From 0c03a6d7079e5ad1183f878e4ccaeb030c528ec3 Mon Sep 17 00:00:00 2001
From: Lucas Parzianello <lucaspar@users.noreply.github.com>
Date: Tue, 24 Feb 2026 12:51:27 -0500
Subject: [PATCH 01/11] gwy: renamed file_list to capture_list for consistency

---
 gateway/sds_gateway/api_methods/tasks.py      |  2 +-
 .../js/deprecated/userSearchComponent.js      |  2 +-
 .../templates/emails/item_download_error.html |  2 +-
 .../emails/item_download_error_sdk.html       |  4 ++--
 .../emails/item_download_error_sdk.txt        |  2 +-
 .../templates/users/file_detail.html          |  2 +-
 .../users/temporary_zip_download.html         |  2 +-
 gateway/sds_gateway/users/urls.py             | 23 +++++++++++++++++--
 8 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/gateway/sds_gateway/api_methods/tasks.py b/gateway/sds_gateway/api_methods/tasks.py
index db7521636..e4aed2651 100644
--- a/gateway/sds_gateway/api_methods/tasks.py
+++ b/gateway/sds_gateway/api_methods/tasks.py
@@ -573,7 +573,7 @@ def notify_shared_users(
     if item_type == "dataset":
         item_url = f"{settings.SITE_URL}/users/dataset-list/"
     elif item_type == "capture":
-        item_url = f"{settings.SITE_URL}/users/file-list/"
+        item_url = f"{settings.SITE_URL}/users/capture-list/"
     else:
         item_url = settings.SITE_URL
 
diff --git a/gateway/sds_gateway/static/js/deprecated/userSearchComponent.js b/gateway/sds_gateway/static/js/deprecated/userSearchComponent.js
index cc3215b2d..3832439ad 100644
--- a/gateway/sds_gateway/static/js/deprecated/userSearchComponent.js
+++ b/gateway/sds_gateway/static/js/deprecated/userSearchComponent.js
@@ -1095,7 +1095,7 @@ class UserSearchHandler {
 			if (this.itemType === "dataset") {
 				refreshUrl = `/users/dataset-list/?page=${currentPage}&sort_by=${sortBy}&sort_order=${sortOrder}`;
 			} else if (this.itemType === "capture") {
-				refreshUrl = `/users/file-list/?page=${currentPage}&sort_by=${sortBy}&sort_order=${sortOrder}`;
+				refreshUrl = `/users/capture-list/?page=${currentPage}&sort_by=${sortBy}&sort_order=${sortOrder}`;
 			} else {
 				console.error(`Unknown item type: ${this.itemType}`);
 				return;
diff --git a/gateway/sds_gateway/templates/emails/item_download_error.html b/gateway/sds_gateway/templates/emails/item_download_error.html
index e8de56d75..160504ac5 100644
--- a/gateway/sds_gateway/templates/emails/item_download_error.html
+++ b/gateway/sds_gateway/templates/emails/item_download_error.html
@@ -78,7 +78,7 @@ <h3 style="color: #495057; margin: 0 0 15px 0; font-size: 16px;">Request Informa
                                             <table cellpadding="0" cellspacing="0" style="display: inline-block;">
                                                 <tr>
                                                     <td style="background-color: #005a9c; border-radius: 8px; padding: 12px 24px;">
-                                                        <a href="{{ site_url }}/users/{% if item_type == 'dataset' %}dataset-list{% else %}file-list{% endif %}/"
+                                                                          <a href="{{ site_url }}/users/{% if item_type == 'dataset' %}dataset-list{% else %}capture-list{% endif %}/"
                                                            style="color: white; text-decoration: none; font-weight: 300; font-size: 14px; display: inline-block;">
                                                             Try Again
                                                         </a>
diff --git a/gateway/sds_gateway/templates/emails/item_download_error_sdk.html b/gateway/sds_gateway/templates/emails/item_download_error_sdk.html
index 80fd6910c..f6e2693bd 100644
--- a/gateway/sds_gateway/templates/emails/item_download_error_sdk.html
+++ b/gateway/sds_gateway/templates/emails/item_download_error_sdk.html
@@ -68,7 +68,7 @@ <h3 style="color: #495057; margin: 0 0 15px 0; font-size: 16px;">📥 Install th
                                         <td>
                                             <h3 style="color: #495057; margin: 0 0 15px 0; font-size: 16px;">📖 SDK Download Instructions</h3>
                                             <p style="color: #495057; margin: 0; font-size: 14px;">
-                                                <a href="{{ site_url }}/users/{% if item_type == 'dataset' %}dataset-list{% else %}file-list{% endif %}/" style="color: #005a9c; text-decoration: none; font-weight: 600;">→ View SDK instructions on the dataset listing page</a>
+                                                <a href="{{ site_url }}/users/{% if item_type == 'dataset' %}dataset-list{% else %}capture-list{% endif %}/" style="color: #005a9c; text-decoration: none; font-weight: 600;">→ View SDK instructions on the dataset listing page</a>
                                             </p>
                                         </td>
                                     </tr>
@@ -110,7 +110,7 @@ <h3 style="color: #495057; margin: 0 0 15px 0; font-size: 16px;">Request Informa
                                             <table cellpadding="0" cellspacing="0" style="display: inline-block; margin: 0 10px;">
                                                 <tr>
                                                     <td style="background-color: #005a9c; border-radius: 8px; padding: 12px 24px;">
-                                                        <a href="{{ site_url }}/users/{% if item_type == 'dataset' %}dataset-list{% else %}file-list{% endif %}/"
+                                                                          <a href="{{ site_url }}/users/{% if item_type == 'dataset' %}dataset-list{% else %}capture-list{% endif %}/"
                                                            style="color: white; text-decoration: none; font-weight: 300; font-size: 14px; display: inline-block;">
                                                             View Files
                                                         </a>
diff --git a/gateway/sds_gateway/templates/emails/item_download_error_sdk.txt b/gateway/sds_gateway/templates/emails/item_download_error_sdk.txt
index 32c907f09..7bd1652b2 100644
--- a/gateway/sds_gateway/templates/emails/item_download_error_sdk.txt
+++ b/gateway/sds_gateway/templates/emails/item_download_error_sdk.txt
@@ -15,7 +15,7 @@ Or visit: https://pypi.org/project/spectrumx/
 
 SDK DOWNLOAD INSTRUCTIONS:
 
-Visit: {{ site_url }}/users/{% if item_type == 'dataset' %}dataset-list{% else %}file-list{% endif %}/
+Visit: {{ site_url }}/users/{% if item_type == 'dataset' %}dataset-list{% else %}capture-list{% endif %}/
 
 REQUEST INFORMATION:
 {{ item_type|title }}: {{ item_name }}
diff --git a/gateway/sds_gateway/templates/users/file_detail.html b/gateway/sds_gateway/templates/users/file_detail.html
index 32c06deb4..117272410 100644
--- a/gateway/sds_gateway/templates/users/file_detail.html
+++ b/gateway/sds_gateway/templates/users/file_detail.html
@@ -8,7 +8,7 @@
 {% endblock title %}
 {% block content %}
     <div>
-        <a href="{% url 'users:file_list' %}?page={{ returning_page|default:1 }}"
+        <a href="{% url 'users:capture_list' %}?page={{ returning_page|default:1 }}"
            class="btn btn-primary mt-3">Back to File List</a>
         <h2>
             File <code>{{ file.name }}</code>
diff --git a/gateway/sds_gateway/templates/users/temporary_zip_download.html b/gateway/sds_gateway/templates/users/temporary_zip_download.html
index 4f769536e..2f5226cb5 100644
--- a/gateway/sds_gateway/templates/users/temporary_zip_download.html
+++ b/gateway/sds_gateway/templates/users/temporary_zip_download.html
@@ -116,7 +116,7 @@ <h4>Download Not Available</h4>
                 redirectUrl = "{% url 'users:dataset_list' %}";
                 alertKey = "datasetDownloadAlert";
             } else if (filename.startsWith("capture_")) {
-                redirectUrl = "{% url 'users:file_list' %}";
+                redirectUrl = "{% url 'users:capture_list' %}";
                 alertKey = "captureDownloadAlert";
             } else {
                 // Default to dataset list if we can't determine the type
diff --git a/gateway/sds_gateway/users/urls.py b/gateway/sds_gateway/users/urls.py
index 8a45d3a03..a9e638ba9 100644
--- a/gateway/sds_gateway/users/urls.py
+++ b/gateway/sds_gateway/users/urls.py
@@ -1,4 +1,5 @@
 from django.urls import path
+from django.views.generic import RedirectView
 
 from .api.views import GetAPIKeyView
 from .views import CheckFileExistsView
@@ -37,8 +38,26 @@
     path("view-api-key/", user_api_key_view, name="view_api_key"),
     path("new-api-key/", new_api_key_view, name="new_api_key"),
     path("files/", FilesView.as_view(), name="files"),
-    path("file-list/", ListCapturesView.as_view(), name="file_list"),
-    path("file-list/api/", user_captures_api_view, name="captures_api"),
+    path("capture-list/", ListCapturesView.as_view(), name="capture_list"),
+    path("capture-list/api/", user_captures_api_view, name="capture_list_api"),
+    path(
+        "file-list/",
+        RedirectView.as_view(
+            pattern_name="users:capture_list",
+            permanent=True,
+            query_string=True,
+        ),
+        name="file_list_legacy",
+    ),
+    path(
+        "file-list/api/",
+        RedirectView.as_view(
+            pattern_name="users:capture_list_api",
+            permanent=True,
+            query_string=True,
+        ),
+        name="file_list_api_legacy",
+    ),
     path("file-detail/<uuid:uuid>/", user_file_detail_view, name="file_detail"),
     path(
         "files/<uuid:uuid>/download/", FileDownloadView.as_view(), name="file_download"

From 3da6325b98396ae6e05dcfeccd6759b88ea99c16 Mon Sep 17 00:00:00 2001
From: Lucas Parzianello <lucaspar@users.noreply.github.com>
Date: Tue, 24 Feb 2026 12:51:55 -0500
Subject: [PATCH 02/11] gwy: ui: added icons to navbar entries

