EngincanY Member since 2018 67 posts
Tekfen Holding
Posted: 1 year ago
Last activity: 1 year ago

Attachment view security - Urgent (Maybe bug)


I use CMIS integration in one of my app. I have configured an access when rule in attachment category. For test scenarios;

  • Added "never" to view the attachment.
  • Clicked on an attachment in case attachments section and pop-up is showed up which indicates lack security(OK)
  • Clicked edit attachment.
  • Opened version history.
  • Clicked attachment name.
  • Attachment is downloaded.(Fail, maybe bug)
  • Attached a new document using pulse.
  • Clicked attachment in Pulse feed.
  • Attachment is displayed and downloadable.(Fail, maybe bug)

In addition, I have customized pyCanDisplayAttachments when rule and it works on Case Attachments section. But when that rule is false, I can still see the attachments in Pulse feed. (Maybe this is a bug also)

I hope you can understand my test scenarios. The app is very dependent on security rules. How can I fix those behaviors? Should I raise an SR?

Thank you.

Version 7.4

***Edited by Moderator Marissa to update Content Type from Discussion to Question***

***Edited by Moderator Marissa to update SR Details***

Low-Code App Development Case Management Security SR Created
Moderation Team has archived post
Share this page LinkedIn