Role and User update logs
This commit is contained in:
parent
6eeafcf56b
commit
b9be18f281
@ -20,6 +20,7 @@ from lemur.common.utils import get_psuedo_random_string
|
||||
|
||||
from lemur.users import service as user_service
|
||||
from lemur.roles import service as role_service
|
||||
from lemur.logs import service as log_service
|
||||
from lemur.auth.service import create_token, fetch_token_header, get_rsa_public_key
|
||||
from lemur.auth import ldap
|
||||
|
||||
@ -184,8 +185,6 @@ def create_user_roles(profile):
|
||||
current_app.config["LEMUR_DEFAULT_ROLE"],
|
||||
description="This is the default Lemur role.",
|
||||
)
|
||||
if not default.third_party:
|
||||
role_service.set_third_party(default.id, third_party_status=True)
|
||||
roles.append(default)
|
||||
|
||||
return roles
|
||||
@ -198,7 +197,7 @@ def update_user(user, profile, roles):
|
||||
:param profile:
|
||||
:param roles:
|
||||
"""
|
||||
|
||||
log_service.audit_log("TEST", user.name, "Edit role")
|
||||
# if we get an sso user create them an account
|
||||
if not user:
|
||||
user = user_service.create(
|
||||
@ -215,6 +214,8 @@ def update_user(user, profile, roles):
|
||||
for ur in user.roles:
|
||||
if not ur.third_party:
|
||||
roles.append(ur)
|
||||
else:
|
||||
log_service.audit_log("unassign_role", ur.name, f"Un-assigning the role for {user.name}")
|
||||
|
||||
# update any changes to the user
|
||||
user_service.update(
|
||||
|
@ -7,7 +7,7 @@
|
||||
:license: Apache, see LICENSE for more details.
|
||||
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
|
||||
"""
|
||||
from flask import current_app
|
||||
from flask import current_app, g
|
||||
|
||||
from lemur import database
|
||||
from lemur.logs.models import Log
|
||||
@ -34,6 +34,19 @@ def create(user, type, certificate=None):
|
||||
database.commit()
|
||||
|
||||
|
||||
def audit_log(action, entity, message):
|
||||
"""
|
||||
Logs given action
|
||||
:param action: The action being logged e.g. assign_role, create_role etc
|
||||
:param entity: The entity undergoing the action e.g. name of the role
|
||||
:param message: Additional info e.g. Role being assigned to user X
|
||||
:return:
|
||||
"""
|
||||
current_app.logger.info(
|
||||
f"[lemur-audit] action: {action}, user: {g.current_user.email}, entity: {entity} [{message}]"
|
||||
)
|
||||
|
||||
|
||||
def get_all():
|
||||
"""
|
||||
Retrieve all logs from the database.
|
||||
|
@ -12,6 +12,7 @@
|
||||
from lemur import database
|
||||
from lemur.roles.models import Role
|
||||
from lemur.users.models import User
|
||||
from lemur.logs import service as log_service
|
||||
|
||||
|
||||
def update(role_id, name, description, users):
|
||||
@ -29,6 +30,8 @@ def update(role_id, name, description, users):
|
||||
role.description = description
|
||||
role.users = users
|
||||
database.update(role)
|
||||
|
||||
log_service.audit_log("update_role", name, f"Role with id {role_id} updated")
|
||||
return role
|
||||
|
||||
|
||||
@ -44,6 +47,8 @@ def set_third_party(role_id, third_party_status=False):
|
||||
role = get(role_id)
|
||||
role.third_party = third_party_status
|
||||
database.update(role)
|
||||
|
||||
log_service.audit_log("update_role", role.name, f"Updated third_party_status={third_party_status}")
|
||||
return role
|
||||
|
||||
|
||||
@ -71,6 +76,7 @@ def create(
|
||||
if users:
|
||||
role.users = users
|
||||
|
||||
log_service.audit_log("create_role", name, "Creating new role")
|
||||
return database.create(role)
|
||||
|
||||
|
||||
@ -101,7 +107,10 @@ def delete(role_id):
|
||||
:param role_id:
|
||||
:return:
|
||||
"""
|
||||
return database.delete(get(role_id))
|
||||
|
||||
role = get(role_id)
|
||||
log_service.audit_log("delete_role", role.name, "Deleting role")
|
||||
return database.delete(role)
|
||||
|
||||
|
||||
def render(args):
|
||||
|
@ -8,6 +8,7 @@
|
||||
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
|
||||
"""
|
||||
from lemur import database
|
||||
from lemur.logs import service as log_service
|
||||
from lemur.users.models import User
|
||||
|
||||
|
||||
@ -31,6 +32,7 @@ def create(username, password, email, active, profile_picture, roles):
|
||||
profile_picture=profile_picture,
|
||||
)
|
||||
user.roles = roles
|
||||
log_service.audit_log("create_user", username, f"Creating new user")
|
||||
return database.create(user)
|
||||
|
||||
|
||||
@ -52,6 +54,8 @@ def update(user_id, username, email, active, profile_picture, roles):
|
||||
user.active = active
|
||||
user.profile_picture = profile_picture
|
||||
update_roles(user, roles)
|
||||
|
||||
log_service.audit_log("update_user", username, f"Updating user with id {user_id}")
|
||||
return database.update(user)
|
||||
|
||||
|
||||
@ -70,6 +74,7 @@ def update_roles(user, roles):
|
||||
break
|
||||
else:
|
||||
user.roles.remove(ur)
|
||||
log_service.audit_log("unassign_role", ur.name, f"Un-assigning the role for user {user.username}")
|
||||
|
||||
for r in roles:
|
||||
for ur in user.roles:
|
||||
@ -77,6 +82,7 @@ def update_roles(user, roles):
|
||||
break
|
||||
else:
|
||||
user.roles.append(r)
|
||||
log_service.audit_log("assign_role", ur.name, f"Assigning the role to user {user.username}")
|
||||
|
||||
|
||||
def get(user_id):
|
||||
|
Loading…
Reference in New Issue
Block a user