mirror of
https://github.com/mattermost/mattermost.git
synced 2026-02-18 18:18:23 -05:00
[MM-64686] Expose audit logging functionality via plugin API (#31204)
This commit exposes audit logging functionality to plugins via the plugin API, allowing plugins to create and log audit records. Additionally, it addresses a gob encoding issue that could cause plugin crashes when audit data contains nil pointers or unregistered types.
This commit is contained in:
David Krauser
GitHub
parent
efb960a160
commit
aaa62a40ae
68 changed files with 878 additions and 750 deletions
|
|
@ -11,7 +11,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitAccessControlPolicy() {
|
||||
|
|
@ -42,9 +41,9 @@ func createAccessControlPolicy(c *Context, w http.ResponseWriter, r *http.Reques
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createAccessControlPolicy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createAccessControlPolicy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "requested", &policy)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "requested", &policy)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
||||
c.SetPermissionError(model.PermissionManageSystem)
|
||||
|
|
@ -113,9 +112,9 @@ func deleteAccessControlPolicy(c *Context, w http.ResponseWriter, r *http.Reques
|
|||
}
|
||||
policyID := c.Params.PolicyId
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteAccessControlPolicy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteAccessControlPolicy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "id", policyID)
|
||||
model.AddEventParameterToAuditRec(auditRec, "id", policyID)
|
||||
|
||||
appErr := c.App.DeleteAccessControlPolicy(c.AppContext, policyID)
|
||||
if appErr != nil {
|
||||
|
|
@ -246,9 +245,9 @@ func updateActiveStatus(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
policyID := c.Params.PolicyId
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateActiveStatus", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateActiveStatus", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "id", policyID)
|
||||
model.AddEventParameterToAuditRec(auditRec, "id", policyID)
|
||||
|
||||
active := r.URL.Query().Get("active")
|
||||
if active != "true" && active != "false" {
|
||||
|
|
@ -260,7 +259,7 @@ func updateActiveStatus(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.SetInvalidParamWithErr("active", err)
|
||||
return
|
||||
}
|
||||
audit.AddEventParameter(auditRec, "active", activeBool)
|
||||
model.AddEventParameterToAuditRec(auditRec, "active", activeBool)
|
||||
|
||||
appErr := c.App.UpdateAccessControlPolicyActive(c.AppContext, policyID, activeBool)
|
||||
if appErr != nil {
|
||||
|
|
@ -293,10 +292,10 @@ func assignAccessPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("assignAccessPolicy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("assignAccessPolicy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "id", policyID)
|
||||
audit.AddEventParameter(auditRec, "channel_ids", assignments.ChannelIds)
|
||||
model.AddEventParameterToAuditRec(auditRec, "id", policyID)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_ids", assignments.ChannelIds)
|
||||
|
||||
if len(assignments.ChannelIds) != 0 {
|
||||
_, appErr := c.App.AssignAccessControlPolicyToChannels(c.AppContext, policyID, assignments.ChannelIds)
|
||||
|
|
@ -325,10 +324,10 @@ func unassignAccessPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
ChannelIds []string `json:"channel_ids"`
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("unassignAccessPolicy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("unassignAccessPolicy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "id", policyID)
|
||||
audit.AddEventParameter(auditRec, "channel_ids", assignments.ChannelIds)
|
||||
model.AddEventParameterToAuditRec(auditRec, "id", policyID)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_ids", assignments.ChannelIds)
|
||||
|
||||
err := json.NewDecoder(r.Body).Decode(&assignments)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ import (
|
|||
"net/http"
|
||||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitAuditLogging() {
|
||||
|
|
@ -50,9 +49,9 @@ func addAuditLogCertificate(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("addAuditLogCertificate", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("addAuditLogCertificate", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "filename", fileData.Filename)
|
||||
model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename)
|
||||
|
||||
if err := c.App.AddAuditLogCertificate(c.AppContext, fileData); err != nil {
|
||||
c.Err = err
|
||||
|
|
@ -71,7 +70,7 @@ func removeAuditLogCertificate(c *Context, w http.ResponseWriter, r *http.Reques
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("removeAuditLogCertificate", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("removeAuditLogCertificate", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if err := c.App.RemoveAuditLogCertificate(c.AppContext); err != nil {
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ import (
|
|||
"net/http"
|
||||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitBleve() {
|
||||
|
|
@ -15,7 +14,7 @@ func (api *API) InitBleve() {
|
|||
}
|
||||
|
||||
func purgeBleveIndexes(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("purgeBleveIndexes", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("purgeBleveIndexes", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionPurgeBleveIndexes) {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitBot() {
|
||||
|
|
@ -37,9 +36,9 @@ func createBot(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
bot.Patch(botPatch)
|
||||
|
||||
auditRec := c.MakeAuditRecord("createBot", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createBot", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "bot", bot)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "bot", bot)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionCreateBot) {
|
||||
c.SetPermissionError(model.PermissionCreateBot)
|
||||
|
|
@ -88,10 +87,10 @@ func patchBot(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchBot", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("patchBot", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "id", botUserId)
|
||||
audit.AddEventParameterAuditable(auditRec, "bot", botPatch)
|
||||
model.AddEventParameterToAuditRec(auditRec, "id", botUserId)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "bot", botPatch)
|
||||
|
||||
if err := c.App.SessionHasPermissionToManageBot(c.AppContext, *c.AppContext.Session(), botUserId); err != nil {
|
||||
c.Err = err
|
||||
|
|
@ -206,10 +205,10 @@ func updateBotActive(c *Context, w http.ResponseWriter, active bool) {
|
|||
}
|
||||
botUserId := c.Params.BotUserId
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateBotActive", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateBotActive", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "id", botUserId)
|
||||
audit.AddEventParameter(auditRec, "enable", active)
|
||||
model.AddEventParameterToAuditRec(auditRec, "id", botUserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "enable", active)
|
||||
|
||||
if err := c.App.SessionHasPermissionToManageBot(c.AppContext, *c.AppContext.Session(), botUserId); err != nil {
|
||||
c.Err = err
|
||||
|
|
@ -240,10 +239,10 @@ func assignBot(c *Context, w http.ResponseWriter, _ *http.Request) {
|
|||
botUserId := c.Params.BotUserId
|
||||
userId := c.Params.UserId
|
||||
|
||||
auditRec := c.MakeAuditRecord("assignBot", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("assignBot", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "id", botUserId)
|
||||
audit.AddEventParameter(auditRec, "user_id", userId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "id", botUserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", userId)
|
||||
|
||||
if err := c.App.SessionHasPermissionToManageBot(c.AppContext, *c.AppContext.Session(), botUserId); err != nil {
|
||||
c.Err = err
|
||||
|
|
@ -293,11 +292,11 @@ func convertBotToUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
systemAdmin, _ := strconv.ParseBool(r.URL.Query().Get("set_system_admin"))
|
||||
|
||||
auditRec := c.MakeAuditRecord("convertBotToUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("convertBotToUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "bot", bot)
|
||||
audit.AddEventParameterAuditable(auditRec, "user_patch", &userPatch)
|
||||
audit.AddEventParameter(auditRec, "set_system_admin", systemAdmin)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "bot", bot)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user_patch", &userPatch)
|
||||
model.AddEventParameterToAuditRec(auditRec, "set_system_admin", systemAdmin)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
||||
c.SetPermissionError(model.PermissionManageSystem)
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitBrand() {
|
||||
|
|
@ -66,7 +65,7 @@ func uploadBrandImage(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("uploadBrandImage", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("uploadBrandImage", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionEditBrand) {
|
||||
|
|
@ -87,7 +86,7 @@ func uploadBrandImage(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func deleteBrandImage(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("deleteBrandImage", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteBrandImage", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionEditBrand) {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/shared/i18n"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
const maxListSize = 1000
|
||||
|
|
@ -103,9 +102,9 @@ func createChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createChannel", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createChannel", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "channel", channel)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "channel", channel)
|
||||
|
||||
if channel.Type == model.ChannelTypeOpen && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PermissionCreatePublicChannel) {
|
||||
c.SetPermissionError(model.PermissionCreatePublicChannel)
|
||||
|
|
@ -153,8 +152,8 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateChannel", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "channel", channel)
|
||||
auditRec := c.MakeAuditRecord("updateChannel", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "channel", channel)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
originalOldChannel, appErr := c.App.GetChannel(c.AppContext, channel.Id)
|
||||
|
|
@ -223,7 +222,7 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
if channel.Name != "" {
|
||||
oldChannel.Name = channel.Name
|
||||
audit.AddEventParameter(auditRec, "new_channel_name", oldChannel.Name)
|
||||
model.AddEventParameterToAuditRec(auditRec, "new_channel_name", oldChannel.Name)
|
||||
}
|
||||
|
||||
if channel.GroupConstrained != nil {
|
||||
|
|
@ -258,8 +257,8 @@ func updateChannelPrivacy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateChannelPrivacy", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
auditRec := c.MakeAuditRecord("updateChannelPrivacy", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
props := model.StringInterfaceFromJSON(r.Body)
|
||||
|
|
@ -269,7 +268,7 @@ func updateChannelPrivacy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameter(auditRec, "privacy", privacy)
|
||||
model.AddEventParameterToAuditRec(auditRec, "privacy", privacy)
|
||||
|
||||
channel, err := c.App.GetChannel(c.AppContext, c.Params.ChannelId)
|
||||
if err != nil {
|
||||
|
|
@ -337,9 +336,9 @@ func patchChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
oldChannel := originalOldChannel.DeepCopy()
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchChannel", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("patchChannel", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "channel", patch)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "channel", patch)
|
||||
auditRec.AddEventPriorState(oldChannel)
|
||||
|
||||
switch oldChannel.Type {
|
||||
|
|
@ -429,7 +428,7 @@ func restoreChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
teamId := channel.TeamId
|
||||
|
||||
auditRec := c.MakeAuditRecord("restoreChannel", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("restoreChannel", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
auditRec.AddEventPriorState(channel)
|
||||
|
||||
|
|
@ -483,8 +482,8 @@ func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createDirectChannel", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "user_ids", userIds)
|
||||
auditRec := c.MakeAuditRecord("createDirectChannel", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_ids", userIds)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionCreateDirectChannel) {
|
||||
|
|
@ -502,7 +501,7 @@ func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
otherUserId = userIds[1]
|
||||
}
|
||||
|
||||
audit.AddEventParameter(auditRec, "user_id", otherUserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", otherUserId)
|
||||
|
||||
canSee, appErr := c.App.UserCanSeeOtherUser(c.AppContext, c.AppContext.Session().UserId, otherUserId)
|
||||
if appErr != nil {
|
||||
|
|
@ -575,8 +574,8 @@ func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
userIds = append(userIds, c.AppContext.Session().UserId)
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createGroupChannel", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "user_ids", userIds)
|
||||
auditRec := c.MakeAuditRecord("createGroupChannel", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_ids", userIds)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionCreateGroupChannel) {
|
||||
|
|
@ -1374,8 +1373,8 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteChannel", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "id", c.Params.ChannelId)
|
||||
auditRec := c.MakeAuditRecord("deleteChannel", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "id", c.Params.ChannelId)
|
||||
auditRec.AddEventPriorState(channel)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
|
|
@ -1711,10 +1710,10 @@ func updateChannelMemberRoles(c *Context, w http.ResponseWriter, r *http.Request
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateChannelMemberRoles", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateChannelMemberRoles", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "props", props)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "props", props)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
|
||||
if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), c.Params.ChannelId, model.PermissionManageChannelRoles) {
|
||||
c.SetPermissionError(model.PermissionManageChannelRoles)
|
||||
|
|
@ -1743,10 +1742,10 @@ func updateChannelMemberSchemeRoles(c *Context, w http.ResponseWriter, r *http.R
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateChannelMemberSchemeRoles", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateChannelMemberSchemeRoles", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
audit.AddEventParameterAuditable(auditRec, "roles", &schemeRoles)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "roles", &schemeRoles)
|
||||
|
||||
if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), c.Params.ChannelId, model.PermissionManageChannelRoles) {
|
||||
c.SetPermissionError(model.PermissionManageChannelRoles)
|
||||
|
|
@ -1775,10 +1774,10 @@ func updateChannelMemberNotifyProps(c *Context, w http.ResponseWriter, r *http.R
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateChannelMemberNotifyProps", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateChannelMemberNotifyProps", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
audit.AddEventParameter(auditRec, "props", props)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "props", props)
|
||||
|
||||
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
||||
c.SetPermissionError(model.PermissionEditOtherUsers)
|
||||
|
|
@ -1912,11 +1911,11 @@ func addChannelMember(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
continue
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("addChannelMember", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("addChannelMember", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "user_id", userId)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
audit.AddEventParameter(auditRec, "post_root_id", postRootId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", userId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "post_root_id", postRootId)
|
||||
|
||||
member := &model.ChannelMember{
|
||||
ChannelId: c.Params.ChannelId,
|
||||
|
|
@ -2003,10 +2002,10 @@ func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("removeChannelMember", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("removeChannelMember", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
|
||||
channel, err := c.App.GetChannel(c.AppContext, c.Params.ChannelId)
|
||||
if err != nil {
|
||||
|
|
@ -2059,8 +2058,8 @@ func updateChannelScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateChannelScheme", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
auditRec := c.MakeAuditRecord("updateChannelScheme", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
var p model.SchemeIDPatch
|
||||
|
|
@ -2070,7 +2069,7 @@ func updateChannelScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
schemeID := p.SchemeID
|
||||
|
||||
audit.AddEventParameter(auditRec, "scheme_id", *schemeID)
|
||||
model.AddEventParameterToAuditRec(auditRec, "scheme_id", *schemeID)
|
||||
|
||||
if c.App.Channels().License() == nil {
|
||||
c.Err = model.NewAppError("Api4.UpdateChannelScheme", "api.channel.update_channel_scheme.license.error", nil, "", http.StatusForbidden)
|
||||
|
|
@ -2254,7 +2253,7 @@ func patchChannelModerations(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchChannelModerations", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("patchChannelModerations", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteUserManagementChannels) {
|
||||
|
|
@ -2267,7 +2266,7 @@ func patchChannelModerations(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
c.Err = appErr
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "channel", channel)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "channel", channel)
|
||||
|
||||
var channelModerationsPatch []*model.ChannelModerationPatch
|
||||
err := json.NewDecoder(r.Body).Decode(&channelModerationsPatch)
|
||||
|
|
@ -2281,7 +2280,7 @@ func patchChannelModerations(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
c.Err = appErr
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditableArray(auditRec, "channel_moderations_patch", channelModerationsPatch)
|
||||
model.AddEventParameterAuditableArrayToAuditRec(auditRec, "channel_moderations_patch", channelModerationsPatch)
|
||||
|
||||
b, err := json.Marshal(channelModerations)
|
||||
if err != nil {
|
||||
|
|
@ -2326,11 +2325,11 @@ func moveChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("moveChannel", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("moveChannel", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
audit.AddEventParameter(auditRec, "team_id", teamId)
|
||||
audit.AddEventParameter(auditRec, "force", force)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", teamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "force", force)
|
||||
auditRec.AddEventPriorState(channel)
|
||||
|
||||
// TODO check and verify if the below three things are parameters or prior state if any
|
||||
|
|
@ -2451,11 +2450,11 @@ func convertGroupMessageToChannel(c *Context, w http.ResponseWriter, r *http.Req
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("convertGroupMessageToChannel", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("convertGroupMessageToChannel", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "channel_id", gmConversionRequest.ChannelID)
|
||||
audit.AddEventParameter(auditRec, "team_id", gmConversionRequest.TeamID)
|
||||
audit.AddEventParameter(auditRec, "user_id", user.Id)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", gmConversionRequest.ChannelID)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", gmConversionRequest.TeamID)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", user.Id)
|
||||
|
||||
updatedChannel, appErr := c.App.ConvertGroupMessageToChannel(c.AppContext, c.AppContext.Session().UserId, gmConversionRequest)
|
||||
if appErr != nil {
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitChannelBookmarks() {
|
||||
|
|
@ -54,9 +53,9 @@ func createChannelBookmark(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
channelBookmark.ChannelId = c.Params.ChannelId
|
||||
|
||||
auditRec := c.MakeAuditRecord("createChannelBookmark", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createChannelBookmark", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "channelBookmark", channelBookmark)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "channelBookmark", channelBookmark)
|
||||
|
||||
switch channel.Type {
|
||||
case model.ChannelTypeOpen:
|
||||
|
|
@ -136,9 +135,9 @@ func updateChannelBookmark(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
patchedBookmark := originalChannelBookmark.Clone()
|
||||
auditRec := c.MakeAuditRecord("updateChannelBookmark", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateChannelBookmark", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "channelBookmark", patch)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "channelBookmark", patch)
|
||||
|
||||
// The channel bookmark should belong to the same channel specified in the URL
|
||||
if patchedBookmark.ChannelId != c.Params.ChannelId {
|
||||
|
|
@ -236,9 +235,9 @@ func updateChannelBookmarkSortOrder(c *Context, w http.ResponseWriter, r *http.R
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateChannelBookmarkSortOrder", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateChannelBookmarkSortOrder", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "id", c.Params.ChannelBookmarkId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "id", c.Params.ChannelBookmarkId)
|
||||
|
||||
channel, appErr := c.App.GetChannel(c.AppContext, c.Params.ChannelId)
|
||||
if appErr != nil {
|
||||
|
|
@ -321,9 +320,9 @@ func deleteChannelBookmark(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteChannelBookmark", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteChannelBookmark", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "id", c.Params.ChannelBookmarkId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "id", c.Params.ChannelBookmarkId)
|
||||
|
||||
channel, appErr := c.App.GetChannel(c.AppContext, c.Params.ChannelId)
|
||||
if appErr != nil {
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func getCategoriesForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
|
|
@ -61,7 +60,7 @@ func createCategoryForTeamForUser(c *Context, w http.ResponseWriter, r *http.Req
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createCategoryForTeamForUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createCategoryForTeamForUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
var categoryCreateRequest model.SidebarCategoryWithChannels
|
||||
|
|
@ -139,7 +138,7 @@ func updateCategoryOrderForTeamForUser(c *Context, w http.ResponseWriter, r *htt
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateCategoryOrderForTeamForUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateCategoryOrderForTeamForUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
categoryOrder, err := model.NonSortedArrayFromJSON(r.Body)
|
||||
|
|
@ -217,7 +216,7 @@ func updateCategoriesForTeamForUser(c *Context, w http.ResponseWriter, r *http.R
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateCategoriesForTeamForUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateCategoriesForTeamForUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
var categoriesUpdateRequest []*model.SidebarCategoryWithChannels
|
||||
|
|
@ -331,7 +330,7 @@ func updateCategoryForTeamForUser(c *Context, w http.ResponseWriter, r *http.Req
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateCategoryForTeamForUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateCategoryForTeamForUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
var categoryUpdateRequest model.SidebarCategoryWithChannels
|
||||
|
|
@ -382,7 +381,7 @@ func deleteCategoryForTeamForUser(c *Context, w http.ResponseWriter, r *http.Req
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteCategoryForTeamForUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteCategoryForTeamForUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
appErr := c.App.DeleteSidebarCategory(c.AppContext, c.Params.UserId, c.Params.TeamId, c.Params.CategoryId)
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitChannelLocal() {
|
||||
|
|
@ -45,9 +44,9 @@ func localCreateChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("localCreateChannel", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localCreateChannel", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "channel", channel)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "channel", channel)
|
||||
|
||||
sc, appErr := c.App.CreateChannel(c.AppContext, channel, false)
|
||||
if appErr != nil {
|
||||
|
|
@ -85,9 +84,9 @@ func localUpdateChannelPrivacy(c *Context, w http.ResponseWriter, r *http.Reques
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("localUpdateChannelPrivacy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localUpdateChannelPrivacy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "privacy", privacy)
|
||||
model.AddEventParameterToAuditRec(auditRec, "privacy", privacy)
|
||||
|
||||
if channel.Name == model.DefaultChannelName && model.ChannelType(privacy) == model.ChannelTypePrivate {
|
||||
c.Err = model.NewAppError("updateChannelPrivacy", "api.channel.update_channel_privacy.default_channel_error", nil, "", http.StatusBadRequest)
|
||||
|
|
@ -123,9 +122,9 @@ func localRestoreChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("localRestoreChannel", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localRestoreChannel", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
|
||||
channel, err = c.App.RestoreChannel(c.AppContext, channel, "")
|
||||
if err != nil {
|
||||
|
|
@ -149,8 +148,8 @@ func localAddChannelMember(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("localAddChannelMember", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
auditRec := c.MakeAuditRecord("localAddChannelMember", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
props := model.StringInterfaceFromJSON(r.Body)
|
||||
|
|
@ -160,7 +159,7 @@ func localAddChannelMember(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameter(auditRec, "user_id", userId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", userId)
|
||||
|
||||
member := &model.ChannelMember{
|
||||
ChannelId: c.Params.ChannelId,
|
||||
|
|
@ -173,7 +172,7 @@ func localAddChannelMember(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameter(auditRec, "post_root_id", postRootId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "post_root_id", postRootId)
|
||||
|
||||
if ok && len(postRootId) == 26 {
|
||||
rootPost, err := c.App.GetSinglePost(c.AppContext, postRootId, false)
|
||||
|
|
@ -193,7 +192,7 @@ func localAddChannelMember(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameterAuditable(auditRec, "channel", channel)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "channel", channel)
|
||||
|
||||
if channel.Type == model.ChannelTypeDirect || channel.Type == model.ChannelTypeGroup {
|
||||
c.Err = model.NewAppError("localAddChannelMember", "api.channel.add_user_to_channel.type.app_error", nil, "", http.StatusBadRequest)
|
||||
|
|
@ -264,10 +263,10 @@ func localRemoveChannelMember(c *Context, w http.ResponseWriter, r *http.Request
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("localRemoveChannelMember", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localRemoveChannelMember", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
audit.AddEventParameter(auditRec, "remove_user_id", c.Params.UserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "remove_user_id", c.Params.UserId)
|
||||
|
||||
if err = c.App.RemoveUserFromChannel(c.AppContext, c.Params.UserId, "", channel); err != nil {
|
||||
c.Err = err
|
||||
|
|
@ -300,9 +299,9 @@ func localPatchChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
channel := originalOldChannel.DeepCopy()
|
||||
|
||||
auditRec := c.MakeAuditRecord("localPatchChannel", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localPatchChannel", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "channel_patch", patch)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "channel_patch", patch)
|
||||
|
||||
channel.Patch(patch)
|
||||
rchannel, appErr := c.App.UpdateChannel(c.AppContext, channel)
|
||||
|
|
@ -358,10 +357,10 @@ func localMoveChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("localMoveChannel", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localMoveChannel", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "team_id", teamId)
|
||||
audit.AddEventParameter(auditRec, "force", force)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", teamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "force", force)
|
||||
|
||||
// TODO do we need these?
|
||||
auditRec.AddMeta("channel_id", channel.Id)
|
||||
|
|
@ -417,10 +416,10 @@ func localDeleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("localDeleteChannel", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localDeleteChannel", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
auditRec.AddEventPriorState(channel)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
|
||||
if channel.Type == model.ChannelTypeDirect || channel.Type == model.ChannelTypeGroup {
|
||||
c.Err = model.NewAppError("localDeleteChannel", "api.channel.delete_channel.type.invalid", nil, "", http.StatusBadRequest)
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitCommand() {
|
||||
|
|
@ -36,8 +35,8 @@ func createCommand(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createCommand", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "command", &cmd)
|
||||
auditRec := c.MakeAuditRecord("createCommand", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "command", &cmd)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
@ -77,14 +76,14 @@ func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateCommand", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "command", &cmd)
|
||||
auditRec := c.MakeAuditRecord("updateCommand", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "command", &cmd)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
oldCmd, err := c.App.GetCommand(c.Params.CommandId)
|
||||
if err != nil {
|
||||
audit.AddEventParameter(auditRec, "command_id", c.Params.CommandId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "command_id", c.Params.CommandId)
|
||||
c.SetCommandNotFoundError()
|
||||
return
|
||||
}
|
||||
|
|
@ -137,8 +136,8 @@ func moveCommand(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("moveCommand", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "command_move_request", cmr.TeamId)
|
||||
auditRec := c.MakeAuditRecord("moveCommand", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "command_move_request", cmr.TeamId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
@ -147,7 +146,7 @@ func moveCommand(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.Err = appErr
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "team", newTeam)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "team", newTeam)
|
||||
|
||||
if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), newTeam.Id, model.PermissionManageSlashCommands) {
|
||||
c.LogAudit("fail - inappropriate permissions")
|
||||
|
|
@ -189,8 +188,8 @@ func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteCommand", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "command_id", c.Params.CommandId)
|
||||
auditRec := c.MakeAuditRecord("deleteCommand", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "command_id", c.Params.CommandId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
@ -319,9 +318,9 @@ func executeCommand(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("executeCommand", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("executeCommand", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "command_args", &commandArgs)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "command_args", &commandArgs)
|
||||
|
||||
// Checks that user is a member of the specified channel, and that they have permission to create a post in it.
|
||||
if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), commandArgs.ChannelId, model.PermissionCreatePost) {
|
||||
|
|
@ -450,18 +449,18 @@ func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("regenCommandToken", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("regenCommandToken", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
cmd, err := c.App.GetCommand(c.Params.CommandId)
|
||||
if err != nil {
|
||||
audit.AddEventParameter(auditRec, "command_id", c.Params.CommandId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "command_id", c.Params.CommandId)
|
||||
c.SetCommandNotFoundError()
|
||||
return
|
||||
}
|
||||
auditRec.AddEventPriorState(cmd)
|
||||
audit.AddEventParameter(auditRec, "command_id", c.Params.CommandId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "command_id", c.Params.CommandId)
|
||||
|
||||
if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), cmd.TeamId, model.PermissionManageSlashCommands) {
|
||||
c.LogAudit("fail - inappropriate permissions")
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitCommandLocal() {
|
||||
|
|
@ -29,8 +28,8 @@ func localCreateCommand(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("localCreateCommand", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "command", &cmd)
|
||||
auditRec := c.MakeAuditRecord("localCreateCommand", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "command", &cmd)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitCompliance() {
|
||||
|
|
@ -29,8 +28,8 @@ func createComplianceReport(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createComplianceReport", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "compliance", &job)
|
||||
auditRec := c.MakeAuditRecord("createComplianceReport", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "compliance", &job)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionCreateComplianceExportJob) {
|
||||
|
|
@ -65,7 +64,7 @@ func getComplianceReports(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("getComplianceReports", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("getComplianceReports", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
crs, err := c.App.GetComplianceReports(c.Params.Page, c.Params.PerPage)
|
||||
|
|
@ -86,7 +85,7 @@ func getComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("getComplianceReport", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("getComplianceReport", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionReadComplianceExportJob) {
|
||||
|
|
@ -94,7 +93,7 @@ func getComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameter(auditRec, "report_id", c.Params.ReportId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "report_id", c.Params.ReportId)
|
||||
job, err := c.App.GetComplianceReport(c.Params.ReportId)
|
||||
if err != nil {
|
||||
c.Err = err
|
||||
|
|
@ -116,9 +115,9 @@ func downloadComplianceReport(c *Context, w http.ResponseWriter, r *http.Request
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("downloadComplianceReport", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("downloadComplianceReport", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "compliance_id", c.Params.ReportId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "compliance_id", c.Params.ReportId)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionDownloadComplianceExportResult) {
|
||||
c.SetPermissionError(model.PermissionDownloadComplianceExportResult)
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/i18n"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/utils"
|
||||
"github.com/mattermost/mattermost/server/v8/config"
|
||||
)
|
||||
|
|
@ -56,7 +55,7 @@ func getConfig(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("getConfig", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("getConfig", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
cfg, err := config.Merge(&model.Config{}, c.App.GetSanitizedConfig(), &utils.MergeConfig{
|
||||
|
|
@ -99,7 +98,7 @@ func getConfig(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func configReload(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("configReload", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("configReload", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionReloadConfig) {
|
||||
|
|
@ -126,9 +125,7 @@ func updateConfig(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateConfig", audit.Fail)
|
||||
|
||||
// audit.AddEventParameter(auditRec, "config", cfg) // TODO We can do this but do we want to?
|
||||
auditRec := c.MakeAuditRecord("updateConfig", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
cfg.SetDefaults()
|
||||
|
|
@ -296,7 +293,7 @@ func patchConfig(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchConfig", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("patchConfig", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionToAny(*c.AppContext.Session(), model.SysconsoleWritePermissions) {
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/utils"
|
||||
"github.com/mattermost/mattermost/server/v8/config"
|
||||
)
|
||||
|
|
@ -26,7 +25,7 @@ func (api *API) InitConfigLocal() {
|
|||
}
|
||||
|
||||
func localGetConfig(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("localGetConfig", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localGetConfig", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
filterMasked, _ := strconv.ParseBool(r.URL.Query().Get("remove_masked"))
|
||||
filterDefaults, _ := strconv.ParseBool(r.URL.Query().Get("remove_defaults"))
|
||||
|
|
@ -58,7 +57,7 @@ func localUpdateConfig(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("localUpdateConfig", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localUpdateConfig", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
cfg.SetDefaults()
|
||||
|
|
@ -111,7 +110,7 @@ func localPatchConfig(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("localPatchConfig", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localPatchConfig", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
appCfg := c.App.Config()
|
||||
|
|
@ -172,7 +171,7 @@ func localMigrateConfig(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("migrateConfig", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("migrateConfig", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
||||
|
|
@ -191,7 +190,7 @@ func localMigrateConfig(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func localGetClientConfig(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("localGetClientConfig", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localGetClientConfig", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
format := r.URL.Query().Get("format")
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitCustomProfileAttributes() {
|
||||
|
|
@ -62,9 +61,9 @@ func createCPAField(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
pf.Name = strings.TrimSpace(pf.Name)
|
||||
|
||||
auditRec := c.MakeAuditRecord("createCPAField", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createCPAField", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "property_field", pf)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "property_field", pf)
|
||||
|
||||
createdField, appErr := c.App.CreateCPAField(pf)
|
||||
if appErr != nil {
|
||||
|
|
@ -117,9 +116,9 @@ func patchCPAField(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchCPAField", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("patchCPAField", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "property_field_patch", patch)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "property_field_patch", patch)
|
||||
|
||||
originalField, appErr := c.App.GetCPAField(c.Params.FieldId)
|
||||
if appErr != nil {
|
||||
|
|
@ -160,9 +159,9 @@ func deleteCPAField(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteCPAField", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteCPAField", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "field_id", c.Params.FieldId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "field_id", c.Params.FieldId)
|
||||
|
||||
field, appErr := c.App.GetCPAField(c.Params.FieldId)
|
||||
if appErr != nil {
|
||||
|
|
@ -220,9 +219,9 @@ func patchCPAValues(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchCPAValues", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("patchCPAValues", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "user_id", userID)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", userID)
|
||||
|
||||
results := make(map[string]json.RawMessage, len(updates))
|
||||
for fieldID, rawValue := range updates {
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitDataRetention() {
|
||||
|
|
@ -126,9 +125,9 @@ func createPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.SetInvalidParamWithErr("policy", jsonErr)
|
||||
return
|
||||
}
|
||||
auditRec := c.MakeAuditRecord("createPolicy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createPolicy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "policy", &policy)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "policy", &policy)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) {
|
||||
c.SetPermissionError(model.PermissionSysconsoleWriteComplianceDataRetentionPolicy)
|
||||
|
|
@ -164,9 +163,9 @@ func patchPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.RequirePolicyId()
|
||||
patch.ID = c.Params.PolicyId
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchPolicy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("patchPolicy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "patch", &patch)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "patch", &patch)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) {
|
||||
c.SetPermissionError(model.PermissionSysconsoleWriteComplianceDataRetentionPolicy)
|
||||
|
|
@ -197,9 +196,9 @@ func deletePolicy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.RequirePolicyId()
|
||||
policyId := c.Params.PolicyId
|
||||
|
||||
auditRec := c.MakeAuditRecord("deletePolicy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deletePolicy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "policy_id", policyId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "policy_id", policyId)
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) {
|
||||
c.SetPermissionError(model.PermissionSysconsoleWriteComplianceDataRetentionPolicy)
|
||||
return
|
||||
|
|
@ -283,10 +282,10 @@ func addTeamsToPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.Err = model.NewAppError("addTeamsToPolicy", model.PayloadParseError, nil, "", http.StatusBadRequest).Wrap(err)
|
||||
return
|
||||
}
|
||||
auditRec := c.MakeAuditRecord("addTeamsToPolicy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("addTeamsToPolicy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "policy_id", policyId)
|
||||
audit.AddEventParameter(auditRec, "team_ids", teamIDs)
|
||||
model.AddEventParameterToAuditRec(auditRec, "policy_id", policyId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_ids", teamIDs)
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) {
|
||||
c.SetPermissionError(model.PermissionSysconsoleWriteComplianceDataRetentionPolicy)
|
||||
return
|
||||
|
|
@ -310,10 +309,10 @@ func removeTeamsFromPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.Err = model.NewAppError("removeTeamsFromPolicy", model.PayloadParseError, nil, "", http.StatusBadRequest).Wrap(err)
|
||||
return
|
||||
}
|
||||
auditRec := c.MakeAuditRecord("removeTeamsFromPolicy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("removeTeamsFromPolicy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "policy_id", policyId)
|
||||
audit.AddEventParameter(auditRec, "team_ids", teamIDs)
|
||||
model.AddEventParameterToAuditRec(auditRec, "policy_id", policyId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_ids", teamIDs)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) {
|
||||
c.SetPermissionError(model.PermissionSysconsoleWriteComplianceDataRetentionPolicy)
|
||||
|
|
@ -406,10 +405,10 @@ func addChannelsToPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.Err = model.NewAppError("addChannelsToPolicy", model.PayloadParseError, nil, "", http.StatusBadRequest).Wrap(err)
|
||||
return
|
||||
}
|
||||
auditRec := c.MakeAuditRecord("addChannelsToPolicy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("addChannelsToPolicy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "policy_id", policyId)
|
||||
audit.AddEventParameter(auditRec, "channel_ids", channelIDs)
|
||||
model.AddEventParameterToAuditRec(auditRec, "policy_id", policyId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_ids", channelIDs)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) {
|
||||
c.SetPermissionError(model.PermissionSysconsoleWriteComplianceDataRetentionPolicy)
|
||||
|
|
@ -434,10 +433,10 @@ func removeChannelsFromPolicy(c *Context, w http.ResponseWriter, r *http.Request
|
|||
c.Err = model.NewAppError("removeChannelsFromPolicy", model.PayloadParseError, nil, "", http.StatusBadRequest).Wrap(err)
|
||||
return
|
||||
}
|
||||
auditRec := c.MakeAuditRecord("removeChannelsFromPolicy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("removeChannelsFromPolicy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "policy_id", policyId)
|
||||
audit.AddEventParameter(auditRec, "channel_ids", channelIDs)
|
||||
model.AddEventParameterToAuditRec(auditRec, "policy_id", policyId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_ids", channelIDs)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) {
|
||||
c.SetPermissionError(model.PermissionSysconsoleWriteComplianceDataRetentionPolicy)
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitElasticsearch() {
|
||||
|
|
@ -53,7 +52,7 @@ func testElasticsearch(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func purgeElasticsearchIndexes(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("purgeElasticsearchIndexes", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("purgeElasticsearchIndexes", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionPurgeElasticsearchIndexes) {
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/web"
|
||||
)
|
||||
|
||||
|
|
@ -54,7 +53,7 @@ func createEmoji(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createEmoji", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createEmoji", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
// Allow any user with CREATE_EMOJIS permission at Team level to create emojis at system level
|
||||
|
|
@ -137,12 +136,12 @@ func deleteEmoji(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteEmoji", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteEmoji", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
emoji, err := c.App.GetEmoji(c.AppContext, c.Params.EmojiId)
|
||||
if err != nil {
|
||||
audit.AddEventParameter(auditRec, "emoji_id", c.Params.EmojiId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "emoji_id", c.Params.EmojiId)
|
||||
c.Err = err
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitExport() {
|
||||
|
|
@ -45,9 +44,9 @@ func listExports(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func deleteExport(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("deleteExport", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteExport", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "export_name", c.Params.ExportName)
|
||||
model.AddEventParameterToAuditRec(auditRec, "export_name", c.Params.ExportName)
|
||||
|
||||
if !c.IsSystemAdmin() {
|
||||
c.SetPermissionError(model.PermissionManageSystem)
|
||||
|
|
@ -90,10 +89,10 @@ func downloadExport(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func generatePresignURLExport(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("generatePresignURLExport", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("generatePresignURLExport", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
audit.AddEventParameter(auditRec, "export_name", c.Params.ExportName)
|
||||
model.AddEventParameterToAuditRec(auditRec, "export_name", c.Params.ExportName)
|
||||
|
||||
if !c.IsSystemAdmin() {
|
||||
c.SetPermissionError(model.PermissionManageSystem)
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/utils"
|
||||
"github.com/mattermost/mattermost/server/v8/platform/shared/web"
|
||||
)
|
||||
|
|
@ -139,9 +138,9 @@ func uploadFileSimple(c *Context, r *http.Request, timestamp time.Time) *model.F
|
|||
return nil
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("uploadFileSimple", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("uploadFileSimple", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
|
||||
if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), c.Params.ChannelId, model.PermissionUploadFile) {
|
||||
c.SetPermissionError(model.PermissionUploadFile)
|
||||
|
|
@ -149,12 +148,12 @@ func uploadFileSimple(c *Context, r *http.Request, timestamp time.Time) *model.F
|
|||
}
|
||||
|
||||
clientId := r.Form.Get("client_id")
|
||||
audit.AddEventParameter(auditRec, "client_id", clientId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "client_id", clientId)
|
||||
|
||||
creatorId := c.AppContext.Session().UserId
|
||||
if isBookmark, err := strconv.ParseBool(r.URL.Query().Get(model.BookmarkFileOwner)); err == nil && isBookmark {
|
||||
creatorId = model.BookmarkFileOwner
|
||||
audit.AddEventParameter(auditRec, model.BookmarkFileOwner, true)
|
||||
model.AddEventParameterToAuditRec(auditRec, model.BookmarkFileOwner, true)
|
||||
}
|
||||
|
||||
info, appErr := c.App.UploadFileX(c.AppContext, c.Params.ChannelId, c.Params.Filename, r.Body,
|
||||
|
|
@ -167,7 +166,7 @@ func uploadFileSimple(c *Context, r *http.Request, timestamp time.Time) *model.F
|
|||
c.Err = appErr
|
||||
return nil
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "file", info)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "file", info)
|
||||
|
||||
fileUploadResponse := &model.FileUploadResponse{
|
||||
FileInfos: []*model.FileInfo{info},
|
||||
|
|
@ -320,14 +319,14 @@ NextPart:
|
|||
clientId = clientIds[nFiles]
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("uploadFileMultipart", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
audit.AddEventParameter(auditRec, "client_id", clientId)
|
||||
auditRec := c.MakeAuditRecord("uploadFileMultipart", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "client_id", clientId)
|
||||
|
||||
creatorId := c.AppContext.Session().UserId
|
||||
if isBookmark {
|
||||
creatorId = model.BookmarkFileOwner
|
||||
audit.AddEventParameter(auditRec, model.BookmarkFileOwner, true)
|
||||
model.AddEventParameterToAuditRec(auditRec, model.BookmarkFileOwner, true)
|
||||
}
|
||||
|
||||
info, appErr := c.App.UploadFileX(c.AppContext, c.Params.ChannelId, filename, part,
|
||||
|
|
@ -341,7 +340,7 @@ NextPart:
|
|||
c.LogAuditRec(auditRec)
|
||||
return nil
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "file", info)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "file", info)
|
||||
|
||||
auditRec.Success()
|
||||
c.LogAuditRec(auditRec)
|
||||
|
|
@ -427,15 +426,15 @@ func uploadFileMultipartLegacy(c *Context, mr *multipart.Reader,
|
|||
clientId = clientIds[i]
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("uploadFileMultipartLegacy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("uploadFileMultipartLegacy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "channel_id", channelId)
|
||||
audit.AddEventParameter(auditRec, "client_id", clientId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", channelId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "client_id", clientId)
|
||||
|
||||
creatorId := c.AppContext.Session().UserId
|
||||
if isBookmark {
|
||||
creatorId = model.BookmarkFileOwner
|
||||
audit.AddEventParameter(auditRec, model.BookmarkFileOwner, true)
|
||||
model.AddEventParameterToAuditRec(auditRec, model.BookmarkFileOwner, true)
|
||||
}
|
||||
|
||||
info, appErr := c.App.UploadFileX(c.AppContext, c.Params.ChannelId, fileHeader.Filename, f,
|
||||
|
|
@ -450,7 +449,7 @@ func uploadFileMultipartLegacy(c *Context, mr *multipart.Reader,
|
|||
c.LogAuditRec(auditRec)
|
||||
return nil
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "file", info)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "file", info)
|
||||
|
||||
auditRec.Success()
|
||||
c.LogAuditRec(auditRec)
|
||||
|
|
@ -472,9 +471,9 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
forceDownload, _ := strconv.ParseBool(r.URL.Query().Get("download"))
|
||||
|
||||
auditRec := c.MakeAuditRecord("getFile", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("getFile", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "force_download", forceDownload)
|
||||
model.AddEventParameterToAuditRec(auditRec, "force_download", forceDownload)
|
||||
|
||||
info, err := c.App.GetFileInfo(c.AppContext, c.Params.FileId)
|
||||
if err != nil {
|
||||
|
|
@ -482,7 +481,7 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
setInaccessibleFileHeader(w, err)
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "file", info)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "file", info)
|
||||
|
||||
channel, err := c.App.GetChannel(c.AppContext, info.ChannelId)
|
||||
if err != nil {
|
||||
|
|
@ -570,7 +569,7 @@ func getFileLink(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("getFileLink", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("getFileLink", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
info, err := c.App.GetFileInfo(c.AppContext, c.Params.FileId)
|
||||
|
|
@ -579,7 +578,7 @@ func getFileLink(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
setInaccessibleFileHeader(w, err)
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "file", info)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "file", info)
|
||||
|
||||
channel, err := c.App.GetChannel(c.AppContext, info.ChannelId)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/store"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/web"
|
||||
"github.com/mattermost/mattermost/server/v8/platform/services/telemetry"
|
||||
|
|
@ -191,9 +190,9 @@ func createGroup(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createGroup", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createGroup", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "group", group)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "group", group)
|
||||
|
||||
newGroup, appErr := c.App.CreateGroupWithUserIds(group)
|
||||
if appErr != nil {
|
||||
|
|
@ -261,9 +260,9 @@ func patchGroup(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchGroup", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("patchGroup", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "group", group)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "group", group)
|
||||
|
||||
if groupPatch.AllowReference != nil && *groupPatch.AllowReference {
|
||||
if groupPatch.Name == nil {
|
||||
|
|
@ -351,11 +350,11 @@ func linkGroupSyncable(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("linkGroupSyncable", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("linkGroupSyncable", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "group_id", c.Params.GroupId)
|
||||
audit.AddEventParameter(auditRec, "syncable_id", syncableID)
|
||||
audit.AddEventParameter(auditRec, "syncable_type", string(syncableType))
|
||||
model.AddEventParameterToAuditRec(auditRec, "group_id", c.Params.GroupId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "syncable_id", syncableID)
|
||||
model.AddEventParameterToAuditRec(auditRec, "syncable_type", string(syncableType))
|
||||
|
||||
var patch *model.GroupSyncablePatch
|
||||
err = json.Unmarshal(body, &patch)
|
||||
|
|
@ -364,7 +363,7 @@ func linkGroupSyncable(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameterAuditable(auditRec, "patch", patch)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "patch", patch)
|
||||
|
||||
if !*c.App.Channels().License().Features.LDAPGroups {
|
||||
c.Err = model.NewAppError("Api4.createGroupSyncable", "api.ldap_groups.license_error", nil, "", http.StatusForbidden)
|
||||
|
|
@ -533,11 +532,11 @@ func patchGroupSyncable(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchGroupSyncable", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("patchGroupSyncable", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "group_id", c.Params.GroupId)
|
||||
audit.AddEventParameter(auditRec, "old_syncable_id", syncableID)
|
||||
audit.AddEventParameter(auditRec, "old_syncable_type", string(syncableType))
|
||||
model.AddEventParameterToAuditRec(auditRec, "group_id", c.Params.GroupId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "old_syncable_id", syncableID)
|
||||
model.AddEventParameterToAuditRec(auditRec, "old_syncable_type", string(syncableType))
|
||||
|
||||
var patch *model.GroupSyncablePatch
|
||||
err = json.Unmarshal(body, &patch)
|
||||
|
|
@ -546,7 +545,7 @@ func patchGroupSyncable(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameterAuditable(auditRec, "patch", patch)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "patch", patch)
|
||||
|
||||
if !*c.App.Channels().License().Features.LDAPGroups {
|
||||
c.Err = model.NewAppError("Api4.patchGroupSyncable", "api.ldap_groups.license_error", nil, "",
|
||||
|
|
@ -616,11 +615,11 @@ func unlinkGroupSyncable(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
syncableType := c.Params.SyncableType
|
||||
|
||||
auditRec := c.MakeAuditRecord("unlinkGroupSyncable", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("unlinkGroupSyncable", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "group_id", c.Params.GroupId)
|
||||
audit.AddEventParameter(auditRec, "syncable_id", syncableID)
|
||||
audit.AddEventParameter(auditRec, "syncable_type", string(syncableType))
|
||||
model.AddEventParameterToAuditRec(auditRec, "group_id", c.Params.GroupId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "syncable_id", syncableID)
|
||||
model.AddEventParameterToAuditRec(auditRec, "syncable_type", string(syncableType))
|
||||
|
||||
if !*c.App.Channels().License().Features.LDAPGroups {
|
||||
c.Err = model.NewAppError("Api4.unlinkGroupSyncable", "api.ldap_groups.license_error", nil, "", http.StatusForbidden)
|
||||
|
|
@ -1228,9 +1227,9 @@ func deleteGroup(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteGroup", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteGroup", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "group_id", c.Params.GroupId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "group_id", c.Params.GroupId)
|
||||
|
||||
group, err = c.App.DeleteGroup(c.Params.GroupId)
|
||||
if err != nil {
|
||||
|
|
@ -1283,9 +1282,9 @@ func restoreGroup(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("restoreGroup", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("restoreGroup", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "group_id", c.Params.GroupId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "group_id", c.Params.GroupId)
|
||||
|
||||
restoredGroup, err := c.App.RestoreGroup(c.Params.GroupId)
|
||||
if err != nil {
|
||||
|
|
@ -1352,9 +1351,9 @@ func addGroupMembers(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("addGroupMembers", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("addGroupMembers", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "addGroupMembers_userids", newMembers.UserIds)
|
||||
model.AddEventParameterToAuditRec(auditRec, "addGroupMembers_userids", newMembers.UserIds)
|
||||
|
||||
members, appErr := c.App.UpsertGroupMembers(c.Params.GroupId, newMembers.UserIds)
|
||||
if appErr != nil {
|
||||
|
|
@ -1427,9 +1426,9 @@ func deleteGroupMembers(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteGroupMembers", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteGroupMembers", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "deleteGroupMembers_userids", deleteBody.UserIds)
|
||||
model.AddEventParameterToAuditRec(auditRec, "deleteGroupMembers_userids", deleteBody.UserIds)
|
||||
|
||||
members, appErr := c.App.DeleteGroupMembers(c.Params.GroupId, deleteBody.UserIds)
|
||||
if appErr != nil {
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitImport() {
|
||||
|
|
@ -36,7 +35,7 @@ func listImports(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
func deleteImport(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
importName := c.Params.ImportName
|
||||
auditRec := c.MakeAuditRecord("deleteImport", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteImport", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
auditRec.AddMeta("import_name", importName)
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/einterfaces"
|
||||
)
|
||||
|
||||
|
|
@ -64,7 +63,7 @@ func applyIPFilters(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("applyIPFilters", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("applyIPFilters", model.AuditStatusFail)
|
||||
defer c.LogAuditRecWithLevel(auditRec, app.LevelContent)
|
||||
|
||||
allowedRanges := &model.AllowedIPRanges{} // Initialize the allowedRanges variable
|
||||
|
|
@ -73,7 +72,7 @@ func applyIPFilters(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameterAuditable(auditRec, "IPFilter", allowedRanges)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "IPFilter", allowedRanges)
|
||||
|
||||
updatedAllowedRanges, err := ipFiltering.ApplyIPFilters(allowedRanges)
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/platform/shared/web"
|
||||
)
|
||||
|
||||
|
|
@ -149,9 +148,9 @@ func createJob(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createJob", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createJob", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "job", &job)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "job", &job)
|
||||
|
||||
hasPermission, permissionRequired := c.App.SessionHasPermissionToCreateJob(*c.AppContext.Session(), &job)
|
||||
if permissionRequired == nil {
|
||||
|
|
@ -291,9 +290,9 @@ func cancelJob(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("cancelJob", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("cancelJob", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "job_id", c.Params.JobId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "job_id", c.Params.JobId)
|
||||
|
||||
job, err := c.App.GetJob(c.AppContext, c.Params.JobId)
|
||||
if err != nil {
|
||||
|
|
@ -332,9 +331,9 @@ func updateJobStatus(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateJobStatus", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateJobStatus", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "job_id", c.Params.JobId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "job_id", c.Params.JobId)
|
||||
|
||||
props := model.StringInterfaceFromJSON(r.Body)
|
||||
status, ok := props["status"].(string)
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
type mixedUnlinkedGroup struct {
|
||||
|
|
@ -65,7 +64,7 @@ func syncLdap(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.Logger.LogM(mlog.MlvlLDAPInfo, "Error decoding LDAP sync options", mlog.Err(err))
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("syncLdap", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("syncLdap", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
c.App.SyncLdap(c.AppContext, opts.IncludeRemovedMembers)
|
||||
|
|
@ -223,9 +222,9 @@ func linkLdapGroup(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("linkLdapGroup", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("linkLdapGroup", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "remote_id", c.Params.RemoteId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId)
|
||||
|
||||
if c.App.Channels().License() == nil || !*c.App.Channels().License().Features.LDAPGroups {
|
||||
c.Err = model.NewAppError("api4.linkLdapGroup", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
|
||||
|
|
@ -249,7 +248,7 @@ func linkLdapGroup(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
if group != nil {
|
||||
audit.AddEventParameterAuditable(auditRec, "group", group)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "group", group)
|
||||
}
|
||||
|
||||
var status int
|
||||
|
|
@ -320,9 +319,9 @@ func unlinkLdapGroup(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("unlinkLdapGroup", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("unlinkLdapGroup", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "remote_id", c.Params.RemoteId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteUserManagementGroups) {
|
||||
c.SetPermissionError(model.PermissionSysconsoleWriteUserManagementGroups)
|
||||
|
|
@ -363,8 +362,8 @@ func migrateIDLdap(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("idMigrateLdap", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "to_attribute", toAttribute)
|
||||
auditRec := c.MakeAuditRecord("idMigrateLdap", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "to_attribute", toAttribute)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
||||
|
|
@ -418,9 +417,9 @@ func addLdapPublicCertificate(c *Context, w http.ResponseWriter, r *http.Request
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("addLdapPublicCertificate", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("addLdapPublicCertificate", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "filename", fileData.Filename)
|
||||
model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename)
|
||||
|
||||
if err := c.App.AddLdapPublicCertificate(fileData); err != nil {
|
||||
c.Err = err
|
||||
|
|
@ -442,9 +441,9 @@ func addLdapPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Reques
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("addLdapPrivateCertificate", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("addLdapPrivateCertificate", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "filename", fileData.Filename)
|
||||
model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename)
|
||||
|
||||
if err := c.App.AddLdapPrivateCertificate(fileData); err != nil {
|
||||
c.Err = err
|
||||
|
|
@ -460,7 +459,7 @@ func removeLdapPublicCertificate(c *Context, w http.ResponseWriter, r *http.Requ
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("removeLdapPublicCertificate", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("removeLdapPublicCertificate", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if err := c.App.RemoveLdapPublicCertificate(); err != nil {
|
||||
|
|
@ -478,7 +477,7 @@ func removeLdapPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Req
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("removeLdapPrivateCertificate", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("removeLdapPrivateCertificate", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if err := c.App.RemoveLdapPrivateCertificate(); err != nil {
|
||||
|
|
@ -509,7 +508,7 @@ func addUserToGroupSyncables(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("addUserToGroupSyncables", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("addUserToGroupSyncables", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
params := model.CreateDefaultMembershipParams{Since: 0, ReAddRemovedMembers: true, ScopedUserID: &user.Id}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitLicense() {
|
||||
|
|
@ -54,7 +53,7 @@ func getClientLicense(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func addLicense(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("addLicense", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("addLicense", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
@ -83,7 +82,7 @@ func addLicense(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
fileData := fileArray[0]
|
||||
audit.AddEventParameter(auditRec, "filename", fileData.Filename)
|
||||
model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename)
|
||||
|
||||
file, err := fileData.Open()
|
||||
if err != nil {
|
||||
|
|
@ -156,7 +155,7 @@ func addLicense(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func removeLicense(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("removeLicense", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("removeLicense", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
@ -177,7 +176,7 @@ func removeLicense(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func requestTrialLicense(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("requestTrialLicense", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("requestTrialLicense", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitLicenseLocal() {
|
||||
|
|
@ -20,7 +19,7 @@ func (api *API) InitLicenseLocal() {
|
|||
}
|
||||
|
||||
func localAddLicense(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("localAddLicense", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localAddLicense", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
@ -44,7 +43,7 @@ func localAddLicense(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
fileData := fileArray[0]
|
||||
audit.AddEventParameter(auditRec, "filename", fileData.Filename)
|
||||
model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename)
|
||||
|
||||
file, err := fileData.Open()
|
||||
if err != nil {
|
||||
|
|
@ -81,7 +80,7 @@ func localAddLicense(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func localRemoveLicense(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("localRemoveLicense", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localRemoveLicense", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitOAuth() {
|
||||
|
|
@ -31,8 +30,8 @@ func createOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createOAuthApp", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "oauth_app", &oauthApp)
|
||||
auditRec := c.MakeAuditRecord("createOAuthApp", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "oauth_app", &oauthApp)
|
||||
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
|
|
@ -70,9 +69,9 @@ func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateOAuthApp", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateOAuthApp", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "oauth_app_id", c.Params.AppId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "oauth_app_id", c.Params.AppId)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageOAuth) {
|
||||
|
|
@ -85,7 +84,7 @@ func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.SetInvalidParamWithErr("oauth_app", jsonErr)
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "oauth_app", &oauthApp)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "oauth_app", &oauthApp)
|
||||
|
||||
// The app being updated in the payload must be the same one as indicated in the URL.
|
||||
if oauthApp.Id != c.Params.AppId {
|
||||
|
|
@ -209,9 +208,9 @@ func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteOAuthApp", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteOAuthApp", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "oauth_app_id", c.Params.AppId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "oauth_app_id", c.Params.AppId)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageOAuth) {
|
||||
|
|
@ -250,9 +249,9 @@ func regenerateOAuthAppSecret(c *Context, w http.ResponseWriter, r *http.Request
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("regenerateOAuthAppSecret", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("regenerateOAuthAppSecret", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "oauth_app_id", c.Params.AppId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "oauth_app_id", c.Params.AppId)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageOAuth) {
|
||||
c.SetPermissionError(model.PermissionManageOAuth)
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ import (
|
|||
|
||||
"github.com/mattermost/logr/v2"
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/einterfaces"
|
||||
)
|
||||
|
||||
|
|
@ -205,7 +204,7 @@ func getOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Reque
|
|||
}
|
||||
|
||||
func createOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("createOutgoingOauthConnection", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createOutgoingOauthConnection", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
@ -224,7 +223,7 @@ func createOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Re
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameterAuditable(auditRec, "outgoing_oauth_connection", &inputConnection)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "outgoing_oauth_connection", &inputConnection)
|
||||
|
||||
inputConnection.CreatorId = c.AppContext.Session().UserId
|
||||
|
||||
|
|
@ -249,9 +248,9 @@ func createOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Re
|
|||
}
|
||||
|
||||
func updateOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("updateOutgoingOAuthConnection", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateOutgoingOAuthConnection", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "outgoing_oauth_connection_id", c.Params.OutgoingOAuthConnectionID)
|
||||
model.AddEventParameterToAuditRec(auditRec, "outgoing_oauth_connection_id", c.Params.OutgoingOAuthConnectionID)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
if !checkOutgoingOAuthConnectionWritePermissions(c) {
|
||||
|
|
@ -315,9 +314,9 @@ func updateOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Re
|
|||
}
|
||||
|
||||
func deleteOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("deleteOutgoingOAuthConnection", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteOutgoingOAuthConnection", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "outgoing_oauth_connection_id", c.Params.OutgoingOAuthConnectionID)
|
||||
model.AddEventParameterToAuditRec(auditRec, "outgoing_oauth_connection_id", c.Params.OutgoingOAuthConnectionID)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
if !checkOutgoingOAuthConnectionWritePermissions(c) {
|
||||
|
|
@ -356,7 +355,7 @@ func deleteOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Re
|
|||
// with the provided connection configuration. If the credentials are valid, the request will return a 200 status code and
|
||||
// if the credentials are invalid, the request will return a 400 status code.
|
||||
func validateOutgoingOAuthConnectionCredentials(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("validateOutgoingOAuthConnectionCredentials", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("validateOutgoingOAuthConnectionCredentials", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
@ -392,7 +391,7 @@ func validateOutgoingOAuthConnectionCredentials(c *Context, w http.ResponseWrite
|
|||
inputConnection.ClientSecret = storedConnection.ClientSecret
|
||||
}
|
||||
|
||||
audit.AddEventParameterAuditable(auditRec, "outgoing_oauth_connection", inputConnection)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "outgoing_oauth_connection", inputConnection)
|
||||
|
||||
resultStatusCode := http.StatusOK
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/store"
|
||||
)
|
||||
|
||||
|
|
@ -50,7 +49,7 @@ func uploadPlugin(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("uploadPlugin", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("uploadPlugin", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWritePlugins) {
|
||||
|
|
@ -79,7 +78,7 @@ func uploadPlugin(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.Err = model.NewAppError("uploadPlugin", "api.plugin.upload.array.app_error", nil, "", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
audit.AddEventParameter(auditRec, "filename", pluginArray[0].Filename)
|
||||
model.AddEventParameterToAuditRec(auditRec, "filename", pluginArray[0].Filename)
|
||||
|
||||
file, err := pluginArray[0].Open()
|
||||
if err != nil {
|
||||
|
|
@ -105,7 +104,7 @@ func installPluginFromURL(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("installPluginFromURL", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("installPluginFromURL", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWritePlugins) {
|
||||
|
|
@ -115,7 +114,7 @@ func installPluginFromURL(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
force, _ := strconv.ParseBool(r.URL.Query().Get("force"))
|
||||
downloadURL := r.URL.Query().Get("plugin_download_url")
|
||||
audit.AddEventParameter(auditRec, "url", downloadURL)
|
||||
model.AddEventParameterToAuditRec(auditRec, "url", downloadURL)
|
||||
|
||||
pluginFileBytes, err := c.App.DownloadFromURL(downloadURL)
|
||||
if err != nil {
|
||||
|
|
@ -138,7 +137,7 @@ func installMarketplacePlugin(c *Context, w http.ResponseWriter, r *http.Request
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("installMarketplacePlugin", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("installMarketplacePlugin", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWritePlugins) {
|
||||
|
|
@ -151,7 +150,7 @@ func installMarketplacePlugin(c *Context, w http.ResponseWriter, r *http.Request
|
|||
c.Err = model.NewAppError("installMarketplacePlugin", "app.plugin.marketplace_plugin_request.app_error", nil, "", http.StatusNotImplemented).Wrap(err)
|
||||
return
|
||||
}
|
||||
audit.AddEventParameter(auditRec, "plugin_id", pluginRequest.Id)
|
||||
model.AddEventParameterToAuditRec(auditRec, "plugin_id", pluginRequest.Id)
|
||||
|
||||
// Always install the latest compatible version
|
||||
// https://mattermost.atlassian.net/browse/MM-41981
|
||||
|
|
@ -228,9 +227,9 @@ func removePlugin(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("removePlugin", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("removePlugin", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "plugin_id", c.Params.PluginId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "plugin_id", c.Params.PluginId)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWritePlugins) {
|
||||
c.SetPermissionError(model.PermissionSysconsoleWritePlugins)
|
||||
|
|
@ -332,9 +331,9 @@ func enablePlugin(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("enablePlugin", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("enablePlugin", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "plugin_id", c.Params.PluginId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "plugin_id", c.Params.PluginId)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWritePlugins) {
|
||||
c.SetPermissionError(model.PermissionSysconsoleWritePlugins)
|
||||
|
|
@ -361,9 +360,9 @@ func disablePlugin(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("disablePlugin", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("disablePlugin", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "plugin_id", c.Params.PluginId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "plugin_id", c.Params.PluginId)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWritePlugins) {
|
||||
c.SetPermissionError(model.PermissionSysconsoleWritePlugins)
|
||||
|
|
@ -422,7 +421,7 @@ func installPlugin(c *Context, w http.ResponseWriter, plugin io.ReadSeeker, forc
|
|||
}
|
||||
|
||||
func setFirstAdminVisitMarketplaceStatus(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("setFirstAdminVisitMarketplaceStatus", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("setFirstAdminVisitMarketplaceStatus", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
@ -450,7 +449,7 @@ func setFirstAdminVisitMarketplaceStatus(c *Context, w http.ResponseWriter, r *h
|
|||
}
|
||||
|
||||
func getFirstAdminVisitMarketplaceStatus(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("getFirstAdminVisitMarketplaceStatus", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("getFirstAdminVisitMarketplaceStatus", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/web"
|
||||
)
|
||||
|
||||
|
|
@ -81,9 +80,9 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
post.SanitizeInput()
|
||||
post.UserId = c.AppContext.Session().UserId
|
||||
|
||||
auditRec := c.MakeAuditRecord("createPost", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createPost", model.AuditStatusFail)
|
||||
defer c.LogAuditRecWithLevel(auditRec, app.LevelContent)
|
||||
audit.AddEventParameterAuditable(auditRec, "post", &post)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "post", &post)
|
||||
|
||||
if post.CreateAt != 0 && !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
||||
post.CreateAt = 0
|
||||
|
|
@ -583,10 +582,10 @@ func deletePost(c *Context, w http.ResponseWriter, _ *http.Request) {
|
|||
|
||||
permanent := c.Params.Permanent
|
||||
|
||||
auditRec := c.MakeAuditRecord("deletePost", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deletePost", model.AuditStatusFail)
|
||||
defer c.LogAuditRecWithLevel(auditRec, app.LevelContent)
|
||||
audit.AddEventParameter(auditRec, "post_id", c.Params.PostId)
|
||||
audit.AddEventParameter(auditRec, "permanent", permanent)
|
||||
model.AddEventParameterToAuditRec(auditRec, "post_id", c.Params.PostId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "permanent", permanent)
|
||||
|
||||
includeDeleted := permanent
|
||||
|
||||
|
|
@ -819,9 +818,9 @@ func searchPosts(c *Context, w http.ResponseWriter, r *http.Request, teamId stri
|
|||
includeDeletedChannels = *params.IncludeDeletedChannels
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("searchPosts", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("searchPosts", model.AuditStatusFail)
|
||||
defer c.LogAuditRecWithLevel(auditRec, app.LevelAPI)
|
||||
audit.AddEventParameterAuditable(auditRec, "search_params", params)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "search_params", params)
|
||||
|
||||
startTime := time.Now()
|
||||
|
||||
|
|
@ -847,7 +846,7 @@ func searchPosts(c *Context, w http.ResponseWriter, r *http.Request, teamId stri
|
|||
}
|
||||
|
||||
results = model.MakePostSearchResults(clientPostList, results.Matches)
|
||||
audit.AddEventParameterAuditable(auditRec, "search_results", results)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "search_results", results)
|
||||
auditRec.Success()
|
||||
|
||||
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
|
||||
|
|
@ -868,8 +867,8 @@ func updatePost(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updatePost", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "post", &post)
|
||||
auditRec := c.MakeAuditRecord("updatePost", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "post", &post)
|
||||
defer c.LogAuditRecWithLevel(auditRec, app.LevelContent)
|
||||
|
||||
// The post being updated in the payload must be the same one as indicated in the URL.
|
||||
|
|
@ -943,9 +942,9 @@ func patchPost(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchPost", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "id", c.Params.PostId)
|
||||
audit.AddEventParameterAuditable(auditRec, "patch", &post)
|
||||
auditRec := c.MakeAuditRecord("patchPost", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "id", c.Params.PostId)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "patch", &post)
|
||||
defer c.LogAuditRecWithLevel(auditRec, app.LevelContent)
|
||||
|
||||
if post.Props != nil {
|
||||
|
|
@ -974,7 +973,7 @@ func patchPost(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
}
|
||||
|
||||
func postPatchChecks(c *Context, auditRec *audit.Record, message *string) {
|
||||
func postPatchChecks(c *Context, auditRec *model.AuditRecord, message *string) {
|
||||
originalPost, err := c.App.GetSinglePost(c.AppContext, c.Params.PostId, false)
|
||||
if err != nil {
|
||||
c.SetPermissionError(model.PermissionEditPost)
|
||||
|
|
@ -1066,8 +1065,8 @@ func saveIsPinnedPost(c *Context, w http.ResponseWriter, isPinned bool) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("saveIsPinnedPost", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "post_id", c.Params.PostId)
|
||||
auditRec := c.MakeAuditRecord("saveIsPinnedPost", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "post_id", c.Params.PostId)
|
||||
defer c.LogAuditRecWithLevel(auditRec, app.LevelContent)
|
||||
|
||||
post, err := c.App.GetSinglePost(c.AppContext, c.Params.PostId, false)
|
||||
|
|
@ -1203,10 +1202,10 @@ func moveThread(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("moveThread", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("moveThread", model.AuditStatusFail)
|
||||
defer c.LogAuditRecWithLevel(auditRec, app.LevelContent)
|
||||
audit.AddEventParameter(auditRec, "original_post_id", c.Params.PostId)
|
||||
audit.AddEventParameter(auditRec, "to_channel_id", moveThreadParams.ChannelId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "original_post_id", c.Params.PostId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "to_channel_id", moveThreadParams.ChannelId)
|
||||
|
||||
user, err := c.App.GetUser(c.AppContext.Session().UserId)
|
||||
if err != nil {
|
||||
|
|
@ -1344,9 +1343,9 @@ func restorePostVersion(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("restorePostVersion", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "id", c.Params.PostId)
|
||||
audit.AddEventParameter(auditRec, "restore_version_id", restoreVersionId)
|
||||
auditRec := c.MakeAuditRecord("restorePostVersion", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "id", c.Params.PostId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "restore_version_id", restoreVersionId)
|
||||
defer c.LogAuditRecWithLevel(auditRec, app.LevelContent)
|
||||
|
||||
toRestorePost, err := c.App.GetSinglePost(c.AppContext, restoreVersionId, true)
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ package api4
|
|||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitPostLocal() {
|
||||
|
|
@ -24,10 +24,10 @@ func localDeletePost(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
permanent := c.Params.Permanent
|
||||
|
||||
auditRec := c.MakeAuditRecord("localDeletePost", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localDeletePost", model.AuditStatusFail)
|
||||
defer c.LogAuditRecWithLevel(auditRec, app.LevelContent)
|
||||
audit.AddEventParameter(auditRec, "post_id", c.Params.PostId)
|
||||
audit.AddEventParameter(auditRec, "permanent", permanent)
|
||||
model.AddEventParameterToAuditRec(auditRec, "post_id", c.Params.PostId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "permanent", permanent)
|
||||
|
||||
includeDeleted := permanent
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
const maxUpdatePreferences = 100
|
||||
|
|
@ -94,7 +93,7 @@ func updatePreferences(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updatePreferences", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updatePreferences", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
||||
|
|
@ -156,7 +155,7 @@ func deletePreferences(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deletePreferences", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deletePreferences", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/utils"
|
||||
"github.com/mattermost/mattermost/server/v8/platform/services/remotecluster"
|
||||
)
|
||||
|
|
@ -100,8 +99,8 @@ func remoteClusterAcceptMessage(c *Context, w http.ResponseWriter, r *http.Reque
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("remoteClusterAcceptMessage", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "remote_cluster_frame", &frame)
|
||||
auditRec := c.MakeAuditRecord("remoteClusterAcceptMessage", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "remote_cluster_frame", &frame)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
remoteId := c.GetRemoteID(r)
|
||||
|
|
@ -115,7 +114,7 @@ func remoteClusterAcceptMessage(c *Context, w http.ResponseWriter, r *http.Reque
|
|||
c.SetInvalidRemoteIdError(frame.RemoteId)
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "remote_cluster", rc)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "remote_cluster", rc)
|
||||
|
||||
// pass message to Remote Cluster Service and write response
|
||||
resp := service.ReceiveIncomingMsg(rc, frame.Msg)
|
||||
|
|
@ -150,8 +149,8 @@ func remoteClusterConfirmInvite(c *Context, w http.ResponseWriter, r *http.Reque
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("remoteClusterAcceptInvite", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "remote_cluster_frame", &frame)
|
||||
auditRec := c.MakeAuditRecord("remoteClusterAcceptInvite", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "remote_cluster_frame", &frame)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
remoteId := c.GetRemoteID(r)
|
||||
|
|
@ -165,7 +164,7 @@ func remoteClusterConfirmInvite(c *Context, w http.ResponseWriter, r *http.Reque
|
|||
c.SetInvalidRemoteIdError(frame.RemoteId)
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "remote_cluster", rc)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "remote_cluster", rc)
|
||||
|
||||
// check if the invitation has expired
|
||||
if time.Since(model.GetTimeForMillis(rc.CreateAt)) > remotecluster.InviteExpiresAfter {
|
||||
|
|
@ -201,9 +200,9 @@ func uploadRemoteData(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("uploadRemoteData", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("uploadRemoteData", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "upload_id", c.Params.UploadId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "upload_id", c.Params.UploadId)
|
||||
|
||||
c.AppContext = c.AppContext.With(app.RequestContextWithMaster)
|
||||
us, err := c.App.GetUploadSession(c.AppContext, c.Params.UploadId)
|
||||
|
|
@ -282,10 +281,10 @@ func remoteSetProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("remoteUploadProfileImage", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("remoteUploadProfileImage", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
if imageArray[0] != nil {
|
||||
audit.AddEventParameter(auditRec, "filename", imageArray[0].Filename)
|
||||
model.AddEventParameterToAuditRec(auditRec, "filename", imageArray[0].Filename)
|
||||
}
|
||||
|
||||
user, err := c.App.GetUser(c.Params.UserId)
|
||||
|
|
@ -302,7 +301,7 @@ func remoteSetProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameterAuditable(auditRec, "user", user)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", user)
|
||||
|
||||
imageData := imageArray[0]
|
||||
if err := c.App.SetProfileImage(c.AppContext, c.Params.UserId, imageData); err != nil {
|
||||
|
|
@ -374,7 +373,7 @@ func createRemoteCluster(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createRemoteCluster", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createRemoteCluster", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
var rcWithTeamAndPassword model.RemoteClusterWithPassword
|
||||
|
|
@ -408,7 +407,7 @@ func createRemoteCluster(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
CreatorId: c.AppContext.Session().UserId,
|
||||
}
|
||||
|
||||
audit.AddEventParameterAuditable(auditRec, "remotecluster", rc)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "remotecluster", rc)
|
||||
|
||||
rcSaved, appErr := c.App.AddRemoteCluster(rc)
|
||||
if appErr != nil {
|
||||
|
|
@ -462,7 +461,7 @@ func remoteClusterAcceptInvite(c *Context, w http.ResponseWriter, r *http.Reques
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("remoteClusterAcceptInvite", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("remoteClusterAcceptInvite", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
var rcAcceptInvite model.RemoteClusterAcceptInvite
|
||||
|
|
@ -481,8 +480,8 @@ func remoteClusterAcceptInvite(c *Context, w http.ResponseWriter, r *http.Reques
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameter(auditRec, "name", rcAcceptInvite.Name)
|
||||
audit.AddEventParameter(auditRec, "display_name", rcAcceptInvite.DisplayName)
|
||||
model.AddEventParameterToAuditRec(auditRec, "name", rcAcceptInvite.Name)
|
||||
model.AddEventParameterToAuditRec(auditRec, "display_name", rcAcceptInvite.DisplayName)
|
||||
|
||||
if rcAcceptInvite.DisplayName == "" {
|
||||
rcAcceptInvite.DisplayName = rcAcceptInvite.Name
|
||||
|
|
@ -494,7 +493,7 @@ func remoteClusterAcceptInvite(c *Context, w http.ResponseWriter, r *http.Reques
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameter(auditRec, "site_url", invite.SiteURL)
|
||||
model.AddEventParameterToAuditRec(auditRec, "site_url", invite.SiteURL)
|
||||
|
||||
url := c.App.GetSiteURL()
|
||||
if url == "" {
|
||||
|
|
@ -545,9 +544,9 @@ func generateRemoteClusterInvite(c *Context, w http.ResponseWriter, r *http.Requ
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("generateRemoteClusterInvite", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("generateRemoteClusterInvite", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "remote_id", c.Params.RemoteId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId)
|
||||
|
||||
props := model.MapFromJSON(r.Body)
|
||||
password := props["password"]
|
||||
|
|
@ -636,9 +635,9 @@ func patchRemoteCluster(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchRemoteCluster", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "remote_id", c.Params.RemoteId)
|
||||
audit.AddEventParameterAuditable(auditRec, "remotecluster_patch", &patch)
|
||||
auditRec := c.MakeAuditRecord("patchRemoteCluster", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "remotecluster_patch", &patch)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
orc, err := c.App.GetRemoteCluster(c.Params.RemoteId, false)
|
||||
|
|
@ -681,8 +680,8 @@ func deleteRemoteCluster(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteRemoteCluster", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "remote_id", c.Params.RemoteId)
|
||||
auditRec := c.MakeAuditRecord("deleteRemoteCluster", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
orc, err := c.App.GetRemoteCluster(c.Params.RemoteId, false)
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
const GetRolesByNamesMax = 100
|
||||
|
|
@ -140,8 +139,8 @@ func patchRole(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchRole", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "role_patch", &patch)
|
||||
auditRec := c.MakeAuditRecord("patchRole", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "role_patch", &patch)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
oldRole, appErr := c.App.GetRole(c.Params.RoleId)
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitSaml() {
|
||||
|
|
@ -83,9 +82,9 @@ func addSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Request
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("addSamlPublicCertificate", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("addSamlPublicCertificate", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "filename", fileData.Filename)
|
||||
model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename)
|
||||
|
||||
if err := c.App.AddSamlPublicCertificate(fileData); err != nil {
|
||||
c.Err = err
|
||||
|
|
@ -107,9 +106,9 @@ func addSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Reques
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("addSamlPrivateCertificate", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("addSamlPrivateCertificate", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "filename", fileData.Filename)
|
||||
model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename)
|
||||
|
||||
if err := c.App.AddSamlPrivateCertificate(fileData); err != nil {
|
||||
c.Err = err
|
||||
|
|
@ -136,7 +135,7 @@ func addSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("addSamlIdpCertificate", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("addSamlIdpCertificate", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
auditRec.AddMeta("type", d)
|
||||
|
||||
|
|
@ -157,7 +156,7 @@ func addSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.Err = err
|
||||
return
|
||||
}
|
||||
audit.AddEventParameter(auditRec, "filename", fileData.Filename)
|
||||
model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename)
|
||||
|
||||
if err := c.App.AddSamlIdpCertificate(fileData); err != nil {
|
||||
c.Err = err
|
||||
|
|
@ -178,7 +177,7 @@ func removeSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Requ
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("removeSamlPublicCertificate", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("removeSamlPublicCertificate", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if err := c.App.RemoveSamlPublicCertificate(); err != nil {
|
||||
|
|
@ -196,7 +195,7 @@ func removeSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Req
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("removeSamlPrivateCertificate", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("removeSamlPrivateCertificate", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if err := c.App.RemoveSamlPrivateCertificate(); err != nil {
|
||||
|
|
@ -214,7 +213,7 @@ func removeSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("removeSamlIdpCertificate", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("removeSamlIdpCertificate", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if err := c.App.RemoveSamlIdpCertificate(); err != nil {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ import (
|
|||
"github.com/gorilla/mux"
|
||||
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
|
|
@ -71,9 +70,9 @@ func createSchedulePost(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
scheduledPost.UserId = c.AppContext.Session().UserId
|
||||
scheduledPost.SanitizeInput()
|
||||
|
||||
auditRec := c.MakeAuditRecord("createSchedulePost", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createSchedulePost", model.AuditStatusFail)
|
||||
defer c.LogAuditRecWithLevel(auditRec, app.LevelContent)
|
||||
audit.AddEventParameterAuditable(auditRec, "scheduledPost", &scheduledPost)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "scheduledPost", &scheduledPost)
|
||||
|
||||
scheduledPostChecks("Api4.createSchedulePost", c, &scheduledPost)
|
||||
if c.Err != nil {
|
||||
|
|
@ -166,9 +165,9 @@ func updateScheduledPost(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateScheduledPost", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateScheduledPost", model.AuditStatusFail)
|
||||
defer c.LogAuditRecWithLevel(auditRec, app.LevelContent)
|
||||
audit.AddEventParameterAuditable(auditRec, "scheduledPost", &scheduledPost)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "scheduledPost", &scheduledPost)
|
||||
|
||||
scheduledPostChecks("Api4.updateScheduledPost", c, &scheduledPost)
|
||||
if c.Err != nil {
|
||||
|
|
@ -205,9 +204,9 @@ func deleteScheduledPost(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteScheduledPost", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteScheduledPost", model.AuditStatusFail)
|
||||
defer c.LogAuditRecWithLevel(auditRec, app.LevelContent)
|
||||
audit.AddEventParameter(auditRec, "scheduledPostId", scheduledPostId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "scheduledPostId", scheduledPostId)
|
||||
|
||||
userId := c.AppContext.Session().UserId
|
||||
connectionID := r.Header.Get(model.ConnectionId)
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitScheme() {
|
||||
|
|
@ -29,9 +28,9 @@ func createScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createScheme", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createScheme", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "scheme", &scheme)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "scheme", &scheme)
|
||||
|
||||
if c.App.Channels().License() == nil || (!*c.App.Channels().License().Features.CustomPermissionsSchemes && c.App.Channels().License().SkuShortName != model.LicenseShortSkuProfessional) {
|
||||
c.Err = model.NewAppError("Api4.CreateScheme", "api.scheme.create_scheme.license.error", nil, "", http.StatusNotImplemented)
|
||||
|
|
@ -194,8 +193,8 @@ func patchScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchScheme", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "scheme_patch", &patch)
|
||||
auditRec := c.MakeAuditRecord("patchScheme", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "scheme_patch", &patch)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if c.App.Channels().License() == nil || (!*c.App.Channels().License().Features.CustomPermissionsSchemes && c.App.Channels().License().SkuShortName != model.LicenseShortSkuProfessional) {
|
||||
|
|
@ -203,7 +202,7 @@ func patchScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameter(auditRec, "scheme_id", c.Params.SchemeId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "scheme_id", c.Params.SchemeId)
|
||||
|
||||
scheme, err := c.App.GetScheme(c.Params.SchemeId)
|
||||
if err != nil {
|
||||
|
|
@ -239,8 +238,8 @@ func deleteScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteScheme", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "scheme_id", c.Params.SchemeId)
|
||||
auditRec := c.MakeAuditRecord("deleteScheme", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "scheme_id", c.Params.SchemeId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if c.App.Channels().License() == nil || (!*c.App.Channels().License().Features.CustomPermissionsSchemes && c.App.Channels().License().SkuShortName != model.LicenseShortSkuProfessional) {
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitSharedChannels() {
|
||||
|
|
@ -171,11 +170,11 @@ func inviteRemoteClusterToChannel(c *Context, w http.ResponseWriter, r *http.Req
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("inviteRemoteClusterToChannel", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("inviteRemoteClusterToChannel", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "remote_id", c.Params.RemoteId)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.AppContext.Session().UserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.AppContext.Session().UserId)
|
||||
|
||||
if err := c.App.InviteRemoteToChannel(c.Params.ChannelId, c.Params.RemoteId, c.AppContext.Session().UserId, true); err != nil {
|
||||
if appErr, ok := err.(*model.AppError); ok {
|
||||
|
|
@ -222,10 +221,10 @@ func uninviteRemoteClusterToChannel(c *Context, w http.ResponseWriter, r *http.R
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("uninviteRemoteClusterToChannel", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("uninviteRemoteClusterToChannel", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "remote_id", c.Params.RemoteId)
|
||||
audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
|
||||
|
||||
hasRemote, err := c.App.HasRemote(c.Params.ChannelId, c.Params.RemoteId)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/public/utils"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/config"
|
||||
"github.com/mattermost/mattermost/server/v8/platform/services/cache"
|
||||
"github.com/mattermost/mattermost/server/v8/platform/services/upgrader"
|
||||
|
|
@ -297,7 +296,7 @@ func testSiteURL(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func getAudits(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("getAudits", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("getAudits", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionReadAudits) {
|
||||
|
|
@ -312,8 +311,8 @@ func getAudits(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
auditRec.Success()
|
||||
audit.AddEventParameter(auditRec, "page", c.Params.Page)
|
||||
audit.AddEventParameter(auditRec, "audits_per_page", c.Params.LogsPerPage)
|
||||
model.AddEventParameterToAuditRec(auditRec, "page", c.Params.Page)
|
||||
model.AddEventParameterToAuditRec(auditRec, "audits_per_page", c.Params.LogsPerPage)
|
||||
|
||||
if err := json.NewEncoder(w).Encode(audits); err != nil {
|
||||
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
||||
|
|
@ -326,7 +325,7 @@ func databaseRecycle(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("databaseRecycle", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("databaseRecycle", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
c.App.RecycleDatabaseConnection(c.AppContext)
|
||||
|
|
@ -341,7 +340,7 @@ func invalidateCaches(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("invalidateCaches", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("invalidateCaches", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
appErr := c.App.Srv().InvalidateAllCaches()
|
||||
|
|
@ -357,7 +356,7 @@ func invalidateCaches(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func queryLogs(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("queryLogs", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("queryLogs", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionGetLogs) {
|
||||
|
|
@ -400,7 +399,7 @@ func queryLogs(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func getLogs(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("getLogs", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("getLogs", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionGetLogs) {
|
||||
|
|
@ -414,8 +413,8 @@ func getLogs(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameter(auditRec, "page", c.Params.Page)
|
||||
audit.AddEventParameter(auditRec, "logs_per_page", c.Params.LogsPerPage)
|
||||
model.AddEventParameterToAuditRec(auditRec, "page", c.Params.Page)
|
||||
model.AddEventParameterToAuditRec(auditRec, "logs_per_page", c.Params.LogsPerPage)
|
||||
|
||||
if _, err := w.Write([]byte(model.ArrayToJSON(lines))); err != nil {
|
||||
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
||||
|
|
@ -423,7 +422,7 @@ func getLogs(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func downloadLogs(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("downloadLogs", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("downloadLogs", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionGetLogs) {
|
||||
|
|
@ -790,9 +789,9 @@ func setServerBusy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("setServerBusy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("setServerBusy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "seconds", i)
|
||||
model.AddEventParameterToAuditRec(auditRec, "seconds", i)
|
||||
|
||||
c.App.Srv().Platform().Busy.Set(time.Second * time.Duration(i))
|
||||
c.Logger.Warn("server busy state activated - non-critical services disabled", mlog.Int("seconds", i))
|
||||
|
|
@ -807,7 +806,7 @@ func clearServerBusy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("clearServerBusy", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("clearServerBusy", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
c.App.Srv().Platform().Busy.Clear()
|
||||
|
|
@ -836,7 +835,7 @@ func getServerBusyExpires(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func upgradeToEnterprise(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("upgradeToEnterprise", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("upgradeToEnterprise", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
||||
|
|
@ -925,7 +924,7 @@ func upgradeToEnterpriseStatus(c *Context, w http.ResponseWriter, r *http.Reques
|
|||
}
|
||||
|
||||
func restart(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("restartServer", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("restartServer", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
||||
|
|
@ -969,7 +968,7 @@ func getProductNotices(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func updateViewedProductNotices(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("updateViewedProductNotices", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateViewedProductNotices", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
@ -989,7 +988,7 @@ func updateViewedProductNotices(c *Context, w http.ResponseWriter, r *http.Reque
|
|||
}
|
||||
|
||||
func getOnboarding(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("getOnboarding", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("getOnboarding", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
@ -1016,7 +1015,7 @@ func completeOnboarding(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("completeOnboarding", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("completeOnboarding", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
onboardingRequest, err := model.CompleteOnboardingRequestFromReader(r.Body)
|
||||
|
|
@ -1024,8 +1023,8 @@ func completeOnboarding(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.Err = model.NewAppError("completeOnboarding", "app.system.complete_onboarding_request.app_error", nil, "", http.StatusBadRequest).Wrap(err)
|
||||
return
|
||||
}
|
||||
audit.AddEventParameter(auditRec, "install_plugin", onboardingRequest.InstallPlugins)
|
||||
audit.AddEventParameterAuditable(auditRec, "onboarding_request", onboardingRequest)
|
||||
model.AddEventParameterToAuditRec(auditRec, "install_plugin", onboardingRequest.InstallPlugins)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "onboarding_request", onboardingRequest)
|
||||
|
||||
appErr := c.App.CompleteOnboarding(c.AppContext, onboardingRequest)
|
||||
if appErr != nil {
|
||||
|
|
@ -1043,7 +1042,7 @@ func getAppliedSchemaMigrations(c *Context, w http.ResponseWriter, r *http.Reque
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("getAppliedSchemaMigrations", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("getAppliedSchemaMigrations", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
migrations, appErr := c.App.GetAppliedSchemaMigrations()
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitSystemLocal() {
|
||||
|
|
@ -24,7 +23,7 @@ func (api *API) InitSystemLocal() {
|
|||
}
|
||||
|
||||
func localCheckIntegrity(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("localCheckIntegrity", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localCheckIntegrity", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
var results []model.IntegrityCheckResult
|
||||
|
|
|
|||
|
|
@ -16,7 +16,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
@ -84,9 +83,9 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
team.Email = strings.ToLower(team.Email)
|
||||
|
||||
auditRec := c.MakeAuditRecord("createTeam", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createTeam", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "team", &team)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "team", &team)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionCreateTeam) {
|
||||
c.Err = model.NewAppError("createTeam", "api.team.is_team_creation_allowed.disabled.app_error", nil, "", http.StatusForbidden)
|
||||
|
|
@ -214,9 +213,9 @@ func updateTeam(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateTeam", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateTeam", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "team", &team)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "team", &team)
|
||||
|
||||
if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeam) {
|
||||
c.SetPermissionError(model.PermissionManageTeam)
|
||||
|
|
@ -251,8 +250,8 @@ func patchTeam(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchTeam", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "team_patch", &team)
|
||||
auditRec := c.MakeAuditRecord("patchTeam", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "team_patch", &team)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeam) {
|
||||
|
|
@ -304,9 +303,9 @@ func restoreTeam(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("restoreTeam", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("restoreTeam", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
|
||||
if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeam) {
|
||||
c.SetPermissionError(model.PermissionManageTeam)
|
||||
|
|
@ -381,12 +380,12 @@ func updateTeamPrivacy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateTeamPrivacy", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "privacy", privacy)
|
||||
auditRec := c.MakeAuditRecord("updateTeamPrivacy", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "privacy", privacy)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeam) {
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
c.SetPermissionError(model.PermissionManageTeam)
|
||||
return
|
||||
}
|
||||
|
|
@ -432,8 +431,8 @@ func regenerateTeamInviteId(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("regenerateTeamInviteId", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
auditRec := c.MakeAuditRecord("regenerateTeamInviteId", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
patchedTeam, err := c.App.RegenerateTeamInviteId(c.Params.TeamId)
|
||||
|
|
@ -465,11 +464,11 @@ func deleteTeam(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteTeam", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteTeam", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if team, err := c.App.GetTeam(c.Params.TeamId); err == nil {
|
||||
audit.AddEventParameterAuditable(auditRec, "team", team)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "team", team)
|
||||
}
|
||||
|
||||
var err *model.AppError
|
||||
|
|
@ -733,8 +732,8 @@ func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("addTeamMember", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "member", &member)
|
||||
auditRec := c.MakeAuditRecord("addTeamMember", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "member", &member)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if member.UserId == c.AppContext.Session().UserId {
|
||||
|
|
@ -778,7 +777,7 @@ func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.Err = err
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "team", team)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "team", team)
|
||||
|
||||
if team.IsGroupConstrained() {
|
||||
nonMembers, err := c.App.FilterNonGroupTeamMembers([]string{member.UserId}, team)
|
||||
|
|
@ -820,9 +819,9 @@ func addUserToTeamFromInvite(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
var member *model.TeamMember
|
||||
var err *model.AppError
|
||||
|
||||
auditRec := c.MakeAuditRecord("addUserToTeamFromInvite", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("addUserToTeamFromInvite", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "invite_id", inviteId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "invite_id", inviteId)
|
||||
|
||||
if tokenId != "" {
|
||||
member, err = c.App.AddTeamMemberByToken(c.AppContext, c.AppContext.Session().UserId, tokenId)
|
||||
|
|
@ -878,8 +877,8 @@ func addTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("addTeamMembers", audit.Fail)
|
||||
audit.AddEventParameterAuditableArray(auditRec, "members", members)
|
||||
auditRec := c.MakeAuditRecord("addTeamMembers", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableArrayToAuditRec(auditRec, "members", members)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
auditRec.AddMeta("count", len(members))
|
||||
|
||||
|
|
@ -894,7 +893,7 @@ func addTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.Err = appErr
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "team", team)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "team", team)
|
||||
|
||||
if team.IsGroupConstrained() {
|
||||
nonMembers, err := c.App.FilterNonGroupTeamMembers(memberIDs, team)
|
||||
|
|
@ -990,7 +989,7 @@ func removeTeamMember(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("removeTeamMember", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("removeTeamMember", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if c.AppContext.Session().UserId != c.Params.UserId {
|
||||
|
|
@ -1000,22 +999,22 @@ func removeTeamMember(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
}
|
||||
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
|
||||
team, err := c.App.GetTeam(c.Params.TeamId)
|
||||
if err != nil {
|
||||
c.Err = err
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "team", team)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "team", team)
|
||||
|
||||
user, err := c.App.GetUser(c.Params.UserId)
|
||||
if err != nil {
|
||||
c.Err = err
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "user", user)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", user)
|
||||
|
||||
if team.IsGroupConstrained() && (c.Params.UserId != c.AppContext.Session().UserId) && !user.IsBot {
|
||||
c.Err = model.NewAppError("removeTeamMember", "api.team.remove_member.group_constrained.app_error", nil, "", http.StatusBadRequest)
|
||||
|
|
@ -1100,9 +1099,9 @@ func updateTeamMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateTeamMemberRoles", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateTeamMemberRoles", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "roles", newRoles)
|
||||
model.AddEventParameterToAuditRec(auditRec, "roles", newRoles)
|
||||
|
||||
if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeamRoles) {
|
||||
c.SetPermissionError(model.PermissionManageTeamRoles)
|
||||
|
|
@ -1134,9 +1133,9 @@ func updateTeamMemberSchemeRoles(c *Context, w http.ResponseWriter, r *http.Requ
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateTeamMemberSchemeRoles", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateTeamMemberSchemeRoles", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "scheme_roles", &schemeRoles)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "scheme_roles", &schemeRoles)
|
||||
|
||||
if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeamRoles) {
|
||||
c.SetPermissionError(model.PermissionManageTeamRoles)
|
||||
|
|
@ -1372,9 +1371,9 @@ func importTeam(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("importTeam", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("importTeam", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
|
||||
fileInfo := fileInfoArray[0]
|
||||
|
||||
|
|
@ -1384,9 +1383,9 @@ func importTeam(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
defer fileData.Close()
|
||||
audit.AddEventParameter(auditRec, "filename", fileInfo.Filename)
|
||||
audit.AddEventParameter(auditRec, "filesize", fileSize)
|
||||
audit.AddEventParameter(auditRec, "from", importFrom)
|
||||
model.AddEventParameterToAuditRec(auditRec, "filename", fileInfo.Filename)
|
||||
model.AddEventParameterToAuditRec(auditRec, "filesize", fileSize)
|
||||
model.AddEventParameterToAuditRec(auditRec, "from", importFrom)
|
||||
|
||||
var log *bytes.Buffer
|
||||
data := map[string]string{}
|
||||
|
|
@ -1448,10 +1447,10 @@ func inviteUsersToTeam(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
emailList[i] = strings.ToLower(emailList[i])
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("inviteUsersToTeam", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("inviteUsersToTeam", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "member_invite", memberInvite)
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "member_invite", memberInvite)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
auditRec.AddMeta("count", len(emailList))
|
||||
auditRec.AddMeta("emails", emailList)
|
||||
|
||||
|
|
@ -1542,9 +1541,9 @@ func inviteGuestsToChannels(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("inviteGuestsToChannels", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("inviteGuestsToChannels", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
|
||||
if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionInviteGuest) {
|
||||
c.SetPermissionError(model.PermissionInviteGuest)
|
||||
|
|
@ -1563,7 +1562,7 @@ func inviteGuestsToChannels(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
c.Err = model.NewAppError("Api4.inviteGuestsToChannels", "api.team.invite_guests_to_channels.invalid_body.app_error", nil, "", http.StatusBadRequest).Wrap(err)
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "guests_invite", &guestsInvite)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "guests_invite", &guestsInvite)
|
||||
|
||||
for i, email := range guestsInvite.Emails {
|
||||
guestsInvite.Emails[i] = strings.ToLower(email)
|
||||
|
|
@ -1659,7 +1658,7 @@ func invalidateAllEmailInvites(c *Context, w http.ResponseWriter, r *http.Reques
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("invalidateAllEmailInvites", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("invalidateAllEmailInvites", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if err := c.App.InvalidateAllEmailInvites(c.AppContext); err != nil {
|
||||
|
|
@ -1721,9 +1720,9 @@ func setTeamIcon(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("setTeamIcon", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("setTeamIcon", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
|
||||
if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeam) {
|
||||
c.SetPermissionError(model.PermissionManageTeam)
|
||||
|
|
@ -1772,9 +1771,9 @@ func removeTeamIcon(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("removeTeamIcon", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("removeTeamIcon", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
|
||||
if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeam) {
|
||||
c.SetPermissionError(model.PermissionManageTeam)
|
||||
|
|
@ -1810,8 +1809,8 @@ func updateTeamScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateTeamScheme", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "scheme_id_patch", &p)
|
||||
auditRec := c.MakeAuditRecord("updateTeamScheme", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "scheme_id_patch", &p)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if c.App.Channels().License() == nil {
|
||||
|
|
@ -1830,7 +1829,7 @@ func updateTeamScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.Err = err
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "scheme", scheme)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "scheme", scheme)
|
||||
|
||||
if scheme.Scope != model.SchemeScopeTeam {
|
||||
c.Err = model.NewAppError("Api4.UpdateTeamScheme", "api.team.update_team_scheme.scheme_scope.error", nil, "", http.StatusBadRequest)
|
||||
|
|
@ -1843,7 +1842,7 @@ func updateTeamScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.Err = err
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "team", team)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "team", team)
|
||||
|
||||
team.SchemeId = schemeID
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app/email"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/store"
|
||||
)
|
||||
|
||||
|
|
@ -42,8 +41,8 @@ func localDeleteTeam(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("localDeleteTeam", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
auditRec := c.MakeAuditRecord("localDeleteTeam", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if team, err := c.App.GetTeam(c.Params.TeamId); err == nil {
|
||||
|
|
@ -100,10 +99,10 @@ func localInviteUsersToTeam(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
emailList[i] = email
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("localInviteUsersToTeam", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "member_invite", memberInvite)
|
||||
auditRec := c.MakeAuditRecord("localInviteUsersToTeam", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "member_invite", memberInvite)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
auditRec.AddMeta("count", len(emailList))
|
||||
auditRec.AddMeta("emails", emailList)
|
||||
|
||||
|
|
@ -248,9 +247,9 @@ func localCreateTeam(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
team.Email = strings.ToLower(team.Email)
|
||||
|
||||
auditRec := c.MakeAuditRecord("localCreateTeam", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localCreateTeam", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "team", &team)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "team", &team)
|
||||
|
||||
rteam, err := c.App.CreateTeam(c.AppContext, &team)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitTermsOfService() {
|
||||
|
|
@ -41,7 +40,7 @@ func createTermsOfService(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createTermsOfService", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createTermsOfService", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
props := model.MapFromJSON(r.Body)
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitUpload() {
|
||||
|
|
@ -40,9 +39,9 @@ func createUpload(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
us.RemoteId = ""
|
||||
us.ReqFileId = ""
|
||||
|
||||
auditRec := c.MakeAuditRecord("createUpload", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createUpload", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "upload", &us)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "upload", &us)
|
||||
|
||||
if us.Type == model.UploadTypeImport {
|
||||
if !c.IsSystemAdmin() {
|
||||
|
|
@ -119,9 +118,9 @@ func uploadData(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("uploadData", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("uploadData", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "upload_id", c.Params.UploadId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "upload_id", c.Params.UploadId)
|
||||
|
||||
c.AppContext = c.AppContext.With(app.RequestContextWithMaster)
|
||||
us, err := c.App.GetUploadSession(c.AppContext, c.Params.UploadId)
|
||||
|
|
|
|||
|
|
@ -18,7 +18,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/store"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/utils"
|
||||
)
|
||||
|
|
@ -124,11 +123,11 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
inviteId := r.URL.Query().Get("iid")
|
||||
redirect := r.URL.Query().Get("r")
|
||||
|
||||
auditRec := c.MakeAuditRecord("createUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "invite_id", inviteId)
|
||||
audit.AddEventParameter(auditRec, "redirect", redirect)
|
||||
audit.AddEventParameterAuditable(auditRec, "user", &user)
|
||||
model.AddEventParameterToAuditRec(auditRec, "invite_id", inviteId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "redirect", redirect)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", &user)
|
||||
|
||||
// No permission check required
|
||||
|
||||
|
|
@ -471,10 +470,10 @@ func setProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("setProfileImage", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("setProfileImage", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
if imageArray[0] != nil {
|
||||
audit.AddEventParameter(auditRec, "filename", imageArray[0].Filename)
|
||||
model.AddEventParameterToAuditRec(auditRec, "filename", imageArray[0].Filename)
|
||||
}
|
||||
|
||||
user, err := c.App.GetUser(c.Params.UserId)
|
||||
|
|
@ -520,8 +519,8 @@ func setDefaultProfileImage(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("setDefaultProfileImage", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
auditRec := c.MakeAuditRecord("setDefaultProfileImage", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
user, err := c.App.GetUser(c.Params.UserId)
|
||||
|
|
@ -529,7 +528,7 @@ func setDefaultProfileImage(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
c.Err = err
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "user", user)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", user)
|
||||
|
||||
if err := c.App.SetDefaultProfileImage(c.AppContext, user); err != nil {
|
||||
c.Err = err
|
||||
|
|
@ -1248,7 +1247,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
var user model.User
|
||||
|
|
@ -1257,7 +1256,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameterAuditable(auditRec, "user", &user)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", &user)
|
||||
// The user being updated in the payload must be the same one as indicated in the URL.
|
||||
if user.Id != c.Params.UserId {
|
||||
c.SetInvalidParam("user_id")
|
||||
|
|
@ -1337,8 +1336,8 @@ func patchUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("patchUser", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "user_patch", &patch)
|
||||
auditRec := c.MakeAuditRecord("patchUser", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user_patch", &patch)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionToUserOrBot(c.AppContext, *c.AppContext.Session(), c.Params.UserId) {
|
||||
|
|
@ -1416,9 +1415,9 @@ func deleteUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
userId := c.Params.UserId
|
||||
permanent := c.Params.Permanent
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteUser", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "user_id", userId)
|
||||
audit.AddEventParameter(auditRec, "permanent", permanent)
|
||||
auditRec := c.MakeAuditRecord("deleteUser", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", userId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "permanent", permanent)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionToUserOrBot(c.AppContext, *c.AppContext.Session(), userId) {
|
||||
|
|
@ -1490,8 +1489,8 @@ func updateUserRoles(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateUserRoles", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "roles", newRoles)
|
||||
auditRec := c.MakeAuditRecord("updateUserRoles", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "roles", newRoles)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageRoles) {
|
||||
|
|
@ -1527,9 +1526,9 @@ func updateUserActive(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateUserActive", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateUserActive", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "active", active)
|
||||
model.AddEventParameterToAuditRec(auditRec, "active", active)
|
||||
|
||||
// true when you're trying to de-activate yourself
|
||||
isSelfDeactivate := !active && c.Params.UserId == c.AppContext.Session().UserId
|
||||
|
|
@ -1601,7 +1600,7 @@ func updateUserAuth(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateUserAuth", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateUserAuth", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
var userAuth model.UserAuth
|
||||
|
|
@ -1610,7 +1609,7 @@ func updateUserAuth(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameterAuditable(auditRec, "user_auth", &userAuth)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user_auth", &userAuth)
|
||||
|
||||
if userAuth.AuthData == nil || *userAuth.AuthData == "" || userAuth.AuthService == "" {
|
||||
c.Err = model.NewAppError("updateUserAuth", "api.user.update_user_auth.invalid_request", nil, "", http.StatusBadRequest)
|
||||
|
|
@ -1643,7 +1642,7 @@ func updateUserMfa(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateUserMfa", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateUserMfa", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if c.AppContext.Session().IsOAuth {
|
||||
|
|
@ -1663,7 +1662,7 @@ func updateUserMfa(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
if user, appErr := c.App.GetUser(c.Params.UserId); appErr == nil {
|
||||
audit.AddEventParameterAuditable(auditRec, "user", user)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", user)
|
||||
}
|
||||
|
||||
props := model.StringInterfaceFromJSON(r.Body)
|
||||
|
|
@ -1736,13 +1735,13 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
props := model.MapFromJSON(r.Body)
|
||||
newPassword := props["new_password"]
|
||||
|
||||
auditRec := c.MakeAuditRecord("updatePassword", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updatePassword", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempted")
|
||||
|
||||
var canUpdatePassword bool
|
||||
if user, err := c.App.GetUser(c.Params.UserId); err == nil {
|
||||
audit.AddEventParameterAuditable(auditRec, "user", user)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", user)
|
||||
|
||||
if user.IsSystemAdmin() {
|
||||
canUpdatePassword = c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem)
|
||||
|
|
@ -1802,7 +1801,7 @@ func resetPassword(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
newPassword := props["new_password"]
|
||||
|
||||
auditRec := c.MakeAuditRecord("resetPassword", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("resetPassword", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt - token=" + token)
|
||||
|
||||
|
|
@ -1828,9 +1827,9 @@ func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("sendPasswordReset", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("sendPasswordReset", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "email", email)
|
||||
model.AddEventParameterToAuditRec(auditRec, "email", email)
|
||||
|
||||
sent, err := c.App.SendPasswordReset(c.AppContext, email, c.App.GetSiteURL())
|
||||
if err != nil {
|
||||
|
|
@ -1937,10 +1936,10 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("login", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("login", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "login_id", loginId)
|
||||
audit.AddEventParameter(auditRec, "device_id", deviceId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "login_id", loginId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "device_id", deviceId)
|
||||
|
||||
c.LogAuditWithUserId(id, "attempt - login_id="+loginId)
|
||||
|
||||
|
|
@ -2065,9 +2064,9 @@ func loginCWS(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("login", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("login", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "login_id", loginID)
|
||||
model.AddEventParameterToAuditRec(auditRec, "login_id", loginID)
|
||||
user, err := c.App.AuthenticateUserForLogin(c.AppContext, "", loginID, "", "", token, false)
|
||||
if err != nil {
|
||||
c.LogAuditWithUserId("", "failure - login_id="+loginID)
|
||||
|
|
@ -2075,7 +2074,7 @@ func loginCWS(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
http.Redirect(w, r, *c.App.Config().ServiceSettings.SiteURL, http.StatusFound)
|
||||
return
|
||||
}
|
||||
audit.AddEventParameterAuditable(auditRec, "user", user)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", user)
|
||||
c.LogAuditWithUserId(user.Id, "authenticated")
|
||||
isMobileDevice := utils.IsMobileRequest(r)
|
||||
session, err := c.App.DoLogin(c.AppContext, w, r, user, "", isMobileDevice, false, false)
|
||||
|
|
@ -2108,7 +2107,7 @@ func logout(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func Logout(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("Logout", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("Logout", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("")
|
||||
|
||||
|
|
@ -2162,7 +2161,7 @@ func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("revokeSession", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("revokeSession", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
||||
|
|
@ -2176,7 +2175,7 @@ func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.SetInvalidParam("session_id")
|
||||
return
|
||||
}
|
||||
audit.AddEventParameter(auditRec, "session_id", sessionId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "session_id", sessionId)
|
||||
|
||||
session, err := c.App.GetSessionById(c.AppContext, sessionId)
|
||||
if err != nil {
|
||||
|
|
@ -2209,9 +2208,9 @@ func revokeAllSessionsForUser(c *Context, w http.ResponseWriter, r *http.Request
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("revokeAllSessionsForUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("revokeAllSessionsForUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
|
||||
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
||||
c.SetPermissionError(model.PermissionEditOtherUsers)
|
||||
|
|
@ -2235,7 +2234,7 @@ func revokeAllSessionsAllUsers(c *Context, w http.ResponseWriter, r *http.Reques
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("revokeAllSessionsAllUsers", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("revokeAllSessionsAllUsers", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if err := c.App.RevokeSessionsFromAllUsers(); err != nil {
|
||||
|
|
@ -2292,9 +2291,9 @@ func handleDeviceProps(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func attachDeviceId(c *Context, w http.ResponseWriter, r *http.Request, deviceId string) {
|
||||
auditRec := c.MakeAuditRecord("attachDeviceId", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("attachDeviceId", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "device_id", deviceId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "device_id", deviceId)
|
||||
|
||||
// A special case where we logout of all other sessions with the same device id
|
||||
if err := c.App.RevokeSessionsForDeviceId(c.AppContext, c.AppContext.Session().UserId, deviceId, c.AppContext.Session().Id); err != nil {
|
||||
|
|
@ -2347,12 +2346,12 @@ func getUserAudits(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("getUserAudits", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
auditRec := c.MakeAuditRecord("getUserAudits", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if user, err := c.App.GetUser(c.Params.UserId); err == nil {
|
||||
audit.AddEventParameterAuditable(auditRec, "user", user)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", user)
|
||||
}
|
||||
|
||||
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
||||
|
|
@ -2384,7 +2383,7 @@ func verifyUserEmail(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("verifyUserEmail", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("verifyUserEmail", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if err := c.App.VerifyEmailFromToken(c.AppContext, token); err != nil {
|
||||
|
|
@ -2409,10 +2408,10 @@ func sendVerificationEmail(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
redirect := r.URL.Query().Get("r")
|
||||
|
||||
auditRec := c.MakeAuditRecord("sendVerificationEmail", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("sendVerificationEmail", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "email", email)
|
||||
audit.AddEventParameter(auditRec, "redirect", redirect)
|
||||
model.AddEventParameterToAuditRec(auditRec, "email", email)
|
||||
model.AddEventParameterToAuditRec(auditRec, "redirect", redirect)
|
||||
|
||||
user, err := c.App.GetUserForLogin(c.AppContext, "", email)
|
||||
if err != nil {
|
||||
|
|
@ -2440,9 +2439,9 @@ func switchAccountType(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("switchAccountType", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("switchAccountType", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "switch_request", &switchRequest)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "switch_request", &switchRequest)
|
||||
|
||||
link := ""
|
||||
var err *model.AppError
|
||||
|
|
@ -2484,8 +2483,8 @@ func createUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createUserAccessToken", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
auditRec := c.MakeAuditRecord("createUserAccessToken", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
user, err := c.App.GetUser(c.Params.UserId)
|
||||
|
|
@ -2494,7 +2493,7 @@ func createUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
audit.AddEventParameterAuditable(auditRec, "user", user)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", user)
|
||||
|
||||
if user.IsRemote() {
|
||||
// remote/synthetic users cannot have access tokens
|
||||
|
|
@ -2679,9 +2678,9 @@ func revokeUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.SetInvalidParam("token_id")
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("revokeUserAccessToken", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("revokeUserAccessToken", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "token_id", tokenId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "token_id", tokenId)
|
||||
c.LogAudit("")
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionRevokeUserAccessToken) {
|
||||
|
|
@ -2696,7 +2695,7 @@ func revokeUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
if user, errGet := c.App.GetUser(accessToken.UserId); errGet == nil {
|
||||
audit.AddEventParameterAuditable(auditRec, "user", user)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", user)
|
||||
}
|
||||
|
||||
if !c.App.SessionHasPermissionToUserOrBot(c.AppContext, *c.AppContext.Session(), accessToken.UserId) {
|
||||
|
|
@ -2723,8 +2722,8 @@ func disableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
c.SetInvalidParam("token_id")
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("disableUserAccessToken", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "token_id", tokenId)
|
||||
auditRec := c.MakeAuditRecord("disableUserAccessToken", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "token_id", tokenId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("")
|
||||
|
||||
|
|
@ -2741,7 +2740,7 @@ func disableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
}
|
||||
|
||||
if user, errGet := c.App.GetUser(accessToken.UserId); errGet == nil {
|
||||
audit.AddEventParameterAuditable(auditRec, "user", user)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", user)
|
||||
}
|
||||
|
||||
if !c.App.SessionHasPermissionToUserOrBot(c.AppContext, *c.AppContext.Session(), accessToken.UserId) {
|
||||
|
|
@ -2768,9 +2767,9 @@ func enableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.SetInvalidParam("token_id")
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("enableUserAccessToken", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("enableUserAccessToken", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "token_id", tokenId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "token_id", tokenId)
|
||||
c.LogAudit("")
|
||||
|
||||
// No separate permission for this action for now
|
||||
|
|
@ -2786,7 +2785,7 @@ func enableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
if user, errGet := c.App.GetUser(accessToken.UserId); errGet == nil {
|
||||
audit.AddEventParameterAuditable(auditRec, "user", user)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", user)
|
||||
}
|
||||
|
||||
if !c.App.SessionHasPermissionToUserOrBot(c.AppContext, *c.AppContext.Session(), accessToken.UserId) {
|
||||
|
|
@ -2808,7 +2807,7 @@ func enableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
func saveUserTermsOfService(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
props := model.StringInterfaceFromJSON(r.Body)
|
||||
|
||||
auditRec := c.MakeAuditRecord("saveUserTermsOfService", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("saveUserTermsOfService", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
userId := c.AppContext.Session().UserId
|
||||
|
|
@ -2817,16 +2816,16 @@ func saveUserTermsOfService(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
c.SetInvalidParam("termsOfServiceId")
|
||||
return
|
||||
}
|
||||
audit.AddEventParameter(auditRec, "terms_of_service_id", termsOfServiceId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "terms_of_service_id", termsOfServiceId)
|
||||
accepted, ok := props["accepted"].(bool)
|
||||
if !ok {
|
||||
c.SetInvalidParam("accepted")
|
||||
return
|
||||
}
|
||||
audit.AddEventParameter(auditRec, "accepted", accepted)
|
||||
model.AddEventParameterToAuditRec(auditRec, "accepted", accepted)
|
||||
|
||||
if user, err := c.App.GetUser(userId); err == nil {
|
||||
audit.AddEventParameterAuditable(auditRec, "user", user)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", user)
|
||||
}
|
||||
|
||||
if _, err := c.App.GetTermsOfService(termsOfServiceId); err != nil {
|
||||
|
|
@ -2863,9 +2862,9 @@ func promoteGuestToUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("promoteGuestToUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("promoteGuestToUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionPromoteGuest) {
|
||||
c.SetPermissionError(model.PermissionPromoteGuest)
|
||||
|
|
@ -2916,8 +2915,8 @@ func demoteUserToGuest(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("demoteUserToGuest", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
auditRec := c.MakeAuditRecord("demoteUserToGuest", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionDemoteToGuest) {
|
||||
|
|
@ -2994,8 +2993,8 @@ func verifyUserEmailWithoutToken(c *Context, w http.ResponseWriter, r *http.Requ
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("verifyUserEmailWithoutToken", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
auditRec := c.MakeAuditRecord("verifyUserEmailWithoutToken", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
auditRec.AddMeta("user_id", user.Id)
|
||||
|
||||
|
|
@ -3029,10 +3028,10 @@ func convertUserToBot(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("convertUserToBot", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
auditRec := c.MakeAuditRecord("convertUserToBot", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "user", user)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "user", user)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
||||
c.SetPermissionError(model.PermissionManageSystem)
|
||||
|
|
@ -3183,11 +3182,11 @@ func migrateAuthToLDAP(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("migrateAuthToLdap", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("migrateAuthToLdap", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "from", from)
|
||||
audit.AddEventParameter(auditRec, "force", force)
|
||||
audit.AddEventParameter(auditRec, "match_field", matchField)
|
||||
model.AddEventParameterToAuditRec(auditRec, "from", from)
|
||||
model.AddEventParameterToAuditRec(auditRec, "force", force)
|
||||
model.AddEventParameterToAuditRec(auditRec, "match_field", matchField)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
||||
c.SetPermissionError(model.PermissionManageSystem)
|
||||
|
|
@ -3242,11 +3241,11 @@ func migrateAuthToSaml(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
usersMap := model.MapFromJSON(strings.NewReader(model.StringInterfaceToJSON(matches)))
|
||||
|
||||
auditRec := c.MakeAuditRecord("migrateAuthToSaml", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("migrateAuthToSaml", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "from", from)
|
||||
audit.AddEventParameter(auditRec, "auto", auto)
|
||||
audit.AddEventParameter(auditRec, "users_map", usersMap)
|
||||
model.AddEventParameterToAuditRec(auditRec, "from", from)
|
||||
model.AddEventParameterToAuditRec(auditRec, "auto", auto)
|
||||
model.AddEventParameterToAuditRec(auditRec, "users_map", usersMap)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
||||
c.SetPermissionError(model.PermissionManageSystem)
|
||||
|
|
@ -3393,12 +3392,12 @@ func updateReadStateThreadByUser(c *Context, w http.ResponseWriter, r *http.Requ
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateReadStateThreadByUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateReadStateThreadByUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
audit.AddEventParameter(auditRec, "thread_id", c.Params.ThreadId)
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
audit.AddEventParameter(auditRec, "timestamp", c.Params.Timestamp)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "thread_id", c.Params.ThreadId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "timestamp", c.Params.Timestamp)
|
||||
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
||||
c.SetPermissionError(model.PermissionEditOtherUsers)
|
||||
return
|
||||
|
|
@ -3427,12 +3426,12 @@ func setUnreadThreadByPostId(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("setUnreadThreadByPostId", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("setUnreadThreadByPostId", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
audit.AddEventParameter(auditRec, "thread_id", c.Params.ThreadId)
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
audit.AddEventParameter(auditRec, "post_id", c.Params.PostId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "thread_id", c.Params.ThreadId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "post_id", c.Params.PostId)
|
||||
|
||||
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
||||
c.SetPermissionError(model.PermissionEditOtherUsers)
|
||||
|
|
@ -3471,11 +3470,11 @@ func unfollowThreadByUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("unfollowThreadByUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("unfollowThreadByUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
audit.AddEventParameter(auditRec, "thread_id", c.Params.ThreadId)
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "thread_id", c.Params.ThreadId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
|
||||
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
||||
c.SetPermissionError(model.PermissionEditOtherUsers)
|
||||
|
|
@ -3503,11 +3502,11 @@ func followThreadByUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("followThreadByUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("followThreadByUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
audit.AddEventParameter(auditRec, "thread_id", c.Params.ThreadId)
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "thread_id", c.Params.ThreadId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
|
||||
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
||||
c.SetPermissionError(model.PermissionEditOtherUsers)
|
||||
|
|
@ -3535,10 +3534,10 @@ func updateReadStateAllThreadsByUser(c *Context, w http.ResponseWriter, r *http.
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateReadStateAllThreadsByUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateReadStateAllThreadsByUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId)
|
||||
|
||||
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
||||
c.SetPermissionError(model.PermissionEditOtherUsers)
|
||||
|
|
@ -3589,7 +3588,7 @@ func resetPasswordFailedAttempts(c *Context, w http.ResponseWriter, r *http.Requ
|
|||
}
|
||||
errParams := map[string]any{"userID": c.Params.UserId}
|
||||
|
||||
auditRec := c.MakeAuditRecord("resetPasswordFailedAttempts", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("resetPasswordFailedAttempts", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteUserManagementUsers) {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/store"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/utils"
|
||||
)
|
||||
|
|
@ -320,7 +319,7 @@ func localDeleteUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
userId := c.Params.UserId
|
||||
|
||||
auditRec := c.MakeAuditRecord("localDeleteUser", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localDeleteUser", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
user, err := c.App.GetUser(userId)
|
||||
|
|
@ -328,7 +327,7 @@ func localDeleteUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
c.Err = err
|
||||
return
|
||||
}
|
||||
audit.AddEventParameter(auditRec, "user_id", c.Params.UserId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId)
|
||||
auditRec.AddEventPriorState(user)
|
||||
auditRec.AddEventObjectType("user")
|
||||
|
||||
|
|
@ -347,7 +346,7 @@ func localDeleteUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func localPermanentDeleteAllUsers(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
auditRec := c.MakeAuditRecord("localPermanentDeleteAllUsers", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localPermanentDeleteAllUsers", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
if err := c.App.PermanentDeleteAllUsers(c.AppContext); err != nil {
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitWebhook() {
|
||||
|
|
@ -40,10 +39,10 @@ func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createIncomingHook", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createIncomingHook", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "incoming_webhook", &hook)
|
||||
audit.AddEventParameterAuditable(auditRec, "channel", channel)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "incoming_webhook", &hook)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "channel", channel)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PermissionManageIncomingWebhooks) {
|
||||
|
|
@ -108,9 +107,9 @@ func updateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateIncomingHook", audit.Fail)
|
||||
audit.AddEventParameter(auditRec, "hook_id", c.Params.HookId)
|
||||
audit.AddEventParameterAuditable(auditRec, "updated_hook", &updatedHook)
|
||||
auditRec := c.MakeAuditRecord("updateIncomingHook", model.AuditStatusFail)
|
||||
model.AddEventParameterToAuditRec(auditRec, "hook_id", c.Params.HookId)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "updated_hook", &updatedHook)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
@ -261,9 +260,9 @@ func getIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("getIncomingHook", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("getIncomingHook", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "hook_id", c.Params.HookId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "hook_id", c.Params.HookId)
|
||||
auditRec.AddMeta("hook_id", hook.Id)
|
||||
auditRec.AddMeta("hook_display", hook.DisplayName)
|
||||
auditRec.AddMeta("channel_id", hook.ChannelId)
|
||||
|
|
@ -321,9 +320,9 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteIncomingHook", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteIncomingHook", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "hook_id", c.Params.HookId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "hook_id", c.Params.HookId)
|
||||
auditRec.AddMeta("hook_id", hook.Id)
|
||||
auditRec.AddMeta("hook_display", hook.DisplayName)
|
||||
auditRec.AddMeta("channel_id", channel.Id)
|
||||
|
|
@ -372,9 +371,9 @@ func updateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("updateOutgoingHook", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("updateOutgoingHook", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "updated_hook", &updatedHook)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "updated_hook", &updatedHook)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
oldHook, err := c.App.GetOutgoingWebhook(c.Params.HookId)
|
||||
|
|
@ -426,8 +425,8 @@ func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createOutgoingHook", audit.Fail)
|
||||
audit.AddEventParameterAuditable(auditRec, "hook", &hook)
|
||||
auditRec := c.MakeAuditRecord("createOutgoingHook", model.AuditStatusFail)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "hook", &hook)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
@ -547,9 +546,9 @@ func getOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("getOutgoingHook", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("getOutgoingHook", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "hook_id", c.Params.HookId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "hook_id", c.Params.HookId)
|
||||
auditRec.AddMeta("hook_id", hook.Id)
|
||||
auditRec.AddMeta("hook_display", hook.DisplayName)
|
||||
auditRec.AddMeta("channel_id", hook.ChannelId)
|
||||
|
|
@ -587,7 +586,7 @@ func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("regenOutgoingHookToken", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("regenOutgoingHookToken", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
auditRec.AddMeta("hook_id", hook.Id)
|
||||
auditRec.AddMeta("hook_display", hook.DisplayName)
|
||||
|
|
@ -634,9 +633,9 @@ func deleteOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deleteOutgoingHook", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deleteOutgoingHook", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "hook_id", c.Params.HookId)
|
||||
model.AddEventParameterToAuditRec(auditRec, "hook_id", c.Params.HookId)
|
||||
auditRec.AddMeta("hook_id", hook.Id)
|
||||
auditRec.AddMeta("hook_display", hook.DisplayName)
|
||||
auditRec.AddMeta("channel_id", hook.ChannelId)
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
func (api *API) InitWebhookLocal() {
|
||||
|
|
@ -49,10 +48,10 @@ func localCreateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("localCreateIncomingHook", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("localCreateIncomingHook", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "hook", &hook)
|
||||
audit.AddEventParameterAuditable(auditRec, "channel", channel)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "hook", &hook)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "channel", channel)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
incomingHook, err := c.App.CreateIncomingWebhookForChannel(hook.UserId, channel, &hook)
|
||||
|
|
@ -79,9 +78,9 @@ func localCreateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("createOutgoingHook", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("createOutgoingHook", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameterAuditable(auditRec, "hook", &hook)
|
||||
model.AddEventParameterAuditableToAuditRec(auditRec, "hook", &hook)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
if hook.CreatorId == "" {
|
||||
|
|
|
|||
|
|
@ -63,12 +63,12 @@ func (a *App) GetAuditsPage(rctx request.CTX, userID string, page int, perPage i
|
|||
}
|
||||
|
||||
// LogAuditRec logs an audit record using default LvlAuditCLI.
|
||||
func (a *App) LogAuditRec(rctx request.CTX, rec *audit.Record, err error) {
|
||||
func (a *App) LogAuditRec(rctx request.CTX, rec *model.AuditRecord, err error) {
|
||||
a.LogAuditRecWithLevel(rctx, rec, mlog.LvlAuditCLI, err)
|
||||
}
|
||||
|
||||
// LogAuditRecWithLevel logs an audit record using specified Level.
|
||||
func (a *App) LogAuditRecWithLevel(rctx request.CTX, rec *audit.Record, level mlog.Level, err error) {
|
||||
func (a *App) LogAuditRecWithLevel(rctx request.CTX, rec *model.AuditRecord, level mlog.Level, err error) {
|
||||
if rec == nil {
|
||||
return
|
||||
}
|
||||
|
|
@ -84,28 +84,28 @@ func (a *App) LogAuditRecWithLevel(rctx request.CTX, rec *audit.Record, level ml
|
|||
}
|
||||
|
||||
// MakeAuditRecord creates a audit record pre-populated with defaults.
|
||||
func (a *App) MakeAuditRecord(rctx request.CTX, event string, initialStatus string) *audit.Record {
|
||||
func (a *App) MakeAuditRecord(rctx request.CTX, event string, initialStatus string) *model.AuditRecord {
|
||||
var userID string
|
||||
user, err := user.Current()
|
||||
if err == nil {
|
||||
userID = fmt.Sprintf("%s:%s", user.Uid, user.Username)
|
||||
}
|
||||
|
||||
rec := &audit.Record{
|
||||
rec := &model.AuditRecord{
|
||||
EventName: event,
|
||||
Status: initialStatus,
|
||||
Meta: map[string]any{
|
||||
audit.KeyAPIPath: "",
|
||||
audit.KeyClusterID: a.GetClusterId(),
|
||||
model.AuditKeyAPIPath: "",
|
||||
model.AuditKeyClusterID: a.GetClusterId(),
|
||||
},
|
||||
Actor: audit.EventActor{
|
||||
Actor: model.AuditEventActor{
|
||||
UserId: userID,
|
||||
SessionId: "",
|
||||
Client: fmt.Sprintf("server %s-%s", model.BuildNumber, model.BuildHash),
|
||||
IpAddress: "",
|
||||
XForwardedFor: "",
|
||||
},
|
||||
EventData: audit.EventData{
|
||||
EventData: model.AuditEventData{
|
||||
Parameters: map[string]any{},
|
||||
PriorState: map[string]any{},
|
||||
ResultState: map[string]any{},
|
||||
|
|
|
|||
|
|
@ -197,6 +197,21 @@ func (api *PluginAPI) GetTeamsForUser(userID string) ([]*model.Team, *model.AppE
|
|||
return api.app.GetTeamsForUser(userID)
|
||||
}
|
||||
|
||||
func (api *PluginAPI) LogAuditRec(rec *model.AuditRecord) {
|
||||
api.LogAuditRecWithLevel(rec, mlog.LvlAuditCLI)
|
||||
}
|
||||
|
||||
func (api *PluginAPI) LogAuditRecWithLevel(rec *model.AuditRecord, level mlog.Level) {
|
||||
if rec == nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Ensure the plugin_id is always logged with the correct ID
|
||||
model.AddEventParameterToAuditRec(rec, "plugin_id", api.id)
|
||||
|
||||
api.app.Srv().Audit.LogRecord(level, *rec)
|
||||
}
|
||||
|
||||
func (api *PluginAPI) CreateTeamMember(teamID, userID string) (*model.TeamMember, *model.AppError) {
|
||||
return api.app.AddTeamMember(api.ctx, teamID, userID)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/shared/request"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app/platform"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app/users"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/store"
|
||||
)
|
||||
|
||||
|
|
@ -346,7 +345,7 @@ func (a *App) ExtendSessionExpiryIfNeeded(rctx request.CTX, session *model.Sessi
|
|||
return false
|
||||
}
|
||||
|
||||
auditRec := a.MakeAuditRecord(rctx, "extendSessionExpiry", audit.Fail)
|
||||
auditRec := a.MakeAuditRecord(rctx, "extendSessionExpiry", model.AuditStatusFail)
|
||||
defer a.LogAuditRec(rctx, auditRec, nil)
|
||||
auditRec.AddEventPriorState(session)
|
||||
|
||||
|
|
|
|||
|
|
@ -6,9 +6,12 @@ package audit
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
)
|
||||
|
||||
const DefMaxQueueSize = 1000
|
||||
|
||||
type Audit struct {
|
||||
logger *mlog.Logger
|
||||
|
||||
|
|
@ -30,14 +33,14 @@ func (a *Audit) Init(maxQueueSize int) {
|
|||
}
|
||||
|
||||
// LogRecord emits an audit record with complete info.
|
||||
func (a *Audit) LogRecord(level mlog.Level, rec Record) {
|
||||
func (a *Audit) LogRecord(level mlog.Level, rec model.AuditRecord) {
|
||||
flds := []mlog.Field{
|
||||
mlog.String(KeyEventName, rec.EventName),
|
||||
mlog.String(KeyStatus, rec.Status),
|
||||
mlog.Any(KeyActor, rec.Actor),
|
||||
mlog.Any(KeyEvent, rec.EventData),
|
||||
mlog.Any(KeyMeta, rec.Meta),
|
||||
mlog.Any(KeyError, rec.Error),
|
||||
mlog.String(model.AuditKeyEventName, rec.EventName),
|
||||
mlog.String(model.AuditKeyStatus, rec.Status),
|
||||
mlog.Any(model.AuditKeyActor, rec.Actor),
|
||||
mlog.Any(model.AuditKeyEvent, rec.EventData),
|
||||
mlog.Any(model.AuditKeyMeta, rec.Meta),
|
||||
mlog.Any(model.AuditKeyError, rec.Error),
|
||||
}
|
||||
|
||||
a.logger.Log(level, "", flds...)
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
)
|
||||
|
||||
func TestAudit_LogRecord(t *testing.T) {
|
||||
func TestAudit_LogAuditRecord(t *testing.T) {
|
||||
userId := model.NewId()
|
||||
testCases := []struct {
|
||||
description string
|
||||
|
|
@ -28,7 +28,7 @@ func TestAudit_LogRecord(t *testing.T) {
|
|||
{
|
||||
"empty record",
|
||||
func(audit Audit) {
|
||||
rec := Record{}
|
||||
rec := model.AuditRecord{}
|
||||
audit.LogRecord(mlog.LvlAuditAPI, rec)
|
||||
},
|
||||
[]string{
|
||||
|
|
@ -43,7 +43,7 @@ func TestAudit_LogRecord(t *testing.T) {
|
|||
usr.Username = "TestABC"
|
||||
usr.Password = "hello_world"
|
||||
|
||||
rec := Record{}
|
||||
rec := model.AuditRecord{}
|
||||
rec.AddEventObjectType("user")
|
||||
rec.EventName = "User.Update"
|
||||
rec.AddEventPriorState(usr)
|
||||
|
|
|
|||
|
|
@ -1,26 +0,0 @@
|
|||
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
||||
// See LICENSE.txt for license information.
|
||||
|
||||
package audit
|
||||
|
||||
const (
|
||||
DefMaxQueueSize = 1000
|
||||
|
||||
KeyActor = "actor"
|
||||
KeyAPIPath = "api_path"
|
||||
KeyEvent = "event"
|
||||
KeyEventData = "event_data"
|
||||
KeyEventName = "event_name"
|
||||
KeyMeta = "meta"
|
||||
KeyError = "error"
|
||||
KeyStatus = "status"
|
||||
KeyUserID = "user_id"
|
||||
KeySessionID = "session_id"
|
||||
KeyClient = "client"
|
||||
KeyIPAddress = "ip_address"
|
||||
KeyClusterID = "cluster_id"
|
||||
|
||||
Success = "success"
|
||||
Attempt = "attempt"
|
||||
Fail = "fail"
|
||||
)
|
||||
|
|
@ -13,7 +13,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/public/shared/request"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/utils"
|
||||
)
|
||||
|
||||
|
|
@ -27,7 +26,7 @@ type Context struct {
|
|||
}
|
||||
|
||||
// LogAuditRec logs an audit record using default LevelAPI.
|
||||
func (c *Context) LogAuditRec(rec *audit.Record) {
|
||||
func (c *Context) LogAuditRec(rec *model.AuditRecord) {
|
||||
// finish populating the context data, in case the session wasn't available during MakeAuditRecord
|
||||
// (e.g., api4/user.go login)
|
||||
if rec.Actor.UserId == "" {
|
||||
|
|
@ -43,7 +42,7 @@ func (c *Context) LogAuditRec(rec *audit.Record) {
|
|||
// LogAuditRecWithLevel logs an audit record using specified Level.
|
||||
// If the context is flagged with a permissions error then `level`
|
||||
// is ignored and the audit record is emitted with `LevelPerms`.
|
||||
func (c *Context) LogAuditRecWithLevel(rec *audit.Record, level mlog.Level) {
|
||||
func (c *Context) LogAuditRecWithLevel(rec *model.AuditRecord, level mlog.Level) {
|
||||
if rec == nil {
|
||||
return
|
||||
}
|
||||
|
|
@ -59,11 +58,11 @@ func (c *Context) LogAuditRecWithLevel(rec *audit.Record, level mlog.Level) {
|
|||
}
|
||||
|
||||
// MakeAuditRecord creates an audit record pre-populated with data from this context.
|
||||
func (c *Context) MakeAuditRecord(event string, initialStatus string) *audit.Record {
|
||||
rec := &audit.Record{
|
||||
func (c *Context) MakeAuditRecord(event string, initialStatus string) *model.AuditRecord {
|
||||
rec := &model.AuditRecord{
|
||||
EventName: event,
|
||||
Status: initialStatus,
|
||||
Actor: audit.EventActor{
|
||||
Actor: model.AuditEventActor{
|
||||
UserId: c.AppContext.Session().UserId,
|
||||
SessionId: c.AppContext.Session().Id,
|
||||
Client: c.AppContext.UserAgent(),
|
||||
|
|
@ -71,10 +70,10 @@ func (c *Context) MakeAuditRecord(event string, initialStatus string) *audit.Rec
|
|||
XForwardedFor: c.AppContext.XForwardedFor(),
|
||||
},
|
||||
Meta: map[string]any{
|
||||
audit.KeyAPIPath: c.AppContext.Path(),
|
||||
audit.KeyClusterID: c.App.GetClusterId(),
|
||||
model.AuditKeyAPIPath: c.AppContext.Path(),
|
||||
model.AuditKeyClusterID: c.App.GetClusterId(),
|
||||
},
|
||||
EventData: audit.EventData{
|
||||
EventData: model.AuditEventData{
|
||||
Parameters: map[string]any{},
|
||||
PriorState: map[string]any{},
|
||||
ResultState: map[string]any{},
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/shared/i18n"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/utils"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/utils/fileutils"
|
||||
)
|
||||
|
|
@ -65,7 +64,7 @@ func authorizeOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("authorizeOAuthApp", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("authorizeOAuthApp", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
@ -93,7 +92,7 @@ func deauthorizeOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("deauthorizeOAuthApp", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("deauthorizeOAuthApp", model.AuditStatusFail)
|
||||
auditRec.AddMeta("client_id", clientId)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
|
|
@ -135,7 +134,7 @@ func authorizeOAuthPage(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("authorizeOAuthPage", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("authorizeOAuthPage", model.AuditStatusFail)
|
||||
auditRec.AddMeta("client_id", authRequest.ClientId)
|
||||
auditRec.AddMeta("scope", authRequest.Scope)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
|
@ -243,7 +242,7 @@ func getAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
redirectURI := r.FormValue("redirect_uri")
|
||||
|
||||
auditRec := c.MakeAuditRecord("getAccessToken", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("getAccessToken", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
auditRec.AddMeta("grant_type", grantType)
|
||||
auditRec.AddMeta("client_id", clientId)
|
||||
|
|
@ -275,9 +274,9 @@ func completeOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
service := c.Params.Service
|
||||
|
||||
auditRec := c.MakeAuditRecord("completeOAuth", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("completeOAuth", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
audit.AddEventParameter(auditRec, "service", service)
|
||||
model.AddEventParameterToAuditRec(auditRec, "service", service)
|
||||
|
||||
oauthError := r.URL.Query().Get("error")
|
||||
if oauthError == "access_denied" {
|
||||
|
|
@ -440,7 +439,7 @@ func loginWithOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("loginWithOAuth", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("loginWithOAuth", model.AuditStatusFail)
|
||||
auditRec.AddMeta("service", c.Params.Service)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
|
|
@ -476,7 +475,7 @@ func mobileLoginWithOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("mobileLoginWithOAuth", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("mobileLoginWithOAuth", model.AuditStatusFail)
|
||||
auditRec.AddMeta("service", c.Params.Service)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
|
|
@ -511,7 +510,7 @@ func signupWithOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("signupWithOAuth", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("signupWithOAuth", model.AuditStatusFail)
|
||||
auditRec.AddMeta("service", c.Params.Service)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ import (
|
|||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/plugin"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/utils"
|
||||
)
|
||||
|
||||
|
|
@ -104,7 +103,7 @@ func completeSaml(c *Context, w http.ResponseWriter, r *http.Request) {
|
|||
relayProps = model.MapFromJSON(strings.NewReader(stateStr))
|
||||
}
|
||||
|
||||
auditRec := c.MakeAuditRecord("completeSaml", audit.Fail)
|
||||
auditRec := c.MakeAuditRecord("completeSaml", model.AuditStatusFail)
|
||||
defer c.LogAuditRec(auditRec)
|
||||
c.LogAudit("attempt")
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/request"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"github.com/spf13/cobra"
|
||||
|
|
@ -112,7 +111,7 @@ func scheduleExportCmdF(command *cobra.Command, args []string) error {
|
|||
} else {
|
||||
CommandPrettyPrintln("SUCCESS: Message export job complete")
|
||||
|
||||
auditRec := a.MakeAuditRecord(rctx, "scheduleExport", audit.Success)
|
||||
auditRec := a.MakeAuditRecord(rctx, "scheduleExport", model.AuditStatusSuccess)
|
||||
auditRec.AddMeta("format", format)
|
||||
auditRec.AddMeta("start", startTime)
|
||||
a.LogAuditRec(rctx, auditRec, nil)
|
||||
|
|
@ -179,7 +178,7 @@ func bulkExportCmdF(command *cobra.Command, args []string) error {
|
|||
return err
|
||||
}
|
||||
|
||||
auditRec := a.MakeAuditRecord(rctx, "bulkExport", audit.Success)
|
||||
auditRec := a.MakeAuditRecord(rctx, "bulkExport", model.AuditStatusSuccess)
|
||||
auditRec.AddMeta("all_teams", allTeams)
|
||||
auditRec.AddMeta("file", args[0])
|
||||
a.LogAuditRec(rctx, auditRec, nil)
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ import (
|
|||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/request"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
)
|
||||
|
||||
var ImportCmd = &cobra.Command{
|
||||
|
|
@ -94,7 +93,7 @@ func slackImportCmdF(command *cobra.Command, args []string) error {
|
|||
CommandPrettyPrintln("Finished Slack Import.")
|
||||
CommandPrettyPrintln("")
|
||||
|
||||
auditRec := a.MakeAuditRecord(rctx, "slackImport", audit.Success)
|
||||
auditRec := a.MakeAuditRecord(rctx, "slackImport", model.AuditStatusSuccess)
|
||||
auditRec.AddMeta("team", team)
|
||||
auditRec.AddMeta("file", args[1])
|
||||
a.LogAuditRec(rctx, auditRec, nil)
|
||||
|
|
@ -166,7 +165,7 @@ func bulkImportCmdF(command *cobra.Command, args []string) error {
|
|||
|
||||
if apply {
|
||||
CommandPrettyPrintln("Finished Bulk Import.")
|
||||
auditRec := a.MakeAuditRecord(rctx, "bulkImport", audit.Success)
|
||||
auditRec := a.MakeAuditRecord(rctx, "bulkImport", model.AuditStatusSuccess)
|
||||
auditRec.AddMeta("file", args[0])
|
||||
a.LogAuditRec(rctx, auditRec, nil)
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@ import (
|
|||
|
||||
"github.com/spf13/cobra"
|
||||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/request"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/app"
|
||||
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
||||
"github.com/mattermost/mattermost/server/v8/config"
|
||||
)
|
||||
|
||||
|
|
@ -59,7 +59,7 @@ func jobserverCmdF(command *cobra.Command, args []string) error {
|
|||
}
|
||||
|
||||
if !noJobs || !noSchedule {
|
||||
auditRec := a.MakeAuditRecord(rctx, "jobServer", audit.Success)
|
||||
auditRec := a.MakeAuditRecord(rctx, "jobServer", model.AuditStatusSuccess)
|
||||
a.LogAuditRec(rctx, auditRec, nil)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,28 +1,48 @@
|
|||
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
||||
// See LICENSE.txt for license information.
|
||||
|
||||
package audit
|
||||
package model
|
||||
|
||||
// Record provides a consistent set of fields used for all audit logging.
|
||||
type Record struct {
|
||||
EventName string `json:"event_name"`
|
||||
Status string `json:"status"`
|
||||
EventData EventData `json:"event"`
|
||||
Actor EventActor `json:"actor"`
|
||||
Meta map[string]any `json:"meta"`
|
||||
Error EventError `json:"error,omitempty"`
|
||||
const (
|
||||
AuditKeyActor = "actor"
|
||||
AuditKeyAPIPath = "api_path"
|
||||
AuditKeyEvent = "event"
|
||||
AuditKeyEventData = "event_data"
|
||||
AuditKeyEventName = "event_name"
|
||||
AuditKeyMeta = "meta"
|
||||
AuditKeyError = "error"
|
||||
AuditKeyStatus = "status"
|
||||
AuditKeyUserID = "user_id"
|
||||
AuditKeySessionID = "session_id"
|
||||
AuditKeyClient = "client"
|
||||
AuditKeyIPAddress = "ip_address"
|
||||
AuditKeyClusterID = "cluster_id"
|
||||
|
||||
AuditStatusSuccess = "success"
|
||||
AuditStatusAttempt = "attempt"
|
||||
AuditStatusFail = "fail"
|
||||
)
|
||||
|
||||
// AuditRecord provides a consistent set of fields used for all audit logging.
|
||||
type AuditRecord struct {
|
||||
EventName string `json:"event_name"`
|
||||
Status string `json:"status"`
|
||||
EventData AuditEventData `json:"event"`
|
||||
Actor AuditEventActor `json:"actor"`
|
||||
Meta map[string]any `json:"meta"`
|
||||
Error AuditEventError `json:"error,omitempty"`
|
||||
}
|
||||
|
||||
// EventData contains all event specific data about the modified entity
|
||||
type EventData struct {
|
||||
// AuditEventData contains all event specific data about the modified entity
|
||||
type AuditEventData struct {
|
||||
Parameters map[string]any `json:"parameters"` // Payload and parameters being processed as part of the request
|
||||
PriorState map[string]any `json:"prior_state"` // Prior state of the object being modified, nil if no prior state
|
||||
ResultState map[string]any `json:"resulting_state"` // Resulting object after creating or modifying it
|
||||
ObjectType string `json:"object_type"` // String representation of the object type. eg. "post"
|
||||
}
|
||||
|
||||
// EventActor is the subject triggering the event
|
||||
type EventActor struct {
|
||||
// AuditEventActor is the subject triggering the event
|
||||
type AuditEventActor struct {
|
||||
UserId string `json:"user_id"`
|
||||
SessionId string `json:"session_id"`
|
||||
Client string `json:"client"`
|
||||
|
|
@ -36,8 +56,8 @@ type EventMeta struct {
|
|||
ClusterId string `json:"cluster_id"`
|
||||
}
|
||||
|
||||
// EventError contains error information in case of failure of the event
|
||||
type EventError struct {
|
||||
// AuditEventError contains error information in case of failure of the event
|
||||
type AuditEventError struct {
|
||||
Description string `json:"description,omitempty"`
|
||||
Code int `json:"status_code,omitempty"`
|
||||
}
|
||||
|
|
@ -50,17 +70,17 @@ type Auditable interface {
|
|||
}
|
||||
|
||||
// Success marks the audit record status as successful.
|
||||
func (rec *Record) Success() {
|
||||
rec.Status = Success
|
||||
func (rec *AuditRecord) Success() {
|
||||
rec.Status = AuditStatusSuccess
|
||||
}
|
||||
|
||||
// Fail marks the audit record status as failed.
|
||||
func (rec *Record) Fail() {
|
||||
rec.Status = Fail
|
||||
func (rec *AuditRecord) Fail() {
|
||||
rec.Status = AuditStatusFail
|
||||
}
|
||||
|
||||
// AddEventParameter adds a parameter, e.g. query or post body, to the event
|
||||
func AddEventParameter[T string | bool | int | int64 | []string | map[string]string](rec *Record, key string, val T) {
|
||||
// AddEventParameterToAuditRec adds a parameter, e.g. query or post body, to the event
|
||||
func AddEventParameterToAuditRec[T string | bool | int | int64 | []string | map[string]string](rec *AuditRecord, key string, val T) {
|
||||
if rec.EventData.Parameters == nil {
|
||||
rec.EventData.Parameters = make(map[string]any)
|
||||
}
|
||||
|
|
@ -68,8 +88,8 @@ func AddEventParameter[T string | bool | int | int64 | []string | map[string]str
|
|||
rec.EventData.Parameters[key] = val
|
||||
}
|
||||
|
||||
// AddEventParameterAuditable adds an object that is of type Auditable to the event
|
||||
func AddEventParameterAuditable(rec *Record, key string, val Auditable) {
|
||||
// AddEventParameterAuditableToAuditRec adds an object that is of type Auditable to the event
|
||||
func AddEventParameterAuditableToAuditRec(rec *AuditRecord, key string, val Auditable) {
|
||||
if rec.EventData.Parameters == nil {
|
||||
rec.EventData.Parameters = make(map[string]any)
|
||||
}
|
||||
|
|
@ -77,8 +97,8 @@ func AddEventParameterAuditable(rec *Record, key string, val Auditable) {
|
|||
rec.EventData.Parameters[key] = val.Auditable()
|
||||
}
|
||||
|
||||
// AddEventParameterAuditableArray adds an array of objects of type Auditable to the event
|
||||
func AddEventParameterAuditableArray[T Auditable](rec *Record, key string, val []T) {
|
||||
// AddEventParameterAuditableArrayToAuditRec adds an array of objects of type Auditable to the event
|
||||
func AddEventParameterAuditableArrayToAuditRec[T Auditable](rec *AuditRecord, key string, val []T) {
|
||||
if rec.EventData.Parameters == nil {
|
||||
rec.EventData.Parameters = make(map[string]any)
|
||||
}
|
||||
|
|
@ -92,32 +112,38 @@ func AddEventParameterAuditableArray[T Auditable](rec *Record, key string, val [
|
|||
}
|
||||
|
||||
// AddEventPriorState adds the prior state of the modified object to the audit record
|
||||
func (rec *Record) AddEventPriorState(object Auditable) {
|
||||
func (rec *AuditRecord) AddEventPriorState(object Auditable) {
|
||||
rec.EventData.PriorState = object.Auditable()
|
||||
}
|
||||
|
||||
// AddEventResultState adds the result state of the modified object to the audit record
|
||||
func (rec *Record) AddEventResultState(object Auditable) {
|
||||
func (rec *AuditRecord) AddEventResultState(object Auditable) {
|
||||
rec.EventData.ResultState = object.Auditable()
|
||||
}
|
||||
|
||||
// AddEventObjectType adds the object type of the modified object to the audit record
|
||||
func (rec *Record) AddEventObjectType(objectType string) {
|
||||
func (rec *AuditRecord) AddEventObjectType(objectType string) {
|
||||
rec.EventData.ObjectType = objectType
|
||||
}
|
||||
|
||||
// AddMeta adds a key/value entry to the audit record that can be used for related information not directly related to
|
||||
// the modified object, e.g. authentication method
|
||||
func (rec *Record) AddMeta(name string, val any) {
|
||||
func (rec *AuditRecord) AddMeta(name string, val any) {
|
||||
rec.Meta[name] = val
|
||||
}
|
||||
|
||||
// AddErrorCode adds the error code for a failed event to the audit record
|
||||
func (rec *Record) AddErrorCode(code int) {
|
||||
func (rec *AuditRecord) AddErrorCode(code int) {
|
||||
rec.Error.Code = code
|
||||
}
|
||||
|
||||
// AddErrorDesc adds the error description for a failed event to the audit record
|
||||
func (rec *Record) AddErrorDesc(description string) {
|
||||
func (rec *AuditRecord) AddErrorDesc(description string) {
|
||||
rec.Error.Description = description
|
||||
}
|
||||
|
||||
// AddAppError adds an AppError to the audit record
|
||||
func (rec *AuditRecord) AddAppError(err *AppError) {
|
||||
rec.AddErrorCode(err.StatusCode)
|
||||
rec.AddErrorDesc(err.Error())
|
||||
}
|
||||
|
|
@ -10,6 +10,7 @@ import (
|
|||
plugin "github.com/hashicorp/go-plugin"
|
||||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
)
|
||||
|
||||
// The API can be used to retrieve data or perform actions on behalf of the plugin. Most methods
|
||||
|
|
@ -1537,6 +1538,18 @@ type API interface {
|
|||
// @tag PropertyValue
|
||||
// Minimum server version: 10.10
|
||||
DeletePropertyValuesForField(groupID, fieldID string) error
|
||||
|
||||
// LogAuditRec logs an audit record using the default audit logger.
|
||||
//
|
||||
// @tag Audit
|
||||
// Minimum server version: 10.10
|
||||
LogAuditRec(rec *model.AuditRecord)
|
||||
|
||||
// LogAuditRecWithLevel logs an audit record with a specific log level.
|
||||
//
|
||||
// @tag Audit
|
||||
// Minimum server version: 10.10
|
||||
LogAuditRecWithLevel(rec *model.AuditRecord, level mlog.Level)
|
||||
}
|
||||
|
||||
var handshake = plugin.HandshakeConfig{
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ import (
|
|||
timePkg "time"
|
||||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
||||
)
|
||||
|
||||
type apiTimerLayer struct {
|
||||
|
|
@ -1644,3 +1645,15 @@ func (api *apiTimerLayer) DeletePropertyValuesForField(groupID, fieldID string)
|
|||
api.recordTime(startTime, "DeletePropertyValuesForField", _returnsA == nil)
|
||||
return _returnsA
|
||||
}
|
||||
|
||||
func (api *apiTimerLayer) LogAuditRec(rec *model.AuditRecord) {
|
||||
startTime := timePkg.Now()
|
||||
api.apiImpl.LogAuditRec(rec)
|
||||
api.recordTime(startTime, "LogAuditRec", true)
|
||||
}
|
||||
|
||||
func (api *apiTimerLayer) LogAuditRecWithLevel(rec *model.AuditRecord, level mlog.Level) {
|
||||
startTime := timePkg.Now()
|
||||
api.apiImpl.LogAuditRecWithLevel(rec, level)
|
||||
api.recordTime(startTime, "LogAuditRecWithLevel", true)
|
||||
}
|
||||
|
|
|
|||
70
server/public/plugin/audit.go
Normal file
70
server/public/plugin/audit.go
Normal file
|
|
@ -0,0 +1,70 @@
|
|||
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
||||
// See LICENSE.txt for license information.
|
||||
|
||||
package plugin
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
|
||||
"github.com/mattermost/mattermost/server/public/model"
|
||||
)
|
||||
|
||||
// MakeAuditRecord creates a new audit record with basic information for plugin use.
|
||||
// This function creates a minimal audit record that can be populated with additional data.
|
||||
// Use this when you don't have access to request context or want to manually populate fields.
|
||||
func MakeAuditRecord(event string, initialStatus string) *model.AuditRecord {
|
||||
return &model.AuditRecord{
|
||||
EventName: event,
|
||||
Status: initialStatus,
|
||||
Meta: make(map[string]any),
|
||||
Actor: model.AuditEventActor{
|
||||
UserId: "",
|
||||
SessionId: "",
|
||||
Client: "",
|
||||
IpAddress: "",
|
||||
XForwardedFor: "",
|
||||
},
|
||||
EventData: model.AuditEventData{
|
||||
Parameters: map[string]any{},
|
||||
PriorState: make(map[string]any),
|
||||
ResultState: make(map[string]any),
|
||||
ObjectType: "",
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// MakeAuditRecordWithContext creates a new audit record populated with plugin context information.
|
||||
// This is the recommended way for plugins to create audit records when they have request context.
|
||||
// The Context should come from plugin hook parameters or HTTP request handlers.
|
||||
func MakeAuditRecordWithContext(event string, initialStatus string, ctx *Context, userId, apiPath string) *model.AuditRecord {
|
||||
rec := MakeAuditRecord(event, initialStatus)
|
||||
rec.AddMeta(model.AuditKeyAPIPath, apiPath)
|
||||
rec.Actor.UserId = userId
|
||||
rec.Actor.SessionId = ctx.SessionId
|
||||
rec.Actor.Client = ctx.UserAgent
|
||||
rec.Actor.IpAddress = ctx.IPAddress
|
||||
return rec
|
||||
}
|
||||
|
||||
func makeAuditRecordGobSafe(record model.AuditRecord) model.AuditRecord {
|
||||
record.EventData.Parameters = makeMapGobSafe(record.EventData.Parameters)
|
||||
record.EventData.PriorState = makeMapGobSafe(record.EventData.PriorState)
|
||||
record.EventData.ResultState = makeMapGobSafe(record.EventData.ResultState)
|
||||
record.Meta = makeMapGobSafe(record.Meta)
|
||||
return record
|
||||
}
|
||||
|
||||
// makeMapGobSafe converts map data to a gob-safe representation via JSON round-trip.
|
||||
// This eliminates problematic types like nil pointers in interfaces that cause gob
|
||||
// encoding to fail when sending audit data over RPC via the plugin API.
|
||||
func makeMapGobSafe(m map[string]any) map[string]any {
|
||||
jsonBytes, err := json.Marshal(m)
|
||||
if err != nil {
|
||||
return map[string]any{"error": "failed to serialize audit data"}
|
||||
}
|
||||
var gobSafe map[string]any
|
||||
if err := json.Unmarshal(jsonBytes, &gobSafe); err != nil {
|
||||
return map[string]any{"error": "failed to deserialize audit data"}
|
||||
}
|
||||
return gobSafe
|
||||
}
|
||||
|
|
@ -882,6 +882,62 @@ func (s *apiRPCServer) LogError(args *Z_LogErrorArgs, returns *Z_LogErrorReturns
|
|||
return nil
|
||||
}
|
||||
|
||||
type Z_LogAuditRecArgs struct {
|
||||
A *model.AuditRecord
|
||||
}
|
||||
|
||||
type Z_LogAuditRecReturns struct {
|
||||
}
|
||||
|
||||
// Custom audit logging methods with gob safety checks
|
||||
func (g *apiRPCClient) LogAuditRec(rec *model.AuditRecord) {
|
||||
gobSafeRec := makeAuditRecordGobSafe(*rec)
|
||||
_args := &Z_LogAuditRecArgs{&gobSafeRec}
|
||||
_returns := &Z_LogAuditRecReturns{}
|
||||
if err := g.client.Call("Plugin.LogAuditRec", _args, _returns); err != nil {
|
||||
log.Printf("RPC call to LogAuditRec API failed: %s", err.Error())
|
||||
}
|
||||
}
|
||||
|
||||
func (s *apiRPCServer) LogAuditRec(args *Z_LogAuditRecArgs, returns *Z_LogAuditRecReturns) error {
|
||||
if hook, ok := s.impl.(interface {
|
||||
LogAuditRec(rec *model.AuditRecord)
|
||||
}); ok {
|
||||
hook.LogAuditRec(args.A)
|
||||
} else {
|
||||
return encodableError(fmt.Errorf("API LogAuditRec called but not implemented"))
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
type Z_LogAuditRecWithLevelArgs struct {
|
||||
A *model.AuditRecord
|
||||
B mlog.Level
|
||||
}
|
||||
|
||||
type Z_LogAuditRecWithLevelReturns struct {
|
||||
}
|
||||
|
||||
func (g *apiRPCClient) LogAuditRecWithLevel(rec *model.AuditRecord, level mlog.Level) {
|
||||
gobSafeRec := makeAuditRecordGobSafe(*rec)
|
||||
_args := &Z_LogAuditRecWithLevelArgs{&gobSafeRec, level}
|
||||
_returns := &Z_LogAuditRecWithLevelReturns{}
|
||||
if err := g.client.Call("Plugin.LogAuditRecWithLevel", _args, _returns); err != nil {
|
||||
log.Printf("RPC call to LogAuditRecWithLevel API failed: %s", err.Error())
|
||||
}
|
||||
}
|
||||
|
||||
func (s *apiRPCServer) LogAuditRecWithLevel(args *Z_LogAuditRecWithLevelArgs, returns *Z_LogAuditRecWithLevelReturns) error {
|
||||
if hook, ok := s.impl.(interface {
|
||||
LogAuditRecWithLevel(rec *model.AuditRecord, level mlog.Level)
|
||||
}); ok {
|
||||
hook.LogAuditRecWithLevel(args.A, args.B)
|
||||
} else {
|
||||
return encodableError(fmt.Errorf("API LogAuditRecWithLevel called but not implemented"))
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
type Z_InstallPluginArgs struct {
|
||||
PluginStreamID uint32
|
||||
B bool
|
||||
|
|
|
|||
|
|
@ -26,6 +26,8 @@ var excludedPluginHooks = []string{
|
|||
"Implemented",
|
||||
"LoadPluginConfiguration",
|
||||
"InstallPlugin",
|
||||
"LogAuditRec",
|
||||
"LogAuditRecWithLevel",
|
||||
"LogDebug",
|
||||
"LogError",
|
||||
"LogInfo",
|
||||
|
|
|
|||
|
|
@ -8,6 +8,8 @@ import (
|
|||
io "io"
|
||||
http "net/http"
|
||||
|
||||
logr "github.com/mattermost/logr/v2"
|
||||
|
||||
mock "github.com/stretchr/testify/mock"
|
||||
|
||||
model "github.com/mattermost/mattermost/server/public/model"
|
||||
|
|
@ -4312,6 +4314,16 @@ func (_m *API) LoadPluginConfiguration(dest interface{}) error {
|
|||
return r0
|
||||
}
|
||||
|
||||
// LogAuditRec provides a mock function with given fields: rec
|
||||
func (_m *API) LogAuditRec(rec *model.AuditRecord) {
|
||||
_m.Called(rec)
|
||||
}
|
||||
|
||||
// LogAuditRecWithLevel provides a mock function with given fields: rec, level
|
||||
func (_m *API) LogAuditRecWithLevel(rec *model.AuditRecord, level logr.Level) {
|
||||
_m.Called(rec, level)
|
||||
}
|
||||
|
||||
// LogDebug provides a mock function with given fields: msg, keyValuePairs
|
||||
func (_m *API) LogDebug(msg string, keyValuePairs ...interface{}) {
|
||||
var _ca []interface{}
|
||||
|
|
|
|||
Loading…
Reference in a new issue