Activity Attachment
Data Entity
Description
Files and documents attached to activity records by peer mentors, used as supporting evidence for Bufdir compliance verification and activity documentation.
Data Structure
| Name | Type | Description | Constraints |
|---|---|---|---|
id |
uuid |
Primary key | PKrequiredunique |
activity_id |
uuid |
Foreign key to the parent activity record | required |
uploaded_by_user_id |
uuid |
Foreign key to the user who uploaded the attachment | required |
file_name |
string |
Original filename as provided by the uploader | required |
file_size_bytes |
integer |
File size in bytes | required |
mime_type |
string |
MIME type of the uploaded file (e.g. image/jpeg, application/pdf) | required |
attachment_type |
enum |
Categorization of the attachment purpose | required |
storage_key |
string |
Cloud storage object key or path used to retrieve the file | requiredunique |
storage_bucket |
string |
Cloud storage bucket name where the file is stored | required |
checksum_sha256 |
string |
SHA-256 hash of the file content for integrity verification | required |
description |
text |
Optional free-text description of what the attachment represents | - |
is_deleted |
boolean |
Soft-delete flag; deleted attachments are hidden but retained for audit | required |
deleted_at |
datetime |
Timestamp when the attachment was soft-deleted | - |
deleted_by_user_id |
uuid |
User who performed the soft delete | - |
created_at |
datetime |
Timestamp when the attachment record was created | required |
updated_at |
datetime |
Timestamp of the last update to the record | required |
Database Indexes
idx_activity_attachments_activity_id
Columns: activity_id
idx_activity_attachments_uploaded_by
Columns: uploaded_by_user_id
idx_activity_attachments_storage_key
Columns: storage_key
idx_activity_attachments_created_at
Columns: activity_id, created_at
idx_activity_attachments_not_deleted
Columns: activity_id, is_deleted
Validation Rules
allowed_mime_types
error
Validation failed
max_file_size_50mb
error
Validation failed
file_name_not_empty
error
Validation failed
storage_key_unique
error
Validation failed
checksum_integrity
error
Validation failed
activity_must_exist
error
Validation failed
description_max_length
error
Validation failed
Business Rules
attachment_belongs_to_accessible_activity
A user may only attach files to activities they own or, in the case of coordinators, activities belonging to peer mentors they supervise within the same organization.
max_attachments_per_activity
An activity may have at most 10 attachments to prevent storage abuse.
attachment_module_toggle_required
Document attachments are an optional module (document-attachments feature). The API must check that the uploading user's organization has this module enabled before allowing attachment creation.
soft_delete_only
Attachments are never hard-deleted from the database; is_deleted is set to true and the deleted_at/deleted_by fields are populated. Physical file deletion from cloud storage is handled asynchronously by a background job.
immutable_after_activity_approval
Once the parent activity has been approved by a coordinator or administrator, attachments cannot be added or deleted without re-opening the activity for correction.
organization_data_isolation
Attachments are accessible only to users within the same organization as the parent activity. Global admins require an explicit support access grant.