Feature #39774
openAdd logging for issue deletion
0%
Description
The attached patch introduces a new feature in the Issue model to log every issue deletion, enhancing audit trails.
My clients sometimes ask me to identify when and who deleted an issue, especially when deletions are accidental. For a single issue, you can pinpoint the responsible user by finding a line in the production.log that begins with "DELETE /issues/". From the following log, for instance, shows that "admin" deleted issue #1
at 2023-12-04 21:30:11.
Started DELETE "/issues/1" for 127.0.0.1 at 2023-12-04 21:30:11 +0900 Processing by IssuesController#destroy as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"ivRuWNmGQjuDdNNgG6EeQLCF5b82SF3lx8-AwC-ML7CZ39cktgG40TiwjsmfOk0Wexs3UQsFt-cjT7dGOHt3Lg", "ids"=>["1"], "todo"=>"destroy", "reassign_to_id"=>"", "commit"=>"Apply", "id"=>"1"} Current user: admin (id=1) Redirected to http://localhost:3000/projects/ecookbook/issues Completed 302 Found in 31ms (ActiveRecord: 5.7ms | Allocations: 14032)
However, identifying deletions is not possible when multiple issues are involved. For example, if issue #1
with subtask #15
and #16
is deleted, the log does not record the deletion of these subtasks. This lack of detailed logging poses a significant auditing problem.
To address this, the attached patch ensures that a "Deleted issue: ..." line is output to the production.log for each deleted issue, as shown below. This enhancement allows for comprehensive tracking of issue deletions.
Started DELETE "/issues/1" for 127.0.0.1 at 2023-12-04 21:45:17 +0900 Processing by IssuesController#destroy as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"i6hBpwCTeMt_ZpTAeq5zWyOlVMCi0Lxdv2n7SM7y0hKIrzgAIsxdNIqavoyNgpRIfQFOwqc6TLzBexEphZR2Ug", "ids"=>["1"], "todo"=>"destroy", "reassign_to_id"=>"", "commit"=>"Apply", "id"=>"1"} Current user: admin (id=1) Deleted issue: 'Feature request #15: Add a great feature' by Redmine Admin Deleted issue: 'Bug #16: Serious bug that must be fixed ASAP' by Redmine Admin Deleted issue: 'Bug #1: Cannot print recipes' by Redmine Admin Redirected to http://localhost:3000/projects/ecookbook/issues Completed 302 Found in 54ms (ActiveRecord: 10.1ms | Allocations: 32921)
Files
Related issues
Updated by Go MAEDA about 1 year ago
- File deleted (
add_logging_for_issue_deletion.patch)
Updated by Go MAEDA about 1 year ago
Updated by Go MAEDA about 1 year ago
The current patch has a problem that a large amount of logs are output when deleting a project that has a large number of issues. It may be better to not output logs when issues are deleted as a result of project deletion.
Updated by Lorenzo Meneghetti about 1 year ago
Go MAEDA wrote:
The attached patch introduces a new feature in the Issue model to log every issue deletion, enhancing audit trails.
My clients sometimes ask me to identify when and who deleted an issue, especially when deletions are accidental. For a single issue, you can pinpoint the responsible user by finding a line in the production.log that begins with "DELETE /issues/". From the following log, for instance, shows that "admin" deleted issue
#1
at 2023-12-04 21:30:11.[...]
However, identifying deletions is not possible when multiple issues are involved. For example, if issue
#1
with subtask#15
and#16
is deleted, the log does not record the deletion of these subtasks. This lack of detailed logging poses a significant auditing problem.To address this, the attached patch ensures that a "Deleted issue: ..." line is output to the production.log for each deleted issue, as shown below. This enhancement allows for comprehensive tracking of issue deletions.
[...]
What about for this to deliver a new global settings to enable issue deletion audit to be logged separately in a log called auditable_actions.log
Logging a large number of issues shouldn't be a problem otherwise what kind of audit would it be!
Updated by Go MAEDA 5 months ago
- Related to Feature #25924: add project name and issue subject for redmine log file when user delete issue added