321,7 +321,7 @@ def test_validate_version_metadata_no_assets(
     ]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_publish_task(
     api_client: APIClient,
     user: User,
diff --git a/dandiapi/api/tests/test_unembargo.py b/dandiapi/api/tests/test_unembargo.py
index 86c656dfd..ebd86b336 100644
--- a/dandiapi/api/tests/test_unembargo.py
+++ b/dandiapi/api/tests/test_unembargo.py
@@ -25,7 +25,7 @@
     from dandiapi.api.models.asset import AssetBlob
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_remove_asset_blob_embargoed_tag_fails_on_embargod(embargoed_asset_blob, asset_blob):
     with pytest.raises(AssetBlobEmbargoedError):
         remove_asset_blob_embargoed_tag(embargoed_asset_blob)
@@ -34,7 +34,7 @@ def test_remove_asset_blob_embargoed_tag_fails_on_embargod(embargoed_asset_blob,
     remove_asset_blob_embargoed_tag(asset_blob)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_kickoff_dandiset_unembargo_dandiset_not_embargoed(
     api_client, user, dandiset_factory, draft_version_factory
 ):
@@ -47,7 +47,7 @@ def test_kickoff_dandiset_unembargo_dandiset_not_embargoed(
     assert resp.status_code == 400
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_kickoff_dandiset_unembargo_not_owner(
     api_client, user, dandiset_factory, draft_version_factory
 ):
@@ -59,7 +59,7 @@ def test_kickoff_dandiset_unembargo_not_owner(
     assert resp.status_code == 403
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_kickoff_dandiset_unembargo_active_uploads(
     api_client, user, dandiset_factory, draft_version_factory, upload_factory
 ):
@@ -97,7 +97,7 @@ def test_kickoff_dandiset_unembargo(api_client, user, draft_version_factory, mai
     assert str(patched_task.mock_calls[0]) == f'call.delay({ds.pk}, {user.id})'
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_unembargo_dandiset_not_unembargoing(draft_version_factory, user, api_client):
     draft_version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
     ds: Dandiset = draft_version.dandiset
@@ -109,7 +109,7 @@ def test_unembargo_dandiset_not_unembargoing(draft_version_factory, user, api_cl
         unembargo_dandiset(ds, user)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_unembargo_dandiset_uploads_exist(draft_version_factory, upload_factory, user, api_client):
     draft_version = draft_version_factory(
         dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
@@ -124,7 +124,7 @@ def test_unembargo_dandiset_uploads_exist(draft_version_factory, upload_factory,
         unembargo_dandiset(ds, user)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_remove_dandiset_asset_blob_embargo_tags_chunks(
     draft_version_factory,
     asset_factory,
@@ -151,7 +151,7 @@ def test_remove_dandiset_asset_blob_embargo_tags_chunks(
     assert len(delete_asset_blob_tags_mock.mock_calls) == chunk_size + 1
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_delete_asset_blob_tags_fails(
     draft_version_factory,
     asset_factory,
@@ -172,7 +172,7 @@ def test_delete_asset_blob_tags_fails(
         _remove_dandiset_asset_blob_embargo_tags(dandiset=ds)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_unembargo_dandiset(
     draft_version_factory,
     asset_factory,
@@ -223,7 +223,7 @@ def test_unembargo_dandiset(
     assert owner_email_set == mailoutbox_to_email_set
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_unembargo_dandiset_validate_version_metadata(
     draft_version_factory, asset_factory, user, mocker
 ):
@@ -250,7 +250,7 @@ def test_unembargo_dandiset_validate_version_metadata(
     assert not draft_version.validation_errors
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_unembargo_dandiset_task_failure(draft_version_factory, mailoutbox, user, api_client):
     # Intentionally set the status to embargoed so the task will fail
     draft_version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
diff --git a/dandiapi/api/tests/test_upload.py b/dandiapi/api/tests/test_upload.py
index 84c1b7bb2..11a85e9a6 100644
--- a/dandiapi/api/tests/test_upload.py
+++ b/dandiapi/api/tests/test_upload.py
@@ -16,7 +16,7 @@ def mb(bytes_size: int) -> int:
     return bytes_size * 2**20
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_blob_read(api_client, asset_blob):
     assert api_client.post(
         '/api/blobs/digest/',
@@ -30,7 +30,7 @@ def test_blob_read(api_client, asset_blob):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_blob_read_sha256(api_client, asset_blob):
     assert api_client.post(
         '/api/blobs/digest/',
@@ -44,7 +44,7 @@ def test_blob_read_sha256(api_client, asset_blob):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_blob_read_bad_algorithm(api_client, asset_blob):
     resp = api_client.post(
         '/api/blobs/digest/',
@@ -55,7 +55,7 @@ def test_blob_read_bad_algorithm(api_client, asset_blob):
     assert resp.data == 'Unsupported Digest Algorithm. Supported: dandi:dandi-etag, dandi:sha2-256'
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_blob_read_does_not_exist(api_client):
     resp = api_client.post(
         '/api/blobs/digest/',
@@ -65,7 +65,7 @@ def test_blob_read_does_not_exist(api_client):
     assert resp.status_code == 404
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 @pytest.mark.parametrize('embargoed', [True, False])
 def test_upload_initialize(api_client, user, dandiset_factory, embargoed):
     dandiset = dandiset_factory(
@@ -109,7 +109,7 @@ def test_upload_initialize(api_client, user, dandiset_factory, embargoed):
     assert upload.blob.name == f'test-prefix/blobs/{upload_id[:3]}/{upload_id[3:6]}/{upload_id}'
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_upload_initialize_unembargo_in_progress(api_client, user, dandiset_factory):
     dandiset = dandiset_factory(embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING)
     api_client.force_authenticate(user=user)
@@ -128,7 +128,7 @@ def test_upload_initialize_unembargo_in_progress(api_client, user, dandiset_fact
     assert resp.status_code == 400
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_upload_initialize_existing_asset_blob(api_client, user, dandiset, asset_blob):
     api_client.force_authenticate(user=user)
     assign_perm('owner', user, dandiset)
@@ -148,7 +148,7 @@ def test_upload_initialize_existing_asset_blob(api_client, user, dandiset, asset
     assert not Upload.objects.all().exists()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_upload_initialize_not_an_owner(api_client, user, dandiset):
     api_client.force_authenticate(user=user)
 
