Allow whitelist of properties to be used instead of a ignore list

robertoschwald · robertoschwald · commit 4eda005f7b71 · 2017-06-07T14:53:25.000+02:00
- Backport from #138 to master for 2.x plugin version
diff --git a/audit-logging/src/main/groovy/grails/plugins/orm/auditable/AuditLogListener.groovy b/audit-logging/src/main/groovy/grails/plugins/orm/auditable/AuditLogListener.groovy
@@ -19,6 +19,7 @@
 package grails.plugins.orm.auditable
 
 import com.fasterxml.jackson.annotation.JsonIgnore
+import grails.compiler.GrailsCompileStatic
 import grails.core.GrailsDomainClass
 import grails.util.GrailsClassUtils
 import groovy.util.logging.Commons
@@ -32,7 +33,6 @@ import org.springframework.context.ApplicationEvent
 import org.springframework.web.context.request.RequestContextHolder
 
 import static grails.plugins.orm.auditable.AuditLogListenerUtil.*
-
 /**
  * Grails interceptor for logging saves, updates, deletes and acting on
  * individual properties changes and delegating calls back to the Domain Class
@@ -86,6 +86,7 @@ class AuditLogListener extends AbstractPersistenceEventListener {
     }
 
     @Override
+    @GrailsCompileStatic
     protected void onPersistenceEvent(AbstractPersistenceEvent event) {
         // GPAUDITLOGGING-64: Even we register AuditLogListeners per datasource, at least up to Grails 2.4.2 events for other datasources
         // get triggered in all other listeners.
@@ -113,6 +114,7 @@ class AuditLogListener extends AbstractPersistenceEventListener {
         }
     }
 
+    @GrailsCompileStatic
     void stamp(AbstractPersistenceEvent event) {
         def entity = event.entityObject
         def actor = getActor()
@@ -127,8 +129,8 @@ class AuditLogListener extends AbstractPersistenceEventListener {
             stampLastUpdatedBy(entity,actor,event)
         }
     }
-    
-    void stampTimestamp(AbstractPersistenceEvent event,def entity){
+
+    void stampTimestamp(AbstractPersistenceEvent event, def entity){
         String dateCreatedProperty = GrailsClassUtils.getStaticPropertyValue(entity.class,'_dateCreatedStampableProperty')
         Class<?> dateCreatedType = GrailsClassUtils.getPropertyType(entity.class,dateCreatedProperty)
         def timestamp = timestampProvider.createTimestamp(dateCreatedType)
@@ -281,6 +283,30 @@ class AuditLogListener extends AbstractPersistenceEventListener {
         return ignore
     }
 
+
+    /**
+     * Get the list of auditable properties.  This is used to override
+     * the default behaviour of auditing all properties except those in the
+     * ignore list.
+     *
+     *   static auditable = [auditableProperties: ['dateCreated','lastUpdated','myField']]
+     *
+     *
+     */
+    List auditableProperties(domain) {
+
+        Map auditableMap = getAuditableMap(domain)
+        if (auditableMap?.containsKey('auditableProperties')) {
+            log.debug "Found auditableProperty list on this entity ${domain.class.name}"
+            def list = auditableMap['auditableProperties']
+            if (list instanceof List) {
+                return list
+            }
+        }
+
+        null
+    }
+
     /**
      * The default properties to mask list is:  ['password']
      * if you want to provide your own mask list, specify in the DomainClass:
@@ -523,14 +549,11 @@ class AuditLogListener extends AbstractPersistenceEventListener {
      * to provide a list of fields for onChange to ignore.
      */
     protected boolean significantChange(domain, Map oldMap, Map newMap) {
+        def auditableProperties = auditableProperties(domain)
         def ignore = ignoreList(domain)
-        ignore?.each { String key ->
-            oldMap.remove(key)
-            newMap.remove(key)
-        }
         boolean changed = false
         oldMap.each { String k, Object v ->
-            if (v != newMap[k]) {
+            if (isPropertyAuditable(k, auditableProperties, ignore) && v != newMap[k]) {
                 changed = true
             }
         }
@@ -571,12 +594,13 @@ class AuditLogListener extends AbstractPersistenceEventListener {
         newMap?.remove('version')
         oldMap?.remove('version')
 
+        List auditableProperties = auditableProperties(domain)
         List ignoreList = ignoreList(domain)
 
         if (newMap && oldMap) {
             log.trace "There are new and old values to log"
             newMap.each { String key, val ->
-                if (key in ignoreList) {
+                if (!isPropertyAuditable(key, auditableProperties, ignoreList)) {
                     return
                 }
                 if (val != oldMap[key]) {
@@ -598,7 +622,7 @@ class AuditLogListener extends AbstractPersistenceEventListener {
         if (newMap && verbose && !AuditLogListenerThreadLocal.auditLogNonVerbose) {
             log.trace "there are new values and logging is verbose ... "
             newMap.each { String key, val ->
-                if (key in ignoreList) {
+                if (!isPropertyAuditable(key, auditableProperties, ignoreList)) {
                     return
                 }
                 def audit = getAuditLogDomainInstance(
@@ -618,7 +642,7 @@ class AuditLogListener extends AbstractPersistenceEventListener {
         if (oldMap && verbose && !AuditLogListenerThreadLocal.auditLogNonVerbose) {
             log.trace "there is only an old map of values available and logging is set to verbose... "
             oldMap.each { String key, val ->
-                if (key in ignoreList) {
+                if (!isPropertyAuditable(key, auditableProperties, ignoreList)) {
                     return
                 }
                 def audit = getAuditLogDomainInstance(
@@ -822,4 +846,24 @@ class AuditLogListener extends AbstractPersistenceEventListener {
             AuditLogListenerThreadLocal.clearAuditLogDisabled()
         }
     }
+
+    /**
+     * Returns a boolean indicating if the given property should be audited or ignored.
+     * If there is an auditableProperties list the property is auditable if it is in that
+     * list.  Otherwise the property is auditable if is is not in the ignoreList.
+     * @param fieldName The field name
+     * @param auditableProperties List of auditable Properties
+     * @param ignoreList The ignoreList
+     * @return true if property is auditable
+     */
+    boolean isPropertyAuditable(def fieldName, List auditableProperties, List ignoreList) {
+        if (auditableProperties) {
+            return fieldName in auditableProperties
+        } else if (ignoreList) {
+            return !(fieldName in ignoreList)
+        }
+
+        true
+    }
+
 }
diff --git a/audit-test/src/integration-test/groovy/test/AuditDeleteSpec.groovy b/audit-test/src/integration-test/groovy/test/AuditDeleteSpec.groovy
@@ -20,14 +20,20 @@ package test
 
 import grails.plugins.orm.auditable.AuditLoggingConfigUtils
 import grails.test.mixin.integration.Integration
-import grails.transaction.*
-import spock.lang.*
+import grails.transaction.Rollback
+import spock.lang.Shared
+import spock.lang.Specification
 
 @Integration
 @Rollback
 class AuditDeleteSpec extends Specification {
 
-  def defaultIgnoreList = ['id'] + AuditLoggingConfigUtils.auditConfig.defaultIgnore?.asImmutable() ?: []
+  @Shared
+  def defaultIgnoreList
+
+  void setup() {
+    defaultIgnoreList = ['id'] + AuditLoggingConfigUtils.auditConfig.defaultIgnore?.asImmutable() ?: []
+  }
 
   void setupData() {
     Author.auditable = true
@@ -187,5 +193,44 @@ class AuditDeleteSpec extends Specification {
     }
   }
 
+  void "Test auditableProperties"() {
+    given:
+    setupData()
+    Author.auditable = [auditableProperties: ['famous', 'age', 'dateCreated']]
+    def author = Author.findByName("Aaron")
+
+    when:
+    author.delete(flush: true, failOnError: true)
+
+    then: "only properties in auditableProperties are logged"
+    def events = AuditTrail.findAllByClassName('test.Author')
+
+    events.size() == 3
+    ['famous', 'age', 'dateCreated'].each { name ->
+      assert events.find {it.propertyName == name}, "${name} was not logged"
+    }
+  }
+
+  void "Test auditableProperties overrides ignore list"() {
+    given:
+    setupData()
+    Author.auditable = [
+      auditableProperties: ['famous', 'age', 'dateCreated'],
+      ignore: ['famous', 'age']
+    ]
+    def author = Author.findByName("Aaron")
+
+    when:
+    author.delete(flush: true, failOnError: true)
+
+    then: "only properties in auditableProperties are logged"
+    def events = AuditTrail.findAllByClassName('test.Author')
+
+    events.size() == 3
+    ['famous', 'age', 'dateCreated'].each { name ->
+      assert events.find {it.propertyName == name}, "${name} was not logged"
+    }
+  }
+
 }
 
diff --git a/audit-test/src/integration-test/groovy/test/AuditInsertSpec.groovy b/audit-test/src/integration-test/groovy/test/AuditInsertSpec.groovy
@@ -20,20 +20,22 @@ package test
 
 import grails.plugins.orm.auditable.AuditLogListener
 import grails.plugins.orm.auditable.AuditLoggingConfigUtils
+import grails.test.mixin.integration.Integration
+import grails.transaction.Rollback
 import org.springframework.util.StringUtils
+import spock.lang.Shared
+import spock.lang.Specification
 import spock.lang.Unroll
 
-import grails.test.mixin.integration.Integration
-import grails.transaction.*
-import spock.lang.*
-
 @Integration
 @Rollback
 class AuditInsertSpec extends Specification {
 
-    def defaultIgnoreList = ['id'] + AuditLoggingConfigUtils.auditConfig.defaultIgnore?.asImmutable() ?: []
+    @Shared
+    def defaultIgnoreList
 
     void setup() {
+        defaultIgnoreList = ['id'] + AuditLoggingConfigUtils.auditConfig.defaultIgnore?.asImmutable() ?: []
         Author.auditable = true
     }
 
@@ -298,4 +300,42 @@ class AuditInsertSpec extends Specification {
         }
     }
 
+    void "Test auditableProperties"() {
+        given:
+        Author.auditable = [auditableProperties: ['name', 'age', 'dateCreated']]
+        def author = new Author(name: "Aaron", age: 50, famous: true, ssn: '123-981-0001')
+
+        when:
+        author.save(flush: true, failOnError: true)
+
+        then: "only properties in auditableProperties are logged"
+        def events = AuditTrail.findAllByClassName('test.Author')
+
+        events.size() == 3
+        ['name', 'age', 'dateCreated'].each { name ->
+            assert events.find {it.propertyName == name}, "${name} was not logged"
+        }
+    }
+
+    void "Test auditableProperties overrides ignore list"() {
+        given:
+        Author.auditable = [
+          auditableProperties: ['name', 'age', 'dateCreated'],
+          ignore: ['name', 'age']
+        ]
+        def author = new Author(name: "Aaron", age: 50, famous: true, ssn: '123-981-0001')
+
+        when:
+        author.save(flush: true, failOnError: true)
+
+        then: "only properties in auditableProperties are logged"
+        def events = AuditTrail.findAllByClassName('test.Author')
+
+        events.size() == 3
+        ['name', 'age', 'dateCreated'].each { name ->
+            assert events.find {it.propertyName == name}, "${name} was not logged"
+        }
+    }
+
+
 }
diff --git a/audit-test/src/integration-test/groovy/test/AuditUpdateSpec.groovy b/audit-test/src/integration-test/groovy/test/AuditUpdateSpec.groovy
@@ -25,6 +25,7 @@ import spock.lang.*
 @Integration
 @Rollback
 class AuditUpdateSpec extends Specification {
+
     void setupData() {
         Author.auditable = true
 
@@ -230,6 +231,53 @@ class AuditUpdateSpec extends Specification {
         first.persistedObjectVersion == author.version - 1
     }
 
+    void "Test auditableProperties"() {
+        given:
+        setupData()
+        Author.auditable = [auditableProperties: ['name', 'famous', 'lastUpdated']]
+        def author = Author.findByName("Aaron")
+
+        when:
+        author.age = 50
+        author.famous = false
+        author.name = 'Bob'
+        author.save(flush: true, failOnError: true)
+
+        then: "only properties in auditableProperties are logged"
+        def events = AuditTrail.findAllByClassName('test.Author')
+
+        events.size() == 3
+
+        ['name', 'famous', 'lastUpdated'].each { name ->
+            assert events.find {it.propertyName == name}, "${name} was not logged"
+        }
+    }
+
+    void "Test auditableProperties overrides ignore list"() {
+        given:
+        setupData()
+        Author.auditable = [
+          auditableProperties: ['name', 'famous', 'lastUpdated'],
+          ignore: ['name', 'famous']
+        ]
+        def author = Author.findByName("Aaron")
+
+        when:
+        author.age = 50
+        author.famous = false
+        author.name = 'Bob'
+        author.save(flush: true, failOnError: true)
+
+        then: "only properties in auditableProperties are logged"
+        def events = AuditTrail.findAllByClassName('test.Author')
+
+        events.size() == 3
+
+        ['name', 'famous', 'lastUpdated'].each { name ->
+            assert events.find {it.propertyName == name}, "${name} was not logged"
+        }
+    }
+
     void "Test handler is called"() {
         given:
         setupData()
