Episerver Forms - public access to uploaded files
The problem
If I create a form that let visitors upload files:
And then send an email with a link to every file that is uploaded:
The recipient will have to log in to Episerver CMS to access the file. In most situations this is OK, but not if the recipient do not have access.
The uploaded files are stored in a folder named «Uploaded Files» inside the content assets folder for the file upload block.
Managing access rights for this folder is not directly accessible from within Episerver edit mode.
The solution
This dialog, accessible from the «manage» link on any page or block, can help us.
Inspect the markup, and open in new tab:
Alternatively, you can access the URL: /EPiServer/CMS/Edit/EditSecurity.aspx?id=1
To change the access rights of the «Uploaded Files» folder inside the file upload item's content assets folder, you will just have to replace the value of the url parameter id with the id of the folder «Uploaded Files».
Most likely, the id is the id of your file upload block + 2, and the id of the file upload block is visible in edit mode:
To be sure we get the correct ID, we can query the database. First locate the content assets folder:
SELECT pkID FROM tblContent WHERE ContentGUID =
(
SELECT ContentAssetsID FROM tblContent WHERE pkId = 131
)In my case, that yields 132. I put 132 into this query:
SELECT pkId FROM tblContent WHERE ContentPath LIKE '%.132.'...and I get the id of my «File Upload» folder that is 133.
Another option is nested subqueries that will give you the id directly.
SELECT pkId
FROM tblContent
WHERE ContentPath LIKE CONCAT(CONCAT('%.', (SELECT pkId
FROM tblContent
WHERE ContentGUID= (
SELECT ContentAssetsID
FROM tblContent
WHERE pkId = 131)))
, '.') Then replace the id in the URL, with the id for the folder «Uploaded Files»:
Add the «Everyone» group:
Make sure «Everyone» has Read-access, and save.
Now, everyone will have access to download the uploaded files for this exact upload item.