Es un poco complicado/peligroso eliminar cosas basándose en el nombre de usuario, así que opté por reemplazar los campos completos de contexto y detalles con un mensaje de [eliminado debido a la anonimización del usuario]
main ← fix-anonymizer-historical-logs
opened 12:50PM - 01 Jan 26 UTC
When `log_anonymizer_details` is disabled, the anonymization process correctly a… voids recording the old username in the new "anonymize_user" log entry. However, historical staff action logs created before anonymization (like "check_email") could still contain the original username in fields like `context` or `previous_value`, making it possible to link an anonymized user back to their original identity.
For example, when an admin views a user's email from `/admin/users/123/johndoe`, the staff action log stores that URL path in the `context` field. After anonymization, this path still contains "johndoe", defeating the purpose of the setting.
This fix passes the original username to the AnonymizeUser background job, which now scrubs any historical UserHistory records that contain the username. Rather than attempting error-prone string replacement, affected fields are replaced with "[removed due to user anonymization]" to make it clear why the data is missing while preserving the audit trail.
Ref - https://meta.discourse.org/t/387500
3 Me gusta