Prevent Salesforce Community Users From Uploading Files

This Mail was most recently updated on: 3/20/22

File Upload Improved is a custom screen menstruation component that improves upon the basic File Upload screen component in Salesforce Flow. It adds a number of capabilities. Most notably, it allows the user to interact with their file that they take just uploaded.

Credits: Josh Dayment and Ryan Mercer

Features

We accept packed File Upload Improved with many features. We are actively developing the component, so feature requests are welcome either in the comments or on GitHub.

1. View files after being uploaded;
2. Render existing files that take already been uploaded to a particular record;
3. Specify accepted file types;
4. Restrict users from uploading multiple files, or alternatively permit users to upload multiple files;
5. Require users to upload at least ane file before proceeding, and prompt them with a custom message if they do not;
6. Delete files immediately in the UI;
7. Allow customs users to upload files to records that are not shared with them;
8. Prepare the file name of uploaded files;
9. Control whether files are visible to all users;
10. Full control over most aspects of the UX; and
11. an Invocable Apex Activity to create ContentDocumentLinks downstream in your period.

Permission Gear up

Later installing File Upload Improved, it is important that admins assign the File Upload Improved Permission Set to EACH user that will be using the component in a screen catamenia. Nosotros echo, every user that uses the component in a screen flow MUST take the File Upload Improved permission irregardless of if they are an internal user, an authenticated community user, or an unauthenticated guest user.

If a user receives the error message, "Yous practice not have access to the Apex class named 'FileUploadImprovedHelper'.", admins need to assign the permission set to that user.

Sharing Rules and Without Sharing

The File Upload Improved Permission Set gives users access to the Apex Grade FileUploadImprovedHelper. It is important for admins to understand that this Apex Class runs in a WITHOUT SHARING context, which ways that users can potentially collaborate with files related to records that they tin can't usually admission.

In the about basic configuration, users volition exist able to upload files to records that they tin't access. The component was specifically designed this manner to address the need for customs users (authenticated and unauthenticated) to be able to upload files to a record that they can't access. Equally explained in the File Upload LWC documentation:

"By default, guest users tin't upload files and don't have access to objects and their associated records.

To enable guest users to upload files, enable the org preference Allow site guest users to upload files. Even so, even if you enable this setting, guest users tin't upload files to a record unless guest user sharing rules are in identify."

Salesforce provides components a way to publish an optional bypass for the sharing rule restriction, only Without Sharing is required: at a high level, nosotros are encrypting the Related Record Id and passing it into the File Upload component via the file-field-name and the file-field-value. onuploadfinished the grade is querying the newly created ContentVersions, decrypting the Related Tape Id which has been populated in Guest_Record_fileupload__c, and creating ContentDocumentLinks from the uploaded file to the tape.

At present, a more advanced configuration of the component will allow admins to return existing files in addition to allowing the user to upload new files. This too runs in a Without Sharing context, and so the user can potentially meet and delete files that are related to a record that they can't normally access. Admins should test their configurations by logging in as a diverseness of different users to ensure that they are not exposing sensitive files inadvertently.

{!$Period.InterviewGuid}

When configuring the component in the screen flow, admins will notice a field with this label: {!$Menses.InterviewGuid}. Fifty-fifty though it is not marked as required, admins should E'er populate this field. This field serves as a key to temporarily enshroud the files in the browser using sessionStorage so that they don't disappear if users striking a validation error, and are there for users if they come back to the screen.

Because it'southward existence used every bit the cardinal, the value in the field must be unique. If in that location is only one component in the catamenia with a definitive kickoff and end to the menstruum, then admins can use {!$Menses.InterviewGuid} which is the unique identifier for the interview.

If at that place are multiple components in the menstruum with a definitive start and finish to the catamenia, admins will accept to append {!$Menses.InterviewGuid} to get in unique.

If there is a single component in the eye of a loop, admins will accept to use a flow formula like…

… and then utilise that formula in the field.

There'due south really no wrong fashion to practise this – information technology just HAS to exist unique. What happens if information technology's not unique? Users volition resurface unwanted files from the enshroud at the wrong time. If a user ever sees files that are rendering that shouldn't be, it is quite probable that the value in this field isn't unique, and admins need to make information technology unique!

Invocable Noon Action

File Upload Improved (and the standard File Upload Screen Component for that matter) inquire for the Related Tape Id by the time the component renders. In other words, in guild to upload files to a particular record using either component, the tape must already exist in Salesforce prior to getting to the screen with the File Upload component.

What happens if the record (and Related Record Id) doesn't yet exist? Allow's say y'all have a Screen Period to let users to submit Cases to your squad for support. Yous'd like the selection for those users to upload files to provide additional context – perhaps a screenshot of an fault message?

File Upload Improved includes an Invocable Apex Action for enabling File Uploads without having to pre-create records. You can read all almost this functionality Here>>.

Inputs

Property Name	Data Type	Introduced	Description
{!$Menstruum.InterviewGuid}	Cord	v1.four	Unique identifier for this field. You can start by using {!$Flow.InterviewGuid}. If you take multiple of this component blazon in the aforementioned flow, you'll have to prepend {!$Menstruum.InterviewGuid} with something else like '1' or '2' to make each component unique.
Accepted Formats	String	v1.0	The accepted file types. Enter a comma-separated listing of the file extensions (such as .jpg) that the user can upload.
Allow Multiple Files	Boolean	v1.ane – initial commit v1.5 – component disables if not true and a file has been uploaded	Allow the user to upload multiple files. If this is not Truthful, and then one time the user uploads one file, the file upload component will not allow any additional files to be uploaded.
Deprecated	N/A	v1.3.1	This input is deprecated. Whatsoever value fix hither will no longer affect the function of the component. As of v1.5, the field formerly known every bit Bypass Customs Sharing Rules has been deprecated.
Disable File Deletion	Boolean	v1.8	When this is TRUE, clicking the 'X' next to the Files will only remove them from the UI and the output listing, but the Files will Non be deleted.
Embed on External Website	Boolean	v1.seven	If this period is being embedded on an external website (similar WordPress, for example), set this to TRUE. Otherwise, this should almost e'er be empty of Imitation. From a technical perspective, this switches the component from lightning-file-upload to lightning-input type="file". This allows us to bypass some of the dependencies the former has on One.app so that it is externally embeddable. Only it comes with certain tradeoffs, most notably the max file size is 4MB-ish though there may be others. Yous can read most when yous might gear up this to True here >>.
Assistance Text	String	v1.8	The message that volition be displayed in the aid text popup.
File Upload Characterization	String	v1.0	The text on the file upload button.
Icon	String	v1.0 – initial v1.iii.1 – the system will at present automatically display the right icon depending on the file type	Nosotros advise you lot leave this bare. The default LDS Icon that will be displayed next to each uploaded file. Options hither: https://www.lightningdesignsystem.com/icons/#doctype. Prepend icon name with 'doctype:', ie 'doctype:word'. Leave bare and the system volition brandish the icon based on the extension type.
Overridden File Name	String	v1.5	The file name of the uploaded files defaults to the actual proper noun of the file. If you'd prefer to override the default file name, y'all can specify the new file proper name here. You can do funky things hither like using a Text Template (recollect to View as Plain Text) or fifty-fifty using a Menstruum Formula
Related Record Id	Cord	v1.0	The Id of the record to associate the files with. Be aware that sharing rules are Non enforced, so the user could be uploading files to a tape that they wouldn't normally have access to. If this field is bare, then the file uploads, but no ContentDocumentLinks are created and the file isn't related to any records.
Required	Boolean	v1.three.one	Require the user to upload at least one file.
Required Validation Message	String	v1.iii.i	The validation message displayed if the user has not uploaded at least one file. The default bulletin is 'Upload at to the lowest degree 1 file.'
Set Visibility to All Users	Boolean	v1.5	Past default, when an internal user uploads a file, the file is only visible to other internal users (significant community users can't see it). If you'd like to make the uploaded file visible to all users, set up this to TRUE. When a community user uploads a file, the file is already visible to all users. From a technical perspective, this sets ContentDocumentLink.Visibilty = AllUsers.
Show Existing Files Related to Tape Id	Boolean	v1.5	If you'd similar to evidence the existing files associated with the Related Tape Id (in addition to the ones that the user may upload), set this to Truthful. Be aware that sharing rules are Non enforced, so the user could meet files that they wouldn't normally take access to.
Show Files Beneath the File Upload Component	Boolean	v1.5	Past default, the files will show above the File Upload Component. If you'd prefer they exist shown below the component, set this to TRUE.
Uploaded File Listing Label	Cord	v1.iii.i	Nosotros suggest you go out this bare. The text on the listing of files uploaded. You might find that you lot prefer to leave this blank, as the UX is obvious.

Outputs

The outputs can exist accessed via manual assignment or by referencing the component via the API name directly.

Belongings Name	Information Type	Introduced	Clarification
Content Document Ids	Text Collection	v1.0	The Ids of the uploaded files. Store this value in a text collection variable. This drove returns empty for community users – authenticated and unauthenticated.
Content Version Ids	Text Collection	v1.3.1	The Version Ids of the uploaded files. Store this value in a text collection variable.
Uploaded File Names	Text Collection	v1.3.1	The names of the uploaded files. Store this value in a text drove variable.

Install

IMPORTANT: This parcel includes a permission set named "File Upload Improved". Make sure to assign it to any users to whom you lot want to grant this upload capability.

Production or Programmer Version ane.eight.2 3/20/22

Sandbox Version 1.8.2 3/20/22

(click hither for Installation Troubleshooting)

Previous Versions

Version 1.8 three/12/22 adding aid text configuration & allowing file deletion disablement iii/16/22 a issues has been identified, prepare on its style

Version one.seven.2 3/1/22 issues gear up

Version 1.seven.ane 1/thirteen/21 (Enhancements)

Version 1.6 12/21/21 (Enhancements)

Version ane.5 11/4/21 (Enhancements)

Version 1.four 9/29/21 (Enhancements)

Version ane.3.1 viii/23/21 (Enhancements)

Version 1.1.1 Unmanaged v/31 bug prepare

Version 1.i

Version 1.0

*to install in a Sandbox replace login with test in the url

View Source

lathamegreane69.blogspot.com

Source: https://unofficialsf.com/from-josh-dayment-improved-file-upload-in-flow-screens/

Share this post