Misago
  • Introduction
  • Setup
    • Create server on Digital Ocean
    • Point domain at your server
    • Setup Misago on your Server
    • Upgrading your Misago to latest version
  • Settings
    • Accessing settings
    • Static settings reference
    • Dynamic settings reference
  • Coding style
  • GDPR Compliance Guide
  • Social authentication
  • User rank styles
  • Category styles
  • User authentication
  • Writing new admin actions
  • Permissions framework
  • View decorators
  • Context processors
  • Frontend context
  • Audit trail
  • Forms
  • Cache
  • Sending mails
  • Markup
  • Posting process
  • Profile fields
  • Threads types
  • Extending pages
  • Validating registrations
  • Validators
  • Search filters
  • Template tags
  • Shortcuts
  • View errors
  • Locales
Powered by GitBook
On this page
  • Creating audit trail
  • GDPR concerns

Audit trail

PreviousFrontend contextNextForms

Last updated 6 years ago

Misago implements an feature that records user IP address on certain actions. This mechanism can be used for few purposes:

  • enables site staff to find and block IP addresses associated with abusive users

  • makes it easier to detect fraudent or deceptive activity like [sockpuppetry]())

Creating audit trail

The audit trail has been designed to be easy for developers to use in their code. In fact only things needed to create new audit trail are HttpRequest instance for signed in user and any Model instance.

Here is example code snippet that creates new audit trail connecting currently signed in user and some forum thread:

from misago.users.audittrail import create_audit_trail

def some_view(request):
    # code doing something with thread that we want to create audit trail for

    create_audit_trail(request, thread)

    # create some response and send it to client after our work is done
    return response

Note that you don't need to check for request.user.is_authenticated before using the create_audit_trail. If user is not signed in, the create_audit_trail will not create audit trail and will return None.

GDPR concerns

In light of GDPR the IP address and timestamp pair is considered personal data. Your privacy policy should inform your users that your site registers their IP address for purpose of protecting it from abuse, who has access to IP addresses registered and how long is this data stored.

Audit trails respect the MISAGO_IP_STORE_TIME setting, and are deleted by the deleteoldips management command if they are older than set store time.

audit trail
https://en.wikipedia.org/wiki/Sockpuppet_(Internet