@@ -167,7 +167,7 @@ def test_upload_initialize_not_an_owner(api_client, user, dandiset):
     assert not Upload.objects.all().exists()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_upload_initialize_embargo_not_an_owner(api_client, user, dandiset_factory):
     api_client.force_authenticate(user=user)
     dandiset = dandiset_factory(embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
@@ -189,7 +189,7 @@ def test_upload_initialize_embargo_not_an_owner(api_client, user, dandiset_facto
     assert not Upload.objects.all().exists()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_upload_initialize_embargo_existing_asset_blob(
     api_client, user, dandiset_factory, asset_blob
 ):
@@ -213,7 +213,7 @@ def test_upload_initialize_embargo_existing_asset_blob(
     assert not Upload.objects.all().exists()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_upload_initialize_embargo_existing_embargoed_asset_blob(
     api_client, user, dandiset_factory, embargoed_asset_blob_factory
 ):
@@ -238,7 +238,7 @@ def test_upload_initialize_embargo_existing_embargoed_asset_blob(
     assert not Upload.objects.all().exists()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_upload_initialize_unauthorized(api_client):
     assert (
         api_client.post(
diff --git a/dandiapi/api/tests/test_users.py b/dandiapi/api/tests/test_users.py
index feac3af91..75af4dfb4 100644
--- a/dandiapi/api/tests/test_users.py
+++ b/dandiapi/api/tests/test_users.py
@@ -31,7 +31,7 @@ def serialize_social_account(social_account):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_user_registration_email_content(
     social_account: SocialAccount, mailoutbox: list[EmailMessage], api_client: APIClient
 ):
@@ -71,7 +71,7 @@ def test_user_registration_email_content(
         (UserMetadata.Status.APPROVED, 0),
     ],
 )
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_user_registration_email_count(
     social_account: SocialAccount,
     mailoutbox: list[EmailMessage],
@@ -90,7 +90,7 @@ def test_user_registration_email_count(
     assert len(mailoutbox) == email_count
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_user_me(api_client, social_account):
     api_client.force_authenticate(user=social_account.user)
 
@@ -100,7 +100,7 @@ def test_user_me(api_client, social_account):
     ).data == serialize_social_account(social_account)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_user_me_admin(api_client, admin_user, social_account_factory):
     api_client.force_authenticate(user=admin_user)
     social_account = social_account_factory(user=admin_user)
@@ -112,7 +112,7 @@ def test_user_me_admin(api_client, admin_user, social_account_factory):
     ).data == serialize_social_account(social_account)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_user_search(api_client, social_account, social_account_factory):
     api_client.force_authenticate(user=social_account.user)
 
@@ -128,7 +128,7 @@ def test_user_search(api_client, social_account, social_account_factory):
     ).data == [serialize_social_account(social_account)]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_user_search_prefer_social(api_client, user_factory, social_account):
     api_client.force_authenticate(user=social_account.user)
 
@@ -149,7 +149,7 @@ def test_user_search_prefer_social(api_client, user_factory, social_account):
     ).data == [user_to_dict(user)]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_user_search_blank_username(api_client, user):
     api_client.force_authenticate(user=user)
 
@@ -163,7 +163,7 @@ def test_user_search_blank_username(api_client, user):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_user_search_no_matches(api_client, user):
     api_client.force_authenticate(user=user)
 
@@ -177,7 +177,7 @@ def test_user_search_no_matches(api_client, user):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_user_search_multiple_matches(api_client, user, user_factory, social_account_factory):
     api_client.force_authenticate(user=user)
 
@@ -200,7 +200,7 @@ def test_user_search_multiple_matches(api_client, user, user_factory, social_acc
     ).data == [serialize_social_account(social_account) for social_account in social_accounts[:3]]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_user_search_limit_enforced(api_client, user, user_factory, social_account_factory):
     api_client.force_authenticate(user=user)
 
@@ -217,7 +217,7 @@ def test_user_search_limit_enforced(api_client, user, user_factory, social_accou
     ]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_user_search_extra_data(api_client, user, social_account, social_account_factory):
     """Test that searched keyword isn't caught by a different field in `extra_data`."""
     api_client.force_authenticate(user=user)
@@ -279,7 +279,7 @@ def test_user_search_extra_data(api_client, user, social_account, social_account
         ),
     ],
 )
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_user_status(
     api_client: APIClient,
     user: User,
@@ -312,7 +312,7 @@ def test_user_status(
     assert response.data == expected_search_results_value
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 @pytest.mark.parametrize(
     ('questions', 'querystring', 'expected_status_code'),
     [
@@ -334,7 +334,7 @@ def test_user_questionnaire_view(
         assertContains(resp, question['question'])
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 @pytest.mark.parametrize(
     ('email', 'expected_status'),
     [
diff --git a/dandiapi/api/tests/test_version.py b/dandiapi/api/tests/test_version.py
index 08b615ebc..ffeab68f6 100644
--- a/dandiapi/api/tests/test_version.py
+++ b/dandiapi/api/tests/test_version.py
@@ -27,7 +27,7 @@
 from .fuzzy import TIMESTAMP_RE, URN_RE, UTC_ISO_TIMESTAMP_RE, VERSION_ID_RE
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_next_published_version_nosave(dandiset):
     # Without saving, the output should be reproducible
     version_str_1 = Version.next_published_version(dandiset)
@@ -36,7 +36,7 @@ def test_version_next_published_version_nosave(dandiset):
     assert version_str_1 == VERSION_ID_RE
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_next_published_version_save(mocker, dandiset, published_version_factory):
     # Given an existing version at the current time, a different one should be allocated
     next_published_version_spy = mocker.spy(Version, 'next_published_version')
@@ -47,7 +47,7 @@ def test_version_next_published_version_save(mocker, dandiset, published_version
     assert version_1.version != version_str_2
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_next_published_version_simultaneous_save(
     dandiset_factory,
     published_version_factory,
@@ -63,7 +63,7 @@ def test_version_next_published_version_simultaneous_save(
     assert version_1.version == version_2.version
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_draft_version_metadata_computed(draft_version: Version):
     original_metadata = {'schemaVersion': settings.DANDI_SCHEMA_VERSION}
     draft_version.metadata = original_metadata
@@ -99,7 +99,7 @@ def test_draft_version_metadata_computed(draft_version: Version):
     assert draft_version.metadata == expected_metadata
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_published_version_metadata_computed(published_version: Version):
     original_metadata = {'schemaVersion': settings.DANDI_SCHEMA_VERSION}
     published_version.metadata = original_metadata
@@ -143,7 +143,7 @@ def test_published_version_metadata_computed(published_version: Version):
     assert published_version.metadata == expected_metadata
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_metadata_citation_draft(draft_version):
     name = draft_version.metadata['name'].rstrip('.')
     year = datetime.datetime.now(datetime.UTC).year
@@ -157,7 +157,7 @@ def test_version_metadata_citation_draft(draft_version):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_metadata_citation_published(published_version):
     name = published_version.metadata['name'].rstrip('.')
     year = datetime.datetime.now(datetime.UTC).year
@@ -168,7 +168,7 @@ def test_version_metadata_citation_published(published_version):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_metadata_citation_no_contributors(version):
     version.metadata['contributor'] = []
     version.save()
@@ -180,7 +180,7 @@ def test_version_metadata_citation_no_contributors(version):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_metadata_citation_contributor_not_in_citation(version):
     version.metadata['contributor'] = [
         {'name': 'Jane Doe'},
@@ -195,7 +195,7 @@ def test_version_metadata_citation_contributor_not_in_citation(version):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_metadata_citation_contributor(version):
     version.metadata['contributor'] = [{'name': 'Doe, Jane', 'includeInCitation': True}]
     version.save()
@@ -207,7 +207,7 @@ def test_version_metadata_citation_contributor(version):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_metadata_citation_multiple_contributors(version):
     version.metadata['contributor'] = [
         {'name': 'John Doe', 'includeInCitation': True},
@@ -223,7 +223,7 @@ def test_version_metadata_citation_multiple_contributors(version):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_metadata_context(version):
     version.metadata['schemaVersion'] = '6.6.6'
     version.save()
@@ -233,7 +233,7 @@ def test_version_metadata_context(version):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_metadata_assets_summary_missing(version, asset):
     version.assets.add(asset)
 
