Commit a861b699 authored by Vladimir Shushlin's avatar Vladimir Shushlin

Allow AuditEventHelper to print custom_messages

* Add special case for :custom_message
* Sanitize audit event's actions
parent 270b54e9
......@@ -2,6 +2,9 @@
module AuditEventsHelper
def human_text(details)
# replace '_' with " " to achive identical behavior with Audit::Details
return details[:custom_message].tr('_', ' ') if details[:custom_message]
details.map { |key, value| select_keys(key, value) }.join(" ").humanize
end
......
......@@ -49,7 +49,7 @@
= object_link
- else
#{event.details[:entity_path]} <small>(removed)</small>
%td= event.action
%td= sanitize(event.action, tags: %w(strong))
%td= event.target
%td= event.ip_address
%td= event.date
......
......@@ -16,7 +16,7 @@
- else
(removed)
%td
%span= raw human_text(event.details)
%span= sanitize(human_text(event.details), tags: %w(strong))
%td= event.details[:target_details]
%td= event.created_at
= paginate events, theme: "gitlab"
......@@ -83,9 +83,10 @@ describe 'Admin::AuditLogs', :js do
describe 'project events' do
let(:project_member) { create(:project_member, user: user) }
let(:project) { project_member.project }
before do
AuditEventService.new(user, project_member.project, { action: :destroy })
AuditEventService.new(user, project, { action: :destroy })
.for_member(project_member).security_event
visit admin_audit_logs_path
......@@ -102,6 +103,10 @@ describe 'Admin::AuditLogs', :js do
expect(page).to have_content('Removed user access')
end
it_behaves_like 'audit event contains custom message' do
let(:audit_events_url) { admin_audit_logs_path }
end
end
end
......
......@@ -114,4 +114,8 @@ describe 'Projects > Audit Events', :js do
end
end
end
it_behaves_like 'audit event contains custom message' do
let(:audit_events_url) { project_audit_events_path(project) }
end
end
......@@ -4,7 +4,6 @@ describe AuditEventsHelper do
describe '#human_text' do
let(:details) do
{
remove: 'user_access',
author_name: 'John Doe',
target_id: 1,
target_type: 'User',
......@@ -12,8 +11,32 @@ describe AuditEventsHelper do
}
end
it 'ignores keys that start with start with author_, or target_' do
expect(human_text(details)).to eq 'Remove <strong>user access</strong> '
subject { human_text(details) }
context 'when message consist of hash keys' do
subject { human_text({ remove: 'user_access' }.merge(details))}
it 'ignores keys that start with start with author_, or target_' do
expect(subject).to eq 'Remove <strong>user access</strong> '
end
end
context 'when details contain custom message' do
let(:custom_message) { 'Custom message <strong>with tags</strong>' }
subject { human_text( { custom_message: custom_message }.merge(details)) }
it 'returns custom message' do
expect(subject).to eq(custom_message)
end
context 'when custom message contains "_"' do
let(:custom_message) { "message_with_spaces" }
it 'replace them with spaces' do
expect(subject).to eq("message with spaces")
end
end
end
end
......
# frozen_string_literal: true
shared_examples 'audit event contains custom message' do
let(:custom_message) { "Message_with_spaces" }
let(:details) do
{
custom_message: custom_message,
author_name: 'John Doe',
target_id: 1,
target_type: 'User',
target_details: 'Michael'
}
end
let!(:security_event) do
::AuditEventService.new(user, project, details).security_event
end
before do
visit audit_events_url
end
it 'user sess this message' do
expect(page).to have_content('Message with spaces')
end
context 'when it contains tags' do
let(:custom_message) { 'Message <strong>with</strong> <i>deleted</i> tags' }
it 'allows only <strong> tag' do
message_row = find('td', text: 'Message with deleted tags')
expect(message_row).to have_selector('strong')
expect(message_row).to have_no_selector('i')
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment