##// END OF EJS Templates
audit-logs: added audit-logs on user actions....
marcink -
r1801:c1a16410 default
parent child Browse files
Show More
@@ -31,15 +31,17 b' from pylons.controllers.util import redi'
31 31 from pylons.i18n.translation import _
32 32
33 33 from rhodecode.authentication.plugins import auth_rhodecode
34
35 from rhodecode.lib import helpers as h
36 from rhodecode.lib import auth
37 from rhodecode.lib import audit_logger
38 from rhodecode.lib.auth import (
39 LoginRequired, HasPermissionAllDecorator, AuthUser)
40 from rhodecode.lib.base import BaseController, render
34 41 from rhodecode.lib.exceptions import (
35 42 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
36 43 UserOwnsUserGroupsException, UserCreationError)
37 from rhodecode.lib import helpers as h
38 from rhodecode.lib import auth
39 from rhodecode.lib.auth import (
40 LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token)
41 from rhodecode.lib.base import BaseController, render
42 from rhodecode.model.auth_token import AuthTokenModel
44 from rhodecode.lib.utils2 import safe_int, AttributeDict
43 45
44 46 from rhodecode.model.db import (
45 47 PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)
@@ -49,8 +51,6 b' from rhodecode.model.repo_group import R'
49 51 from rhodecode.model.user import UserModel
50 52 from rhodecode.model.meta import Session
51 53 from rhodecode.model.permission import PermissionModel
52 from rhodecode.lib.utils import action_logger
53 from rhodecode.lib.utils2 import datetime_to_time, safe_int, AttributeDict
54 54
55 55 log = logging.getLogger(__name__)
56 56
@@ -88,7 +88,6 b' class UsersController(BaseController):'
88 88 @HasPermissionAllDecorator('hg.admin')
89 89 @auth.CSRFRequired()
90 90 def create(self):
91 """POST /users: Create a new item"""
92 91 c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
93 92 user_model = UserModel()
94 93 user_form = UserForm()()
@@ -96,9 +95,12 b' class UsersController(BaseController):'
96 95 form_result = user_form.to_python(dict(request.POST))
97 96 user = user_model.create(form_result)
98 97 Session().flush()
98 creation_data = user.get_api_data()
99 99 username = form_result['username']
100 action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,
101 None, self.ip_addr, self.sa)
100
101 audit_logger.store_web(
102 'user.create', action_data={'data': creation_data},
103 user=c.rhodecode_user)
102 104
103 105 user_link = h.link_to(h.escape(username),
104 106 url('edit_user',
@@ -125,8 +127,6 b' class UsersController(BaseController):'
125 127
126 128 @HasPermissionAllDecorator('hg.admin')
127 129 def new(self):
128 """GET /users/new: Form to create a new item"""
129 # url('new_user')
130 130 c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
131 131 self._get_personal_repo_group_template_vars()
132 132 return render('admin/users/user_add.mako')
@@ -134,13 +134,7 b' class UsersController(BaseController):'
134 134 @HasPermissionAllDecorator('hg.admin')
135 135 @auth.CSRFRequired()
136 136 def update(self, user_id):
137 """PUT /users/user_id: Update an existing item"""
138 # Forms posted to this method should contain a hidden field:
139 # <input type="hidden" name="_method" value="PUT" />
140 # Or using helpers:
141 # h.form(url('update_user', user_id=ID),
142 # method='put')
143 # url('user', user_id=ID)
137
144 138 user_id = safe_int(user_id)
145 139 c.user = User.get_or_404(user_id)
146 140 c.active = 'profile'
@@ -152,6 +146,7 b' class UsersController(BaseController):'
152 146 old_data={'user_id': user_id,
153 147 'email': c.user.email})()
154 148 form_result = {}
149 old_values = c.user.get_api_data()
155 150 try:
156 151 form_result = _form.to_python(dict(request.POST))
157 152 skip_attrs = ['extern_type', 'extern_name']
@@ -160,12 +155,15 b' class UsersController(BaseController):'
160 155 # forbid updating username for external accounts
161 156 skip_attrs.append('username')
162 157
163 UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result)
164 usr = form_result['username']
165 action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr,
166 None, self.ip_addr, self.sa)
158 UserModel().update_user(
159 user_id, skip_attrs=skip_attrs, **form_result)
160
161 audit_logger.store_web(
162 'user.edit', action_data={'old_data': old_values},
163 user=c.rhodecode_user)
164
165 Session().commit()
167 166 h.flash(_('User updated successfully'), category='success')
