DISCUSSION_ATTACH perm needed to be able to view an attachment
|Reported by:||sdegrande||Owned by:||Ryan J Ollos|
I would suggest that DISCUSSION_VIEW should be enough to be granted to view the attachments of a topic.
Currently, DISCUSSION_ATTACH perm is needed, and as far as I understand, that perm is rather intended to grant the actual attachment of a file to a topic.
Here is a small patch to change the current behavior:
diff -r ec2c58e517b9 discussionplugin/0.11/tracdiscussion/api.py
a b 155 155 156 156 def check_attachment_permission(self, action, username, resource, perm): 157 157 if resource.parent.realm == 'discussion': 158 if action in ['ATTACHMENT_VIEW', 'ATTACHMENT_CREATE', 159 'ATTACHMENT_DELETE']: 158 if action in ['ATTACHMENT_CREATE', 'ATTACHMENT_DELETE']: 160 159 return 'DISCUSSION_ATTACH' in perm(resource.parent) 160 161 161 162 162 163 # IResourceManager methods.
Thanks for your great work !