# Task Attachment Preview Fix ## Issues Fixed ### 1. Dialog Accessibility Warning **Problem**: Missing `Description` or `aria-describedby` for DialogContent in TaskSubmissions.vue and TaskAttachments.vue **Solution**: Added `DialogDescription` component to both dialog implementations for proper accessibility. **Files Changed**: - `frontend/src/components/task/TaskSubmissions.vue` - `frontend/src/components/task/TaskAttachments.vue` **Changes**: - Imported `DialogDescription` from `@/components/ui/dialog` - Added `` element inside `` for both components ### 1.5. Attachment Preview Method Consistency **Problem**: TaskAttachments was using direct URL loading while TaskSubmissions used blob loading, causing inconsistent behavior. **Solution**: Updated TaskAttachments to use the same blob-based image loading approach as TaskSubmissions. **Files Changed**: - `frontend/src/components/task/TaskAttachments.vue` **Changes**: - Added `mediaBlobUrl` ref to store blob URL - Imported `apiClient` from `@/services/api` - Updated `handleView` to be async and call `loadMediaForViewer` - Added `loadMediaForViewer` function to fetch image as blob and create object URL - Added `handleDownload` function for downloading attachments - Updated template to use `mediaBlobUrl` instead of direct URL - Added fallback UI with download button for non-previewable files ### 2. Backend 403 Forbidden Error **Problem**: File access was denied when trying to view attachment files. The permission check was too restrictive - it only allowed: - Admins and coordinators (all files) - Directors (all files) - Artists (only their assigned tasks) This meant artists couldn't view attachments for other tasks in projects they were members of. **Solution**: Enhanced the `check_file_access_permission` function to allow project members to access task attachments. **Files Changed**: - `backend/routers/files.py` **Changes**: 1. Updated `check_file_access_permission` function signature to accept `db: Session` parameter 2. Added logic to check if an artist is a project member: - Traces task → asset/shot → project - Checks ProjectMember table for membership - Grants access if user is a project member 3. Updated all 5 calls to `check_file_access_permission` to pass the `db` parameter ## Permission Logic Flow ``` User tries to access attachment ↓ Get attachment and associated task ↓ Check permissions: - Admin/Coordinator? → ✅ Allow - Director? → ✅ Allow - Assigned to task? → ✅ Allow - Artist + Project member? → ✅ Allow - Otherwise → ❌ Deny (403) ``` ## Testing Run the test script to verify the fix: ```bash cd backend python test_attachment_access.py ``` Expected result: Artists who are project members can now access task attachments without getting 403 errors. ## Impact - Fixes accessibility warnings in browser console - Allows proper collaboration - project members can view each other's attachments - Maintains security - only project members have access - No breaking changes to existing functionality