-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add location addition, removal, and change of main location to the audit log #37
Conversation
@@ -2906,6 +2906,11 @@ static function updateMainNodeID( $mainNodeID, $objectID, $version = false, $par | |||
} | |||
|
|||
$db->commit(); | |||
eZAudit::writeAudit( 'main-node-update', array( 'Parent Node ID' => $parentMainNodeID, | |||
'Main Node ID' => $mainNodeID, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we be providing information about the old node ID?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am going to update the code and log the old main node id and also the old parent node id
@@ -809,7 +809,11 @@ static public function addAssignment( $nodeID, $objectID, $selectedNodeIDArray ) | |||
} | |||
if ( $locationAdded ) | |||
{ | |||
|
|||
eZAudit::writeAudit( 'location-assign', array( 'Selected Node ID Array' => implode( ', ' , $selectedNodeIDArray ), | |||
'Node ID' => $nodeID, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What node ID is this? Can we maybe provide info on the main node ID and then info about what locations were added?
'Node ID' => $nodeID, | ||
'Content object ID' => $object->attribute( 'id' ), | ||
'Content object name' => $object->attribute( 'name' ), | ||
'Comment' => 'Assigned new locations to the current node: eZContentOperationCollection::addAssignment()' ) ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about locations that were removed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this operation is only for new locations
@@ -866,6 +870,11 @@ static public function removeNodes( array $removeNodeIdList ) | |||
|
|||
if ( !isset( $objectIdList[$objectId] ) ) | |||
$objectIdList[$objectId] = eZContentObject::fetch( $objectId ); | |||
eZAudit::writeAudit( 'location-remove', array( 'Parent Node ID' => $node->attribute( 'parent_node_id' ), | |||
'Node ID' => $nodeId, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we be clear about which node ID was removed, and be clear on what is the (new) main node ID?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a note here, this function is a mess and I decided to log each node individually, but yes, we can provide the information about the main node, currently the Node ID refers to the removed node.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am working on patch to show the new main node id in this log but it also good to not that such info is always added to the main_node_update.log regardless.
settings/audit.ini
Outdated
# Who removed a location of a node | ||
AuditFileNames[location-remove]=location_remove.log | ||
|
||
# Who update the main node |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"update" should be "updated"
53e025b
to
ea5e9cd
Compare
I have updated the code according to Peter's feedback. |
ea5e9cd
to
cdecc01
Compare
Hi Thiago, I now had some time to review the pull request:
That way we end up with a single line in the 'updateMainNodeID' function:
That way, we get now performance penalty if the audit log is not enabled. |
cdecc01
to
4560d33
Compare
I moved the update node log sql operation to eZAudit::writeAudit but keep in mind I needed to call the function before the main node is updated so we can have access to the old parent/main nodes info. |
Hi Thiago, I hope you don't mind that we do a few iterations on this. I know the process is a bit painful but I'm sure we'll have a great result: Currently your pull request is calling eZAudit::writeAudit in kernel/content/ezcontentoperationcollection.php (2 times) and in kernel/classes/ezcontentobjecttreenode.php (1 time). I think we should only use kernel/content/ezcontentoperationcollection.php to call eZAudit::writeAudit. So basically I suggest to have this code in
directly after
Line 1262 in kernel/content/ezcontentoperationcollection.php With that code we don't have to touch kernel/classes/ezcontentobjecttreenode.php at all. |
Another thing in eZAudit::writeAudit I don't think we need a custom SQL statement - writeAudit gets called before we updated the main node id. So we can get the old main node id from the object very easily:
|
In case of eZContentOperationCollection::removeNodes I think we should fire of 2 different types of audit entries:
So I suggest this code for the foreach loop:
It is just reporting if a deleted node used to be a main node. I think that's good enough. Then this code for the foreach which is setting a new (random) main node:
I don't think it will report the old main node id because that node already got deleted but we have that information in the 'location-remove' log file. |
Side note: the admin UI does not allow you to remove the main node - the checkbox is disabled. But you can edit the page HTML (remove the disabled attribute) and then submit the form. |
"I don't think we need a custom SQL statement - writeAudit gets called before we updated the main node id. So we can get the old main node id from the object very easily:" If I remeber that correctly when you fetch an object it will be cached, and next time the fetch function is called eZ will get the cached version that is why I wrote the sql query (to avoid any possible cache issues) |
I think that's true, there is a chance that you access an ezobject with outdated data. In case of this pull request I don't think it matters: the code is writing the audit log entry before the database gets updated. You don't have the problem of accessing outdated data. |
I think this should be reviewed a bit further, there is a request to remove the main node update log from ezcontentobjecttreenode, because it seems to be better to put it in the eZContentOperationCollection file, but then we need to replicate the code in two places ( updateMainAssignment and removeNodes ), which brings the question what about custom code that removes objects and update main node without using the eZContentOperationCollection? I think we should think about where to place it in order to maximize the likelihood of the code being called. And thinking about the cache issue again and custom codes, I think fetching an object just about when it is going to be updated without clearing the cache after can possibly break several existing custom codes, and as long the performance here might be one issue I am still favoring the sql query. |
I understand that we replicate the code if we don't have it in ezcontentobjecttreenode and I agree it's not very nice. For the custom SQL statement: I don't see a problem fetching an object BEFORE it gets updated. I don't see why we cannot rely on the results in that use case. |
Some notes: 'Old Main Node ID' => '', Are important to make it easier to specify the correct information position in the output. I am keeping the SQL query due to the issues that can happen afterwards |
Actually by moving the main node update function from ezcontentobjecttreenode to ezcontentoperationcollection the SQL fails when removing the main node, before it would work just fine, I am now going to check what happens when fetching the object (but in this case it might not be bc as long we will ignore what happens afterwards) |
The change about moving the update node log from ezcontentobjecttreenode to ezcontentoperationcollection also doesn't log the parent node id and main node id even if fetching the object instead of using the sql. I would say the current pull request has the more stable code and is also bc (won't break what happens afterwards). |
The test I made. Add a secondary location to a node. Before the proposed changes it should log just fine the info, after the changes it won't log the old parent node id and old main node id. |
Actually current code also fails in that test case. |
My conclusion here is that we should log the info that we have on hand without needing to execute extra queries or content fetches no matter what. The issues started happening when we tried to log the old parent node id and old main node, those information is still available in the logs in one way or another, we can back trap main node changes and even object creation or removal. So my proposal is to not try to log extra info if we need to execute fetches and queries, that means for the main node update we should only log Content object ID. New Main Node ID, New Parent Node ID, and forget even about object name if that requires a fetch or sql query |
That makes a lot sense.
…On Feb 23, 2017 12:38 PM, "Thiago Campos Viana" ***@***.***> wrote:
My conclusion here is that we should log the info that we have on hand
without needing to execute extra queries or content fetches no matter what.
The issues started happening when we tried to log the old parent node id
and old main node, those information is still available in the logs in one
way or another, we can back trap main node changes and even object creation
or removal.
So my proposal is to not try to log extra info if we need to execute
fetches and queries, that means for the main node update we should only log
Content object ID. New Main Node ID, New Parent Node ID, and forget even
about object name if that requires a fetch or sql query
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#37 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABKZv-rzpxNokEIagztFL46rgPUSHmGPks5rfe49gaJpZM4Ltwgq>
.
|
4560d33
to
1c3c5e1
Compare
I created a new pull request which doesn't execute the fetch, it is simpler but logs all the information that are really useful, I have also changed so we call the update main node audit on eZContentOperationCollection instead of eZContentObjectTreeNode |
I tested it. Looks good to me. +1 |
I have run some tests on this. On my test I have added a new location to an object --it got logged.
Is this the correct behavior? |
Test results look correct. |
Content move is covered by the audit log, but these actions don't appear to be:
Add a location
Remove a location (but not remove the object)
Change the main location
Knowing who performed these actions could help troubleshoot issues