Public site for private document submission

I’m looking for a solution for a simple document uploader for non-users. Ideally I would have a button on a record detail page that creates a URL that contains a couple of parameters that I would use to route the upload. The URL would be pasted into an email and sent to the non-user. The URL would open a public site that would display a Skuid page. The Skuid page would have an upload component connected to a model and set to chatter feed. The model would have a condition where record Id is equal to a page parameter. What should happen is that the non-user would click the link they receive in an email and be presented with an uploader. Any documents they upload would be uploaded to the chatter feed of the record populated per the URL parameter. I’m pretty sure I could get that working (plus or minus a tweak or two), but my question is would the uploaded document be public? Would the record in the model be public? I want access to the uploader to be public so the user doesn’t have to sign in, but the record in the model and the documents actually uploaded must be private. I’ve never worked with a public site before, so I’m not sure exactly if that is possible. From the documentation I read it seems that I would have to give read permission to the object I would use in the model and read/create permission to files/content. If I did that, then any record or file accessible or created on the public site would be accessible to anyone that goes to the public site, correct? Is there a way to accomplish public upload of private documents? Thanks

More to the point: if I set public access permissions to read/write for an object or for content, but I use model conditions in Skuid to limit or prevent the query of all records, will that “secure” the records that should not be displayed on the public site? I realize that I can carefully restrict records and content from being accessible to the guest user if they were created by other users, but if one site visitor creates a record as the guest user and another visitor arrives at the site, could they modify the page HTML to see all of guest user records even if I have model conditions in the Skuid page designed to prevent those records from being displayed?

Hi Raymond,

There’s a good overview at this link which should help to get you started.

You should be able to control the public visibility of the records using criteria-based sharing rules - you might need a checkbox field on the object you’re dealing with, something like ‘File_Uploaded__c’ and then you can have a criteria-based sharing rules which says "If ‘File_Uploaded__c == FALSE’ then make the record public read-write.

That way, when a file is uploaded by the User, you can have a Skuid action, or even a workflow rule which marks ‘File_Uploaded__c’ as TRUE and the record will no longer be public.

I’m not sure whether the file uploaded could be posted to the chatter feed of that record - you’ll need to test it out and see - there are some limitations around what the site Guest User profile can do with Chatter and process-builder actions.

Hope that helps.

It does! Thanks.