Project

General

Profile

Actions

Feature #39774

open

Add logging for issue deletion

Added by Go MAEDA 3 months ago. Updated 37 minutes ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Issues
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

The attached patch introduces a new feature in the Issue model to log every issue deletion, enhancing audit trails.

My clients sometimes ask me to identify when and who deleted an issue, especially when deletions are accidental. For a single issue, you can pinpoint the responsible user by finding a line in the production.log that begins with "DELETE /issues/". From the following log, for instance, shows that "admin" deleted issue #1 at 2023-12-04 21:30:11.

Started DELETE "/issues/1" for 127.0.0.1 at 2023-12-04 21:30:11 +0900
Processing by IssuesController#destroy as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"ivRuWNmGQjuDdNNgG6EeQLCF5b82SF3lx8-AwC-ML7CZ39cktgG40TiwjsmfOk0Wexs3UQsFt-cjT7dGOHt3Lg", "ids"=>["1"], "todo"=>"destroy", "reassign_to_id"=>"", "commit"=>"Apply", "id"=>"1"}
  Current user: admin (id=1)
Redirected to http://localhost:3000/projects/ecookbook/issues
Completed 302 Found in 31ms (ActiveRecord: 5.7ms | Allocations: 14032)

However, identifying deletions is not possible when multiple issues are involved. For example, if issue #1 with subtask #15 and #16 is deleted, the log does not record the deletion of these subtasks. This lack of detailed logging poses a significant auditing problem.

To address this, the attached patch ensures that a "Deleted issue: ..." line is output to the production.log for each deleted issue, as shown below. This enhancement allows for comprehensive tracking of issue deletions.

Started DELETE "/issues/1" for 127.0.0.1 at 2023-12-04 21:45:17 +0900
Processing by IssuesController#destroy as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"i6hBpwCTeMt_ZpTAeq5zWyOlVMCi0Lxdv2n7SM7y0hKIrzgAIsxdNIqavoyNgpRIfQFOwqc6TLzBexEphZR2Ug", "ids"=>["1"], "todo"=>"destroy", "reassign_to_id"=>"", "commit"=>"Apply", "id"=>"1"}
  Current user: admin (id=1)
Deleted issue: 'Feature request #15: Add a great feature' by Redmine Admin
Deleted issue: 'Bug #16: Serious bug that must be fixed ASAP' by Redmine Admin
Deleted issue: 'Bug #1: Cannot print recipes' by Redmine Admin
Redirected to http://localhost:3000/projects/ecookbook/issues
Completed 302 Found in 54ms (ActiveRecord: 10.1ms | Allocations: 32921)

Files

Actions #1

Updated by Go MAEDA 3 months ago

  • File deleted (add_logging_for_issue_deletion.patch)
Actions #3

Updated by Go MAEDA 3 months ago

The current patch has a problem that a large amount of logs are output when deleting a project that has a large number of issues. It may be better to not output logs when issues are deleted as a result of project deletion.

Actions #4

Updated by Lorenzo Meneghetti 3 months ago

Go MAEDA wrote:

The attached patch introduces a new feature in the Issue model to log every issue deletion, enhancing audit trails.

My clients sometimes ask me to identify when and who deleted an issue, especially when deletions are accidental. For a single issue, you can pinpoint the responsible user by finding a line in the production.log that begins with "DELETE /issues/". From the following log, for instance, shows that "admin" deleted issue #1 at 2023-12-04 21:30:11.

[...]

However, identifying deletions is not possible when multiple issues are involved. For example, if issue #1 with subtask #15 and #16 is deleted, the log does not record the deletion of these subtasks. This lack of detailed logging poses a significant auditing problem.

To address this, the attached patch ensures that a "Deleted issue: ..." line is output to the production.log for each deleted issue, as shown below. This enhancement allows for comprehensive tracking of issue deletions.

[...]

What about for this to deliver a new global settings to enable issue deletion audit to be logged separately in a log called auditable_actions.log
Logging a large number of issues shouldn't be a problem otherwise what kind of audit would it be!

Actions

Also available in: Atom PDF