From 24b4e87e359d7cb21636191d6e951e7ada33c818 Mon Sep 17 00:00:00 2001
From: Mohammed Taha Khan <mohammed.taha.khan@cern.ch>
Date: Thu, 4 Jun 2026 17:06:33 +0200
Subject: [PATCH] fix(records): use header login URL in restricted files notice

Anonymous users on public records with restricted files saw a Log in
link to /account/settings/login. Override the files access message to
use url_for_security('login', next=request.path), matching the header.
---
 .../semantic-ui/cds_rdm/records/detail.html   | 46 ++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

diff --git a/site/cds_rdm/templates/semantic-ui/cds_rdm/records/detail.html b/site/cds_rdm/templates/semantic-ui/cds_rdm/records/detail.html
index 66999fc3..f350f7ee 100644
--- a/site/cds_rdm/templates/semantic-ui/cds_rdm/records/detail.html
+++ b/site/cds_rdm/templates/semantic-ui/cds_rdm/records/detail.html
@@ -7,6 +7,19 @@
 
 {%- extends "invenio_app_rdm/records/detail.html" %}
 
+{%- macro cds_restricted_files_access_notice(record_ui) %}
+  {%- if current_user.is_anonymous and record_ui["access"]["record"] == "public" and record_ui["access"]["files"] == "restricted" %}
+    {%- set login_url = url_for_security("login", next=request.path) -%}
+    <p>
+      {% trans login_start=('<a href="' ~ login_url ~ '">')|safe, login_end='</a>'|safe %}
+        The record is publicly accessible, but files are restricted. {{ login_start }}Log in{{ login_end }} to check if you have access.
+      {% endtrans %}
+    </p>
+  {%- else %}
+    <p>{{ record_ui["ui"]["access_status"]["description_l10n"] | safe }}</p>
+  {%- endif %}
+{%- endmacro %}
+
 {%- set clc_sync_entry = get_clc_sync_entry(record_ui) %}
 {%- set additional_permissions = evaluate_permissions(record, ['manage_clc_sync']) %}
 
@@ -41,6 +54,37 @@
 display_name=display_name) }}
 {%- endblock record_file_list -%}
 
+{%- block record_files -%}
+  {%- if record_ui["files"]["enabled"] and not permissions.can_read_files -%}
+    <section id="record-files" class="rel-mt-2 rel-mb-3" aria-label="{{ _('Files') }}">
+      <div class="ui accordion panel mb-10 {{ record_ui['ui']['access_status']['id'] }}" href="#files-preview-accordion-panel">
+        <h3 class="active title panel-heading {{ record_ui['ui']['access_status']['id'] }} m-0">
+          <div role="button" id="files-preview-accordion-trigger" tabindex="0" class="trigger"
+               aria-controls="files-preview-accordion-panel">
+            {{ _("Files") }}
+            <i class="angle right icon" aria-hidden="true"></i>
+          </div>
+        </h3>
+        <div role="region" id="files-preview-accordion-panel"
+             aria-labelledby="files-preview-accordion-trigger"
+             class="active content preview-container pt-0">
+          <div class="ui {{ record_ui['ui']['access_status']['message_class'] }} message file-box-message rel-pl-1 rel-pr-1">
+            <i class="ui {{ record_ui['ui']['access_status']['icon'] }} icon" aria-hidden="true"></i>
+            <h4 class="inline">{{ record_ui['ui']['access_status']['title_l10n'] }}</h4>
+            {{ cds_restricted_files_access_notice(record_ui) }}
+            {% if record_ui["access"]["embargo"]["reason"] %}
+              <p>{{ _("Reason") }}: {{ record_ui["access"]["embargo"]["reason"] }}</p>
+            {% endif %}
+            {% block record_files_access_request %}{{ super() }}{% endblock %}
+          </div>
+        </div>
+      </div>
+    </section>
+  {%- else -%}
+    {{ super() }}
+  {%- endif -%}
+{%- endblock record_files -%}
+
 {%- block record_details -%}
 {{super()}}
 {# Linked Records Section - Always evaluate to get other records linked to this one #}
@@ -72,4 +116,4 @@ <h2>Linked records</h2>
 {% if linkedRecordsQuery %}
 {{ webpack['cds-rdm-linked-records.js'] }}
 {% endif %}
-{%- endblock javascript -%}
\ No newline at end of file
+{%- endblock javascript -%}