Apex Code Development You need to sign in to do that
Don't have an account?
Dion Gunn {!URLFOR($Action.Attachment.Download, Id)} links for Attachments generate "Insufficient Privileges"
Hi all,
I've spent the majority of my day trying to find a solution for this issue and I'm having no luck. I'm still a bit of a beginner so bare with me.
I have a VisualForce page on a Communities site that is designed to list the standard Attachment object records from the community $Users related contact. This page is intended to list the Description of the attachment as well as a link to download it. I have a supporting controller that runs a Select query to retrieve the contacts attachments.
Here is a snippet from the page:
<apex:repeat var="doc" value="{!candidate.Attachments}">
<li>
<h4><apex:outputText value="{!doc.Description}"/></h4>
<div class="doc-h">
<apex:outputLink value="{!URLFOR($Action.Attachment.Download, doc.Id)}" target="_blank">
</apex:outputLink>
</div>
</li>
</apex:repeat>
This renders exactly how I would like it to render, and correctly displays the description and the link. However, if I browse to one of many of the links generated by {!URLFOR($Action.Attachment.Download, doc.Id)}, I receive an "Insufficient Privileges" error. I've tried hardcoding the URL and ID and receive the same error.
It generates a link like this: {community site}/servlet/servlet.FileDownload?retURL=%2Fcandidates%2Fapex%2FSupportingDocuments&file=00PN0000000ZZUBMA4
I would have expected that this is profile related, but it doesn't seem to be the case. This is what I've attempted to do to resolve this issue so far:
* Ensure that the community user's profiles has full RCED access to the Account and Contact objects and their fields.
* Ensured that the Site Guest User profile has full RCED access to the Account and Contact objects and their fields.
* Confirmed that share settings and OWD were set to public read/write for the Attachment objects parent (so Account and Contact).
* Read somewhere to try using the 15 digit ID rather than the 18 Digit, to no avail.
* Tried using traditional <a href="">Links</a> instead of apex:OutputLink.
Funnily enough, on the same page with the same user, I have functionality that allows the user to upload an attachment (which creates an Attachment record against the sites related contact) and this works perfectly.
I've seen a few similar posts such as here (https://developer.salesforce.com/forums?id=906F000000099hpIAA) and here (https://developer.salesforce.com/forums?id=906F00000008y5hIAA) but I'm still having no luck. If anybody has experienced something like this before and knows of a possible solution (even if it seems far fetched) then I'd love to hear it!
Cheers,
Dion
I've spent the majority of my day trying to find a solution for this issue and I'm having no luck. I'm still a bit of a beginner so bare with me.
I have a VisualForce page on a Communities site that is designed to list the standard Attachment object records from the community $Users related contact. This page is intended to list the Description of the attachment as well as a link to download it. I have a supporting controller that runs a Select query to retrieve the contacts attachments.
Here is a snippet from the page:
<apex:repeat var="doc" value="{!candidate.Attachments}">
<li>
<h4><apex:outputText value="{!doc.Description}"/></h4>
<div class="doc-h">
<apex:outputLink value="{!URLFOR($Action.Attachment.Download, doc.Id)}" target="_blank">
</apex:outputLink>
</div>
</li>
</apex:repeat>
This renders exactly how I would like it to render, and correctly displays the description and the link. However, if I browse to one of many of the links generated by {!URLFOR($Action.Attachment.Download, doc.Id)}, I receive an "Insufficient Privileges" error. I've tried hardcoding the URL and ID and receive the same error.
It generates a link like this: {community site}/servlet/servlet.FileDownload?retURL=%2Fcandidates%2Fapex%2FSupportingDocuments&file=00PN0000000ZZUBMA4
I would have expected that this is profile related, but it doesn't seem to be the case. This is what I've attempted to do to resolve this issue so far:
* Ensure that the community user's profiles has full RCED access to the Account and Contact objects and their fields.
* Ensured that the Site Guest User profile has full RCED access to the Account and Contact objects and their fields.
* Confirmed that share settings and OWD were set to public read/write for the Attachment objects parent (so Account and Contact).
* Read somewhere to try using the 15 digit ID rather than the 18 Digit, to no avail.
* Tried using traditional <a href="">Links</a> instead of apex:OutputLink.
Funnily enough, on the same page with the same user, I have functionality that allows the user to upload an attachment (which creates an Attachment record against the sites related contact) and this works perfectly.
I've seen a few similar posts such as here (https://developer.salesforce.com/forums?id=906F000000099hpIAA) and here (https://developer.salesforce.com/forums?id=906F00000008y5hIAA) but I'm still having no luck. If anybody has experienced something like this before and knows of a possible solution (even if it seems far fetched) then I'd love to hear it!
Cheers,
Dion
This is the response that I received from Salesforce if anybody is interested. Looks like it is a limitation.
Hi Dion,
I just liaised with our T3 team and here are our finding regarding this issue:
- Community Users do not have access to attachments for Contacts and Accounts (this is a limitation), you can see that by loading the contact record in the layout after you've logged in as community user.
- We've confirmed that OWD would not come into play for community users, thus, even though OWD for account is Public Read Write (Contact - Controlled by Parent), this would not have effect for Community User.
- This is a limitation for community users and the workaround is to create a custom object and have it related to Contact and then have the files attached to this custom object instead of Contact. Once the community user has taken ownership of the record and attachment, they will then able to see and open the attachment.
Please let me know if you have any questions.
We ended up creating a custom object as suggested to get around the issue.
Cheers,
Dion
All Answers
try below code...
<apex:repeat var="doc" value="{!candidate.Attachments}">
<li>
<h4><apex:outputText value="{!doc.Description}"/></h4>
<div class="doc-h">
<apex:outputLink value="{!URLFOR($Action.Attachment.Download, doc.id)}" target="_blank">{!doc.name}</apex:outputLink>
</div>
</li>
</apex:repeat>
Thanks,
Rockzz
Thanks for your help, unfortunately your code provided the same result as my own, short of adding in a wording to the link rather than a style we were using with a graphical link. I'm still getting insufficient privileges.
Cheers,
Dion
Can you try changing the owner of the "candidate" to the portal user, and see what happens?
It would be a good test if I could do it however......
Try this and see if you can do something about it. Go to the parent record of the attachment. Click on the "Sharing" button (if it exists) and see if you can share it with customer portal users?
Thanks again for your help. Unfortunately the sharing button is not available on the contact record (although it's on the page layout). The sharing button is available on the related account and when selecting to share that record with Customer Portal Users, I am provided with the below message:
"The selected sharing setting is already included as part of your organization's default sharing settings. Please increase account access, opportunity access or case access to be greater than your organization's default"
Based on some further digging around, this seems to suggest to me that my OWD's are set to the correct settings to allow public read/write to Account and Contact records. The attachments I'm trying to access are related to the Contact record.
I've raised a case with the Salesforce team and I'm awaiting their response. Once I get to the bottom of this I'll post an update (which hopefully I can do soon!).
Cheers,
Dion
This is the response that I received from Salesforce if anybody is interested. Looks like it is a limitation.
Hi Dion,
I just liaised with our T3 team and here are our finding regarding this issue:
- Community Users do not have access to attachments for Contacts and Accounts (this is a limitation), you can see that by loading the contact record in the layout after you've logged in as community user.
- We've confirmed that OWD would not come into play for community users, thus, even though OWD for account is Public Read Write (Contact - Controlled by Parent), this would not have effect for Community User.
- This is a limitation for community users and the workaround is to create a custom object and have it related to Contact and then have the files attached to this custom object instead of Contact. Once the community user has taken ownership of the record and attachment, they will then able to see and open the attachment.
Please let me know if you have any questions.
We ended up creating a custom object as suggested to get around the issue.
Cheers,
Dion
Could you please share the code you implemented for custom object? I am facing a similar issue. I need to show attachments related to custom object to community user but I get "Insufficient Privileges" error.
[ https://developer.salesforce.com/forums/ForumsMain?id=906F0000000A4iKIAS ]