Skip to content

Attachment Format Validator (Business Rule), a server‑side mechanism #2246

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Oct 18, 2025
Merged

Attachment Format Validator (Business Rule), a server‑side mechanism #2246

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
6c460d3
Add attachment format validation for incidents
Charanjet Oct 18, 2025
d9086a6
Add README for Attachment Format Validator
Charanjet Oct 18, 2025
d470fa2
Rename AttachmentFormatValidatorClientScript.js to AttachmentFormatVa…
Charanjet Oct 18, 2025
f8de449
updating the directory
Charanjet Oct 18, 2025
10f102e
Fixing the naming convention
Charanjet Oct 18, 2025
13edd29
Moving file to another folder
Charanjet Oct 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions Server-Side Components/Business Rules/AttachmentFormatValidator/AttachmentFormatValidator.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
(function executeRule(current, previous /*null when async*/ ) {

if (current.table_name == 'incident') {

// Fetch the file name of the uploaded attachment
var fileName = current.getValue('file_name');

// Fetch allowed extensions from system property (comma-separated, lowercase)
var allowedExtensions = gs.getProperty('attachment.format.allowedExtensions', 'pdf,docx,png,jpg')
.toLowerCase()
.split(',');

var fileExtension = '';
if (fileName && fileName.indexOf('.') !== -1) {
fileExtension = fileName.split('.').pop().toLowerCase();
}

// If file extension not allowed — prevent insert
if (allowedExtensions.indexOf(fileExtension) === -1) {
gs.addErrorMessage('File type "' + fileExtension + '" is not allowed. Allowed types: ' + allowedExtensions.join(', '));
gs.log('Attachment blocked: Disallowed file type "' + fileExtension + '" for table ' + current.table_name);
current.setAbortAction(true);
return false;
}
}
})(current, previous);
17 changes: 17 additions & 0 deletions Server-Side Components/Business Rules/AttachmentFormatValidator/Readme.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
The validator runs automatically on the sys_attachment table during record creation and checks each file extension against an allowed list defined in a system property.
If a file type is not allowed, the upload is blocked, the record creation is aborted, and a descriptive error is logged.
**Key Features:**
Server‑side enforcement (cannot be bypassed through APIs or imports).
Configurable allowed file extensions through a single system property.
Optional restriction to specific business tables.
Lightweight validation for secure instance operation.
**Functionality Summary**
Each attachment upload triggers the Business Rule before insert.
The file name and extension are extracted.
Allowed file extensions are read from the system property attachment.format.allowedExtensions.
The script checks whether the uploaded file complies with this configuration.
If disallowed, the upload is rejected and a clear error message appears in the system log or UI.

**Configuration**
System Property
attachment.format.allowedExtensions - Defines which file types users are allowed to upload - sample values : pdf,docx,xlsx,png,jpg
Loading