Dblog module uses LEFT JOIN on the users table to select log entries on the overview display, but INNER JOIN to select on the detail display.
This results in log entries visible on the overview page that result in a blank display when viewing the entry detail for a user that has been deleted.
Usually, this would be a very minor issue, but on one of our sites, users are ephemeral for legal reasons - ie users are created on-the-fly from
the response of a secure webservice, and deleted on logout/timeout from the database. Of course this makes viewing log messages awkward after the user has logged out. LEFT JOIN returns a NULL uid from the users table and allows viewing log messages for deleted users as coming from anonymous.
Trivial patch follows to use LEFT JOIN on the dblog detail view.
Beta phase evaluation
Issue category | Bug because dblog detail pages are broken if a deleted user triggered the error |
---|---|
Issue priority | Not critical |
Prioritized changes | The main goal of this issue is usability since the dblog doesn't properly display log messages if the user that triggered the message has been deleted. |
Comment | File | Size | Author |
---|---|---|---|
#24 | blank_detail_view_in-1942682-24.patch | 2.58 KB | zaporylie |
#24 | test-only-blank_detail_view_in-1942682-24.patch | 1.46 KB | zaporylie |
#24 | interdiff-14-24.txt | 2.04 KB | zaporylie |
#14 | blank_detail_view_in-1942682-14.patch | 2.79 KB | zaporylie |
#14 | interdiff-11-14.txt | 1 KB | zaporylie |
Comments
Comment #1
deadbeef CreditAttribution: deadbeef commentedPatch to use LEFT JOIN in dblog detail view.
Comment #4
zaporylieComment #5
zaporylieAfter over a year this is still a problem. I've attached patch to see if changing INNER to LEFT will pass tests.
Comment #6
zaporylieTests passed by still doesn't work :) I will handle it.
Comment #7
zaporylieOk, this patch should be more than enough. Removed user join completely - user_load or User::load() (when #2322195: Replace all instances of user_load(), user_load_multiple(), entity_load('user') and entity_load_multiple('user') with static method calls will be fixed) will handle username instead.
Comment #8
jhedstromThis should have a test.
Comment #9
dawehnerI think this can't work ... we still access
so I guess the proper fix is simply a LEFT JOIN ?
Comment #10
zaporylie@dawehner But still, user_load will give us Anonymous user for non-existing uid, right? And uid is a part of $dblog object.
Not sure if join is needed here, correct me if I'm wrong.
Comment #11
zaporylieThis patch contains test coverage for deleted user issue. Nothing more since #7.
Comment #12
jhedstromuser_load()
returnsNULL
for non-existing uid, not the anonymous user object.Comment #13
zaporylieThat's right, but
template_preprocess_username()
doesn't really care if that'sNULL
or Anonymous user object, right?Although, for performance reason, probably would be better to replace
user_load($dblog->uid)
withuser_load($dblog->uid ? $dblog->uid : 0)
.What do you think @jhedstrom?
Comment #14
zaporylieok, that's obviously not enough. We need also LEFT JOIN since uid in watchdog record keeps non-existing, non-zero value. I've added LEFT JOIN as well. I guess now it's ready for final review.
Comment #15
jhedstrom@zaporylie could you upload a patch that just contains the new test to illustrate the current bug?
Comment #16
zaporylieSure I can. Here is a patch.
Comment #18
zaporylieCurrent codebase fails test - as expected - so I'm hiding file and bumping it back to Needs review.
Comment #19
jhedstromThanks @zaporylie!
#14 is good to go I think.
I added a beta phase evaluation to the issue summary.
Comment #20
xjmNice find. Thanks for the test-only patch and the beta evaluation.
I agree that this is a pretty clear bug, and non-disruptive, so it is allowed during the Drupal 8 beta. (Though the beta evaluation is slightly incomplete at the moment.)
Can we get
EXPLAIN
s for the old and new queries?The docs could use a little fixing (maybe from a native English speaker) since these aren't complete sentences. There are a few missing articles (e.g. it should be "the correct message" rather than "correct message") and incorrect verb forms (e.g. it should be "contains" rather than "contain"). And so forth.
The word "ephemeral" might not be familiar to everyone, so let's change this to something else throughout. Maybe "a temporary user"?
We can remove the second parameter from these assertions;
assertText()
already provides a detailed message text.Comment #21
jhedstromWhile running explains, I realized that the query in the patch in #16 switched back to using
users
instead ofusers_field_data
.Here's the explains of the queries as they should be, I think they are identical:
Old:
New:
Comment #22
zaporylieI would be happy to provide another patch, but I have two doubts:
Comment #23
jhedstromAdding the
u.name
back was a mistake in the above example as I was just copying the current existing query.The change to
users_field_data
was from #1498664: Refactor user entity properties to multilingual, but I don't know that it is necessary here, since the langcode is hard-coded. Switching back tousers
should be fine.Comment #24
zaporylieBefore:
After:
I had to re-roll patch (ref. #2322195: Replace all instances of user_load(), user_load_multiple(), entity_load('user') and entity_load_multiple('user') with static method calls) to fix 3. and 4.
I did my best to fix all grammar issues as well, but I am not a native English speaker so it should probably be reviewed and fixed by someone else.
Comment #26
jhedstromGreat! Thanks zaporyli!
I think the latest patch addresses the feedback from above. Using the
users
table here instead is actually more performant since it is able to properly use an index.Comment #27
xjmThanks @jhedstrom and @zaporylie -- glad to see we are using the index now!
The comment improvements look good as well. I made a couple very small fixes on commit:
The first one is just to get the one-line summary to one line under 80 chars (reference: https://www.drupal.org/node/1354#drupal); the others are just trivial fixes.
This issue is a normal bug fix, and doesn't include any disruptive changes, so it is allowed per https://www.drupal.org/core/beta-changes. Committed and pushed to 8.0.x (with credit for reviewers).
Comment #29
xjmOops, I should have noticed this before, but we should be using a constant for the account here rather than 0. Can someone file a followup issue to clean that up? Thanks!
Comment #30
jhedstromI added #2479593: Use User::getAnonymousUser() in DblogController::eventDetails().
Comment #31
jhedstromI don't actually see this commit.
Comment #32
jhedstromNevermind, phpstorm was caching files.