Currently file permissions are user scoped. So a user can read all files they personally upload.

This model is flawed, as it prevents other users from reading the file, even if they might need to. For example to edit a template.

Proposal

We should associate a file's permissions to atemplate_version which has proper RBAC.

To do this, all files must be associated with 1 and only 1 template version. This is because a file with multiple versions becomes a bit more ambiguous as to what to do if a user can only read 1 of the versions.

This also means you are unable to upload a file without a template version (very chicken and the egg). Or we allow uploading a file, and the file can only be read by the owner, until it is associated with a template_version. Much like template_versions without a template have their own RBAC.

This means orphaned files can only be read by their owner.