bedezign / yii2-audit Goto Github PK

i made a view, but its quite lite... need to spend some time getting a really nice looking error view page, something like the error that displays on the page when YII_DEBUG=true

track $request->getIsAjax() to the audit_entry table

With all the huge data changes and compatibility breaks we did, we might want to consider starting over with a nice clean set of migration scripts. Per @cornernote's suggestion we should definitely keep the old scripts in a subdirectory and update them to end up with the database format that we use in (i assume) 0.2
The last "old" migration script should probably batch insert the names of the new set into the migrations table, so that users can seamlessly continue with the rest

I think the module should have it's own layout, and should only use the applications layout if it's provided as a configuration option to the module.

I really like how the yii2-debug module is laid out. Should we aim for something like that?

in yii1 i used to also store the audit_trail_count in the audit_entry table... then i can delete all records with audit_trail_count=0 after a short period, but retain the data with trails for longer

The README file is getting to large, we should split it in /docs/*.md for the specialised functionality and only keep the features/installation in the main doc.

In the 2 partials I created:
https://github.com/bedezign/yii2-audit/blob/master/views/_audit_entry_id.php
https://github.com/bedezign/yii2-audit/blob/master/views/_audit_trails.php

I would like to be able to render a link to the audit view page, but only if the user has access. Do you know how I can check this?

https://github.com/bedezign/yii2-audit/blob/fcacdf8a3c48e1d63c879af74a2151b5fd5b39cf/tests/unit/AuditTrailBehaviorTest.php

[24/06/2015 11:54:29 PM] antonio ramirez cobos: @brett how is the audit logs saved?
[24/06/2015 11:54:56 PM] antonio ramirez cobos: during request lifecycle?
[24/06/2015 11:55:18 PM] Brett O'Donnell: the trail (db changes) are saved using batchInsert on aftersave
[24/06/2015 11:55:40 PM] antonio ramirez cobos: so is saved synchronously during app execution right?
[24/06/2015 11:55:57 PM] Brett O'Donnell: the initial request data is saved when app starts, or when an audit_entry_id is needed (by trail or error)
[24/06/2015 11:56:14 PM] Brett O'Donnell: and the final data (aka motherload) is saved at the end of the request
[24/06/2015 11:56:27 PM] antonio ramirez cobos: then this extension is only good for small apps with not many requests. I highly recommend you to implement async (workers) for audit log data recording
[24/06/2015 11:56:32 PM] Brett O'Donnell: at the same time the yii2-debug module saves its data
[24/06/2015 11:56:48 PM] antonio ramirez cobos: also... check Event Bus systems to do that...
[24/06/2015 11:57:19 PM] antonio ramirez cobos: i do not say the extension is bad... i am saying the extension is not fit for big apps with many requests
[24/06/2015 11:57:33 PM] Brett O'Donnell: can you define many ?
[24/06/2015 11:57:57 PM] antonio ramirez cobos: 10,000 requests per second?
[24/06/2015 11:58:09 PM] Brett O'Donnell: yeah, thats many
[24/06/2015 11:58:38 PM] antonio ramirez cobos: we worked with audit trail and we worked with that in an application that serves that amount of request. is useless.
[24/06/2015 11:58:45 PM] antonio ramirez cobos: but
[24/06/2015 11:58:57 PM] antonio ramirez cobos: adding the async behavior to it... thats a different story
[24/06/2015 11:59:12 PM] Brett O'Donnell: how do you do that ?
[24/06/2015 11:59:28 PM] Brett O'Donnell: like call gearman or similar to do the writes ?
[24/06/2015 11:59:35 PM] antonio ramirez cobos: ZeroMQ, Rabbit, or workers
[12:01:35 AM] antonio ramirez cobos: have a look at this: https://github.com/beberlei/litecqrs-php
implements Event Bus system based on DDD + CQRS. I believe that can be also done with it. CQRS actually works with Versioning, that is, an Entity can be saved in the database with version history in it. That way, if anything happens, you do not only can see what happens but also rollback on history on every action performed.
[12:02:02 AM] antonio ramirez cobos: is just to check and see how other systems work...
[12:02:51 AM] antonio ramirez cobos: or https://github.com/qandidate-labs/broadway
[12:04:23 AM] antonio ramirez cobos: the reason is that I believe that Audit Trail may work as a set of events that fired along the request lifecycle and providing the async functionality, which releases the app from audit logging storage process, would make your extensions a rock solid one.
[12:05:14 AM] antonio ramirez cobos: it can still work like it is right now... but big requests apps won't be able to use it and if they do, they will have to change it in the future.
[4:52:22 AM] antonio ramirez cobos: you define a server queue listener and send the jobs there right?
[4:53:55 AM] antonio ramirez cobos: looks fine
[4:53:59 AM] antonio ramirez cobos: https://github.com/chrisboulton/php-resque/blob/master/lib/Resque/Worker.php
[4:54:06 AM] antonio ramirez cobos: never tried though
[4:54:20 AM] Tobias Munk: yes
[4:54:34 AM] Tobias Munk: you can simply wrap a command in a job
[4:54:53 AM] Tobias Munk: and also start a worker by wrapping this into a command
[4:55:12 AM] Tobias Munk: with the former you can define, i.e. run the database import for articles
[4:55:20 AM] Tobias Munk: second one does the job
[4:55:36 AM] Tobias Munk: multiple workers, multiple queues
[4:56:03 AM] Tobias Munk: but very simple implementation, 11 records as "data-structure" after installation
[4:57:45 AM] antonio ramirez cobos: well... a good audit trail should use some kind of async process. you should have a look on that @brett

Config option to allow the choice of which data to store. Should also include a way for developers to add their own data.

yii2-debug does this using panels:
http://www.yiiframework.com/doc-2.0/guide-tool-debugger.html
https://github.com/yiisoft/yii2-debug/tree/master/panels

all panels should define a namespace that is used to prefix any stored data. The internal panels will use audit/panel-id. This allows people to add external panels for custom data.

There's an error when trying the following route:

http://localhost/path/to/index.php?r=auditing

The error is:

Call to a member function checkAccess() on null

Maybe it is because I'm using the UserManagment module:

https://github.com/webvimark/user-management

Should we do tracking for cURL calls? How? (eg an Audit::curl()-function that you can pass a curl handle and that will activate verbose and fetching of headers and result?

Add some documentation that explains how to create a new panel.

Also, there is some docs on storing extra data, which I think is not very useful now because they cannot display it without a custom panel. Perhaps there should be a panel for extra-data so that its easy to whack data in without needing to create a panel.

the yii1 module used to track the redirect url, do you know how to do that in yii2 ?

composer require "bedezign/yii2-audit" "dev-master"

Problem 1
- Installation request for bedezign/yii2-audit dev-master -> satisfiable by bedezign/yii2-audit[dev-master].
- bedezign/yii2-audit dev-master requires yiisoft/yii2 dev-master -> no matching package found.

Minimum yii2 requirement should * or a specific version instead of dev-master unstable version

This issues will be used to add screenshots for the documentation.

test suite to ensure everything is working, and keeps working

we currently publish the whole web/assets folder, which contains some php classes... we should be publishing a folder with only the assets in it, not the classes.

We have added a ton of great features thanks to extending yii2-debug, we should list them in the README.

Should also update the screenshots as the module looks a bit different now. NOTE when adding images don't add them to the repo. Instead, add them to an issue, and then just copy the link of the image. That way they are stored on S3 and don't blow out the repo size with binary image data.

Like here - https://github.com/airblade/paper_trail#reverting-and-undeleting-a-model

error view should show full stack trace using a pretty layout, similar to the yii error page

I think we need 2 more properties in the Audit module class:

Audit->userModel = 'app\models\User';
Audit->usernameAttribute = 'username';

when trying to access ?r=auditing/default/trail

1. in D:\wamp\www\basic\vendor\yiisoft\yii2\web\User.php
2. $access = $auth->checkAccess($this->getId(), $permissionName, $params);

I'm using yii2-user. Can it be the problem? Thanks!

We also need to be able to limit access based on IP

1. in ...\vendor\bedezign\yii2-audit\AuditingBehavior.php at line 154
   $log->audit_id = Auditing::current()->getEntry()->id;

Before visiting this awesome project I was starting my own Yii2 port. I have a behavior that does audit with batch insert. It means no need to create a model for each insert, and does all the inserts in 1 SQL command.

https://github.com/cornernote/yii2-audit/blob/master/src/behaviors/AuditFieldBehavior.php#L154

Could you incorporate that into your AuditingBehavior ?

need to purge trails when cleaning up other audit data

Use case:

I want to not insert audit_entry rows, unless there is errors or trails. In the case of errors or trails they should be given an audit_id for grouping and logging purposes. This means the audit_trail.user_id field is no longer required.

The problem:

Some people want to use audit_trail stand-alone, without writing tons of data to the audit_entry and audit_data tables.

The solution:

The audit_entry table should be ultra light - no large data at all. #46 should take care of this. Once it's closed we can force an audit_entry to be created when trails or errors happen, eg:

In AuditingBehavior.php change this:

$entry = Auditing::current() ? Auditing::current()->getEntry() : null;

to this:

$entry = Yii::$app->auditing->getEntry(true);

need to implement an interface and/or base class for the Provider classes

remove field and all references to it

notes: its a feature that was not working, and has since been replaced by a new property redirect.

https://github.com/bedezign/yii2-audit/blob/master/docs/custom-panels.md

• data is obsolete
• memory is useless, all we care about is max_memory
• start_time and end_time are only needed to calculate duration, don't need to store them

When I entered the URL to ../auditing to see the viewer ,
Got this error
..\yiisoft\yii2\i18n\I18N.php

Please help

the yii1 module had a command to email any errors to the developer.

This was very useful and both developers and clients loved it.

Consider the following:

1. An employee does an action that results in an error/exception
2. Developer gets alert via email
3. Developer can click a link to see entire audit data relating to the error
4. Developer fixes bug
5. Developer contacts client and tells them the bug is fixed BEFORE the client reports it.
6. Client believes developer is super awesome at his job.

If you select a query type from the dropdown for example it wil result in a 404

http://www.yiiframework.com/ext/create/

Create a CLI command that takes care of the cleanup of the data. Have it support using a config file to allow specifying different TTL values per panel/data type

1. in D:\wamp\www\yiicomm\vendor\yiisoft\yii2\db\BaseActiveRecord.php

if (!$relation instanceof ActiveQueryInterface) {
if ($throwException) {
throw new InvalidParamException(get_class($this) . ' has no relation named "' . $name . '".');
} else {
return null;
}
}

Should we add support for tracking SOAP calls, and if so, how would we handle custom SoapClient wrappers?

Sometimes its needed to use very long urls and the fields for storing them are not long enough. Very strict configured database will refuse to insert records while the non-strict ones just truncate the data. This should be handled by the module itself before attempting to insert.

For the regular URL there is no data loss given that the request is logged separately, but what about referrer and redirect?

@cloudswitch @MGHollander: I'm opening this issue to group any communication regarding the dedicated trail functionality requested in issue #8

I've just done a commit on master that already adds the user_id to the table and fills it. The grid still needs to be done. For that reason I have not added a new release yet.

TO DISCUSS

Ok, this is the last breaking change I want to get in for 0.2.

In addition change class to Module.php

Let me know your thoughts. Maybe it's not worth it to do this.

Hi Guys,

in bedezign\yii2-audit\Auditing.php line (126) you checking variable

$this->maxAuditAge !== null

but it should be

$this->maxAge !== null

unless i am wrong.

each panel can display its own summary (eg a count) that is displayed on the tab in the entry view page

add a log route to track log/trace information from the yii2 log

Sorry to bother you but I do not understand if I'm missing something.
The module is installed and it works, I see the data in the db.

First problem
I didn't understand how to call the RequestController via browser.
Do I need to move it to my controller directory or it is possible to call it like directly?

Second problem
Looking to the controller code and related views I saw that overview view is missing

i assume it's not even storing them, but not sure

At the moment cleanup is (optionally) run on 1/100 page requests.

This could be moved out of the request lifecycle and moved into a command so that it can be run via cron in the background.