From 1f1d3801c8648ba4e5491364bcb9f924a05dc155 Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Mon, 7 Mar 2022 15:12:29 +0530 Subject: [PATCH 1/2] Creates audit event when approval rule is deleted Record an audit event when user deletes an existing MR approval rule. This event should be visible under Project > Audit Events and Admin Area > Audit Log Changelog: changed EE: true --- .../project_rule_destroy_service.rb | 15 +++++++++++- .../helpers/project_approval_rules_helpers.rb | 2 +- .../project_rule_destroy_service_spec.rb | 23 +++++++++++++++++-- 3 files changed, 36 insertions(+), 4 deletions(-) diff --git a/ee/app/services/approval_rules/project_rule_destroy_service.rb b/ee/app/services/approval_rules/project_rule_destroy_service.rb index 9a68c6dd6faad2..00c96a9e9d6804 100644 --- a/ee/app/services/approval_rules/project_rule_destroy_service.rb +++ b/ee/app/services/approval_rules/project_rule_destroy_service.rb @@ -4,8 +4,9 @@ module ApprovalRules class ProjectRuleDestroyService < ::BaseService attr_reader :rule - def initialize(approval_rule) + def initialize(approval_rule, current_user) @rule = approval_rule + super(approval_rule, current_user) end def execute @@ -17,6 +18,7 @@ def execute end if rule.destroyed? + audit_deletion(rule) success else error(rule.errors.messages) @@ -31,5 +33,16 @@ def remove_associated_approval_rules_from_unmerged_merge_requests .for_unmerged_merge_requests .delete_all end + + def audit_deletion(rule) + audit_context = { + author: current_user, + scope: rule.project, + target: rule, + message: 'Deleted approval rule' + } + + ::Gitlab::Audit::Auditor.audit(audit_context) + end end end diff --git a/ee/lib/api/helpers/project_approval_rules_helpers.rb b/ee/lib/api/helpers/project_approval_rules_helpers.rb index 82c2d872d8343c..3873e3c3756383 100644 --- a/ee/lib/api/helpers/project_approval_rules_helpers.rb +++ b/ee/lib/api/helpers/project_approval_rules_helpers.rb @@ -75,7 +75,7 @@ def destroy_project_approval_rule approval_rule = user_project.approval_rules.find(params[:approval_rule_id]) destroy_conditionally!(approval_rule) do |rule| - ::ApprovalRules::ProjectRuleDestroyService.new(rule).execute + ::ApprovalRules::ProjectRuleDestroyService.new(rule, current_user).execute end end end diff --git a/ee/spec/services/approval_rules/project_rule_destroy_service_spec.rb b/ee/spec/services/approval_rules/project_rule_destroy_service_spec.rb index d06b40b1923b5e..a0b232d2529a67 100644 --- a/ee/spec/services/approval_rules/project_rule_destroy_service_spec.rb +++ b/ee/spec/services/approval_rules/project_rule_destroy_service_spec.rb @@ -8,13 +8,28 @@ describe '#execute' do let!(:project_rule) { create(:approval_project_rule, project: project) } - - subject { described_class.new(project_rule) } + let(:current_user) { create(:user, name: 'Bruce Wayne') } + + subject { described_class.new(project_rule, current_user) } + + shared_context 'an audit event is added' do + it 'adds an audit event' do + expect { subject.execute }.to change { AuditEvent.count }.by(1) + expect(AuditEvent.last.details).to include({ + author_name: current_user.name, + custom_message: 'Deleted approval rule', + target_type: 'ApprovalProjectRule', + target_id: project_rule.id + }) + end + end context 'when there is no merge request rules' do it 'destroys project rule' do expect { subject.execute }.to change { ApprovalProjectRule.count }.by(-1) end + + include_context 'an audit event is added' end context 'when there is a merge request rule' do @@ -28,6 +43,8 @@ it 'destroys merge request rules' do expect { subject.execute }.to change { ApprovalMergeRequestRule.count }.by(-1) end + + include_context 'an audit event is added' end context 'when merged' do @@ -38,6 +55,8 @@ it 'does nothing' do expect { subject.execute }.not_to change { ApprovalMergeRequestRule.count } end + + include_context 'an audit event is added' end end end -- GitLab From bb89b9c6622a01dab10ae3e7021a42c5b1e8c4ac Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Tue, 8 Mar 2022 17:10:57 +0530 Subject: [PATCH 2/2] Apply review suggestions --- .../services/approval_rules/project_rule_destroy_service.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ee/app/services/approval_rules/project_rule_destroy_service.rb b/ee/app/services/approval_rules/project_rule_destroy_service.rb index 00c96a9e9d6804..5e1fc53dd3d979 100644 --- a/ee/app/services/approval_rules/project_rule_destroy_service.rb +++ b/ee/app/services/approval_rules/project_rule_destroy_service.rb @@ -6,7 +6,7 @@ class ProjectRuleDestroyService < ::BaseService def initialize(approval_rule, current_user) @rule = approval_rule - super(approval_rule, current_user) + super(approval_rule.project, current_user) end def execute @@ -18,7 +18,7 @@ def execute end if rule.destroyed? - audit_deletion(rule) + audit_deletion success else error(rule.errors.messages) @@ -34,7 +34,7 @@ def remove_associated_approval_rules_from_unmerged_merge_requests .delete_all end - def audit_deletion(rule) + def audit_deletion audit_context = { author: current_user, scope: rule.project, -- GitLab