Posted: 22 Aug 2019 4:50 EDT Last activity: 24 Sep 2019 15:49 EDT
Attachment view security - Urgent (Maybe bug)
I use CMIS integration in one of my app. I have configured an access when rule in attachment category. For test scenarios;
Added "never" to view the attachment.
Clicked on an attachment in case attachments section and pop-up is showed up which indicates lack security(OK)
Clicked edit attachment.
Opened version history.
Clicked attachment name.
Attachment is downloaded.(Fail, maybe bug)
Attached a new document using pulse.
Clicked attachment in Pulse feed.
Attachment is displayed and downloadable.(Fail, maybe bug)
In addition, I have customized pyCanDisplayAttachments when rule and it works on Case Attachments section. But when that rule is false, I can still see the attachments in Pulse feed. (Maybe this is a bug also)
I hope you can understand my test scenarios. The app is very dependent on security rules. How can I fix those behaviors? Should I raise an SR?
***Edited by Moderator Marissa to update Content Type from Discussion to Question***
***Edited by Moderator Marissa to update SR Details***