AO3-7307 Created Resque job to clean up old user audits

app/jobs/audits_cleanup_job.rb

@@ -0,0 +1,42 @@
+class AuditsCleanupJob < ApplicationJob
+  DELETE_LIMIT = 10_000
+
+  queue_as :utilities
+
+  def self.perform
+    preserve_usernames = AdminSetting.current.preserve_audit_records_usernames&.split(/,\s*/) || []
+    preserve_user_ids = User.where(login: preserve_usernames).select(:id).map(&:id)
+
+    query = Audited.audit_class.where("0")
+
+    if ArchiveConfig.USER_KEEP_AUDIT_UPDATES_DAYS > -1
+      query = query.or(
+        Audited.audit_class.where(
+          auditable_type: "User",
+          action: "update",
+          created_at: ..ArchiveConfig.USER_KEEP_AUDIT_UPDATES_DAYS.days.ago
+        ).and(
+          Audited.audit_class.where.not(
+            auditable_id: preserve_user_ids
+          )
+        )
+      )
+    end
+
+    if ArchiveConfig.USER_KEEP_AUDIT_CREATES_DESTROYS_DAYS > -1
+      query = query.or(
+        Audited.audit_class.where(
+          auditable_type: "User",
+          action: %w[create destroy],
+          created_at: ..ArchiveConfig.USER_KEEP_AUDIT_CREATES_DESTROYS_DAYS.days.ago
+        ).and(
+          Audited.audit_class.where.not(
+            auditable_id: preserve_user_ids
+          )
+        )
+      )
+    end
+
+    query.limit(DELETE_LIMIT).delete_all
+  end
+end

app/models/admin_setting.rb

@@ -19,6 +19,7 @@ class AdminSetting < ApplicationRecord
     invite_from_queue_frequency: ArchiveConfig.INVITE_FROM_QUEUE_FREQUENCY,
     account_creation_enabled?: ArchiveConfig.ACCOUNT_CREATION_ENABLED,
     days_to_purge_unactivated: 2,
+    preserve_audit_records_usernames: nil,
     suspend_filter_counts?: false,
     enable_test_caching?: false,
     cache_expiration: 10,

app/policies/admin_setting_policy.rb

@@ -5,6 +5,7 @@ class AdminSettingPolicy < ApplicationPolicy
   # Define which roles can update which settings.
   ALLOWED_SETTINGS_BY_ROLES = {
     "policy_and_abuse" => %i[
+      preserve_audit_records_usernames
       hide_spam
       invite_from_queue_enabled
       invite_from_queue_number
@@ -16,6 +17,7 @@ class AdminSettingPolicy < ApplicationPolicy
       cache_expiration
       creation_requires_invite
       days_to_purge_unactivated
+      preserve_audit_records_usernames
       disable_support_form
       disabled_support_form_text
       downloads_enabled

app/views/admin/settings/index.html.erb

@@ -28,6 +28,9 @@
 
       <dt><%= f.label :days_to_purge_unactivated, t(".fields.days_to_purge_unactivated") %></dt>
       <dd><%= admin_setting_text_field(f, :days_to_purge_unactivated, size: "3") %></dd>
+
+      <dt><%= f.label :preserve_audit_records_usernames, t(".fields.preserve_audit_records_usernames") %></dt>
+      <dd><%= admin_setting_text_field(f, :preserve_audit_records_usernames, size: "20") %></dd>
     </dl>
   </fieldset>
 

config/config.yml

@@ -247,6 +247,12 @@ TAGGINGS_COUNT_REINDEX_LIMIT: 1000
 # How many rows we should get from audits for backfilling user history tables
 USER_HISTORIC_VALUES_LIMIT: 10_000
 
+# How many days should we keep user update audit records. Set to -1 to keep forever
+USER_KEEP_AUDIT_UPDATES_DAYS: 1460
+
+# How many days should we keep user create and destroy audit records. Set to -1 to keep forever
+USER_KEEP_AUDIT_CREATES_DESTROYS_DAYS: -1
+
 # how many signups in a challenge before we move to static summaries generated hourly
 MAX_SIGNUPS_FOR_LIVE_SUMMARY: 20
 

config/locales/views/en.yml

@@ -406,6 +406,7 @@ en:
           invite_from_queue_enabled: Invite from queue enabled (People can add themselves to the queue and invitations are sent out automatically)
           invite_from_queue_frequency: How often (in hours) should we invite people from the queue
           invite_from_queue_number: Number of people to invite from the queue at once
+          preserve_audit_records_usernames: Preserve audit records for these usernames (comma separated)
           request_invite_enabled: Users can request invitations
           suspend_filter_counts: Suspend some filter tracking due to high posting volume
           tag_wrangling_off: Turn off tag wrangling for non-admins

config/resque_schedule.yml

@@ -122,3 +122,9 @@ disable_admin_post_comments:
   description: >-
     Disables all comments on admin (news) posts older than the
     configured window.
+
+cleanup_audits:
+  cron: "0 0 1 * *"
+  class: AuditsCleanupJob
+  queue: utilities
+  description: Deletes user audit records older than the configured limit.

db/migrate/20260506200220_add_preserve_audit_records_usernames_admin_setting.rb

@@ -0,0 +1,5 @@
+class AddPreserveAuditRecordsUsernamesAdminSetting < ActiveRecord::Migration[8.1]
+  def change
+    add_column :admin_settings, :preserve_audit_records_usernames, :string
+  end
+end

spec/jobs/audits_cleanup_job_spec.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+
+def create_audits(user)
+  user.audits.delete_all
+
+  user.audits.create!(action: "create", auditable: user, user: user, auditable_id: user.id,
+                      auditable_type: "User", audited_changes: user.to_json,
+                      created_at: (ArchiveConfig.USER_KEEP_AUDIT_CREATES_DESTROYS_DAYS + 1).days.ago)
+
+  user.audits.create!(action: "update", auditable: user, user: user, auditable_id: user.id,
+                      auditable_type: "User", audited_changes: { "sign_in_count" => [0, 1] },
+                      created_at: (ArchiveConfig.USER_KEEP_AUDIT_UPDATES_DAYS + 1).days.ago)
+
+  user.audits.create!(action: "update", auditable: user, user: user, auditable_id: user.id,
+                      auditable_type: "User", audited_changes: { "sign_in_count" => [1, 2] },
+                      created_at: Time.now.utc)
+
+  user.audits.create!(action: "destroy", auditable: user, user: user, auditable_id: user.id,
+                      auditable_type: "User", audited_changes: user.to_json,
+                      created_at: Time.now.utc)
+end
+
+describe AuditsCleanupJob do
+  let(:existing_user) { create(:user) }
+  let(:no_cleanup_user) { create(:user) }
+
+  before do
+    ArchiveConfig.USER_KEEP_AUDIT_UPDATES_DAYS = 30
+    ArchiveConfig.USER_KEEP_AUDIT_CREATES_DESTROYS_DAYS = 30
+  end
+
+  context "when old audits exist" do
+    before do
+      create_audits(existing_user)
+    end
+
+    it "deletes audit records older than the configured limits" do
+      AuditsCleanupJob.perform
+      expect(existing_user.audits.count).to eq(2)
+    end
+
+    it "doesn't delete 'update' audit records when configured limit is -1" do
+      ArchiveConfig.USER_KEEP_AUDIT_UPDATES_DAYS = -1
+      AuditsCleanupJob.perform
+      expect(existing_user.audits.where(action: "update").count).to eq(2)
+    end
+
+    it "doesn't delete 'create' or 'destroy' audit records when configured limit is -1" do
+      ArchiveConfig.USER_KEEP_AUDIT_CREATES_DESTROYS_DAYS = -1
+      AuditsCleanupJob.perform
+      expect(existing_user.audits.where(action: %w[create destroy]).count).to eq(2)
+    end
+  end
+
+  context "when audits exist for protected users" do
+    before do
+      admin_setting = AdminSetting.default
+      admin_setting.preserve_audit_records_usernames = [no_cleanup_user.login, "non_existing_user"].join(", ")
+      admin_setting.save(validate: false)
+
+      create_audits(existing_user)
+      create_audits(no_cleanup_user)
+    end
+
+    it "doesn't delete audit records for users whose usernames are in preserve_audit_records_usernames admin setting" do
+      AuditsCleanupJob.perform
+      expect(no_cleanup_user.audits.count).to eq(4)
+    end
+
+    it "does delete audit records for users whose username are not in preserve_audit_records_usernames admin setting" do
+      AuditsCleanupJob.perform
+      expect(existing_user.audits.count).to eq(2)
+    end
+  end
+end