Closes #257: admin users can see all logs

This commit is contained in:
Benjamin Gamard 2018-11-09 14:49:34 +01:00
parent 42828efa19
commit d8d5249a23
4 changed files with 31 additions and 9 deletions

View File

@ -27,7 +27,6 @@ public class AuditLogDao {
*
* @param auditLog Audit log
* @return New ID
* @throws Exception
*/
public String create(AuditLog auditLog) {
// Create the UUID
@ -47,10 +46,9 @@ public class AuditLogDao {
* @param paginatedList List of audit logs (updated by side effects)
* @param criteria Search criteria
* @param sortCriteria Sort criteria
* @return List of audit logs
*/
public void findByCriteria(PaginatedList<AuditLogDto> paginatedList, AuditLogCriteria criteria, SortCriteria sortCriteria) {
Map<String, Object> parameterMap = new HashMap<String, Object>();
Map<String, Object> parameterMap = new HashMap<>();
StringBuilder baseQuery = new StringBuilder("select l.LOG_ID_C c0, l.LOG_CREATEDATE_D c1, u.USE_USERNAME_C c2, l.LOG_IDENTITY_C c3, l.LOG_CLASSENTITY_C c4, l.LOG_TYPE_C c5, l.LOG_MESSAGE_C c6 from T_AUDIT_LOG l ");
baseQuery.append(" join T_USER u on l.LOG_IDUSER_C = u.USE_ID_C ");
@ -67,10 +65,15 @@ public class AuditLogDao {
}
if (criteria.getUserId() != null) {
// Get all logs originating from the user, not necessarly on owned items
// Filter out ACL logs
queries.add(baseQuery + " where l.LOG_IDUSER_C = :userId and l.LOG_CLASSENTITY_C != 'Acl' ");
parameterMap.put("userId", criteria.getUserId());
if (criteria.isAdmin()) {
// For admin users, display all logs except ACL logs
queries.add(baseQuery + " where l.LOG_CLASSENTITY_C != 'Acl' ");
} else {
// Get all logs originating from the user, not necessarly on owned items
// Filter out ACL logs
queries.add(baseQuery + " where l.LOG_IDUSER_C = :userId and l.LOG_CLASSENTITY_C != 'Acl' ");
parameterMap.put("userId", criteria.getUserId());
}
}
// Perform the search
@ -78,7 +81,7 @@ public class AuditLogDao {
List<Object[]> l = PaginatedLists.executePaginatedQuery(paginatedList, queryParam, sortCriteria);
// Assemble results
List<AuditLogDto> auditLogDtoList = new ArrayList<AuditLogDto>();
List<AuditLogDto> auditLogDtoList = new ArrayList<>();
for (Object[] o : l) {
int i = 0;
AuditLogDto auditLogDto = new AuditLogDto();

View File

@ -16,6 +16,11 @@ public class AuditLogCriteria {
* User ID.
*/
private String userId;
/**
* The search is done for an admin user.
*/
private boolean isAdmin = false;
public String getDocumentId() {
return documentId;
@ -32,4 +37,13 @@ public class AuditLogCriteria {
public void setUserId(String userId) {
this.userId = userId;
}
public boolean isAdmin() {
return isAdmin;
}
public AuditLogCriteria setAdmin(boolean admin) {
isAdmin = admin;
return this;
}
}

View File

@ -6,6 +6,7 @@ import com.sismics.docs.core.dao.AclDao;
import com.sismics.docs.core.dao.AuditLogDao;
import com.sismics.docs.core.dao.criteria.AuditLogCriteria;
import com.sismics.docs.core.dao.dto.AuditLogDto;
import com.sismics.docs.core.util.SecurityUtil;
import com.sismics.docs.core.util.jpa.PaginatedList;
import com.sismics.docs.core.util.jpa.PaginatedLists;
import com.sismics.docs.core.util.jpa.SortCriteria;
@ -65,6 +66,7 @@ public class AuditLogResource extends BaseResource {
if (Strings.isNullOrEmpty(documentId)) {
// Search logs for a user
criteria.setUserId(principal.getId());
criteria.setAdmin(SecurityUtil.skipAclCheck(getTargetIdList(null)));
} else {
// Check ACL on the document
AclDao aclDao = new AclDao();

View File

@ -680,6 +680,7 @@ public class UserResource extends BaseResource {
* @apiParam {String} username Username
* @apiSuccess {String} username Username
* @apiSuccess {String} email E-mail
* @apiSuccess {Boolean} totp_enabled True if TOTP authentication is enabled
* @apiSuccess {Number} storage_quota Storage quota (in bytes)
* @apiSuccess {Number} storage_current Quota used (in bytes)
* @apiSuccess {String[]} groups Groups
@ -720,6 +721,7 @@ public class UserResource extends BaseResource {
.add("username", user.getUsername())
.add("groups", groups)
.add("email", user.getEmail())
.add("totp_enabled", user.getTotpKey() != null)
.add("storage_quota", user.getStorageQuota())
.add("storage_current", user.getStorageCurrent())
.add("disabled", user.getDisableDate() != null);
@ -739,6 +741,7 @@ public class UserResource extends BaseResource {
* @apiSuccess {String} users.id ID
* @apiSuccess {String} users.username Username
* @apiSuccess {String} users.email E-mail
* @apiSuccess {Boolean} users.totp_enabled True if TOTP authentication is enabled
* @apiSuccess {Number} users.storage_quota Storage quota (in bytes)
* @apiSuccess {Number} users.storage_current Quota used (in bytes)
* @apiSuccess {Number} users.create_date Create date (timestamp)
@ -781,8 +784,8 @@ public class UserResource extends BaseResource {
users.add(Json.createObjectBuilder()
.add("id", userDto.getId())
.add("username", userDto.getUsername())
.add("totp_enabled", userDto.getTotpKey() != null)
.add("email", userDto.getEmail())
.add("totp_enabled", userDto.getTotpKey() != null)
.add("storage_quota", userDto.getStorageQuota())
.add("storage_current", userDto.getStorageCurrent())
.add("create_date", userDto.getCreateTimestamp())