Add Edit Attachments permission documentation#9024
Conversation
* Document Azure Blob Storage as a file storage backend Adds Azure Blob Storage to the File storage system reference: a new azureblob driver-name option and individual entries for the FileSettings.AzureStorageAccount, AzureContainer, AzurePathPrefix, AzureAccessKey, AzureEndpoint, AzureSSL, and AzureRequestTimeoutMilliseconds settings. Extends the dedicated export filestore list with the matching Export* variants. Calls out the restart-required behaviour when changing file storage settings so admins know Save in System Console isn't enough on its own. ------ AI assisted commit * Add walk-through page for configuring Azure Blob Storage Folds the full prereqs, Azure portal/CLI provisioning, System Console walk-through, Test Connection semantics, restart-required warning, verification, optional export backend, and troubleshooting sections into a dedicated configure/azure-blob-storage page. Wires the new page into the configuration-settings toctree and bullet list, and adds a seealso link from the File storage section of environment-configuration-settings so admins can find it from the reference page. ------ AI assisted commit * Document migrating existing files from Amazon S3 Adds a Migrate existing files from Amazon S3 section to the Azure Blob Storage walk-through. Covers the recommended trickle-then-cutover pattern (long rclone sync, short AzCopy maintenance window), the prerequisites for the migration host, phase-by-phase commands, verification queries (object count parity, sha256 spot-check), the rollback path, and caveats (S3 versioning, sync vs copy, prefix rewrites, cross-region cost, Storage Mover preview status). Updates the migration note under step 4 and the troubleshooting entry for missing pre-cutover files to cross-reference the new section. ------ AI assisted commit * Document AzureCloud and the updated AzureEndpoint semantics Adds the AzureCloud setting documentation (commercial/government/custom) to both the environment configuration reference and the Azure walkthrough, rewrites the AzureEndpoint entry to reflect its new role as the full Blob service URL valid only when AzureCloud is custom, and removes the stale note that said sovereign clouds aren't configured through the endpoint override. Adds ExportAzureCloud to the dedicated export filestore key list. ------ AI assisted commit * Document DefaultAzureCredential authentication mode Restructures Step 3 of the Azure Blob Storage walk-through to cover both shared-key and the new default_credential authentication mode. The default_credential subsection walks an admin through picking the identity source that matches the host (managed identity on Azure VM/App Service/AKS, workload identity, service principal, az login) and granting Storage Blob Data Contributor on the storage account. Updates Step 4 to describe the new "Azure authentication" dropdown in the System Console, including the conditional visibility of the Azure Storage account key field. Adds AuthorizationPermissionMismatch to the troubleshooting table and documents the propagation delay that follows a fresh role assignment. Adds FileSettings.AzureAuthMode to the environment-configuration reference and to the ExportAzure* list under the dedicated export filestore section. ------ AI assisted commit * Simplify the docs * Update source/administration-guide/configure/azure-blob-storage.rst Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Document Azure SAS support for presigned export downloads Add ExportAzurePresignExpiresSeconds to the dedicated export filestore key list, and generalize the presigned-download note so it reflects that exports can now be downloaded via an Azure Blob Storage SAS URL, not just an Amazon S3 presigned URL. ------ AI assisted commit * Address review comments * Add missing new line * Fix malformed quotes --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Add notes to the AD/LDAP ID attribute, AD/LDAP Group ID attribute, and SAML ID attribute settings explaining that values are matched verbatim with no case normalization. Under PostgreSQL's default case-sensitive collation, a change in casing is treated as a new user or unlinked group, so the identity provider must return these attributes with consistent casing. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Katie Wiersgalla <39744472+wiersgallak@users.noreply.github.com>
Document the new Edit Attachments permission introduced in Mattermost v11.8.0, which controls whether users can add or remove file attachments when editing posts. Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Combs7th
added
1: Dev Review
|
@harshilsharma63 - Do the above doc updates look good to you? |
📝 WalkthroughWalkthroughThis pull request adds documentation for the Edit Attachments permission introduced in Mattermost v11.8. The new subsection under Message management explains how this permission controls attachment editing during post edits, its independence from text-edit permissions, default behaviour, administrative configuration steps, and the resulting user-facing error message. ChangesEdit Attachments Permission Documentation
🎯 1 (Trivial) | ⏱️ ~5 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
🧹 Nitpick comments (1)
source/administration-guide/onboard/advanced-permissions.rst (1)
219-219: ⚡ Quick winSpecify which role panel(s) should be modified for clarity and consistency.
Line 219 uses "In the applicable role panel" without naming the specific role panel(s), which is inconsistent with similar configuration examples throughout this document. Every other recipe in this section explicitly names the role panels—for example:
- Line 119: "In the All Members panel"
- Line 193: "In the All Members and Channel Administrators panels"
- Line 203: "In the All Members, Channel Administrators, and Team Administrators panels"
For the scenario described (allowing users to edit post text without changing attachments), clarify which panel(s) should be modified. For example:
- "In the All Members panel, go to Manage Posts." (if applying system-wide to all users)
- Or: "In the appropriate role panel(s) (such as All Members), go to Manage Posts." (if the choice depends on deployment policy)
This would match the established pattern and help novice administrators understand exactly which panels to modify.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@source/administration-guide/onboard/advanced-permissions.rst` at line 219, Replace the ambiguous phrase "In the applicable role panel, go to **Manage Posts**." with a specific panel name or clear choice guidance to match the rest of the document; for example, change it to "In the **All Members** panel, go to **Manage Posts**." if this setting is system-wide, or to "In the appropriate role panel(s) (such as **All Members**), go to **Manage Posts**." if it depends on deployment policy, ensuring consistency with lines that reference **All Members**, **Channel Administrators**, and **Team Administrators**.Source: Coding guidelines
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@source/administration-guide/onboard/advanced-permissions.rst`:
- Line 219: Replace the ambiguous phrase "In the applicable role panel, go to
**Manage Posts**." with a specific panel name or clear choice guidance to match
the rest of the document; for example, change it to "In the **All Members**
panel, go to **Manage Posts**." if this setting is system-wide, or to "In the
appropriate role panel(s) (such as **All Members**), go to **Manage Posts**." if
it depends on deployment policy, ensuring consistency with lines that reference
**All Members**, **Channel Administrators**, and **Team Administrators**.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 58363387-88ec-485b-9c11-fd632a07a0b2
📒 Files selected for processing (1)
source/administration-guide/onboard/advanced-permissions.rst
|
Newest code from mattermost has been published to preview environment for Git SHA 53bc6d1 |
|
Newest code from mattermost has been published to preview environment for Git SHA a0ffbb4 |
|
Newest code from mattermost has been published to preview environment for Git SHA bf31b54 |
|
Newest code from mattermost has been published to preview environment for Git SHA dfe7533 |
|
Newest code from mattermost has been published to preview environment for Git SHA 10ec3e9 |
|
Newest code from mattermost has been published to preview environment for Git SHA c27728d |
|
Newest code from mattermost has been published to preview environment for Git SHA ef0d13a |
|
@harshilsharma63 - Please ignore the unintended commits pulled in for Azure Blob storage, and anything in the "Configure" folder. I'll get those removed. Only relevant update here is to the advanced-permissions.rst page. |
|
Newest code from mattermost has been published to preview environment for Git SHA 7aceaf3 |
|
@wiersgallak - Can you help with the editor review on this one so we can get it across the finish line by Tuesday? |
5 participants
Documents the new Edit Attachments permission introduced in Mattermost v11.8.0.
Adds a
Restrict who can edit post attachmentssubsection under Message management insource/administration-guide/onboard/advanced-permissions.rst, directly after Restrict who can edit messages.Docs for Mattermost PR mattermost/mattermost#36227
Resolves #9022
Generated with Claude Code