Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Audit log Users

Description

When details of a user are updated/modified the system should log the change, date and user that made the change. This should happen for any field in the user object. Similar to the pattern outlined for facilities here.

Javers is currently enabled in the service, available for audit logging of entities. Turn on audit logging for the User entity by attaching Javers annotations to the entity class and its corresponding repository class.

Scope In:

  • modifications to user details (name, email, etc.)

  • Modifications to home facility

  • loginRestricted

  • timezone

Scope out:

  • this does not include the ability to view the audit log table through the UI

  • does not include the associations between users and roles.

Acceptance Criteria

  • Every change made in the UI or by upload to the User object (see Scope In) is logged in the system

  • Each change should be tracked and tied to a date/user that made the change

  • Provide a basic API endpoint to see the full audit log for a specific user (/api/users/<id>/auditLog); see /api/facilities/<id>/auditLog for a pattern

Background : https://openlmis.atlassian.net/wiki/display/OP/Audit+Logging+of+State+Changes

  • Admin can create and edit all user details (Username, email, firstname, lastname, loginrestricted)

  • Admin can add and remove Home Facility (affects Supervision role program assignments)

Looking forward, need to create another ticket for role assignment

Confluence content

mentioned on

QAlity Plus - Test Management

Checklists

Activity

Show:
Lucyna Laska
May 22, 2017 at 5:51 AM

All acceptance criteria are met. When details of a user are updated/modified the system logs the change, date and user that made the change.

Nikodem Graczewski
May 19, 2017 at 1:37 PM

I've simply updated swagger description. Any other action would probably result in contract breakage.

Lucyna Laska
May 19, 2017 at 12:54 PM

Okay, one only one parameter left.

However, I noticed another thing. The author parameter accepts the userID but description says "Name of the author of changes which should be returned. By default, all changes are returned regardless of author." In the response body I see, that the ID of author is displayed. Could you change the type of "author" parameter and modify the description?

Lucyna Laska
May 19, 2017 at 10:18 AM

In Swagger, two the same parameters are available: id and userId. Could you please remove one of them?

Mary Jo Kochendorfer
April 27, 2017 at 3:48 PM

For now, password resetting and role assignments are out of scope.

Done
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Story Points

Original estimate

Time tracking

2d 5h 30m logged2d 2h 30m remaining

Components

Sprint

None

Fix versions

Priority

Time Assistant

Created April 18, 2017 at 9:33 PM
Updated May 24, 2017 at 11:01 AM
Resolved May 22, 2017 at 5:51 AM