listen to trash bin and group manager hooks

8 years ago · 86f12cc3e7
parent aa831252b3
commit 86f12cc3e7
10 changed files with 328 additions and 121 deletions
--- a/.gitignore
+++ b/.gitignore
@ -23,6 +23,7 @@
 !/apps/provisioning_api
 !/apps/systemtags
 !/apps/testing
+!/apps/admin_audit
 !/apps/updatenotification
 /apps/files_external/3rdparty/irodsphp/PHPUnitTest
 /apps/files_external/3rdparty/irodsphp/web
--- a/apps/admin_audit/appinfo/app.php
+++ b/apps/admin_audit/appinfo/app.php
@ -20,123 +20,8 @@
 */

 $logger = \OC::$server->getLogger();
+$userSession = \OC::$server->getUserSession();
+$groupManager = \OC::$server->getGroupManager();

-logUserManagement(
-	$logger,
-	\OC::$server->getUserSession()
-);
-logFileActions($logger);
-logAuthEvents($logger);
-logShareEvents($logger);
-
-/**
- * Logs sharing events
- *
- * @param \OCP\ILogger $logger
- */
-function logShareEvents($logger) {
-	$shareActions = new \OCA\Admin_Audit\Actions\Sharing(
-		$logger
-	);
-
-	OCP\Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
-	OCP\Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
-	OCP\Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
-	OCP\Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
-	OCP\Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
-	OCP\Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
-}
-
-/**
- * Log authentication event related actions
- *
- * @param \OCP\ILogger $logger
- */
-function logAuthEvents($logger) {
-	$authActions = new \OCA\Admin_Audit\Actions\Auth(
-		$logger
-	);
-	OCP\Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
-	OCP\Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
-	OCP\Util::connectHook('OC_User', 'logout', $authActions, 'logout');
-}
-
-/**
- * Log user management related actions
- *
- * @param \OCP\ILogger $logger
- * @param \OC\User\Session $userSession
- */
-function logUserManagement($logger, $userSession) {
-	$userActions = new \OCA\Admin_Audit\Actions\UserManagement(
-		$logger
-	);
-
-	OCP\Util::connectHook(
-		'OC_User',
-		'post_createUser',
-		$userActions,
-		'create'
-	);
-	OCP\Util::connectHook(
-		'OC_User',
-		'post_deleteUser',
-		$userActions,
-		'delete'
-	);
-	$userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
-}
-
-/**
- * Log file related actions
- *
- * @param \OCP\ILogger $logger
- */
-function logFileActions($logger) {
-	$fileActions = new \OCA\Admin_Audit\Actions\Files(
-		$logger
-	);
-
-	OCP\Util::connectHook(
-		OC\Files\Filesystem::CLASSNAME,
-		OC\Files\Filesystem::signal_post_rename,
-		$fileActions,
-		'rename'
-	);
-	OCP\Util::connectHook(
-		OC\Files\Filesystem::CLASSNAME,
-		OC\Files\Filesystem::signal_post_create,
-		$fileActions,
-		'create'
-	);
-	OCP\Util::connectHook(
-		OC\Files\Filesystem::CLASSNAME,
-		OC\Files\Filesystem::signal_post_copy,
-		$fileActions,
-		'copy'
-	);
-	OCP\Util::connectHook(
-		OC\Files\Filesystem::CLASSNAME,
-		OC\Files\Filesystem::signal_post_write,
-		$fileActions,
-		'write'
-	);
-	OCP\Util::connectHook(
-		OC\Files\Filesystem::CLASSNAME,
-		OC\Files\Filesystem::signal_post_update,
-		$fileActions,
-		'update'
-	);
-	OCP\Util::connectHook(
-		OC\Files\Filesystem::CLASSNAME,
-		OC\Files\Filesystem::signal_read,
-		$fileActions,
-		'read'
-	);
-	OCP\Util::connectHook(
-		OC\Files\Filesystem::CLASSNAME,
-		OC\Files\Filesystem::signal_delete,
-		$fileActions,
-		'delete'
-	);
-}
+$auditLogger = new \OCA\Admin_Audit\AuditLogger($logger, $userSession, $groupManager);
+$auditLogger->registerHooks();
--- a/apps/admin_audit/lib/actions/action.php
+++ b/apps/admin_audit/lib/actions/action.php
--- a/apps/admin_audit/lib/actions/auth.php
+++ b/apps/admin_audit/lib/actions/auth.php
--- a/apps/admin_audit/lib/actions/files.php
+++ b/apps/admin_audit/lib/actions/files.php
--- a/apps/admin_audit/lib/actions/groupmanagement.php
+++ b/apps/admin_audit/lib/actions/groupmanagement.php
@ -0,0 +1,73 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OCA\Admin_Audit\Actions;
+
+
+use OCA\Admin_Audit\Actions\Action;
+use OCP\IGroup;
+use OCP\IUser;
+
+/**
+ * Class GroupManagement logs all group manager related events
+ *
+ * @package OCA\Admin_Audit
+ */
+class GroupManagement extends Action {
+
+	/**
+	 * log add user to group event
+	 *
+	 * @param IGroup $group
+	 * @param IUser $user
+	 */
+	public function addUser(IGroup $group, IUser $user) {
+		$this->log('User "%s" added to group "%s"',
+			[
+				'group' => $group->getGID(),
+				'user' => $user->getUID()
+			],
+			[
+				'user', 'group'
+			]
+		);
+	}
+
+	/**
+	 * log remove user from group event
+	 *
+	 * @param IGroup $group
+	 * @param IUser $user
+	 */
+	public function removeUser(IGroup $group, IUser $user) {
+		$this->log('User "%s" removed from group "%s"',
+			[
+				'group' => $group->getGID(),
+				'user' => $user->getUID()
+			],
+			[
+				'user', 'group'
+			]
+		);
+	}
+
+}
--- a/apps/admin_audit/lib/actions/sharing.php
+++ b/apps/admin_audit/lib/actions/sharing.php
--- a/apps/admin_audit/lib/actions/trashbin.php
+++ b/apps/admin_audit/lib/actions/trashbin.php
@ -0,0 +1,69 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OCA\Admin_Audit\Actions;
+
+
+use OCP\ILogger;
+use OCP\IUserSession;
+
+class Trashbin extends Action {
+
+	/** @var IUserSession */
+	private $userSession;
+
+	/**
+	 * Trashbin constructor.
+	 *
+	 * @param ILogger $logger
+	 * @param IUserSession $userSession
+	 */
+	public function __construct(ILogger $logger, IUserSession $userSession) {
+		parent::__construct($logger);
+		$this->userSession = $userSession;
+	}
+
+	public function delete($params) {
+		$this->log('File "%s" deleted from trash bin by "%s"',
+			[
+				'path' => $params['path'],
+				'user' => $this->userSession->getUser()->getUID()
+			],
+			[
+				'path', 'user'
+			]
+		);
+	}
+
+	public function restore($params) {
+		$this->log('File "%s" restored from trash bin by "%s"',
+			[
+				'path' => $params['filePath'],
+				'user' => $this->userSession->getUser()->getUID()
+			],
+			[
+				'path', 'user'
+			]
+		);
+	}
+
+}
--- a/apps/admin_audit/lib/actions/usermanagement.php
+++ b/apps/admin_audit/lib/actions/usermanagement.php
@ -19,6 +19,7 @@
 *
 */
 namespace OCA\Admin_Audit\Actions;
+use OCP\IUser;

 /**
 * Class UserManagement logs all user management related actions.
@ -59,9 +60,9 @@ class UserManagement extends Action {
 	/**
 	 * Logs changing of the user scope
 	 *
-	 * @param \OCP\IUser $user
+	 * @param IUser $user
 	 */
-	public function setPassword(\OCP\IUser $user) {
+	public function setPassword(IUser $user) {
 		if($user->getBackendClassName() === 'Database') {
 			$this->log(
 				'Password of user "%s" has been changed',
--- a/apps/admin_audit/lib/auditlogger.php
+++ b/apps/admin_audit/lib/auditlogger.php
@ -0,0 +1,178 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OCA\Admin_Audit;
+
+
+use OC\Files\Filesystem;
+use OCA\Admin_Audit\Actions\Auth;
+use OCA\Admin_Audit\Actions\Files;
+use OCA\Admin_Audit\Actions\GroupManagement;
+use OCA\Admin_Audit\Actions\Sharing;
+use OCA\Admin_Audit\Actions\Trashbin;
+use OCA\Admin_Audit\Actions\UserManagement;
+use OCP\IGroupManager;
+use OCP\ILogger;
+use OCP\IUserSession;
+use OCP\Util;
+
+class AuditLogger {
+
+	/** @var ILogger */
+	private $logger;
+
+	/** @var IUserSession */
+	private $userSession;
+	
+	/** @var IGroupManager */
+	private $groupManager;
+
+	/**
+	 * AuditLogger constructor.
+	 *
+	 * @param ILogger $logger
+	 * @param IUserSession $userSession
+	 * @param IGroupManager $groupManager
+	 */
+	public function __construct(ILogger $logger,
+								IUserSession $userSession, 
+								IGroupManager $groupManager) {
+		$this->logger = $logger;
+		$this->userSession = $userSession;
+		$this->groupManager = $groupManager;
+	}
+
+	/**
+	 * register hooks in order to log them
+	 */
+	public function registerHooks() {
+		$this->userManagementHooks();
+		$this->groupHooks();
+		$this->sharingHooks();
+		$this->authHooks();
+		$this->fileHooks();
+		$this->trashbinHooks();
+	}
+
+	/**
+	 * connect to user management hooks
+	 */
+	private function userManagementHooks() {
+		$userActions = new UserManagement($this->logger);
+
+		Util::connectHook('OC_User', 'post_createUser',	$userActions, 'create');
+		Util::connectHook('OC_User', 'post_deleteUser',	$userActions, 'delete');
+		$this->userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
+	}
+	
+	private function groupHooks()  {
+		$groupActions = new GroupManagement($this->logger);
+		$this->groupManager->listen('\OC\Group', 'postRemoveUser',  [$groupActions, 'removeUser']);
+		$this->groupManager->listen('\OC\Group', 'postAddUser',  [$groupActions, 'addUser']);
+	}
+
+	/**
+	 * connect to sharing events
+	 */
+	private function sharingHooks() {
+		$shareActions = new Sharing($this->logger);
+
+		Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
+		Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
+		Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
+		Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
+		Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
+		Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
+	}
+
+	/**
+	 * connect to authentication event and related actions
+	 */
+	private function authHooks() {
+		$authActions = new Auth($this->logger);
+
+		Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
+		Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
+		Util::connectHook('OC_User', 'logout', $authActions, 'logout');
+	}
+
+
+	/**
+	 * connect to file hooks
+	 */
+	private function fileHooks() {
+		$fileActions = new Files($this->logger);
+
+		Util::connectHook(
+			Filesystem::CLASSNAME,
+			Filesystem::signal_post_rename,
+			$fileActions,
+			'rename'
+		);
+		Util::connectHook(
+			Filesystem::CLASSNAME,
+			Filesystem::signal_post_create,
+			$fileActions,
+			'create'
+		);
+		Util::connectHook(
+			Filesystem::CLASSNAME,
+			Filesystem::signal_post_copy,
+			$fileActions,
+			'copy'
+		);
+		Util::connectHook(
+			Filesystem::CLASSNAME,
+			Filesystem::signal_post_write,
+			$fileActions,
+			'write'
+		);
+		Util::connectHook(
+			Filesystem::CLASSNAME,
+			Filesystem::signal_post_update,
+			$fileActions,
+			'update'
+		);
+		Util::connectHook(
+			Filesystem::CLASSNAME,
+			Filesystem::signal_read,
+			$fileActions,
+			'read'
+		);
+		Util::connectHook(
+			Filesystem::CLASSNAME,
+			Filesystem::signal_delete,
+			$fileActions,
+			'delete'
+		);
+	}
+
+	/**
+	 * connect to trash bin hooks
+	 */
+	private function trashbinHooks() {
+		$trashActions = new Trashbin($this->logger, $this->userSession);
+		Util::connectHook('\OCP\Trashbin', 'preDelete', $trashActions, 'delete');
+		Util::connectHook('\OCA\Files_Trashbin\Trashbin', 'post_restore', $trashActions, 'restore');
+	}
+
+}