Implement user deletion
- add audit logging for user changes - refactor model errors into functions - implement user delete form and submit handlersmain
parent
db52f88e25
commit
5efc57d2c3
@ -0,0 +1,3 @@
|
||||
-- add an audit table to track changes to users
|
||||
DROP INDEX audit_change_idx;
|
||||
DROP TABLE audit;
|
@ -0,0 +1,18 @@
|
||||
-- add an audit table to track changes to users
|
||||
CREATE TABLE audit
|
||||
(
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
-- copied authenticated user name to keep the information when the admin is locked/deleted later
|
||||
user_name VARCHAR(255) NOT NULL,
|
||||
-- copied authenticated user email address to keep the information when the admin is locked/deleted later
|
||||
user_address VARCHAR(255) NOT NULL,
|
||||
created TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||
-- an enum (in code) value to specify the action. Stored as text to be flexible for future changes
|
||||
change TEXT NOT NULL,
|
||||
-- reasoning for the change specified by the user
|
||||
reasoning TEXT NOT NULL,
|
||||
-- additional information about the change in an application specific json format
|
||||
details TEXT
|
||||
);
|
||||
|
||||
CREATE INDEX audit_change_idx ON audit (change);
|
@ -0,0 +1,67 @@
|
||||
/*
|
||||
Copyright 2022 CAcert Inc.
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package models
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/jmoiron/sqlx"
|
||||
)
|
||||
|
||||
type AuditChange string
|
||||
|
||||
const (
|
||||
AuditCreateUser AuditChange = "CREATE_USER"
|
||||
AuditDeleteUser AuditChange = "DELETE_USER"
|
||||
AuditEditUser AuditChange = "EDIT_USER"
|
||||
AuditAddEmail AuditChange = "ADD_EMAIL"
|
||||
AuditRemoveEmail AuditChange = "REMOVE_EMAIL"
|
||||
AuditAddRole AuditChange = "ADD_ROLE"
|
||||
AuditRemoveRole AuditChange = "REMOVE_ROLE"
|
||||
)
|
||||
|
||||
type Audit struct {
|
||||
ID int64 `db:"id"`
|
||||
UserName string `db:"user_name"`
|
||||
UserAddress string `db:"user_address"`
|
||||
Created time.Time `db:"created"`
|
||||
Change *AuditChange `db:"change"`
|
||||
Reasoning string `db:"reasoning"`
|
||||
Details string `db:"details"`
|
||||
}
|
||||
|
||||
func AuditLog(ctx context.Context, tx *sqlx.Tx, user *User, change AuditChange, reasoning string, details any) error {
|
||||
jsonDetails, err := json.Marshal(details)
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not transform details to JSON: %w", err)
|
||||
}
|
||||
|
||||
_, err = tx.ExecContext(
|
||||
ctx,
|
||||
`INSERT INTO audit (user_name, user_address, created, change, reasoning, details) VALUES (?, ?, ?, ?, ?, ?)`,
|
||||
user.Name, user.Reminder, time.Now().UTC(), change, reasoning, string(jsonDetails),
|
||||
)
|
||||
if err != nil {
|
||||
return errCouldNotExecuteQuery(err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
@ -0,0 +1,30 @@
|
||||
{{ define "title" }}Delete User {{ .Form.User.Name }}{{ end }}
|
||||
|
||||
{{ define "main" }}
|
||||
{{ $form := .Form }}
|
||||
{{ $user := .User }}
|
||||
<div class="ui form segment">
|
||||
<div class="ui negative message">
|
||||
<div class="header">
|
||||
Withdraw motion?
|
||||
</div>
|
||||
<p>Do you want to delete user <strong>{{ .Form.User.Name }}</strong>?</p>
|
||||
</div>
|
||||
<form action="/users/{{ .Form.User.ID }}/delete" method="post">
|
||||
<input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">
|
||||
<div class="ui form{{ if .Form.FieldErrors }} error{{ end }}">
|
||||
<div class="required field{{ if .Form.FieldErrors.reasoning }} error{{ end }}">
|
||||
<label for="reasoning">Reasoning for the deletion</label>
|
||||
<textarea id="reasoning" name="reasoning" rows="2">{{ .Form.Reasoning }}</textarea>
|
||||
{{ if .Form.FieldErrors.reasoning }}
|
||||
<span class="ui small error text">{{ .Form.FieldErrors.reasoning }}</span>
|
||||
{{ end }}
|
||||
</div>
|
||||
<button class="ui negative labeled icon button" type="submit">
|
||||
<i class="trash icon"></i> Delete user
|
||||
</button>
|
||||
<a href="/motions/" class="ui button">Cancel</a>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
{{ end }}
|
Loading…
Reference in New Issue