Hi,
I would like to have an extra inventory for the Cockpit - Home. I don’t want to add there extra devices but I would like to use the Image widget.
The problem is that the image is stored in the binaries and users with limited access by inventory roles can’t see the uploaded images.
To compensate that my suggestion is an extra inventory for the Cockpit - Home section. This could be even hidden if every Cockpit user has automatically reading rights for the inventory and all uploaded images in the Home section are directly stored in the inventory.
Link to the Aha post: Extra Inventory for Cockpit - Home | Cumulocity IoT Feedback Portal
Regards,
Hendrik
At 10.18 there is a ‘Binary’ specific permission. Would adding a role with just this help?
Hi,
The problem is that the image is stored in the binaries and users with limited access by inventory roles can’t see the uploaded images.
That statement is a bit too general. Users with Inventory Roles have access to:
-
All objects the current User is the owner
.
-
All Objects that are part of the Group where it has access to (this includes childDevices
, childAssets
and also childAddtions
). This lets you control which Inventory Role Uses can access the file or not. See [1] for an example how this logic is used by the standard UI.
-
All objects having the c8y_Global: {}
fragment, see globally accessible objects in docs. When you’re uploading a File, a Managed Object is created. When you add this fragment to the MO, the file will be accessible by any user in your tenant, also all Inventory Role users.
i think the last two options could help you here.
[1] When you’re creating a Dashboard with an Image Widget, the image file gets uploaded to the platform and assigned to the Device-Dashboard object as childAddition. This makes sure an Inventory Role Users with access to this Device will also be able to access the Image. And Inventory Roles Users without access to this Device won’t see the image as it is nowhere part of the device-/asset-/addition-hierarchy.
5 Likes
Thanks for your input! We will test the c8y_Global option and give you some feedback when we are done
1 Like
Hi,
I tried adding the c8y_Global : {}
property but the Rest API only allows that at the creation of an object.
We want to add the Image in the Home Dashboard of our Cockpit. In the other Dashboards it works fine. I’ve even gone so far as uploading the Image manually via python
import requests
url = "https://<tenant>/inventory/binaries"
headers = {
"Authorization": "Basic <Auth>",
"Accept": "application/json"
}
payload = { 'object' : '{ "name" : "image.jpg", "type" : "image/jpeg", "c8y_Global": {} }'}
files = [("file", open("image.jpg", "rb"))]
response = requests.request("POST", url, headers= headers, data= payload, files= files)
print(response.text.encode("utf8"))
but the content-type is "contentType": "application/octet-stream"
then.
Hi Lucas,
try doing this call (and note the “/managedObjects” part in the URL, not “/binary”):
PUT /inventory/managedObjects/{your binary id} HTTP/1.1
Host: examples.cumulocity.com
Accept: application/json
Authorization: Bearer ...
Content-Type: application/json
{"c8y_Global":{}}
Background: Once you upload a file via /inventory/binaries
there will be a “normal” Managed-Object with the same ID that describes the file. You can get and update this Managed object then via /inventory/managedObjects/{binary-id}
and that Managed Object is also the proper one to add the c8y_Global fragment to.
Let me know if it worked!
This action added the fragment to the managed object but not to the binary. Therefore the less privileged user still cant access it.
Ok, I think I got it.
Here is my Workflow:
- Add the image widget to the dashboard with a dummy image.
- Get your dashboard ID and save the
c8y_Dashboard
fragment for step 5 (Request)
- Upload the new image with this python script.
import requests
url = "https://<tenant>/inventory/binaries"
headers = {
"Authorization": "Basic <Auth>",
"Accept": "application/json"
}
payload = { 'object' : '{ "name" : "image.jpg", "type" : "image/jpeg", "c8y_Global": {} }'}
files = {"file": ("image.jpg", open("image.jpg", "rb"), "image/jpeg") }
response = requests.request("POST", url, headers= headers, data= payload, files= files)
print(response.text.encode("utf8"))
- Add the new image to the dashboard managed object as additional resource (Request)
- Update the dashboard managed object with a new
c8y_Dashboard
fragment where the image ID is changed to the new one. (Request)
- Delete the dummy image from your Binaries (Request)
1 Like