Commit 758eeeb9 authored by Peter Leitzen's avatar Peter Leitzen

Merge branch '276250-log-approved-members-in-audit-events' into 'master'

Generate audit event after new user is approved

See merge request gitlab-org/gitlab!47468
parents 149f3272 1cebbb36
...@@ -17,6 +17,7 @@ module Users ...@@ -17,6 +17,7 @@ module Users
user.accept_pending_invitations! if user.active_for_authentication? user.accept_pending_invitations! if user.active_for_authentication?
DeviseMailer.user_admin_approval(user).deliver_later DeviseMailer.user_admin_approval(user).deliver_later
after_approve_hook(user)
success success
else else
error(user.errors.full_messages.uniq.join('. ')) error(user.errors.full_messages.uniq.join('. '))
...@@ -27,6 +28,10 @@ module Users ...@@ -27,6 +28,10 @@ module Users
attr_reader :current_user attr_reader :current_user
def after_approve_hook(user)
# overridden by EE module
end
def allowed? def allowed?
can?(current_user, :approve_user) can?(current_user, :approve_user)
end end
...@@ -36,3 +41,5 @@ module Users ...@@ -36,3 +41,5 @@ module Users
end end
end end
end end
Users::ApproveService.prepend_if_ee('EE::Users::ApproveService')
...@@ -99,6 +99,7 @@ From there, you can see the following actions: ...@@ -99,6 +99,7 @@ From there, you can see the following actions:
- Number of required approvals was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7531) in GitLab 12.9) - Number of required approvals was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7531) in GitLab 12.9)
- Added or removed users and groups from project approval groups ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213603) in GitLab 13.2) - Added or removed users and groups from project approval groups ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213603) in GitLab 13.2)
- Project CI/CD variable added, removed, or protected status changed ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/30857) in GitLab 13.4) - Project CI/CD variable added, removed, or protected status changed ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/30857) in GitLab 13.4)
- User was approved via Admin Area ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276250) in GitLab 13.6)
Project events can also be accessed via the [Project Audit Events API](../api/audit_events.md#project-audit-events). Project events can also be accessed via the [Project Audit Events API](../api/audit_events.md#project-audit-events).
......
# frozen_string_literal: true
module EE
module Users
module ApproveService
extend ::Gitlab::Utils::Override
override :after_approve_hook
def after_approve_hook(user)
super
log_audit_event(user)
end
private
def log_audit_event(user)
::AuditEventService.new(
current_user,
user,
action: :custom,
custom_message: 'Approved user'
).for_user.security_event
end
end
end
end
---
title: Generate audit event after new user is approved
merge_request: 47468
author:
type: added
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Users::ApproveService do
let(:current_user) { create(:admin) }
subject(:service) { described_class.new(current_user) }
describe '#execute', :enable_admin_mode do
let(:user) { create(:user, :blocked_pending_approval) }
subject(:operation) { service.execute(user) }
describe 'audit events' do
context 'when licensed' do
before do
stub_licensed_features(admin_audit_log: true)
end
context 'when user approve operation succeeds' do
it 'logs an audit event' do
expect { operation }.to change { AuditEvent.count }.by(1)
end
it 'logs the audit event info' do
operation
expect(AuditEvent.last).to have_attributes(
details: hash_including(custom_message: 'Approved user')
)
end
end
context 'when user approve operation fails' do
before do
allow(user).to receive(:activate).and_return(false)
end
it 'does not log any audit event' do
expect { operation }.not_to change { AuditEvent.count }
end
end
end
context 'when not licensed' do
before do
stub_licensed_features(
admin_audit_log: false
)
end
it 'does not log any audit event' do
expect { operation }.not_to change(AuditEvent, :count)
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment