Affects Version/s: 10.10
REST PUT Document API can alter the file:content property even in LegalHold and Retention statuses
Configure an instance with Nuxeo 10.10-HF33 + nuxeo-web-ui + nuxeo-retention
- create a File document and attach a binary to it
- take the ID of the document to change it in the script below (a7b1a117-531e-41f9-af29-adb65ce19830 in the example, and also adapt the dc:title)
- invoke the script
- refresh the WebUI page for the document: the binary should have disappeared from the document -> the script works
- add back the binary to the same File document
- put the document under LegalHold state and watch the black bar in the WebUI screen indicating this status
- invoke the previous script again
- refresh the WebUI page for the document: the binary has again disappeared from the document although its status is LegalHold
In the output of the script above, you can witness that:
This issue is reported both for LegalHold and Retention states.
Expected result: a document in LegalHold state should not be altered including file:content as stated in https://doc.nuxeo.com/nxdoc/nuxeo-retention-technical-overview/
If a legal hold is applied to a document or if a retention rule is applied to a document, then:
Modification of the main blob (file:content) is prevented: this includes modification through restoring an older version.
This applies in all situations, no exception, including for Administrators.