Re-enable user validation for get_file(). Closes #1101.

Chainlit · Dec 5, 2024 · 4f8bc3f · 4f8bc3f
1 parent 84e88ad
commit 4f8bc3f
Showing 1 changed file with 7 additions and 8 deletions.
diff --git a/backend/chainlit/server.py b/backend/chainlit/server.py
@@ -948,7 +948,7 @@ def validate_file_size(file: UploadFile):
 async def get_file(
     file_id: str,
     session_id: str,
-    # current_user: UserParam, #TODO: Causes 401 error. See https://github.com/Chainlit/chainlit/issues/1472
+    current_user: UserParam,
 ):
     """Get a file from the session files directory."""
 
@@ -969,13 +969,12 @@ async def get_file(
             detail="Unauthorized",
         )
 
-    # TODO: Causes 401 error. See https://github.com/Chainlit/chainlit/issues/1472
-    # if current_user:
-    #     if not session.user or session.user.identifier != current_user.identifier:
-    #         raise HTTPException(
-    #             status_code=401,
-    #             detail="You are not authorized to download files from this session",
-    #         )
+    if current_user:
+        if not session.user or session.user.identifier != current_user.identifier:
+            raise HTTPException(
+                status_code=401,
+                detail="You are not authorized to download files from this session",
+            )
 
     if file_id in session.files:
         file = session.files[file_id]