pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add listener to User model to record permission set updates and update user audit log template

Browse Source
This commit is contained in:
leigh-mil 2019-08-08 15:52:23 -04:00
parent b26d8d575c
commit e59e3b959c
3 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
atst/models/user.py
View File

@ -1,11 +1,13 @@
from sqlalchemy import and_, String, ForeignKey, Column, Date, Boolean, Table, TIMESTAMP from sqlalchemy import and_, String, ForeignKey, Column, Date, Boolean, Table, TIMESTAMP
from sqlalchemy.orm import relationship from sqlalchemy.orm import relationship
from sqlalchemy.dialects.postgresql import UUID from sqlalchemy.dialects.postgresql import UUID
from sqlalchemy.event import listen
from atst.models import Base, ApplicationRole, types, mixins from atst.models import Base, ApplicationRole, types, mixins
from atst.models.permissions import Permissions from atst.models.permissions import Permissions
from atst.models.portfolio_invitation import PortfolioInvitation from atst.models.portfolio_invitation import PortfolioInvitation
from atst.models.application_invitation import ApplicationInvitation from atst.models.application_invitation import ApplicationInvitation
from atst.models.mixins.auditable import record_permission_sets_updates
users_permission_sets = Table( users_permission_sets = Table(
@ -118,3 +120,6 @@ class User(
for c in self.__table__.columns for c in self.__table__.columns
if c.name not in ["id"] if c.name not in ["id"]
} }
listen(User.permission_sets, "bulk_replace", record_permission_sets_updates, raw=True)

7
templates/audit_log/events/user.html
View File

@ -1,4 +1,11 @@
{% extends "audit_log/events/_base.html" %} {% extends "audit_log/events/_base.html" %}
{% block content %} {% block content %}
{% if event.changed_state and 'permission_sets' in event.changed_state.keys() %}
{% if event.changed_state['permission_sets'][1] == [] %}
CCPO superuser access removed
{% else %}
CCPO superuser access granted
{% endif %}
{% endif %}
{% endblock %} {% endblock %}

10
tests/domain/test_audit_log.py
View File

@ -5,6 +5,7 @@ from atst.domain.audit_log import AuditLog
from atst.domain.exceptions import UnauthorizedError from atst.domain.exceptions import UnauthorizedError
from atst.domain.permission_sets import PermissionSets from atst.domain.permission_sets import PermissionSets
from atst.domain.portfolios import Portfolios from atst.domain.portfolios import Portfolios
from atst.domain.users import Users
from atst.models.portfolio_role import Status as PortfolioRoleStatus from atst.models.portfolio_role import Status as PortfolioRoleStatus
from tests.factories import ( from tests.factories import (
ApplicationFactory, ApplicationFactory,
@ -117,3 +118,12 @@ def test_get_application_events():
resource_types = [event.resource_type for event in events] resource_types = [event.resource_type for event in events]
assert "portfolio" not in resource_types assert "portfolio" not in resource_types
def test_get_all_includes_ccpo_user_changes():
user = UserFactory.create()
initial_audit_log = AuditLog.get_all_events()
Users.give_ccpo_perms(user)
Users.revoke_ccpo_perms(user)
assert len(AuditLog.get_all_events()) == len(initial_audit_log) + 2