Add new audit log types and update public audit entries configuration
Some checks are pending
CI / release (push) Waiting to run
CI / debug (push) Waiting to run
CI / check-phpunit (push) Waiting to run
CI / check-phpdoc (push) Waiting to run
CI / generate-phpdoc (push) Blocked by required conditions
CI / test (push) Blocked by required conditions
CI / release-documentation (push) Blocked by required conditions
CI / release-artifacts (push) Blocked by required conditions
Some checks are pending
CI / release (push) Waiting to run
CI / debug (push) Waiting to run
CI / check-phpunit (push) Waiting to run
CI / check-phpdoc (push) Waiting to run
CI / generate-phpdoc (push) Blocked by required conditions
CI / test (push) Blocked by required conditions
CI / release-documentation (push) Blocked by required conditions
CI / release-artifacts (push) Blocked by required conditions
This commit is contained in:
parent
13ea53378f
commit
289584a5ba
GPG key ID:
4D8629441B76E4CC
10 changed files with 126 additions and 8 deletions
|
|
@ -32,7 +32,7 @@
|
||||||
self::$configuration->setDefault('server.list_evidence_max_items', 100);
|
self::$configuration->setDefault('server.list_evidence_max_items', 100);
|
||||||
self::$configuration->setDefault('server.list_blacklist_max_items', 100);
|
self::$configuration->setDefault('server.list_blacklist_max_items', 100);
|
||||||
self::$configuration->setDefault('server.public_audit_logs', true);
|
self::$configuration->setDefault('server.public_audit_logs', true);
|
||||||
self::$configuration->setDefault('server.public_audit_entries', array_map(fn($type) => $type->value, AuditLogType::cases()));
|
self::$configuration->setDefault('server.public_audit_entries', array_map(fn($type) => $type->value, AuditLogType::getDefaultPublic()));
|
||||||
self::$configuration->setDefault('server.public_evidence', true);
|
self::$configuration->setDefault('server.public_evidence', true);
|
||||||
self::$configuration->setDefault('server.public_blacklist', true);
|
self::$configuration->setDefault('server.public_blacklist', true);
|
||||||
self::$configuration->setDefault('server.public_entities', true);
|
self::$configuration->setDefault('server.public_entities', true);
|
||||||
|
|
|
||||||
|
|
@ -4,22 +4,43 @@
|
||||||
|
|
||||||
enum AuditLogType : string
|
enum AuditLogType : string
|
||||||
{
|
{
|
||||||
case OTHER = 'OTHER';
|
|
||||||
case OPERATOR_CREATED = 'OPERATOR_CREATED';
|
case OPERATOR_CREATED = 'OPERATOR_CREATED';
|
||||||
case OPERATOR_DELETED = 'OPERATOR_DELETED';
|
case OPERATOR_DELETED = 'OPERATOR_DELETED';
|
||||||
case OPERATOR_DISABLED = 'OPERATOR_DISABLED';
|
case OPERATOR_DISABLED = 'OPERATOR_DISABLED';
|
||||||
case OPERATOR_ENABLED = 'OPERATOR_ENABLED';
|
case OPERATOR_ENABLED = 'OPERATOR_ENABLED';
|
||||||
|
case OPERATOR_PERMISSIONS_CHANGED = 'OPERATOR_MANAGE_BLACKLIST_ENABLED';
|
||||||
|
|
||||||
case ATTACHMENT_UPLOADED = 'ATTACHMENT_UPLOADED';
|
case ATTACHMENT_UPLOADED = 'ATTACHMENT_UPLOADED';
|
||||||
case ATTACHMENT_DELETED = 'ATTACHMENT_DELETED';
|
case ATTACHMENT_DELETED = 'ATTACHMENT_DELETED';
|
||||||
|
|
||||||
case EVIDENCE_CREATED = 'EVIDENCE_CREATED';
|
case EVIDENCE_SUBMITTED = 'EVIDENCE_SUBMITTED';
|
||||||
case EVIDENCE_DELETED = 'EVIDENCE_DELETED';
|
case EVIDENCE_DELETED = 'EVIDENCE_DELETED';
|
||||||
|
|
||||||
case ENTITY_DISCOVERED = 'ENTITY_DISCOVERED';
|
|
||||||
case ENTITY_DELETED = 'ENTITY_DELETED';
|
case ENTITY_DELETED = 'ENTITY_DELETED';
|
||||||
|
case ENTITY_BLACKLISTED = 'ENTITY_BLACKLISTED';
|
||||||
|
case ENTITY_PUSHED = 'ENTITY_PUSHED';
|
||||||
|
|
||||||
case BLACKLIST_RECORD_DELETED = 'BLACKLIST_DELETED';
|
case BLACKLIST_RECORD_DELETED = 'BLACKLIST_DELETED';
|
||||||
case BLACKLIST_LIFTED = 'BLACKLIST_LIFTED';
|
case BLACKLIST_LIFTED = 'BLACKLIST_LIFTED';
|
||||||
case ENTITY_BLACKLISTED = 'ENTITY_BLACKLISTED';
|
|
||||||
|
case OTHER = 'OTHER';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns an array of audit log types that are considered public.
