better_record 0.17.9 → 0.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/models/better_record/base.rb +37 -8
- data/app/models/better_record/logged_action.rb +10 -0
- data/db/migrate/20190209033946_update_better_record_audit_functions.rb +103 -0
- data/db/postgres-audit-v2-table.psql +77 -0
- data/db/postgres-audit-v2-trigger.psql +278 -0
- data/lib/better_record/version.rb +1 -1
- metadata +5 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c07da71971172205aecfda94df6fb1ca1213d32569053fcd8892dda8a91076fa
|
4
|
+
data.tar.gz: a64508bffff376045804d34726d45bfa6a0ab80948f45198dac6a6c1a8a57d5f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b47ff7753e4775cd1d95f4741833e4719e51d0c4624d5139b68828c84c51e40eaeece53dcd60ac5052b288f83d3f6ca8689c3a7b0ca7fcdbcf0cd8ee8259d5b9
|
7
|
+
data.tar.gz: 0ccc0c6aab836bba068ba45d014555b4bb08d8cf88b27a9d673489d0c36fcd6d3f5fa016525797e6ee57c3da2b150c36663f5a2b5b450410ecb06749b11a02fb
|
@@ -14,16 +14,25 @@ module BetterRecord
|
|
14
14
|
|
15
15
|
# == Relationships ========================================================
|
16
16
|
if (ha = BetterRecord.has_auditing_relation_by_default)
|
17
|
-
has_many self.audit_relation_name,
|
18
|
-
class_name: 'BetterRecord::LoggedAction',
|
19
|
-
primary_type: :table_name,
|
20
|
-
foreign_key: :row_id,
|
21
|
-
foreign_type: :table_name,
|
22
|
-
as: self.audit_relation_name
|
23
|
-
|
24
17
|
class << self
|
25
18
|
define_method BetterRecord.audit_relation_name do |*args, &block|
|
26
|
-
|
19
|
+
@logger_model ||=
|
20
|
+
begin
|
21
|
+
connection.execute(%Q(SELECT 1 FROM #{BetterRecord::LoggedAction.table_name}_#{self.table_name} LIMIT 1))
|
22
|
+
|
23
|
+
class self.to_s.constantize::LoggedAction < BetterRecord::LoggedAction
|
24
|
+
self.table_name = "#{BetterRecord::LoggedAction.table_name}_#{self.to_s.deconstantize.constantize.table_name}"
|
25
|
+
self
|
26
|
+
end
|
27
|
+
rescue ActiveRecord::StatementInvalid
|
28
|
+
class self.to_s.constantize::LoggedAction < BetterRecord::LoggedAction
|
29
|
+
self
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
return @logger_model if args.present? && args.first == 'SETTING_INHERITANCE'
|
34
|
+
|
35
|
+
base_q = @logger_model.where(table_name: self.table_name)
|
27
36
|
base_q = base_q.where(*args) if args.present?
|
28
37
|
|
29
38
|
if block
|
@@ -37,6 +46,16 @@ module BetterRecord
|
|
37
46
|
end
|
38
47
|
end
|
39
48
|
end
|
49
|
+
|
50
|
+
def self.inherited(child)
|
51
|
+
super
|
52
|
+
TracePoint.trace(:end) do |t|
|
53
|
+
if child == t.self
|
54
|
+
child.set_audits_methods!
|
55
|
+
t.disable
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
40
59
|
end
|
41
60
|
# == Validations ==========================================================
|
42
61
|
|
@@ -47,6 +66,16 @@ module BetterRecord
|
|
47
66
|
# == Boolean Class Methods ================================================
|
48
67
|
|
49
68
|
# == Class Methods ========================================================
|
69
|
+
def self.set_audits_methods!
|
70
|
+
m = __send__ BetterRecord.audit_relation_name, 'SETTING_INHERITANCE'
|
71
|
+
self.has_many self.audit_relation_name,
|
72
|
+
class_name: m.to_s,
|
73
|
+
primary_type: :table_name,
|
74
|
+
foreign_key: :row_id,
|
75
|
+
foreign_type: :table_name,
|
76
|
+
as: self.audit_relation_name
|
77
|
+
end
|
78
|
+
|
50
79
|
def self.gender_enum(col)
|
51
80
|
enum col, BetterRecord::Gender::ENUM
|
52
81
|
end
|
@@ -8,6 +8,7 @@ module BetterRecord
|
|
8
8
|
I: 'INSERT',
|
9
9
|
U: 'UPDATE',
|
10
10
|
T: 'TRUNCATE',
|
11
|
+
A: 'ARCHIVE',
|
11
12
|
}.with_indifferent_access
|
12
13
|
|
13
14
|
# == Attributes ===========================================================
|
@@ -43,6 +44,15 @@ module BetterRecord
|
|
43
44
|
]
|
44
45
|
end
|
45
46
|
|
47
|
+
# def self.set_audits_methods!
|
48
|
+
# self.has_many self.audit_relation_name,
|
49
|
+
# class_name: 'BetterRecord::LoggedAction',
|
50
|
+
# primary_type: :table_name,
|
51
|
+
# foreign_key: :row_id,
|
52
|
+
# foreign_type: :table_name,
|
53
|
+
# as: self.audit_relation_name
|
54
|
+
# end
|
55
|
+
|
46
56
|
# == Boolean Methods ======================================================
|
47
57
|
|
48
58
|
# == Instance Methods =====================================================
|
@@ -0,0 +1,103 @@
|
|
1
|
+
class UpdateBetterRecordAuditFunctions < ActiveRecord::Migration[5.2]
|
2
|
+
def up
|
3
|
+
last_event = BetterRecord::LoggedAction.count
|
4
|
+
|
5
|
+
execute <<-SQL
|
6
|
+
ALTER TABLE #{BetterRecord.db_audit_schema}.logged_actions
|
7
|
+
RENAME TO old_logged_actions
|
8
|
+
SQL
|
9
|
+
|
10
|
+
sql = ""
|
11
|
+
source = File.new(BetterRecord::Engine.root.join('db', 'postgres-audit-v2-table.psql'), "r")
|
12
|
+
while (line = source.gets)
|
13
|
+
sql << line.gsub(/SELECTED_SCHEMA_NAME/, BetterRecord.db_audit_schema)
|
14
|
+
end
|
15
|
+
source.close
|
16
|
+
|
17
|
+
execute sql
|
18
|
+
|
19
|
+
execute <<-SQL
|
20
|
+
ALTER SEQUENCE #{BetterRecord.db_audit_schema}.logged_actions_event_id_seq START WITH #{last_event}
|
21
|
+
SQL
|
22
|
+
|
23
|
+
sql = ""
|
24
|
+
source = File.new(BetterRecord::Engine.root.join('db', 'postgres-audit-v2-trigger.psql'), "r")
|
25
|
+
while (line = source.gets)
|
26
|
+
sql << line.gsub(/SELECTED_SCHEMA_NAME/, BetterRecord.db_audit_schema)
|
27
|
+
end
|
28
|
+
source.close
|
29
|
+
|
30
|
+
execute sql
|
31
|
+
|
32
|
+
rows = execute <<-SQL
|
33
|
+
select trg.tgname,
|
34
|
+
CASE trg.tgtype::integer & 66
|
35
|
+
WHEN 2 THEN 'BEFORE'
|
36
|
+
WHEN 64 THEN 'INSTEAD OF'
|
37
|
+
ELSE 'AFTER'
|
38
|
+
end as trigger_type,
|
39
|
+
case trg.tgtype::integer & cast(28 as int2)
|
40
|
+
when 16 then 'UPDATE'
|
41
|
+
when 8 then 'DELETE'
|
42
|
+
when 4 then 'INSERT'
|
43
|
+
when 20 then 'INSERT, UPDATE'
|
44
|
+
when 28 then 'INSERT, UPDATE, DELETE'
|
45
|
+
when 24 then 'UPDATE, DELETE'
|
46
|
+
when 12 then 'INSERT, DELETE'
|
47
|
+
end as trigger_event,
|
48
|
+
tbl.relname as table_name,
|
49
|
+
obj_description(trg.oid) as remarks,
|
50
|
+
case
|
51
|
+
when trg.tgenabled='O' then 'ENABLED'
|
52
|
+
else 'DISABLED'
|
53
|
+
end as status,
|
54
|
+
case trg.tgtype::integer & 1
|
55
|
+
when 1 then 'ROW'::text
|
56
|
+
else 'STATEMENT'::text
|
57
|
+
end as trigger_level
|
58
|
+
FROM pg_trigger trg
|
59
|
+
JOIN pg_class tbl on trg.tgrelid = tbl.oid
|
60
|
+
JOIN pg_namespace ns ON ns.oid = tbl.relnamespace
|
61
|
+
WHERE trg.tgname not like 'RI_ConstraintTrigger%'
|
62
|
+
AND trg.tgname not like 'pg_sync_pg%'
|
63
|
+
SQL
|
64
|
+
|
65
|
+
rows.each do |r|
|
66
|
+
if r['tgname'].to_s =~ /audit_trigger/
|
67
|
+
execute <<-SQL
|
68
|
+
CREATE TABLE IF NOT EXISTS #{BetterRecord.db_audit_schema}.logged_actions_#{r['table_name']} (
|
69
|
+
CHECK (table_name = '#{r['table_name']}')
|
70
|
+
) INHERITS (#{BetterRecord.db_audit_schema}.logged_actions);
|
71
|
+
SQL
|
72
|
+
|
73
|
+
puts "\n\nPLEASE RECREATE ALL AUDIT TRIGGERS FOR #{r['table_name']}\n\n#{r}\n\n"
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
puts "\n\nTo insert old audits back into logged_actions run:\n\n"
|
78
|
+
|
79
|
+
puts <<-RUBY
|
80
|
+
class BetterRecord::OldLoggedAction < BetterRecord::LoggedAction
|
81
|
+
self.table_name = "#{BetterRecord.db_audit_schema}.old_logged_actions"
|
82
|
+
end
|
83
|
+
|
84
|
+
while BetterRecord::OldLoggedAction.count > 0
|
85
|
+
p BetterRecord::OldLoggedAction.count
|
86
|
+
BetterRecord::OldLoggedAction.order(:event_id).limit(100).each do |r|
|
87
|
+
klass = nil
|
88
|
+
begin
|
89
|
+
BetterRecord::LoggedAction.connection.execute(%Q(SELECT 1 FROM #{BetterRecord.db_audit_schema}.logged_actions_#\{r.table_name}))
|
90
|
+
|
91
|
+
klass = Class.new(BetterRecord::LoggedAction)
|
92
|
+
klass.table_name = "#{BetterRecord.db_audit_schema}.logged_actions_#\{r.table_name}"
|
93
|
+
rescue ActiveRecord::StatementInvalid
|
94
|
+
klass = BetterRecord::LoggedAction
|
95
|
+
end
|
96
|
+
klass.create!(r.attributes)
|
97
|
+
p klass.count
|
98
|
+
r.delete
|
99
|
+
end
|
100
|
+
end
|
101
|
+
RUBY
|
102
|
+
end
|
103
|
+
end
|
@@ -0,0 +1,77 @@
|
|
1
|
+
CREATE EXTENSION IF NOT EXISTS hstore;
|
2
|
+
|
3
|
+
CREATE SCHEMA IF NOT EXISTS SELECTED_SCHEMA_NAME;
|
4
|
+
REVOKE ALL ON SCHEMA SELECTED_SCHEMA_NAME FROM public;
|
5
|
+
|
6
|
+
COMMENT ON SCHEMA SELECTED_SCHEMA_NAME IS 'Out-of-table audit/history logging tables and trigger functions';
|
7
|
+
|
8
|
+
--
|
9
|
+
-- Audited data. Lots of information is available, it's just a matter of how much
|
10
|
+
-- you really want to record. See:
|
11
|
+
--
|
12
|
+
-- http://www.postgresql.org/docs/9.1/static/functions-info.html
|
13
|
+
--
|
14
|
+
-- Remember, every column you add takes up more audit table space and slows audit
|
15
|
+
-- inserts.
|
16
|
+
--
|
17
|
+
-- Every index you add has a big impact too, so avoid adding indexes to the
|
18
|
+
-- audit table unless you REALLY need them. The hstore GIST indexes are
|
19
|
+
-- particularly expensive.
|
20
|
+
--
|
21
|
+
-- It is sometimes worth copying the audit table, or a coarse subset of it that
|
22
|
+
-- you're interested in, into a temporary table where you CREATE any useful
|
23
|
+
-- indexes and do your analysis.
|
24
|
+
--
|
25
|
+
CREATE TABLE IF NOT EXISTS SELECTED_SCHEMA_NAME.logged_actions (
|
26
|
+
event_id bigserial primary key,
|
27
|
+
schema_name text not null,
|
28
|
+
table_name text not null,
|
29
|
+
relid oid not null,
|
30
|
+
session_user_name text,
|
31
|
+
app_user_id integer,
|
32
|
+
app_user_type text,
|
33
|
+
app_ip_address inet,
|
34
|
+
action_tstamp_tx TIMESTAMP WITH TIME ZONE NOT NULL,
|
35
|
+
action_tstamp_stm TIMESTAMP WITH TIME ZONE NOT NULL,
|
36
|
+
action_tstamp_clk TIMESTAMP WITH TIME ZONE NOT NULL,
|
37
|
+
transaction_id bigint,
|
38
|
+
application_name text,
|
39
|
+
client_addr inet,
|
40
|
+
client_port integer,
|
41
|
+
client_query text,
|
42
|
+
action TEXT NOT NULL CHECK (action IN ('I','D','U', 'T', 'A')),
|
43
|
+
row_id bigint,
|
44
|
+
row_data hstore,
|
45
|
+
changed_fields hstore,
|
46
|
+
statement_only boolean not null
|
47
|
+
);
|
48
|
+
|
49
|
+
REVOKE ALL ON SELECTED_SCHEMA_NAME.logged_actions FROM public;
|
50
|
+
|
51
|
+
COMMENT ON TABLE SELECTED_SCHEMA_NAME.logged_actions IS 'History of auditable actions on audited tables, from SELECTED_SCHEMA_NAME.if_modified_func()';
|
52
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.event_id IS 'Unique identifier for each auditable event';
|
53
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.schema_name IS 'Database schema audited table for this event is in';
|
54
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.table_name IS 'Non-schema-qualified table name of table event occured in';
|
55
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.relid IS 'Table OID. Changes with drop/create. Get with ''tablename''::regclass';
|
56
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.session_user_name IS 'Login / session user whose statement caused the audited event';
|
57
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.app_user_id IS 'Application-provided polymorphic user id';
|
58
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.app_user_type IS 'Application-provided polymorphic user type';
|
59
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.app_ip_address IS 'Application-provided ip address of user whose statement caused the audited event';
|
60
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.action_tstamp_tx IS 'Transaction start timestamp for tx in which audited event occurred';
|
61
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.action_tstamp_stm IS 'Statement start timestamp for tx in which audited event occurred';
|
62
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.action_tstamp_clk IS 'Wall clock time at which audited event''s trigger call occurred';
|
63
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.transaction_id IS 'Identifier of transaction that made the change. May wrap, but unique paired with action_tstamp_tx.';
|
64
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.client_addr IS 'IP address of client that issued query. Null for unix domain socket.';
|
65
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.client_port IS 'Remote peer IP port address of client that issued query. Undefined for unix socket.';
|
66
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.client_query IS 'Top-level query that caused this auditable event. May be more than one statement.';
|
67
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.application_name IS 'Application name set when this audit event occurred. Can be changed in-session by client.';
|
68
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.action IS 'Action type; I = insert, D = delete, U = update, T = truncate, A = archive';
|
69
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.row_id IS 'Record primary_key. Null for statement-level trigger. Prefers NEW.id if exists';
|
70
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.row_data IS 'Record value. Null for statement-level trigger. For INSERT this is the new tuple. For DELETE and UPDATE it is the old tuple.';
|
71
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.changed_fields IS 'New values of fields changed by UPDATE. Null except for row-level UPDATE events.';
|
72
|
+
COMMENT ON COLUMN SELECTED_SCHEMA_NAME.logged_actions.statement_only IS '''t'' if audit event is from an FOR EACH STATEMENT trigger, ''f'' for FOR EACH ROW';
|
73
|
+
|
74
|
+
CREATE INDEX IF NOT EXISTS logged_actions_relid_idx ON SELECTED_SCHEMA_NAME.logged_actions(relid);
|
75
|
+
CREATE INDEX IF NOT EXISTS logged_actions_action_tstamp_tx_stm_idx ON SELECTED_SCHEMA_NAME.logged_actions(action_tstamp_stm);
|
76
|
+
CREATE INDEX IF NOT EXISTS logged_actions_action_idx ON SELECTED_SCHEMA_NAME.logged_actions(action);
|
77
|
+
CREATE INDEX IF NOT EXISTS logged_actions_row_id_idx ON SELECTED_SCHEMA_NAME.logged_actions(row_id);
|
@@ -0,0 +1,278 @@
|
|
1
|
+
-- An audit history is important on most tables. Provide an audit trigger that logs to
|
2
|
+
-- a dedicated audit table for the major relations.
|
3
|
+
--
|
4
|
+
-- This file should be generic and not depend on application roles or structures,
|
5
|
+
-- as it's being listed here:
|
6
|
+
--
|
7
|
+
-- https://wiki.postgresql.org/wiki/Audit_trigger_91plus
|
8
|
+
--
|
9
|
+
-- This trigger was originally based on
|
10
|
+
-- http://wiki.postgresql.org/wiki/Audit_trigger
|
11
|
+
-- but has been completely rewritten.
|
12
|
+
--
|
13
|
+
-- Should really be converted into a relocatable EXTENSION, with control and upgrade files.
|
14
|
+
|
15
|
+
CREATE OR REPLACE FUNCTION SELECTED_SCHEMA_NAME.if_modified_func()
|
16
|
+
RETURNS TRIGGER AS
|
17
|
+
$$
|
18
|
+
DECLARE
|
19
|
+
audit_row SELECTED_SCHEMA_NAME.logged_actions;
|
20
|
+
include_values boolean;
|
21
|
+
log_diffs boolean;
|
22
|
+
h_old hstore;
|
23
|
+
h_new hstore;
|
24
|
+
user_row record;
|
25
|
+
excluded_cols text[] = ARRAY[]::text[];
|
26
|
+
pk_val_query text;
|
27
|
+
BEGIN
|
28
|
+
IF TG_WHEN <> 'AFTER' THEN
|
29
|
+
RAISE EXCEPTION 'SELECTED_SCHEMA_NAME.if_modified_func() may only run as an AFTER trigger';
|
30
|
+
END IF;
|
31
|
+
|
32
|
+
audit_row = ROW(
|
33
|
+
nextval('SELECTED_SCHEMA_NAME.logged_actions_event_id_seq'), -- event_id
|
34
|
+
TG_TABLE_SCHEMA::text, -- schema_name
|
35
|
+
TG_TABLE_NAME::text, -- table_name
|
36
|
+
TG_RELID, -- relation OID for much quicker searches
|
37
|
+
session_user::text, -- session_user_name
|
38
|
+
NULL, NULL, NULL, -- app_user_id, app_user_type, app_ip_address
|
39
|
+
current_timestamp, -- action_tstamp_tx
|
40
|
+
statement_timestamp(), -- action_tstamp_stm
|
41
|
+
clock_timestamp(), -- action_tstamp_clk
|
42
|
+
txid_current(), -- transaction ID
|
43
|
+
current_setting('application_name'), -- client application
|
44
|
+
inet_client_addr(), -- client_addr
|
45
|
+
inet_client_port(), -- client_port
|
46
|
+
current_query(), -- top-level query or queries (if multistatement) from client
|
47
|
+
substring(TG_OP,1,1), -- action
|
48
|
+
NULL, NULL, NULL, -- row_id, row_data, changed_fields
|
49
|
+
'f' -- statement_only
|
50
|
+
);
|
51
|
+
|
52
|
+
IF NOT TG_ARGV[0]::boolean IS DISTINCT FROM 'f'::boolean THEN
|
53
|
+
audit_row.client_query = NULL;
|
54
|
+
END IF;
|
55
|
+
|
56
|
+
IF ((TG_ARGV[1] IS NOT NULL) AND (TG_LEVEL = 'ROW')) THEN
|
57
|
+
pk_val_query = 'SELECT $1.' || quote_ident(TG_ARGV[1]::text);
|
58
|
+
|
59
|
+
IF (TG_OP IS DISTINCT FROM 'DELETE') THEN
|
60
|
+
EXECUTE pk_val_query INTO audit_row.row_id USING NEW;
|
61
|
+
END IF;
|
62
|
+
|
63
|
+
IF audit_row.row_id IS NULL THEN
|
64
|
+
EXECUTE pk_val_query INTO audit_row.row_id USING OLD;
|
65
|
+
END IF;
|
66
|
+
END IF;
|
67
|
+
|
68
|
+
IF TG_ARGV[2] IS NOT NULL THEN
|
69
|
+
excluded_cols = TG_ARGV[2]::text[];
|
70
|
+
END IF;
|
71
|
+
|
72
|
+
CREATE TEMP TABLE IF NOT EXISTS
|
73
|
+
"_app_user" (user_id integer, user_type text, ip_address inet);
|
74
|
+
|
75
|
+
IF (TG_OP = 'UPDATE' AND TG_LEVEL = 'ROW') THEN
|
76
|
+
audit_row.row_data = hstore(OLD.*) - excluded_cols;
|
77
|
+
audit_row.changed_fields = (hstore(NEW.*) - audit_row.row_data) - excluded_cols;
|
78
|
+
IF audit_row.changed_fields = hstore('') THEN
|
79
|
+
-- All changed fields are ignored. Skip this update.
|
80
|
+
RETURN NULL;
|
81
|
+
END IF;
|
82
|
+
ELSIF (TG_OP = 'DELETE' AND TG_LEVEL = 'ROW') THEN
|
83
|
+
audit_row.row_data = hstore(OLD.*) - excluded_cols;
|
84
|
+
ELSIF (TG_OP = 'INSERT' AND TG_LEVEL = 'ROW') THEN
|
85
|
+
audit_row.row_data = hstore(NEW.*) - excluded_cols;
|
86
|
+
ELSIF (TG_LEVEL = 'STATEMENT' AND TG_OP IN ('INSERT','UPDATE','DELETE','TRUNCATE')) THEN
|
87
|
+
audit_row.statement_only = 't';
|
88
|
+
ELSE
|
89
|
+
RAISE EXCEPTION '[SELECTED_SCHEMA_NAME.if_modified_func] - Trigger func added as trigger for unhandled case: %, %',TG_OP, TG_LEVEL;
|
90
|
+
RETURN NULL;
|
91
|
+
END IF;
|
92
|
+
|
93
|
+
-- inject app_user data into audit
|
94
|
+
BEGIN
|
95
|
+
PERFORM
|
96
|
+
n.nspname, c.relname
|
97
|
+
FROM
|
98
|
+
pg_catalog.pg_class c
|
99
|
+
LEFT JOIN
|
100
|
+
pg_catalog.pg_namespace n
|
101
|
+
ON n.oid = c.relnamespace
|
102
|
+
WHERE
|
103
|
+
n.nspname like 'pg_temp_%'
|
104
|
+
AND
|
105
|
+
c.relname = '_app_user';
|
106
|
+
|
107
|
+
IF FOUND THEN
|
108
|
+
FOR user_row IN SELECT * FROM _app_user LIMIT 1 LOOP
|
109
|
+
audit_row.app_user_id = user_row.user_id;
|
110
|
+
audit_row.app_user_type = user_row.user_type;
|
111
|
+
audit_row.app_ip_address = user_row.ip_address;
|
112
|
+
END LOOP;
|
113
|
+
END IF;
|
114
|
+
END;
|
115
|
+
-- end app_user data
|
116
|
+
|
117
|
+
EXECUTE 'CREATE TABLE IF NOT EXISTS SELECTED_SCHEMA_NAME.logged_actions_' || quote_ident(TG_TABLE_NAME::TEXT) || '(
|
118
|
+
CHECK (table_name = ' || quote_literal(TG_TABLE_NAME::TEXT) || ')
|
119
|
+
) INHERITS (SELECTED_SCHEMA_NAME.logged_actions)';
|
120
|
+
|
121
|
+
EXECUTE 'INSERT INTO SELECTED_SCHEMA_NAME.logged_actions_' || quote_ident(TG_TABLE_NAME::TEXT) || ' VALUES ($1.*)' USING audit_row;
|
122
|
+
RETURN NULL;
|
123
|
+
END;
|
124
|
+
$$
|
125
|
+
LANGUAGE plpgsql
|
126
|
+
SECURITY DEFINER
|
127
|
+
SET search_path = pg_catalog, public;
|
128
|
+
|
129
|
+
|
130
|
+
COMMENT ON FUNCTION SELECTED_SCHEMA_NAME.if_modified_func() IS
|
131
|
+
$$
|
132
|
+
Track changes to a table at the statement and/or row level.
|
133
|
+
|
134
|
+
Optional parameters to trigger in CREATE TRIGGER call:
|
135
|
+
|
136
|
+
param 0: boolean, whether to log the query text. Default 't'.
|
137
|
+
|
138
|
+
param 1: text, primary_key_column of audited table if bigint.
|
139
|
+
|
140
|
+
param 2: text[], columns to ignore in updates. Default [].
|
141
|
+
|
142
|
+
Updates to ignored cols are omitted from changed_fields.
|
143
|
+
|
144
|
+
Updates with only ignored cols changed are not inserted
|
145
|
+
into the audit log.
|
146
|
+
|
147
|
+
Almost all the processing work is still done for updates
|
148
|
+
that ignored. If you need to save the load, you need to use
|
149
|
+
WHEN clause on the trigger instead.
|
150
|
+
|
151
|
+
No warning or error is issued if ignored_cols contains columns
|
152
|
+
that do not exist in the target table. This lets you specify
|
153
|
+
a standard set of ignored columns.
|
154
|
+
|
155
|
+
There is no parameter to disable logging of values. Add this trigger as
|
156
|
+
a 'FOR EACH STATEMENT' rather than 'FOR EACH ROW' trigger if you do not
|
157
|
+
want to log row values.
|
158
|
+
|
159
|
+
Note that the user name logged is the login role for the session. The audit trigger
|
160
|
+
cannot obtain the active role because it is reset by the SECURITY DEFINER invocation
|
161
|
+
of the audit trigger its self.
|
162
|
+
$$;
|
163
|
+
|
164
|
+
|
165
|
+
CREATE OR REPLACE FUNCTION SELECTED_SCHEMA_NAME.get_primary_key_column(target_table text)
|
166
|
+
RETURNS text AS
|
167
|
+
$$
|
168
|
+
DECLARE
|
169
|
+
_pk_query_text text;
|
170
|
+
_pk_column_name text;
|
171
|
+
BEGIN
|
172
|
+
_pk_query_text = 'SELECT a.attname ' ||
|
173
|
+
'FROM pg_index i ' ||
|
174
|
+
'JOIN pg_attribute a ON a.attrelid = i.indrelid ' ||
|
175
|
+
' AND a.attnum = ANY(i.indkey) ' ||
|
176
|
+
'WHERE i.indrelid = ' || quote_literal(target_table::TEXT) || '::regclass ' ||
|
177
|
+
'AND i.indisprimary ' ||
|
178
|
+
'AND format_type(a.atttypid, a.atttypmod) = ' || quote_literal('bigint'::TEXT) ||
|
179
|
+
'LIMIT 1';
|
180
|
+
|
181
|
+
EXECUTE _pk_query_text INTO _pk_column_name;
|
182
|
+
raise notice 'Value %', _pk_column_name;
|
183
|
+
return _pk_column_name;
|
184
|
+
END;
|
185
|
+
$$
|
186
|
+
LANGUAGE plpgsql;
|
187
|
+
|
188
|
+
COMMENT ON FUNCTION SELECTED_SCHEMA_NAME.get_primary_key_column(text) IS
|
189
|
+
$$
|
190
|
+
Get primary key column name if single PK and type bigint.
