LinkDesk/frontend/docs/task-attachment-preview-fix.md

Task Attachment Preview Fix

Issues Fixed

1. Dialog Accessibility Warning

Problem: Missing Description or aria-describedby for DialogContent in TaskSubmissions.vue and TaskAttachments.vue

Solution: Added DialogDescription component to both dialog implementations for proper accessibility.

Files Changed:

• frontend/src/components/task/TaskSubmissions.vue
• frontend/src/components/task/TaskAttachments.vue

Changes:

• Imported DialogDescription from @/components/ui/dialog
• Added <DialogDescription> element inside <DialogHeader> for both components

1.5. Attachment Preview Method Consistency

Problem: TaskAttachments was using direct URL loading while TaskSubmissions used blob loading, causing inconsistent behavior.

Solution: Updated TaskAttachments to use the same blob-based image loading approach as TaskSubmissions.

Files Changed:

• frontend/src/components/task/TaskAttachments.vue

Changes:

• Added mediaBlobUrl ref to store blob URL
• Imported apiClient from @/services/api
• Updated handleView to be async and call loadMediaForViewer
• Added loadMediaForViewer function to fetch image as blob and create object URL
• Added handleDownload function for downloading attachments
• Updated template to use mediaBlobUrl instead of direct URL
• Added fallback UI with download button for non-previewable files

2. Backend 403 Forbidden Error

Problem: File access was denied when trying to view attachment files. The permission check was too restrictive - it only allowed:

• Admins and coordinators (all files)
• Directors (all files)
• Artists (only their assigned tasks)

This meant artists couldn't view attachments for other tasks in projects they were members of.

Solution: Enhanced the check_file_access_permission function to allow project members to access task attachments.

Files Changed:

• backend/routers/files.py

Changes:

1. Updated check_file_access_permission function signature to accept db: Session parameter
2. Added logic to check if an artist is a project member:
   • Traces task → asset/shot → project
   • Checks ProjectMember table for membership
   • Grants access if user is a project member
3. Updated all 5 calls to check_file_access_permission to pass the db parameter

Permission Logic Flow

User tries to access attachment
    ↓
Get attachment and associated task
    ↓
Check permissions:
    - Admin/Coordinator? → ✅ Allow
    - Director? → ✅ Allow
    - Assigned to task? → ✅ Allow
    - Artist + Project member? → ✅ Allow
    - Otherwise → ❌ Deny (403)

Testing

Run the test script to verify the fix:

cd backend
python test_attachment_access.py

Expected result: Artists who are project members can now access task attachments without getting 403 errors.

Impact

• Fixes accessibility warnings in browser console
• Allows proper collaboration - project members can view each other's attachments
• Maintains security - only project members have access
• No breaking changes to existing functionality