Support Topics Documentation Slack YouTube Blog

Give permission to see images for NotAuthenticatedUser

Application ID 77174A3A-8AD8-F997-FF5F-8CE8CB660D00

Expected Behavior

  1. Give permission for NotAuthenticatedUser to see images (file).

Actual Behavior

  1. When I try to access as NotAuthenticatedUser to https://backendlessappcontent.com/77174A3A-8AD8-F997-FF5F-8CE8CB660D00/A9CAED57-D16B-4086-B909-711233C8BE6F/files/appDirectory/products/DR/100+miligramos/DropshipMonitor_logo.png, the response is: “code: 4000
    message: “User has no permissions for specified resource”
    errorData: {}”.
    I have enabled Permission for the NotAuthenticatedUser Role as: FILES: READ; enabled, DELETE; disabled, WRITE; disabled, PERMISSION; disabled.

What else can I do?

You denied the access for RestUser, but you make the request as a RestUser.
Therefore, the result is expected.
Just give the access to the RestUser.

I have enabled the access for RestUser as: FILES: READ; enabled, DELETE; disabled, WRITE; disabled, PERMISSION; disabled.

But I have the same response.

My understanding is that the client is identified as a RestUser when the respective API Token is attached. However, in this case, the browser is performing a GET Request without any API token header.
This same behaviour occurs when adding an <img> element with that image URL into the DOM, since the browser performs the GET without auth header as well.

@RAFAEL_PEREZ
We are talking about exactly API requests. So the REST api key should be present in the path.

As i see @Valerio_Galiote has used the CodeRunner api key.
Also CodeRunner key should be kept safe (contrary to others). I recommend to regenerate it.

You should grant permission to the user under which you perform requests.