Es ist etwas knifflig/gefährlich, Dinge basierend auf dem Benutzernamen zu entfernen, daher habe ich mich dafür entschieden, stattdessen die gesamten Felder context und details durch die Nachricht [removed due to user anonymization] zu ersetzen
main ← fix-anonymizer-historical-logs
opened 12:50PM - 01 Jan 26 UTC
When `log_anonymizer_details` is disabled, the anonymization process correctly a… voids recording the old username in the new "anonymize_user" log entry. However, historical staff action logs created before anonymization (like "check_email") could still contain the original username in fields like `context` or `previous_value`, making it possible to link an anonymized user back to their original identity.
For example, when an admin views a user's email from `/admin/users/123/johndoe`, the staff action log stores that URL path in the `context` field. After anonymization, this path still contains "johndoe", defeating the purpose of the setting.
This fix passes the original username to the AnonymizeUser background job, which now scrubs any historical UserHistory records that contain the username. Rather than attempting error-prone string replacement, affected fields are replaced with "[removed due to user anonymization]" to make it clear why the data is missing while preserving the audit trail.
Ref - https://meta.discourse.org/t/387500
3 „Gefällt mir“