Access Salesforce Custom Object’s Attachment in Communities

I recently came across a need to show a custom object’s attachment in communities. Given that the org was using Attachments and not Content libraries was a small challenge. Here is how I went about it.

LWC in Community

Org Setup & Challenge

  1. Org is a classic org. Community is on Lightning. Hence we still use Attachments & not Content Libraries.
  2. Community user has read access on Object A which is on the master side of Master Detail Relationship with Object B.
  3. So sharing to object B is controlled by the parent, A.
  4. I have created a ligtning component to allow Community Users to download a specific document uploaded in Notes & Attachments of Object B.

<a href=”{!’/communityname/servlet/servlet.FileDownload?file=00P0p000000hzjNEAQ’}” target=”_blank”>Download</a>

5. When the community user clicks the link above, a “Insufficient Access” message is shown. The link works fine for an admin.

6. The community user has Read access to object A via a sharing set and hence is able to see records related to object A in the community.

Few Valid Suggestions from the Community

I got a few good and valid suggestions from community users but unfortunately given the state of my org and its data model, I could not implement the suggestions. Here is the link to the discussion

https://trailblazers.salesforce.com/answers?id=9064S000000CpBfQAK

Solution

  1. On the Community user’s profile, Object A’s access is Read-Only and hence Object is also Read-Only. OWDs (Internal & External) is Private.
  2. On the LWC, I invoked an apex method (with sharing) to get the Body of the Document in a Base64 encoded format.
Snapshot of the main query in the Apex class (with sharing)

3. On the component, in the JS file, create the Blob from the base64 String and use the Blob to show the file in the browser.

Convert Base64 String to a Blob in Javascript.

4. The video below shows the working of the component. On click of the button a Blob data is created and the document is shown in the browser. (Phone number shown in the document is a fake one :) )

Thank you for reading, have a wonderful day.