-
-
Notifications
You must be signed in to change notification settings - Fork 216
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add UserAudit for user activation and deactivation #35134
base: master
Are you sure you want to change the base?
Conversation
🔍 Existing Issues For ReviewYour pull request is modifying functions with the following pre-existing issues: 📄 File: corehq/apps/sso/backends.py
📄 File: corehq/apps/sso/tasks.py (Click to Expand)
Did you find this useful? React with a 👍 or 👎 |
Just verifying, did you discuss this change with product? Visibility into information that isn't "owned" by the domain is a grey area. |
@orangejenny Hi Jenny, I haven't. I will ask in gtd-product. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just verifying, did you discuss this change with product? Visibility into information that isn't "owned" by the domain is a grey area.
Yup. The report should not show data not "owned" by the domain i.e data that is not relevant to the project.
You could show the web user's membership activated/deactivated only for that domain.
Definitely to be discussed with product before continuing with this.
Product Description
As a follow up for SSO work, when we auto-deactivate web user, or when web user get reactivated, those action should be logged for future reference and for easy debug.
But UserHistory report still miss some records:
Those auto-deactivation and reactivation actually won't have a
for-domain
orby-domain
property, because they're operated at user level not domain level.UserHistory report only shows record that are for current domain, I made the change so we can see record for current domain and for no specific domain.
auto-deactivation is not changed by any user but system; deactivation and reactivation can also be triggered by a super user, we want to include those records in UserHistory report too. However, UserHistory report will exclude records whose
changed_by_user
property is not from the current domain, I removed that restriction.Technical Summary
Ticket: https://dimagi.atlassian.net/browse/SAAS-15968
Feature Flag
The change is specific to
user_history_report
flag.wiki: https://dimagi.atlassian.net/wiki/spaces/saas/pages/2146603609/User+History+Report
Safety Assurance
Safety story
The change is behind the feature flag, and this feature flag is for internal use.
It is tested heavily on staging because I use it to debug the sso issue.
Automated test coverage
QA Plan
No QA
Rollback instructions
Labels & Review