fix(attachment): Restrict access to security user.

rudra-superrr · GMishx · commit e3f484f3113b · 2026-04-06T16:25:09.000+05:30
Signed-off-by: rudra-superrr &lt;prabhuchopra@gmail.com&gt;
diff --git a/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/attachment/AttachmentController.java b/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/attachment/AttachmentController.java
@@ -160,6 +160,7 @@ public ResponseEntity<CollectionModel<EntityModel<Attachment>>> createAttachment
         }
         final User sw360User = restControllerHelper.getSw360UserFromAuthentication();
         List<EntityModel<Attachment>> attachments = new ArrayList<>();
+        restControllerHelper.throwIfSecurityUser(sw360User);
         for (MultipartFile file: files) {
             Attachment attachment = attachmentService.addAttachment(file, sw360User);
             attachments.add(EntityModel.of(attachment));

Original file line number	Diff line number	Diff line change
`@@ -160,6 +160,7 @@ public ResponseEntity<CollectionModel<EntityModel<Attachment>>> createAttachment`
`160`	`160`	`}`
`161`	`161`	`final User sw360User = restControllerHelper.getSw360UserFromAuthentication();`
`162`	`162`	`List<EntityModel<Attachment>> attachments = new ArrayList<>();`
	`163`	`+ restControllerHelper.throwIfSecurityUser(sw360User);`
`163`	`164`	`for (MultipartFile file: files) {`
`164`	`165`	`Attachment attachment = attachmentService.addAttachment(file, sw360User);`
`165`	`166`	`attachments.add(EntityModel.of(attachment));`