From b9be18f281c91bb7bb2d23f1119e5c99a3456801 Mon Sep 17 00:00:00 2001 From: sayali Date: Wed, 27 Jan 2021 19:10:13 -0800 Subject: [PATCH] Role and User update logs --- lemur/auth/views.py | 7 ++++--- lemur/logs/service.py | 15 ++++++++++++++- lemur/roles/service.py | 11 ++++++++++- lemur/users/service.py | 6 ++++++ 4 files changed, 34 insertions(+), 5 deletions(-) diff --git a/lemur/auth/views.py b/lemur/auth/views.py index eaed419d..fe3b8cf5 100644 --- a/lemur/auth/views.py +++ b/lemur/auth/views.py @@ -20,6 +20,7 @@ from lemur.common.utils import get_psuedo_random_string from lemur.users import service as user_service from lemur.roles import service as role_service +from lemur.logs import service as log_service from lemur.auth.service import create_token, fetch_token_header, get_rsa_public_key from lemur.auth import ldap @@ -184,8 +185,6 @@ def create_user_roles(profile): current_app.config["LEMUR_DEFAULT_ROLE"], description="This is the default Lemur role.", ) - if not default.third_party: - role_service.set_third_party(default.id, third_party_status=True) roles.append(default) return roles @@ -198,7 +197,7 @@ def update_user(user, profile, roles): :param profile: :param roles: """ - + log_service.audit_log("TEST", user.name, "Edit role") # if we get an sso user create them an account if not user: user = user_service.create( @@ -215,6 +214,8 @@ def update_user(user, profile, roles): for ur in user.roles: if not ur.third_party: roles.append(ur) + else: + log_service.audit_log("unassign_role", ur.name, f"Un-assigning the role for {user.name}") # update any changes to the user user_service.update( diff --git a/lemur/logs/service.py b/lemur/logs/service.py index f4949911..96b4b14f 100644 --- a/lemur/logs/service.py +++ b/lemur/logs/service.py @@ -7,7 +7,7 @@ :license: Apache, see LICENSE for more details. .. moduleauthor:: Kevin Glisson """ -from flask import current_app +from flask import current_app, g from lemur import database from lemur.logs.models import Log @@ -34,6 +34,19 @@ def create(user, type, certificate=None): database.commit() +def audit_log(action, entity, message): + """ + Logs given action + :param action: The action being logged e.g. assign_role, create_role etc + :param entity: The entity undergoing the action e.g. name of the role + :param message: Additional info e.g. Role being assigned to user X + :return: + """ + current_app.logger.info( + f"[lemur-audit] action: {action}, user: {g.current_user.email}, entity: {entity} [{message}]" + ) + + def get_all(): """ Retrieve all logs from the database. diff --git a/lemur/roles/service.py b/lemur/roles/service.py index fa4c9c97..cb733d40 100644 --- a/lemur/roles/service.py +++ b/lemur/roles/service.py @@ -12,6 +12,7 @@ from lemur import database from lemur.roles.models import Role from lemur.users.models import User +from lemur.logs import service as log_service def update(role_id, name, description, users): @@ -29,6 +30,8 @@ def update(role_id, name, description, users): role.description = description role.users = users database.update(role) + + log_service.audit_log("update_role", name, f"Role with id {role_id} updated") return role @@ -44,6 +47,8 @@ def set_third_party(role_id, third_party_status=False): role = get(role_id) role.third_party = third_party_status database.update(role) + + log_service.audit_log("update_role", role.name, f"Updated third_party_status={third_party_status}") return role @@ -71,6 +76,7 @@ def create( if users: role.users = users + log_service.audit_log("create_role", name, "Creating new role") return database.create(role) @@ -101,7 +107,10 @@ def delete(role_id): :param role_id: :return: """ - return database.delete(get(role_id)) + + role = get(role_id) + log_service.audit_log("delete_role", role.name, "Deleting role") + return database.delete(role) def render(args): diff --git a/lemur/users/service.py b/lemur/users/service.py index 8fb91aa3..a67f0262 100644 --- a/lemur/users/service.py +++ b/lemur/users/service.py @@ -8,6 +8,7 @@ .. moduleauthor:: Kevin Glisson """ from lemur import database +from lemur.logs import service as log_service from lemur.users.models import User @@ -31,6 +32,7 @@ def create(username, password, email, active, profile_picture, roles): profile_picture=profile_picture, ) user.roles = roles + log_service.audit_log("create_user", username, f"Creating new user") return database.create(user) @@ -52,6 +54,8 @@ def update(user_id, username, email, active, profile_picture, roles): user.active = active user.profile_picture = profile_picture update_roles(user, roles) + + log_service.audit_log("update_user", username, f"Updating user with id {user_id}") return database.update(user) @@ -70,6 +74,7 @@ def update_roles(user, roles): break else: user.roles.remove(ur) + log_service.audit_log("unassign_role", ur.name, f"Un-assigning the role for user {user.username}") for r in roles: for ur in user.roles: @@ -77,6 +82,7 @@ def update_roles(user, roles): break else: user.roles.append(r) + log_service.audit_log("assign_role", ur.name, f"Assigning the role to user {user.username}") def get(user_id):