Mercurial > p > roundup > code
diff detectors/immutable_file_contents.py @ 8544:e738377b4ffe
feature: add detector that prevents file content changes by Admin and other users.
New detector and upgrading announcement. Also example of stripping
content editing from the User role.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 24 Mar 2026 22:11:27 -0400 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/detectors/immutable_file_contents.py Tue Mar 24 22:11:27 2026 -0400 @@ -0,0 +1,22 @@ +# HTML pages don't provide a way to change the contents of a file. +# However REST does allow setting content and the HTML interface can +# be directed to update the content as well. This detector +# prevents changes to file content. + +from roundup.exceptions import UsageError + +def immutable_file_contents(db, cl, nodeid, newvalues): + ''' Prevent content changes to a file + ''' + if 'content' in newvalues: + raise UsageError("File contents are immutable. " + "Rejecting change to contents.") + + +def init(db): + """If you have other FileClass based classes add them here.""" + + # fire before changes are made + db.file.audit('set', immutable_file_contents) + db.msg.audit('set', immutable_file_contents) +