@@ -241,7 +241,7 @@ def test_version_metadata_assets_summary_missing(version, asset):
     version.save()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_aggregate_assets_summary_valid_assets(draft_version, draft_asset_factory):
     valid_asset = draft_asset_factory(status=Asset.Status.VALID)
     invalid_asset = draft_asset_factory(status=Asset.Status.INVALID)
@@ -251,7 +251,7 @@ def test_version_aggregate_assets_summary_valid_assets(draft_version, draft_asse
     assert draft_version.metadata['assetsSummary']['numberOfFiles'] == 1
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_valid_with_valid_asset(version, asset):
     version.assets.add(asset)
 
@@ -263,7 +263,7 @@ def test_version_valid_with_valid_asset(version, asset):
     assert version.publishable
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 @pytest.mark.parametrize(
     'status',
     [
@@ -279,7 +279,7 @@ def test_version_invalid(version, status):
     assert not version.publishable
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 @pytest.mark.parametrize(
     'status',
     [
@@ -300,7 +300,7 @@ def test_version_valid_with_invalid_asset(version, asset, status):
     assert not version.publishable
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_publish_version(draft_version, asset):
     # Normally the publish endpoint would inject a doi, so we must do it manually
     fake_doi = 'doi'
@@ -356,7 +356,7 @@ def test_version_publish_version(draft_version, asset):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_aggregate_assets_summary(draft_version_factory, draft_asset_factory):
     version = draft_version_factory(status=Version.Status.VALID)
     asset = draft_asset_factory(status=Asset.Status.VALID)
@@ -370,7 +370,7 @@ def test_version_aggregate_assets_summary(draft_version_factory, draft_asset_fac
     assert version.metadata['assetsSummary']['schemaKey'] == 'AssetsSummary'
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_aggregate_assets_summary_metadata_modified(
     draft_version_factory, draft_asset_factory
 ):
@@ -384,7 +384,7 @@ def test_version_aggregate_assets_summary_metadata_modified(
         version_aggregate_assets_summary(version)
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_size(
     version,
     asset_factory,
@@ -400,7 +400,7 @@ def test_version_size(
     assert version.size == 700
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_list(api_client, version, draft_version_factory):
     # Create an extra version so that there are multiple versions to filter down
     draft_version_factory()
@@ -430,7 +430,7 @@ def test_version_rest_list(api_client, version, draft_version_factory):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_retrieve(api_client, version, draft_version_factory):
     # Create an extra version so that there are multiple versions to filter down
     draft_version_factory()
@@ -443,7 +443,7 @@ def test_version_rest_retrieve(api_client, version, draft_version_factory):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_info(api_client, version):
     assert api_client.get(
         f'/api/dandisets/{version.dandiset.identifier}/versions/{version.version}/info/'
@@ -469,7 +469,7 @@ def test_version_rest_info(api_client, version):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 @pytest.mark.parametrize(
     'asset_status',
     [Asset.Status.PENDING, Asset.Status.VALIDATING, Asset.Status.VALID, Asset.Status.INVALID],
@@ -519,7 +519,7 @@ def test_version_rest_info_with_asset(
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_update(api_client, user, draft_version):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -605,7 +605,7 @@ def test_version_rest_update(api_client, user, draft_version):
     assert draft_version.status == Version.Status.PENDING
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_update_unembargo_in_progress(api_client, user, draft_version_factory):
     draft_version = draft_version_factory(
         dandiset__embargo_status=Dandiset.EmbargoStatus.UNEMBARGOING
@@ -631,7 +631,7 @@ def test_version_rest_update_unembargo_in_progress(api_client, user, draft_versi
     assert resp.status_code == 400
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_update_published_version(api_client, user, published_version):
     assign_perm('owner', user, published_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -649,7 +649,7 @@ def test_version_rest_update_published_version(api_client, user, published_versi
     assert resp.data == 'Only draft versions can be modified.'
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_update_not_an_owner(api_client, user, version):
     api_client.force_authenticate(user=user)
 
@@ -678,7 +678,7 @@ def test_version_rest_update_not_an_owner(api_client, user, version):
         [{'schemaKey': 'AccessRequirements', 'status': 'foobar'}],
     ],
 )
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_update_access_values(api_client, user, draft_version, access):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -702,7 +702,7 @@ def test_version_rest_update_access_values(api_client, user, draft_version, acce
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_update_access_missing(api_client, user, draft_version):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -728,7 +728,7 @@ def test_version_rest_update_access_missing(api_client, user, draft_version):
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_update_access_valid(api_client, user, draft_version):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -754,7 +754,7 @@ def test_version_rest_update_access_valid(api_client, user, draft_version):
     assert access[0]['extra'] == 'field'
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_publish(
     api_client: APIClient,
     user: User,
@@ -788,7 +788,7 @@ def test_version_rest_publish(
     assert draft_version.status == Version.Status.PUBLISHING
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_publish_embargo(api_client: APIClient, user: User, draft_version_factory):
     draft_version = draft_version_factory(dandiset__embargo_status=Dandiset.EmbargoStatus.EMBARGOED)
     assign_perm('owner', user, draft_version.dandiset)
@@ -801,7 +801,7 @@ def test_version_rest_publish_embargo(api_client: APIClient, user: User, draft_v
     assert resp.status_code == 400
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_publish_unembargo_in_progress(
     api_client: APIClient, user: User, draft_version_factory
 ):
@@ -818,7 +818,7 @@ def test_version_rest_publish_unembargo_in_progress(
     assert resp.status_code == 400
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_publish_zarr(
     api_client,
     user: User,
@@ -856,7 +856,7 @@ def test_version_rest_publish_zarr(
     assert resp.json() == 'Cannot publish dandisets which contain zarrs'
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_publish_not_an_owner(api_client, user, version, asset):
     api_client.force_authenticate(user=user)
     version.assets.add(asset)
@@ -867,7 +867,7 @@ def test_version_rest_publish_not_an_owner(api_client, user, version, asset):
     assert resp.status_code == 403
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_publish_not_a_draft(api_client, user, published_version, asset):
     assign_perm('owner', user, published_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -880,7 +880,7 @@ def test_version_rest_publish_not_a_draft(api_client, user, published_version, a
     assert resp.status_code == 405
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 @pytest.mark.parametrize(
     ('status', 'expected_data', 'expected_status_code'),
     [
@@ -923,7 +923,7 @@ def test_version_rest_publish_invalid(
     assert resp.data == expected_data
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_update_no_changed_metadata(
     api_client: APIClient, admin_user, draft_version: Version
 ):
@@ -945,7 +945,7 @@ def test_version_rest_update_no_changed_metadata(
     assert draft_version.modified == old_modified_time
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_delete_published_not_admin(api_client, user, published_version):
     assign_perm('owner', user, published_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -958,7 +958,7 @@ def test_version_rest_delete_published_not_admin(api_client, user, published_ver
     assert published_version in Version.objects.all()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_delete_published_admin(api_client, admin_user, published_version):
     api_client.force_authenticate(user=admin_user)
     response = api_client.delete(
@@ -969,7 +969,7 @@ def test_version_rest_delete_published_admin(api_client, admin_user, published_v
     assert not Version.objects.all()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_delete_draft_not_admin(api_client, user, draft_version):
     assign_perm('owner', user, draft_version.dandiset)
     api_client.force_authenticate(user=user)
@@ -981,7 +981,7 @@ def test_version_rest_delete_draft_not_admin(api_client, user, draft_version):
     assert draft_version in Version.objects.all()
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_version_rest_delete_draft_admin(api_client, admin_user, draft_version):
     api_client.force_authenticate(user=admin_user)
     response = api_client.delete(
diff --git a/dandiapi/conftest.py b/dandiapi/conftest.py
index 50a6a2a65..ce8826796 100644
--- a/dandiapi/conftest.py
+++ b/dandiapi/conftest.py
@@ -50,12 +50,12 @@
 
 
 # Register zarr file/directory factories
-@pytest.fixture()
+@pytest.fixture
 def zarr_file_factory():
     return upload_zarr_file
 
 
-@pytest.fixture()
+@pytest.fixture
 def user(user_factory):
     """Override the default `user` fixture to use our `UserFactory` so `UserMetadata` works."""
     return user_factory()
@@ -66,7 +66,7 @@ def asset_factory(request):
     return request.param
 
 
-@pytest.fixture()
+@pytest.fixture
 def asset(asset_factory):
     return asset_factory()
 
@@ -76,12 +76,12 @@ def version(request):
     return request.param()
 
 
-@pytest.fixture()
+@pytest.fixture
 def api_client() -> APIClient:
     return APIClient()
 
 
-@pytest.fixture()
+@pytest.fixture
 def authenticated_api_client(user) -> APIClient:
     client = APIClient()
     client.force_authenticate(user=user)
@@ -107,12 +107,12 @@ def minio_storage_factory() -> MinioStorage:
     return base_minio_storage_factory(settings.DANDI_DANDISETS_BUCKET_NAME)
 
 
-@pytest.fixture()
+@pytest.fixture
 def s3_storage() -> S3Storage:
     return s3_storage_factory()
 
 
-@pytest.fixture()
+@pytest.fixture
 def minio_storage() -> MinioStorage:
     return minio_storage_factory()
 
