id summary reporter owner description type status priority component severity resolution keywords cc release 8301 Attachment policy implementation prevents other plugins from functioning correctly Derek Konigsberg Radek Bartoň "The ILegacyAttachmentPolicyDelegate implementation in api.py does not check the resource realm prior to doing its permission check. If this permission check fails, it has the side effect of preventing permission checks in other modules from even functioning at all. On my system, the side effect was that FullBlogPlugin was unable to display attachments for anonymous users (and disabling the DiscussionPlugin magically fixed it). The current code is written as follows: {{{ #!python def check_attachment_permission(self, action, username, resource, perm): return perm.has_permission('DISCUSSION_ATTACH') }}} It should instead look something like this: {{{ #!python def check_attachment_permission(self, action, username, resource, perm): if resource.parent.realm == 'discussion': return perm.has_permission('DISCUSSION_ATTACH') }}} " defect closed normal DiscussionPlugin major fixed 0.11