Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

download sys_attachment by public

CyrillW
Giga Contributor

6 hours ago

Good Morning Guys!

At the moment, i make a Widget and this is on a public site (no authication).

 

In this Widget i want to make downloading files from sys_attachment.

first of all, i used the url /sys_attchment?sys_id=<SYSID>, but if i am not logged in, i dont can download the file.

After this, i try to make a restapi.. but this doesnt have permission to the sys_attachments...

After this, i try with a base64.. but it doesnt work..

Here is my Code:
Server Script:

(function() {
    data.attachments = [];

    var recordSysId = 'd3b1461f1b345550d9d142e6bb4bcb14';
    var gr = new GlideRecord('sys_attachment');
    gr.addQuery('table_sys_id', recordSysId);
    gr.orderByDesc('sys_created_on');
    gr.query();

    var sa = new GlideSysAttachment();
    while (gr.next()) {

        var bytes = sa.getBytes(gr);   // Datei holen
        var base64 = GlideStringUtil.base64Encode(bytes);

        data.attachments.push({
            name: gr.file_name + '',
            sys_id: gr.sys_id + '',
            base64: base64
        });
    }
})();

Client Controller:
api.controller = function() {
    var c = this;
    c.attachments = c.data.attachments || [];

   $scope.download = function(att) {

        var byteChars = atob(att.base64);
        var byteNumbers = new Array(byteChars.length);

        for (var i = 0; i < byteChars.length; i++) {
            byteNumbers[i] = byteChars.charCodeAt(i);
        }

        var byteArray = new Uint8Array(byteNumbers);
        var blob = new Blob([byteArray], { type: att.mime });

        var url = URL.createObjectURL(blob);

        var a = document.createElement('a');
        a.href = url;
        a.download = att.name;
        a.click();
        URL.revokeObjectURL(url);
    };

};


on the site, i can see the files,
CyrillW_0-1764230762800.png

 

But, i doesn't can download it..
 
There any Ideas? i prefer a easy workaround.
Thanks and regards


0 Helpfuls
  • 170 Views
7 REPLIES 7

GlideFather
Tera Patron
In response to CyrillW

4 hours ago

@CyrillW if everything else is down, why not to use your ServiceNow credentials like always?

 

I don't know how to help you because I don't really understand the requirement. sorry...

_____
This reply is 100 % GlideFather and 0 % AI
0 Helpfuls

CyrillW
Giga Contributor
In response to GlideFather

3 hours ago

@GlideFather 

The only thing I need is a way to display or download files using a widget if they are stored in sys_attachment – or any other method.
Important: It must work without login, just like accessing google.com.
Nothing else really matters. These are my requirements – the why or how is completely irrelevant.

0 Helpfuls

Tomas Lozano
Tera Expert

3 hours ago - last edited 3 hours ago

Hi @CyrillW

 

Just for you to understand, conceptionally, public role and sys_attachment is a big no no in ServiceNow, so you'll be struggling to find an out of the box way to interact with the sys_attachment table directly without opening yourself up to an attack.

 

There's the sys_property glide.attachment.role where you can add the 'public' role. That won't work on all portals tho.

 

If this doesn't work for you, what I would suggest is looking to leverage the $scope object to store the attachments before submit. On Submit, you can create them in sys_attachment and map them to the target record.

 

Lastly, I would recommend you look to secure the form and the submit to minimise risk of unwanted requests being created. I would recommend leveraging Authentication.. any... or maybe a check on get/set clientData based on a server side logic(API Reference).

 

Good luck!

Tomas

0 Helpfuls