Add release creation audit logs

2024-11-09 17:13:45 +01:00 · 2021-01-30 17:10:38 +00:00 · 2021-01-30 17:10:38 +00:00 · b22ef5ae83
commit b22ef5ae83
parent 8d6661511a
6 changed files with 33 additions and 11 deletions
--- a/app/blueprints/api/support.py
+++ b/app/blueprints/api/support.py
@ -1,15 +1,18 @@
-from app.models import PackageRelease, db, Permission
-from app.tasks.importtasks import makeVCSRelease
+import datetime
+
 from celery import uuid
 from flask import jsonify, abort, make_response, url_for
-import datetime
+
+from app.models import PackageRelease, db, Permission
+from app.tasks.importtasks import makeVCSRelease
+from app.utils import AuditSeverity, addAuditLog


 def error(status, message):
 	abort(make_response(jsonify({ "success": False, "error": message }), status))


-def handleCreateRelease(token, package, title, ref):
+def handleCreateRelease(token, package, title, ref, reason="API"):
 	if not token.canOperateOnPackage(package):
 		return error(403, "API token does not have access to the package")

@ -29,6 +32,10 @@ def handleCreateRelease(token, package, title, ref):
 	rel.min_rel = None
 	rel.max_rel = None
 	db.session.add(rel)
+
+	msg = "Created release {} ({})".format(rel.title, reason)
+	addAuditLog(AuditSeverity.NORMAL, token.owner, msg, package.getDetailsURL(), package)
+
 	db.session.commit()

 	makeVCSRelease.apply_async((rel.id, ref), task_id=rel.task_id)
--- a/app/blueprints/github/init.py
+++ b/app/blueprints/github/init.py
@ -146,4 +146,4 @@ def webhook():
 	# Perform release
 	#

-	return handleCreateRelease(actual_token, package, title, ref)
+	return handleCreateRelease(actual_token, package, title, ref, reason="Webhook")
--- a/app/blueprints/gitlab/init.py
+++ b/app/blueprints/gitlab/init.py
@ -63,7 +63,7 @@ def webhook_impl():
 	# Perform release
 	#

-	return handleCreateRelease(token, package, title, ref)
+	return handleCreateRelease(token, package, title, ref, reason="Webhook")


@bp.route("/gitlab/webhook/", methods=["POST"])
--- a/app/blueprints/packages/releases.py
+++ b/app/blueprints/packages/releases.py
@ -93,8 +93,9 @@ def create_release(package):

 			makeVCSRelease.apply_async((rel.id, nonEmptyOrNone(form.vcsLabel.data)), task_id=rel.task_id)

-			msg = "Release {} created".format(rel.title)
+			msg = "Created release {}".format(rel.title)
 			addNotification(package.maintainers, current_user, NotificationType.PACKAGE_EDIT, msg, rel.getEditURL(), package)
+			addAuditLog(AuditSeverity.NORMAL, current_user, msg, package.getDetailsURL(), package)
 			db.session.commit()

 			return redirect(url_for("tasks.check", id=rel.task_id, r=rel.getEditURL()))
@ -113,8 +114,11 @@ def create_release(package):

 				checkZipRelease.apply_async((rel.id, uploadedPath), task_id=rel.task_id)

-				msg = "Release {} created".format(rel.title)
-				addNotification(package.maintainers, current_user, NotificationType.PACKAGE_EDIT, msg, rel.getEditURL(), package)
+				msg = "Created release {}".format(rel.title)
+				addNotification(package.maintainers, current_user, NotificationType.PACKAGE_EDIT,
+						msg, rel.getEditURL(), package)
+				addAuditLog(AuditSeverity.NORMAL, current_user, msg, package.getDetailsURL(),
+						package)
 				db.session.commit()

 				return redirect(url_for("tasks.check", id=rel.task_id, r=rel.getEditURL()))
--- a/app/tasks/importtasks.py
+++ b/app/tasks/importtasks.py
@ -27,7 +27,7 @@ from kombu import uuid

 from app.models import *
 from app.tasks import celery, TaskError
-from app.utils import randomString, getExtension, post_bot_message, addSystemNotification
+from app.utils import randomString, getExtension, post_bot_message, addSystemNotification, addSystemAuditLog
 from .minetestcheck import build_tree, MinetestCheckError, ContentType


@ -345,6 +345,10 @@ def check_update_config_impl(package):
 		rel.url = ""
 		rel.task_id = uuid()
 		db.session.add(rel)
+
+		msg = "Created release {} (Git Update Config)".format(rel.title)
+		addSystemAuditLog(AuditSeverity.NORMAL, msg, package.getDetailsURL(), package)
+
 		db.session.commit()

 		makeVCSRelease.apply_async((rel.id, commit), task_id=rel.task_id)
--- a/app/utils.py
+++ b/app/utils.py
@ -228,7 +228,7 @@ def addNotification(target, causer: User, type: NotificationType, title: str, ur
 		db.session.add(notif)


-def addAuditLog(severity, causer, title, url, package=None, description=None):
+def addAuditLog(severity: AuditSeverity, causer: User, title: str, url: str, package : Package =None, description : str =None):
 	entry = AuditLogEntry(causer, severity, title, url, package, description)
 	db.session.add(entry)

@ -262,6 +262,13 @@ def addSystemNotification(target, type: NotificationType, title: str, url: str,
 	return addNotification(target, system_user, type, title, url, package)


+def addSystemAuditLog(severity: AuditSeverity, title: str, url: str, package=None, description=None):
+	system_user = User.query.filter_by(username="ContentDB").first()
+	assert system_user
+
+	return addAuditLog(severity, system_user, title, url, package, description)
+
+
 def post_bot_message(package: Package, title: str, message: str):
 	system_user = User.query.filter_by(username="ContentDB").first()
 	assert system_user