mirror of https://github.com/coder/coder.git
chore: enforce orgid in audit logs where required (#12283)
* chore: enforce orgid in audit logs where required
This commit is contained in:
parent
74b749b890
commit
f44c89d200
|
@ -4,6 +4,7 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"database/sql"
|
"database/sql"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -25,6 +26,9 @@ type RequestParams struct {
|
||||||
Audit Auditor
|
Audit Auditor
|
||||||
Log slog.Logger
|
Log slog.Logger
|
||||||
|
|
||||||
|
// OrganizationID is only provided when possible. If an audit resource extends
|
||||||
|
// beyond the org scope, leave this as the nil uuid.
|
||||||
|
OrganizationID uuid.UUID
|
||||||
Request *http.Request
|
Request *http.Request
|
||||||
Action database.AuditAction
|
Action database.AuditAction
|
||||||
AdditionalFields json.RawMessage
|
AdditionalFields json.RawMessage
|
||||||
|
@ -96,7 +100,7 @@ func ResourceTarget[T Auditable](tgt T) string {
|
||||||
case database.HealthSettings:
|
case database.HealthSettings:
|
||||||
return "" // no target?
|
return "" // no target?
|
||||||
default:
|
default:
|
||||||
panic(fmt.Sprintf("unknown resource %T", tgt))
|
panic(fmt.Sprintf("unknown resource %T for ResourceTarget", tgt))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -129,7 +133,7 @@ func ResourceID[T Auditable](tgt T) uuid.UUID {
|
||||||
// Artificial ID for auditing purposes
|
// Artificial ID for auditing purposes
|
||||||
return typed.ID
|
return typed.ID
|
||||||
default:
|
default:
|
||||||
panic(fmt.Sprintf("unknown resource %T", tgt))
|
panic(fmt.Sprintf("unknown resource %T for ResourceID", tgt))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -160,10 +164,59 @@ func ResourceType[T Auditable](tgt T) database.ResourceType {
|
||||||
case database.HealthSettings:
|
case database.HealthSettings:
|
||||||
return database.ResourceTypeHealthSettings
|
return database.ResourceTypeHealthSettings
|
||||||
default:
|
default:
|
||||||
panic(fmt.Sprintf("unknown resource %T", typed))
|
panic(fmt.Sprintf("unknown resource %T for ResourceType", typed))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ResourceRequiresOrgID will ensure given resources are always audited with an
|
||||||
|
// organization ID.
|
||||||
|
func ResourceRequiresOrgID[T Auditable]() bool {
|
||||||
|
var tgt T
|
||||||
|
switch any(tgt).(type) {
|
||||||
|
case database.Template, database.TemplateVersion:
|
||||||
|
return true
|
||||||
|
case database.Workspace, database.WorkspaceBuild:
|
||||||
|
return true
|
||||||
|
case database.AuditableGroup:
|
||||||
|
return true
|
||||||
|
case database.User:
|
||||||
|
return false
|
||||||
|
case database.GitSSHKey:
|
||||||
|
return false
|
||||||
|
case database.APIKey:
|
||||||
|
return false
|
||||||
|
case database.License:
|
||||||
|
return false
|
||||||
|
case database.WorkspaceProxy:
|
||||||
|
return false
|
||||||
|
case database.AuditOAuthConvertState:
|
||||||
|
// The merge state is for the given user
|
||||||
|
return false
|
||||||
|
case database.HealthSettings:
|
||||||
|
// Artificial ID for auditing purposes
|
||||||
|
return false
|
||||||
|
default:
|
||||||
|
panic(fmt.Sprintf("unknown resource %T for ResourceRequiresOrgID", tgt))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// requireOrgID will either panic (in unit tests) or log an error (in production)
|
||||||
|
// if the given resource requires an organization ID and the provided ID is nil.
|
||||||
|
func requireOrgID[T Auditable](ctx context.Context, id uuid.UUID, log slog.Logger) uuid.UUID {
|
||||||
|
if ResourceRequiresOrgID[T]() && id == uuid.Nil {
|
||||||
|
var tgt T
|
||||||
|
resourceName := fmt.Sprintf("%T", tgt)
|
||||||
|
if flag.Lookup("test.v") != nil {
|
||||||
|
// In unit tests we panic to fail the tests
|
||||||
|
panic(fmt.Sprintf("missing required organization ID for resource %q", resourceName))
|
||||||
|
}
|
||||||
|
log.Error(ctx, "missing required organization ID for resource in audit log",
|
||||||
|
slog.F("resource", resourceName),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
return id
|
||||||
|
}
|
||||||
|
|
||||||
// InitRequest initializes an audit log for a request. It returns a function
|
// InitRequest initializes an audit log for a request. It returns a function
|
||||||
// that should be deferred, causing the audit log to be committed when the
|
// that should be deferred, causing the audit log to be committed when the
|
||||||
// handler returns.
|
// handler returns.
|
||||||
|
@ -243,6 +296,7 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
|
||||||
StatusCode: int32(sw.Status),
|
StatusCode: int32(sw.Status),
|
||||||
RequestID: httpmw.RequestID(p.Request),
|
RequestID: httpmw.RequestID(p.Request),
|
||||||
AdditionalFields: p.AdditionalFields,
|
AdditionalFields: p.AdditionalFields,
|
||||||
|
OrganizationID: requireOrgID[T](logCtx, p.OrganizationID, p.Log),
|
||||||
}
|
}
|
||||||
err := p.Audit.Export(ctx, auditLog)
|
err := p.Audit.Export(ctx, auditLog)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -276,7 +330,7 @@ func BackgroundAudit[T Auditable](ctx context.Context, p *BackgroundAuditParams[
|
||||||
ID: uuid.New(),
|
ID: uuid.New(),
|
||||||
Time: dbtime.Now(),
|
Time: dbtime.Now(),
|
||||||
UserID: p.UserID,
|
UserID: p.UserID,
|
||||||
OrganizationID: p.OrganizationID,
|
OrganizationID: requireOrgID[T](ctx, p.OrganizationID, p.Log),
|
||||||
Ip: ip,
|
Ip: ip,
|
||||||
UserAgent: sql.NullString{},
|
UserAgent: sql.NullString{},
|
||||||
ResourceType: either(p.Old, p.New, ResourceType[T], p.Action),
|
ResourceType: either(p.Old, p.New, ResourceType[T], p.Action),
|
||||||
|
|
|
@ -57,10 +57,11 @@ func (api *API) deleteTemplate(rw http.ResponseWriter, r *http.Request) {
|
||||||
template = httpmw.TemplateParam(r)
|
template = httpmw.TemplateParam(r)
|
||||||
auditor = *api.Auditor.Load()
|
auditor = *api.Auditor.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.Template](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.Template](rw, &audit.RequestParams{
|
||||||
Audit: auditor,
|
Audit: auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionDelete,
|
Action: database.AuditActionDelete,
|
||||||
|
OrganizationID: template.OrganizationID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
@ -123,16 +124,18 @@ func (api *API) postTemplateByOrganization(rw http.ResponseWriter, r *http.Reque
|
||||||
apiKey = httpmw.APIKey(r)
|
apiKey = httpmw.APIKey(r)
|
||||||
auditor = *api.Auditor.Load()
|
auditor = *api.Auditor.Load()
|
||||||
templateAudit, commitTemplateAudit = audit.InitRequest[database.Template](rw, &audit.RequestParams{
|
templateAudit, commitTemplateAudit = audit.InitRequest[database.Template](rw, &audit.RequestParams{
|
||||||
Audit: auditor,
|
Audit: auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionCreate,
|
Action: database.AuditActionCreate,
|
||||||
|
OrganizationID: organization.ID,
|
||||||
})
|
})
|
||||||
templateVersionAudit, commitTemplateVersionAudit = audit.InitRequest[database.TemplateVersion](rw, &audit.RequestParams{
|
templateVersionAudit, commitTemplateVersionAudit = audit.InitRequest[database.TemplateVersion](rw, &audit.RequestParams{
|
||||||
Audit: auditor,
|
Audit: auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionWrite,
|
Action: database.AuditActionWrite,
|
||||||
|
OrganizationID: organization.ID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
defer commitTemplateAudit()
|
defer commitTemplateAudit()
|
||||||
|
@ -542,10 +545,11 @@ func (api *API) patchTemplateMeta(rw http.ResponseWriter, r *http.Request) {
|
||||||
auditor = *api.Auditor.Load()
|
auditor = *api.Auditor.Load()
|
||||||
portSharer = *api.PortSharer.Load()
|
portSharer = *api.PortSharer.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.Template](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.Template](rw, &audit.RequestParams{
|
||||||
Audit: auditor,
|
Audit: auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionWrite,
|
Action: database.AuditActionWrite,
|
||||||
|
OrganizationID: template.OrganizationID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
|
|
@ -1040,10 +1040,11 @@ func (api *API) postArchiveTemplateVersions(rw http.ResponseWriter, r *http.Requ
|
||||||
template = httpmw.TemplateParam(r)
|
template = httpmw.TemplateParam(r)
|
||||||
auditor = *api.Auditor.Load()
|
auditor = *api.Auditor.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.Template](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.Template](rw, &audit.RequestParams{
|
||||||
Audit: auditor,
|
Audit: auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionWrite,
|
Action: database.AuditActionWrite,
|
||||||
|
OrganizationID: template.OrganizationID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
@ -1122,10 +1123,11 @@ func (api *API) setArchiveTemplateVersion(archive bool) func(rw http.ResponseWri
|
||||||
templateVersion = httpmw.TemplateVersionParam(r)
|
templateVersion = httpmw.TemplateVersionParam(r)
|
||||||
auditor = *api.Auditor.Load()
|
auditor = *api.Auditor.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.TemplateVersion](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.TemplateVersion](rw, &audit.RequestParams{
|
||||||
Audit: auditor,
|
Audit: auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionWrite,
|
Action: database.AuditActionWrite,
|
||||||
|
OrganizationID: templateVersion.OrganizationID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
@ -1207,10 +1209,11 @@ func (api *API) patchActiveTemplateVersion(rw http.ResponseWriter, r *http.Reque
|
||||||
template = httpmw.TemplateParam(r)
|
template = httpmw.TemplateParam(r)
|
||||||
auditor = *api.Auditor.Load()
|
auditor = *api.Auditor.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.Template](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.Template](rw, &audit.RequestParams{
|
||||||
Audit: auditor,
|
Audit: auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionWrite,
|
Action: database.AuditActionWrite,
|
||||||
|
OrganizationID: template.OrganizationID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
@ -1310,10 +1313,11 @@ func (api *API) postTemplateVersionsByOrganization(rw http.ResponseWriter, r *ht
|
||||||
organization = httpmw.OrganizationParam(r)
|
organization = httpmw.OrganizationParam(r)
|
||||||
auditor = *api.Auditor.Load()
|
auditor = *api.Auditor.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.TemplateVersion](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.TemplateVersion](rw, &audit.RequestParams{
|
||||||
Audit: auditor,
|
Audit: auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionCreate,
|
Action: database.AuditActionCreate,
|
||||||
|
OrganizationID: organization.ID,
|
||||||
})
|
})
|
||||||
|
|
||||||
req codersdk.CreateTemplateVersionRequest
|
req codersdk.CreateTemplateVersionRequest
|
||||||
|
|
|
@ -345,6 +345,7 @@ func (api *API) postWorkspacesByOrganization(rw http.ResponseWriter, r *http.Req
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionCreate,
|
Action: database.AuditActionCreate,
|
||||||
AdditionalFields: wriBytes,
|
AdditionalFields: wriBytes,
|
||||||
|
OrganizationID: organization.ID,
|
||||||
})
|
})
|
||||||
|
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
@ -644,10 +645,11 @@ func (api *API) patchWorkspace(rw http.ResponseWriter, r *http.Request) {
|
||||||
workspace = httpmw.WorkspaceParam(r)
|
workspace = httpmw.WorkspaceParam(r)
|
||||||
auditor = api.Auditor.Load()
|
auditor = api.Auditor.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
|
||||||
Audit: *auditor,
|
Audit: *auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionWrite,
|
Action: database.AuditActionWrite,
|
||||||
|
OrganizationID: workspace.OrganizationID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
@ -734,10 +736,11 @@ func (api *API) putWorkspaceAutostart(rw http.ResponseWriter, r *http.Request) {
|
||||||
workspace = httpmw.WorkspaceParam(r)
|
workspace = httpmw.WorkspaceParam(r)
|
||||||
auditor = api.Auditor.Load()
|
auditor = api.Auditor.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
|
||||||
Audit: *auditor,
|
Audit: *auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionWrite,
|
Action: database.AuditActionWrite,
|
||||||
|
OrganizationID: workspace.OrganizationID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
@ -808,10 +811,11 @@ func (api *API) putWorkspaceTTL(rw http.ResponseWriter, r *http.Request) {
|
||||||
workspace = httpmw.WorkspaceParam(r)
|
workspace = httpmw.WorkspaceParam(r)
|
||||||
auditor = api.Auditor.Load()
|
auditor = api.Auditor.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
|
||||||
Audit: *auditor,
|
Audit: *auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionWrite,
|
Action: database.AuditActionWrite,
|
||||||
|
OrganizationID: workspace.OrganizationID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
@ -896,10 +900,11 @@ func (api *API) putWorkspaceDormant(rw http.ResponseWriter, r *http.Request) {
|
||||||
oldWorkspace = workspace
|
oldWorkspace = workspace
|
||||||
auditor = api.Auditor.Load()
|
auditor = api.Auditor.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
|
||||||
Audit: *auditor,
|
Audit: *auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionWrite,
|
Action: database.AuditActionWrite,
|
||||||
|
OrganizationID: workspace.OrganizationID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
aReq.Old = oldWorkspace
|
aReq.Old = oldWorkspace
|
||||||
|
@ -1094,10 +1099,11 @@ func (api *API) putFavoriteWorkspace(rw http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
aReq, commitAudit := audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
|
aReq, commitAudit := audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
|
||||||
Audit: *auditor,
|
Audit: *auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionWrite,
|
Action: database.AuditActionWrite,
|
||||||
|
OrganizationID: workspace.OrganizationID,
|
||||||
})
|
})
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
aReq.Old = workspace
|
aReq.Old = workspace
|
||||||
|
@ -1140,10 +1146,11 @@ func (api *API) deleteFavoriteWorkspace(rw http.ResponseWriter, r *http.Request)
|
||||||
}
|
}
|
||||||
|
|
||||||
aReq, commitAudit := audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
|
aReq, commitAudit := audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
|
||||||
Audit: *auditor,
|
Audit: *auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionWrite,
|
Action: database.AuditActionWrite,
|
||||||
|
OrganizationID: workspace.OrganizationID,
|
||||||
})
|
})
|
||||||
|
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
@ -1178,10 +1185,11 @@ func (api *API) putWorkspaceAutoupdates(rw http.ResponseWriter, r *http.Request)
|
||||||
workspace = httpmw.WorkspaceParam(r)
|
workspace = httpmw.WorkspaceParam(r)
|
||||||
auditor = api.Auditor.Load()
|
auditor = api.Auditor.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
|
||||||
Audit: *auditor,
|
Audit: *auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionWrite,
|
Action: database.AuditActionWrite,
|
||||||
|
OrganizationID: workspace.OrganizationID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
|
|
@ -34,10 +34,11 @@ func (api *API) postGroupByOrganization(rw http.ResponseWriter, r *http.Request)
|
||||||
org = httpmw.OrganizationParam(r)
|
org = httpmw.OrganizationParam(r)
|
||||||
auditor = api.AGPL.Auditor.Load()
|
auditor = api.AGPL.Auditor.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.AuditableGroup](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.AuditableGroup](rw, &audit.RequestParams{
|
||||||
Audit: *auditor,
|
Audit: *auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionCreate,
|
Action: database.AuditActionCreate,
|
||||||
|
OrganizationID: org.ID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
@ -97,10 +98,11 @@ func (api *API) patchGroup(rw http.ResponseWriter, r *http.Request) {
|
||||||
group = httpmw.GroupParam(r)
|
group = httpmw.GroupParam(r)
|
||||||
auditor = api.AGPL.Auditor.Load()
|
auditor = api.AGPL.Auditor.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.AuditableGroup](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.AuditableGroup](rw, &audit.RequestParams{
|
||||||
Audit: *auditor,
|
Audit: *auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionWrite,
|
Action: database.AuditActionWrite,
|
||||||
|
OrganizationID: group.OrganizationID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
@ -299,10 +301,11 @@ func (api *API) deleteGroup(rw http.ResponseWriter, r *http.Request) {
|
||||||
group = httpmw.GroupParam(r)
|
group = httpmw.GroupParam(r)
|
||||||
auditor = api.AGPL.Auditor.Load()
|
auditor = api.AGPL.Auditor.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.AuditableGroup](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.AuditableGroup](rw, &audit.RequestParams{
|
||||||
Audit: *auditor,
|
Audit: *auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionDelete,
|
Action: database.AuditActionDelete,
|
||||||
|
OrganizationID: group.OrganizationID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
|
|
@ -161,10 +161,11 @@ func (api *API) patchTemplateACL(rw http.ResponseWriter, r *http.Request) {
|
||||||
template = httpmw.TemplateParam(r)
|
template = httpmw.TemplateParam(r)
|
||||||
auditor = api.AGPL.Auditor.Load()
|
auditor = api.AGPL.Auditor.Load()
|
||||||
aReq, commitAudit = audit.InitRequest[database.Template](rw, &audit.RequestParams{
|
aReq, commitAudit = audit.InitRequest[database.Template](rw, &audit.RequestParams{
|
||||||
Audit: *auditor,
|
Audit: *auditor,
|
||||||
Log: api.Logger,
|
Log: api.Logger,
|
||||||
Request: r,
|
Request: r,
|
||||||
Action: database.AuditActionWrite,
|
Action: database.AuditActionWrite,
|
||||||
|
OrganizationID: template.OrganizationID,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
defer commitAudit()
|
defer commitAudit()
|
||||||
|
|
Loading…
Reference in New Issue