Published on

Release: Audit Module, List Sorting, Performance

Authors
  • Name
    Dave Coates

To upgrade any existing projects it's recommended to pull in the relevant commits from upstream.

git remote add upstream git@gitlab.internal.alliancesoftware.com.au:alliance/template-django.git
git cherry-pick XXX1 XXX2

In cases where you are significantly behind it may be easier to pull the whole app (eg. common_audit) in but you'll need to review the relevant branch.

In this release

Audit

This app introduces support for auditing models using postgres triggers. Trigger support and history tracking is provided by django-pgtrigger and django-pghistory and works by taking a snapshot of a record whenever it changes.

Please see Implementation Details & Limitations in the documentation for more details on how it works and what limitations there are.

Thanks to Fang for implementing this.

Setup

See the installation instructions.

Usage

To audit a module create a new model that extends the base model returned by create_audit_model.

This example audits the User model and excludes the password and last_login fields. It also registers to manual events LOGIN and LOGOUT:

class UserAuditEvent(
    create_audit_model(
        User,
        exclude=["password", "last_login"],
        manual_events=["LOGIN", "LOGOUT"]
    )
):
    class Meta:
        db_table = "xenopus_frog_user_auditevent"

To fire the custom events call create_audit_event:

def track_login(sender, user, **kwargs):
    create_audit_event(user, "LOGIN")

Any audit events that occur within a non-GET request will automatically by wrapped in pghistory.context thanks to AuditMiddleware. GET requests shouldn't generally modify anything so by default these are excluded. To manually do it - or to add extra context data - wrap the call in pghistory.context:

def track_logout(sender, user, **kwargs):
    with pghistory.context(user=user.pk):
        create_audit_event(user, "LOGOUT")

There is a provided UI that can be rendered with the render_audit_list template tag:

Audit List

It supports rendering inline using an accordion or in a modal. There is also a global (all combined events) or user specific views.

Upgrading

To use this in an existing project you can copy across the common_audit app. See this commit as a guide for adding necessary settings & dependencies.

Crud List View Sorting

Until now sorting by columns on the CrudListView wasn't supported. With 10569983 this can now be done.

See CrudListOrderingMixin for details.

Thanks to Fang for implementing this.

Frontend upgrades

Main change here is the upgrade to React 17 which removes the requirement that you import React in any file that uses JSX. Instead this is handled by babel.

  • 19a900b9 - Remove unused packages
  • 9deb749d - Upgrade to React 17
  • 8fea52e9 - Upgrade to typescript 4
  • 4513dbc4 - Upgrade webpack config to show typescript errors & migrate from some deprecated packages.

Changes have also been made to improve the bundle size we generated and optimise performance. With these changes we generate more smaller bundles that are loaded on demand. In particular the styles downloaded on the initial page load have gone from 223kb to 22kb thanks largely to the usage of PurgeCSS. We also load antd styles based on actual usage now rather than having to manually uncomment the used styles in antd.less and include them everywhere.

With these changes our lighthouse scores on our demo pages have improved significantly:

Lighthouse Score Desktop

Lighthouse Desktop Before
Before
Lighthouse Desktop After
After

Lighthouse Score Mobile

Lighthouse Mobile Before
Before
Lighthouse Mobile After
After

See these commits for all the changes.

Presto

Version 0.0.14 & 0.0.15 released with some fixes and enhancements. See the changelog.

These changes introduce support for React 17 and antd 4.15+ and allow for customising what date library is used. See this commit and this commit for how to upgrade.

Misc Changes

  • 94e92556 - Use csvpermissions from github instead of in the project itself
  • 95df3372 - Don't use deprecated django-hijack views
  • 5669a486 - Fixes link so that it doesn't break it perm is specified
  • 6390803c - In form select rendered with React don't display ids if they are no longer an option. This matches the behaviour of django form selects.
  • f718936e - Template once again has user signup built out of the box (this time using django forms rather than djrad)
  • bb71bd22 - Codegen: Better error messages when using serializer fields with no corresponding presto field
  • e58ada91 & e6d25214 - Codegen: Support for multiple configs
  • df79cd72 - Codegen: support extra_kwargs on CRUD filterset

Upcoming

Things currently in the works

  • Further performance improvements and tooling including running lighthouse in CI
  • Missing djrad features in template (permission checks, missing fields etc)
  • Documentation including how to guides
View on GitHub