Commit 7c09d37c authored by Tan Le's avatar Tan Le Committed by James Lopez

Verify no audit event is logged when not licensed

If logging related features are not enabled, no audit event is
logged. The change in the shared_examples also extends this test for
other clients of `AuditEventService` in additions to Users services.
parent 0a8d441b
...@@ -13,31 +13,47 @@ describe Users::BlockService do ...@@ -13,31 +13,47 @@ describe Users::BlockService do
subject(:operation) { service.execute(user) } subject(:operation) { service.execute(user) }
describe 'audit events' do describe 'audit events' do
before do context 'when licensed' do
stub_licensed_features(admin_audit_log: true) before do
end stub_licensed_features(admin_audit_log: true)
end
context 'when user block operation succeeds' do
it 'logs an audit event' do
expect { operation }.to change { AuditEvent.count }.by(1)
end
context 'when user block operation succeeds' do it 'logs the audit event info' do
it 'logs an audit event' do operation
expect { operation }.to change { AuditEvent.count }.by(1)
expect(AuditEvent.last).to have_attributes(
details: hash_including(custom_message: 'Blocked user')
)
end
end end
it 'logs the audit event info' do context 'when user block operation fails' do
operation before do
allow(user).to receive(:block).and_return(false)
end
expect(AuditEvent.last).to have_attributes( it 'does not log any audit event' do
details: hash_including(custom_message: 'Blocked user') expect { operation }.not_to change { AuditEvent.count }
) end
end end
end end
context 'when user block operation fails' do context 'when not licensed' do
before do before do
allow(user).to receive(:block).and_return(false) stub_licensed_features(
admin_audit_log: false,
audit_events: false,
extended_audit_events: false
)
end end
it 'does not log any audit event' do it 'does not log any audit event' do
expect { operation }.not_to change { AuditEvent.count } expect { operation }.not_to change(AuditEvent, :count)
end end
end end
end end
......
...@@ -15,36 +15,38 @@ describe Users::CreateService do ...@@ -15,36 +15,38 @@ describe Users::CreateService do
subject(:service) { described_class.new(current_user, params) } subject(:service) { described_class.new(current_user, params) }
context 'audit events' do describe '#execute' do
let(:operation) { service.execute } let(:operation) { service.execute }
include_examples 'audit event logging' do context 'audit events' do
let(:fail_condition!) do include_examples 'audit event logging' do
expect_any_instance_of(User) let(:fail_condition!) do
.to receive(:save).and_return(false) expect_any_instance_of(User)
.to receive(:save).and_return(false)
end
let(:attributes) do
{
author_id: current_user.id,
entity_id: @resource.id,
entity_type: 'User',
details: {
add: 'user',
author_name: current_user.name,
target_id: @resource.full_path,
target_type: 'User',
target_details: @resource.full_path
}
}
end
end end
let(:attributes) do context 'when audit is not required' do
{ let(:current_user) { nil }
author_id: current_user.id,
entity_id: @resource.id,
entity_type: 'User',
details: {
add: 'user',
author_name: current_user.name,
target_id: @resource.full_path,
target_type: 'User',
target_details: @resource.full_path
}
}
end
end
context 'when audit is not required' do
let(:current_user) { nil }
it 'does not log audit event' do it 'does not log any audit event' do
expect { operation }.not_to change(AuditEvent, :count) expect { operation }.not_to change(AuditEvent, :count)
end
end end
end end
end end
......
...@@ -4,85 +4,108 @@ require 'spec_helper' ...@@ -4,85 +4,108 @@ require 'spec_helper'
describe Users::DestroyService do describe Users::DestroyService do
let(:current_user) { create(:admin) } let(:current_user) { create(:admin) }
let(:user) { create(:user) }
subject(:service) { described_class.new(current_user) } subject(:service) { described_class.new(current_user) }
it 'returns result' do describe '#execute' do
allow(user).to receive(:destroy).and_return(user) let(:user) { create(:user) }
expect(service.execute(user)).to eq(user) subject(:operation) { service.execute(user) }
end
context 'when project is a mirror' do
it 'assigns mirror_user to a project owner' do
mirror_user = create(:user)
project = create(:project, :mirror, mirror_user_id: mirror_user.id)
new_mirror_user = project.team.owners.first
expect_any_instance_of(EE::NotificationService).to receive(:project_mirror_user_changed).with(new_mirror_user, mirror_user.name, project) it 'returns result' do
allow(user).to receive(:destroy).and_return(user)
expect do expect(operation).to eq(user)
described_class.new(mirror_user).execute(mirror_user)
end.to change { project.reload.mirror_user }.from(mirror_user).to(new_mirror_user)
end end
end
describe 'audit events' do context 'when project is a mirror' do
before do let(:project) { create(:project, :mirror, mirror_user_id: user.id) }
stub_licensed_features(admin_audit_log: true)
end
context 'soft delete' do it 'assigns mirror_user to a project owner' do
let(:hard_delete) { false } new_mirror_user = project.team.owners.first
context 'when user destroy operation succeeds' do expect_any_instance_of(EE::NotificationService)
it 'logs audit events for ghost user migration and destroy operation' do .to receive(:project_mirror_user_changed)
service.execute(user, hard_delete: hard_delete) .with(new_mirror_user, user.name, project)
expect(AuditEvent.last(3)).to contain_exactly( expect { operation }.to change { project.reload.mirror_user }
have_attributes(details: hash_including(change: 'email address')), .from(user).to(new_mirror_user)
have_attributes(details: hash_including(change: 'username')),
have_attributes(details: hash_including(remove: 'user'))
)
end
end end
end
context 'when user destroy operation fails' do describe 'audit events' do
context 'when licensed' do
before do before do
allow(user).to receive(:destroy).and_return(false) stub_licensed_features(admin_audit_log: true)
end end
it 'logs audit events for ghost user migration operation' do context 'soft delete' do
service.execute(user, hard_delete: hard_delete) let(:hard_delete) { false }
expect(AuditEvent.last(2)).to contain_exactly( context 'when user destroy operation succeeds' do
have_attributes(details: hash_including(change: 'email address')), it 'logs audit events for ghost user migration and destroy operation' do
have_attributes(details: hash_including(change: 'username')) service.execute(user, hard_delete: hard_delete)
)
expect(AuditEvent.last(3)).to contain_exactly(
have_attributes(details: hash_including(change: 'email address')),
have_attributes(details: hash_including(change: 'username')),
have_attributes(details: hash_including(remove: 'user'))
)
end
end
context 'when user destroy operation fails' do
before do
allow(user).to receive(:destroy).and_return(false)
end
it 'logs audit events for ghost user migration operation' do
service.execute(user, hard_delete: hard_delete)
expect(AuditEvent.last(2)).to contain_exactly(
have_attributes(details: hash_including(change: 'email address')),
have_attributes(details: hash_including(change: 'username'))
)
end
end
end end
end
end
context 'hard delete' do context 'hard delete' do
let(:hard_delete) { true } let(:hard_delete) { true }
context 'when user destroy operation succeeds' do context 'when user destroy operation succeeds' do
it 'logs audit events for destroy operation' do it 'logs audit events for destroy operation' do
service.execute(user, hard_delete: hard_delete) service.execute(user, hard_delete: hard_delete)
expect(AuditEvent.last) expect(AuditEvent.last)
.to have_attributes(details: hash_including(remove: 'user')) .to have_attributes(details: hash_including(remove: 'user'))
end
end
context 'when user destroy operation fails' do
before do
allow(user).to receive(:destroy).and_return(false)
end
it 'does not log any audit event' do
expect { service.execute(user, hard_delete: hard_delete) }
.not_to change { AuditEvent.count }
end
end
end end
end end
context 'when user destroy operation fails' do context 'when not licensed' do
before do before do
allow(user).to receive(:destroy).and_return(false) stub_licensed_features(
admin_audit_log: false,
audit_events: false,
extended_audit_events: false
)
end end
it 'does not log any audit event' do it 'does not log any audit event' do
expect { service.execute(user, hard_delete: hard_delete) } expect { service.execute(user) }
.not_to change { AuditEvent.count } .not_to change { AuditEvent.count }
end end
end end
......
# frozen_string_literal: true # frozen_string_literal: true
RSpec.shared_examples 'audit event logging' do RSpec.shared_examples 'audit event logging' do
before do context 'when licensed' do
stub_licensed_features(extended_audit_events: true) before do
end stub_licensed_features(extended_audit_events: true)
end
context 'when operation succeeds' do
it 'logs an audit event' do
expect { operation }.to change(AuditEvent, :count).by(1)
end
context 'when operation succeeds' do it 'logs the audit event info' do
it 'logs an audit event' do @resource = operation
expect { operation }.to change(AuditEvent, :count).by(1)
expect(AuditEvent.last).to have_attributes(attributes)
end
end end
it 'logs the audit event info' do it 'does not log audit event if operation fails' do
@resource = operation fail_condition!
expect(AuditEvent.last).to have_attributes(attributes) expect { operation }.not_to change(AuditEvent, :count)
end end
end end
it 'does not log audit event if operation fails' do context 'when not licensed' do
fail_condition! before do
stub_licensed_features(
admin_audit_log: false,
audit_events: false,
extended_audit_events: false
)
end
expect { operation }.not_to change(AuditEvent, :count) it 'does not log audit event' do
expect { operation }.not_to change(AuditEvent, :count)
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment