Allow non-authenticated users to replace their attachments
|Reported by:||Remy Blank||Owned by:|
|Cc:||Ryan J Ollos||Branch:|
#8592 fixed replacing attachments for authenticated users. Non-authenticated users are currently denied replacing any attachments, unless they have
The goal of this enhancement is to allow non-authenticated users to replace their own attachments, without having
ATTACHMENT_DELETE permission. The main use case is to allow correcting a bad upload shortly after the fact. This comment gives a possible solution, by structuring the
author field as
anonymous:<session_id> for unauthenticated users.
Removing one's own attachments could be enabled in the same way.