Closed vincent-olivert-riera closed 8 months ago
kfdm
commented
8 months ago I think we can't just do this as-is, because Sender can sometimes include sensitive information.
Audit.log() uses model_to_dict to dump all the information, and we need to ensure the value field can not accidentally be logged.
vincent-olivert-riera
commented
8 months ago I think we can't just do this as-is, because Sender can sometimes include sensitive information.
Audit.log() uses model_to_dict to dump all the information, and we need to ensure the
valuefield can not accidentally be logged.
According to my tests, when the "alias" field has been populated, that is what is displayed in the logs. Otherwise the value is displayed.
Is that not good enough? If users do not set an alias, I guess we can assume they don't care if the value is displayed.
kfdm
commented
8 months ago Try clicking the 'show' button to see all the details that are stored
vincent-olivert-riera
commented
8 months ago Try clicking the 'show' button to see all the details that are stored
Oh, I didn't check that "Show" button. Thanks!
I fixed that issue in 5df5890.
kfdm
commented
8 months ago LGTM. Rebase and I'll do a final check.
vincent-olivert-riera
commented
8 months ago LGTM. Rebase and I'll do a final check.
Done.
We had a query for listing notifiers in views.py::AuditList, however, we never registered any logs from signals.py, therefore the result of that query was always empty.
This commit adds the necessary instructions for registering logs when creating, updating or deleting notifiers, so they will appear in the audit logs.