Commit 2b5c568d authored by Abdul Shaheed's avatar Abdul Shaheed

Enabling Audit event when default branch changes for a project

This commit adds an event in audit events table whenever a default
branch is being changed using project repository settings. Also,
added relevant section in the doc for administrating audit events.
parent 9536023b
......@@ -56,9 +56,23 @@ module Projects
raise ValidationError.new(s_('UpdateProject|Cannot rename project because it contains container registry tags!'))
end
if changing_default_branch?
raise ValidationError.new(s_("UpdateProject|Could not set the default branch")) unless project.change_head(params[:default_branch])
validate_default_branch_change
end
def validate_default_branch_change
return unless changing_default_branch?
previous_default_branch = project.default_branch
if project.change_head(params[:default_branch])
after_default_branch_change(previous_default_branch)
else
raise ValidationError.new(s_("UpdateProject|Could not set the default branch"))
end
end
def after_default_branch_change(previous_default_branch)
# overridden by EE module
end
def remove_unallowed_params
......
......@@ -101,6 +101,7 @@ From there, you can see the following actions:
- Project CI/CD variable added, removed, or protected status changed ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/30857) in GitLab 13.4)
- Project access token was successfully created or revoked ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/230007) in GitLab 13.9)
- Failed attempt to create or revoke a project access token ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/230007) in GitLab 13.9)
- When default branch changes for a project ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/52339) in GitLab 13.9)
Project events can also be accessed via the [Project Audit Events API](../api/audit_events.md#project-audit-events).
......
......@@ -48,6 +48,16 @@ module EE
private
override :after_default_branch_change
def after_default_branch_change(previous_default_branch)
::AuditEventService.new(
current_user,
project,
action: :custom,
custom_message: "Default branch changed from #{previous_default_branch} to #{project.default_branch}"
).for_project.security_event
end
# A user who changes any aspect of pull mirroring settings must be made
# into the mirror user, to prevent them from acquiring capabilities
# owned by the previous user, such as writing to a protected branch.
......
---
title: Adding audit event for default branch change
merge_request: 52339
author: Abdul Shaheed
type: other
......@@ -108,6 +108,25 @@ RSpec.describe Projects::UpdateService, '#execute' do
end
end
describe '#default_branch' do
include_examples 'audit event logging' do
let(:operation) { update_project(project, user, default_branch: 'feature') }
let(:fail_condition!) do
allow_next_instance_of(Project) do |project|
allow(project).to receive(:change_head).and_return(false)
end
end
let(:attributes) do
audit_event_params.tap do |param|
param[:details].merge!(
custom_message: "Default branch changed from master to feature"
)
end
end
end
end
describe '#visibility' do
include_examples 'audit event logging' do
let(:operation) do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment