summaryrefslogtreecommitdiffstats
path: root/apps/admin_audit
diff options
context:
space:
mode:
authorBjoern Schiessle <bjoern@schiessle.org>2016-06-09 18:03:31 +0200
committerLukas Reschke <lukas@owncloud.com>2016-06-10 15:38:57 +0200
commit86f12cc3e75e8d08985b7ec7bd2d1a8b91070df1 (patch)
tree6c04a949730973e9f7ca8a6f09fb94f8f7859057 /apps/admin_audit
parentaa831252b333c3fbd9ac580f9c584831f5a11f9d (diff)
downloadnextcloud-server-86f12cc3e75e8d08985b7ec7bd2d1a8b91070df1.tar.gz
nextcloud-server-86f12cc3e75e8d08985b7ec7bd2d1a8b91070df1.zip
listen to trash bin and group manager hooks
Diffstat (limited to 'apps/admin_audit')
-rw-r--r--apps/admin_audit/appinfo/app.php123
-rw-r--r--apps/admin_audit/lib/actions/action.php (renamed from apps/admin_audit/actions/action.php)0
-rw-r--r--apps/admin_audit/lib/actions/auth.php (renamed from apps/admin_audit/actions/auth.php)0
-rw-r--r--apps/admin_audit/lib/actions/files.php (renamed from apps/admin_audit/actions/files.php)0
-rw-r--r--apps/admin_audit/lib/actions/groupmanagement.php73
-rw-r--r--apps/admin_audit/lib/actions/sharing.php (renamed from apps/admin_audit/actions/sharing.php)0
-rw-r--r--apps/admin_audit/lib/actions/trashbin.php69
-rw-r--r--apps/admin_audit/lib/actions/usermanagement.php (renamed from apps/admin_audit/actions/usermanagement.php)5
-rw-r--r--apps/admin_audit/lib/auditlogger.php178
9 files changed, 327 insertions, 121 deletions
diff --git a/apps/admin_audit/appinfo/app.php b/apps/admin_audit/appinfo/app.php
index 4418ada2ed0..ea5fb0286bf 100644
--- a/apps/admin_audit/appinfo/app.php
+++ b/apps/admin_audit/appinfo/app.php
@@ -20,123 +20,8 @@
*/
$logger = \OC::$server->getLogger();
+$userSession = \OC::$server->getUserSession();
+$groupManager = \OC::$server->getGroupManager();
-logUserManagement(
- $logger,
- \OC::$server->getUserSession()
-);
-logFileActions($logger);
-logAuthEvents($logger);
-logShareEvents($logger);
-
-/**
- * Logs sharing events
- *
- * @param \OCP\ILogger $logger
- */
-function logShareEvents($logger) {
- $shareActions = new \OCA\Admin_Audit\Actions\Sharing(
- $logger
- );
-
- OCP\Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
- OCP\Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
- OCP\Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
- OCP\Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
- OCP\Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
- OCP\Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
-}
-
-/**
- * Log authentication event related actions
- *
- * @param \OCP\ILogger $logger
- */
-function logAuthEvents($logger) {
- $authActions = new \OCA\Admin_Audit\Actions\Auth(
- $logger
- );
- OCP\Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
- OCP\Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
- OCP\Util::connectHook('OC_User', 'logout', $authActions, 'logout');
-}
-
-/**
- * Log user management related actions
- *
- * @param \OCP\ILogger $logger
- * @param \OC\User\Session $userSession
- */
-function logUserManagement($logger, $userSession) {
- $userActions = new \OCA\Admin_Audit\Actions\UserManagement(
- $logger
- );
-
- OCP\Util::connectHook(
- 'OC_User',
- 'post_createUser',
- $userActions,
- 'create'
- );
- OCP\Util::connectHook(
- 'OC_User',
- 'post_deleteUser',
- $userActions,
- 'delete'
- );
- $userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
-}
-
-/**
- * Log file related actions
- *
- * @param \OCP\ILogger $logger
- */
-function logFileActions($logger) {
- $fileActions = new \OCA\Admin_Audit\Actions\Files(
- $logger
- );
-
- OCP\Util::connectHook(
- OC\Files\Filesystem::CLASSNAME,
- OC\Files\Filesystem::signal_post_rename,
- $fileActions,
- 'rename'
- );
- OCP\Util::connectHook(
- OC\Files\Filesystem::CLASSNAME,
- OC\Files\Filesystem::signal_post_create,
- $fileActions,
- 'create'
- );
- OCP\Util::connectHook(
- OC\Files\Filesystem::CLASSNAME,
- OC\Files\Filesystem::signal_post_copy,
- $fileActions,
- 'copy'
- );
- OCP\Util::connectHook(
- OC\Files\Filesystem::CLASSNAME,
- OC\Files\Filesystem::signal_post_write,
- $fileActions,
- 'write'
- );
- OCP\Util::connectHook(
- OC\Files\Filesystem::CLASSNAME,
- OC\Files\Filesystem::signal_post_update,
- $fileActions,
- 'update'
- );
- OCP\Util::connectHook(
- OC\Files\Filesystem::CLASSNAME,
- OC\Files\Filesystem::signal_read,
- $fileActions,
- 'read'
- );
- OCP\Util::connectHook(
- OC\Files\Filesystem::CLASSNAME,
- OC\Files\Filesystem::signal_delete,
- $fileActions,
- 'delete'
- );
-}
+$auditLogger = new \OCA\Admin_Audit\AuditLogger($logger, $userSession, $groupManager);
+$auditLogger->registerHooks();
diff --git a/apps/admin_audit/actions/action.php b/apps/admin_audit/lib/actions/action.php
index 6aafacc6189..6aafacc6189 100644
--- a/apps/admin_audit/actions/action.php
+++ b/apps/admin_audit/lib/actions/action.php
diff --git a/apps/admin_audit/actions/auth.php b/apps/admin_audit/lib/actions/auth.php
index 4061ca89c4b..4061ca89c4b 100644
--- a/apps/admin_audit/actions/auth.php
+++ b/apps/admin_audit/lib/actions/auth.php
diff --git a/apps/admin_audit/actions/files.php b/apps/admin_audit/lib/actions/files.php
index 46da0ade6bb..46da0ade6bb 100644
--- a/apps/admin_audit/actions/files.php
+++ b/apps/admin_audit/lib/actions/files.php
diff --git a/apps/admin_audit/lib/actions/groupmanagement.php b/apps/admin_audit/lib/actions/groupmanagement.php
new file mode 100644
index 00000000000..4ece8994f39
--- /dev/null
+++ b/apps/admin_audit/lib/actions/groupmanagement.php
@@ -0,0 +1,73 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OCA\Admin_Audit\Actions;
+
+
+use OCA\Admin_Audit\Actions\Action;
+use OCP\IGroup;
+use OCP\IUser;
+
+/**
+ * Class GroupManagement logs all group manager related events
+ *
+ * @package OCA\Admin_Audit
+ */
+class GroupManagement extends Action {
+
+ /**
+ * log add user to group event
+ *
+ * @param IGroup $group
+ * @param IUser $user
+ */
+ public function addUser(IGroup $group, IUser $user) {
+ $this->log('User "%s" added to group "%s"',
+ [
+ 'group' => $group->getGID(),
+ 'user' => $user->getUID()
+ ],
+ [
+ 'user', 'group'
+ ]
+ );
+ }
+
+ /**
+ * log remove user from group event
+ *
+ * @param IGroup $group
+ * @param IUser $user
+ */
+ public function removeUser(IGroup $group, IUser $user) {
+ $this->log('User "%s" removed from group "%s"',
+ [
+ 'group' => $group->getGID(),
+ 'user' => $user->getUID()
+ ],
+ [
+ 'user', 'group'
+ ]
+ );
+ }
+
+}
diff --git a/apps/admin_audit/actions/sharing.php b/apps/admin_audit/lib/actions/sharing.php
index 5f263748465..5f263748465 100644
--- a/apps/admin_audit/actions/sharing.php
+++ b/apps/admin_audit/lib/actions/sharing.php
diff --git a/apps/admin_audit/lib/actions/trashbin.php b/apps/admin_audit/lib/actions/trashbin.php
new file mode 100644
index 00000000000..2cd3189d064
--- /dev/null
+++ b/apps/admin_audit/lib/actions/trashbin.php
@@ -0,0 +1,69 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OCA\Admin_Audit\Actions;
+
+
+use OCP\ILogger;
+use OCP\IUserSession;
+
+class Trashbin extends Action {
+
+ /** @var IUserSession */
+ private $userSession;
+
+ /**
+ * Trashbin constructor.
+ *
+ * @param ILogger $logger
+ * @param IUserSession $userSession
+ */
+ public function __construct(ILogger $logger, IUserSession $userSession) {
+ parent::__construct($logger);
+ $this->userSession = $userSession;
+ }
+
+ public function delete($params) {
+ $this->log('File "%s" deleted from trash bin by "%s"',
+ [
+ 'path' => $params['path'],
+ 'user' => $this->userSession->getUser()->getUID()
+ ],
+ [
+ 'path', 'user'
+ ]
+ );
+ }
+
+ public function restore($params) {
+ $this->log('File "%s" restored from trash bin by "%s"',
+ [
+ 'path' => $params['filePath'],
+ 'user' => $this->userSession->getUser()->getUID()
+ ],
+ [
+ 'path', 'user'
+ ]
+ );
+ }
+
+}
diff --git a/apps/admin_audit/actions/usermanagement.php b/apps/admin_audit/lib/actions/usermanagement.php
index be8b4a86027..5005d150961 100644
--- a/apps/admin_audit/actions/usermanagement.php
+++ b/apps/admin_audit/lib/actions/usermanagement.php
@@ -19,6 +19,7 @@
*
*/
namespace OCA\Admin_Audit\Actions;
+use OCP\IUser;
/**
* Class UserManagement logs all user management related actions.
@@ -59,9 +60,9 @@ class UserManagement extends Action {
/**
* Logs changing of the user scope
*
- * @param \OCP\IUser $user
+ * @param IUser $user
*/
- public function setPassword(\OCP\IUser $user) {
+ public function setPassword(IUser $user) {
if($user->getBackendClassName() === 'Database') {
$this->log(
'Password of user "%s" has been changed',
diff --git a/apps/admin_audit/lib/auditlogger.php b/apps/admin_audit/lib/auditlogger.php
new file mode 100644
index 00000000000..e3cfd42f5d0
--- /dev/null
+++ b/apps/admin_audit/lib/auditlogger.php
@@ -0,0 +1,178 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OCA\Admin_Audit;
+
+
+use OC\Files\Filesystem;
+use OCA\Admin_Audit\Actions\Auth;
+use OCA\Admin_Audit\Actions\Files;
+use OCA\Admin_Audit\Actions\GroupManagement;
+use OCA\Admin_Audit\Actions\Sharing;
+use OCA\Admin_Audit\Actions\Trashbin;
+use OCA\Admin_Audit\Actions\UserManagement;
+use OCP\IGroupManager;
+use OCP\ILogger;
+use OCP\IUserSession;
+use OCP\Util;
+
+class AuditLogger {
+
+ /** @var ILogger */
+ private $logger;
+
+ /** @var IUserSession */
+ private $userSession;
+
+ /** @var IGroupManager */
+ private $groupManager;
+
+ /**
+ * AuditLogger constructor.
+ *
+ * @param ILogger $logger
+ * @param IUserSession $userSession
+ * @param IGroupManager $groupManager
+ */
+ public function __construct(ILogger $logger,
+ IUserSession $userSession,
+ IGroupManager $groupManager) {
+ $this->logger = $logger;
+ $this->userSession = $userSession;
+ $this->groupManager = $groupManager;
+ }
+
+ /**
+ * register hooks in order to log them
+ */
+ public function registerHooks() {
+ $this->userManagementHooks();
+ $this->groupHooks();
+ $this->sharingHooks();
+ $this->authHooks();
+ $this->fileHooks();
+ $this->trashbinHooks();
+ }
+
+ /**
+ * connect to user management hooks
+ */
+ private function userManagementHooks() {
+ $userActions = new UserManagement($this->logger);
+
+ Util::connectHook('OC_User', 'post_createUser', $userActions, 'create');
+ Util::connectHook('OC_User', 'post_deleteUser', $userActions, 'delete');
+ $this->userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
+ }
+
+ private function groupHooks() {
+ $groupActions = new GroupManagement($this->logger);
+ $this->groupManager->listen('\OC\Group', 'postRemoveUser', [$groupActions, 'removeUser']);
+ $this->groupManager->listen('\OC\Group', 'postAddUser', [$groupActions, 'addUser']);
+ }
+
+ /**
+ * connect to sharing events
+ */
+ private function sharingHooks() {
+ $shareActions = new Sharing($this->logger);
+
+ Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
+ Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
+ Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
+ Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
+ Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
+ Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
+ }
+
+ /**
+ * connect to authentication event and related actions
+ */
+ private function authHooks() {
+ $authActions = new Auth($this->logger);
+
+ Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
+ Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
+ Util::connectHook('OC_User', 'logout', $authActions, 'logout');
+ }
+
+
+ /**
+ * connect to file hooks
+ */
+ private function fileHooks() {
+ $fileActions = new Files($this->logger);
+
+ Util::connectHook(
+ Filesystem::CLASSNAME,
+ Filesystem::signal_post_rename,
+ $fileActions,
+ 'rename'
+ );
+ Util::connectHook(
+ Filesystem::CLASSNAME,
+ Filesystem::signal_post_create,
+ $fileActions,
+ 'create'
+ );
+ Util::connectHook(
+ Filesystem::CLASSNAME,
+ Filesystem::signal_post_copy,
+ $fileActions,
+ 'copy'
+ );
+ Util::connectHook(
+ Filesystem::CLASSNAME,
+ Filesystem::signal_post_write,
+ $fileActions,
+ 'write'
+ );
+ Util::connectHook(
+ Filesystem::CLASSNAME,
+ Filesystem::signal_post_update,
+ $fileActions,
+ 'update'
+ );
+ Util::connectHook(
+ Filesystem::CLASSNAME,
+ Filesystem::signal_read,
+ $fileActions,
+ 'read'
+ );
+ Util::connectHook(
+ Filesystem::CLASSNAME,
+ Filesystem::signal_delete,
+ $fileActions,
+ 'delete'
+ );
+ }
+
+ /**
+ * connect to trash bin hooks
+ */
+ private function trashbinHooks() {
+ $trashActions = new Trashbin($this->logger, $this->userSession);
+ Util::connectHook('\OCP\Trashbin', 'preDelete', $trashActions, 'delete');
+ Util::connectHook('\OCA\Files_Trashbin\Trashbin', 'post_restore', $trashActions, 'restore');
+ }
+
+}