@eluvio/elv-client-js 3.1.72 → 3.1.76

package/dist/src/client/Files.js

@@ -1094,6 +1094,8 @@ exports.DownloadFile = function _callee12(_ref13) {
       encryption,
       path,
       headers,
+      ownerCapKey,
+      ownerCap,
       bytesTotal,
       _args14 = arguments;
 
@@ -1139,33 +1141,53 @@ exports.DownloadFile = function _callee12(_ref13) {
           headers = _context14.sent;
           headers.Accept = "*/*"; // If not owner, indicate re-encryption
 
-          _context14.t0 = encrypted;
+          ownerCapKey = "eluv.caps.iusr".concat(this.utils.AddressToHash(this.signer.address));
+          _context14.next = 17;
+          return _regeneratorRuntime.awrap(this.ContentObjectMetadata({
+            libraryId: libraryId,
+            objectId: objectId,
+            metadataSubtree: ownerCapKey
+          }));
 
-          if (!_context14.t0) {
-            _context14.next = 22;
+        case 17:
+          ownerCap = _context14.sent;
+          _context14.t1 = encrypted;
+
+          if (!_context14.t1) {
+            _context14.next = 26;
             break;
           }
 
-          _context14.t1 = this.utils;
-          _context14.t2 = this.signer.address;
-          _context14.next = 20;
+          _context14.t2 = this.utils;
+          _context14.t3 = this.signer.address;
+          _context14.next = 24;
           return _regeneratorRuntime.awrap(this.ContentObjectOwner({
             objectId: objectId
           }));
 
-        case 20:
-          _context14.t3 = _context14.sent;
-          _context14.t0 = !_context14.t1.EqualAddress.call(_context14.t1, _context14.t2, _context14.t3);
+        case 24:
+          _context14.t4 = _context14.sent;
+          _context14.t1 = !_context14.t2.EqualAddress.call(_context14.t2, _context14.t3, _context14.t4);
+
+        case 26:
+          _context14.t0 = _context14.t1;
 
-        case 22:
           if (!_context14.t0) {
-            _context14.next = 24;
+            _context14.next = 29;
+            break;
+          }
+
+          _context14.t0 = !ownerCap;
+
+        case 29:
+          if (!_context14.t0) {
+            _context14.next = 31;
             break;
           }
 
           headers["X-Content-Fabric-Decryption-Mode"] = "reencrypt";
 
-        case 24:
+        case 31:
           // If using server side decryption, specify in header
           if (encrypted && !clientSideDecryption) {
             headers["X-Content-Fabric-Decryption-Mode"] = "decrypt"; // rep/files_download endpoint doesn't currently support Range header
@@ -1176,13 +1198,13 @@ exports.DownloadFile = function _callee12(_ref13) {
           bytesTotal = fileInfo["."].size;
 
           if (!(encrypted && clientSideDecryption)) {
-            _context14.next = 46;
+            _context14.next = 53;
             break;
           }
 
-          _context14.t4 = _regeneratorRuntime;
-          _context14.t5 = this;
-          _context14.next = 31;
+          _context14.t5 = _regeneratorRuntime;
+          _context14.t6 = this;
+          _context14.next = 38;
           return _regeneratorRuntime.awrap(this.EncryptionConk({
             libraryId: libraryId,
             objectId: objectId,
@@ -1190,39 +1212,39 @@ exports.DownloadFile = function _callee12(_ref13) {
             download: true
           }));
 
-        case 31:
-          _context14.t6 = _context14.sent;
-          _context14.t7 = path;
-          _context14.t8 = bytesTotal;
-          _context14.t9 = headers;
-          _context14.t10 = callback;
-          _context14.t11 = format;
-          _context14.t12 = clientSideDecryption;
-          _context14.t13 = chunked;
-          _context14.t14 = {
-            conk: _context14.t6,
-            downloadPath: _context14.t7,
-            bytesTotal: _context14.t8,
-            headers: _context14.t9,
-            callback: _context14.t10,
-            format: _context14.t11,
-            clientSideDecryption: _context14.t12,
-            chunked: _context14.t13
+        case 38:
+          _context14.t7 = _context14.sent;
+          _context14.t8 = path;
+          _context14.t9 = bytesTotal;
+          _context14.t10 = headers;
+          _context14.t11 = callback;
+          _context14.t12 = format;
+          _context14.t13 = clientSideDecryption;
+          _context14.t14 = chunked;
+          _context14.t15 = {
+            conk: _context14.t7,
+            downloadPath: _context14.t8,
+            bytesTotal: _context14.t9,
+            headers: _context14.t10,
+            callback: _context14.t11,
+            format: _context14.t12,
+            clientSideDecryption: _context14.t13,
+            chunked: _context14.t14
           };
-          _context14.t15 = _context14.t5.DownloadEncrypted.call(_context14.t5, _context14.t14);
-          _context14.next = 43;
-          return _context14.t4.awrap.call(_context14.t4, _context14.t15);
+          _context14.t16 = _context14.t6.DownloadEncrypted.call(_context14.t6, _context14.t15);
+          _context14.next = 50;
+          return _context14.t5.awrap.call(_context14.t5, _context14.t16);
 
-        case 43:
+        case 50:
           return _context14.abrupt("return", _context14.sent);
 
-        case 46:
+        case 53:
           if (!chunkSize) {
             chunkSize = 10000000;
           }
 
-          _context14.prev = 47;
-          _context14.next = 50;
+          _context14.prev = 54;
+          _context14.next = 57;
           return _regeneratorRuntime.awrap(this.Download({
             downloadPath: path,
             bytesTotal: bytesTotal,
@@ -1233,15 +1255,15 @@ exports.DownloadFile = function _callee12(_ref13) {
             chunkSize: chunkSize
           }));
 
-        case 50:
+        case 57:
           return _context14.abrupt("return", _context14.sent);
 
-        case 53:
-          _context14.prev = 53;
-          _context14.t16 = _context14["catch"](47);
+        case 60:
+          _context14.prev = 60;
+          _context14.t17 = _context14["catch"](54);
 
           if (!(encrypted && !clientSideDecryption)) {
-            _context14.next = 57;
+            _context14.next = 64;
             break;
           }
 
@@ -1249,15 +1271,15 @@ exports.DownloadFile = function _callee12(_ref13) {
             clientSideDecryption: true
           })));
 
-        case 57:
-          throw _context14.t16;
+        case 64:
+          throw _context14.t17;
 
-        case 58:
+        case 65:
         case "end":
           return _context14.stop();
       }
     }
-  }, null, this, [[47, 53]]);
+  }, null, this, [[54, 60]]);
 };
 /* Parts */
 
@@ -1819,7 +1841,7 @@ exports.DownloadEncrypted = function _callee18(_ref18) {
  * @param {string} libraryId - ID of the library
  * @param {string} objectId - ID of the object
  * @param {string} writeToken - Write token of the content object draft
- * @param {string=} encryption=none - Desired encryption scheme. Options: 'none (default)', 'cgck'
+ * @param {string=} encryption=none - Desired encryption scheme. Options: 'none' (default), 'cgck'
  *
  * @returns {Promise<string>} - The part write token for the part draft
  */
@@ -1887,7 +1909,7 @@ exports.CreatePart = function _callee19(_ref19) {
  * @param {string} writeToken - Write token of the content object draft
  * @param {string} partWriteToken - Write token of the part
  * @param {(ArrayBuffer | Buffer)} chunk - Data to upload
- * @param {string=} encryption=none - Desired encryption scheme. Options: 'none (default)', 'cgck'
+ * @param {string=} encryption=none - Desired encryption scheme. Options: 'none' (default), 'cgck'
  *
  * @returns {Promise<string>} - The part write token for the part draft
  */
@@ -1974,7 +1996,7 @@ exports.UploadPartChunk = function _callee20(_ref20) {
  * @param {string} objectId - ID of the object
  * @param {string} writeToken - Write token of the content object draft
  * @param {string} partWriteToken - Write token of the part
- * @param {string=} encryption=none - Desired encryption scheme. Options: 'none (default)', 'cgck'
+ * @param {string=} encryption=none - Desired encryption scheme. Options: 'none' (default), 'cgck'
  *
  * @returns {Promise<object>} - The finalize response for the new part
  */
@@ -2051,7 +2073,7 @@ exports.FinalizePart = function _callee21(_ref21) {
  * @param {string} writeToken - Write token of the content object draft
  * @param {(File | ArrayBuffer | Buffer)} data - Data to upload
  * @param {number=} chunkSize=1000000 (1MB) - Chunk size, in bytes
- * @param {string=} encryption=none - Desired encryption scheme. Options: 'none (default)', 'cgck'
+ * @param {string=} encryption=none - Desired encryption scheme. Options: 'none' (default), 'cgck'
  * @param {function=} callback - If specified, will be periodically called with current upload status
  * - Signature: ({bytesFinished, bytesTotal}) => {}
  *

package/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@eluvio/elv-client-js",
-  "version": "3.1.72",
+  "version": "3.1.76",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -2688,6 +2688,15 @@
         "tslib": "^1.9.0"
       }
     },
+    "chrono-node": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/chrono-node/-/chrono-node-2.3.2.tgz",
+      "integrity": "sha512-uZkVtF8dJ7llRzk3zrjGjV524I6NvojqMYk30tIfnUQ8ODrL8wvi/E2iEOTfcyiJaLf0dGDu9XVqNkVFNDMPCA==",
+      "dev": true,
+      "requires": {
+        "dayjs": "^1.10.0"
+      }
+    },
     "ci-info": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-2.0.0.tgz",
@@ -3357,6 +3366,12 @@
         }
       }
     },
+    "dayjs": {
+      "version": "1.10.7",
+      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.10.7.tgz",
+      "integrity": "sha512-P6twpd70BcPK34K26uJ1KT3wlhpuOAPoMwJzpsIWUxHZ7wpmbdZL/hQqBDfz7hGurYSa5PhzdhDHtt319hL3ig==",
+      "dev": true
+    },
     "debug": {
       "version": "2.6.9",
       "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
@@ -5910,9 +5925,9 @@
       "dev": true
     },
     "i": {
-      "version": "0.3.6",
-      "resolved": "https://registry.npmjs.org/i/-/i-0.3.6.tgz",
-      "integrity": "sha1-2WyScyB28HJxG2sQ/X1PZa2O4j0="
+      "version": "0.3.7",
+      "resolved": "https://registry.npmjs.org/i/-/i-0.3.7.tgz",
+      "integrity": "sha512-FYz4wlXgkQwIPqhzC5TdNMLSE5+GS1IIDJZY/1ZiEPCT2S3COUVZeT5OW4BmW4r5LHLQuOosSwsvnroG9GR59Q=="
     },
     "iconv-lite": {
       "version": "0.4.24",
@@ -7191,9 +7206,9 @@
       }
     },
     "jsonpath-plus": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-4.0.0.tgz",
-      "integrity": "sha512-e0Jtg4KAzDJKKwzbLaUtinCn0RZseWBVRTRGihSpvFlM3wTR7ExSp+PTdeTsDrLNJUe7L7JYJe8mblHX5SCT6A=="
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-6.0.1.tgz",
+      "integrity": "sha512-EvGovdvau6FyLexFH2OeXfIITlgIbgZoAZe3usiySeaIDm5QS+A10DKNpaPBBqqRSZr2HN6HVNXxtwUAr2apEw=="
     },
     "jsprim": {
       "version": "1.4.1",
@@ -8319,6 +8334,16 @@
           "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
           "dev": true
         },
+        "stream-browserify": {
+          "version": "2.0.2",
+          "resolved": "https://registry.npmjs.org/stream-browserify/-/stream-browserify-2.0.2.tgz",
+          "integrity": "sha512-nX6hmklHs/gr2FuxYDltq8fJA1GDlxKQCz8O/IM4atRqBH8OORmBNgfvW5gG10GT/qQ9u0CzIvr2X5Pkt6ntqg==",
+          "dev": true,
+          "requires": {
+            "inherits": "~2.0.1",
+            "readable-stream": "^2.0.2"
+          }
+        },
         "util": {
           "version": "0.11.1",
           "resolved": "https://registry.npmjs.org/util/-/util-0.11.1.tgz",
@@ -8487,9 +8512,9 @@
       "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA=="
     },
     "object-path": {
-      "version": "0.11.5",
-      "resolved": "https://registry.npmjs.org/object-path/-/object-path-0.11.5.tgz",
-      "integrity": "sha512-jgSbThcoR/s+XumvGMTMf81QVBmah+/Q7K7YduKeKVWL7N111unR2d6pZZarSk6kY/caeNxUDyxOvMWyzoU2eg=="
+      "version": "0.11.8",
+      "resolved": "https://registry.npmjs.org/object-path/-/object-path-0.11.8.tgz",
+      "integrity": "sha512-YJjNZrlXJFM42wTBn6zgOJVar9KFJvzx6sTWDte8sWZF//cnjl0BxHNpfZx+ZffXX63A9q0b1zsFiBX4g4X5KA=="
     },
     "object-visit": {
