Audit trail
Misago implements an audit trail feature that records user IP address on certain actions. This mechanism can be used for few purposes:
- enables site staff to find and block IP addresses associated with abusive users
- makes it easier to detect fraudent or deceptive activity like [sockpuppetry](https://en.wikipedia.org/wiki/Sockpuppet_(Internet))
The audit trail has been designed to be easy for developers to use in their code. In fact only things needed to create new audit trail are
HttpRequest instance for signed in user and any Model instance.Here is example code snippet that creates new audit trail connecting currently signed in user and some forum thread:
from misago.users.audittrail import create_audit_trail
def some_view(request):
# code doing something with thread that we want to create audit trail for
create_audit_trail(request, thread)
# create some response and send it to client after our work is done
return response
Note that you don't need to check for
request.user.is_authenticated before using the create_audit_trail. If user is not signed in, the create_audit_trail will not create audit trail and will return None.In light of GDPR the IP address and timestamp pair is considered personal data. Your privacy policy should inform your users that your site registers their IP address for purpose of protecting it from abuse, who has access to IP addresses registered and how long is this data stored.
Audit trails respect the
MISAGO_IP_STORE_TIME setting, and are deleted by the deleteoldips management command if they are older than set store time.Last modified 4yr ago