Skip to content

Commit

Permalink
Merge branch 'hotfix/24.04.3' into develop
Browse files Browse the repository at this point in the history
  • Loading branch information
@mfraezz
mfraezz committed Jul 11, 2024
2 parents 905ea6b + 30604a0 commit a7f970a
Showing 1 changed file with 15 additions and 2 deletions.
17 changes: 15 additions & 2 deletions addons/base/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@ def check_resource_permissions(resource, auth, action):

def _check_registration_permissions(registration, auth, permission, action):
if permission == permissions.READ:
return registration.registered_from.can_view(auth)
return registration.can_view(auth) or registration.registered_from.can_view(auth)
if action in ('copyfrom', 'upload'):
return _check_hierarchical_write_permissions(resource=registration, auth=auth)
return registration.can_edit(auth)
Expand Down Expand Up @@ -241,6 +241,19 @@ def _check_hierarchical_write_permissions(resource, auth):
permissions_resource = permissions_resource.parent_node
return False

def _download_is_from_mfr(waterbutler_data):

This comment has been minimized.

Sign in to view

Copy link
@jwalz

jwalz Jul 11, 2024

Contributor

So, what sends the render action if not the modular file renderer? And is there a way for mfr to send the render action instead?

This comment has been minimized.

Sign in to view

Copy link
@felliott

felliott Jul 12, 2024

Member

MFR doesn't talk directly to OSF. It sends requests to WB, which then makes requests to OSF. To help id render requests, MFR sets the X-Cos-Mfr-Render-Request header, and WB forwards that on.

This comment has been minimized.

Sign in to view

Copy link
@jwalz

jwalz Jul 12, 2024
edited
Loading

Contributor

Cool. Why does it use the download action instead of the render action? Should mfr requests update the metrics for renders? Is render here just a misleading term? (looking at WB code, it seems like render is only applied to HEAD requests, so seems like "misleading name" could be the best explanation here)
metrics_data = waterbutler_data['metrics']
uri = metrics_data['uri']
is_render_uri = furl.furl(uri or '').query.params.get('mode') == 'render'
return (
# This header is sent for download requests that
# originate from MFR, e.g. for the code pygments renderer
request.headers.get('X-Cos-Mfr-Render-Request', None) or
# Need to check the URI in order to account
# for renderers that send XHRs from the
# rendered content, e.g. PDFs
is_render_uri
)

def make_auth(user):
if user is not None:
Expand Down Expand Up @@ -415,7 +428,7 @@ def get_auth(auth, **kwargs):
# Trigger any file-specific signals based on the action taken (e.g., file viewed, downloaded)
if action == 'render':
file_signals.file_viewed.send(auth=auth, fileversion=fileversion, file_node=file_node)
elif action == 'download':
elif action == 'download' and not _download_is_from_mfr(waterbutler_data):
file_signals.file_downloaded.send(auth=auth, fileversion=fileversion, file_node=file_node)

# Construct the response payload including the JWT
Expand Down

0 comments on commit a7f970a

Please sign in to comment.