Implement user deletion
- add audit logging for user changes - refactor model errors into functions - implement user delete form and submit handlersmain
parent
db52f88e25
commit
5efc57d2c3
@ -0,0 +1,3 @@
|
|||||||
|
-- add an audit table to track changes to users
|
||||||
|
DROP INDEX audit_change_idx;
|
||||||
|
DROP TABLE audit;
|
@ -0,0 +1,18 @@
|
|||||||
|
-- add an audit table to track changes to users
|
||||||
|
CREATE TABLE audit
|
||||||
|
(
|
||||||
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||||
|
-- copied authenticated user name to keep the information when the admin is locked/deleted later
|
||||||
|
user_name VARCHAR(255) NOT NULL,
|
||||||
|
-- copied authenticated user email address to keep the information when the admin is locked/deleted later
|
||||||
|
user_address VARCHAR(255) NOT NULL,
|
||||||
|
created TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||||
|
-- an enum (in code) value to specify the action. Stored as text to be flexible for future changes
|
||||||
|
change TEXT NOT NULL,
|
||||||
|
-- reasoning for the change specified by the user
|
||||||
|
reasoning TEXT NOT NULL,
|
||||||
|
-- additional information about the change in an application specific json format
|
||||||
|
details TEXT
|
||||||
|
);
|
||||||
|
|
||||||
|
CREATE INDEX audit_change_idx ON audit (change);
|
@ -0,0 +1,67 @@
|
|||||||
|
/*
|
||||||
|
Copyright 2022 CAcert Inc.
|
||||||
|
SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package models
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/jmoiron/sqlx"
|
||||||
|
)
|
||||||
|
|
||||||
|
type AuditChange string
|
||||||
|
|
||||||
|
const (
|
||||||
|
AuditCreateUser AuditChange = "CREATE_USER"
|
||||||
|
AuditDeleteUser AuditChange = "DELETE_USER"
|
||||||
|
AuditEditUser AuditChange = "EDIT_USER"
|
||||||
|
AuditAddEmail AuditChange = "ADD_EMAIL"
|
||||||
|
AuditRemoveEmail AuditChange = "REMOVE_EMAIL"
|
||||||
|
AuditAddRole AuditChange = "ADD_ROLE"
|
||||||
|
AuditRemoveRole AuditChange = "REMOVE_ROLE"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Audit struct {
|
||||||
|
ID int64 `db:"id"`
|
||||||
|
UserName string `db:"user_name"`
|
||||||
|
UserAddress string `db:"user_address"`
|
||||||
|
Created time.Time `db:"created"`
|
||||||
|
Change *AuditChange `db:"change"`
|
||||||
|
Reasoning string `db:"reasoning"`
|
||||||
|
Details string `db:"details"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func AuditLog(ctx context.Context, tx *sqlx.Tx, user *User, change AuditChange, reasoning string, details any) error {
|
||||||
|
jsonDetails, err := json.Marshal(details)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("could not transform details to JSON: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = tx.ExecContext(
|
||||||
|
ctx,
|
||||||
|
`INSERT INTO audit (user_name, user_address, created, change, reasoning, details) VALUES (?, ?, ?, ?, ?, ?)`,
|
||||||
|
user.Name, user.Reminder, time.Now().UTC(), change, reasoning, string(jsonDetails),
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return errCouldNotExecuteQuery(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
@ -0,0 +1,30 @@
|
|||||||
|
{{ define "title" }}Delete User {{ .Form.User.Name }}{{ end }}
|
||||||
|
|
||||||
|
{{ define "main" }}
|
||||||
|
{{ $form := .Form }}
|
||||||
|
{{ $user := .User }}
|
||||||
|
<div class="ui form segment">
|
||||||
|
<div class="ui negative message">
|
||||||
|
<div class="header">
|
||||||
|
Withdraw motion?
|
||||||
|
</div>
|
||||||
|
<p>Do you want to delete user <strong>{{ .Form.User.Name }}</strong>?</p>
|
||||||
|
</div>
|
||||||
|
<form action="/users/{{ .Form.User.ID }}/delete" method="post">
|
||||||
|
<input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">
|
||||||
|
<div class="ui form{{ if .Form.FieldErrors }} error{{ end }}">
|
||||||
|
<div class="required field{{ if .Form.FieldErrors.reasoning }} error{{ end }}">
|
||||||
|
<label for="reasoning">Reasoning for the deletion</label>
|
||||||
|
<textarea id="reasoning" name="reasoning" rows="2">{{ .Form.Reasoning }}</textarea>
|
||||||
|
{{ if .Form.FieldErrors.reasoning }}
|
||||||
|
<span class="ui small error text">{{ .Form.FieldErrors.reasoning }}</span>
|
||||||
|
{{ end }}
|
||||||
|
</div>
|
||||||
|
<button class="ui negative labeled icon button" type="submit">
|
||||||
|
<i class="trash icon"></i> Delete user
|
||||||
|
</button>
|
||||||
|
<a href="/motions/" class="ui button">Cancel</a>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
{{ end }}
|
Loading…
Reference in New Issue