2014-12-18 19:30 EST

View Issue Details Jump to Notes ] Wiki ]
IDProjectCategoryView StatusLast Update
0008157mantisbtadministrationpublic2014-02-01 06:12
Reportergiallu 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusacknowledgedResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0008157: User activity report
DescriptionIn order to monitor suspicious activities (but I'm sure there are other purposes for this) it would be nice to have a page with a report for the given
user's activity; this should be an easy information to extract from the
history_table
TagsNo tags attached.
Attached Files

- Relationships
related to 0004723closeddaryn Add new capability to "My View".... "Issues I've added Notes To" 
+ Relationships

-  Notes
User avatar

~0015066

giallu (developer)

Excerpt from a chat with vboctor:

VB: I think that would be a good idea. We should have a link to that page
from the manage user page and eventually from the user profile page
when we have one
we should have a configurable threshold to access it.
This threshold should be defaulted to administrator. We should be
using the global access level of the user to validate against such
threshold.
User avatar

~0016759

Loki (reporter)

track login failure - username attempted and the IP
track deleted issue - need to know who deleted the issue and issue #

Thanks
User avatar

~0016762

jmunro (reporter)

I vote for this :)
User avatar

~0017285

giallu (developer)

I propose to start from what's available in Ubuntu Launchpad http://launchpad.ubuntu.org [^]

Basically, each user has an activity page where it is possible to list bugs:

Assigned to the user
Commented by the user
Reported by the user
Subscribed by the user
All of the above

That page is reachable clicking on the username where it appears
User avatar

~0017290

vboctor (administrator)

The format of the page should be around the user and sorted in some chronological order, probably from newer actions to older actions. This feature can be turned ON/OFF, but also it should be possible to configure what is audited using an associative array. The events to audit should include:

1. Report an issue
2. Update an issue (what is considered an update?)
3. Monitor/unmonitor
4. Relationships
5. Delete issue
6. Add user
7. Update user
8. Delete user
9. Same for projects, news, categories, versions, user access to projects, etc

A quick and dirty way to do the above is to log every Mantis page that the user visits in the database. Although simple and comprehensive, it is not user friendly and not as easy for a user to configure.

We should consider if this can be done as a plugin. I can see need for events on all actions that we need to audit, independent of this feature.

I also agree with the feature which warns the user about the number of login failures since last login.
User avatar

~0017303

giallu (developer)

I'm not particularly fond of quick and dirty solutions, they always bite you in the long run ;)

I think we can avoid adding another table since we already have a good event logger with the history api, and that can be extended to cover additional events if we need it.

Actually, the things I listed (and most of the ones you listed) are already in the DB, we just need to aggregate the relevant info for some tables.

I'd start creating a page with the information available in the DB as of today, then we can extend the coverage later.
User avatar

~0017308

vboctor (administrator)

Sounds good giallu.
User avatar

~0032343

HanefeldJ (reporter)

Hi! Is there any progress on this issue?
User avatar

~0039268

atrol (developer)

Unassigned after having been assigned for a long time without progress.
+  Notes

- Issue History
Date Modified Username Field Change
2007-07-16 16:29 giallu New Issue
2007-07-16 16:32 giallu Note Added: 0015066
2007-07-16 22:42 vboctor Status new => acknowledged
2007-08-23 04:26 giallu Relationship added related to 0004723
2008-01-22 12:50 Loki Note Added: 0016759
2008-01-22 15:41 jmunro Note Added: 0016762
2008-03-07 13:50 giallu Note Added: 0017285
2008-03-08 02:19 vboctor Note Added: 0017290
2008-03-10 04:34 giallu Note Added: 0017303
2008-03-10 12:15 vboctor Note Added: 0017308
2008-04-25 10:24 daryn Status acknowledged => assigned
2008-04-25 10:24 daryn Assigned To => daryn
2012-07-16 09:13 HanefeldJ Note Added: 0032343
2014-02-01 06:12 atrol Note Added: 0039268
2014-02-01 06:12 atrol Assigned To daryn =>
2014-02-01 06:12 atrol Status assigned => acknowledged
+ Issue History