Details
-
Type:
Improvement
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 4.7
-
Fix Version/s: None
-
Component/s: None
-
Labels:
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:None
-
Funding Source:Needs Funding
-
Verified?:No
Description
Currently, attachments can only be added to an entity to which the user has update permissions.
The permission check is done in the authorizeDelegate method of the DynamicFKAuthorization class. In order to "check" the permission, it calls the create action of the entity which you want to add the attachment to, passing only the entity ID as a param. Basically, if the action throws and error it means no permission is set.
This can cause problems with entities that have validations where fields other than the ID are required to be present in the params passed to the create action.