       "version": "1.0.1",
@@ -10366,43 +10391,22 @@
       "dev": true
     },
     "stream-browserify": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/stream-browserify/-/stream-browserify-2.0.2.tgz",
-      "integrity": "sha512-nX6hmklHs/gr2FuxYDltq8fJA1GDlxKQCz8O/IM4atRqBH8OORmBNgfvW5gG10GT/qQ9u0CzIvr2X5Pkt6ntqg==",
-      "dev": true,
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/stream-browserify/-/stream-browserify-3.0.0.tgz",
+      "integrity": "sha512-H73RAHsVBapbim0tU2JwwOiXUj+fikfiaoYAKHF3VJfA0pe2BCzkhAHBlLG6REzE+2WNZcxOXjK7lkso+9euLA==",
       "requires": {
-        "inherits": "~2.0.1",
-        "readable-stream": "^2.0.2"
+        "inherits": "~2.0.4",
+        "readable-stream": "^3.5.0"
       },
       "dependencies": {
         "readable-stream": {
-          "version": "2.3.6",
-          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
-          "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
-          "dev": true,
-          "requires": {
-            "core-util-is": "~1.0.0",
-            "inherits": "~2.0.3",
-            "isarray": "~1.0.0",
-            "process-nextick-args": "~2.0.0",
-            "safe-buffer": "~5.1.1",
-            "string_decoder": "~1.1.1",
-            "util-deprecate": "~1.0.1"
-          }
-        },
-        "safe-buffer": {
-          "version": "5.1.2",
-          "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
-          "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
-          "dev": true
-        },
-        "string_decoder": {
-          "version": "1.1.1",
-          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
-          "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
-          "dev": true,
+          "version": "3.6.0",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.0.tgz",
+          "integrity": "sha512-BViHy7LKeTz4oNnkcLJ+lVSL6vpiFeX6/d3oSH8zCW7UxP2onchk+vTGB143xuFjHS3deTgkKoXXymXqymiIdA==",
           "requires": {
-            "safe-buffer": "~5.1.0"
+            "inherits": "^2.0.3",
+            "string_decoder": "^1.1.1",
+            "util-deprecate": "^1.0.1"
           }
         }
       }
@@ -10836,9 +10840,9 @@
       }
     },
     "tmpl": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.4.tgz",
-      "integrity": "sha1-I2QN17QtAEM5ERQIIOXPRA5SHdE=",
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz",
+      "integrity": "sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw==",
       "dev": true
     },
     "to-arraybuffer": {
@@ -12491,8 +12495,7 @@
       "dependencies": {
         "ansi-regex": {
           "version": "5.0.0",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz",
-          "integrity": "sha512-bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg=="
+          "resolved": ""
         },
         "ansi-styles": {
           "version": "4.3.0",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eluvio/elv-client-js",
-  "version": "3.1.72",
+  "version": "3.1.76",
   "description": "Javascript client for the Eluvio Content Fabric",
   "main": "src/ElvClient.js",
   "author": "Kevin Talmadge",
@@ -91,6 +91,7 @@
     "ramda": "^0.27.1",
     "shell-escape": "^0.2.0",
     "sjcl": "^1.0.8",
+    "stream-browserify": "^3.0.0",
     "typedarray": "0.0.6",
     "unorm": "^1.5.0",
     "urijs": "^1.19.7",

