listen to trash bin and group manager hooks

This commit is contained in:
Bjoern Schiessle 2016-06-09 18:03:31 +02:00 committed by Lukas Reschke
parent c2571cca41
commit 0880cba816
No known key found for this signature in database
GPG Key ID: 9AB0ADB949B6898C
10 changed files with 328 additions and 121 deletions

1
.gitignore vendored
View File

@ -22,6 +22,7 @@
!/apps/user_ldap
!/apps/provisioning_api
!/apps/systemtags
!/apps/admin_audit
!/apps/updatenotification
/apps/files_external/3rdparty/irodsphp/PHPUnitTest
/apps/files_external/3rdparty/irodsphp/web

View File

@ -20,123 +20,8 @@
*/
$logger = \OC::$server->getLogger();
$userSession = \OC::$server->getUserSession();
$groupManager = \OC::$server->getGroupManager();
logUserManagement(
$logger,
\OC::$server->getUserSession()
);
logFileActions($logger);
logAuthEvents($logger);
logShareEvents($logger);
/**
* Logs sharing events
*
* @param \OCP\ILogger $logger
*/
function logShareEvents($logger) {
$shareActions = new \OCA\Admin_Audit\Actions\Sharing(
$logger
);
OCP\Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
OCP\Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
OCP\Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
OCP\Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
OCP\Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
OCP\Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
}
/**
* Log authentication event related actions
*
* @param \OCP\ILogger $logger
*/
function logAuthEvents($logger) {
$authActions = new \OCA\Admin_Audit\Actions\Auth(
$logger
);
OCP\Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
OCP\Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
OCP\Util::connectHook('OC_User', 'logout', $authActions, 'logout');
}
/**
* Log user management related actions
*
* @param \OCP\ILogger $logger
* @param \OC\User\Session $userSession
*/
function logUserManagement($logger, $userSession) {
$userActions = new \OCA\Admin_Audit\Actions\UserManagement(
$logger
);
OCP\Util::connectHook(
'OC_User',
'post_createUser',
$userActions,
'create'
);
OCP\Util::connectHook(
'OC_User',
'post_deleteUser',
$userActions,
'delete'
);
$userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
}
/**
* Log file related actions
*
* @param \OCP\ILogger $logger
*/
function logFileActions($logger) {
$fileActions = new \OCA\Admin_Audit\Actions\Files(
$logger
);
OCP\Util::connectHook(
OC\Files\Filesystem::CLASSNAME,
OC\Files\Filesystem::signal_post_rename,
$fileActions,
'rename'
);
OCP\Util::connectHook(
OC\Files\Filesystem::CLASSNAME,
OC\Files\Filesystem::signal_post_create,
$fileActions,
'create'
);
OCP\Util::connectHook(
OC\Files\Filesystem::CLASSNAME,
OC\Files\Filesystem::signal_post_copy,
$fileActions,
'copy'
);
OCP\Util::connectHook(
OC\Files\Filesystem::CLASSNAME,
OC\Files\Filesystem::signal_post_write,
$fileActions,
'write'
);
OCP\Util::connectHook(
OC\Files\Filesystem::CLASSNAME,
OC\Files\Filesystem::signal_post_update,
$fileActions,
'update'
);
OCP\Util::connectHook(
OC\Files\Filesystem::CLASSNAME,
OC\Files\Filesystem::signal_read,
$fileActions,
'read'
);
OCP\Util::connectHook(
OC\Files\Filesystem::CLASSNAME,
OC\Files\Filesystem::signal_delete,
$fileActions,
'delete'
);
}
$auditLogger = new \OCA\Admin_Audit\AuditLogger($logger, $userSession, $groupManager);
$auditLogger->registerHooks();

View File

@ -0,0 +1,73 @@
<?php
/**
* @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Admin_Audit\Actions;
use OCA\Admin_Audit\Actions\Action;
use OCP\IGroup;
use OCP\IUser;
/**
* Class GroupManagement logs all group manager related events
*
* @package OCA\Admin_Audit
*/
class GroupManagement extends Action {
/**
* log add user to group event
*
* @param IGroup $group
* @param IUser $user
*/
public function addUser(IGroup $group, IUser $user) {
$this->log('User "%s" added to group "%s"',
[
'group' => $group->getGID(),
'user' => $user->getUID()
],
[
'user', 'group'
]
);
}
/**
* log remove user from group event
*
* @param IGroup $group
* @param IUser $user
*/
public function removeUser(IGroup $group, IUser $user) {
$this->log('User "%s" removed from group "%s"',
[
'group' => $group->getGID(),
'user' => $user->getUID()
],
[
'user', 'group'
]
);
}
}

View File

@ -0,0 +1,69 @@
<?php
/**
* @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Admin_Audit\Actions;
use OCP\ILogger;
use OCP\IUserSession;
class Trashbin extends Action {
/** @var IUserSession */
private $userSession;
/**
* Trashbin constructor.
*
* @param ILogger $logger
* @param IUserSession $userSession
*/
public function __construct(ILogger $logger, IUserSession $userSession) {
parent::__construct($logger);
$this->userSession = $userSession;
}
public function delete($params) {
$this->log('File "%s" deleted from trash bin by "%s"',
[
'path' => $params['path'],
'user' => $this->userSession->getUser()->getUID()
],
[
'path', 'user'
]
);
}
public function restore($params) {
$this->log('File "%s" restored from trash bin by "%s"',
[
'path' => $params['filePath'],
'user' => $this->userSession->getUser()->getUID()
],
[
'path', 'user'
]
);
}
}

View File

@ -19,6 +19,7 @@
*
*/
namespace OCA\Admin_Audit\Actions;
use OCP\IUser;
/**
* Class UserManagement logs all user management related actions.
@ -59,9 +60,9 @@ class UserManagement extends Action {
/**
* Logs changing of the user scope
*
* @param \OCP\IUser $user
* @param IUser $user
*/
public function setPassword(\OCP\IUser $user) {
public function setPassword(IUser $user) {
if($user->getBackendClassName() === 'Database') {
$this->log(
'Password of user "%s" has been changed',

View File

@ -0,0 +1,178 @@
<?php
/**
* @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Admin_Audit;
use OC\Files\Filesystem;
use OCA\Admin_Audit\Actions\Auth;
use OCA\Admin_Audit\Actions\Files;
use OCA\Admin_Audit\Actions\GroupManagement;
use OCA\Admin_Audit\Actions\Sharing;
use OCA\Admin_Audit\Actions\Trashbin;
use OCA\Admin_Audit\Actions\UserManagement;
use OCP\IGroupManager;
use OCP\ILogger;
use OCP\IUserSession;
use OCP\Util;
class AuditLogger {
/** @var ILogger */
private $logger;
/** @var IUserSession */
private $userSession;
/** @var IGroupManager */
private $groupManager;
/**
* AuditLogger constructor.
*
* @param ILogger $logger
* @param IUserSession $userSession
* @param IGroupManager $groupManager
*/
public function __construct(ILogger $logger,
IUserSession $userSession,
IGroupManager $groupManager) {
$this->logger = $logger;
$this->userSession = $userSession;
$this->groupManager = $groupManager;
}
/**
* register hooks in order to log them
*/
public function registerHooks() {
$this->userManagementHooks();
$this->groupHooks();
$this->sharingHooks();
$this->authHooks();
$this->fileHooks();
$this->trashbinHooks();
}
/**
* connect to user management hooks
*/
private function userManagementHooks() {
$userActions = new UserManagement($this->logger);
Util::connectHook('OC_User', 'post_createUser', $userActions, 'create');
Util::connectHook('OC_User', 'post_deleteUser', $userActions, 'delete');
$this->userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
}
private function groupHooks() {
$groupActions = new GroupManagement($this->logger);
$this->groupManager->listen('\OC\Group', 'postRemoveUser', [$groupActions, 'removeUser']);
$this->groupManager->listen('\OC\Group', 'postAddUser', [$groupActions, 'addUser']);
}
/**
* connect to sharing events
*/
private function sharingHooks() {
$shareActions = new Sharing($this->logger);
Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
}
/**
* connect to authentication event and related actions
*/
private function authHooks() {
$authActions = new Auth($this->logger);
Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
Util::connectHook('OC_User', 'logout', $authActions, 'logout');
}
/**
* connect to file hooks
*/
private function fileHooks() {
$fileActions = new Files($this->logger);
Util::connectHook(
Filesystem::CLASSNAME,
Filesystem::signal_post_rename,
$fileActions,
'rename'
);
Util::connectHook(
Filesystem::CLASSNAME,
Filesystem::signal_post_create,
$fileActions,
'create'
);
Util::connectHook(
Filesystem::CLASSNAME,
Filesystem::signal_post_copy,
$fileActions,
'copy'
);
Util::connectHook(
Filesystem::CLASSNAME,
Filesystem::signal_post_write,
$fileActions,
'write'
);
Util::connectHook(
Filesystem::CLASSNAME,
Filesystem::signal_post_update,
$fileActions,
'update'
);
Util::connectHook(
Filesystem::CLASSNAME,
Filesystem::signal_read,
$fileActions,
'read'
);
Util::connectHook(
Filesystem::CLASSNAME,
Filesystem::signal_delete,
$fileActions,
'delete'
);
}
/**
* connect to trash bin hooks
*/
private function trashbinHooks() {
$trashActions = new Trashbin($this->logger, $this->userSession);
Util::connectHook('\OCP\Trashbin', 'preDelete', $trashActions, 'delete');
Util::connectHook('\OCA\Files_Trashbin\Trashbin', 'post_restore', $trashActions, 'restore');
}
}