Merge pull request #1257 from travis-ci/bsfy-181-fix

Bsfy 181 fix
travis-ci · Dec 14, 2022 · a92e03a · a92e03a
2 parents 4d10c7f + 701db1c
commit a92e03a
Show file tree

Hide file tree

Showing 10 changed files with 99 additions and 15 deletions.
diff --git a/lib/travis/api/app/endpoint/setting_endpoint.rb b/lib/travis/api/app/endpoint/setting_endpoint.rb
@@ -2,6 +2,11 @@
 
 class Travis::Api::App
   class SettingsEndpoint < Endpoint
+    include ActiveSupport::Callbacks
+
+    define_callbacks :after_save
+
+    set_callback :after_save, :after, :save_audit
     set(:prefix) { "/settings/" << name[/[^:]+$/].underscore }
 
     class << self
@@ -38,6 +43,7 @@ def define_routes!
     # Rails style methods for easy overriding
     def index
       respond_with(collection, type: name, version: :v2)
+
     end
 
     def show
@@ -48,9 +54,12 @@ def update
       disallow_migrating!(repo)
 
       record.update(JSON.parse(request.body.read)[singular_name])
-
       if record.valid?
+        @changes = { :"env_vars" => { created: "name: #{record.name}, is_public: #{record.public}, branch: #{record.branch || 'all'} " } } if is_env_var?
+
         repo_settings.save
+        run_callbacks :after_save if is_env_var?
+
         respond_with(record, type: singular_name, version: :v2)
       else
         status 422
@@ -62,9 +71,12 @@ def create
       disallow_migrating!(repo)
 
       record = collection.create(JSON.parse(request.body.read)[singular_name])
-
       if record.valid?
+        @changes = { :"env_vars" => { created: "name: #{record.name}, is_public: #{record.public}, branch: #{record.branch || 'all'}" } } if is_env_var?
+
         repo_settings.save
+        run_callbacks :after_save if is_env_var?
+
         respond_with(record, type: singular_name, version: :v2)
       else
         status 422
@@ -76,7 +88,11 @@ def destroy
       disallow_migrating!(repo)
 
       record = collection.destroy(params[:id]) || record_not_found
+      @changes = { :"env_vars" => { destroyed: "name: #{record.name}, is_public: #{record.public}, branch: #{record.branch || 'all'} " } } if is_env_var?
+
       repo_settings.save
+      run_callbacks :after_save if is_env_var?
+
       respond_with(record, type: singular_name, version: :v2)
     end
 
@@ -89,7 +105,7 @@ def collection
     end
 
     def repo
-      Repository.find(params[:repository_id])
+      @repo = Repository.find(params[:repository_id])
     end
 
     # This method can't be called "settings" because it clashes with
@@ -107,5 +123,21 @@ def record
     def record_not_found
       halt(404, { error: "Could not find a requested setting" })
     end
+
+    def changes
+      @changes
+    end
+
+    def is_env_var?
+      singular_name == 'env_var'
+    end
+
+    private
+
+    def save_audit
+      change_source = access_token.app_id == 2 ? 'admin-v2' : 'travis-api'
+      Travis::API::V3::Models::Audit.create!(owner: current_user, change_source: change_source, source: @repo, source_changes: { settings: self.changes })
+      @changes = {}
+    end
   end
 end
diff --git a/lib/travis/api/v3/models/env_vars.rb b/lib/travis/api/v3/models/env_vars.rb
@@ -2,16 +2,24 @@
 
 module Travis::API::V3
   class Models::EnvVars < Travis::Settings::Collection
-    include Models::JsonSync
+    include Models::JsonSync, ActiveSupport::Callbacks
+    extend ActiveSupport::Concern
     model Models::EnvVar
+    define_callbacks :after_save
 
+    set_callback :after_save, :after, :save_audit
+
+    attr_accessor :user, :change_source
     # See Models::JsonSync
     def to_h
       { 'env_vars' => map(&:to_h).map(&:stringify_keys) }
     end
 
     def create(attributes)
-      super(attributes).tap { sync! }
+      @changes = { :"env_vars" => { created: "#{attributes.except("value")}" } }
+      env_var = super(attributes).tap { sync! }
+      run_callbacks :after_save
+      env_var
     end
 
     def add(env_var)
@@ -20,11 +28,28 @@ def add(env_var)
     end
 
     def destroy(id)
-      super(id).tap { sync! }
+      env_var = find(id)
+      @changes = { :"env_vars" => { deleted: "#{env_var.attributes.delete("value")}" } }
+      deleted_env_var = super(id).tap { sync! }
+      run_callbacks :after_save
+      deleted_env_var
     end
 
     def repository
       @repository ||= Models::Repository.find(additional_attributes[:repository_id])
     end
+
+    def changes
+      @changes
+    end
+
+    private
+
+    def save_audit
+      if self.change_source
+        Travis::API::V3::Models::Audit.create!(owner: self.user, change_source: self.change_source, source: self.repository, source_changes: { settings: self.changes })
+        @changes = {}
+      end
+    end
   end
 end
diff --git a/lib/travis/api/v3/queries/env_var.rb b/lib/travis/api/v3/queries/env_var.rb
@@ -6,14 +6,20 @@ def find(repository)
       repository.env_vars.find(id)
     end
 
-    def update(env_var)
+    def update(env_var, from_admin)
+      env_vars = env_var.repository.env_vars
+      env_vars.user = env_var.repository.user_settings.user
+      env_vars.change_source = 'travis-api' unless from_admin
       env_var.update(env_var_params)
-      env_var.repository.env_vars.add(env_var)
+      env_vars.add(env_var) 
       env_var
     end
 
-    def delete(repository)
-      repository.env_vars.destroy(id)
+    def delete(repository, from_admin)
+      env_vars = repository.env_vars
+      env_vars.user = repository.user_settings.user
+      env_vars.change_source = 'travis-api' unless from_admin
+      env_vars.destroy(id)
     end
   end
 end
diff --git a/lib/travis/api/v3/queries/env_vars.rb b/lib/travis/api/v3/queries/env_vars.rb
@@ -6,8 +6,11 @@ def find(repository)
       repository.env_vars
     end
 
-    def create(repository)
-      env_var = repository.env_vars.create(env_var_params)
+    def create(repository, from_admin)
+      env_vars = repository.env_vars
+      env_vars.user = repository.user_settings.user
+      env_vars.change_source = 'travis-api' unless from_admin
+      env_var = env_vars.create(env_var_params)
       unless env_var.valid?
         repository.env_vars.destroy(env_var.id)
         handle_errors(env_var)

diff --git a/lib/travis/api/v3/services/env_var/delete.rb b/lib/travis/api/v3/services/env_var/delete.rb
@@ -8,7 +8,9 @@ def run!
 
       env_var = find(:env_var, repository)
       access_control.permissions(env_var).write!
-      query.delete(repository) and deleted
+      app_id = Travis::Api::App::AccessToken.find_by_token(access_control.token).app_id
+
+      query.delete(repository, app_id == 2) and deleted
     end
   end
 end
diff --git a/lib/travis/api/v3/services/env_var/update.rb b/lib/travis/api/v3/services/env_var/update.rb
@@ -8,7 +8,9 @@ def run!
 
       env_var = find(:env_var, repository)
       access_control.permissions(env_var).write!
-      result query.update(env_var)
+      app_id = Travis::Api::App::AccessToken.find_by_token(access_control.token).app_id
+
+      result query.update(env_var, app_id == 2)
     end
   end
 end
diff --git a/lib/travis/api/v3/services/env_vars/create.rb b/lib/travis/api/v3/services/env_vars/create.rb
@@ -7,8 +7,9 @@ def run!
       repository = check_login_and_find(:repository)
       access_control.permissions(repository).create_env_var!
       return repo_migrated if migrated?(repository)
+      app_id = Travis::Api::App::AccessToken.find_by_token(access_control.token).app_id
 
-      env_var = query(:env_vars).create(repository)
+      env_var = query(:env_vars).create(repository, app_id == 2)
       result(env_var, status: 201)
     end
   end

diff --git a/spec/v3/services/env_var/delete_spec.rb b/spec/v3/services/env_var/delete_spec.rb
@@ -65,6 +65,10 @@
       example 'does not clobber other settings' do
         expect(repo.reload.settings['foo']).to eq 'bar'
       end
+      example 'audit is created' do
+        expect(Travis::API::V3::Models::Audit.last.source_id).to eq(repo.id)
+        expect(Travis::API::V3::Models::Audit.last.source_type).to eq('Repository')
+      end
     end
   end
 

diff --git a/spec/v3/services/env_var/update_spec.rb b/spec/v3/services/env_var/update_spec.rb
@@ -89,6 +89,10 @@
     example 'does not clobber other settings' do
       expect(repo.reload.settings['foo']).to eq 'bar'
     end
+    example 'audit is created' do
+      expect(Travis::API::V3::Models::Audit.last.source_id).to eq(repo.id)
+      expect(Travis::API::V3::Models::Audit.last.source_type).to eq('Repository')
+    end
   end
 
   context do

diff --git a/spec/v3/services/env_vars/create_spec.rb b/spec/v3/services/env_vars/create_spec.rb
@@ -126,6 +126,11 @@
       example 'persists repository id' do
         expect(repo.reload.settings['env_vars'].first['repository_id']).to eq repo.id
       end
+      example 'audit is created' do
+        expect(Travis::API::V3::Models::Audit.last.source_id).to eq(repo.id)
+        expect(Travis::API::V3::Models::Audit.last.source_type).to eq('Repository')
+        expect(Travis::API::V3::Models::Audit.last.source_changes).to eq({"settings"=>{"env_vars"=>{"created"=> "{\"name\"=>\"FOO\", \"public\"=>false}"}}}) 
+      end
     end
 
     describe 'public' do