diff --git a/dandiapi/search/tests/test_permissions.py b/dandiapi/search/tests/test_permissions.py
index 1de98f343..6117b9fdc 100644
--- a/dandiapi/search/tests/test_permissions.py
+++ b/dandiapi/search/tests/test_permissions.py
@@ -7,7 +7,7 @@
 from dandiapi.search.models import AssetSearch
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_assetsearch_visible_to_permissions(draft_asset_factory, draft_version, user_factory):
     asset = draft_asset_factory()
     draft_version.dandiset.embargo_status = Dandiset.EmbargoStatus.EMBARGOED
diff --git a/dandiapi/search/tests/test_views.py b/dandiapi/search/tests/test_views.py
index 5f777d765..6e8ce0a28 100644
--- a/dandiapi/search/tests/test_views.py
+++ b/dandiapi/search/tests/test_views.py
@@ -8,13 +8,13 @@
     from rest_framework.test import APIClient
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_genotype_autocomplete_rest(api_client: APIClient) -> None:
     resp = api_client.get('/api/search/genotypes/')
     assert resp.status_code == 200
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_species_autocomplete_rest(api_client: APIClient) -> None:
     resp = api_client.get('/api/search/species/')
     assert resp.status_code == 200
diff --git a/dandiapi/zarr/tests/test_zarr.py b/dandiapi/zarr/tests/test_zarr.py
index 93c91b728..5a0a886ff 100644
--- a/dandiapi/zarr/tests/test_zarr.py
+++ b/dandiapi/zarr/tests/test_zarr.py
@@ -11,7 +11,7 @@
 from dandiapi.zarr.tasks import ingest_zarr_archive
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_create(authenticated_api_client, user, dandiset):
     assign_perm('owner', user, dandiset)
     name = 'My Zarr File!'
@@ -39,7 +39,7 @@ def test_zarr_rest_create(authenticated_api_client, user, dandiset):
     assert zarr_archive.name == name
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_dandiset_malformed(authenticated_api_client, user, dandiset):
     assign_perm('owner', user, dandiset)
     resp = authenticated_api_client.post(
@@ -54,7 +54,7 @@ def test_zarr_rest_dandiset_malformed(authenticated_api_client, user, dandiset):
     assert resp.json() == {'dandiset': ['This value does not match the required pattern.']}
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_create_not_an_owner(authenticated_api_client, zarr_archive):
     resp = authenticated_api_client.post(
         '/api/zarr/',
@@ -67,7 +67,7 @@ def test_zarr_rest_create_not_an_owner(authenticated_api_client, zarr_archive):
     assert resp.status_code == 403
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_create_duplicate(authenticated_api_client, user, zarr_archive):
     assign_perm('owner', user, zarr_archive.dandiset)
     resp = authenticated_api_client.post(
@@ -82,7 +82,7 @@ def test_zarr_rest_create_duplicate(authenticated_api_client, user, zarr_archive
     assert resp.json() == ['Zarr already exists']
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_create_embargoed_dandiset(
     authenticated_api_client,
     user,
@@ -103,7 +103,7 @@ def test_zarr_rest_create_embargoed_dandiset(
     assert resp.json() == ['Cannot add zarr to embargoed dandiset']
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_get(authenticated_api_client, storage, zarr_archive_factory, zarr_file_factory):
     # Pretend like ZarrArchive was defined with the given storage
     ZarrArchive.storage = storage
@@ -128,7 +128,7 @@ def test_zarr_rest_get(authenticated_api_client, storage, zarr_archive_factory,
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_list_filter(authenticated_api_client, dandiset_factory, zarr_archive_factory):
     # Create dandisets and zarrs
     dandiset_a: Dandiset = dandiset_factory()
@@ -171,7 +171,7 @@ def test_zarr_rest_list_filter(authenticated_api_client, dandiset_factory, zarr_
     assert results[0]['zarr_id'] == zarr_archive_b_a.zarr_id
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_get_very_big(authenticated_api_client, zarr_archive_factory):
     ten_quadrillion = 10**16
     ten_petabytes = 10**16
@@ -193,7 +193,7 @@ def test_zarr_rest_get_very_big(authenticated_api_client, zarr_archive_factory):
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_get_empty(authenticated_api_client, zarr_archive: ZarrArchive):
     resp = authenticated_api_client.get(f'/api/zarr/{zarr_archive.zarr_id}/')
     assert resp.status_code == 200
@@ -208,7 +208,7 @@ def test_zarr_rest_get_empty(authenticated_api_client, zarr_archive: ZarrArchive
     }
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_delete_file(
     authenticated_api_client,
     user,
@@ -257,7 +257,7 @@ def test_zarr_rest_delete_file(
     assert zarr_archive.size == 0
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_delete_file_asset_metadata(
     authenticated_api_client,
     user,
@@ -299,7 +299,7 @@ def test_zarr_rest_delete_file_asset_metadata(
     assert asset.full_metadata['contentSize'] == 0
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_delete_file_not_an_owner(
     authenticated_api_client, storage, zarr_archive: ZarrArchive, zarr_file_factory
 ):
@@ -313,7 +313,7 @@ def test_zarr_rest_delete_file_not_an_owner(
     assert resp.status_code == 403
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_delete_multiple_files(
     authenticated_api_client,
     user,
@@ -344,7 +344,7 @@ def test_zarr_rest_delete_multiple_files(
     assert zarr_archive.size == 0
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_delete_missing_file(
     authenticated_api_client,
     user,
@@ -382,7 +382,7 @@ def test_zarr_rest_delete_missing_file(
     assert zarr_archive.size == zarr_file.size
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_file_list(api_client, storage, zarr_archive: ZarrArchive, zarr_file_factory):
     # Pretend like ZarrArchive was defined with the given storage
     ZarrArchive.storage = storage
@@ -438,7 +438,7 @@ def test_zarr_file_list(api_client, storage, zarr_archive: ZarrArchive, zarr_fil
     )
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_explore_head(api_client, storage, zarr_archive: ZarrArchive):
     # Pretend like ZarrArchive was defined with the given storage
     ZarrArchive.storage = storage
diff --git a/dandiapi/zarr/tests/test_zarr_upload.py b/dandiapi/zarr/tests/test_zarr_upload.py
index fbb29ddc1..83b0a4697 100644
--- a/dandiapi/zarr/tests/test_zarr_upload.py
+++ b/dandiapi/zarr/tests/test_zarr_upload.py
@@ -8,7 +8,7 @@
 from dandiapi.zarr.models import ZarrArchive, ZarrArchiveStatus
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_upload_start(
     authenticated_api_client, user, zarr_archive: ZarrArchive, storage, monkeypatch
 ):
@@ -50,7 +50,7 @@ def test_zarr_rest_upload_start(
     assert resp.json() == [HTTP_URL_RE]
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_upload_start_not_an_owner(authenticated_api_client, zarr_archive: ZarrArchive):
     resp = authenticated_api_client.post(
         f'/api/zarr/{zarr_archive.zarr_id}/files/',
@@ -60,7 +60,7 @@ def test_zarr_rest_upload_start_not_an_owner(authenticated_api_client, zarr_arch
     assert resp.status_code == 403
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_finalize(
     authenticated_api_client,
     user,
@@ -87,13 +87,13 @@ def test_zarr_rest_finalize(
     assert zarr_archive.status == ZarrArchiveStatus.COMPLETE
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_finalize_not_an_owner(authenticated_api_client, zarr_archive: ZarrArchive):
     resp = authenticated_api_client.post(f'/api/zarr/{zarr_archive.zarr_id}/finalize/')
     assert resp.status_code == 403
 
 
-@pytest.mark.django_db()
+@pytest.mark.django_db
 def test_zarr_rest_finalize_already_ingested(
     authenticated_api_client, user, zarr_archive: ZarrArchive
 ):

From bae575dc34404f719ebaaa713067006dfa2b0c5f Mon Sep 17 00:00:00 2001
From: Dan LaManna <dan.lamanna@kitware.com>
Date: Tue, 20 Aug 2024 13:13:53 -0400
Subject: [PATCH 122/131] Respond with 409 when creating duplicate asset blobs

---
 dandiapi/api/tests/test_upload.py | 32 ++++++-------------------------
 dandiapi/api/views/upload.py      | 27 ++++++++++++++------------
 2 files changed, 21 insertions(+), 38 deletions(-)

diff --git a/dandiapi/api/tests/test_upload.py b/dandiapi/api/tests/test_upload.py
index 11a85e9a6..8e6eaa462 100644
--- a/dandiapi/api/tests/test_upload.py
+++ b/dandiapi/api/tests/test_upload.py
@@ -524,16 +524,10 @@ def test_upload_validate_wrong_etag(api_client, user, upload):
 def test_upload_validate_existing_assetblob(api_client, user, upload, asset_blob_factory):
     api_client.force_authenticate(user=user)
 
-    asset_blob = asset_blob_factory(etag=upload.etag, size=upload.size)
+    asset_blob_factory(etag=upload.etag, size=upload.size)
 
     resp = api_client.post(f'/api/uploads/{upload.upload_id}/validate/')
-    assert resp.status_code == 200
-    assert resp.data == {
-        'blob_id': str(asset_blob.blob_id),
-        'etag': asset_blob.etag,
-        'sha256': asset_blob.sha256,
-        'size': asset_blob.size,
-    }
+    assert resp.status_code == 409
 
     assert AssetBlob.objects.all().count() == 1
     assert not Upload.objects.all().exists()
@@ -549,16 +543,10 @@ def test_upload_validate_embargo_existing_assetblob(
     embargoed_upload = embargoed_upload_factory(dandiset=dandiset)
 
     # The upload should recognize this preexisting AssetBlob and use it instead
-    asset_blob = asset_blob_factory(etag=embargoed_upload.etag, size=embargoed_upload.size)
+    asset_blob_factory(etag=embargoed_upload.etag, size=embargoed_upload.size)
 
     resp = api_client.post(f'/api/uploads/{embargoed_upload.upload_id}/validate/')
-    assert resp.status_code == 200
-    assert resp.data == {
-        'blob_id': str(asset_blob.blob_id),
-        'etag': asset_blob.etag,
-        'sha256': asset_blob.sha256,
-        'size': asset_blob.size,
-    }
+    assert resp.status_code == 409
 
     assert AssetBlob.objects.all().count() == 1
 
@@ -574,17 +562,9 @@ def test_upload_validate_embargo_existing_embargoed_assetblob(
 
     # The upload should recognize this preexisting embargoed AssetBlob and use it instead
     # This only works because the embargoed asset blob belongs to the same dandiset
-    embargoed_asset_blob = embargoed_asset_blob_factory(
-        etag=embargoed_upload.etag, size=embargoed_upload.size
-    )
+    embargoed_asset_blob_factory(etag=embargoed_upload.etag, size=embargoed_upload.size)
 
     resp = api_client.post(f'/api/uploads/{embargoed_upload.upload_id}/validate/')
-    assert resp.status_code == 200
-    assert resp.data == {
-        'blob_id': str(embargoed_asset_blob.blob_id),
-        'etag': embargoed_asset_blob.etag,
-        'sha256': embargoed_asset_blob.sha256,
-        'size': embargoed_asset_blob.size,
-    }
+    assert resp.status_code == 409
 
     assert AssetBlob.objects.all().count() == 1
diff --git a/dandiapi/api/views/upload.py b/dandiapi/api/views/upload.py
index 433195716..ab4c11a1c 100644
--- a/dandiapi/api/views/upload.py
+++ b/dandiapi/api/views/upload.py
@@ -240,23 +240,26 @@ def upload_validate_view(request: Request, upload_id: str) -> HttpResponseBase:
             f'ETag {upload.etag} does not match actual ETag {upload.actual_etag()}.'
         )
 
-    # Use a transaction here so we can use select_for_update to lock the DB rows to avoid
-    # a race condition where two clients are uploading the same blob at the same time.
-    # This also ensures that the minting of the new AssetBlob and deletion of the Upload
-    # is an atomic operation.
     with transaction.atomic():
-        try:
-            # Perhaps another upload completed before this one and has already created an AssetBlob.
-            asset_blob = AssetBlob.objects.select_for_update(no_key=True).get(
-                etag=upload.etag, size=upload.size
-            )
-        except AssetBlob.DoesNotExist:
-            asset_blob = upload.to_asset_blob()
-            asset_blob.save()
+        # Avoid a race condition where two clients are uploading the same blob at the same time.
+        asset_blob, created = AssetBlob.objects.get_or_create(
+            etag=upload.etag,
+            size=upload.size,
+            defaults={
+                'embargoed': upload.embargoed,
+                'blob_id': upload.upload_id,
+                'blob': upload.blob,
+            },
+        )
 
         # Clean up the upload
         upload.delete()
 
+    if not created:
+        return Response(
+            'An identical blob has already been uploaded.', status=status.HTTP_409_CONFLICT
+        )
+
     # Start calculating the sha256 in the background
     calculate_sha256.delay(asset_blob.blob_id)
 

From 1ce8a9174a14baf82ea98f71624058be8424112c Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Tue, 27 Aug 2024 00:56:43 +0000
Subject: [PATCH 123/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index effd1a577..a6881ea6a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,24 @@
+# v0.3.95 (Tue Aug 27 2024)
+
+#### 🐛 Bug Fix
+
+- Respond with 409 when creating duplicate asset blobs [#2011](https://github.com/dandi/dandi-archive/pull/2011) ([@danlamanna](https://github.com/danlamanna))
+- Apply new `ruff` rules [#2009](https://github.com/dandi/dandi-archive/pull/2009) ([@mvandenburgh](https://github.com/mvandenburgh))
+- Add Neurosift service for AVI files [#1983](https://github.com/dandi/dandi-archive/pull/1983) ([@magland](https://github.com/magland))
+
+#### 🏠 Internal
+
+- [gh-actions](deps): Bump actions/add-to-project from 0.6.0 to 1.0.2 [#1962](https://github.com/dandi/dandi-archive/pull/1962) ([@dependabot[bot]](https://github.com/dependabot[bot]))
+
+#### Authors: 4
+
+- [@dependabot[bot]](https://github.com/dependabot[bot])
+- Dan LaManna ([@danlamanna](https://github.com/danlamanna))
+- Jeremy Magland ([@magland](https://github.com/magland))
+- Mike VanDenburgh ([@mvandenburgh](https://github.com/mvandenburgh))
+
+---
+
 # v0.3.94 (Fri Aug 16 2024)
 
 #### 🐛 Bug Fix

From dd9f7f6d3e145c2589f01fde5aacde132401b5ec Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Wed, 28 Aug 2024 11:39:17 -0400
Subject: [PATCH 124/131] Also show (list) zarr for Assets view

ATM shows only blobs, so to get to zarr requires 2 clicks.
As long as we have zarr as valuable as blob, we better list both
---
 dandiapi/api/admin.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dandiapi/api/admin.py b/dandiapi/api/admin.py
index 0a7060d22..f7fbbf62f 100644
--- a/dandiapi/api/admin.py
+++ b/dandiapi/api/admin.py
@@ -216,6 +216,7 @@ class AssetAdmin(admin.ModelAdmin):
         'asset_id',
         'path',
         'blob',
+        'zarr',
         'status',
         'size',
         'modified',

From e52c816e80bea95f313b1fe45523d67240b0d4e3 Mon Sep 17 00:00:00 2001
From: Dan LaManna <dan.lamanna@kitware.com>
Date: Mon, 9 Sep 2024 16:51:27 -0400
Subject: [PATCH 125/131] Use bulk_update for updating blob download counts

---
 dandiapi/analytics/tasks/__init__.py | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/dandiapi/analytics/tasks/__init__.py b/dandiapi/analytics/tasks/__init__.py
index 1e1ba3d16..3314bc305 100644
--- a/dandiapi/analytics/tasks/__init__.py
+++ b/dandiapi/analytics/tasks/__init__.py
@@ -10,6 +10,7 @@
 from django.db.models.aggregates import Max
 from django.db.models.expressions import F
 from django.db.utils import IntegrityError
+from more_itertools import batched
 from s3logparse import s3logparse
 
 from dandiapi.analytics.models import ProcessedS3Log
@@ -80,10 +81,19 @@ def process_s3_log_file_task(s3_log_key: str) -> None:
                 logger.info('Already processed log file %s', s3_log_key)
             return
 
+        # we need to store all of the fully hydrated blob objects in memory in order to use
+        # bulk_update, but this turns out to not be very costly. 1,000 blobs use about ~8kb
+        # of memory.
+        asset_blobs = []
+
+        # batch the blob queries to avoid a large WHERE IN clause
+        for batch in batched(download_counts, 1_000):
+            asset_blobs += AssetBlob.objects.filter(blob__in=batch)
+
+        for asset_blob in asset_blobs:
+            asset_blob.download_count = F('download_count') + download_counts[asset_blob.blob]
+
         # note this task is run serially per log file. this is to avoid the contention between
         # multiple log files trying to update the same blobs. this serialization is enforced through
         # the task queue configuration.
-        for blob, download_count in download_counts.items():
-            AssetBlob.objects.filter(blob=blob).update(
-                download_count=F('download_count') + download_count
-            )
+        AssetBlob.objects.bulk_update(asset_blobs, ['download_count'], batch_size=1_000)

From ba8fd69343c867ccff25c29a97a51d917f368cfb Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Mon, 9 Sep 2024 21:29:36 +0000
Subject: [PATCH 126/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a6881ea6a..aad8fe5d0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,15 @@
+# v0.3.96 (Mon Sep 09 2024)
+
+#### 🐛 Bug Fix
+
+- Use bulk_update for updating blob download counts [#2025](https://github.com/dandi/dandi-archive/pull/2025) ([@danlamanna](https://github.com/danlamanna))
+
+#### Authors: 1
+
+- Dan LaManna ([@danlamanna](https://github.com/danlamanna))
+
+---
+
 # v0.3.95 (Tue Aug 27 2024)
 
 #### 🐛 Bug Fix

From 1368f3767aaabe1ce05e430a57d08b105011a3ee Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Tue, 27 Aug 2024 12:30:50 -0400
Subject: [PATCH 127/131] Disable GUI unembargo button if there are active
 uploads

---
 dandiapi/api/models/version.py                          | 4 ++++
 dandiapi/api/tests/test_dandiset.py                     | 4 ++++
 dandiapi/api/tests/test_version.py                      | 4 ++++
 dandiapi/api/views/serializers.py                       | 1 +
 web/src/types/index.ts                                  | 1 +
 web/src/views/DandisetLandingView/DandisetUnembargo.vue | 6 ++++--
 6 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/dandiapi/api/models/version.py b/dandiapi/api/models/version.py
index a5767b7ec..c134b7285 100644
--- a/dandiapi/api/models/version.py
+++ b/dandiapi/api/models/version.py
@@ -71,6 +71,10 @@ def size(self):
             or 0
         )
 
