i managed to grab ALL attachment with the GET API
But wouldn’t be a concerns
-
No row security, what if i only want the GET list user to access to specific attachment (e.g. category is “NOT HR” or “not uploaded by director”)
-
From the screenshot, we can pull the “url” actual link (e.g. “http://localhost:1337/uploads/sample_cbd721d930.pdf”) it’s a fixed url, which mean i can pass it to someone not within the orgianization, they can jz simply access the content?
Based on the 2 concerns above, how can strapi protect the content (with only authenticated access)
Thanks