I am discovering the Audited gem which brings auditing to my application with much ease. But I am still having a doubt about auditing users authentication related activities (provided by Devise).
At least I'd like to remove form the log authentication related columns belonging to user model. I tried:
User.non_audited_columns = [:encrypted_password, :reset_password_token, :confirmation_token, :unlock_token]
but I am not sure where to put this statement? It has not effect when in the application controller, and server fails starting when in Audited intializer, due to Devise missing classes.
Where should this type of configuration take place? Thanks for your help!
EDIT: to audit all models, I actually inserted the "audited" statement in the ApplicationRecord class defintion:
class ApplicationRecord < ActiveRecord::Base
self.abstract_class = true
include PgSearch::Model
audited
---
And now, based on Hazhir and Widjajayd recommendation, I try to override it in the User model:
class User < ApplicationRecord
extend CsvHelper
# Audit trail setup
audited except: [:encrypted_password, :reset_password_token, :confirmation_token, :unlock_token]
---
As a result, when 'audited' is required only in the User model, including the list of exceptions, it works as expected. But when declared in ApplicationRecord and overriden in User model, the exceptions are ignored.
Can you recommend a working syntax for the override of 'audited' including columns exceptions?
Or would you recommend to apply 'audited' respectively on each relevant model?
Thanks a lot for your help!
from this documentation you can specifying-column as follow
class User < ActiveRecord::Base
# All fields
# audited
# Single field
# audited only: :name
# Multiple fields
# audited only: [:name, :address]
# All except certain fields
# audited except: :password
end
for your case , you can add in User model as follow
class User < ActiveRecord::Base
audited except: [:encrypted_password, :reset_password_token, :confirmation_token, :unlock_token]
end