From 5bba9b4018f776f72eb99742f5e58bdfae58023d Mon Sep 17 00:00:00 2001 From: Mateusz Mandera Date: Tue, 13 Aug 2024 01:24:26 +0200 Subject: [PATCH] users: Create RealmAuditLog in misc do_change_... functions. We've been meaning to fill this gap and create RealmAuditLog entries in these. --- zerver/actions/users.py | 51 ++++++++++++++++++++++++++++++ zerver/models/realm_audit_logs.py | 1 + zerver/tests/test_users.py | 52 +++++++++++++++++++++++++++++++ 3 files changed, 104 insertions(+) diff --git a/zerver/actions/users.py b/zerver/actions/users.py index 1066fed628..84fae51ddd 100644 --- a/zerver/actions/users.py +++ b/zerver/actions/users.py @@ -536,23 +536,74 @@ def do_change_user_role( @transaction.atomic(savepoint=False) def do_change_is_billing_admin(user_profile: UserProfile, value: bool) -> None: + event_time = timezone_now() + old_value = user_profile.is_billing_admin + user_profile.is_billing_admin = value user_profile.save(update_fields=["is_billing_admin"]) + + RealmAuditLog.objects.create( + realm=user_profile.realm, + event_type=AuditLogEventType.USER_SPECIAL_PERMISSION_CHANGED, + event_time=event_time, + acting_user=None, + modified_user=user_profile, + extra_data={ + RealmAuditLog.OLD_VALUE: old_value, + RealmAuditLog.NEW_VALUE: value, + "property": "is_billing_admin", + }, + ) + event = dict( type="realm_user", op="update", person=dict(user_id=user_profile.id, is_billing_admin=value) ) send_event_on_commit(user_profile.realm, event, get_user_ids_who_can_access_user(user_profile)) +@transaction.atomic(savepoint=False) def do_change_can_forge_sender(user_profile: UserProfile, value: bool) -> None: + event_time = timezone_now() + old_value = user_profile.can_forge_sender + user_profile.can_forge_sender = value user_profile.save(update_fields=["can_forge_sender"]) + RealmAuditLog.objects.create( + realm=user_profile.realm, + event_type=AuditLogEventType.USER_SPECIAL_PERMISSION_CHANGED, + event_time=event_time, + acting_user=None, + modified_user=user_profile, + extra_data={ + RealmAuditLog.OLD_VALUE: old_value, + RealmAuditLog.NEW_VALUE: value, + "property": "can_forge_sender", + }, + ) + +@transaction.atomic(savepoint=False) def do_change_can_create_users(user_profile: UserProfile, value: bool) -> None: + event_time = timezone_now() + old_value = user_profile.can_create_users + user_profile.can_create_users = value user_profile.save(update_fields=["can_create_users"]) + RealmAuditLog.objects.create( + realm=user_profile.realm, + event_type=AuditLogEventType.USER_SPECIAL_PERMISSION_CHANGED, + event_time=event_time, + acting_user=None, + modified_user=user_profile, + extra_data={ + RealmAuditLog.OLD_VALUE: old_value, + RealmAuditLog.NEW_VALUE: value, + "property": "can_create_users", + }, + ) + @transaction.atomic(durable=True) def do_update_outgoing_webhook_service( diff --git a/zerver/models/realm_audit_logs.py b/zerver/models/realm_audit_logs.py index 845f352eb1..f311178f4c 100644 --- a/zerver/models/realm_audit_logs.py +++ b/zerver/models/realm_audit_logs.py @@ -20,6 +20,7 @@ class AuditLogEventType(IntEnum): USER_ROLE_CHANGED = 105 USER_DELETED = 106 USER_DELETED_PRESERVING_MESSAGES = 107 + USER_SPECIAL_PERMISSION_CHANGED = 108 USER_SOFT_ACTIVATED = 120 USER_SOFT_DEACTIVATED = 121 diff --git a/zerver/tests/test_users.py b/zerver/tests/test_users.py index 2371fbce8b..b7bd859c74 100644 --- a/zerver/tests/test_users.py +++ b/zerver/tests/test_users.py @@ -24,6 +24,8 @@ from zerver.actions.user_topics import do_set_user_topic_visibility_policy from zerver.actions.users import ( change_user_is_active, do_change_can_create_users, + do_change_can_forge_sender, + do_change_is_billing_admin, do_change_user_role, do_deactivate_user, do_delete_user, @@ -929,6 +931,56 @@ class PermissionTest(ZulipTestCase): ) self.assert_json_error(result, "Insufficient permission") + def test_do_change_user_special_permissions(self) -> None: + desdemona = self.example_user("desdemona") + do_change_can_forge_sender(desdemona, True) + + last_realm_audit_log = RealmAuditLog.objects.last() + assert last_realm_audit_log is not None + + self.assertEqual( + last_realm_audit_log.event_type, AuditLogEventType.USER_SPECIAL_PERMISSION_CHANGED + ) + self.assertEqual(last_realm_audit_log.modified_user, desdemona) + expected_extra_data = { + "property": "can_forge_sender", + RealmAuditLog.OLD_VALUE: False, + RealmAuditLog.NEW_VALUE: True, + } + self.assertEqual(last_realm_audit_log.extra_data, expected_extra_data) + + do_change_can_create_users(desdemona, True) + + last_realm_audit_log = RealmAuditLog.objects.last() + assert last_realm_audit_log is not None + + self.assertEqual( + last_realm_audit_log.event_type, AuditLogEventType.USER_SPECIAL_PERMISSION_CHANGED + ) + self.assertEqual(last_realm_audit_log.modified_user, desdemona) + expected_extra_data = { + "property": "can_create_users", + RealmAuditLog.OLD_VALUE: False, + RealmAuditLog.NEW_VALUE: True, + } + self.assertEqual(last_realm_audit_log.extra_data, expected_extra_data) + + do_change_is_billing_admin(desdemona, True) + + last_realm_audit_log = RealmAuditLog.objects.last() + assert last_realm_audit_log is not None + + self.assertEqual( + last_realm_audit_log.event_type, AuditLogEventType.USER_SPECIAL_PERMISSION_CHANGED + ) + self.assertEqual(last_realm_audit_log.modified_user, desdemona) + expected_extra_data = { + "property": "is_billing_admin", + RealmAuditLog.OLD_VALUE: False, + RealmAuditLog.NEW_VALUE: True, + } + self.assertEqual(last_realm_audit_log.extra_data, expected_extra_data) + class QueryCountTest(ZulipTestCase): def test_create_user_with_multiple_streams(self) -> None: