flip_api.file_services.retrieve_uploaded_file_info ================================================== .. py:module:: flip_api.file_services.retrieve_uploaded_file_info Attributes ---------- .. autoapisummary:: flip_api.file_services.retrieve_uploaded_file_info.router Functions --------- .. autoapisummary:: flip_api.file_services.retrieve_uploaded_file_info._filter_files_by_access flip_api.file_services.retrieve_uploaded_file_info._serialize_files flip_api.file_services.retrieve_uploaded_file_info.get_uploaded_files_info flip_api.file_services.retrieve_uploaded_file_info.get_uploaded_files_info_post Module Contents --------------- .. py:data:: router .. py:function:: _filter_files_by_access(files: list[flip_api.db.models.main_models.UploadedFiles], user_id: uuid.UUID, db: sqlmodel.Session) -> list[flip_api.db.models.main_models.UploadedFiles] Filter files to those whose owning model the user can access. Files with no ``model_id`` are denied by default — they are not attached to any model and therefore have no scope under which a caller can claim access. Access decisions are memoised per ``model_id`` to avoid redundant DB lookups when several files share the same model. :param files: Files retrieved from the database. :param user_id: Authenticated caller. :param db: Database session. :returns: The subset of ``files`` the caller is allowed to see. .. py:function:: _serialize_files(files: list[flip_api.db.models.main_models.UploadedFiles]) -> list[dict[str, Any]] Serialize file records into the API response shape. .. py:function:: get_uploaded_files_info(file_ids: str, db: sqlmodel.Session = Depends(get_session), user_id: uuid.UUID = Depends(verify_token)) -> list[dict[str, Any]] Get information about uploaded files based on a list of IDs. Only files belonging to a model the caller can access are returned. Files outside the caller's scope are filtered out — the response does not distinguish between "does not exist" and "not authorised", to avoid leaking the existence of files via metadata enumeration. :param file_ids: Comma-separated string of file IDs :type file_ids: str :param db: Database session :type db: Session :param user_id: ID of the user (obtained from auth token) :type user_id: UUID :returns: A list of dictionaries containing file information :rtype: list[dict[str, Any]] :raises HTTPException: If no accessible files are found or if there is an error during the operation. .. py:function:: get_uploaded_files_info_post(id_list: flip_api.domain.schemas.file.IdList, db: sqlmodel.Session = Depends(get_session), user_id: uuid.UUID = Depends(verify_token)) -> list[dict[str, Any]] Get information about uploaded files based on a list of IDs (POST method). Only files belonging to a model the caller can access are returned. Files outside the caller's scope are filtered out — the response does not distinguish between "does not exist" and "not authorised", to avoid leaking the existence of files via metadata enumeration. :param id_list: Pydantic model containing a list of file IDs :type id_list: IdList :param db: Database session :type db: Session :param user_id: ID of the user (obtained from auth token) :type user_id: UUID :returns: A list of dictionaries containing file information :rtype: list[dict[str, Any]] :raises HTTPException: If no accessible files are found or if there is an error during the operation.