Diagramly doesn't reflect remove attachment permissions of current user.

Diagramly allows to delete diagram including diargram attachment by clicking on remove diagram toolbar button for user who is not allowed to remove attachments. Would be great if that button just removes macro but keeps diagrams attachment.

Impact of current implementation is that user can intentionaly or just by accident click remove toolbar button and diagram is lost without possibility to recover.

4 answers

1 accepted

1 vote
Accepted answer

Version 2.6.1 has just been released with reworked security checks.

Yes, it's resolved

The issue is being investigated.

I tried deleting the diagram with user A on a page that is restricted to user B.

It resulted in an 'Access Denied' dialog. When page was refreshed, 'Edit' and 'Delete' icons were missing from the toolbar.

What were your reproduction steps for the issue?

And what is your configuration, Confluence version, plugin version, OS?

Confluence version 4.3.5

Diagramly plugin version 2.6.0

OS: Linux

Have you setuped permissions correctly

User B must have

for pages

  • add page -> allowed
  • remove page -> allowed


  • add attachment -> allowed
  • remove attachment -> restricted

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Dec 18, 2018 in Confluence Cloud

Happy holidays from our team to yours!

Hi Community!  2018 was filled with changes for our team, both big and small, and we've taken a lot of time to both celebrate our wins and recognize areas of improvement. One thing that we're a...

473 views 3 18
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you