oy2-25705 - allow download of attachments only if passed virus scan #1451
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Story: https://qmacbis.atlassian.net/browse/OY2-25075
Endpoint: See github-actions bot comment
Details
If an attachment hasnt passed virus scan then do not display as link. Additionally due to this the download all button behavior was changed.
Changes
Implementation Notes
Could have gone about this 2 ways, 1 was this way to always interrogate the tag status via aws api. This does result in more network traffic between the lambda and DB but its negligible since its all within the VPC and records will only have 10s of attachments not 1000s so the number of calls is small and quick.
The alternative would be to keep the virusScanStatus along with the package in the DB. I felt that was far more intrusive and would have required deeper code edits but worse of all would directly couple the attachments service to the DB as it would have to update a DB record or call package builder or something that would have an effect to get the package rebuilt everytime an attachment scan completed and I didnt really think that would be a good approach.
Note that alot of our attachments in feature branches with staged data dont actually point to the real branch s3 bucket and therefore most the staged data does not function properly (I did change a few just to verify it was on the up and up). To fully test you will have to submit new attachments. I expect this to only be an issue on feature branches where we load test data that has erroneous url values in the package.
Test Plan