Il est un peu délicat/dangereux de supprimer des éléments en se basant sur le nom d’utilisateur, j’ai donc choisi de remplacer les champs context et details entiers par un message [supprimé en raison de l'anonymisation de l'utilisateur]
main ← fix-anonymizer-historical-logs
opened 12:50PM - 01 Jan 26 UTC
When `log_anonymizer_details` is disabled, the anonymization process correctly a… voids recording the old username in the new "anonymize_user" log entry. However, historical staff action logs created before anonymization (like "check_email") could still contain the original username in fields like `context` or `previous_value`, making it possible to link an anonymized user back to their original identity.
For example, when an admin views a user's email from `/admin/users/123/johndoe`, the staff action log stores that URL path in the `context` field. After anonymization, this path still contains "johndoe", defeating the purpose of the setting.
This fix passes the original username to the AnonymizeUser background job, which now scrubs any historical UserHistory records that contain the username. Rather than attempting error-prone string replacement, affected fields are replaced with "[removed due to user anonymization]" to make it clear why the data is missing while preserving the audit trail.
Ref - https://meta.discourse.org/t/387500
3 « J'aime »