Has this been suggested as a stock ErpNext feature? #1
Comments
|
There are already a few opened issues in Frappe that's the reason I have not opened any new issues. I think the proper solution would be adding a flag to allow public files while creating the doctype So that we don't have to maintain a separate doctype to track while uploading files.
Yeah you can go ahead and open a feature request |
|
Hrmmm... Yes you're right that adding a flag field present on all doctypes would probably resonate better with UX, and is arguably better suited as a standard out-of-the-box feature. I suppose I'll update one of the existing issues to suggest the doctype flag approach. Of course, that means it won't get addressed until someone decides to write that code. :D But at least it'll be documented. As a bolt-on feature, I think your app is great though!!! Thank you for creating it! |
If they approve this approach then I can send the PR to frappe |
There are multiple outstanding issues on Frappe and ErpNext asking for file attachments to default to private. It's a vulnerability that needs to be patched, and its been practically getting ignored despite how dangerous it is.
frappe_private_attachments app is a fantastic solution to the problem since it completely disables public as an option unless a doctype is given explicit override!
This is exactly how it should work in standard ErpNext! Have you brought it to attention on Frappe Github? If not, I'd like to open a Feature Request on Frappe suggesting that this app be integrated as a standard app.
The text was updated successfully, but these errors were encountered: