Feature #39774
open
Add logging for issue deletion
0%
Description
The attached patch introduces a new feature in the Issue model to log every issue deletion, enhancing audit trails.
My clients sometimes ask me to identify when and who deleted an issue, especially when deletions are accidental. For a single issue, you can pinpoint the responsible user by finding a line in the production.log that begins with "DELETE /issues/". From the following log, for instance, shows that "admin" deleted issue #1 at 2023-12-04 21:30:11.
Started DELETE "/issues/1" for 127.0.0.1 at 2023-12-04 21:30:11 +0900
Processing by IssuesController#destroy as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"ivRuWNmGQjuDdNNgG6EeQLCF5b82SF3lx8-AwC-ML7CZ39cktgG40TiwjsmfOk0Wexs3UQsFt-cjT7dGOHt3Lg", "ids"=>["1"], "todo"=>"destroy", "reassign_to_id"=>"", "commit"=>"Apply", "id"=>"1"}
Current user: admin (id=1)
Redirected to http://localhost:3000/projects/ecookbook/issues
Completed 302 Found in 31ms (ActiveRecord: 5.7ms | Allocations: 14032)
However, identifying deletions is not possible when multiple issues are involved. For example, if issue #1 with subtask #15 and #16 is deleted, the log does not record the deletion of these subtasks. This lack of detailed logging poses a significant auditing problem.
To address this, the attached patch ensures that a "Deleted issue: ..." line is output to the production.log for each deleted issue, as shown below. This enhancement allows for comprehensive tracking of issue deletions.
Started DELETE "/issues/1" for 127.0.0.1 at 2023-12-04 21:45:17 +0900
Processing by IssuesController#destroy as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"i6hBpwCTeMt_ZpTAeq5zWyOlVMCi0Lxdv2n7SM7y0hKIrzgAIsxdNIqavoyNgpRIfQFOwqc6TLzBexEphZR2Ug", "ids"=>["1"], "todo"=>"destroy", "reassign_to_id"=>"", "commit"=>"Apply", "id"=>"1"}
Current user: admin (id=1)
Deleted issue: 'Feature request #15: Add a great feature' by Redmine Admin
Deleted issue: 'Bug #16: Serious bug that must be fixed ASAP' by Redmine Admin
Deleted issue: 'Bug #1: Cannot print recipes' by Redmine Admin
Redirected to http://localhost:3000/projects/ecookbook/issues
Completed 302 Found in 54ms (ActiveRecord: 10.1ms | Allocations: 32921)
Files
Updated by
Updated by Lorenzo Meneghetti 5 months ago
Go MAEDA wrote:
The attached patch introduces a new feature in the Issue model to log every issue deletion, enhancing audit trails.
My clients sometimes ask me to identify when and who deleted an issue, especially when deletions are accidental. For a single issue, you can pinpoint the responsible user by finding a line in the production.log that begins with "DELETE /issues/". From the following log, for instance, shows that "admin" deleted issue
#1at 2023-12-04 21:30:11.[...]
However, identifying deletions is not possible when multiple issues are involved. For example, if issue
#1with subtask#15and#16is deleted, the log does not record the deletion of these subtasks. This lack of detailed logging poses a significant auditing problem.To address this, the attached patch ensures that a "Deleted issue: ..." line is output to the production.log for each deleted issue, as shown below. This enhancement allows for comprehensive tracking of issue deletions.
[...]
What about for this to deliver a new global settings to enable issue deletion audit to be logged separately in a log called auditable_actions.log
Logging a large number of issues shouldn't be a problem otherwise what kind of audit would it be!