package/src/AuthorizationClient.js

@@ -176,7 +176,10 @@ class AuthorizationClient {
     let publicKey;
     if(encryption && encryption !== "none" && objectId && await this.AccessType(objectId) === ACCESS_TYPES.OBJECT) {
       const owner = await this.Owner({id: objectId});
-      if(!Utils.EqualAddress(owner, this.client.signer.address)) {
+      const ownerCapKey = `eluv.caps.iusr${Utils.AddressToHash(this.client.signer.address)}`;
+      const ownerCap = await client.ContentObjectMetadata({libraryId, objectId, metadataSubtree: ownerCapKey});
+
+      if(!Utils.EqualAddress(owner, this.client.signer.address) && !ownerCap) {
         const cap = await this.ReEncryptionConk({libraryId, objectId});
         publicKey = cap.public_key;
       }

package/src/FrameClient.js

@@ -290,6 +290,7 @@ class FrameClient {
       "ClearCache",
       "ClearStaticToken",
       "Collection",
+      "CollectionTransactions",
       "ConfigUrl",
       "ContentLibraries",
       "ContentLibrary",
@@ -303,6 +304,7 @@ class FrameClient {
       "ContentObjectLibraryId",
       "ContentObjectMetadata",
       "ContentObjectOwner",
+      "ContentObjectTenantId",
       "ContentObjectVersions",
       "ContentObjects",
       "ContentPart",
@@ -327,6 +329,7 @@ class FrameClient {
       "CreateFileUploadJob",
       "CreateLinks",
       "CreateNTPInstance",
+      "CreateNonOwnerCap",
       "CreatePart",
       "CreateProductionMaster",
       "CreateSignedToken",

package/src/client/ContentAccess.js

@@ -473,9 +473,8 @@ exports.LibraryContentTypes = async function({libraryId}) {
  * @param {object=} filterOptions - Pagination, sorting and filtering options
  * @param {number=} filterOptions.start - Start index for pagination
  * @param {number=} filterOptions.limit - Max number of objects to return
- * @param {string=} filterOptions.cacheId - Cache ID corresponding a previous query
  * @param {(Array<string> | string)=} filterOptions.sort - Sort by the specified key(s)
- * * @param {boolean=} filterOptions.sortDesc=false - Sort in descending order
+ * @param {boolean=} filterOptions.sortDesc - Sort in descending order
  * @param {(Array<string> | string)=} filterOptions.select - Include only the specified metadata keys (all must start with /public)
  * @param {(Array<object> | object)=} filterOptions.filter - Filter objects by metadata
  * @param {string=} filterOptions.filter.key - Key to filter on (must start with /public)
@@ -2408,7 +2407,10 @@ exports.EncryptionConk = async function({libraryId, objectId, versionHash, write
 
   const owner = await this.authClient.Owner({id: objectId});
 
-  if(!this.utils.EqualAddress(owner, this.signer.address)) {
+  const ownerCapKey = `eluv.caps.iusr${this.utils.AddressToHash(this.signer.address)}`;
+  const ownerCap = await this.ContentObjectMetadata({libraryId, objectId, metadataSubtree: ownerCapKey});
+
+  if(!this.utils.EqualAddress(owner, this.signer.address) && !ownerCap) {
     if(download) {
       return await this.authClient.ReEncryptionConk({libraryId, objectId, versionHash});
     } else {

package/src/client/ContentManagement.js

@@ -21,7 +21,8 @@ const {
   ValidateVersion,
   ValidateWriteToken,
   ValidateParameters,
-  ValidatePresence
+  ValidatePresence,
+  ValidateAddress
 } = require("../Validation");
 
 exports.SetVisibility = async function({id, visibility}) {
@@ -58,8 +59,9 @@ exports.SetVisibility = async function({id, visibility}) {
  * @methodGroup Content Objects
  * @param {string} objectId - The ID of the object
  * @param {string} permission - The key for the permission to set - See client.permissionLevels for available permissions
+ * @param {string} writeToken - Write token for the content object - If specified, info will be retrieved from the write draft instead of creating a new draft and finalizing
  */
-exports.SetPermission = async function({objectId, permission}) {
+exports.SetPermission = async function({objectId, permission, writeToken}) {
   ValidateObject(objectId);
   ValidatePresence("permission", permission);
 
@@ -118,14 +120,16 @@ exports.SetPermission = async function({objectId, permission}) {
       }
     });
   } else if(!kmsConk && settings.kmsConk) {
-    await this.EditAndFinalizeContentObject({
-      libraryId,
-      objectId,
-      commitMessage: "Add encryption conk",
-      callback: async ({writeToken}) => {
-        await this.CreateEncryptionConk({libraryId, objectId, writeToken, createKMSConk: true});
-      }
-    });
+    const finalize = !writeToken;
+    if(!writeToken) {
+      writeToken = (await this.EditContentObject({libraryId, objectId})).writeToken;
+    }
+
+    await this.CreateEncryptionConk({libraryId, objectId, writeToken, createKMSConk: true});
+
+    if(finalize) {
+      await this.FinalizeContentObject({libraryId, objectId, writeToken, commitMessage: `Set permissions to ${permission}`});
+    }
   }
 };
 
@@ -622,7 +626,100 @@ exports.CopyContentObject = async function({libraryId, originalVersionHash, opti
 
   options.copy_from = originalVersionHash;
 
-  return await this.CreateContentObject({libraryId, options});
+  const {objectId, writeToken} = await this.CreateContentObject({libraryId, options});
+  const originalObjectId = this.utils.DecodeVersionHash(originalVersionHash).objectId;
+  const metadata = await this.ContentObjectMetadata({versionHash: originalVersionHash});
+  const permission = await this.Permission({objectId: originalObjectId});
+
+  // User CAP
+  const userCapKey = `eluv.caps.iusr${this.utils.AddressToHash(this.signer.address)}`;
+
+  if(metadata[userCapKey]) {
+    const isOwner = this.utils.EqualAddress(this.signer.address, await this.ContentObjectOwner({objectId: originalObjectId}));
+
+    if(!isOwner) {
+      throw Error(`Current user is not owner of object ${metadata}`);
+    }
+
+    const userConkKey = await this.Crypto.DecryptCap(metadata[userCapKey], this.signer.signingKey.privateKey);
+    userConkKey.qid = objectId;
+
+    this.ReplaceMetadata({
+      libraryId,
+      objectId,
+      writeToken,
+      metadataSubtree: userCapKey,
+      metadata: await this.Crypto.EncryptConk(userConkKey, this.signer.signingKey.publicKey)
+    });
+  }
+
+  // KMS CAP
+  await Promise.all(
+    Object.keys(metadata)
+      .filter(key => key.startsWith("eluv.caps.ikms"))
+      .map(async kmsCapKey => await this.DeleteMetadata({
+        libraryId,
+        objectId,
+        writeToken,
+        metadataSubtree: kmsCapKey
+      }))
+  );
+
+  if(permission !== "owner") {
+    await this.SetPermission({objectId, permission, writeToken});
+  }
+
+  return await this.FinalizeContentObject({libraryId, objectId, writeToken});
+};
+
+/**
+ * Create a non-owner cap key using the specified public key and address
+ *
+ * @methodGroup Access Requests
+ * @namedParams
+ * @param {string} libraryId - ID of the library
+ * @param {string} objectId - ID of the object
+ * @param {string} publicKey - Public key for the target cap
+ * @param {string} publicAddress - Public address for the target cap key
+ * @param {string} writeToken - Write token for the content object - If specified, info will be retrieved from the write draft instead of creating a new draft and finalizing
+ *
+ * @returns {Promise<Object>}
+ */
+exports.CreateNonOwnerCap = async function({objectId, libraryId, publicKey, publicAddress, writeToken}) {
+  publicAddress = ValidateAddress(publicAddress);
+  const userCapKey = `eluv.caps.iusr${this.utils.AddressToHash(this.signer.address)}`;
+  const userCapValue = await this.ContentObjectMetadata({objectId, libraryId, metadataSubtree: userCapKey});
+
+  if(!userCapValue) {
+    throw Error("No user cap found for current user");
+  }
+
+  const userConk = await this.Crypto.DecryptCap(userCapValue, this.signer.signingKey.privateKey);
+
+  const targetUserCapKey = `eluv.caps.iusr${this.utils.AddressToHash(publicAddress)}`;
+  const targetUserCapValue = await this.Crypto.EncryptConk(userConk, publicKey);
+
+  const finalize = !writeToken;
+  if(!writeToken) {
+    writeToken = await this.EditContentObject({libraryId, objectId}).writeToken;
+  }
+
+  this.ReplaceMetadata({
+    libraryId,
+    objectId,
+    writeToken,
+    metadataSubtree: targetUserCapKey,
+    metadata: targetUserCapValue
+  });
+
+  if(finalize) {
+    await this.FinalizeContentObject({
+      libraryId,
+      objectId,
+      writeToken,
+      commitMessage: "Create non-owner cap"
+    });
+  }
 };
 
 /**

package/src/client/Files.js

@@ -641,7 +641,10 @@ exports.DownloadFile = async function({
   headers.Accept = "*/*";
 
   // If not owner, indicate re-encryption
-  if(encrypted && !this.utils.EqualAddress(this.signer.address, await this.ContentObjectOwner({objectId}))) {
+  const ownerCapKey = `eluv.caps.iusr${this.utils.AddressToHash(this.signer.address)}`;
+  const ownerCap = await this.ContentObjectMetadata({libraryId, objectId, metadataSubtree: ownerCapKey});
+
+  if(encrypted && !this.utils.EqualAddress(this.signer.address, await this.ContentObjectOwner({objectId})) && !ownerCap) {
     headers["X-Content-Fabric-Decryption-Mode"] = "reencrypt";
   }