mahara-contributors team mailing list archive

["Jiri Baum \(Catalyst\)" <jiri@xxxxxxxxxxxxxxx>]

PS - the logging information does include events for beginning of
masquerading session (patch 1940 adds this event type), so the
masquerading session report just summarises those events from the log.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1027574

Title:
  Improve logging of what admins do while masqueraded

Status in Mahara ePortfolio:
  Triaged

Bug description:
  Loginas is a great feature for admins to check permissiosn as a
  special user.  In several environments its seen very critical because
  admins can change anything as the user who is logged in.  Its not
  documented that the  changes are not done by the user and the admin
  did them.

  It makes ot of sense to document that an admin changed anything in the name of the user.  I've two ideas how to do this:
  1. mark all changs in the interface as "changed by admin [name of admin] [date and time] of change".
  2. write changes done by admin when logged in as a user into a seperate database and create a report page that shows this database information sortable by date, user and admin who made changes. This  report should include: 
  - date and time of login as
  - date and time when login as was finished
  - did admin make changes in the name of the user?
  - who logged in as other user (name of admin)
  - login as which user [name of user]
  - where was change done [URL]
  - old entry from user
  - changed and stored new entry by admin

  The report should only by accessible for site admins.
  The report should be downloadable.
  If files were added or deleted or renamed the information should be included but notthe file istself.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1027574/+subscriptions