|
||||||
|
* These types can be shared with clients or logged publicly.
|
||||||
|
*
|
||||||
|
* @return AuditLogType[]
|
||||||
|
*/
|
||||||
|
public static function getDefaultPublic(): array
|
||||||
|
{
|
||||||
|
return [
|
||||||
|
self::OPERATOR_CREATED,
|
||||||
|
self::OPERATOR_DELETED,
|
||||||
|
self::ATTACHMENT_UPLOADED,
|
||||||
|
self::ATTACHMENT_DELETED,
|
||||||
|
self::EVIDENCE_SUBMITTED,
|
||||||
|
self::EVIDENCE_DELETED,
|
||||||
|
self::ENTITY_BLACKLISTED,
|
||||||
|
];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
namespace FederationServer\Methods\Entities;
|
namespace FederationServer\Methods\Entities;
|
||||||
|
|
||||||
|
use FederationServer\Classes\Enums\AuditLogType;
|
||||||
|
use FederationServer\Classes\Managers\AuditLogManager;
|
||||||
use FederationServer\Classes\Managers\EntitiesManager;
|
use FederationServer\Classes\Managers\EntitiesManager;
|
||||||
use FederationServer\Classes\RequestHandler;
|
use FederationServer\Classes\RequestHandler;
|
||||||
use FederationServer\Exceptions\DatabaseOperationException;
|
use FederationServer\Exceptions\DatabaseOperationException;
|
||||||
|
|
@ -49,6 +51,12 @@
|
||||||
if(!EntitiesManager::entityExists($id, $domain))
|
if(!EntitiesManager::entityExists($id, $domain))
|
||||||
{
|
{
|
||||||
$entityUuid = EntitiesManager::registerEntity($id, $domain);
|
$entityUuid = EntitiesManager::registerEntity($id, $domain);
|
||||||
|
AuditLogManager::createEntry(AuditLogType::ENTITY_PUSHED, sprintf(
|
||||||
|
'Entity %s registered by %s (%s)',
|
||||||
|
$id,
|
||||||
|
$authenticatedOperator->getName(),
|
||||||
|
$authenticatedOperator->getUuid()
|
||||||
|
), $authenticatedOperator->getUuid(), $entityUuid);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
namespace FederationServer\Methods\Evidence;
|
namespace FederationServer\Methods\Evidence;
|
||||||
|
|
||||||
|
use FederationServer\Classes\Enums\AuditLogType;
|
||||||
|
use FederationServer\Classes\Managers\AuditLogManager;
|
||||||
use FederationServer\Classes\Managers\EvidenceManager;
|
use FederationServer\Classes\Managers\EvidenceManager;
|
||||||
use FederationServer\Classes\RequestHandler;
|
use FederationServer\Classes\RequestHandler;
|
||||||
use FederationServer\Classes\Validate;
|
use FederationServer\Classes\Validate;
|
||||||
|
|
@ -41,6 +43,12 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
EvidenceManager::deleteEvidence($evidenceUuid);
|
EvidenceManager::deleteEvidence($evidenceUuid);
|
||||||
|
AuditLogManager::createEntry(AuditLogType::EVIDENCE_DELETED, sprintf(
|
||||||
|
'Evidence %s deleted by %s (%s)',
|
||||||
|
$evidenceUuid,
|
||||||
|
$authenticatedOperator->getName(),
|
||||||
|
$authenticatedOperator->getUuid()
|
||||||
|
), $authenticatedOperator->getUuid(), $evidenceUuid);
|
||||||
}
|
}
|
||||||
catch(DatabaseOperationException $e)
|
catch(DatabaseOperationException $e)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -46,6 +46,8 @@
|
||||||
{
|
{
|
||||||
throw new RequestException('Confidential evidence access is restricted', 403);
|
throw new RequestException('Confidential evidence access is restricted', 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
self::successResponse($evidenceRecord->toArray());
|
||||||
}
|
}
|
||||||
catch(DatabaseOperationException $e)
|
catch(DatabaseOperationException $e)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
namespace FederationServer\Methods\Evidence;
|
namespace FederationServer\Methods\Evidence;
|
||||||
|
|
||||||
|
use FederationServer\Classes\Enums\AuditLogType;
|
||||||
|
use FederationServer\Classes\Managers\AuditLogManager;
|
||||||
use FederationServer\Classes\Managers\EntitiesManager;
|
use FederationServer\Classes\Managers\EntitiesManager;
|
||||||
use FederationServer\Classes\Managers\EvidenceManager;
|
use FederationServer\Classes\Managers\EvidenceManager;
|
||||||
use FederationServer\Classes\RequestHandler;
|
use FederationServer\Classes\RequestHandler;
|
||||||
|
|
@ -54,12 +56,21 @@
|
||||||
throw new RequestException('Entity does not exist', 404);
|
throw new RequestException('Entity does not exist', 404);
|
||||||
}
|
}
|
||||||
|
|
||||||
self::successResponse(EvidenceManager::addEvidence($entityUuid, $authenticatedOperator->getUuid(), $textContent, $note, $confidential));
|
$evidenceUuid = EvidenceManager::addEvidence($entityUuid, $authenticatedOperator->getUuid(), $textContent, $note, $confidential);
|
||||||
|
AuditLogManager::createEntry(AuditLogType::EVIDENCE_SUBMITTED, sprintf(
|
||||||
|
'Evidence %s created for entity %s by %s (%s)',
|
||||||
|
$evidenceUuid,
|
||||||
|
$entityUuid,
|
||||||
|
$authenticatedOperator->getName(),
|
||||||
|
$authenticatedOperator->getUuid()
|
||||||
|
), $authenticatedOperator->getUuid(), $evidenceUuid);
|
||||||
}
|
}
|
||||||
catch (DatabaseOperationException $e)
|
catch (DatabaseOperationException $e)
|
||||||
{
|
{
|
||||||
throw new RequestException('Failed to create evidence', 500, $e);
|
throw new RequestException('Failed to create evidence', 500, $e);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
self::successResponse($evidenceUuid);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,9 @@
|
||||||
|
|
||||||
namespace FederationServer\Methods\Operators;
|
namespace FederationServer\Methods\Operators;
|
||||||
|
|
||||||
|
use FederationServer\Classes\Enums\AuditLogType;
|
||||||
use FederationServer\Classes\Logger;
|
use FederationServer\Classes\Logger;
|
||||||
|
use FederationServer\Classes\Managers\AuditLogManager;
|
||||||
use FederationServer\Classes\Managers\OperatorManager;
|
use FederationServer\Classes\Managers\OperatorManager;
|
||||||
use FederationServer\Classes\RequestHandler;
|
use FederationServer\Classes\RequestHandler;
|
||||||
use FederationServer\Classes\Validate;
|
use FederationServer\Classes\Validate;
|
||||||
|
|
@ -38,7 +40,21 @@
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
$targetOperator = OperatorManager::getOperator($operatorUuid);
|
||||||
|
if($targetOperator === null)
|
||||||
|
{
|
||||||
|
throw new RequestException('Operator Not Found', 404);
|
||||||
|
}
|
||||||
|
|
||||||
OperatorManager::setManageBlacklist($operatorUuid, $enabled);
|
OperatorManager::setManageBlacklist($operatorUuid, $enabled);
|
||||||
|
AuditLogManager::createEntry(AuditLogType::OPERATOR_PERMISSIONS_CHANGED, sprintf(
|
||||||
|
'Operator %s (%s) %s blacklist management permissions by %s (%s)',
|
||||||
|
$targetOperator->getName(),
|
||||||
|
$targetOperator->getUuid(),
|
||||||
|
$enabled ? 'enabled' : 'disabled',
|
||||||
|
$authenticatedOperator->getName(),
|
||||||
|
$authenticatedOperator->getUuid()
|
||||||
|
), $authenticatedOperator->getUuid());
|
||||||
}
|
}
|
||||||
catch(DatabaseOperationException $e)
|
catch(DatabaseOperationException $e)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,8 @@
|
||||||
|
|
||||||
namespace FederationServer\Methods\Operators;
|
namespace FederationServer\Methods\Operators;
|
||||||
|
|
||||||
use FederationServer\Classes\Logger;
|
use FederationServer\Classes\Enums\AuditLogType;
|
||||||
|
use FederationServer\Classes\Managers\AuditLogManager;
|
||||||
use FederationServer\Classes\Managers\OperatorManager;
|
use FederationServer\Classes\Managers\OperatorManager;
|
||||||
use FederationServer\Classes\RequestHandler;
|
use FederationServer\Classes\RequestHandler;
|
||||||
use FederationServer\Classes\Validate;
|
use FederationServer\Classes\Validate;
|
||||||
|
|
@ -37,7 +38,21 @@
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
$targetOperator = OperatorManager::getOperator($operatorUuid);
|
||||||
|
if($targetOperator === null)
|
||||||
|
{
|
||||||
|
throw new RequestException('Operator Not Found', 404);
|
||||||
|
}
|
||||||
|
|
||||||
OperatorManager::setClient($operatorUuid, $enabled);
|
OperatorManager::setClient($operatorUuid, $enabled);
|
||||||
|
AuditLogManager::createEntry(AuditLogType::OPERATOR_PERMISSIONS_CHANGED, sprintf(
|
||||||
|
'Operator %s (%s) %s client permissions by %s (%s)',
|
||||||
|
$targetOperator->getName(),
|
||||||
|
$targetOperator->getUuid(),
|
||||||
|
$enabled ? 'enabled' : 'disabled',
|
||||||
|
$authenticatedOperator->getName(),
|
||||||
|
$authenticatedOperator->getUuid()
|
||||||
|
), $authenticatedOperator->getUuid());
|
||||||
}
|
}
|
||||||
catch(DatabaseOperationException $e)
|
catch(DatabaseOperationException $e)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,9 @@
|
||||||
|
|
||||||
namespace FederationServer\Methods\Operators;
|
namespace FederationServer\Methods\Operators;
|
||||||
|
|
||||||
|
use FederationServer\Classes\Enums\AuditLogType;
|
||||||
use FederationServer\Classes\Logger;
|
use FederationServer\Classes\Logger;
|
||||||
|
use FederationServer\Classes\Managers\AuditLogManager;
|
||||||
use FederationServer\Classes\Managers\OperatorManager;
|
use FederationServer\Classes\Managers\OperatorManager;
|
||||||
use FederationServer\Classes\RequestHandler;
|
use FederationServer\Classes\RequestHandler;
|
||||||
use FederationServer\Classes\Validate;
|
use FederationServer\Classes\Validate;
|
||||||
|
|
@ -38,7 +40,21 @@
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
$targetOperator = OperatorManager::getOperator($operatorUuid);
|
||||||
|
if($targetOperator === null)
|
||||||
|
{
|
||||||
|
throw new RequestException('Operator Not Found', 404);
|
||||||
|
}
|
||||||
|
|
||||||
OperatorManager::setManageOperators($operatorUuid, $enabled);
|
OperatorManager::setManageOperators($operatorUuid, $enabled);
|
||||||
|
AuditLogManager::createEntry(AuditLogType::OPERATOR_PERMISSIONS_CHANGED, sprintf(
|
||||||
|
'Operator %s (%s) %s operator management permissions by %s (%s)',
|
||||||
|
$targetOperator->getName(),
|
||||||
|
$targetOperator->getUuid(),
|
||||||
|
$enabled ? 'enabled' : 'disabled',
|
||||||
|
$authenticatedOperator->getName(),
|
||||||
|
$authenticatedOperator->getUuid()
|
||||||
|
), $authenticatedOperator->getUuid());
|
||||||
}
|
}
|
||||||
catch(DatabaseOperationException $e)
|
catch(DatabaseOperationException $e)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,8 @@
|
||||||
|
|
||||||
namespace FederationServer\Methods\Operators;
|
namespace FederationServer\Methods\Operators;
|
||||||
|
|
||||||
use FederationServer\Classes\Logger;
|
use FederationServer\Classes\Enums\AuditLogType;
|
||||||
|
use FederationServer\Classes\Managers\AuditLogManager;
|
||||||
use FederationServer\Classes\Managers\OperatorManager;
|
use FederationServer\Classes\Managers\OperatorManager;
|
||||||
use FederationServer\Classes\RequestHandler;
|
use FederationServer\Classes\RequestHandler;
|
||||||
use FederationServer\Exceptions\DatabaseOperationException;
|
use FederationServer\Exceptions\DatabaseOperationException;
|
||||||
|
|
@ -33,7 +34,27 @@
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
if($operatorUuid !== $authenticatedOperator->getUuid())
|
||||||
|
{
|
||||||
|
$existingOperator = OperatorManager::getOperator($operatorUuid);
|
||||||
|
if($existingOperator === null)
|
||||||
|
{
|
||||||
|
throw new RequestException('Operator Not Found', 404);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$existingOperator = $authenticatedOperator;
|
||||||
|
}
|
||||||
|
|
||||||
$newApiKey = OperatorManager::refreshApiKey($operatorUuid);
|
$newApiKey = OperatorManager::refreshApiKey($operatorUuid);
|
||||||
|
AuditLogManager::createEntry(AuditLogType::OPERATOR_PERMISSIONS_CHANGED, sprintf(
|
||||||
|
'Operator %s (%s) refreshed API key by %s (%s)',
|
||||||
|
$existingOperator->getName(),
|
||||||
|
$existingOperator->getUuid(),
|
||||||
|
$authenticatedOperator->getName(),
|
||||||
|
$authenticatedOperator->getUuid()
|
||||||
|
), $authenticatedOperator->getUuid());
|
||||||
}
|
}
|
||||||
catch(DatabaseOperationException $e)
|
catch(DatabaseOperationException $e)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue