@@ -977,6 +977,79 @@ stored in the files sub-directory of the ``'db'`` directory in your
977977tracker. FileClasses also have a "type" attribute to store the MIME
978978type of the file.
979979
980+ Roundup by default considers the contents of the file immutable. This
981+ is to assist in maintaining an accurate record of correspondence. The
982+ distributed tracker templates do not enforce this. So if you have
983+ access to the roundup tracker directory, you can edit the files (make
984+ sure to preserve mode, owner and group) to remove information (e.g. if
985+ somebody includes a password or you need to redact proprietary
986+ information). Obviously the journal for the message/file will not
987+ report that the file has changed.
988+
989+ Best practice is to remove offending material and leave a
990+ placeholder. E.G. replace a password with the text::
991+
992+ [password has been deleted 2020-12-02 --myname]
993+
994+ If you need to delete an entire file, replace the file contents with::
995+
996+ [file contents deleted due to spam 202-10-21 --myname]
997+
998+ rather than deleting the file. If you actually delete the file roundup
999+ will report an error to the user and email the administrator. If you
1000+ empty the file, a user downloading the file using the direct URL
1001+ (e.g. ``tracker/msg22``) may be confused and think something is broken
1002+ when they receive an empty file. Retiring a file/msg does not prevent
1003+ access to the file using the direct URL. Retiring an item only removes
1004+ it when requesting a list of all items in the class. If you are
1005+ replacing the contents, you probably want to change the content type
1006+ of the file. E.G. from ``image/jpeg`` to ``text/plain``. You can do
1007+ this easily through the web interface, or using the ``roundup-admin``
1008+ command line interface.
1009+
1010+ You can also change the contents of a file or message using the REST
1011+ interface to change the file contents. Note that this will NOT result
1012+ in an entry in the journal, so again it allows a silent change. To do
1013+ this you need to make two rest requests. An example using curl is::
1014+
1015+ $ curl -u demo:demo -s
1016+ -H "X-requested-with: rest" \
1017+ -H "Referer: https://tracker.example.com/demo/" \
1018+ -X GET \
1019+ https://tracker.example.com/demo/rest/data/file/30/content
1020+ {
1021+ "data": {
1022+ "id": "30",
1023+ "type": "<class 'str'>",
1024+ "link": "https://tracker.example.com/demo/rest/data/file/30/conten
1025+ t",
1026+ "data": "hello3",
1027+ "@etag": "\"3f2f8063dbce5b6bd43567e6f4f3c671\""
1028+ }
1029+ }
1030+
1031+ using the etag, overwrite the content with::
1032+
1033+ $ curl -u demo:demo -s
1034+ -H "X-requested-with: rest" \
1035+ -H "Referer: https://tracker.example.com/demo/" \
1036+ -H 'If-Match: "3f2f8063dbce5b6bd43567e6f4f3c671"' \
1037+ -X PUT \
1038+ -F "data=@hello" \
1039+ https://tracker.example.com/demo/rest/data/file/30/content
1040+
1041+ where ``hello`` is a file on local disk.
1042+
1043+ You can enforce immutability in your tracker by adding an auditor (see
1044+ detectors_) for the file/msg class that rejects changes to the content
1045+ property. The auditor could also add a journal entry so that a change
1046+ via the roundup mechanism is reported. Using a mixin (see:
1047+ https://wiki.roundup-tracker.org/MixinClassFileClass) to augment the
1048+ file class allows for other possibilities including signing the file, or
1049+ recording a checksum in the database and validating the file contents
1050+ at the time it gets read. This allows detection of changes done on the
1051+ filesystem outside of the roundup mechanism.
1052+
9801053.. index:: triple: schema; class property; messages
9811054 triple: schema; class property; files
9821055 triple: schema; class property; nosy
0 commit comments