mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-27 20:44:07 +00:00
dd8d2e18f5
Summary:
With this, a custom widget can render an attachment by doing:
```
const tokenInfo = await grist.docApi.getAccessToken({readOnly: true});
const img = document.getElementById('the_image');
const id = record.C[0]; // get an id of an attachment
const src = `${tokenInfo.baseUrl}/attachments/${id}/download?auth=${tokenInfo.token}`;
img.setAttribute('src', src)
```
The access token expires after a few mins, so if a user right-clicks on an image
to save it, they may get access denied unless they refresh the page. A little awkward,
but s3 pre-authorized links behave similarly and it generally isn't a deal-breaker.
Test Plan: added tests
Reviewers: dsagal
Reviewed By: dsagal
Subscribers: dsagal
Differential Revision: https://phab.getgrist.com/D3488
|
||
|---|---|---|
| .. | ||
| Activations.ts | ||
| DocApiForwarder.ts | ||
| DocWorkerMap.ts | ||
| Doom.ts | ||
| HomeDBManager.ts | ||
| Housekeeper.ts | ||
| Permissions.ts | ||
| scrubUserFromOrg.ts | ||
| TypeORMPatches.ts | ||
| Usage.ts | ||
| values.ts | ||