Add logs support for the new default permissions model
This commit is contained in:
Joseph Schorr
parent
aeeacd1d0d
commit
3864fc3e88
5 changed files with 79 additions and 9 deletions
|
|
@ -578,6 +578,26 @@ def get_organization_prototype_permissions(orgname):
|
|||
abort(403)
|
||||
|
||||
|
||||
def log_prototype_action(action_kind, orgname, prototype, **kwargs):
|
||||
username = current_user.db_user().username
|
||||
log_params = {
|
||||
'prototypeid': prototype.uuid,
|
||||
'username': username,
|
||||
'activating_username': prototype.activating_user.username,
|
||||
'role': prototype.role.name
|
||||
}
|
||||
|
||||
for key, value in kwargs.items():
|
||||
log_params[key] = value
|
||||
|
||||
if prototype.delegate_user:
|
||||
log_params['delegate_user'] = prototype.delegate_user.username
|
||||
elif prototype.delegate_team:
|
||||
log_params['delegate_team'] = prototype.delegate_team.name
|
||||
|
||||
log_action(action_kind, orgname, log_params)
|
||||
|
||||
|
||||
@app.route('/api/organization/<orgname>/prototypes', methods=['POST'])
|
||||
@api_login_required
|
||||
def create_organization_prototype_permission(orgname):
|
||||
|
|
@ -609,7 +629,9 @@ def create_organization_prototype_permission(orgname):
|
|||
abort(400)
|
||||
|
||||
role_name = details['role']
|
||||
|
||||
prototype = model.add_prototype_permission(org, role_name, activating_user, delegate_user, delegate_team)
|
||||
log_prototype_action('create_prototype_permission', orgname, prototype)
|
||||
return jsonify(prototype_view(prototype))
|
||||
|
||||
abort(403)
|
||||
|
|
@ -629,6 +651,8 @@ def delete_organization_prototype_permission(orgname, prototypeid):
|
|||
if not prototype:
|
||||
abort(404)
|
||||
|
||||
log_prototype_action('delete_prototype_permission', orgname, prototype)
|
||||
|
||||
return make_response('Deleted', 204)
|
||||
|
||||
abort(403)
|
||||
|
|
@ -644,12 +668,18 @@ def update_organization_prototype_permission(orgname, prototypeid):
|
|||
except model.InvalidOrganizationException:
|
||||
abort(404)
|
||||
|
||||
existing = model.get_prototype_permission(org, prototypeid)
|
||||
if not existing:
|
||||
abort(404)
|
||||
|
||||
details = request.get_json()
|
||||
role_name = details['role']
|
||||
prototype = model.update_prototype_permission(org, prototypeid, role_name)
|
||||
if not prototype:
|
||||
abort(404)
|
||||
|
||||
log_prototype_action('modify_prototype_permission', orgname, prototype, original_role = existing.role.name)
|
||||
|
||||
return jsonify(prototype_view(prototype))
|
||||
|
||||
abort(403)
|
||||
|
|
|
|||
Reference in a new issue