diff --git a/app/services/users/unban_service.rb b/app/services/users/unban_service.rb index 753a02fa752209c90ce6d7c987457271f4a270d3..2019f7e82e16b302c3cf4188fde1014b8138030e 100644 --- a/app/services/users/unban_service.rb +++ b/app/services/users/unban_service.rb @@ -17,3 +17,5 @@ def action end end end + +Users::UnbanService.prepend_mod_with('Users::UnbanService') diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md index 9d51be5ebf4619bb11bfa141cc89123b2c2fc96d..a600a4d750132179a609d6118a9d13cd77f6bb4c 100644 --- a/doc/administration/audit_events.md +++ b/doc/administration/audit_events.md @@ -357,6 +357,8 @@ The following user actions on a GitLab instance generate instance audit events: - Enabled Admin Mode. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/362101) in GitLab 15.7. - All [group events](#group-events) and [project events](#project-events). - User was unblocked using the Admin Area or API. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/115727) in GitLab 15.11. +- User was banned using the Admin Area or API. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116103) in GitLab 15.11. +- User was unbanned using the Admin Area or API. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116221) in GitLab 15.11. Instance events can also be accessed using the [Instance Audit Events API](../api/audit_events.md#instance-audit-events). diff --git a/ee/app/services/ee/users/ban_service.rb b/ee/app/services/ee/users/ban_service.rb index f5958fbd4800be49ce4cfed0c960662592e2e26f..41892d6ed497eaff2919b2249f6ea1d73c97c71d 100644 --- a/ee/app/services/ee/users/ban_service.rb +++ b/ee/app/services/ee/users/ban_service.rb @@ -4,27 +4,16 @@ module EE module Users module BanService extend ::Gitlab::Utils::Override - - override :update_user - def update_user(user) - super.tap do |result| - log_audit_event(user) if result.present? - end - end + include ManagementBaseService private - def log_audit_event(user) - audit_context = { - name: "ban_user", - author: current_user, - scope: user, - target: user, - target_details: user.username, - message: "Banned user" - } + def event_name + 'ban_user' + end - ::Gitlab::Audit::Auditor.audit(audit_context) + def event_message + 'Banned user' end end end diff --git a/ee/app/services/ee/users/management_base_service.rb b/ee/app/services/ee/users/management_base_service.rb new file mode 100644 index 0000000000000000000000000000000000000000..4ff76c9893604db81e556784a9154032c770fa5d --- /dev/null +++ b/ee/app/services/ee/users/management_base_service.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +module EE + module Users + module ManagementBaseService + extend ::Gitlab::Utils::Override + + override :update_user + def update_user(user) + super.tap do |result| + log_audit_event(user) if result.present? + end + end + + private + + def log_audit_event(user) + audit_context = { + name: event_name, + author: current_user, + scope: user, + target: user, + target_details: user.username, + message: event_message + } + + ::Gitlab::Audit::Auditor.audit(audit_context) + end + end + end +end diff --git a/ee/app/services/ee/users/unban_service.rb b/ee/app/services/ee/users/unban_service.rb new file mode 100644 index 0000000000000000000000000000000000000000..34ec1b4b663593dadd1eb9596fb1d0d5e21c667f --- /dev/null +++ b/ee/app/services/ee/users/unban_service.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +module EE + module Users + module UnbanService + extend ::Gitlab::Utils::Override + include ManagementBaseService + + private + + def event_name + 'unban_user' + end + + def event_message + 'Unbanned user' + end + end + end +end diff --git a/ee/config/audit_events/types/unban_user.yml b/ee/config/audit_events/types/unban_user.yml new file mode 100644 index 0000000000000000000000000000000000000000..417979463d0e2fdd8552ca62ae966234e484056c --- /dev/null +++ b/ee/config/audit_events/types/unban_user.yml @@ -0,0 +1,8 @@ +name: unban_user +description: Event triggered on user unban action +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/377620 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116221 +feature_category: "user_management" +milestone: "15.11" +saved_to_database: true +streamed: true \ No newline at end of file diff --git a/ee/spec/services/ee/users/ban_service_spec.rb b/ee/spec/services/ee/users/ban_service_spec.rb index a78bf84bd21768a7d226ba76fef4c58ca60e32af..ff6b22227fd5d898b27c47224ae12f20efe71ad4 100644 --- a/ee/spec/services/ee/users/ban_service_spec.rb +++ b/ee/spec/services/ee/users/ban_service_spec.rb @@ -12,49 +12,28 @@ subject(:operation) { service.execute(user) } - describe 'audit events' do - context 'when licensed', :enable_admin_mode do - before do - stub_licensed_features(admin_audit_log: true) - end - - context 'when user ban operation succeeds' do - it 'logs an audit event' do - expect { operation }.to change { AuditEvent.count }.by(1) - end - - it 'logs the audit event info' do - operation - expect(AuditEvent.last).to have_attributes( - details: hash_including(custom_message: 'Banned user') - ) - end - end - - context 'when user ban operation fails' do - let!(:user) { create(:user) } - - before do - allow(user).to receive(:ban).and_return(false) - end - - it 'does not log any audit event' do - expect { operation }.not_to change { AuditEvent.count } - end - end - end + context 'for audit events', :enable_admin_mode do + include_examples 'audit event logging' do + let(:operation) { service.execute(user) } - context 'when not licensed' do - before do - stub_licensed_features( - admin_audit_log: false, - audit_events: false, - extended_audit_events: false - ) + let(:fail_condition!) do + allow(user).to receive(:ban).and_return(false) end - it 'does not log any audit event' do - expect { operation }.not_to change { AuditEvent.count } + let(:attributes) do + { + author_id: current_user.id, + entity_id: user.id, + entity_type: 'User', + details: { + author_class: 'User', + author_name: current_user.name, + custom_message: 'Banned user', + target_details: user.username, + target_id: user.id, + target_type: 'User' + } + } end end end diff --git a/ee/spec/services/ee/users/unban_service_spec.rb b/ee/spec/services/ee/users/unban_service_spec.rb new file mode 100644 index 0000000000000000000000000000000000000000..bd8a802a3cd538f36f942e55b1fdfd59a6200060 --- /dev/null +++ b/ee/spec/services/ee/users/unban_service_spec.rb @@ -0,0 +1,41 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Users::UnbanService, feature_category: :user_management do + let_it_be(:current_user) { create(:admin) } + + subject(:service) { described_class.new(current_user) } + + describe '#execute' do + let!(:user) { create(:user, :banned) } + + subject(:operation) { service.execute(user) } + + context 'for audit events', :enable_admin_mode do + include_examples 'audit event logging' do + let(:operation) { service.execute(user) } + + let(:fail_condition!) do + allow(user).to receive(:unban).and_return(false) + end + + let(:attributes) do + { + author_id: current_user.id, + entity_id: user.id, + entity_type: 'User', + details: { + author_class: 'User', + author_name: current_user.name, + custom_message: 'Unbanned user', + target_details: user.username, + target_id: user.id, + target_type: 'User' + } + } + end + end + end + end +end