-- ============================================================================ -- FILE ACCESS RESTRICTION SYSTEM -- ============================================================================ -- Add support for restricting attached files on TFEs with email-based access -- requests and cookie-based validation. -- ============================================================================ -- Add new site setting for enabling/disabling file access restriction INSERT OR IGNORE INTO site_settings (key, value) VALUES ('restricted_files_enabled', '0'); -- ============================================================================ -- FILE ACCESS REQUESTS TABLE -- ============================================================================ -- Stores requests from users wanting access to restricted TFE files. -- Supports approval workflow: pending → approved/rejected -- ============================================================================ CREATE TABLE IF NOT EXISTS file_access_requests ( id INTEGER PRIMARY KEY AUTOINCREMENT, thesis_id INTEGER NOT NULL, email TEXT NOT NULL, justification TEXT, status TEXT NOT NULL DEFAULT 'pending' CHECK(status IN ('pending', 'approved', 'rejected')), admin_notes TEXT, created_at DATETIME DEFAULT CURRENT_TIMESTAMP, approved_at DATETIME, approved_by_admin_id INTEGER, FOREIGN KEY (thesis_id) REFERENCES theses(id) ON DELETE CASCADE ); -- Index for efficient lookup by thesis and email CREATE INDEX IF NOT EXISTS idx_file_access_requests_thesis_id ON file_access_requests(thesis_id); CREATE INDEX IF NOT EXISTS idx_file_access_requests_email ON file_access_requests(email); CREATE INDEX IF NOT EXISTS idx_file_access_requests_status ON file_access_requests(status); -- ============================================================================ -- FILE ACCESS TOKENS TABLE -- ============================================================================ -- Stores tokens for cookie-based access validation. -- Each token is unique, time-limited, and linked to a specific request. -- ============================================================================ CREATE TABLE IF NOT EXISTS file_access_tokens ( id INTEGER PRIMARY KEY AUTOINCREMENT, request_id INTEGER NOT NULL, token TEXT NOT NULL UNIQUE, expires_at DATETIME NOT NULL, created_at DATETIME DEFAULT CURRENT_TIMESTAMP, is_valid INTEGER NOT NULL DEFAULT 1, FOREIGN KEY (request_id) REFERENCES file_access_requests(id) ON DELETE CASCADE ); -- Index for token lookup (most common query) CREATE INDEX IF NOT EXISTS idx_file_access_tokens_token ON file_access_tokens(token); -- Index for cleanup of expired tokens CREATE INDEX IF NOT EXISTS idx_file_access_tokens_expires_at ON file_access_tokens(expires_at); -- ============================================================================ -- SAMPLE DATA FOR TESTING (optional, remove in production if not needed) -- ============================================================================ -- No sample data needed - system starts with restriction disabled by default.