query LegacyAttachmentPolicy permissions against parent resource
|Reported by:||Owned by:|
As the idea of
LegacyAttachmentPolicy is to link permission to view, change etc attachments to the permission to view, change etc their containing resources, i.e. tickets, wiki pages, and milestones, the resource queried for permission ought to be that parent resource. For example, as
ATTACHMENT_VIEW maps to
TICKET_VIEW should be checked against the ticket resource.
I rely on this in my installation, because I have fine-grained ticket and wiki access policy.