DESKTOP EDITION CLOUD EDITION SERVER EDITION GUIDES FORUM

Attachments are deletable by view-only users


#1

Hi, There is a bug in attachments. When we attach a file to an entry, say “Purchase Invoice”, the user with View only access is still able to delete and upload attachments. Please fix.


#2

Also, can “Edit” button be removed or disabled for View-only users?


#3

I can confirm this - have just tested on a copy of Server Edition that I have running.

@Tut or @Brucanna would this one be worthy of tagging as a bug?

There may be technical limitations for why it was implemented the way it was. Only lubos would know for sure.

Currently, users with view-only access can open the Edit form but cannot Update / Delete (those buttons are disabled), so there’s no security / permission breach here - unlike the attachment issue you mentioned.


#4

I couldn’t duplicate the error since I don’t run the server edition. Since @ShaneAU confirms it, I will elevate it.


#5

Fixed in the latest version (17.9.38)


#6

Thanks for the quick fix, lubos. Will update later and have a look.