Details
-
Bug
-
Resolution: Fixed
-
Low
-
1
-
Severity 3 - Minor
-
Description
Issue Summary
Using the copy REST API to replace the content of an existing page causes the attachments not to be visible to Anonymous users
Steps to Reproduce
- Create a source page with an attachment
- Create a space with "Anonymous access granted". This is the target space.
- Create a page in the target space. The content of this page will be overwritten at the next step
- Overwrite the content of the target page via the API with the content of the source page
curl --request POST \ --url '<site>/wiki/rest/api/content/401833985/copy' \ --header 'Accept: application/json;charset=UTF-8' \ --header 'Content-Type: application/json' \ --data '{ "copyAttachments": true, "copyPermissions": true, "copyProperties": true, "copyLabels": false, "copyCustomContents": true, "destination": { "type": "existing_page", "value": "402161665" } }' \ --basic --user '<userEmail>:<token>'
Expected Results
The attachments are visible to every user, including the anonymous ones.
Actual Results
The attachments are only visible to logged in users and not to the anonymous ones.
Workaround
There are a few options that can be considered here:
- For each affected attachment, download it from the attachment page and create a new version by re-uploading the same attachment. Potentially this can be automated.
- Remove the ability to access the space as anonymous user (which is done via the "Anonymous access granted" setting)