+    @property
+    def active_uploads(self):
+        return self.dandiset.uploads.count() if self.version == 'draft' else 0
+
     @property
     def publishable(self) -> bool:
         if self.status != Version.Status.VALID:
diff --git a/dandiapi/api/tests/test_dandiset.py b/dandiapi/api/tests/test_dandiset.py
index 06ac8b807..1dbf86355 100644
--- a/dandiapi/api/tests/test_dandiset.py
+++ b/dandiapi/api/tests/test_dandiset.py
@@ -343,6 +343,7 @@ def test_dandiset_rest_create(api_client, user):
             'version': 'draft',
             'name': name,
             'asset_count': 0,
+            'active_uploads': 0,
             'size': 0,
             'dandiset': {
                 'identifier': DANDISET_ID_RE,
@@ -436,6 +437,7 @@ def test_dandiset_rest_create_with_identifier(api_client, admin_user):
             'version': 'draft',
             'name': name,
             'asset_count': 0,
+            'active_uploads': 0,
             'size': 0,
             'dandiset': {
                 'identifier': identifier,
@@ -543,6 +545,7 @@ def test_dandiset_rest_create_with_contributor(api_client, admin_user):
             'version': 'draft',
             'name': name,
             'asset_count': 0,
+            'active_uploads': 0,
             'size': 0,
             'dandiset': {
                 'identifier': identifier,
@@ -633,6 +636,7 @@ def test_dandiset_rest_create_embargoed(api_client, user):
             'version': 'draft',
             'name': name,
             'asset_count': 0,
+            'active_uploads': 0,
             'size': 0,
             'dandiset': {
                 'identifier': DANDISET_ID_RE,
diff --git a/dandiapi/api/tests/test_version.py b/dandiapi/api/tests/test_version.py
index ffeab68f6..a85445164 100644
--- a/dandiapi/api/tests/test_version.py
+++ b/dandiapi/api/tests/test_version.py
@@ -423,6 +423,7 @@ def test_version_rest_list(api_client, version, draft_version_factory):
                 'created': TIMESTAMP_RE,
                 'modified': TIMESTAMP_RE,
                 'asset_count': 0,
+                'active_uploads': 0,
                 'size': 0,
                 'status': 'Pending',
             }
@@ -460,6 +461,7 @@ def test_version_rest_info(api_client, version):
         'created': TIMESTAMP_RE,
         'modified': TIMESTAMP_RE,
         'asset_count': 0,
+        'active_uploads': 0,
         'metadata': version.metadata,
         'size': version.size,
         'status': 'Pending',
@@ -510,6 +512,7 @@ def test_version_rest_info_with_asset(
         'created': TIMESTAMP_RE,
         'modified': TIMESTAMP_RE,
         'asset_count': 1,
+        'active_uploads': 0,
         'metadata': version.metadata,
         'size': version.size,
         'status': Asset.Status.VALID,
@@ -586,6 +589,7 @@ def test_version_rest_update(api_client, user, draft_version):
         'created': TIMESTAMP_RE,
         'modified': TIMESTAMP_RE,
         'asset_count': draft_version.asset_count,
+        'active_uploads': draft_version.active_uploads,
         'metadata': saved_metadata,
         'size': draft_version.size,
         'status': 'Pending',
diff --git a/dandiapi/api/views/serializers.py b/dandiapi/api/views/serializers.py
index 3f96c37b9..fb9ff03a0 100644
--- a/dandiapi/api/views/serializers.py
+++ b/dandiapi/api/views/serializers.py
@@ -88,6 +88,7 @@ class Meta:
             'version',
             'name',
             'asset_count',
+            'active_uploads',
             'size',
             'status',
             'created',
diff --git a/web/src/types/index.ts b/web/src/types/index.ts
index 1e2f9b384..7e6caaf69 100644
--- a/web/src/types/index.ts
+++ b/web/src/types/index.ts
@@ -38,6 +38,7 @@ export interface Version {
   version: string,
   name: string,
   asset_count: number,
+  active_uploads: number
   size: number,
   status: 'Pending' | 'Validating' | 'Valid' | 'Invalid' | 'Published',
   validation_error?: string,
diff --git a/web/src/views/DandisetLandingView/DandisetUnembargo.vue b/web/src/views/DandisetLandingView/DandisetUnembargo.vue
index e1fbfc520..d7d7cfe42 100644
--- a/web/src/views/DandisetLandingView/DandisetUnembargo.vue
+++ b/web/src/views/DandisetLandingView/DandisetUnembargo.vue
@@ -65,7 +65,7 @@
     >
       <v-tooltip
         left
-        :disabled="!unembargo_in_progress"
+        :disabled="!unembargoDisabled"
       >
         <template #activator="{ on }">
           <div
@@ -77,7 +77,7 @@
               block
               color="info"
               depressed
-              :disabled="unembargo_in_progress"
+              :disabled="unembargoDisabled"
               @click="unembargo()"
             >
               {{ unembargo_in_progress ? 'Unembargoing' : 'Unembargo' }}
@@ -87,6 +87,7 @@
           </div>
         </template>
         <span v-if="unembargo_in_progress">This dandiset is being unembargoed, please wait.</span>
+        <span v-else-if="currentDandiset.active_uploads">This dandiset has active uploads. Please complete or clear these uploads before proceeding.</span>
       </v-tooltip>
     </v-row>
     <v-row>
@@ -127,6 +128,7 @@ const store = useDandisetStore();
 
 const currentDandiset = computed(() => store.dandiset);
 const unembargo_in_progress = computed(() => currentDandiset.value?.dandiset.embargo_status === 'UNEMBARGOING');
+const unembargoDisabled = computed(() => !!(unembargo_in_progress.value || currentDandiset.value === null || currentDandiset.value.active_uploads));
 const showWarningDialog = ref(false);
 const confirmationPhrase = ref('');
 

From 89fef074075f70a05838c8e58a7fe76d587bdb73 Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Tue, 10 Sep 2024 16:08:26 +0000
Subject: [PATCH 128/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index aad8fe5d0..1355d94a6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,15 @@
+# v0.3.97 (Tue Sep 10 2024)
+
+#### 🐛 Bug Fix
+
+- Disable GUI "Unembargo" button if there are active uploads [#2015](https://github.com/dandi/dandi-archive/pull/2015) ([@jjnesbitt](https://github.com/jjnesbitt))
+
+#### Authors: 1
+
+- Jacob Nesbitt ([@jjnesbitt](https://github.com/jjnesbitt))
+
+---
+
 # v0.3.96 (Mon Sep 09 2024)
 
 #### 🐛 Bug Fix

From 134c7b3009d7848415395674172dc234694b7016 Mon Sep 17 00:00:00 2001
From: Dan LaManna <dan.lamanna@kitware.com>
Date: Tue, 10 Sep 2024 12:08:44 -0400
Subject: [PATCH 129/131] Manually configure celery to retry connections on
 startup

---
 dandiapi/settings.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dandiapi/settings.py b/dandiapi/settings.py
index f2d1e0ef3..0e87dfc2d 100644
--- a/dandiapi/settings.py
+++ b/dandiapi/settings.py
@@ -113,6 +113,8 @@ def mutate_configuration(configuration: type[ComposedConfiguration]):
 
     # The CloudAMQP connection was dying, using the heartbeat should keep it alive
     CELERY_BROKER_HEARTBEAT = 20
+    # Retry connections in case rabbit isn't immediately running
+    CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP = True
 
     # Clearing out the stock `SWAGGER_SETTINGS` variable causes a Django login
     # button to appear in Swagger, along with a spurious "authorize" button that

From 5a1af01b0c1abd7fe145cec4297d57c21fa65848 Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Tue, 10 Sep 2024 16:13:58 +0000
Subject: [PATCH 130/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1355d94a6..3c1994213 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,15 @@
+# v0.3.98 (Tue Sep 10 2024)
+
+#### 🐛 Bug Fix
+
+- admin view: Also show (list) zarr for Assets view [#2017](https://github.com/dandi/dandi-archive/pull/2017) ([@yarikoptic](https://github.com/yarikoptic))
+
+#### Authors: 1
+
+- Yaroslav Halchenko ([@yarikoptic](https://github.com/yarikoptic))
+
+---
+
 # v0.3.97 (Tue Sep 10 2024)
 
 #### 🐛 Bug Fix

From 1f1bc0518c55df36ea7e6548f36938b3e7dda5c3 Mon Sep 17 00:00:00 2001
From: dandibot <dandibot@mit.edu>
Date: Tue, 10 Sep 2024 17:40:29 +0000
Subject: [PATCH 131/131] auto shipit - CHANGELOG.md etc

---
 CHANGELOG.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3c1994213..b40505585 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,15 @@
+# v0.3.99 (Tue Sep 10 2024)
+
+#### 🐛 Bug Fix
+
+- Manually configure celery to retry connections on startup [#2026](https://github.com/dandi/dandi-archive/pull/2026) ([@danlamanna](https://github.com/danlamanna))
+
+#### Authors: 1
+
+- Dan LaManna ([@danlamanna](https://github.com/danlamanna))
+
+---
+
 # v0.3.98 (Tue Sep 10 2024)
 
 #### 🐛 Bug Fix