Browse Source

Record PaperTrail whodunnit for console users on production (#855)

This will allow us to audit who has made changes in the console to audited records.
pull/856/head
James Rose 2 years ago committed by GitHub
parent
commit
1d90a63dda
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 16
      config/environments/production.rb

16
config/environments/production.rb

@ -131,4 +131,20 @@ Rails.application.configure do
# see https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017 # see https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
config.active_record.yaml_column_permitted_classes = [Time] config.active_record.yaml_column_permitted_classes = [Time]
# From https://github.com/paper-trail-gem/paper_trail/wiki/Setting-whodunnit-in-the-rails-console
console do
PaperTrail.request.whodunnit = lambda {
@paper_trail_whodunnit ||= begin
email = nil
until email.present?
# rubocop:disable Rails/Output
puts "Enter your email address for PaperTrail"
# rubocop:enable Rails/Output
email = gets.chomp
end
email
end
}
end
end end

Loading…
Cancel
Save