Move EE-specific methods to separate file

AuditEventService has some EE-only methods, so move them to a separate file. For logging events, user events are always allowed, since they are in CE too. When Admin Audit Log is enabled, there is also some more details logged.

Move EE-specific methods to separate file
AuditEventService has some EE-only methods, so move them to a separate file. For logging events, user events are always allowed, since they are in CE too. When Admin Audit Log is enabled, there is also some more details logged.
32db5174 · Toon Claes · d73d4a91 · 32db5174 · 32db5174 · 32db5174
Commit 32db5174 authored Jul 12, 2017 by Toon Claes
3 changed files
--- a/app/services/audit_event_service.rb
+++ b/app/services/audit_event_service.rb
 class AuditEventService
+  prepend EE::AuditEventService
+
  def initialize(author, entity, details = {})
    @author, @entity, @details = author, entity, details
  end

-  def for_member(member)
-    action = @details[:action]
-    old_access_level = @details[:old_access_level]
-    author_name = @author.name
-    user_id = member.id
-    user_name = member.user ? member.user.name : 'Deleted User'
-
-    @details =
-      case action
-      when :destroy
-        {
-          remove: "user_access",
-          author_name: author_name,
-          target_id: user_id,
-          target_type: "User",
-          target_details: user_name
-        }
-      when :create
-        {
-          add: "user_access",
-          as: Gitlab::Access.options_with_owner.key(member.access_level.to_i),
-          author_name: author_name,
-          target_id: user_id,
-          target_type: "User",
-          target_details: user_name
-        }
-      when :update, :override
-        {
-          change: "access_level",
-          from: old_access_level,
-          to: member.human_access,
-          author_name: author_name,
-          target_id: user_id,
-          target_type: "User",
-          target_details: user_name
-        }
-      end
-
-    self
-  end
-
-  def for_deploy_key(key_title)
-    action = @details[:action]
-    author_name = @author.name
-
-    @details =
-      case action
-      when :destroy
-        {
-          remove: "deploy_key",
-          author_name: author_name,
-          target_id: key_title,
-          target_type: "DeployKey",
-          target_details: key_title
-        }
-      when :create
-        {
-          add: "deploy_key",
-          author_name: author_name,
-          target_id: key_title,
-          target_type: "DeployKey",
-          target_details: key_title
-        }
-      end
-
-    self
-  end
-
  def for_authentication
    @details = {
      with: @details[:with],
@@ -83,19 +17,11 @@ class AuditEventService
  end

  def security_event
-    return unless audit_events_enabled?
-
    SecurityEvent.create(
      author_id: @author.id,
      entity_id: @entity.id,
      entity_type: @entity.class.name,
-      details: @details.merge(ip_address: @author.current_sign_in_ip,
-                              entity_path: @entity.full_path)
+      details: @details
    )
  end
-
-  def audit_events_enabled?
-    (@entity.respond_to?(:feature_available?) && @entity.feature_available?(:audit_events)) ||
-      License.feature_available?(:admin_audit_log)
-  end
 end
--- a/app/services/ee/audit_event_service.rb
+++ b/app/services/ee/audit_event_service.rb
+module EE
+  module AuditEventService
+    def for_member(member)
+      action = @details[:action]
+      old_access_level = @details[:old_access_level]
+      author_name = @author.name
+      user_id = member.id
+      user_name = member.user ? member.user.name : 'Deleted User'
+
+      @details =
+        case action
+        when :destroy
+          {
+            remove: "user_access",
+            author_name: author_name,
+            target_id: user_id,
+            target_type: "User",
+            target_details: user_name
+          }
+        when :create
+          {
+            add: "user_access",
+            as: ::Gitlab::Access.options_with_owner.key(member.access_level.to_i),
+            author_name: author_name,
+            target_id: user_id,
+            target_type: "User",
+            target_details: user_name
+          }
+        when :update, :override
+          {
+            change: "access_level",
+            from: old_access_level,
+            to: member.human_access,
+            author_name: author_name,
+            target_id: user_id,
+            target_type: "User",
+            target_details: user_name
+          }
+        end
+
+      self
+    end
+
+    def for_deploy_key(key_title)
+      action = @details[:action]
+      author_name = @author.name
+
+      @details =
+        case action
+        when :destroy
+          {
+            remove: "deploy_key",
+            author_name: author_name,
+            target_id: key_title,
+            target_type: "DeployKey",
+            target_details: key_title
+          }
+        when :create
+          {
+            add: "deploy_key",
+            author_name: author_name,
+            target_id: key_title,
+            target_type: "DeployKey",
+            target_details: key_title
+          }
+        end
+
+      self
+    end
+
+    def security_event
+      if admin_audit_log_enabled?
+        add_security_event_admin_details!
+
+        return super
+      end
+
+      super if audit_events_enabled?
+    end
+
+    def add_security_event_admin_details!
+      @details.merge!(ip_address: @author.current_sign_in_ip,
+                      entity_path: @entity.full_path)
+    end
+
+    def audit_events_enabled?
+      return true unless @entity.respond_to?(:feature_available?)
+
+      @entity.feature_available?(:audit_events)
+    end
+
+    def admin_audit_log_enabled?
+      License.feature_available?(:admin_audit_log)
+    end
+  end
+end
--- a/spec/services/audit_event_service_spec.rb
+++ b/spec/services/audit_event_service_spec.rb
@@ -24,9 +24,15 @@ describe AuditEventService, services: true do
      expect(event[:details][:ip_address]).to eq(user.current_sign_in_ip)
    end

-    it 'has the entity full path' do
-      event = service.for_member(project_member).security_event
-      expect(event[:details][:entity_path]).to eq(project.full_path)
+    context 'admin audit log licensed' do
+      before do
+        stub_licensed_features(admin_audit_log: true)
+      end
+
+      it 'has the entity full path' do
+        event = service.for_member(project_member).security_event
+        expect(event[:details][:entity_path]).to eq(project.full_path)
+      end
    end
  end

@@ -55,19 +61,13 @@ describe AuditEventService, services: true do
      let(:service) { described_class.new(user, project, { action: :destroy }) }

      it 'returns false when project is unlicensed' do
-        stub_licensed_features(audit_events: false, admin_audit_log: false)
+        stub_licensed_features(audit_events: false)

        expect(service.audit_events_enabled?).to be_falsy
      end

      it 'returns true when project is licensed' do
-        stub_licensed_features(audit_events: true, admin_audit_log: false)
-
-        expect(service.audit_events_enabled?).to be_truthy
-      end
-
-      it 'returns true when admin audit log is licensed' do
-        stub_licensed_features(audit_events: false, admin_audit_log: true)
+        stub_licensed_features(audit_events: true)

        expect(service.audit_events_enabled?).to be_truthy
      end
@@ -78,19 +78,13 @@ describe AuditEventService, services: true do
      let(:service) { described_class.new(user, group, { action: :destroy }) }

      it 'returns false when group is unlicensed' do
-        stub_licensed_features(audit_events: false, admin_audit_log: false)
+        stub_licensed_features(audit_events: false)

        expect(service.audit_events_enabled?).to be_falsy
      end

      it 'returns true when group is licensed' do
-        stub_licensed_features(audit_events: true, admin_audit_log: false)
-
-        expect(service.audit_events_enabled?).to be_truthy
-      end
-
-      it 'returns true when admin audit log is licensed' do
-        stub_licensed_features(audit_events: false, admin_audit_log: true)
+        stub_licensed_features(audit_events: true)

        expect(service.audit_events_enabled?).to be_truthy
      end
@@ -99,15 +93,9 @@ describe AuditEventService, services: true do
    context 'entity is a user' do
      let(:service) { described_class.new(user, user, { action: :destroy }) }

-      it 'returns false when admin audit log is unlicensed' do
+      it 'returns true when unlicensed' do
        stub_licensed_features(audit_events: false, admin_audit_log: false)

-        expect(service.audit_events_enabled?).to be_falsy
-      end
-
-      it 'returns true when admin audit log is licensed' do
-        stub_licensed_features(audit_events: false, admin_audit_log: true)
-
        expect(service.audit_events_enabled?).to be_truthy
      end
    end