From 649578702325cc1e2c39413912351df764b0108a Mon Sep 17 00:00:00 2001 From: noud Date: Wed, 31 Oct 2012 15:34:43 +0100 Subject: [PATCH] Audit log Following events are now being logged: 1. Adding a new user. 2. Deleting a user. --- app/Controller/UsersController.php | 6 ++++-- app/Model/User.php | 12 +++++++++++- .../Model/Behavior/SysLogLogableBehavior.php | 9 ++++++++- 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php index 2009eb355..7c2d247b5 100755 --- a/app/Controller/UsersController.php +++ b/app/Controller/UsersController.php @@ -162,7 +162,6 @@ class UsersController extends AppController { if ($this->request->is('post')) { $this->User->create(); // set invited by - debug($this->request->data['User']); $this->request->data['User']['invited_by'] = $this->Auth->user('id'); if ($this->User->save($this->request->data)) { $this->Session->setFlash(__('The user has been saved')); @@ -276,10 +275,13 @@ class UsersController extends AppController { throw new MethodNotAllowedException(); } $this->User->id = $id; + $user = $this->User->read('email', $id); + $fieldsDescrStr = 'User (' . $id . '): ' . $user['User']['email']; if (!$this->User->exists()) { throw new NotFoundException(__('Invalid user')); } if ($this->User->delete()) { + $this->extraLog("delete", $fieldsDescrStr, ''); // TODO Audit, check: modify User $this->Session->setFlash(__('User deleted')); $this->redirect(array('action' => 'index')); } @@ -426,7 +428,7 @@ class UsersController extends AppController { $description = "User (" . $this->Auth->user('id') . "): " . $this->data['User']['email']; } elseif ($action == 'logout') { $description = "User (" . $this->Auth->user('id') . "): " . $this->Auth->user('email'); - } else { // edit + } elseif ($action == 'edit') { $description = "User (" . $this->User->id . "): " . $this->data['User']['email']; } diff --git a/app/Model/User.php b/app/Model/User.php index 4462ed37c..acdb211d5 100755 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -219,7 +219,17 @@ class User extends AppModel { /** * TODO ACL: 1: be requester to CakePHP ACL system */ - public $actsAs = array('Acl' => array('type' => 'requester', 'enabled' => false)); // TODO ACL, + 'enabled' => false + public $actsAs = array( + 'Acl' => array( // TODO ACL, + 'enabled' => false + 'type' => 'requester', + 'enabled' => false + ), + 'SysLogLogable.SysLogLogable' => array( // TODO Audit, logable + 'userModel' => 'User', + 'userKey' => 'user_id', + 'change' => 'full' + ) + ); /** * TODO ACL: 2: hook User into CakePHP ACL system (so link to aros) diff --git a/app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php b/app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php index 6c9f44318..c79c7cc3d 100644 --- a/app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php +++ b/app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php @@ -102,7 +102,11 @@ class SysLogLogableBehavior extends LogableBehavior { } elseif ($Model->displayField == $Model->primaryKey) { $logData['Log']['title'] = $Model->alias . ' (' . $Model->id . ')'; } elseif (isset($Model->data[$Model->alias][$Model->displayField])) { - $logData['Log']['title'] = $Model->data[$Model->alias][$Model->displayField]; + if (($Model->alias == "User") && ($logData['Log']['action'] != 'edit')) { + $logData['Log']['title'] = 'User (' . $Model->data[$Model->alias][$Model->primaryKey] . '): ' . $Model->data[$Model->alias][$Model->displayField]; + } else { + $logData['Log']['title'] = $Model->data[$Model->alias][$Model->displayField]; + } } else { $logData['Log']['title'] = $Model->field($Model->displayField); } @@ -173,6 +177,9 @@ class SysLogLogableBehavior extends LogableBehavior { if ($this->user && $this->UserModel) { // $Model->data[$Model->alias][$Model->displayField] switch ($Model->alias) { case "User": // TODO Audit, not used here but done in UsersController + if (($logData['Log']['action'] == 'edit') || ($logData['Log']['action'] == 'delete')) { + return; // handle in model itself + } $title = 'User ('. $Model->data[$Model->alias]['id'].') '. $Model->data[$Model->alias]['email']; break; case "Event":