Commit a9c7bda8 authored by Ash McKenzie's avatar Ash McKenzie

Merge branch 'ce-port-315-log-impersonation-actions-in-audit-log' into 'master'

CE Port: Log impersonation actions in audit log

See merge request gitlab-org/gitlab-ce!31039
parents 825e5c2c 3c9d75e0
......@@ -39,7 +39,7 @@ class Admin::UsersController < Admin::ApplicationController
warden.set_user(user, scope: :user)
Gitlab::AppLogger.info(_("User %{current_user_username} has started impersonating %{username}") % { current_user_username: current_user.username, username: user.username })
log_impersonation_event
flash[:alert] = _("You are now impersonating %{username}") % { username: user.username }
......@@ -236,4 +236,8 @@ class Admin::UsersController < Admin::ApplicationController
def check_impersonation_availability
access_denied! unless Gitlab.config.gitlab.impersonation_enabled
end
def log_impersonation_event
Gitlab::AppLogger.info(_("User %{current_user_username} has started impersonating %{username}") % { current_user_username: current_user.username, username: user.username })
end
end
......@@ -499,9 +499,7 @@ class ApplicationController < ActionController::Base
end
def stop_impersonation
impersonated_user = current_user
Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}")
log_impersonation_event
warden.set_user(impersonator, scope: :user)
session[:impersonator_id] = nil
......@@ -509,6 +507,14 @@ class ApplicationController < ActionController::Base
impersonated_user
end
def impersonated_user
current_user
end
def log_impersonation_event
Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}")
end
def impersonator
@impersonator ||= User.find(session[:impersonator_id]) if session[:impersonator_id]
end
......
......@@ -94,6 +94,7 @@ recorded:
- Changed password
- Ask for password reset
- Grant OAuth access
- Started/stopped user impersonation
It is possible to filter particular actions by choosing an audit data type from
the filter drop-down. You can further filter by specific group, project or user
......
......@@ -279,6 +279,12 @@ describe Admin::UsersController do
expect(warden.user).to eq(user)
end
it 'logs the beginning of the impersonation event' do
expect(Gitlab::AppLogger).to receive(:info).with("User #{admin.username} has started impersonating #{user.username}").and_call_original
post :impersonate, params: { id: user.username }
end
it "redirects to root" do
post :impersonate, params: { id: user.username }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment