fix: capture user and ip details on Inbox delete (#7395)

Fixes: https://linear.app/chatwoot/issue/CW-1772/ip-address-and-user-details-are-missing-in-some-of-the-logs

Co-authored-by: Sojan <sojan@pepalo.com>

app/controllers/api/v1/accounts/inboxes_controller.rb

@@ -63,7 +63,7 @@ class Api::V1::Accounts::InboxesController < Api::V1::Accounts::BaseController
   end
 
   def destroy
-    ::DeleteObjectJob.perform_later(@inbox) if @inbox.present?
+    ::DeleteObjectJob.perform_later(@inbox, Current.user, request.ip) if @inbox.present?
     render status: :ok, json: { message: I18n.t('messages.inbox_deletetion_response') }
   end
 

app/jobs/delete_object_job.rb

@@ -1,7 +1,12 @@
 class DeleteObjectJob < ApplicationJob
   queue_as :low
 
-  def perform(object)
+  def perform(object, user = nil, ip = nil)
     object.destroy!
+    process_post_deletion_tasks(object, user, ip)
   end
+
+  def process_post_deletion_tasks(object, user, ip); end
 end
+
+DeleteObjectJob.prepend_mod_with('DeleteObjectJob')

enterprise/app/jobs/enterprise/delete_object_job.rb

@@ -0,0 +1,18 @@
+module Enterprise::DeleteObjectJob
+  def process_post_deletion_tasks(object, user, ip)
+    create_audit_entry(object, user, ip)
+  end
+
+  def create_audit_entry(object, user, ip)
+    return unless ['Inbox'].include?(object.class.to_s) && user.present?
+
+    Enterprise::AuditLog.create(
+      auditable: object,
+      audited_changes: object.attributes,
+      action: 'destroy',
+      user: user,
+      associated: object.account,
+      remote_address: ip
+    )
+  end
+end

enterprise/app/models/enterprise/audit/inbox.rb

@@ -2,6 +2,6 @@ module Enterprise::Audit::Inbox
   extend ActiveSupport::Concern
 
   included do
-    audited associated_with: :account
+    audited associated_with: :account, on: [:create, :update]
   end
 end

spec/controllers/api/v1/accounts/inboxes_controller_spec.rb

@@ -287,6 +287,8 @@ RSpec.describe 'Inboxes API', type: :request do
       let(:admin) { create(:user, account: account, role: :administrator) }
 
       it 'deletes inbox' do
+        expect(DeleteObjectJob).to receive(:perform_later).with(inbox, admin, anything).once
+
         perform_enqueued_jobs(only: DeleteObjectJob) do
           delete "/api/v1/accounts/#{account.id}/inboxes/#{inbox.id}",
                  headers: admin.create_new_auth_token,

spec/enterprise/jobs/enterprise/delete_object_job_spec.rb

@@ -0,0 +1,29 @@
+require 'rails_helper'
+
+RSpec.describe DeleteObjectJob, type: :job do
+  include ActiveJob::TestHelper
+  subject(:job) { described_class.perform_later(account) }
+
+  let(:account) { create(:account) }
+  let(:user) { create(:user) }
+  let(:team) { create(:team, account: account) }
+  let(:inbox) { create(:inbox, account: account) }
+
+  context 'when an object is passed to the job with arguments' do
+    it 'creates log with associated data if its an inbox' do
+      described_class.perform_later(inbox, user, '127.0.0.1')
+      perform_enqueued_jobs
+
+      audit_log = Audited::Audit.where(auditable_type: 'Inbox', action: 'destroy', username: user.uid, remote_address: '127.0.0.1').first
+      expect(audit_log).to be_present
+      expect(audit_log.audited_changes.keys).to include('id', 'name', 'account_id')
+      expect { inbox.reload }.to raise_error(ActiveRecord::RecordNotFound)
+    end
+
+    it 'will not create logs for other objects' do
+      described_class.perform_later(account, user, '127.0.0.1')
+      perform_enqueued_jobs
+      expect(Audited::Audit.where(auditable_type: 'Team', action: 'destroy').count).to eq 0
+    end
+  end
+end

spec/enterprise/models/inbox_spec.rb

@@ -50,12 +50,5 @@ RSpec.describe Inbox do
         expect(Audited::Audit.where(auditable_type: 'Inbox', action: 'update').count).to eq 1
       end
     end
-
-    context 'when inbox is deleted' do
-      it 'has associated audit log created' do
-        inbox.destroy!
-        expect(Audited::Audit.where(auditable_type: 'Inbox', action: 'destroy').count).to eq 1
-      end
-    end
   end
 end