[MAGNOLIA-7459] Audit logging publish/unpublish actions with requestor user name Created: 27/Jul/18 Updated: 16/Apr/19 Resolved: 20/Feb/19 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | 5.6, 5.7, 6.0 |
| Fix Version/s: | 5.6.9, 5.7.3, 6.1 |
| Type: | Bug | Priority: | Major |
| Reporter: | Richard Gange | Assignee: | Adam Siska |
| Resolution: | Fixed | Votes: | 2 |
| Labels: | None | ||
| Remaining Estimate: | 0d | ||
| Time Spent: | 0.5d | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||
| Template: |
|
||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||||||||||||||||||
| Release notes required: |
Yes
|
||||||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||||||
| Epic Link: | Support | ||||||||||||||||||||||||
| Sprint: | Foundation 4, Foundation 5 | ||||||||||||||||||||||||
| Story Points: | 3 | ||||||||||||||||||||||||
| Description |
|
Audit logging configuration has stopped working since the introduction of the new publishing modules. See /server/auditLogging
|
| Comments |
| Comment by Viet Nguyen [ 05/Sep/18 ] |
|
Added SUPPORT-9030 to the list. |
| Comment by Viet Nguyen [ 05/Sep/18 ] |
|
Commented on our Audit logging documentation here |
| Comment by Viet Nguyen [ 05/Sep/18 ] |
|
Please also consider to update our bootstrap located in https://git.magnolia-cms.com/projects/PLATFORM/repos/main/browse/magnolia-core/src/main/resources/mgnl-bootstrap/core/config.server.auditLogging.xml |
| Comment by Thomas Duffey [ 05/Sep/18 ] |
|
DefaultSender has access to Context which should have the userName attribute of who is activating. Can we update to use that? |
| Comment by Richard Gange [ 05/Sep/18 ] |
|
I've asked about changing the prio on this. I went ahead and changed it to Major on the ticket. I'll let you know. |
| Comment by Thomas Duffey [ 05/Sep/18 ] |
|
Thanks Rich and FYI there also appears to be a related bug in AuditLoggingUtil line 81 – timestamp should not be included in the data array. Including it causes both a formatted timestamp and the original long timestamp being included in the log message. |
| Comment by Viet Nguyen [ 06/Sep/18 ] |
|
Thanks tduffey for below information, I just copy it here so that when fixing the issue we will not forget to fix this:
public static void log(String action, long timeStamp, String workspaceName, NodeType nodeType, String path, String pathTo) {
AuditLoggingUtil.log(action, new String[]{String.valueOf(timeStamp), AuditLoggingUtil.getUser(), workspaceName, nodeType == null ? "" : nodeType.getName(), path, pathTo == null ? "" : pathTo});
}
The above should not be including timestamp in the data array. |
| Comment by Bence Vass [ 20/Nov/18 ] |
|
Please consider the following scenarios: Publishing in dam/website with workflow - username has to be the name of the user who started the workflow, not superuser |
| Comment by Viet Nguyen [ 28/Jan/19 ] |
|
Then let's say we need to improve our Audit logging function so that it could log both the requester as you said is the user who started the workflow. Including the performer who actually has the permission to do it and allowed to run background process with access to system configuration such as 'superuser'. That one is the one who the task is actually delegated to. |
| Comment by Hieu Nguyen Duc [ 22/Feb/19 ] |
|
Just a minor concern; after adding "publish" and "unpublish" nodes, should "activate" and "deactivate" be removed? They don't seem to have any effect at least in 5.6, 5.7 and 6.x. |
| Comment by Adam Siska [ 22/Feb/19 ] |
|
According to this page https://documentation.magnolia-cms.com/display/DOCS60/Publishing+and+activation they should be still available. |