##// END OF EJS Templates
audit-logs: add audit logs for API permission calls....
marcink -
r3342:bb780a23 default
parent child Browse files
Show More
@@ -1543,9 +1543,18 b' def grant_user_permission(request, apius'
1543 1543 _perms = ('repository.admin',)
1544 1544 validate_repo_permissions(apiuser, repoid, repo, _perms)
1545 1545
1546 perm_additions = [[user.user_id, perm.permission_name, "user"]]
1546 1547 try:
1548 changes = RepoModel().update_permissions(
1549 repo=repo, perm_additions=perm_additions, cur_user=apiuser)
1547 1550
1548 RepoModel().grant_user_permission(repo=repo, user=user, perm=perm)
1551 action_data = {
1552 'added': changes['added'],
1553 'updated': changes['updated'],
1554 'deleted': changes['deleted'],
1555 }
1556 audit_logger.store_api(
1557 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1549 1558
1550 1559 Session().commit()
1551 1560 return {
@@ -1555,8 +1564,7 b' def grant_user_permission(request, apius'
1555 1564 'success': True
1556 1565 }
1557 1566 except Exception:
1558 log.exception(
1559 "Exception occurred while trying edit permissions for repo")
1567 log.exception("Exception occurred while trying edit permissions for repo")
1560 1568 raise JSONRPCError(
1561 1569 'failed to edit permission for user: `%s` in repo: `%s`' % (
1562 1570 userid, repoid
@@ -1597,8 +1605,19 b' def revoke_user_permission(request, apiu'
1597 1605 _perms = ('repository.admin',)
1598 1606 validate_repo_permissions(apiuser, repoid, repo, _perms)
1599 1607
1608 perm_deletions = [[user.user_id, None, "user"]]
1600 1609 try:
1601 RepoModel().revoke_user_permission(repo=repo, user=user)
1610 changes = RepoModel().update_permissions(
1611 repo=repo, perm_deletions=perm_deletions, cur_user=user)
1612
1613 action_data = {
1614 'added': changes['added'],
1615 'updated': changes['updated'],
1616 'deleted': changes['deleted'],
1617 }
1618 audit_logger.store_api(
1619 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1620
1602 1621 Session().commit()
1603 1622 return {
1604 1623 'msg': 'Revoked perm for user: `%s` in repo: `%s`' % (
@@ -1607,8 +1626,7 b' def revoke_user_permission(request, apiu'
1607 1626 'success': True
1608 1627 }
1609 1628 except Exception:
1610 log.exception(
1611 "Exception occurred while trying revoke permissions to repo")
1629 log.exception("Exception occurred while trying revoke permissions to repo")
1612 1630 raise JSONRPCError(
1613 1631 'failed to edit permission for user: `%s` in repo: `%s`' % (
1614 1632 userid, repoid
@@ -1674,9 +1692,17 b' def grant_user_group_permission(request,'
1674 1692 raise JSONRPCError(
1675 1693 'user group `%s` does not exist' % (usergroupid,))
1676 1694
1695 perm_additions = [[user_group.users_group_id, perm.permission_name, "user_group"]]
1677 1696 try:
1678 RepoModel().grant_user_group_permission(
1679 repo=repo, group_name=user_group, perm=perm)
1697 changes = RepoModel().update_permissions(
1698 repo=repo, perm_additions=perm_additions, cur_user=apiuser)
1699 action_data = {
1700 'added': changes['added'],
1701 'updated': changes['updated'],
1702 'deleted': changes['deleted'],
1703 }
1704 audit_logger.store_api(
1705 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1680 1706
1681 1707 Session().commit()
1682 1708 return {
@@ -1739,9 +1765,17 b' def revoke_user_group_permission(request'
1739 1765 raise JSONRPCError(
1740 1766 'user group `%s` does not exist' % (usergroupid,))
1741 1767
1768 perm_deletions = [[user_group.users_group_id, None, "user_group"]]
1742 1769 try:
1743 RepoModel().revoke_user_group_permission(
1744 repo=repo, group_name=user_group)
1770 changes = RepoModel().update_permissions(
1771 repo=repo, perm_deletions=perm_deletions, cur_user=apiuser)
1772 action_data = {
1773 'added': changes['added'],
1774 'updated': changes['updated'],
1775 'deleted': changes['deleted'],
1776 }
1777 audit_logger.store_api(
1778 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1745 1779
1746 1780 Session().commit()
1747 1781 return {
@@ -453,10 +453,19 b' def grant_user_permission_to_repo_group('
453 453
454 454 perm_additions = [[user.user_id, perm.permission_name, "user"]]
455 455 try:
456 RepoGroupModel().update_permissions(repo_group=repo_group,
457 perm_additions=perm_additions,
458 recursive=apply_to_children,
459 cur_user=apiuser)
456 changes = RepoGroupModel().update_permissions(
457 repo_group=repo_group, perm_additions=perm_additions,
458 recursive=apply_to_children, cur_user=apiuser)
459
460 action_data = {
461 'added': changes['added'],
462 'updated': changes['updated'],
463 'deleted': changes['deleted'],
464 }
465 audit_logger.store_api(
466 'repo_group.edit.permissions', action_data=action_data,
467 user=apiuser)
468
460 469 Session().commit()
461 470 return {
462 471 'msg': 'Granted perm: `%s` (recursive:%s) for user: '
@@ -527,10 +536,19 b' def revoke_user_permission_from_repo_gro'
527 536
528 537 perm_deletions = [[user.user_id, None, "user"]]
529 538 try:
530 RepoGroupModel().update_permissions(repo_group=repo_group,
531 perm_deletions=perm_deletions,
532 recursive=apply_to_children,
533 cur_user=apiuser)
539 changes = RepoGroupModel().update_permissions(
540 repo_group=repo_group, perm_deletions=perm_deletions,
541 recursive=apply_to_children, cur_user=apiuser)
542
543 action_data = {
544 'added': changes['added'],
545 'updated': changes['updated'],
546 'deleted': changes['deleted'],
547 }
548 audit_logger.store_api(
549 'repo_group.edit.permissions', action_data=action_data,
550 user=apiuser)
551
534 552 Session().commit()
535 553 return {
536 554 'msg': 'Revoked perm (recursive:%s) for user: '
@@ -611,10 +629,19 b' def grant_user_group_permission_to_repo_'
611 629
612 630 perm_additions = [[user_group.users_group_id, perm.permission_name, "user_group"]]
613 631 try:
614 RepoGroupModel().update_permissions(repo_group=repo_group,
615 perm_additions=perm_additions,
616 recursive=apply_to_children,
617 cur_user=apiuser)
632 changes = RepoGroupModel().update_permissions(
633 repo_group=repo_group, perm_additions=perm_additions,
634 recursive=apply_to_children, cur_user=apiuser)
635
636 action_data = {
637 'added': changes['added'],
638 'updated': changes['updated'],
639 'deleted': changes['deleted'],
640 }
641 audit_logger.store_api(
642 'repo_group.edit.permissions', action_data=action_data,
643 user=apiuser)
644
618 645 Session().commit()
619 646 return {
620 647 'msg': 'Granted perm: `%s` (recursive:%s) '
@@ -694,10 +721,19 b' def revoke_user_group_permission_from_re'
694 721
695 722 perm_deletions = [[user_group.users_group_id, None, "user_group"]]
696 723 try:
697 RepoGroupModel().update_permissions(repo_group=repo_group,
698 perm_deletions=perm_deletions,
699 recursive=apply_to_children,
700 cur_user=apiuser)
724 changes = RepoGroupModel().update_permissions(
725 repo_group=repo_group, perm_deletions=perm_deletions,
726 recursive=apply_to_children, cur_user=apiuser)
727
728 action_data = {
729 'added': changes['added'],
730 'updated': changes['updated'],
731 'deleted': changes['deleted'],
732 }
733 audit_logger.store_api(
734 'repo_group.edit.permissions', action_data=action_data,
735 user=apiuser)
736
701 737 Session().commit()
702 738 return {
703 739 'msg': 'Revoked perm (recursive:%s) for user group: '
@@ -716,4 +752,3 b' def revoke_user_group_permission_from_re'
716 752 user_group.users_group_name, repo_group.name
717 753 )
718 754 )
719
General Comments 0
You need to be logged in to leave comments. Login now