Skip to content

Audit log #1042

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
May 6, 2024
Merged

Audit log #1042

merged 8 commits into from
May 6, 2024

Conversation

nrozanov
Copy link
Contributor

@nrozanov nrozanov commented Apr 24, 2024
edited by nhoening
Loading

Description

Added AuditLog data model
Started adding new records to it on user creation / deletion / activating etc.
New "Audit Log" buttons on account and user page that lead to audit log page

Look & Feel

New endpoints:

  • GET /accounts/auditlog/<account_id>
  • GET /users/auditlog/<user_id>

How to test

Run flexmeasures db upgrade
Create new user / delete existing one / activate or deactivate some user
Check there are records on audit log page for this user

Further Improvements

Fix bug with user not being able to view himself unless he is an admin.

Related Items

  • I agree to contribute to the project under Apache 2 License.
  • To the best of my knowledge, the proposed patch is not based on code under GPL or other license that is incompatible with FlexMeasures

@nrozanov
Audit log WIP
0350c75 
Signed-off-by: Nikolai Rozanov <nickolay.rozanov@gmail.com>
@nrozanov nrozanov requested a review from nhoening April 24, 2024 20:33
nhoening
nhoening requested changes Apr 25, 2024
View reviewed changes
Copy link
Contributor

@nhoening nhoening left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very elegant work, thanks!
Giving you first feedback, not on all remaining questions, but on issues I found by first review / iteration.

A thought about the table-level access rule implementation:
This approach should be described in auth.policy where we document mostly our auth approach (I give some text snippets I believe would work in the following).

We should make it semi-official that "we don't have a general solution for table-level auth (as we haven't needed a general implementation so far), but there is a nice custom approach to it."

"A class method on the model can be added which returns an AuthModelMixin. That would have an __acl__() function with your rules, which the auth policy will then go on and use. The permission_required_for_context decorator can make sure this AuthModelMixin object is used by the policy via ctx_loader. It can even pass in the context if that is helpful for your logic.

See the AuditLog model class for an example, where we required authorization logic which governs if a subset of a table (e.g. all audit logs that relate to an account) are availabe to the current user."

nrozanov added 2 commits April 28, 2024 23:14
@nrozanov
Post review fixes
ab24cde 
Signed-off-by: Nikolai Rozanov <nickolay.rozanov@gmail.com>
@nrozanov
Merge main
88add73 
Signed-off-by: Nikolai Rozanov <nickolay.rozanov@gmail.com>
nhoening
nhoening requested changes Apr 29, 2024
View reviewed changes
Copy link
Contributor

@nhoening nhoening left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like it a lot. Getting close I believe!

nrozanov added 2 commits April 30, 2024 13:40
@nrozanov
Fixes after review
2b39319 
Signed-off-by: Nikolai Rozanov <nickolay.rozanov@gmail.com>
@nrozanov
Merge main
0dc633c 
Signed-off-by: Nikolai Rozanov <nickolay.rozanov@gmail.com>
nhoening
nhoening requested changes Apr 30, 2024
View reviewed changes
Copy link
Contributor

@nhoening nhoening left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks really good to me, aside from three small things:

  • one thing I find weird about naturalized datetime. Not a deal breaker
  • the missing changelog entry, please add
  • can you link the active username to a mailto link to their email?

@nhoening nhoening changed the title Audit log WIP Audit log Apr 30, 2024
nrozanov added 3 commits May 5, 2024 22:55
@nrozanov
Changelog
f610b71 
Signed-off-by: Nikolai Rozanov <nickolay.rozanov@gmail.com>
@nrozanov
Comment about string date format in naturalized_datetime_str
8fa292c 
Signed-off-by: Nikolai Rozanov <nickolay.rozanov@gmail.com>
@nrozanov
Merge main
0f363f3 
Signed-off-by: Nikolai Rozanov <nickolay.rozanov@gmail.com>
@nhoening nhoening merged commit 7e4ca14 into main May 6, 2024
9 checks passed
@nhoening nhoening deleted the audit-log branch May 6, 2024 14:04
@nhoening nhoening linked an issue May 13, 2024 that may be closed by this pull request
Audit log #208
Closed
@nhoening nhoening added this to the 0.21.0 milestone May 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nhoening nhoening nhoening approved these changes

Assignees

@nrozanov nrozanov

Labels
None yet
Projects
None yet
Milestone
0.21.0
Development

Successfully merging this pull request may close these issues.

Audit log
2 participants
@nrozanov @nhoening