UnityHPC · hakasapl · Apr 6, 2023 · Apr 5, 2023 · Apr 6, 2023
diff --git a/resources/init.php b/resources/init.php
@@ -107,6 +107,13 @@
     $_SESSION["user_exists"] = $USER->exists();
     $_SESSION["is_pi"] = $USER->isPI();
 
+    $SQL->addLog(
+        $OPERATOR->getUID(),
+        $_SERVER['REMOTE_ADDR'],
+        "user_login",
+        $OPERATOR->getUID()
+    );
+
     if (!$_SESSION["user_exists"]) {
         // populate cache
         $REDIS->setCache($SSO["user"], "org", $SSO["org"]);

diff --git a/resources/lib/UnityGroup.php b/resources/lib/UnityGroup.php
@@ -124,7 +124,7 @@ public function requestGroup($send_mail = true)
     /**
      * This method will create the group (this is what is executed when an admin approved the group)
      */
-    public function approveGroup($send_mail = true)
+    public function approveGroup($operator = null, $send_mail = true)
     {
         // check for edge cases...
         if ($this->exists()) {
@@ -143,6 +143,15 @@ public function approveGroup($send_mail = true)
         // this will silently fail if the request doesn't exist
         $this->SQL->removeRequest($this->getOwner()->getUID());
 
+        $operator = is_null($operator) ? $this->getOwner()->getUID() : $operator->getUID();
+
+        $this->SQL->addLog(
+            $operator,
+            $_SERVER['REMOTE_ADDR'],
+            "approved_group",
+            $this->getOwner()->getUID()
+        );
+
         // send email to the newly approved PI
         if ($send_mail) {
             $this->MAILER->sendMail(
@@ -155,7 +164,7 @@ public function approveGroup($send_mail = true)
     /**
      * This method is executed when an admin denys the PI group request
      */
-    public function denyGroup($send_mail = true)
+    public function denyGroup($operator = null, $send_mail = true)
     {
         // remove request - this will fail silently if the request doesn't exist
         $this->SQL->removeRequest($this->getOwner()->getUID());
@@ -164,6 +173,15 @@ public function denyGroup($send_mail = true)
             return;
         }
 
+        $operator = is_null($operator) ? $this->getOwner()->getUID() : $operator->getUID();
+
+        $this->SQL->addLog(
+            $operator,
+            $_SERVER['REMOTE_ADDR'],
+            "denied_group",
+            $this->getOwner()->getUID()
+        );
+
         // send email to the requestor
         if ($send_mail) {
             $this->MAILER->sendMail(

diff --git a/resources/lib/UnitySQL.php b/resources/lib/UnitySQL.php
@@ -118,7 +118,7 @@ public function deleteRequestsByUser($user)
         $stmt->execute();
     }
 
-    public function addNotice($title, $date, $content)
+    public function addNotice($title, $date, $content, $operator)
     {
         $stmt = $this->conn->prepare(
             "INSERT INTO " . self::TABLE_NOTICES . " (date, title, message) VALUES (:date, :title, :message)"
@@ -128,6 +128,15 @@ public function addNotice($title, $date, $content)
         $stmt->bindParam(":message", $content);
 
         $stmt->execute();
+
+        $operator = $operator->getUID();
+
+        $this->addLog(
+            $operator,
+            $_SERVER['REMOTE_ADDR'],
+            "added_cluster_notice",
+            $operator
+        );
     }
 
     public function editNotice($id, $title, $date, $content)
@@ -197,7 +206,7 @@ public function getPage($id)
         return $stmt->fetchAll()[0];
     }
 
-    public function editPage($id, $content)
+    public function editPage($id, $content, $operator)
     {
         $stmt = $this->conn->prepare(
             "UPDATE " . self::TABLE_PAGES . " SET content=:content WHERE page=:id"
@@ -206,6 +215,15 @@ public function editPage($id, $content)
         $stmt->bindParam(":content", $content);
 
         $stmt->execute();
+
+        $operator = $operator->getUID();
+
+        $this->addLog(
+            $operator,
+            $_SERVER['REMOTE_ADDR'],
+            "edited_page",
+            $operator
+        );
     }
 
     public function addEvent($operator, $action, $entity)

diff --git a/resources/lib/UnityUser.php b/resources/lib/UnityUser.php
@@ -212,10 +212,18 @@ public function getOrg($ignorecache = false)
      *
      * @param string $firstname
      */
-    public function setFirstname($firstname)
+    public function setFirstname($firstname, $operator = null)
     {
         $ldap_user = $this->getLDAPUser();
         $ldap_user->setAttribute("givenname", $firstname);
+        $operator = is_null($operator) ? $this->getUID() : $operator->getUID();
+
+        $this->SQL->addLog(
+            $operator,
+            $_SERVER['REMOTE_ADDR'],
+            "firstname_changed",
+            $this->getUID()
+        );
 
         if (!$ldap_user->write()) {
             throw new Exception("Error updating LDAP entry $this->uid");
@@ -256,10 +264,18 @@ public function getFirstname($ignorecache = false)
      *
      * @param string $lastname
      */
-    public function setLastname($lastname)
+    public function setLastname($lastname, $operator = null)
     {
         $ldap_user = $this->getLDAPUser();
         $ldap_user->setAttribute("sn", $lastname);
+        $operator = is_null($operator) ? $this->getUID() : $operator->getUID();
+
+        $this->SQL->addLog(
+            $operator,
+            $_SERVER['REMOTE_ADDR'],
+            "lastname_changed",
+            $this->getUID()
+        );
 
         if (!$this->getLDAPUser()->write()) {
             throw new Exception("Error updating LDAP entry $this->uid");
@@ -305,10 +321,18 @@ public function getFullname()
      *
      * @param string $mail
      */
-    public function setMail($email)
+    public function setMail($email, $operator = null)
     {
         $ldap_user = $this->getLDAPUser();
         $ldap_user->setAttribute("mail", $email);
+        $operator = is_null($operator) ? $this->getUID() : $operator->getUID();
+
+        $this->SQL->addLog(
+            $operator,
+            $_SERVER['REMOTE_ADDR'],
+            "email_changed",
+            $this->getUID()
+        );
 
         if (!$this->getLDAPUser()->write()) {
             throw new Exception("Error updating LDAP entry $this->uid");
@@ -420,7 +444,7 @@ public function getSSHKeys($ignorecache = false)
      *
      * @param string $shell absolute path to shell
      */
-    public function setLoginShell($shell, $send_mail = true)
+    public function setLoginShell($shell, $operator = null, $send_mail = true)
     {
         $ldapUser = $this->getLDAPUser();
         if ($ldapUser->exists()) {
@@ -430,6 +454,15 @@ public function setLoginShell($shell, $send_mail = true)
             }
         }
 
+        $operator = is_null($operator) ? $this->getUID() : $operator->getUID();
+
+        $this->SQL->addLog(
+            $operator,
+            $_SERVER['REMOTE_ADDR'],
+            "loginshell_changed",
+            $this->getUID()
+        );
+
         $this->REDIS->setCache($this->uid, "loginshell", $shell);
 
         if ($send_mail) {
@@ -470,7 +503,7 @@ public function getLoginShell($ignorecache = false)
         return null;
     }
 
-    public function setHomeDir($home)
+    public function setHomeDir($home, $operator = null)
     {
         $ldapUser = $this->getLDAPUser();
         if ($ldapUser->exists()) {
@@ -479,6 +512,15 @@ public function setHomeDir($home)
                 throw new Exception("Failed to modify home directory for $this->uid");
             }
 
+            $operator = is_null($operator) ? $this->getUID() : $operator->getUID();
+
+            $this->SQL->addLog(
+                $operator,
+                $_SERVER['REMOTE_ADDR'],
+                "homedir_changed",
+                $this->getUID()
+            );
+
             $this->REDIS->setCache($this->uid, "homedir", $home);
         }
     }

diff --git a/webroot/admin/content.php b/webroot/admin/content.php
@@ -8,7 +8,7 @@
 
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
     if (!empty($_POST["pageSel"])) {
-        $SQL->editPage($_POST["pageSel"], $_POST["content"]);
+        $SQL->editPage($_POST["pageSel"], $_POST["content"], $USER);
     }
 }
 

diff --git a/webroot/admin/notices.php b/webroot/admin/notices.php
@@ -9,7 +9,7 @@
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
     switch ($_POST["form_type"]) {
         case "newNotice":
-            $SQL->addNotice($_POST["title"], $_POST["date"], $_POST["content"]);
+            $SQL->addNotice($_POST["title"], $_POST["date"], $_POST["content"], $USER);
 
             break;
         case "editNotice":

diff --git a/webroot/admin/pi-mgmt.php b/webroot/admin/pi-mgmt.php
@@ -19,11 +19,11 @@
             if ($_POST["action"] == "Approve") {
                 // approve group
                 $group = $form_user->getPIGroup();
-                $group->approveGroup();
+                $group->approveGroup($OPERATOR);
             } elseif ($_POST["action"] == "Deny") {
                 // deny group
                 $group = $form_user->getPIGroup();
-                $group->denyGroup();
+                $group->denyGroup($OPERATOR);
             }
 
             break;

diff --git a/webroot/panel/account.php b/webroot/panel/account.php
@@ -58,9 +58,9 @@
             break;
         case "loginshell":
             if ($_POST["shellSelect"] == "custom") {
-                $USER->setLoginShell($_POST["shell"]);
+                $USER->setLoginShell($_POST["shell"], $OPERATOR);
             } else {
-                $USER->setLoginShell($_POST["shellSelect"]);
+                $USER->setLoginShell($_POST["shellSelect"], $OPERATOR);
             }
             break;
         case "pi_request":