Permissions issue with custom roles and uploading images in Sanity.io
13 replies
Last updated: Nov 10, 2021
A
Hi, I'm running into a permissions issue while using the custom roles feature (doc here ). Some help would be greatly appreciated, I'll leave more details within the thread.
Nov 2, 2021, 11:52 PM
A
I created a custom role that has the following grant and gave myself this role and the Viewer role.
This allowed me to view and create event documents. But I found that when trying to create an event document, I am unable to upload an image using the Sanity GUI through the image field.
This is the POST request sanity GUI makes when I try to upload, and the error response that gets returned from the sanity api.
(this fails with 403 forbidden)
Can you tell me what permission I'm missing in my custom role, and what grant I can add to my custom role to allow me to upload images/attachments? Thank you!
"grants":{
"sanity.document.filter.mode":[
{
"id":"...",
"name":null,
"title":"event documents",
"description":"event documents",
"isCustom":true,
"config":{
"filter":"_type == \"event\""
},
"grants":[
{
"name":"mode",
"params":{
"mode":"create",
"history":true
}
}
]
}
]
}This is the POST request sanity GUI makes when I try to upload, and the error response that gets returned from the sanity api.
POST <https://xcsyo6gw.api.sanity.io/v1/assets/images/staging?tag=sanity.studio.asset.upload&filename=hamilton-animals-to-follow-on-instagram-1568303880.jpeg>
{
"error":{
"description":"the mutation(s) failed: Insufficient permissions; permission \"create\" required",
"items":[
{
"error":{
"description":"Insufficient permissions; permission \"create\" required",
"permission":"create",
"type":"insufficientPermissionsError"
},
"index":0
}
],
"type":"mutationError"
}
}Nov 2, 2021, 11:53 PM
A
Hi
user M
, yes I am on an Enterprise plan!Nov 3, 2021, 3:12 PM
A
Hi
user M
, yes I am on an Enterprise plan!Nov 3, 2021, 3:12 PM
Got it! So roles should be accessible to you then! What does the schema for this image look like?
Nov 3, 2021, 6:02 PM
A
The image field's schema looks like this:
{
title: 'Cover Photo',
name: 'coverPhoto',
type: 'image',
options: {
hotspot: true,
},
},Nov 3, 2021, 6:04 PM
A
The image field's schema looks like this:
{
title: 'Cover Photo',
name: 'coverPhoto',
type: 'image',
options: {
hotspot: true,
},
},Nov 3, 2021, 6:04 PM
J
(just butting in to say that we will have management ui for roles very very soon, where all this will be a lot easier)
Nov 3, 2021, 7:47 PM
A
Ah I see, this makes a lot of sense! Thank you Geoff for the detailed explanation, I will give this a try! For granting permission for regular file uploads that are not images, would the type be 'sanity.fileAsset' instead of 'sanity.imageAsset'?
Nov 3, 2021, 10:45 PM
A
Ah I see, this makes a lot of sense! Thank you Geoff for the detailed explanation, I will give this a try! For granting permission for regular file uploads that are not images, would the type be 'sanity.fileAsset' instead of 'sanity.imageAsset'?
Nov 3, 2021, 10:45 PM
Yes, that’s correct. 👍
Nov 3, 2021, 10:47 PM
A
Awesome! Thanks again! 😄
Nov 3, 2021, 10:48 PM
Alice, I was looking into this for someone else and noticed my project already had
sanity-document-filter-imagesand
sanity-document-filter-filespermission resources that filter on those respective types, which should cut out a step when creating your grant (i.e., not needing to create those first).
Nov 4, 2021, 7:28 PM
Hi Alice. The brand new Roles were just released (no upgrade required—you’ll see them at sanity.io/manage ). We would love if you could take it for a spin and let us know what you think. The docs have been updated as well to reflect the new functionality.
Nov 10, 2021, 7:33 PM
Sanity– build remarkable experiences at scale
Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.