From 1e4047caf1f8d98b7698ad437ad1cc59198ae166 Mon Sep 17 00:00:00 2001
From: Ida Dittrich <i.dittrich@valueon.ch>
Date: Thu, 26 Feb 2026 16:17:15 +0100
Subject: [PATCH] fix: ready for merge with int

---
 modules/interfaces/interfaceDbManagement.py | 14 ++++----------
 modules/system/registry.py                  | 14 ++------------
 2 files changed, 6 insertions(+), 22 deletions(-)

diff --git a/modules/interfaces/interfaceDbManagement.py b/modules/interfaces/interfaceDbManagement.py
index 34fd59cc..61e32886 100644
--- a/modules/interfaces/interfaceDbManagement.py
+++ b/modules/interfaces/interfaceDbManagement.py
@@ -1206,20 +1206,14 @@ class ComponentObjects:
             return False
 
     def getFileData(self, fileId: str) -> Optional[bytes]:
-        """Returns the binary data of a file if user has access.
-        
-        File access is user-scoped (same as routeDataFiles): getFile() verifies the user
-        owns the FileItem via _createdBy. Once ownership is confirmed, we read FileData
-        directly to ensure the uploader can always access their file content.
-        """
-        # Check file access (user-scoped via _createdBy - same logic as routeDataFiles)
+        """Returns the binary data of a file if user has access."""
+        # Check file access
         file = self.getFile(fileId)
         if not file:
             logger.warning(f"No access to file ID {fileId}")
             return None
-
-        # User owns the file - read FileData directly (bypass RBAC for owned files)
-        fileDataEntries = self.db.getRecordset(FileData, recordFilter={"id": fileId})
+            
+        fileDataEntries = getRecordsetWithRBAC(self.db, FileData, self.currentUser, recordFilter={"id": fileId}, mandateId=self.mandateId)
         if not fileDataEntries:
             logger.warning(f"No data found for file ID {fileId}")
             return None
diff --git a/modules/system/registry.py b/modules/system/registry.py
index 3f3717a9..1c32badd 100644
--- a/modules/system/registry.py
+++ b/modules/system/registry.py
@@ -36,15 +36,6 @@ def discoverFeatureContainers() -> List[str]:
     return sorted(containers)
 
 
-def _router_load_order_key(filepath: str) -> tuple:
-    """
-    Sort key for router loading. Longer/lexicographically later prefixes first
-    so that more specific routes (e.g. /api/chatplayground) register before generic ones.
-    """
-    featureDir = os.path.basename(os.path.dirname(filepath))
-    return (-len(featureDir), featureDir)
-
-
 def loadFeatureRouters(app: FastAPI) -> Dict[str, Any]:
     """
     Dynamically load and register routers from all discovered feature containers.
@@ -57,9 +48,8 @@ def loadFeatureRouters(app: FastAPI) -> Dict[str, Any]:
     """
     results = {}
     pattern = os.path.join(FEATURES_DIR, "*", "routeFeature*.py")
-    filepaths = sorted(glob.glob(pattern), key=_router_load_order_key)
-
-    for filepath in filepaths:
+    
+    for filepath in glob.glob(pattern):
         featureDir = os.path.basename(os.path.dirname(filepath))
         routerFile = os.path.basename(filepath)[:-3]  # Remove .py