[Bug Fix] Auditable Trait incorrectly ignoring inclusion and exclusion variables

[Hourja]

Auditable trait was accessing atttributes before creating an audit log without checking relevant auditExclude or auditInclude model variables.

Therefore it did not matter what you have set in those fields in your auditable model as they would be ignored.

It seems that a function already exists that would help you look into those auditExclude or auditInclude variables, but it was not used.

I have updated the trait to correctly make use of getAuditableAttributes function and I have added relevant tests.

[gemini-code-assist]

Summary of Changes

Hello @Hourja, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical bug in the Auditable trait where it failed to properly respect the auditExclude and auditInclude variables defined on models. Previously, these configurations were ignored, leading to incorrect data being stored in audit logs. The changes ensure that only the intended attributes are captured, enhancing data privacy and log relevance. New tests have been added to confirm the correct application of these auditing rules.

Highlights

• Bug Fix: Incorrect Audit Logging: The Auditable trait was not properly utilizing the auditExclude and auditInclude model variables, leading to attributes being logged that should have been ignored or vice-versa. This bug meant that sensitive data or irrelevant fields could inadvertently end up in audit logs.
• Implementation of Correct Attribute Filtering: The core fix involves updating the Auditable trait to consistently use the getAuditableAttributes function across all relevant lifecycle events (created, updated, deleted, restored). This ensures that the model's defined inclusion and exclusion rules are applied before attributes are stored in the audit log.
• Addition of Robust Test Coverage: Comprehensive new feature tests have been added to validate the fix. These tests cover various scenarios, including user model exclusions, post model inclusions, global exclusions, and partial updates, ensuring that the auditing mechanism now correctly respects all defined rules.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request addresses a critical bug where the Auditable trait was not respecting the auditExclude and auditInclude properties on models, causing all attributes to be logged. The fix correctly applies the getAuditableAttributes method to filter attributes for created, updated, deleted, and restored events.

The changes are correct and effectively resolve the issue. A comprehensive new test suite, UserModelAuditExclusionInclusionTest.php, has been added to verify the fix. It covers various scenarios, including attribute exclusion, inclusion, disabled auditing, and partial updates, which significantly improves the test coverage for this feature.

I have one suggestion to improve the robustness of the new test file's setup. Overall, this is an excellent contribution that fixes a key functionality and backs it up with solid testing.