listen to trash bin and group manager hooks
This commit is contained in:
parent
c2571cca41
commit
0880cba816
|
@ -22,6 +22,7 @@
|
||||||
!/apps/user_ldap
|
!/apps/user_ldap
|
||||||
!/apps/provisioning_api
|
!/apps/provisioning_api
|
||||||
!/apps/systemtags
|
!/apps/systemtags
|
||||||
|
!/apps/admin_audit
|
||||||
!/apps/updatenotification
|
!/apps/updatenotification
|
||||||
/apps/files_external/3rdparty/irodsphp/PHPUnitTest
|
/apps/files_external/3rdparty/irodsphp/PHPUnitTest
|
||||||
/apps/files_external/3rdparty/irodsphp/web
|
/apps/files_external/3rdparty/irodsphp/web
|
||||||
|
|
|
@ -20,123 +20,8 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$logger = \OC::$server->getLogger();
|
$logger = \OC::$server->getLogger();
|
||||||
|
$userSession = \OC::$server->getUserSession();
|
||||||
|
$groupManager = \OC::$server->getGroupManager();
|
||||||
|
|
||||||
logUserManagement(
|
$auditLogger = new \OCA\Admin_Audit\AuditLogger($logger, $userSession, $groupManager);
|
||||||
$logger,
|
$auditLogger->registerHooks();
|
||||||
\OC::$server->getUserSession()
|
|
||||||
);
|
|
||||||
logFileActions($logger);
|
|
||||||
logAuthEvents($logger);
|
|
||||||
logShareEvents($logger);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Logs sharing events
|
|
||||||
*
|
|
||||||
* @param \OCP\ILogger $logger
|
|
||||||
*/
|
|
||||||
function logShareEvents($logger) {
|
|
||||||
$shareActions = new \OCA\Admin_Audit\Actions\Sharing(
|
|
||||||
$logger
|
|
||||||
);
|
|
||||||
|
|
||||||
OCP\Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
|
|
||||||
OCP\Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
|
|
||||||
OCP\Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
|
|
||||||
OCP\Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
|
|
||||||
OCP\Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
|
|
||||||
OCP\Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Log authentication event related actions
|
|
||||||
*
|
|
||||||
* @param \OCP\ILogger $logger
|
|
||||||
*/
|
|
||||||
function logAuthEvents($logger) {
|
|
||||||
$authActions = new \OCA\Admin_Audit\Actions\Auth(
|
|
||||||
$logger
|
|
||||||
);
|
|
||||||
OCP\Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
|
|
||||||
OCP\Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
|
|
||||||
OCP\Util::connectHook('OC_User', 'logout', $authActions, 'logout');
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Log user management related actions
|
|
||||||
*
|
|
||||||
* @param \OCP\ILogger $logger
|
|
||||||
* @param \OC\User\Session $userSession
|
|
||||||
*/
|
|
||||||
function logUserManagement($logger, $userSession) {
|
|
||||||
$userActions = new \OCA\Admin_Audit\Actions\UserManagement(
|
|
||||||
$logger
|
|
||||||
);
|
|
||||||
|
|
||||||
OCP\Util::connectHook(
|
|
||||||
'OC_User',
|
|
||||||
'post_createUser',
|
|
||||||
$userActions,
|
|
||||||
'create'
|
|
||||||
);
|
|
||||||
OCP\Util::connectHook(
|
|
||||||
'OC_User',
|
|
||||||
'post_deleteUser',
|
|
||||||
$userActions,
|
|
||||||
'delete'
|
|
||||||
);
|
|
||||||
$userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Log file related actions
|
|
||||||
*
|
|
||||||
* @param \OCP\ILogger $logger
|
|
||||||
*/
|
|
||||||
function logFileActions($logger) {
|
|
||||||
