Templates Plugins Courses

Error with Box api and private file setting

Hi, I started implementing your Box api recently, and have started uploading files. I want to ensure the files are secure, so am trying to make them private, associated with the ‘Case’ object, which has privacy controls limiting access to users in the Case team, listed in the Case object.

When uploading files with privacy on, I’m getting an error message “The parameter file is not a valid file”, and the file doesn’t upload. I don’t get this with privacy off. The Case team members definitely have r/w, search and view file rights in Data>Privacy. Yet, I find that if if I give Everyone ‘view attached files’ rights for Case, then the file upload succeeds without error.

Any thoughts on how I can resolve this without giving Everyone file viewing?

Thanks

Bruce

Hello @bruce.mcvicar. Thanks for reaching out.

Can you please share more details of your case? Like, what privacy settings you are trying to adjust; what you are trying to achieve. We need to understand what functionality and in what conditions you are trying to set, which throws you an error. With more details, we will be able to assist you in your issue resolving.

The plugin works well on the demo page with the correct settings. Please provide us with the details (details, screenshots or video records will be highly appreciated) on your specific case, to let us understand your problem.

Thank you :pray:
Regards,

Kate

Hi, thanks for responding.

The relevant objects are User, Case, Document.
User - is uploading the file into Box and creating an entry in bubble Document table for it. The entry in Document table includes filename, folderid, User and Case objects as some attributes.

The User can only do this if they have the right to edit this Case. This is represented by User having a CaseEditor attribute which is a List of Cases they can access/edit.
The CaseEditor attribute is used in Privacy settings for Case. The privacy rule is “Current User’s CaseEditor contains This Case”. If valid, the User has all rights, including view files, autobind etc. The group ‘Everyone’ has no access rights.

The privacy rule in the Document table is similar: “Current User’s CaseEditor contains This Document’s Case”.

The FileUploader is ticked (and “Attach this file to” is Parent Group’s Case). When clicked, it runs this workflow:

  • Create folder in Box if it doesn’t exist (a single folder named as the uniqueid of the Case is used to store all Case files).
  • Create Document with limited attributes. Succeeds, including saving Case value
  • BoxApp - Upload a file. See screenshot 1.

    This is probably where the error occurs (see screenshot 2)
  • Make changes to Document. This should add filename, folderid, fileid, who uploaded the file, who can view it. None of these are saved (the entire update fails as some details depend on ‘Result of step 3’, which failed…)

If I tick ‘View attached files’ for Everyone else in the Case privacy settings, the workflow runs successfully. If instead I untick ‘Make file private’ in the File Uploader, it also runs successfully.

Does this give you the required details. Let me know if you need more

Thanks

Bruce

@bruce.mcvicar,

Thanks for the details. The investigation of your case can take some time, please wait a bit :pray:
If I need any more details or have the update concerning your request - I will let you know.

I suppose you mean here that the workflow runs successfully, but throws an error and the file uploading process is not starting, right?

Thank you for your patience :slightly_smiling_face:
Regards,
Kate

@bruce.mcvicar,

I have discussed your question with my dev colleagues and here is the result of our conversation.

As we can understand, you are trying to add view rules to your page (Data>Privacy tab). But this way to define the “view” user roles is not that one, which will work with our plugin, as you can see.

This can be solved by simple authorization and granting rights to a particular action. And, depending on the rights, to display documents or not. To be short - this can be done in the workflow of the page,
without the need to change the settings of the plugin itself.

To make the plugin work under the preferred privacy rules, you don’t need to change the plugin settings. Just add the user authorization and the permissions to view uploaded files for the particular user (Only when: Current user’s admin is “yes”, as the simplest example).

I hope these insights will be helpful for you :pray:
Regards,
Kate