An audit log is currently not a priority right now. In the future, we'll most likely have one that extensions can hook into themselves (do not quote me on this, there are NO guarantees that any feature will make it into core, specially with the view we have for a simple base).

Until we get to that point (if we ever do), this extension is an alternative to that potential core feature. Similar to my admin dashboard extension - while that one is not paid, it sprung from a core issue about revamping the admin UI.

I understand people want many features to be included in the core software and/or not have to pay for them. But we have to remember that we can't include too many features in core or we risk over complicating it and making it less extensible. We also have to remember that Flarum core is not supposed to be your regular forum software.

I'm not saying we should or shouldn't have an audit log in core - I'm just pointing out the reasons why we don't yet and may never do.

  • [deleted]

  • Post #12
  • Edited

Exactly what i meant 🙂 I only hear stable 🙂

    [deleted] the stable argument

    I'm a bit confused by what you mean by 'the stable argument'. Please do remember that flarum is developed by volunteers, each of whom have jobs, families, social lives, and other commitments as well. In addition to development, time also goes to moderation, community support, marketing, organizational infrastructure, IT systems, legal matters, etc. We are doing our best to make as much progress as we can, and in recent months, we have been accelerating even. That being said, there are limitations to what we can do, and our current priority is stable.

    If you would like progress to happen faster (as we all would), the best ways to do that are to support us financially, find and report bugs, and/or if you're a developer, to contribute PRs and code review.

      [deleted] We consider stable to be "people can use this for a longish period of time without worrying about extension breaking every release" not "we have all the same features as X" or "have all the main features our community has asked for"

      The core of forum will probably add features at some point after stable, however as @datitisev pointed out Flarum is not like other software and core will ALWAYS remain minimal.

          • [deleted]

          • Post #17

          tankerkiller125 The point is, the goal of getting to stable is here for several years now, it kinda takes the trust for the users.

            • [deleted]

            • Post #18

            Circling back to the original point - any application, regardless of production state, should have an audit log or similar functionality. I'm in fact writing a PHP / jQuery based application for work right now, and the first function I wrote is a logging utility that captures all activity.

            I'm not saying that stable should be delayed - far from it - but I am saying that audit logging should have been factored in at the outset.

              [deleted] I am saying that audit logging should have been factored in at the outset.

              You're probably right, it would have been very good to have this earlier on. But considering our code base, it should be pretty easy to implement (and it's definitely something I want to have in core as well). That being said, we're in the position we're in, and our current priorities need to focus on stable (especially the frontend rewrite).

                  • [deleted]

                  • Post #20

                  askvortsov Understood. But a "paid" extension for what should be in core isn't something I'm willing to entertain. I completely understand paying for extensions that actually "extend" the core such as ReCache, Websockets, WordPress Integration, etc, and provide functionality outside of what the core is designed to do, but audit logging isn't a premium extension in my view.

                      [deleted] but audit logging isn't a premium extension in my view.

                      Unless they are bundled and published under the flarum name, any extensions (whether or not by core developers) are not an official product or statement from the Flarum team. It's solely an individual effort/project. Clark releasing his vision of an audit log as a premium extension does not mean that:

                      • an audit log will not be eventually incorporated into core
                      • someone else who needs it won't develop and publish a free audit log extension

                      The beauty of our extension ecosystem is that anyone can make any extension they want, even one that replicates functionality of an existing extension (as long as no actual code is stolen, which would infringe on copyright law).

                        [deleted] I assume this is somewhat in response to Clark's recently released premium extension?

                        He does state the issues he ran into while developing his Audit extension which would take more planning and dev-power for even his proposed PR's to reach core itself in a release. Plus, as my other team members have mentioned, it would be low on the priority list as we strive to have the API stable by the end of the year 🤞

                        Furthermore, Flarum is supposed to be as minimum and bare-bones as can be to allow extensibility and optimal performance. To be frank, even with other boards, I do notice a dip in performance compared to Flarum where it doesn't have a native audit log. Imaging the strain of having to log each and every transactions that goes on in Flarum added to what community extensions already add onto. You'd be swimming in logs for days unless there was control over what gets logged, and again, would take a ton of effort and time to bake that in natively.

                            • [deleted]

                            • Post #23

                            Ralkage I think we'll agree to disagree here. I do have a much longer and thought out response which I'll happily post if there's interest, but the bottom line is that logging should be in the core of any application, and any extension should hook into that and leverage whatever mechanism is there to begin with to extend the logging capability.

                            Logging doesn't need to be verbose unless there is a genuine need for it.

                              3 years later

                              Why is this still not a feature after 3 years, heck if administrators don't want logs then let them disable it but frankly if you allow community members to join, you're bound to have one rouge actor eventually delete everything by everyone and while you can restore it assuming you didn't give them permission for it to be deleted forever.

                              Right now there's no evidence saying "Oh it was BigMoney221 who deleted every post", guess I'll ban him. Instead you'd do something like "Oh everything is gone, guess no one but admins and owners of the post can delete their post now"
                              There's no action log to show who flagged historically, who dismissed the flag, so if a moderator dismisses the flag incorrectly before anyone else sees it it's gone for good, maybe they misunderstood the reason / topic for the flag.

                              Overall I'd expect it to be further along in after 3 years and I feel like this shows no one uses this in mass for important uses where you'd want the trackability of malicious actors without having to vet everyone for 3 years or paying cash for some addon.