mirror of
https://github.com/sismics/docs.git
synced 2024-11-25 23:27:57 +01:00
Closes #257: admin users can see all logs
This commit is contained in:
parent
42828efa19
commit
d8d5249a23
@ -27,7 +27,6 @@ public class AuditLogDao {
|
|||||||
*
|
*
|
||||||
* @param auditLog Audit log
|
* @param auditLog Audit log
|
||||||
* @return New ID
|
* @return New ID
|
||||||
* @throws Exception
|
|
||||||
*/
|
*/
|
||||||
public String create(AuditLog auditLog) {
|
public String create(AuditLog auditLog) {
|
||||||
// Create the UUID
|
// Create the UUID
|
||||||
@ -47,10 +46,9 @@ public class AuditLogDao {
|
|||||||
* @param paginatedList List of audit logs (updated by side effects)
|
* @param paginatedList List of audit logs (updated by side effects)
|
||||||
* @param criteria Search criteria
|
* @param criteria Search criteria
|
||||||
* @param sortCriteria Sort criteria
|
* @param sortCriteria Sort criteria
|
||||||
* @return List of audit logs
|
|
||||||
*/
|
*/
|
||||||
public void findByCriteria(PaginatedList<AuditLogDto> paginatedList, AuditLogCriteria criteria, SortCriteria sortCriteria) {
|
public void findByCriteria(PaginatedList<AuditLogDto> paginatedList, AuditLogCriteria criteria, SortCriteria sortCriteria) {
|
||||||
Map<String, Object> parameterMap = new HashMap<String, Object>();
|
Map<String, Object> parameterMap = new HashMap<>();
|
||||||
|
|
||||||
StringBuilder baseQuery = new StringBuilder("select l.LOG_ID_C c0, l.LOG_CREATEDATE_D c1, u.USE_USERNAME_C c2, l.LOG_IDENTITY_C c3, l.LOG_CLASSENTITY_C c4, l.LOG_TYPE_C c5, l.LOG_MESSAGE_C c6 from T_AUDIT_LOG l ");
|
StringBuilder baseQuery = new StringBuilder("select l.LOG_ID_C c0, l.LOG_CREATEDATE_D c1, u.USE_USERNAME_C c2, l.LOG_IDENTITY_C c3, l.LOG_CLASSENTITY_C c4, l.LOG_TYPE_C c5, l.LOG_MESSAGE_C c6 from T_AUDIT_LOG l ");
|
||||||
baseQuery.append(" join T_USER u on l.LOG_IDUSER_C = u.USE_ID_C ");
|
baseQuery.append(" join T_USER u on l.LOG_IDUSER_C = u.USE_ID_C ");
|
||||||
@ -67,18 +65,23 @@ public class AuditLogDao {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (criteria.getUserId() != null) {
|
if (criteria.getUserId() != null) {
|
||||||
|
if (criteria.isAdmin()) {
|
||||||
|
// For admin users, display all logs except ACL logs
|
||||||
|
queries.add(baseQuery + " where l.LOG_CLASSENTITY_C != 'Acl' ");
|
||||||
|
} else {
|
||||||
// Get all logs originating from the user, not necessarly on owned items
|
// Get all logs originating from the user, not necessarly on owned items
|
||||||
// Filter out ACL logs
|
// Filter out ACL logs
|
||||||
queries.add(baseQuery + " where l.LOG_IDUSER_C = :userId and l.LOG_CLASSENTITY_C != 'Acl' ");
|
queries.add(baseQuery + " where l.LOG_IDUSER_C = :userId and l.LOG_CLASSENTITY_C != 'Acl' ");
|
||||||
parameterMap.put("userId", criteria.getUserId());
|
parameterMap.put("userId", criteria.getUserId());
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Perform the search
|
// Perform the search
|
||||||
QueryParam queryParam = new QueryParam(Joiner.on(" union ").join(queries), parameterMap);
|
QueryParam queryParam = new QueryParam(Joiner.on(" union ").join(queries), parameterMap);
|
||||||
List<Object[]> l = PaginatedLists.executePaginatedQuery(paginatedList, queryParam, sortCriteria);
|
List<Object[]> l = PaginatedLists.executePaginatedQuery(paginatedList, queryParam, sortCriteria);
|
||||||
|
|
||||||
// Assemble results
|
// Assemble results
|
||||||
List<AuditLogDto> auditLogDtoList = new ArrayList<AuditLogDto>();
|
List<AuditLogDto> auditLogDtoList = new ArrayList<>();
|
||||||
for (Object[] o : l) {
|
for (Object[] o : l) {
|
||||||
int i = 0;
|
int i = 0;
|
||||||
AuditLogDto auditLogDto = new AuditLogDto();
|
AuditLogDto auditLogDto = new AuditLogDto();
|
||||||
|
@ -17,6 +17,11 @@ public class AuditLogCriteria {
|
|||||||
*/
|
*/
|
||||||
private String userId;
|
private String userId;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The search is done for an admin user.
|
||||||
|
*/
|
||||||
|
private boolean isAdmin = false;
|
||||||
|
|
||||||
public String getDocumentId() {
|
public String getDocumentId() {
|
||||||
return documentId;
|
return documentId;
|
||||||
}
|
}
|
||||||
@ -32,4 +37,13 @@ public class AuditLogCriteria {
|
|||||||
public void setUserId(String userId) {
|
public void setUserId(String userId) {
|
||||||
this.userId = userId;
|
this.userId = userId;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean isAdmin() {
|
||||||
|
return isAdmin;
|
||||||
|
}
|
||||||
|
|
||||||
|
public AuditLogCriteria setAdmin(boolean admin) {
|
||||||
|
isAdmin = admin;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -6,6 +6,7 @@ import com.sismics.docs.core.dao.AclDao;
|
|||||||
import com.sismics.docs.core.dao.AuditLogDao;
|
import com.sismics.docs.core.dao.AuditLogDao;
|
||||||
import com.sismics.docs.core.dao.criteria.AuditLogCriteria;
|
import com.sismics.docs.core.dao.criteria.AuditLogCriteria;
|
||||||
import com.sismics.docs.core.dao.dto.AuditLogDto;
|
import com.sismics.docs.core.dao.dto.AuditLogDto;
|
||||||
|
import com.sismics.docs.core.util.SecurityUtil;
|
||||||
import com.sismics.docs.core.util.jpa.PaginatedList;
|
import com.sismics.docs.core.util.jpa.PaginatedList;
|
||||||
import com.sismics.docs.core.util.jpa.PaginatedLists;
|
import com.sismics.docs.core.util.jpa.PaginatedLists;
|
||||||
import com.sismics.docs.core.util.jpa.SortCriteria;
|
import com.sismics.docs.core.util.jpa.SortCriteria;
|
||||||
@ -65,6 +66,7 @@ public class AuditLogResource extends BaseResource {
|
|||||||
if (Strings.isNullOrEmpty(documentId)) {
|
if (Strings.isNullOrEmpty(documentId)) {
|
||||||
// Search logs for a user
|
// Search logs for a user
|
||||||
criteria.setUserId(principal.getId());
|
criteria.setUserId(principal.getId());
|
||||||
|
criteria.setAdmin(SecurityUtil.skipAclCheck(getTargetIdList(null)));
|
||||||
} else {
|
} else {
|
||||||
// Check ACL on the document
|
// Check ACL on the document
|
||||||
AclDao aclDao = new AclDao();
|
AclDao aclDao = new AclDao();
|
||||||
|
@ -680,6 +680,7 @@ public class UserResource extends BaseResource {
|
|||||||
* @apiParam {String} username Username
|
* @apiParam {String} username Username
|
||||||
* @apiSuccess {String} username Username
|
* @apiSuccess {String} username Username
|
||||||
* @apiSuccess {String} email E-mail
|
* @apiSuccess {String} email E-mail
|
||||||
|
* @apiSuccess {Boolean} totp_enabled True if TOTP authentication is enabled
|
||||||
* @apiSuccess {Number} storage_quota Storage quota (in bytes)
|
* @apiSuccess {Number} storage_quota Storage quota (in bytes)
|
||||||
* @apiSuccess {Number} storage_current Quota used (in bytes)
|
* @apiSuccess {Number} storage_current Quota used (in bytes)
|
||||||
* @apiSuccess {String[]} groups Groups
|
* @apiSuccess {String[]} groups Groups
|
||||||
@ -720,6 +721,7 @@ public class UserResource extends BaseResource {
|
|||||||
.add("username", user.getUsername())
|
.add("username", user.getUsername())
|
||||||
.add("groups", groups)
|
.add("groups", groups)
|
||||||
.add("email", user.getEmail())
|
.add("email", user.getEmail())
|
||||||
|
.add("totp_enabled", user.getTotpKey() != null)
|
||||||
.add("storage_quota", user.getStorageQuota())
|
.add("storage_quota", user.getStorageQuota())
|
||||||
.add("storage_current", user.getStorageCurrent())
|
.add("storage_current", user.getStorageCurrent())
|
||||||
.add("disabled", user.getDisableDate() != null);
|
.add("disabled", user.getDisableDate() != null);
|
||||||
@ -739,6 +741,7 @@ public class UserResource extends BaseResource {
|
|||||||
* @apiSuccess {String} users.id ID
|
* @apiSuccess {String} users.id ID
|
||||||
* @apiSuccess {String} users.username Username
|
* @apiSuccess {String} users.username Username
|
||||||
* @apiSuccess {String} users.email E-mail
|
* @apiSuccess {String} users.email E-mail
|
||||||
|
* @apiSuccess {Boolean} users.totp_enabled True if TOTP authentication is enabled
|
||||||
* @apiSuccess {Number} users.storage_quota Storage quota (in bytes)
|
* @apiSuccess {Number} users.storage_quota Storage quota (in bytes)
|
||||||
* @apiSuccess {Number} users.storage_current Quota used (in bytes)
|
* @apiSuccess {Number} users.storage_current Quota used (in bytes)
|
||||||
* @apiSuccess {Number} users.create_date Create date (timestamp)
|
* @apiSuccess {Number} users.create_date Create date (timestamp)
|
||||||
@ -781,8 +784,8 @@ public class UserResource extends BaseResource {
|
|||||||
users.add(Json.createObjectBuilder()
|
users.add(Json.createObjectBuilder()
|
||||||
.add("id", userDto.getId())
|
.add("id", userDto.getId())
|
||||||
.add("username", userDto.getUsername())
|
.add("username", userDto.getUsername())
|
||||||
.add("totp_enabled", userDto.getTotpKey() != null)
|
|
||||||
.add("email", userDto.getEmail())
|
.add("email", userDto.getEmail())
|
||||||
|
.add("totp_enabled", userDto.getTotpKey() != null)
|
||||||
.add("storage_quota", userDto.getStorageQuota())
|
.add("storage_quota", userDto.getStorageQuota())
|
||||||
.add("storage_current", userDto.getStorageCurrent())
|
.add("storage_current", userDto.getStorageCurrent())
|
||||||
.add("create_date", userDto.getCreateTimestamp())
|
.add("create_date", userDto.getCreateTimestamp())
|
||||||
|
Loading…
Reference in New Issue
Block a user