Add auditing for creating or updating a cert. (#845)

This commit is contained in:
Paul Van de Vreede 2017-07-04 23:39:16 +10:00 committed by kevgliss
parent 9d5db3ec12
commit 53113e5eeb
2 changed files with 7 additions and 3 deletions

View File

@ -269,7 +269,9 @@ class CertificatesList(AuthenticatedResource):
if authority_permission.can():
data['creator'] = g.user
return service.create(**data)
cert = service.create(**data)
log_service.create(g.user, 'create_cert', certificate=cert)
return cert
return dict(message="You are not authorized to use the authority: {0}".format(data['authority'].name)), 403
@ -644,7 +646,9 @@ class Certificates(AuthenticatedResource):
)
), 400
return service.update(certificate_id, **data)
cert = service.update(certificate_id, **data)
log_service.create(g.current_user, 'update_cert', certificate=cert)
return cert
class NotificationCertificatesList(AuthenticatedResource):

View File

@ -18,6 +18,6 @@ class Log(db.Model):
__tablename__ = 'logs'
id = Column(Integer, primary_key=True)
certificate_id = Column(Integer, ForeignKey('certificates.id'))
log_type = Column(Enum('key_view', name='log_type'), nullable=False)
log_type = Column(Enum('key_view', 'create_cert', 'update_cert', name='log_type'), nullable=False)
logged_at = Column(ArrowType(), PassiveDefault(func.now()), nullable=False)
user_id = Column(Integer, ForeignKey('users.id'), nullable=False)