You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is not a bug per se, it's just how it was coded. I even added a comment to acknowledge my laziness:
// check user owns the file// we could also check if user has read access to the item// but for now let's just restrict downloading file via API to owned filesif ((int) $uploadData['userid'] !== (int) $this->Users->userData['userid']) {
returnnewResponse('You do not have permission to access this resource.', 403);
}
Are the changes from a27ef8f compatible with the current version 3.6.7 in order to enable download of the attachments prior to the new release version 4?
Describe the bug
When trying to access data uploads via API that was uploaded by userA, userB gets HTTP error 403.
Steps to reproduce
Information
The text was updated successfully, but these errors were encountered: