Audit Plugin Capability

- Add a Ticket Audit Log to show all Ticket activities
- Add a User Audit Log to show all actions a User makes in the system:
	- Login
	- Logout
	- Excessive Login Attempts
	- View Ticket (as User or Collaborator)
	- Edit Ticket Field
	- Edit User Profile
	- Create Ticket (through email or front end)
	- Add Collaborator (through email)
	- Post Message (as User or Collaborator)

include/class.auth.php

@@ -677,6 +677,10 @@ function login($user, $bk) {
                 $user->getUserName(), $user->getId(), $_SERVER['REMOTE_ADDR']);
         $ost->logDebug(_S('User login'), $msg);
 
+        // Allow audit and other external interaction
+        $type = array('type' => 'Login', 'data' => array('id' => $user->getId(), 'name' => $user->getName()->name));
+        Signal::send('user.login', $user, $type);
+
         if ($bk->supportsInteractiveAuthentication() && ($acct=$user->getAccount()))
             $acct->cancelResetTokens();
 
@@ -712,6 +716,10 @@ static function signOut($user) {
         $ost->logDebug(_S('User logout'),
             sprintf(_S("%s logged out [%s]" /* Tokens are <username> and <ip> */),
                 $user->getUserName(), $_SERVER['REMOTE_ADDR']));
+
+        // Allow audit and other external interaction
+        $type = array('type' => 'Logout', 'data' => array('id' => $user->getId(), 'name' => $user->getName()->name));
+        Signal::send('user.logout', $user, $type);
     }
 
     protected function getAuthKey($user) {
@@ -950,6 +958,24 @@ function authstrike($credentials) {
                     _S('Attempts').": {$authsession['strikes']}";
             $admin_alert = ($cfg->alertONLoginError() == 1 ? TRUE : FALSE);
             $ost->logError(_S('Excessive login attempts (user)'), $alert, $admin_alert);
+
+            // Allow audit and other external interaction
+            if ($username) {
+              $account = UserAccount::lookupByUsername($username);
+              $id = UserEmailModel::getIdByEmail($username);
+              if ($account)
+                  $user = User::lookup($account->user_id);
+              elseif ($id)
+                $user = User::lookup($id);
+
+              if ($user) {
+                $type = array('type' => 'Login',
+                  'data' => array('id' => $user->getId(), 'name' => $user->getName()->name,
+                                  'msg' => 'Excessive login attempts (' . $authsession['strikes'] . ')'));
+                Signal::send('user.login', $user, $type);
+              }
+            }
+
             return new AccessDenied(__('Access denied'));
         } elseif($authsession['strikes']%3==0) { //Log every third failed login attempt as a warning.
             $alert=_S('Username').": {$username}\n".

include/class.ticket.php

@@ -3048,6 +3048,10 @@ function postMessage($vars, $origin='', $alerts=true) {
             // TODO: Can collaborators add others?
             if ($collabs) {
                 $ticket->logEvent('collab', array('add' => $collabs), $message->user);
+
+                // Allow audit and other external interaction
+                $type = array('type' => 'Collaborator', 'data' => array('name' => $ticket->getNumber(), 'add' => $collabs));
+                Signal::send('object.created', $ticket, $type);
             }
         }
 
@@ -3133,6 +3137,10 @@ function postMessage($vars, $origin='', $alerts=true) {
                 $sentlist[] = $staff->getEmail();
             }
         }
+        // Allow audit and other external interaction
+        $type = array('type' => 'Message', 'uid' => $vars['userId']);
+        Signal::send('object.created', $this, $type);
+
         return $message;
     }
 
@@ -4225,6 +4233,10 @@ static function create($vars, &$errors, $origin, $autorespond=true,
         // Start tracking ticket lifecycle events (created should come first!)
         $ticket->logEvent('created', null, $thisstaff ?: $user);
 
+        // Allow audit and other external interaction
+        $type = array('type' => 'Created');
+        Signal::send('object.created', $ticket, $type);
+
         // Add collaborators (if any)
         if (isset($vars['ccs']) && count($vars['ccs']))
           $ticket->addCollaborators($vars['ccs'], array(), $errors);

include/class.user.php

@@ -586,6 +586,9 @@ function updateInfo($vars, &$errors, $staff=false) {
                 $this->updated = SqlFunction::NOW();
             }
         }
+        // Allow audit and other external interaction
+        $type = array('type' => 'Edited', 'data' => array('id' => $this->getId(), 'name' => $this->getName()->name));
+        Signal::send('object.edited', $this, $type);
 
         return $this->save();
     }

include/client/view.inc.php

@@ -3,6 +3,10 @@
 
 $info=($_POST && $errors)?Format::htmlchars($_POST):array();
 
+// Allow audit and other external interaction
+$type = array('type' => 'Viewed');
+Signal::send('object.view', $ticket, $type);
+
 $dept = $ticket->getDept();
 
 if ($ticket->isClosed() && !$ticket->isReopenable())

include/staff/ticket-view.inc.php

@@ -8,6 +8,10 @@
 //Re-use the post info on error...savekeyboards.org (Why keyboard? -> some people care about objects than users!!)
 $info=($_POST && $errors)?Format::input($_POST):array();
 
+// Allow audit and other external interaction
+$type = array('type' => 'Viewed');
+Signal::send('object.view', $ticket, $type);
+
 //Get the goodies.
 $dept     = $ticket->getDept();  //Dept
 $role     = $ticket->getRole($thisstaff);
@@ -260,6 +264,19 @@ class="icon-group"></i> <?php echo __('Team'); ?></a>
                     <?php
                      }
                   }
+                // Allow extensions to add extra items to this ticket.
+                // $extras should be a array of [url=>, name=>, icon=>]
+                $extras = new ArrayObject();
+                Signal::send('ticket.view.more', $ticket, $extras);
+                foreach ($extras as $li) {
+                    ?><li><a href="#<?php echo $li['url']; ?>"
+                    onclick="javascript:
+                    $.dialog($(this).attr('href').substr(1), 201);
+                    return false"
+                    ><i class="<?php echo $li['icon'] ?: 'icon-cogs'; ?>"></i>
+                    <?php echo $li['name'] ?: (string) $li; ?>
+                    </a></li>
+ <?php           }
                   if ($role->hasPerm(Ticket::PERM_DELETE)) {
                      ?>
                     <li class="danger"><a class="ticket-action" href="#tickets/<?php

include/staff/user-view.inc.php

@@ -70,8 +70,20 @@ class="icon-lock"></i>
                     return false"
                     ><i class="icon-paste"></i>
                     <?php echo __('Manage Forms'); ?></a></li>
-<?php } ?>
-
+<?php }
+                  // Allow extensions to add extra items to this user.
+                  // $extras should be a array of [url=>, name=>, icon=>]
+                  $extras = new ArrayObject();
+                  Signal::send('user.view.more', $user, $extras);
+                  foreach ($extras as $li) {
+                      ?><li><a href="#<?php echo $li['url']; ?>"
+                      onclick="javascript:
+                      $.dialog($(this).attr('href').substr(1), 201);
+                      return false"
+                      ><i class="<?php echo $li['icon'] ?: 'icon-cogs'; ?>"></i>
+                      <?php echo $li['name'] ?: (string) $li; ?>
+                      </a></li>
+                  <?php           } ?>
               </ul>
             </div>
         </td>

tickets.php

@@ -68,6 +68,10 @@
             if ($changes) {
               $user = User::lookup($thisclient->getId());
               $ticket->logEvent('edited', array('fields' => $changes), $user);
+
+              // Allow audit and other external interaction
+              $type = array('type' => 'Edited', 'data' => array('fields' => $changes));
+              Signal::send('object.edited', $ticket, $type);
             }
             $_REQUEST['a'] = null; //Clear edit action - going back to view.
         }