Disable open-access-only external services for embargoed dandisets

[Copilot]

External services in the "Open With" menu were enabled for embargoed dandisets despite being unable to access embargoed data, resulting in errors when users clicked them.

Changes

• Service configuration (web/src/utils/externalServices.ts)

  • Added openaccessOnly?: boolean attribute to ExternalService interface (defaults to true)
  • Marked Neurosift endpoints with openaccessOnly: false (supports embargoed access via API key)
  • Modified getExternalServices() to return disabled: boolean flag based on embargo status

• UI (web/src/views/FileBrowserView/FileBrowser.vue)

  • Disabled services render grayed-out with no clickable link
  • Added orange lock icon with tooltip: "Not available for embargoed assets"

Behavior

For embargoed dandisets:

• Disabled: Bioimagesuite, MetaCell/NWBExplorer, VTK/ITK Viewer, OME Zarr validator, Neuroglancer, NeuroGlass
• Enabled: Neurosift (all variants) - user must provide API key

// Service marked as supporting embargoed access
{
  name: "Neurosift",
  regex: /\.nwb$/,
  endpoint: "https://neurosift.app/nwb?url=...",
  openaccessOnly: false,  // Works with embargoed data
}

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Disable external services for embargoed data/dandisets</issue_title>
<issue_description>AFAIK ATM all external services make sense only for public data only since we are not directing to minted URL for asset blobs, nor @magland has access to provide neurosift access to them at the level of dandisets. But ATM we keep all the "Open With" buttons enabled even though following them would just result in various errors: e.g. on https://dandiarchive.org/dandiset/001169/draft

Ideally UI should be adjusted so that if dandiset embargoed, it is greyed out (ideally with a hint that it is since it is embargoed).

• edit: inspired by Add Neuroglancer external service for umembargoed Zarr and NIfTI assets #2063</issue_description>

<agent_instructions>review the thread and follow instructions in the last comment of mine which shows how it should be implemented</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@yarikoptic > @yarikoptic ... in the case of opening an NWB file, Neurosift does support viewing embargoed files... and that's actually a valuable feature. You need to input your dandi API key into Neurosift. I need to add a feature where it tells the user what to do in that case.

Good to know, but/and neurosift specific. Indeed - should announce to the user that API key needs to be provided!

I am not that verse in web tech -- isn't there some way to provide some kind of "session continuity" so client while working on neurosift could still retain access to DANDI's session and thus /download/ to still be able to mint URL?

Overall then, while disabling we need to add annotation to neurosift that it can handle embargoed dandisets, and thus only disable services which do not announce for that. @aaronkanzer -- do you think you could draft such a generic PR for the services based on your work in the

• Add Neuroglancer external service for umembargoed Zarr and NIfTI assets #2063

?

@yarikoptic Ok, the solution should be to indeed to

1. allow external services in web/src/utils/externalServices.ts to be annotated with openaccess_only attribute (default true) and allow to state false to those like neurosift which do provide access to embargoed dandisets/assets
   • neurosift endpoint records can get openaccess_only set to false
2. in case of an asset, figure out if it is embargoed or open and if embargoed, and service is openaccess_only: make it grayed out with an orange locked lock icon nearby - asset could be open content in the public dandiset. We have access.status which for openaccess should be dandi:OpenAccess, that's how frontend could determine it from metadata</comment_new>

• Fixes Disable external services for embargoed data/dandisets #2065

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[yarikoptic]

there are frontend tests under e2e/tests/fileBrowserPage.spec.ts, but I do not see them testing anything about embargoed dandisets ATM unfortunately, so it might be a bit too much to establish testing for emabrgoed dandisets in them.

[yarikoptic]

wonderful -- it works:

vs original

ready for review!

[yarikoptic]

Looks good to me