# HG changeset patch
# User Marcin Kuzminski <marcin@rhodecode.com>
# Date 2017-06-14 13:25:31
# Node ID 48072a577b2177d3eef606c1d9431f095227fde9
# Parent  4a92b08c6806ba2dd3bdcf1622327ecc1d58ca47

audit-logs: added audit logs on user groups admin page.

diff --git a/rhodecode/controllers/admin/user_groups.py b/rhodecode/controllers/admin/user_groups.py
--- a/rhodecode/controllers/admin/user_groups.py
+++ b/rhodecode/controllers/admin/user_groups.py
@@ -35,10 +35,11 @@ from sqlalchemy.orm import joinedload
 
 from rhodecode.lib import auth
 from rhodecode.lib import helpers as h
+from rhodecode.lib import audit_logger
 from rhodecode.lib.ext_json import json
 from rhodecode.lib.exceptions import UserGroupAssignedException,\
     RepoGroupAssignmentError
-from rhodecode.lib.utils import jsonify, action_logger
+from rhodecode.lib.utils import jsonify
 from rhodecode.lib.utils2 import safe_unicode, str2bool, safe_int
 from rhodecode.lib.auth import (
     LoginRequired, NotAnonymous, HasUserGroupPermissionAnyDecorator,
@@ -105,8 +106,6 @@ class UserGroupsController(BaseControlle
     # permission check inside
     @NotAnonymous()
     def index(self):
-        """GET /users_groups: All items in the collection"""
-        # url('users_groups')
 
         from rhodecode.lib.utils import PartialRenderer
         _render = PartialRenderer('data_table/_dt_elements.mako')
@@ -142,8 +141,6 @@ class UserGroupsController(BaseControlle
     @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')
     @auth.CSRFRequired()
     def create(self):
-        """POST /users_groups: Create a new item"""
-        # url('users_groups')
 
         users_group_form = UserGroupForm()()
         try:
@@ -154,14 +151,16 @@ class UserGroupsController(BaseControlle
                 owner=c.rhodecode_user.user_id,
                 active=form_result['users_group_active'])
             Session().flush()
-
+            creation_data = user_group.get_api_data()
             user_group_name = form_result['users_group_name']
-            action_logger(c.rhodecode_user,
-                          'admin_created_users_group:%s' % user_group_name,
-                          None, self.ip_addr, self.sa)
-            user_group_link = h.link_to(h.escape(user_group_name),
-                                        url('edit_users_group',
-                                            user_group_id=user_group.users_group_id))
+
+            audit_logger.store_web(
+                'user_group.create', action_data={'data': creation_data},
+                user=c.rhodecode_user)
+
+            user_group_link = h.link_to(
+                h.escape(user_group_name),
+                url('edit_users_group', user_group_id=user_group.users_group_id))
             h.flash(h.literal(_('Created user group %(user_group_link)s')
                               % {'user_group_link': user_group_link}),
                     category='success')
@@ -191,13 +190,6 @@ class UserGroupsController(BaseControlle
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     @auth.CSRFRequired()
     def update(self, user_group_id):
-        """PUT /user_groups/user_group_id: Update an existing item"""
-        # Forms posted to this method should contain a hidden field:
-        #    <input type="hidden" name="_method" value="PUT" />
-        # Or using helpers:
-        #    h.form(url('users_group', user_group_id=ID),
-        #           method='put')
-        # url('users_group', user_group_id=ID)
 
         user_group_id = safe_int(user_group_id)
         c.user_group = UserGroup.get_or_404(user_group_id)
@@ -207,6 +199,7 @@ class UserGroupsController(BaseControlle
         users_group_form = UserGroupForm(
             edit=True, old_data=c.user_group.get_dict(), allow_disabled=True)()
 
+        old_values = c.user_group.get_api_data()
         try:
             form_result = users_group_form.to_python(request.POST)
             pstruct = peppercorn.parse(request.POST.items())
@@ -214,9 +207,11 @@ class UserGroupsController(BaseControlle
 
             UserGroupModel().update(c.user_group, form_result)
             updated_user_group = form_result['users_group_name']
-            action_logger(c.rhodecode_user,
-                          'admin_updated_users_group:%s' % updated_user_group,
-                          None, self.ip_addr, self.sa)
+
+            audit_logger.store_web(
+                'user_group.edit', action_data={'old_data': old_values},
+                user=c.rhodecode_user)
+
             h.flash(_('Updated user group %s') % updated_user_group,
                     category='success')
             Session().commit()
@@ -241,19 +236,16 @@ class UserGroupsController(BaseControlle
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     @auth.CSRFRequired()
     def delete(self, user_group_id):
-        """DELETE /user_groups/user_group_id: Delete an existing item"""
-        # Forms posted to this method should contain a hidden field:
-        #    <input type="hidden" name="_method" value="DELETE" />
-        # Or using helpers:
-        #    h.form(url('users_group', user_group_id=ID),
-        #           method='delete')
-        # url('users_group', user_group_id=ID)
         user_group_id = safe_int(user_group_id)
         c.user_group = UserGroup.get_or_404(user_group_id)
         force = str2bool(request.POST.get('force'))
 
+        old_values = c.user_group.get_api_data()
         try:
             UserGroupModel().delete(c.user_group, force=force)
+            audit_logger.store_web(
+                'user.delete', action_data={'old_data': old_values},
+                user=c.rhodecode_user)
             Session().commit()
             h.flash(_('Successfully deleted user group'), category='success')
         except UserGroupAssignedException as e:
@@ -330,9 +322,9 @@ class UserGroupsController(BaseControlle
         except RepoGroupAssignmentError:
             h.flash(_('Target group cannot be the same'), category='error')
             return redirect(url('edit_user_group_perms', user_group_id=user_group_id))
-        #TODO: implement this
-        #action_logger(c.rhodecode_user, 'admin_changed_repo_permissions',
-        #              repo_name, self.ip_addr, self.sa)
+
+        # TODO(marcink): implement global permissions
+        # audit_log.store_web('user_group.edit.permissions')
         Session().commit()
         h.flash(_('User Group permissions updated'), category='success')
         return redirect(url('edit_user_group_perms', user_group_id=user_group_id))
@@ -389,8 +381,6 @@ class UserGroupsController(BaseControlle
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     @auth.CSRFRequired()
     def update_global_perms(self, user_group_id):
-        """PUT /users_perm/user_group_id: Update an existing item"""
-        # url('users_group_perm', user_group_id=ID, method='put')
         user_group_id = safe_int(user_group_id)
         user_group = UserGroup.get_or_404(user_group_id)
         c.active = 'global_perms'
@@ -492,6 +482,9 @@ class UserGroupsController(BaseControlle
     @XHRRequired()
     @jsonify
     def user_group_members(self, user_group_id):
+        """
+        Return members of given user group
+        """
         user_group_id = safe_int(user_group_id)
         user_group = UserGroup.get_or_404(user_group_id)
         group_members_obj = sorted((x.user for x in user_group.members),
diff --git a/rhodecode/lib/audit_logger.py b/rhodecode/lib/audit_logger.py
--- a/rhodecode/lib/audit_logger.py
+++ b/rhodecode/lib/audit_logger.py
@@ -49,6 +49,13 @@ ACTIONS = {
     'user.edit.password_reset.enabled': {},
     'user.edit.password_reset.disabled': {},
 
+    'user_group.create': {'data': {}},
+    'user_group.delete': {'old_data': {}},
+    'user_group.edit': {'old_data': {}},
+    'user_group.edit.permissions': {},
+    'user_group.edit.member.add': {},
+    'user_group.edit.member.delete': {},
+
     'repo.create': {'data': {}},
     'repo.fork': {'data': {}},
     'repo.edit': {'old_data': {}},