Permissions issue with custom roles and uploading images in Sanity.io
13 replies
Last updated: Nov 10, 2021
A
Hi, I'm running into a permissions issue while using the custom roles feature (doc here ). Some help would be greatly appreciated, I'll leave more details within the thread.
Nov 2, 2021, 11:52 PM
A
I created a custom role that has the following grant and gave myself this role and the Viewer role.
This allowed me to view and create event documents. But I found that when trying to create an event document, I am unable to upload an image using the Sanity GUI through the image field.
This is the POST request sanity GUI makes when I try to upload, and the error response that gets returned from the sanity api.
Can you tell me what permission I'm missing in my custom role, and what grant I can add to my custom role to allow me to upload images/attachments? Thank you!
"grants":{
"sanity.document.filter.mode":[
{
"id":"...",
"name":null,
"title":"event documents",
"description":"event documents",
"isCustom":true,
"config":{
"filter":"_type == \"event\""
},
"grants":[
{
"name":"mode",
"params":{
"mode":"create",
"history":true
}
}
]
}
]
}This is the POST request sanity GUI makes when I try to upload, and the error response that gets returned from the sanity api.
POST <https://xcsyo6gw.api.sanity.io/v1/assets/images/staging?tag=sanity.studio.asset.upload&filename=hamilton-animals-to-follow-on-instagram-1568303880.jpeg>(this fails with 403 forbidden)
{
"error":{
"description":"the mutation(s) failed: Insufficient permissions; permission \"create\" required",
"items":[
{
"error":{
"description":"Insufficient permissions; permission \"create\" required",
"permission":"create",
"type":"insufficientPermissionsError"
},
"index":0
}
],
"type":"mutationError"
}
}Nov 2, 2021, 11:53 PM
A
Hi
user M
, yes I am on an Enterprise plan!Nov 3, 2021, 3:12 PM
A
Hi
user M
, yes I am on an Enterprise plan!Nov 3, 2021, 3:12 PM
Got it! So roles should be accessible to you then! What does the schema for this image look like?
Nov 3, 2021, 6:02 PM
A
The image field's schema looks like this:
{
title: 'Cover Photo',
name: 'coverPhoto',
type: 'image',
options: {
hotspot: true,
},
},Nov 3, 2021, 6:04 PM
A
The image field's schema looks like this:
{
title: 'Cover Photo',
name: 'coverPhoto',
type: 'image',
options: {
hotspot: true,
},
},Nov 3, 2021, 6:04 PM
J
(just butting in to say that we will have management ui for roles very very soon, where all this will be a lot easier)
Nov 3, 2021, 7:47 PM
A
Ah I see, this makes a lot of sense! Thank you Geoff for the detailed explanation, I will give this a try! For granting permission for regular file uploads that are not images, would the type be 'sanity.fileAsset' instead of 'sanity.imageAsset'?
Nov 3, 2021, 10:45 PM
A
Ah I see, this makes a lot of sense! Thank you Geoff for the detailed explanation, I will give this a try! For granting permission for regular file uploads that are not images, would the type be 'sanity.fileAsset' instead of 'sanity.imageAsset'?
Nov 3, 2021, 10:45 PM
Yes, that’s correct. 👍
Nov 3, 2021, 10:47 PM
A
Awesome! Thanks again! 😄
Nov 3, 2021, 10:48 PM
Alice, I was looking into this for someone else and noticed my project already had
sanity-document-filter-imagesand
sanity-document-filter-filespermission resources that filter on those respective types, which should cut out a step when creating your grant (i.e., not needing to create those first).
Nov 4, 2021, 7:28 PM
Hi Alice. The brand new Roles were just released (no upgrade required—you’ll see them at sanity.io/manage ). We would love if you could take it for a spin and let us know what you think. The docs have been updated as well to reflect the new functionality.
Nov 10, 2021, 7:33 PM
Sanity– build remarkable experiences at scale
Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.