mirror of https://github.com/MISP/MISP
Audit log
Following events are now being logged: 1. Adding a new user. 2. Deleting a user.pull/63/head
parent
1c3ca8909b
commit
6495787023
|
@ -162,7 +162,6 @@ class UsersController extends AppController {
|
|||
if ($this->request->is('post')) {
|
||||
$this->User->create();
|
||||
// set invited by
|
||||
debug($this->request->data['User']);
|
||||
$this->request->data['User']['invited_by'] = $this->Auth->user('id');
|
||||
if ($this->User->save($this->request->data)) {
|
||||
$this->Session->setFlash(__('The user has been saved'));
|
||||
|
@ -276,10 +275,13 @@ class UsersController extends AppController {
|
|||
throw new MethodNotAllowedException();
|
||||
}
|
||||
$this->User->id = $id;
|
||||
$user = $this->User->read('email', $id);
|
||||
$fieldsDescrStr = 'User (' . $id . '): ' . $user['User']['email'];
|
||||
if (!$this->User->exists()) {
|
||||
throw new NotFoundException(__('Invalid user'));
|
||||
}
|
||||
if ($this->User->delete()) {
|
||||
$this->extraLog("delete", $fieldsDescrStr, ''); // TODO Audit, check: modify User
|
||||
$this->Session->setFlash(__('User deleted'));
|
||||
$this->redirect(array('action' => 'index'));
|
||||
}
|
||||
|
@ -426,7 +428,7 @@ class UsersController extends AppController {
|
|||
$description = "User (" . $this->Auth->user('id') . "): " . $this->data['User']['email'];
|
||||
} elseif ($action == 'logout') {
|
||||
$description = "User (" . $this->Auth->user('id') . "): " . $this->Auth->user('email');
|
||||
} else { // edit
|
||||
} elseif ($action == 'edit') {
|
||||
$description = "User (" . $this->User->id . "): " . $this->data['User']['email'];
|
||||
}
|
||||
|
||||
|
|
|
@ -219,7 +219,17 @@ class User extends AppModel {
|
|||
/**
|
||||
* TODO ACL: 1: be requester to CakePHP ACL system
|
||||
*/
|
||||
public $actsAs = array('Acl' => array('type' => 'requester', 'enabled' => false)); // TODO ACL, + 'enabled' => false
|
||||
public $actsAs = array(
|
||||
'Acl' => array( // TODO ACL, + 'enabled' => false
|
||||
'type' => 'requester',
|
||||
'enabled' => false
|
||||
),
|
||||
'SysLogLogable.SysLogLogable' => array( // TODO Audit, logable
|
||||
'userModel' => 'User',
|
||||
'userKey' => 'user_id',
|
||||
'change' => 'full'
|
||||
)
|
||||
);
|
||||
|
||||
/**
|
||||
* TODO ACL: 2: hook User into CakePHP ACL system (so link to aros)
|
||||
|
|
|
@ -102,7 +102,11 @@ class SysLogLogableBehavior extends LogableBehavior {
|
|||
} elseif ($Model->displayField == $Model->primaryKey) {
|
||||
$logData['Log']['title'] = $Model->alias . ' (' . $Model->id . ')';
|
||||
} elseif (isset($Model->data[$Model->alias][$Model->displayField])) {
|
||||
if (($Model->alias == "User") && ($logData['Log']['action'] != 'edit')) {
|
||||
$logData['Log']['title'] = 'User (' . $Model->data[$Model->alias][$Model->primaryKey] . '): ' . $Model->data[$Model->alias][$Model->displayField];
|
||||
} else {
|
||||
$logData['Log']['title'] = $Model->data[$Model->alias][$Model->displayField];
|
||||
}
|
||||
} else {
|
||||
$logData['Log']['title'] = $Model->field($Model->displayField);
|
||||
}
|
||||
|
@ -173,6 +177,9 @@ class SysLogLogableBehavior extends LogableBehavior {
|
|||
if ($this->user && $this->UserModel) { // $Model->data[$Model->alias][$Model->displayField]
|
||||
switch ($Model->alias) {
|
||||
case "User": // TODO Audit, not used here but done in UsersController
|
||||
if (($logData['Log']['action'] == 'edit') || ($logData['Log']['action'] == 'delete')) {
|
||||
return; // handle in model itself
|
||||
}
|
||||
$title = 'User ('. $Model->data[$Model->alias]['id'].') '. $Model->data[$Model->alias]['email'];
|
||||
break;
|
||||
case "Event":
|
||||
|
|
Loading…
Reference in New Issue