Application ID 77174A3A-8AD8-F997-FF5F-8CE8CB660D00
Expected Behavior
- Give permission for NotAuthenticatedUser to see images (file).
Actual Behavior
- When I try to access as NotAuthenticatedUser to https://backendlessappcontent.com/77174A3A-8AD8-F997-FF5F-8CE8CB660D00/A9CAED57-D16B-4086-B909-711233C8BE6F/files/appDirectory/products/DR/100+miligramos/DropshipMonitor_logo.png, the response is: “code: 4000
message: “User has no permissions for specified resource”
errorData: {}”.
I have enabled Permission for the NotAuthenticatedUser Role as: FILES: READ; enabled, DELETE; disabled, WRITE; disabled, PERMISSION; disabled.
What else can I do?
You denied the access for RestUser, but you make the request as a RestUser.
Therefore, the result is expected.
Just give the access to the RestUser.
I have enabled the access for RestUser as: FILES: READ; enabled, DELETE; disabled, WRITE; disabled, PERMISSION; disabled.
But I have the same response.
My understanding is that the client is identified as a RestUser when the respective API Token is attached. However, in this case, the browser is performing a GET Request without any API token header.
This same behaviour occurs when adding an <img> element with that image URL into the DOM, since the browser performs the GET without auth header as well.
@RAFAEL_PEREZ
We are talking about exactly API requests. So the REST api key should be present in the path.
As i see @Valerio_Galiote has used the CodeRunner api key.
Also CodeRunner key should be kept safe (contrary to others). I recommend to regenerate it.
You should grant permission to the user under which you perform requests.