168 Session().commit()
169 167 except formencode.Invalid as errors:
170 168 defaults = errors.value
171 169 e = errors.error_dict or {}
@@ -188,13 +186,6 b' class UsersController(BaseController):'
188 186 @HasPermissionAllDecorator('hg.admin')
189 187 @auth.CSRFRequired()
190 188 def delete(self, user_id):
191 """DELETE /users/user_id: Delete an existing item"""
192 # Forms posted to this method should contain a hidden field:
193 # <input type="hidden" name="_method" value="DELETE" />
194 # Or using helpers:
195 # h.form(url('delete_user', user_id=ID),
196 # method='delete')
197 # url('user', user_id=ID)
198 189 user_id = safe_int(user_id)
199 190 c.user = User.get_or_404(user_id)
200 191
@@ -249,10 +240,16 b' class UsersController(BaseController):'
249 240 _('Deleted %s user groups') % len(_user_groups),
250 241 category='success')
251 242
243 old_values = c.user.get_api_data()
252 244 try:
253 245 UserModel().delete(c.user, handle_repos=handle_repos,
254 246 handle_repo_groups=handle_repo_groups,
255 247 handle_user_groups=handle_user_groups)
248
249 audit_logger.store_web(
250 'user.delete', action_data={'old_data': old_values},
251 user=c.rhodecode_user)
252
256 253 Session().commit()
257 254 set_handle_flash_repos()
258 255 set_handle_flash_repo_groups()
@@ -272,19 +269,25 b' class UsersController(BaseController):'
272 269 def reset_password(self, user_id):
273 270 """
274 271 toggle reset password flag for this user
275
276 :param user_id:
277 272 """
278 273 user_id = safe_int(user_id)
279 274 c.user = User.get_or_404(user_id)
280 275 try:
281 276 old_value = c.user.user_data.get('force_password_change')
282 277 c.user.update_userdata(force_password_change=not old_value)
283 Session().commit()
278
284 279 if old_value:
285 280 msg = _('Force password change disabled for user')
281 audit_logger.store_web(
282 'user.edit.password_reset.disabled',
283 user=c.rhodecode_user)
286 284 else:
287 285 msg = _('Force password change enabled for user')
286 audit_logger.store_web(
287 'user.edit.password_reset.enabled',
288 user=c.rhodecode_user)
289
290 Session().commit()
288 291 h.flash(msg, category='success')
289 292 except Exception:
290 293 log.exception("Exception during password reset for user")
@@ -298,8 +301,6 b' class UsersController(BaseController):'
298 301 def create_personal_repo_group(self, user_id):
299 302 """
300 303 Create personal repository group for this user
301
302 :param user_id:
303 304 """
304 305 from rhodecode.model.repo_group import RepoGroupModel
305 306
@@ -428,8 +429,6 b' class UsersController(BaseController):'
428 429 @HasPermissionAllDecorator('hg.admin')
429 430 @auth.CSRFRequired()
430 431 def update_global_perms(self, user_id):
431 """PUT /users_perm/user_id: Update an existing item"""
432 # url('user_perm', user_id=ID, method='put')
433 432 user_id = safe_int(user_id)
434 433 user = User.get_or_404(user_id)
435 434 c.active = 'global_perms'
@@ -456,11 +455,13 b' class UsersController(BaseController):'
456 455
457 456 PermissionModel().update_user_permissions(form_result)
458 457
458 # TODO(marcink): implement global permissions
459 # audit_log.store_web('user.edit.permissions')
460
459 461 Session().commit()
460 462 h.flash(_('User global permissions updated successfully'),
461 463 category='success')
462 464
463 Session().commit()
464 465 except formencode.Invalid as errors:
465 466 defaults = errors.value
466 467 c.user = user
@@ -512,16 +513,18 b' class UsersController(BaseController):'
512 513 @HasPermissionAllDecorator('hg.admin')
513 514 @auth.CSRFRequired()
514 515 def add_email(self, user_id):
515 """POST /user_emails:Add an existing item"""
516 # url('user_emails', user_id=ID, method='put')
517 516 user_id = safe_int(user_id)
518 517 c.user = User.get_or_404(user_id)
519 518
520 519 email = request.POST.get('new_email')
521 520 user_model = UserModel()
522
521 user_data = c.user.get_api_data()
523 522 try:
524 523 user_model.add_extra_email(user_id, email)
524 audit_logger.store_web(
525 'user.edit.email.add',
526 action_data={'email': email, 'user': user_data},
527 user=c.rhodecode_user)
525 528 Session().commit()
526 529 h.flash(_("Added new email address `%s` for user account") % email,
527 530 category='success')
@@ -537,13 +540,18 b' class UsersController(BaseController):'
537 540 @HasPermissionAllDecorator('hg.admin')
538 541 @auth.CSRFRequired()
539 542 def delete_email(self, user_id):
540 """DELETE /user_emails_delete/user_id: Delete an existing item"""
541 # url('user_emails_delete', user_id=ID, method='delete')
542 543 user_id = safe_int(user_id)
543 544 c.user = User.get_or_404(user_id)
544 545 email_id = request.POST.get('del_email_id')
545 546 user_model = UserModel()
547
548 email = UserEmailMap.query().get(email_id).email
549 user_data = c.user.get_api_data()
546 550 user_model.delete_extra_email(user_id, email_id)
551 audit_logger.store_web(
552 'user.edit.email.delete',
553 action_data={'email': email, 'user': user_data},
554 user=c.rhodecode_user)
547 555 Session().commit()
548 556 h.flash(_("Removed email address from user account"), category='success')
549 557 return redirect(url('edit_user_emails', user_id=user_id))
@@ -574,9 +582,6 b' class UsersController(BaseController):'
574 582 @HasPermissionAllDecorator('hg.admin')
575 583 @auth.CSRFRequired()
576 584 def add_ip(self, user_id):
577 """POST /user_ips:Add an existing item"""
578 # url('user_ips', user_id=ID, method='put')
579
580 585 user_id = safe_int(user_id)
581 586 c.user = User.get_or_404(user_id)
582 587 user_model = UserModel()
@@ -590,9 +595,14 b' class UsersController(BaseController):'
590 595
591 596 desc = request.POST.get('description')
592 597 added = []
598 user_data = c.user.get_api_data()
593 599 for ip in ip_list:
594 600 try:
595 601 user_model.add_extra_ip(user_id, ip, desc)
602 audit_logger.store_web(
603 'user.edit.ip.add',
604 action_data={'ip': ip, 'user': user_data},
605 user=c.rhodecode_user)
596 606 Session().commit()
597 607 added.append(ip)
598 608 except formencode.Invalid as error:
@@ -613,14 +623,18 b' class UsersController(BaseController):'
613 623 @HasPermissionAllDecorator('hg.admin')
614 624 @auth.CSRFRequired()
615 625 def delete_ip(self, user_id):
616 """DELETE /user_ips_delete/user_id: Delete an existing item"""
617 # url('user_ips_delete', user_id=ID, method='delete')
618 626 user_id = safe_int(user_id)
619 627 c.user = User.get_or_404(user_id)
620 628
621 629 ip_id = request.POST.get('del_ip_id')
622 630 user_model = UserModel()
631 ip = UserIpMap.query().get(ip_id).ip_addr
632 user_data = c.user.get_api_data()
623 633 user_model.delete_extra_ip(user_id, ip_id)
634 audit_logger.store_web(
635 'user.edit.ip.delete',
636 action_data={'ip': ip, 'user': user_data},
637 user=c.rhodecode_user)
624 638 Session().commit()
625 639 h.flash(_("Removed ip address from user whitelist"), category='success')
626 640
@@ -27,7 +27,7 b' from rhodecode.model.db import User, Use'
27 27
28 28 log = logging.getLogger(__name__)
29 29
30
30 # action as key, and expected action_data as value
31 31 ACTIONS = {
32 32 'user.login.success': {},
33 33 'user.login.failure': {},
@@ -38,6 +38,19 b' ACTIONS = {'
38 38
39 39 'repo.create': {},
40 40 'repo.edit': {},
41 'user.create': {'data': {}},
42 'user.delete': {'old_data': {}},
43 'user.edit': {'old_data': {}},
44 'user.edit.permissions': {},
45 'user.edit.ip.add': {},
46 'user.edit.ip.delete': {},
47 'user.edit.token.add': {},
48 'user.edit.token.delete': {},
49 'user.edit.email.add': {},
50 'user.edit.email.delete': {},
51 'user.edit.password_reset.enabled': {},
52 'user.edit.password_reset.disabled': {},
53
41 54 'repo.edit.permissions': {},
42 55 'repo.delete': {},
43 56 'repo.commit.strip': {},
@@ -117,8 +130,7 b' def store_api(*args, **kwargs):'
117 130 return store(*args, **kwargs)
118 131
119 132
120 def store(
121 action, user, action_data=None, user_data=None, ip_addr=None,
133 def store(action, user, action_data=None, user_data=None, ip_addr=None,
122 134 repo=None, sa_session=None, commit=False):
123 135 """
124 136 Audit logger for various actions made by users, typically this
@@ -767,7 +767,7 b' class UserModel(BaseModel):'
767 767 """
768 768 user = self._get_user(user)
769 769 obj = UserEmailMap.query().get(email_id)
770 if obj:
770 if obj and obj.user_id == user.user_id:
771 771 self.sa.delete(obj)
772 772
773 773 def parse_ip_range(self, ip_range):
@@ -824,7 +824,7 b' class UserModel(BaseModel):'
824 824 """
825 825 user = self._get_user(user)
826 826 obj = UserIpMap.query().get(ip_id)
827 if obj:
827 if obj and obj.user_id == user.user_id:
828 828 self.sa.delete(obj)
829 829
830 830 def get_accounts_in_creation_order(self, current_user=None):
General Comments 0
You need to be logged in to leave comments. Login now