@@ -372,10 +372,9 @@ def download_file_from_container(
372372 page , f .fileno (), file_path , source_encoding = get_charset_from_http_headers (page .headers )
373373 )
374374 except HTTPError as e :
375- # TODO: We can only download files from published records for now
376375 if e .code in [401 , 403 , 404 ]:
377376 raise Exception (
378- f"Cannot download file '{ file_identifier } { container_id } it is public ."
377+ f"Cannot download file '{ file_identifier } { container_id } you have access to it ."
379378 )
380379
381380 def _get_download_file_url (
@@ -387,6 +386,9 @@ def _get_download_file_url(
387386 """
388387 file_details_url = self ._get_file_details_url (record_id , filename )
389388 if self ._is_published_record (record_id , context ):
389+ # For restricted content, we need to use the regular API endpoint with credentials
390+ if self ._is_record_content_restricted (record_id , context ):
391+ return f"{ file_details_url }
390392 return self ._file_url_to_download_url (file_details_url )
391393 if self ._is_draft_record (record_id , context ):
392394 draft_download_url = f"{ self ._to_draft_url (file_details_url )}
@@ -413,6 +415,15 @@ def _is_published_record(self, record_id: str, context: FilesSourceRuntimeContex
413415 response = requests .head (request_url , headers = headers )
414416 return response .status_code == 200
415417
418+ def _is_record_content_restricted (
419+ self , record_id : str , context : FilesSourceRuntimeContext [RDMFileSourceConfiguration ]
420+ ):
421+ request_url = self ._get_record_url (record_id )
422+ response_data = self ._get_response (context , request_url )
423+ metadata = response_data .get ("metadata" , {})
424+ access_right = metadata .get ("access_right" , "public" )
425+ return access_right == "restricted"
426+
416427 def _get_record_url (self , record_id : str ):
417428 return f"{ self .records_url } { record_id }
418429
0 commit comments