internal logging for tock is needed

[cryptofilegsa]

If tock will be used as a system of record for time recording, or to provide billing information to clients, not only is timecard accuracy important, but also a log of changes to timecards, by any user including admins, since multiple users can access a user's timecard for additions, modifications and deletions.  

All timecard modifications should be logged with timestamp in a way that identifies the modifying user and the user of the timecard being modified, along with specifics of the timecard change: number of hours added, number of hours removed, and the codes to which all hours modified are associated.  For consistency and integrity, logging would need to be implemented and enforced around any interface for mass modification of multiple timecards as well.

Similar work: timecard modification / change requests are currently being managed by means of google form.

We'll know we're done when

• all individual timecard modifications are logged
• log entries include:
• name of modifier
• date range of timecard being modified (key for timecard)
• name of timecard owner
• timestamp of modification
• number of hours being added, changed, or deleted
• associated billing code for the change
• mass modifications of timecards are also logged
• timecard logs are in a reviewable form, not buried in HTTP traffic logs for instance
• log data is written in an enforceable write-only mode, not modifiable by users including admins
• logging has verifiable non-repudiation

Without this necessary feature, alternatives for tock logging should be explored thoroughly.

History of related (but not the same) issues involving audit, admins, and logging:
#418
#822
#924

[Jkrzy]

Tock, Django, and cloud.gov provide the logging necessary for our purposes per our system security plan