As part of our current line of improvements on PowerDNS on Rails, we needed to start auditing changes made through the interface to the DNS data. This is a logical step to opening the system up for more API based interaction, and implementing neat features like macros and temporary authentication tokens.
Auditing in Rails is not for the faint hearted. The Rails Recipes book has an example on how to do this with sweepers, and using the new ActiveRecord dirty object tracking can help ease the problem too. So after some investigation I found the brilliant acts_as_audited plugin by Brendon Keepers.
After playing with it, I realised one short coming. This is very much a problem specifically for PowerDNS on Rails, but after some thought I realized it could be applied to other auditing challenges as well.
Enter parent record tracking
I forked the original project on github, and started hacking. Not too long after I came up with this:
class Author < ActiveRecord::Base has_many :books end class Book < ActiveRecord::Base belongs_to :author acts_as_audited :parent => :author end
Using the sweepers is also possible, like this:
class Application < ApplicationController::Base audit Author, Book, :parents => { Book= > :author } end
As contrived as it can be, it allows us to track all the changes to books by a specific author. In the DNS world this allows us to easily access all changes made to the records of a particular domain, and it becomes very valuable. It becomes even more valuable when you need to start tracking deleted records.
Pull requests were sent to the network, hopefully they get accepted and I can remove my repo again.
Looking forward?
This was a relatively small step forward for the plugin, but opens a lot of possiblities for the host applications, like PowerDNS on Rails. In any ISP environment audits are extremely important, especially when clients start gaining limited access to the backend systems…
Why Controller-level auditing? It seems like the wrong place to put this functionality. Sweepers were intended for something else, and using them in this manner just seems… “hacky”.
I’ve implemented my own model-level auditing using Observers, with a much better result.
Sweepers give you the best o both worlds, they act exactly like Observers so you can attach them to models, but they can also tap into the environment where the action was performed.
This is how we can access the access the user that made the change, and even go as far as recording the IP address and other information as needs be.
I agree with you its hacky, and the Rails Recipe that originally gave the solution also admits it.
But then again, Ruby in itself allows for all hacky-ness we’ll ever need and we might as well extort this functionality as long as its well tested and documented.
[...] acts_as_audited gains parent record tracking | Open Sourcery – [...]