being able to setup in setting indexing permissions changes

guillotinaweb · Mar 6, 2024 · 8f6ee3b · 8f6ee3b
1 parent 2ac2a4d
commit 8f6ee3b
Show file tree

Hide file tree

Showing 4 changed files with 110 additions and 4 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -1,7 +1,8 @@
 2.0.2 (unreleased)
 ------------------
 
-- Nothing changed yet.
+- Being able to setting up index_permission_changes in settings. If
+  defined as True, it will index all changes in permissions.
 
 
 2.0.1 (2024-03-05)

diff --git a/guillotina_audit/__init__.py b/guillotina_audit/__init__.py
@@ -6,7 +6,11 @@
         "audit": {
             "provides": "guillotina_audit.interfaces.IAuditUtility",
             "factory": "guillotina_audit.utility.AuditUtility",
-            "settings": {"index_name": "audit", "save_payload": False},
+            "settings": {
+                "index_name": "audit",
+                "save_payload": False,
+                "index_permission_changes": False,
+            },
         }
     }
 }

diff --git a/guillotina_audit/subscriber.py b/guillotina_audit/subscriber.py
@@ -4,6 +4,7 @@
 from guillotina.interfaces import IObjectDuplicatedEvent
 from guillotina.interfaces import IObjectModifiedEvent
 from guillotina.interfaces import IObjectMovedEvent
+from guillotina.interfaces import IObjectPermissionsModifiedEvent
 from guillotina.interfaces import IObjectRemovedEvent
 from guillotina.interfaces import IResource
 from guillotina_audit.interfaces import IAuditUtility
@@ -35,8 +36,13 @@ async def audit_object_added(obj, event):
 )  # after indexing
 async def audit_object_modified(obj, event):
     try:
-        audit = query_utility(IAuditUtility)
-        audit.log_entry(obj, event)
+        if event.__providedBy__(IObjectPermissionsModifiedEvent) is True:
+            audit = query_utility(IAuditUtility)
+            if audit._settings.get("indexing_permission_changes", False) is True:
+                audit.log_entry(obj, event)
+        elif event.__providedBy__(IObjectModifiedEvent):
+            audit = query_utility(IAuditUtility)
+            audit.log_entry(obj, event)
     except Exception:
         logger.error("Error adding audit", exc_info=True)
 

diff --git a/guillotina_audit/tests/test_audit_basic.py b/guillotina_audit/tests/test_audit_basic.py
@@ -224,3 +224,98 @@ async def test_json_dumps(guillotina_es):
         {"datetime": datetime.now(), "date": date.today()},
         default=audit_utility._custom_serializer,
     )
+
+
+async def test_permissions_modified_without_indexing(guillotina_es):
+    response, status = await guillotina_es(
+        "POST", "/db/guillotina/@addons", data=json.dumps({"id": "audit"})
+    )
+    assert status == 200
+
+    response, status = await guillotina_es(
+        "POST",
+        "/db/guillotina/",
+        data=json.dumps({"@type": "Item", "id": "foo_item", "title": "Foo Item"}),
+    )
+    assert status == 201
+    await asyncio.sleep(2)
+    resp, status = await guillotina_es("GET", "/db/guillotina/@audit")
+    assert status == 200
+    assert len(resp["hits"]["hits"]) == 2
+
+    response, status = await guillotina_es(
+        "POST",
+        "/db/guillotina/foo_item/@sharing",
+        data=json.dumps(
+            {
+                "prinperm": [
+                    {
+                        "principal": "foobar",
+                        "permission": "guillotina.ModifyContent",
+                        "setting": "Allow",
+                    }
+                ]
+            }
+        ),
+    )
+    assert status == 200
+    await asyncio.sleep(2)
+    resp, status = await guillotina_es("GET", "/db/guillotina/@audit")
+    assert status == 200
+    # There should be the same number of documents since indexing_permission_changes is False
+    assert len(resp["hits"]["hits"]) == 2
+
+
+@pytest.mark.app_settings(
+    {
+        "load_utilities": {
+            "audit": {
+                "provides": "guillotina_audit.interfaces.IAuditUtility",
+                "factory": "guillotina_audit.utility.AuditUtility",
+                "settings": {
+                    "index_name": "audit",
+                    "save_payload": False,
+                    "index_permission_changes": True,
+                },
+            }
+        }
+    }
+)
+async def test_permissions_modified_with_indexing(guillotina_es):
+    response, status = await guillotina_es(
+        "POST", "/db/guillotina/@addons", data=json.dumps({"id": "audit"})
+    )
+    assert status == 200
+
+    response, status = await guillotina_es(
+        "POST",
+        "/db/guillotina/",
+        data=json.dumps({"@type": "Item", "id": "foo_item", "title": "Foo Item"}),
+    )
+    assert status == 201
+    await asyncio.sleep(2)
+    resp, status = await guillotina_es("GET", "/db/guillotina/@audit")
+    assert status == 200
+    assert len(resp["hits"]["hits"]) == 2
+
+    response, status = await guillotina_es(
+        "POST",
+        "/db/guillotina/foo_item/@sharing",
+        data=json.dumps(
+            {
+                "prinperm": [
+                    {
+                        "principal": "foobar",
+                        "permission": "guillotina.ModifyContent",
+                        "setting": "Allow",
+                    }
+                ]
+            }
+        ),
+    )
+    assert status == 200
+    await asyncio.sleep(2)
+    resp, status = await guillotina_es("GET", "/db/guillotina/@audit")
+    assert status == 200
+    # There should be one more document since indexing_permission_changes is True
+    assert len(resp["hits"]["hits"]) == 3