Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log who deleted products (and other records) #12452

Open
dacook opened this issue May 9, 2024 · 2 comments · Fixed by #12457
Open

Log who deleted products (and other records) #12452

dacook opened this issue May 9, 2024 · 2 comments · Fixed by #12457
Assignees
@abdellani

Comments

@dacook
Copy link
Member

dacook commented May 9, 2024
edited

What is the problem we are solving

While investigating this issue, we found it would be super helpful if we had a log of who deleted certain products.
Products in our system are never fully deleted, only soft-deleted.

We do currently log delete actions like this for example (in apps/openfoodnetwork/current/log/production.log):

I, [2024-05-06 05:40:46 #30283]  INFO -- : Started DELETE "/api/v0/products/30490" for 119.12.214.45 at 2024-05-06 05:40:46 +0000

But this only contains an IP address, which is not very helpful for determining who did it.
Also, it's possible some other actions could cause delete of a product (I haven't checked, but I can imagine delete of an enterprise would also result in products deleted).

Also, currently we don't have any guarantees of how long these logs are available on the server, and could be cleared after only a couple of days.

Success factors = expected outcome

At least a dev could find out who deleted a product.

Suggested solution

It was proposed in #12431 (comment) that saving to a log file is the best way to manage this. It could be added to the main log file, but I suggest a separate log.
This would be complemented by:

We can probably add an ActiveRecord hook somewhere to catch most deletes of any record. It's a bit of extra work to track the user ID, but I think do-able (see proof of concept in PR), we could add to products to begin with.
@dacook dacook mentioned this issue May 9, 2024
Closed
4 tasks
@abdellani abdellani mentioned this issue May 9, 2024
Merged
4 tasks
@abdellani
Copy link
Member

Hi @dacook

I tried this #12457
what do you think?

@dacook dacook reopened this May 20, 2024
@dacook
Copy link
Member Author

dacook commented May 20, 2024

Thanks Mohamed! I've merged but will keep this open as it doesn't yet cover the new products_v3 screen.

Here are some suggestions for next steps, what do you think?

  1. So far this only logs when the user_id is provided. We could enhance it to always log even when the user_id is unknown (eg just "Spree::Product 13 deleted"`). Then it would be super easy to add the module to many models, and would cover all methods of deleting (it doesn't currently cover deleting from the new products_v3 screen).

  2. The user_id isn't named, so it's not clear what the number is. It might be helpful to also log the user's name or email. Eg: "Spree::Product 13 deleted by user 1 <example@email.com>"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abdellani abdellani

Labels
None yet
Projects
OFN Delivery board
Status: In Progress ⚙
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Log who deleted products on current bulk edit products screen abdellani/openfoodnetwork
2 participants
@dacook @abdellani