realm: Create RealmAuditLog entry while changing an allowed domain.

This commit also adds 'acting_user' argument for do_change_realm_domain function. Fixes a part of #21268.
2025-11-03 13:33:24 +00:00 · 2022-03-07 19:49:13 +05:30
parent 5ef8da40a9
commit ab5567e8c5
6 changed files with 49 additions and 5 deletions
--- a/zerver/lib/actions.py
+++ b/zerver/lib/actions.py
@@ -8119,9 +8119,28 @@ def do_add_realm_domain(
    return realm_domain


-def do_change_realm_domain(realm_domain: RealmDomain, allow_subdomains: bool) -> None:
+def do_change_realm_domain(
+    realm_domain: RealmDomain, allow_subdomains: bool, *, acting_user: Optional[UserProfile]
+) -> None:
    realm_domain.allow_subdomains = allow_subdomains
    realm_domain.save(update_fields=["allow_subdomains"])
+
+    RealmAuditLog.objects.create(
+        realm=realm_domain.realm,
+        acting_user=acting_user,
+        event_type=RealmAuditLog.REALM_DOMAIN_CHANGED,
+        event_time=timezone_now(),
+        extra_data=orjson.dumps(
+            {
+                "realm_domains": get_realm_domains(realm_domain.realm),
+                "changed_domain": {
+                    "domain": realm_domain.domain,
+                    "allow_subdomains": realm_domain.allow_subdomains,
+                },
+            }
+        ).decode(),
+    )
+
    event = dict(
        type="realm_domains",
        op="change",
--- a/zerver/models.py
+++ b/zerver/models.py
@@ -4063,6 +4063,7 @@ class AbstractRealmAuditLog(models.Model):
    REALM_DEFAULT_USER_SETTINGS_CHANGED = 216
    REALM_ORG_TYPE_CHANGED = 217
    REALM_DOMAIN_ADDED = 218
+    REALM_DOMAIN_CHANGED = 219

    SUBSCRIPTION_CREATED = 301
    SUBSCRIPTION_ACTIVATED = 302
--- a/zerver/tests/test_audit_log.py
+++ b/zerver/tests/test_audit_log.py
@@ -18,6 +18,7 @@ from zerver.lib.actions import (
    do_change_default_sending_stream,
    do_change_icon_source,
    do_change_password,
+    do_change_realm_domain,
    do_change_subscription_property,
    do_change_tos_version,
    do_change_user_delivery_email,
@@ -666,7 +667,7 @@ class TestRealmAuditLog(ZulipTestCase):
        initial_domains = get_realm_domains(user.realm)

        now = timezone_now()
-        do_add_realm_domain(user.realm, "zulip.org", False, acting_user=user)
+        realm_domain = do_add_realm_domain(user.realm, "zulip.org", False, acting_user=user)
        added_domain: Dict[str, Union[str, bool]] = {
            "domain": "zulip.org",
            "allow_subdomains": False,
@@ -685,3 +686,24 @@ class TestRealmAuditLog(ZulipTestCase):
            ).count(),
            1,
        )
+
+        now = timezone_now()
+        do_change_realm_domain(realm_domain, True, acting_user=user)
+        changed_domain: Dict[str, Union[str, bool]] = {
+            "domain": "zulip.org",
+            "allow_subdomains": True,
+        }
+        expected_extra_data = {
+            "realm_domains": initial_domains + [changed_domain],
+            "changed_domain": changed_domain,
+        }
+        self.assertEqual(
+            RealmAuditLog.objects.filter(
+                realm=user.realm,
+                event_type=RealmAuditLog.REALM_DOMAIN_CHANGED,
+                event_time__gte=now,
+                acting_user=user,
+                extra_data=orjson.dumps(expected_extra_data).decode(),
+            ).count(),
+            1,
+        )
--- a/zerver/tests/test_events.py
+++ b/zerver/tests/test_events.py
@@ -1696,7 +1696,9 @@ class NormalActionsTest(BaseAction):
        self.assertEqual(events[0]["realm_domain"]["allow_subdomains"], False)

        test_domain = RealmDomain.objects.get(realm=self.user_profile.realm, domain="zulip.org")
-        events = self.verify_action(lambda: do_change_realm_domain(test_domain, True))
+        events = self.verify_action(
+            lambda: do_change_realm_domain(test_domain, True, acting_user=None)
+        )

        check_realm_domains_change("events[0]", events[0])
        self.assertEqual(events[0]["realm_domain"]["domain"], "zulip.org")
--- a/zerver/tests/test_realm_domains.py
+++ b/zerver/tests/test_realm_domains.py
@@ -143,7 +143,7 @@ class RealmDomainTest(ZulipTestCase):
        with self.assertRaises(DomainNotAllowedForRealmError):
            email_allowed_for_realm("user@test3.test1.com", realm2)

-        do_change_realm_domain(realm_domain, True)
+        do_change_realm_domain(realm_domain, True, acting_user=None)
        email_allowed_for_realm("user@test1.com", realm1)
        email_allowed_for_realm("user@test2.test1.com", realm1)
        with self.assertRaises(DomainNotAllowedForRealmError):
--- a/zerver/views/realm_domains.py
+++ b/zerver/views/realm_domains.py
@@ -50,7 +50,7 @@ def patch_realm_domain(
 ) -> HttpResponse:
    try:
        realm_domain = RealmDomain.objects.get(realm=user_profile.realm, domain=domain)
-        do_change_realm_domain(realm_domain, allow_subdomains)
+        do_change_realm_domain(realm_domain, allow_subdomains, acting_user=user_profile)
    except RealmDomain.DoesNotExist:
        raise JsonableError(_("No entry found for domain {domain}.").format(domain=domain))
    return json_success(request)