I’ve been setting up a simple ‘fire and forget’ type anonymous form for submitting info to our CRM. It includes the ability to attach files to the form for submission, which means I need persistent FileDocument objects. The FileDocument only exists until the form has been submitted, at which point it gets deleted (and I have a cleanup job to delete others where someone has only partially completed the form and left an attachment present) But there is still a time period where others could see the attachments. I’ve been reading https://docs.mendix.com/howto8/security/set-up-anonymous-user-security/ about ensuring the security of the FileDocument. I have applied the recommendation in the ‘write access’ section, with an xpath restriction on System.Owner, but how do you do the same for read access? Also is there a good way to test this? Perhaps setting up a temp page that lists all attachments in the system, and in theory it should show none for an anon user? (or at least, only the ones they have created in that session...) Thanks, Simon
If you set the permissions on the FileDoc entity like this:
Only the user who created it will be able to see it. You could also associate it to the Session entity and then set that association to $CurrentSession when it is created. Then on any view pages, you could display only those documents associated to the current session.
Note that you’ll also want to create an access rule for an administrator user role that is less restrictive so you can clean up orphaned documents.
Ok I think I have answered my own question in that the xpath constraint can apply to both read and write, and when I created a page listing all attachment objects I can see that only the ones for the current user’s session are listed – and likewise for attachments created in other sessions.