Download Permissions: Remove business logic from Application fragments. #2698
Description
Working on #2648 it became apparent that too much business logic related to download authorization was maintained in different application components. Ideally we want it to be isolated in the PermissionService bean. Below is my comment from Access.java:
TODO: (IMPORTANT!)
Business logic like this should NOT be maintained in individual
application fragments.
At the moment it is duplicated here, and inside the Dataset page.
There are also stubs for file-level permission lookups and caching
inside Gustavo's view-scoped PermissionsWrapper.
All this logic needs to be moved to the PermissionServiceBean where it will be
centrally maintained; with the PermissionsWrapper providing
efficient cached lookups to the pages (that often need to make
repeated lookups on the same files). Care will need to be taken
to preserve the slight differences in logic utilized by the page and
this Access call (the page checks the restriction flag on the
filemetadata, not the datafile - as it needs to reflect the permission
status of the file in the version history).
I will open a 4.[34] ticket.
L.A. 4.2.1