Skip to content

Commit 894e644

Browse files
hakasaplhakasapl
authored
Merge pull request #72 from sheldor1510/additional-audit-logs
Additional audit logs
2 parents 611002c + 9b896d4 commit 894e644

File tree

8 files changed

+100
-15
lines changed

8 files changed

+100
-15
lines changed

resources/init.php

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,13 @@
107107
$_SESSION["user_exists"] = $USER->exists();
108108
$_SESSION["is_pi"] = $USER->isPI();
109109

110+
$SQL->addLog(
111+
$OPERATOR->getUID(),
112+
$_SERVER['REMOTE_ADDR'],
113+
"user_login",
114+
$OPERATOR->getUID()
115+
);
116+
110117
if (!$_SESSION["user_exists"]) {
111118
// populate cache
112119
$REDIS->setCache($SSO["user"], "org", $SSO["org"]);

resources/lib/UnityGroup.php

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ public function requestGroup($send_mail = true)
124124
/**
125125
* This method will create the group (this is what is executed when an admin approved the group)
126126
*/
127-
public function approveGroup($send_mail = true)
127+
public function approveGroup($operator = null, $send_mail = true)
128128
{
129129
// check for edge cases...
130130
if ($this->exists()) {
@@ -143,6 +143,15 @@ public function approveGroup($send_mail = true)
143143
// this will silently fail if the request doesn't exist
144144
$this->SQL->removeRequest($this->getOwner()->getUID());
145145

146+
$operator = is_null($operator) ? $this->getOwner()->getUID() : $operator->getUID();
147+
148+
$this->SQL->addLog(
149+
$operator,
150+
$_SERVER['REMOTE_ADDR'],
151+
"approved_group",
152+
$this->getOwner()->getUID()
153+
);
154+
146155
// send email to the newly approved PI
147156
if ($send_mail) {
148157
$this->MAILER->sendMail(
@@ -155,7 +164,7 @@ public function approveGroup($send_mail = true)
155164
/**
156165
* This method is executed when an admin denys the PI group request
157166
*/
158-
public function denyGroup($send_mail = true)
167+
public function denyGroup($operator = null, $send_mail = true)
159168
{
160169
// remove request - this will fail silently if the request doesn't exist
161170
$this->SQL->removeRequest($this->getOwner()->getUID());
@@ -164,6 +173,15 @@ public function denyGroup($send_mail = true)
164173
return;
165174
}
166175

176+
$operator = is_null($operator) ? $this->getOwner()->getUID() : $operator->getUID();
177+
178+
$this->SQL->addLog(
179+
$operator,
180+
$_SERVER['REMOTE_ADDR'],
181+
"denied_group",
182+
$this->getOwner()->getUID()
183+
);
184+
167185
// send email to the requestor
168186
if ($send_mail) {
169187
$this->MAILER->sendMail(

resources/lib/UnitySQL.php

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -118,7 +118,7 @@ public function deleteRequestsByUser($user)
118118
$stmt->execute();
119119
}
120120

121-
public function addNotice($title, $date, $content)
121+
public function addNotice($title, $date, $content, $operator)
122122
{
123123
$stmt = $this->conn->prepare(
124124
"INSERT INTO " . self::TABLE_NOTICES . " (date, title, message) VALUES (:date, :title, :message)"
@@ -128,6 +128,15 @@ public function addNotice($title, $date, $content)
128128
$stmt->bindParam(":message", $content);
129129

130130
$stmt->execute();
131+
132+
$operator = $operator->getUID();
133+
134+
$this->addLog(
135+
$operator,
136+
$_SERVER['REMOTE_ADDR'],
137+
"added_cluster_notice",
138+
$operator
139+
);
131140
}
132141

133142
public function editNotice($id, $title, $date, $content)
@@ -197,7 +206,7 @@ public function getPage($id)
197206
return $stmt->fetchAll()[0];
198207
}
199208

200-
public function editPage($id, $content)
209+
public function editPage($id, $content, $operator)
201210
{
202211
$stmt = $this->conn->prepare(
203212
"UPDATE " . self::TABLE_PAGES . " SET content=:content WHERE page=:id"
@@ -206,6 +215,15 @@ public function editPage($id, $content)
206215
$stmt->bindParam(":content", $content);
207216

208217
$stmt->execute();
218+
219+
$operator = $operator->getUID();
220+
221+
$this->addLog(
222+
$operator,
223+
$_SERVER['REMOTE_ADDR'],
224+
"edited_page",
225+
$operator
226+
);
209227
}
210228

211229
public function addEvent($operator, $action, $entity)

resources/lib/UnityUser.php

Lines changed: 47 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -212,10 +212,18 @@ public function getOrg($ignorecache = false)
212212
*
213213
* @param string $firstname
214214
*/
215-
public function setFirstname($firstname)
215+
public function setFirstname($firstname, $operator = null)
216216
{
217217
$ldap_user = $this->getLDAPUser();
218218
$ldap_user->setAttribute("givenname", $firstname);
219+
$operator = is_null($operator) ? $this->getUID() : $operator->getUID();
220+
221+
$this->SQL->addLog(
222+
$operator,
223+
$_SERVER['REMOTE_ADDR'],
224+
"firstname_changed",
225+
$this->getUID()
226+
);
219227

220228
if (!$ldap_user->write()) {
221229
throw new Exception("Error updating LDAP entry $this->uid");
@@ -256,10 +264,18 @@ public function getFirstname($ignorecache = false)
256264
*
257265
* @param string $lastname
258266
*/
259-
public function setLastname($lastname)
267+
public function setLastname($lastname, $operator = null)
260268
{
261269
$ldap_user = $this->getLDAPUser();
262270
$ldap_user->setAttribute("sn", $lastname);
271+
$operator = is_null($operator) ? $this->getUID() : $operator->getUID();
272+
273+
$this->SQL->addLog(
274+
$operator,
275+
$_SERVER['REMOTE_ADDR'],
276+
"lastname_changed",
277+
$this->getUID()
278+
);
263279

264280
if (!$this->getLDAPUser()->write()) {
265281
throw new Exception("Error updating LDAP entry $this->uid");
@@ -305,10 +321,18 @@ public function getFullname()
305321
*
306322
* @param string $mail
307323
*/
308-
public function setMail($email)
324+
public function setMail($email, $operator = null)
309325
{
310326
$ldap_user = $this->getLDAPUser();
311327
$ldap_user->setAttribute("mail", $email);
328+
$operator = is_null($operator) ? $this->getUID() : $operator->getUID();
329+
330+
$this->SQL->addLog(
331+
$operator,
332+
$_SERVER['REMOTE_ADDR'],
333+
"email_changed",
334+
$this->getUID()
335+
);
312336

313337
if (!$this->getLDAPUser()->write()) {
314338
throw new Exception("Error updating LDAP entry $this->uid");
@@ -420,7 +444,7 @@ public function getSSHKeys($ignorecache = false)
420444
*
421445
* @param string $shell absolute path to shell
422446
*/
423-
public function setLoginShell($shell, $send_mail = true)
447+
public function setLoginShell($shell, $operator = null, $send_mail = true)
424448
{
425449
$ldapUser = $this->getLDAPUser();
426450
if ($ldapUser->exists()) {
@@ -430,6 +454,15 @@ public function setLoginShell($shell, $send_mail = true)
430454
}
431455
}
432456

457+
$operator = is_null($operator) ? $this->getUID() : $operator->getUID();
458+
459+
$this->SQL->addLog(
460+
$operator,
461+
$_SERVER['REMOTE_ADDR'],
462+
"loginshell_changed",
463+
$this->getUID()
464+
);
465+
433466
$this->REDIS->setCache($this->uid, "loginshell", $shell);
434467

435468
if ($send_mail) {
@@ -470,7 +503,7 @@ public function getLoginShell($ignorecache = false)
470503
return null;
471504
}
472505

473-
public function setHomeDir($home)
506+
public function setHomeDir($home, $operator = null)
474507
{
475508
$ldapUser = $this->getLDAPUser();
476509
if ($ldapUser->exists()) {
@@ -479,6 +512,15 @@ public function setHomeDir($home)
479512
throw new Exception("Failed to modify home directory for $this->uid");
480513
}
481514

515+
$operator = is_null($operator) ? $this->getUID() : $operator->getUID();
516+
517+
$this->SQL->addLog(
518+
$operator,
519+
$_SERVER['REMOTE_ADDR'],
520+
"homedir_changed",
521+
$this->getUID()
522+
);
523+
482524
$this->REDIS->setCache($this->uid, "homedir", $home);
483525
}
484526
}

webroot/admin/content.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88

99
if ($_SERVER["REQUEST_METHOD"] == "POST") {
1010
if (!empty($_POST["pageSel"])) {
11-
$SQL->editPage($_POST["pageSel"], $_POST["content"]);
11+
$SQL->editPage($_POST["pageSel"], $_POST["content"], $USER);
1212
}
1313
}
1414

webroot/admin/notices.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
if ($_SERVER["REQUEST_METHOD"] == "POST") {
1010
switch ($_POST["form_type"]) {
1111
case "newNotice":
12-
$SQL->addNotice($_POST["title"], $_POST["date"], $_POST["content"]);
12+
$SQL->addNotice($_POST["title"], $_POST["date"], $_POST["content"], $USER);
1313

1414
break;
1515
case "editNotice":

webroot/admin/pi-mgmt.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,11 +19,11 @@
1919
if ($_POST["action"] == "Approve") {
2020
// approve group
2121
$group = $form_user->getPIGroup();
22-
$group->approveGroup();
22+
$group->approveGroup($OPERATOR);
2323
} elseif ($_POST["action"] == "Deny") {
2424
// deny group
2525
$group = $form_user->getPIGroup();
26-
$group->denyGroup();
26+
$group->denyGroup($OPERATOR);
2727
}
2828

2929
break;

webroot/panel/account.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,9 +58,9 @@
5858
break;
5959
case "loginshell":
6060
if ($_POST["shellSelect"] == "custom") {
61-
$USER->setLoginShell($_POST["shell"]);
61+
$USER->setLoginShell($_POST["shell"], $OPERATOR);
6262
} else {
63-
$USER->setLoginShell($_POST["shellSelect"]);
63+
$USER->setLoginShell($_POST["shellSelect"], $OPERATOR);
6464
}
6565
break;
6666
case "pi_request":

0 commit comments

Comments
 (0)