$fileActions = new \OCA\Admin_Audit\Actions\Files(
|
|
||||||
$logger
|
|
||||||
);
|
|
||||||
|
|
||||||
OCP\Util::connectHook(
|
|
||||||
OC\Files\Filesystem::CLASSNAME,
|
|
||||||
OC\Files\Filesystem::signal_post_rename,
|
|
||||||
$fileActions,
|
|
||||||
'rename'
|
|
||||||
);
|
|
||||||
OCP\Util::connectHook(
|
|
||||||
OC\Files\Filesystem::CLASSNAME,
|
|
||||||
OC\Files\Filesystem::signal_post_create,
|
|
||||||
$fileActions,
|
|
||||||
'create'
|
|
||||||
);
|
|
||||||
OCP\Util::connectHook(
|
|
||||||
OC\Files\Filesystem::CLASSNAME,
|
|
||||||
OC\Files\Filesystem::signal_post_copy,
|
|
||||||
$fileActions,
|
|
||||||
'copy'
|
|
||||||
);
|
|
||||||
OCP\Util::connectHook(
|
|
||||||
OC\Files\Filesystem::CLASSNAME,
|
|
||||||
OC\Files\Filesystem::signal_post_write,
|
|
||||||
$fileActions,
|
|
||||||
'write'
|
|
||||||
);
|
|
||||||
OCP\Util::connectHook(
|
|
||||||
OC\Files\Filesystem::CLASSNAME,
|
|
||||||
OC\Files\Filesystem::signal_post_update,
|
|
||||||
$fileActions,
|
|
||||||
'update'
|
|
||||||
);
|
|
||||||
OCP\Util::connectHook(
|
|
||||||
OC\Files\Filesystem::CLASSNAME,
|
|
||||||
OC\Files\Filesystem::signal_read,
|
|
||||||
$fileActions,
|
|
||||||
'read'
|
|
||||||
);
|
|
||||||
OCP\Util::connectHook(
|
|
||||||
OC\Files\Filesystem::CLASSNAME,
|
|
||||||
OC\Files\Filesystem::signal_delete,
|
|
||||||
$fileActions,
|
|
||||||
'delete'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
|
@ -0,0 +1,73 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
namespace OCA\Admin_Audit\Actions;
|
||||||
|
|
||||||
|
|
||||||
|
use OCA\Admin_Audit\Actions\Action;
|
||||||
|
use OCP\IGroup;
|
||||||
|
use OCP\IUser;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class GroupManagement logs all group manager related events
|
||||||
|
*
|
||||||
|
* @package OCA\Admin_Audit
|
||||||
|
*/
|
||||||
|
class GroupManagement extends Action {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* log add user to group event
|
||||||
|
*
|
||||||
|
* @param IGroup $group
|
||||||
|
* @param IUser $user
|
||||||
|
*/
|
||||||
|
public function addUser(IGroup $group, IUser $user) {
|
||||||
|
$this->log('User "%s" added to group "%s"',
|
||||||
|
[
|
||||||
|
'group' => $group->getGID(),
|
||||||
|
'user' => $user->getUID()
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'user', 'group'
|
||||||
|
]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* log remove user from group event
|
||||||
|
*
|
||||||
|
* @param IGroup $group
|
||||||
|
* @param IUser $user
|
||||||
|
*/
|
||||||
|
public function removeUser(IGroup $group, IUser $user) {
|
||||||
|
$this->log('User "%s" removed from group "%s"',
|
||||||
|
[
|
||||||
|
'group' => $group->getGID(),
|
||||||
|
'user' => $user->getUID()
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'user', 'group'
|
||||||
|
]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,69 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
namespace OCA\Admin_Audit\Actions;
|
||||||
|
|
||||||
|
|
||||||
|
use OCP\ILogger;
|
||||||
|
use OCP\IUserSession;
|
||||||
|
|
||||||
|
class Trashbin extends Action {
|
||||||
|
|
||||||
|
/** @var IUserSession */
|
||||||
|
private $userSession;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Trashbin constructor.
|
||||||
|
*
|
||||||
|
* @param ILogger $logger
|
||||||
|
* @param IUserSession $userSession
|
||||||
|
*/
|
||||||
|
public function __construct(ILogger $logger, IUserSession $userSession) {
|
||||||
|
parent::__construct($logger);
|
||||||
|
$this->userSession = $userSession;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function delete($params) {
|
||||||
|
$this->log('File "%s" deleted from trash bin by "%s"',
|
||||||
|
[
|
||||||
|
'path' => $params['path'],
|
||||||
|
'user' => $this->userSession->getUser()->getUID()
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'path', 'user'
|
||||||
|
]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function restore($params) {
|
||||||
|
$this->log('File "%s" restored from trash bin by "%s"',
|
||||||
|
[
|
||||||
|
'path' => $params['filePath'],
|
||||||
|
'user' => $this->userSession->getUser()->getUID()
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'path', 'user'
|
||||||
|
]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -19,6 +19,7 @@
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
namespace OCA\Admin_Audit\Actions;
|
namespace OCA\Admin_Audit\Actions;
|
||||||
|
use OCP\IUser;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class UserManagement logs all user management related actions.
|
* Class UserManagement logs all user management related actions.
|
||||||
|
@ -59,9 +60,9 @@ class UserManagement extends Action {
|
||||||
/**
|
/**
|
||||||
* Logs changing of the user scope
|
* Logs changing of the user scope
|
||||||
*
|
*
|
||||||
* @param \OCP\IUser $user
|
* @param IUser $user
|
||||||
*/
|
*/
|
||||||
public function setPassword(\OCP\IUser $user) {
|
public function setPassword(IUser $user) {
|
||||||
if($user->getBackendClassName() === 'Database') {
|
if($user->getBackendClassName() === 'Database') {
|
||||||
$this->log(
|
$this->log(
|
||||||
'Password of user "%s" has been changed',
|
'Password of user "%s" has been changed',
|
|
@ -0,0 +1,178 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
namespace OCA\Admin_Audit;
|
||||||
|
|
||||||
|
|
||||||
|
use OC\Files\Filesystem;
|
||||||
|
use OCA\Admin_Audit\Actions\Auth;
|
||||||
|
use OCA\Admin_Audit\Actions\Files;
|
||||||
|
use OCA\Admin_Audit\Actions\GroupManagement;
|
||||||
|
use OCA\Admin_Audit\Actions\Sharing;
|
||||||
|
use OCA\Admin_Audit\Actions\Trashbin;
|
||||||
|
use OCA\Admin_Audit\Actions\UserManagement;
|
||||||
|
use OCP\IGroupManager;
|
||||||
|
use OCP\ILogger;
|
||||||
|
use OCP\IUserSession;
|
||||||
|
use OCP\Util;
|
||||||
|
|
||||||
|
class AuditLogger {
|
||||||
|
|
||||||
|
/** @var ILogger */
|
||||||
|
private $logger;
|
||||||
|
|
||||||
|
/** @var IUserSession */
|
||||||
|
private $userSession;
|
||||||
|
|
||||||
|
/** @var IGroupManager */
|
||||||
|
private $groupManager;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* AuditLogger constructor.
|
||||||
|
*
|
||||||
|
* @param ILogger $logger
|
||||||
|
* @param IUserSession $userSession
|
||||||
|
* @param IGroupManager $groupManager
|
||||||
|
*/
|
||||||
|
public function __construct(ILogger $logger,
|
||||||
|
IUserSession $userSession,
|
||||||
|
IGroupManager $groupManager) {
|
||||||
|
$this->logger = $logger;
|
||||||
|
$this->userSession = $userSession;
|
||||||
|
$this->groupManager = $groupManager;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* register hooks in order to log them
|
||||||
|
*/
|
||||||
|
public function registerHooks() {
|
||||||
|
$this->userManagementHooks();
|
||||||
|
$this->groupHooks();
|
||||||
|
$this->sharingHooks();
|
||||||
|
$this->authHooks();
|
||||||
|
$this->fileHooks();
|
||||||
|
$this->trashbinHooks();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* connect to user management hooks
|
||||||
|
*/
|
||||||
|
private function userManagementHooks() {
|
||||||
|
$userActions = new UserManagement($this->logger);
|
||||||
|
|
||||||
|
Util::connectHook('OC_User', 'post_createUser', $userActions, 'create');
|
||||||
|
Util::connectHook('OC_User', 'post_deleteUser', $userActions, 'delete');
|
||||||
|
$this->userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
|
||||||
|
}
|
||||||
|
|
||||||
|
private function groupHooks() {
|
||||||
|
$groupActions = new GroupManagement($this->logger);
|
||||||
|
$this->groupManager->listen('\OC\Group', 'postRemoveUser', [$groupActions, 'removeUser']);
|
||||||
|
$this->groupManager->listen('\OC\Group', 'postAddUser', [$groupActions, 'addUser']);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* connect to sharing events
|
||||||
|
*/
|
||||||
|
private function sharingHooks() {
|
||||||
|
$shareActions = new Sharing($this->logger);
|
||||||
|
|
||||||
|
Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
|
||||||
|
Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
|
||||||
|
Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
|
||||||
|
Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
|
||||||
|
Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
|
||||||
|
Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* connect to authentication event and related actions
|
||||||
|
*/
|
||||||
|
private function authHooks() {
|
||||||
|
$authActions = new Auth($this->logger);
|
||||||
|
|
||||||
|
Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
|
||||||
|
Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
|
||||||
|
Util::connectHook('OC_User', 'logout', $authActions, 'logout');
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* connect to file hooks
|
||||||
|
*/
|
||||||
|
private function fileHooks() {
|
||||||
|
$fileActions = new Files($this->logger);
|
||||||
|
|
||||||
|
Util::connectHook(
|
||||||
|
Filesystem::CLASSNAME,
|
||||||
|
Filesystem::signal_post_rename,
|
||||||
|
$fileActions,
|
||||||
|
'rename'
|
||||||
|
);
|
||||||
|
Util::connectHook(
|
||||||
|
Filesystem::CLASSNAME,
|
||||||
|
Filesystem::signal_post_create,
|
||||||
|
$fileActions,
|
||||||
|
'create'
|
||||||
|
);
|
||||||
|
Util::connectHook(
|
||||||
|
Filesystem::CLASSNAME,
|
||||||
|
Filesystem::signal_post_copy,
|
||||||
|
$fileActions,
|
||||||
|
'copy'
|
||||||
|
);
|
||||||
|
Util::connectHook(
|
||||||
|
Filesystem::CLASSNAME,
|
||||||
|
Filesystem::signal_post_write,
|
||||||
|
$fileActions,
|
||||||
|
'write'
|
||||||
|
);
|
||||||
|
Util::connectHook(
|
||||||
|
Filesystem::CLASSNAME,
|
||||||
|
Filesystem::signal_post_update,
|
||||||
|
$fileActions,
|
||||||
|
'update'
|
||||||
|
);
|
||||||
|
Util::connectHook(
|
||||||
|
Filesystem::CLASSNAME,
|
||||||
|
Filesystem::signal_read,
|
||||||
|
$fileActions,
|
||||||
|
'read'
|
||||||
|
);
|
||||||
|
Util::connectHook(
|
||||||
|
Filesystem::CLASSNAME,
|
||||||
|
Filesystem::signal_delete,
|
||||||
|
$fileActions,
|
||||||
|
'delete'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* connect to trash bin hooks
|
||||||
|
*/
|
||||||
|
private function trashbinHooks() {
|
||||||
|
$trashActions = new Trashbin($this->logger, $this->userSession);
|
||||||
|
Util::connectHook('\OCP\Trashbin', 'preDelete', $trashActions, 'delete');
|
||||||
|
Util::connectHook('\OCA\Files_Trashbin\Trashbin', 'post_restore', $trashActions, 'restore');
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue