Commit dc729c55 authored by Sean McGivern's avatar Sean McGivern

Merge branch 'sh-add-project-settings-audit-logs' into 'master'

Audit log: Add logging for project feature changes

Closes #8027

See merge request gitlab-org/gitlab-ee!7962
parents 1ab0df0c 6b75f374
---
title: 'Audit log: Add logging for project feature changes'
merge_request: 7962
author:
type: added
......@@ -3,7 +3,10 @@ module EE
module Changes
def audit_changes(column, options = {})
column = options[:column] || column
@model = options[:model] # rubocop:disable Gitlab/ModuleWithInstanceVariables
# rubocop:disable Gitlab/ModuleWithInstanceVariables
@target_model = options[:target_model]
@model = options[:model]
# rubocop:enable Gitlab/ModuleWithInstanceVariables
return unless changed?(column)
......@@ -12,6 +15,10 @@ module EE
protected
def target_model
@target_model || model # rubocop:disable Gitlab/ModuleWithInstanceVariables
end
def model
@model
end
......@@ -39,7 +46,7 @@ module EE
end
def audit_event(options)
::AuditEventService.new(@current_user, model, options) # rubocop:disable Gitlab/ModuleWithInstanceVariables
::AuditEventService.new(@current_user, target_model, options) # rubocop:disable Gitlab/ModuleWithInstanceVariables
.for_changes.security_event
end
end
......
......@@ -6,6 +6,14 @@ module EE
audit_changes(:path, as: 'path', model: model)
audit_changes(:name, as: 'name', model: model)
audit_changes(:namespace_id, as: 'namespace', model: model)
audit_changes(:repository_size_limit, as: 'repository_size_limit', model: model)
audit_changes(:packages_enabled, as: 'packages_enabled', model: model)
audit_project_feature_changes
end
def audit_project_feature_changes
::EE::Audit::ProjectFeatureChangesAuditor.new(@current_user, model.project_feature, model).execute
end
def attributes_from_auditable_model(column)
......@@ -30,6 +38,11 @@ module EE
from: model.old_path_with_namespace,
to: model.full_path
}
else
{
from: model.previous_changes[column].first,
to: model.previous_changes[column].last
}
end.merge(target_details: model.full_path)
end
end
......
# frozen_string_literal: true
module EE
module Audit
class ProjectFeatureChangesAuditor < BaseChangesAuditor
attr_accessor :project
COLUMNS = [:merge_requests_access_level,
:issues_access_level,
:wiki_access_level,
:snippets_access_level,
:builds_access_level,
:repository_access_level,
:pages_access_level].freeze
def initialize(current_user, model, project)
@project = project
super(current_user, model)
end
def execute
COLUMNS.each do |column|
audit_changes(column, as: column.to_s, target_model: @project, model: model)
end
end
def attributes_from_auditable_model(column)
base_data = { target_details: @project.full_path }
return base_data unless COLUMNS.include?(column)
{
from: ::Gitlab::VisibilityLevel.level_name(model.previous_changes[column].first),
to: ::Gitlab::VisibilityLevel.level_name(model.previous_changes[column].last)
}.merge(base_data)
end
end
end
end
......@@ -48,6 +48,20 @@ describe EE::Audit::ProjectChangesAuditor do
expect { foo_instance.execute }.to change { SecurityEvent.count }.by(1)
expect(SecurityEvent.last.details[:change]).to eq 'namespace'
end
it 'creates an event when the repository size limit changes' do
project.update!(repository_size_limit: 100)
expect { foo_instance.execute }.to change { SecurityEvent.count }.by(1)
expect(SecurityEvent.last.details[:change]).to eq 'repository_size_limit'
end
it 'creates an event when the packages enabled setting changes' do
project.update!(packages_enabled: false)
expect { foo_instance.execute }.to change { SecurityEvent.count }.by(1)
expect(SecurityEvent.last.details[:change]).to eq 'packages_enabled'
end
end
end
end
# frozen_string_literal: true
require 'spec_helper'
describe EE::Audit::ProjectFeatureChangesAuditor do
describe '#execute' do
let!(:user) { create(:user) }
let!(:project) { create(:project, visibility_level: 0) }
let(:features) { project.project_feature }
let(:foo_instance) { described_class.new(user, features, project) }
before do
stub_licensed_features(extended_audit_events: true)
end
it 'creates an event when any project feature level changes' do
columns = project.project_feature.attributes.keys.select { |attr| attr.end_with?('level') }
columns.each do |column|
features.update_attribute(column, 0)
expect { foo_instance.execute }.to change { SecurityEvent.count }.by(1)
event = SecurityEvent.last
expect(event.details[:from]).to eq 'Public'
expect(event.details[:to]).to eq 'Private'
expect(event.details[:change]).to eq column
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment