Forbidden Permission for attachment viewing

ERPNext Customize ERPNext
, , , ,
1

Hi, I have attached a file in the child table but some users are unable to view that file and the error is below. , also i made entries 1-50 in which only 3 file got this error.

# Forbidden
You don’t have permission to access this file

Any fix ?
Thank You

2

Hi possible that the file is private, try to open the file and check

image
image909×371 26.3 KB

3

If you want it to be public by default, go to Doctype or Customize Form and check this checkbox.

image
image1201×410 27.4 KB

4

Hi, @Gien_Vicencio

Yes it is set to private however all files are same but user can see the rest it’s the prblem with the first 2-3 attachments, also i already marked the make attachments public by default.
And when i try to untick the private option inside the files > Attachment name it gives me error-

### App Versions

  {
  "erpnext": "15.43.3",
  "frappe": "15.48.1",
  "gameplan": "0.0.1",
  "hrms": "15.35.3",
  "india_compliance": "15.14.2",
  "insights": "2.2.9",
  "payments": "0.0.1"
  }

### Route

Form/File/3df479d1b3

Traceback

Traceback (most recent call last):
  File "apps/frappe/frappe/app.py", line 114, in application
    response = frappe.api.handle(request)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "apps/frappe/frappe/api/__init__.py", line 49, in handle
    data = endpoint(**arguments)
           ^^^^^^^^^^^^^^^^^^^^^
  File "apps/frappe/frappe/api/v1.py", line 36, in handle_rpc_call
    return frappe.handler.handle()
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "apps/frappe/frappe/handler.py", line 49, in handle
    data = execute_cmd(cmd)
           ^^^^^^^^^^^^^^^^
  File "apps/frappe/frappe/handler.py", line 85, in execute_cmd
    return frappe.call(method, **frappe.form_dict)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "apps/frappe/frappe/__init__.py", line 1725, in call
    return fn(*args, **newargs)
           ^^^^^^^^^^^^^^^^^^^^
  File "apps/frappe/frappe/utils/typing_validations.py", line 31, in wrapper
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "apps/frappe/frappe/desk/form/save.py", line 39, in savedocs
    doc.save()
  File "apps/frappe/frappe/model/document.py", line 341, in save
    return self._save(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "apps/frappe/frappe/model/document.py", line 377, in _save
    self.run_before_save_methods()
  File "apps/frappe/frappe/model/document.py", line 1095, in run_before_save_methods
    self.run_method("validate")
  File "apps/frappe/frappe/model/document.py", line 966, in run_method
    out = Document.hook(fn)(self, *args, **kwargs)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "apps/frappe/frappe/model/document.py", line 1326, in composer
    return composed(self, method, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "apps/frappe/frappe/model/document.py", line 1308, in runner
    add_to_return_value(self, fn(self, *args, **kwargs))
                              ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "apps/frappe/frappe/model/document.py", line 963, in fn
    return method_object(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "apps/frappe/frappe/core/doctype/file/file.py", line 126, in validate
    self.handle_is_private_changed()
  File "apps/frappe/frappe/core/doctype/file/file.py", line 279, in handle_is_private_changed
    frappe.db.set_value(
  File "apps/frappe/frappe/database/database.py", line 989, in set_value
    query.run(debug=debug)
  File "apps/frappe/frappe/query_builder/utils.py", line 87, in execute_query
    result = frappe.db.sql(query, params, *args, **kwargs)  # nosemgrep
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "apps/frappe/frappe/database/database.py", line 229, in sql
    self._cursor.execute(query, values)
  File "env/lib/python3.11/site-packages/pymysql/cursors.py", line 153, in execute
    result = self._query(query)
             ^^^^^^^^^^^^^^^^^^
  File "env/lib/python3.11/site-packages/pymysql/cursors.py", line 322, in _query
    conn.query(q)
  File "env/lib/python3.11/site-packages/pymysql/connections.py", line 563, in query
    self._affected_rows = self._read_query_result(unbuffered=unbuffered)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "env/lib/python3.11/site-packages/pymysql/connections.py", line 825, in _read_query_result
    result.read()
  File "env/lib/python3.11/site-packages/pymysql/connections.py", line 1199, in read
    first_packet = self.connection._read_packet()
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "env/lib/python3.11/site-packages/pymysql/connections.py", line 775, in _read_packet
    packet.raise_for_error()
  File "env/lib/python3.11/site-packages/pymysql/protocol.py", line 219, in raise_for_error
    err.raise_mysql_exception(self._data)
  File "env/lib/python3.11/site-packages/pymysql/err.py", line 150, in raise_mysql_exception
    raise errorclass(errno, errval)
pymysql.err.OperationalError: (1054, "Unknown column 'attach_bill' in 'field list'")

Request Data

{
	"type": "POST",
	"args": {
		"doc": "{\"name\":\"3df479d1b3\",\"owner\":\"p**ha.g**@g****.in\",\"creation\":\"2024-09-03 15:12:53.981614\",\"modified\":\"2024-09-03 15:12:53.981614\",\"modified_by\":\"pa****.g**h@g****.in\",\"docstatus\":0,\"idx\":0,\"file_name\":\"chowk labour payment52dce0.jpeg\",\"is_private\":0,\"file_type\":\"JPG\",\"is_home_folder\":0,\"is_attachments_folder\":0,\"file_size\":76998,\"file_url\":\"/private/files/chowk labour payment52dce0.jpeg\",\"folder\":\"Home\",\"is_folder\":0,\"attached_to_doctype\":\"Cash Book\",\"attached_to_name\":\"new-cash-book-lhrddrzmzj\",\"attached_to_field\":\"attach_bill\",\"content_hash\":\"c3e7204ca805b5c815bdea700e52dce0\",\"uploaded_to_dropbox\":0,\"uploaded_to_google_drive\":0,\"doctype\":\"File\",\"__last_sync_on\":\"2024-11-29T07:55:48.873Z\",\"__unsaved\":1}",
		"action": "Save"
	},
	"btn": {
		"jQuery3700376579156027520231": {
			"events": {
				"click": [
					{
						"type": "click",
						"origType": "click",
						"guid": 2262,
						"namespace": ""
					}
				]
			}
		}
	},
	"freeze": true,
	"headers": {},
	"error_handlers": {},
	"url": "/api/method/frappe.desk.form.save.savedocs",
	"request_id": "e18947b1-30be-4cbb-8724-1f41df5272f2"
}

Response Data

   {
	"exception": "pymysql.err.OperationalError: (1054, \"Unknown column 
   'attach_bill' in 'field list'\")",
	"exc_type": "OperationalError"
    }
     ```
![fdsdffsd|690x157](upload://1DTEafbMPJoP6Jlozlp3ROMR7nY.png)


Again- the Forbidden issue is only happening with the first 2-3 attachments.

Thank You
5

Hi it is pointing to
pymysql.err.OperationalError: (1054, “Unknown column ‘attach_bill’ in ‘field list’”)

Please check this field > attach_bill

6

The table is there only.

7

It looks like there is a mismatch of field name. Please check if you rename that field.
You compare the ‘Attached To Field’ inside the File Doctype.
For the one that is working vs with error

8

Here is my child table fields

child
child1453×625 44.3 KB

also here are the attach fields, in which only 1st attachment has the forbidden issue.
rest are fine.

issue

9

Try checking this, compare the good and no good

image
image985×306 16 KB

10

It’s the same.

new
new1216×308 17.4 KB

Maybe something with file or permission issue ?

11

Now that you change the default to public. Just try to remove and attach again the file. Thats the easiest way. For future transaction, it should be okay

12

Yeah that is working fine but i just wanted to know that why the issue is with the first 2-3 attachments.