Fixes #467 - Disable file downloading for localDisplay videos/audios and metadataDisplay objects. #473
Conversation
metadataDisplay objects.
app/controllers/file_controller.rb
Outdated
| @@ -44,6 +44,9 @@ def show | |||
| authorize! :edit, @solr_doc | |||
| elsif !@solr_doc['read_access_group_ssim'].include?("public") | |||
| authorize! :show, @solr_doc | |||
| unless can? :edit, @solr_doc | |||
There was a problem hiding this comment.
I'm a little torn on how I feel about the nested unless checks here. After a second read through it makes sense though. But part of me wonders if this is easier to read if we flip the checks and use || instead. Something like:
unless can_download?(@solr_doc) || can?(:edit, @solr_doc)
CanCan::AccessDenied, "User is not allowed to download file: #{field}"
Would that logic work? I may be missing an example where this wouldn't be acceptable. It also might have its own readability issues..
lib/dams/controller_helper.rb
Outdated
| local_license = document['license_tesim'] && document['license_tesim'].first.to_s.include?('localDisplay') ? true : false | ||
| license = document['license_tesim'] | ||
| other_rights = document['otherRights_tesim'] | ||
| return false if streaming_media_type?(document['resource_type_tesim']) && (local_display?(license) || local_display?(other_rights)) |
There was a problem hiding this comment.
There's a lot going on here with these conditionals. I know there are many cases to test, but i wonder if we could shrink them doing at all by breaking the returns apart? Like off the top, if the file is not a streaming type, we could presumably return true immediately? And/or maybe the local_display and metadata_only_display checks could be individual conditionals?
The individual supporting methods are great, it's just that the conditional combination here is long.
Maybe some comments are necessary here to provide the narrative for what we're doing here, given the complexity? Curious what you think. Basically I'm thinking this might be easy to forget or understand in a few months if/when we have to port this to DAMS5.
There was a problem hiding this comment.
Sound good. I'll refactor it for the conditional combination, and I see it more complicated with those UCSD IP/metadata-only collections that won't allow local download but need VPN/campus view.
lib/dams/controller_helper.rb
Outdated
| end | ||
|
|
||
| def streaming_media_type?(resource_types) | ||
| resource_types.each do |t| |
There was a problem hiding this comment.
For these support methods you might be able to use the .any? Enumerable method to avoid the explicit returns. Something like:
def streaming_media_type?(resource_types)
resource_types.any? { |t| t.include?('video') || t.include?('sound') }
end
| @@ -0,0 +1,516 @@ | |||
| # frozen_string_literal: true | |||
|
|
|||
| require 'spec_helper' | |||
There was a problem hiding this comment.
This is a great test setup 👏 I'll have to tweak this once we fold in the send_file code, but I already have a pattern in place for that. And these are an excellent set of comprehensive tests.
|
@lsitu - Here's another idea, just to put out there. What if we made So instead of doing the edit check and then our custom method, we ideally do something like this in the file controller, or even use We could possibly borrow some ideas from Hydra::Ability and this custom actions page? I think this would mostly involve moving code into ability.rb. The nice part, if this works, is it would let us use CanCan, which it kinda feels like we ideally should be for something like this. Although the context of the That said, if you think it's too much of a change to make, or a bad idea for other reasons, then feel free to ignore :) |
|
@mcritchlow Good point! I was thinking about it but it seem like we may need to add the file_id parameter to the can_download? method to support the specs in #466 that need those UCSD IP/metadata collections to be viewable from campus or through VPN (UCSD IP restriction). |
|
@lsitu - Yeah i suspect it might be best to just leave your existing implementation as proposed in this PR as-is, because there's enough complexity in this that it's probably not worth it. it was just a thought that occurred to me :) hopefully next time we do this, in dams5, we'll have more rational metadata for making this decision. we'll see.. |
|
@mcritchlow Yep. It sounds good. I was thinking whether we should at least filter those _2.jpg from downloading or not. Thanks. |
app/controllers/file_controller.rb
Outdated
| @@ -44,6 +44,9 @@ def show | |||
| authorize! :edit, @solr_doc | |||
| elsif !@solr_doc['read_access_group_ssim'].include?("public") | |||
| authorize! :show, @solr_doc | |||
| unless can?(:edit, @solr_doc) || can_download?(@solr_doc, fileid) | |||
There was a problem hiding this comment.
Style/IfUnlessModifier: Favor modifier unless usage when having a single-line body. Another good alternative is the usage of control flow &&/||.
lsitu
force-pushed
the
feature/file_downloading
branch
from
253fd81
to
f2b80f9
Compare
no download but viewable from campus.
lsitu
force-pushed
the
feature/file_downloading
branch
from
f2b80f9
to
ec61352
Compare
|
👍 |
| end | ||
| !local_other_rights && !local_license | ||
| def restricted_file?(fileid) | ||
| fileid && fileid.include?('_2.jpg') |
There was a problem hiding this comment.
What is specific to an _2.jpg being a restricted file? I don't think I understand the meaning behind this one.
| return result unless data | ||
| data.each do |datum| | ||
| result = true if datum.include?('localDisplay') || datum.include?('metadataDisplay') | ||
| def metadata_display?(data) |
There was a problem hiding this comment.
Since we already have this metadata_display? method, and it appears to be used in the catalog_helper and dams_resource_controller, do we need the local_display? and metadata_only_display? methods? Could we use this instead? This one seems to just check both (though it could be rewritten to use any? also like the others. Just a thought.
There was a problem hiding this comment.
@mcritchlow I think we may need to a separate method for metadata_only_display? to determine the different behavior with localDisplay and metadataDisplay objects. For localDisplay objects, they allow downloading of files (video/audio excluded) while metadataDisplay won't allow file download for any files.
There was a problem hiding this comment.
@lsitu - Ok, thanks for clarifying. Perhaps I misunderstood what Greg said. I thought he said if either were filled in then one could not download derivatives. But yeah if there are distinctions then I guess that's another issue. Poorly named properties it turns out, because they don't actually describe what they do :)
There was a problem hiding this comment.
@mcritchlow Yes, it's confusing to me too. So I asked Greg to clarify the localDisplay thing earlier since the access control issue is always sensitive to us. Do you want to rename it?
There was a problem hiding this comment.
@lsitu - I'm not sure. Honestly, all your tests pass and I think it's a pretty comprehensive test suite. I don't want to slow this down more than necessary. I just think the data model implications and application to these access control scenarios is unsustainable, very fragile at the least. But that's hopefully an issue we can address in the next system. Perhaps unless @hweng or @VivianChu have any other concerns, I'll just merge this and we can move on? (Thanks for all your awesome work on this complicated ticket)
There was a problem hiding this comment.
@mcritchlow Could you hold on? I'll refactor it a little bit. Thanks.
|
@mcritchlow Good question! |
|
@lsitu - Ok, I think I understand. This is just really messy. Not your code, just the very custom conditions we're allowing, or not allowing here. I wonder if this method needs to be named more specific to the context. Because on its own, a 2.jpg is usually not restricted, as you know. At this point in the conditional checking in |
|
Yep, good questions again. I think "metadata only" is only for public users, things become complicated/confusing for campus /VPN (UCSD IP restricted) users. The issue is that why the download button need to be removed from the viewer for those UCSD IP/metadata-only collections. And as you noted, does those images link to the download button a matter? If the answer is no, then removing of the download button seems to be a question. |
IP/metadata-only collections.
|
@mcritchlow I've refactored the metadata_display? codes to use it to include audio/video download controlling for the UCSD IP/metadata-only collections with the additional tests added. |
|
LGTM |
|
👍 |
Fixes #467
Local Checklist
masterbranch?What does this PR do?
Disable file downloading for localDisplay videos/audios and metadataDisplay objects, while allowing campus users to download localDisplay images.
Why are we doing this? Any context of related work?
References #466, #467
@ucsdlib/developers - please review