-
Type:
Defect
-
Resolution: Done
-
Priority:
Standard
-
Affects Version/s: 2.1.8
-
Component/s: None
-
None
-
2
-
Sprint 159
Problem:
When the file download controllers start their various checks on if a file is downloadable and authorized to download, there is a check to see if the file exists. This check should really occur after we have checked to see if the end user is authorized to read the dataset.
Acceptance Criteria:
The check for authorization to a file needs to occur prior to seeing if the file exists.
Note: Doing this work after removing the logical file id based URLs will reduce work. If so, we can change our auth-z checks to only be on dataset (and not also on file).
When the file download controllers start their various checks on if a file is downloadable and authorized to download, there is a check to see if the file exists. This check should really occur after we have checked to see if the end user is authorized to read the dataset.
Acceptance Criteria:
The check for authorization to a file needs to occur prior to seeing if the file exists.
Note: Doing this work after removing the logical file id based URLs will reduce work. If so, we can change our auth-z checks to only be on dataset (and not also on file).