Commit 6bcb1a03 authored by Marin Jankovski's avatar Marin Jankovski

Add removal and addition of the user to the group membership to audit events.

parent 4713fbd2
...@@ -7,7 +7,22 @@ class Groups::GroupMembersController < ApplicationController ...@@ -7,7 +7,22 @@ class Groups::GroupMembersController < ApplicationController
layout 'group' layout 'group'
def create def create
@group.add_users(params[:user_ids].split(','), params[:access_level]) access_level = params[:access_level]
user_ids = params[:user_ids].split(',')
@group.add_users(user_ids, access_level)
users = User.where(id: user_ids).pluck(:id, :name)
users.each do |user|
details = {
add: "user_access",
as: Gitlab::Access.options_with_owner.key(access_level.to_i),
target_id: user[0],
target_type: "User",
target_details: user[1],
}
AuditEventService.new(current_user, @group, details).security_event
end
redirect_to members_group_path(@group), notice: 'Users were successfully added.' redirect_to members_group_path(@group), notice: 'Users were successfully added.'
end end
...@@ -33,7 +48,18 @@ class Groups::GroupMembersController < ApplicationController ...@@ -33,7 +48,18 @@ class Groups::GroupMembersController < ApplicationController
@users_group = @group.group_members.find(params[:id]) @users_group = @group.group_members.find(params[:id])
if can?(current_user, :destroy, @users_group) # May fail if last owner. if can?(current_user, :destroy, @users_group) # May fail if last owner.
@users_group.destroy user_id = @users_group.id
user_name = @users_group.user.name
if @users_group.destroy
details = {
remove: "user_access",
target_id: user_id,
target_type: "User",
target_details: user_name,
}
AuditEventService.new(current_user, @group, details).security_event
end
respond_to do |format| respond_to do |format|
format.html { redirect_to members_group_path(@group), notice: 'User was successfully removed from group.' } format.html { redirect_to members_group_path(@group), notice: 'User was successfully removed from group.' }
format.js { render nothing: true } format.js { render nothing: true }
......
...@@ -16,12 +16,13 @@ class Projects::TeamMembersController < Projects::ApplicationController ...@@ -16,12 +16,13 @@ class Projects::TeamMembersController < Projects::ApplicationController
def create def create
users = User.where(id: params[:user_ids].split(',')) users = User.where(id: params[:user_ids].split(','))
access_level = params[:access_level]
@project.team << [users, params[:access_level]] @project.team << [users, access_level]
users.each do |user| users.each do |user|
details = { details = {
add: "user_access", add: "user_access",
as: Gitlab::Access.options_with_owner.key(access_level.to_i),
target_id: user.id, target_id: user.id,
target_type: "User", target_type: "User",
target_details: user.name, target_details: user.name,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment