Fix rendering failure of Audit Event

When audit event is recorded via Project Releases API, the audit event is not written in the correct structure (i.e. with a redundant `action: :custom` entry in the details hash). This change to ensure: - To extract the right action value on read - To drop redundant action information on write

Fix rendering failure of Audit Event
When audit event is recorded via Project Releases API, the audit event is not written in the correct structure (i.e. with a redundant `action: :custom` entry in the details hash). This change to ensure: - To extract the right action value on read - To drop redundant action information on write
2d48aeac · Tan Le · 8c7f358a · 2d48aeac · 2d48aeac · 2d48aeac
Commit 2d48aeac authored Apr 06, 2020 by Tan Le
5 changed files
--- a/ee/app/services/ee/audit_events/release_audit_event_service.rb
+++ b/ee/app/services/ee/audit_events/release_audit_event_service.rb
@@ -9,7 +9,6 @@ module EE
        @release = release

        super(author, entity, {
-          action: :custom,
          custom_message: message,
          ip_address: ip_address,
          target_id: release.id,

--- a/ee/changelogs/unreleased/security-admin-audit-log-dos.yml
+++ b/ee/changelogs/unreleased/security-admin-audit-log-dos.yml
+---
+title: Fix rendering failure of Audit Event generated by Releases API
+merge_request:
+author:
+type: security
--- a/ee/lib/audit/details.rb
+++ b/ee/lib/audit/details.rb
@@ -29,9 +29,9 @@ module Audit
    end

    def action_text
-      action = @details.slice(*ACTIONS)
+      action_name, action_info = @details.slice(*ACTIONS).first

-      case action.each_key.first
+      case action_name
      when :add
        "Added #{target_name}#{@details[:as] ? " as #{@details[:as]}" : ''}"
      when :remove
@@ -45,7 +45,7 @@ module Audit

        "Updated ref #{target_ref} from #{from_sha} to #{to_sha}"
      when :custom_message
-        detail_value
+        action_info
      else
        text_for_change(target_name)
      end

--- a/ee/spec/features/admin/admin_audit_logs_spec.rb
+++ b/ee/spec/features/admin/admin_audit_logs_spec.rb
@@ -36,6 +36,21 @@ describe 'Admin::AuditLogs', :js do
      expect(page).to have_link('Audit Log', href: admin_audit_logs_path)
    end

+    describe 'release created events' do
+      let(:project) { create(:project) }
+      let(:release) { create(:release, project: project, tag: 'v0.1', author: user) }
+
+      before do
+        EE::AuditEvents::ReleaseCreatedAuditEventService.new(user, project, '127.0.0.1', release).security_event
+      end
+
+      it 'shows the related audit event' do
+        visit admin_audit_logs_path
+
+        expect(page).to have_content('Created Release')
+      end
+    end
+
    describe 'user events' do
      before do
        AuditEventService.new(user, user, with: :ldap)

--- a/ee/spec/support/shared_examples/services/audit_event_logging_shared_examples.rb
+++ b/ee/spec/support/shared_examples/services/audit_event_logging_shared_examples.rb
@@ -89,7 +89,6 @@ RSpec.shared_examples 'logs the release audit event' do
    expect(logger).to receive(:info).with(author_id: user.id,
                                          entity_id: entity.id,
                                          entity_type: entity_type,
-                                          action: :custom,
                                          ip_address: ip_address,
                                          custom_message: custom_message,
                                          target_details: target_details,
@@ -102,7 +101,6 @@ RSpec.shared_examples 'logs the release audit event' do

    expect(security_event.details).to eq(custom_message: custom_message,
                                         ip_address: ip_address,
-                                         action: :custom,
                                         target_details: target_details,
                                         target_id: target_id,
                                         target_type: target_type)