Hi, thanks for responding.
The relevant objects are User, Case, Document.
User - is uploading the file into Box and creating an entry in bubble Document table for it. The entry in Document table includes filename, folderid, User and Case objects as some attributes.
The User can only do this if they have the right to edit this Case. This is represented by User having a CaseEditor attribute which is a List of Cases they can access/edit.
The CaseEditor attribute is used in Privacy settings for Case. The privacy rule is “Current User’s CaseEditor contains This Case”. If valid, the User has all rights, including view files, autobind etc. The group ‘Everyone’ has no access rights.
The privacy rule in the Document table is similar: “Current User’s CaseEditor contains This Document’s Case”.
The FileUploader is ticked (and “Attach this file to” is Parent Group’s Case). When clicked, it runs this workflow:
- Create folder in Box if it doesn’t exist (a single folder named as the uniqueid of the Case is used to store all Case files).
- Create Document with limited attributes. Succeeds, including saving Case value
- BoxApp - Upload a file. See screenshot 1.
This is probably where the error occurs (see screenshot 2)
- Make changes to Document. This should add filename, folderid, fileid, who uploaded the file, who can view it. None of these are saved (the entire update fails as some details depend on ‘Result of step 3’, which failed…)
If I tick ‘View attached files’ for Everyone else in the Case privacy settings, the workflow runs successfully. If instead I untick ‘Make file private’ in the File Uploader, it also runs successfully.
Does this give you the required details. Let me know if you need more