Remove unsafe copy functions from client
Please remove features that copy Synapse objects in ways that do not preserve access restrictions on the original object.
For example, the copy function in the synapseutils module: https://github.com/Sage-Bionetworks/synapsePythonClient/blob/master/synapseutils/copy.py#L90
This function allows users to copy entities recursively when access restrictions are attached to the original but does not (and because of permissions cannot) create the AR on a destination. It allows duplicates data in Synapse. Including it in a supported client misleads external users who may be inclined to use it.
this change should address the Governance concerns for maintaining access restrictions.
Tested and got the expected results of not copying files with restrictions.
I will undo
to add the copy() function back to the 2.0.0-rc branch and then reapply the changes that tom made in:
I think ‘s patch addresses the issue of copying entities with conditions of use. If copy is useful to people, it probably should be in the official client and should behave in a way acceptable to Governance (ie, maintaining access restrictions). Users can evade this buy implementing their own override of the copy function or by downloading/uploading, but doing that would be malicious and we would address it as a data breach most likely. cc
We can add it back to the next release (2.0 based off of develop branch) if agrees with this assessment.