If a user receives a direct link to a file on Confluence, they used to be asked to log in, and were then redirected to the file.

However, since 5.1-OD-5, the redirect instead sends the user to a 'This action is not permitted' page after being logged in.

The login screen will direct to login.action?os_destination=%2Fnotpermitted.action%3Fversion%3D1%26modificationDate%3D1366730801169%26api%3Dv2, instead of login?dest-url=%2Fwiki%2Fdownload%2Fattachments%2F622598%2Ffilename%3Fapi%3Dv2

This prevents users from opening files easily from their email notifications.

Steps to reproduce
In a default Confluence instance.

• Create a new Space and File list
• Upload a file
• Once uploaded, copy the link URL to the file.
• Log out
• Paste the link in your browser
  • You will be asked to log in
• Log in, and you will see 'Action not permitted'

Note:
Able to replicate with 'user logged in initially' in Confluence version 5.3.4.