Merged
Conversation
pmvenegas
commented
Apr 14, 2026
Comment on lines
+277
to
+289
| Audit::Logger.log(:moderator, @current_user, { | ||
| "action" => "add_spam_role_to_user", | ||
| "controller" => params[:controller], | ||
| "target_user_id" => @target_user.id | ||
| }) | ||
| when :delete | ||
| manager = Moderator::ManageActivityAndRoles.new(admin: @current_user, user: @target_user, user_params: {}) | ||
| manager.handle_user_status("Good standing", "Set in good standing from user profile") | ||
| payload = { action: "remove_spam_role_from_user", target_user_id: params[:id] } | ||
| Audit::Logger.log(:admin, @current_user, payload) | ||
| Audit::Logger.log(:moderator, @current_user, { | ||
| "action" => "remove_spam_role_from_user", | ||
| "controller" => params[:controller], | ||
| "target_user_id" => @target_user.id | ||
| }) |
Contributor
Author
There was a problem hiding this comment.
Moved to :moderator for visibility as :admin is not being subscribed to at the moment, made actions consistent, and added the controller param for consistency with other logs.
5f96535 to
2bc0f5d
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Adds richer, filterable audit logging for moderator/admin actions and surfaces those logs in the Admin Member Manager user details page.
Changes:
- Added an “Audit Log” tab to
Admin::UsersController#show, with filters for actions by the user vs actions on the user. - Introduced
AuditLog.on_userto find logs where a given user is the action target (including legacyreactable_*-style entries). - Added/updated audit logging payloads across admin/moderator controllers and added request/model specs to validate log creation and tab behavior.
Reviewed changes
Copilot reviewed 19 out of 19 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| spec/requests/admin/users_spec.rb | Adds request specs for audit log creation + audit log tab rendering/filtering/pagination. |
| spec/requests/admin/organizations_verified_spec.rb | Adds request spec ensuring organization verification updates create audit logs. |
| spec/requests/admin/organizations_spec.rb | Adds request spec ensuring org credit updates create audit logs. |
| spec/requests/admin/organizations_org_features_spec.rb | Adds request spec ensuring org feature toggles create audit logs. |
| spec/requests/admin/organizations_fully_trusted_spec.rb | Adds request spec ensuring fully trusted updates create audit logs. |
| spec/requests/admin/organizations_baseline_score_spec.rb | Adds request spec ensuring baseline score updates create audit logs. |
| spec/models/audit_log_spec.rb | Adds model specs for the new .on_user scope behavior. |
| config/locales/views/admin/en.yml | Adds i18n strings for the new Audit Log tab/filters/table headings. |
| config/locales/views/admin/fr.yml | Adds i18n strings for the new Audit Log tab/filters/table headings. |
| config/locales/views/admin/pt.yml | Adds i18n strings for the new Audit Log tab/filters/table headings. |
| app/views/admin/users/show/audit_log/_index.html.erb | New UI partial to render filtered/paginated audit logs. |
| app/views/admin/users/show/_tabs.html.erb | Adds the new “Audit Log” tab link. |
| app/views/admin/users/show.html.erb | Renders the audit log partial when the audit_log tab is selected. |
| app/models/audit_log.rb | Adds scope :on_user for “actions taken on this user” filtering. |
| app/lib/constants/user_details.rb | Adds AuditLog to the allowed tab list. |
| app/controllers/users_controller.rb | Updates spam toggle auditing to use :moderator and descriptive payload keys. |
| app/controllers/admin/users_controller.rb | Adds set_audit_logs + logs for additional member manager actions with target keys. |
| app/controllers/admin/subforem_moderators/moderators_controller.rb | Adds audit logging for subforem moderator add/remove. |
| app/controllers/admin/organizations_controller.rb | Adds audit logging for org credit/verified/fully_trusted/baseline_score/feature updates. |
benhalpern
reviewed
Apr 14, 2026
benhalpern
reviewed
Apr 14, 2026
Contributor
benhalpern
left a comment
There was a problem hiding this comment.
Looks good overall. There are some copilot suggestions you can consider and I made one comment, maybe give it a final pass and use your judgment on the tradeoffs of handling all edge cases vs simplicity and performance and it should be good to go.
5b39c1f to
f3876ed
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this? (check all applicable)
Description
Added a new tab showing audit logs for a user in Member Manager (Admin::UsersController#show). Logs for actions taken by the user and actions taken on the user are viewable separately.
Added audit logging for moderator/admin actions and used descriptive keys for easier log consumption/filtering, i.e. target_user_id, subforem_id, target_organization_id.
NOTES:
There are audit logs for user-specific actions that only log plain ActionParams data (params.dup where user identifier is "id"), making it unreliable for filtering users, so these are not surfaced for now. Bulk data migration should be considered for these records (conditional on controller/action, which are also recorded), and future audit logging should use specific keys like target_user_id.
target_user_id is currently stored as both a string and an integer, so queries must account for both types. We should look into standardizing the data type and performing a migration to clean up legacy records.
The :admin channel is not subscribed (in config/initializers/audit_events.rb), so no logs are created for it. Many current admin actions use :moderator, so the introduced changes use :moderator for consistency. More through review of AuditLog channels is needed if we want to distinguish admin and moderator actions.
Related Tickets & Documents
QA Instructions, Screenshots, Recordings
UI Changes are limited to the Admin Member Manager section.
Added/updated tests?
We encourage you to keep the code coverage percentage at 80% and above.
have not been included
[optional] Are there any post deployment tasks we need to perform?
None.