Documented API update from RFC 0072 #737
Conversation
|
Connected pull requests: RFC 0072 |
| ... | ||
| ] | ||
| ``` | ||
|
|
There was a problem hiding this comment.
Could you add in that file size and checksum are optional parameters?
| from invenio_administration.generators import Administration | ||
|
|
||
| class MyRepositoryPermissionPolicy(RDMRecordPermissionPolicy): | ||
| can_draft_create_files = RDMRecordPermissionPolicy.can_draft_transfer_files + [ |
There was a problem hiding this comment.
I'm not sure these permissions have been implemented. It works out of the box for me without modifying permissions
There was a problem hiding this comment.
I will have a look at it today.
There was a problem hiding this comment.
You are right, thanks for pointing this out. @slint - please have a look at what decision you prefer:
For FETCH and REMOTE transfers, one needs to specify a list of domains inside invenio.cfg (RECORDS_RESOURCES_FILES_ALLOWED_DOMAINS for fetch, RECORDS_RESOURCES_FILES_ALLOWED_REMOTE_DOMAINS for remote) from which users can fetch remote files/link to. This list is initially empty, meaning no one can use fetch or remote. If this variable is defined, due to my omission, anyone who can edit a record could use (via API - no support in UI at the moment) these transports.
As these operations might be dangerous (depletion of background workers/invalidation of repository best practices), it would be better to disable these in RDM permissions and let the repository administrator enable them by defining explicit RDM permissions. This process isn't straightforward at the moment as care must be taken when overriding can_xyz which is used elsewhere.
The decision needed:
- Should we add these restricted permissions? It's a simple PR going as:
# inside invenio_rdm_records/services/permissions.py
- can_draft_create_files = can_review
+ can_draft_create_files = [
IfTransferType(LOCAL_TRANSFER_TYPE, can_review),
IfTransferType(MULTIPART_TRANSFER_TYPE, can_review),
SystemProcess(),
]And users would then inherit from RDM permissions as outlined in: https://github.com/inveniosoftware/docs-invenio-rdm/blob/8fefe9e26604a3685a517f59209b714805b5a515/docs/reference/file_storage.md#security-1
- Keep the
current can_draft_create_files form, and explain in docs that if repository administrator wants to tighten security, they can do it by overriding as:
# inside repository invenio.cfg
+ can_draft_create_files = [
IfTransferType(LOCAL_TRANSFER_TYPE, can_review),
IfTransferType(MULTIPART_TRANSFER_TYPE, can_review),
IfTransferType(REMOTE_TRANSFER_TYPE, can_something_else),
SystemProcess(),
]- Do something else, such as allow fetch & remote only for administration access by default:
# inside invenio_rdm_records/services/permissions.py
+ can_draft_create_files = [
IfTransferType(LOCAL_TRANSFER_TYPE, can_review),
IfTransferType(MULTIPART_TRANSFER_TYPE, can_review),
IfTransferType(FETCH_TRANSFER_TYPE, [Administration()]),
IfTransferType(REMOTE_TRANSFER_TYPE, [Administration()]),
SystemProcess(),
]What would you prefer? Thanks.
There was a problem hiding this comment.
Thanks for the clear options :)
I'm leaning towards 1., not allowing the Remote and Fetch transfer types at all, because this is already a pretty advanced feature and it's very likely that one will need to change both configuration + permissions anyways.
Once we have a better idea on how to integrate these features in the UI, we could explore the path for making the config ergonomics for the future better.
There was a problem hiding this comment.
@slint I've added:
- fix: import-files permissions invenio-drafts-resources#307 (I've needed to modify
import_filespermission here) - fix: Disabled remote and fetch transport in permissions invenio-rdm-records#2079 (implementation of 1.)
Please have a look if can be merged.
mesemus
force-pushed
the
contribution-file-storage
branch
from
ca49043 to
8fefe9e
Compare
|
Note that in upcoming "Reference" section refactor, File storage is going to be moved around/edited for clarity of audience and purpose. Currently it mixes REST API usage, with explanation of internals, with configuration for site administrators. You can separate those concerns out if you want, otherwise I will if that reorg lands after this PR. |
@fenekku I'd prefer if you could separate the concerns and move them around as I have not been following the changes to the documentation and would probably put those inconsistently with the rest of the documentation :) Thanks. |
No problem! It's been done now, so you can rebase. The separation is not yet ideal, but keeps content close enough to where it should be. If any issue with the rebase let me know, and I can help. |
mesemus
force-pushed
the
contribution-file-storage
branch
2 times, most recently
from
467cd68 to
4e7825b
Compare
* See inveniosoftware/rfcs#91 for details
mesemus
force-pushed
the
contribution-file-storage
branch
from
4e7825b to
69b741a
Compare
@fenekku Rebased, please have a look if it was done correctly. Thanks. |
|
|
||
| - *Local*, which represents the files that are managed by the InvenioRDM instance, | ||
| independently of the backend. | ||
| - *Fetch*, these are files that are not immediately managed by the instance as they need to be downloaded first. | ||
| This means that they will eventually become _local_ files. | ||
| - *Multipart*, these are files that are uploaded in parts. User can upload parts |
There was a problem hiding this comment.
| - *Multipart*, these are files that are uploaded in parts. User can upload parts | |
| - *Multipart*, these are files that are uploaded in parts. Users can upload parts |
| "type": "F", | ||
| "url": "https://example.org/files/dataset.zip?token=<auth token>" | ||
| } | ||
| "metadata": {...} |
There was a problem hiding this comment.
I missed that addition in the RFC. Is this new? (I thought metadata was an auto-filled read-only field post upload). Actually, perhaps we can remove that section ("Example of selecting transfer type ... " with code block) since it's covered below for each individual case with appropriate content?
| At this point an asynchronous task will be launched and the file will be transported into | ||
| the InvenioRDM instance. Once the file transfer is completed, the status field will be | ||
| changed to `completed`. At this point the `storage_class` of the files has also changed | ||
| changed to `completed`. At this point the `transfer.type` of the files has also changed | ||
| to `L`. The status can be checked using the _files_ url (`/api/records/{id}/draft/files`). | ||
| Note, until all the files have been transferred (i.e. their status is `completed`) the | ||
| record cannot be published. | ||
|
|
||
| More over, while files are being transferred requests to the `content` and `commit` |
There was a problem hiding this comment.
| More over, while files are being transferred requests to the `content` and `commit` | |
| Moreover, while files are being transferred requests to the `content` and `commit` |
| 1. **Network Access**: The file’s URL is reachable from the user’s network. | ||
| 2. **No Sensitive Data**: The URL does not include any sensitive information (such as tokens). | ||
|
|
||
| By default, Invenio refuses references to external files. Files can only be referenced |
There was a problem hiding this comment.
just to keep the whole doc in the context of InvenioRDM
| By default, Invenio refuses references to external files. Files can only be referenced | |
| By default, InvenioRDM refuses references to external files. Files can only be referenced |
| @@ -3,25 +3,45 @@ | |||
| Two different concepts are involved in the storing of files in InvenioRDM. One is the | |||
There was a problem hiding this comment.
Might as well rename this file: file_transfer.md and title it File transfer since that's really what you've eloquently made clear with this and the RFC 👍
Description
This PR contains documentation of API changes proposed in RFC 0072.
Checklist
Ticks in all boxes and 🟢 on all GitHub actions status checks are required to merge:
masterbranch.productionbranch following approval or indicate to a maintainer that it should be backported.Reminder
By using GitHub, you have already agreed to the GitHub’s Terms of Service including that: