Not to be a killjoy, but this function walks a very fine line if you wish to give it the benefit of the doubt, it flat out violates EU data privacy laws if you don't. You (as a service provider) are *not* at liberty to "keep up with what the users are doing in private conversations", not even attachment-wise. You are allowed to inspect things like this, under very narrowly defined circumstances, varying by country. A function that can be easily accessible, that would display attachments of personal conversations whenever you inspect the regular attachment list, or that would be accessible to moderators as well would be problematical, to put it very mildly. Unless, of course, you put it in your ToS that private conversations aren't private and are routinely beeing snooped if attachments are present... suboptimal, if you ask me.