Is your feature request related to a problem? Please describe.
Currently, AttachmentsService only emits two events: DeleteAttachment and DeleteInfectedAttachment. Security-relevant upload and download rejections (invalid MIME type, file size exceeded) are handled entirely internally by the plugin without emitting any observable event.
Applications that need to audit-log these security events are forced to register their own before('PUT', ...), before('GET', ...), and on('error', ...) handlers directly on each application service entity.
If you agree, I am happy to submit a PR for this change.
Describe the solution you'd like
Emit dedicated events on AttachmentsService for the following security-relevant cases:
| Event |
When to emit |
Suggested payload |
| AttachmentUploadRejected |
MIME type not in @Core.AcceptableMediaTypes |
{ target, keys, filename, mimeType, reason } |
| AttachmentDownloadRejected |
MIME type blocked on download |
{ target, keys, filename, mimeType } |
| AttachmentSizeExceeded |
File exceeds @Validation.Maximum |
{ target, keys, filename, fileSize, maxFileSize } |
The existing DeleteInfectedAttachment event is already a good model for this pattern and serves the malware detection case well.
Describe alternatives you've considered
Registering custom handlers in every application works but events would be cleaner and more reliable.
Additional context
N/A
Have you already checked existing issues before creating a feature request?
Yes
Customer Info
Company: SAP Consulting
Is your feature request related to a problem? Please describe.
Currently, AttachmentsService only emits two events: DeleteAttachment and DeleteInfectedAttachment. Security-relevant upload and download rejections (invalid MIME type, file size exceeded) are handled entirely internally by the plugin without emitting any observable event.
Applications that need to audit-log these security events are forced to register their own before('PUT', ...), before('GET', ...), and on('error', ...) handlers directly on each application service entity.
If you agree, I am happy to submit a PR for this change.
Describe the solution you'd like
Emit dedicated events on
AttachmentsServicefor the following security-relevant cases:The existing DeleteInfectedAttachment event is already a good model for this pattern and serves the malware detection case well.
Describe alternatives you've considered
Registering custom handlers in every application works but events would be cleaner and more reliable.
Additional context
N/A
Have you already checked existing issues before creating a feature request?
Yes
Customer Info
Company: SAP Consulting