audit-logs: add audit logs for API permission calls....
marcink -
r3342:bb780a23 default
Not Reviewed
Show More
Add another comment
TODOs: 0 unresolved 0 Resolved
COMMENTS: 0 General 0 Inline
@@ -1543,9 +1543,18
1543 _perms = ('repository.admin',)
1543 _perms = ('repository.admin',)
1544 validate_repo_permissions(apiuser, repoid, repo, _perms)
1544 validate_repo_permissions(apiuser, repoid, repo, _perms)
1545
1545
1546 perm_additions = [[user.user_id, perm.permission_name, "user"]]
1546 try:
1547 try:
1548 changes = RepoModel().update_permissions(
1549 repo=repo, perm_additions=perm_additions, cur_user=apiuser)
1547
1550
1548 RepoModel().grant_user_permission(repo=repo, user=user, perm=perm)
1551 action_data = {
1552 'added': changes['added'],
1553 'updated': changes['updated'],
1554 'deleted': changes['deleted'],
1555 }
1556 audit_logger.store_api(
1557 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1549
1558
1550 Session().commit()
1559 Session().commit()
1551 return {
1560 return {
@@ -1555,8 +1564,7
1555 'success': True
1564 'success': True
1556 }
1565 }
1557 except Exception:
1566 except Exception:
1558 log.exception(
1567 log.exception("Exception occurred while trying edit permissions for repo")
1559 "Exception occurred while trying edit permissions for repo")
1560 raise JSONRPCError(
1568 raise JSONRPCError(
1561 'failed to edit permission for user: `%s` in repo: `%s`' % (
1569 'failed to edit permission for user: `%s` in repo: `%s`' % (
1562 userid, repoid
1570 userid, repoid
@@ -1597,8 +1605,19
1597 _perms = ('repository.admin',)
1605 _perms = ('repository.admin',)
1598 validate_repo_permissions(apiuser, repoid, repo, _perms)
1606 validate_repo_permissions(apiuser, repoid, repo, _perms)
1599
1607
1608 perm_deletions = [[user.user_id, None, "user"]]
1600 try:
1609 try:
1601 RepoModel().revoke_user_permission(repo=repo, user=user)
1610 changes = RepoModel().update_permissions(
1611 repo=repo, perm_deletions=perm_deletions, cur_user=user)
1612
1613 action_data = {
1614 'added': changes['added'],
1615 'updated': changes['updated'],
1616 'deleted': changes['deleted'],
1617 }
1618 audit_logger.store_api(
1619 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1620
1602 Session().commit()
1621 Session().commit()
1603 return {
1622 return {
1604 'msg': 'Revoked perm for user: `%s` in repo: `%s`' % (
1623 'msg': 'Revoked perm for user: `%s` in repo: `%s`' % (
@@ -1607,8 +1626,7
1607 'success': True
1626 'success': True
1608 }
1627 }
1609 except Exception:
1628 except Exception:
1610 log.exception(
1629 log.exception("Exception occurred while trying revoke permissions to repo")
1611 "Exception occurred while trying revoke permissions to repo")
1612 raise JSONRPCError(
1630 raise JSONRPCError(
1613 'failed to edit permission for user: `%s` in repo: `%s`' % (
1631 'failed to edit permission for user: `%s` in repo: `%s`' % (
1614 userid, repoid
1632 userid, repoid
@@ -1674,9 +1692,17
1674 raise JSONRPCError(
1692 raise JSONRPCError(
1675 'user group `%s` does not exist' % (usergroupid,))
1693 'user group `%s` does not exist' % (usergroupid,))
1676
1694
1695 perm_additions = [[user_group.users_group_id, perm.permission_name, "user_group"]]
1677 try:
1696 try:
1678 RepoModel().grant_user_group_permission(
1697 changes = RepoModel().update_permissions(
1679 repo=repo, group_name=user_group, perm=perm)
1698 repo=repo, perm_additions=perm_additions, cur_user=apiuser)
1699 action_data = {
1700 'added': changes['added'],
1701 'updated': changes['updated'],
1702 'deleted': changes['deleted'],
1703 }
1704 audit_logger.store_api(
1705 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1680
1706
1681 Session().commit()
1707 Session().commit()
1682 return {
1708 return {
@@ -1739,9 +1765,17
1739 raise JSONRPCError(
1765 raise JSONRPCError(
1740 'user group `%s` does not exist' % (usergroupid,))
1766 'user group `%s` does not exist' % (usergroupid,))
1741
1767
1768 perm_deletions = [[user_group.users_group_id, None, "user_group"]]
1742 try:
1769 try:
1743 RepoModel().revoke_user_group_permission(
1770 changes = RepoModel().update_permissions(
1744 repo=repo, group_name=user_group)
1771 repo=repo, perm_deletions=perm_deletions, cur_user=apiuser)
1772 action_data = {
1773 'added': changes['added'],
1774 'updated': changes['updated'],
1775 'deleted': changes['deleted'],
1776 }
1777 audit_logger.store_api(
1778 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1745
1779
1746 Session().commit()
1780 Session().commit()
1747 return {
1781 return {
@@ -453,10 +453,19
453
453
454 perm_additions = [[user.user_id, perm.permission_name, "user"]]
454 perm_additions = [[user.user_id, perm.permission_name, "user"]]
455 try:
455 try:
456 RepoGroupModel().update_permissions(repo_group=repo_group,
456 changes = RepoGroupModel().update_permissions(
457 perm_additions=perm_additions,
457 repo_group=repo_group, perm_additions=perm_additions,
458 recursive=apply_to_children,
458 recursive=apply_to_children, cur_user=apiuser)
459 cur_user=apiuser)
459
460 action_data = {
461 'added': changes['added'],
462 'updated': changes['updated'],
463 'deleted': changes['deleted'],
464 }
465 audit_logger.store_api(
466 'repo_group.edit.permissions', action_data=action_data,
467 user=apiuser)
468
460 Session().commit()
469 Session().commit()
461 return {
470 return {
462 'msg': 'Granted perm: `%s` (recursive:%s) for user: '
471 'msg': 'Granted perm: `%s` (recursive:%s) for user: '
@@ -527,10 +536,19
527
536
528 perm_deletions = [[user.user_id, None, "user"]]
537 perm_deletions = [[user.user_id, None, "user"]]
529 try:
538 try:
530 RepoGroupModel().update_permissions(repo_group=repo_group,
539 changes = RepoGroupModel().update_permissions(
531 perm_deletions=perm_deletions,
540 repo_group=repo_group, perm_deletions=perm_deletions,
532 recursive=apply_to_children,
541 recursive=apply_to_children, cur_user=apiuser)
533 cur_user=apiuser)
542
543 action_data = {
544 'added': changes['added'],
545 'updated': changes['updated'],
546 'deleted': changes['deleted'],
547 }
548 audit_logger.store_api(
549 'repo_group.edit.permissions', action_data=action_data,
550 user=apiuser)
551
534 Session().commit()
552 Session().commit()
535 return {
553 return {
536 'msg': 'Revoked perm (recursive:%s) for user: '
554 'msg': 'Revoked perm (recursive:%s) for user: '
@@ -611,10 +629,19
611
629
612 perm_additions = [[user_group.users_group_id, perm.permission_name, "user_group"]]
630 perm_additions = [[user_group.users_group_id, perm.permission_name, "user_group"]]
613 try:
631 try:
614 RepoGroupModel().update_permissions(repo_group=repo_group,
632 changes = RepoGroupModel().update_permissions(
615 perm_additions=perm_additions,
633 repo_group=repo_group, perm_additions=perm_additions,
616 recursive=apply_to_children,
634 recursive=apply_to_children, cur_user=apiuser)
617 cur_user=apiuser)
635
636 action_data = {
637 'added': changes['added'],
638 'updated': changes['updated'],
639 'deleted': changes['deleted'],
640 }
641 audit_logger.store_api(
642 'repo_group.edit.permissions', action_data=action_data,
643 user=apiuser)
644
618 Session().commit()
645 Session().commit()
619 return {
646 return {
620 'msg': 'Granted perm: `%s` (recursive:%s) '
647 'msg': 'Granted perm: `%s` (recursive:%s) '
@@ -694,10 +721,19
694
721
695 perm_deletions = [[user_group.users_group_id, None, "user_group"]]
722 perm_deletions = [[user_group.users_group_id, None, "user_group"]]
696 try:
723 try:
697 RepoGroupModel().update_permissions(repo_group=repo_group,
724 changes = RepoGroupModel().update_permissions(
698 perm_deletions=perm_deletions,
725 repo_group=repo_group, perm_deletions=perm_deletions,
699 recursive=apply_to_children,
726 recursive=apply_to_children, cur_user=apiuser)
700 cur_user=apiuser)
727
728 action_data = {
729 'added': changes['added'],
730 'updated': changes['updated'],
731 'deleted': changes['deleted'],
732 }
733 audit_logger.store_api(
734 'repo_group.edit.permissions', action_data=action_data,
735 user=apiuser)
736
701 Session().commit()
737 Session().commit()
702 return {
738 return {
703 'msg': 'Revoked perm (recursive:%s) for user group: '
739 'msg': 'Revoked perm (recursive:%s) for user group: '
@@ -716,4 +752,3
716 user_group.users_group_name, repo_group.name
752 user_group.users_group_name, repo_group.name
717 )
753 )
718 )
754 )
719
Comments 0
You need to be logged in to leave comments. Login now