# Phase 6.2 Discussion Log

**Date:** 2026-05-31
**Areas discussed:** Cloud-delete propagation, Sharing gaps scope, CSV export gap

---

## Area 1: Cloud-delete propagation

**Q:** Should delete propagate to the cloud provider?
**A:** Yes, default delete deletes from provider. A separate "Remove from app" action keeps the cloud file.

**Q:** How should the two delete actions be surfaced?
**A:** Default delete button = delete from provider. New "Remove download" button = removes app record only.

**Q:** If cloud provider delete fails, what should happen?
**A:** Warn the user with a modal. Let them decide whether to remove from app anyway.

**Q:** Should cloud docs decrement MinIO quota on delete?
**A:** No, cloud docs don't touch MinIO quota. But user noted future desire for quota tracking if cloud docs are cached locally — deferred.

---

## Area 2: Sharing gaps scope

**Context discovered:** Admin user creation was returning HTTP 500. Root cause: `write_audit_log` flushed the AuditLog INSERT before the new User was in the DB, causing FK violation on PostgreSQL (silent on SQLite). Fixed by adding `await session.flush()` before `write_audit_log` in `admin.py:create_user`. Regression test added.

**User context:** Could not test sharing manually because admin create-user was broken.

**Q:** What share behaviors should Phase 6.2 address?
**A:** Both the `is_shared` badge fix (SHARE-05) and permission level control (SHARE-03).

**Q:** Should permission be set at share time or editable after?
**A:** Both — dropdown in ShareModal at creation AND View/Edit toggle per share row after creation (requires new PATCH endpoint).

---

## Area 3: CSV export gap

**User reported issues:**
1. Export button redirects to URL → 401 "Not authenticated" (access token is in Pinia memory, not sent on browser navigation)
2. Applying filters shows nothing (user_id filter accepts any text; backend expects UUID; 422 silently swallowed)
3. Daily exports not accessible from UI (they go to MinIO audit-logs bucket)
4. Audit log shows raw UUIDs instead of user handles

**Q:** How should admins filter by user?
**A:** Admin sees users in the Users tab with handles. Audit log should show handles, not UUIDs. Filter by handle (backend resolves to UUID).

**Q:** Daily export UI?
**A:** Add a searchable dropdown in the audit tab to select which daily export to download, plus a download button.

---

## Deferred Ideas

- Persistent Celery local cache in MinIO for cloud docs with quota tracking — requires architectural changes; future phase.

---

*Claude's discretion items: exact API shape for "remove from app" endpoint; PATCH /api/shares/{id} body shape; cloud delete error response format; MinIO list_objects pagination.*