Inconsistency with special-access links

[Janfred]

The special-access links have an inconsistency:

When opening the special-access link without being logged in (I haven't tried it with a login), some files cannot be viewed/downloaded from the request overview page.
Censored documents are only shown in the censored variant, although the censored parts of the messages are shown.
In cases where there exists an uncensored and a censored variant, only the censored variant is displayed in the document overview list.

When downloading the complete request history as a ZIP, all documents are included in the uncensored variant.

I believe that the special-access link should show all documents in the uncensored variant and allow downloads of single, uncensored documents, as it is explicitly intended for giving more access than what is publicly available.

[stefanw]

I guess we need to clarify the purpose of documents. The documents generated from PDF attachments are for public distribution and consequently need to be redacted if the underlying PDF attachment required redactions. PDF attachments retain a redacted and an unredacted variant, but if a PDF attachment is converted to a document (meaning marked as a result of an FOI request) then only the redacted variant will be used. This has nothing to do with special-access links. Even regularly authenticated users cannot see unredacted versions of documents, but only unredacted attachments.

[Janfred]

I don't understand the comment.

My use case: I want to give special access to either a lawyer or the LfDI. And they should be able to see everything unredacted.
I used the link sent automatically when requesting a "mediation" from LfDI.

If they open the link, they can see the unredacted text content of mails, but not the unredacted attachments, neither if the attachments have not been published or if only a redacted version of the attachment has been published.
If they download the whole request as ZIP (on FragDenStaat in the right box "Download als ZIP"), the ZIP contains the unredacted attachments.

[Janfred]

If there is no unredacted variant of a document, the special access link shows the unredacted document, but when clicking on it it requires a login.
If there is a redacted version, the overview page only shows the redacted version, where the "owner" view shows the public variant and the non-public variant.

The way I assumed the special-access links work is that they show (almost) anything the owner sees, but without the possibility to change anything. (such as sending messages, redact documents, set status, ...)

[stefanw]

Thanks for explaining your use case. We make a distinction between 'documents' (e.g. looks like this) and attachments on messages (which can be PDFs). PDF attachments can be promoted to documents but only the redacted version if there is a need for redaction. But you are talking about attachments as I understand it now.

Special-access links should work for attachments, however currently the attachments need to be 'approved' which implicitly means the special-access links can't access redacted attachments. The code is quite explicit about it:

https://github.com/okfde/froide/blob/main/froide/foirequest/auth.py#L285-L293

Not sure why, we will look into it.