From fd6e2f3f73c1fbdda49e4f32d0e40e8d7230518b Mon Sep 17 00:00:00 2001 From: Joram Wilander Date: Tue, 21 Mar 2017 09:06:08 -0400 Subject: Implement GET /audits endpoint for APIv4 (#5779) * Implement GET /audits endpoint for APIv4 * Fix log unit test --- api4/params.go | 4 ++-- api4/system.go | 17 +++++++++++++++++ api4/system_test.go | 38 +++++++++++++++++++++++++++++++++++++- api4/user.go | 4 ++-- api4/user_test.go | 10 +++++----- 5 files changed, 63 insertions(+), 10 deletions(-) (limited to 'api4') diff --git a/api4/params.go b/api4/params.go index 15f632195..8bb072742 100644 --- a/api4/params.go +++ b/api4/params.go @@ -101,13 +101,13 @@ func ApiParamsFromRequest(r *http.Request) *ApiParams { params.PreferenceName = val } - if val, err := strconv.Atoi(r.URL.Query().Get("page")); err != nil { + if val, err := strconv.Atoi(r.URL.Query().Get("page")); err != nil || val < 0 { params.Page = PAGE_DEFAULT } else { params.Page = val } - if val, err := strconv.Atoi(r.URL.Query().Get("per_page")); err != nil { + if val, err := strconv.Atoi(r.URL.Query().Get("per_page")); err != nil || val < 0 { params.PerPage = PER_PAGE_DEFAULT } else if val > PER_PAGE_MAXIMUM { params.PerPage = PER_PAGE_MAXIMUM diff --git a/api4/system.go b/api4/system.go index 5058b0e2f..972d526da 100644 --- a/api4/system.go +++ b/api4/system.go @@ -19,6 +19,7 @@ func InitSystem() { BaseRoutes.ApiRoot.Handle("/config", ApiSessionRequired(getConfig)).Methods("GET") BaseRoutes.ApiRoot.Handle("/config/reload", ApiSessionRequired(configReload)).Methods("POST") BaseRoutes.ApiRoot.Handle("/config", ApiSessionRequired(updateConfig)).Methods("PUT") + BaseRoutes.ApiRoot.Handle("/audits", ApiSessionRequired(getAudits)).Methods("GET") BaseRoutes.ApiRoot.Handle("/email/test", ApiSessionRequired(testEmail)).Methods("POST") BaseRoutes.ApiRoot.Handle("/database/recycle", ApiSessionRequired(databaseRecycle)).Methods("POST") BaseRoutes.ApiRoot.Handle("/caches/invalidate", ApiSessionRequired(invalidateCaches)).Methods("POST") @@ -96,6 +97,22 @@ func updateConfig(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(cfg.ToJson())) } +func getAudits(c *Context, w http.ResponseWriter, r *http.Request) { + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + + audits, err := app.GetAuditsPage("", c.Params.Page, c.Params.PerPage) + + if err != nil { + c.Err = err + return + } + + w.Write([]byte(audits.ToJson())) +} + func databaseRecycle(c *Context, w http.ResponseWriter, r *http.Request) { if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { diff --git a/api4/system_test.go b/api4/system_test.go index 658bb5881..289a41907 100644 --- a/api4/system_test.go +++ b/api4/system_test.go @@ -127,7 +127,43 @@ func TestUpdateConfig(t *testing.T) { t.Fatal() } } +} + +func TestGetAudits(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + audits, resp := th.SystemAdminClient.GetAudits(0, 100, "") + CheckNoError(t, resp) + + if len(audits) == 0 { + t.Fatal("should not be empty") + } + + audits, resp = th.SystemAdminClient.GetAudits(0, 1, "") + CheckNoError(t, resp) + if len(audits) != 1 { + t.Fatal("should only be 1") + } + + audits, resp = th.SystemAdminClient.GetAudits(1, 1, "") + CheckNoError(t, resp) + + if len(audits) != 1 { + t.Fatal("should only be 1") + } + + _, resp = th.SystemAdminClient.GetAudits(-1, -1, "") + CheckNoError(t, resp) + + _, resp = Client.GetAudits(0, 100, "") + CheckForbiddenStatus(t, resp) + + Client.Logout() + _, resp = Client.GetAudits(0, 100, "") + CheckUnauthorizedStatus(t, resp) } func TestEmailTest(t *testing.T) { @@ -217,7 +253,7 @@ func TestGetLogs(t *testing.T) { logs, resp = th.SystemAdminClient.GetLogs(-1, -1) CheckNoError(t, resp) - if len(logs) != 0 { + if len(logs) == 0 { t.Fatal("should not be empty") } diff --git a/api4/user.go b/api4/user.go index 1668f9c2c..383bb2f59 100644 --- a/api4/user.go +++ b/api4/user.go @@ -44,7 +44,7 @@ func InitUser() { BaseRoutes.User.Handle("/sessions", ApiSessionRequired(getSessions)).Methods("GET") BaseRoutes.User.Handle("/sessions/revoke", ApiSessionRequired(revokeSession)).Methods("POST") - BaseRoutes.User.Handle("/audits", ApiSessionRequired(getAudits)).Methods("GET") + BaseRoutes.User.Handle("/audits", ApiSessionRequired(getUserAudits)).Methods("GET") } func createUser(c *Context, w http.ResponseWriter, r *http.Request) { @@ -720,7 +720,7 @@ func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) { ReturnStatusOK(w) } -func getAudits(c *Context, w http.ResponseWriter, r *http.Request) { +func getUserAudits(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireUserId() if c.Err != nil { return diff --git a/api4/user_test.go b/api4/user_test.go index 4805a1a51..2e1a0adc2 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -1114,13 +1114,13 @@ func TestRevokeSessions(t *testing.T) { } -func TestGetAudits(t *testing.T) { +func TestGetUserAudits(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() Client := th.Client user := th.BasicUser - audits, resp := Client.GetAudits(user.Id, 0, 100, "") + audits, resp := Client.GetUserAudits(user.Id, 0, 100, "") for _, audit := range audits { if audit.UserId != user.Id { t.Fatal("user id does not match audit user id") @@ -1128,14 +1128,14 @@ func TestGetAudits(t *testing.T) { } CheckNoError(t, resp) - _, resp = Client.GetAudits(th.BasicUser2.Id, 0, 100, "") + _, resp = Client.GetUserAudits(th.BasicUser2.Id, 0, 100, "") CheckForbiddenStatus(t, resp) Client.Logout() - _, resp = Client.GetAudits(user.Id, 0, 100, "") + _, resp = Client.GetUserAudits(user.Id, 0, 100, "") CheckUnauthorizedStatus(t, resp) - _, resp = th.SystemAdminClient.GetAudits(user.Id, 0, 100, "") + _, resp = th.SystemAdminClient.GetUserAudits(user.Id, 0, 100, "") CheckNoError(t, resp) } -- cgit v1.2.3-1-g7c22