Add audit log entries for user roles (#19040)

* Refactor audit log schema * Add audit log entries for user roles
2022-08-25 20:39:40 +02:00 · 2022-08-25 20:39:40 +02:00 · 0396acf39e
commit 0396acf39e
parent 99aed9069d
27 changed files with 151 additions and 99 deletions
--- a/app/models/admin/action_log.rb
+++ b/app/models/admin/action_log.rb
@ -9,38 +9,42 @@
 #  action           :string           default(""), not null
 #  target_type      :string
 #  target_id        :bigint(8)
-#  recorded_changes :text             default(""), not null
 #  created_at       :datetime         not null
 #  updated_at       :datetime         not null
+#  human_identifier :string
+#  route_param      :string
+#  permalink        :string
 #

 class Admin::ActionLog < ApplicationRecord
-  serialize :recorded_changes
+  self.ignored_columns = %w(
+    recorded_changes
+  )

  belongs_to :account
  belongs_to :target, polymorphic: true, optional: true

  default_scope -> { order('id desc') }

+  before_validation :set_human_identifier
+  before_validation :set_route_param
+  before_validation :set_permalink
+
  def action
    super.to_sym
  end

-  before_validation :set_changes
-
  private

-  def set_changes
-    case action
-    when :destroy, :create
-      self.recorded_changes = target.attributes
-    when :update, :promote, :demote
-      self.recorded_changes = target.previous_changes
-    when :change_email
-      self.recorded_changes = ActiveSupport::HashWithIndifferentAccess.new(
-        email: [target.email, nil],
-        unconfirmed_email: [nil, target.unconfirmed_email]
-      )
-    end
+  def set_human_identifier
+    self.human_identifier = target.to_log_human_identifier if target.respond_to?(:to_log_human_identifier)
+  end
+
+  def set_route_param
+    self.route_param = target.to_log_route_param if target.respond_to?(:to_log_route_param)
+  end
+
+  def set_permalink
+    self.permalink = target.to_log_permalink if target.respond_to?(:to_log_permalink)
  end
 end
--- a/app/models/admin/action_log_filter.rb
+++ b/app/models/admin/action_log_filter.rb
@ -12,6 +12,7 @@ class Admin::ActionLogFilter
    reject_appeal: { target_type: 'Appeal', action: 'reject' }.freeze,
    assigned_to_self_report: { target_type: 'Report', action: 'assigned_to_self' }.freeze,
    change_email_user: { target_type: 'User', action: 'change_email' }.freeze,
+    change_role_user: { target_type: 'User', action: 'change_role' }.freeze,
    confirm_user: { target_type: 'User', action: 'confirm' }.freeze,
    approve_user: { target_type: 'User', action: 'approve' }.freeze,
    reject_user: { target_type: 'User', action: 'reject' }.freeze,
@ -22,6 +23,7 @@ class Admin::ActionLogFilter
    create_domain_block: { target_type: 'DomainBlock', action: 'create' }.freeze,
    create_email_domain_block: { target_type: 'EmailDomainBlock', action: 'create' }.freeze,
    create_unavailable_domain: { target_type: 'UnavailableDomain', action: 'create' }.freeze,
+    create_user_role: { target_type: 'UserRole', action: 'create' }.freeze,
    demote_user: { target_type: 'User', action: 'demote' }.freeze,
    destroy_announcement: { target_type: 'Announcement', action: 'destroy' }.freeze,
    destroy_custom_emoji: { target_type: 'CustomEmoji', action: 'destroy' }.freeze,
@ -31,6 +33,7 @@ class Admin::ActionLogFilter
    destroy_instance: { target_type: 'Instance', action: 'destroy' }.freeze,
    destroy_unavailable_domain: { target_type: 'UnavailableDomain', action: 'destroy' }.freeze,
    destroy_status: { target_type: 'Status', action: 'destroy' }.freeze,
+    destroy_user_role: { target_type: 'UserRole', action: 'destroy' }.freeze,
    disable_2fa_user: { target_type: 'User', action: 'disable' }.freeze,
    disable_custom_emoji: { target_type: 'CustomEmoji', action: 'disable' }.freeze,
    disable_user: { target_type: 'User', action: 'disable' }.freeze,
@ -52,6 +55,7 @@ class Admin::ActionLogFilter
    update_announcement: { target_type: 'Announcement', action: 'update' }.freeze,
    update_custom_emoji: { target_type: 'CustomEmoji', action: 'update' }.freeze,
    update_status: { target_type: 'Status', action: 'update' }.freeze,
+    update_user_role: { target_type: 'UserRole', action: 'update' }.freeze,
    unblock_email_account: { target_type: 'Account', action: 'unblock_email' }.freeze,
  }.freeze