Project

General

Profile

Actions

Feature #39774

open

Add logging for issue deletion

Added by Go MAEDA about 1 year ago. Updated 10 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Issues
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

The attached patch introduces a new feature in the Issue model to log every issue deletion, enhancing audit trails.

My clients sometimes ask me to identify when and who deleted an issue, especially when deletions are accidental. For a single issue, you can pinpoint the responsible user by finding a line in the production.log that begins with "DELETE /issues/". From the following log, for instance, shows that "admin" deleted issue #1 at 2023-12-04 21:30:11.

Started DELETE "/issues/1" for 127.0.0.1 at 2023-12-04 21:30:11 +0900
Processing by IssuesController#destroy as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"ivRuWNmGQjuDdNNgG6EeQLCF5b82SF3lx8-AwC-ML7CZ39cktgG40TiwjsmfOk0Wexs3UQsFt-cjT7dGOHt3Lg", "ids"=>["1"], "todo"=>"destroy", "reassign_to_id"=>"", "commit"=>"Apply", "id"=>"1"}
  Current user: admin (id=1)
Redirected to http://localhost:3000/projects/ecookbook/issues
Completed 302 Found in 31ms (ActiveRecord: 5.7ms | Allocations: 14032)

However, identifying deletions is not possible when multiple issues are involved. For example, if issue #1 with subtask #15 and #16 is deleted, the log does not record the deletion of these subtasks. This lack of detailed logging poses a significant auditing problem.

To address this, the attached patch ensures that a "Deleted issue: ..." line is output to the production.log for each deleted issue, as shown below. This enhancement allows for comprehensive tracking of issue deletions.

Started DELETE "/issues/1" for 127.0.0.1 at 2023-12-04 21:45:17 +0900
Processing by IssuesController#destroy as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"i6hBpwCTeMt_ZpTAeq5zWyOlVMCi0Lxdv2n7SM7y0hKIrzgAIsxdNIqavoyNgpRIfQFOwqc6TLzBexEphZR2Ug", "ids"=>["1"], "todo"=>"destroy", "reassign_to_id"=>"", "commit"=>"Apply", "id"=>"1"}
  Current user: admin (id=1)
Deleted issue: 'Feature request #15: Add a great feature' by Redmine Admin
Deleted issue: 'Bug #16: Serious bug that must be fixed ASAP' by Redmine Admin
Deleted issue: 'Bug #1: Cannot print recipes' by Redmine Admin
Redirected to http://localhost:3000/projects/ecookbook/issues
Completed 302 Found in 54ms (ActiveRecord: 10.1ms | Allocations: 32921)

Files


Related issues

Related to Redmine - Feature #25924: add project name and issue subject for redmine log file when user delete issueNew

Actions
Actions #1

Updated by Go MAEDA about 1 year ago

  • File deleted (add_logging_for_issue_deletion.patch)
Actions #3

Updated by Go MAEDA about 1 year ago

The current patch has a problem that a large amount of logs are output when deleting a project that has a large number of issues. It may be better to not output logs when issues are deleted as a result of project deletion.

Actions #4

Updated by Lorenzo Meneghetti about 1 year ago

Go MAEDA wrote:

The attached patch introduces a new feature in the Issue model to log every issue deletion, enhancing audit trails.

My clients sometimes ask me to identify when and who deleted an issue, especially when deletions are accidental. For a single issue, you can pinpoint the responsible user by finding a line in the production.log that begins with "DELETE /issues/". From the following log, for instance, shows that "admin" deleted issue #1 at 2023-12-04 21:30:11.

[...]

However, identifying deletions is not possible when multiple issues are involved. For example, if issue #1 with subtask #15 and #16 is deleted, the log does not record the deletion of these subtasks. This lack of detailed logging poses a significant auditing problem.

To address this, the attached patch ensures that a "Deleted issue: ..." line is output to the production.log for each deleted issue, as shown below. This enhancement allows for comprehensive tracking of issue deletions.

[...]

What about for this to deliver a new global settings to enable issue deletion audit to be logged separately in a log called auditable_actions.log
Logging a large number of issues shouldn't be a problem otherwise what kind of audit would it be!

Actions #5

Updated by Go MAEDA 5 months ago

  • Related to Feature #25924: add project name and issue subject for redmine log file when user delete issue added
Actions

Also available in: Atom PDF