britecore/core/uploads/removeAttachments permission works to control who can delete attachments and under what conditions.
Default Behavior
By default, if the britecore/core/uploads/removeAttachments permission is not set or is set to Read/Write (R/RW), there is no change in how attachments can be deleted.
Using "NONE" Access for Deletion Control
When the britecore/core/uploads/removeAttachments permission is set to "NONE" access, it acts as a conditional blocker. This means the user can only delete files they created or uploaded themselves on the attachments page.
Other Settings to Consider
The ability to delete attachments is further controlled by the attachments.enable-attachments-delete-for advanced setting. Here's how it works:
-
-
Value = 0: Users cannot delete any files or folders at all.
-
Value = -1: Users can delete files or folders at any time, no matter how old they are.
-
Positive Value (e.g., 30 minutes): Users can only delete files that are older than the specified time (in minutes). For example, if set to 30 minutes, users can only delete files that are older than 30 minutes. Files uploaded within the last 30 minutes cannot be deleted.
-
Simple Example Scenarios
-
No Deletion Allowed (Setting: attachments.enable-attachments-delete-for = 0):
- No user can delete any files, regardless of who uploaded them.
-
Deletion Anytime (Setting: attachments.enable-attachments-delete-for = -1):
- Users can delete any files they own, at any time.
-
Deletion After Timeout (Setting: attachments.enable-attachments-delete-for = 30):
- Users can delete files they own, but only if the file is older than 30 minutes. Files uploaded within the last 30 minutes can't be deleted.