mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-07-28 17:02:04 +03:00
Implemented user, api_tokem & role activity logging
Also refactored some role content, primarily updating the permission controller to be RoleController since it only dealt with roles.
This commit is contained in:
Dan Brown
@ -32,7 +32,6 @@ class ActivityType
|
||||
const RECYCLE_BIN_RESTORE = 'recycle_bin_restore';
|
||||
const RECYCLE_BIN_DESTROY = 'recycle_bin_destroy';
|
||||
|
||||
// TODO - Implement all below
|
||||
const USER_CREATE = 'user_create';
|
||||
const USER_UPDATE = 'user_update';
|
||||
const USER_DELETE = 'user_delete';
|
||||
@ -45,6 +44,7 @@ class ActivityType
|
||||
const ROLE_UPDATE = 'role_update';
|
||||
const ROLE_DELETE = 'role_delete';
|
||||
|
||||
// TODO - Implement all below
|
||||
const ACCESS_PASSWORD_RESET = 'access_password_reset_request';
|
||||
const ACCESS_PASSWORD_RESET_UPDATE = 'access_password_reset_update';
|
||||
const ACCESS_LOGIN = 'access_login';
|
||||
|
||||
@ -1,11 +1,22 @@
|
||||
<?php namespace BookStack\Api;
|
||||
|
||||
use BookStack\Auth\User;
|
||||
use BookStack\Interfaces\Loggable;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
use Illuminate\Database\Eloquent\Relations\BelongsTo;
|
||||
use Illuminate\Support\Carbon;
|
||||
|
||||
class ApiToken extends Model
|
||||
/**
|
||||
* Class ApiToken
|
||||
* @property int $id
|
||||
* @property string $token_id
|
||||
* @property string $secret
|
||||
* @property string $name
|
||||
* @property Carbon $expires_at
|
||||
* @property User $user
|
||||
* @package BookStack\Api
|
||||
*/
|
||||
class ApiToken extends Model implements Loggable
|
||||
{
|
||||
protected $fillable = ['name', 'expires_at'];
|
||||
protected $casts = [
|
||||
@ -28,4 +39,12 @@ class ApiToken extends Model
|
||||
{
|
||||
return Carbon::now()->addYears(100)->format('Y-m-d');
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
public function logDescriptor(): string
|
||||
{
|
||||
return "({$this->id}) {$this->name}; User: {$this->user->logDescriptor()}";
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,10 +1,11 @@
|
||||
<?php namespace BookStack\Auth\Permissions;
|
||||
|
||||
use BookStack\Actions\ActivityType;
|
||||
use BookStack\Auth\Role;
|
||||
use BookStack\Exceptions\PermissionsException;
|
||||
use BookStack\Facades\Activity;
|
||||
use Exception;
|
||||
use Illuminate\Database\Eloquent\Collection;
|
||||
use Illuminate\Support\Str;
|
||||
|
||||
class PermissionsRepo
|
||||
{
|
||||
@ -60,6 +61,7 @@ class PermissionsRepo
|
||||
$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
|
||||
$this->assignRolePermissions($role, $permissions);
|
||||
$this->permissionService->buildJointPermissionForRole($role);
|
||||
Activity::add(ActivityType::ROLE_CREATE, $role);
|
||||
return $role;
|
||||
}
|
||||
|
||||
@ -88,12 +90,13 @@ class PermissionsRepo
|
||||
$role->fill($roleData);
|
||||
$role->save();
|
||||
$this->permissionService->buildJointPermissionForRole($role);
|
||||
Activity::add(ActivityType::ROLE_UPDATE, $role);
|
||||
}
|
||||
|
||||
/**
|
||||
* Assign an list of permission names to an role.
|
||||
*/
|
||||
public function assignRolePermissions(Role $role, array $permissionNameArray = [])
|
||||
protected function assignRolePermissions(Role $role, array $permissionNameArray = [])
|
||||
{
|
||||
$permissions = [];
|
||||
$permissionNameArray = array_values($permissionNameArray);
|
||||
@ -137,6 +140,7 @@ class PermissionsRepo
|
||||
}
|
||||
|
||||
$this->permissionService->deleteJointPermissionsForRole($role);
|
||||
Activity::add(ActivityType::ROLE_DELETE, $role);
|
||||
$role->delete();
|
||||
}
|
||||
}
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
|
||||
use BookStack\Auth\Permissions\JointPermission;
|
||||
use BookStack\Auth\Permissions\RolePermission;
|
||||
use BookStack\Interfaces\Loggable;
|
||||
use BookStack\Model;
|
||||
use Illuminate\Database\Eloquent\Collection;
|
||||
use Illuminate\Database\Eloquent\Relations\HasMany;
|
||||
@ -14,7 +15,7 @@ use Illuminate\Database\Eloquent\Relations\HasMany;
|
||||
* @property string $external_auth_id
|
||||
* @property string $system_name
|
||||
*/
|
||||
class Role extends Model
|
||||
class Role extends Model implements Loggable
|
||||
{
|
||||
|
||||
protected $fillable = ['display_name', 'description', 'external_auth_id'];
|
||||
@ -104,4 +105,12 @@ class Role extends Model
|
||||
{
|
||||
return static::query()->where('system_name', '!=', 'admin')->get();
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
public function logDescriptor(): string
|
||||
{
|
||||
return "({$this->id}) {$this->display_name}";
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
<?php namespace BookStack\Auth;
|
||||
|
||||
use BookStack\Api\ApiToken;
|
||||
use BookStack\Interfaces\Loggable;
|
||||
use BookStack\Model;
|
||||
use BookStack\Notifications\ResetPassword;
|
||||
use BookStack\Uploads\Image;
|
||||
@ -27,7 +28,7 @@ use Illuminate\Notifications\Notifiable;
|
||||
* @property string $external_auth_id
|
||||
* @property string $system_name
|
||||
*/
|
||||
class User extends Model implements AuthenticatableContract, CanResetPasswordContract
|
||||
class User extends Model implements AuthenticatableContract, CanResetPasswordContract, Loggable
|
||||
{
|
||||
use Authenticatable, CanResetPassword, Notifiable;
|
||||
|
||||
@ -274,4 +275,12 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
|
||||
{
|
||||
$this->notify(new ResetPassword($token));
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
public function logDescriptor(): string
|
||||
{
|
||||
return "({$this->id}) {$this->name}";
|
||||
}
|
||||
}
|
||||
|
||||
@ -85,9 +85,9 @@ class RecycleBinController extends Controller
|
||||
{
|
||||
/** @var Deletion $deletion */
|
||||
$deletion = Deletion::query()->findOrFail($id);
|
||||
$this->logActivity(ActivityType::RECYCLE_BIN_DESTROY, $deletion);
|
||||
$deleteCount = (new TrashCan())->destroyFromDeletion($deletion);
|
||||
|
||||
$this->logActivity(ActivityType::RECYCLE_BIN_DESTROY, $deletion);
|
||||
$this->showSuccessNotification(trans('settings.recycle_bin_destroy_notification', ['count' => $deleteCount]));
|
||||
return redirect($this->recycleBinBaseUrl);
|
||||
}
|
||||
|
||||
@ -6,7 +6,7 @@ use Exception;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
|
||||
class PermissionController extends Controller
|
||||
class RoleController extends Controller
|
||||
{
|
||||
|
||||
protected $permissionsRepo;
|
||||
@ -23,7 +23,7 @@ class PermissionController extends Controller
|
||||
/**
|
||||
* Show a listing of the roles in the system.
|
||||
*/
|
||||
public function listRoles()
|
||||
public function list()
|
||||
{
|
||||
$this->checkPermission('user-roles-manage');
|
||||
$roles = $this->permissionsRepo->getAllRoles();
|
||||
@ -33,7 +33,7 @@ class PermissionController extends Controller
|
||||
/**
|
||||
* Show the form to create a new role
|
||||
*/
|
||||
public function createRole()
|
||||
public function create()
|
||||
{
|
||||
$this->checkPermission('user-roles-manage');
|
||||
return view('settings.roles.create');
|
||||
@ -42,7 +42,7 @@ class PermissionController extends Controller
|
||||
/**
|
||||
* Store a new role in the system.
|
||||
*/
|
||||
public function storeRole(Request $request)
|
||||
public function store(Request $request)
|
||||
{
|
||||
$this->checkPermission('user-roles-manage');
|
||||
$this->validate($request, [
|
||||
@ -59,7 +59,7 @@ class PermissionController extends Controller
|
||||
* Show the form for editing a user role.
|
||||
* @throws PermissionsException
|
||||
*/
|
||||
public function editRole(string $id)
|
||||
public function edit(string $id)
|
||||
{
|
||||
$this->checkPermission('user-roles-manage');
|
||||
$role = $this->permissionsRepo->getRoleById($id);
|
||||
@ -73,7 +73,7 @@ class PermissionController extends Controller
|
||||
* Updates a user role.
|
||||
* @throws ValidationException
|
||||
*/
|
||||
public function updateRole(Request $request, string $id)
|
||||
public function update(Request $request, string $id)
|
||||
{
|
||||
$this->checkPermission('user-roles-manage');
|
||||
$this->validate($request, [
|
||||
@ -90,7 +90,7 @@ class PermissionController extends Controller
|
||||
* Show the view to delete a role.
|
||||
* Offers the chance to migrate users.
|
||||
*/
|
||||
public function showDeleteRole(string $id)
|
||||
public function showDelete(string $id)
|
||||
{
|
||||
$this->checkPermission('user-roles-manage');
|
||||
$role = $this->permissionsRepo->getRoleById($id);
|
||||
@ -105,7 +105,7 @@ class PermissionController extends Controller
|
||||
* Migrate from a previous role if set.
|
||||
* @throws Exception
|
||||
*/
|
||||
public function deleteRole(Request $request, string $id)
|
||||
public function delete(Request $request, string $id)
|
||||
{
|
||||
$this->checkPermission('user-roles-manage');
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
<?php namespace BookStack\Http\Controllers;
|
||||
|
||||
use BookStack\Actions\ActivityType;
|
||||
use BookStack\Api\ApiToken;
|
||||
use BookStack\Auth\User;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Carbon;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Support\Str;
|
||||
|
||||
@ -57,6 +57,8 @@ class UserApiTokenController extends Controller
|
||||
|
||||
session()->flash('api-token-secret:' . $token->id, $secret);
|
||||
$this->showSuccessNotification(trans('settings.user_api_token_create_success'));
|
||||
$this->logActivity(ActivityType::API_TOKEN_CREATE, $token);
|
||||
|
||||
return redirect($user->getEditUrl('/api-tokens/' . $token->id));
|
||||
}
|
||||
|
||||
@ -93,6 +95,7 @@ class UserApiTokenController extends Controller
|
||||
])->save();
|
||||
|
||||
$this->showSuccessNotification(trans('settings.user_api_token_update_success'));
|
||||
$this->logActivity(ActivityType::API_TOKEN_UPDATE, $token);
|
||||
return redirect($user->getEditUrl('/api-tokens/' . $token->id));
|
||||
}
|
||||
|
||||
@ -117,6 +120,8 @@ class UserApiTokenController extends Controller
|
||||
$token->delete();
|
||||
|
||||
$this->showSuccessNotification(trans('settings.user_api_token_delete_success'));
|
||||
$this->logActivity(ActivityType::API_TOKEN_DELETE, $token);
|
||||
|
||||
return redirect($user->getEditUrl('#api_tokens'));
|
||||
}
|
||||
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
<?php namespace BookStack\Http\Controllers;
|
||||
|
||||
use BookStack\Actions\ActivityType;
|
||||
use BookStack\Auth\Access\SocialAuthService;
|
||||
use BookStack\Auth\Access\UserInviteService;
|
||||
use BookStack\Auth\User;
|
||||
@ -102,6 +103,7 @@ class UserController extends Controller
|
||||
|
||||
$this->userRepo->downloadAndAssignUserAvatar($user);
|
||||
|
||||
$this->logActivity(ActivityType::USER_CREATE, $user);
|
||||
return redirect('/settings/users');
|
||||
}
|
||||
|
||||
@ -194,6 +196,7 @@ class UserController extends Controller
|
||||
|
||||
$user->save();
|
||||
$this->showSuccessNotification(trans('settings.users_edit_success'));
|
||||
$this->logActivity(ActivityType::USER_UPDATE, $user);
|
||||
|
||||
$redirectUrl = userCan('users-manage') ? '/settings/users' : ('/settings/users/' . $user->id);
|
||||
return redirect($redirectUrl);
|
||||
@ -234,6 +237,7 @@ class UserController extends Controller
|
||||
|
||||
$this->userRepo->destroy($user);
|
||||
$this->showSuccessNotification(trans('settings.users_delete_success'));
|
||||
$this->logActivity(ActivityType::USER_DELETE, $user);
|
||||
|
||||
return redirect('/settings/users');
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user