##// END OF EJS Templates
audit-logs: added audit logs on user groups admin page.
marcink -
r1805:48072a57 default
parent child Browse files
Show More
@@ -35,10 +35,11 b' from sqlalchemy.orm import joinedload'
35
35
36 from rhodecode.lib import auth
36 from rhodecode.lib import auth
37 from rhodecode.lib import helpers as h
37 from rhodecode.lib import helpers as h
38 from rhodecode.lib import audit_logger
38 from rhodecode.lib.ext_json import json
39 from rhodecode.lib.ext_json import json
39 from rhodecode.lib.exceptions import UserGroupAssignedException,\
40 from rhodecode.lib.exceptions import UserGroupAssignedException,\
40 RepoGroupAssignmentError
41 RepoGroupAssignmentError
41 from rhodecode.lib.utils import jsonify, action_logger
42 from rhodecode.lib.utils import jsonify
42 from rhodecode.lib.utils2 import safe_unicode, str2bool, safe_int
43 from rhodecode.lib.utils2 import safe_unicode, str2bool, safe_int
43 from rhodecode.lib.auth import (
44 from rhodecode.lib.auth import (
44 LoginRequired, NotAnonymous, HasUserGroupPermissionAnyDecorator,
45 LoginRequired, NotAnonymous, HasUserGroupPermissionAnyDecorator,
@@ -105,8 +106,6 b' class UserGroupsController(BaseControlle'
105 # permission check inside
106 # permission check inside
106 @NotAnonymous()
107 @NotAnonymous()
107 def index(self):
108 def index(self):
108 """GET /users_groups: All items in the collection"""
109 # url('users_groups')
110
109
111 from rhodecode.lib.utils import PartialRenderer
110 from rhodecode.lib.utils import PartialRenderer
112 _render = PartialRenderer('data_table/_dt_elements.mako')
111 _render = PartialRenderer('data_table/_dt_elements.mako')
@@ -142,8 +141,6 b' class UserGroupsController(BaseControlle'
142 @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')
141 @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')
143 @auth.CSRFRequired()
142 @auth.CSRFRequired()
144 def create(self):
143 def create(self):
145 """POST /users_groups: Create a new item"""
146 # url('users_groups')
147
144
148 users_group_form = UserGroupForm()()
145 users_group_form = UserGroupForm()()
149 try:
146 try:
@@ -154,14 +151,16 b' class UserGroupsController(BaseControlle'
154 owner=c.rhodecode_user.user_id,
151 owner=c.rhodecode_user.user_id,
155 active=form_result['users_group_active'])
152 active=form_result['users_group_active'])
156 Session().flush()
153 Session().flush()
157
154 creation_data = user_group.get_api_data()
158 user_group_name = form_result['users_group_name']
155 user_group_name = form_result['users_group_name']
159 action_logger(c.rhodecode_user,
156
160 'admin_created_users_group:%s' % user_group_name,
157 audit_logger.store_web(
161 None, self.ip_addr, self.sa)
158 'user_group.create', action_data={'data': creation_data},
162 user_group_link = h.link_to(h.escape(user_group_name),
159 user=c.rhodecode_user)
163 url('edit_users_group',
160
164 user_group_id=user_group.users_group_id))
161 user_group_link = h.link_to(
162 h.escape(user_group_name),
163 url('edit_users_group', user_group_id=user_group.users_group_id))
165 h.flash(h.literal(_('Created user group %(user_group_link)s')
164 h.flash(h.literal(_('Created user group %(user_group_link)s')
166 % {'user_group_link': user_group_link}),
165 % {'user_group_link': user_group_link}),
167 category='success')
166 category='success')
@@ -191,13 +190,6 b' class UserGroupsController(BaseControlle'
191 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
190 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
192 @auth.CSRFRequired()
191 @auth.CSRFRequired()
193 def update(self, user_group_id):
192 def update(self, user_group_id):
194 """PUT /user_groups/user_group_id: Update an existing item"""
195 # Forms posted to this method should contain a hidden field:
196 # <input type="hidden" name="_method" value="PUT" />
197 # Or using helpers:
198 # h.form(url('users_group', user_group_id=ID),
199 # method='put')
200 # url('users_group', user_group_id=ID)
201
193
202 user_group_id = safe_int(user_group_id)
194 user_group_id = safe_int(user_group_id)
203 c.user_group = UserGroup.get_or_404(user_group_id)
195 c.user_group = UserGroup.get_or_404(user_group_id)
@@ -207,6 +199,7 b' class UserGroupsController(BaseControlle'
207 users_group_form = UserGroupForm(
199 users_group_form = UserGroupForm(
208 edit=True, old_data=c.user_group.get_dict(), allow_disabled=True)()
200 edit=True, old_data=c.user_group.get_dict(), allow_disabled=True)()
209
201
202 old_values = c.user_group.get_api_data()
210 try:
203 try:
211 form_result = users_group_form.to_python(request.POST)
204 form_result = users_group_form.to_python(request.POST)
212 pstruct = peppercorn.parse(request.POST.items())
205 pstruct = peppercorn.parse(request.POST.items())
@@ -214,9 +207,11 b' class UserGroupsController(BaseControlle'
214
207
215 UserGroupModel().update(c.user_group, form_result)
208 UserGroupModel().update(c.user_group, form_result)
216 updated_user_group = form_result['users_group_name']
209 updated_user_group = form_result['users_group_name']
217 action_logger(c.rhodecode_user,
210
218 'admin_updated_users_group:%s' % updated_user_group,
211 audit_logger.store_web(
219 None, self.ip_addr, self.sa)
212 'user_group.edit', action_data={'old_data': old_values},
213 user=c.rhodecode_user)
214
220 h.flash(_('Updated user group %s') % updated_user_group,
215 h.flash(_('Updated user group %s') % updated_user_group,
221 category='success')
216 category='success')
222 Session().commit()
217 Session().commit()
@@ -241,19 +236,16 b' class UserGroupsController(BaseControlle'
241 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
236 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
242 @auth.CSRFRequired()
237 @auth.CSRFRequired()
243 def delete(self, user_group_id):
238 def delete(self, user_group_id):
244 """DELETE /user_groups/user_group_id: Delete an existing item"""
245 # Forms posted to this method should contain a hidden field:
246 # <input type="hidden" name="_method" value="DELETE" />
247 # Or using helpers:
248 # h.form(url('users_group', user_group_id=ID),
249 # method='delete')
250 # url('users_group', user_group_id=ID)
251 user_group_id = safe_int(user_group_id)
239 user_group_id = safe_int(user_group_id)
252 c.user_group = UserGroup.get_or_404(user_group_id)
240 c.user_group = UserGroup.get_or_404(user_group_id)
253 force = str2bool(request.POST.get('force'))
241 force = str2bool(request.POST.get('force'))
254
242
243 old_values = c.user_group.get_api_data()
255 try:
244 try:
256 UserGroupModel().delete(c.user_group, force=force)
245 UserGroupModel().delete(c.user_group, force=force)
246 audit_logger.store_web(
247 'user.delete', action_data={'old_data': old_values},
248 user=c.rhodecode_user)
257 Session().commit()
249 Session().commit()
258 h.flash(_('Successfully deleted user group'), category='success')
250 h.flash(_('Successfully deleted user group'), category='success')
259 except UserGroupAssignedException as e:
251 except UserGroupAssignedException as e:
@@ -330,9 +322,9 b' class UserGroupsController(BaseControlle'
330 except RepoGroupAssignmentError:
322 except RepoGroupAssignmentError:
331 h.flash(_('Target group cannot be the same'), category='error')
323 h.flash(_('Target group cannot be the same'), category='error')
332 return redirect(url('edit_user_group_perms', user_group_id=user_group_id))
324 return redirect(url('edit_user_group_perms', user_group_id=user_group_id))
333 #TODO: implement this
325
334 #action_logger(c.rhodecode_user, 'admin_changed_repo_permissions',
326 # TODO(marcink): implement global permissions
335 # repo_name, self.ip_addr, self.sa)
327 # audit_log.store_web('user_group.edit.permissions')
336 Session().commit()
328 Session().commit()
337 h.flash(_('User Group permissions updated'), category='success')
329 h.flash(_('User Group permissions updated'), category='success')
338 return redirect(url('edit_user_group_perms', user_group_id=user_group_id))
330 return redirect(url('edit_user_group_perms', user_group_id=user_group_id))
@@ -389,8 +381,6 b' class UserGroupsController(BaseControlle'
389 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
381 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
390 @auth.CSRFRequired()
382 @auth.CSRFRequired()
391 def update_global_perms(self, user_group_id):
383 def update_global_perms(self, user_group_id):
392 """PUT /users_perm/user_group_id: Update an existing item"""
393 # url('users_group_perm', user_group_id=ID, method='put')
394 user_group_id = safe_int(user_group_id)
384 user_group_id = safe_int(user_group_id)
395 user_group = UserGroup.get_or_404(user_group_id)
385 user_group = UserGroup.get_or_404(user_group_id)
396 c.active = 'global_perms'
386 c.active = 'global_perms'
@@ -492,6 +482,9 b' class UserGroupsController(BaseControlle'
492 @XHRRequired()
482 @XHRRequired()
493 @jsonify
483 @jsonify
494 def user_group_members(self, user_group_id):
484 def user_group_members(self, user_group_id):
485 """
486 Return members of given user group
487 """
495 user_group_id = safe_int(user_group_id)
488 user_group_id = safe_int(user_group_id)
496 user_group = UserGroup.get_or_404(user_group_id)
489 user_group = UserGroup.get_or_404(user_group_id)
497 group_members_obj = sorted((x.user for x in user_group.members),
490 group_members_obj = sorted((x.user for x in user_group.members),
@@ -49,6 +49,13 b' ACTIONS = {'
49 'user.edit.password_reset.enabled': {},
49 'user.edit.password_reset.enabled': {},
50 'user.edit.password_reset.disabled': {},
50 'user.edit.password_reset.disabled': {},
51
51
52 'user_group.create': {'data': {}},
53 'user_group.delete': {'old_data': {}},
54 'user_group.edit': {'old_data': {}},
55 'user_group.edit.permissions': {},
56 'user_group.edit.member.add': {},
57 'user_group.edit.member.delete': {},
58
52 'repo.create': {'data': {}},
59 'repo.create': {'data': {}},
53 'repo.fork': {'data': {}},
60 'repo.fork': {'data': {}},
54 'repo.edit': {'old_data': {}},
61 'repo.edit': {'old_data': {}},
General Comments 0
You need to be logged in to leave comments. Login now