Privacy roll not working?

I created a sample to try “View attached files”, but it does not work as expected.

The sample is an application that sends and receives messages by attaching images.
The privacy role only allows the creator of the message to attach to the image, but it seems that the image file can be viewed by anyone.

The same problem existed in previous forums, but it doesn’t seem to improve by waiting for some time.

Here is a screenshot of my sample.

Check the box for “Make this file private”.
Then, set “Attach this file to” with “Current User (= Creator)”.

When I look at the file manager, the images appear to have permissions properly applied.

The privacy roles are as follows. Only creator can be attached to the file.

But when I display that data in a RepeatingGroup, I think that even unauthorized users are viewing images.

This is the URL of the editor.

Is there something wrong with the settings?

Best regards.

Hey @y_ksmt

This is just a very quick observation, but here you are attaching the uploaded file privately to a User, but in the Privacy Roles you are setting the roles based on the Message data type. You don’t have any Privacy Roles on the actual User object, this is currently open access.

So with that said, you can either attach the file to the Message data type (allowing then just the message creator to view the private file) or apply logic to the Privacy Roles of the User to ensure the upload is hidden and just for that specific User only (in connection to the Message data type). I think thats the issue, but untested theory, give it a try and see if this resolves the issue.

I am grateful for your reply!! :grinning:

As you are told,I am attaching the uploaded file privately to a User,and setting the roles based on the Message data type.
But I don’t understand how to attach a file to the message data type at “Attach this file to” setting.
So, I created a simpler example.

I created an icon field for the User Type and added a role that could be attached to the icon.
With this, I thought that the attachment and role settings could be done for User Type.

But when I preview, the icons are visible to everyone. :cry:


I hope you will continue to support me. :pray:

Hi @y_ksmt,

Did you find a solution for this? I have the same kind of problem. I have images in a field in a data type and the privacy rules that only allow logged in users to see, but for some reason the image allows the link to be viewed even if you are not logged in.


Hi @mangooly

I’m sorry, I haven’t solved this problem yet.

But, strangely, when I checked the sample app I made after a long time, it worked exactly. It’s really strange. Because I haven’t changed any settings.

I’ve tried deleting caches stored in the browser before and trying various things, but it didn’t work well.

I still don’t understand why it didn’t work :cry:

This topic was automatically closed after 70 days. New replies are no longer allowed.