Diagramly doesn't reflect remove attachment permissions of current user.

Diagramly allows to delete diagram including diargram attachment by clicking on remove diagram toolbar button for user who is not allowed to remove attachments. Would be great if that button just removes macro but keeps diagrams attachment.

Impact of current implementation is that user can intentionaly or just by accident click remove toolbar button and diagram is lost without possibility to recover.

4 answers

1 accepted

Accepted Answer
1 vote

Version 2.6.1 has just been released with reworked security checks.

Yes, it's resolved

The issue is being investigated.

I tried deleting the diagram with user A on a page that is restricted to user B.

It resulted in an 'Access Denied' dialog. When page was refreshed, 'Edit' and 'Delete' icons were missing from the toolbar.

What were your reproduction steps for the issue?

And what is your configuration, Confluence version, plugin version, OS?

Confluence version 4.3.5

Diagramly plugin version 2.6.0

OS: Linux

Have you setuped permissions correctly

User B must have

for pages

  • add page -> allowed
  • remove page -> allowed

attachments

  • add attachment -> allowed
  • remove attachment -> restricted

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 11, 2018 in Confluence

What are your project planning tips?

Hello Community,  Jessica here from the Confluence product marketing team! Today I wanted to get your takes on project planning –– what works, what doesn’t, how do you know if you’re doing it r...

261 views 1 4
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you