Content Editors Getting 403 Forbidden on RichText stylesheet in backoffice: " ApiError The authenticated user do not have access to this resource"

[nackler]

Which Umbraco version are you using? (Please write the exact version, example: 10.1.0)

14.3.0

Bug summary

When a backoffice user is a content editor, NOT an administrator, and editing a property that is a richtext editor that has been configured with a stylesheet, they receive a validation error "ApiError - The authenticated user do not have access to this resource" and the browser logs a "403 Forbidden" response on the request for the css file(s).

Specifics

I have a proprty on a block grid element set up as type Umb.PropertyEditorUi.TinyMCE | Umbaraco.RichText.

In its configuration it is set up with a stylesheet to be used in the backoffice

When I log in as a content editor and try to place this block on a page and insert content into this richtext editor I get errors

These errors do not appear if I log in as an administrator, but I do not want to give my content editors administrator access.

Steps to reproduce

Set up a richtext editor on a property. Add stylesheets to that richtext editor's property. Log in as a content editor and try to edit that richtext property's value. See screenshots in the bug specifics.

Expected result / actual result

I should see the richtext box styled by the configured CSS and not receive 403 Forbidden responses when loading the CSS

---

This item has been added to our backlog AB#46200

[github-actions]

Hi there @nackler!

Firstly, a big thank you for raising this issue. Every piece of feedback we receive helps us to make Umbraco better.

We really appreciate your patience while we wait for our team to have a look at this but we wanted to let you know that we see this and share with you the plan for what comes next.

• We'll assess whether this issue relates to something that has already been fixed in a later version of the release that it has been raised for.
• If it's a bug, is it related to a release that we are actively supporting or is it related to a release that's in the end-of-life or security-only phase?
• We'll replicate the issue to ensure that the problem is as described.
• We'll decide whether the behavior is an issue or if the behavior is intended.

We wish we could work with everyone directly and assess your issue immediately but we're in the fortunate position of having lots of contributions to work with and only a few humans who are able to do it. We are making progress though and in the meantime, we will keep you in the loop and let you know when we have any questions.

Thanks, from your friendly Umbraco GitHub bot 🤖 🙂