Add new audit log types and update public audit entries configuration
Some checks are pending
CI / release (push) Waiting to run
CI / debug (push) Waiting to run
CI / check-phpunit (push) Waiting to run
CI / check-phpdoc (push) Waiting to run
CI / generate-phpdoc (push) Blocked by required conditions
CI / test (push) Blocked by required conditions
CI / release-documentation (push) Blocked by required conditions
CI / release-artifacts (push) Blocked by required conditions
Some checks are pending
CI / release (push) Waiting to run
CI / debug (push) Waiting to run
CI / check-phpunit (push) Waiting to run
CI / check-phpdoc (push) Waiting to run
CI / generate-phpdoc (push) Blocked by required conditions
CI / test (push) Blocked by required conditions
CI / release-documentation (push) Blocked by required conditions
CI / release-artifacts (push) Blocked by required conditions
This commit is contained in:
parent
13ea53378f
commit
289584a5ba
GPG key ID:
4D8629441B76E4CC
10 changed files with 126 additions and 8 deletions
|
|
@ -32,7 +32,7 @@
|
|||
self::$configuration->setDefault('server.list_evidence_max_items', 100);
|
||||
self::$configuration->setDefault('server.list_blacklist_max_items', 100);
|
||||
self::$configuration->setDefault('server.public_audit_logs', true);
|
||||
self::$configuration->setDefault('server.public_audit_entries', array_map(fn($type) => $type->value, AuditLogType::cases()));
|
||||
self::$configuration->setDefault('server.public_audit_entries', array_map(fn($type) => $type->value, AuditLogType::getDefaultPublic()));
|
||||
self::$configuration->setDefault('server.public_evidence', true);
|
||||
self::$configuration->setDefault('server.public_blacklist', true);
|
||||
self::$configuration->setDefault('server.public_entities', true);
|
||||
|
|
|
|||
|
|
@ -4,22 +4,43 @@
|
|||
|
||||
enum AuditLogType : string
|
||||
{
|
||||
case OTHER = 'OTHER';
|
||||
case OPERATOR_CREATED = 'OPERATOR_CREATED';
|
||||
case OPERATOR_DELETED = 'OPERATOR_DELETED';
|
||||
case OPERATOR_DISABLED = 'OPERATOR_DISABLED';
|
||||
case OPERATOR_ENABLED = 'OPERATOR_ENABLED';
|
||||
case OPERATOR_PERMISSIONS_CHANGED = 'OPERATOR_MANAGE_BLACKLIST_ENABLED';
|
||||
|
||||
case ATTACHMENT_UPLOADED = 'ATTACHMENT_UPLOADED';
|
||||
case ATTACHMENT_DELETED = 'ATTACHMENT_DELETED';
|
||||
|
||||
case EVIDENCE_CREATED = 'EVIDENCE_CREATED';
|
||||
case EVIDENCE_SUBMITTED = 'EVIDENCE_SUBMITTED';
|
||||
case EVIDENCE_DELETED = 'EVIDENCE_DELETED';
|
||||
|
||||
case ENTITY_DISCOVERED = 'ENTITY_DISCOVERED';
|
||||
case ENTITY_DELETED = 'ENTITY_DELETED';
|
||||
case ENTITY_BLACKLISTED = 'ENTITY_BLACKLISTED';
|
||||
case ENTITY_PUSHED = 'ENTITY_PUSHED';
|
||||
|
||||
case BLACKLIST_RECORD_DELETED = 'BLACKLIST_DELETED';
|
||||
case BLACKLIST_LIFTED = 'BLACKLIST_LIFTED';
|
||||
case ENTITY_BLACKLISTED = 'ENTITY_BLACKLISTED';
|
||||
|
||||
case OTHER = 'OTHER';
|
||||
|
||||
/**
|
||||
* Returns an array of audit log types that are considered public.
|
||||
* These types can be shared with clients or logged publicly.
|
||||
*
|
||||
* @return AuditLogType[]
|
||||
*/
|
||||
public static function getDefaultPublic(): array
|
||||
{
|
||||
return [
|
||||
self::OPERATOR_CREATED,
|
||||
self::OPERATOR_DELETED,
|
||||
self::ATTACHMENT_UPLOADED,
|
||||
self::ATTACHMENT_DELETED,
|
||||
self::EVIDENCE_SUBMITTED,
|
||||
self::EVIDENCE_DELETED,
|
||||
self::ENTITY_BLACKLISTED,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
namespace FederationServer\Methods\Entities;
|
||||
|
||||
use FederationServer\Classes\Enums\AuditLogType;
|
||||
use FederationServer\Classes\Managers\AuditLogManager;
|
||||
use FederationServer\Classes\Managers\EntitiesManager;
|
||||
use FederationServer\Classes\RequestHandler;
|
||||
use FederationServer\Exceptions\DatabaseOperationException;
|
||||
|
|
@ -49,6 +51,12 @@
|
|||
if(!EntitiesManager::entityExists($id, $domain))
|
||||
{
|
||||
$entityUuid = EntitiesManager::registerEntity($id, $domain);
|
||||
AuditLogManager::createEntry(AuditLogType::ENTITY_PUSHED, sprintf(
|
||||
'Entity %s registered by %s (%s)',
|
||||
$id,
|
||||
$authenticatedOperator->getName(),
|
||||
$authenticatedOperator->getUuid()
|
||||
), $authenticatedOperator->getUuid(), $entityUuid);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
namespace FederationServer\Methods\Evidence;
|
||||
|
||||
use FederationServer\Classes\Enums\AuditLogType;
|
||||
use FederationServer\Classes\Managers\AuditLogManager;
|
||||
use FederationServer\Classes\Managers\EvidenceManager;
|
||||
use FederationServer\Classes\RequestHandler;
|
||||
use FederationServer\Classes\Validate;
|
||||
|
|
@ -41,6 +43,12 @@
|
|||
}
|
||||
|
||||
EvidenceManager::deleteEvidence($evidenceUuid);
|
||||
AuditLogManager::createEntry(AuditLogType::EVIDENCE_DELETED, sprintf(
|
||||
'Evidence %s deleted by %s (%s)',
|
||||
$evidenceUuid,
|
||||
$authenticatedOperator->getName(),
|
||||
$authenticatedOperator->getUuid()
|
||||
), $authenticatedOperator->getUuid(), $evidenceUuid);
|
||||
}
|
||||
catch(DatabaseOperationException $e)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -46,6 +46,8 @@
|
|||
{
|
||||
throw new RequestException('Confidential evidence access is restricted', 403);
|
||||
}
|
||||
|
||||
self::successResponse($evidenceRecord->toArray());
|
||||
}
|
||||
catch(DatabaseOperationException $e)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
namespace FederationServer\Methods\Evidence;
|
||||
|
||||
use FederationServer\Classes\Enums\AuditLogType;
|
||||
use FederationServer\Classes\Managers\AuditLogManager;
|
||||
use FederationServer\Classes\Managers\EntitiesManager;
|
||||
use FederationServer\Classes\Managers\EvidenceManager;
|
||||
use FederationServer\Classes\RequestHandler;
|
||||
|
|
@ -54,12 +56,21 @@
|
|||
throw new RequestException('Entity does not exist', 404);
|
||||
}
|
||||
|
||||
self::successResponse(EvidenceManager::addEvidence($entityUuid, $authenticatedOperator->getUuid(), $textContent, $note, $confidential));
|
||||
$evidenceUuid = EvidenceManager::addEvidence($entityUuid, $authenticatedOperator->getUuid(), $textContent, $note, $confidential);
|
||||
AuditLogManager::createEntry(AuditLogType::EVIDENCE_SUBMITTED, sprintf(
|
||||
'Evidence %s created for entity %s by %s (%s)',
|
||||
$evidenceUuid,
|
||||
$entityUuid,
|
||||
$authenticatedOperator->getName(),
|
||||
$authenticatedOperator->getUuid()
|
||||
), $authenticatedOperator->getUuid(), $evidenceUuid);
|
||||
}
|
||||
catch (DatabaseOperationException $e)
|
||||
{
|
||||
throw new RequestException('Failed to create evidence', 500, $e);
|
||||
}
|
||||
|
||||
self::successResponse($evidenceUuid);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,9 @@
|
|||
|
||||
namespace FederationServer\Methods\Operators;
|
||||
|
||||
use FederationServer\Classes\Enums\AuditLogType;
|
||||
use FederationServer\Classes\Logger;
|
||||
use FederationServer\Classes\Managers\AuditLogManager;
|
||||
use FederationServer\Classes\Managers\OperatorManager;
|
||||
use FederationServer\Classes\RequestHandler;
|
||||
use FederationServer\Classes\Validate;
|
||||
|
|
@ -38,7 +40,21 @@
|
|||
|
||||
try
|
||||
{
|
||||
$targetOperator = OperatorManager::getOperator($operatorUuid);
|
||||
if($targetOperator === null)
|
||||
{
|
||||
throw new RequestException('Operator Not Found', 404);
|
||||
}
|
||||
|
||||
