From d72d7520941e5f3869a59315124ee25645fc12ac Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Mon, 12 Dec 2022 10:11:36 +0100
Subject: [PATCH 01/33] migration and background in progress

---
 mwdb/app.py                                   |   6 +
 mwdb/model/__init__.py                        |   3 +-
 mwdb/model/file.py                            | 127 +++++++++++++++
 .../3c610b0ddebc_add_related_files_table.py   |  36 +++++
 mwdb/model/object.py                          |   5 +
 mwdb/resources/file.py                        | 145 +++++++++++++++++-
 mwdb/web/src/commons/api/index.js             |   4 +
 7 files changed, 324 insertions(+), 2 deletions(-)
 create mode 100644 mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py

diff --git a/mwdb/app.py b/mwdb/app.py
index 384db861a..451d32efa 100755
--- a/mwdb/app.py
+++ b/mwdb/app.py
@@ -44,6 +44,8 @@
     FileDownloadZipResource,
     FileItemResource,
     FileResource,
+    RelatedFileDownloadResource,
+    RelatedFileItemResource,
 )
 from mwdb.resources.group import GroupListResource, GroupMemberResource, GroupResource
 from mwdb.resources.karton import KartonAnalysisResource, KartonObjectResource
@@ -259,6 +261,10 @@ def require_auth():
 api.add_resource(FileDownloadResource, "/file/<hash64:identifier>/download")
 api.add_resource(FileDownloadZipResource, "/file/<hash64:identifier>/download/zip")
 
+# RelatedFiles endpoints
+api.add_resource(RelatedFileItemResource, "/related_file/<hash64:identifier>")
+api.add_resource(RelatedFileDownloadResource, "/related_file/<hash64:identifier>/download")
+
 # Config endpoints
 api.add_resource(ConfigResource, "/config")
 api.add_resource(ConfigStatsResource, "/config/stats")
diff --git a/mwdb/model/__init__.py b/mwdb/model/__init__.py
index 2d6323e44..443f33ffc 100644
--- a/mwdb/model/__init__.py
+++ b/mwdb/model/__init__.py
@@ -47,7 +47,7 @@ def after_cursor_execute(conn, cursor, statement, parameters, context, executema
 from .blob import TextBlob  # noqa: E402
 from .comment import Comment  # noqa: E402
 from .config import Config, StaticConfig  # noqa: E402
-from .file import File  # noqa: E402
+from .file import File, RelatedFile  # noqa: E402
 from .group import Group, Member  # noqa: E402
 from .karton import KartonAnalysis, karton_object  # noqa: E402
 from .oauth import OpenIDProvider, OpenIDUserIdentity  # noqa: E402
@@ -76,6 +76,7 @@ def after_cursor_execute(conn, cursor, statement, parameters, context, executema
     "OpenIDProvider",
     "OpenIDUserIdentity",
     "relation",
+    "RelatedFile",
     "QuickQuery",
     "Tag",
     "User",
diff --git a/mwdb/model/file.py b/mwdb/model/file.py
index f8d3b3090..7990cd210 100644
--- a/mwdb/model/file.py
+++ b/mwdb/model/file.py
@@ -9,6 +9,7 @@
 from sqlalchemy.dialects.postgresql.array import ARRAY
 from sqlalchemy.ext.mutable import MutableList
 from werkzeug.utils import secure_filename
+from flask import g
 
 from mwdb.core.auth import AuthScope, generate_token, verify_token
 from mwdb.core.config import StorageProviderType, app_config
@@ -328,3 +329,129 @@ def get_by_download_token(download_token):
 
     def _send_to_karton(self):
         return send_file_to_karton(self)
+
+
+class RelatedFile(db.Model):
+    __tablename__ = "related_file"
+
+    id = db.Column(db.Integer, primary_key=True)
+    object_id = db.Column(
+        db.Integer,
+        db.ForeignKey("object.id", ondelete="CASCADE"),
+        nullable=False,
+    )
+    file_name = db.Column(db.String, nullable=False)
+    file_size = db.Column(db.Integer, nullable=False)
+    sha256 = db.Column(db.String, nullable=False)
+
+    related_object = db.relationship(
+        "Object",
+        back_populates="related_files",
+        lazy=True,
+    )
+
+    def _calculate_path(self):
+        if app_config.mwdb.storage_provider == StorageProviderType.DISK:
+            upload_path = (
+                "related_files"
+                if app_config.mwdb.related_files_folder == ""
+                else app_config.mwdb.related_files_folder + "/related_files"
+            )
+        elif app_config.mwdb.storage_provider == StorageProviderType.S3:
+            upload_path = "related_files/"
+        else:
+            raise RuntimeError(
+                f"StorageProvider {app_config.mwdb.storage_provider} is not supported"
+            )
+
+        sample_sha256 = self.sha256.lower()
+
+        if app_config.mwdb.hash_pathing:
+            # example: related_files/9/f/8/6/9f86d0818...
+            upload_path = os.path.join(upload_path, *list(sample_sha256)[0:4])
+
+        if app_config.mwdb.storage_provider == StorageProviderType.DISK:
+            upload_path = os.path.abspath(upload_path)
+            os.makedirs(upload_path, mode=0o755, exist_ok=True)
+
+        return os.path.join(upload_path, sample_sha256)
+
+    @classmethod
+    def create(
+        cls,
+        file_name,
+        file_stream,
+        related_object,
+    ):
+        file_stream.seek(0, os.SEEK_END)
+        file_size = file_stream.tell()
+        if file_size == 0:
+            raise EmptyFileError
+
+        sha256 = calc_hash(file_stream, hashlib.sha256(), lambda h: h.hexdigest())
+
+        new_related_file = (
+            db.session.query(RelatedFile).filter(RelatedFile.sha256 == sha256).first()
+        )
+
+        # If file already exists
+        if new_related_file is not None:
+            return
+
+        new_related_file = RelatedFile(
+            object_id=related_object.id,
+            file_name=secure_filename(file_name),
+            file_size=file_size,
+            sha256=sha256,
+        )
+
+        file_stream.seek(0, os.SEEK_SET)
+        if app_config.mwdb.storage_provider == StorageProviderType.S3:
+            get_s3_client(
+                app_config.mwdb.s3_storage_endpoint,
+                app_config.mwdb.s3_storage_access_key,
+                app_config.mwdb.s3_storage_secret_key,
+                app_config.mwdb.s3_storage_region_name,
+                app_config.mwdb.s3_storage_secure,
+                app_config.mwdb.s3_storage_iam_auth,
+            ).put_object(
+                Bucket=app_config.mwdb.s3_storage_bucket_name,
+                Key=new_related_file._calculate_path(),
+                Body=file_stream,
+            )
+        elif app_config.mwdb.storage_provider == StorageProviderType.DISK:
+            with open(new_related_file._calculate_path(), "wb") as f:
+                shutil.copyfileobj(file_stream, f)
+        else:
+            raise RuntimeError(
+                f"StorageProvider {app_config.mwdb.storage_provider} "
+                f"is not supported"
+            )
+
+    @classmethod
+    def access(cls, identifier):
+        related_file_obj = db.session.query(RelatedFile).filter(RelatedFile.sha256 == identifier).first()
+        if related_file_obj is None:
+            return None
+        if not g.auth_user.has_access_to_object(related_file_obj.object_id):
+            return None
+
+        return related_file_obj
+
+    def iterate(self, chunk_size=1024 * 256):
+        """
+        Iterates over bytes in the file contents
+        """
+        fh = self.open()
+        try:
+            if hasattr(fh, "stream"):
+                yield from fh.stream(chunk_size)
+            else:
+                while True:
+                    chunk = fh.read(chunk_size)
+                    if chunk:
+                        yield chunk
+                    else:
+                        return
+        finally:
+            fh.close()
\ No newline at end of file
diff --git a/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py b/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py
new file mode 100644
index 000000000..4baefba68
--- /dev/null
+++ b/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py
@@ -0,0 +1,36 @@
+"""add related_files table
+
+Revision ID: 3c610b0ddebc
+Revises: c7c72fd7fac5
+Create Date: 2022-12-12 09:02:40.406370
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '3c610b0ddebc'
+down_revision = 'c7c72fd7fac5'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.create_table(
+        "related_file",
+        sa.Column("id", sa.Integer(), autoincrement=True, nullable=False),
+        sa.Column("object_id", sa.Integer(), nullable=False),
+        sa.Column("file_name", sa.String(), nullable=False),
+        sa.Column("file_size", sa.Integer, nullable=False),
+        sa.Column("sha256", sa.String(length=64), nullable=False),
+        sa.ForeignKeyConstraint(
+            ["object_id"],
+            ["object.id"],
+        ),
+        sa.PrimaryKeyConstraint("id"),
+    )
+
+
+def downgrade():
+    op.drop_table("related_file")
diff --git a/mwdb/model/object.py b/mwdb/model/object.py
index e60e3bfb3..6a946a15d 100644
--- a/mwdb/model/object.py
+++ b/mwdb/model/object.py
@@ -257,6 +257,11 @@ class Object(db.Model):
         lazy="joined",
         cascade="save-update, merge, delete",
     )
+    related_files = db.relationship(
+        "RelatedFile",
+        back_populates="related_object",
+        lazy=True,
+    )
 
     followers = db.relationship(
         "User", secondary=favorites, back_populates="favorites", lazy="joined"
diff --git a/mwdb/resources/file.py b/mwdb/resources/file.py
index be2fad3cd..c60e4148b 100644
--- a/mwdb/resources/file.py
+++ b/mwdb/resources/file.py
@@ -5,7 +5,7 @@
 from mwdb.core.capabilities import Capabilities
 from mwdb.core.plugins import hooks
 from mwdb.core.rate_limit import rate_limited_resource
-from mwdb.model import File
+from mwdb.model import File, RelatedFile
 from mwdb.model.file import EmptyFileError
 from mwdb.model.object import ObjectTypeConflictError
 from mwdb.schema.file import (
@@ -585,3 +585,146 @@ def post(self, identifier):
         download_token = file.generate_download_token()
         schema = FileDownloadTokenResponseSchema()
         return schema.dump({"token": download_token})
+
+
+@rate_limited_resource
+class RelatedFileDownloadResource(Resource):
+    def get(self, identifier):
+        """
+        ---
+        summary: Download related file
+        description: |
+            Returns related file contents.
+        security:
+            - bearerAuth: []
+        tags:
+            - related_file
+        parameters:
+            - in: path
+              name: identifier
+              schema:
+                type: string
+              description: File identifier (SHA256)
+              required: true
+        responses:
+            200:
+                description: File contents
+                content:
+                  application/octet-stream:
+                    schema:
+                      type: string
+                      format: binary
+            404:
+                description: |
+                    When related file doesn't exist
+                    or user doesn't have access to it.
+            503:
+                description: |
+                    Request canceled due to database statement timeout.
+        """
+
+        if not g.auth_user:
+            raise Unauthorized("Not authenticated.")
+
+        related_file_obj = RelatedFile.access(identifier)
+
+        if related_file_obj is None:
+            raise NotFound("Object not found")
+
+        return Response(
+            related_file_obj.iterate(),
+            content_type="application/octet-stream",
+            headers={"Content-disposition": f"attachment; filename={related_file_obj.sha256}"},
+        )
+
+
+@rate_limited_resource
+class RelatedFileItemResource(Resource):
+    @requires_authorization
+    @requires_capabilities(Capabilities.adding_files)
+    def post(self, identifier):
+        """
+        ---
+        summary: Upload file
+        description: |
+            Uploads a new file.
+
+            Requires `adding_files` capability.
+        security:
+            - bearerAuth: []
+        tags:
+            - related_file
+        requestBody:
+            required: true
+            content:
+              multipart/form-data:
+                schema:
+                  type: object
+                  properties:
+                    file:
+                      type: string
+                      format: binary
+                      description: RelatedFile contents to be uploaded
+                    identifier:
+                      type: string
+                      description: |
+                        sha256 of the relating file
+                  required:
+                    - file
+                    - identifier
+        responses:
+            200:
+                description: Information about uploaded file
+            400:
+                description: RelatedFile is empty
+            409:
+                description: RelatedFile already exists
+            503:
+                description: |
+                    Request canceled due to database statement timeout.
+        """
+        try:
+            RelatedFile.create(
+                request.files["file"].filename,
+                request.files["file"].stream,
+                identifier
+            )
+        except EmptyFileError:
+            raise BadRequest("RelatedFile cannot be empty")
+        
+        return "OK" #self.create_object(obj["options"])
+
+    @requires_authorization
+    @requires_capabilities(Capabilities.removing_objects)
+    def delete(self, identifier):
+        """
+        ---
+        summary: Delete file
+        description: |
+            Removes a file from the database along with its references.
+
+            Requires `removing_objects` capability.
+        security:
+            - bearerAuth: []
+        tags:
+            - file
+        parameters:
+            - in: path
+              name: identifier
+              schema:
+                type: string
+              description: File identifier (SHA256/SHA512/SHA1/MD5)
+        responses:
+            200:
+                description: When file was deleted
+            403:
+                description: When user doesn't have `removing_objects` capability
+            404:
+                description: |
+                    When file doesn't exist, object is not a file
+                    or user doesn't have access to this object.
+            503:
+                description: |
+                    Request canceled due to database statement timeout.
+        """
+        return super().delete(identifier)
\ No newline at end of file
diff --git a/mwdb/web/src/commons/api/index.js b/mwdb/web/src/commons/api/index.js
index 847c2be97..5a8be281f 100644
--- a/mwdb/web/src/commons/api/index.js
+++ b/mwdb/web/src/commons/api/index.js
@@ -444,6 +444,10 @@ function uploadFile(file, parent, upload_as, attributes, fileUploadTimeout) {
     return axios.post(`/file`, formData, { timeout: fileUploadTimeout });
 }
 
+//function uploadRelatedFile(file, id) {
+//    return axios.post(`/related_file/${id}`)
+//}
+
 function getRemoteNames() {
     return axios.get("/remote");
 }

From c33d5c17ce06af7366e238e9c2acc6f12d5c309c Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Mon, 12 Dec 2022 11:19:33 +0100
Subject: [PATCH 02/33] working upload (I think)

---
 mwdb/app.py                                   |  4 ++-
 mwdb/model/file.py                            | 32 +++++++++++++------
 .../3c610b0ddebc_add_related_files_table.py   |  7 ++--
 mwdb/resources/file.py                        | 30 ++++++++++-------
 4 files changed, 47 insertions(+), 26 deletions(-)

diff --git a/mwdb/app.py b/mwdb/app.py
index 451d32efa..088181278 100755
--- a/mwdb/app.py
+++ b/mwdb/app.py
@@ -263,7 +263,9 @@ def require_auth():
 
 # RelatedFiles endpoints
 api.add_resource(RelatedFileItemResource, "/related_file/<hash64:identifier>")
-api.add_resource(RelatedFileDownloadResource, "/related_file/<hash64:identifier>/download")
+api.add_resource(
+    RelatedFileDownloadResource, "/related_file/<hash64:identifier>/download"
+)
 
 # Config endpoints
 api.add_resource(ConfigResource, "/config")
diff --git a/mwdb/model/file.py b/mwdb/model/file.py
index 7990cd210..81b311c33 100644
--- a/mwdb/model/file.py
+++ b/mwdb/model/file.py
@@ -5,11 +5,11 @@
 import tempfile
 
 import pyzipper
+from flask import g
 from sqlalchemy import or_
 from sqlalchemy.dialects.postgresql.array import ARRAY
 from sqlalchemy.ext.mutable import MutableList
 from werkzeug.utils import secure_filename
-from flask import g
 
 from mwdb.core.auth import AuthScope, generate_token, verify_token
 from mwdb.core.config import StorageProviderType, app_config
@@ -352,11 +352,12 @@ class RelatedFile(db.Model):
 
     def _calculate_path(self):
         if app_config.mwdb.storage_provider == StorageProviderType.DISK:
-            upload_path = (
-                "related_files"
-                if app_config.mwdb.related_files_folder == ""
-                else app_config.mwdb.related_files_folder + "/related_files"
-            )
+            # upload_path = (
+            #     "related_files"
+            #     if app_config.mwdb.related_files_folder == ""
+            #     else app_config.mwdb.related_files_folder + "/related_files"
+            # )
+            upload_path = "/app/uploads/related_files"
         elif app_config.mwdb.storage_provider == StorageProviderType.S3:
             upload_path = "related_files/"
         else:
@@ -381,7 +382,7 @@ def create(
         cls,
         file_name,
         file_stream,
-        related_object,
+        related_object_dhash,
     ):
         file_stream.seek(0, os.SEEK_END)
         file_size = file_stream.tell()
@@ -393,11 +394,20 @@ def create(
         new_related_file = (
             db.session.query(RelatedFile).filter(RelatedFile.sha256 == sha256).first()
         )
+        related_object = (
+            db.session.query(Object)
+            .filter(Object.dhash == related_object_dhash)
+            .first()
+        )
 
         # If file already exists
         if new_related_file is not None:
             return
 
+        # If related file doesn't exist
+        if related_object is None:
+            raise ValueError("There is no object with this sha256")
+
         new_related_file = RelatedFile(
             object_id=related_object.id,
             file_name=secure_filename(file_name),
@@ -430,7 +440,11 @@ def create(
 
     @classmethod
     def access(cls, identifier):
-        related_file_obj = db.session.query(RelatedFile).filter(RelatedFile.sha256 == identifier).first()
+        related_file_obj = (
+            db.session.query(RelatedFile)
+            .filter(RelatedFile.sha256 == identifier)
+            .first()
+        )
         if related_file_obj is None:
             return None
         if not g.auth_user.has_access_to_object(related_file_obj.object_id):
@@ -454,4 +468,4 @@ def iterate(self, chunk_size=1024 * 256):
                     else:
                         return
         finally:
-            fh.close()
\ No newline at end of file
+            fh.close()
diff --git a/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py b/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py
index 4baefba68..21d625637 100644
--- a/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py
+++ b/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py
@@ -5,13 +5,12 @@
 Create Date: 2022-12-12 09:02:40.406370
 
 """
-from alembic import op
 import sqlalchemy as sa
-
+from alembic import op
 
 # revision identifiers, used by Alembic.
-revision = '3c610b0ddebc'
-down_revision = 'c7c72fd7fac5'
+revision = "3c610b0ddebc"
+down_revision = "c7c72fd7fac5"
 branch_labels = None
 depends_on = None
 
diff --git a/mwdb/resources/file.py b/mwdb/resources/file.py
index c60e4148b..04abd3b5a 100644
--- a/mwdb/resources/file.py
+++ b/mwdb/resources/file.py
@@ -634,7 +634,9 @@ def get(self, identifier):
         return Response(
             related_file_obj.iterate(),
             content_type="application/octet-stream",
-            headers={"Content-disposition": f"attachment; filename={related_file_obj.sha256}"},
+            headers={
+                "Content-disposition": f"attachment; filename={related_file_obj.sha256}"
+            },
         )
 
 
@@ -654,6 +656,13 @@ def post(self, identifier):
             - bearerAuth: []
         tags:
             - related_file
+        parameters:
+            - in: path
+              name: identifier
+              schema:
+                type: string
+              description: File identifier (SHA256)
+              required: true
         requestBody:
             required: true
             content:
@@ -665,18 +674,15 @@ def post(self, identifier):
                       type: string
                       format: binary
                       description: RelatedFile contents to be uploaded
-                    identifier:
-                      type: string
-                      description: |
-                        sha256 of the relating file
                   required:
                     - file
-                    - identifier
         responses:
             200:
                 description: Information about uploaded file
             400:
                 description: RelatedFile is empty
+            404:
+                description: There is no file with provided sha256
             409:
                 description: RelatedFile already exists
             503:
@@ -685,14 +691,14 @@ def post(self, identifier):
         """
         try:
             RelatedFile.create(
-                request.files["file"].filename,
-                request.files["file"].stream,
-                identifier
+                request.files["file"].filename, request.files["file"].stream, identifier
             )
         except EmptyFileError:
             raise BadRequest("RelatedFile cannot be empty")
-        
-        return "OK" #self.create_object(obj["options"])
+        except ValueError:
+            raise NotFound("There is no file with provided sha256")
+
+        return "OK"  # self.create_object(obj["options"])
 
     @requires_authorization
     @requires_capabilities(Capabilities.removing_objects)
@@ -727,4 +733,4 @@ def delete(self, identifier):
                 description: |
                     Request canceled due to database statement timeout.
         """
-        return super().delete(identifier)
\ No newline at end of file
+        return super().delete(identifier)

From da5f8bc79b19c9d592fed2a34828bd1e15289838 Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Mon, 12 Dec 2022 11:30:18 +0100
Subject: [PATCH 03/33] adding related files in database

---
 mwdb/model/file.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mwdb/model/file.py b/mwdb/model/file.py
index 81b311c33..09618ca68 100644
--- a/mwdb/model/file.py
+++ b/mwdb/model/file.py
@@ -437,6 +437,8 @@ def create(
                 f"StorageProvider {app_config.mwdb.storage_provider} "
                 f"is not supported"
             )
+        db.session.add(new_related_file)
+        db.session.commit()
 
     @classmethod
     def access(cls, identifier):

From f9b30065d135d7fdc3f2c97ad192cadbbc2f758e Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Mon, 12 Dec 2022 14:54:24 +0100
Subject: [PATCH 04/33] (probably) working backend

---
 mwdb/model/file.py     | 71 ++++++++++++++++++++++++++++++++-
 mwdb/resources/file.py | 89 +++++++++++++++++++++++++++++++++++-------
 mwdb/schema/file.py    | 11 ++++++
 3 files changed, 154 insertions(+), 17 deletions(-)

diff --git a/mwdb/model/file.py b/mwdb/model/file.py
index 09618ca68..36ece00ae 100644
--- a/mwdb/model/file.py
+++ b/mwdb/model/file.py
@@ -406,7 +406,9 @@ def create(
 
         # If related file doesn't exist
         if related_object is None:
-            raise ValueError("There is no object with this sha256")
+            raise ValueError(
+                "There is no object with this sha256 or you don't have access"
+            )
 
         new_related_file = RelatedFile(
             object_id=related_object.id,
@@ -449,11 +451,76 @@ def access(cls, identifier):
         )
         if related_file_obj is None:
             return None
-        if not g.auth_user.has_access_to_object(related_file_obj.object_id):
+
+        main_obj = (
+            db.session.query(Object)
+            .filter(Object.id == related_file_obj.object_id)
+            .first()
+        )
+        if not main_obj.has_explicit_access(g.auth_user):
             return None
 
         return related_file_obj
 
+    @classmethod
+    def delete(cls, identifier):
+        related_file_obj = (
+            db.session.query(RelatedFile)
+            .filter(RelatedFile.sha256 == identifier)
+            .first()
+        )
+
+        if related_file_obj is None:
+            raise ValueError(
+                "There is no object with this sha256 or you don't have access"
+            )
+        main_obj = (
+            db.session.query(Object)
+            .filter(Object.id == related_file_obj.object_id)
+            .first()
+        )
+        if not main_obj.has_explicit_access(g.auth_user):
+            raise ValueError(
+                "There is no object with this sha256 or you don't have access"
+            )
+
+        db.session.delete(related_file_obj)
+        db.session.commit()
+        return
+
+    def open(self):
+        """
+        Opens the related file stream with contents.
+        """
+        if app_config.mwdb.storage_provider == StorageProviderType.S3:
+            # Stream coming from Boto3 get_object is not buffered and not seekable.
+            # We need to download it to the temporary file first.
+            stream = tempfile.TemporaryFile(mode="w+b")
+            try:
+                get_s3_client(
+                    app_config.mwdb.s3_storage_endpoint,
+                    app_config.mwdb.s3_storage_access_key,
+                    app_config.mwdb.s3_storage_secret_key,
+                    app_config.mwdb.s3_storage_region_name,
+                    app_config.mwdb.s3_storage_secure,
+                    app_config.mwdb.s3_storage_iam_auth,
+                ).download_fileobj(
+                    Bucket=app_config.mwdb.s3_storage_bucket_name,
+                    Key=self._calculate_path(),
+                    Fileobj=stream,
+                )
+                stream.seek(0, io.SEEK_SET)
+                return stream
+            except Exception:
+                stream.close()
+                raise
+        elif app_config.mwdb.storage_provider == StorageProviderType.DISK:
+            return open(self._calculate_path(), "rb")
+        else:
+            raise RuntimeError(
+                f"StorageProvider {app_config.mwdb.storage_provider} is not supported"
+            )
+
     def iterate(self, chunk_size=1024 * 256):
         """
         Iterates over bytes in the file contents
diff --git a/mwdb/resources/file.py b/mwdb/resources/file.py
index 04abd3b5a..773570639 100644
--- a/mwdb/resources/file.py
+++ b/mwdb/resources/file.py
@@ -5,7 +5,7 @@
 from mwdb.core.capabilities import Capabilities
 from mwdb.core.plugins import hooks
 from mwdb.core.rate_limit import rate_limited_resource
-from mwdb.model import File, RelatedFile
+from mwdb.model import File, Object, RelatedFile, db
 from mwdb.model.file import EmptyFileError
 from mwdb.model.object import ObjectTypeConflictError
 from mwdb.schema.file import (
@@ -14,6 +14,7 @@
     FileItemResponseSchema,
     FileLegacyCreateRequestSchema,
     FileListResponseSchema,
+    RelatedFileResponseSchema,
 )
 
 from . import load_schema, requires_authorization, requires_capabilities
@@ -604,11 +605,11 @@ def get(self, identifier):
               name: identifier
               schema:
                 type: string
-              description: File identifier (SHA256)
+              description: RelatedFile identifier (SHA256)
               required: true
         responses:
             200:
-                description: File contents
+                description: RelatedFile contents
                 content:
                   application/octet-stream:
                     schema:
@@ -642,14 +643,62 @@ def get(self, identifier):
 
 @rate_limited_resource
 class RelatedFileItemResource(Resource):
+    def get(self, identifier):
+        """
+        ---
+        summary: Get list of RelatedFiles
+        description: |
+            Returns list of RelatedFiles for a File specified by sha256
+        security:
+            - bearerAuth: []
+        tags:
+            - related_file
+        parameters:
+            - in: path
+              name: identifier
+              schema:
+                type: string
+              description: Master File identifier (SHA256)
+              required: true
+        responses:
+            200:
+                description: List of RelatedFiles
+                content:
+                  application/json:
+                    schema: RelatedFileResponseSchema
+            404:
+                description: |
+                    There is no file with provided sha256 or you don't have access to it
+            503:
+                description: |
+                    Request canceled due to database statement timeout.
+        """
+        master_object = (
+            db.session.query(Object)
+            .filter(Object.dhash == identifier)
+            .filter(g.auth_user.has_access_to_object(Object.id))
+        ).first()
+
+        if master_object is None:
+            raise NotFound(
+                "There is no file with provided sha256 or you don't have access to it"
+            )
+
+        related_files = db.session.query(RelatedFile).filter(
+            RelatedFile.object_id == master_object.id
+        )
+        schema = RelatedFileResponseSchema()
+
+        return schema.dump({"related_files": related_files})
+
     @requires_authorization
     @requires_capabilities(Capabilities.adding_files)
     def post(self, identifier):
         """
         ---
-        summary: Upload file
+        summary: Upload related file
         description: |
-            Uploads a new file.
+            Uploads a new related file.
 
             Requires `adding_files` capability.
         security:
@@ -661,7 +710,7 @@ def post(self, identifier):
               name: identifier
               schema:
                 type: string
-              description: File identifier (SHA256)
+              description: Master File identifier (SHA256)
               required: true
         requestBody:
             required: true
@@ -678,11 +727,12 @@ def post(self, identifier):
                     - file
         responses:
             200:
-                description: Information about uploaded file
+                description: OK
             400:
                 description: RelatedFile is empty
             404:
-                description: There is no file with provided sha256
+                description: |
+                    There is no file with provided sha256 or you don't have access to it
             409:
                 description: RelatedFile already exists
             503:
@@ -696,9 +746,11 @@ def post(self, identifier):
         except EmptyFileError:
             raise BadRequest("RelatedFile cannot be empty")
         except ValueError:
-            raise NotFound("There is no file with provided sha256")
+            raise NotFound(
+                "There is no file with provided sha256 or you don't have access to it"
+            )
 
-        return "OK"  # self.create_object(obj["options"])
+        return Response("OK")
 
     @requires_authorization
     @requires_capabilities(Capabilities.removing_objects)
@@ -713,24 +765,31 @@ def delete(self, identifier):
         security:
             - bearerAuth: []
         tags:
-            - file
+            - related_file
         parameters:
             - in: path
               name: identifier
               schema:
                 type: string
-              description: File identifier (SHA256/SHA512/SHA1/MD5)
+              description: RelatedFile identifier (SHA256/SHA512/SHA1/MD5)
         responses:
             200:
-                description: When file was deleted
+                description: When related file was deleted
             403:
                 description: When user doesn't have `removing_objects` capability
             404:
                 description: |
-                    When file doesn't exist, object is not a file
+                    When related file doesn't exist
                     or user doesn't have access to this object.
             503:
                 description: |
                     Request canceled due to database statement timeout.
         """
-        return super().delete(identifier)
+        try:
+            RelatedFile.delete(identifier)
+        except ValueError:
+            raise NotFound(
+                "There is no file with provided sha256 or you don't have access to it"
+            )
+
+        return Response("OK")
diff --git a/mwdb/schema/file.py b/mwdb/schema/file.py
index 8825135ce..0f8e1581a 100644
--- a/mwdb/schema/file.py
+++ b/mwdb/schema/file.py
@@ -73,3 +73,14 @@ class FileItemResponseSchema(ObjectItemResponseSchema):
 
 class FileDownloadTokenResponseSchema(Schema):
     token = fields.Str(required=True, allow_none=False)
+
+
+class RelatedFileItemResponseSchema(Schema):
+    file_name = fields.Str(required=True, allow_none=False)
+    file_size = fields.Int(required=True, allow_none=False)
+
+
+class RelatedFileResponseSchema(Schema):
+    related_files = fields.Nested(
+        RelatedFileItemResponseSchema, many=True, required=True, allow_none=False
+    )

From 434e5e8a27d6aa6150b00cda34c0612bbc13422c Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Mon, 12 Dec 2022 15:05:03 +0100
Subject: [PATCH 05/33] Raise exception when the same related file is uploaded
 second time

---
 mwdb/model/file.py     | 2 +-
 mwdb/resources/file.py | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/mwdb/model/file.py b/mwdb/model/file.py
index 36ece00ae..8965c3d19 100644
--- a/mwdb/model/file.py
+++ b/mwdb/model/file.py
@@ -402,7 +402,7 @@ def create(
 
         # If file already exists
         if new_related_file is not None:
-            return
+            raise FileExistsError("Related file with this sha256 already exists")
 
         # If related file doesn't exist
         if related_object is None:
diff --git a/mwdb/resources/file.py b/mwdb/resources/file.py
index 773570639..29fcc53bc 100644
--- a/mwdb/resources/file.py
+++ b/mwdb/resources/file.py
@@ -749,6 +749,8 @@ def post(self, identifier):
             raise NotFound(
                 "There is no file with provided sha256 or you don't have access to it"
             )
+        except FileExistsError:
+            raise Conflict("Related file with this sha256 already exists")
 
         return Response("OK")
 

From 6f57b7e0d028c3a3a8a03616c2ccab750b416757 Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Mon, 12 Dec 2022 17:07:33 +0100
Subject: [PATCH 06/33] Initial front-end commit

---
 mwdb/schema/file.py                           |  1 +
 mwdb/web/src/commons/api/index.js             |  7 +-
 .../ShowObject/Views/RelatedFilesTab.js       | 69 +++++++++++++++++++
 mwdb/web/src/components/ShowObject/index.js   |  1 +
 mwdb/web/src/components/ShowSample.js         |  2 +
 5 files changed, 77 insertions(+), 3 deletions(-)
 create mode 100644 mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js

diff --git a/mwdb/schema/file.py b/mwdb/schema/file.py
index 0f8e1581a..b0a9114f3 100644
--- a/mwdb/schema/file.py
+++ b/mwdb/schema/file.py
@@ -78,6 +78,7 @@ class FileDownloadTokenResponseSchema(Schema):
 class RelatedFileItemResponseSchema(Schema):
     file_name = fields.Str(required=True, allow_none=False)
     file_size = fields.Int(required=True, allow_none=False)
+    sha256 = fields.Str(required=True, allow_none=False)
 
 
 class RelatedFileResponseSchema(Schema):
diff --git a/mwdb/web/src/commons/api/index.js b/mwdb/web/src/commons/api/index.js
index 5a8be281f..772cd8c3c 100644
--- a/mwdb/web/src/commons/api/index.js
+++ b/mwdb/web/src/commons/api/index.js
@@ -444,9 +444,9 @@ function uploadFile(file, parent, upload_as, attributes, fileUploadTimeout) {
     return axios.post(`/file`, formData, { timeout: fileUploadTimeout });
 }
 
-//function uploadRelatedFile(file, id) {
-//    return axios.post(`/related_file/${id}`)
-//}
+function getListOfRelatedFiles(id) {
+    return axios.get(`/related_file/${id}`)
+}
 
 function getRemoteNames() {
     return axios.get("/remote");
@@ -630,6 +630,7 @@ const api = {
     requestFileDownloadLink,
     requestZipFileDownloadLink,
     uploadFile,
+    getListOfRelatedFiles,
     getRemoteNames,
     pushObjectRemote,
     pullObjectRemote,
diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
new file mode 100644
index 000000000..9e2bd0111
--- /dev/null
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -0,0 +1,69 @@
+import React, { useContext, useState } from "react";
+import { Link } from "react-router-dom";
+
+import { faPlus, faExternalLinkSquare } from "@fortawesome/free-solid-svg-icons";
+
+import { ObjectContext } from "@mwdb-web/commons/context";
+import { ObjectAction, ObjectTab } from "@mwdb-web/commons/ui";
+import { APIContext } from "@mwdb-web/commons/api/context";
+
+function RelatedFileItem({ file_name, file_size, sha256 }){
+    console.log(file_name);
+    return (
+        <tr>
+            <td>
+                {file_name}
+            </td>
+            <td>
+                {file_size}
+            </td>
+            <td>
+                <Link
+                    to={`/related_file/${sha256}/download`}
+                >
+                    Pobierz
+                </Link>
+            </td>
+        </tr>
+    );
+}
+
+function ShowRelatedFiles(){
+    const [relatedFiles, setRelatedFiles] = useState([]);
+
+    async function updateRelatedFiles(){
+        try{
+            let response = await api.getListOfRelatedFiles(context.object.sha256);
+            setRelatedFiles(response.data.related_files);
+        } catch (error) {
+            console.log(error);
+        }
+    }
+
+    const api = useContext(APIContext);
+    const context = useContext(ObjectContext);
+
+    updateRelatedFiles();
+
+    return (
+        <table className="table table-striped table-bordered wrap-table share-table">
+            {relatedFiles.map((related_file) => (
+                <RelatedFileItem {...related_file} />
+            ))}
+        </table>
+    );
+}
+
+export default function RelatedFilesTab(){
+    return (
+        <ObjectTab
+            tab = "related_files"
+            label = "Related files"
+            icon = {faExternalLinkSquare}
+            component = {ShowRelatedFiles}
+            actions={[
+                <ObjectAction label="Upload new" icon={faPlus} link="google.com" />,
+            ]}
+        />
+    )
+}
\ No newline at end of file
diff --git a/mwdb/web/src/components/ShowObject/index.js b/mwdb/web/src/components/ShowObject/index.js
index e8be8f093..f8af59d65 100644
--- a/mwdb/web/src/components/ShowObject/index.js
+++ b/mwdb/web/src/components/ShowObject/index.js
@@ -1,6 +1,7 @@
 export { default as ShowObject } from "./ShowObject";
 
 export { default as RelationsTab } from "./Views/RelationsTab";
+export { default as RelatedFilesTab } from "./Views/RelatedFilesTab"
 export { default as LatestConfigTab } from "./Views/LatestConfigTab";
 
 export { default as DownloadAction } from "./Actions/DownloadAction";
diff --git a/mwdb/web/src/components/ShowSample.js b/mwdb/web/src/components/ShowSample.js
index 1c87015d1..251815b87 100644
--- a/mwdb/web/src/components/ShowSample.js
+++ b/mwdb/web/src/components/ShowSample.js
@@ -8,6 +8,7 @@ import {
     useTabContext,
     LatestConfigTab,
     RelationsTab,
+    RelatedFilesTab,
     DownloadAction,
     ZipAction,
     FavoriteAction,
@@ -335,6 +336,7 @@ export default function ShowSample(props) {
                     <DownloadAction download={downloadSample} />,
                 ]}
             />
+            <RelatedFilesTab />
             <LatestConfigTab label="Static config" />
         </ShowObject>
     );

From 735fc1fb949361e16f0201e7955fd2517f7cdfce Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Mon, 12 Dec 2022 17:35:39 +0100
Subject: [PATCH 07/33] Front-end adjustments

---
 .../ShowObject/Views/RelatedFilesTab.js       | 31 ++++++++++++++-----
 1 file changed, 24 insertions(+), 7 deletions(-)

diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index 9e2bd0111..eeed963f8 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -1,7 +1,8 @@
 import React, { useContext, useState } from "react";
 import { Link } from "react-router-dom";
 
-import { faPlus, faExternalLinkSquare } from "@fortawesome/free-solid-svg-icons";
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { faPlus, faExternalLinkSquare, faDownload } from "@fortawesome/free-solid-svg-icons";
 
 import { ObjectContext } from "@mwdb-web/commons/context";
 import { ObjectAction, ObjectTab } from "@mwdb-web/commons/ui";
@@ -10,18 +11,23 @@ import { APIContext } from "@mwdb-web/commons/api/context";
 function RelatedFileItem({ file_name, file_size, sha256 }){
     console.log(file_name);
     return (
-        <tr>
+        <tr class="flickerable">
             <td>
                 {file_name}
             </td>
             <td>
-                {file_size}
+                {file_size} B
             </td>
             <td>
                 <Link
-                    to={`/related_file/${sha256}/download`}
+                    to={`/related_files/${sha256}/download`}
+                    className="nav-link"
+                    onClick={() => {
+
+                    }}
                 >
-                    Pobierz
+                    <FontAwesomeIcon icon={faDownload} size="1x"/>
+                    &nbsp;Download
                 </Link>
             </td>
         </tr>
@@ -46,7 +52,18 @@ function ShowRelatedFiles(){
     updateRelatedFiles();
 
     return (
-        <table className="table table-striped table-bordered wrap-table share-table">
+        <table className="table table-striped table-bordered table-hover data-table">
+            <thead>
+                <td>
+                    File name
+                </td>
+                <td>
+                    File size
+                </td>
+                <td>
+                    Download
+                </td>
+            </thead>
             {relatedFiles.map((related_file) => (
                 <RelatedFileItem {...related_file} />
             ))}
@@ -62,7 +79,7 @@ export default function RelatedFilesTab(){
             icon = {faExternalLinkSquare}
             component = {ShowRelatedFiles}
             actions={[
-                <ObjectAction label="Upload new" icon={faPlus} link="google.com" />,
+                <ObjectAction label="Upload new" icon={faPlus} link="PUT_MODAL_HERE" />,
             ]}
         />
     )

From 1fd981a9a3a896a52c2ef95bb59f4b1e4df48c7e Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Tue, 13 Dec 2022 10:19:19 +0100
Subject: [PATCH 08/33] Fix problem with too many rerenders

---
 .../components/ShowObject/Views/RelatedFilesTab.js    | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index eeed963f8..5ef548cc0 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -1,4 +1,4 @@
-import React, { useContext, useState } from "react";
+import React, { useCallback, useContext, useEffect, useState } from "react";
 import { Link } from "react-router-dom";
 
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
@@ -49,7 +49,14 @@ function ShowRelatedFiles(){
     const api = useContext(APIContext);
     const context = useContext(ObjectContext);
 
-    updateRelatedFiles();
+    const getRelatedFiles = useCallback(updateRelatedFiles, [
+        api,
+        context
+    ]);
+
+    useEffect(() => {
+        getRelatedFiles();
+    }, [getRelatedFiles]);
 
     return (
         <table className="table table-striped table-bordered table-hover data-table">

From 8dd170e1fdcff252ba76884e6b6628014af3d84d Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Tue, 13 Dec 2022 12:30:48 +0100
Subject: [PATCH 09/33] progress in front-end

---
 mwdb/web/src/commons/api/index.js             |  19 +-
 .../ShowObject/Views/RelatedFilesTab.js       | 174 ++++++++++++------
 mwdb/web/src/components/ShowObject/index.js   |   2 +-
 3 files changed, 134 insertions(+), 61 deletions(-)

diff --git a/mwdb/web/src/commons/api/index.js b/mwdb/web/src/commons/api/index.js
index 772cd8c3c..064095908 100644
--- a/mwdb/web/src/commons/api/index.js
+++ b/mwdb/web/src/commons/api/index.js
@@ -444,8 +444,22 @@ function uploadFile(file, parent, upload_as, attributes, fileUploadTimeout) {
     return axios.post(`/file`, formData, { timeout: fileUploadTimeout });
 }
 
+function uploadRelatedFile(file, masterFileDhash) {
+    let formData = new FormData();
+    formData.append("file", file);
+    return axios.post(`/related_file/${masterFileDhash}`, formData);
+}
+
+function downloadRelatedFile(id) {
+    return axios.get(`/related_file/${id}/download`);
+}
+
+function deleteRelatedFile(id) {
+    return axios.delete(`/related_file/${id}`);
+}
+
 function getListOfRelatedFiles(id) {
-    return axios.get(`/related_file/${id}`)
+    return axios.get(`/related_file/${id}`);
 }
 
 function getRemoteNames() {
@@ -630,6 +644,9 @@ const api = {
     requestFileDownloadLink,
     requestZipFileDownloadLink,
     uploadFile,
+    uploadRelatedFile,
+    downloadRelatedFile,
+    deleteRelatedFile,
     getListOfRelatedFiles,
     getRemoteNames,
     pushObjectRemote,
diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index 5ef548cc0..e20726aa9 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -2,57 +2,69 @@ import React, { useCallback, useContext, useEffect, useState } from "react";
 import { Link } from "react-router-dom";
 
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
-import { faPlus, faExternalLinkSquare, faDownload } from "@fortawesome/free-solid-svg-icons";
+import {
+    faPlus,
+    faExternalLinkSquare,
+    faDownload,
+    faTrash,
+} from "@fortawesome/free-solid-svg-icons";
 
 import { ObjectContext } from "@mwdb-web/commons/context";
 import { ObjectAction, ObjectTab } from "@mwdb-web/commons/ui";
 import { APIContext } from "@mwdb-web/commons/api/context";
+import ReactModal from "react-modal";
 
-function RelatedFileItem({ file_name, file_size, sha256 }){
-    console.log(file_name);
-    return (
-        <tr class="flickerable">
-            <td>
-                {file_name}
-            </td>
-            <td>
-                {file_size} B
-            </td>
-            <td>
-                <Link
-                    to={`/related_files/${sha256}/download`}
-                    className="nav-link"
-                    onClick={() => {
-
-                    }}
-                >
-                    <FontAwesomeIcon icon={faDownload} size="1x"/>
-                    &nbsp;Download
-                </Link>
-            </td>
-        </tr>
-    );
-}
-
-function ShowRelatedFiles(){
+function ShowRelatedFiles() {
     const [relatedFiles, setRelatedFiles] = useState([]);
+    const api = useContext(APIContext);
+    const context = useContext(ObjectContext);
 
-    async function updateRelatedFiles(){
-        try{
-            let response = await api.getListOfRelatedFiles(context.object.sha256);
+    function RelatedFileItem({ file_name, file_size, sha256 }) {
+        return (
+            <tr class="flickerable">
+                <td>{file_name}</td>
+                <td>{file_size} B</td>
+                <td>
+                    <Link
+                        to=""
+                        className="nav-link"
+                        onClick={async () => {
+                            console.log(sha256);
+                            await api.downloadRelatedFile(sha256);
+                        }}
+                    >
+                        <FontAwesomeIcon icon={faDownload} size="1x" />
+                        &nbsp;Download
+                    </Link>
+                </td>
+                <td>
+                    <Link
+                        to=""
+                        className="nav-link"
+                        onClick={async () => {
+                            await api.deleteRelatedFile(sha256);
+                        }}
+                    >
+                        <FontAwesomeIcon icon={faTrash} size="1x" />
+                        &nbsp;Remove
+                    </Link>
+                </td>
+            </tr>
+        );
+    }
+
+    async function updateRelatedFiles() {
+        try {
+            let response = await api.getListOfRelatedFiles(
+                context.object.sha256
+            );
             setRelatedFiles(response.data.related_files);
         } catch (error) {
             console.log(error);
         }
     }
 
-    const api = useContext(APIContext);
-    const context = useContext(ObjectContext);
-
-    const getRelatedFiles = useCallback(updateRelatedFiles, [
-        api,
-        context
-    ]);
+    const getRelatedFiles = useCallback(updateRelatedFiles, [api, context]);
 
     useEffect(() => {
         getRelatedFiles();
@@ -61,15 +73,10 @@ function ShowRelatedFiles(){
     return (
         <table className="table table-striped table-bordered table-hover data-table">
             <thead>
-                <td>
-                    File name
-                </td>
-                <td>
-                    File size
-                </td>
-                <td>
-                    Download
-                </td>
+                <td>File name</td>
+                <td>File size</td>
+                <td>Download</td>
+                <td>Remove</td>
             </thead>
             {relatedFiles.map((related_file) => (
                 <RelatedFileItem {...related_file} />
@@ -78,16 +85,65 @@ function ShowRelatedFiles(){
     );
 }
 
-export default function RelatedFilesTab(){
+export default function RelatedFilesTab() {
+    const [showModal, setShowModal] = useState();
+    const [file, setFile] = useState(null);
+    const context = useContext(ObjectContext);
+    const api = useContext(APIContext);
+
+    async function handleSubmit() {
+        try {
+            await api.uploadRelatedFile(file, context.object.sha256);
+        } catch (error) {
+            console.log(error);
+        }
+    }
+
     return (
-        <ObjectTab
-            tab = "related_files"
-            label = "Related files"
-            icon = {faExternalLinkSquare}
-            component = {ShowRelatedFiles}
-            actions={[
-                <ObjectAction label="Upload new" icon={faPlus} link="PUT_MODAL_HERE" />,
-            ]}
-        />
-    )
-}
\ No newline at end of file
+        <div>
+            <ObjectTab
+                tab="related_files"
+                label="Related files"
+                icon={faExternalLinkSquare}
+                component={ShowRelatedFiles}
+                actions={[
+                    <ObjectAction
+                        label="Upload new"
+                        icon={faPlus}
+                        action={() => {
+                            setShowModal(true);
+                        }}
+                    />,
+                ]}
+            />
+            <ReactModal
+                isOpen={showModal}
+                onRequestClose={() => {
+                    setShowModal(false);
+                }}
+            >
+                <form
+                    onSubmit={() => {
+                        handleSubmit();
+                        setShowModal(false);
+                    }}
+                >
+                    <input
+                        type="file"
+                        required="required"
+                        onChange={(data) => setFile(data)}
+                    />{" "}
+                    <br />
+                    <input type="submit" />
+                </form>
+                <button
+                    onClick={() => {
+                        setShowModal(false);
+                    }}
+                >
+                    Cancel
+                </button>
+            </ReactModal>
+        </div>
+    );
+}
diff --git a/mwdb/web/src/components/ShowObject/index.js b/mwdb/web/src/components/ShowObject/index.js
index f8af59d65..afb75a817 100644
--- a/mwdb/web/src/components/ShowObject/index.js
+++ b/mwdb/web/src/components/ShowObject/index.js
@@ -1,7 +1,7 @@
 export { default as ShowObject } from "./ShowObject";
 
 export { default as RelationsTab } from "./Views/RelationsTab";
-export { default as RelatedFilesTab } from "./Views/RelatedFilesTab"
+export { default as RelatedFilesTab } from "./Views/RelatedFilesTab";
 export { default as LatestConfigTab } from "./Views/LatestConfigTab";
 
 export { default as DownloadAction } from "./Actions/DownloadAction";

From 55ea824d2907c97ad278b53539a1825dfaec8c37 Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Tue, 13 Dec 2022 13:25:50 +0100
Subject: [PATCH 10/33] working download

---
 mwdb/web/src/commons/api/index.js                   |  5 ++++-
 .../components/ShowObject/Views/RelatedFilesTab.js  | 13 ++++++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/mwdb/web/src/commons/api/index.js b/mwdb/web/src/commons/api/index.js
index 064095908..537e26030 100644
--- a/mwdb/web/src/commons/api/index.js
+++ b/mwdb/web/src/commons/api/index.js
@@ -451,7 +451,10 @@ function uploadRelatedFile(file, masterFileDhash) {
 }
 
 function downloadRelatedFile(id) {
-    return axios.get(`/related_file/${id}/download`);
+    return axios.get(`/related_file/${id}/download`, {
+        responseType: "arraybuffer",
+        responseEncoding: "binary",
+    });
 }
 
 function deleteRelatedFile(id) {
diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index e20726aa9..334d5290b 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -26,11 +26,18 @@ function ShowRelatedFiles() {
                 <td>{file_size} B</td>
                 <td>
                     <Link
-                        to=""
+                        to={`/file/${context.object.sha256}/related_files`}
                         className="nav-link"
                         onClick={async () => {
-                            console.log(sha256);
-                            await api.downloadRelatedFile(sha256);
+                            let content = await api.downloadRelatedFile(sha256);
+                            let blob = new Blob([content.data], {
+                                type: "application/octet-stream",
+                            });
+                            let tempLink = document.createElement("a");
+                            tempLink.style.display = "none";
+                            tempLink.href = window.URL.createObjectURL(blob);
+                            tempLink.download = file_name;
+                            tempLink.click();
                         }}
                     >
                         <FontAwesomeIcon icon={faDownload} size="1x" />

From d247ee2f454a00946172990b2c885caf6820049c Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Tue, 13 Dec 2022 13:27:20 +0100
Subject: [PATCH 11/33] little fix in removing related files

---
 mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index 334d5290b..9445b1f8a 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -46,7 +46,7 @@ function ShowRelatedFiles() {
                 </td>
                 <td>
                     <Link
-                        to=""
+                        to={`/file/${context.object.sha256}/related_files`}
                         className="nav-link"
                         onClick={async () => {
                             await api.deleteRelatedFile(sha256);

From d589b0cd4088e84c986c930fe0494856e0477358 Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Tue, 13 Dec 2022 14:00:40 +0100
Subject: [PATCH 12/33] Working upload

---
 .../src/components/ShowObject/Views/RelatedFilesTab.js | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index 9445b1f8a..369ce622d 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -130,15 +130,23 @@ export default function RelatedFilesTab() {
                 }}
             >
                 <form
+                    name="RelatedFileUploadForm"
                     onSubmit={() => {
                         handleSubmit();
                         setShowModal(false);
                     }}
                 >
                     <input
+                        name="RelatedFileUploadField"
                         type="file"
                         required="required"
-                        onChange={(data) => setFile(data)}
+                        onChange={() =>
+                            setFile(
+                                document.forms["RelatedFileUploadForm"][
+                                    "RelatedFileUploadField"
+                                ].files[0]
+                            )
+                        }
                     />{" "}
                     <br />
                     <input type="submit" />

From eb666673f46383871e852f685f755370db452b7c Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Tue, 13 Dec 2022 17:21:24 +0100
Subject: [PATCH 13/33] almost working front-end with better error handling

---
 .../ShowObject/Views/RelatedFilesTab.js       | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index 369ce622d..5ea9c7fd8 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -18,6 +18,7 @@ function ShowRelatedFiles() {
     const [relatedFiles, setRelatedFiles] = useState([]);
     const api = useContext(APIContext);
     const context = useContext(ObjectContext);
+    const { setObjectError, updateObjectData } = context;
 
     function RelatedFileItem({ file_name, file_size, sha256 }) {
         return (
@@ -50,6 +51,7 @@ function ShowRelatedFiles() {
                         className="nav-link"
                         onClick={async () => {
                             await api.deleteRelatedFile(sha256);
+                            updateRelatedFiles();
                         }}
                     >
                         <FontAwesomeIcon icon={faTrash} size="1x" />
@@ -66,12 +68,19 @@ function ShowRelatedFiles() {
                 context.object.sha256
             );
             setRelatedFiles(response.data.related_files);
+            updateObjectData({
+                related_files: response.data.related_files,
+            });
         } catch (error) {
-            console.log(error);
+            setObjectError(error);
         }
     }
-
-    const getRelatedFiles = useCallback(updateRelatedFiles, [api, context]);
+    const getRelatedFiles = useCallback(updateRelatedFiles, [
+        api,
+        setObjectError,
+        updateObjectData,
+        context.object.sha256,
+    ]);
 
     useEffect(() => {
         getRelatedFiles();
@@ -97,12 +106,13 @@ export default function RelatedFilesTab() {
     const [file, setFile] = useState(null);
     const context = useContext(ObjectContext);
     const api = useContext(APIContext);
+    const { setObjectError } = context;
 
     async function handleSubmit() {
         try {
             await api.uploadRelatedFile(file, context.object.sha256);
         } catch (error) {
-            console.log(error);
+            setObjectError(error);
         }
     }
 
@@ -134,6 +144,7 @@ export default function RelatedFilesTab() {
                     onSubmit={() => {
                         handleSubmit();
                         setShowModal(false);
+                        ShowRelatedFiles().updateRelatedFiles();
                     }}
                 >
                     <input

From 8c42fb10c85cf58a1ec90a05dd9bc13316710a61 Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Tue, 13 Dec 2022 17:48:38 +0100
Subject: [PATCH 14/33] visual improvements

---
 .../ShowObject/Views/RelatedFilesTab.js       | 40 ++++++++++++++-----
 1 file changed, 30 insertions(+), 10 deletions(-)

diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index 5ea9c7fd8..5c72ea2e0 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -13,6 +13,7 @@ import { ObjectContext } from "@mwdb-web/commons/context";
 import { ObjectAction, ObjectTab } from "@mwdb-web/commons/ui";
 import { APIContext } from "@mwdb-web/commons/api/context";
 import ReactModal from "react-modal";
+import { useDropzone } from "react-dropzone";
 
 function ShowRelatedFiles() {
     const [relatedFiles, setRelatedFiles] = useState([]);
@@ -108,6 +109,17 @@ export default function RelatedFilesTab() {
     const api = useContext(APIContext);
     const { setObjectError } = context;
 
+    const modalStyle = {
+        content: {
+            top: "50%",
+            left: "50%",
+            right: "auto",
+            bottom: "auto",
+            marginRight: "-50%",
+            transform: "translate(-50%, -50%)",
+        },
+    };
+
     async function handleSubmit() {
         try {
             await api.uploadRelatedFile(file, context.object.sha256);
@@ -138,6 +150,7 @@ export default function RelatedFilesTab() {
                 onRequestClose={() => {
                     setShowModal(false);
                 }}
+                style={modalStyle}
             >
                 <form
                     name="RelatedFileUploadForm"
@@ -148,6 +161,7 @@ export default function RelatedFilesTab() {
                     }}
                 >
                     <input
+                        class="modal-header"
                         name="RelatedFileUploadField"
                         type="file"
                         required="required"
@@ -158,17 +172,23 @@ export default function RelatedFilesTab() {
                                 ].files[0]
                             )
                         }
-                    />{" "}
-                    <br />
-                    <input type="submit" />
+                    />
+                    <div class="modal-footer">
+                        <input
+                            class="btn btn-success"
+                            type="submit"
+                            value="Submit related file"
+                        />
+                        <button
+                            class="btn btn-secondary"
+                            onClick={() => {
+                                setShowModal(false);
+                            }}
+                        >
+                            Cancel
+                        </button>
+                    </div>
                 </form>
-                <button
-                    onClick={() => {
-                        setShowModal(false);
-                    }}
-                >
-                    Cancel
-                </button>
             </ReactModal>
         </div>
     );

From 3ee25b09c44b6848ccd611d1263aa13710060d05 Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Tue, 13 Dec 2022 18:01:22 +0100
Subject: [PATCH 15/33] more visual improvements

---
 .../components/ShowObject/Views/RelatedFilesTab.js | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index 5c72ea2e0..f3d56d905 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -12,8 +12,8 @@ import {
 import { ObjectContext } from "@mwdb-web/commons/context";
 import { ObjectAction, ObjectTab } from "@mwdb-web/commons/ui";
 import { APIContext } from "@mwdb-web/commons/api/context";
+import { humanFileSize } from "@mwdb-web/commons/helpers";
 import ReactModal from "react-modal";
-import { useDropzone } from "react-dropzone";
 
 function ShowRelatedFiles() {
     const [relatedFiles, setRelatedFiles] = useState([]);
@@ -23,9 +23,9 @@ function ShowRelatedFiles() {
 
     function RelatedFileItem({ file_name, file_size, sha256 }) {
         return (
-            <tr class="flickerable">
+            <tr>
                 <td>{file_name}</td>
-                <td>{file_size} B</td>
+                <td>{humanFileSize(file_size)}</td>
                 <td>
                     <Link
                         to={`/file/${context.object.sha256}/related_files`}
@@ -90,10 +90,10 @@ function ShowRelatedFiles() {
     return (
         <table className="table table-striped table-bordered table-hover data-table">
             <thead>
-                <td>File name</td>
-                <td>File size</td>
-                <td>Download</td>
-                <td>Remove</td>
+                <th>File name</th>
+                <th>File size</th>
+                <th>Download</th>
+                <th>Remove</th>
             </thead>
             {relatedFiles.map((related_file) => (
                 <RelatedFileItem {...related_file} />

From 2c7cdcef78614346a05b830f5242627eee8f015c Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Wed, 14 Dec 2022 10:18:16 +0100
Subject: [PATCH 16/33] auto rerender tab after change

---
 .../ShowObject/Views/RelatedFilesTab.js       | 41 +++++++++++--------
 1 file changed, 24 insertions(+), 17 deletions(-)

diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index f3d56d905..5f4448c2b 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -15,8 +15,19 @@ import { APIContext } from "@mwdb-web/commons/api/context";
 import { humanFileSize } from "@mwdb-web/commons/helpers";
 import ReactModal from "react-modal";
 
+async function updateRelatedFiles(api, context) {
+    const { setObjectError, updateObjectData } = context;
+    try {
+        let response = await api.getListOfRelatedFiles(context.object.sha256);
+        updateObjectData({
+            related_files: response.data.related_files,
+        });
+    } catch (error) {
+        setObjectError(error);
+    }
+}
+
 function ShowRelatedFiles() {
-    const [relatedFiles, setRelatedFiles] = useState([]);
     const api = useContext(APIContext);
     const context = useContext(ObjectContext);
     const { setObjectError, updateObjectData } = context;
@@ -52,7 +63,7 @@ function ShowRelatedFiles() {
                         className="nav-link"
                         onClick={async () => {
                             await api.deleteRelatedFile(sha256);
-                            updateRelatedFiles();
+                            updateRelatedFiles(api, context);
                         }}
                     >
                         <FontAwesomeIcon icon={faTrash} size="1x" />
@@ -63,19 +74,6 @@ function ShowRelatedFiles() {
         );
     }
 
-    async function updateRelatedFiles() {
-        try {
-            let response = await api.getListOfRelatedFiles(
-                context.object.sha256
-            );
-            setRelatedFiles(response.data.related_files);
-            updateObjectData({
-                related_files: response.data.related_files,
-            });
-        } catch (error) {
-            setObjectError(error);
-        }
-    }
     const getRelatedFiles = useCallback(updateRelatedFiles, [
         api,
         setObjectError,
@@ -83,10 +81,18 @@ function ShowRelatedFiles() {
         context.object.sha256,
     ]);
 
+    // JS throws a warning "Line 92:8:  React Hook useEffect has missing dependencies: 'api' and 'context'"
+    // Those dependencies are skipped on purpose
+    // To disable this warning I used 'eslint-disable-next-line'
     useEffect(() => {
-        getRelatedFiles();
+        getRelatedFiles(api, context);
+        // eslint-disable-next-line
     }, [getRelatedFiles]);
 
+    if (!context.object.related_files) {
+        return "Loading...";
+    }
+
     return (
         <table className="table table-striped table-bordered table-hover data-table">
             <thead>
@@ -95,7 +101,7 @@ function ShowRelatedFiles() {
                 <th>Download</th>
                 <th>Remove</th>
             </thead>
-            {relatedFiles.map((related_file) => (
+            {context.object.related_files.map((related_file) => (
                 <RelatedFileItem {...related_file} />
             ))}
         </table>
@@ -123,6 +129,7 @@ export default function RelatedFilesTab() {
     async function handleSubmit() {
         try {
             await api.uploadRelatedFile(file, context.object.sha256);
+            updateRelatedFiles(api, context);
         } catch (error) {
             setObjectError(error);
         }

From 252cc2fc910b79253c3367d6971cb1c2aa89350b Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Wed, 14 Dec 2022 12:38:58 +0100
Subject: [PATCH 17/33] rename variables for clarity

---
 mwdb/model/file.py                                     | 10 +++++-----
 .../src/components/ShowObject/Views/RelatedFilesTab.js |  3 +--
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/mwdb/model/file.py b/mwdb/model/file.py
index 8965c3d19..e50250a69 100644
--- a/mwdb/model/file.py
+++ b/mwdb/model/file.py
@@ -382,7 +382,7 @@ def create(
         cls,
         file_name,
         file_stream,
-        related_object_dhash,
+        main_obj_dhash,
     ):
         file_stream.seek(0, os.SEEK_END)
         file_size = file_stream.tell()
@@ -394,9 +394,9 @@ def create(
         new_related_file = (
             db.session.query(RelatedFile).filter(RelatedFile.sha256 == sha256).first()
         )
-        related_object = (
+        main_obj = (
             db.session.query(Object)
-            .filter(Object.dhash == related_object_dhash)
+            .filter(Object.dhash == main_obj_dhash)
             .first()
         )
 
@@ -405,13 +405,13 @@ def create(
             raise FileExistsError("Related file with this sha256 already exists")
 
         # If related file doesn't exist
-        if related_object is None:
+        if main_obj is None:
             raise ValueError(
                 "There is no object with this sha256 or you don't have access"
             )
 
         new_related_file = RelatedFile(
-            object_id=related_object.id,
+            object_id=main_obj.id,
             file_name=secure_filename(file_name),
             file_size=file_size,
             sha256=sha256,
diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index 5f4448c2b..6289539b1 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -81,7 +81,7 @@ function ShowRelatedFiles() {
         context.object.sha256,
     ]);
 
-    // JS throws a warning "Line 92:8:  React Hook useEffect has missing dependencies: 'api' and 'context'"
+    // JS throws a warning "Line 90:8:  React Hook useEffect has missing dependencies: 'api' and 'context'"
     // Those dependencies are skipped on purpose
     // To disable this warning I used 'eslint-disable-next-line'
     useEffect(() => {
@@ -164,7 +164,6 @@ export default function RelatedFilesTab() {
                     onSubmit={() => {
                         handleSubmit();
                         setShowModal(false);
-                        ShowRelatedFiles().updateRelatedFiles();
                     }}
                 >
                     <input

From d5b593fdd498d030d943ef8595ac4b1f0076a0a9 Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Wed, 14 Dec 2022 14:40:40 +0100
Subject: [PATCH 18/33] RelatedFiles Capabilities, migration and small visual
 improvement

---
 docs/user-guide/9-Sharing-objects.rst         | 47 ++++++++++-----
 mwdb/core/capabilities.py                     |  6 ++
 mwdb/model/file.py                            |  4 +-
 ...5_assign_new_capabilities_related_files.py | 60 +++++++++++++++++++
 mwdb/resources/file.py                        | 31 +++++++---
 mwdb/web/src/commons/auth/capabilities.js     |  6 ++
 .../ShowObject/Views/RelatedFilesTab.js       |  5 +-
 7 files changed, 130 insertions(+), 29 deletions(-)
 create mode 100644 mwdb/model/migrations/versions/02f584212ea5_assign_new_capabilities_related_files.py

diff --git a/docs/user-guide/9-Sharing-objects.rst b/docs/user-guide/9-Sharing-objects.rst
index dfb5b1e4b..d8bb111f2 100644
--- a/docs/user-guide/9-Sharing-objects.rst
+++ b/docs/user-guide/9-Sharing-objects.rst
@@ -155,47 +155,47 @@ By default, ``admin`` private group has enabled all capabilities. All other grou
 
 Each capability has its own name and scope:
 
-* 
+*
   **manage_users - Managing users and groups (system administration)**
 
   Allows to access all users and groups in MWDB. Rules described in *Who is who?* don't apply to users with that permission. Enables user to create new user accounts, new groups and change their capabilities and membership. Allows to manage attribute keys, define new ones, delete and set the group permissions for them.
 
-* 
+*
   **share_queried_objects - Query for all objects in system**
 
   That one is a bit tricky and will be possibly deprecated. MWDB will automatically share object and all descendants with group if member directly accessed it via identifier (knows the hash e.g. have direct link to the object). It can be used for bot accounts, so they have access only to these objects that are intended to be processed by them. Internally, we abandoned that idea, so that capability may not be stable.
 
-* 
+*
   **access_all_objects - Has access to all new uploaded objects into system**
 
   Capability used by ``everything`` group, useful when you want to make additional "everything" that is separate from the original one. Keep in mind that it applies only to the **uploads made during the capability was enabled**\ , so if you want the new group to be truly "everything", you may need to share the old objects manually.
 
-* 
+*
   **sharing_with_all - Can share objects with all groups in system**
 
   Implies the access to the list of all group names, but without access to the membership information and management features. Allows to share object with arbitrary group in MWDB.
 
-* 
+*
   **adding_tags - Can add tags**
 
   Allows to tag objects. This feature is disabled by default, as you may want to have only tags from automated analyses.
 
-* 
+*
   **removing_tags - Can remove tags**
 
   Allows to remove tags. Tag doesn't have "owner", so user will be able to remove all tags from the object.
 
-* 
+*
   **adding_comments - Can add comments**
 
   Allows to add comments to the objects. Keep in mind that comments are public.
 
-* 
+*
   **removing_comments - Can remove (all) comments**
 
   Allows to remove **all** comments, not only these authored by the user.
 
-* 
+*
   **adding_parents - Can add parents**
 
   Allows to add new relationships by specifying object parent during upload or adding new relationship between existing objects.
@@ -210,22 +210,22 @@ Each capability has its own name and scope:
 
   Enables upload of files. Enabled by default for ``registered`` group.
 
-* 
+*
   **adding_configs - Can upload configs**
 
   Enables upload of configurations. Configurations are intended to be uploaded by automated systems or trusted entities that follow the conventions.
 
-* 
+*
   **adding_blobs - Can upload text blobs**
 
   Enables upload of blobs. Blobs may have similar meaning as configurations in terms of user roles.
 
-* 
+*
   **reading_all_attributes - Has access to all attributes of object (including hidden)**
 
   With that capability, you can read all the attributes, even if you don't have ``read`` permission for that attribute key. It allows to list hidden attribute values.
 
-* 
+*
   **adding_all_attributes - Can add all attributes to object**
 
   Enables group to add all the attributes, even if it doesn't have ``set`` permission for that attribute key.
@@ -235,12 +235,12 @@ Each capability has its own name and scope:
 
   Allows to remove attribute from object. To remove attribute, you need to have ``set`` permission for key. Combined with ``adding_all_attributes``\ , allows to remove all attributes.
 
-* 
+*
   **unlimited_requests - API requests are not rate-limited for this group**
 
   Disables rate limiting for users from that group, if rate limiting feature is enabled.
 
-* 
+*
   **removing_objects - Can remove objects**
 
   Can remove all accessible objects from the MWDB. May be quite destructive, we suggest to keep that capability enabled only for ``admin`` account.
@@ -255,7 +255,7 @@ Each capability has its own name and scope:
 
   Allows to use personalization features like favorites or quick queries.
 
-*  
+*
   **karton_assign - Can assign existing analysis to the object**
 
   Allows to assign Karton analysis to the object by setting ``karton`` attribute or using dedicated API.
@@ -264,6 +264,21 @@ Each capability has its own name and scope:
   **karton_reanalyze - Can resubmit any object for analysis**
 
   Can manually resubmit object to Karton.
+*
+  **access_related_files - Can view and download RelatedFiles**
+
+  Allows to view list of RelatedFiles and download them.
+
+*
+  **adding_related_files - Can upload new RelatedFiles**
+
+  Allows to upload new RelatedFiles.
+
+*
+  **removing_related_files - removing_related_files**
+
+  Allows to remove existing RelatedFiles.
+
 
 User capabilities are the sum of all group capabilities. If you want to enable capability system-wide (e.g. enable all users to add tags), enable that capability for ``registered`` group or ``public`` group if you want to include guests.
 
diff --git a/mwdb/core/capabilities.py b/mwdb/core/capabilities.py
index 4c5718975..f21a2e8d4 100644
--- a/mwdb/core/capabilities.py
+++ b/mwdb/core/capabilities.py
@@ -45,6 +45,12 @@ class Capabilities(object):
     karton_reanalyze = "karton_reanalyze"
     # Can remove Karton analysis from the object
     karton_unassign = "karton_unassign"
+    # Can view and download RelatedFiles
+    access_related_files = "access_related_files"
+    # Can upload new RelatedFiles
+    adding_related_files = "adding_related_files"
+    # Can remove existing RelatedFiles
+    removing_related_files = "removing_related_files"
 
     @classmethod
     def all(cls):
diff --git a/mwdb/model/file.py b/mwdb/model/file.py
index e50250a69..3a60f6027 100644
--- a/mwdb/model/file.py
+++ b/mwdb/model/file.py
@@ -395,9 +395,7 @@ def create(
             db.session.query(RelatedFile).filter(RelatedFile.sha256 == sha256).first()
         )
         main_obj = (
-            db.session.query(Object)
-            .filter(Object.dhash == main_obj_dhash)
-            .first()
+            db.session.query(Object).filter(Object.dhash == main_obj_dhash).first()
         )
 
         # If file already exists
diff --git a/mwdb/model/migrations/versions/02f584212ea5_assign_new_capabilities_related_files.py b/mwdb/model/migrations/versions/02f584212ea5_assign_new_capabilities_related_files.py
new file mode 100644
index 000000000..5da6d05bf
--- /dev/null
+++ b/mwdb/model/migrations/versions/02f584212ea5_assign_new_capabilities_related_files.py
@@ -0,0 +1,60 @@
+"""assign new capabilities for related files
+
+Revision ID: 02f584212ea5
+Revises: 3c610b0ddebc
+Create Date: 2022-12-14 12:03:22.613573
+
+"""
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision = "02f584212ea5"
+down_revision = "3c610b0ddebc"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.execute(
+        """
+            UPDATE public.group
+            SET capabilities = array_append(capabilities, 'access_related_files')
+            WHERE name='public' OR array_position(capabilities, 'manage_users') IS NOT NULL;
+        """
+    )
+    op.execute(
+        """
+            UPDATE public.group
+            SET capabilities = array_append(capabilities, 'adding_related_files')
+            WHERE name='registered' OR array_position(capabilities, 'manage_users') IS NOT NULL;
+        """
+    )
+    op.execute(
+        """
+            UPDATE public.group
+            SET capabilities = array_append(capabilities, 'removing_related_files')
+            WHERE array_position(capabilities, 'manage_users') IS NOT NULL;
+        """
+    )
+
+
+def downgrade():
+    op.execute(
+        """
+            UPDATE public.group
+            SET capabilities = array_remove(capabilities, 'access_related_files');
+        """
+    )
+    op.execute(
+        """
+            UPDATE public.group
+            SET capabilities = array_remove(capabilities, 'adding_related_files');
+        """
+    )
+    op.execute(
+        """
+            UPDATE public.group
+            SET capabilities = array_remove(capabilities, 'removing_related_files');
+        """
+    )
diff --git a/mwdb/resources/file.py b/mwdb/resources/file.py
index 29fcc53bc..b9dd3afc4 100644
--- a/mwdb/resources/file.py
+++ b/mwdb/resources/file.py
@@ -590,12 +590,16 @@ def post(self, identifier):
 
 @rate_limited_resource
 class RelatedFileDownloadResource(Resource):
+    @requires_authorization
+    @requires_capabilities(Capabilities.access_related_files)
     def get(self, identifier):
         """
         ---
         summary: Download related file
         description: |
             Returns related file contents.
+
+            Requires `access_related_files` capability.
         security:
             - bearerAuth: []
         tags:
@@ -615,6 +619,8 @@ def get(self, identifier):
                     schema:
                       type: string
                       format: binary
+            403:
+                description: When user doesn't have `access_related_files` capability
             404:
                 description: |
                     When related file doesn't exist
@@ -684,15 +690,20 @@ def get(self, identifier):
                 "There is no file with provided sha256 or you don't have access to it"
             )
 
-        related_files = db.session.query(RelatedFile).filter(
-            RelatedFile.object_id == master_object.id
-        )
-        schema = RelatedFileResponseSchema()
+        if g.auth_user.has_rights(Capabilities.access_related_files):
+            related_files = (
+                db.session.query(RelatedFile)
+                .filter(RelatedFile.object_id == master_object.id)
+                .all()
+            )
+        else:
+            related_files = []
 
+        schema = RelatedFileResponseSchema()
         return schema.dump({"related_files": related_files})
 
     @requires_authorization
-    @requires_capabilities(Capabilities.adding_files)
+    @requires_capabilities(Capabilities.adding_related_files)
     def post(self, identifier):
         """
         ---
@@ -700,7 +711,7 @@ def post(self, identifier):
         description: |
             Uploads a new related file.
 
-            Requires `adding_files` capability.
+            Requires `adding_related_files` capability.
         security:
             - bearerAuth: []
         tags:
@@ -730,6 +741,8 @@ def post(self, identifier):
                 description: OK
             400:
                 description: RelatedFile is empty
+            403:
+                description: When user doesn't have `adding_related_files` capability
             404:
                 description: |
                     There is no file with provided sha256 or you don't have access to it
@@ -755,7 +768,7 @@ def post(self, identifier):
         return Response("OK")
 
     @requires_authorization
-    @requires_capabilities(Capabilities.removing_objects)
+    @requires_capabilities(Capabilities.removing_related_files)
     def delete(self, identifier):
         """
         ---
@@ -763,7 +776,7 @@ def delete(self, identifier):
         description: |
             Removes a file from the database along with its references.
 
-            Requires `removing_objects` capability.
+            Requires `removing_related_files` capability.
         security:
             - bearerAuth: []
         tags:
@@ -778,7 +791,7 @@ def delete(self, identifier):
             200:
                 description: When related file was deleted
             403:
-                description: When user doesn't have `removing_objects` capability
+                description: When user doesn't have `removing_related_files` capability
             404:
                 description: |
                     When related file doesn't exist
diff --git a/mwdb/web/src/commons/auth/capabilities.js b/mwdb/web/src/commons/auth/capabilities.js
index 73119f1a4..2d3f2f706 100644
--- a/mwdb/web/src/commons/auth/capabilities.js
+++ b/mwdb/web/src/commons/auth/capabilities.js
@@ -24,6 +24,9 @@ export const Capability = {
     kartonAssign: "karton_assign",
     kartonReanalyze: "karton_reanalyze",
     removingKarton: "karton_unassign",
+    accessRelatedFiles: "access_related_files",
+    addingRelatedFiles: "adding_related_files",
+    removingRelatedFiles: "removing_related_files",
 };
 
 export let capabilitiesList = {
@@ -56,6 +59,9 @@ export let capabilitiesList = {
         "Can assign existing analysis to the object (required by karton-mwdb-reporter)",
     [Capability.kartonReanalyze]: "Can resubmit any object for analysis",
     [Capability.removingKarton]: "Can remove analysis from object",
+    [Capability.accessRelatedFiles]: "Can view and download RelatedFiles",
+    [Capability.addingRelatedFiles]: "Can upload new RelatedFiles",
+    [Capability.removingRelatedFiles]: "Can remove existing RelatedFiles",
 };
 
 for (let extraCapabilities of fromPlugin("capabilities")) {
diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index 6289539b1..d96c31a32 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -90,7 +90,10 @@ function ShowRelatedFiles() {
     }, [getRelatedFiles]);
 
     if (!context.object.related_files) {
-        return "Loading...";
+        return <div class="card-body text-muted">Loading...</div>;
+    }
+    if (context.object.related_files.length === 0) {
+        return <div class="card-body text-muted">Nothing to show here</div>;
     }
 
     return (

From 561418f5a3e2e7e2ad4bbd2c03e8c1462cd120e7 Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Wed, 14 Dec 2022 16:31:36 +0100
Subject: [PATCH 19/33] allow one RelatedFile to be associated with many Files,
 delete RelatedFile when not linked with anything

---
 mwdb/app.py                                   |   5 +
 mwdb/model/file.py                            | 142 ++++++++++++------
 mwdb/resources/file.py                        |  15 +-
 mwdb/web/src/commons/api/index.js             |   4 +-
 .../ShowObject/Views/RelatedFilesTab.js       |   5 +-
 5 files changed, 116 insertions(+), 55 deletions(-)

diff --git a/mwdb/app.py b/mwdb/app.py
index 088181278..5ef735754 100755
--- a/mwdb/app.py
+++ b/mwdb/app.py
@@ -44,6 +44,7 @@
     FileDownloadZipResource,
     FileItemResource,
     FileResource,
+    RelatedFileDeleteResource,
     RelatedFileDownloadResource,
     RelatedFileItemResource,
 )
@@ -266,6 +267,10 @@ def require_auth():
 api.add_resource(
     RelatedFileDownloadResource, "/related_file/<hash64:identifier>/download"
 )
+api.add_resource(
+    RelatedFileDeleteResource,
+    "/related_file/<hash64:identifier>/delete/<hash64:main_file_identifier>",
+)
 
 # Config endpoints
 api.add_resource(ConfigResource, "/config")
diff --git a/mwdb/model/file.py b/mwdb/model/file.py
index 3a60f6027..cbce92af3 100644
--- a/mwdb/model/file.py
+++ b/mwdb/model/file.py
@@ -6,7 +6,7 @@
 
 import pyzipper
 from flask import g
-from sqlalchemy import or_
+from sqlalchemy import not_, or_
 from sqlalchemy.dialects.postgresql.array import ARRAY
 from sqlalchemy.ext.mutable import MutableList
 from werkzeug.utils import secure_filename
@@ -391,23 +391,32 @@ def create(
 
         sha256 = calc_hash(file_stream, hashlib.sha256(), lambda h: h.hexdigest())
 
-        new_related_file = (
-            db.session.query(RelatedFile).filter(RelatedFile.sha256 == sha256).first()
-        )
         main_obj = (
             db.session.query(Object).filter(Object.dhash == main_obj_dhash).first()
         )
-
-        # If file already exists
-        if new_related_file is not None:
-            raise FileExistsError("Related file with this sha256 already exists")
-
-        # If related file doesn't exist
-        if main_obj is None:
+        # If main file doesn't exist or no access
+        if main_obj is None or not main_obj.has_explicit_access(g.auth_user):
             raise ValueError(
                 "There is no object with this sha256 or you don't have access"
             )
 
+        is_new = True
+        new_related_file = (
+            db.session.query(RelatedFile).filter(RelatedFile.sha256 == sha256).first()
+        )
+        # If RelatedFile already exists
+        if new_related_file is not None:
+            is_new = False
+            new_related_file = (
+                db.session.query(RelatedFile)
+                .filter(RelatedFile.sha256 == sha256)
+                .filter(RelatedFile.object_id == main_obj.id)
+                .first()
+            )
+            # If RelatedFile related to main_obj already exists
+            if new_related_file is not None:
+                raise FileExistsError("Related file with this sha256 already exists")
+
         new_related_file = RelatedFile(
             object_id=main_obj.id,
             file_name=secure_filename(file_name),
@@ -415,56 +424,69 @@ def create(
             sha256=sha256,
         )
 
-        file_stream.seek(0, os.SEEK_SET)
-        if app_config.mwdb.storage_provider == StorageProviderType.S3:
-            get_s3_client(
-                app_config.mwdb.s3_storage_endpoint,
-                app_config.mwdb.s3_storage_access_key,
-                app_config.mwdb.s3_storage_secret_key,
-                app_config.mwdb.s3_storage_region_name,
-                app_config.mwdb.s3_storage_secure,
-                app_config.mwdb.s3_storage_iam_auth,
-            ).put_object(
-                Bucket=app_config.mwdb.s3_storage_bucket_name,
-                Key=new_related_file._calculate_path(),
-                Body=file_stream,
-            )
-        elif app_config.mwdb.storage_provider == StorageProviderType.DISK:
-            with open(new_related_file._calculate_path(), "wb") as f:
-                shutil.copyfileobj(file_stream, f)
-        else:
-            raise RuntimeError(
-                f"StorageProvider {app_config.mwdb.storage_provider} "
-                f"is not supported"
-            )
+        if is_new:
+            file_stream.seek(0, os.SEEK_SET)
+            if app_config.mwdb.storage_provider == StorageProviderType.S3:
+                get_s3_client(
+                    app_config.mwdb.s3_storage_endpoint,
+                    app_config.mwdb.s3_storage_access_key,
+                    app_config.mwdb.s3_storage_secret_key,
+                    app_config.mwdb.s3_storage_region_name,
+                    app_config.mwdb.s3_storage_secure,
+                    app_config.mwdb.s3_storage_iam_auth,
+                ).put_object(
+                    Bucket=app_config.mwdb.s3_storage_bucket_name,
+                    Key=new_related_file._calculate_path(),
+                    Body=file_stream,
+                )
+            elif app_config.mwdb.storage_provider == StorageProviderType.DISK:
+                with open(new_related_file._calculate_path(), "wb") as f:
+                    shutil.copyfileobj(file_stream, f)
+            else:
+                raise RuntimeError(
+                    f"StorageProvider {app_config.mwdb.storage_provider} "
+                    f"is not supported"
+                )
         db.session.add(new_related_file)
         db.session.commit()
 
     @classmethod
     def access(cls, identifier):
-        related_file_obj = (
-            db.session.query(RelatedFile)
-            .filter(RelatedFile.sha256 == identifier)
-            .first()
+        related_files = (
+            db.session.query(RelatedFile).filter(RelatedFile.sha256 == identifier).all()
         )
-        if related_file_obj is None:
+        # Empty list - no such RelatedFile
+        if not related_files:
             return None
 
+        main_obj_ids = [rf.object_id for rf in related_files]
         main_obj = (
             db.session.query(Object)
-            .filter(Object.id == related_file_obj.object_id)
+            .filter(Object.id.in_(main_obj_ids))
+            .filter(g.auth_user.has_access_to_object(Object.id))
             .first()
         )
-        if not main_obj.has_explicit_access(g.auth_user):
+        if main_obj is None:
             return None
 
-        return related_file_obj
+        return related_files[0]
 
     @classmethod
-    def delete(cls, identifier):
+    def delete(cls, identifier, main_file_identifier):
+        main_obj = (
+            db.session.query(Object)
+            .filter(Object.dhash == main_file_identifier)
+            .first()
+        )
+        if not main_obj.has_explicit_access(g.auth_user):
+            raise ValueError(
+                "There is no object with this sha256 or you don't have access"
+            )
+
         related_file_obj = (
             db.session.query(RelatedFile)
             .filter(RelatedFile.sha256 == identifier)
+            .filter(RelatedFile.object_id == main_obj.id)
             .first()
         )
 
@@ -472,15 +494,37 @@ def delete(cls, identifier):
             raise ValueError(
                 "There is no object with this sha256 or you don't have access"
             )
-        main_obj = (
-            db.session.query(Object)
-            .filter(Object.id == related_file_obj.object_id)
+
+        is_last = False
+        other_related_file_obj = (
+            db.session.query(RelatedFile)
+            .filter(RelatedFile.sha256 == identifier)
+            .filter(not_(RelatedFile.object_id == main_obj.id))
             .first()
         )
-        if not main_obj.has_explicit_access(g.auth_user):
-            raise ValueError(
-                "There is no object with this sha256 or you don't have access"
-            )
+        if other_related_file_obj is None:
+            is_last = True
+
+        if is_last:
+            if app_config.mwdb.storage_provider == StorageProviderType.S3:
+                get_s3_client(
+                    app_config.mwdb.s3_storage_endpoint,
+                    app_config.mwdb.s3_storage_access_key,
+                    app_config.mwdb.s3_storage_secret_key,
+                    app_config.mwdb.s3_storage_region_name,
+                    app_config.mwdb.s3_storage_secure,
+                    app_config.mwdb.s3_storage_iam_auth,
+                ).delete_object(
+                    Bucket=app_config.mwdb.s3_storage_bucket_name,
+                    Key=related_file_obj._calculate_path(),
+                )
+            elif app_config.mwdb.storage_provider == StorageProviderType.DISK:
+                os.remove(related_file_obj._calculate_path())
+            else:
+                raise RuntimeError(
+                    f"StorageProvider {app_config.mwdb.storage_provider} "
+                    f"is not supported"
+                )
 
         db.session.delete(related_file_obj)
         db.session.commit()
diff --git a/mwdb/resources/file.py b/mwdb/resources/file.py
index b9dd3afc4..71eb62d5d 100644
--- a/mwdb/resources/file.py
+++ b/mwdb/resources/file.py
@@ -767,9 +767,11 @@ def post(self, identifier):
 
         return Response("OK")
 
+
+class RelatedFileDeleteResource(Resource):
     @requires_authorization
     @requires_capabilities(Capabilities.removing_related_files)
-    def delete(self, identifier):
+    def delete(self, identifier, main_file_identifier):
         """
         ---
         summary: Delete file
@@ -784,9 +786,16 @@ def delete(self, identifier):
         parameters:
             - in: path
               name: identifier
+              required: true
+              schema:
+                type: string
+              description: RelatedFile identifier (SHA256)
+            - in: path
+              name: main_file_identifier
+              required: true
               schema:
                 type: string
-              description: RelatedFile identifier (SHA256/SHA512/SHA1/MD5)
+              description: Main file identifier (SHA256)
         responses:
             200:
                 description: When related file was deleted
@@ -801,7 +810,7 @@ def delete(self, identifier):
                     Request canceled due to database statement timeout.
         """
         try:
-            RelatedFile.delete(identifier)
+            RelatedFile.delete(identifier, main_file_identifier)
         except ValueError:
             raise NotFound(
                 "There is no file with provided sha256 or you don't have access to it"
diff --git a/mwdb/web/src/commons/api/index.js b/mwdb/web/src/commons/api/index.js
index 537e26030..197d53a34 100644
--- a/mwdb/web/src/commons/api/index.js
+++ b/mwdb/web/src/commons/api/index.js
@@ -457,8 +457,8 @@ function downloadRelatedFile(id) {
     });
 }
 
-function deleteRelatedFile(id) {
-    return axios.delete(`/related_file/${id}`);
+function deleteRelatedFile(id, main_file_id) {
+    return axios.delete(`/related_file/${id}/delete/${main_file_id}`);
 }
 
 function getListOfRelatedFiles(id) {
diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index d96c31a32..f3b40f3c7 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -62,7 +62,10 @@ function ShowRelatedFiles() {
                         to={`/file/${context.object.sha256}/related_files`}
                         className="nav-link"
                         onClick={async () => {
-                            await api.deleteRelatedFile(sha256);
+                            await api.deleteRelatedFile(
+                                sha256,
+                                context.object.sha256
+                            );
                             updateRelatedFiles(api, context);
                         }}
                     >

From a58c7edf6d145681deb23859381905ed099c10e1 Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Thu, 15 Dec 2022 14:04:19 +0100
Subject: [PATCH 20/33] implement requested changes

---
 mwdb/app.py                                   |  12 +-
 mwdb/core/file_util.py                        | 102 ++++++++++
 mwdb/model/file.py                            | 187 +++---------------
 mwdb/resources/file.py                        | 177 ++++++++++-------
 mwdb/web/src/commons/api/index.js             |  16 +-
 mwdb/web/src/commons/auth/capabilities.js     |   6 +-
 .../ShowObject/Views/RelatedFilesTab.js       | 123 ++++++------
 7 files changed, 322 insertions(+), 301 deletions(-)
 create mode 100644 mwdb/core/file_util.py

diff --git a/mwdb/app.py b/mwdb/app.py
index 5ef735754..a4afb3a4b 100755
--- a/mwdb/app.py
+++ b/mwdb/app.py
@@ -44,9 +44,8 @@
     FileDownloadZipResource,
     FileItemResource,
     FileResource,
-    RelatedFileDeleteResource,
-    RelatedFileDownloadResource,
     RelatedFileItemResource,
+    RelatedFileResource,
 )
 from mwdb.resources.group import GroupListResource, GroupMemberResource, GroupResource
 from mwdb.resources.karton import KartonAnalysisResource, KartonObjectResource
@@ -263,13 +262,14 @@ def require_auth():
 api.add_resource(FileDownloadZipResource, "/file/<hash64:identifier>/download/zip")
 
 # RelatedFiles endpoints
-api.add_resource(RelatedFileItemResource, "/related_file/<hash64:identifier>")
 api.add_resource(
-    RelatedFileDownloadResource, "/related_file/<hash64:identifier>/download"
+    RelatedFileResource,
+    "/<any(file, config, blob, object):type>/<hash64:main_obj_identifier>/related_file",
 )
 api.add_resource(
-    RelatedFileDeleteResource,
-    "/related_file/<hash64:identifier>/delete/<hash64:main_file_identifier>",
+    RelatedFileItemResource,
+    "/<any(file, config, blob, object):type>/<hash64:main_obj_identifier>"
+    "/related_file/<hash64:identifier>",
 )
 
 # Config endpoints
diff --git a/mwdb/core/file_util.py b/mwdb/core/file_util.py
new file mode 100644
index 000000000..bd8320d4e
--- /dev/null
+++ b/mwdb/core/file_util.py
@@ -0,0 +1,102 @@
+import io
+import os
+import shutil
+import tempfile
+
+from mwdb.core.config import StorageProviderType, app_config
+from mwdb.core.util import get_s3_client
+
+
+def write_to_storage(file_stream, file_object):
+    file_stream.seek(0, os.SEEK_SET)
+    if app_config.mwdb.storage_provider == StorageProviderType.S3:
+        get_s3_client(
+            app_config.mwdb.s3_storage_endpoint,
+            app_config.mwdb.s3_storage_access_key,
+            app_config.mwdb.s3_storage_secret_key,
+            app_config.mwdb.s3_storage_region_name,
+            app_config.mwdb.s3_storage_secure,
+            app_config.mwdb.s3_storage_iam_auth,
+        ).put_object(
+            Bucket=app_config.mwdb.s3_storage_bucket_name,
+            Key=file_object._calculate_path(),
+            Body=file_stream,
+        )
+    elif app_config.mwdb.storage_provider == StorageProviderType.DISK:
+        with open(file_object._calculate_path(), "wb") as f:
+            shutil.copyfileobj(file_stream, f)
+    else:
+        raise RuntimeError(
+            f"StorageProvider {app_config.mwdb.storage_provider} " f"is not supported"
+        )
+
+
+def get_from_storage(file_object):
+    if app_config.mwdb.storage_provider == StorageProviderType.S3:
+        # Stream coming from Boto3 get_object is not buffered and not seekable.
+        # We need to download it to the temporary file first.
+        stream = tempfile.TemporaryFile(mode="w+b")
+        try:
+            get_s3_client(
+                app_config.mwdb.s3_storage_endpoint,
+                app_config.mwdb.s3_storage_access_key,
+                app_config.mwdb.s3_storage_secret_key,
+                app_config.mwdb.s3_storage_region_name,
+                app_config.mwdb.s3_storage_secure,
+                app_config.mwdb.s3_storage_iam_auth,
+            ).download_fileobj(
+                Bucket=app_config.mwdb.s3_storage_bucket_name,
+                Key=file_object._calculate_path(),
+                Fileobj=stream,
+            )
+            stream.seek(0, io.SEEK_SET)
+            return stream
+        except Exception:
+            stream.close()
+            raise
+    elif app_config.mwdb.storage_provider == StorageProviderType.DISK:
+        return open(file_object._calculate_path(), "rb")
+    else:
+        raise RuntimeError(
+            f"StorageProvider {app_config.mwdb.storage_provider} is not supported"
+        )
+
+
+def delete_from_storage(file_object):
+    if app_config.mwdb.storage_provider == StorageProviderType.S3:
+        get_s3_client(
+            app_config.mwdb.s3_storage_endpoint,
+            app_config.mwdb.s3_storage_access_key,
+            app_config.mwdb.s3_storage_secret_key,
+            app_config.mwdb.s3_storage_region_name,
+            app_config.mwdb.s3_storage_secure,
+            app_config.mwdb.s3_storage_iam_auth,
+        ).delete_object(
+            Bucket=app_config.mwdb.s3_storage_bucket_name,
+            Key=file_object._calculate_path(),
+        )
+    elif app_config.mwdb.storage_provider == StorageProviderType.DISK:
+        os.remove(file_object._calculate_path())
+    else:
+        raise RuntimeError(
+            f"StorageProvider {app_config.mwdb.storage_provider} " f"is not supported"
+        )
+
+
+def iterate_buffer(file_object, chunk_size=1024 * 256):
+    """
+    Iterates over bytes in the file contents
+    """
+    fh = file_object.open()
+    try:
+        if hasattr(fh, "stream"):
+            yield from fh.stream(chunk_size)
+        else:
+            while True:
+                chunk = fh.read(chunk_size)
+                if chunk:
+                    yield chunk
+                else:
+                    return
+    finally:
+        fh.close()
diff --git a/mwdb/model/file.py b/mwdb/model/file.py
index cbce92af3..e3987551a 100644
--- a/mwdb/model/file.py
+++ b/mwdb/model/file.py
@@ -13,15 +13,14 @@
 
 from mwdb.core.auth import AuthScope, generate_token, verify_token
 from mwdb.core.config import StorageProviderType, app_config
-from mwdb.core.karton import send_file_to_karton
-from mwdb.core.util import (
-    calc_crc32,
-    calc_hash,
-    calc_magic,
-    calc_ssdeep,
-    get_fd_path,
-    get_s3_client,
+from mwdb.core.file_util import (
+    delete_from_storage,
+    get_from_storage,
+    iterate_buffer,
+    write_to_storage,
 )
+from mwdb.core.karton import send_file_to_karton
+from mwdb.core.util import calc_crc32, calc_hash, calc_magic, calc_ssdeep, get_fd_path
 
 from . import db
 from .object import Object
@@ -126,28 +125,7 @@ def get_or_create(
                 file_obj.alt_names.append(original_filename)
 
         if is_new:
-            file_stream.seek(0, os.SEEK_SET)
-            if app_config.mwdb.storage_provider == StorageProviderType.S3:
-                get_s3_client(
-                    app_config.mwdb.s3_storage_endpoint,
-                    app_config.mwdb.s3_storage_access_key,
-                    app_config.mwdb.s3_storage_secret_key,
-                    app_config.mwdb.s3_storage_region_name,
-                    app_config.mwdb.s3_storage_secure,
-                    app_config.mwdb.s3_storage_iam_auth,
-                ).put_object(
-                    Bucket=app_config.mwdb.s3_storage_bucket_name,
-                    Key=file_obj._calculate_path(),
-                    Body=file_stream,
-                )
-            elif app_config.mwdb.storage_provider == StorageProviderType.DISK:
-                with open(file_obj._calculate_path(), "wb") as f:
-                    shutil.copyfileobj(file_stream, f)
-            else:
-                raise RuntimeError(
-                    f"StorageProvider {app_config.mwdb.storage_provider} "
-                    f"is not supported"
-                )
+            write_to_storage(file_stream, file_obj)
 
         file_obj.upload_stream = file_stream
         return file_obj, is_new
@@ -223,34 +201,7 @@ def open(self):
                 stream = os.fdopen(dupfd, "rb")
                 stream.seek(0, os.SEEK_SET)
                 return stream
-        if app_config.mwdb.storage_provider == StorageProviderType.S3:
-            # Stream coming from Boto3 get_object is not buffered and not seekable.
-            # We need to download it to the temporary file first.
-            stream = tempfile.TemporaryFile(mode="w+b")
-            try:
-                get_s3_client(
-                    app_config.mwdb.s3_storage_endpoint,
-                    app_config.mwdb.s3_storage_access_key,
-                    app_config.mwdb.s3_storage_secret_key,
-                    app_config.mwdb.s3_storage_region_name,
-                    app_config.mwdb.s3_storage_secure,
-                    app_config.mwdb.s3_storage_iam_auth,
-                ).download_fileobj(
-                    Bucket=app_config.mwdb.s3_storage_bucket_name,
-                    Key=self._calculate_path(),
-                    Fileobj=stream,
-                )
-                stream.seek(0, io.SEEK_SET)
-                return stream
-            except Exception:
-                stream.close()
-                raise
-        elif app_config.mwdb.storage_provider == StorageProviderType.DISK:
-            return open(self._calculate_path(), "rb")
-        else:
-            raise RuntimeError(
-                f"StorageProvider {app_config.mwdb.storage_provider} is not supported"
-            )
+        return get_from_storage(self)
 
     def read(self):
         """
@@ -425,54 +376,37 @@ def create(
         )
 
         if is_new:
-            file_stream.seek(0, os.SEEK_SET)
-            if app_config.mwdb.storage_provider == StorageProviderType.S3:
-                get_s3_client(
-                    app_config.mwdb.s3_storage_endpoint,
-                    app_config.mwdb.s3_storage_access_key,
-                    app_config.mwdb.s3_storage_secret_key,
-                    app_config.mwdb.s3_storage_region_name,
-                    app_config.mwdb.s3_storage_secure,
-                    app_config.mwdb.s3_storage_iam_auth,
-                ).put_object(
-                    Bucket=app_config.mwdb.s3_storage_bucket_name,
-                    Key=new_related_file._calculate_path(),
-                    Body=file_stream,
-                )
-            elif app_config.mwdb.storage_provider == StorageProviderType.DISK:
-                with open(new_related_file._calculate_path(), "wb") as f:
-                    shutil.copyfileobj(file_stream, f)
-            else:
-                raise RuntimeError(
-                    f"StorageProvider {app_config.mwdb.storage_provider} "
-                    f"is not supported"
-                )
+            write_to_storage(file_stream, new_related_file)
+
         db.session.add(new_related_file)
         db.session.commit()
 
     @classmethod
-    def access(cls, identifier):
-        related_files = (
-            db.session.query(RelatedFile).filter(RelatedFile.sha256 == identifier).all()
+    def access(cls, main_obj_identifier, identifier):
+        main_obj = (
+            db.session.query(Object).filter(Object.dhash == main_obj_identifier).first()
         )
-        # Empty list - no such RelatedFile
-        if not related_files:
-            return None
+        if not main_obj.has_explicit_access(g.auth_user):
+            raise ValueError(
+                "There is no object with this sha256 or you don't have access"
+            )
 
-        main_obj_ids = [rf.object_id for rf in related_files]
-        main_obj = (
-            db.session.query(Object)
-            .filter(Object.id.in_(main_obj_ids))
-            .filter(g.auth_user.has_access_to_object(Object.id))
+        related_file = (
+            db.session.query(RelatedFile)
+            .filter(RelatedFile.sha256 == identifier)
+            .filter(RelatedFile.object_id == main_obj.id)
             .first()
         )
-        if main_obj is None:
-            return None
+        # Empty list - no such RelatedFile
+        if related_file is None:
+            raise ValueError(
+                "There is no object with this sha256 or you don't have access"
+            )
 
-        return related_files[0]
+        return related_file
 
     @classmethod
-    def delete(cls, identifier, main_file_identifier):
+    def delete(cls, main_file_identifier, identifier):
         main_obj = (
             db.session.query(Object)
             .filter(Object.dhash == main_file_identifier)
@@ -506,25 +440,7 @@ def delete(cls, identifier, main_file_identifier):
             is_last = True
 
         if is_last:
-            if app_config.mwdb.storage_provider == StorageProviderType.S3:
-                get_s3_client(
-                    app_config.mwdb.s3_storage_endpoint,
-                    app_config.mwdb.s3_storage_access_key,
-                    app_config.mwdb.s3_storage_secret_key,
-                    app_config.mwdb.s3_storage_region_name,
-                    app_config.mwdb.s3_storage_secure,
-                    app_config.mwdb.s3_storage_iam_auth,
-                ).delete_object(
-                    Bucket=app_config.mwdb.s3_storage_bucket_name,
-                    Key=related_file_obj._calculate_path(),
-                )
-            elif app_config.mwdb.storage_provider == StorageProviderType.DISK:
-                os.remove(related_file_obj._calculate_path())
-            else:
-                raise RuntimeError(
-                    f"StorageProvider {app_config.mwdb.storage_provider} "
-                    f"is not supported"
-                )
+            delete_from_storage(related_file_obj)
 
         db.session.delete(related_file_obj)
         db.session.commit()
@@ -534,49 +450,10 @@ def open(self):
         """
         Opens the related file stream with contents.
         """
-        if app_config.mwdb.storage_provider == StorageProviderType.S3:
-            # Stream coming from Boto3 get_object is not buffered and not seekable.
-            # We need to download it to the temporary file first.
-            stream = tempfile.TemporaryFile(mode="w+b")
-            try:
-                get_s3_client(
-                    app_config.mwdb.s3_storage_endpoint,
-                    app_config.mwdb.s3_storage_access_key,
-                    app_config.mwdb.s3_storage_secret_key,
-                    app_config.mwdb.s3_storage_region_name,
-                    app_config.mwdb.s3_storage_secure,
-                    app_config.mwdb.s3_storage_iam_auth,
-                ).download_fileobj(
-                    Bucket=app_config.mwdb.s3_storage_bucket_name,
-                    Key=self._calculate_path(),
-                    Fileobj=stream,
-                )
-                stream.seek(0, io.SEEK_SET)
-                return stream
-            except Exception:
-                stream.close()
-                raise
-        elif app_config.mwdb.storage_provider == StorageProviderType.DISK:
-            return open(self._calculate_path(), "rb")
-        else:
-            raise RuntimeError(
-                f"StorageProvider {app_config.mwdb.storage_provider} is not supported"
-            )
+        return get_from_storage(self)
 
     def iterate(self, chunk_size=1024 * 256):
         """
         Iterates over bytes in the file contents
         """
-        fh = self.open()
-        try:
-            if hasattr(fh, "stream"):
-                yield from fh.stream(chunk_size)
-            else:
-                while True:
-                    chunk = fh.read(chunk_size)
-                    if chunk:
-                        yield chunk
-                    else:
-                        return
-        finally:
-            fh.close()
+        return iterate_buffer(self)
diff --git a/mwdb/resources/file.py b/mwdb/resources/file.py
index 71eb62d5d..ec7daeffd 100644
--- a/mwdb/resources/file.py
+++ b/mwdb/resources/file.py
@@ -589,82 +589,29 @@ def post(self, identifier):
 
 
 @rate_limited_resource
-class RelatedFileDownloadResource(Resource):
-    @requires_authorization
-    @requires_capabilities(Capabilities.access_related_files)
-    def get(self, identifier):
+class RelatedFileResource(Resource):
+    def get(self, type, main_obj_identifier):
         """
         ---
-        summary: Download related file
+        summary: Get list of RelatedFiles
         description: |
-            Returns related file contents.
-
-            Requires `access_related_files` capability.
+            Returns list of RelatedFiles for a File specified by sha256
         security:
             - bearerAuth: []
         tags:
             - related_file
         parameters:
             - in: path
-              name: identifier
+              name: type
               schema:
                 type: string
-              description: RelatedFile identifier (SHA256)
-              required: true
-        responses:
-            200:
-                description: RelatedFile contents
-                content:
-                  application/octet-stream:
-                    schema:
-                      type: string
-                      format: binary
-            403:
-                description: When user doesn't have `access_related_files` capability
-            404:
-                description: |
-                    When related file doesn't exist
-                    or user doesn't have access to it.
-            503:
-                description: |
-                    Request canceled due to database statement timeout.
-        """
-
-        if not g.auth_user:
-            raise Unauthorized("Not authenticated.")
-
-        related_file_obj = RelatedFile.access(identifier)
-
-        if related_file_obj is None:
-            raise NotFound("Object not found")
-
-        return Response(
-            related_file_obj.iterate(),
-            content_type="application/octet-stream",
-            headers={
-                "Content-disposition": f"attachment; filename={related_file_obj.sha256}"
-            },
-        )
-
-
-@rate_limited_resource
-class RelatedFileItemResource(Resource):
-    def get(self, identifier):
-        """
-        ---
-        summary: Get list of RelatedFiles
-        description: |
-            Returns list of RelatedFiles for a File specified by sha256
-        security:
-            - bearerAuth: []
-        tags:
-            - related_file
-        parameters:
+                enum: [file, config, blob, object]
+              description: Type of object
             - in: path
-              name: identifier
+              name: main_obj_identifier
               schema:
                 type: string
-              description: Master File identifier (SHA256)
+              description: Main object identifier (SHA256)
               required: true
         responses:
             200:
@@ -681,7 +628,7 @@ def get(self, identifier):
         """
         master_object = (
             db.session.query(Object)
-            .filter(Object.dhash == identifier)
+            .filter(Object.dhash == main_obj_identifier)
             .filter(g.auth_user.has_access_to_object(Object.id))
         ).first()
 
@@ -704,7 +651,7 @@ def get(self, identifier):
 
     @requires_authorization
     @requires_capabilities(Capabilities.adding_related_files)
-    def post(self, identifier):
+    def post(self, type, main_obj_identifier):
         """
         ---
         summary: Upload related file
@@ -718,10 +665,16 @@ def post(self, identifier):
             - related_file
         parameters:
             - in: path
-              name: identifier
+              name: type
+              schema:
+                type: string
+                enum: [file, config, blob, object]
+              description: Type of object
+            - in: path
+              name: main_obj_identifier
               schema:
                 type: string
-              description: Master File identifier (SHA256)
+              description: Main object identifier (SHA256)
               required: true
         requestBody:
             required: true
@@ -754,7 +707,9 @@ def post(self, identifier):
         """
         try:
             RelatedFile.create(
-                request.files["file"].filename, request.files["file"].stream, identifier
+                request.files["file"].filename,
+                request.files["file"].stream,
+                main_obj_identifier,
             )
         except EmptyFileError:
             raise BadRequest("RelatedFile cannot be empty")
@@ -768,10 +723,78 @@ def post(self, identifier):
         return Response("OK")
 
 
-class RelatedFileDeleteResource(Resource):
+class RelatedFileItemResource(Resource):
+    @requires_authorization
+    @requires_capabilities(Capabilities.access_related_files)
+    def get(self, type, main_obj_identifier, identifier):
+        """
+        ---
+        summary: Download related file
+        description: |
+            Returns related file contents.
+
+            Requires `access_related_files` capability.
+        security:
+            - bearerAuth: []
+        tags:
+            - related_file
+        parameters:
+            - in: path
+              name: type
+              schema:
+                type: string
+                enum: [file, config, blob, object]
+              description: Type of object
+            - in: path
+              name: main_obj_identifier
+              required: true
+              schema:
+                type: string
+              description: Main object identifier (SHA256)
+            - in: path
+              name: identifier
+              required: true
+              schema:
+                type: string
+              description: RelatedFile identifier (SHA256)
+        responses:
+            200:
+                description: RelatedFile contents
+                content:
+                  application/octet-stream:
+                    schema:
+                      type: string
+                      format: binary
+            403:
+                description: When user doesn't have `access_related_files` capability
+            404:
+                description: |
+                    When related file doesn't exist
+                    or user doesn't have access to it.
+            503:
+                description: |
+                    Request canceled due to database statement timeout.
+        """
+
+        if not g.auth_user:
+            raise Unauthorized("Not authenticated.")
+
+        try:
+            related_file_obj = RelatedFile.access(main_obj_identifier, identifier)
+        except ValueError:
+            raise NotFound("Object not found")
+
+        return Response(
+            related_file_obj.iterate(),
+            content_type="application/octet-stream",
+            headers={
+                "Content-disposition": f"attachment; filename={related_file_obj.sha256}"
+            },
+        )
+
     @requires_authorization
     @requires_capabilities(Capabilities.removing_related_files)
-    def delete(self, identifier, main_file_identifier):
+    def delete(self, type, main_obj_identifier, identifier):
         """
         ---
         summary: Delete file
@@ -785,17 +808,23 @@ def delete(self, identifier, main_file_identifier):
             - related_file
         parameters:
             - in: path
-              name: identifier
+              name: type
+              schema:
+                type: string
+                enum: [file, config, blob, object]
+              description: Type of object
+            - in: path
+              name: main_obj_identifier
               required: true
               schema:
                 type: string
-              description: RelatedFile identifier (SHA256)
+              description: Main object identifier (SHA256)
             - in: path
-              name: main_file_identifier
+              name: identifier
               required: true
               schema:
                 type: string
-              description: Main file identifier (SHA256)
+              description: RelatedFile identifier (SHA256)
         responses:
             200:
                 description: When related file was deleted
@@ -810,7 +839,7 @@ def delete(self, identifier, main_file_identifier):
                     Request canceled due to database statement timeout.
         """
         try:
-            RelatedFile.delete(identifier, main_file_identifier)
+            RelatedFile.delete(main_obj_identifier, identifier)
         except ValueError:
             raise NotFound(
                 "There is no file with provided sha256 or you don't have access to it"
diff --git a/mwdb/web/src/commons/api/index.js b/mwdb/web/src/commons/api/index.js
index 197d53a34..a1c839282 100644
--- a/mwdb/web/src/commons/api/index.js
+++ b/mwdb/web/src/commons/api/index.js
@@ -444,25 +444,25 @@ function uploadFile(file, parent, upload_as, attributes, fileUploadTimeout) {
     return axios.post(`/file`, formData, { timeout: fileUploadTimeout });
 }
 
-function uploadRelatedFile(file, masterFileDhash) {
+function uploadRelatedFile(file, mainFileDhash, type = "object") {
     let formData = new FormData();
     formData.append("file", file);
-    return axios.post(`/related_file/${masterFileDhash}`, formData);
+    return axios.post(`/${type}/${mainFileDhash}/related_file`, formData);
 }
 
-function downloadRelatedFile(id) {
-    return axios.get(`/related_file/${id}/download`, {
+function downloadRelatedFile(mainFileDhash, id, type = "object") {
+    return axios.get(`/${type}/${mainFileDhash}/related_file/${id}`, {
         responseType: "arraybuffer",
         responseEncoding: "binary",
     });
 }
 
-function deleteRelatedFile(id, main_file_id) {
-    return axios.delete(`/related_file/${id}/delete/${main_file_id}`);
+function deleteRelatedFile(mainFileDhash, id, type = "object") {
+    return axios.delete(`/${type}/${mainFileDhash}/related_file/${id}`);
 }
 
-function getListOfRelatedFiles(id) {
-    return axios.get(`/related_file/${id}`);
+function getListOfRelatedFiles(mainFileDhash, type = "object") {
+    return axios.get(`/${type}/${mainFileDhash}/related_file`);
 }
 
 function getRemoteNames() {
diff --git a/mwdb/web/src/commons/auth/capabilities.js b/mwdb/web/src/commons/auth/capabilities.js
index 2d3f2f706..f3cabba79 100644
--- a/mwdb/web/src/commons/auth/capabilities.js
+++ b/mwdb/web/src/commons/auth/capabilities.js
@@ -59,9 +59,9 @@ export let capabilitiesList = {
         "Can assign existing analysis to the object (required by karton-mwdb-reporter)",
     [Capability.kartonReanalyze]: "Can resubmit any object for analysis",
     [Capability.removingKarton]: "Can remove analysis from object",
-    [Capability.accessRelatedFiles]: "Can view and download RelatedFiles",
-    [Capability.addingRelatedFiles]: "Can upload new RelatedFiles",
-    [Capability.removingRelatedFiles]: "Can remove existing RelatedFiles",
+    [Capability.accessRelatedFiles]: "Can view and download related files",
+    [Capability.addingRelatedFiles]: "Can upload new related files",
+    [Capability.removingRelatedFiles]: "Can remove existing related files",
 };
 
 for (let extraCapabilities of fromPlugin("capabilities")) {
diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index f3b40f3c7..4a93d0449 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -10,9 +10,13 @@ import {
 } from "@fortawesome/free-solid-svg-icons";
 
 import { ObjectContext } from "@mwdb-web/commons/context";
-import { ObjectAction, ObjectTab } from "@mwdb-web/commons/ui";
+import {
+    ObjectAction,
+    ObjectTab,
+    ConfirmationModal,
+} from "@mwdb-web/commons/ui";
 import { APIContext } from "@mwdb-web/commons/api/context";
-import { humanFileSize } from "@mwdb-web/commons/helpers";
+import { humanFileSize, downloadData } from "@mwdb-web/commons/helpers";
 import ReactModal from "react-modal";
 
 async function updateRelatedFiles(api, context) {
@@ -27,56 +31,71 @@ async function updateRelatedFiles(api, context) {
     }
 }
 
+function RelatedFileItem({ file_name, file_size, sha256 }) {
+    const api = useContext(APIContext);
+    const context = useContext(ObjectContext);
+    const [isConfirmationModalOpen, setConfirmationModalOpen] = useState(null);
+
+    return (
+        <tr>
+            <td>{file_name}</td>
+            <td>{humanFileSize(file_size)}</td>
+            <td>
+                <Link
+                    to={`/file/${context.object.sha256}/related_files`}
+                    className="nav-link"
+                    onClick={async () => {
+                        let content = await api.downloadRelatedFile(
+                            context.object.sha256,
+                            sha256
+                        );
+                        downloadData(
+                            content.data,
+                            file_name,
+                            "application/octet-stream"
+                        );
+                    }}
+                >
+                    <FontAwesomeIcon icon={faDownload} size="1x" />
+                    &nbsp;Download
+                </Link>
+            </td>
+            <td>
+                <Link
+                    to={`/file/${context.object.sha256}/related_files`}
+                    className="nav-link"
+                    onClick={() => setConfirmationModalOpen(true)}
+                >
+                    <FontAwesomeIcon icon={faTrash} size="1x" />
+                    &nbsp;Remove
+                </Link>
+                <ConfirmationModal
+                    isOpen={isConfirmationModalOpen}
+                    onRequestClose={() => {
+                        setConfirmationModalOpen(false);
+                    }}
+                    onConfirm={async () => {
+                        await api.deleteRelatedFile(
+                            context.object.sha256,
+                            sha256
+                        );
+                        updateRelatedFiles(api, context);
+                        setConfirmationModalOpen(false);
+                    }}
+                    message={`Are you sure you want to delete this related file?`}
+                    buttonStyle="btn-success"
+                    confirmText="Yes"
+                />
+            </td>
+        </tr>
+    );
+}
+
 function ShowRelatedFiles() {
     const api = useContext(APIContext);
     const context = useContext(ObjectContext);
     const { setObjectError, updateObjectData } = context;
 
-    function RelatedFileItem({ file_name, file_size, sha256 }) {
-        return (
-            <tr>
-                <td>{file_name}</td>
-                <td>{humanFileSize(file_size)}</td>
-                <td>
-                    <Link
-                        to={`/file/${context.object.sha256}/related_files`}
-                        className="nav-link"
-                        onClick={async () => {
-                            let content = await api.downloadRelatedFile(sha256);
-                            let blob = new Blob([content.data], {
-                                type: "application/octet-stream",
-                            });
-                            let tempLink = document.createElement("a");
-                            tempLink.style.display = "none";
-                            tempLink.href = window.URL.createObjectURL(blob);
-                            tempLink.download = file_name;
-                            tempLink.click();
-                        }}
-                    >
-                        <FontAwesomeIcon icon={faDownload} size="1x" />
-                        &nbsp;Download
-                    </Link>
-                </td>
-                <td>
-                    <Link
-                        to={`/file/${context.object.sha256}/related_files`}
-                        className="nav-link"
-                        onClick={async () => {
-                            await api.deleteRelatedFile(
-                                sha256,
-                                context.object.sha256
-                            );
-                            updateRelatedFiles(api, context);
-                        }}
-                    >
-                        <FontAwesomeIcon icon={faTrash} size="1x" />
-                        &nbsp;Remove
-                    </Link>
-                </td>
-            </tr>
-        );
-    }
-
     const getRelatedFiles = useCallback(updateRelatedFiles, [
         api,
         setObjectError,
@@ -84,7 +103,7 @@ function ShowRelatedFiles() {
         context.object.sha256,
     ]);
 
-    // JS throws a warning "Line 90:8:  React Hook useEffect has missing dependencies: 'api' and 'context'"
+    // JS throws a warning "Line ***:  React Hook useEffect has missing dependencies: 'api' and 'context'"
     // Those dependencies are skipped on purpose
     // To disable this warning I used 'eslint-disable-next-line'
     useEffect(() => {
@@ -177,13 +196,7 @@ export default function RelatedFilesTab() {
                         name="RelatedFileUploadField"
                         type="file"
                         required="required"
-                        onChange={() =>
-                            setFile(
-                                document.forms["RelatedFileUploadForm"][
-                                    "RelatedFileUploadField"
-                                ].files[0]
-                            )
-                        }
+                        onChange={(event) => setFile(event.target.files[0])}
                     />
                     <div class="modal-footer">
                         <input

From 2c417a3db60e5e6df5ee059d623aeb7bf2384c0c Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Fri, 16 Dec 2022 11:32:12 +0100
Subject: [PATCH 21/33] visual improvements

---
 .../ShowObject/Views/RelatedFilesTab.js       | 53 +++++++++++++------
 1 file changed, 38 insertions(+), 15 deletions(-)

diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index 4a93d0449..21498534f 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -35,13 +35,27 @@ function RelatedFileItem({ file_name, file_size, sha256 }) {
     const api = useContext(APIContext);
     const context = useContext(ObjectContext);
     const [isConfirmationModalOpen, setConfirmationModalOpen] = useState(null);
+    const linkStyle = {
+        display: "inline-block",
+        padding: "8px",
+    };
+    const tdStyle = {
+        padding: "10px 20px 10px 20px",
+        width: "80%",
+        borderRight: "none",
+        borderLeft: "none",
+    };
 
     return (
         <tr>
-            <td>{file_name}</td>
-            <td>{humanFileSize(file_size)}</td>
-            <td>
+            <td style={tdStyle}>
+                <span class="text-monospace">{file_name}</span>
+                <br />
+                <span class="text-muted">{humanFileSize(file_size)}</span>
+            </td>
+            <td align="right" style={tdStyle}>
                 <Link
+                    style={linkStyle}
                     to={`/file/${context.object.sha256}/related_files`}
                     className="nav-link"
                     onClick={async () => {
@@ -56,18 +70,15 @@ function RelatedFileItem({ file_name, file_size, sha256 }) {
                         );
                     }}
                 >
-                    <FontAwesomeIcon icon={faDownload} size="1x" />
-                    &nbsp;Download
+                    <FontAwesomeIcon icon={faDownload} size="lg" />
                 </Link>
-            </td>
-            <td>
                 <Link
+                    style={linkStyle}
                     to={`/file/${context.object.sha256}/related_files`}
                     className="nav-link"
                     onClick={() => setConfirmationModalOpen(true)}
                 >
-                    <FontAwesomeIcon icon={faTrash} size="1x" />
-                    &nbsp;Remove
+                    <FontAwesomeIcon icon={faTrash} size="lg" />
                 </Link>
                 <ConfirmationModal
                     isOpen={isConfirmationModalOpen}
@@ -119,12 +130,24 @@ function ShowRelatedFiles() {
     }
 
     return (
-        <table className="table table-striped table-bordered table-hover data-table">
-            <thead>
-                <th>File name</th>
-                <th>File size</th>
-                <th>Download</th>
-                <th>Remove</th>
+        <table className="table table-striped table-bordered table-hover">
+            <thead className="card-header">
+                <th
+                    style={{
+                        textAlign: "left",
+                        padding: "10px 20px 10px 20px",
+                    }}
+                >
+                    File
+                </th>
+                <th
+                    style={{
+                        textAlign: "right",
+                        padding: "10px 20px 10px 20px",
+                    }}
+                >
+                    Actions
+                </th>
             </thead>
             {context.object.related_files.map((related_file) => (
                 <RelatedFileItem {...related_file} />

From e4d0b5ef27bfeebda7a4d6b403694ffe302ba53b Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Fri, 16 Dec 2022 14:42:28 +0100
Subject: [PATCH 22/33] New action - dowload all

---
 mwdb/app.py                                   |  6 ++
 mwdb/model/file.py                            | 36 ++++++++++--
 mwdb/resources/file.py                        | 57 +++++++++++++++++++
 mwdb/web/src/commons/api/index.js             |  6 ++
 .../ShowObject/Views/RelatedFilesTab.js       | 12 ++++
 5 files changed, 112 insertions(+), 5 deletions(-)

diff --git a/mwdb/app.py b/mwdb/app.py
index a4afb3a4b..51d67115f 100755
--- a/mwdb/app.py
+++ b/mwdb/app.py
@@ -46,6 +46,7 @@
     FileResource,
     RelatedFileItemResource,
     RelatedFileResource,
+    RelatedFileZipDownloadResource,
 )
 from mwdb.resources.group import GroupListResource, GroupMemberResource, GroupResource
 from mwdb.resources.karton import KartonAnalysisResource, KartonObjectResource
@@ -271,6 +272,11 @@ def require_auth():
     "/<any(file, config, blob, object):type>/<hash64:main_obj_identifier>"
     "/related_file/<hash64:identifier>",
 )
+api.add_resource(
+    RelatedFileZipDownloadResource,
+    "/<any(file, config, blob, object):type>/<hash64:main_obj_identifier>"
+    "/related_file/zip",
+)
 
 # Config endpoints
 api.add_resource(ConfigResource, "/config")
diff --git a/mwdb/model/file.py b/mwdb/model/file.py
index e3987551a..fdda8c2e7 100644
--- a/mwdb/model/file.py
+++ b/mwdb/model/file.py
@@ -386,6 +386,10 @@ def access(cls, main_obj_identifier, identifier):
         main_obj = (
             db.session.query(Object).filter(Object.dhash == main_obj_identifier).first()
         )
+        if main_obj is None:
+            raise ValueError(
+                "There is no object with this sha256 or you don't have access"
+            )
         if not main_obj.has_explicit_access(g.auth_user):
             raise ValueError(
                 "There is no object with this sha256 or you don't have access"
@@ -406,12 +410,14 @@ def access(cls, main_obj_identifier, identifier):
         return related_file
 
     @classmethod
-    def delete(cls, main_file_identifier, identifier):
+    def delete(cls, main_obj_identifier, identifier):
         main_obj = (
-            db.session.query(Object)
-            .filter(Object.dhash == main_file_identifier)
-            .first()
+            db.session.query(Object).filter(Object.dhash == main_obj_identifier).first()
         )
+        if main_obj is None:
+            raise ValueError(
+                "There is no object with this sha256 or you don't have access"
+            )
         if not main_obj.has_explicit_access(g.auth_user):
             raise ValueError(
                 "There is no object with this sha256 or you don't have access"
@@ -456,4 +462,24 @@ def iterate(self, chunk_size=1024 * 256):
         """
         Iterates over bytes in the file contents
         """
-        return iterate_buffer(self)
+        return iterate_buffer(self, chunk_size)
+
+    @classmethod
+    def zip_all(cls, main_obj_identifier):
+        main_obj = (
+            db.session.query(Object).filter(Object.dhash == main_obj_identifier).first()
+        )
+        if main_obj is None:
+            raise ValueError(
+                "There is no object with this sha256 or you don't have access"
+            )
+        related_files = (
+            db.session.query(RelatedFile).filter(RelatedFile.object_id == main_obj.id)
+        ).all()
+
+        with tempfile.NamedTemporaryFile() as temp_file:
+            with open(temp_file.name, "rb") as reader:
+                with pyzipper.ZipFile(temp_file, "w") as zip_file:
+                    for rf in related_files:
+                        zip_file.write(rf._calculate_path(), arcname=rf.file_name)
+                return reader.read()
diff --git a/mwdb/resources/file.py b/mwdb/resources/file.py
index ec7daeffd..7bfaefb9b 100644
--- a/mwdb/resources/file.py
+++ b/mwdb/resources/file.py
@@ -846,3 +846,60 @@ def delete(self, type, main_obj_identifier, identifier):
             )
 
         return Response("OK")
+
+
+class RelatedFileZipDownloadResource(Resource):
+    def get(self, type, main_obj_identifier):
+        """
+        ---
+        summary: Download every related file for a provided main object
+        description: |
+            Returns zipped related file contents.
+
+            Requires `access_related_files` capability.
+        security:
+            - bearerAuth: []
+        tags:
+            - related_file
+        parameters:
+            - in: path
+              name: type
+              schema:
+                type: string
+                enum: [file, config, blob, object]
+              description: Type of object
+            - in: path
+              name: main_obj_identifier
+              required: true
+              schema:
+                type: string
+              description: Main object identifier (SHA256)
+        responses:
+            200:
+                description: RelatedFile contents
+                content:
+                  application/octet-stream:
+                    schema:
+                      type: string
+                      format: binary
+            403:
+                description: When user doesn't have `access_related_files` capability
+            404:
+                description: |
+                    When related file doesn't exist
+                    or user doesn't have access to it.
+            503:
+                description: |
+                    Request canceled due to database statement timeout.
+        """
+        try:
+            zipped_related_files = RelatedFile.zip_all(main_obj_identifier)
+        except ValueError:
+            raise NotFound("Object not found")
+
+        zip_file_name = "related_files" + main_obj_identifier + ".zip"
+        return Response(
+            zipped_related_files,
+            content_type="application/octet-stream",
+            headers={"Content-disposition": f"attachment; filename={zip_file_name}"},
+        )
diff --git a/mwdb/web/src/commons/api/index.js b/mwdb/web/src/commons/api/index.js
index a1c839282..9f23cff25 100644
--- a/mwdb/web/src/commons/api/index.js
+++ b/mwdb/web/src/commons/api/index.js
@@ -465,6 +465,11 @@ function getListOfRelatedFiles(mainFileDhash, type = "object") {
     return axios.get(`/${type}/${mainFileDhash}/related_file`);
 }
 
+function getZippedRelatedFilesLink(mainFileDhash, type = "object") {
+    const baseURL = getApiForEnvironment();
+    return `${baseURL}/${type}/${mainFileDhash}/related_file/zip`;
+}
+
 function getRemoteNames() {
     return axios.get("/remote");
 }
@@ -651,6 +656,7 @@ const api = {
     downloadRelatedFile,
     deleteRelatedFile,
     getListOfRelatedFiles,
+    getZippedRelatedFilesLink,
     getRemoteNames,
     pushObjectRemote,
     pullObjectRemote,
diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
index 21498534f..a44689def 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
@@ -7,6 +7,7 @@ import {
     faExternalLinkSquare,
     faDownload,
     faTrash,
+    faArchive,
 } from "@fortawesome/free-solid-svg-icons";
 
 import { ObjectContext } from "@mwdb-web/commons/context";
@@ -183,6 +184,12 @@ export default function RelatedFilesTab() {
         }
     }
 
+    async function handleDownloadAll() {
+        window.location.href = await api.getZippedRelatedFilesLink(
+            context.object.sha256
+        );
+    }
+
     return (
         <div>
             <ObjectTab
@@ -198,6 +205,11 @@ export default function RelatedFilesTab() {
                             setShowModal(true);
                         }}
                     />,
+                    <ObjectAction
+                        label="Download all"
+                        icon={faArchive}
+                        action={handleDownloadAll}
+                    />,
                 ]}
             />
             <ReactModal

From 9d0d60074b543b9bd65a70cab43d2d3612524674 Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Fri, 16 Dec 2022 15:06:16 +0100
Subject: [PATCH 23/33] Rename variables, improve descriptions

---
 mwdb/resources/file.py | 58 ++++++++++++++++++++++--------------------
 1 file changed, 31 insertions(+), 27 deletions(-)

diff --git a/mwdb/resources/file.py b/mwdb/resources/file.py
index 7bfaefb9b..b53705a50 100644
--- a/mwdb/resources/file.py
+++ b/mwdb/resources/file.py
@@ -593,9 +593,9 @@ class RelatedFileResource(Resource):
     def get(self, type, main_obj_identifier):
         """
         ---
-        summary: Get list of RelatedFiles
+        summary: Get list of related files
         description: |
-            Returns list of RelatedFiles for a File specified by sha256
+            Returns list of related files for an object specified by sha256
         security:
             - bearerAuth: []
         tags:
@@ -615,32 +615,33 @@ def get(self, type, main_obj_identifier):
               required: true
         responses:
             200:
-                description: List of RelatedFiles
+                description: List of related files
                 content:
                   application/json:
                     schema: RelatedFileResponseSchema
             404:
                 description: |
-                    There is no file with provided sha256 or you don't have access to it
+                    There is no object with provided sha256
+                    or user doesn't have access to it
             503:
                 description: |
                     Request canceled due to database statement timeout.
         """
-        master_object = (
+        main_object = (
             db.session.query(Object)
             .filter(Object.dhash == main_obj_identifier)
             .filter(g.auth_user.has_access_to_object(Object.id))
         ).first()
 
-        if master_object is None:
+        if main_object is None:
             raise NotFound(
-                "There is no file with provided sha256 or you don't have access to it"
+                "There is no object with provided sha256 or you don't have access to it"
             )
 
         if g.auth_user.has_rights(Capabilities.access_related_files):
             related_files = (
                 db.session.query(RelatedFile)
-                .filter(RelatedFile.object_id == master_object.id)
+                .filter(RelatedFile.object_id == main_object.id)
                 .all()
             )
         else:
@@ -686,21 +687,22 @@ def post(self, type, main_obj_identifier):
                     file:
                       type: string
                       format: binary
-                      description: RelatedFile contents to be uploaded
+                      description: Related file contents to be uploaded
                   required:
                     - file
         responses:
             200:
                 description: OK
             400:
-                description: RelatedFile is empty
+                description: Related file is empty
             403:
                 description: When user doesn't have `adding_related_files` capability
             404:
                 description: |
-                    There is no file with provided sha256 or you don't have access to it
+                    There is no object with provided sha256
+                    or user doesn't have access to it
             409:
-                description: RelatedFile already exists
+                description: Such related file already exists
             503:
                 description: |
                     Request canceled due to database statement timeout.
@@ -712,13 +714,13 @@ def post(self, type, main_obj_identifier):
                 main_obj_identifier,
             )
         except EmptyFileError:
-            raise BadRequest("RelatedFile cannot be empty")
+            raise BadRequest("Related file cannot be empty")
         except ValueError:
             raise NotFound(
-                "There is no file with provided sha256 or you don't have access to it"
+                "There is no object with provided sha256 or you don't have access to it"
             )
         except FileExistsError:
-            raise Conflict("Related file with this sha256 already exists")
+            raise Conflict("Such related file already exists")
 
         return Response("OK")
 
@@ -756,10 +758,10 @@ def get(self, type, main_obj_identifier, identifier):
               required: true
               schema:
                 type: string
-              description: RelatedFile identifier (SHA256)
+              description: Related file identifier (SHA256)
         responses:
             200:
-                description: RelatedFile contents
+                description: Related file contents
                 content:
                   application/octet-stream:
                     schema:
@@ -782,7 +784,7 @@ def get(self, type, main_obj_identifier, identifier):
         try:
             related_file_obj = RelatedFile.access(main_obj_identifier, identifier)
         except ValueError:
-            raise NotFound("Object not found")
+            raise NotFound("Related file not found")
 
         return Response(
             related_file_obj.iterate(),
@@ -797,9 +799,9 @@ def get(self, type, main_obj_identifier, identifier):
     def delete(self, type, main_obj_identifier, identifier):
         """
         ---
-        summary: Delete file
+        summary: Delete related file
         description: |
-            Removes a file from the database along with its references.
+            Removes a related file from the database.
 
             Requires `removing_related_files` capability.
         security:
@@ -824,7 +826,7 @@ def delete(self, type, main_obj_identifier, identifier):
               required: true
               schema:
                 type: string
-              description: RelatedFile identifier (SHA256)
+              description: Related file identifier (SHA256)
         responses:
             200:
                 description: When related file was deleted
@@ -833,7 +835,7 @@ def delete(self, type, main_obj_identifier, identifier):
             404:
                 description: |
                     When related file doesn't exist
-                    or user doesn't have access to this object.
+                    or user doesn't have access to it.
             503:
                 description: |
                     Request canceled due to database statement timeout.
@@ -876,7 +878,7 @@ def get(self, type, main_obj_identifier):
               description: Main object identifier (SHA256)
         responses:
             200:
-                description: RelatedFile contents
+                description: Contents of related file
                 content:
                   application/octet-stream:
                     schema:
@@ -886,8 +888,8 @@ def get(self, type, main_obj_identifier):
                 description: When user doesn't have `access_related_files` capability
             404:
                 description: |
-                    When related file doesn't exist
-                    or user doesn't have access to it.
+                    There is no object with provided sha256
+                    or user doesn't have access to it
             503:
                 description: |
                     Request canceled due to database statement timeout.
@@ -895,9 +897,11 @@ def get(self, type, main_obj_identifier):
         try:
             zipped_related_files = RelatedFile.zip_all(main_obj_identifier)
         except ValueError:
-            raise NotFound("Object not found")
+            raise NotFound(
+                "There is no object with provided sha256 or you don't have access to it"
+            )
 
-        zip_file_name = "related_files" + main_obj_identifier + ".zip"
+        zip_file_name = "related_files_" + main_obj_identifier + ".zip"
         return Response(
             zipped_related_files,
             content_type="application/octet-stream",

From 7f6145006059441f676362a6b743095576a80211 Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Mon, 19 Dec 2022 10:03:43 +0100
Subject: [PATCH 24/33] fix: unable to delete object with related files

---
 mwdb/model/object.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mwdb/model/object.py b/mwdb/model/object.py
index 6a946a15d..c73f0b5ad 100644
--- a/mwdb/model/object.py
+++ b/mwdb/model/object.py
@@ -261,6 +261,7 @@ class Object(db.Model):
         "RelatedFile",
         back_populates="related_object",
         lazy=True,
+        cascade="save-update, merge, delete",
     )
 
     followers = db.relationship(

From 0003992f20f2cd440e8dc0b7b3bacf6fa0027eaa Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Mon, 19 Dec 2022 15:38:53 +0100
Subject: [PATCH 25/33] add tests

---
 tests/backend/test_permissions.py | 81 +++++++++++++++++++++++++++++++
 tests/backend/utils.py            | 27 +++++++++++
 2 files changed, 108 insertions(+)

diff --git a/tests/backend/test_permissions.py b/tests/backend/test_permissions.py
index 5ddfbc4ae..cbe0ac059 100644
--- a/tests/backend/test_permissions.py
+++ b/tests/backend/test_permissions.py
@@ -239,3 +239,84 @@ def test_removing_object_with_comments(admin_session):
 
     with ShouldRaise(status_code=404):
         admin_session.get_sample(sample.dhash)
+
+
+def test_adding_related_files(admin_session):
+    testCase = RelationTestCase(admin_session)
+
+    Alice = testCase.new_user("Alice")
+    Bob = testCase.new_user("Bob", capabilities=["adding_related_files"])
+
+    SampleA = testCase.new_sample("SampleA")
+    SampleA.create(Alice, upload_as="public")
+    SampleB = testCase.new_sample("SampleB")
+
+    # Alice doesn't have capability
+    with ShouldRaise(status_code=403):
+        Alice.session.add_related_file(SampleA.dhash, "RelatedFileA")
+
+    # Everything works fine
+    Bob.session.add_related_file(SampleA.dhash, "RelatedFileA")
+    assert len( testCase.session.get_related_files(SampleA.dhash)['related_files'] ) == 1
+
+    # Bob can't add related files to objects not accessible for him
+    with ShouldRaise(status_code=404):
+        Bob.session.add_related_file(SampleB.dhash, "RelatedFileB")
+
+
+def test_removing_related_files(admin_session):
+    testCase = RelationTestCase(admin_session)
+
+    Alice = testCase.new_user("Alice")
+    Bob = testCase.new_user("Bob", capabilities=["removing_related_files"])
+
+    SampleA = testCase.new_sample("SampleA")
+    SampleA.create(Alice, upload_as="public")
+    SampleB = testCase.new_sample("SampleB")
+
+    related_file_content = rand_string()
+    related_file_dhash = calc_sha256(related_file_content)
+
+    # Related files added by admin session
+    testCase.session.add_related_file(SampleA.dhash, "RelatedFile", related_file_content)
+    testCase.session.add_related_file(SampleB.dhash, "RelatedFile", related_file_content)
+
+    assert len( testCase.session.get_related_files(SampleA.dhash)['related_files'] ) == 1
+    assert len( testCase.session.get_related_files(SampleB.dhash)['related_files'] ) == 1
+
+    # Alice doesn't have capability
+    with ShouldRaise(status_code=403):
+        Alice.session.remove_related_file(SampleA.dhash, related_file_dhash)
+
+    # Bob can't remove related files for objects not accessible for him
+    with ShouldRaise(status_code=404):
+        Bob.session.remove_related_file(SampleB.dhash, related_file_dhash)
+
+    # Everything works file
+    Bob.session.remove_related_file(SampleA.dhash, related_file_dhash)
+
+    assert len( testCase.session.get_related_files(SampleA.dhash)['related_files'] ) == 0
+    assert len( testCase.session.get_related_files(SampleB.dhash)['related_files'] ) == 1
+
+
+def test_accessing_related_files(admin_session):
+    testCase = RelationTestCase(admin_session)
+
+    Alice = testCase.new_user("Alice")
+    Bob = testCase.new_user("Bob", capabilities=["access_related_files"])
+
+    SampleA = testCase.new_sample("SampleA")
+    SampleA.create(Alice, upload_as="public")
+    SampleB = testCase.new_sample("SampleB")
+
+    testCase.session.add_related_file(SampleA.dhash, "RelatedFile")
+
+    # Alice doesn't have capability
+    assert len( Alice.session.get_related_files(SampleA.dhash)['related_files'] ) == 0
+
+    # Everything works fine
+    assert len( Bob.session.get_related_files(SampleA.dhash)['related_files'] ) == 1
+
+    # Bob can't access related files for objects not accessible for him
+    with ShouldRaise(status_code=404):
+        Bob.session.get_related_files(SampleB.dhash)
diff --git a/tests/backend/utils.py b/tests/backend/utils.py
index db7cc39c8..f4cd002bb 100644
--- a/tests/backend/utils.py
+++ b/tests/backend/utils.py
@@ -5,6 +5,7 @@
 import string
 import time
 import uuid
+import hashlib
 
 import baseconv
 import requests
@@ -19,6 +20,10 @@ def base62uuid():
     return converter.encode(uuid4_as_int)
 
 
+def calc_sha256(content):
+    return hashlib.sha256(bytes(str(content), "utf-8")).hexdigest()
+
+
 def rand_string(size=20):
     return "".join(random.choices(string.ascii_lowercase + string.digits, k=size))
 
@@ -471,3 +476,25 @@ def unassign_analysis_from_object(self, identifier, analysis_id):
         res = self.session.delete(self.mwdb_url + "/object/" + identifier + "/karton/" + analysis_id)
         res.raise_for_status()
         return res.json()
+
+    def get_related_files(self, identifier):
+        res = self.session.get(self.mwdb_url + "/object/" + identifier + "/related_file")
+        res.raise_for_status()
+        return res.json()
+
+    def add_related_file(self, main_obj_identifier, filename=None, content=None):
+        if filename is None:
+            filename = str(uuid.uuid4())
+
+        if content is None:
+            content = str(uuid.uuid4())
+
+        res = self.session.post(
+            self.mwdb_url + "/object/" + main_obj_identifier + "/related_file",
+            files={"file": (filename, content)},
+        )
+        res.raise_for_status()
+
+    def remove_related_file(self, main_obj_identifier, identifier):
+        res = self.session.delete(self.mwdb_url + "/object/" + main_obj_identifier + "/related_file/" + identifier)
+        res.raise_for_status()

From dc4c9178611d264ec23c4591accaf36962d46352 Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Mon, 19 Dec 2022 16:58:11 +0100
Subject: [PATCH 26/33] Documentation update

---
 docs/_static/related-files-tab.png            | Bin 0 -> 40492 bytes
 docs/user-guide/2-Storing-malware-samples.rst |  20 ++++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 docs/_static/related-files-tab.png

diff --git a/docs/_static/related-files-tab.png b/docs/_static/related-files-tab.png
new file mode 100644
index 0000000000000000000000000000000000000000..9675ab063356e7e7a607d346997d9cca9184c2ce
GIT binary patch
literal 40492
zcmdqIbx>SO*Eb5m-2x0Q!CiuDf_nlaxVyU#5InfMg#>pA?hG&xG{K!=a39?HIL|rf
zed|_zU)6nY-9K*Kp4v4vYkK$Y?$vwgZ$*AkmBT_OMTdif!%~o!R)>Q_<b{KKC5ejs
zLP_|@ehdc(A8I2d^+7>OirU%L$<oH&0uGKT(LYg49wbRVV5C<>n~Hrzy^&BLtb;2N
z_2Y8^D&hO8$?}llBBRMd8U+`Z*ZLUP0c@Ws^m9BsoCy(oad71r8D)r>VSx$-GBGIN
zM{lnamuu`(feK|lzd`s<4Kd0r%$sKw?@tM7q;Ut|;^XsP3Vl=txdB%|;JJ3ei8Jx*
z9l!^41_a<M7~2$9w0DSLoy}g(b>xpqHs=1Felui)gqy^J`VprbCG2}2%jqG@?Z_Yf
z@5`dMI4mus=<{gfn9F5vpK?afci6{m8^;%~H#sp0f2LYgPm#-_M{5V8!t?BxenZD_
z(dAQDHn*18gHX9X(6*Ype(D*j`$DQIA4m0o6X0b>#K^c@_yK>{zwRg=kGcipCu!58
zzx`4b0re@Sz70iS71}5;X?54S?hSPZmcG8%TOXX3Wq9O#_u&L`X2~fdwpS-s7b-r~
zt{4|Jt(}e6E_ZO|Wfd1#&d#VYX-s}A&=voc&PTuEl{K6rUDtUogJkI!wji4-$w|XK
z|MmISS(5xhL35VZaf5^7c=Oi<?_DI}`9ef-S5T2b*~TQm5kMsVVQ%z7B5{||c9(K;
zaIkQ6hm&%(Fmbmqr}naOx2Bd;Q2C%0giQ<wM-8VS{Z7++@o>e<`}JJ!6=ZGn(6;Ck
z3LmbqFZcqxm^8*^S;-W<5(mvX7Vt?1?u|KZye(<Hc7%qDWUQ*3e0qh*Qrc{AG(LI_
zR(x;#k(@3&Y^RHZ!`REy@_KY3Q)nX3Z4e;fm=pc=?<SwZRbOBK+VbC@)2E1{%q&QF
zf44}|;wVY!zuWi7KFoi~Ea<%dQ0dB<MsfcpCzgKalKQuE)c?NoPx%Z;+cC3PV4I`T
zKV4NNs#bYH9tM~oIB5S!F4tGC9<CTD$J}Yod#ry3=1nf)(^|zfZ>f&f+X<fgV#$L{
zOdL-#{HZT4<hTBr37iK<_?)$Vi3!lNH5{Dfr~2<Kj4HxNst-&vkR68xVuRv-@D2&S
zj&LByX4Ti%Ck7hgwB8QD<s{Ff88ayt@`52-Y;%QNRcZdLQKV8>b1sCs|LjVRg)aT5
zH7XDJQtwYJbw>q8ZkohR9MSmzVo>bGq_Y8W%^Yn_ZA@R1BHSX~Kyq&4dnR)MY&91w
z;)=m<o+%O2PamG*Y00O0e<~x9(*E77GKunef7Ho^ADPZ0J2<L<1^&bv*qF6rH&NUY
z)H^6o(Ony(k$F*A10M$sQ0Dz=5vSgwEqFrDnhuP$7H?$lY~1XG!wtHzrY0W%|BjhR
zgvFb6HPjQ{)GQs0S@LJFb{{1ckht}-R3Dil`;jrQStdZ%oC7o7qMlD6zvH_)&`^!8
zv@~C0x)w9%PV&bQ`<`)#nF#vZe|B)3mYv9weC5qwf85B<ppX;?9lVm=JOR{1Jcbq7
zuO!D?WJNHdRpn1l@u)N%4_gJAFmoGD;MMSr-btEi(oKHA`Im_eO3|StV^>3fEpT-$
zHyZ&aF(xtCBN8@^LLzjlo#xY@tC01yRIl8$J&i(2i4%9gUk$ERK8ykdh5K6n%Lp-5
zu~BQ+IecFG$*XO5;F|}*twbSiXE-n%ifIRt&)CI~H7aKuwg9QG^(J8&KD04TJKZKr
zaEreSFJN&sCypep0|oR}GAR7-0f$Hqra_o*@Htwz6M$C2d1wLeX~-B?d*VFm%nbU(
zQPgr|4BwIH#qB4WWHQ7-Kd7tAx+st|L5+2`@o2zlIlwdYU#I;#q5i5+-(2sI4?}~z
zy=rH<doA43ui_gvj~Vj1uIs%gEIlOz;f<g_0;+-T>_vWto2%n#wk>~8A;;$klBOL=
z=DI7$klf!-cW7aPd2niL03IONDKd9JLb)b{ocp;rpnyHNRg(9!bk&oRTQ-s~xVgMf
zezd+$Pr;))0lSc6f_ipf^%h3rN3+GrGWd|iAyM+!rCNi^emZ>Fo~~OYfH>cV%->uc
z*DRs5Y~k?6;=vwBd?*MzlHTt6D!R3CDeG%azN{5`;KIzzLC?&LH&Ty^9O8cPCvu1C
z83h650>v0q%np2P@|&+?jhNS_iX-!hl~|qV6_P2mZ`jSqd^z@1brd6SBP*iK@|y!P
zhIRgk{38)I?cMfG!cD$FjmfY*bD|yE6C?H+@0azof6WF1Ph0318C=%{oFIF|hDGIV
z;aU5nj(2x_nB<fBlGLazn7eZk+1&wHYpu`EkZUkxkzeBBcxCj-7+d6Ov$mC*N@SK^
z<V|XuGoT@$1wAdA!j<-2xQ*>Z9>ZWPWpB&xH*wzfCtadVCyQgN{ywjXDAZ{h6Jjpj
zn)-JUa1f&+e>!Gl7Gh46tc@GJ_-V$`;1!sMzR!ekcWJqOQ8xOtZpLrFSpMoSVU#$<
z^&$w~!s#O{4^86d&w-wThYXZN(`1IQLQGB%p0A}u(*`&LF5xWg*?NsBdfS9MR)_S;
zDk?y5qTJlCsaUq7l&sF$jUF<Pl+w&1C^mpZde@sF7!*9}Wf)<-rE8v3*Jo=)LtmU4
zcB`BcxDPmxpT)xc0=>z!V)x#Cwr6i;wK`wtq}&{EX!Nd^b=i6Ja(yfea92ciGkyd=
zK+^-)VIHZ{#Z--e2MH$_#2`}C@9`FB^{zGmgXppQS~wrr&Uok>x~D;9?$PqZe1b};
zeIeK!nz!8-iBtRi$>mKM=bZnw-ZHlvs@NY<&Eu6GKeeY!qZ;8}M_3{E@zwoJz8xc1
zso5)47za`3C0+N^frx$CohgHYnDCG_?!mds(M&q*VWeTY))Ah!M9oC9Tb!};AzVc-
z<FS{VaM@)U_^36ktOmVJx8k<=a|1;twfz~$KlF8ar0nui#p2ChqKv)5!f^~8002}+
zAH0uge!8l-^kRqq8XHODbQ17%elxZFoa+Y=G^bWIpqQDNVKZ#Y>3+U<dAb}*X49*S
z+DKCG>!n^;IJ!BS2<(55QPQrrCq#oi4bsr-T~Dty%^XC=u(%jtV(OMh9`Cu6#CKll
zRogeD#~b-)rW2(n2we$N`d;nm|8YXb>3qWV^5nFDk=2|%F#6D8w&tMZ1$;TECySc4
zJWu-cdMdom%#Ttvc2s#V?l>69dz_@VB`#v;`t$-YJdYXjhj2t^4cECJXG3m6Vr<Qk
zL}fAPR`j-p(c4pj57d1PaC$K2f`LaJlLSwm#fC?&FN*Ak4;~H@=WYrGlWn{n^1Sl9
zVuR|80=Dc>-}1yw$%|HzC}4JPV^>q+g44xH_s$VXp2yCrm>Jxt)7QLN*ShZc9m(=l
z7He5=jxGGZ-X~!+(sb-jb7vb<doNp%ksh%R?~8`{Ig!XkBxk-FvIp%R9Iu~=bC<{@
z;GxR?V#USeal6w*zBqW?>Yy>=tZunxk!`f8TJ<H$Em`e1NNx~%V`VF>vj53_I;`P@
z{HitXV>y_X_7A#ht5rA#z|njaeJ%{3=AYm)ZJ<OxN5erAg!25vrNIzqb(9pZQ}2!x
zf_w!&xlT56Mg_YFIxPdjaVYwHpt9T+8{UeFzgjMjPw)t!RaC!SZ#WqB+|J;KRMiGt
za)u~AEQdR9rHr4_VN*q39vlE3hxl#Zl)d77IwV}}@L&k^vw6Fe|AhSG*@<t9LlQH7
z`TTAEvP7Jd{!A|MQ#}P4YPG>&eO5(_^9Aa79e?cz@*5k#&ZWRYw>L>pVhBKjC#?H~
zd2pa`r4-M-Ie1j3BhC0R%=LLGaL|9}ZvJ+8W%L2|Dk^74<l*s$5p-cLpidJ+F?*%K
zAY*>V|2XT`-*DAQj`AM*M*k{($7eIC{RXPy*0R3VUe_IC_e-0KjNifJq-$bMOoE|G
z01Cz__VPpzc%%HSEhpIjAXCJOHG<qfQ*Q?~QTe(61X!&g$Yieb&VjQ)x}UG#*7$tP
zR&<=gS!}i^WQ#Z~vbtVCFB8grYEfxssDoC()DChj!Cqh#+w8ZMh+C?rlrBeW;ZPNn
z^m&I}LBwY25s+Zr(dr(5Y>+AB&w?Zqq5abxNlPC{(;$%ndJ&NO2yw!mhs*v+RfTK}
zE6&V1c6nO^jh`Y$K))>a*^LUu>Px&Wq}Z)iRa)59+i|S^4CT4olEs6|ew07p`jDl=
zR<mC9S(*9?^GDM_<+uy&7?|sj3$hdy(cQH9z0j6e)jA@?3`$(DLrD#Ne9=%2!#%FH
ze=Xf7-;W+tGF3<jg<|LkIANvEI9|*l@P;MM=}Unx)nJRoJ;VMuS^g?tmS>`wSj$8p
z!da|VCEjG`=?f{jL_0>wKk>9&&*xuz2HvpMIF;YNkH;BHjsN;p`dvm4Mm1#Pm0``m
zY6yKk8qbS@bkR38^CxFxGC!PF%HY2heR_y6!Y3osllWMQ(kz~EdTR<0vS+$}TrcUk
zJdU{Z5{Lvh<-VC+n3O^w7H+f)QQGVTl;m0Bu0HZ~`+lbxf-AM$T5=oiy#3sUxDC7S
z7C<C{^RV|j@SpX+)<?!Zl=@zm%R^jhI2PPU!$HZPR96<?aF7t~G$bDmPCJJrtKsbm
z=dcc94?b^zHOV4lD3^$xym>Lw=Wss3E}-Qjez+Q9@e+?NCT0onxXYJ35`p`+3<1q^
z+*e9p)u?WHYmS{<KR2HHoa4m1jKom!?nh-__*|UWKj2r#@lH*(oHvn?J$HK<QBHL8
z93b-XWuv7l7f!9VcAWJ)MuiYPZN3%ujG1Y^0c_2eNqIs)<Q2yrZf|qjbd4_Y940A|
zoJ?3if}6eXC57Jc#x+s2@fLb%EgnCmgp~N=+4U!<SgUt6{_HB)#%Eg|-tXh=77ct}
zmx_Jvx+)*h4M4au6!&)LKd|jNqn~nEM$&ixEsrhM`em8Pq0w=zHG6?-)aGyo9~05%
zX-j7`M_k5eGTA1s2nX_qM2tE2nI_(e{W~(1g3Zxx(q@zD2`8w(zxTF&@miKmtYp+2
zxItvueJAestIzw9+1%ro{jE^Pk-DcN(<d>(4dH^gK8oxcC!A)-t$<l4af7pb%<-eS
zv=7wMI{{+ys~sG!6b!Vq=)7@$?51$o{od?n=p*w<$?-d-)X>v<WQcRd_YKoL|9zk1
zr$Ln%a`CtIF$eq{2(=DiRm!`iZt6j~90_dDS0Pie*r0HW`XX^rh12^UBxs6XVjE(!
zz4`e^EcEsp+yQL&`L0B)pf~w$ir61F0RV+zIudEs@8dLSY%2=hhmzxD$2)u1!I%Kv
znCTu;A~qu#V+$;SIKY_k37D-O*>yER`*4L-JBP}KhLpK;H{StIw>yfkNG?Cs!Lw2u
zL{maMrh03=Q|E3$Dc8)G`!K^c;sIDH!g+kCt)mrYDNjsLP3z7%vhz~cK7uo0i9Vm#
zUv5Ek$qnZ=v*)bWc=V3NweZo?=CVQ(VWsH#4(dN>8ST!KDL9TfPL;K<{Th2NVQL~{
zRjf+#KE6r(6^g(a#7}8nXUp{F-gTzxk=ZCw?R`m8|Lw!gt5&u<Yv!e2+0T0eOHGVB
zxdJKTM+7io_$beSUvlRH8XtCo1!CVNGjNsbk(sIxGinc451gDGr~R5bCAJI+HT(fc
z*BM&2+ODmJ5&uy<^Qwld7|8lt1EgfTxs@qaV@DA&+IjNFMu@osmC$H<ru<2-V;Xdt
zR;1?K)K9_ps3&>@heFxRt__(tGi8{z(B2$xcCVONd(g!ILB2$OU`Jh;E^+0iqjC;^
zIDDpfUuu}WuAcOj4~f0+2K%fg37scN?@t&1-HbzcM&+@B*pB-}#Vfhq8nZa)x*&(D
z1DXi`w)%od?oaKI<?ZdCu);~dQSZS^8@Z&p;$o%<!gJ!fVg)s9)*_T0BfgAPl7N_U
z(a#h2p#!aaEg4mYsv@4pj!io<T!78X=2eGW0_|&?W!_bb8C4vL`iK5I|4^JtNQhd~
zhiQFk_uxBQI#07d(<T?A%6%suXeozQmk+mWYes7r{inYjClNUStC{A!k~ZVIO#oy>
zz3p@FDPC)W<q^j0v$9%vTPC5}=p+Oc@nFu7cRR5r-p!c!qWq~S%?;Ma_)RH`Uu4>Q
zH8O#Yet!texcWYkFLx!y6WNytDnD{pQ5B7#%OB^-xY`p|82QIH7APafQw>a3lhFB6
z1QUi;-dXdHVC<94q2*?J-#Q~(GMZ@a)cKBs*+w0LjJjgY7mNIu_1lAT2NG9bL4HXc
zE=;>q(noJrgEDxE1#;C*X|#VG^I_cXPK6+9jBh0|8^CT2INIyTOaywGgrZSnNu=cB
z<FB*~z{X2O_K$uY^)#^~T`n9x6P<(g_&Yb?VrM$*VM?AL8!3@Qdt~M@9q?x}RH+cE
zv;0<{`6_Qwi2$+MT^<vLAAiKOq1D@DZwzw!K6SkH6M==qHJ-%7vb@fBJ!a;1>u>ku
z)k@5O#n<QUz@{7t-`udg$YnmEp~?~>nYcHWqC1!rAfFvi+A$}{bXsD=gW2lp2U#F1
zRiLTxWsy@KJW;1n|2m03NkUUln2ekuJjMNu_jhQ8OgxEzo8dsVXk81FtAT|j7vxS!
z-ta;2<n^^(6L6dF)_LslYpwMjIuW};LE6`^L+K<ho|typ!0H1&x*|(97LWeiKs}pc
zl#*cJFT{ZJ=cfo&iu&Opd9WwBXd0o9ij>H*3qaVL8p&sAXeAx27I=vweq&APuvpB0
zHE!L8rRM)Fae={gWG=0R*UsQuX7y?uflwq;Fye}ts8xmv18v<xqdPrHj$sVxQho+b
zG(ezDY<$p4N7qor8RpwZj1BF`BN{Q2;}M=II$a^OcgVQmrAd?~SdNNf=#<Q|um7Io
zio%oih?ttfN31FMDJ4w=U@5AA#-J$;zQJr}$?x3y0T6Uy<FmU?&~pDOwFTd&GBUtn
zHPRuFX`rnzG?fOgVdeUJ8lBS5j2FuRHeW4fbN_@QDqNBk+O^|$G_5qW+8uK1BsOwr
z%p=w9$~+~zoy2PuXpS0}DBIj*=e^yCq$zC3BWF0OWrh9yVnB^q)HWaBVvy;1D~LZA
z*puu;^=&YDFkz3k75JVoKCpw>sM|$ZacLqteqzITa)4|t{H>8ebm~V}*9|;krD26g
zNps2&Rf+~Os*`D&`$BB21%rC->oGGsH-k<CV&af_4rr_Ed-Uv8-^BDQl&>eES*(`h
z=BAfQz@N?4;wcBx_rG*H9^R9fI3e#CxS?s>9YKpcd`A5s6z}H@6b7SqG8@@30fpG@
zIoTq!PGI|yubIhv`lsCS6N^%*j3FkxmVd^XObEWr<o(w0BQU&R!Eq>~v%ixcQ=}z#
z0L6`JFM8Oi0WBzR8^`#<*y`nshGNEjI?nt24lA#c#2#K%w|L_>PWbnv>B1$CKZ?L$
zmFYgEfW@o)z8PZGqW#up9X<c>6b-i{NQ#@a(Jg5W2OGUTJ?}27mh;}cYhF&^m&uRt
zD`*E5c;B5t`ky;AlvANU9uv-6H~Q*cOYlWdy!(1295*6&dwUUEqLWC)PzFY<&Y@H)
z<jHIM5I~8<EtSdDO8$I>@S2>ZpitQTM&F#y^*GGPMAI9|N%WE*<-l}T&=fh{-vV)K
zf^$o9zNhS$1tj}i=mTZH^6{_2=o07O>r$c(^@ZXI3MF!P!g+o^@LT-Gblf**nK3S(
z&$r#28oEh=Wja6W$eL_jRiEAFh3@$%g%L?Wmd<0hpdlYuct5p9ltjJ3t`6OB?A#uo
zD@)HE;*Xl@3f~kE1d2gS)mf`~D^#N!xnijai^(?WqsFphN~4P%c>+7;&M!8pB_D;Q
zdQ0e4^EKmjDg#IvXfrmQYetb>e(FI6E&>57y`d!H?5K(J{-Ro=*7I}73jfHO1>QjZ
zk^1Ta=v{g?CJ7AJE60EB&@QI%O&1mTPFdCFe9PWL{0xvPWXh0!$qr3!&NnkN!F|((
zbwm){Qstk+Z@RbI&6>9yX1{76tqhYKKU#|`%HQN8$@0j7nuYm1K<zHk-tU>EO#JSZ
zkt!{qmXa<+;w<P+h|OS_;p5Zia^N}Xd?JU7mpFeF5f#l%_A35v5~1fU<}X$j?~P1i
zw1~cr>pQp64r7*?nZ}Hdo=Y>6gIjFu0z>3{N#dCxz#N7ro6hh%aFO?bEB{oO%a4XV
zeqTh2G14^l)k#5|AiYltMF_I$_`_qNyq4-b3ShQ4Y4xP6B@(nkhRhaKKEh8Qr<2fj
z8ct^fw4EpAt`n16x9{|BW{<R7ekWAkMbaABo;NjY8PmTb%Q5CA`|S9m-T<XOOIej@
zwLMOz{a2Y=UyA)oZvbm}aBRiA0m)z)tI5<At?AU1f<2Q{b5fO^m&P7kD3gA3qQ8Uh
zACaToV1ZMw6SbOkhVAOnA1sF(h*8>|K(Ycyv0d{ZGZEZu<<GwOb!keaZ5bi->;e++
zUDeg0H4;$Sc<Y=^x0h&yoapM?dBLjz6HHhgkw;@An55*S$Zf3}u=Kgs+la5pPNU8W
zDcW;jve}7$HJr9`b*v<Ng!TZ9u))vh%SFs|vhYoYL;LR%6>-+|?GJd!j30(dSUsHu
zjq2(sqC<bWFEV&@=TaA;M3u%wnZOp5+aQ+5olv4KkLxjgk)Ew7p^9uOCx^x#Mkn5`
zpV`c;WB_y37SF%7?0-%a1g2|~#(j_AuQXmM5Y}&wlgdu3YwMtRY@;`pb`#2#r;gww
zJBVOj*s|Bp4yn<auw<YYb@BILy{dPy!uv#na;S@4X$bOc7R&uJHgs_BKCsXhoQi@V
z=$KJYF>-TZJVN+gqdrc{P`^jDo`m0rL0~n2?AlNwq%N0$3%)@`4cUvyWUC{Vyt1*k
z+G6e3r^ByDvL~1rs2a6qtbQY}LJiW}>Q~rSK1gS)9$~AM9;7w+T&j`^r)N6&@s#?L
zjO<if7^TJ@EFvnN34U004sd4H@6PcEgSTgtd@4R7k5OXe?LtBpZF%SEe<oZLpew6*
zk_g<|uW?&55O6+95jXD#d`Wjhz8GvaBf;?0`mobBooa9O`_6TIZzghH1Bd|@=l9uL
zZpVPIvuYdQ_VgA5=g`H+L^^8p&b<S^`#Q%YZ$@4}MmG7e<PZNcm3%h8;?V24>x1Lx
zfb5%I5oto3&R}5q!{MHBj&}Z?4`%80Hg4ju&b!I2uZ|U9A@RIv*yS`IA^@F7T3S~%
z8k4uqAzM|)!8-Z%#7h)jd`bk=<N!3}e7-%P@_vS@wQOc(*N$Lh@>}5V*(4e%(XLeG
z4xXC5#2N!`I`6shmre(x<InTEAA<tkFqkay7u)bxFL@aBHAy`?9=-SsLlT;C7P+z-
zb||y;#vT-N%7EdE=xBf~A?z&4AThcmhmdX6$@O5~X7u#3hd_TIIF&C#t<z#@KEsN)
z?3zoqP<$Y7qu44Sn(_^Dvg7+LZc@b`;TC4q3x53{2zcF4e+XyK`!&^;F|@H%Xe3YE
z$=p^NA!@srUr~YvG%Q^M2HZM2dF7RTIR|6+)aGIkO`V;;(yY2AWH4w2LKYVp2$U8>
zkKh{lA~+Y1oB?bE6|nuH@bWAW{cgBz8QN{+HCa9yFFroBF6rKN4{Ig+A;}i+;59xp
ztb8p0)bbEDT&*o7av0g--mBjAHxEB0dZYa9>(>;f<BS+&&-saogVT}FTkqBP=omO&
zOO%r}*O4cd8?zrNY9k|~K?q}NukCK+zw(x`l-jF<`!qGD*N4vtrY7&Zs%_L5h?iVy
zMQ0TZs7V7Pp4wPgvfaa6Sy;=yJ3MlXTK!&%CJ}MvO4kn*e_E&UbkOc)%s>9oSl@<~
z-SpP4;&<?bU$luxK7CEVP_ZsCD5^*$9WvUo``*^jCnQyF!rHDs5tr;+B`vVUQ7AP<
zi`4xB%ok3QO86<_I!r@GhW>`&0bulAC|8%2m#5&T4e-j(k{_)LepwQ0Ms*4*jRkK+
z_At9sQv;c23y&k~{SsGp!|tq~tld5Qc>*%0waMqxN%pOyqnchquvbb%`{6e>5rU;X
znQu(iuP|bj;_b3#9jbi!;LO1x)*6dizZ(Ix8k1U923JGtDSyEotfTksbX4I7U*_UJ
z)t7MVhr-RM_&x)k5I2rof5i!L7b|&;K@?u%I2l|FX%^GZm@eh-Jm_2Ph!fk1xJ2oi
zPQbUss++DQIdVInl5%jR?3WalmkWkJ4n@)EQ%dE)m$+Yu&eoL`RBwI~SeSdq!b%os
zYrO@%g&p)}S^A;pjCM&p@vH6ek_04eyh=$A6W3$ay}U6?nk~Uu2r}r%A|N^WROgS;
zYBphJ>?I*W#`sEX90m&o&!yeRvG(KQ361q(HV4#?wI!%{%Az+Ny%m9H3hy0dtzmo#
zR*2`vXLsNG-(Bp#V|v{Og-x$v(VsDrV^4M35g*^KdiiWDq_-T;`t2^4AsFLk8bX~D
zOqQ_yg{=}_@@^k(2&dJ$O#medXzg2U2KAYfDe%hya_nfI&UI=Fp8BXeVv$BhTI{w}
zmMsQwSDSL^=~Xxo`m((}X0f|&bJ2h&e$dSOWRMpx%%eRke`WrBUS#r==a6g-5_R1*
z!HNatuVUkP%GU!>5SWi0G%VncX+W16U)$?U%od34B_@8U6G_A)j$yO|FNsRDf7!2%
z&J+*M?#c>?O73MyN-}?+X|PtTOea(v9>RBQ#d%X<TdUM`eut4y2|Z>>Jv0=GSYdrb
zTp|XZFy6kMA@{c7qi3J|hKU?JwyN@@_H+_2K3{VJvu|^Yyho^pu@m33_Gwp$91{VA
zrT*z4AtB|fg3hDNcNz7hd}j|V5BAA%7dzY1$YHwQR+9di*^!ZSZ##E6mwzocH}lM$
zCd>y=^K#}5hHjK(bhdl2c>Bm~x%jo@Jk&Vy_hyln+bzpmH@Q%VL>S1faVP+NOAkwf
zON&@=m0V4et%sGVg?<;c6%(Zk_E2*(!zUX*W*j3X;TKp2VmY#=P31PPNV@(>T<M_<
z+?IJspuDFBY(}hg?v$QYtQ*CP`+uiU`-DZuz-X+#04OHul1?&{()>i>$VKvGp4935
zEnpShNgW^7t807sW89gsvW93Urt{11r<sn62YYk`er<{j&ykBE+hyucjr=Y!7r^vH
zw6Qnrz7s5;qDS3>l~VgSRfQ?$#k5z(;Hbhk;|X736p-yP7K$VLr&ZtiofZ13PsBoN
zYN&ole^9!!-^q{o&nnSvQML!<Nl>gTiiw-BJWi12wuAX)9*urxnk>1D=4@yw%fnaj
z4wXH><|R4w$%3QAnPT#T7CsbbPU1~?zclAtAm7ofSRPdk<)m_k3EibgnSbDe)So&D
zje*Exf}PJAAIX$l>xrRX{58M*jsm}kv7IZsXu|aVfo9LDwd$a`Gt;XRg?*$@rhl;j
zzqT7My?`R)u-}(?>o+eii*c3;zWN(vqfsl{99=?MTBBMGss@uU5K@37lle>TS@DEJ
zXCA9ru?puU=4rf>r*FTsJw{BqQy}q}7Tou~!;rJd?Pk<T1lzDCz3)5i(-U~@^h!x>
zqm4u4dXs-V^*6v=5WBP8{N;60WHL9y_2Dd;yX`l5u1`Iz>ntpy$JcGh*@_jT4X)Jf
zNRtHW{n;SDV%K{Y=WlLi1p;+%)*OVmKi^5QWn9Vycs=_+9C|&QuVzbp1Kn+HQrewW
zo>Fc*9gP{S`Gl1OK2ij@KgauQRB8F#{9$9!dQ3i%fNd?OU3OPn!VCbsPx@_E40tDv
zwH;_b4@45gnc>gQS)DOCxw-j2(OXQ18gN1P_)8gWN_2^11n*+Vl|6IN@}zy^D5dX{
zDC{4Vbs_4VZf`^$c6fZWQIa~40YqK>m~CDPU@HKf=dNn=g?9&opa-8OQlH#IAF!Ns
zdsI+#l+Kk<<eSmSn~2Pu=^PS{PkQO~rCiCw=_;1;CH(z<>>YKH<{ng|VZ_)pBbbQ|
z76KQf<E1Yk8xU>XIqIM%MxBKcB|GfCP@^Ndsz?WuY9*5nC!>x8lVlZo%0;cF*LH2I
zRzA_^?C@%a57B|RIc&*X1@x`+{_J$%F0S=(XRp8{i=o)Y)MsO8cQu^@=8=*%%YQ$z
zz3sr~PRX5g97z;TB6l^JcyYa1Z=?1N_Da0!*?C+gx|gft=MiskFEh$QM+JH_;mF=D
zHG=Urk_K~4srk!SJX7<_L$VB>8fI#uDD-e}m#pZ1OehRmWqLo@Tu_K)#LbAzC(Ui{
zZtV>Xeaw}w?TI=W%1F#bJDgt~?GI)wuVLWkCh|z7PeGzhwkf`%l$^L>s9DPjshMka
zSNobHZ1(4#w?$**67j;5d^E*m#X6rfe!>hAtM+5AcGWx#Lr8mL{k4<XSdhD{+P>Po
zHwFTNnmzu)ib&!%JcvvRvoVE8i@^0wvlzvq1ja$jS{+5DNJ8IG<W3TWlZ<b2QB#S*
zA7ZY;DdmE-`9w_7682#iO12R>#Rz!JBYY*F02)5WuVM#HkP8x!&x-nK=9fKsnkoXZ
z#Q`%oM`}rG{z%RI-*g0MxTxUdtcSHHLjqbaJM2|)5J?UM)I;04gc@#{9ZM`;<s&Nb
zQLG2+1DUgeqKfTuGvo60SjYBmbSu=qc>CAwkeMbt8GqW8&9vZM3E0$h9oAfACMzn-
zN*M^uz5B!1l^|0iI$<`^H3a?p>iOa1@QtSd=Wz=Aq`{1mO3fSSA*lJ`JrEpM=wt0_
zZ>_$gsww`GLt|0(&p=xTOh;gTAjY1ec|-W6$`AW`l1nAon0jcgx-GOUnUU-9PfeZY
zqbyOt4YF9f7syOUFgyrcKQz2DGJnolpjJZ(e7G9X4}f9j`9Sy{TwDY%X(Aouf@82r
z$`GYYI<Umv#c*2FCQQ(DIFKksIhAM?g9Zm!nQi`5HJWa@&W17a4zidHCpqLhz<sWP
zc+IU0b)Bq&1vs<%*}by<lMu#P{Z;ch&TRJP<J+~jrN&R3U1LTJYv5;nKO`?N<$mUc
zv7891b*(_3?6DxGin0RTSKR&pe+bu~WK&p+hh{2KEi~CnyS4;-8Tfg8Z7}R5P?uKl
zX*$%Fc{y7y@j#;Ss4dKX9uG8M;Z*4VUFMrH*~yrpQ~}89J#VumF;#~nkLR*>HC0;h
z1SUZxlgZll*5L&ADV?YBW(o{Q{~N<GBdc!(_y8Lux+QdaK`g|&nUPnu($K#o;DjQh
z^hV1C42yuf&M(GkDB7@#caE;&xtsR$o-MWzN5Kk)j|W7%SoNOt%?5klr!f0lbN+KT
zy;8kujnSxu{B?;y(Pp3<I^@@T{+cD#0C3Y~XCJWengl$pFx>CcgY`L~{mG1I^QV1H
zjEs_2?TbAVWSjv1c=vYI_rjW0tH$msj&iJCnER2;i-&@EuC9!o)BJklI-|X!m3!ah
ziqj|kIu@qfar~L%N_d*+$ONVry`X+HOLal+%7666>}+N^`50U&-jn6EQ(N7KbV975
zip4WE6{jQ1csuX|2#V-1jfHe5XmQaB5%KD)z`Bk)?gtfJv&flN&M53LU(!l?<Bar!
z#ol0AOLkihWjC~(Z(YZRO&N|;3@+!Fe45DbHK|6eoMhTTHEWGub%qHtJh%8_%F#Y(
z`G4sYYP_&3+ih<`eo0P15{3(JI&rIuep06+Ik8)qrDAB-I$kYtdA{bYCX-ReoDWh&
zzj8D;#1^C{%WP*!KCgKq-TC~Pppw<f%Mjjk8y3};!*?=1NG=f`?Ff+RupnULG@b#U
zxYm}Z#veFR%y_^ssRWWE9X4Q@9KGeHR}PO~=hC;$5U!r+J02jo3~?P9PUBxe?)#-I
z!&XaCVTXu^!DDPIys-)bYvZ?$UsO&+!E%1*+Ku18Mi;LQd5K~dRjh67&E(fS%^d3v
zk(Ch$J=c?wSRpdK#F4iR-XRMm8m<53NN)JznuE(dF2tT$mqjM~g<5hL*93dJyt4gN
z#__b=z>msfDd)>?rZCYzcZ_6@YY!Tod5p*N*4d5BzeI}96!rFQ%=&+K8WC6KAXSdn
zY=3P{cAJIS1W<+JSWndZ@PQ@7^LB60HSKkW9<DT69|n)7KO-?sEP?aRuw#2aoL_Qf
z1@PeGMXJgwMy!_P#EQg$z8O*|s9u;Y@webYFKfGNQ>uh+y_E?tLp~T#WNVFCd8u+F
zbF}2N+#vGszMv|c0u<kw;Ke~F3;acnpZ97O0&Bl4{$g46J4Zss-j&NQ*pcz|hBE;d
zc<sn1d?ZE>!E61Y=wpFp*L)P+rtp5k92AaezTXc61I2MM&tBjhOb;FBSU@}@>_DUH
zwnm)x{D9m~TP4rRktBOI{dYh{eGXjAytFO<`bunQ>mw}{mBbyl2&hDjL_nZ_$KLt;
z(&$mYSLWSsnmq6A0iuPblKZ#EBznEk6KrqR-WBqxp<=c@9OSfLTjUw&gqLUk6&atH
zqP4TxWwmZeG+``$H;J8`n~9EWKgQmJ9cGiBsH)<?-hH!@4;viBr=pTG`N(b5dCQTM
zjPGJlT3PwxH{hPcgRqw#_HhCsk%5ny*b7Gssmaj-gG+)x=>XVfx`{N5faAmy8C8sm
z&oyQ<`yMP`IVInsyawC6TOZk#zjuajrGJMRC?Xqk9NB2aac`dr+xu1&jFvbRl__1q
z;gYgRq;BD7J>~Wm)S##>QS<)Y3#e>}gurroqRFO};d2$ds<|o#1_Gn;6tfT^>y+_%
zR|q)^yV>++jqwscEI^{*10bI>`~^l;;A}n~-QSO>KS%!>8+r|{Gdce(tDF^i(AK|R
zq-II9Fw7iUZr>5Ua6`n#dq%l$g(?<n2}hWy5yguy%pLIOR)2%HrwTfGoI0A7KDEh#
z_=2DrQ<Ci-))y6{j5oop791MH5jX!-_x%OHnK)IPJ4p*t4(6v|G*1#_L2KuUG2zR6
zJ?sMO*GZ|YTJHge0k|2`Y&HbP6TL)izVEFlDo@2I<Ld5AI@%&TAk*VjH*$|M{Dm!(
z#z`GvnHT7Wo3gT*i24W5R-kL15eea2X#W0nI$)h_3v5GbEr@#+HcT6t;y{#rhGQy7
z&O7wwB`He&f@#~GtE1Td=6!aL2tynj)DbsW8c_a;%2DynT?Q{)>)hgB;NP%n=hlg=
z<sX6lZx2Q?p*wTym%14<9G`o7&;j1T3=rMy!_n8iUgLc)8GBzNpl51Ce#6m_dHzBs
zbEutz=(`4&PRqvVIXk>OBdOc&D6ai|iNx)(e~_y}X1Tr@CV-Z>Xb7LPD93=>Ydrmr
zA({3NK~-}MOS;oij0JP6!awawL`_q`Z!Xda5W(1F|Jks^H?v!U*p~G&&N5gpH$l8<
zPkKGx8vP3{%&e3dGzVM;h1+Brzk@+#5YuOj>2+F~5USy;gKPlPVIcP*d55M5SvN5r
zVe>+DVr(-~S*Wl6Qm<nD%N7*ez-ViGevZnQet!x3{-<rm%$gD?zeOYsw^-M8H2Y@4
zpnFM!urB*ljWL5lDt9?4*d`|%5u>^P9`eTUKp4x-`~?O&SH4yp{10?DvEhC6c-n$J
zPVCmpypA?rwIpr@7jP}?m0gH4MmziCV9j};En#;~4AY8;r5ZDlqcQ0_+wd&xxLywZ
zyIFcZy1rp5e%6A5DWadHUG0TGo6@G41aFzPAg7UKUVqnU=hsdfp3MQm-Fexmy*T&<
z39)naJ#cf*b(jdOziC@KlFq<U&Yji&J*k8ezR!z4Bf<|_Qp63V`%u4P447yM0;Ky;
zh>7RIqyyPV9Fo2abw?{!aAC%2kGra{q|eAYc9&C<{EK{Le^VrNqR|y^1Ii%=`!0JJ
zEGJ;B4kaW`uth|JV`99~L?S?OZ`PP`qn7ImO>)6Y#s8kHOwp>=v*LmfNCgg0))>hP
z40fqOciW{HR%!%>y^1b|kNR&Ma(qdnz$AdpILEn_z*TMe{5wPl>A$8>Ow^h^92p#v
zhDp>l<PiDy_(OYOO}u{|CI9wg2F*Vc{wQPe&oTKbO&Ip?82F$58;Py?f9U)ImDU=d
z{%4rq@5TNfBC-ERu<idJb>4CJ<?S_2I6HH-wYB|e^$*Tj)h(bqe{<6uD85GAX7IAb
z*X~STjJbw-Lr@eH75h%ED`fvYFWWEom6n!%GidiTvi|0>7)lZr7UnHV`CkX&V_|V|
zxU-<Ltn46hlghdK-RWP^<o~qq(Q7BqeI?P8h~NHU;Qt+t|BsHx|ETjs<^zQCZm0Wp
zr<+QAqs~Msg3IHVxhy7?;)!9WCc?k79wk}fh3-=Scqb!+B(Mw=(Q9_l!1_lVMDkc2
zaV3|RmlL7Bwda4jM3;R$0q(=)Jc@dN1dqKtUpI%XS{<QC7|(ygX;^VA3KrZKiy(Ro
zhVef4XVrF*|Gf{czGpcOR4w)8Q6n6!8F-+G+=uA>?Q@XA+E$g~_1EuYr$@v-)*BAM
z?qZSIy;I1cK4m*ZSiEyv?8(K2c5t|3P~Kz{Ypp;->v@=+^Y1aw=tU0tVjPy5+@4~h
zNuMR`cX9IqHhw327v*C--*9wi;!Y*JGWPB8uBz528ACFqoAlc!yqNWR_Ybc^k1bu#
zssb=;aPn&)YM6#2LarIZR-r@L&z#5YmdHP3<ISdj)|@|<%&L2iax-BMuu?)+M@qO%
z4>c{9&rnv!uqf(6^;$F21AI`3RYl`Xew1*X$4Q(SI^v?%-Ndg!>W<()KiukaWcY9s
zKd!5s<x-R7-{Z|03FrR)0p<a2Y%QO)U(Zw6&u_xQ2j^e2J)n3QapxwQF>tvqzvbw-
zHNkrKPk{tyYG2G}&4xRg<A-5W;pIyvH)2lnW6&JL=kosHB9}JDGR^C3ZM$SGkOI0G
zacd5V=s5dv%m(z|gM8~3>N$|;NS9MAIqe~H(`h{Y6d+{H+I@Qrs;oKZxw;SBp3SR^
zxfwt2kho`Gz3o;S;xQPF;a<LP*2?TQr#a8>%69ww6h|f2o=u<%!qXiCb^B(|XXl&u
zCf%~-Ka)P+ULh`4%>E+|)8)thB*!z{>;{(bT0RsG<quz<e_ntU-&R`eu{vo8JsNiL
z(U5i9te=SH`c)tIpIxV`!!px_Uyu2v6CPEsca5~+Ic3pZw4}6i9{dp`8XEV>C)V=V
zD!#8N42(h%EyL{GB4S7#gFLc>_c`#C*3P^8zN$v{0~nrElUty_3=a)`Iw)x`F*yy@
z68a35<_)w%9O(bJ7<2M`viqCyn@XD>@p38!$M1W2AH3}!b4X+{6%>%$;~HBudV7OO
ze|bHJk7&JR-u}Q>M^VA#MZNV^N6J7EJ5{nB`==9d`MZC_RcvIkhIc~Wq$lP5U~0#t
zpk9ee6_l&)OnX>5VOc2tY_4Rd4kAe(X91Z_!QU56Bqd&?Z1%+5JeKf}2oyVeyVicj
zm_m1D-nZp-+L<kzWK#Bz{25A@G8t6hJuR|K$RwHCtb<}sa}f+HN7HvsaQZ+|LQeDg
z@0JQ1gI=OEg6jhC<cf;e6BZ^-W7J~;Uuwi|y{he(Mmy!~5kPQrV&wLMD3-8>e2&8F
z=f~V;St~p%;nyABjJ#_eYWuv5SFIWMR2>=jD{x45M(cqm_eM{D{Q0|caVuE<(PBpE
zSO9CjfI&kKyj8EKUoVchx&?wKyNpO0x7TBV<@P9-LcTLR$aQU_RgKjJzIj6<FS{`_
zoLREUk+;S2l!)^7v7%B!Ga_2bU?5<2++eU;xJQ|mZ(-f|1$gJfzr1K$E)U76-s{g?
z|6IA#D!`8`oEeWhKi+{eTU)~u`jQ;7T?$96i7e3l4{ZD;7D{_LYAy2wS=*54_6<g%
z>WZ+DV4=6aRX7n&*lT|L5;?}^)YKko^jMvcFX8+qeV~bkz5oFV#-_K_0llJV*~h^#
zd3dA=aJ`fwuk?V?H<w(0t+-hg?2)(p6FYY{&Us?;pv0f&cCwKgQN8{|CUBOmSF>>$
z<BtDgh&#$lbdafSAhgWb2kyi_Ts7Y_V+AqNWaDW)M>)lRs`<wRyFCLqPI03deb31u
ze<{7vb<b6kxEJjXT#tWowzz46O7grzS37;n82(W>59w#;=X=Yo=fq8&yu$xgY&Cl=
z6G4*o_+Qmo|A&IB|Bq;HZ`Bfk<m~JUv47Q`#eXzy=M>B6?o36x?U%n7E1xnvJbe4U
zxy0lJpZTBmf6<SyQdDW_akkzzTnoa~>1pIo04wgmocNSNX&|>D;a~Ptj>}&LRL;9#
z4;t*(<lh}^@iT24G^wrXqRMUmBKTWoz51&lNeF745&7b+6;^&vYAREpqwlZa8h2Gd
zgZ)%d`Cj>5J?yU&Zbkl=GPO#`TKpD_X_JzITLY1OA-l?||G!|y{qObk%L?O;hG$N<
ziM-8}HlIW4jX#LoEST@+l%L&xA6-I_ee7m*w+YCshpQ9;+<Lj%n@bGub*eqL(Vcne
zP@k=|*`NaLVt#GA*V(CI^YQV44J;+QyI7cB{JsY1se_|r?plh%{_^F*OQuo5LE_8$
z9pkYed4z*xy#uP6FvdB_bcx;xM!EN~Q+XIT;^<UZL0%ETcwdw#zx?*<!<kZhZkE`k
z(M}J%c}~9w5~vn&&CF2;Jj4$L*q!cRK$eUoLEc*tT%E754bi%uEs;JpN$B<^S3tJs
z;(_)K;=ucrA-DWxA|%ExUSRj*p3}4WOD0&gMIYFaA3^zmkV#UdkLpO%@N^yUS?!jr
zJ11)z;Mi2nW%uMy6<Bu+sav||_p5hj6@Wd2;GADwDGKhW2lz=5c0a2yH;V@dyy@g$
z%D;t|VD5_B=@NTgqgqAl8s2u%I^+RMzm-y7!QQ>#@3>+I*fl=f<+^5^X|-&NoR0N3
zco}&;NigB$J)AMueYi_zdiW;SoUdy_K-G=ZoK<^HEB?&a_wj^t`q!nAiEK*djkW)q
zTa-jNX#Ea#37cy|myLX3B5<!EkrIw^#@G`Avs#}$`U0PZRu;+ijR5HXc6lC8wR~0R
zv<Fn{OxMA8v)Qek43><??D~c*Ibus{E?HPI%DElDKWa^C4%bn4OLwILaJ&%{CHQ(s
z98cW#Gornu*FRUct7BQWW%t?m&&ugz(<P2CgpBvwijJ#kPV<g)0<7wH;)%wNW=69J
zzGdZDM7B|g&YXYOW%$+md^wYJgmCz}I<8ujhpYD)DU;|_o0w}(j0EOznp$(U0Z@kV
zd{NkqQDfDFGdSMLZ4w?-dpg)$aNe5S0-IGLSuWm^6AAzPn0$~gzr7RK9=BTMsqQtL
ze~;gANb&&P!x;M6!@l&3&j`nLT*s4!hSsWCpqc!*^TB6ffa{nh!xQC!wqh8H#PzV|
zd}&}c5ij<8{iSZ@bm8FKY@rDb8Hh^L!$m`b?fWw%I-;i;Su(1io;Zwzacg)caS*oX
zM~hXdbT8Z1Rnjj@YP#l&g4`V8)7(3;6VPS!ED|3+#@kb0P>U#j^E%)GFxrlucQ~g=
zkOAN-rNR^rx%xe^({y;(<;gC(Lbh)UX}pFsrGHy%HrXeJX_O=JM&ygF)pWB7k()nQ
zY(v1DM`W$2q!%B|wdWQ?o(E(Sk)EI6mq~H9BGyYddq17@G}(PS`pDRufMBR`e`M~y
z2gLp%hb^*ES2Utk$H++hCAjZ<vR>k~{_*YHGnd$K0Yf0ggv5<kz_T_{JTMSb;iFID
zhI46YO3T&4&ng_wn3PrJ%<A*f7on9&>RZu_?Bu8Yh_#EAqSbp=b=uGjX?)}gL@s2R
z#C_QhV$0>XbbpM;nZqItOrG*UV!YccM0>5UK}+wmsELJLo*pw<(vK88kXeiZ6z8XV
zXFn%^QxMsg2#GH!0-zu+bFWY%eZ;xK-iVW4gj?JjIA7qaRr{M$+aV+5H9h!j7V6C)
zJcRWEjBm{m1fI#imax47;4ntu2zYoPuxzyx4#ne|_=o2XF|NJ3H&pkcZdriK`vC$R
zBMM}RCAb3?6I-&LAfM>l=a=$j_t!I^LD<P*@ikl!A}U?zs^1B!Jl-Q3ZIq@DAs*pC
z@O-W5$#+^s!Xg1?7IY>Vcr+DUW;DJ6h6F>;okz1*h-egVvqkgWT$2vR$46H)7jo}M
zJG}s{L`}tCjJPoOQ75!Uq3bSvp|_{Us`J^%#{rX7LLF;xuav!gcq)g28=(+hvJ^Yi
z=zXc{<rPBZ`JeFNkFNshg1q1^Y!QCg1>q#rQM~Vtz~eI><`7K66vyK#Ak%b1;W0UU
z?`<YR?iCzC?B0sjRhcUxdvDMMzFX-&zMYUk)B`Vd9L>T!__Vwa`R(+G*s*bDLSesa
zm*Df`!z@1H;-QeKzKiwb65sCwFLtdJ3?gg0NobBS3xc_=#gW@2P~-3O*2d^OQ81s;
z(kM_m*0&i>O?a6s`&jeexw~cPOzrP`fc0uSSPqY{#Tk?{UggX6{31$UP&_cwZ1DYb
zyypRypsX1Dx?|YZCqy#uz<=l|@>I0{r`3j;=$Tw8r-2#XlS|{O*89)g=&e5vBhL!6
zZk^EevKKMCQeHkwmfRd{W~V`?@c@;Px2MKkrR{>OhhheS3mUNAI5C?D{4;1LHMik-
z^LwK=eb;Dg^Ym^Z=H3!1dqcganeMXv!s4_lwTf#%*#!K(=Ei&$d4v2ZrFt%NTa^HK
z?#pRYNqNqeUoHHO)~qEkSx!|kZM5#9Er$G=I`#}ziWj@m^v_Le<-AMG+iZy~(v@H9
zK@O2;{M2G;1JFTUvz34(a%4wwnzx6Kf*@T&sU0U;_4z7&#1(?|cR1Rf_;H1jW5`^^
z3ahEhhZ?7gUR<6yId8uy`gs2sS(wc_nAP80CK*!vQnJ%`gRoAB>Q5R1#Xp#X(up3U
zHQ-1A(Wh-Njrc+&e;DU7KAh*=`-W3ljYEUKxtUo5;P^^F8F#13F4Sa}Y+)bCOq_^P
zP{Y6?pmlXge0LyKn>Zp4%DX|wuUV*#jv*)e!HGx+t3e5?r?Pmv7ucHiDEH0p?9u7&
zdv}i~p|3o?Lj54W>1$891Vsxz8Qgqhm!9v<L{%G$&_RJ%6Cp<QBxFO%hH~1{(d+_4
zPy*_7@wCcOy)tG4oN3Y*<p#dDXFh<Uv=3Nd{awhkwEtoOtSe?@4qR|4P^xH+7bv~m
z6A4X$wS(w9)tg_&m6G>AFrcMTHF#ds6oYnOXPlwZ#fEbJ>H)3woGeTh5QvhXI|%oU
zgN^TVaUH*i!5OxpV2fe6T)(>&n{>JykZ`YBB<bMC0qROFyCs~yW!s0dIR9<Pz2jJM
zs3#*?m9rfIBFYm{Igs}*7+ctLta43-S_nes9B_A#2;Eq?^gh48#^U;kLnn&T?ePVP
z7xKf*XX3jx$&Ke%zN10M+D8;`mwb;xu{jjoR*(jQ@toPI)cH9=VrVxcZD8`^v)~nZ
z<q0P14k)?Z&7q0lRF9gii|Pr8>KGSc@_QZeN)7~#fGmNjVLJ0707|CRz&1dxW1e@x
zx9^_2mpXB8uq>ajC}j$i$FrX;P%d`i14S_j$_*d1F=~*jRD0%H+k_leFqirYv=YzL
z)A2D3EZ>=n%s;aolEFD1tUvPyO(8qbnv6Nhqx`uBId$Q-5YLKyVY}Ib`^lXC9E|zJ
zXN|r1{Mi>a9${8(M4gF0vcD_1+^49%jGQ5N3+bH83@FD_0}96JB(H5lSh#^#gUX)f
zTYM;-v?9wBOZoo2mCPqF_Xf@FE|JVN4HbJ63V=`xe89jG&lwcw#&xvfqQ;WZf2q0S
z6vCjmeEBN5i*lm>V{YB!DJ4~<d`~}}&m)~-Zl3%(9u>Dk-;(GjCr*h<A&(%hb(JX^
zr!(mT<6vD($hn%t`iPo@@u9{MlS@#@m}q03nqii-aw<HK>xtDe#wUh|(F%5Uqf(f`
zAol`jSnjfo0r19=Xbf`0#%SC*PO3O9@P@VUr>dfXt$}b?40-q3_I;N|SCIzm_UIBg
z!D9%$W>}&f6r-Z!JFCw`3@yDlYLXkyyZKlvB_Iwf)uLO|opDufCt)Bl;(=Vx>O0(1
z#)s{Wn>&g%tOXV08HCe0IC*_|Dstxe9kh~(PPb=$wE-4M6dY|LJBOVaiQY~T$jp6}
zTXW<Vq?MUVj0DrjS`RbeSElC(<tb)3Ryz&JkT7C5=_LQ*;s0Xpt%K@ro_;}`KyY_L
za0~7hAXxBV!Tk{2T@D0?;O_1k-0k4*?(XioM4spO-dd^MTlc-S^AF$ROwDxn%yiFZ
zrn|?Z;`WUjFG?n{muwIyocP_?U{;V7JdBjD{?yuu(c0=estQaCZSVxHiAgiCB0u4A
z7RF}oCIQ0j9lJ`2S@5N}cEaYh+c&ql@7=D9h#oACb#_b+9N}3E^cUygXL6lP+xlid
z9o(Gb9GrF9nKld@y>)0uTz%W+xnVpVvofNm>tyt86>>I1M6!+?6F|^#%Db=ZJuT8c
z0k)EPDkVJI0vnnTr`6(5h(zdhl-H)~ozE=CO{@viR8lyF2e^AzbRb*whE_bW@n~^R
zw3>%!X>nP_K?!(G_r{$ts0D(<(ksGI2wRr+@Xmy=${5lS6SfiDkf!6bg3;WSh?s)C
zF6V>d6?77K&H#v1UiqU#Ju$B&$9GlqR9aXf7#|g%9U4$AKFQIg-s5TpH<xZH?4kxz
z4S|nY+Ypi{o>_o5I@0O2w;#zJ<sc`a_>=8Jio^Y|po)F%J6PW5jB0xCWlsh~oCRDV
z+hw;Wmr?$mpuwC_HW2o`vZrMh38~St0=w`6w;WAa$D=i2av@TgB7`>NV^Di=$m-6J
zRfkW*R@)EX5Tw~E*w52`$H%7^^1ZxoXpcr~K0QB4na$*qgNTVbj^k&G(j>0gyZM;o
z8(|-b`R)Y<2*lKhT3eypVK|XX^~Tb2>fLo*X<%mCi9TK}SZ2wepFB3~JZAO0DG*%n
zL&Z3&@Z$6A*K8c0tnrrqiOoGR`0oAzGn@TLWaYl=j2WRxl5Hb3NqDZx23-QcJw`jN
zZ#m|@Kzpyt!u!U2K1#i8!4sc?68I9Kw0wkf*;<HU&ryCSGMZ!bmKUf!G;LPiSg%V)
z3{W{ljjTZA{oXHE5M8Eb7$Dwq{!H`jX{%m92QfTtW@9GGhzx<=IAvn?N%tG#*K*Wn
zTplB0FKX-4Z?O6Ma1IQ0t&q_R$dxi0_lsN)Z>0DT!j_;Sj#sxKLF&S@<ox08Svue1
zt38O?M_b-JqN<dSpzlXl3B^tb*nie~Ni?yxG(`~3gKSxbB2;THY1f&}aF*QNfQfpB
znE;f4P8vyu;0E+FY)$j)kf#knp?u+TFnEnADK|^f>CuFY=}ID2-JoIKeOc>;HA(@e
zYB-E))rY}dtkWA&TB{0Z!896_ZQT?Fb_@7g+;X~|%-M12RpqxtwB}Qk{YtgnJB{(C
z1uK{oCi&;cw#R<y$-%lm1E){kSr+AV`y3l77<&f1J1E7S=}3U+@yuLa<%EVMJl%%6
zC7WR_ps=g&_2l8HZLciSG5;QOoR|=f3qc*HR!69{3td+1sYMKuXW0Ehy!;J`{K9yU
z?S{ydYzw@yL=Lj}OltYS?W%U*Xc3pc0E{xU<E^dkmTqq-6f)(Zq~Dgn#~6(bI|D-@
zxxl6}sK-;<rk~Ibx!;Fij0@zlce|oyG_DBOqcRL;>$C9U;QXo}t@?f5wViGzGr{m4
zhVPZfqAJ7Y=5)9QulAv%;DU$Qd$!zdzAXo87THf^1sAtb->~CfMPU-bxTuj#V^)G}
zA=iksPcMDm-Bd0>zw10Pb8+p{AM%u`)}7V(I!&Z@<d3^|>Jh{Hodo?l?fZsU`gN);
z2s7<{xQ-gV172Q7g}zR(FIGyrFmn@uJ~WktVTLaM6YDUc!4Icna)8v`{yxB<tWA@F
zPYOScb)92qCySbAHYQwT1BGXJqlYsUb6`*&bT`cD`q7Xxg;kvIWtS=H8PFcBO1EU=
z=|czE7$JQwK}pa2!74kUkAN?AxBya{(ayB=`>+g%g*C*$2p%pFNvO~#xq094Rw2`8
z#GXckvL`I%-9fLGmg{D1r3z|tLUx_fJ2t|gsyl&HnZ&MS2JQ7CC&~<^r1MsOK4TT-
zn=15(NByrXMUvkv%v*ds?1ztp@KEiXFIW%`8t3l9=;m2V$}H7O88nGoZAXAX55m`4
zv<Or&59l1Yp>=|vO2ONXyyUO~Bw>Oy9~ZeeaYJ2%3`)zuZqh61`4~DE@Og)um`<$*
zxCCh1UM)nAP@`_L71>Z>@LV!V8d8K{{cx8V3htX$3e^Y65}VZ;uxUzA#U~sM=%8Z1
zG$i3!qI?BN2%8~(&Y6-oh&**%?<O{zqMAu1bf8ijkul&PUNAWIz9+yFzq~=eZd)_6
zVtGdbeca3K>Y<%0RT@+a9?_27I_orb#p8?XyI`(VGL2oIVo_k-(6_h;|MjT6sMv1n
zd_j432e~9zRk}xLNvHSKtu^ij+#F}xe?7q;ZM8*Jt`YlDmB<Z&^Oi?(+0A(XnFh{s
z1==#n%8K~%1y3~A6E5a_=Nj(3LMZ1&n$MAE3cgy+NCT0<^37GPN4LE<_r&VJ=hKg1
z(dWLynmRTyk|R5v%5@LOxA_d0gLA19t-jbcKx5ko9grtlixt%v-q4+0jtTI+(}S(E
zH`)B!cI>pQ1K!{r(fyED_l;ne8;TsFsY!@rCG~Pc%CWgp@rLm+`+*DvSo_Rq1^?&>
z4M-9zYK1(Mt*w^e(#l(chh&3+u}BDZq^VY20!ZsKzsNNcILO6=TlLm=PQ5J^3Is~m
zMLWEQ1Q>m6<_;&e{DFomf1Uh}l$<=~r?xa17x`7c5uk1ZA4l9u2c`W8=KR|u%a2<(
z66uvgnNL=z-}z`puclD#22Fd<ZIKe`*gc;3C(tZ5wm8zVlhX(*UJM3Tk%w8Ycu%~?
zPjkMNQ;KByF#<kr@wVKKzd@?9WnROO2~zDzO=$0n+EbpWHwBR9i=!OpB%O8O*P^EG
z{QUaErFKQOd7(YREqp3!c`b!WP?2aU<co<g_4~VB-eUXByD%}Rt*2XZ0Ydk8lQ2w_
zUK%P_ENE-t;JWoK6H(~JK^uEmovyN;OV~lL5m=yYSdzJN4(K<7eTXt0{OK7hIU_0N
z9w?E}Vm2v1xD?iQr?gNRUZ*R^{8`GWJ_SNx`LPY!KD4WBsyasyA9R=Php*1Q!cna8
ztwii`KDntVa#*R$FkR~z<{YLCv`f)lPwl*L4?~sS{gh-vkqj6dt9d!6YG`!02-Qs`
z>HF=D#TLSOBPU@LJ5Y99J8WW+?M)wd9ZRknJ3i%!I|oRYH?WZ93eIWp%<aYEy&$lC
zNP?S_=^d<SaFF^6(LCKjNLT{Sanz-2g^SaS;vrjuRP}@PYcpbvkvgm}ljW=<Z{8k{
z4nPo1j-+#bY>4&tHmvfg_5;n^mIa8$iFVd^v&axfJGrZO=fRgS4y4FGzEeuJAJDF5
zBf?DklS`KTM6Uo7!#WJ`!gRib9_sa!V#vobaK9n%0nIKM2{0l$QtiX=$Z9y<9hpL^
zuZDc>WnNpAaWdq&EQXG|s6p;*%XAXA|DHq{efd)@U^7p;!7ZGvR6?&|iq3v=L^&LF
z*O<`qXW%GcvD$I1;aj|Qfj(jz;{Bv&SJB#1Yr2uSDav${of+71(rSI{YV^dtO$ZOd
z#mx>Y0#h-qs_9Hy?w8S7!pDB0A;{A+l5f}%0+uOmo4fKYsq7b0;oyvp?Rv4#P3w3&
zhcb5-OU8D3aM~}40jSH#!!i2t>=x8KXqAjieV_R|u2*Wx1r8n+Iq2!%mg(iZxu}Fx
z?R+|iG_|p}VS9W$ljI-Fz_=Jx)msXsw^rwmkvLcvw}%KtkU3oHumn=-t&1GR+DoX{
z`>dc94|wk}36xveZrjsHc)t%>nBY8f?H<01%G#rdpUWm%0L=^NNia!=KHcFT=%M#n
zeP817%zRFrMM!E$2oP`IhHEZr`@Y4v^TvRaWR0q+oZv7fUB9&3c<y1Xo<1DV5eRv@
zPO+<Yut<9ZX3@2FEO)yqHX8vqY=?70dPsw~6#TjmnJcMd!?`tT-O+${>}X;uKfp`8
z!JfSEIT%{=F@sI!gp>5}AGXa9hje<^2_Ji03McRgu|ocR&u5BO*M{P<AX<Sxb+nYs
z?I&J;TqTTu2{Cjd&|ljvT{@yjy{x={lmaeQ`z@S|I3E(JiqM^!+zOHe?kfHpc`nL>
zMvnHy&C0UY0xU9fzdMQPm)DKbTxzf)Zds0pN^icQDAD~)wVH<1tWI^yERJJM8F231
z!OvaTviD@Fko=}?0RMLa`SLKLh(6$kHebjgpHE~MJ$zgRyxbF3k07hxuZ09nUo0hp
zCY|Nh9Z%o*+q<tGZJ&;+F!F;z@Mh>kIT189Ss7l4I^FVc#v&eTjpmXxsb!#8x<TGo
zdpS~e<Vov(l8oO&VsL{Lj%+&ym(N-K$=iVKJME*QzX~K4{QB+|R>+&#ig9M_TF!Kr
z<1IvGhMvOLi!iUx-n8vaNT<7IPCRoBNfINar=oWQ>Q6ruPPZZIcE~spspQf4_hB&4
z<;`$64MR*Tn2rx;aZ%fi)VZpOjC}FUyW1-Sr!P75c(gCS4#+pMM{C0s39n|2W2dHQ
zlhL&hiqiSpu)G_9(Iv4Gquotpk<PJ^bHn{4s!FMq2U~d0bhY2AVObR&t=RJHuq~2D
zEzi5T&+Y|uKR)D66EmXIQJ>&n<aLAUo>@76)?cwATWXsS@ae_lU@F%NxfpiCzdRgh
z2y4;VEe8vNc0$wmiN+@M%>B@%+(Pd-{Sa^_40B$vCcDtHvgM`bcrgyTz!7j~g<Rng
zsaXnspF=yADJFoYySh>?K#C0Pi{D8#0LXzYw=3nV@^~KDQ+^{YCqZrwADZlo!sX{k
z#mM7n>FOw0-bN~%X6xf_iAhM4-7MMIi}!;S+`>C=TfM%k8AuE0y}IXrUZJ-#p>AR%
zI{plfto=<56RWzm)Fn+hn`UweZVIcz8f4;oFF(agbI0yfjGgTPYray|J(;ga1i18h
zJz?5J+ZkrZSw;^X_I6P(nFdqp7k)Cm<^7Pq12>~EO_I;lZ=$hxfVd?oRQrLkczcd#
zn$;9Gjc2V-HbVu=$EV|>IU{am?x{eDOFX!`d!!tk-!LNseOmP6Q4s<B0M?t06F*(a
zcl)qbP9K9C7#pjn#&c~=zp}!b0HJc+NmvQgwi@1PWit<oduC{NBzdf2gOv<`qTkYu
z5ZNHU>hWt-y+l9@jwl&B`)gK!fJa=5!3vKwA{OE24R><z_bXgCKhJ7++#6-B`2zQp
z(|^92@<xeExtP9~fH`6@1E*QGp^X&ep3{j6?GIcjVPUVi{cg6EVDZ+uAAACOeHX9U
zeweu0*DAJZ&|<d}CY0aQytSJM2Obg7ua{Ih<~7EDlnroShtZ6Vd{mcxh&#A6Nw7|U
zecdc5BHf96V(dg1Vf$D#6Y>NR15^o*o5IYws-r!bpqlA9_4l`0piddGqpuH7oGL0T
z|MUsIzP?!r#&?f^{yMO715Qioh!GmsW`lZg)W1qH=uOLgV_bl#o2rFk@Q)WoMFSuB
zUk(?;JYtQB?OGxhP=7DRA}!fY5UgonQ14(7>HoP6{O}*IsXB~*Z_w7i{OdIpAo(A!
zssH)PwcjrRde=S1!9n5~SQx8$LMTV*uNQw`Rx$G#Ntt=2)D=H{B8yx72*mvUI#?K-
z`+(P9f0zH-XSCbY&?kMZ*BZY{9nprimR1Ws3n?AhS68p!|J!_PErzZrhFbq)V{;|f
z;vX*mm-F*KFDWpCmv&P^e7R}>I+0pDgh9n+A3(84H4TuZ9F>EH_S^j=;$ZNnEy2>k
zbdE{0mlXG|qL+r(cVYmi9?n7$iIV9w-$|bG3iY8QgdcHEp<)&wq%az>!nEv<|4>9_
z#mnZBI{sJtJ~in*jw=)uG(OH6kB>Xt_62G{#uXyA5nc-?>^!}z{mEh?5hhv8ix?|f
zUdyRAB1ON#wP&2X6*omDUhu=1-J55q`;-KB1=n8}!LJ1@yv2im<>=M5KOXnfh<ax#
z53Kw%UYYO0XGi_ZYzvyzqE+Si<zmMRT`7+eOrjUJ_YcTg2h8!*))rOx&Cy{EbvtJ!
zQQ56nr+x93ch<rPJ>z^-UrLE;A6G~bjJ2^CjwJsKI<y=b?GF7`0H`g`2D8J#+~{WI
zZNh_*08!bVM{Y}elP#RSz?0v}%n1d5S7+W=Ts$PFgqh%wthrNS2@dccH7ygBusEx{
zv0msOB^+s5j-k4Z@=2%{J!7@6f?B^bT<>vXvP4`!CSSWmA}Q2@h2gyf+R>bN3sOj?
znSn?pnctYP1h_s;Guq!Fh2oQc8@-?wMK=G;gr9w)I_PRCz4|cZ%9RQLQI_N6WU4W5
zUiH)!#2+}0Qz_~LvP<03_?sWbiyXCGu87)56&%;<24}eS^3G1v<Kiy|z#s9hH(Oj2
z6)r~^-0n7?n#wPsazm~D3_L^+Z%Z;4Et)l63+stM<nh!J69Md3&J*NunHlUGnVksm
z5hja0b{VMY&24p_iTC|FKr;x@gzd}yuQ6cwI><R=M~)LWsajQKo9?+YZF9clX9xH<
zOqW?ApVFvAH`Fb1r01lb)%YVQVfjFd!u340oDv%RzRrDYyNfL};MA~R*`CR}iwD3i
zI9HmVm=%;ydTO6jcsa9)9Ubx|#uOenqcs>!%6#(;{Q^m?8Pw5aUo7*amL>-fNGj%-
zFYu?+Y}S?Qu^ISnIZz!ahZY?s91mq;rL+b|YntI^tP1}QZ$Omr%7~G4P~cE2b&8r|
z=6v9OQ>!tg7%+LHUpM62$%)RuU_mk8R;N}W?1`*<BH&qBYOU8n$FY*7>4Yfur7lF_
zn%U0HinCeBCUxa5OwF`o#I1St-Q4ZO@!rU7xhbQln!4!HJ>$fN3e#32PQwzmM~#s7
zh6le#EwbUPpSiw3%dGA9BOqb>SX;=XB5dxOul7&Ienl$TPyRf(-0$BYXX%(F2(bbD
zv}YVu6I3{&ByFrVPvw(6?`AlUEm)3|jm%+htb4uwCgqLz-iZqO?wr)iXb#1G@KFKC
z(_(I!c?~;O%y&my3FK~<uD!D+TP|d9Q7jfVf2lO~S~}{7nX)1Z-Vx7*t3l}(gZ@g-
z!AnZ5Jr8q+6xvDH-nYjH^3zu2>NxZS#eor<)~hC{>d;Epl0d3*nZTO@TKYCvz(Apv
z3DXF`8zmQ|Q>#1ajoju7n^|hDOdNJ3y&@ZIO9WHF)r6-Bvf%fxnLGZtlVeb+0zc?H
zugt}NTwm`ouHw9@EO=zUaYeE_kT@GfF*~Gm-4SJ{bj%D)W9!<B#l>Ma{Q*1CxyS0&
zlq5DA<ojh2v|4sadbk|rqe}jUlr)wPHpMe!U6*9%2c|Ag{kH8e9U=t&;>fHBB$xd+
z;-3$WXB&BCOdcSc?%_qLu)KptH=J~uTSF{`kOfzH$Kl4}m7n3(wue<ko3h<!oY!WW
z1KL|@0Nsrs8j8Pbf;6T2BDQ=5yvCCXZ~AQy2PGpTy2DSv2KYF~h*A47PkrlyCTsi!
zdn;jl7pWt0wkC*?v&K7x-2Z$i3h^g4y-dK8j_h=r+r$31YrnX3-4m~>=N`0>RrbXt
zXM!Rl;?12gZ)Yb>L|(_TRevYgn$_6LV>Kk6xi~HR3$lyU-4Q!6K9iWYIr%DRjbVm5
zcradq;21us6!0t`qM8>q-FSz?Wcic2$ER3s?Wk{|FthBoTo&h<AsU0kfBU~>w=qU3
zGwt~6b0Toi+<3$=5am17EXOtY$=C7?UfwPZrq#y0xIW786A<_A=;xk4-6PT^huCvO
zb+^xgsRzpNGVZD%$*PW|Vph%>()yOT1Jxd$S%%)EZ%w3~>F!eg&^*O2+8OD3&5zSH
z?Y{f4>c05poVkack@rp67o?5Gm_hX@@h^UXju92Cd(POP2W2XhD-{sykQ-C9v6&fN
z?ow2FxDFxP@5LF(&`BsQM<}w%9EuK#c-=^Jw$?}?s#5=1x$pn0IsR|lFZ_S9ueFag
zLa%1OO6iZcp*;p_{k!Ua+`3TXB2Ux+pZxrdi~bm~fVzPAC+nAc<|*cXa%*e+$JNW4
z`rky{ojL!ydZEVsClUAm{>m8lj38d-5ZC?1o~n&)wh>y>p05ovg(6{P*BecTDqLKQ
z*6*HL_}!q(`p9iDN0zVQO)IKc{^TPUUrUe0osoQv#dmXN$_tt;yYxL=Y)LvS(kLc9
zwtVK^Q@s0IF+-lJ<Hrw8TU=)q%ETHo;V3Lk+}mfG&{Tz&5x`5NN_~+64<5Uj@C`Or
z<%v{7`0%iE*?6rfY$Cg<=!VSA*?#6%<`GpPES~Px;qeAp=KOw4AKc+5DWb^;-4#Nk
zC!Qta#VTk-^~C`dCM457^&TtNqKAZrk%&qf;JIKJ`(;9tzu7y}sUo|&4N~^55kv7J
zELOAmNac~2^Duk#-?{*m`YXIg{2K4z;f$8PaLO3nlOb-ahb?j_HN!<$u7){D1^c;z
z6fOV#G37L!o1aZ<)8K(58l%_c6*2SXk+9vP4pEWvQ^z_sZTWTrCGJh_#^JzAYNw>Y
z%vwFH$-28p4zWxc1Ar+rgX7A7WW9E(wc>h)0T;&@`n}fF$wrAF62GehO=IPF0MP|R
zr6khM(DIfQ<YE#Z=qBwl-Qa8ir*d6oy7bu>lcBm(_@VmGjKk2efPN;N|2%3tC~H@F
zw*iTw9Cn|x3~<$8pX_sfc(r7QW6^pJ@3Jv#t4}x2su%i>=fj62JvI%3clJ=XLcpOo
z2)b(p@^q1VjlCkOqt41c<h8SC%MC2_Egv*FXS%d@oZ3G*uLs&^ALn-mD>S0y4h#NS
zuP+79l{z8_oxIN{^tQ7?w>m@hVN*!HyBWS^k8eHV1=+2OD9@&SFgwY-llX!`t|^oK
ze1RoYUBRg`Z_J>e?jxH7aM3B@dSus$vEqx;7th{0jNI`Ar=V-^?A*&TW%yx-yF96^
zV13?kUAV9=lek4n5)Rf8PWzja{pDxi*!0O3(<t|OH(l0sPdWAT`h?jJ*p0c$7g%Ri
zaLI6$_75)*#DI9Qo%6+ww{P5S(JC!yLL2pAPgdrWT5V-FrPdWA(S;5@qq4Ix9w8wa
z%TYC0!xbpedSQxdaP|m-`93NC6z^!#|Jq;&%VZ7uCV<~YcJv9a@8Eu%>zNJfhuQas
z>K3m{b2t8b*#0F)<h&O5n7$){JRlc`yG;Q6n`482d;xwBR_~p?4m#Qd2B41D$OZx~
z6h%#$+K&e*v@~(#93&HzYorrdX;0YrwPIEFo>v1sEvmKBN(t+VsN_4o#pLcNOsiNP
z3r`J`qexv;)t%&Vt0N|1p7eH$4W{$zLJY4Jz_?(Lcsxkrijv7)$Eg%tqC)jWhJi?P
z!A~}qUwmj$-v^J#$u*H+xiQV|^J+>=XP=bicekZBDZtUg2qW#Ib*{j8Y*i$(&5c5u
zg5|jPWG`+q==8js)S2gJ4*@HjcU4pYj@Pr(9uC&;1!HZD?_Y=jZyvA9un+=k@e-)=
zU}q%1w;pZI7T$ATy7AKy_ROKL4}l>mWTKgW2r}3D#GI7NjxGg_Fm2~4)C<Sc5v1#O
zznj$L1T^CBv(md)T#cPs*7;aZTMu0%(Or;5z@I1;dpEN4_-$&3C^w8i$a@cF89bxP
zegCc237XJ)1qaU0Vyvv(l}`afo;+HcfiaF3w~bc`Ocki$FtbIA{prfIP6yk5Kdw)6
z#Jd`uf$KUZMQ48j$H2gn@1_l1<4w1{YoE%NUSe(nvGOaT$C@~nFmQ^$R{o<E`c`80
zlEc?T{b5z`0A#!mCyq>kbHx5@y{|z%>)PtM$H9Nyt8L&wSVBn*Buq~oBQtlm_YAel
zyD`$lisIb_a{qXs+Q8v&6!XMY;W~Pxj{#%t2PWfv-ue@&(27I8-<J3%#;BKku(`*C
z{3p{gJgbbWU50(q^hepR{Nih%)_)OoFFBO6s&3cb$Bn9xGb8UG^Dk#8;VSdwT`|=E
zSf_e~ddQFo3%hV@a_?ZQTxF65ue?7>L!8Ku-beauhhLdz5S~FT%zGB<;3UNQbT`vB
z@9p{bv!$t{P0@d$d89w`bn?sWIgYqgrO=N~)`J)D$_tMtQfrRuniAiHzq?e_2wFxG
zylsnGHO<afM+A+IO6B0tz_A%4Rl(&rfg>Ovpr`de9AbW!8hKzZ4*THayim4cQ%aUj
zC8epx3YPy5fe?IUk8J3fBYp%kq#6Nl8Xm9Y27W+v^+oJ<4XRf9Klz8+2AM4K>?4_M
zx$Gn)wHS8JEcEtY(cGBu;VhL=I3Kgj@x(ulD^BMod3xzO_LP0&v|n(@RbN8k{ZKE1
zq=)4(I2$d~v{;#$*z>2)O<{ch)RmA;8)#?EG%J$#x98KO?|Tz#%Be7}zP%ph6mk@G
zN>d-)x>+wz%yy_<Y<knf4H*~d;amq}hpq`Wx5$px7UBaOX#6v=&$|Y3Z~YK+72@%l
z{<L1#5U~1)in1AZ)hi1x7_Xc4EeD1bvZB_qyDj3z;MG+k3IA9nTo}g>F=+^f$iru*
zNVrR6g43=OoWwQZ?i%4s1HV-3e%=D6VY&Uhzf|Q)f7VtlqqX__g4gtdcpFF-@{cDO
z>iK(XtDV=FgU=+1DLvzDJU%o-7P(>r6}PzI?sji&cj)v%?FJP;*Kp<hl3Z>wmGV3O
zv3<OgAQJzJS?(4meL__ybTs)8c0x6|%H1ujFmDAON0f~>ITG=Ni~Zwur3}O+FTvR+
z)n^=SQgiK=3w-%J?}FYNX6-tjg6S)8pGlQkP$V!(-r1?qDV-3Auk;JX_tY@DKeD!*
z0X+rn`DP!V93L^qz4J~=JX`6LHnXgg&zY*u{%o+a<>ceRXF>bcGkinTgzLe4SBy!q
z^ni}pC<M1n<w9*LI!2Z`)+bHTd2lfp>I5yt!^x!Bt`cRmoc$?svnd#Mvgu4EMly@Q
z?UPkCgtxWAsU^b9cL%lK#!Z(6XK32%Ablp&ZKJB2TCB0D?F-ko0i=9PsgOONzqHgb
zcyxizCbs{GBtl437e<Fc%L}H<_L&+_>LFDIsfFL)zL7_vxf|N=f|WPlW#H+u*Z`I#
zIJ=I1Fzt>l%I#!h*~JS-#AKAr2AY<gAV&lr|6qnVU9s6h!-^A;CB!ExA)6p!<e>4$
zh}h9!Rh~74b;27@(>3CB<1<#MwuGA>G3pflc(sD?`$_J<J4kp`UtH&(bLIMxdrh|n
z$IC5Hx9TD|D5KHa^0c_E#vIi42kS<+@<oEs+YHO%QqDXFp(3ND4k&s0u#jzoY%HLp
zHZVsB$)(|5^?tn(Q!fug<Ez$+st$?nKt8&=dvywW+CCP|j*C>Sza#KYdEsqWBP*eS
zkx|qUV>_$0fl*Y<QF#Rvi?_Qv`-S79MC1gEIN#4OHru$0G35wu`D5&~lD*D7yLCGQ
z8yg_2>5T!ZT=5$%u0UUv9G6LJGrjJ^Z(nF;a&lMZs9xVCN*eUpNajV4caqDIH$TMp
z*laZKk#K|<mXhf@0SvT|NwLJtmMqLA#d|^G6Y)RaI?ppAKvoa@J%Z}UMyYxYRng*z
z*#R7r@$5vLjaWk0+AMNq5)VD4WE1@W9Df%fkpA4WcPthdU~)+?8O!Z~9SAol^&Ec*
z57b%eo&uFoMNBo?So&8Oy`3sSklw#PJ&?s^Jy9k)VPU92{gTHO@}e=AlohMnpp-rn
z<tWEd2r2CH+~1T&!L*-*LEs<@A=FVYQNuFDBr#VT3VpF-!@Ja3?uxEffOu0y?R#wa
z7t#0z>i&;r<tsRiR#f(tg0r&-6*8i!Sl#`vGs)K?4vt>=nx*<5P^3B88o|7AYk$Sx
zku;fA^>6I$fe@tUGKx&-Gk0JuFaT60qz=Q5FkXlCx4)Udjvx3PqT<2NO=Cjj{}`qx
z)1|+^zyI**A0rd+-+3haUm(`v`2u{`Vc5i9bBY@Aw%<`#^wq%D{0%`52)<>&BhOFz
z8-n}4i?09KLuhIrT|e)Vla<d;sI<LJgL@mwZk?+ZB?Vf|?DiITZ5OtV5f0mX%~CkC
zety#U^40S%PA?2S2`YdRkHB0dQ@M=Kh%}0&qKY~D(<@3QV=k946=i2B1|@hRS^ZNs
z+s^lSA0Uk=bRfd}wOK^RiZt~Lr_4TPl_H;Rk9*HFY5dugM7%^M1+A_V0D*nsx-0U4
zO{2&8Y7EL5w{Cq|#H|ptN}Q=q>_fx7mnr6ZqYwH{7sw;dC9V@Ys?A5vZGA0e#~Byr
z>R-9nJ_wcR`xsyxwW|zhXZt?fjTnlC>Fy>q?s5ZA7548?YB$O6e>nNt1ow=Rc8+#q
z{^>nVkxC7aZI&`PT5A4nehs+j@zO{qus(QI?CmYkBC;Z5ZaiPeCOv<%(?t$jKCfa>
z>3mG!Fip@lu|$i0cqIF2LCo3qvbl;%ceBc)?(;CDo4txYkw)}=7$t$3OC#-&_G3zR
ziGE%4)RWXw+{8TTlPv%4m>+-CjfUs}e3aBp|Ki!<#Ntf)8w+-Z4oeeR_XRBnLK~A2
z?7#FWoq`a0h$vcbnXEPWH+G1(88>3)4<F2ljS4UN2AmG+PvG43*lATB2fz0SeLY{N
zq?3glBy)IjkJpQ#l|Ph{sF#1v<@u&E>~CtaphGLD$i;BoL(u6Zao@K=md)*{sOLaT
zo+(7;@qdTgK4eLRcxhjiE&@&2+`t$mzE($9A5Rsa7i4_-qhvenF>fs>0OJ(X$3N1a
zlD5tu-WU&=(+8g_xC}#im^<4V>nHPj%z9>C9VqadGx^JKx3h#qvz}gGZQncgm!qq;
zu=>{=QPLh@Sgvrz*Kein^dOVY)iZ>{Zw2eDiYlI{;Ixzq$nyRSog|!cvNpl)DCG=h
zlvqB;MCNM@<tC-HQSfYt|D$>|g8v_IoM60l5ZUAD4NnT#?CH%-7bhWrQ}(o{>gLw0
z4+$;VVR7)&HD|{+O9(%PXOHm6Xd83Q&*uiDtTYfe<UbErB72ErPO>Mwv{h|8b#B&}
ztAeU_r2a=lw`%MC=HeFNUMb1?8r)UlURJH+0#U|N4b~s%?B7nRB7e4L-Ly!K(8%xj
zM|P!so!@>rdVV8x){m8c(4WNso*A=ud!HT7y?8ejdy@AS>BIrOPAqk9@7Bc7@*-s%
z>H4;Be|EC0ed-^vJUdnCvvYTazW_+<Z^wHmR;M{L#T5D3x*aGFBeATJS*)q^3b@{|
ztzdT2SMaWhT~|ErTt&AO2xuO3o?kq+a-tB3+)ZSN+_Uo&KS6FCH^QD+Y8#%X+Qyk+
zG<ydEE%ZlLxC9pBQqc`MUpRyKN1jC<!YD3WW|*CJS;T&`kln^CEiOfSds5j}JIDxO
z@`d3XG4{ip#0yEx&!eZ%xz-#ZQn08WK2YP|3*~d7vHcP{yPYNH_Qdn-{orN`Y#uZx
zQ<!7NRwj3<c`|zgQahu{=yNVjZ!~S+!m0;Sy=O6EGO~w)gvH8H)=|=Ob?5RQxXw!^
zWQ<aMJ=+_E2PW@@Rgsr$dM`dr?o1|KzGG`*;Cm@<ZP{!$ddVHAgL{292m8<55O4Wu
zo!`GI1pi#3dbG9ou;^|^#1*i;a*L*1P3ve+H?of|)Ap|JsTo1zlo#3VA%!_Zck+ZM
zJ_C_xXCtFb&Y|PN4&kH^HZAvT`~Z2v<<k01fkZ7Ozpg>iM+9coXE&8pwM0J&ioU$@
z@+<QpMGk!OhSrhfHTw@*Z5F7CZ&rFB()g<o*iQ>*zUOCEa?bGveFSZGj#x74snUx|
zw+5mlfjc(!qSKyipE(||=o^rJAd)qxG`^N%Pvh=Bc3oiF8{8mb1?qwm+nvoU|A{q^
z9N9V+vf+wda@}ZX-Yl|VlAahurhR=|B-r?d?DfLX_3vrk=1ISuOs`cI$eR|C1ugaI
zrf1;w{`S8>zp=k3m;cw$PkR*hnOFKBd)rHH_M`GxV;rz}=Oy~0I!&*jkM@DUL8GJt
zO-6(IUxOLPctcba)7kArJIZ-9<~wb!2Fa&;_s$pj1?xX`P&N&HG4o!*9eZ~gBD2X$
zkMKt=<2VeJ+<#v5+hpEEVwGte6YP#b_@EZA=38g%i19}`a;=p6z8;k<_L%squKkKn
zNYZ&~W<ny;v^%yF)M9LDY)Dz8`uCjj{Iossf>@mhGSFB#AR->{B%tH4Tm~dN?q05`
zW>okW*FsZ#0xcdX7X{CD+NMc5O`D7{G2P$O(e^%^=RKA69Nu#L2bKy2?m4gcU5)uN
zT0UH<563`Z_!dY8!+;H86C7%t5{(Ql`U?M!=zRY^k^#y^>&}$oQyL;ysaPEfs@>f|
zMl3Eg9n~z;gC_qSJ>12hzC&gMUkB-sH)F5CQ|C;=t<iNo0}F5doGGXGzLWl=ZR{|o
zvRiX_%tNTndoJ{*U=;agxLW(y=4SQ^Qpk?(LY!C13=g~%4C)_H)s85RkL07?cVo8r
z9ui7<7}J<eNVm0>H*Tn~CO4S#Oq5u>A-ezZN0jx)>_~jA_<dXO=MDU8LZ42zO2j^e
zvzhD4i#H_TK(QSUuq?eFW)=B4xA>Zp9(jL>B~r~O5-F;x#1@BdCR>Y~;e3z~K_D}6
zSt_Sg5Xxz;kGDPyvl4LDwf>&>rq!kn68EP76JTB2$Dt{v=RUfPk|*#sYkLY7*$?*B
z$3k$W&?0`WfFMY#7n{Xs6`ws`M%P5=Pi(bKvk25qnCH9JVlj^|PThm$bJn)Dpi~tZ
z9Y@g9r2qi!fa9>ESyZ<0K_eZ`cTIMW>V@USWg+-WXOHN4;3sA&s~s{^poS#Cn}2bs
zN@}>tor>5l;lL!f;$de`D(E^-vQ^zUzH$QZ|BP4vnLF7i)MUDT66f2mFW4BdBaP_v
zE1QewIj~XfIeUCv<E;stYJ4gX;5<hwp&~epe}Ri)&y9?T70ngHF?Uhvo&jS<F1Kyv
z$;feJK5I5U<V^K-Jfljq-<NuTf5s-v?;PZB_p4uFyb&jNLADSh7l5o7(Y`K7;R&$z
z87CVoZT|YlSir{!p#X4vCYut#?Ss+rRz<tVH0jhi)51bIohq~mzlYcgzrN?hZbeo6
z!Tqx)4Ouz*)S6bRNs7pq$Ccux#7_pO$OvsxvgB+$z9~sERw^(4I5_J%EB$jnQh3o%
z#O^05zAe-94^BQka_aIQG^w4prQiE($tVm;u}cHvA{^Qx1V86uWAa?(8d_KP{{vyV
zlyR2zBF@?JQRTmfzZap_EI@T!QpOHTNxEg}<8>S#<SP!9$rS>r`Dlpt)j8jxp`d&!
z2twSIqX;cnDJEHl^Yf=n^$Yoes5Ztp`8H`OE?}EJ|G?gpzVQnq17qutS$nz_>`xO(
zCMoy^U^qmI&08L#yxcyonL5r5UPNa-o)RU1$xW+|e`NFt9w6O{!hFbX7SA~%0WKB!
zqA@}tCXzUL3aSgb;|?X>sDpFD$Wvs(*I3hNDs(Uu7en^AGr=1`2Bh9JHP$kKKYKty
zK`9h|QAiXs{AoU6@g@2-uKQOJC;9Ta7u%7qDP8IFLhs8q%#CugqP@WS6!oQsM(N4c
z7jawS`PQ97i|s&u>R}P3Luz4wAsDE80hh-%08+oZ3*#gBEKbfx>YLR#!@QBl=k!TL
zz8hvXXd+$SIJE4=S0EIi$2~FI3LqcDHOyCSzj=@951W&8wcd_&T#WO=wsImZkT>OP
z%x%q`!bzBryhuDW&!-B7LHj)}gHZMF90~g_0Psr?eB90%)No3UGDbS&7ok$GM)c-k
z%l=wQ)q_hsl=#%n+E9Hs$CH#C>kxq0TAF8<1DK?Pz)|fi)9$RegCjGHcY^UjQ7w5Z
z%stuGFJ|V$TJP;TfyL~2sO}bJvZ|iRTk_zL>x{Y)nUwwMi3q_yZ6pt!GQ!%?(jpM-
zFE|DB)9v{WIQ89)W&I1>bmDUp7`UlBySw$~`2rD;|AkZ5s7wzVj0Cu^oIIKiOqMYI
z9n$~bTrmBYd#?4^6=f;_F!^8Pry<w!mgPMN^v~_uCyh?v7?t3X)c-3cB3>*{T0mL(
z=mMcYfa3(aA-a$!7zy|%A<9cFSrjM?=n;so<-tdEjx`r_PW#rWzG=H&l<=t-fu5`}
z@AK^>cHhxYg2BP<nLF;>h<VBhMS$WZmdke5<N=f{m6hnJM$0@axL{y9)SU>g?*ae!
ze#G#<UQ^_md|h-;bQydcnqHf`429uu`FIz1HKCgLv|HlhnB<>@`I`<@mVVEIV#3y4
z&l_goVzaus14gfb7{ssN-W5c4{`j84a<y3UG+Cf7Yk$c7(XsU+>dSDzTZ<!YMzz}O
zgA#`$m;KzhZPT=eP1C!1CetcWgxxHe6rLjC)(2J>tw?wV;~^q*JlCXB=PfZqdS{6x
zZhNIhnPyfKK%$fcpd0?F1W3$xCT(I}%vf3V7z4h4KdV7_{TZ<B#y9rB@7`dPNAY7f
z!y%=ia3kczBqa&*^{HeqFga(X$M`kA%-b35nTEPn)3pln`?X-*b14s{jhQrMs35fJ
zZ?cZf0!9(agYH^avCV}XSlI*7(XH2fe5~8y_boh<0#8*^7upu-m?HvNaIG5s<;abR
zp^3#W%Z}9$E-l4|1HjS!tzfomKN@B-+|tnd3w-aYost>WhjOvKf$rU|E%VFyfhQ#p
z1un_cW!Z^nk*u8i(#713TJs}pNdQo)gn*##7pb28MeAu;3xx;U$XLeV^j~Epg3L<T
ztGmCMR;UN@oLwK;PdbWIDpgAc?Uv#<-0u}ksc#XD%HU(U<^3oHPKDotGn4sNyJ{$4
z?er1pwZ2cn9)0u(!S!f8cHU-4wC9wVX}K$C@W&%a_$`>wB`#sL2C?}I#krD;v-<Hy
z+TrBs3cqN^!t<k-&!>c~>U{$O69N<;rc%xNbQ#7YnzgDq-Lcf`3VqX>#Jh4)RMIPM
zj0U1r_Ij8x2==(m#qOx626x~s(!xsdT>R%lh;y7nw8mG|x$jiKfA!d3FN+@Z^6*4d
zAhxsuAf)g4e1NR&l-dc3JQM0$5q=7Wl*|WqEx%xT#0MrYD=_e1RVR~nn}|NLcF8&m
z3!A20)ikU24{|%BBbHTE*kByON020SbZGWVNviavN4w=v94XseV>XcICFEe9JW9f)
z5Ra}-p1If$qdMO?{wBeSD=$9Rj<;;Rbp#%0=*PjMxtIFJ-c(VE|D0+oZ|?p%KxOR?
zn%VxnlCy(J`%Dts<Jh(hpm=;SEokySP}HV31K{pLvm0m}B)gxkuJ0CIy{5k;a87xZ
z!Yy$F9fQEur+pb&>V6a;D)T6S_?p1{O%RCy5SZY9Z34`gY?DvlP}TCSgD{9Hm=pod
zT+njwUQr`cTeOB*09T>im(7y>dXjIyApoIovyE3;=$!S1w}yt~Qb9R7+8z?WI7ojl
zNzld5nFdeHayaIFxf&A8>T)ZcsM462*|<_75b`xkpxHgFdonqjGHdDlzDhnWya3M`
zWXm0$Shnx}Qs{W!U?2|v?WV4q?<`iUrM30Btc`YJ?jxi&P{DDE=OPssAm|rLAfYhK
zbpu^pa9vHx>NNZf(Sk>iUnVXS=1E#1_2_-8H_O%IE@8uQ%E%;1Z#dpk3CFQo1}ZQ$
zy-t=`P5~&vUt)j2Cw<v@(LDL63WQcMFY)hb&eFX)BxwFU_1aVTeKx<);odDEx>Bn=
zbg@cT@|uZ%`4TDBn6@t}VpH{7t@PjYT?Y1^s`q$n<FkxwQ$0Kw9?qrFffUl?<Kvmt
z^FoACezoTL*43?a@<M;l>G@7O4BvHYW+Ah?EU7hf<@SP159U`DFzkqUjmOQ%RP<p)
zJjY=w4}<;G%Zr}S0VUP-&N7j~-*r~s1CVH2KEFS+vL5B!3#{)7Gq%5zSXmKvqoVz*
zi$A=dY~@r=M!=&aC;9+~OAp*p|M)ylLai+Nw+XalB37CE65;N$`ucB%4K$tYYj1uv
z-d0bPMq47_wp|q)(RG&D14T{UeEWhPl|#9m!lj+xdf6w9z;joE!t$FEs;<|ym~#C@
zwCAK{-N~7%@_5s@F8OlT6A4`CsZj>}rN+ZI5N>?1q)SDUj8NdB`Vu>+Z1<LRt-qL-
zb#;8_srh71J~rUhl)RS5&pj8CK!gKy+Z<K(vPBmU>GXUlVYNE&*A()vCCBRS={_wX
zUJi|`^pi#aT=V78YX6U*&PoOCAF0_}bKAI4h^|#I0`9dg%1pyg5zTKe=j*mUUwvjq
zm?Hp(FI$r1gSk|gp#tJ!tLNRsV|g&jG;;G7JgC8HxOx2Q;A4Fh=l-HDSscyeOMj<t
ze7WR8X#D89Gi`9t>qNe~>e<nn3|By3oWHt)O|+^iQ1j7z$1+<sPCv3#8Y&n`DIlG+
zEjyOo7mRUtX>ZcDO7N@E{8PP-ezA8{3=8t9ir*(}gxUSG40xrVWlHA0rq6l}VK_uc
zQXnKrvnP=xu?P(<XqAlG`$s417kVszdD`%H-#_29vUf=N8er54XyH?(ZYEZagG@7B
z%Xp7D^dwhC$7)cvB#pc>{W;?fw%TpER;}qSoH>ZVX3Dtqz@kpH<UK)TLXqacHq~>U
z=4Wa~!&yj0`eSZB&Q%kx`YOm@6nZMq%(21bGINwniMo<5&2>8OfdrbI=Nri-5;E*D
zF%5dL#=j7n($5rjvf3XKeMrjg(1cTqTagpS^Us$bSh(_c->53ufFuV=4Q{BNbs4xH
z>=rbp5oCOOaXV7uRU(#E%cKd@%HpOjVs)2j;pV-}Zcw?1QH{^=7HhUaVdnoqaR&y5
zKPmA^Q1KT%V4T8RLAcATC92h8?beP387Cs!S7gT93ooMt63ZRDTU;jl$e>1=?hg_l
zs!h~YE?Tt9gf(3YY9h+$O>6t79|3IVahvppQ`GpE8^>?1TnbAvArU3K3RfzN5=#^F
ze7u_#Dce3Ya;S?T6DhffODml@QWvtr{+VS)MT$%yTSh@zWF-~<3^v2o*}-cnP1hBa
zYB*Mdh6_8pg`0c5acp?EQ<<wm3kA8TX%lu}sxpQBgfyypm5poq{314e+6CS4VDG5)
zh%P<BOG|7@;=WSEjAE2qAJ&pQsb532&Yjc~3%|m($<<`35wYe%75vBu^e@&|Sz~s2
z>*ZRDWhT!W_$Jxczod$r#sTHRg}x(52-;MemH{LwO_rwZuJT_8LYvRtOm{b`nrDiM
zS+KFNYcIDqatkkVaDpgZ4+@sH6E&w48A&1UUDo84lI66dBkKWqy{(<j5y6w|KCe<p
zy(Zyz9Mj)gtWBb(|6Ft^`ADs0EQ{hOsn<TxyzSCu>&j(|x_>Mq1a3ZZFE60bi}JX7
zO-?E)7Jj)xJW7Q?zPV;d>1uPC6#`?IH99qs;--&Kv)Q+ylVIGja+->IfL<YY(Rpva
z(l`#Ok=$}$=BbHPWX?jt=9ZSKQyU2sF4*&nYp_*>n9Y6!g}s9rlOk>OC477<V~*#`
z!^!9wt!WHgW-}yczZu01Q_Hbcisw9!W#wjH?oS^k;`$J$@>J#eY(l`;4yNTzjiknH
z2bygr_e%1_YE<$T{043T8P5;LLOGb?EyHqCg)7Q4J=1YP<5g=5^@-MG>LL|=3{^Gr
z2+cC)5Cwm9Q1US2&;+dTqetZH6DRXeiX1fKLXBl|Nx98M#@FpGYq>?617}dbXwEmd
zK9r4Jqn4ABl1eC<=(cEeOP#b=Yao{+<enyd^=^4Ba-vRh-CK+oRe<xx#0HQG(~{+v
z5%I*|76HuAH{P1-2Us=XGj_G1?4SDEb=ki^z`nvW{a&2^>pni$2ja@)MalkY_ASkU
ztqbUvNozX${vCplJFy$}ch8<(lf}v+9v&WsH7z#iEZOVn5fKp?i;EhezqtnM=gOO)
zjvG+QB@w1E`b*=g-ak6J9OJJo`)~LVbDocXCDqWtfQo}7PWHFW^n86!%dUURrf+1V
zOlrn7KG!(bpHNOtF8wtFs;`ev@1C8_r$3S%-rC-#VPR2t<;D<?wO@LW)8#Us011}l
zuRQvOhGG_ul&ejq`pr^m&M&v&{!ECk!4rFQ7Yia*kaE8p`tO50{cS@N?$v8=^43%!
zTz?OSC-do*LlVGpgZ1&V4#V$-3MNSc_%lOZKOSXy=P!??_fHqUV18zvXc>1WJf1d!
zZ9c^NRVBZZ86M%Oe8!=hSYkfTdi%1uCxo_Uc#)nz2<K!p_aZsch2?1fA-1gBNFDg1
z92vhhHVju=<Q#0_;^dGxIHASFVszkz<hUE<p88gXHYFpG?|4iBvMll`$ShAi@TEyG
zMf*|E_wo3b1U(I#TgOZJqufSrNhPA#qxqlQYMwWX!pENRD%v?WG-@hr6@wgAt5mgz
z=BbSWT9vyQM!mpmsrP|HoLXVL6-A$eJ@9Pw&|tBCk^V7~Xm3@%HlBqcVwa~+1(fK@
z+9cA4y)#z&Hd(^O?B1+d+Uq$tmTW#|a<HTU=0UlTjEU57N@_?ta6-7O%VfT?lGU__
zn5{5F^W1E@PX5Hy+@pqlk>{%dfrAKQvo<|;8r#u!?d4jVv`ap)X@7A=0~VWnUryA1
ziThcaEyX4HnCm=0ws~2TKa#90^zpRiIE`BtKNN#1yYC&})i`NGZcW&x%q0HIi|QT2
z;MfXxYW%}0kZnD8t3h|!b^kRioev!-p0KRKW|h*qxu7-T_T1#c6KrR-2i1JnZdS4!
zM-JVSKX4?w=Zi{@X(I0H+Bz0L!$00c-=k<SyIDN_g>;1=OBeBwVC|PYPI;{E685p&
zE%E~#e*HDBrRZJOpP4i(OC{c%@=0)z=HH(Vo|4oONZcIFw>(r!q*f|gn~JhWOnGK=
z9kXuKN<J7h@+W&iQK+px>sJuGw(JVS-L|Gr_$ls8_+0G8rx&9FECjg4<h#C%t9e{g
zxL6&M&W{@T&4;~&9TzINom(z{&6hTkm0TdJuQl$gS-6~|lr4%4BXh3WJG`o|{kFYs
zao-wvF**JcfYovqkm|~<I2Ls>J%zm}C#?IVHLkACzQ491yMLh4xWCyYT7S^J-;V8}
z95+L;8&b-a<No%tpHz0Qi$;5Q$qQWV@p+}X>G<0a-i+$nwGg4~d}$WRCigE<lpog@
zXVk;7Z%x}D#KLH8DcXP2%aoSAx$4*Mx@mQ?^3&w!dt1#i9G##y1F7JyxC(q9?S$C;
z5)-y9hGBd+L^S2FaOuz#rtB*H^b_JR6&^T(V0q4QZ&NS41Z%GpPbvxt!#42~n&nD=
z+K_ILDCa=*k_(l2xK^yF@TD0vIc^yDXi|8SzZSGm`SGoThQ&+&M9`i#ZP5v-OR+0G
zm$_dulRMk~Hn&=}jxV!xlAGI6KYx|5denFfgZAs4MQ#zOzLxeECtt5M*e7xWU9&xg
z_zF!p>?Plpg<8}cG(N7+AiwC%e2EhSnj6#1h6@!sU%E-26wqQVQaeaXpY4wk5p~^)
zhk}(69jq&bz@IleLbo!5vX*QC)a_I18{9CGktWxK>DT%_-@4cJ_wC(p%hZ!m3kx%_
z?>5b+UUP5tS+EHe7WrMofBDipt`uhvMSCY+%Ipv}9a1FwP#0vgNgPvxP^Q3_Mv%1`
z#y{a2=9alsuQZi;Gvso4mNfOf=r;mLU&NUmEfV}0$KGkMAlj&W>x!vec6(xv=Q_FJ
zN-Vv2Jne~<`=tUA_k)7H%mY!QOuP(Vaz~OrRo9H7)W^O9{tpWBqFtP_#j{LVR#||-
z<&4ZKZ<mG_Jxrhh(bm>ZFM8`oSeWI~`A7tbZB^lf&q)r(XKVRLglD^(sD=Q-v9(1S
z69S7U1ns-~x|ppG2}^^+UqYR|uI9fhH5azN$7{|^kgZiL!1nd&F`l)x#-j+cK`tGy
z%S#(e>){wrrc6?a<Z1e)RX^TwnD3JF*N&S{<l&pq48|N2m`?OPh9AT(209!WA1hD2
zQ<yiUnu`7|GZ>yonj%GB^HBlSLYUejg@$06m%92pZ+)gvm`JZGm%>FT`#31gtsr3{
zZ@*|y;cDuVfo-Q*pzwZsF0md&3Sv;qXrZ2O6lf)*ie^3<*B33^20qra8@ObDH=uuB
zwI%PoR9Y!IilqM>f*=3+ky>6gmrS-WRyv_9B{ed7tq?7<!~4Pha*{QV8=3H38rR8w
z^T`d(0%>1VUNj+XwUcmR6Tpw1PAfB{kIQD@15icDm&?3j;WLucuQ}&wZ*cU}R4rD8
z;Rn@d;sbp3eP^0a2GP{#8q;%m>IyHhl(0EA3+*#f^&z(;e(|b;-A-l#R3gLzy@}gu
z_AT+qnbG7ahoi!GOj+w5)|R=Z5|3z@_U_8HY$2n#S;E{)xeJNI)7iK74L5T&cn+4u
zsqQ~p=P~Co_{@@Xd7X}{7(QGfQHOTpO+M9ihwhdkid}4(@XD37*!$}pMPd}25<LYg
z3%nFsG%$Tq5+<E&aus89I21SoIZW*V^I#ZovobUVB4=tVpV@cpuS_4}`CYEio1aeP
z_b<#E79H~bkM^$oovnP0o2S!u#@b$8Mp{f4Z9`G9mZH>Ndm<ToF{lt~pAb=IP}EYj
zlvt`NnvhTuu_hEnEU6_FCDmGLt2K6VL+>AO=eaZU)BWu{=RD7Q&i6g<_dTEYbKd3R
zEZLkDnhO;|rcw9r)~`-=s6KP0FZtro8OIeueidH6E_|Sdvf%?K603B2Ab4)y06bol
z*TFrC$U*}!_xt+7)VG(8-6^25t<=Q9R=dV*!eZKDuJG!xvAWWGLMl>Ymec|X3<p-`
z!U$fcxv-R5(&5+R%0-Nj0zCmiyMsIMT%TGRZ;FeJ1y-<^+xQMo{e95kPfAW)A<2bq
ze4P|Nq?;O?cXxN`0b!GpZVF!SlP?`UD^EPPTfAf+TdwmP?ECBS=wA+S|2u&NAC}>Z
zyBllMz>$gc%RX_`utmiLvum$@-DxaXSaw+(%nY4)@^Y8Gy}>6wQ(G{`32Ps5pRHCt
zd!G_hAaJ0Yl2^{H{PHj<&T5?4R);3Lr4p4{6w)XseSQZ&=8z5rEyNL(w8W`59O4s^
zvMPjtXuQJL{5e|~%~?D#)Uz&kua#o7onSf^J~w$c1qH{gHps*YC~XoBBEW}6#DCdk
zI<;v&H_!~P&_3R=r@YMV^Bo;ofGGz5enSRxGp8P(Me=#^isu{Bh6E+Xan1-ty$xh?
z=ey0!kqK+JLo>S7MU~Q?lC+ooq42(OyUcy38oY^*0C$*+)qLUgUd#)tWq<N!Mw3xT
zV29W#oZINm3|3Ha(nsuFq#3m@@davO?~D50ePswa%#1mT8XyT$zBCe*xJ!J3#<A{>
z$0&J(yAk2*NOOB3)Jq}I_Wd>K*F_pX2hZx6aF(u0Tz2o^kF}s^4bBZ8(*jKlyajUJ
z4LSwS%7$HvKk{hfITgJFE@X%5H5GG8l0H);l}FySx>U9~eSginO&tI+Ga9LZEVHiM
z*N5kxI+3rJQ_4*C?%@Sp4yNmM?ZRURL_5=MmA0b#d&IqIx}%=inZMNGij5r6_7p+l
z9#lTvtA}b#LD`d;vqF1{*JQM*g<-~S)b)J@eK3thgd~BP&T5j~3KAUQ(&^GcnxieQ
zCTXnL6F($V7KRN9+soB3^~4gX$H||6izxRqX2MyH%E7TItJy*<LcJ!suoQX)c(dTP
zSl)>ig~j~*BU!~YO^|ImV{OAqF67gbuW_WD-OccR+SmxTs#PBkQ}I0v?;nZKbi0>|
zi>YDUe+@_Pk_xxj@K3=5$N;?;SHiao>ePJ(9mVm$Jd#P)dY%Zthh}SLFO2IA(Yt4S
zc9bb=!_0{W1<CZZJ}vS@Pc#9}gKY=L0u$D$RH(pLaopH=i+h8cTGD!sqRH4PL$QSq
z>BO-OR)OvBUMY3Mp&#eTNK#mrsbcNUcLF#WQEPdyIBGx5E=d4fRK`aOwq>pZke{{c
zRjwLb;`HmwT^%zX&-GF8hNl2H%ial(1ky5VEc!Gu@v@QP{pti1c^q?d_>7zmBhl;m
zJ&f%Tu$_L3@_n}Z7S@l_-KXzw$qd@O6H<kK2%^aLZ*tH?>qa5?7c2C1^UDu}RYfO@
z%9>I3Rd%A^HAItLn1VD6ZaZ8nS=F$f+2T8!F$xl|x|5`{)!zBx1w->0UbacBcM03=
zKY;L8d>0rjU_L6jzk)?r?KYPx%)}V%;oSew#!xJqeA4f;BV=l*iS{Y_#|I^54Mt7j
z;Hcz7Pe+R}0;M#X8^n*zik9p8qgCusE?s@5Zt|5SgR+eT#j?B7M~C^hpa{IyXhA^0
z=&=PU#QivFZIcnZLO_HDh(AXATmU$!*pK8ATvL~^e6rtT#PGFNC11Dj5V1&=x%AX&
z6Q_q6n*~r|o=WZxQ|g+$WQ1$v3WlR~1Q69ecw^#hkMW)wv`02pEzJesr{YD|ME`Q!
z(jRg;CK9iUb4&JZ?_g2Ai#yNM2P{}MmY)-hYFY0mC#<kn8HSRQi2XkZ<t=RUQq}Lu
zMKtikb(9+Yk?tL&gV)Y^_6Xh<p(&E$b>a2wz#B8nz=Gxe&5jidNJTpQgxJq9PHoC{
zPqu>|^^e={q`DYISLCZIO7}86pF*w~e%-T4OD=eeI2St-eBk057Mm<Q#&FWw_B$;e
zTkb3mE6l!o^W*tWFCZ!I&Eu4(lMRyjD~xtas0X<LgG1asJ6qdaZ`97Fmx)NyfhiU6
zao4EykN1im$9D<?rX+!8l_#ux4Xv$*K&Ln7U>;LI^#b#o`tEZH_C@x=pMc3ezfo6=
z9Tm?#i0`HCSomvhS;X)~p6Vmz99#1&`e|AsyAiWR?_8l<Nv)BJZBVD65(c_E6=^<3
z8gHvtVX=bJ$fRiSxYcfVMI;}>ae045fEV)6cS>V@zTJ|DtB9_yN-OukO<f<szg$CQ
zDq$ecE}7|+@LoRJ0fSKxS6Hz>4iA^+I&YMKBPp+=TaP_TKQx%;$E<9hQR1v4=SbIf
zQ0?$DiK{hQ7qoh(0tzvf&n?cY`1Q%BivL1L^<kMzdOs_QEk-E@Ox%f!UwUd1WuuII
zJe8y73B0<UQ89^4EOMtyafCOT+aNa4r|e|Sqxpvxf{?e0?6sZGTw9#KTAfuyc>hDP
zRI@(OMtQb6qNh->z`~qVBa{dYMp`9T+VW}Sy<nvG_pc7>rfG0QIyPVrl1)TrL{_ft
z>O6lSrLJzP(Wtee8JY*!=M^lMQj^lhYR6xSuzpoCuMJ$gg`BP%fq_$Sk!u02nU=3E
z7&;Udy0)D;h3Zz9?_48qI}Zmj#gyzA$`81P8i;DqsZTctCDjK>k%chN(=cF2+2q-y
zr1RKg8oQsrZKn)6yMh0bf$v}t^nJQG=_2#iX?eSZtYWPJMpo@b>uLvZRI8HbdT&_V
zBTu|)VRm&bAMd2#58#9wnnRaQUoP!g5!EeHjT)bWJU7E8ib;u>TMU!#PFt;HEs|FZ
zB8)4{^#`N}l5m0jHL-W2z2ZvjO{{B!B!}$J3s?$6J@-5^Qh(~ceRKi~l;BJ#I4Z(f
zmg|8mkM49A`i9ZU8OhZp8N`PSiM~#&UMyiawC=Xp(8L@+G&#>C+9@?eQQM;<32|DA
zz;WOUcJFYh3Ea()*mjH0vmwXzREsviUi-qN!uKQ*o!7a&*nYcDMt_*mFdM1fTt{vY
zd$ZXdlAwC}D8+77_!b-h<Mi+8m`UTyZg2TXzOX4n3AA^P6uEi|X5T#3euh|yxI_+}
z;g|k!5*vhor;7y~>@ptLHx@%<WzsKlj*;z)H_+Fs0~&uw=qo#k%#xd?g&@(nb?AIN
zYg=!$uNDftN{EiMT_0$$uTUIcK=Aq=ZPO&>&Ngq(Y~t!|V56bT{+BpTf1fu7A6S3K
z%mGX%aZ8<d7U1u(xq>Kmey&+}y2yD#H$?ziB>dU=&G1?u+i)46=~fY`osG9F%>_g)
z4zznJ&XaA6&E^BTLgoTZGQfx!b$q_S_LqE2_`4F_ycr+Ii8hxFuz^nMrw}#_oJk*|
z=s7ZSaV}d}{?LbTg?XHlx@VdV&Bz{IFc;uRI~td#0gW%ewc^XPES~cjWD6LbQ*~||
zs-o#(yLw1T8t>kGyuB5rQ{2dmumOj3alJn>K4Vb9)MA9z|HT?de;tMQP11yOhtqK@
zaPVa2NAKebdrhxxW_Z(S;Z*=8L85hEp2A?(kpVK#h+P(gIK=ltU57}D^^{v+U@fL}
z83;6#laoVT+!RNW=H@om@**QbT-&T*UwL^M=q}Wbf8qYPMZ#l$KiXk3!=@->W-Csl
z>RKsCiTI9@i=7?*<3HaI<>R$HRXhwq6Qq9@dL0UG#ca>P9fN*6c$vFnKe>IQ=&lEv
zGHx8k8UIXz#Q&IsF?q#JCCAj&)pa@cU>!X7E?8Sz`>E!*)^u|TU^|(NL{T-pcZZi6
zE^_C51kAsetF|M8>`M>y>ky=^r4<1Jfl@J;j+2Le;r7kx0M$vq>WS%T7<Nt?_K&i}
ke;@z+f5|+5j@3`)9CzqdVbD!ZLl3OSP}fw4sC_T;-|wnTpa1{>

literal 0
HcmV?d00001

diff --git a/docs/user-guide/2-Storing-malware-samples.rst b/docs/user-guide/2-Storing-malware-samples.rst
index 897093452..99151acd4 100644
--- a/docs/user-guide/2-Storing-malware-samples.rst
+++ b/docs/user-guide/2-Storing-malware-samples.rst
@@ -98,3 +98,23 @@ Using that feature we can chain together various files extracted during the anal
 - two memory dumps with unpacked code 
 
 Finally, from both of these dumps we got a malware configuration.
+
+
+Related files
+-------------
+
+Sometimes we want to add the file that is related to the object, but not containing any malware i.e. pdf report. Every object of type **file** has designated tab for such purpose.
+
+.. image:: ../_static/related-files-tab.png
+   :target: ../_static/related_files_tab
+   :alt: related files tab
+
+In this tab you can:
+
+- view list of all related files associated with this object
+- upload new related file
+- delete related file
+- download single related file
+- download .zip file containing every related file
+
+Keep in mind that those actions might require special capabilities. For more details, please read :ref:`9. Sharing objects with other collaborators`

From 64d653ae3a4bf66a8a8ee96e2645fb0567742385 Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Wed, 21 Dec 2022 17:15:30 +0100
Subject: [PATCH 27/33] Querying by related files

---
 mwdb/core/search/fields.py   | 83 ++++++++++++++++++++++++++++++++++++
 mwdb/core/search/mappings.py |  2 +
 2 files changed, 85 insertions(+)

diff --git a/mwdb/core/search/fields.py b/mwdb/core/search/fields.py
index f7ee471ff..974c6c1c9 100644
--- a/mwdb/core/search/fields.py
+++ b/mwdb/core/search/fields.py
@@ -19,6 +19,7 @@
     Member,
     Object,
     ObjectPermission,
+    RelatedFile,
     TextBlob,
     User,
     db,
@@ -732,3 +733,85 @@ def _get_condition(
         else:
             condition = or_((self.column == value), File.alt_names.any(value))
         return condition
+
+
+class RelatedField(BaseField):
+    accepts_range = True
+    accepts_subfields = True
+    accepts_wildcards = True
+
+    def count_condition(self, expression):
+        def parse_count_value(value):
+            try:
+                value = int(value)
+                if value < 0:
+                    raise ValueError
+            except ValueError:
+                raise UnsupportedGrammarException(
+                    "Field related.count accepts statements with "
+                    "only correct integer values"
+                )
+            return value
+
+        if isinstance(expression, Range):
+            low_value = expression.low.value
+            high_value = expression.high.value
+
+            if low_value != "*":
+                low_value = parse_count_value(low_value)
+            if high_value != "*":
+                high_value = parse_count_value(high_value)
+
+            low_condition = (
+                func.count() >= low_value
+                if expression.include_low
+                else func.count() > low_value
+            )
+            high_condition = (
+                func.count() <= high_value
+                if expression.include_high
+                else func.count() < high_value
+            )
+
+            if high_value == "*" and low_value == "*":
+                condition = True
+            elif high_value == "*":
+                condition = low_condition
+            elif low_value == "*":
+                condition = high_condition
+            else:
+                condition = and_(low_condition, high_condition)
+        else:
+            upload_value = parse_count_value(expression.value)
+            condition = func.count() == upload_value
+
+        related = (
+            db.session.query(RelatedFile.object_id)
+            .group_by(RelatedFile.object_id)
+            .having(condition)
+        ).all()
+        found_ids = [r[0] for r in related]
+        return RelatedFile.object_id.in_(found_ids)
+
+    def _get_condition(
+        self, expression: Expression, subfields: List[Tuple[str, int]]
+    ) -> Any:
+        if len(subfields) <= 1:  # [('related', 0)]
+            raise FieldNotQueryableException("One subfield is required")
+        if len(subfields) > 2:
+            raise FieldNotQueryableException(f"Too many subfields: {len(subfields)}")
+
+        key = subfields[1][0]
+
+        if key == "name":
+            field = StringField(RelatedFile.file_name)
+        elif key == "size":
+            field = SizeField(RelatedFile.file_size)
+        elif key == "sha256":
+            field = StringField(RelatedFile.sha256)
+        elif key == "count":
+            return self.column.any(self.count_condition(expression))
+        else:
+            raise FieldNotQueryableException(f"No such subfield: {key}")
+
+        return self.column.any(field._get_condition(expression, subfields))
diff --git a/mwdb/core/search/mappings.py b/mwdb/core/search/mappings.py
index 8e746f97d..1547e9ea4 100644
--- a/mwdb/core/search/mappings.py
+++ b/mwdb/core/search/mappings.py
@@ -23,6 +23,7 @@
     JSONField,
     ListField,
     MultiField,
+    RelatedField,
     RelationField,
     ShareField,
     SizeField,
@@ -56,6 +57,7 @@
         "karton": UUIDField(Object.analyses, KartonAnalysis.id),
         "comment_author": CommentAuthorField(Object.comment_authors, User.login),
         "upload_count": UploadCountField(Object.upload_count),
+        "related": RelatedField(Object.related_files),
     },
     File.__name__: {
         "name": FileNameField(File.file_name),

From 06251c5d7b3293e93a6ebf543fad7b793aa16f3a Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Wed, 21 Dec 2022 17:24:59 +0100
Subject: [PATCH 28/33] Documentation update

---
 docs/user-guide/7-Lucene-search.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/user-guide/7-Lucene-search.rst b/docs/user-guide/7-Lucene-search.rst
index a7aacb576..b6ac61141 100644
--- a/docs/user-guide/7-Lucene-search.rst
+++ b/docs/user-guide/7-Lucene-search.rst
@@ -548,3 +548,13 @@ Afterwards, you can see your newly added query as another black-coloured badge.
 .. image:: ../_static/7dXJkSH.png
    :target: ../_static/7dXJkSH.png
    :alt: 
+
+Related file field (\ ``related.<field>:``\ )
+------------------------------------------------------------
+
+You can query objects by their related files. There are 4 ways to do it:
+
+* ``related.name:`` - query by related file's name
+* ``related.size:`` - query by related file's size
+* ``related.sha256:`` - query by related file's sha256
+* ``related.count:`` - query by number of files related to the object
\ No newline at end of file

From 52a3497c963c822f56f86f34e1552402c9e63322 Mon Sep 17 00:00:00 2001
From: Repumba <tomasz.trzeciak@nask.pl>
Date: Thu, 22 Dec 2022 12:19:43 +0100
Subject: [PATCH 29/33] Documentation for querying and automated tests

---
 docs/user-guide/7-Lucene-search.rst | 32 ++++++++++-
 tests/backend/test_search.py        | 84 ++++++++++++++++++++++++++++-
 2 files changed, 114 insertions(+), 2 deletions(-)

diff --git a/docs/user-guide/7-Lucene-search.rst b/docs/user-guide/7-Lucene-search.rst
index b6ac61141..19b5761e1 100644
--- a/docs/user-guide/7-Lucene-search.rst
+++ b/docs/user-guide/7-Lucene-search.rst
@@ -555,6 +555,36 @@ Related file field (\ ``related.<field>:``\ )
 You can query objects by their related files. There are 4 ways to do it:
 
 * ``related.name:`` - query by related file's name
+
+.. code-block:: python
+
+   related.name:"name.txt"
+
+
+This field accepts wildcards.
+
 * ``related.size:`` - query by related file's size
+
+.. code-block:: python
+
+   related.size:"<5kb"
+
+
 * ``related.sha256:`` - query by related file's sha256
-* ``related.count:`` - query by number of files related to the object
\ No newline at end of file
+
+.. code-block:: python
+   related.sha256:"2ed91d820157c0530ffbae54122d998e0de6d958f266b682f7c528942f770470"
+
+
+* ``related.count:`` - query by number of files related to the object
+
+.. code-block:: python
+
+   # get files, which have at least 0 related files and no more than 2
+   related.count:[0 TO 2]
+   # get files, which have at least 2 related files
+   related.count:">=2"
+   # get files, which have more than 2 related files
+   related.count:">2" 
+   # get files, which have exactly 1 related file
+   related.count:"1"
diff --git a/tests/backend/test_search.py b/tests/backend/test_search.py
index 6ae8ac0b3..4d7138c6f 100644
--- a/tests/backend/test_search.py
+++ b/tests/backend/test_search.py
@@ -2,7 +2,7 @@
 import datetime
 
 from .relations import *
-from .utils import base62uuid
+from .utils import base62uuid, calc_sha256
 from .utils import ShouldRaise
 from .utils import rand_string
 import random
@@ -668,3 +668,85 @@ def test_search_multi(admin_session):
     wildcard_hash = samples[0].get("sha512")[:-100] + "*"
     with ShouldRaise(status_code=400):
         found_objs = test.search(f'file.multi:"{wildcard_hash}"')
+
+
+def test_related_files_search(admin_session):
+    test = admin_session
+
+    filename = base62uuid()
+
+    # File A
+    file_content = base62uuid()
+    FileA = test.add_sample(filename, file_content)
+
+    test.add_related_file(FileA["sha256"], "related.txt", "b"*1024)
+    test.add_related_file(FileA["sha256"], "related.mp3")
+    test.add_related_file(FileA["sha256"], "related.png")
+
+    # File 2
+    file_content = base62uuid()
+    FileB = test.add_sample(filename, file_content)
+
+    test.add_related_file(FileB["sha256"], "related.txt", "b"*2048)
+    test.add_related_file(FileB["sha256"], "related.mp3")
+    test.add_related_file(FileB["sha256"], "related.jpg")
+    test.add_related_file(FileB["sha256"], "related.csv")
+    
+    # Related file name
+    results = [
+        result["id"] for result in
+        test.search(f'related.name:"*.png" AND file.name:"{filename}"')
+    ]
+    assert sorted(results) == sorted([FileA["sha256"]])
+    results = [
+        result["id"] for result in
+        test.search(f'related.name:"related.mp3" AND file.name:"{filename}"')
+    ]
+    assert sorted(results) == sorted([FileA["sha256"], FileB["sha256"]])
+
+    # Related file size
+    results = [
+        result["id"] for result in
+        test.search(f'related.size:">2000" AND file.name:"{filename}"')
+    ]
+    assert sorted(results) == sorted([FileB["sha256"]])
+    results = [
+        result["id"] for result in
+        test.search(f'related.size:"<=2048" AND file.name:"{filename}"')
+    ]
+    assert sorted(results) == sorted([FileA["sha256"], FileB["sha256"]])
+    results = [
+        result["id"] for result in
+        test.search(f'related.size:[1000 TO 1100] AND file.name:"{filename}"')
+    ]
+    assert sorted(results) == sorted([FileA["sha256"]])
+
+    # Related file sha256
+    sha256 = calc_sha256("b"*1024)
+    results = [
+        result["id"] for result in
+        test.search(f'related.sha256:"{sha256}" AND file.name:"{filename}"')
+    ]
+    assert sorted(results) == sorted([FileA["sha256"]])
+
+    # Related file count
+    results = [
+        result["id"] for result in
+        test.search(f'related.count:"3" AND file.name:"{filename}"')
+    ]
+    assert sorted(results) == sorted([FileA["sha256"]])
+    results = [
+        result["id"] for result in
+        test.search(f'related.count:">3" AND file.name:"{filename}"')
+    ]
+    assert sorted(results) == sorted([FileB["sha256"]])
+    results = [
+        result["id"] for result in
+        test.search(f'related.count:"<=4" AND file.name:"{filename}"')
+    ]
+    assert sorted(results) == sorted([FileA["sha256"], FileB["sha256"]])
+    results = [
+        result["id"] for result in
+        test.search(f'related.count:[1 TO 3] AND file.name:"{filename}"')
+    ]
+    assert sorted(results) == sorted([FileA["sha256"]])

From 60e97d31d049c454f2c238b97ca5d88f9cd30eb7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Srokosz?= <pawel.srokosz@cert.pl>
Date: Mon, 23 Jan 2023 16:19:21 +0100
Subject: [PATCH 30/33] js => jsx

---
 .../Views/{RelatedFilesTab.js => RelatedFilesTab.jsx}           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename mwdb/web/src/components/ShowObject/Views/{RelatedFilesTab.js => RelatedFilesTab.jsx} (99%)

diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.jsx
similarity index 99%
rename from mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
rename to mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.jsx
index a44689def..d92981a84 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.js
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.jsx
@@ -10,13 +10,13 @@ import {
     faArchive,
 } from "@fortawesome/free-solid-svg-icons";
 
+import { APIContext } from "@mwdb-web/commons/api";
 import { ObjectContext } from "@mwdb-web/commons/context";
 import {
     ObjectAction,
     ObjectTab,
     ConfirmationModal,
 } from "@mwdb-web/commons/ui";
-import { APIContext } from "@mwdb-web/commons/api/context";
 import { humanFileSize, downloadData } from "@mwdb-web/commons/helpers";
 import ReactModal from "react-modal";
 

From 6c9bbce26f5e4b5d2169af0b40af34e64996f015 Mon Sep 17 00:00:00 2001
From: Repumba <t.a.trzeciak@gmail.com>
Date: Wed, 15 Mar 2023 14:09:28 +0100
Subject: [PATCH 31/33] fix migrations

---
 .../versions/3c610b0ddebc_add_related_files_table.py          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py b/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py
index 21d625637..02c539458 100644
--- a/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py
+++ b/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py
@@ -1,7 +1,7 @@
 """add related_files table
 
 Revision ID: 3c610b0ddebc
-Revises: c7c72fd7fac5
+Revises: 717b5da712b8
 Create Date: 2022-12-12 09:02:40.406370
 
 """
@@ -10,7 +10,7 @@
 
 # revision identifiers, used by Alembic.
 revision = "3c610b0ddebc"
-down_revision = "c7c72fd7fac5"
+down_revision = "717b5da712b8"
 branch_labels = None
 depends_on = None
 

From 05d729db98e610c27e41188d561f819508ff1a77 Mon Sep 17 00:00:00 2001
From: Repumba <t.a.trzeciak@gmail.com>
Date: Wed, 15 Mar 2023 14:23:04 +0100
Subject: [PATCH 32/33] fix migrations 2

---
 .../versions/3c610b0ddebc_add_related_files_table.py          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py b/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py
index 02c539458..3286fb65b 100644
--- a/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py
+++ b/mwdb/model/migrations/versions/3c610b0ddebc_add_related_files_table.py
@@ -1,7 +1,7 @@
 """add related_files table
 
 Revision ID: 3c610b0ddebc
-Revises: 717b5da712b8
+Revises: bd93d1497694
 Create Date: 2022-12-12 09:02:40.406370
 
 """
@@ -10,7 +10,7 @@
 
 # revision identifiers, used by Alembic.
 revision = "3c610b0ddebc"
-down_revision = "717b5da712b8"
+down_revision = "bd93d1497694"
 branch_labels = None
 depends_on = None
 

From 441612d7c8ebde705be79210fdb473ddd789b4a1 Mon Sep 17 00:00:00 2001
From: Repumba <t.a.trzeciak@gmail.com>
Date: Fri, 31 Mar 2023 15:04:09 +0200
Subject: [PATCH 33/33] add toastify for alerts

---
 .../ShowObject/Views/RelatedFilesTab.jsx      | 36 +++++++++++++------
 1 file changed, 26 insertions(+), 10 deletions(-)

diff --git a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.jsx b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.jsx
index d92981a84..89041d668 100644
--- a/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.jsx
+++ b/mwdb/web/src/components/ShowObject/Views/RelatedFilesTab.jsx
@@ -1,5 +1,6 @@
 import React, { useCallback, useContext, useEffect, useState } from "react";
 import { Link } from "react-router-dom";
+import { toast } from "react-toastify";
 
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import {
@@ -16,19 +17,22 @@ import {
     ObjectAction,
     ObjectTab,
     ConfirmationModal,
+    getErrorMessage,
 } from "@mwdb-web/commons/ui";
 import { humanFileSize, downloadData } from "@mwdb-web/commons/helpers";
 import ReactModal from "react-modal";
 
 async function updateRelatedFiles(api, context) {
-    const { setObjectError, updateObjectData } = context;
+    const { updateObjectData } = context;
     try {
         let response = await api.getListOfRelatedFiles(context.object.sha256);
         updateObjectData({
             related_files: response.data.related_files,
         });
     } catch (error) {
-        setObjectError(error);
+        toast(getErrorMessage(error), {
+            type: "error",
+        });
     }
 }
 
@@ -87,10 +91,19 @@ function RelatedFileItem({ file_name, file_size, sha256 }) {
                         setConfirmationModalOpen(false);
                     }}
                     onConfirm={async () => {
-                        await api.deleteRelatedFile(
-                            context.object.sha256,
-                            sha256
-                        );
+                        try {
+                            await api.deleteRelatedFile(
+                                context.object.sha256,
+                                sha256
+                            );
+                            toast("Related file deleted successfully", {
+                                type: "success",
+                            });
+                        } catch (error) {
+                            toast(getErrorMessage(error), {
+                                type: "error",
+                            });
+                        }
                         updateRelatedFiles(api, context);
                         setConfirmationModalOpen(false);
                     }}
@@ -106,11 +119,10 @@ function RelatedFileItem({ file_name, file_size, sha256 }) {
 function ShowRelatedFiles() {
     const api = useContext(APIContext);
     const context = useContext(ObjectContext);
-    const { setObjectError, updateObjectData } = context;
+    const { updateObjectData } = context;
 
     const getRelatedFiles = useCallback(updateRelatedFiles, [
         api,
-        setObjectError,
         updateObjectData,
         context.object.sha256,
     ]);
@@ -162,7 +174,6 @@ export default function RelatedFilesTab() {
     const [file, setFile] = useState(null);
     const context = useContext(ObjectContext);
     const api = useContext(APIContext);
-    const { setObjectError } = context;
 
     const modalStyle = {
         content: {
@@ -179,8 +190,13 @@ export default function RelatedFilesTab() {
         try {
             await api.uploadRelatedFile(file, context.object.sha256);
             updateRelatedFiles(api, context);
+            toast("Related file uploaded successfully", {
+                type: "success",
+            });
         } catch (error) {
-            setObjectError(error);
+            toast(getErrorMessage(error), {
+                type: "error",
+            });
         }
     }