Versions Compared

Old Version 5

changes.mady.by.user John Hill

Saved on

compared with

New Version 6

changes.mady.by.user John Hill

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If user B were to attempt to directly access a pre-signed URL for the same file using GET using GET /filefileHandle/1/url then Synapse would return an unauthorized result (403) even though they are authorized to download it through the association with entityId=123.  The reason for this is Synapse cannot lookup the associated object given a file handle id.  This is a based on how the file data is stored in Synapse:

...

We need to change how file data is stored in Synapse to make it trivial to lookup the associated object.id and object.type given a fileHandle.id.  Then it would be possible for user B, in the above example, to download the file using GET /file/1.

Asynchronous Bulk File Download

We propose adding a new REST API call that would allow callers to start an asynchronous job that would create a zip file containing multiple requested files.  Upon completion of the job a pre-signed URL will be returned with the response object.  The response object will also include a summary of each of the requested file.  Each file summary will include a state of SUCCESS or FAILURE to indicate which of the requested files were included in resulting zip file.  For the case of FAILURE, a reason will be included, such as UNAUTHORIZED or NOT_FOUND.

Zip Results

The resulting zip file will contain an entry for each successful file using the following directory and naming scheme:

Code Block
{fileHandleId % 1000} /{fileHandleId}/{fileName}

The zip file entry naming scheme is designed to match the caching schemes used by the R and Python clients such that the zip can decompressed directly into a users local file cache.

Object Model

 

REST API

URLMethodRequest BodyResponse BodyAuthorizationDescription
/file/bulk/async/startPOSTBulkFileDownloadRequestAsynchJobIdAnyone is authorized to make this call.  Authorization for each requested file is done individually. Call to start an asynchronous job create a Zip file containing all of the requested files that the caller is authorized to download.
file/bulk/async/get/{asyncToken}GET 

Job complete: BulkFileDownloadResponse (200) 

Job processing: AsynchronousJobStatus (202)

Only the user that started the job is authorized to make this call.Call used to track the asynchronous  job status.  While the job is still running the job status will be returned (202), when the job is complete results will be returned (200).
GET /fileHandle/{handleId}/urlGET Pre-signed URLThe creator of the FileHandle is authorized to make this call.  If the caller is authorized to download the file via an associated object they they will be authorized to make this call.This method already exist in the API. However, only the creator of the fileHandle is authorized to make this call presently.  Authorization will be extend to allow anyone that is authorized to download the object via an associated object.