Skip to content

Add field-level access control for transaction attachments #627

Open
Open
Add field-level access control for transaction attachments#627
Labels
documentsDocument managementsecuritySecurity relatedtransactionsTransaction related
@nanaf6203-bit

Description

@nanaf6203-bit
nanaf6203-bit
opened on May 29, 2026

Restrict transaction document attachments to authorized roles.

Acceptance Criteria:

  • Attachment access checks ownership and role permissions.
  • Unauthorized users cannot retrieve or download attachments.
  • Access control is enforced on upload, download, and listing endpoints.
  • Tests cover agent, user, and admin permission paths.

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentsDocument managementsecuritySecurity relatedtransactionsTransaction related

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions