Yii Audit Module

Features

Visitor Request Tracking

• Track site activity including everything you need to know about the request.
• The error handler will automatically create an AuditRequest record for each visitor hit.
• When the application ends it will update the AuditRequest with memory and time information.

Tracks the following information:

• Links - Requested URL, referring URL, redirecting to URL (read from the headers at the end of the application)
• User - Visitors IP Address and logged in user's ID
• Superglobals - ($_GET/$_POST/$_SESSION/$_FILES/$_COOKIE), the arrays are serialized then compressed using gzip
• Timers - Start and end times of the application
• Memory - Memory usage and peak memory usage

Model Field Tracking

• Tracks the old and new values each time your model is saved.
• Behavior can easily be attached to any model you want to track field changes.
• Each field change is related to an AuditRequest so you can see the entire state of the visitors action.
• Performs multiple inserts in a single query with CDbCommandBuilder::createMultipleInsertCommand().
• Provides views that can be rendered into your application to show changed fields for your model.

Error Tracking

• Full error stack dump is saved, even in live mode.
• Catches all errors, including fatal errors.
• View all the collected data from the module interface.
• Each error is related to an AuditRequest so you can see the entire state of the visitors action.

Log Tracking

• Save logs to your database for easy real-time debugging or for checking on historical logs.
• Each log is related to an AuditRequest so you can see the entire state of the visitors action.

Screenshots

Module Homepage

Request List

Request View

Field List

Field View

Error List

Error View

Log List

Log View

Installation

Please download using ONE of the following methods:

Composer Installation

All requirements are automatically downloaded into the correct location when using composer. There is no need to download additional files or set paths to third party files.

Get composer:

curl http://getcomposer.org/installer | php

Install latest release OR development version:

php composer.phar require cornernote/yii-audit-module:*            // latest release
php composer.phar require cornernote/yii-audit-module:dev-master    // development version

Add the vendor folder to the aliases in your yii configuration:

return array(
    'aliases' => array(
        'vendor' => '/path/to/vendor',
    ),
);

Manual Installation

Download the latest release or development version and move the audit folder into your protected/modules folder.

In addition the following are required:

• YiiStrap for the interface elements. Please follow their Getting Started guide to setup the aliases and components for your application.

Configuration

Add the audit folder to the aliases in your yii configuration:

return array(
    'aliases' => array(
        'audit' => '/path/to/vendor/cornernote/yii-audit-module/audit',
    ),
);

Add AuditModule to the modules in your yii configuration:

return array(
    'modules' => array(
        'audit' => array(
            // path to the AuditModule class
            'class' => 'audit.AuditModule',

            // set this to your user view url,
            // AuditModule will replace --user_id-- with the actual user_id
            'userViewUrl' => array('/user/view', 'id' => '--user_id--'),

            // Set to false if you do not wish to track database audits.
            'enableAuditField' => true,

            // The ID of the CDbConnection application component. If not set, a SQLite3
            // database will be automatically created in protected/runtime/audit-AuditVersion.db.
            'connectionID' => 'db',

            // Whether the DB tables should be created automatically if they do not exist. Defaults to true.
            // If you already have the table created, it is recommended you set this property to be false to improve performance.
            'autoCreateTables' => true,

            // The layout used for module controllers.
            'layout' => 'audit.views.layouts.column1',

            // The widget used to render grid views.
            'gridViewWidget' => 'bootstrap.widgets.TbGridView',

            // The widget used to render detail views.
            'detailViewWidget' => 'zii.widgets.CDetailView',

            // Defines the access filters for the module.
            // The default is AuditAccessFilter which will allow any user listed in AuditModule::adminUsers to have access.
            'controllerFilters' => array(
                'auditAccess' => array('audit.components.AuditAccessFilter'),
            ),

            // A list of users who can access this module.
            'adminUsers' => array('admin'),

            // The path to YiiStrap.
            // Only required if you do not want YiiStrap in your app config, for example, if you are running YiiBooster.
            // Only required if you did not install using composer.
            // Please note:
            // - You must download YiiStrap even if you are using YiiBooster in your app.
            // - When using this setting YiiStrap will only loaded in the menu interface (eg: index.php?r=menu).
            'yiiStrapPath' => '/path/to/vendor/crisu83/yiistrap',
        ),
    ),
);

Use AuditErrorHandler as your applications error handler by updating the components section in your yii configuration:

return array(
    'components' => array(
        'errorHandler' => array(
            // path to the AuditErrorHandler class
            'class' => 'audit.components.AuditErrorHandler',

            // set this as you normally would for CErrorHandler
            'errorAction' => 'site/error',

            // Set to false to only track error requests.  Defaults to false.
            'trackAllRequests' => false,

            // Set to false to not handle fatal errors.  Defaults to true.
            'catchFatalErrors' => true,

            // Request keys that we do not want to save in the tracking data.
            'auditRequestIgnoreKeys' => array('PHP_AUTH_PW', 'password'),

        ),
    ),
);

To handle fatal errors we have add the error handler to the preload section in your yii configuration:

return array(
    'preload' => array(
        'log',
        'errorHandler', // handle fatal errors
    ),
);

To track logs we need to add a logroute to AuditLogRoute to your yii configuration:

return array(
    'components' => array(
        'db' => array(
            // standard setup
            'connectionString' => 'mysql:host=localhost;dbname=test',
            'username' => 'root',
            'password' => '',

            // set to true to enable database query logging
            // don't forget to put `profile` in the log route `levels` below
            'enableProfiling' => true,

            // set to true to replace the params with the literal values
            'enableParamLogging' => true,
        ),
        'log' => array(
            'class' => 'CLogRouter',
            'routes' => array(
                // add a new log route
                array(
                    // path to the AuditLogRoute class
                    'class' => 'audit.components.AuditLogRoute',

                    // can be: trace, warning, error, info, profile
                    // can also be anything else you want to pass as a level to `Yii::log()`
                    'levels' => 'error, warning, profile, audit',
                ),
            ),
        ),
    ),
);

To track field changes add AuditFieldBehavior to your CActiveRecord behaviors() functions.

class Post extends CActiveRecord
{
    public function behaviors()
    {
        return array(
            'AuditFieldBehavior' => array(
                // Path to AuditFieldBehavior class.
                'class' => 'audit.components.AuditFieldBehavior',

                // Set to false if you just want to use getDbAttribute and other methods in this class.
                // If left unset the value will come from AuditModule::enableAuditField
                'enableAuditField' => null,

                // Any additional models you want to use to write model and model_id audits to.  If this array is not empty then
                // each field modifed will result in an AuditField being created for each additionalAuditModels.
                'additionalAuditModels' => array(
                    'Post' => 'post_id',
                ),

                // A list of fields to be ignored on update and delete
                'ignoreFields' = array(
                    'insert' => array('modified', 'modified_by', 'deleted', 'deleted_by'),
                    'update' => array('created', 'created_by', 'modified'),
                ),
    
                // A list of values that will be treated as if they were null.
                'ignoreValues' => array('0', '0.0', '0.00', '0.000', '0.0000', '0.00000', '0.000000', '0000-00-00', '0000-00-00 00:00:00'),
            ),
        );
    }
}

Usage

Logging is as simple as calling Yii::log(). The second argument needs to be one of the AuditLogRoute::levels you specified above (error, warning or audit).

Yii::log('Hello World!', 'audit');
Yii::log('something really bad just happened', 'error');

There are several partial views that you can render into your application. These are all optional.

Add information to your footer:

$this->renderPartial('audit.views.request.__footer');

Show changes for a model:

$post = Post::model()->findByPk(123);
$this->renderPartial('audit.views.field.__fields', array('model' => $post));
// or by using the model_name and model_id
// $this->renderPartial('audit.views.field.__fields', array('model_name' => 'Post', 'model_id' => 123));

Show changes for a single field in a model:

$post = Post::model()->findByPk(123);
$this->renderPartial('audit.views.field.__field', array('model' => $post, 'field' => 'status'));
// or by using the model_name and model_id
// $this->renderPartial('audit.views.field.__field', array('model_name' => 'Post', 'model_id' => 123, 'field' => 'status'));