Contributor user id not able to view Related asset under a DAM asset | Community
Skip to main content
S
subramanya75
Level 2
January 23, 2019
Solved

Contributor user id not able to view Related asset under a DAM asset

  • January 23, 2019
  • 7 replies
  • 3303 views

We have created a relationship between some assets using RELATE functionality of AEM. Content authors are able to view the related-assets under the assets. Related assets are visible under Basic TAB of properties of any DAM asset.

The issue is user belonging to the group: "content-authors" are able to view the related assets under any asset. Where as user group :  "Contributor" are not able to view the related assets on the Basic-TAB of asset-properties.

How to resolve this issue , so that even "Contributor" users must be able to view the "related assets" . Issue is contributor users are able to access all assets but unable to view the relationship provided by Relate functionality.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by subramanya75

We Found the fix to this issue.

The culprit is below piece of code in /libs/dam/gui/components/admin/relation/relation.jsp,

This piece of code is allowing only the user having modify rights to view the relationship.

ModifiableValueMap props = relation.getProperties();

We need to overlay /libs/dam/gui/components/admin/relation/relation.jsp  into apps ( /apps/dam/gui/components/admin/relation/relation.jsp ).

Then modify the source code of  /apps/dam/gui/components/admin/relation/relation.jsp as per below:

<%@include file="/libs/granite/ui/global.jsp" %>

<%@page session="false"

        import="com.day.cq.i18n.I18n,

                                               org.apache.jackrabbit.util.Text,

                org.apache.sling.api.resource.Resource,

                org.apache.sling.api.resource.ResourceUtil,

                                                                org.apache.sling.api.resource.ModifiableValueMap,

                com.adobe.granite.ui.components.Config,              

                com.adobe.granite.xss.XSSAPI,

                com.day.cq.dam.api.Rendition,

                com.adobe.granite.asset.api.Asset,

                                                                com.adobe.granite.asset.api.AssetRelation,

                                                                com.adobe.granite.ui.components.AttrBuilder,

                                                                com.day.cq.dam.commons.util.UIHelper,

                java.util.Iterator" %><%

%><%

%>

<%

Config cfg = new Config(resource);

String assetDetailsUrl = request.getContextPath() + "/assetdetails.html";

String[] content = (String[])request.getAttribute("aem.assets.ui.properties.content");

if (null != content && content.length > 1) {

                // Return if more that one content. ince it is bulk editor

                return;

}

String contentPath = (String)request.getAttribute("granite.ui.form.contentpath");

if (null == contentPath) {

                contentPath = slingRequest.getRequestPathInfo().getSuffix();

                if (null == contentPath) {

                                // Return if cannot find content path

                                return;

                }

}

Resource res = slingRequest.getResourceResolver().getResource(contentPath);

Asset asset = (res != null ? res.adaptTo(Asset.class) : null);

AttrBuilder attrs = new AttrBuilder(request, xssAPI);

attrs.addClass(cfg.get("class", String.class));

AttrBuilder head_attrs = new AttrBuilder(request, xssAPI);

head_attrs.addClass(cfg.get("head_class", String.class));

AttrBuilder ref_attrs = new AttrBuilder(request, xssAPI);

ref_attrs.addClass(cfg.get("data_class", String.class));

String fieldLabel = cfg.get("fieldLabel", String.class);

String relationLabel = cfg.get("relationLabel", String.class);

attrs.addOthers(cfg.getProperties(), "id", "class", "rel", "title", "name", "value");

if(asset!= null) {

    try {

        Iterator<? extends Asset> itr  = asset.listRelated(relationLabel);

        if(itr.hasNext()) {%>

                                    <div style="margin-top:10px" <%= attrs.build() %>>

            <div <%= head_attrs.build() %>> <%

            if (fieldLabel != null) {

                %><label class="coral-Form-fieldlabel"><%= outVar(xssAPI, i18n, fieldLabel) %></label><%

            }

            %> </div><%

               for(int i = 0;itr.hasNext();i++) {

                Asset relation = itr.next();

                //ModifiableValueMap props = relation.getProperties();

                String resPath = relation.getPath();

                if (resPath != null) {

                    /*String resPath = "";

                    if(props.get("sling:resource") != null) {

                        resPath = props.get("sling:resource").toString();

                    } else if(props.get("dam:resolvedPath") != null) {

                        resPath = props.get("dam:resolvedPath").toString();

                        }*/

                    Resource linkedRes = slingRequest.getResourceResolver().getResource(resPath);

                    if(linkedRes != null ) {

                        String title = UIHelper.getTitle(linkedRes);

                        String assetUrl = assetDetailsUrl + Text.escapePath(linkedRes.getPath());

                        String relatedAssetPath = relation.getPath();

                        %>

                        <div <%= ref_attrs.build() %>>

                            <a title="<%= xssAPI.encodeForHTMLAttr(resPath) %>" is="coral-anchorbutton" variant="quiet" icon="link" iconsize="XS" href="<%= xssAPI.getValidHref(assetUrl) %>"  data-asset-path="<%= xssAPI.encodeForHTMLAttr(relatedAssetPath) %>" data-relation="<%= xssAPI.encodeForHTMLAttr(relationLabel) %>"> <%= xssAPI.encodeForHTML(title) %></a>

                            </div>

                        <%

                    }

                }

            }

            %></div><%

        }

    }

    catch(Exception e) {

        ;

    }

}

%>

7 replies

Gaurav-Behl
Gaurav-Behl
Level 10
January 24, 2019

Try this-

Add that user to OOB dam-users group, it has the required /dam/* permissions to allow this use case.

S
subramanya75Author
Level 2
January 24, 2019

Hi,

Adding user to dam-users will not serve the business purpose. The group "dam-users" have modify access to assets.

Business use case does not allow the users modify the asset, hence we are using "contributor" user group.

Is there any work-around or configuration fix to make "contributor" group to view the Relationship(view the assets connected by Relate).

Thanks,

Subramanya

S
subramanya75Author
Level 2
January 24, 2019

Hi all,

There are some more findings for this issue.

I logged into AEM author using contributor user id.

I accessed an Asset and this asset is related to another asset.

Contributor user is not able to view the relationship.

But when I put this request to verify the relationship, AEM provides realtionship

http://localhost:4502/libs/dam/gui/content/assets/bulkrelateasset.manageReferences.html?item=/content/dam/we-retail1/en/…

code

{"/content/dam/we-retail1/en/activities/biking/cycling_5.jpg": {"name": "cycling_5.jpg","sources": {"/content/dam/we-retail/en/activities/running/running_4.jpg": {"name": "running_4.jpg"}},"derived": {},"others": {}}}

S
subramanya75Author
Level 2
January 24, 2019

I found the Javascript responsible for fetching related assets

this is the javascript:

http://localhost:4502/libs/dam/gui/coral/components/admin/relateasset/clientlibs/relateasset.js

Gaurav-Behl
Gaurav-Behl
Level 10
January 24, 2019

This is the permission on dam-users that allows to view source/target of 'related assets'

At the bare minimum, assign rep:write to 'contributors' group, that should fix the issue

S
subramanya75Author
Level 2
January 25, 2019

Hi,

I checked providing jcr:write permission to contributor user group. But this provides modify metadata of the asset to the user.

This is not acceptable as per the business use case. User should have read only access and should not be able to modify the assets / asset meatadata.

As I have already informed by sending below GET request with out providing the jcr:write  to contributor I am  able to get the required response:

See below request and response for asset: /content/dam/we-retail1/en/activities/biking/cycling_5.jpg)

Request:

-http://localhost:4502/libs/dam/gui/content/assets/bulkrelateasset.manageReferences.html?item=/content/dam/we-retail1/en/activities/biking/cycling_5.jpg

Response from AEM:

{"/content/dam/we-retail1/en/activities/biking/cycling_5.jpg": {"name": "cycling_5.jpg","sources": {"/content/dam/we-retail/en/activities/running/running_4.jpg": {"name": "running_4.jpg"}},"derived": {},"others": {}}}

Only on the asset UI this is not working.

http://localhost:4502/libs/dam/gui/content/assets/bulkrelateasset.manageReferences.html?item=/content/dam/we-retail1/en/activities/biking/cycling_5.jpg

S
subramanya75AuthorAccepted solution
Level 2
January 28, 2019

We Found the fix to this issue.

The culprit is below piece of code in /libs/dam/gui/components/admin/relation/relation.jsp,

This piece of code is allowing only the user having modify rights to view the relationship.

ModifiableValueMap props = relation.getProperties();

We need to overlay /libs/dam/gui/components/admin/relation/relation.jsp  into apps ( /apps/dam/gui/components/admin/relation/relation.jsp ).

Then modify the source code of  /apps/dam/gui/components/admin/relation/relation.jsp as per below:

<%@include file="/libs/granite/ui/global.jsp" %>

<%@page session="false"

        import="com.day.cq.i18n.I18n,

                                               org.apache.jackrabbit.util.Text,

                org.apache.sling.api.resource.Resource,

                org.apache.sling.api.resource.ResourceUtil,

                                                                org.apache.sling.api.resource.ModifiableValueMap,

                com.adobe.granite.ui.components.Config,              

                com.adobe.granite.xss.XSSAPI,

                com.day.cq.dam.api.Rendition,

                com.adobe.granite.asset.api.Asset,

                                                                com.adobe.granite.asset.api.AssetRelation,

                                                                com.adobe.granite.ui.components.AttrBuilder,

                                                                com.day.cq.dam.commons.util.UIHelper,

                java.util.Iterator" %><%

%><%

%>

<%

Config cfg = new Config(resource);

String assetDetailsUrl = request.getContextPath() + "/assetdetails.html";

String[] content = (String[])request.getAttribute("aem.assets.ui.properties.content");

if (null != content && content.length > 1) {

                // Return if more that one content. ince it is bulk editor

                return;

}

String contentPath = (String)request.getAttribute("granite.ui.form.contentpath");

if (null == contentPath) {

                contentPath = slingRequest.getRequestPathInfo().getSuffix();

                if (null == contentPath) {

                                // Return if cannot find content path

                                return;

                }

}

Resource res = slingRequest.getResourceResolver().getResource(contentPath);

Asset asset = (res != null ? res.adaptTo(Asset.class) : null);

AttrBuilder attrs = new AttrBuilder(request, xssAPI);

attrs.addClass(cfg.get("class", String.class));

AttrBuilder head_attrs = new AttrBuilder(request, xssAPI);

head_attrs.addClass(cfg.get("head_class", String.class));

AttrBuilder ref_attrs = new AttrBuilder(request, xssAPI);

ref_attrs.addClass(cfg.get("data_class", String.class));

String fieldLabel = cfg.get("fieldLabel", String.class);

String relationLabel = cfg.get("relationLabel", String.class);

attrs.addOthers(cfg.getProperties(), "id", "class", "rel", "title", "name", "value");

if(asset!= null) {

    try {

        Iterator<? extends Asset> itr  = asset.listRelated(relationLabel);

        if(itr.hasNext()) {%>

                                    <div style="margin-top:10px" <%= attrs.build() %>>

            <div <%= head_attrs.build() %>> <%

            if (fieldLabel != null) {

                %><label class="coral-Form-fieldlabel"><%= outVar(xssAPI, i18n, fieldLabel) %></label><%

            }

            %> </div><%

               for(int i = 0;itr.hasNext();i++) {

                Asset relation = itr.next();

                //ModifiableValueMap props = relation.getProperties();

                String resPath = relation.getPath();

                if (resPath != null) {

                    /*String resPath = "";

                    if(props.get("sling:resource") != null) {

                        resPath = props.get("sling:resource").toString();

                    } else if(props.get("dam:resolvedPath") != null) {

                        resPath = props.get("dam:resolvedPath").toString();

                        }*/

                    Resource linkedRes = slingRequest.getResourceResolver().getResource(resPath);

                    if(linkedRes != null ) {

                        String title = UIHelper.getTitle(linkedRes);

                        String assetUrl = assetDetailsUrl + Text.escapePath(linkedRes.getPath());

                        String relatedAssetPath = relation.getPath();

                        %>

                        <div <%= ref_attrs.build() %>>

                            <a title="<%= xssAPI.encodeForHTMLAttr(resPath) %>" is="coral-anchorbutton" variant="quiet" icon="link" iconsize="XS" href="<%= xssAPI.getValidHref(assetUrl) %>"  data-asset-path="<%= xssAPI.encodeForHTMLAttr(relatedAssetPath) %>" data-relation="<%= xssAPI.encodeForHTMLAttr(relationLabel) %>"> <%= xssAPI.encodeForHTML(title) %></a>

                            </div>

                        <%

                    }

                }

            }

            %></div><%

        }

    }

    catch(Exception e) {

        ;

    }

}

%>

Terms & ConditionsAccessibility statement

Loading footer...