Add group audit events.

app/controllers/audit_events_controller.rb

@@ -2,16 +2,38 @@ class AuditEventsController < ApplicationController
   # Authorize
   before_filter :repository, only: :project_log
   before_filter :authorize_admin_project!, only: :project_log
+  before_filter :group, only: :group_log
+  before_filter :authorize_admin_group!, only: :group_log
 
-  layout "project_settings"
+  layout :determine_layout
 
   def project_log
     @events = AuditEvent.where(entity_type: "Project", entity_id: project.id).page(params[:page]).per(30)
   end
 
+  def group_log
+    @events = AuditEvent.where(entity_type: "Group", entity_id: group.id).page(params[:page]).per(30)
+  end
+
   private
 
+  def group
+    @group ||= Group.find_by(path: params[:group_id])
+  end
+
+  def authorize_admin_group!
+    render_404 unless can?(current_user, :manage_group, group)
+  end
+
+  def determine_layout
+    if @project
+      'project_settings'
+    elsif @group
+      'group'
+    end
+  end
+
   def audit_events_params
-    params.permit(:project_id)
+    params.permit(:project_id, :group_id)
   end
 end

app/controllers/groups/group_members_controller.rb

@@ -14,7 +14,24 @@ class Groups::GroupMembersController < ApplicationController
 
   def update
     @member = @group.group_members.find(params[:id])
-    @member.update_attributes(member_params)
+    old_access_level = @member.human_access
+
+    if @member.update_attributes(member_params)
+      details = {
+        change: "access_level",
+        from:  old_access_level,
+        to: @member.human_access,
+        target_id: @member.user_id,
+        target_type: "User",
+        target_details: @member.user.name,
+      }
+      SecurityEvent.create(
+        author_id: current_user.id,
+        entity_id: @group.id,
+        entity_type: "Group",
+        details: details
+      )
+    end
   end
 
   def destroy

app/views/audit_events/group_log.html.haml

+
+
+.row
+  .col-md-2
+    = render 'groups/settings_nav'
+
+  .col-md-10
+    %h3.page-title Group Audit Events
+    %p.light Events in #{@group.name}
+
+    %table.table
+      %thead
+        %tr
+          %th
+          %th
+          %th Author
+          %th
+          %th
+          %th Action
+          %th
+          %th Target
+          %th
+          %th At
+
+      %tbody
+        - @events.each do |event|
+          %tr
+            %td
+            %td
+            %td #{event.author_name}
+            %td
+            %td
+            %td #{raw human_text(event.details)}
+            %td
+            %td #{event.details['target_details']}
+            %td
+            %td #{event.created_at}
+        = paginate @events

app/views/groups/_settings_nav.html.haml

@@ -11,4 +11,8 @@
     = link_to group_ldap_group_links_path(@group) do
       %i.icon-exchange
       LDAP Groups
+  = nav_link(controller: :audit_events) do
+    = link_to group_audit_events_path(@group) do
+      %i.fa.fa-file-text-o
+      Audit Events
 

config/routes.rb

@@ -184,6 +184,8 @@ Gitlab::Application.routes.draw do
       resource :avatar, only: [:destroy]
       resources :milestones
     end
+
+    get "/audit_events" => "audit_events#group_log"
   end
 
   get  'unsubscribes/:email', to: 'unsubscribes#show', as: :unsubscribe