Geek Answers Handbook

Where to audit or journalize?

I am currently working on an ASP.NET MVC project using NHibernate, and I need to track changes on some objects in order to be able to do some reports and queries on the data. For this reason, I wanted to have the data in the table, but I'm trying to decide where to “hook” the audit code.

At the NHibernate level:

  • PRO: A powerful event system for tracking any changes.
  • PRO: nothing can be changed in the application without notice (unless someone uses raw SQL ...)
  • CON: Since I have a common repository ... then I have to filter out useful objects (I do not need to track everything).
  • CON: I do not have easy access to the controller and action, so I can track the basic operations (update, delete ...). I can get an HttpContext, at least for information.

In the controller-level action filter:

  • PRO: complete request status and web application information. In this way, I can distinguish “editing” from “status change” and be more descriptive in audit information.
  • CON: Someone may forget the filter, and an important action can be taken without prior notice, which is a big con.

Any clue?

Refresh . See How to Create an Audit Log Using NHibernate Events .

+4
source share
3 answers

I think doing this at the repository level is much better. Mainly because in the future you may want to add some method of access to your repository that does not go through MVC (for example, WCF interface for data).

So, the question is, how do you address the downsides that you indicated about its implementation at the NHibernate level?

Filtering useful objects is quite simple. I would probably do this with a custom attribute of an entity type. You can mark objects that you want to track, or those that you do not have; whichever is easier.

Finding out what is really meant for the controller is harder. I am going to dispute that you can "get an HttpContext"; I do not think it is a good idea to do this in the repository, because there is a separation of problems. The repository should not be dependent on the Internet. One method is to create custom methods in the repository for actions that you want to track in different ways; this is especially attractive if there are other aspects of these changes that behave differently, for example, different security. Another method is to study changes by comparing old and new versions of objects and obtain the actual nature of the change. The third method is not to try to get the nature of the change, but simply to store the version before and after in the journal so that the person who reads the journal can figure it out for themselves.

+4
source

I would rather place it in a data layer (NHibernate in your case). Put it in the controller and ask other people (or yourself, in the future) to implement the controllers, respectively, conflicts with object-oriented design principles.

+1
source

I do this with NHibernate. Objects requiring auditing implement the IAudtable interface, and I use Interceptor to audit any object that implements IAuditable by intercepting OnFlushDirty, OnDelete, and OnSave.

+1
source

More articles:


All Articles