File roles permission

Hi,

I’ve created application role “AdminUser”, and uploaded file readable to “AdminUser” only.
After logging in with user having two roles, “AdminUser” and “AuthenticatedUser”, I wan’t able to download file even though “user-token” header added to request.

FYI, Backendless.UserService.getUserRoles returns “AdminUser” and “AuthenticatedUser”.
When I change the file readable to “AuthenticatedUser”, it downloads properly. (which means that there’s nothing wrong with user-token value)

Below is source code for download, I have attach screenshot of roles permission for the file.

String userToken = UserTokenStorageFactory.instance().getStorage().get();
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod(“GET”);
connection.setRequestProperty(“user-token”, userToken);
connection.setUseCaches(false);
connection.setDoInput( true );
connection.connect();

InputStream input = connection.getInputStream();result.bitmap = BitmapFactory.decodeStream(input);

Hi Scott,

The problem is in the line of code where you retrieve user token.

Use the following line of code instead:

String userToken = HeadersManager.getInstance().getHeader( HeadersManager.HeadersEnum.USER_TOKEN_KEY );

I used your question and sample for our daily “feature-a-day” post: https://backendless.com/feature-127-file-download-with-user-authentication/

Hi Mark,

It doesn’t work. I don’t think this is token issue because when I change file permission readable to “AuthenticatedUser”, I was able to download.
The problem is file ACL for developer created roles - whether I use your code to get token or my code, I was not able to download file when I made file readable to “AdminUser” ONLY.

Could you try adding a role like “AdminUser”, upload a file and make it readable just to AdminUser, and then login with user with “AdminUser” role and try to download.

Yes, it does work. See my screenshots.

Having a file that is readable to CustomRole without any user permission, should be readable to user with CustomRole right?

Yes.

Notice, I do not have any explicit user permissions. You can see all the permissions for the user are inherited - thus there are no explicit permissions for the user. When you add a user, you can see the inherited permissions to know how Backendless will handle any of the operation for the given user.

Mark,

I have no idea why I keep getting response 400 when I make the file readable only to AdminUser.
As I wrote before, getUserRoles correctly returns AdminUser and AuthenticatedUser.
Can I give you app-id and loginId, password so you can try?
I have attached screenshots.

Scott, you’re not following my advice… :frowning:

You absolutely MUST grant Read permission to the AdminOnly role. It must show green checkmark. See this comment:
http://support.backendless.com/t/file-roles-permission#comment-3378

Regards,
Mark

Thanks Mark, it’s woking.
I thought that since “AuthenticatedUser” doesn’t require explicit grant, I thought it would be the same for “AdminUser” that without grant checkmark, file would be still readable to “AdminUser”.