-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
401 if an unauthorized user attempts to download a workflow restricted file #5921
Conversation
4e81246
to
f0a0ee0
Compare
…dora, since this seems to be required in order to verify whether it is in a workflow
Thank you for the work on this!
|
Thanks for the feedback. Would you be able to point me to an example of getting the FileSet only via a solr document? I'm guessing it is If I'm understanding the suggestion correctly, the code that checks for download permissions wasn't added in this PR ( |
@dlpierce After digging around with byebug, I can see that at this line:
So when
I'm struggling to figure out why the Is the relationship not available when getting the fileset and work via solr? This is with unchanged permissions to the work or user (although I did locally try explicitly changing the visibility, but it had no affect). |
I believe this is a case of the rspec expectation interfering with behavior. expect(ActiveFedora::Base).not_to receive(:find).with(file_set.id) does not set any response, and by default responds with nil. Howeverm tis is actually not the correct way to setup a message expectation. it 'retrieves the thumbnail without contacting Fedora' do
allow(ActiveFedora::Base).to receive(:find).and_call_original
get :show, params: { id: file_set, file: 'thumbnail' }
expect(ActiveFedora::Base).not_to have_received(:find).with(file_set.id)
end This will do what we want and pass, However, if you take out Going back to using the valkyrie compatible query would help with future compatibility, if it's not too much trouble? |
@dlpierce Anyway, I've switched back to using the valkyrie query approach I believe, let me know if its not what you intended. |
b99966d
to
5768d35
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you, looks good!
…d file (#5921) * Return 401s if an unauthorized user attempts to download a workflow restricted file * Add method for finding parent * Removed expectation that thumbnail be retrieved without contacting fedora, since this seems to be required in order to verify whether it is in a workflow * Use ActiveFedora::Base.where to find the FileSet to save trip to fedora * Move test into context where it should have permission, and remove no fedora calls test * Switch back to using valkyrie friendly lookup of fileset and parent * Make the lines super long to make rubocop happy
At fulcrum.org we discovered last week that this PR's changes are indeed hitting Fedora for every single thumbnail load, causing a massive performance hit on Works with many FileSets attached. When viewing 100 items per page, that's 100 hits to Fedora, the notoriously, terribly slow part of the stack that we all go out of our way to avoid touching with regularity! 😬 aside: others would presumably also take this hit on their catalog pages when showing thumbnails for Works. We just happen to use RIIIF for those thumbnails, thankfully, instead of the stock Looks like you guys were suspicious this would happen in the thread above but hoped it was a spec issue and so removed the spec that was meant to prevent this from happening. Possibly this happened in confusion over the course of the 7 commits or something. Not sure. Looks like a lot of thought was put into not hitting Fedora here. This is very easily tested in dev BTW if you just stop your Fedora server and load up a thumbnail download path in a browser. Works fine before the change to For anyone that can't deal with the performance hit until this is fixed, reverting |
Fixes #5913
I've confirmed this bug in 3.x and 2.x, and it was confirmed in nurax.
Files are currently downloadable by unauthorized users if they are restricted by a workflow and the user knows the download URL. See the issue for more details.
Changes proposed in this pull request:
workflow_restriction?
check of the FileSets parent to theauthorize_download!
method in DownloadsControllerGuidance for testing, such as acceptance criteria or new user interface behaviors:
@samvera/hyrax-code-reviewers