Audit log: log invitations

[stsewd]

Had to do some refactoring now that we are introducing more actions to logs, there are:

• Add a json field (data) to the auditlog model, this is so we can store additional information about the log entry
  (useful to store information about the invitation)
• Use an enum for the action choices (https://docs.djangoproject.com/en/4.1/ref/models/fields/#enumeration-types), they are easier to manage without duplicating things.
• Change the tests from organizations/test_forms to test things at the view level, this is to avoid mocking more things from the request object.
• Changed the tests from security logs to test the expected queryset instead of just the count, so we don't need to re-calculate everything every time we add a new thing.
• Had to change how we display log entries, since we now have more actions and it gets complicated having one paragraph for each case (action / with/out user / with/out project, etc). This was suggested by Anthony on slack.

Screenshots

Closes #9456.

---

📚 Documentation previews 📚

• User's documentation (docs): https://docs--9607.org.readthedocs.build/en/9607/

• Developer's documentation (dev): https://dev--9607.org.readthedocs.build/en/9607/

[stsewd]

Set these here to avoid having to refactor every place where we use them, and it's also easier to write AuditLog.PAGEVIEW than AuditLog.Actions.PAGEVIEW. We could also move this outside the model, so we can just write Actions.PAGEVIEW, but that will require changing every usage too, so.

[stsewd]

GitHub displays logs as

They show the IP and location

[agjohnson]

This matches what I was describing the other day. The main translated string is "Country changed from your previous session", without introducing variables, and metadata is listed below.

[agjohnson]

I didn't do a thorough job looking at Python, so would be good to get secondary review there. I'll have a lot of updates for this view when we get to reworking this UI, but for now, my inclination is probably to keep this UI very simple, and add more complex UI with new templates.

Addressing what we're storing and displaying is a great focus for this stage. We can come back to this UI with more complex additions, like filtering and search.

[agjohnson]

This matches what I was describing the other day. The main translated string is "Country changed from your previous session", without introducing variables, and metadata is listed below.

[humitos]

I think this PR is fine. However, I'd invite another person to do a code review as well. To me, there are some new magic added in this PR that we have not been using and it's changing some of the patterns we have for the same things. I usually prefer consistency in these cases.

These new decisions made me spent more time than I would normally require to review this code. Changes aren't huge or complex, but I had to re-read multiple times them to understand the new approaches used for the same things we have solved in a different --and no that magic-- way.

[humitos]

This called my attention. I was wondering why we had created the readthedocs/invitations/serializers.py file if we are not exposing invitations via a REST API.

It seems we are using the DRF serializers for a different purpose here and I'm not convinced this is the right approach.

[agjohnson]

@stsewd We're doing some sprint clean up, is there anything required on this PR to move forward?

[stsewd]

@agjohnson there is a disagreement about using django's enum types for constants/options #9607 (comment).

[humitos]

Isnt' it a problem to override the object reserved word?

[stsewd]

only when used as variable name, we can change it to obj if we want

[humitos]

It would be good to have a comment here saying that the value of object will depend on the object type and a different serializer will be used.