Only generate Audit Events when licensed

app/services/audit_event_service.rb

@@ -83,6 +83,8 @@ class AuditEventService
   end
 
   def security_event
+    return unless audit_events_enabled?
+
     SecurityEvent.create(
       author_id: @author.id,
       entity_id: @entity.id,
@@ -91,4 +93,9 @@ class AuditEventService
                               entity_path: @entity.full_path)
     )
   end
+
+  def audit_events_enabled?
+    (@entity.respond_to?(:feature_available?) && @entity.feature_available?(:audit_events)) ||
+      License.feature_available?(:admin_audit_log)
+  end
 end

spec/services/audit_event_service_spec.rb

@@ -18,7 +18,7 @@ describe AuditEventService, services: true do
       event = service.for_member(project_member).security_event
       expect(event[:details][:target_details]).to eq('Deleted User')
     end
-    
+
     it 'has the IP address' do
       event = service.for_member(project_member).security_event
       expect(event[:details][:ip_address]).to eq(user.current_sign_in_ip)
@@ -29,4 +29,87 @@ describe AuditEventService, services: true do
       expect(event[:details][:entity_path]).to eq(project.full_path)
     end
   end
+
+  describe '#security_event' do
+    context 'unlicensed' do
+      before do
+        stub_licensed_features(audit_events: false)
+      end
+
+      it 'does not create an event' do
+        expect(SecurityEvent).not_to receive(:create)
+
+        service.security_event
+      end
+    end
+
+    context 'licensed' do
+      it 'creates an event' do
+        expect { service.security_event }.to change(SecurityEvent, :count).by(1)
+      end
+    end
+  end
+
+  describe '#audit_events_enabled?' do
+    context 'entity is a project' do
+      let(:service) { described_class.new(user, project, { action: :destroy }) }
+
+      it 'returns false when project is unlicensed' do
+        stub_licensed_features(audit_events: false, admin_audit_log: false)
+
+        expect(service.audit_events_enabled?).to be_falsy
+      end
+
+      it 'returns true when project is licensed' do
+        stub_licensed_features(audit_events: true, admin_audit_log: false)
+
+        expect(service.audit_events_enabled?).to be_truthy
+      end
+
+      it 'returns true when admin audit log is licensed' do
+        stub_licensed_features(audit_events: false, admin_audit_log: true)
+
+        expect(service.audit_events_enabled?).to be_truthy
+      end
+    end
+
+    context 'entity is a group' do
+      let(:group) { create(:group) }
+      let(:service) { described_class.new(user, group, { action: :destroy }) }
+
+      it 'returns false when group is unlicensed' do
+        stub_licensed_features(audit_events: false, admin_audit_log: false)
+
+        expect(service.audit_events_enabled?).to be_falsy
+      end
+
+      it 'returns true when group is licensed' do
+        stub_licensed_features(audit_events: true, admin_audit_log: false)
+
+        expect(service.audit_events_enabled?).to be_truthy
+      end
+
+      it 'returns true when admin audit log is licensed' do
+        stub_licensed_features(audit_events: false, admin_audit_log: true)
+
+        expect(service.audit_events_enabled?).to be_truthy
+      end
+    end
+
+    context 'entity is a user' do
+      let(:service) { described_class.new(user, user, { action: :destroy }) }
+
+      it 'returns false when admin audit log is unlicensed' do
+        stub_licensed_features(audit_events: false, admin_audit_log: false)
+
+        expect(service.audit_events_enabled?).to be_falsy
+      end
+
+      it 'returns true when admin audit log is licensed' do
+        stub_licensed_features(audit_events: false, admin_audit_log: true)
+
+        expect(service.audit_events_enabled?).to be_truthy
+      end
+    end
+  end
 end