listen to trash bin and group manager hooks
This commit is contained in:
parent
c2571cca41
commit
0880cba816
|
@ -22,6 +22,7 @@
|
|||
!/apps/user_ldap
|
||||
!/apps/provisioning_api
|
||||
!/apps/systemtags
|
||||
!/apps/admin_audit
|
||||
!/apps/updatenotification
|
||||
/apps/files_external/3rdparty/irodsphp/PHPUnitTest
|
||||
/apps/files_external/3rdparty/irodsphp/web
|
||||
|
|
|
@ -20,123 +20,8 @@
|
|||
*/
|
||||
|
||||
$logger = \OC::$server->getLogger();
|
||||
$userSession = \OC::$server->getUserSession();
|
||||
$groupManager = \OC::$server->getGroupManager();
|
||||
|
||||
logUserManagement(
|
||||
$logger,
|
||||
\OC::$server->getUserSession()
|
||||
);
|
||||
logFileActions($logger);
|
||||
logAuthEvents($logger);
|
||||
logShareEvents($logger);
|
||||
|
||||
/**
|
||||
* Logs sharing events
|
||||
*
|
||||
* @param \OCP\ILogger $logger
|
||||
*/
|
||||
function logShareEvents($logger) {
|
||||
$shareActions = new \OCA\Admin_Audit\Actions\Sharing(
|
||||
$logger
|
||||
);
|
||||
|
||||
OCP\Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
|
||||
OCP\Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
|
||||
OCP\Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
|
||||
OCP\Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
|
||||
OCP\Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
|
||||
OCP\Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
|
||||
}
|
||||
|
||||
/**
|
||||
* Log authentication event related actions
|
||||
*
|
||||
* @param \OCP\ILogger $logger
|
||||
*/
|
||||
function logAuthEvents($logger) {
|
||||
$authActions = new \OCA\Admin_Audit\Actions\Auth(
|
||||
$logger
|
||||
);
|
||||
OCP\Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
|
||||
OCP\Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
|
||||
OCP\Util::connectHook('OC_User', 'logout', $authActions, 'logout');
|
||||
}
|
||||
|
||||
/**
|
||||
* Log user management related actions
|
||||
*
|
||||
* @param \OCP\ILogger $logger
|
||||
* @param \OC\User\Session $userSession
|
||||
*/
|
||||
function logUserManagement($logger, $userSession) {
|
||||
$userActions = new \OCA\Admin_Audit\Actions\UserManagement(
|
||||
$logger
|
||||
);
|
||||
|
||||
OCP\Util::connectHook(
|
||||
'OC_User',
|
||||
'post_createUser',
|
||||
$userActions,
|
||||
'create'
|
||||
);
|
||||
OCP\Util::connectHook(
|
||||
'OC_User',
|
||||
'post_deleteUser',
|
||||
$userActions,
|
||||
'delete'
|
||||
);
|
||||
$userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Log file related actions
|
||||
*
|
||||
* @param \OCP\ILogger $logger
|
||||
*/
|
||||
function logFileActions($logger) {
|
||||
$fileActions = new \OCA\Admin_Audit\Actions\Files(
|
||||
$logger
|
||||
);
|
||||
|
||||
OCP\Util::connectHook(
|
||||
OC\Files\Filesystem::CLASSNAME,
|
||||
OC\Files\Filesystem::signal_post_rename,
|
||||
$fileActions,
|
||||
'rename'
|
||||
);
|
||||
OCP\Util::connectHook(
|
||||
OC\Files\Filesystem::CLASSNAME,
|
||||
OC\Files\Filesystem::signal_post_create,
|
||||
$fileActions,
|
||||
'create'
|
||||
);
|
||||
OCP\Util::connectHook(
|
||||
OC\Files\Filesystem::CLASSNAME,
|
||||
OC\Files\Filesystem::signal_post_copy,
|
||||
$fileActions,
|
||||
'copy'
|
||||
);
|
||||
OCP\Util::connectHook(
|
||||
OC\Files\Filesystem::CLASSNAME,
|
||||
OC\Files\Filesystem::signal_post_write,
|
||||
$fileActions,
|
||||
'write'
|
||||
);
|
||||
OCP\Util::connectHook(
|
||||
OC\Files\Filesystem::CLASSNAME,
|
||||
OC\Files\Filesystem::signal_post_update,
|
||||
$fileActions,
|
||||
'update'
|
||||
);
|
||||
OCP\Util::connectHook(
|
||||
OC\Files\Filesystem::CLASSNAME,
|
||||
OC\Files\Filesystem::signal_read,
|
||||
$fileActions,
|
||||
'read'
|
||||
);
|
||||
OCP\Util::connectHook(
|
||||
OC\Files\Filesystem::CLASSNAME,
|
||||
OC\Files\Filesystem::signal_delete,
|
||||
$fileActions,
|
||||
'delete'
|
||||
);
|
||||
}
|
||||
$auditLogger = new \OCA\Admin_Audit\AuditLogger($logger, $userSession, $groupManager);
|
||||
$auditLogger->registerHooks();
|
||||
|
|
|
@ -0,0 +1,73 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
namespace OCA\Admin_Audit\Actions;
|
||||
|
||||
|
||||
use OCA\Admin_Audit\Actions\Action;
|
||||
use OCP\IGroup;
|
||||
use OCP\IUser;
|
||||
|
||||
/**
|
||||
* Class GroupManagement logs all group manager related events
|
||||
*
|
||||
* @package OCA\Admin_Audit
|
||||
*/
|
||||
class GroupManagement extends Action {
|
||||
|
||||
/**
|
||||
* log add user to group event
|
||||
*
|
||||
* @param IGroup $group
|
||||
* @param IUser $user
|
||||
*/
|
||||
public function addUser(IGroup $group, IUser $user) {
|
||||
$this->log('User "%s" added to group "%s"',
|
||||
[
|
||||
'group' => $group->getGID(),
|
||||
'user' => $user->getUID()
|
||||
],
|
||||
[
|
||||
'user', 'group'
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* log remove user from group event
|
||||
*
|
||||
* @param IGroup $group
|
||||
* @param IUser $user
|
||||
*/
|
||||
public function removeUser(IGroup $group, IUser $user) {
|
||||
$this->log('User "%s" removed from group "%s"',
|
||||
[
|
||||
'group' => $group->getGID(),
|
||||
'user' => $user->getUID()
|
||||
],
|
||||
[
|
||||
'user', 'group'
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,69 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
namespace OCA\Admin_Audit\Actions;
|
||||
|
||||
|
||||
use OCP\ILogger;
|
||||
use OCP\IUserSession;
|
||||
|
||||
class Trashbin extends Action {
|
||||
|
||||
/** @var IUserSession */
|
||||
private $userSession;
|
||||
|
||||
/**
|
||||
* Trashbin constructor.
|
||||
*
|
||||
* @param ILogger $logger
|
||||
* @param IUserSession $userSession
|
||||
*/
|
||||
public function __construct(ILogger $logger, IUserSession $userSession) {
|
||||
parent::__construct($logger);
|
||||
$this->userSession = $userSession;
|
||||
}
|
||||
|
||||
public function delete($params) {
|
||||
$this->log('File "%s" deleted from trash bin by "%s"',
|
||||
[
|
||||
'path' => $params['path'],
|
||||
'user' => $this->userSession->getUser()->getUID()
|
||||
],
|
||||
[
|
||||
'path', 'user'
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
public function restore($params) {
|
||||
$this->log('File "%s" restored from trash bin by "%s"',
|
||||
[
|
||||
'path' => $params['filePath'],
|
||||
'user' => $this->userSession->getUser()->getUID()
|
||||
],
|
||||
[
|
||||
'path', 'user'
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
}
|
|
@ -19,6 +19,7 @@
|
|||
*
|
||||
*/
|
||||
namespace OCA\Admin_Audit\Actions;
|
||||
use OCP\IUser;
|
||||
|
||||
/**
|
||||
* Class UserManagement logs all user management related actions.
|
||||
|
@ -59,9 +60,9 @@ class UserManagement extends Action {
|
|||
/**
|
||||
* Logs changing of the user scope
|
||||
*
|
||||
* @param \OCP\IUser $user
|
||||
* @param IUser $user
|
||||
*/
|
||||
public function setPassword(\OCP\IUser $user) {
|
||||
public function setPassword(IUser $user) {
|
||||
if($user->getBackendClassName() === 'Database') {
|
||||
$this->log(
|
||||
'Password of user "%s" has been changed',
|
|
@ -0,0 +1,178 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
namespace OCA\Admin_Audit;
|
||||
|
||||
|
||||
use OC\Files\Filesystem;
|
||||
use OCA\Admin_Audit\Actions\Auth;
|
||||
use OCA\Admin_Audit\Actions\Files;
|
||||
use OCA\Admin_Audit\Actions\GroupManagement;
|
||||
use OCA\Admin_Audit\Actions\Sharing;
|
||||
use OCA\Admin_Audit\Actions\Trashbin;
|
||||
use OCA\Admin_Audit\Actions\UserManagement;
|
||||
use OCP\IGroupManager;
|
||||
use OCP\ILogger;
|
||||
use OCP\IUserSession;
|
||||
use OCP\Util;
|
||||
|
||||
class AuditLogger {
|
||||
|
||||
/** @var ILogger */
|
||||
private $logger;
|
||||
|
||||
/** @var IUserSession */
|
||||
private $userSession;
|
||||
|
||||
/** @var IGroupManager */
|
||||
private $groupManager;
|
||||
|
||||
/**
|
||||
* AuditLogger constructor.
|
||||
*
|
||||
* @param ILogger $logger
|
||||
* @param IUserSession $userSession
|
||||
* @param IGroupManager $groupManager
|
||||
*/
|
||||
public function __construct(ILogger $logger,
|
||||
IUserSession $userSession,
|
||||
IGroupManager $groupManager) {
|
||||
$this->logger = $logger;
|
||||
$this->userSession = $userSession;
|
||||
$this->groupManager = $groupManager;
|
||||
}
|
||||
|
||||
/**
|
||||
* register hooks in order to log them
|
||||
*/
|
||||
public function registerHooks() {
|
||||
$this->userManagementHooks();
|
||||
$this->groupHooks();
|
||||
$this->sharingHooks();
|
||||
$this->authHooks();
|
||||
$this->fileHooks();
|
||||
$this->trashbinHooks();
|
||||
}
|
||||
|
||||
/**
|
||||
* connect to user management hooks
|
||||
*/
|
||||
private function userManagementHooks() {
|
||||
$userActions = new UserManagement($this->logger);
|
||||
|
||||
Util::connectHook('OC_User', 'post_createUser', $userActions, 'create');
|
||||
Util::connectHook('OC_User', 'post_deleteUser', $userActions, 'delete');
|
||||
$this->userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
|
||||
}
|
||||
|
||||
private function groupHooks() {
|
||||
$groupActions = new GroupManagement($this->logger);
|
||||
$this->groupManager->listen('\OC\Group', 'postRemoveUser', [$groupActions, 'removeUser']);
|
||||
$this->groupManager->listen('\OC\Group', 'postAddUser', [$groupActions, 'addUser']);
|
||||
}
|
||||
|
||||
/**
|
||||
* connect to sharing events
|
||||
*/
|
||||
private function sharingHooks() {
|
||||
$shareActions = new Sharing($this->logger);
|
||||
|
||||
Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
|
||||
Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
|
||||
Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
|
||||
Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
|
||||
Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
|
||||
Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
|
||||
}
|
||||
|
||||
/**
|
||||
* connect to authentication event and related actions
|
||||
*/
|
||||
private function authHooks() {
|
||||
$authActions = new Auth($this->logger);
|
||||
|
||||
Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
|
||||
Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
|
||||
Util::connectHook('OC_User', 'logout', $authActions, 'logout');
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* connect to file hooks
|
||||
*/
|
||||
private function fileHooks() {
|
||||
$fileActions = new Files($this->logger);
|
||||
|
||||
Util::connectHook(
|
||||
Filesystem::CLASSNAME,
|
||||
Filesystem::signal_post_rename,
|
||||
$fileActions,
|
||||
'rename'
|
||||
);
|
||||
Util::connectHook(
|
||||
Filesystem::CLASSNAME,
|
||||
Filesystem::signal_post_create,
|
||||
$fileActions,
|
||||
'create'
|
||||
);
|
||||
Util::connectHook(
|
||||
Filesystem::CLASSNAME,
|
||||
Filesystem::signal_post_copy,
|
||||
$fileActions,
|
||||
'copy'
|
||||
);
|
||||
Util::connectHook(
|
||||
Filesystem::CLASSNAME,
|
||||
Filesystem::signal_post_write,
|
||||
$fileActions,
|
||||
'write'
|
||||
);
|
||||
Util::connectHook(
|
||||
Filesystem::CLASSNAME,
|
||||
Filesystem::signal_post_update,
|
||||
$fileActions,
|
||||
'update'
|
||||
);
|
||||
Util::connectHook(
|
||||
Filesystem::CLASSNAME,
|
||||
Filesystem::signal_read,
|
||||
$fileActions,
|
||||
'read'
|
||||
);
|
||||
Util::connectHook(
|
||||
Filesystem::CLASSNAME,
|
||||
Filesystem::signal_delete,
|
||||
$fileActions,
|
||||
'delete'
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* connect to trash bin hooks
|
||||
*/
|
||||
private function trashbinHooks() {
|
||||
$trashActions = new Trashbin($this->logger, $this->userSession);
|
||||
Util::connectHook('\OCP\Trashbin', 'preDelete', $trashActions, 'delete');
|
||||
Util::connectHook('\OCA\Files_Trashbin\Trashbin', 'post_restore', $trashActions, 'restore');
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue