Plugin Directory Admin: Consider an audit log for plugin changes

[dd32]

Currently the plugin directory has very little logging of changes which occur to plugins, adding an audit logging plugin or functionality could potentially greatly ease the review of plugins in the future, answering questions such as

• When was this first published?
• When was this closed, and why
• When did OtherUser get added to this plugin as a committer?
• Who marked this plugin as approved, or reviewed and ready for approval? (For future when we have multiple reviewers)

Many of these questions can be determined already by looking at raw data, but not much of it is reflected in the UI and available to reviewers.

Actions which could be logged include

• Plugin Submitted, by whom & when
• Plugin Approved, by whom & when
• Plugin Committer added/removed, by whom & when
• Plugin Closed, by whom, when and for what reason (Replacing internal comments to a degree)
• General free-text comment on the plugin (Replacing internal comments all together)

A general use-case for where this would be useful - I just performed a bunch of automated actions on plugins, and a new plugin suddenly came up in the list. It took me a few minutes to determine if someone had approved it, or I'd mixed up a conditional and accidentally approved a plugin. Turned out that the author had just made their first commit and the plugin had moved from approved to publish.

[ocean90]

Assuming that each log entry is a post of a new CPT, we might want to use this also for the internal notes stuff to be able to remove some of the hacks we had and still have to implement.

[dd32]

Replying to ocean90:

Assuming that each log entry is a post of a new CPT, we might want to use this also for the internal notes stuff to be able to remove some of the hacks we had and still have to implement.

That's my idea - the internal notes is really still only cobbled together and needs a bunch of work.
I'd suggest we use something off-the-shelf instead of writing our own though, if it's stored as a CPT great, if it's a custom table, that's fine too. ​https://wordpress.org/plugins/search/audit%20log has a few plugins which look promising.

[Ipstenu]

#2663 was marked as a duplicate.

[Ipstenu]

Closed #2663 so we only have one ticket :) Original post:

It would make a mod's life easier if we had audit logs. Not for everything but for things like this:

• Approved by X on DATE
• Closed by X on DATE

That way we'd know who did what and could go ask what was going on :)

[Ipstenu]

List of what needs tracking. These should record userID and timestamp.

Admin Tasks

• Approval
• Pended
• Rejected
• Closure/Disabled (and why - based on the dropdown)
• Reopened
• Changed Owner

Plugin Dev Tasks

• Add/Remove committer

Some of this could be made 'public' and shown on the plugin's advanced page. I'm going to finish up and post on make/plugins my idea for a plugin admin dashboard...

[Ipstenu]

All of these are now automated in the plugin internal comments:

• Plugin Submitted, by whom & when
• Plugin Approved, by whom & when
• Plugin Closed, by whom, when and for what reason (Replacing internal comments to a degree)
• General free-text comment on the plugin (Replacing internal comments all together)

Also we have:

• Plugin owner changed, by whom & when

Do we need a different way to track those?

This is not logged at the moment:

• Plugin Committer added/removed, by whom & when

[dd32]

In 9682:

Plugin Directory: Add audit log entries for plugin committer/support reps addition/removal.

Fixes #2717.

[dd32]

In 9684:

Plugin Directory: Change over final audit_log() that was missed in [9682]

See #2717.