ApiError The authenticated user do not have access to this resource when accessing a media folder

[gucluoz]

Which Umbraco version are you using? (Please write the exact version, example: 10.1.0)

14.0.0

Bug summary

Hi, With a clean build & deployment of Umbraco 14 a non-administrator user with only "Media" section access right gets "ApiError The authenticated user do not have access to this resource" ApiError while trying to browse a media folder which is set as start node.

Error is raised from an ajax request to resource : umbraco/management/api/v1/data-type/3a0156c4-3b8c-4803-bdc1-6871faa83fff

If Settings section access right is added to the relevant user group, Ajax call returns with success and the user interface is fully functional with "List View - Media" data type.

Not sure if this is by design yet seems to be a bug.

Specifics

• Error popup is raised when user logs in and redirects to the page umbraco/section/media/view/media
• The actual error is raised by an ajax call to /umbraco/management/api/v1/data-type/3a0156c4-3b8c-4803-bdc1-6871faa83fff
• 3a0156c4-3b8c-4803-bdc1-6871faa83fff seems to be the guid of "List View - Media" data type
• Granting "Settings" section access right to the same user's group resolves the issue
• Same outcome with Chrome & Edge
• Tried in incognito, caches disabled

Steps to reproduce

1. Create a media folder named "Document Library"
2. Add a user group with :
   • Sections : Media
   • Allow access to all languages
   • Media start node : "Document Library"
   • Permissions : ALL (doesn't change the result)
3. Add a user with :
   • Groups : [Group created above]
4. Login with newly created user
5. Error pops up

Expected result / actual result

Expected result : List View - Media control should be visible and contents of the media folder is displayed Actual result : Error window pops up, List View - Media control is not loaded

---

This item has been added to our backlog AB#42485

[github-actions[bot]]

Hi there @gucluoz!

Firstly, a big thank you for raising this issue. Every piece of feedback we receive helps us to make Umbraco better.

We really appreciate your patience while we wait for our team to have a look at this but we wanted to let you know that we see this and share with you the plan for what comes next.

• We'll assess whether this issue relates to something that has already been fixed in a later version of the release that it has been raised for.
• If it's a bug, is it related to a release that we are actively supporting or is it related to a release that's in the end-of-life or security-only phase?
• We'll replicate the issue to ensure that the problem is as described.
• We'll decide whether the behavior is an issue or if the behavior is intended.

We wish we could work with everyone directly and assess your issue immediately but we're in the fortunate position of having lots of contributions to work with and only a few humans who are able to do it. We are making progress though and in the meantime, we will keep you in the loop and let you know when we have any questions.

Thanks, from your friendly Umbraco GitHub bot :robot: :slightly_smiling_face:

[elit0451]

Hi @gucluoz 👋

Thanks for reaching out! I managed to reproduce the issue, we will have a look 😊

[iOvergaard]

I can testify that it's an issue. It works if you give the user group access to the "Content" section in addition to the "Media" section. I realize it's not the best solution, but it could solve it temporarily.

[elit0451]

Fixed in #16865