Audit plugin

[joepio]

When we use Commits to edit resources, we can see who changed what, when. This means we can generate an audit log for every resource. And that means we can add a couple of fields to a resource:

• created-at (timestamp)
• created-by (many Agents). Show the first one if you need to know who created it.
• last-edited-by (Agent)
• versions-amount (number)
• versions (many Versions). Versioning, history, find commits from resource #42

Adding these things to resources can be (at least a little) costly. Doing this efficiently will probably involve some caching.
Not all resources will need them (versions / commits / collections, for example).

• Should these audit items be enabled by default for all resources where they make sense?
• Should it be a plugin (probably, yes)?
• How do we keep things performant?
• If a server decides that including these audit items isn't important enough, but still wants to let others access audit logs, should we provide an alternative path? Maybe a query param or HTTP header that adds these?
• Should all of this be part of the Versioning, history, find commits from resource #42 versioning plugin?

[joepio]

I think I'll need this for #134 invites, because I need to check whether the one who created an invite still has the rights to allow the invitee to get these rights.

• Udpate: I can manually find the commit to do this, though.

[joepio]

I'm currently showing the author and edit date by simply checking the last_commit in the front-end. Works pretty nice! No plugin needed.