Moves the auditlog enable/disable to check and adds test covering check

src/paperless/__init__.py

@@ -1,4 +1,5 @@
 from paperless.celery import app as celery_app
+from paperless.checks import audit_log_check
 from paperless.checks import binaries_check
 from paperless.checks import paths_check
 from paperless.checks import settings_values_check
@@ -8,4 +9,5 @@ __all__ = [
     "binaries_check",
     "paths_check",
     "settings_values_check",
+    "audit_log_check",
 ]

src/paperless/checks.py

@@ -5,9 +5,11 @@ import shutil
 import stat
 
 from django.conf import settings
+from django.core.checks import Critical
 from django.core.checks import Error
 from django.core.checks import Warning
 from django.core.checks import register
+from django.db import connections
 
 exists_message = "{} is set but doesn't exist."
 exists_hint = "Create a directory at {}"
@@ -195,3 +197,19 @@ def settings_values_check(app_configs, **kwargs):
         + _barcode_scanner_validate()
         + _email_certificate_validate()
     )
+
+
+@register()
+def audit_log_check(app_configs, **kwargs):
+    db_conn = connections["default"]
+    all_tables = db_conn.introspection.table_names()
+
+    if ("auditlog_logentry" in all_tables) and not (settings.AUDIT_LOG_ENABLED):
+        return [
+            Critical(
+                (
+                    "auditlog table was found but PAPERLESS_AUDIT_LOG_ENABLED"
+                    " is not active.  This setting cannot be disabled after enabling"
+                ),
+            ),
+        ]

src/paperless/settings.py

@@ -15,8 +15,6 @@ from urllib.parse import urlparse
 
 from celery.schedules import crontab
 from concurrent_log_handler.queue import setup_logging_queues
-from django.core.exceptions import ImproperlyConfigured
-from django.db import connections
 from django.utils.translation import gettext_lazy as _
 from dotenv import load_dotenv
 
@@ -939,14 +937,6 @@ AUDIT_LOG_ENABLED = __get_boolean("PAPERLESS_AUDIT_LOG_ENABLED", "NO")
 if AUDIT_LOG_ENABLED:
     INSTALLED_APPS.append("auditlog")
     MIDDLEWARE.append("auditlog.middleware.AuditlogMiddleware")
-db_conn = connections["default"]
-
-all_tables = db_conn.introspection.table_names()
-
-if ("auditlog_logentry" in all_tables) and not (AUDIT_LOG_ENABLED):
-    raise ImproperlyConfigured(
-        "auditlog table was found but PAPERLESS_AUDIT_LOG_ENABLED is not active.",
-    )
 
 
 def _parse_ignore_dates(

src/paperless/tests/test_checks.py

@@ -1,11 +1,13 @@
 import os
 from pathlib import Path
+from unittest import mock
 
 from django.test import TestCase
 from django.test import override_settings
 
 from documents.tests.utils import DirectoriesMixin
 from documents.tests.utils import FileSystemAssertsMixin
+from paperless.checks import audit_log_check
 from paperless.checks import binaries_check
 from paperless.checks import debug_mode_check
 from paperless.checks import paths_check
@@ -231,3 +233,35 @@ class TestEmailCertSettingsChecks(DirectoriesMixin, FileSystemAssertsMixin, Test
         msg = msgs[0]
 
         self.assertIn("Email cert /tmp/not_actually_here.pem is not a file", msg.msg)
+
+
+class TestAuditLogChecks(TestCase):
+    def test_was_enabled_once(self):
+        """
+        GIVEN:
+            - Audit log is not enabled
+        WHEN:
+            - Database tables contain audit log entry
+        THEN:
+            - system check error reported for disabling audit log
+        """
+        introspect_mock = mock.MagicMock()
+        introspect_mock.introspection.table_names.return_value = ["auditlog_logentry"]
+        with override_settings(AUDIT_LOG_ENABLED=False):
+            with mock.patch.dict(
+                "paperless.checks.connections",
+                {"default": introspect_mock},
+            ):
+                msgs = audit_log_check(None)
+
+                self.assertEqual(len(msgs), 1)
+
+                msg = msgs[0]
+
+                self.assertIn(
+                    (
+                        "auditlog table was found but PAPERLESS_AUDIT_LOG_ENABLED"
+                        " is not active."
+                    ),
+                    msg.msg,
+                )

src/setup.cfg

@@ -21,6 +21,10 @@ omit =
 	paperless/wsgi.py
 	paperless/auth.py
 
+[coverage:report]
+exclude_also =
+    if settings.AUDIT_LOG_ENABLED:
+
 [mypy]
 plugins = mypy_django_plugin.main, mypy_drf_plugin.main, numpy.typing.mypy_plugin
 check_untyped_defs = true