Introduce a way to also permanently delete the sensitive info from the staff logs

It seems that the design of this feature was to remove the post data from the database completely. However, we find that the data is still in the database via the /admin/logs/staff_action_logs

We were trying to remove the post from the database completely to comply with local regulations. Is there a way to remove the post data from the staff_action_logs?

8 Likes

I don’t believe there is a way currently to do this from the UI. I think you would be able to delete the staff action itself through the rails console if you have access.

You can find the id for the staff action either by checking the staff logs json (/admin/logs/staff_action_logs.json) or using a data explorer query to give you a list to pick it from:

SELECT *
FROM user_histories
WHERE action = 17 --action code for 'delete post'
ORDER BY created_at DESC

And then using that id in the rails console:

UserHistory.where(id:[ID]).delete_all

Though, reading your ask more closely, I think you could overwrite the ‘details’ section instead of deleting the log with something like this:

UserHistory.where(id:[ID]).update(details:"permanently deleted")
7 Likes

Just a bump: our recent commit has enabled Discourse to automatically clean up sensitive log messages when they are permanently deleted.

Anyway, the log can be also deleted with rails c like this:

UserHistory.where(post_id: xxx).destroy_all
# or topic:
UserHistory.where(topic_id: xxx).destroy_all
1 Like

Are logs infinitive? If yes then GDPR dislike in matter of sensitive data in the meaning a person can be indetified. If no, then is enough to tell where data handling is explained how long backups are stored — but that time must be resonable.

But… sensitive is bit different thing that demands of GDPR. Bank account number is very sensitive, but no one can’t identify a person using that; in Finland anyway.

This looks like it will delete all user_histories records associated with the post or topic id, rather than overwrite just the details section or limit the destructive action to only the permanently deleted log?

Yes, this command is for people who want all logs related to a post/topic to completely disappear. :slightly_smiling_face:

1 Like