Content Management images - permission issues

peterwestergaar · ‎11-27-2014

Question for the community, to make sure it's not a known error or something. Also looking for brainstorming for workarounds.

When I created a simple CMS page to kick the tires, I created a dynamic block, and used the editor to attach a PNG and a JPG file in the block.

When I save and publish the CMS page, and then load it, the images will only display for me when I'm logged in as an admin user. Non-admin users just show me broken-image icons and alt-text in place of the attached file.

Any idea what might be happening here?

peterwestergaar · ‎12-02-2014

Yeah, checking the read ACL for sys_attachment shows a conditional script that I want to puzzle through at some point. But in the meantime, adding static content block to the exception list (next to the live-feed exception since they seem comparable to me) seemed wise:

     // If the attachment is from live feed, or the static content block of CMS


     // grant it the read access


     if (current.table_name == 'live_profile')


           return true;




     if (current.table_name == 'content_block_static')


       return true;

View solution in original post

peterwestergaar · ‎11-27-2014

This is on a Eureka patch 5 server. (In case it's version-related).

Kalaiarasan Pus · ‎11-28-2014

any sample code you may paste or screenshots?

peterwestergaar · ‎11-28-2014

Let me create a second sample page to verify, and I'll paste the whole thing, I can get to that on Monday.

peterwestergaar · ‎12-02-2014

Ok. I've replicated it and I think I've isolated it.

It seems to show up specifically with the "Static Content" block on a CMS Page. I created a table with six images, the top row were all added as "Attachments" and the bottom row were all added as "Image Library". I suppose I've misunderstood how "Attachment" is supposed to work, or perhaps it doesn't work as expected.

Here's the source code when I expand my test content:

<p> </p>


<table>


<tbody>


<tr>


<td><img style="align: baseline;" title="Organization" src="/sys_attachment.do?sys_id=01b628302b7cb100376f7ee217da15e3" alt="Organization" align="baseline" border="" hspace="" vspace="" />Test</td>


<td><img style="align: baseline;" title="Knowledge" src="/sys_attachment.do?sys_id=72c628302b7cb100376f7ee217da15cc" alt="Knowledge" align="baseline" border="" hspace="" vspace="" />Test</td>


<td><img style="align: baseline;" title="Security" src="/sys_attachment.do?sys_id=e4e620302b7cb100376f7ee217da15e4" alt="Security" align="baseline" border="" hspace="" vspace="" />Test</td>


</tr>


<tr>


<td><img style="align: baseline;" title="Software" src="/cdrom.gifx" alt="Software" align="baseline" border="" hspace="" vspace="" />Test</td>


<td><img style="align: baseline;" title="Benefits" src="/Benefits.pngx" alt="Benefits" align="baseline" border="" hspace="" vspace="" />Test</td>


<td><img style="align: baseline;" title="Employee Onboarding" src="/Onboard.pngx" alt="Employee Onboarding" align="baseline" border="" hspace="" vspace="" />Test</td>


</tr>


</tbody>


</table>


<p> </p>

All six images appear when I view it as Admin, but here's how it appears when I view it as a non-admin user:

(Please ignore the right-side, that was my just testing a dynamic content block with some data pulled from the knowledge base table).

So I suppose the question boils down to... how does the "Attachment" type of inserted image work? Is it working as expected? If there is a permission structure associated with such attachments, how is it controlled?