Flagsmith · riceyrice · Oct 18, 2023 · Oct 18, 2023 · Oct 18, 2023 · Oct 18, 2023
@@ -924,7 +924,6 @@
 AUTH_CONTROLLER_INSTALLED = importlib.util.find_spec("auth_controller") is not None
 if AUTH_CONTROLLER_INSTALLED:
     INSTALLED_APPS.append("auth_controller")
-    AUTHENTICATION_BACKENDS.insert(0, "auth_controller.backends.AuthControllerBackend")
 
 IS_RBAC_INSTALLED = importlib.util.find_spec("rbac") is not None
 if IS_RBAC_INSTALLED:

@@ -1 +0,0 @@
-default_app_config = "audit.apps.AuditConfig"

@@ -1,9 +1,8 @@
-from __future__ import unicode_literals
-
 from django.apps import AppConfig
 
 
 class AuditConfig(AppConfig):
+    default = True
     name = "audit"
 
     def ready(self):

@@ -1,3 +1,11 @@
+# generic/default audit messages
+
+CREATED_MESSAGE = "New {model_name} created: {identity}"
+DELETED_MESSAGE = "{model_name} deleted: {identity}"
+UPDATED_MESSAGE = "{model_name} {field} {action}: {identity}"
+
+# specific audit messages
+
 FEATURE_CREATED_MESSAGE = "New Flag / Remote Config created: %s"
 FEATURE_DELETED_MESSAGE = "Flag / Remote Config Deleted: %s"
 FEATURE_UPDATED_MESSAGE = "Flag / Remote Config updated: %s"

@@ -0,0 +1,20 @@
+# Generated by Django 3.2.23 on 2023-12-14 15:15
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('organisations', '0049_subscription_billing_status'),
+        ('audit', '0013_allow_manual_override_of_created_date'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='auditlog',
+            name='_organisation',
+            field=models.ForeignKey(db_column='organisation', null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='audit_logs', to='organisations.organisation'),
+        ),
+    ]
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.23 on 2023-12-14 15:15
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('audit', '0014_auditlog__organisation'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='auditlog',
+            name='ip_address',
+            field=models.GenericIPAddressField(blank=True, null=True),
+        ),
+    ]
@@ -15,6 +15,7 @@
 
 from api_keys.models import MasterAPIKey
 from audit.related_object_type import RelatedObjectType
+from organisations.models import Organisation
 from projects.models import Project
 
 RELATED_OBJECT_TYPES = ((tag.name, tag.value) for tag in RelatedObjectType)
@@ -23,15 +24,26 @@
 class AuditLog(LifecycleModel):
     created_date = models.DateTimeField("DateCreated")
 
+    # TODO #2797: data migrate missing organisation values and rename this
+    _organisation = models.ForeignKey(
+        Organisation,
+        db_column="organisation",
+        related_name="audit_logs",
+        null=True,
+        on_delete=models.DO_NOTHING,
+    )
+    _organisation_id: int | None
     project = models.ForeignKey(
         Project, related_name="audit_logs", null=True, on_delete=models.DO_NOTHING
     )
+    project_id: int | None
     environment = models.ForeignKey(
         "environments.Environment",
         related_name="audit_logs",
         null=True,
         on_delete=models.DO_NOTHING,
     )
+    environment_id: int | None
 
     log = models.TextField()
     author = models.ForeignKey(
@@ -41,6 +53,8 @@ class AuditLog(LifecycleModel):
         blank=True,
         on_delete=models.SET_NULL,
     )
+    author_id: int | None
+    ip_address = models.GenericIPAddressField(null=True, blank=True)
     master_api_key = models.ForeignKey(
         MasterAPIKey,
         related_name="audit_logs",
@@ -68,6 +82,28 @@ class Meta:
         verbose_name_plural = "Audit Logs"
         ordering = ("-created_date",)
 
