41526 feat(storage): migrate file service to path-based routing and harden API

Author: EBirkenfeld

backend/src/accounts/tests/views/test_user/test_update.py

@@ -178,6 +178,8 @@ def test_put__all_fields__ok(api_client, mocker):
             'photo': user.photo,
             'is_admin': user.is_admin,
             'is_account_owner': user.is_account_owner,
+            'manager_id': user.manager_id,
+            'subordinates_ids': [],
         },
     )
 

backend/src/processes/management/commands/migrate_file_attachment_to_attachment.py

@@ -70,24 +70,33 @@ def handle(self, *args, **options):
                     access_type = AccessType.RESTRICTED
 
                 source_type = SourceType.ACCOUNT
-
                 task_id = None
-                if attr.event_id and attr.event.task_id:
-                    task_id = attr.event.task_id
-                elif attr.output_id and attr.output.task_id:
-                    task_id = attr.output.task_id
-
                 template_id = None
+
                 if attr.workflow_id:
+                    source_type = SourceType.WORKFLOW
                     template_id = attr.workflow.template_id
-                elif (
-                    attr.event_id and
-                    attr.event.task_id and
-                    attr.event.task.workflow_id
-                ):
-                    template_id = attr.event.task.workflow.template_id
-                elif attr.output_id and attr.output.workflow_id:
-                    template_id = attr.output.workflow.template_id
+                elif attr.event_id:
+                    if attr.event.task_id:
+                        source_type = SourceType.TASK
+                        task_id = attr.event.task_id
+                        template_id = (
+                            attr.event.task.workflow.template_id
+                            if attr.event.task.workflow_id
+                            else None
+                        )
+                    else:
+                        source_type = SourceType.WORKFLOW
+                        template_id = (
+                            attr.event.workflow.template_id
+                            if attr.event.workflow_id
+                            else None
+                        )
+                elif attr.output_id:
+                    source_type = SourceType.TASK
+                    task_id = attr.output.task_id
+                    if attr.output.workflow_id:
+                        template_id = attr.output.workflow.template_id
 
                 if not dry_run:
                     with transaction.atomic():

…es/migrations/0245_auto_20251010_0046.py …ations/0253_add_fileattachment_fields.pybackend/src/processes/migrations/0245_auto_20251010_0046.py renamed to backend/src/processes/migrations/0253_add_fileattachment_fields.py backend/src/processes/migrations/0245_auto_20251010_0046.py renamed to backend/src/processes/migrations/0253_add_fileattachment_fields.py

@@ -6,7 +6,7 @@
 class Migration(migrations.Migration):
 
     dependencies = [
-        ('processes', '0244_add_reminder'),
+        ('processes', '0252_add_manager_performer_type'),
     ]
 
     operations = [

backend/src/processes/serializers/workflows/field.py

@@ -48,6 +48,7 @@ class Meta:
             'user_id',
             'group_id',
             'selections',
+            'attachments',
         )
 
     selections = serializers.SerializerMethodField()

backend/src/processes/services/tasks/field.py

@@ -478,8 +478,7 @@ def _sync_storage_attachments(
                 continue
             if created:
                 service = AttachmentService(user=self.user)
-                service.instance = attachment
-                service._create_related()
+                service.assign_permissions(attachment)
 
     def partial_update(
         self,
@@ -515,8 +514,7 @@ def partial_update(
             )
             if self.instance.type == FieldType.FILE:
                 self._link_new_attachments(raw_value)
-            elif self.instance.type in FieldType.TYPES_WITH_SELECTIONS:
-                self._update_selections(raw_value)
+
             elif self.instance.type in {
                 FieldType.STRING,
                 FieldType.TEXT,

backend/src/processes/tests/test_services/test_condition_check/test_service.py

@@ -27,7 +27,6 @@
 )
 from src.storage.models import Attachment
 from src.storage.enums import SourceType, AccessType
-from src.processes.models.workflows.attachment import FileAttachment
 
 UserModel = get_user_model()
 pytestmark = pytest.mark.django_db
@@ -1577,11 +1576,11 @@ def test_check__file__exist__has_attachment__ok():
         workflow=workflow,
         account=owner.account,
     )
-    FileAttachment.objects.create(
-        name='john.cena',
-        url='https://john.cena/john.cena',
-        size=1488,
-        account_id=owner.account_id,
+    Attachment.objects.create(
+        file_id='12345678-1234-5678-1234-567812345678',
+        source_type=SourceType.TASK,
+        access_type=AccessType.ACCOUNT,
+        account=owner.account,
         output=field,
     )
     condition = Condition.objects.create(
@@ -1626,11 +1625,11 @@ def test_check__file__exist__no_attachment__fail():
         workflow=workflow,
         account=owner.account,
     )
-    FileAttachment.objects.create(
-        name='john.cena',
-        url='https://john.cena/john.cena',
-        size=1488,
-        account_id=owner.account_id,
+    Attachment.objects.create(
+        file_id='12345678-1234-5678-1234-567812345678',
+        source_type=SourceType.TASK,
+        access_type=AccessType.ACCOUNT,
+        account=owner.account,
         output=None,
     )
     condition = Condition.objects.create(
@@ -1675,11 +1674,11 @@ def test_check__file__not_exist__no_attachment__ok():
         workflow=workflow,
         account=owner.account,
     )
-    FileAttachment.objects.create(
-        name='john.cena',
-        url='https://john.cena/john.cena',
-        size=1488,
-        account_id=owner.account_id,
+    Attachment.objects.create(
+        file_id='12345678-1234-5678-1234-567812345678',
+        source_type=SourceType.TASK,
+        access_type=AccessType.ACCOUNT,
+        account=owner.account,
         output=None,
     )
     condition = Condition.objects.create(
@@ -1724,11 +1723,11 @@ def test_check__file__not_exist__has_attachment__fail():
         workflow=workflow,
         account=owner.account,
     )
-    FileAttachment.objects.create(
-        name='john.cena',
-        url='https://john.cena/john.cena',
-        size=1488,
-        account_id=owner.account_id,
+    Attachment.objects.create(
+        file_id='12345678-1234-5678-1234-567812345678',
+        source_type=SourceType.TASK,
+        access_type=AccessType.ACCOUNT,
+        account=owner.account,
         output=field,
     )
     condition = Condition.objects.create(

backend/src/processes/tests/test_services/test_tasks/test_taskfield.py

@@ -35,7 +35,6 @@
 )
 from src.storage.models import Attachment
 from src.storage.enums import SourceType, AccessType
-from src.processes.models.workflows.attachment import FileAttachment
 
 UserModel = get_user_model()
 pytestmark = pytest.mark.django_db
@@ -672,11 +671,11 @@ def test__link_new_attachments__ids_none__skip():
         workflow=workflow,
         account=account,
     )
-    attachment = FileAttachment.objects.create(
-        name='test.jpg',
-        url='https://test.test/test.jpg',
-        size=1234,
-        account_id=account.id,
+    attachment = Attachment.objects.create(
+        file_id='test.jpg',
+        account=account,
+        source_type=SourceType.TASK,
+        access_type=AccessType.RESTRICTED,
     )
     service = TaskFieldService(instance=task_field, user=user)
 
@@ -705,33 +704,31 @@ def test__remove_unused_attachments__value_some_deleted__ok():
         workflow=workflow,
         account=account,
     )
-    attachment_1 = FileAttachment.objects.create(
-        name='keep.jpg',
-        url='https://test.test/keep.jpg',
-        size=100,
-        account_id=account.id,
+    attachment_1 = Attachment.objects.create(
+        file_id='keep.jpg',
+        account=account,
+        source_type=SourceType.TASK,
+        access_type=AccessType.RESTRICTED,
         output=task_field,
     )
-    attachment_2 = FileAttachment.objects.create(
-        name='delete.jpg',
-        url='https://test.test/delete.jpg',
-        size=200,
-        account_id=account.id,
+    attachment_2 = Attachment.objects.create(
+        file_id='delete.jpg',
+        account=account,
+        source_type=SourceType.TASK,
+        access_type=AccessType.RESTRICTED,
         output=task_field,
     )
     service = TaskFieldService(instance=task_field, user=user)
-    value = attachment_1.url
-    attachment_ids = [str(attachment_1.id)]
+    markdown_values = [attachment_1.file_id]
 
     # act
     service._remove_unused_attachments(
-        value=value,
-        attachment_ids=attachment_ids,
+        markdown_values=markdown_values,
     )
 
     # assert
-    assert FileAttachment.objects.filter(id=attachment_1.id).exists()
-    assert not FileAttachment.objects.filter(id=attachment_2.id).exists()
+    assert Attachment.objects.filter(id=attachment_1.id).exists()
+    assert not Attachment.objects.filter(id=attachment_2.id).exists()
 
 
 def test__remove_unused_attachments__value_none_deleted__ok():
@@ -750,25 +747,23 @@ def test__remove_unused_attachments__value_none_deleted__ok():
         workflow=workflow,
         account=account,
     )
-    attachment_1 = FileAttachment.objects.create(
-        name='keep.jpg',
-        url='https://test.test/keep.jpg',
-        size=100,
-        account_id=account.id,
+    attachment_1 = Attachment.objects.create(
+        file_id='keep.jpg',
+        account=account,
+        source_type=SourceType.TASK,
+        access_type=AccessType.RESTRICTED,
         output=task_field,
     )
     service = TaskFieldService(instance=task_field, user=user)
-    value = attachment_1.url
-    attachment_ids = [str(attachment_1.id)]
+    markdown_values = [attachment_1.file_id]
 
     # act
     service._remove_unused_attachments(
-        value=value,
-        attachment_ids=attachment_ids,
+        markdown_values=markdown_values,
     )
 
     # assert
-    assert FileAttachment.objects.filter(id=attachment_1.id).exists()
+    assert Attachment.objects.filter(id=attachment_1.id).exists()
 
 
 def test__remove_unused_attachments__no_value__ok():
@@ -787,23 +782,22 @@ def test__remove_unused_attachments__no_value__ok():
         workflow=workflow,
         account=account,
     )
-    attachment_1 = FileAttachment.objects.create(
-        name='delete.jpg',
-        url='https://test.test/delete.jpg',
-        size=100,
-        account_id=account.id,
+    attachment_1 = Attachment.objects.create(
+        file_id='delete.jpg',
+        account=account,
+        source_type=SourceType.TASK,
+        access_type=AccessType.RESTRICTED,
         output=task_field,
     )
     service = TaskFieldService(instance=task_field, user=user)
 
     # act
     service._remove_unused_attachments(
-        value=None,
-        attachment_ids=None,
+        markdown_values=None,
     )
 
     # assert
-    assert not FileAttachment.objects.filter(id=attachment_1.id).exists()
+    assert not Attachment.objects.filter(id=attachment_1.id).exists()
 
 
 def test__remove_unused_attachments__no_value_no_attachments__ok():
@@ -826,12 +820,11 @@ def test__remove_unused_attachments__no_value_no_attachments__ok():
 
     # act
     service._remove_unused_attachments(
-        value=None,
-        attachment_ids=None,
+        markdown_values=None,
     )
 
     # assert
-    assert not FileAttachment.objects.filter(
+    assert not Attachment.objects.filter(
         output=task_field,
     ).exists()
 
@@ -1065,7 +1058,10 @@ def test_partial_update__ok(mocker):
     service.partial_update(value=raw_value)
 
     # assert
-    get_valid_value_mock.assert_called_once_with(raw_value)
+    get_valid_value_mock.assert_called_once_with(
+        raw_value=raw_value,
+        selections=None,
+    )
     link_new_attachments_mock.assert_not_called()
     task_field.refresh_from_db()
     assert task_field.value == value
@@ -1383,10 +1379,6 @@ def test_remove_unused_attachments__comment_attachment_unchanged(mocker):
         'src.processes.services.tasks.field.'
         'TaskFieldService._link_new_attachments',
     )
-    update_selections_mock = mocker.patch(
-        'src.processes.services.tasks.field.'
-        'TaskFieldService._update_selections',
-    )
     service = TaskFieldService(
         instance=task_field,
         user=user,
@@ -1399,7 +1391,6 @@ def test_remove_unused_attachments__comment_attachment_unchanged(mocker):
     get_valid_value_mock.assert_called_once()
     assert Attachment.objects.filter(id=comment_attachment.id).exists()
     link_new_mock.assert_called_once_with(None)
-    update_selections_mock.assert_not_called()
 
 
 def test__partial_update__no_value_kwarg__ok(mocker):
@@ -1437,7 +1428,10 @@ def test__partial_update__no_value_kwarg__ok(mocker):
     service.partial_update()
 
     # assert
-    get_valid_value_mock.assert_called_once_with(None)
+    get_valid_value_mock.assert_called_once_with(
+        raw_value=None,
+        selections=None,
+    )
     remove_unused_attachments_mock.assert_not_called()
     link_new_attachments_mock.assert_not_called()
 
@@ -1938,6 +1932,7 @@ def test__get_valid_checkbox_value__not_in_allowed__raise_exception(mocker):
     get_selections_values_mock.assert_called_once_with()
 
 
+@override_settings(FILE_DOMAIN='example.com')
 def test_get_valid_file_value__one_file__ok():
 
     # arrange

backend/src/storage/migrations/0001_initial.py

@@ -11,6 +11,7 @@ class Migration(migrations.Migration):
 
     dependencies = [
         ('accounts', '0139_remove_account_external_id'),
+        ('processes', '0001_initial'),
     ]
 
     operations = [

backend/src/storage/serializers.py

@@ -37,7 +37,7 @@ class AttachmentCheckPermissionSerializer(
     """Serializer for checking file access permissions."""
 
     file_id = serializers.CharField(
-        max_length=64,
+        max_length=512,
         required=True,
         help_text='Unique file identifier',
     )