Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Disable possibility of modifying the files extensions #10067

Open
DS-INRAE opened this issue Oct 30, 2023 · 2 comments
Open

Feature Request: Disable possibility of modifying the files extensions #10067

DS-INRAE opened this issue Oct 30, 2023 · 2 comments
Labels
Feature: File Upload & Handling Type: Suggestion an idea User Role: Superuser Has access to the superuser dashboard and cares about how the system is configured

Comments

@DS-INRAE
Copy link
Member

Overview of the Feature Request
As an installation admin, I can be sure that the extensions of the deposited files remain unchanged by the user, in order to avoid mischievous deposits "smuggled" passed file extension filters (see related issues).

What kind of user is the feature intended for?
(Example users roles: API User, Curator, Depositor, Guest, Superuser, Sysadmin)
Depositors are affected as they are prevented from editing their files extensions (which also avoids typos),
but the main target benefiting the feature are the installation admins.

What inspired the request?
Discussion about issue :
#10006
and potential ways to bypass such filter.

What existing behavior do you want changed?
When renaming files (API or UI), not being allowed to change the extensions of the files.

Any open or closed issues related to this feature request?
This issue is originated from the discussion in this issue:
This was referenced Oct 30, 2023
Open
Open
@pdurbin
Copy link
Member

pdurbin commented Oct 30, 2023

This should probably be configurable in case some installations want to preserve the existing behavior of letting users change file extensions. However, maybe it should be the new default.

@pdurbin pdurbin added Type: Suggestion an idea Feature: File Upload & Handling User Role: Superuser Has access to the superuser dashboard and cares about how the system is configured labels Oct 30, 2023
@qqmyers
Copy link
Member

qqmyers commented Oct 30, 2023

The current code lets you change the extension of the original file (no ingest) or in the ingested case, only the ingested file extension and not the original. That seems like a weird thing to maintain unless there's real-world use. At QDR, we've gone ahead to display the original file (as in #7956) which makes it even stranger to allow changing the extension of the ingested file. If display of the original file is desired in the community version, I'm not sure that maintaining backward compatibility makes sense - i.e. either extensions shouldn't be changeable or you should only be able to change the original file extension, or we'd need the ability to allow both the original and ingested extensions to be changed, etc. It's messy enough that it might make sense to poll the user base and see if anyone has changes to the original or ingested files in their databases.

@DS-INRAE DS-INRAE moved this to ⚠️ Needed/Important in Recherche Data Gouv Jul 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature: File Upload & Handling Type: Suggestion an idea User Role: Superuser Has access to the superuser dashboard and cares about how the system is configured
Projects
Recherche Data Gouv
Status: ⚠️ Needed/Important
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pdurbin @qqmyers @DS-INRAE