From 5b72da037c9b5e22b755a61447610a343754bbbb Mon Sep 17 00:00:00 2001
From: HarveyKandola <harvey@documize.com>
Date: Tue, 27 Aug 2019 16:17:38 +0100
Subject: [PATCH] Ensure only change approvers can change doc level attachments

Does not affect section level attachments
---
 gui/app/components/document/sidebar-attachment.js | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/gui/app/components/document/sidebar-attachment.js b/gui/app/components/document/sidebar-attachment.js
index 7d214620..f260acda 100644
--- a/gui/app/components/document/sidebar-attachment.js
+++ b/gui/app/components/document/sidebar-attachment.js
@@ -23,8 +23,14 @@ export default Component.extend(Modals, Notifier, {
 	appMeta: service(),
 	session: service(),
 	hasAttachments: notEmpty('files'),
-	canEdit: computed('permissions.documentEdit', 'document.protection', function() {
-		return this.get('document.protection') !== this.get('constants').ProtectionType.Lock && this.get('permissions.documentEdit');
+	canEdit: computed('permissions.{documentApprove,documentEdit}', 'document.protection', function() {
+		// Check to see if specific scenarios prevent us from changing doc level attachments.
+		if (this.get('document.protection') == this.get('constants').ProtectionType.Lock) return false;
+		if (!this.get('permissions.documentEdit')) return false;
+		if (this.get('document.protection') == this.get('constants').ProtectionType.Review && !this.get('permissions.documentApprove')) return false;
+
+		// By default, we can edit/upload attachments that sit at the document level.
+		return true;
 	}),
 	showDialog: false,
 	downloadQuery: '',