87 lines
3.0 KiB
Markdown
87 lines
3.0 KiB
Markdown
# Task Attachment Preview Fix
|
|
|
|
## Issues Fixed
|
|
|
|
### 1. Dialog Accessibility Warning
|
|
**Problem**: Missing `Description` or `aria-describedby` for DialogContent in TaskSubmissions.vue and TaskAttachments.vue
|
|
|
|
**Solution**: Added `DialogDescription` component to both dialog implementations for proper accessibility.
|
|
|
|
**Files Changed**:
|
|
- `frontend/src/components/task/TaskSubmissions.vue`
|
|
- `frontend/src/components/task/TaskAttachments.vue`
|
|
|
|
**Changes**:
|
|
- Imported `DialogDescription` from `@/components/ui/dialog`
|
|
- Added `<DialogDescription>` element inside `<DialogHeader>` for both components
|
|
|
|
### 1.5. Attachment Preview Method Consistency
|
|
**Problem**: TaskAttachments was using direct URL loading while TaskSubmissions used blob loading, causing inconsistent behavior.
|
|
|
|
**Solution**: Updated TaskAttachments to use the same blob-based image loading approach as TaskSubmissions.
|
|
|
|
**Files Changed**:
|
|
- `frontend/src/components/task/TaskAttachments.vue`
|
|
|
|
**Changes**:
|
|
- Added `mediaBlobUrl` ref to store blob URL
|
|
- Imported `apiClient` from `@/services/api`
|
|
- Updated `handleView` to be async and call `loadMediaForViewer`
|
|
- Added `loadMediaForViewer` function to fetch image as blob and create object URL
|
|
- Added `handleDownload` function for downloading attachments
|
|
- Updated template to use `mediaBlobUrl` instead of direct URL
|
|
- Added fallback UI with download button for non-previewable files
|
|
|
|
### 2. Backend 403 Forbidden Error
|
|
**Problem**: File access was denied when trying to view attachment files. The permission check was too restrictive - it only allowed:
|
|
- Admins and coordinators (all files)
|
|
- Directors (all files)
|
|
- Artists (only their assigned tasks)
|
|
|
|
This meant artists couldn't view attachments for other tasks in projects they were members of.
|
|
|
|
**Solution**: Enhanced the `check_file_access_permission` function to allow project members to access task attachments.
|
|
|
|
**Files Changed**:
|
|
- `backend/routers/files.py`
|
|
|
|
**Changes**:
|
|
1. Updated `check_file_access_permission` function signature to accept `db: Session` parameter
|
|
2. Added logic to check if an artist is a project member:
|
|
- Traces task → asset/shot → project
|
|
- Checks ProjectMember table for membership
|
|
- Grants access if user is a project member
|
|
3. Updated all 5 calls to `check_file_access_permission` to pass the `db` parameter
|
|
|
|
## Permission Logic Flow
|
|
|
|
```
|
|
User tries to access attachment
|
|
↓
|
|
Get attachment and associated task
|
|
↓
|
|
Check permissions:
|
|
- Admin/Coordinator? → ✅ Allow
|
|
- Director? → ✅ Allow
|
|
- Assigned to task? → ✅ Allow
|
|
- Artist + Project member? → ✅ Allow
|
|
- Otherwise → ❌ Deny (403)
|
|
```
|
|
|
|
## Testing
|
|
|
|
Run the test script to verify the fix:
|
|
```bash
|
|
cd backend
|
|
python test_attachment_access.py
|
|
```
|
|
|
|
Expected result: Artists who are project members can now access task attachments without getting 403 errors.
|
|
|
|
## Impact
|
|
|
|
- Fixes accessibility warnings in browser console
|
|
- Allows proper collaboration - project members can view each other's attachments
|
|
- Maintains security - only project members have access
|
|
- No breaking changes to existing functionality
|