Managing attachment permissions
Adding attachment functionality to our models through acts_ast_attachable comes with two preconfigured management permissions: a view permission and a delete permission.
In order to properly implement these permissions, they would have to be declared along with our plugin's other named permissions in our init.rb file. You can refer to Chapter 1, Introduction to Redmine Plugins, for a quick refresher on declaring custom permissions.
Both of these permissions are dynamically generated based on the class name of the model we've added attachments to.
The format of both the view and delete permissions by default are:
"view_#{self.name.pluralize.underscore}".to_sym
"delete_#{self.name.pluralize.underscore}".to_symAs our knowledgebase articles are declared in a KbArticle class, the resulting generated permissions would be :view_kb_articles and :delete_kb_articles.
If we have attachments in an article and try to delete them without properly declaring and assigning these...
