Hello,
I am looking for a solution on how to manage access (read, write/delete) to attachement in v13.
I am aware of older postings regarding similar requirements, but none of them contains a solution:
Scenario: Within a doctype (let say Project, but same for all doctypes), a user adds an attachement. As a customer has also read access to the project, sometimes it is required to hide specific attachement, so that the customer won’t see all of them.
General issue: Even if someone cannot access a doctype due to permission, he can access files directly via URL.
Any ideas on how to handle this? It feels like a very basic requirement and I am wondering, if there isn’t a solution, yet.
As I understand right now, there is no build-in functionality for this.
My plan is to add a custom module for this functionality
Create new doctype “User_File_Permission_Assignment” to maintain the permission per File, User and ptype (Read, Write, …)
Enhance the default “has_permission”-method part of “Files” doctype and add lookup for a entry in the new “User_File_Permission_Assignment”.
What is the best/correct way to overwrite/ hook into the default “has_permission” method, part of “File” doctype?