+    # TODO #2797: data migrate missing organisation values and remove these
+
+    @property
+    def organisation(self) -> Organisation | None:
+        return self._organisation or (
+            self.project.organisation if self.project else None
+        )
+
+    @organisation.setter
+    def organisation(self, value):
+        self._organisation = value
+
+    @property
+    def organisation_id(self) -> int | None:
+        return self._organisation_id or (
+            self.project.organisation_id if self.project else None
+        )
+
+    @organisation_id.setter
+    def organisation_id(self, value):
+        self._organisation_id = value
+
     @property
     def environment_document_updated(self) -> bool:
         if self.related_object_type == RelatedObjectType.CHANGE_REQUEST.name:
@@ -107,9 +143,12 @@ def get_history_record_model_class(
         return getattr(module, class_name)
 
     @hook(BEFORE_CREATE)
-    def add_project(self):
-        if self.environment and self.project is None:
-            self.project = self.environment.project
+    def add_project_organisation(self):
+        """Ensure dependent fields are present"""
+        if self.project_id is None and self.environment:
+            self.project_id = self.environment.project_id
+        if self.organisation_id is None and self.project:
+            self.organisation_id = self.project.organisation_id
 
     @hook(BEFORE_CREATE)
     def add_created_date(self) -> None:
@@ -126,6 +165,10 @@ def process_environment_update(self):
         from environments.models import Environment
         from environments.tasks import process_environment_update
 
+        # Some logs do not relate to projects/environments
+        if not self.project:
+            return
+
         environments_filter = Q()
         if self.environment_id:
             environments_filter = Q(id=self.environment_id)

@@ -2,10 +2,16 @@
 
 
 class RelatedObjectType(enum.Enum):
+    CHANGE_REQUEST = "Change request"
+    EDGE_IDENTITY = "Edge identity"
+    ENVIRONMENT = "Environment"
     FEATURE = "Feature"
     FEATURE_STATE = "Feature state"
-    SEGMENT = "Segment"
-    ENVIRONMENT = "Environment"
-    CHANGE_REQUEST = "Change request"
-    EDGE_IDENTITY = "Edge Identity"
+    GRANT = "Grant"
+    GROUP = "Group"
     IMPORT_REQUEST = "Import request"
+    PROJECT = "Project"
+    ROLE = "Role"
+    SEGMENT = "Segment"
+    USER = "User"
+    USER_MFA_METHOD = "User MFA method"
@@ -5,12 +5,14 @@
 
 from audit.models import AuditLog
 from environments.serializers import EnvironmentSerializerLight
+from organisations.serializers import OrganisationSerializerBasic
 from projects.serializers import ProjectListSerializer
 from users.serializers import UserListSerializer
 
 
 class AuditLogListSerializer(serializers.ModelSerializer):
     author = UserListSerializer()
+    organisation = OrganisationSerializerBasic()
     environment = EnvironmentSerializerLight()
     project = ProjectListSerializer()
 
@@ -21,6 +23,7 @@ class Meta:
             "created_date",
             "log",
             "author",
+            "organisation",
             "environment",
             "project",
             "related_object_id",
@@ -83,6 +86,7 @@ def get_change_type(self, instance: AuditLog) -> str:
 
 
 class AuditLogsQueryParamSerializer(serializers.Serializer):
+    organisation = serializers.IntegerField(required=False)
     project = serializers.IntegerField(required=False)
     environments = serializers.ListField(
         child=serializers.IntegerField(min_value=0), required=False

@@ -17,26 +17,20 @@
 
 
 @receiver(post_save, sender=AuditLog)
-def call_webhooks(sender, instance, **kwargs):
+def call_webhooks(sender, instance: AuditLog, **kwargs):
     if settings.DISABLE_WEBHOOKS:
         return
 
-    if not (instance.project_id or instance.environment_id):
-        logger.warning("Audit log without project or environment. Not sending webhook.")
+    if not (organisation := instance.organisation):
+        logger.warning("Audit log without organisation. Not sending webhook.")
         return
 
-    organisation_id = (
-        instance.project.organisation_id
-        if instance.project
-        else instance.environment.project.organisation_id
-    )
-
     if OrganisationWebhook.objects.filter(
-        organisation_id=organisation_id, enabled=True
+        organisation=organisation, enabled=True
     ).exists():
         data = AuditLogListSerializer(instance=instance).data
         call_organisation_webhooks.delay(
-            args=(organisation_id, data, WebhookEventType.AUDIT_LOG_CREATED.value)
+            args=(organisation.id, data, WebhookEventType.AUDIT_LOG_CREATED.value)
         )