-my $AttachmentObj = new RT::Attachment($session{'CurrentUser'});
-$AttachmentObj->Load($Attachment) || Abort(loc("Attachment '[_1]' could not be loaded", $Attachment));
-unless ( $AttachmentObj->id ) {
- Abort(loc("Attachment '[_1]' could not be loaded", $Attachment));
+# Set error for error message below. Abort doesn't display well
+# because ShowEmailRecord doesn't use the standard RT menus
+# and headers.
+
+my ($title, $error);
+
+my $AttachmentObj = RT::Attachment->new($session{'CurrentUser'});
+$AttachmentObj->Load($Attachment);
+
+if ( not $AttachmentObj->id
+ or not $AttachmentObj->TransactionId() == $Transaction ) {
+ $title = loc("Error loading attachment");
+ $error = loc("Attachment '[_1]' could not be loaded", $Attachment);
+}
+elsif ( not $AttachmentObj->TransactionObj->CurrentUserCanSee("Transaction")){
+ $title = loc("Permission Denied");
+ $error = loc("Permission Denied");