Implement GET /audits endpoint for APIv4 (#5779)

* Implement GET /audits endpoint for APIv4

* Fix log unit test

5 files changed, 63 insertions, 10 deletions

diff --git a/api4/params.go b/api4/params.go
index 15f632195..8bb072742 100644
--- a/api4/params.go
+++ b/api4/params.go
@@ -101,13 +101,13 @@ func ApiParamsFromRequest(r *http.Request) *ApiParams {
 		params.PreferenceName = val
 	}
 
-	if val, err := strconv.Atoi(r.URL.Query().Get("page")); err != nil {
+	if val, err := strconv.Atoi(r.URL.Query().Get("page")); err != nil || val < 0 {
 		params.Page = PAGE_DEFAULT
 	} else {
 		params.Page = val
 	}
 
-	if val, err := strconv.Atoi(r.URL.Query().Get("per_page")); err != nil {
+	if val, err := strconv.Atoi(r.URL.Query().Get("per_page")); err != nil || val < 0 {
 		params.PerPage = PER_PAGE_DEFAULT
 	} else if val > PER_PAGE_MAXIMUM {
 		params.PerPage = PER_PAGE_MAXIMUM
diff --git a/api4/system.go b/api4/system.go
index 5058b0e2f..972d526da 100644
--- a/api4/system.go
+++ b/api4/system.go
@@ -19,6 +19,7 @@ func InitSystem() {
 	BaseRoutes.ApiRoot.Handle("/config", ApiSessionRequired(getConfig)).Methods("GET")
 	BaseRoutes.ApiRoot.Handle("/config/reload", ApiSessionRequired(configReload)).Methods("POST")
 	BaseRoutes.ApiRoot.Handle("/config", ApiSessionRequired(updateConfig)).Methods("PUT")
+	BaseRoutes.ApiRoot.Handle("/audits", ApiSessionRequired(getAudits)).Methods("GET")
 	BaseRoutes.ApiRoot.Handle("/email/test", ApiSessionRequired(testEmail)).Methods("POST")
 	BaseRoutes.ApiRoot.Handle("/database/recycle", ApiSessionRequired(databaseRecycle)).Methods("POST")
 	BaseRoutes.ApiRoot.Handle("/caches/invalidate", ApiSessionRequired(invalidateCaches)).Methods("POST")
@@ -96,6 +97,22 @@ func updateConfig(c *Context, w http.ResponseWriter, r *http.Request) {
 	w.Write([]byte(cfg.ToJson()))
 }
 
+func getAudits(c *Context, w http.ResponseWriter, r *http.Request) {
+	if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
+	audits, err := app.GetAuditsPage("", c.Params.Page, c.Params.PerPage)
+
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	w.Write([]byte(audits.ToJson()))
+}
+
 func databaseRecycle(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
diff --git a/api4/system_test.go b/api4/system_test.go
index 658bb5881..289a41907 100644
--- a/api4/system_test.go
+++ b/api4/system_test.go
@@ -127,7 +127,43 @@ func TestUpdateConfig(t *testing.T) {
 			t.Fatal()
 		}
 	}
+}
+
+func TestGetAudits(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	audits, resp := th.SystemAdminClient.GetAudits(0, 100, "")
+	CheckNoError(t, resp)
+
+	if len(audits) == 0 {
+		t.Fatal("should not be empty")
+	}
+
+	audits, resp = th.SystemAdminClient.GetAudits(0, 1, "")
+	CheckNoError(t, resp)
 
+	if len(audits) != 1 {
+		t.Fatal("should only be 1")
+	}
+
+	audits, resp = th.SystemAdminClient.GetAudits(1, 1, "")
+	CheckNoError(t, resp)
+
+	if len(audits) != 1 {
+		t.Fatal("should only be 1")
+	}
+
+	_, resp = th.SystemAdminClient.GetAudits(-1, -1, "")
+	CheckNoError(t, resp)
+
+	_, resp = Client.GetAudits(0, 100, "")
+	CheckForbiddenStatus(t, resp)
+
+	Client.Logout()
+	_, resp = Client.GetAudits(0, 100, "")
+	CheckUnauthorizedStatus(t, resp)
 }
 
 func TestEmailTest(t *testing.T) {
@@ -217,7 +253,7 @@ func TestGetLogs(t *testing.T) {
 	logs, resp = th.SystemAdminClient.GetLogs(-1, -1)
 	CheckNoError(t, resp)
 
-	if len(logs) != 0 {
+	if len(logs) == 0 {
 		t.Fatal("should not be empty")
 	}
 
diff --git a/api4/user.go b/api4/user.go
index 1668f9c2c..383bb2f59 100644
--- a/api4/user.go
+++ b/api4/user.go
@@ -44,7 +44,7 @@ func InitUser() {
 
 	BaseRoutes.User.Handle("/sessions", ApiSessionRequired(getSessions)).Methods("GET")
 	BaseRoutes.User.Handle("/sessions/revoke", ApiSessionRequired(revokeSession)).Methods("POST")
-	BaseRoutes.User.Handle("/audits", ApiSessionRequired(getAudits)).Methods("GET")
+	BaseRoutes.User.Handle("/audits", ApiSessionRequired(getUserAudits)).Methods("GET")
 }
 
 func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -720,7 +720,7 @@ func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) {
 	ReturnStatusOK(w)
 }
 
-func getAudits(c *Context, w http.ResponseWriter, r *http.Request) {
+func getUserAudits(c *Context, w http.ResponseWriter, r *http.Request) {
 	c.RequireUserId()
 	if c.Err != nil {
 		return
diff --git a/api4/user_test.go b/api4/user_test.go
index 4805a1a51..2e1a0adc2 100644
--- a/api4/user_test.go
+++ b/api4/user_test.go
@@ -1114,13 +1114,13 @@ func TestRevokeSessions(t *testing.T) {
 
 }
 
-func TestGetAudits(t *testing.T) {
+func TestGetUserAudits(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer TearDown()
 	Client := th.Client
 	user := th.BasicUser
 
-	audits, resp := Client.GetAudits(user.Id, 0, 100, "")
+	audits, resp := Client.GetUserAudits(user.Id, 0, 100, "")
 	for _, audit := range audits {
 		if audit.UserId != user.Id {
 			t.Fatal("user id does not match audit user id")
@@ -1128,14 +1128,14 @@ func TestGetAudits(t *testing.T) {
 	}
 	CheckNoError(t, resp)
 
-	_, resp = Client.GetAudits(th.BasicUser2.Id, 0, 100, "")
+	_, resp = Client.GetUserAudits(th.BasicUser2.Id, 0, 100, "")
 	CheckForbiddenStatus(t, resp)
 
 	Client.Logout()
-	_, resp = Client.GetAudits(user.Id, 0, 100, "")
+	_, resp = Client.GetUserAudits(user.Id, 0, 100, "")
 	CheckUnauthorizedStatus(t, resp)
 
-	_, resp = th.SystemAdminClient.GetAudits(user.Id, 0, 100, "")
+	_, resp = th.SystemAdminClient.GetUserAudits(user.Id, 0, 100, "")
 	CheckNoError(t, resp)
 }