flip_api.file_services.retrieve_uploaded_file_info

Attributes

router

Functions

_filter_files_by_access(...)

Filter files to those whose owning model the user can access.

_serialize_files(→ list[dict[str, Any]])

Serialize file records into the API response shape.

get_uploaded_files_info(, user_id, Any]])

Get information about uploaded files based on a list of IDs.

get_uploaded_files_info_post(, user_id, Any]])

Get information about uploaded files based on a list of IDs (POST method).

Module Contents

flip_api.file_services.retrieve_uploaded_file_info.router
flip_api.file_services.retrieve_uploaded_file_info._filter_files_by_access(files: list[flip_api.db.models.main_models.UploadedFiles], user_id: uuid.UUID, db: sqlmodel.Session) list[flip_api.db.models.main_models.UploadedFiles]

Filter files to those whose owning model the user can access.

Files with no model_id are denied by default — they are not attached to any model and therefore have no scope under which a caller can claim access. Access decisions are memoised per model_id to avoid redundant DB lookups when several files share the same model.

Parameters:

  • files – Files retrieved from the database.

  • user_id – Authenticated caller.

  • db – Database session.

Returns:

The subset of files the caller is allowed to see.

flip_api.file_services.retrieve_uploaded_file_info._serialize_files(files: list[flip_api.db.models.main_models.UploadedFiles]) list[dict[str, Any]]

Serialize file records into the API response shape.

flip_api.file_services.retrieve_uploaded_file_info.get_uploaded_files_info(file_ids: str, db: sqlmodel.Session = Depends(get_session), user_id: uuid.UUID = Depends(verify_token)) list[dict[str, Any]]

Get information about uploaded files based on a list of IDs.

Only files belonging to a model the caller can access are returned. Files outside the caller’s scope are filtered out — the response does not distinguish between “does not exist” and “not authorised”, to avoid leaking the existence of files via metadata enumeration.

Parameters:

  • file_ids (str) – Comma-separated string of file IDs

  • db (Session) – Database session

  • user_id (UUID) – ID of the user (obtained from auth token)

Returns:

A list of dictionaries containing file information

Return type:

list[dict[str, Any]]

Raises:

HTTPException – If no accessible files are found or if there is an error during the operation.

flip_api.file_services.retrieve_uploaded_file_info.get_uploaded_files_info_post(id_list: flip_api.domain.schemas.file.IdList, db: sqlmodel.Session = Depends(get_session), user_id: uuid.UUID = Depends(verify_token)) list[dict[str, Any]]

Get information about uploaded files based on a list of IDs (POST method).

Only files belonging to a model the caller can access are returned. Files outside the caller’s scope are filtered out — the response does not distinguish between “does not exist” and “not authorised”, to avoid leaking the existence of files via metadata enumeration.

Parameters:

  • id_list (IdList) – Pydantic model containing a list of file IDs

  • db (Session) – Database session

  • user_id (UUID) – ID of the user (obtained from auth token)

Returns:

A list of dictionaries containing file information

Return type:

list[dict[str, Any]]

Raises:

HTTPException – If no accessible files are found or if there is an error during the operation.