If you set the permission on a folder or file to be denied for nonauthenticated users, then I noticed that you can’t view the file through the console - data-file reference
So let’s say you have a table with a column referencing the file. Then you login to the console, click on the table, choose a record and click on the file reference to view the file then it treats you as an outsider and won’t let you view the file.
Shouldnt the person logging to console have the highest permission and be able to view files through data table like when going to the files system. Not to. Mention that he would be already an authenticated admin user
User logged in to console is not a user from your app. It is important to differentiate users from your app (the Users table) from the developer who logs in to the console.
Hello Mark
But a a developer who logs on to the console is an admin meaning they should have superior permission over any user. Developer can already change and remove permissions of any user and can view files using the files system built in viewer, why cant he view the files from the file reference in table?
The beauty of the dashboard is that the developer (or owner) can see all the users registered navigate through all the linkages by clicking on references. So in my structure, if the developer wants to see all the files a user uploaded, he just choose the user and they click on file reference to see all the files. How can I enable him to view the file being clicked on?
To go through the file system, one would have to rmember the full path and navigate to each file one by one
Perhaps I am not able to explain the issue well. Please note that all the viewing I am talking about now is through the console. I am adding screeshots to assist. So As a developer, I am supposed to have access to everything including viewing files (since I am able to log in to the console).
As you can see, these are all the documents for that test2 user… Now me as a developer logged in to the console, if I click on any of the files above, it tells me “permission” denied!. But if I go to the fileviewer screen and try to figure the path for a specific file then it lets me open the file. At the end of the day, I am the same person (developer) accessing it from 2 different screens. Why one would be different? More importantly, is there a way I can allow the developer(myself) to view the file by clicking on the file name in the 2nd screenshot above. I find it hard to compromise the security and give access to the files to non authenticated users just so as a developer I can open the file by clicking on it in screenshot2.
As documentation explains it, every file has 2 urls in Backendless:
Public URL - the one which is used by end user apps
Private URL - available only to the developer
When you fetch a file via (1), all security permissions are enforced. For example, if the file is denied access to non-authenticated users, you will be able to fetch it without a valid user token. The URL for (1) can be copied to the computer’s clipboard by clicking the “Get Public URL” icon.
When a fetch a file via (2), it is absolutely necessary to include the “auth-key” header into the request. That header is established when you login to console and is present for every single request made in console. The URL for (2) is available by copying file URL for the file’s hyperlink shown in console: http://support.backendless.com/public/attachments/82616bf329d7901e7932acd816883396.jpg</img>
That header is established when you login to console and is present for every single request made in console
Exactly!. So why is clicking on the file in screeshot2 in my previous post, giving me permission error and not allowing me to see it? The “clicking on it” should be a request made with the established header since I am logged in to the console, as per your explanation above.
Question makes sense?
In technical terms, when clicking on the file reference “in the console”, the private url should be the one being used not public url
We were talking about 2 different things all along. I kept describing the Files section while you’re talking about navigating to a file from Data. I see what you are saying now. This is something we should be able to correct.
I cannot provide an estimate yet. The way it will be handled once we make the changes will be identical to navigating to related geopoints (that is it will open the Files screen and show the file there).
However, this is not a trivial change for the following reasons:
Files referenced by data objects can be an outside URL. It can be even a URL to a file located in another Backendless app.
A file may not be located on the first page of the file listing, hence simply opening up the directory will not be sufficient.
We have entered this request in our tracking system, but it has not been prioritized yet as we do not have available resources to allocate at the moment to this issue.
