Remove unsafe copy functions from client

Description

Please remove features that copy Synapse objects in ways that do not preserve access restrictions on the original object.

For example, the copy function in the synapseutils module: https://github.com/Sage-Bionetworks/synapsePythonClient/blob/master/synapseutils/copy.py#L90

This function allows users to copy entities recursively when access restrictions are attached to the original but does not (and because of permissions cannot) create the AR on a destination. It allows duplicates data in Synapse. Including it in a supported client misleads external users who may be inclined to use it.

this change should address the Governance concerns for maintaining access restrictions.

Environment

None

Activity

Show:
Ziming Dong
February 21, 2020, 6:58 PM

We can add it back to the next release (2.0 based off of develop branch) if agrees with this assessment.

Aaron Hayden
March 19, 2020, 7:19 PM

I think ‘s patch addresses the issue of copying entities with conditions of use. If copy is useful to people, it probably should be in the official client and should behave in a way acceptable to Governance (ie, maintaining access restrictions). Users can evade this buy implementing their own override of the copy function or by downloading/uploading, but doing that would be malicious and we would address it as a data breach most likely. cc

Thomas Yu
March 20, 2020, 4:15 AM
Edited

There is a slight bug with 697 and 702, we will want this: https://github.com/Sage-Bionetworks/synapsePythonClient/pull/715

The issue is linked: https://sagebionetworks.jira.com/browse/SYNPY-1027

Verena Chung
March 20, 2020, 6:19 PM

Tested and got the expected results of not copying files with restrictions.

Assignee

Ziming Dong

Reporter

Aaron Hayden

Labels

Validator

Verena Chung

Development Area

None

Release Version History

None

Components

Fix versions

Affects versions

Priority

Critical
Configure