Project components table audit (#418)

closes #415

As per issue #415, but also:
- Uses db:prepare which will run only run db:seed if the database
doesn't exist.
- Makes the classroom_management seeds idempotent, by not proceeding if
a school exists.

---------

Co-authored-by: create-issue-branch[bot] <53036503+create-issue-branch[bot]@users.noreply.github.com>
Co-authored-by: Dan Halson <[email protected]>

Author: create-issue-branch[bot]

Gemfile

@@ -27,6 +27,7 @@ gem 'omniauth-rpi',
     github: 'RaspberryPiFoundation/omniauth-rpi',
     tag: 'v1.3.1'
 gem 'open-uri'
+gem 'paper_trail'
 gem 'pg', '~> 1.1'
 gem 'postmark-rails'
 gem 'puma', '~> 6'

Gemfile.lock

@@ -290,6 +290,9 @@ GEM
       stringio
       time
       uri
+    paper_trail (15.1.0)
+      activerecord (>= 6.1)
+      request_store (~> 1.4)
     parallel (1.22.1)
     parser (3.2.1.0)
       ast (~> 2.4.1)
@@ -364,6 +367,8 @@ GEM
     regexp_parser (2.7.0)
     reline (0.5.9)
       io-console (~> 0.5)
+    request_store (1.7.0)
+      rack (>= 1.4)
     rexml (3.3.0)
       strscan
     roo (2.10.1)
@@ -537,6 +542,7 @@ DEPENDENCIES
   omniauth-rails_csrf_protection (~> 1.0.1)
   omniauth-rpi!
   open-uri
+  paper_trail
   pg (~> 1.1)
   postmark-rails
   pry-byebug

app/controllers/api_controller.rb

@@ -10,6 +10,8 @@ class ::ParameterError < StandardError; end
   rescue_from CanCan::AccessDenied, with: -> { denied }
   rescue_from ParameterError, with: -> { unprocessable }
 
+  before_action :set_paper_trail_whodunnit
+
   private
 
   def bad_request

app/models/component.rb

@@ -6,6 +6,14 @@ class Component < ApplicationRecord
   validates :extension, presence: true
   validate :default_component_protected_properties, on: :update
 
+  has_paper_trail(
+    if: ->(c) { c.project&.school_id },
+    meta: {
+      meta_project_id: ->(c) { c.project&.id },
+      meta_school_id: ->(c) { c.project&.school_id }
+    }
+  )
+
   private
 
   def default_component_protected_properties

app/models/project.rb

@@ -21,6 +21,14 @@ class Project < ApplicationRecord
 
   scope :internal_projects, -> { where(user_id: nil) }
 
+  has_paper_trail(
+    if: ->(p) { p&.school_id },
+    meta: {
+      meta_remixed_from_id: ->(p) { p&.remixed_from_id },
+      meta_school_id: ->(p) { p&.school_id }
+    }
+  )
+
   def self.users(current_user)
     school = School.find_by(id: pluck(:school_id))
     SchoolStudent::List.call(school:, token: current_user.token, student_ids: pluck(:user_id))[:school_students] || []

bin/docker-debug-entrypoint.sh

@@ -1,2 +1,4 @@
-rails db:setup --trace
+#!/bin/bash
+
+rails db:prepare
 rdbg -n -o -c -- bin/rails s -p 3009 -b '0.0.0.0'

bin/docker-entrypoint.sh

@@ -1,2 +1,4 @@
-rails db:setup --trace
+#!/bin/bash
+
+rails db:prepare
 rails server --port 3009 --binding 0.0.0.0

db/migrate/20240828112433_create_versions.rb

@@ -0,0 +1,39 @@
+# This migration creates the `versions` table, the only schema PT requires.
+# All other migrations PT provides are optional.
+class CreateVersions < ActiveRecord::Migration[7.1]
+
+  # The largest text column available in all supported RDBMS is
+  # 1024^3 - 1 bytes, roughly one gibibyte.  We specify a size
+  # so that MySQL will use `longtext` instead of `text`.  Otherwise,
+  # when serializing very large objects, `text` might not be big enough.
+  TEXT_BYTES = 1_073_741_823
+
+  def change
+    create_table :versions, id: :uuid do |t|
+      t.string   :item_type, null: false
+      t.string   :item_id,   null: false
+      t.string   :event,     null: false
+      t.string   :whodunnit
+      # We're not using versioning, so exclude the original state by not having an options field (see docs)
+      # t.json     :object
+
+      # Known issue in MySQL: fractional second precision
+      # -------------------------------------------------
+      #
+      # MySQL timestamp columns do not support fractional seconds unless
+      # defined with "fractional seconds precision". MySQL users should manually
+      # add fractional seconds precision to this migration, specifically, to
+      # the `created_at` column.
+      # (https://dev.mysql.com/doc/refman/5.6/en/fractional-seconds.html)
+      #
+      # MySQL users should also upgrade to at least rails 4.2, which is the first
+      # version of ActiveRecord with support for fractional seconds in MySQL.
+      # (https://github.com/rails/rails/pull/14359)
+      #
+      # MySQL users should use the following line for `created_at`
+      # t.datetime :created_at, limit: 6
+      t.datetime :created_at
+    end
+    add_index :versions, %i[item_type item_id]
+  end
+end

db/migrate/20240828112434_add_object_changes_to_versions.rb

@@ -0,0 +1,12 @@
+# This migration adds the optional `object_changes` column, in which PaperTrail
+# will store the `changes` diff for each update event. See the readme for
+# details.
+class AddObjectChangesToVersions < ActiveRecord::Migration[7.1]
+  # The largest text column available in all supported RDBMS.
+  # See `create_versions.rb` for details.
+  TEXT_BYTES = 1_073_741_823
+
+  def change
+    add_column :versions, :object_changes, :json
+  end
+end

db/migrate/20240828122522_add_meta_columns_to_versions.rb

@@ -0,0 +1,10 @@
+# This migration adds the optional `object_changes` column, in which PaperTrail
+# will store the `changes` diff for each update event. See the readme for
+# details.
+class AddMetaColumnsToVersions < ActiveRecord::Migration[7.1]
+  def change
+    add_column :versions, :meta_project_id, :uuid
+    add_column :versions, :meta_school_id, :uuid
+    add_column :versions, :meta_remixed_from_id, :uuid
+  end
+end