We use a workflow (Integromat) which automatically stores email attachments and various metadata in an S3 bucket (and folders), and a Lambda function which upserts a row in a Coda table with link, key, meta, etc.
The problem we have is around file permissions on S3. We don’t want to have the bucket Public, yet want our doc editors to be able to open the file links via a browser.
We tried to use buttons containing the file links which trigger an
OpenWindow(thisRow.[route] action ([route] column is the S3 URL), as I read somewhere that read-only users can’t press buttons - that appears not to be true.
I suspect we could make an IAM user specifically for this purpose, and pass those creds via an HTTP call to an S3 Get request, and then do an
OpenWindowaction. Problems are, (a) there’s no URL present in the Get response - so don’t know how to get there, and (b) if there were, the column, hidden or not, would be visible to all anyway.
Our entire data store is in one Doc, with pages/subpages. We’re still a bit unclear about sharing/permissions - perhaps one answer is to refactor the schema into different docs or sections… although we still don’t have clarity about permissions vs workspace/sections/docs - would we, for instance put sensitive tables / info into another doc/section/workspace and use cross-doc? Any help on sorting out organization schemas would be helpful.
Goal is to make the bucket private, somehow pass creds to S3 so that only Coda can open the file in another browser tab - or something to that effect. Happy to build a pack that does this, though we’re obviously not clear how to effect this.
One possibility could be downloading the file to Coda temporary cache, and (or local storage) and opening a tab from there…
Any thoughts out there?