Create project audit logs when an organization is deleted

ericholscher · ericholscher · commit 2013e3028254 · 2026-03-26T10:52:35.000+08:00
diff --git a/readthedocs/core/tasks.py b/readthedocs/core/tasks.py
@@ -102,6 +102,7 @@ def delete_object(
     from simple_history.models import HistoricalRecords
 
     from readthedocs.audit.models import AuditLog
+    from readthedocs.organizations.models import Organization
     from readthedocs.projects.models import Project
 
     task_log = log.bind(model_name=model_name, object_pk=pk, user_id=user_id)
@@ -127,15 +128,24 @@ def delete_object(
             if browser:
                 HistoricalRecords.context.browser = browser
 
+            # Collect projects to audit log before deletion.
+            # When an Organization is deleted, its projects are cascade-deleted
+            # via signal, so we need to capture them here.
+            projects_to_log = []
             if isinstance(obj, Project):
-                # Create an audit log entry for each project admin
-                # so that all of them can see the deletion in their
-                # personal security log, not just the user who deleted it.
-                for admin in obj.users.all():
+                projects_to_log = [obj]
+            elif isinstance(obj, Organization):
+                projects_to_log = list(obj.projects.all())
+
+            # Create an audit log entry for each project admin
+            # so that all of them can see the deletion in their
+            # personal security log, not just the user who deleted it.
+            for project in projects_to_log:
+                for admin in project.users.all():
                     AuditLog.objects.create(
                         user=admin,
                         action=AuditLog.PROJECT_DELETE,
-                        project=obj,
+                        project=project,
                         ip=ip,
                         browser=browser,
                         data={"deleted_by": user.username} if user else None,
diff --git a/readthedocs/rtd_tests/tests/test_project_views.py b/readthedocs/rtd_tests/tests/test_project_views.py
@@ -844,6 +844,46 @@ def test_delete(self):
         self.assertEqual(self.project.webhook_notifications.all().count(), 0)
 
 
+@override_settings(RTD_ALLOW_ORGANIZATIONS=True)
+class TestOrganizationDeleteAuditLog(TestCase):
+    """Test that deleting an organization creates audit logs for its projects."""
+
+    def setUp(self):
+        self.user = new(User, username="org-owner")
+        self.user.set_password("test")
+        self.user.save()
+        self.client.login(username="org-owner", password="test")
+
+        self.project = get(Project, slug="org-project", users=[self.user])
+        self.organization = get(
+            Organization,
+            owners=[self.user],
+            projects=[self.project],
+        )
+
+    def test_delete_organization_creates_audit_log_for_projects(self):
+        from readthedocs.audit.models import AuditLog
+
+        project_slug = self.project.slug
+        with mock.patch(
+            "readthedocs.projects.tasks.utils.clean_project_resources"
+        ):
+            response = self.client.post(
+                reverse("organization_delete", args=[self.organization.slug]),
+            )
+            self.assertEqual(response.status_code, 302)
+
+        self.assertFalse(Project.objects.filter(slug=project_slug).exists())
+        self.assertFalse(Organization.objects.filter(pk=self.organization.pk).exists())
+
+        logs = AuditLog.objects.filter(action=AuditLog.PROJECT_DELETE)
+        self.assertEqual(logs.count(), 1)
+        log_entry = logs.first()
+        self.assertEqual(log_entry.log_project_slug, project_slug)
+        self.assertEqual(log_entry.log_user_username, self.user.username)
+        self.assertEqual(log_entry.data, {"deleted_by": self.user.username})
+
+
 @override_settings(RTD_ALLOW_ORGANIZATIONS=True)
 class TestWebhooksViewsWithOrganizations(TestWebhooksViews):
     def setUp(self):
