mirror of
https://github.com/sismics/docs.git
synced 2024-12-22 11:23:48 +01:00
Closes #257: admin users can see all logs
This commit is contained in:
parent
42828efa19
commit
d8d5249a23
@ -27,7 +27,6 @@ public class AuditLogDao {
|
||||
*
|
||||
* @param auditLog Audit log
|
||||
* @return New ID
|
||||
* @throws Exception
|
||||
*/
|
||||
public String create(AuditLog auditLog) {
|
||||
// Create the UUID
|
||||
@ -47,10 +46,9 @@ public class AuditLogDao {
|
||||
* @param paginatedList List of audit logs (updated by side effects)
|
||||
* @param criteria Search criteria
|
||||
* @param sortCriteria Sort criteria
|
||||
* @return List of audit logs
|
||||
*/
|
||||
public void findByCriteria(PaginatedList<AuditLogDto> paginatedList, AuditLogCriteria criteria, SortCriteria sortCriteria) {
|
||||
Map<String, Object> parameterMap = new HashMap<String, Object>();
|
||||
Map<String, Object> parameterMap = new HashMap<>();
|
||||
|
||||
StringBuilder baseQuery = new StringBuilder("select l.LOG_ID_C c0, l.LOG_CREATEDATE_D c1, u.USE_USERNAME_C c2, l.LOG_IDENTITY_C c3, l.LOG_CLASSENTITY_C c4, l.LOG_TYPE_C c5, l.LOG_MESSAGE_C c6 from T_AUDIT_LOG l ");
|
||||
baseQuery.append(" join T_USER u on l.LOG_IDUSER_C = u.USE_ID_C ");
|
||||
@ -67,10 +65,15 @@ public class AuditLogDao {
|
||||
}
|
||||
|
||||
if (criteria.getUserId() != null) {
|
||||
// Get all logs originating from the user, not necessarly on owned items
|
||||
// Filter out ACL logs
|
||||
queries.add(baseQuery + " where l.LOG_IDUSER_C = :userId and l.LOG_CLASSENTITY_C != 'Acl' ");
|
||||
parameterMap.put("userId", criteria.getUserId());
|
||||
if (criteria.isAdmin()) {
|
||||
// For admin users, display all logs except ACL logs
|
||||
queries.add(baseQuery + " where l.LOG_CLASSENTITY_C != 'Acl' ");
|
||||
} else {
|
||||
// Get all logs originating from the user, not necessarly on owned items
|
||||
// Filter out ACL logs
|
||||
queries.add(baseQuery + " where l.LOG_IDUSER_C = :userId and l.LOG_CLASSENTITY_C != 'Acl' ");
|
||||
parameterMap.put("userId", criteria.getUserId());
|
||||
}
|
||||
}
|
||||
|
||||
// Perform the search
|
||||
@ -78,7 +81,7 @@ public class AuditLogDao {
|
||||
List<Object[]> l = PaginatedLists.executePaginatedQuery(paginatedList, queryParam, sortCriteria);
|
||||
|
||||
// Assemble results
|
||||
List<AuditLogDto> auditLogDtoList = new ArrayList<AuditLogDto>();
|
||||
List<AuditLogDto> auditLogDtoList = new ArrayList<>();
|
||||
for (Object[] o : l) {
|
||||
int i = 0;
|
||||
AuditLogDto auditLogDto = new AuditLogDto();
|
||||
|
@ -16,6 +16,11 @@ public class AuditLogCriteria {
|
||||
* User ID.
|
||||
*/
|
||||
private String userId;
|
||||
|
||||
/**
|
||||
* The search is done for an admin user.
|
||||
*/
|
||||
private boolean isAdmin = false;
|
||||
|
||||
public String getDocumentId() {
|
||||
return documentId;
|
||||
@ -32,4 +37,13 @@ public class AuditLogCriteria {
|
||||
public void setUserId(String userId) {
|
||||
this.userId = userId;
|
||||
}
|
||||
|
||||
public boolean isAdmin() {
|
||||
return isAdmin;
|
||||
}
|
||||
|
||||
public AuditLogCriteria setAdmin(boolean admin) {
|
||||
isAdmin = admin;
|
||||
return this;
|
||||
}
|
||||
}
|
||||
|
@ -6,6 +6,7 @@ import com.sismics.docs.core.dao.AclDao;
|
||||
import com.sismics.docs.core.dao.AuditLogDao;
|
||||
import com.sismics.docs.core.dao.criteria.AuditLogCriteria;
|
||||
import com.sismics.docs.core.dao.dto.AuditLogDto;
|
||||
import com.sismics.docs.core.util.SecurityUtil;
|
||||
import com.sismics.docs.core.util.jpa.PaginatedList;
|
||||
import com.sismics.docs.core.util.jpa.PaginatedLists;
|
||||
import com.sismics.docs.core.util.jpa.SortCriteria;
|
||||
@ -65,6 +66,7 @@ public class AuditLogResource extends BaseResource {
|
||||
if (Strings.isNullOrEmpty(documentId)) {
|
||||
// Search logs for a user
|
||||
criteria.setUserId(principal.getId());
|
||||
criteria.setAdmin(SecurityUtil.skipAclCheck(getTargetIdList(null)));
|
||||
} else {
|
||||
// Check ACL on the document
|
||||
AclDao aclDao = new AclDao();
|
||||
|
@ -680,6 +680,7 @@ public class UserResource extends BaseResource {
|
||||
* @apiParam {String} username Username
|
||||
* @apiSuccess {String} username Username
|
||||
* @apiSuccess {String} email E-mail
|
||||
* @apiSuccess {Boolean} totp_enabled True if TOTP authentication is enabled
|
||||
* @apiSuccess {Number} storage_quota Storage quota (in bytes)
|
||||
* @apiSuccess {Number} storage_current Quota used (in bytes)
|
||||
* @apiSuccess {String[]} groups Groups
|
||||
@ -720,6 +721,7 @@ public class UserResource extends BaseResource {
|
||||
.add("username", user.getUsername())
|
||||
.add("groups", groups)
|
||||
.add("email", user.getEmail())
|
||||
.add("totp_enabled", user.getTotpKey() != null)
|
||||
.add("storage_quota", user.getStorageQuota())
|
||||
.add("storage_current", user.getStorageCurrent())
|
||||
.add("disabled", user.getDisableDate() != null);
|
||||
@ -739,6 +741,7 @@ public class UserResource extends BaseResource {
|
||||
* @apiSuccess {String} users.id ID
|
||||
* @apiSuccess {String} users.username Username
|
||||
* @apiSuccess {String} users.email E-mail
|
||||
* @apiSuccess {Boolean} users.totp_enabled True if TOTP authentication is enabled
|
||||
* @apiSuccess {Number} users.storage_quota Storage quota (in bytes)
|
||||
* @apiSuccess {Number} users.storage_current Quota used (in bytes)
|
||||
* @apiSuccess {Number} users.create_date Create date (timestamp)
|
||||
@ -781,8 +784,8 @@ public class UserResource extends BaseResource {
|
||||
users.add(Json.createObjectBuilder()
|
||||
.add("id", userDto.getId())
|
||||
.add("username", userDto.getUsername())
|
||||
.add("totp_enabled", userDto.getTotpKey() != null)
|
||||
.add("email", userDto.getEmail())
|
||||
.add("totp_enabled", userDto.getTotpKey() != null)
|
||||
.add("storage_quota", userDto.getStorageQuota())
|
||||
.add("storage_current", userDto.getStorageCurrent())
|
||||
.add("create_date", userDto.getCreateTimestamp())
|
||||
|
Loading…
Reference in New Issue
Block a user