From 87af91e19444c455d813cd61f3edde5ab0226981 Mon Sep 17 00:00:00 2001
From: Dou Mok <douming.mok@gmail.com>
Date: Thu, 2 Jan 2025 09:32:56 -0800
Subject: [PATCH] Revise file permission mode to 'rw- r-- ---' and directory
 permission mode to 'rwx r-x ---' and add new pytests

---
 src/hashstore/filehashstore.py            |  4 ++--
 tests/filehashstore/test_filehashstore.py | 27 +++++++++++++++++++++++
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/src/hashstore/filehashstore.py b/src/hashstore/filehashstore.py
index 74b9c600..48f3010c 100644
--- a/src/hashstore/filehashstore.py
+++ b/src/hashstore/filehashstore.py
@@ -65,8 +65,8 @@ class FileHashStore(HashStore):
         "store_metadata_namespace",
     ]
     # Permissions settings for writing files and creating directories
-    f_mode = 0o664
-    d_mode = 0o755
+    f_mode = 0o640  # rw- r-- ---
+    d_mode = 0o750  # rwx r-x ---
     # The other algorithm list consists of additional algorithms that can be included
     # for calculating when storing objects, in addition to the default list.
     other_algo_list = [
diff --git a/tests/filehashstore/test_filehashstore.py b/tests/filehashstore/test_filehashstore.py
index 0b0e94c3..7dada123 100644
--- a/tests/filehashstore/test_filehashstore.py
+++ b/tests/filehashstore/test_filehashstore.py
@@ -727,6 +727,18 @@ def test_mktmpfile(store):
     assert os.path.exists(tmp.name)
 
 
+def test_mktmpfile_permissions(store):
+    """Test that _mktmpfile generates tmp file with expected permissions"""
+    path = store.root / "doutest" / "tmp"
+    store._create_path(path)
+    tmp = store._mktmpfile(path)
+
+    # Get the file's permission mode
+    file_stat = os.stat(tmp.name)
+    file_mode = file_stat.st_mode & 0o777
+    assert file_mode == 0o640  # rw- r-- ---
+
+
 def test_store_hashstore_refs_files_(pids, store):
     """Test _store_hashstore_refs_files does not throw exception when successful."""
     for pid in pids.keys():
@@ -1759,6 +1771,21 @@ def test_create_path(pids, store):
         assert os.path.isdir(pid_directory)
 
 
+def test_create_path_permissions(pids, store):
+    """Test makepath creates folder with expected permissions"""
+    for pid in pids:
+        root_directory = store.root
+        pid_hex_digest_directory = pids[pid]["metadata_cid"][:2]
+        pid_directory = root_directory / pid_hex_digest_directory
+        store._create_path(pid_directory)
+        assert os.path.isdir(pid_directory)
+
+        # Get the file's permission mode
+        file_stat = os.stat(pid_directory)
+        file_mode = file_stat.st_mode & 0o777
+        assert file_mode == 0o750  # rwx r-x ---
+
+
 def test_get_store_path_object(store):
     """Check get_store_path for object path."""
     # pylint: disable=W0212