View Issue Details

IDProjectCategoryView StatusLast Update
0008157mantisbtadministrationpublic2018-10-07 04:07
Reportergiallu Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status acknowledgedResolutionopen 
Summary0008157: User activity report
Description

In order to monitor suspicious activities (but I'm sure there are other purposes for this) it would be nice to have a page with a report for the given
user's activity; this should be an easy information to extract from the
history_table

TagsNo tags attached.

Relationships

related to 0004723 closeddaryn Add new capability to "My View".... "Issues I've added Notes To" 
related to 0020607 new Search on ticket activity / filterable audit log 
related to 0022584 new Improve user page 

Activities

giallu

giallu

2007-07-16 16:32

reporter   ~0015066

Excerpt from a chat with vboctor:

VB: I think that would be a good idea. We should have a link to that page
from the manage user page and eventually from the user profile page
when we have one
we should have a configurable threshold to access it.
This threshold should be defaulted to administrator. We should be
using the global access level of the user to validate against such
threshold.

Loki

Loki

2008-01-22 12:50

reporter   ~0016759

track login failure - username attempted and the IP
track deleted issue - need to know who deleted the issue and issue #

Thanks

jmunro

jmunro

2008-01-22 15:41

reporter   ~0016762

I vote for this :)

giallu

giallu

2008-03-07 13:50

reporter   ~0017285

I propose to start from what's available in Ubuntu Launchpad http://launchpad.ubuntu.org

Basically, each user has an activity page where it is possible to list bugs:

Assigned to the user
Commented by the user
Reported by the user
Subscribed by the user
All of the above

That page is reachable clicking on the username where it appears

vboctor

vboctor

2008-03-08 02:19

manager   ~0017290

The format of the page should be around the user and sorted in some chronological order, probably from newer actions to older actions. This feature can be turned ON/OFF, but also it should be possible to configure what is audited using an associative array. The events to audit should include:

  1. Report an issue
  2. Update an issue (what is considered an update?)
  3. Monitor/unmonitor
  4. Relationships
  5. Delete issue
  6. Add user
  7. Update user
  8. Delete user
  9. Same for projects, news, categories, versions, user access to projects, etc

A quick and dirty way to do the above is to log every Mantis page that the user visits in the database. Although simple and comprehensive, it is not user friendly and not as easy for a user to configure.

We should consider if this can be done as a plugin. I can see need for events on all actions that we need to audit, independent of this feature.

I also agree with the feature which warns the user about the number of login failures since last login.

giallu

giallu

2008-03-10 04:34

reporter   ~0017303

I'm not particularly fond of quick and dirty solutions, they always bite you in the long run ;)

I think we can avoid adding another table since we already have a good event logger with the history api, and that can be extended to cover additional events if we need it.

Actually, the things I listed (and most of the ones you listed) are already in the DB, we just need to aggregate the relevant info for some tables.

I'd start creating a page with the information available in the DB as of today, then we can extend the coverage later.

vboctor

vboctor

2008-03-10 12:15

manager   ~0017308

Sounds good giallu.

HanefeldJ

HanefeldJ

2012-07-16 09:13

reporter   ~0032343

Hi! Is there any progress on this issue?

atrol

atrol

2014-02-01 06:12

developer   ~0039268

Unassigned after having been assigned for a long time without progress.