Merge branch '329514-approval-rule-deletion-audit-event' into 'master'

Creates audit event when approval rule is deleted See merge request gitlab-org/gitlab!82297

Merge branch '329514-approval-rule-deletion-audit-event' into 'master'
Creates audit event when approval rule is deleted See merge request gitlab-org/gitlab!82297
fecbce92 · Max Woolf · 985fca2f · bb89b9c6 · fecbce92 · fecbce92
Commit fecbce92 authored Mar 09, 2022 by Max Woolf
3 changed files
--- a/ee/app/services/approval_rules/project_rule_destroy_service.rb
+++ b/ee/app/services/approval_rules/project_rule_destroy_service.rb
@@ -4,8 +4,9 @@ module ApprovalRules
  class ProjectRuleDestroyService < ::BaseService
    attr_reader :rule

-    def initialize(approval_rule)
+    def initialize(approval_rule, current_user)
      @rule = approval_rule
+      super(approval_rule.project, current_user)
    end

    def execute
@@ -17,6 +18,7 @@ module ApprovalRules
      end

      if rule.destroyed?
+        audit_deletion
        success
      else
        error(rule.errors.messages)
@@ -31,5 +33,16 @@ module ApprovalRules
        .for_unmerged_merge_requests
        .delete_all
    end
+
+    def audit_deletion
+      audit_context = {
+        author: current_user,
+        scope: rule.project,
+        target: rule,
+        message: 'Deleted approval rule'
+      }
+
+      ::Gitlab::Audit::Auditor.audit(audit_context)
+    end
  end
 end
--- a/ee/lib/api/helpers/project_approval_rules_helpers.rb
+++ b/ee/lib/api/helpers/project_approval_rules_helpers.rb
@@ -75,7 +75,7 @@ module API
        approval_rule = user_project.approval_rules.find(params[:approval_rule_id])

        destroy_conditionally!(approval_rule) do |rule|
-          ::ApprovalRules::ProjectRuleDestroyService.new(rule).execute
+          ::ApprovalRules::ProjectRuleDestroyService.new(rule, current_user).execute
        end
      end
    end

--- a/ee/spec/services/approval_rules/project_rule_destroy_service_spec.rb
+++ b/ee/spec/services/approval_rules/project_rule_destroy_service_spec.rb
@@ -8,13 +8,28 @@ RSpec.describe ApprovalRules::ProjectRuleDestroyService do

  describe '#execute' do
    let!(:project_rule) { create(:approval_project_rule, project: project) }
-
-    subject { described_class.new(project_rule) }
+    let(:current_user) { create(:user, name: 'Bruce Wayne') }
+
+    subject { described_class.new(project_rule, current_user) }
+
+    shared_context 'an audit event is added' do
+      it 'adds an audit event' do
+        expect { subject.execute }.to change { AuditEvent.count }.by(1)
+        expect(AuditEvent.last.details).to include({
+                                                     author_name: current_user.name,
+                                                     custom_message: 'Deleted approval rule',
+                                                     target_type: 'ApprovalProjectRule',
+                                                     target_id: project_rule.id
+                                                   })
+      end
+    end

    context 'when there is no merge request rules' do
      it 'destroys project rule' do
        expect { subject.execute }.to change { ApprovalProjectRule.count }.by(-1)
      end
+
+      include_context 'an audit event is added'
    end

    context 'when there is a merge request rule' do
@@ -28,6 +43,8 @@ RSpec.describe ApprovalRules::ProjectRuleDestroyService do
        it 'destroys merge request rules' do
          expect { subject.execute }.to change { ApprovalMergeRequestRule.count }.by(-1)
        end
+
+        include_context 'an audit event is added'
      end

      context 'when merged' do
@@ -38,6 +55,8 @@ RSpec.describe ApprovalRules::ProjectRuleDestroyService do
        it 'does nothing' do
          expect { subject.execute }.not_to change { ApprovalMergeRequestRule.count }
        end
+
+        include_context 'an audit event is added'
      end
    end
  end