Add removal and addition of the user to the group membership to audit events.

6bcb1a03 · Marin Jankovski · 4713fbd2 · 6bcb1a03 · 6bcb1a03
Commit 6bcb1a03 authored Nov 21, 2014 by Marin Jankovski
Showing with 31 additions and 4 deletions

app/controllers/groups/group_members_controller.rb app/controllers/groups/group_members_controller.rb +28 -2

app/controllers/projects/team_members_controller.rb app/controllers/projects/team_members_controller.rb +3 -2

No files found.
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -7,7 +7,22 @@ class Groups::GroupMembersController < ApplicationController
  layout 'group'

  def create
-    @group.add_users(params[:user_ids].split(','), params[:access_level])
+    access_level = params[:access_level]
+    user_ids = params[:user_ids].split(',')
+
+    @group.add_users(user_ids, access_level)
+
+    users = User.where(id: user_ids).pluck(:id, :name)
+    users.each do |user|
+      details = {
+        add: "user_access",
+        as: Gitlab::Access.options_with_owner.key(access_level.to_i),
+        target_id: user[0],
+        target_type: "User",
+        target_details: user[1],
+      }
+      AuditEventService.new(current_user, @group, details).security_event
+    end

    redirect_to members_group_path(@group), notice: 'Users were successfully added.'
  end
@@ -33,7 +48,18 @@ class Groups::GroupMembersController < ApplicationController
    @users_group = @group.group_members.find(params[:id])

    if can?(current_user, :destroy, @users_group)  # May fail if last owner.
-      @users_group.destroy
+      user_id = @users_group.id
+      user_name = @users_group.user.name
+      if @users_group.destroy
+        details = {
+          remove: "user_access",
+          target_id: user_id,
+          target_type: "User",
+          target_details: user_name,
+        }
+        AuditEventService.new(current_user, @group, details).security_event
+      end
+
      respond_to do |format|
        format.html { redirect_to members_group_path(@group), notice: 'User was  successfully removed from group.' }
        format.js { render nothing: true }

--- a/app/controllers/projects/team_members_controller.rb
+++ b/app/controllers/projects/team_members_controller.rb
@@ -16,12 +16,13 @@ class Projects::TeamMembersController < Projects::ApplicationController

  def create
    users = User.where(id: params[:user_ids].split(','))
-
-    @project.team << [users, params[:access_level]]
+    access_level = params[:access_level]
+    @project.team << [users, access_level]

    users.each do |user|
      details = {
        add: "user_access",
+        as: Gitlab::Access.options_with_owner.key(access_level.to_i),
        target_id: user.id,
        target_type: "User",
        target_details: user.name,