---
 gateway/sds_gateway/templates/base.html | 31 +++++++++++++++++--------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/gateway/sds_gateway/templates/base.html b/gateway/sds_gateway/templates/base.html
index efa63a094..2e14c130a 100644
--- a/gateway/sds_gateway/templates/base.html
+++ b/gateway/sds_gateway/templates/base.html
@@ -100,27 +100,38 @@
                         </button>
                         <div class="collapse navbar-collapse" id="navbarNav">
                             <ul class="navbar-nav ms-auto">
-                                <li class="nav-item">
-                                    <a class="nav-link" href="{% url 'home' %}">Home</a>
-                                </li>
                                 {% if request.user.is_authenticated %}
-                                    <li class="nav-item d-none d-xl-flex align-items-center">
-                                        <span class="vr mx-2"></span>
-                                    </li>
+                                    {% comment %}
+                                        <li class="nav-item d-none d-xl-flex align-items-center">
+                                            <span class="vr mx-2"></span>
+                                        </li>
+                                    {% endcomment %}
                                     <li class="nav-item">
-                                        <a class="nav-link" href="{% url 'users:dataset_list' %}?page=1">Datasets</a>
+                                        <a class="nav-link" href="{% url 'users:dataset_list' %}?page=1">
+                                            <i class="bi bi-database-fill"></i>
+                                            Datasets
+                                        </a>
                                     </li>
                                     <li class="nav-item">
-                                        <a class="nav-link" href="{% url 'users:file_list' %}?page=1">Captures</a>
+                                        <a class="nav-link" href="{% url 'users:capture_list' %}?page=1">
+                                            <i class="bi bi-broadcast-pin"></i>
+                                            Captures
+                                        </a>
                                     </li>
                                     <li class="nav-item">
-                                        <a class="nav-link" href="{% url 'users:files' %}">Files</a>
+                                        <a class="nav-link" href="{% url 'users:files' %}">
+                                            <i class="bi bi-folder2-open"></i>
+                                            Files
+                                        </a>
                                     </li>
                                     <li class="nav-item d-none d-xl-flex align-items-center">
                                         <span class="vr mx-2"></span>
                                     </li>
                                     <li class="nav-item">
-                                        <a class="nav-link" href="{% url 'users:view_api_key' %}">API Key</a>
+                                        <a class="nav-link" href="{% url 'users:view_api_key' %}">
+                                            <i class="bi bi-key"></i>
+                                            API Key
+                                        </a>
                                     </li>
                                     <li class="nav-item dropdown">
                                         <button class="nav-link dropdown-toggle"

From d426ff032e88fcff59315e673c08648a260dc203 Mon Sep 17 00:00:00 2001
From: Lucas Parzianello <lucaspar@users.noreply.github.com>
Date: Tue, 24 Feb 2026 12:53:29 -0500
Subject: [PATCH 03/11] gwy: updated test expectations

---
 .../sds_gateway/users/tests/test_drf_views.py |  2 +-
 .../users/tests/test_group_sharing.py         |  2 +-
 gateway/sds_gateway/users/tests/test_views.py | 42 +++++++++++++++++++
 3 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/gateway/sds_gateway/users/tests/test_drf_views.py b/gateway/sds_gateway/users/tests/test_drf_views.py
index 542f10ff9..ebe29ee65 100644
--- a/gateway/sds_gateway/users/tests/test_drf_views.py
+++ b/gateway/sds_gateway/users/tests/test_drf_views.py
@@ -505,7 +505,7 @@ def test_capture_share_modal_displays_groups_properly(
         )
 
         client.force_login(owner)
-        url = reverse("users:file_list")
+        url = reverse("users:capture_list")
 
         response = client.get(url)
 
diff --git a/gateway/sds_gateway/users/tests/test_group_sharing.py b/gateway/sds_gateway/users/tests/test_group_sharing.py
index 11bbe246e..e1c76ad3c 100644
--- a/gateway/sds_gateway/users/tests/test_group_sharing.py
+++ b/gateway/sds_gateway/users/tests/test_group_sharing.py
@@ -1329,7 +1329,7 @@ def test_capture_share_modal_displays_groups_properly(
         )
 
         client.force_login(owner)
-        url = reverse("users:file_list")
+        url = reverse("users:capture_list")
 
         response = client.get(url)
 
diff --git a/gateway/sds_gateway/users/tests/test_views.py b/gateway/sds_gateway/users/tests/test_views.py
index 191089323..ec9a73fc9 100644
--- a/gateway/sds_gateway/users/tests/test_views.py
+++ b/gateway/sds_gateway/users/tests/test_views.py
@@ -638,3 +638,45 @@ def test_publish_dataset_make_final_public(
         final_dataset.refresh_from_db()
         assert final_dataset.status == DatasetStatus.FINAL
         assert final_dataset.is_public is True
+
+
+class TestDatasetDetailsView:
+    """Tests for DatasetDetailsView access control."""
+
+    @pytest.fixture
+    def client(self) -> Client:
+        return Client()
+
+    @pytest.fixture
+    def owner(self) -> User:
+        return UserFactory(is_approved=True)
+
+    def test_public_dataset_accessible_unauthenticated(
+        self, client: Client, owner: User
+    ) -> None:
+        dataset = DatasetFactory(
+            owner=owner,
+            status=DatasetStatus.FINAL,
+            is_public=True,
+        )
+
+        url = reverse("users:dataset_details")
+        response = client.get(url, {"dataset_uuid": str(dataset.uuid)})
+
+        assert response.status_code == HTTPStatus.OK
+        payload = response.json()
+        assert payload["dataset"]["uuid"] == str(dataset.uuid)
+
+    def test_private_dataset_denied_unauthenticated(
+        self, client: Client, owner: User
+    ) -> None:
+        dataset = DatasetFactory(
+            owner=owner,
+            status=DatasetStatus.FINAL,
+            is_public=False,
+        )
+
+        url = reverse("users:dataset_details")
+        response = client.get(url, {"dataset_uuid": str(dataset.uuid)})
+
+        assert response.status_code == HTTPStatus.NOT_FOUND

From 718c66a17323669f44fa7baa3199ef26aa9bfa05 Mon Sep 17 00:00:00 2001
From: Lucas Parzianello <lucaspar@users.noreply.github.com>
Date: Tue, 24 Feb 2026 13:53:34 -0500
Subject: [PATCH 04/11] gwy: pydantic v2 change to model_config

---
 gateway/sds_gateway/visualizations/processing/utils.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/gateway/sds_gateway/visualizations/processing/utils.py b/gateway/sds_gateway/visualizations/processing/utils.py
index 63aaf7fb6..8754ecfbe 100644
--- a/gateway/sds_gateway/visualizations/processing/utils.py
+++ b/gateway/sds_gateway/visualizations/processing/utils.py
@@ -11,6 +11,7 @@
 from django.conf import settings
 from loguru import logger
 from pydantic import BaseModel
+from pydantic import ConfigDict
 from pydantic import Field
 from pydantic import computed_field
 from pydantic import field_validator
@@ -24,6 +25,10 @@
 class DigitalRFParams(BaseModel):
     """Base parameters for processing DigitalRF data with validation."""
 
+    model_config = ConfigDict(
+        arbitrary_types_allowed=True,  # allow DigitalRFReader type
+    )
+
     reader: Any = Field(exclude=True)  # Exclude from serialization
     channel: str = Field(min_length=1, description="Channel name")
     start_sample: int = Field(ge=0, description="Start sample index")
@@ -81,9 +86,6 @@ def total_samples(self) -> int:
         """Calculate total number of samples."""
         return self.end_sample - self.start_sample
 
-    class Config:
-        arbitrary_types_allowed = True  # Allow DigitalRFReader type
-
 
 def validate_digitalrf_data(
     drf_path: Path, channel: str, fft_size: int = 1024

From 68c21dce6639d7635a75275485644c788c88cbc1 Mon Sep 17 00:00:00 2001
From: Lucas Parzianello <lucaspar@users.noreply.github.com>
Date: Tue, 24 Feb 2026 13:54:08 -0500
Subject: [PATCH 05/11] gwy: dev settings changes

---
 gateway/config/settings/local.py | 9 +++++++++
 gateway/justfile                 | 4 +++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/gateway/config/settings/local.py b/gateway/config/settings/local.py
index 9ce09379d..78458464c 100644
--- a/gateway/config/settings/local.py
+++ b/gateway/config/settings/local.py
@@ -59,6 +59,14 @@
 # http://whitenoise.evans.io/en/latest/django.html#using-whitenoise-in-development
 INSTALLED_APPS: list[str] = ["whitenoise.runserver_nostatic", *INSTALLED_APPS]
 
+# TEMPLATES
+# ------------------------------------------------------------------------------
+# https://docs.djangoproject.com/en/latest/topics/templates/#module-django.template.backends.django
+# 'debug': a boolean that turns on/off template debug mode.
+#   If it is True, the fancy error page will display a detailed report for any exception
+#   raised during template rendering. This report contains the relevant snippet of the
+#   template with the appropriate line highlighted.
+TEMPLATES[0]["OPTIONS"]["debug"] = True
 
 # DJANGO-DEBUG-TOOLBAR
 # ------------------------------------------------------------------------------
@@ -76,6 +84,7 @@
     ],
     "SHOW_TEMPLATE_CONTEXT": True,
 }
+
 # https://django-debug-toolbar.readthedocs.io/en/latest/installation.html#internal-ips
 INTERNAL_IPS: list[str] = ["127.0.0.1", "10.0.2.2"]
 if env("USE_DOCKER") == "yes":
diff --git a/gateway/justfile b/gateway/justfile
index 7a5423d8f..b7a6bd5c3 100644
--- a/gateway/justfile
+++ b/gateway/justfile
@@ -179,7 +179,7 @@ logs-once *args:
 [group('service')]
 down *args:
     @echo "Stopping sds-gateway"
-    {{ docker_compose }} down {{ args }}
+    {{ docker_compose }} down --remove-orphans {{ args }}
 
 # runs the pre-commit hooks with dev dependencies
 [group('development')]
@@ -259,6 +259,8 @@ up *args:
     echo "Starting sds-gateway in detached mode"
     echo "Environment: '{{ env }}'"
     echo "Compose file: '{{ compose_file }}'"
+    echo "Tip: call \`just build\` before \`just up\` to prevent "
+    echo "    Docker from trying to pull a locally built image from the registry"
     {{ docker_compose }} up --detach --remove-orphans {{ args }}
 
     # this watcher is not working as intended today, and

From ea7ef512132ab023a2b44aefaf8a1e9ed71cc55a Mon Sep 17 00:00:00 2001
From: Lucas Parzianello <lucaspar@users.noreply.github.com>
Date: Tue, 24 Feb 2026 13:55:53 -0500
Subject: [PATCH 06/11] gwy: improvements to ui and coherence

---
 .../sds_gateway/static/css/file-manager.css   |  80 +++--
 gateway/sds_gateway/templates/pages/home.html |   2 +-
 .../templates/users/file_list.html            |   1 +
 .../sds_gateway/templates/users/files.html    | 325 +++++++++---------
 4 files changed, 219 insertions(+), 189 deletions(-)

diff --git a/gateway/sds_gateway/static/css/file-manager.css b/gateway/sds_gateway/static/css/file-manager.css
index 8d519b5c5..100dd5288 100644
--- a/gateway/sds_gateway/static/css/file-manager.css
+++ b/gateway/sds_gateway/static/css/file-manager.css
@@ -34,12 +34,6 @@
 	--z-index-sticky: 10;
 }
 
-/* Base Styles */
-/* Apply Google Sans font only to file manager content */
-.files-page-container {
-	font-family: var(--font-family);
-}
-
 /* Accessibility */
 /* Focus styles for keyboard navigation */
 .file-card:focus-visible,
@@ -70,8 +64,10 @@
 	display: flex;
 	flex-direction: column;
 	height: auto;
-	min-height: 200px; /* Minimum height to prevent empty state from looking too small */
-	max-height: calc(100vh - 250px); /* Maximum height based on viewport */
+	min-height: 200px;
+	/* Minimum height to prevent empty state from looking too small */
+	max-height: calc(100vh - 250px);
+	/* Maximum height based on viewport */
 	overflow: auto;
 }
 
@@ -84,8 +80,10 @@
 	border: 1px solid var(--color-border);
 	border-radius: 8px;
 	margin: 0 16px;
-	height: auto; /* Let it grow based on content */
-	min-height: 100px; /* Minimum height for empty state */
+	height: auto;
+	/* Let it grow based on content */
+	min-height: 100px;
+	/* Minimum height for empty state */
 }
 
 /* Individual file card */
@@ -163,13 +161,15 @@
 .file-card:hover .file-name,
 .file-card:hover .folder-icon,
 .file-card:hover .file-icon {
-	color: #005a9c; /* SpectrumX blue */
+	color: #005a9c;
+	/* SpectrumX blue */
 }
 
 /* No hover effects for H5 files */
 .file-card[data-type="file"]:not([data-h5-file="true"]):hover .file-name,
 .file-card[data-type="file"]:not([data-h5-file="true"]):hover .file-icon {
-	color: #005a9c; /* SpectrumX blue */
+	color: #005a9c;
+	/* SpectrumX blue */
 }
 
 /* Directory hover should also use the same blue */
@@ -182,13 +182,16 @@
 	color: var(--color-text-secondary);
 	white-space: nowrap;
 	flex-shrink: 0;
-	min-width: 150px; /* Increased width for modified date */
-	text-align: center; /* Center align the modified date */
+	min-width: 150px;
+	/* Increased width for modified date */
+	text-align: center;
+	/* Center align the modified date */
 	display: flex;
 	align-items: center;
 	justify-content: center;
 	position: relative;
-	padding-right: 24px; /* reserve space for right-aligned shared icon */
+	padding-right: 24px;
+	/* reserve space for right-aligned shared icon */
 }
 
 /* Keep the shared-with icon from shifting the centered date */
@@ -198,9 +201,12 @@
 	color: var(--color-text-secondary);
 	white-space: nowrap;
 	flex-shrink: 0;
-	min-width: 120px; /* Fixed width for shared by column */
-	text-align: center; /* Center align shared by */
-	margin-left: 0; /* Remove offset that pushes content */
+	min-width: 120px;
+	/* Fixed width for shared by column */
+	text-align: center;
+	/* Center align shared by */
+	margin-left: 0;
+	/* Remove offset that pushes content */
 	display: flex;
 	align-items: center;
 	justify-content: center;
@@ -210,8 +216,10 @@
 	font-size: 0.8125rem;
 	white-space: nowrap;
 	flex-shrink: 0;
-	min-width: 80px; /* Fixed width for actions column */
-	text-align: center; /* Center align actions */
+	min-width: 80px;
+	/* Fixed width for actions column */
+	text-align: center;
+	/* Center align actions */
 	display: flex;
 	align-items: center;
 	justify-content: center;
@@ -268,7 +276,8 @@
 	font-size: 0.875rem;
 	height: var(--breadcrumb-height);
 	font-family: var(--font-family);
-	font-weight: 400; /* Add normal font weight */
+	font-weight: 400;
+	/* Add normal font weight */
 }
 
 .breadcrumb-item {
@@ -281,7 +290,8 @@
 	padding: 0 4px;
 	border-radius: 4px;
 	font-family: var(--font-family);
-	font-weight: 400; /* Add normal font weight */
+	font-weight: 400;
+	/* Add normal font weight */
 }
 
 .breadcrumb-item:hover {
@@ -293,7 +303,8 @@
 	text-decoration: none;
 	padding: 0 4px;
 	font-family: var(--font-family);
-	font-weight: 400; /* Add normal font weight */
+	font-weight: 400;
+	/* Add normal font weight */
 }
 
 .breadcrumb-item:hover a {
@@ -383,7 +394,8 @@
 	list-style: none;
 	padding: 0;
 	margin: 0;
-	max-height: var(--file-list-max-height); /* taller list for large folder previews */
+	max-height: var(--file-list-max-height);
+	/* taller list for large folder previews */
 	overflow-y: auto;
 	border: 1px solid #dee2e6;
 	border-radius: 4px;
@@ -771,9 +783,11 @@
 
 /* Actions Bar (scoped) */
 .files-actions-bar {
-	margin: 24px 16px; /* Keep the margin */
+	margin: 24px 16px;
+	/* Keep the margin */
 	display: flex;
-	justify-content: flex-start; /* Align to the left */
+	justify-content: flex-start;
+	/* Align to the left */
 	align-items: center;
 }
 
@@ -793,8 +807,10 @@
 	align-items: center;
 	gap: 8px;
 	transition: var(--transition-default);
-	min-width: 100px; /* Give the button a minimum width */
-	justify-content: center; /* Center the button content */
+	min-width: 100px;
+	/* Give the button a minimum width */
+	justify-content: center;
+	/* Center the button content */
 }
 
 .new-button:hover {
@@ -860,6 +876,7 @@
 	.files-actions-bar {
 		margin: 16px 8px;
 	}
+
 	.files-grid {
 		margin: 0 8px;
 	}
@@ -869,6 +886,7 @@
 		padding: 8px 12px;
 		gap: 8px;
 	}
+
 	.file-name {
 		padding-right: 0;
 	}
@@ -878,6 +896,7 @@
 	.file-shared {
 		display: none;
 	}
+
 	.file-card.header .file-meta,
 	.file-card.header .file-shared {
 		display: none;
@@ -887,9 +906,11 @@
 	.upload-zone {
 		padding: 1rem;
 	}
+
 	.upload-zone-icon {
 		font-size: 2.4rem;
 	}
+
 	.selected-files-list {
 		max-height: 220px;
 	}
@@ -900,6 +921,7 @@
 		height: auto;
 		row-gap: 4px;
 	}
+
 	.breadcrumb-item {
 		height: auto;
 	}
@@ -911,9 +933,11 @@
 	.modal-footer {
 		padding: 12px 16px;
 	}
+
 	.modal-body {
 		padding: 16px;
 	}
+
 	.modal-dialog {
 		margin: 0.5rem;
 	}
diff --git a/gateway/sds_gateway/templates/pages/home.html b/gateway/sds_gateway/templates/pages/home.html
index 5b7882df5..e7e16ecc8 100644
--- a/gateway/sds_gateway/templates/pages/home.html
+++ b/gateway/sds_gateway/templates/pages/home.html
@@ -46,7 +46,7 @@ <h1 class="h2 fw-bold">SpectrumX Data System</h1>
                                     <h2 class="card-title h4 mb-0">Latest Public Datasets</h2>
                                     <a href="{% url 'users:search_datasets' %}"
                                        class="btn btn-outline-primary btn-sm">
-                                        View and search more public datasets <i class="bi bi-arrow-right ms-1"></i>
+                                        Browse more public datasets or download them <i class="bi bi-arrow-right ms-1"></i>
                                     </a>
                                 </div>
                                 <!-- Card grid for datasets -->
diff --git a/gateway/sds_gateway/templates/users/file_list.html b/gateway/sds_gateway/templates/users/file_list.html
index f203afd1c..4a5884a96 100644
--- a/gateway/sds_gateway/templates/users/file_list.html
+++ b/gateway/sds_gateway/templates/users/file_list.html
@@ -118,6 +118,7 @@ <h1 class="mb-0 text-start">Captures</h1>
                         </div>
                     </div>
                 </div>
+                <hr />
                 <!-- Content Row -->
                 <div class="row">
                     <!-- Sidebar Filters -->
diff --git a/gateway/sds_gateway/templates/users/files.html b/gateway/sds_gateway/templates/users/files.html
index 12b9d6fc2..d22ce3430 100644
--- a/gateway/sds_gateway/templates/users/files.html
+++ b/gateway/sds_gateway/templates/users/files.html
@@ -35,183 +35,188 @@
         </div>
     </div>
     <!-- Main Container -->
-    <div class="container-fluid files-page-container">
-        <!-- New Button Dropdown -->
-        <div class="files-actions-bar align-items-center mb-4">
-            <div class="dropdown">
-                <button class="new-button"
-                        type="button"
-                        id="newButton"
-                        data-bs-toggle="dropdown"
-                        aria-expanded="false">
-                    <i class="bi bi-plus"></i> New
-                </button>
-                <ul class="new-menu dropdown-menu" aria-labelledby="newButton">
-                    <li>
-                        <a class="dropdown-item"
-                           href="#"
-                           data-bs-toggle="modal"
-                           data-bs-target="#uploadCaptureModal">
-                            <i class="bi bi-folder"></i> Capture
-                        </a>
-                    </li>
-                    <li>
-                        <a class="dropdown-item"
-                           href="#"
-                           data-bs-toggle="modal"
-                           data-bs-target="#uploadFileModal">
-                            <i class="material-icons file-icon">description</i> Text File
-                        </a>
-                    </li>
-                </ul>
+    <div class="content-wrapper"></div>
+    <div class="main-content-area">
+        <div class="container mt-4">
+            <div class="d-flex justify-content-between align-items-center mb-4">
+                <h1 class="page-title">Files</h1>
+                <div class="dropdown">
+                    <button class="btn btn-primary dropdown-toggle"
+                            type="button"
+                            id="newButton"
+                            data-bs-toggle="dropdown"
+                            aria-expanded="false">
+                        <i class="bi bi-plus-lg"></i> New
+                    </button>
+                    <ul class="new-menu dropdown-menu" aria-labelledby="newButton">
+                        <li>
+                            <a class="dropdown-item"
+                               href="#"
+                               data-bs-toggle="modal"
+                               data-bs-target="#uploadCaptureModal">
+                                <i class="bi bi-broadcast-pin"></i> Capture
+                                <span class="text-body-secondary fst-italic">Digital-RF or RadioHound</span>
+                            </a>
+                        </li>
+                        <li>
+                            <a class="dropdown-item"
+                               href="#"
+                               data-bs-toggle="modal"
+                               data-bs-target="#uploadFileModal">
+                                <i class="material-icons file-icon">description</i> Other Files
+                            </a>
+                        </li>
+                    </ul>
+                </div>
             </div>
-        </div>
-        <!-- Files Container -->
-        <div class="files-container"
-             data-current-dir="{{ current_dir }}"
-             data-user-email="{{ user_email }}">
-            <nav aria-label="File location breadcrumb">
-                <ol class="breadcrumb">
-                    <li class="breadcrumb-item">
-                        <a href="{% url 'users:files' %}">Home</a>
-                    </li>
-                    {% for part in breadcrumb_parts %}
+            <hr />
+            <!-- Files Container -->
+            <div class="files-container"
+                 data-current-dir="{{ current_dir }}"
+                 data-user-email="{{ user_email }}">
+                <nav aria-label="File location breadcrumb">
+                    <ol class="breadcrumb">
                         <li class="breadcrumb-item">
-                            <a href="{% url 'users:files' %}?dir={{ part.path|urlencode }}">{{ part.name }}</a>
+                            <a href="{% url 'users:files' %}">Home</a>
                         </li>
-                    {% endfor %}
-                </ol>
-            </nav>
-            <!-- Files Grid -->
-            <div class="files-grid">
-                <div class="file-card header">
-                    <div class="file-card-content">
-                        <div class="file-name">Name</div>
-                        <div class="file-meta">Modified</div>
-                        <div class="file-shared">Shared by</div>
-                        <div class="file-actions text-center">Actions</div>
-                    </div>
-                </div>
-                {% for item in items %}
-                    <div class="file-card"
-                         data-type="{{ item.type }}"
-                         data-path="{{ item.path }}"
-                         data-uuid="{{ item.uuid|default:'' }}"
-                         data-is-capture="{{ item.is_capture|yesno:'true,false' }}"
-                         data-is-shared="{{ item.is_shared|yesno:'true,false' }}"
-                         data-capture-uuid="{{ item.capture_uuid|default:'' }}"
-                         data-description="{{ item.description|default:'' }}"
-                         {% if item.type == 'file' and item.is_h5_file %}data-h5-file="true"{% endif %}>
+                        {% for part in breadcrumb_parts %}
+                            <li class="breadcrumb-item">
+                                <a href="{% url 'users:files' %}?dir={{ part.path|urlencode }}">{{ part.name }}</a>
+                            </li>
+                        {% endfor %}
+                    </ol>
+                </nav>
+                <!-- Files Grid -->
+                <div class="files-grid">
+                    <div class="file-card header">
                         <div class="file-card-content">
-                            {% if item.type == "directory" %}
-                                <i class="bi bi-folder folder-icon"></i>
-                            {% else %}
-                                <i class="material-icons file-icon">description</i>
-                            {% endif %}
-                            <div class="file-name">
-                                <span class="file-name-text">{{ item.name }}</span>
-                                {% if item.is_shared and item.type == 'directory' %}
-                                    <span class="align-middle" data-bs-toggle="tooltip" title="Shared with you">
-                                        <i class="bi bi-people-fill text-success"></i>
-                                    </span>
-                                {% endif %}
-                            </div>
-                            <div class="file-meta">
-                                {% if item.modified_at %}
-                                    {{ item.modified_at }}
+                            <div class="file-name">Name</div>
+                            <div class="file-meta">Modified</div>
+                            <div class="file-shared">Shared by</div>
+                            <div class="file-actions text-center">Actions</div>
+                        </div>
+                    </div>
+                    {% for item in items %}
+                        <div class="file-card"
+                             data-type="{{ item.type }}"
+                             data-path="{{ item.path }}"
+                             data-uuid="{{ item.uuid|default:'' }}"
+                             data-is-capture="{{ item.is_capture|yesno:'true,false' }}"
+                             data-is-shared="{{ item.is_shared|yesno:'true,false' }}"
+                             data-capture-uuid="{{ item.capture_uuid|default:'' }}"
+                             data-description="{{ item.description|default:'' }}"
+                             {% if item.type == 'file' and item.is_h5_file %}data-h5-file="true"{% endif %}>
+                            <div class="file-card-content">
+                                {% if item.type == "directory" %}
+                                    <i class="bi bi-folder folder-icon"></i>
                                 {% else %}
-                                    N/A
+                                    <i class="material-icons file-icon">description</i>
                                 {% endif %}
-                            </div>
-                            <div class="file-shared">
-                                {% if item.shared_by %}{{ item.shared_by }}{% endif %}
-                            </div>
-                            <div class="file-actions">
-                                {% if item.type == 'file' and item.is_h5_file %}
-                                    <!-- No actions for H5 files -->
-                                {% else %}
-                                    <!-- Show actions for captures and individual files -->
-                                    <div class="dropdown">
-                                        <button class="btn btn-sm btn-light dropdown-toggle btn-icon-dropdown d-flex align-items-center justify-content-center"
-                                                type="button"
-                                                data-bs-toggle="dropdown"
-                                                data-bs-popper="static"
-                                                aria-expanded="false"
-                                                aria-label="Actions for {{ item.name }}">
-                                            <i class="bi bi-three-dots-vertical"></i>
-                                        </button>
-                                        <ul class="dropdown-menu">
-                                            {% if item.is_capture %}
-                                                <!-- Capture actions -->
-                                                {% if item.is_owner %}
+                                <div class="file-name">
+                                    <span class="file-name-text">{{ item.name }}</span>
+                                    {% if item.is_shared and item.type == 'directory' %}
+                                        <span class="align-middle" data-bs-toggle="tooltip" title="Shared with you">
+                                            <i class="bi bi-people-fill text-success"></i>
+                                        </span>
+                                    {% endif %}
+                                </div>
+                                <div class="file-meta">
+                                    {% if item.modified_at %}
+                                        {{ item.modified_at }}
+                                    {% else %}
+                                        N/A
+                                    {% endif %}
+                                </div>
+                                <div class="file-shared">
+                                    {% if item.shared_by %}{{ item.shared_by }}{% endif %}
+                                </div>
+                                <div class="file-actions">
+                                    {% if item.type == 'file' and item.is_h5_file %}
+                                        <!-- No actions for H5 files -->
+                                    {% else %}
+                                        <!-- Show actions for captures and individual files -->
+                                        <div class="dropdown">
+                                            <button class="btn btn-sm btn-light dropdown-toggle btn-icon-dropdown d-flex align-items-center justify-content-center"
+                                                    type="button"
+                                                    data-bs-toggle="dropdown"
+                                                    data-bs-popper="static"
+                                                    aria-expanded="false"
+                                                    aria-label="Actions for {{ item.name }}">
+                                                <i class="bi bi-three-dots-vertical"></i>
+                                            </button>
+                                            <ul class="dropdown-menu">
+                                                {% if item.is_capture %}
+                                                    <!-- Capture actions -->
+                                                    {% if item.is_owner %}
+                                                        <li>
+                                                            <button class="dropdown-item capture-details-btn"
+                                                                    type="button"
+                                                                    data-uuid="{{ item.uuid }}"
+                                                                    data-name="{{ item.name|default:'' }}"
+                                                                    data-channel="{{ item.capture_uuid }}"
+                                                                    data-scan-group=""
+                                                                    data-capture-type=""
+                                                                    data-top-level-dir=""
+                                                                    data-owner="{{ request.user.email }}"
+                                                                    data-origin=""
+                                                                    data-created-at=""
+                                                                    data-updated-at=""
+                                                                    data-is-public="false"
+                                                                    data-center-frequency-ghz=""
+                                                                    data-is-multi-channel="false"
+                                                                    data-channels="">
+                                                                <i class="bi bi-pencil me-2"></i>Edit
+                                                            </button>
+                                                        </li>
+                                                        <li>
+                                                            <button class="dropdown-item"
+                                                                    type="button"
+                                                                    data-bs-toggle="modal"
+                                                                    data-bs-target="#share-modal-{{ item.uuid }}">
+                                                                <i class="bi bi-share me-2"></i>Share
+                                                            </button>
+                                                        </li>
+                                                    {% endif %}
                                                     <li>
-                                                        <button class="dropdown-item capture-details-btn"
+                                                        <button class="dropdown-item download-capture-btn"
                                                                 type="button"
-                                                                data-uuid="{{ item.uuid }}"
-                                                                data-name="{{ item.name|default:'' }}"
-                                                                data-channel="{{ item.capture_uuid }}"
-                                                                data-scan-group=""
-                                                                data-capture-type=""
-                                                                data-top-level-dir=""
-                                                                data-owner="{{ request.user.email }}"
-                                                                data-origin=""
-                                                                data-created-at=""
-                                                                data-updated-at=""
-                                                                data-is-public="false"
-                                                                data-center-frequency-ghz=""
-                                                                data-is-multi-channel="false"
-                                                                data-channels="">
-                                                            <i class="bi bi-pencil me-2"></i>Edit
+                                                                data-capture-uuid="{{ item.uuid }}"
+                                                                data-capture-name="{{ item.name }}">
+                                                            <i class="bi bi-download me-2"></i>Download
                                                         </button>
                                                     </li>
+                                                {% elif item.type == 'file' %}
+                                                    <!-- Individual file actions -->
                                                     <li>
-                                                        <button class="dropdown-item"
+                                                        <a class="dropdown-item"
+                                                           href="{% url 'users:file_download' uuid=item.uuid %}">
+                                                            <i class="bi bi-download me-2"></i>Download
+                                                        </a>
+                                                    </li>
+                                                {% elif item.type == 'directory' and item.capture_uuid %}
+                                                    <!-- Nested directory within capture actions -->
+                                                    <li>
+                                                        <button class="dropdown-item download-capture-btn"
                                                                 type="button"
-                                                                data-bs-toggle="modal"
-                                                                data-bs-target="#share-modal-{{ item.uuid }}">
-                                                            <i class="bi bi-share me-2"></i>Share
+                                                                data-capture-uuid="{{ item.capture_uuid }}"
+                                                                data-capture-name="{{ item.name }}">
+                                                            <i class="bi bi-download me-2"></i>Download
                                                         </button>
                                                     </li>
                                                 {% endif %}
-                                                <li>
-                                                    <button class="dropdown-item download-capture-btn"
-                                                            type="button"
-                                                            data-capture-uuid="{{ item.uuid }}"
-                                                            data-capture-name="{{ item.name }}">
-                                                        <i class="bi bi-download me-2"></i>Download
-                                                    </button>
-                                                </li>
-                                            {% elif item.type == 'file' %}
-                                                <!-- Individual file actions -->
-                                                <li>
-                                                    <a class="dropdown-item"
-                                                       href="{% url 'users:file_download' uuid=item.uuid %}">
-                                                        <i class="bi bi-download me-2"></i>Download
-                                                    </a>
-                                                </li>
-                                            {% elif item.type == 'directory' and item.capture_uuid %}
-                                                <!-- Nested directory within capture actions -->
-                                                <li>
-                                                    <button class="dropdown-item download-capture-btn"
-                                                            type="button"
-                                                            data-capture-uuid="{{ item.capture_uuid }}"
-                                                            data-capture-name="{{ item.name }}">
-                                                        <i class="bi bi-download me-2"></i>Download
-                                                    </button>
-                                                </li>
-                                            {% endif %}
-                                        </ul>
-                                    </div>
-                                {% endif %}
+                                            </ul>
+                                        </div>
+                                    {% endif %}
+                                </div>
                             </div>
                         </div>
-                    </div>
-                {% empty %}
-                    <div class="no-files">
-                        <i class="material-icons empty-folder-icon">folder_open</i>
-                        <p>This folder is empty</p>
-                    </div>
-                {% endfor %}
+                    {% empty %}
+                        <div class="no-files">
+                            <i class="material-icons empty-folder-icon">folder_open</i>
+                            <p>This folder is empty</p>
+                        </div>
+                    {% endfor %}
+                </div>
             </div>
         </div>
     </div>

From 86bc88497a4a415ae98203f7c32074fc67cf0306 Mon Sep 17 00:00:00 2001
From: Lucas Parzianello <lucaspar@users.noreply.github.com>
Date: Tue, 24 Feb 2026 14:13:28 -0500
Subject: [PATCH 07/11] gwy: resolved sfds-314; removed auth requirement; added
 security checks for templates

---
 gateway/sds_gateway/users/tests/test_views.py | 275 ++++++++++++++++++
 gateway/sds_gateway/users/views.py            |  77 ++++-
 2 files changed, 337 insertions(+), 15 deletions(-)

diff --git a/gateway/sds_gateway/users/tests/test_views.py b/gateway/sds_gateway/users/tests/test_views.py
index ec9a73fc9..07c3cb406 100644
--- a/gateway/sds_gateway/users/tests/test_views.py
+++ b/gateway/sds_gateway/users/tests/test_views.py
@@ -4,6 +4,7 @@
 import uuid
 from http import HTTPStatus
 from typing import TYPE_CHECKING
+from typing import cast
 
 import pytest
 from django.conf import settings
@@ -680,3 +681,277 @@ def test_private_dataset_denied_unauthenticated(
         response = client.get(url, {"dataset_uuid": str(dataset.uuid)})
 
         assert response.status_code == HTTPStatus.NOT_FOUND
+
+    def test_draft_public_dataset_denied_unauthenticated(
+        self, client: Client, owner: User
+    ) -> None:
+        """Draft datasets cannot be public, but test that draft is denied."""
+        dataset = DatasetFactory(
+            owner=owner,
+            status=DatasetStatus.DRAFT,
+            is_public=False,
+        )
+
+        url = reverse("users:dataset_details")
+        response = client.get(url, {"dataset_uuid": str(dataset.uuid)})
+
+        assert response.status_code == HTTPStatus.NOT_FOUND
+
+    def test_private_dataset_accessible_to_owner(
+        self, client: Client, owner: User
+    ) -> None:
+        """Owner can access their private datasets."""
+        dataset = DatasetFactory(
+            owner=owner,
+            status=DatasetStatus.FINAL,
+            is_public=False,
+        )
+
+        client.force_login(owner)
+        url = reverse("users:dataset_details")
+        response = client.get(url, {"dataset_uuid": str(dataset.uuid)})
+
+        assert response.status_code == HTTPStatus.OK
+        payload = response.json()
+        assert payload["dataset"]["uuid"] == str(dataset.uuid)
+
+
+class TestRenderHTMLFragmentView:
+    """Tests for RenderHTMLFragmentView - security and access control."""
+
+    @pytest.fixture
+    def client(self) -> Client:
+        return Client()
+
+    @pytest.fixture
+    def user(self) -> User:
+        return cast("User", UserFactory(is_approved=True))
+
+    def test_render_fragment_without_authentication(self, client: Client) -> None:
+        """Unauthenticated users can render HTML fragments."""
+        url = reverse("users:render_html")
+        data = {
+            "template": "users/components/modal_file_tree.html",
+            "context": {"rows": []},
+        }
+
+        response = client.post(
+            url,
+            data=json.dumps(data),
+            content_type="application/json",
+        )
+
+        assert response.status_code == HTTPStatus.OK
+        payload = response.json()
+        assert "html" in payload
+
+    def test_render_fragment_with_authentication(
+        self, client: Client, user: User
+    ) -> None:
+        """Authenticated users can also render HTML fragments."""
+        client.force_login(user)
+        url = reverse("users:render_html")
+        data = {
+            "template": "users/components/modal_file_tree.html",
+            "context": {"rows": []},
+        }
+
+        response = client.post(
+            url,
+            data=json.dumps(data),
+            content_type="application/json",
+        )
+
+        assert response.status_code == HTTPStatus.OK
+        payload = response.json()
+        assert "html" in payload
+
+    def test_rejects_templates_outside_components_directory(
+        self, client: Client
+    ) -> None:
+        """Only templates in users/components/ are allowed."""
+        url = reverse("users:render_html")
+
+        # Try various path traversal attempts
+        malicious_paths = [
+            "users/user_detail.html",  # Outside components/
+            "../base.html",  # Path traversal
+            "../../config/settings/base.py",  # Try to access Python files
+            "/etc/passwd",  # Absolute path
+            "users/components/../user_detail.html",  # Path normalization attack
+        ]
+
+        for template_path in malicious_paths:
+            data = {
+                "template": template_path,
+                "context": {},
+            }
+
+            response = client.post(
+                url,
+                data=json.dumps(data),
+                content_type="application/json",
+            )
+
+            assert response.status_code == HTTPStatus.BAD_REQUEST, (
+                f"Template {template_path} should be rejected"
+            )
+            payload = response.json()
+            assert "error" in payload
+
+    def test_requires_valid_json(self, client: Client) -> None:
+        """Request must contain valid JSON."""
+        url = reverse("users:render_html")
+
+        response = client.post(
+            url,
+            data="invalid json{",
+            content_type="application/json",
+        )
+
+        assert response.status_code == HTTPStatus.BAD_REQUEST
+        payload = response.json()
+        assert "error" in payload
+        assert "JSON" in payload["error"]
+
+    def test_requires_template_parameter(self, client: Client) -> None:
+        """Template parameter is required."""
+        url = reverse("users:render_html")
+        data = {
+            "context": {"rows": []},
+            # Missing "template" key
+        }
+
+        response = client.post(
+            url,
+            data=json.dumps(data),
+            content_type="application/json",
+        )
+
+        assert response.status_code == HTTPStatus.BAD_REQUEST
+        payload = response.json()
+        assert "error" in payload
+        assert "required" in payload["error"].lower()
+
+    def test_handles_nonexistent_template_gracefully(self, client: Client) -> None:
+        """Non-existent templates return 500 error."""
+        url = reverse("users:render_html")
+        data = {
+            "template": "users/components/nonexistent_template.html",
+            "context": {},
+        }
+
+        response = client.post(
+            url,
+            data=json.dumps(data),
+            content_type="application/json",
+        )
+
+        assert response.status_code == HTTPStatus.INTERNAL_SERVER_ERROR
+        payload = response.json()
+        assert "error" in payload
+
+    def test_renders_with_empty_context(self, client: Client) -> None:
+        """Templates can be rendered with empty context."""
+        url = reverse("users:render_html")
+        data = {
+            "template": "users/components/modal_file_tree.html",
+            "context": {},
+        }
+
+        response = client.post(
+            url,
+            data=json.dumps(data),
+            content_type="application/json",
+        )
+
+        assert response.status_code == HTTPStatus.OK
+        payload = response.json()
+        assert "html" in payload
+
+    def test_context_data_is_properly_escaped(self, client: Client) -> None:
+        """Context data with HTML/JS is properly escaped."""
+        url = reverse("users:render_html")
+
+        # Attempt XSS through context data
+        malicious_data = "<script>alert('XSS')</script>"
+        data = {
+            "template": "users/components/modal_file_tree.html",
+            "context": {
+                "rows": [
+                    {
+                        "name": malicious_data,
+                        "type": "File",
+                        "size": "1 MB",
+                        "created_at": "2024-01-01",
+                        "icon": "bi-file",
+                        "icon_color": "text-primary",
+                        "indent_level": 0,
+                        "indent_range": [],
+                        "has_chevron": False,
+                    }
+                ]
+            },
+        }
+
+        response = client.post(
+            url,
+            data=json.dumps(data),
+            content_type="application/json",
+        )
+
+        assert response.status_code == HTTPStatus.OK
+        payload = response.json()
+        html = payload["html"]
+
+        # Verify HTML is escaped (Django's default behavior)
+        assert "&lt;script&gt;" in html or malicious_data not in html
+        # Make sure raw script tag is NOT present
+        assert "<script>alert" not in html
+
+    def test_multiple_rows_in_file_tree(self, client: Client) -> None:
+        """Can render multiple file tree rows."""
+        url = reverse("users:render_html")
+        data = {
+            "template": "users/components/modal_file_tree.html",
+            "context": {
+                "rows": [
+                    {
+                        "name": "file1.txt",
+                        "type": "File",
+                        "size": "1 MB",
+                        "created_at": "2024-01-01",
+                        "icon": "bi-file",
+                        "icon_color": "text-primary",
+                        "indent_level": 0,
+                        "indent_range": [],
+                        "has_chevron": False,
+                    },
+                    {
+                        "name": "file2.txt",
+                        "type": "File",
+                        "size": "2 MB",
+                        "created_at": "2024-01-02",
+                        "icon": "bi-file",
+                        "icon_color": "text-success",
+                        "indent_level": 1,
+                        "indent_range": [0],
+                        "has_chevron": False,
+                    },
+                ]
+            },
+        }
+
+        response = client.post(
+            url,
+            data=json.dumps(data),
+            content_type="application/json",
+        )
+
+        assert response.status_code == HTTPStatus.OK
+        payload = response.json()
+        html = payload["html"]
+
+        # Both files should appear in rendered HTML
+        assert "file1.txt" in html
+        assert "file2.txt" in html
diff --git a/gateway/sds_gateway/users/views.py b/gateway/sds_gateway/users/views.py
index 92d222f59..e9b4033ef 100644
--- a/gateway/sds_gateway/users/views.py
+++ b/gateway/sds_gateway/users/views.py
@@ -150,6 +150,18 @@ def validate_uuid(uuid_string: str) -> bool:
         return True
 
 
+def _is_safe_template_path(template_name: str) -> bool:
+    """Check if the template path is safe (within users/components/)."""
+    normalized_path = Path(template_name).resolve()
+    base_dir = Path("users/components").resolve()
+    try:
+        normalized_path.relative_to(base_dir)
+    except ValueError:
+        return False
+    else:
+        return True
+
+
 class UserDetailView(Auth0LoginRequiredMixin, DetailView):  # pyright: ignore[reportMissingTypeArgument]
     model = User
     slug_field = "id"
@@ -166,8 +178,9 @@ class UserUpdateView(Auth0LoginRequiredMixin, SuccessMessageMixin, UpdateView):
 
     def get_success_url(self):
         # for mypy to know that the user is authenticated
-        assert self.request.user.is_authenticated
-        return self.request.user.get_absolute_url()
+        user = cast("User", self.request.user)
+        assert user.is_authenticated
+        return user.get_absolute_url()
 
     def get_object(self, queryset=None) -> AbstractBaseUser | AnonymousUser:
         return self.request.user
@@ -3374,7 +3387,7 @@ def post(
 user_download_item_view = DownloadItemView.as_view()
 
 
-class DatasetDetailsView(Auth0LoginRequiredMixin, FileTreeMixin, View):
+class DatasetDetailsView(FileTreeMixin, View):
     """View to handle dataset details modal requests."""
 
     def _get_dataset_files(self, dataset: Dataset) -> QuerySet[File]:
@@ -3414,15 +3427,21 @@ def get(self, request, *args, **kwargs) -> JsonResponse:
         except ValueError:
             return JsonResponse({"error": "Invalid dataset UUID"}, status=400)
 
-        # Check if user has access to the dataset
-        if not user_has_access_to_item(request.user, dataset_uuid, ItemType.DATASET):
-            return JsonResponse(
-                {"error": "Dataset not found or access denied"}, status=404
-            )
-
         try:
             dataset = get_object_or_404(Dataset, uuid=dataset_uuid, is_deleted=False)
 
+            has_public_access = (
+                dataset.is_public and dataset.status == DatasetStatus.FINAL
+            )
+            has_user_access = request.user.is_authenticated and user_has_access_to_item(
+                request.user, dataset_uuid, ItemType.DATASET
+            )
+
+            if not (has_public_access or has_user_access):
+                return JsonResponse(
+                    {"error": "Dataset not found or access denied"}, status=404
+                )
+
             # Get dataset information
             dataset_data = DatasetGetSerializer(dataset).data
 
@@ -3465,8 +3484,31 @@ def get(self, request, *args, **kwargs) -> JsonResponse:
 user_dataset_details_view = DatasetDetailsView.as_view()
 
 
-class RenderHTMLFragmentView(Auth0LoginRequiredMixin, View):
-    """Generic view to render any HTML fragment from a Django template."""
+# Auth0LoginRequiredMixin is not used because this view might be called from the home
+# page where users may not be authenticated, but we still want to allow rendering of
+# public components.
+#
+# SECURITY MODEL:
+# - Only templates in users/components/ directory are allowed (enforced by prefix check)
+# - Context data is provided by the client, not pulled from the database
+# - All data is rendered through Django templates with automatic HTML escaping
+# - CSRF protection is still enforced by Django middleware
+# - No sensitive server-side data is exposed - only client-provided data is rendered
+# - Calling views (e.g., DatasetDetailsView) are responsible for authorization checks
+# - Rate limiting should be configured at the infrastructure level
+class RenderHTMLFragmentView(View):
+    """Generic view to render any HTML fragment from a Django template.
+
+    This endpoint allows rendering of component templates with client-provided context.
+    It's designed to support both authenticated and unauthenticated users for rendering
+    public UI components (e.g., file trees for public datasets).
+
+    Security:
+    - Restricted to users/components/ templates only
+    - Context is client-provided (no database queries)
+    - Django's automatic HTML escaping prevents XSS
+    - Authorization must be handled by calling views
+    """
 
     def post(self, request: HttpRequest) -> JsonResponse:
         """
@@ -3497,7 +3539,8 @@ def post(self, request: HttpRequest) -> JsonResponse:
             return JsonResponse({"error": "Template name is required"}, status=400)
 
         # Security: Only allow templates from users/components/ directory
-        if not template_name.startswith("users/components/"):
+        # Resolves path traversal attempts like "../"
+        if not _is_safe_template_path(template_name):
             log.warning(f"Invalid template path: {template_name}")
             return JsonResponse(
                 {"error": "Cannot render component."},
@@ -3553,10 +3596,14 @@ def _search_users_for_group(
         self, request: HttpRequest, group_uuid: str, search_query: str
     ) -> HttpResponse:
         """Search users for a specific group."""
-        try:
-            group = request.user.owned_share_groups.get(
-                uuid=group_uuid, is_deleted=False
+        user = cast("User", request.user)
+        if not hasattr(user, "owned_share_groups"):
+            return JsonResponse(
+                {"error": "User does not have owned share groups"}, status=400
             )
+        shared_groups = cast("QuerySet[ShareGroup]", user.owned_share_groups)
+        try:
+            group = shared_groups.get(uuid=group_uuid, is_deleted=False)
             users_in_group = group.members.values_list("id", flat=True)
 
             return self.search_users(

From dab7dc70cb413963c8a3172573b91b44da99c51d Mon Sep 17 00:00:00 2001
From: Lucas Parzianello <lucaspar@users.noreply.github.com>
Date: Tue, 24 Feb 2026 14:56:05 -0500
Subject: [PATCH 08/11] gwy: redicrecting user to file list from file details

---
 gateway/sds_gateway/templates/users/file_detail.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gateway/sds_gateway/templates/users/file_detail.html b/gateway/sds_gateway/templates/users/file_detail.html
index 117272410..0f6a05981 100644
--- a/gateway/sds_gateway/templates/users/file_detail.html
+++ b/gateway/sds_gateway/templates/users/file_detail.html
@@ -8,7 +8,7 @@
 {% endblock title %}
 {% block content %}
     <div>
-        <a href="{% url 'users:capture_list' %}?page={{ returning_page|default:1 }}"
+        <a href="{% url 'users:files' %}?page={{ returning_page|default:1 }}"
            class="btn btn-primary mt-3">Back to File List</a>
         <h2>
             File <code>{{ file.name }}</code>

From 8c47cc540aad1501a7e818a51b11ed27e56aafa8 Mon Sep 17 00:00:00 2001
From: Lucas Parzianello <lucaspar@users.noreply.github.com>
Date: Tue, 24 Feb 2026 15:16:59 -0500
Subject: [PATCH 09/11] gwy: using custom serializer for public endpoints

---
 .../serializers/dataset_serializers.py        | 83 ++++++++++++++++++-
 1 file changed, 82 insertions(+), 1 deletion(-)

diff --git a/gateway/sds_gateway/api_methods/serializers/dataset_serializers.py b/gateway/sds_gateway/api_methods/serializers/dataset_serializers.py
index 1831585c4..7c58fb97a 100644
--- a/gateway/sds_gateway/api_methods/serializers/dataset_serializers.py
+++ b/gateway/sds_gateway/api_methods/serializers/dataset_serializers.py
@@ -7,11 +7,15 @@
 from sds_gateway.api_methods.models import PermissionLevel
 from sds_gateway.api_methods.models import UserSharePermission
 
+READABLE_ISO_DATE_TIME: str = "%Y-%m-%d %H:%M:%S%z"
+
 
 class DatasetGetSerializer(serializers.ModelSerializer[Dataset]):
     authors = serializers.SerializerMethodField()
     keywords = serializers.SerializerMethodField()
-    created_at = serializers.DateTimeField(format="%m/%d/%Y %H:%M:%S", read_only=True)
+    created_at = serializers.DateTimeField(
+        format=READABLE_ISO_DATE_TIME, read_only=True
+    )
     is_shared_with_me = serializers.SerializerMethodField()
     is_owner = serializers.SerializerMethodField()
     status_display = serializers.CharField(source="get_status_display", read_only=True)
@@ -165,3 +169,80 @@ def get_can_edit(self, obj):
     class Meta:
         model = Dataset
         fields = "__all__"
+
+
+class DatasetPublicSerializer(serializers.ModelSerializer[Dataset]):
+    """
+    Serializer for public dataset access (unauthenticated or public datasets).
+
+    This serializer uses an explicit allowlist of fields to avoid exposing
+    sensitive internal metadata like shared_with user IDs or owner information.
+    """
+
+    authors = serializers.SerializerMethodField()
+    keywords = serializers.SerializerMethodField()
+    created_at = serializers.DateTimeField(
+        format=READABLE_ISO_DATE_TIME, read_only=True
+    )
+    status_display = serializers.CharField(source="get_status_display", read_only=True)
+    owner_name = serializers.SerializerMethodField()
+
+    def get_authors(self, obj):
+        """Return the full authors list using the model's get_authors_display method."""
+        return obj.get_authors_display()
+
+    def get_keywords(self, obj):
+        """Return a list of keyword names for the dataset."""
+        return [kw.name for kw in obj.keywords.filter(is_deleted=False)]
+
+    def get_owner_name(self, obj):
+        """Get the owner's display name."""
+        return obj.owner.name if obj.owner else "Owner"
+
+    class Meta:
+        model = Dataset
+        fields = [
+            "uuid",
+            "name",
+            "status",
+            "status_display",
+            "abstract",
+            "description",
+            "doi",
+            "authors",
+            "license",
+            "keywords",
+            "institutions",
+            "release_date",
+            "repository",
+            "version",
+            "website",
+            "provenance",
+            "citation",
+            "other",
+            "created_at",
+            "is_public",
+            "owner_name",
+        ]
+
+
+def get_dataset_serializer(dataset: Dataset, *, has_user_access: bool) -> dict:  # pyright: ignore[reportMissingTypeArgument]
+    """
+    Get serialized dataset data using the appropriate serializer.
+
+    Args:
+        dataset: The dataset to serialize
+        has_user_access: Whether the requesting user has authenticated access
+
+    Returns:
+        Serialized dataset data as a dictionary
+
+    Notes:
+        - Uses DatasetGetSerializer for authenticated users with access
+          (includes sharing info, permissions, etc.)
+        - Uses DatasetPublicSerializer for unauthenticated/public-only access
+          (excludes sensitive fields like shared_with user IDs)
+    """
+    if has_user_access:
+        return DatasetGetSerializer(dataset).data
+    return DatasetPublicSerializer(dataset).data

From 7bdf432e58415da98377bdcecca6edb6a5acb461 Mon Sep 17 00:00:00 2001
From: Lucas Parzianello <lucaspar@users.noreply.github.com>
Date: Tue, 24 Feb 2026 15:18:29 -0500
Subject: [PATCH 10/11] gwy: omitting 5xx error stack traces

---
 gateway/sds_gateway/users/views.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/gateway/sds_gateway/users/views.py b/gateway/sds_gateway/users/views.py
index e9b4033ef..7686bae51 100644
--- a/gateway/sds_gateway/users/views.py
+++ b/gateway/sds_gateway/users/views.py
@@ -68,6 +68,9 @@
     serialize_capture_or_composite,
 )
 from sds_gateway.api_methods.serializers.dataset_serializers import DatasetGetSerializer
+from sds_gateway.api_methods.serializers.dataset_serializers import (
+    get_dataset_serializer,
+)
 from sds_gateway.api_methods.serializers.file_serializers import FileGetSerializer
 from sds_gateway.api_methods.tasks import is_user_locked
 from sds_gateway.api_methods.tasks import notify_shared_users
@@ -3443,7 +3446,9 @@ def get(self, request, *args, **kwargs) -> JsonResponse:
                 )
 
             # Get dataset information
-            dataset_data = DatasetGetSerializer(dataset).data
+            dataset_data = get_dataset_serializer(
+                dataset, has_user_access=has_user_access
+            )
 
             # Get all files associated with the dataset
             files_queryset = self._get_dataset_files(dataset)
@@ -3555,9 +3560,12 @@ def post(self, request: HttpRequest) -> JsonResponse:
             )
 
             return JsonResponse({"html": html})
-        except Exception as e:  # noqa: BLE001
+        except Exception:  # noqa: BLE001
             log.exception(f"Error rendering template {data.get('template', 'unknown')}")
-            return JsonResponse({"error": str(e)}, status=500)
+            return JsonResponse(
+                {"error": "Failed to render component.", "code": "RENDER_ERROR"},
+                status=500,
+            )
 
 
 render_html_fragment_view = RenderHTMLFragmentView.as_view()

From 3e067008e5f5a6184457d276bdee993153a132bd Mon Sep 17 00:00:00 2001
From: Lucas Parzianello <lucaspar@users.noreply.github.com>
Date: Tue, 24 Feb 2026 15:26:14 -0500
Subject: [PATCH 11/11] gwy: other review comments

---
 .../emails/item_download_error_sdk.html       |   2 +-
 .../sds_gateway/templates/users/files.html    | 329 +++++++++---------
 2 files changed, 166 insertions(+), 165 deletions(-)

diff --git a/gateway/sds_gateway/templates/emails/item_download_error_sdk.html b/gateway/sds_gateway/templates/emails/item_download_error_sdk.html
index f6e2693bd..687445973 100644
--- a/gateway/sds_gateway/templates/emails/item_download_error_sdk.html
+++ b/gateway/sds_gateway/templates/emails/item_download_error_sdk.html
@@ -68,7 +68,7 @@ <h3 style="color: #495057; margin: 0 0 15px 0; font-size: 16px;">📥 Install th
                                         <td>
                                             <h3 style="color: #495057; margin: 0 0 15px 0; font-size: 16px;">📖 SDK Download Instructions</h3>
                                             <p style="color: #495057; margin: 0; font-size: 14px;">
-                                                <a href="{{ site_url }}/users/{% if item_type == 'dataset' %}dataset-list{% else %}capture-list{% endif %}/" style="color: #005a9c; text-decoration: none; font-weight: 600;">→ View SDK instructions on the dataset listing page</a>
+                                                <a href="{{ site_url }}/users/{% if item_type == 'dataset' %}dataset-list{% else %}capture-list{% endif %}/" style="color: #005a9c; text-decoration: none; font-weight: 600;">→ View SDK instructions on the listing page</a>
                                             </p>
                                         </td>
                                     </tr>
diff --git a/gateway/sds_gateway/templates/users/files.html b/gateway/sds_gateway/templates/users/files.html
index d22ce3430..65626597a 100644
--- a/gateway/sds_gateway/templates/users/files.html
+++ b/gateway/sds_gateway/templates/users/files.html
@@ -35,187 +35,188 @@
         </div>
     </div>
     <!-- Main Container -->
-    <div class="content-wrapper"></div>
-    <div class="main-content-area">
-        <div class="container mt-4">
-            <div class="d-flex justify-content-between align-items-center mb-4">
-                <h1 class="page-title">Files</h1>
-                <div class="dropdown">
-                    <button class="btn btn-primary dropdown-toggle"
-                            type="button"
-                            id="newButton"
-                            data-bs-toggle="dropdown"
-                            aria-expanded="false">
-                        <i class="bi bi-plus-lg"></i> New
-                    </button>
-                    <ul class="new-menu dropdown-menu" aria-labelledby="newButton">
-                        <li>
-                            <a class="dropdown-item"
-                               href="#"
-                               data-bs-toggle="modal"
-                               data-bs-target="#uploadCaptureModal">
-                                <i class="bi bi-broadcast-pin"></i> Capture
-                                <span class="text-body-secondary fst-italic">Digital-RF or RadioHound</span>
-                            </a>
-                        </li>
-                        <li>
-                            <a class="dropdown-item"
-                               href="#"
-                               data-bs-toggle="modal"
-                               data-bs-target="#uploadFileModal">
-                                <i class="material-icons file-icon">description</i> Other Files
-                            </a>
-                        </li>
-                    </ul>
+    <div class="content-wrapper">
+        <div class="main-content-area">
+            <div class="container mt-4">
+                <div class="d-flex justify-content-between align-items-center mb-4">
+                    <h1 class="page-title">Files</h1>
+                    <div class="dropdown">
+                        <button class="btn btn-primary dropdown-toggle"
+                                type="button"
+                                id="newButton"
+                                data-bs-toggle="dropdown"
+                                aria-expanded="false">
+                            <i class="bi bi-plus-lg"></i> New
+                        </button>
+                        <ul class="new-menu dropdown-menu" aria-labelledby="newButton">
+                            <li>
+                                <a class="dropdown-item"
+                                   href="#"
+                                   data-bs-toggle="modal"
+                                   data-bs-target="#uploadCaptureModal">
+                                    <i class="bi bi-broadcast-pin"></i> Capture
+                                    <span class="text-body-secondary fst-italic">Digital-RF or RadioHound</span>
+                                </a>
+                            </li>
+                            <li>
+                                <a class="dropdown-item"
+                                   href="#"
+                                   data-bs-toggle="modal"
+                                   data-bs-target="#uploadFileModal">
+                                    <i class="material-icons file-icon">description</i> Other Files
+                                </a>
+                            </li>
+                        </ul>
+                    </div>
                 </div>
-            </div>
-            <hr />
-            <!-- Files Container -->
-            <div class="files-container"
-                 data-current-dir="{{ current_dir }}"
-                 data-user-email="{{ user_email }}">
-                <nav aria-label="File location breadcrumb">
-                    <ol class="breadcrumb">
-                        <li class="breadcrumb-item">
-                            <a href="{% url 'users:files' %}">Home</a>
-                        </li>
-                        {% for part in breadcrumb_parts %}
+                <hr />
+                <!-- Files Container -->
+                <div class="files-container"
+                     data-current-dir="{{ current_dir }}"
+                     data-user-email="{{ user_email }}">
+                    <nav aria-label="File location breadcrumb">
+                        <ol class="breadcrumb">
                             <li class="breadcrumb-item">
-                                <a href="{% url 'users:files' %}?dir={{ part.path|urlencode }}">{{ part.name }}</a>
+                                <a href="{% url 'users:files' %}">Home</a>
                             </li>
-                        {% endfor %}
-                    </ol>
-                </nav>
-                <!-- Files Grid -->
-                <div class="files-grid">
-                    <div class="file-card header">
-                        <div class="file-card-content">
-                            <div class="file-name">Name</div>
-                            <div class="file-meta">Modified</div>
-                            <div class="file-shared">Shared by</div>
-                            <div class="file-actions text-center">Actions</div>
-                        </div>
-                    </div>
-                    {% for item in items %}
-                        <div class="file-card"
-                             data-type="{{ item.type }}"
-                             data-path="{{ item.path }}"
-                             data-uuid="{{ item.uuid|default:'' }}"
-                             data-is-capture="{{ item.is_capture|yesno:'true,false' }}"
-                             data-is-shared="{{ item.is_shared|yesno:'true,false' }}"
-                             data-capture-uuid="{{ item.capture_uuid|default:'' }}"
-                             data-description="{{ item.description|default:'' }}"
-                             {% if item.type == 'file' and item.is_h5_file %}data-h5-file="true"{% endif %}>
+                            {% for part in breadcrumb_parts %}
+                                <li class="breadcrumb-item">
+                                    <a href="{% url 'users:files' %}?dir={{ part.path|urlencode }}">{{ part.name }}</a>
+                                </li>
+                            {% endfor %}
+                        </ol>
+                    </nav>
+                    <!-- Files Grid -->
+                    <div class="files-grid">
+                        <div class="file-card header">
                             <div class="file-card-content">
-                                {% if item.type == "directory" %}
-                                    <i class="bi bi-folder folder-icon"></i>
-                                {% else %}
-                                    <i class="material-icons file-icon">description</i>
-                                {% endif %}
-                                <div class="file-name">
-                                    <span class="file-name-text">{{ item.name }}</span>
-                                    {% if item.is_shared and item.type == 'directory' %}
-                                        <span class="align-middle" data-bs-toggle="tooltip" title="Shared with you">
-                                            <i class="bi bi-people-fill text-success"></i>
-                                        </span>
-                                    {% endif %}
-                                </div>
-                                <div class="file-meta">
-                                    {% if item.modified_at %}
-                                        {{ item.modified_at }}
+                                <div class="file-name">Name</div>
+                                <div class="file-meta">Modified</div>
+                                <div class="file-shared">Shared by</div>
+                                <div class="file-actions text-center">Actions</div>
+                            </div>
+                        </div>
+                        {% for item in items %}
+                            <div class="file-card"
+                                 data-type="{{ item.type }}"
+                                 data-path="{{ item.path }}"
+                                 data-uuid="{{ item.uuid|default:'' }}"
+                                 data-is-capture="{{ item.is_capture|yesno:'true,false' }}"
+                                 data-is-shared="{{ item.is_shared|yesno:'true,false' }}"
+                                 data-capture-uuid="{{ item.capture_uuid|default:'' }}"
+                                 data-description="{{ item.description|default:'' }}"
+                                 {% if item.type == 'file' and item.is_h5_file %}data-h5-file="true"{% endif %}>
+                                <div class="file-card-content">
+                                    {% if item.type == "directory" %}
+                                        <i class="bi bi-folder folder-icon"></i>
                                     {% else %}
-                                        N/A
+                                        <i class="material-icons file-icon">description</i>
                                     {% endif %}
-                                </div>
-                                <div class="file-shared">
-                                    {% if item.shared_by %}{{ item.shared_by }}{% endif %}
-                                </div>
-                                <div class="file-actions">
-                                    {% if item.type == 'file' and item.is_h5_file %}
-                                        <!-- No actions for H5 files -->
-                                    {% else %}
-                                        <!-- Show actions for captures and individual files -->
-                                        <div class="dropdown">
-                                            <button class="btn btn-sm btn-light dropdown-toggle btn-icon-dropdown d-flex align-items-center justify-content-center"
-                                                    type="button"
-                                                    data-bs-toggle="dropdown"
-                                                    data-bs-popper="static"
-                                                    aria-expanded="false"
-                                                    aria-label="Actions for {{ item.name }}">
-                                                <i class="bi bi-three-dots-vertical"></i>
-                                            </button>
-                                            <ul class="dropdown-menu">
-                                                {% if item.is_capture %}
-                                                    <!-- Capture actions -->
-                                                    {% if item.is_owner %}
+                                    <div class="file-name">
+                                        <span class="file-name-text">{{ item.name }}</span>
+                                        {% if item.is_shared and item.type == 'directory' %}
+                                            <span class="align-middle" data-bs-toggle="tooltip" title="Shared with you">
+                                                <i class="bi bi-people-fill text-success"></i>
+                                            </span>
+                                        {% endif %}
+                                    </div>
+                                    <div class="file-meta">
+                                        {% if item.modified_at %}
+                                            {{ item.modified_at }}
+                                        {% else %}
+                                            N/A
+                                        {% endif %}
+                                    </div>
+                                    <div class="file-shared">
+                                        {% if item.shared_by %}{{ item.shared_by }}{% endif %}
+                                    </div>
+                                    <div class="file-actions">
+                                        {% if item.type == 'file' and item.is_h5_file %}
+                                            <!-- No actions for H5 files -->
+                                        {% else %}
+                                            <!-- Show actions for captures and individual files -->
+                                            <div class="dropdown">
+                                                <button class="btn btn-sm btn-light dropdown-toggle btn-icon-dropdown d-flex align-items-center justify-content-center"
+                                                        type="button"
+                                                        data-bs-toggle="dropdown"
+                                                        data-bs-popper="static"
+                                                        aria-expanded="false"
+                                                        aria-label="Actions for {{ item.name }}">
+                                                    <i class="bi bi-three-dots-vertical"></i>
+                                                </button>
+                                                <ul class="dropdown-menu">
+                                                    {% if item.is_capture %}
+                                                        <!-- Capture actions -->
+                                                        {% if item.is_owner %}
+                                                            <li>
+                                                                <button class="dropdown-item capture-details-btn"
+                                                                        type="button"
+                                                                        data-uuid="{{ item.uuid }}"
+                                                                        data-name="{{ item.name|default:'' }}"
+                                                                        data-channel="{{ item.capture_uuid }}"
+                                                                        data-scan-group=""
+                                                                        data-capture-type=""
+                                                                        data-top-level-dir=""
+                                                                        data-owner="{{ request.user.email }}"
+                                                                        data-origin=""
+                                                                        data-created-at=""
+                                                                        data-updated-at=""
+                                                                        data-is-public="false"
+                                                                        data-center-frequency-ghz=""
+                                                                        data-is-multi-channel="false"
+                                                                        data-channels="">
+                                                                    <i class="bi bi-pencil me-2"></i>Edit
+                                                                </button>
+                                                            </li>
+                                                            <li>
+                                                                <button class="dropdown-item"
+                                                                        type="button"
+                                                                        data-bs-toggle="modal"
+                                                                        data-bs-target="#share-modal-{{ item.uuid }}">
+                                                                    <i class="bi bi-share me-2"></i>Share
+                                                                </button>
+                                                            </li>
+                                                        {% endif %}
                                                         <li>
-                                                            <button class="dropdown-item capture-details-btn"
+                                                            <button class="dropdown-item download-capture-btn"
                                                                     type="button"
-                                                                    data-uuid="{{ item.uuid }}"
-                                                                    data-name="{{ item.name|default:'' }}"
-                                                                    data-channel="{{ item.capture_uuid }}"
-                                                                    data-scan-group=""
-                                                                    data-capture-type=""
-                                                                    data-top-level-dir=""
-                                                                    data-owner="{{ request.user.email }}"
-                                                                    data-origin=""
-                                                                    data-created-at=""
-                                                                    data-updated-at=""
-                                                                    data-is-public="false"
-                                                                    data-center-frequency-ghz=""
-                                                                    data-is-multi-channel="false"
-                                                                    data-channels="">
-                                                                <i class="bi bi-pencil me-2"></i>Edit
+                                                                    data-capture-uuid="{{ item.uuid }}"
+                                                                    data-capture-name="{{ item.name }}">
+                                                                <i class="bi bi-download me-2"></i>Download
                                                             </button>
                                                         </li>
+                                                    {% elif item.type == 'file' %}
+                                                        <!-- Individual file actions -->
                                                         <li>
-                                                            <button class="dropdown-item"
+                                                            <a class="dropdown-item"
+                                                               href="{% url 'users:file_download' uuid=item.uuid %}">
+                                                                <i class="bi bi-download me-2"></i>Download
+                                                            </a>
+                                                        </li>
+                                                    {% elif item.type == 'directory' and item.capture_uuid %}
+                                                        <!-- Nested directory within capture actions -->
+                                                        <li>
+                                                            <button class="dropdown-item download-capture-btn"
                                                                     type="button"
-                                                                    data-bs-toggle="modal"
-                                                                    data-bs-target="#share-modal-{{ item.uuid }}">
-                                                                <i class="bi bi-share me-2"></i>Share
+                                                                    data-capture-uuid="{{ item.capture_uuid }}"
+                                                                    data-capture-name="{{ item.name }}">
+                                                                <i class="bi bi-download me-2"></i>Download
                                                             </button>
                                                         </li>
                                                     {% endif %}
-                                                    <li>
-                                                        <button class="dropdown-item download-capture-btn"
-                                                                type="button"
-                                                                data-capture-uuid="{{ item.uuid }}"
-                                                                data-capture-name="{{ item.name }}">
-                                                            <i class="bi bi-download me-2"></i>Download
-                                                        </button>
-                                                    </li>
-                                                {% elif item.type == 'file' %}
-                                                    <!-- Individual file actions -->
-                                                    <li>
-                                                        <a class="dropdown-item"
-                                                           href="{% url 'users:file_download' uuid=item.uuid %}">
-                                                            <i class="bi bi-download me-2"></i>Download
-                                                        </a>
-                                                    </li>
-                                                {% elif item.type == 'directory' and item.capture_uuid %}
-                                                    <!-- Nested directory within capture actions -->
-                                                    <li>
-                                                        <button class="dropdown-item download-capture-btn"
-                                                                type="button"
-                                                                data-capture-uuid="{{ item.capture_uuid }}"
-                                                                data-capture-name="{{ item.name }}">
-                                                            <i class="bi bi-download me-2"></i>Download
-                                                        </button>
-                                                    </li>
-                                                {% endif %}
-                                            </ul>
-                                        </div>
-                                    {% endif %}
+                                                </ul>
+                                            </div>
+                                        {% endif %}
+                                    </div>
                                 </div>
                             </div>
-                        </div>
-                    {% empty %}
-                        <div class="no-files">
-                            <i class="material-icons empty-folder-icon">folder_open</i>
-                            <p>This folder is empty</p>
-                        </div>
-                    {% endfor %}
+                        {% empty %}
+                            <div class="no-files">
+                                <i class="material-icons empty-folder-icon">folder_open</i>
+                                <p>This folder is empty</p>
+                            </div>
+                        {% endfor %}
+                    </div>
                 </div>
             </div>
         </div>