Not sure if you mind random folks from commenting on here.  I found your html
and python for the restore button and unlink auditor very helpful.  After a bit
of tweaking I got it working for me.  Thanks.  One problem I notice testing
this, is that the roundup message order "reverse" seems to fail after doing a
restore.  It seems that the order it is using is the date edited order rather
than the original date order (even though the original date is what is shown). 
Have you noticed this or is this just a problem I have because I don't know how
to do anything other than the default "reverse" ordering of messages?

This new version forbids re-linking an already linked file or message to
another issues.

If any part of this patch is desirable, maybe it'd be better to split it into
'allow restoring' and 'audit linking/unlinking' detectors?

Also tracked at http://issues.roundup-tracker.org/issue2550536

Martin v. Löwis wrote::
> What's wrong with allowing users to unlink arbitrary files? Anybody who has
> write access to the files property should be allowed to do so.

I thought the write access was about adding new files, while removing
files should be restricted to those the user has created. At least the
UI only renders the 'remove button' according to the permission below:

def may_edit_file(db, userid, itemid):
    return userid == db.file.get(itemid, "creator")
p = db.security.addPermission(name='Edit', klass='file', check=may_edit_file,
    description="User is allowed to remove their own files")
db.security.addPermissionToRole('User', p)

However, it's possible to perform the Edit action on any files even if
the remove button isn't shown:
http://localhost:9999/python-dev/issue2169?@action=edit&@remove@files=29

IMO this makes it easier to disrupt tracker work, besides making it
trivial replace valid files/patches with exploit-ish ones.

What's wrong with allowing users to unlink arbitrary files? Anybody who has
write access to the files property should be allowed to do so.

Fix typo.

Enhanced auditor to fix a minor security hole: any User can link/unlink files
and messages to/from any issue.

Cleaner auditor.

I've seen many people delete messages by accident. Recently, Guilherme Polo
posted a workaround for re-adding them[1]. I've only added UI and a way to store
the issue ID on unlinking.

This patch adds an auditor to that stores the issue ID on a removed file or
message, and offers a 'restore' button on message or file item pages that allows
re-linking to the original issue.

The restore form is only shown for messages/files the unlink auditor marked with
an issue ID.

I'd also like to add JS guards (confirmations) to the remove buttons, will
provide a patch after most issue.item.html patches land.

[1] http://bugs.python.org/msg84430