You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While investigating this issue, we found it would be super helpful if we had a log of who deleted certain products.
Products in our system are never fully deleted, only soft-deleted.
We do currently log delete actions like this for example (in apps/openfoodnetwork/current/log/production.log):
I, [2024-05-06 05:40:46 #30283] INFO -- : Started DELETE "/api/v0/products/30490" for 119.12.214.45 at 2024-05-06 05:40:46 +0000
But this only contains an IP address, which is not very helpful for determining who did it.
Also, it's possible some other actions could cause delete of a product (I haven't checked, but I can imagine delete of an enterprise would also result in products deleted).
Also, currently we don't have any guarantees of how long these logs are available on the server, and could be cleared after only a couple of days.
Success factors = expected outcome
At least a dev could find out who deleted a product.
Suggested solution
It was proposed in #12431 (comment) that saving to a log file is the best way to manage this. It could be added to the main log file, but I suggest a separate log.
This would be complemented by:
We can probably add an ActiveRecord hook somewhere to catch most deletes of any record. It's a bit of extra work to track the user ID, but I think do-able (see proof of concept in PR), we could add to products to begin with.
The text was updated successfully, but these errors were encountered:
Thanks Mohamed! I've merged but will keep this open as it doesn't yet cover the new products_v3 screen.
Here are some suggestions for next steps, what do you think?
So far this only logs when the user_id is provided. We could enhance it to always log even when the user_id is unknown (eg just "Spree::Product 13 deleted"`). Then it would be super easy to add the module to many models, and would cover all methods of deleting (it doesn't currently cover deleting from the new products_v3 screen).
The user_id isn't named, so it's not clear what the number is. It might be helpful to also log the user's name or email. Eg: "Spree::Product 13 deleted by user 1 <example@email.com>"
What is the problem we are solving
While investigating this issue, we found it would be super helpful if we had a log of who deleted certain products.
Products in our system are never fully deleted, only soft-deleted.
We do currently log delete actions like this for example (in
apps/openfoodnetwork/current/log/production.log
):But this only contains an IP address, which is not very helpful for determining who did it.
Also, it's possible some other actions could cause delete of a product (I haven't checked, but I can imagine delete of an enterprise would also result in products deleted).
Also, currently we don't have any guarantees of how long these logs are available on the server, and could be cleared after only a couple of days.
Success factors = expected outcome
At least a dev could find out who deleted a product.
Suggested solution
It was proposed in #12431 (comment) that saving to a log file is the best way to manage this. It could be added to the main log file, but I suggest a separate log.
This would be complemented by:
We can probably add an ActiveRecord hook somewhere to catch most deletes of any record. It's a bit of extra work to track the user ID, but I think do-able (see proof of concept in PR), we could add to products to begin with.
The text was updated successfully, but these errors were encountered: