Patch #24623
openImplements CRUD permissions and restrictions to issue attachments
Added by Frederico Camara almost 8 years ago. Updated over 2 years ago.
0%
Description
If anyone could help implement the test cases, I think this would be a great feature to Redmine.
Test applying the patch from Redmine directory:
patch --dry-run -p1 < atta.version
Then apply:
patch -p1 < atta.version
Patches added to redmine 3.1/3.2, 3.3 and current master.
Patch details:¶
Permissions:- lib/redmine.rb
- app/models/issue.rb
- app/models/journal.rb
- app/views/issues/show.api.rsb
- app/views/issues/show.html.erb
- lib/redmine/export/pdf/issues_pdf_helper.rb
- lib/plugins/acts_as_searchable/lib/acts_as_searchable.rb
- app/views/issues/new.html.erb
- app/views/issues/_edit.html.erb
- app/controllers/issues_controller.rb
- app/models/issue.rb
- app/models/mailer.rb
- app/views/mailer/_issue.html.erb
- app/views/mailer/_issue.text.erb
- config/locales/en.yml
- config/locales/pt-BR.yml
- db/migrate/20161215142110_add_attachments_permissions.rb
Files
Related issues
Updated by Frederico Camara almost 8 years ago
To migrate db and restart Rails:
touch tmp/restart.txt;RAILS_ENV=production bundle exec rake db:migrate
Updated by Frederico Camara almost 8 years ago
Updated by Marius BĂLTEANU almost 8 years ago
To increase the changes to have this patch taken into account, you should add tests to it.
Updated by Mischa The Evil almost 8 years ago
- Is duplicate of Feature #4362: Permissions on attachments added
Updated by Mischa The Evil almost 8 years ago
- Is duplicate of Feature #9358: Issue attachment permissions added
Updated by Mischa The Evil almost 8 years ago
- Is duplicate of Feature #21562: Add a permission to prevent user delete issues attachments. added
Updated by Go MAEDA almost 8 years ago
This patch introduces 3 permissions as follows.
- :view_attachments
- :edit_permission
- :delete_attachments
Frederico Camara, thank you for posting this useful patch. Could you add tests?
Updated by Frederico Camara almost 8 years ago
Go MAEDA wrote:
This patch introduces 3 permissions as follows.
- :view_attachments
- :edit_permission
- :delete_attachments
Frederico Camara, thank you for posting this useful patch. Could you add tests?
I will try to, but I'm somewhat new to Ruby/Rails and I don't know how to make tests. At least the Patch Details on the description lists which tests have to be made. This may take a while.
PS: I said it in the first line of the Description :-)
Updated by James Lai almost 8 years ago
Go MAEDA wrote:
This patch introduces 3 permissions as follows.
- :view_attachments
- :edit_permission
- :delete_attachments
Frederico Camara, thank you for posting this useful patch. Could you add tests?
I found some problem when I login with LDAP's account(AD),it show "Internal error";and if use built-in account to login, it can work normal.
my redmine version is below:
Environment:
Redmine version 3.3.1.stable
Ruby version 2.3.1-p112 (2016-04-26) [x86_64-linux]
Rails version 4.2.7.1
Environment production
Database adapter PostgreSQL
Updated by Frederico Camara almost 8 years ago
James Lai wrote
I found some problem when I login with LDAP's account(AD),it show "Internal error";and if use built-in account to login, it can work normal.
my redmine version is below:
Environment:
Redmine version 3.3.1.stable
Ruby version 2.3.1-p112 (2016-04-26) [x86_64-linux]
Rails version 4.2.7.1
Environment production
Database adapter PostgreSQL
Could you post the error log for the internal error you are receiving? It could be caused by a plugin, or by a bug in my code, I don't know.
I use ldap login at work, but I think someone implemented some restriction for my development environment. I don't think it can still reach the ldap server, I'll try it later.
Thank you.
Updated by James Lai almost 8 years ago
Frederico Camara wrote:
James Lai wrote
I found some problem when I login with LDAP's account(AD),it show "Internal error";and if use built-in account to login, it can work normal.
my redmine version is below:
Environment:
Redmine version 3.3.1.stable
Ruby version 2.3.1-p112 (2016-04-26) [x86_64-linux]
Rails version 4.2.7.1
Environment production
Database adapter PostgreSQLCould you post the error log for the internal error you are receiving? It could be caused by a plugin, or by a bug in my code, I don't know.
I use ldap login at work, but I think someone implemented some restriction for my development environment. I don't think it can still reach the ldap server, I'll try it later.
Thank you.
I've resolved it now,it is some file's permission(production log and tmp/ldapcatche) cause,now I've resolved it.Thank you.
Updated by James Lai almost 8 years ago
Hello Frederico,when I patch atta.3.3 throw "patch --dry-run -p1 < atta.3.3",I get the error as below:
checking file app/controllers/issues_controller.rb
Hunk #1 FAILED at 136 (different line endings).
Hunk #2 FAILED at 474 (different line endings).
2 out of 2 hunks FAILED
checking file app/models/issue.rb
Hunk #1 FAILED at 43 (different line endings).
Hunk #2 FAILED at 265 (different line endings).
2 out of 2 hunks FAILED
checking file app/models/journal.rb
Hunk #1 FAILED at 74 (different line endings).
1 out of 1 hunk FAILED
So I have to change it by manual.
Updated by Frederico Camara almost 8 years ago
James Lai wrote:
Hello Frederico,when I patch atta.3.3 throw "patch --dry-run -p1 < atta.3.3",I get the error as below:
checking file app/controllers/issues_controller.rb
Hunk #1 FAILED at 136 (different line endings).
Hunk #2 FAILED at 474 (different line endings).
2 out of 2 hunks FAILED
checking file app/models/issue.rb
Hunk #1 FAILED at 43 (different line endings).
Hunk #2 FAILED at 265 (different line endings).
2 out of 2 hunks FAILED
checking file app/models/journal.rb
Hunk #1 FAILED at 74 (different line endings).
1 out of 1 hunk FAILEDSo I have to change it by manual.
You probably use Windows. Windows and Linux use different characters for line endings. Unless you use an editor that respects that, you can unknowingly change the end of line characters of thefiles or on the patch file, and patch will fail. Maybe you'll have to sed end of line characters or use unix2dos/dos2unix.
Tip: Google for "patch different line endings".
Updated by James Lai almost 8 years ago
Hello, Frederico,
I have test again, using centos7(CentOS Linux release 7.3.1611 (Core)) and redmine 3.3.2 version,in redmine path I run "patch --dry-run -p1 < atta.3.3" ,the same error appear.
Updated by Frederico Camara almost 8 years ago
James Lai wrote:
Hello, Frederico,
I have test again, using centos7(CentOS Linux release 7.3.1611 (Core)) and redmine 3.3.2 version,in redmine path I run "patch --dry-run -p1 < atta.3.3" ,the same error appear.
Maybe there's something different with the redmine package you're using. Try this: on Redmine directory, issue these two commands:
cat -et atta.3.3 | head cat -et app/models/journal.rb | head
cat -et exposes the end of line characters, head shows only the beginning on the file.You should see some difference at the end of each line between the two files. If you do, my guess is you're using redmine packaged using windows. I installed Redmine using git, but I know Redmine community uses something else. The end of line character does not make any difference for Ruby, but it does for patch.
You can probably solve it using dos2unix:
find . -type f -exec dos2unix {} \;
Patch should work then.
Updated by James Lai almost 8 years ago
Hello, Frederico,
Thank you very much,now I use redmine-3.3.2.tar.gz to installed and patch success.
Updated by Toshi MARUYAMA almost 8 years ago
Frederico Camara wrote:
Go MAEDA wrote:
This patch introduces 3 permissions as follows.
- :view_attachments
- :edit_permission
- :delete_attachments
Frederico Camara, thank you for posting this useful patch. Could you add tests?
I will try to, but I'm somewhat new to Ruby/Rails and I don't know how to make tests.
You can see examples.
source:trunk/test
Updated by Ricky Liu over 7 years ago
Good patch, thank you very much!
Works with redmine-3.3 stable and LDAP fine.
Updated by Ilya Ternovoy over 7 years ago
- File img-2017-03-28-12-12-22.png img-2017-03-28-12-12-22.png added
- File img-2017-03-28-12-15-45.png img-2017-03-28-12-15-45.png added
I have installed the patch and made database migration succesfully. But it seems like no changes on role permission page. Where is those settings?
Environment:
CentOS Linux release 7.2.1511 (Core)
Redmine version 3.3.0.stable
Ruby version 2.0.0-p598 (2014-11-13) [x86_64-linux]
Rails version 4.2.6
Redmine plugins:
clipboard_image_paste 1.6a
redmine_agile 1.4.1
redmine_ldap_sync 2.0.8.devel.g341b902df1
sidebar_hide 0.0.2
Updated by Ilya Ternovoy over 7 years ago
Ilya Ternovoy wrote:
I have installed the patch and made database migration succesfully. But it seems like no changes on role permission page. Where is those settings?
Environment:
CentOS Linux release 7.2.1511 (Core)
Redmine version 3.3.0.stable
Ruby version 2.0.0-p598 (2014-11-13) [x86_64-linux]
Rails version 4.2.6
Redmine plugins:
clipboard_image_paste 1.6a
redmine_agile 1.4.1
redmine_ldap_sync 2.0.8.devel.g341b902df1
sidebar_hide 0.0.2
I rebooted the server and now attachments settings are available on "role and permissions" page. But checkbox "Delete attachments" has no effect. I mean even if i uncheck it the user can delete an attachment anyway. Should I uncheck any other checkboxes to forbid user delete attachment? Current permission screen in attachment
Updated by Ilya Ternovoy over 7 years ago
Ilya Ternovoy wrote:
I rebooted the server and now attachments settings are available on "role and permissions" page. But checkbox "Delete attachments" has no effect. I mean even if i uncheck it the user can delete an attachment anyway. Should I uncheck any other checkboxes to forbid user delete attachment? Current permission screen in attachment
Patch works great!) It seems like I have attachment delete button because I am admin, in spite of my role on project. Users who are not admins do not see delete button now! Thanks!
Updated by Frederico Camara over 7 years ago
Ilya Ternovoy wrote:
Ilya Ternovoy wrote:
I rebooted the server and now attachments settings are available on "role and permissions" page. But checkbox "Delete attachments" has no effect. I mean even if i uncheck it the user can delete an attachment anyway. Should I uncheck any other checkboxes to forbid user delete attachment? Current permission screen in attachment
Patch works great!) It seems like I have attachment delete button because I am admin, in spite of my role on project. Users who are not admins do not see delete button now! Thanks!
You're welcome.
Admins are so powerful, I am usually logged as a normal user in a normal browser window, and as admin in a separate private browser window.
Updated by James Lai over 7 years ago
Hello,Frederico
your patch is very usefully,and I think that how to realize the document module's attachment upload permission,are you any idea? thank you!
Updated by Frederico Camara over 7 years ago
James Lai wrote:
Hello,Frederico
your patch is very usefully,and I think that how to realize the document module's attachment upload permission,are you any idea? thank you!
The redmine Documents module has its own permissions. They are grouped under Documents in Administration > Roles and Permissions.
Updated by James Lai over 7 years ago
Frederico Camara wrote:
James Lai wrote:
Hello,Frederico
your patch is very usefully,and I think that how to realize the document module's attachment upload permission,are you any idea? thank you!The redmine Documents module has its own permissions. They are grouped under Documents in Administration > Roles and Permissions.
I mean is I can control user to upload attachment permission.give an example,developer or reporter can add document,but can not upload attechments,only manager can add document and upload attachments.
Updated by Frederico Camara over 7 years ago
James Lai wrote:
Frederico Camara wrote:
James Lai wrote:
Hello,Frederico
your patch is very usefully,and I think that how to realize the document module's attachment upload permission,are you any idea? thank you!The redmine Documents module has its own permissions. They are grouped under Documents in Administration > Roles and Permissions.
I mean is I can control user to upload attachment permission.give an example,developer or reporter can add document,but can not upload attechments,only manager can add document and upload attachments.
I don't think I understand what you're trying to say. What I meant is that permissions for Documents are independent of permissions for Issue attachments. See the edited screencapture I made "Issue Permissions" (attached).
Updated by James Lai over 7 years ago
Frederico Camara wrote:
James Lai wrote:
Frederico Camara wrote:
James Lai wrote:
Hello,Frederico
your patch is very usefully,and I think that how to realize the document module's attachment upload permission,are you any idea? thank you!The redmine Documents module has its own permissions. They are grouped under Documents in Administration > Roles and Permissions.
I mean is I can control user to upload attachment permission.give an example,developer or reporter can add document,but can not upload attechments,only manager can add document and upload attachments.
I don't think I understand what you're trying to say. What I meant is that permissions for Documents are independent of permissions for Issue attachments. See the edited screencapture I made "Issue Permissions" (attached).
thank you very much.
Updated by Aleksandar Pavic over 6 years ago
+1 IMHO, this should be added to Redmine core.
Updated by Nothing Ctrl over 6 years ago
- File Screenshot from 2018-05-24 11-46-55.png Screenshot from 2018-05-24 11-46-55.png added
- File Screenshot from 2018-05-24 11-46-47.png Screenshot from 2018-05-24 11-46-47.png added
Hello,
Can you update for Redmine 3.4
I'm test with file atta.3.3 and atta.master but dry-run got some failed.
Updated by Frederico Camara over 6 years ago
Nothing Ctrl wrote:
Hello,
Can you update for Redmine 3.4
I'm test with file atta.3.3 and atta.master but dry-run got some failed.
Updated, to 3.4-stable (on github).
Not tested, but it should work, just had to adapt to little changes since 3.3.
Updated by Nothing Ctrl about 6 years ago
Frederico Camara wrote:
Nothing Ctrl wrote:
Hello,
Can you update for Redmine 3.4
I'm test with file atta.3.3 and atta.master but dry-run got some failed.
Updated, to 3.4-stable (on github).
Not tested, but it should work, just had to adapt to little changes since 3.3.
Confirm is work on Redmine 3.4
Updated by Piko Tao over 5 years ago
- File atta.4.0.patch atta.4.0.patch added
Frederico Camara wrote:
Nothing Ctrl wrote:
Hello,
Can you update for Redmine 3.4
I'm test with file atta.3.3 and atta.master but dry-run got some failed.
Updated, to 3.4-stable (on github).
Not tested, but it should work, just had to adapt to little changes since 3.3.
I made one patch for redmine 4.0-stable.
Hope this feature be added into core feature.
Updated by Frederico Camara about 5 years ago
- File 0015-Implements-permissions-and-restrictions-to-issue-att.patch 0015-Implements-permissions-and-restrictions-to-issue-att.patch added
Redmine 4.0 added a feature so roles could have different permissions to each tracker. I had to rearrange things a bit so these permissions would extend to attachments. Permissions for attachments so become:
- view_attachments
- add_attachments
- edit_attachments (rename)
- delete_attachments
Important: In my old patches there was not an add_attachments permissions, Redmine would use the edit_attachments to verify if the user could add attachments. After applying the patch you would have to set add_attachments permissions to your roles.
Updated by Aleksandar Pavic over 4 years ago
So for Redmine 4, we should only run this one 0015-Implement... from above post?
How about Redmine 4.1 ?
Updated by Frederico Camara over 4 years ago
Aleksandar Pavic wrote:
So for Redmine 4, we should only run this one 0015-Implement... from above post?
How about Redmine 4.1 ?
Untested, but probably works. Redmine 4 changed some user permissions regarding issues, you can see it in the role administration.
I did not try patching Redmine 4.1. Tell me if patch fails.
Updated by Aleksandar Pavic over 4 years ago
Well I downloaded fresh 4.1 and got few chunk errors, and many succeeds...
patch --dry-run -p1 < 0015-Implements-permissions-and-restrictions-to-issue-att.patch patching file app/controllers/issues_controller.rb Hunk #1 succeeded at 88 with fuzz 2 (offset 2 lines). Hunk #2 succeeded at 130 (offset 3 lines). Hunk #3 succeeded at 169 (offset 3 lines). Hunk #4 succeeded at 287 with fuzz 2 (offset 18 lines). Hunk #5 succeeded at 353 (offset 21 lines). Hunk #6 succeeded at 574 (offset 23 lines). patching file app/models/issue.rb Hunk #1 succeeded at 40 (offset 2 lines). Hunk #2 succeeded at 189 with fuzz 1 (offset 5 lines). Hunk #3 succeeded at 296 (offset 5 lines). Hunk #4 succeeded at 1657 (offset 7 lines). patching file app/models/journal.rb Hunk #1 succeeded at 92 (offset 4 lines). patching file app/models/mailer.rb Hunk #1 succeeded at 99 with fuzz 1 (offset 6 lines). Hunk #2 succeeded at 117 (offset 7 lines). Hunk #3 succeeded at 133 (offset 7 lines). patching file app/views/issues/_edit.html.erb Hunk #1 succeeded at 45 (offset 5 lines). Hunk #2 FAILED at 81. 1 out of 2 hunks FAILED -- saving rejects to file app/views/issues/_edit.html.erb.rej patching file app/views/issues/index.api.rsb patching file app/views/issues/new.html.erb patching file app/views/issues/new.js.erb patching file app/views/issues/show.api.rsb patching file app/views/issues/show.html.erb patching file app/views/mailer/_issue.html.erb patching file app/views/mailer/_issue.text.erb patching file app/views/roles/_form.html.erb Hunk #1 FAILED at 67. 1 out of 1 hunk FAILED -- saving rejects to file app/views/roles/_form.html.erb.rej patching file config/locales/en.yml Hunk #1 succeeded at 509 (offset 17 lines). patching file config/locales/pt-BR.yml Hunk #1 succeeded at 785 (offset 3 lines). patching file db/migrate/20161215142110_add_attachments_permissions.rb patching file lib/plugins/acts_as_searchable/lib/acts_as_searchable.rb Hunk #1 succeeded at 136 (offset 2 lines). patching file lib/redmine.rb Hunk #1 FAILED at 99. 1 out of 1 hunk FAILED -- saving rejects to file lib/redmine.rb.rej patching file lib/redmine/export/pdf/issues_pdf_helper.rb Reversed (or previously applied) patch detected! Assume -R? [n]
So I'm aborting...
Updated by Frederico Camara over 4 years ago
- File 0015-Implements-permissions-and-restrictions-to-issue-att.patch 0015-Implements-permissions-and-restrictions-to-issue-att.patch added
Aleksandar Pavic wrote:
Well I downloaded fresh 4.1 and got few chunk errors, and many succeeds...
[...]
So I'm aborting...
There were some minor modifications on some files. Redmine 4.1 patch added.
Updated by Pawel Orzechowski over 4 years ago
FREDERICO LÚCIO DE SOUZA, can you create this patch as a plugin?
Updated by Frederico Camara over 4 years ago
Pawel Orzechowski wrote:
FREDERICO LÚCIO DE SOUZA, can you create this patch as a plugin?
I can take some time. It would have to be implemented differently, I'll try.
Updated by Adriano Bellia over 4 years ago
Frederico Camara wrote:
Aleksandar Pavic wrote:
Well I downloaded fresh 4.1 and got few chunk errors, and many succeeds...
[...]
So I'm aborting...There were some minor modifications on some files. Redmine 4.1 patch added.
Hi,
thank you for this implementation. It is great!!!
Does this version works also with Redmine 4.0.3? Or should I use older version?
I've installed the 4.0 version, but, when I create a new issue it follows the rules created. During a modification (with all the attachment rules unflagged) I see again the file button.
Updated by Frederico Camara over 4 years ago
- File 0015-Implements-permissions-and-restrictions-to-issue-att-fix-4.1.patch 0015-Implements-permissions-and-restrictions-to-issue-att-fix-4.1.patch added
- File 0015-Implements-permissions-and-restrictions-to-issue-att-fix-4.0.patch 0015-Implements-permissions-and-restrictions-to-issue-att-fix-4.0.patch added
Adriano Bellia wrote:
I've installed the 4.0 version, but, when I create a new issue it follows the rules created. During a modification (with all the attachment rules unflagged) I see again the file button.
You're right. I had it implemented on my 3.2 patch but forgot this bit when reimplementing the whole thing to the 4.0, 4.1 patches.
Fix files added.
Updated by Frederico Camara over 4 years ago
- File 0015-Implements-permissions-and-restrictions-to-issue-att-fix2-4.0.patch 0015-Implements-permissions-and-restrictions-to-issue-att-fix2-4.0.patch added
- File 0015-Implements-permissions-and-restrictions-to-issue-att-fix2-4.1.patch 0015-Implements-permissions-and-restrictions-to-issue-att-fix2-4.1.patch added
Frederico Camara wrote:
Adriano Bellia wrote:
I've installed the 4.0 version, but, when I create a new issue it follows the rules created. During a modification (with all the attachment rules unflagged) I see again the file button.
You're right. I had it implemented on my 3.2 patch but forgot this bit when reimplementing the whole thing to the 4.0, 4.1 patches.
Fix files added.
Sloppy patch. Here is a much better patch, it takes into consideration the user may change the Issue Tracker when showing the attachment button. Also fix a bug when editing the path "/issues/#/edit".
Wish I could delete old files.
Updated by Adriano Bellia over 4 years ago
Frederico Camara wrote:
Frederico Camara wrote:
Adriano Bellia wrote:
I've installed the 4.0 version, but, when I create a new issue it follows the rules created. During a modification (with all the attachment rules unflagged) I see again the file button.
You're right. I had it implemented on my 3.2 patch but forgot this bit when reimplementing the whole thing to the 4.0, 4.1 patches.
Fix files added.
Sloppy patch. Here is a much better patch, it takes into consideration the user may change the Issue Tracker when showing the attachment button. Also fix a bug when editing the path "/issues/#/edit".
Wish I could delete old files.
Sorry to bother you,
how do I apply this fix? I should first reverse the old patch?
If I try to apply directly 0015-Implements-permissions-and-restrictions-to-issue-att-fix2-4.0.patch after 0015-Implements-permissions-and-restrictions-to-issue-att.patch it asks me to reverse the older one.
Reversed (or previously applied) patch detected! Assume -R? [n] n
Apply anyway? [n] y
Hunk #1 FAILED at 86.
Hunk #2 FAILED at 126.
Hunk #3 succeeded at 158 (offset 3 lines).
Hunk #4 FAILED at 164.
Hunk #5 FAILED at 265.
Hunk #6 FAILED at 328.
Hunk #7 FAILED at 546.
6 out of 7 hunks FAILED
Updated by Adriano Bellia over 4 years ago
also reversing the first patch and applying directly the fix2 gives errrors :(
If I apply fix1 (after the first patch reverted) it goes perfectly. But If I retry then with the fix2 it gives me the same messages
Updated by Frederico Camara over 4 years ago
- File 0015-Implements-permissions-and-restrictions-to-issue-att-fix3-4.0.patch 0015-Implements-permissions-and-restrictions-to-issue-att-fix3-4.0.patch added
Adriano Bellia wrote:
also reversing the first patch and applying directly the fix2 gives errrors :(
If I apply fix1 (after the first patch reverted) it goes perfectly. But If I retry then with the fix2 it gives me the same messages
Thanks for the reply. Atom messed up my patch, removing blank spaces from the source lines. New file uploaded.
You have to revert to the situation before the patch was applied. This means reverting last applied patches. If you lost track or prefer to start from scratch (and use git, which I personally recomend), you can revert to a previous state using it:
find -name "*.rej" -exec rm {} \; # Remove patch unapplied patches find -name "*.orig" -exec rm {} \; # Remove patch backups git reset --hard git status # check if your branch is up to date with 'origin/4.0-stable'. You may have to remove some created files manually (eg: db).
Now you can reapply any patches you use.
Updated by Adriano Bellia over 4 years ago
Thank you!!! Now it seems perfect :)
Updated by Pawel Orzechowski over 4 years ago
My question is why this feature is not implemented as plugin?
Updated by Frederico Camara over 4 years ago
Pawel Orzechowski wrote:
My question is why this feature is not implemented as plugin?
You have asked me that a month ago, and I answered already (see comment #24623-40).
Implementing as a plugin is much harder, and different. It would have to account that the scope of this feature changed a lot between Redmine versions 3.x and 4.x. See the admin role configuration. On unpatched Redmine, file CRUD restrictions are the same as issue restrictions. Redmine 4 implements permission per tracker, so file restrictions had to be implemented per tracker also.
Besides that, most things were implemented in the controller. I would have to implement them in the model and I would have to research how to do it seamlessly, because Issue.attachments returns ActiveRecord::Associations::CollectionProxy and I would have to test an active record that filters out attachments not visible to the user, for example.
Besides that, implementing as a plugin gives only minor compatibility between versions of Redmine.
Updated by Mischa The Evil over 3 years ago
- Subject changed from Implements permissions and restrictions to issue attachments to Implements CRUD permissions and restrictions to issue attachments
- Target version set to Candidate for next major release
Frederico Camara wrote:
Implementing as a plugin is much harder, and different. It would have to account that the scope of this feature changed a lot between Redmine versions 3.x and 4.x. See the admin role configuration. On unpatched Redmine, file CRUD restrictions are the same as issue restrictions. Redmine 4 implements permission per tracker, so file restrictions had to be implemented per tracker also.
Besides that, most things were implemented in the controller. I would have to implement them in the model and I would have to research how to do it seamlessly, because Issue.attachments returns ActiveRecord::Associations::CollectionProxy and I would have to test an active record that filters out attachments not visible to the user, for example.
Besides that, implementing as a plugin gives only minor compatibility between versions of Redmine.
I don't think that this is a feasible feature to easily implement through a plugin.
Actually, I wrote in #35634#note-2:
I think it would be nice to have it integrated into the core, however the provided patch as-is is pretty big and, sadly, is currently outdated and will likely break the existing test suite and comes without any test coverage for the new features itself.
I've had a quick look into the patch implementation though and it all seems properly implemented (albeit to obviously outdated checkouts). It shouldn't be all too hard to rebase it onto the current trunk. Updating the test suite for the patch and testing (for) and handling (of) any possible edge-cases will be most of the required work to get it ready for a decision on core integration.
Updated by Peter Volkov over 2 years ago
This is really sad that we do not have permissions for attachments in redmine. Our company wants to pay for finishing this patch work and pushing it upstream: https://www.redmine.org/boards/5/topics/67335