1
0
mirror of https://gitlab.com/comunic/comunicapiv3 synced 2024-12-26 13:38:51 +00:00

Can access admin logs from the API

This commit is contained in:
Pierre HUBERT 2021-07-10 19:40:41 +02:00
parent b20c261c7d
commit 5d97ca18cb
10 changed files with 86 additions and 11 deletions

View File

@ -302,5 +302,5 @@ CREATE TABLE `comunic_admin_log` (
`admin_id` INT NULL,
`ip` VARCHAR(40) NULL,
`time` INT NULL,
`action` VARCHAR(100) NULL,
`action` VARCHAR(255) NULL,
PRIMARY KEY (`id`));

View File

@ -28,5 +28,5 @@ CREATE TABLE `comunic_admin_log` (
`admin_id` INT NULL,
`ip` VARCHAR(40) NULL,
`time` INT NULL,
`action` VARCHAR(100) NULL,
`action` VARCHAR(255) NULL,
PRIMARY KEY (`id`));

View File

@ -0,0 +1,26 @@
//! # Admin log api entry
//!
//! @author Pierre Hubert
use crate::data::admin_action_log::{AdminActionLog, AdminAction};
#[derive(serde::Serialize)]
pub struct AdminLogAPI {
id: u64,
admin_id: u64,
ip: String,
time: u64,
action: AdminAction
}
impl AdminLogAPI {
pub fn new(log: &AdminActionLog) -> Self{
Self {
id: log.id,
admin_id: log.admin_id.id(),
ip: log.ip.to_string(),
time: log.time,
action: log.action.clone()
}
}
}

View File

@ -9,4 +9,5 @@ pub mod admin_info_api;
pub mod admin_keys_api;
pub mod admin_res_create_reset_token;
pub mod admin_role_api;
pub mod admin_res_create_account;
pub mod admin_res_create_account;
pub mod admin_log_api;

View File

@ -273,7 +273,7 @@ pub mod admin {
pub enum AdminRole {
MANAGE_ADMINS,
MANAGE_USERS,
ACCESS_FULL_ADMIN_LOGS,
ACCESS_ALL_ADMINS_LOGS,
}
pub struct AdminRoleMetadata {
@ -297,10 +297,10 @@ pub mod admin {
description: "Allow the admin to list, reset password and delete Comunic users",
},
AdminRoleMetadata {
role: AdminRole::ACCESS_FULL_ADMIN_LOGS,
id: "access_full_admin_logs",
name: "Access full admin logs",
description: "Allow the admin to access the action history of all admins",
role: AdminRole::ACCESS_ALL_ADMINS_LOGS,
id: "access_all_admins_logs",
name: "Access all admins logs",
description: "Allow the admin to access the action history (log) of all admins",
}
];
}

View File

@ -0,0 +1,20 @@
//! # Admin action history (logs) controller
//!
//! @author Pierre Hubert
use crate::routes::RequestResult;
use crate::data::http_request_handler::HttpRequestHandler;
use crate::data::base_request_handler::BaseRequestHandler;
use crate::helpers::{admin_roles_helper, admin_log_helper};
use crate::constants::admin::AdminRole;
use crate::api_data::admin::admin_log_api::AdminLogAPI;
/// Get the list of logs of the user
pub fn get_list(r: &mut HttpRequestHandler) -> RequestResult {
let logs = match admin_roles_helper::has_role(r.admin_id()?, AdminRole::ACCESS_ALL_ADMINS_LOGS)? {
true => admin_log_helper::get_all_admin_logs(),
false => admin_log_helper::get_admin_logs(r.admin_id()?)
}?;
r.set_response(logs.iter().map(AdminLogAPI::new).collect::<Vec<_>>())
}

View File

@ -4,4 +4,5 @@
pub mod admin_account_controller;
pub mod admin_keys_controller;
pub mod admin_roles_controller;
pub mod admin_roles_controller;
pub mod admin_logs_controller;

View File

@ -2,7 +2,7 @@
use crate::data::admin::AdminID;
#[derive(serde::Serialize, serde::Deserialize)]
#[derive(serde::Serialize, serde::Deserialize, Clone)]
pub enum AdminAction {
AuthWithResetToken,
AuthWithAccessKey { key: String, key_id: u64 },

View File

@ -5,7 +5,7 @@
use crate::constants::conservation_policy::ADMIN_ACTIONS_LOG_LIFETIME;
use crate::constants::database_tables_names::ADMIN_LOGS_TABLE;
use crate::data::admin::AdminID;
use crate::data::admin_action_log::AdminAction;
use crate::data::admin_action_log::{AdminAction, AdminActionLog};
use crate::data::error::Res;
use crate::helpers::database;
use crate::utils::date_utils::time;
@ -26,4 +26,28 @@ pub fn clean_old_logs() -> Res {
.set_custom_where("time < ?")
.add_custom_where_arg_u64(time() - ADMIN_ACTIONS_LOG_LIFETIME.as_secs())
.exec()
}
/// Get all administrators action log history
pub fn get_all_admin_logs() -> Res<Vec<AdminActionLog>> {
database::QueryInfo::new(ADMIN_LOGS_TABLE).exec(db_to_log)
}
/// Get a specific administrator action log history
pub fn get_admin_logs(id: AdminID) -> Res<Vec<AdminActionLog>> {
database::QueryInfo::new(ADMIN_LOGS_TABLE)
.cond_admin_id("admin_id", id)
.exec(db_to_log)
}
fn db_to_log(row: &database::RowResult) -> Res<AdminActionLog> {
Ok(AdminActionLog {
id: row.get_u64("id")?,
admin_id: row.get_admin_id("admin_id")?,
ip: row.get_str("ip")?,
time: row.get_u64("time")?,
action: serde_json::from_str(&row.get_str("action")?)
.unwrap_or(AdminAction::UnsupportedAction),
})
}

View File

@ -391,5 +391,8 @@ pub fn get_routes() -> Vec<Route> {
// Admin roles controller
Route::admin_post("/admin/roles/list", Box::new(admin_roles_controller::get_list)),
Route::admin_post_restricted("/admin/roles/toggle", Box::new(admin_roles_controller::toggle), AdminRole::MANAGE_ADMINS),
// Admin logs controller
Route::admin_post("/admin/logs/list", Box::new(admin_logs_controller::get_list)),
]
}