OperatorManager::setManageBlacklist($operatorUuid, $enabled);
|
||||
AuditLogManager::createEntry(AuditLogType::OPERATOR_PERMISSIONS_CHANGED, sprintf(
|
||||
'Operator %s (%s) %s blacklist management permissions by %s (%s)',
|
||||
$targetOperator->getName(),
|
||||
$targetOperator->getUuid(),
|
||||
$enabled ? 'enabled' : 'disabled',
|
||||
$authenticatedOperator->getName(),
|
||||
$authenticatedOperator->getUuid()
|
||||
), $authenticatedOperator->getUuid());
|
||||
}
|
||||
catch(DatabaseOperationException $e)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -2,7 +2,8 @@
|
|||
|
||||
namespace FederationServer\Methods\Operators;
|
||||
|
||||
use FederationServer\Classes\Logger;
|
||||
use FederationServer\Classes\Enums\AuditLogType;
|
||||
use FederationServer\Classes\Managers\AuditLogManager;
|
||||
use FederationServer\Classes\Managers\OperatorManager;
|
||||
use FederationServer\Classes\RequestHandler;
|
||||
use FederationServer\Classes\Validate;
|
||||
|
|
@ -37,7 +38,21 @@
|
|||
|
||||
try
|
||||
{
|
||||
$targetOperator = OperatorManager::getOperator($operatorUuid);
|
||||
if($targetOperator === null)
|
||||
{
|
||||
throw new RequestException('Operator Not Found', 404);
|
||||
}
|
||||
|
||||
OperatorManager::setClient($operatorUuid, $enabled);
|
||||
AuditLogManager::createEntry(AuditLogType::OPERATOR_PERMISSIONS_CHANGED, sprintf(
|
||||
'Operator %s (%s) %s client permissions by %s (%s)',
|
||||
$targetOperator->getName(),
|
||||
$targetOperator->getUuid(),
|
||||
$enabled ? 'enabled' : 'disabled',
|
||||
$authenticatedOperator->getName(),
|
||||
$authenticatedOperator->getUuid()
|
||||
), $authenticatedOperator->getUuid());
|
||||
}
|
||||
catch(DatabaseOperationException $e)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -2,7 +2,9 @@
|
|||
|
||||
namespace FederationServer\Methods\Operators;
|
||||
|
||||
use FederationServer\Classes\Enums\AuditLogType;
|
||||
use FederationServer\Classes\Logger;
|
||||
use FederationServer\Classes\Managers\AuditLogManager;
|
||||
use FederationServer\Classes\Managers\OperatorManager;
|
||||
use FederationServer\Classes\RequestHandler;
|
||||
use FederationServer\Classes\Validate;
|
||||
|
|
@ -38,7 +40,21 @@
|
|||
|
||||
try
|
||||
{
|
||||
$targetOperator = OperatorManager::getOperator($operatorUuid);
|
||||
if($targetOperator === null)
|
||||
{
|
||||
throw new RequestException('Operator Not Found', 404);
|
||||
}
|
||||
|
||||
OperatorManager::setManageOperators($operatorUuid, $enabled);
|
||||
AuditLogManager::createEntry(AuditLogType::OPERATOR_PERMISSIONS_CHANGED, sprintf(
|
||||
'Operator %s (%s) %s operator management permissions by %s (%s)',
|
||||
$targetOperator->getName(),
|
||||
$targetOperator->getUuid(),
|
||||
$enabled ? 'enabled' : 'disabled',
|
||||
$authenticatedOperator->getName(),
|
||||
$authenticatedOperator->getUuid()
|
||||
), $authenticatedOperator->getUuid());
|
||||
}
|
||||
catch(DatabaseOperationException $e)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -2,7 +2,8 @@
|
|||
|
||||
namespace FederationServer\Methods\Operators;
|
||||
|
||||
use FederationServer\Classes\Logger;
|
||||
use FederationServer\Classes\Enums\AuditLogType;
|
||||
use FederationServer\Classes\Managers\AuditLogManager;
|
||||
use FederationServer\Classes\Managers\OperatorManager;
|
||||
use FederationServer\Classes\RequestHandler;
|
||||
use FederationServer\Exceptions\DatabaseOperationException;
|
||||
|
|
@ -33,7 +34,27 @@
|
|||
|
||||
try
|
||||
{
|
||||
if($operatorUuid !== $authenticatedOperator->getUuid())
|
||||
{
|
||||
$existingOperator = OperatorManager::getOperator($operatorUuid);
|
||||
if($existingOperator === null)
|
||||
{
|
||||
throw new RequestException('Operator Not Found', 404);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$existingOperator = $authenticatedOperator;
|
||||
}
|
||||
|
||||
$newApiKey = OperatorManager::refreshApiKey($operatorUuid);
|
||||
AuditLogManager::createEntry(AuditLogType::OPERATOR_PERMISSIONS_CHANGED, sprintf(
|
||||
'Operator %s (%s) refreshed API key by %s (%s)',
|
||||
$existingOperator->getName(),
|
||||
$existingOperator->getUuid(),
|
||||
$authenticatedOperator->getName(),
|
||||
$authenticatedOperator->getUuid()
|
||||
), $authenticatedOperator->getUuid());
|
||||
}
|
||||
catch(DatabaseOperationException $e)
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue