I created a sample to try “View attached files”, but it does not work as expected.
The sample is an application that sends and receives messages by attaching images.
The privacy role only allows the creator of the message to attach to the image, but it seems that the image file can be viewed by anyone.
The same problem existed in previous forums, but it doesn’t seem to improve by waiting for some time.
This is just a very quick observation, but here you are attaching the uploaded file privately to a User, but in the Privacy Roles you are setting the roles based on the Message data type. You don’t have any Privacy Roles on the actual User object, this is currently open access.
So with that said, you can either attach the file to the Message data type (allowing then just the message creator to view the private file) or apply logic to the Privacy Roles of the User to ensure the upload is hidden and just for that specific User only (in connection to the Message data type). I think thats the issue, but untested theory, give it a try and see if this resolves the issue.
As you are told,I am attaching the uploaded file privately to a User,and setting the roles based on the Message data type.
But I don’t understand how to attach a file to the message data type at “Attach this file to” setting.
So, I created a simpler example.
I created an icon field for the User Type and added a role that could be attached to the icon.
With this, I thought that the attachment and role settings could be done for User Type.
Did you find a solution for this? I have the same kind of problem. I have images in a field in a data type and the privacy rules that only allow logged in users to see, but for some reason the image allows the link to be viewed even if you are not logged in.
But, strangely, when I checked the sample app I made after a long time, it worked exactly. It’s really strange. Because I haven’t changed any settings.
I’ve tried deleting caches stored in the browser before and trying various things, but it didn’t work well.
