✨Discover storytelling in the AI age with Pixar's Matthew Luhn at Sanity Connect, May 8th—register now

Permissions issue with custom roles and uploading images in Sanity.io

13 replies
Last updated: Nov 10, 2021
Hi, I'm running into a permissions issue while using the custom roles feature (doc here ). Some help would be greatly appreciated, I'll leave more details within the thread.
Nov 2, 2021, 11:52 PM
I created a custom role that has the following grant and gave myself this role and the Viewer role.
"grants":{
   "sanity.document.filter.mode":[
      {
         "id":"...",
         "name":null,
         "title":"event documents",
         "description":"event documents",
         "isCustom":true,
         "config":{
            "filter":"_type == \"event\""
         },
         "grants":[
            {
               "name":"mode",
               "params":{
                  "mode":"create",
                  "history":true
               }
            }
         ]
      }
   ]
}
This allowed me to view and create event documents. But I found that when trying to create an event document, I am unable to upload an image using the Sanity GUI through the image field.

This is the POST request sanity GUI makes when I try to upload, and the error response that gets returned from the sanity api.


POST <https://xcsyo6gw.api.sanity.io/v1/assets/images/staging?tag=sanity.studio.asset.upload&filename=hamilton-animals-to-follow-on-instagram-1568303880.jpeg>
(this fails with 403 forbidden)

{
   "error":{
      "description":"the mutation(s) failed: Insufficient permissions; permission \"create\" required",
      "items":[
         {
            "error":{
               "description":"Insufficient permissions; permission \"create\" required",
               "permission":"create",
               "type":"insufficientPermissionsError"
            },
            "index":0
         }
      ],
      "type":"mutationError"
   }
}
Can you tell me what permission I'm missing in my custom role, and what grant I can add to my custom role to allow me to upload images/attachments? Thank you!
Nov 2, 2021, 11:53 PM
Hi
user M
, yes I am on an Enterprise plan!
Nov 3, 2021, 3:12 PM
Hi
user M
, yes I am on an Enterprise plan!
Nov 3, 2021, 3:12 PM
Got it! So roles should be accessible to you then! What does the schema for this image look like?
Nov 3, 2021, 6:02 PM
The image field's schema looks like this:
{
      title: 'Cover Photo',
      name: 'coverPhoto',
      type: 'image',
      options: {
        hotspot: true,
      },
    },

Nov 3, 2021, 6:04 PM
The image field's schema looks like this:
{
      title: 'Cover Photo',
      name: 'coverPhoto',
      type: 'image',
      options: {
        hotspot: true,
      },
    },

Nov 3, 2021, 6:04 PM
(just butting in to say that we will have management ui for roles very very soon, where all this will be a lot easier)
Nov 3, 2021, 7:47 PM
Ah I see, this makes a lot of sense! Thank you Geoff for the detailed explanation, I will give this a try! For granting permission for regular file uploads that are not images, would the type be 'sanity.fileAsset' instead of 'sanity.imageAsset'?
Nov 3, 2021, 10:45 PM
Ah I see, this makes a lot of sense! Thank you Geoff for the detailed explanation, I will give this a try! For granting permission for regular file uploads that are not images, would the type be 'sanity.fileAsset' instead of 'sanity.imageAsset'?
Nov 3, 2021, 10:45 PM
Yes, that’s correct. 👍
Nov 3, 2021, 10:47 PM
Awesome! Thanks again! 😄
Nov 3, 2021, 10:48 PM
Alice, I was looking into this for someone else and noticed my project already had
sanity-document-filter-images
and
sanity-document-filter-files
permission resources that filter on those respective types, which should cut out a step when creating your grant (i.e., not needing to create those first).
Nov 4, 2021, 7:28 PM
Hi Alice. The brand new Roles were just released (no upgrade required—you’ll see them at sanity.io/manage ). We would love if you could take it for a spin and let us know what you think. The docs have been updated as well to reflect the new functionality.
Nov 10, 2021, 7:33 PM

Sanity– build remarkable experiences at scale

Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.

Was this answer helpful?