|
191
|
+
|
192
|
+
Arguments:
|
193
|
+
target_table: Table name, schema qualified if not on search_path
|
194
|
+
$$;
|
195
|
+
|
196
|
+
CREATE OR REPLACE FUNCTION SELECTED_SCHEMA_NAME.audit_table(target_table regclass, audit_rows boolean, audit_query_text boolean, ignored_cols text[])
|
197
|
+
RETURNS void AS
|
198
|
+
$$
|
199
|
+
DECLARE
|
200
|
+
stm_targets text = 'INSERT OR UPDATE OR DELETE OR TRUNCATE';
|
201
|
+
_q_txt text;
|
202
|
+
_pk_column_name text;
|
203
|
+
_pk_column_snip text;
|
204
|
+
_ignored_cols_snip text = '';
|
205
|
+
BEGIN
|
206
|
+
EXECUTE 'DROP TRIGGER IF EXISTS audit_trigger_row ON ' || quote_ident(target_table::TEXT);
|
207
|
+
EXECUTE 'DROP TRIGGER IF EXISTS audit_trigger_stm ON ' || quote_ident(target_table::TEXT);
|
208
|
+
|
209
|
+
EXECUTE 'CREATE TABLE IF NOT EXISTS SELECTED_SCHEMA_NAME.logged_actions_' || quote_ident(target_table::TEXT) || '(
|
210
|
+
CHECK (table_name = ' || quote_literal(target_table::TEXT) || ')
|
211
|
+
) INHERITS (SELECTED_SCHEMA_NAME.logged_actions)';
|
212
|
+
|
213
|
+
IF audit_rows THEN
|
214
|
+
_pk_column_name = SELECTED_SCHEMA_NAME.get_primary_key_column(target_table::TEXT);
|
215
|
+
|
216
|
+
IF _pk_column_name IS NOT NULL THEN
|
217
|
+
_pk_column_snip = ', ' || quote_literal(_pk_column_name);
|
218
|
+
ELSE
|
219
|
+
_pk_column_snip = ', NULL';
|
220
|
+
END IF;
|
221
|
+
|
222
|
+
IF array_length(ignored_cols,1) > 0 THEN
|
223
|
+
_ignored_cols_snip = ', ' || quote_literal(ignored_cols);
|
224
|
+
END IF;
|
225
|
+
_q_txt = 'CREATE TRIGGER audit_trigger_row AFTER INSERT OR UPDATE OR DELETE ON ' ||
|
226
|
+
quote_ident(target_table::TEXT) ||
|
227
|
+
' FOR EACH ROW EXECUTE PROCEDURE SELECTED_SCHEMA_NAME.if_modified_func(' ||
|
228
|
+
quote_literal(audit_query_text) || _pk_column_snip || _ignored_cols_snip || ');';
|
229
|
+
RAISE NOTICE '%',_q_txt;
|
230
|
+
EXECUTE _q_txt;
|
231
|
+
stm_targets = 'TRUNCATE';
|
232
|
+
ELSE
|
233
|
+
END IF;
|
234
|
+
|
235
|
+
_q_txt = 'CREATE TRIGGER audit_trigger_stm AFTER ' || stm_targets || ' ON ' ||
|
236
|
+
target_table ||
|
237
|
+
' FOR EACH STATEMENT EXECUTE PROCEDURE SELECTED_SCHEMA_NAME.if_modified_func('||
|
238
|
+
quote_literal(audit_query_text) || ');';
|
239
|
+
RAISE NOTICE '%',_q_txt;
|
240
|
+
EXECUTE _q_txt;
|
241
|
+
|
242
|
+
END;
|
243
|
+
$$
|
244
|
+
LANGUAGE plpgsql;
|
245
|
+
|
246
|
+
COMMENT ON FUNCTION SELECTED_SCHEMA_NAME.audit_table(regclass, boolean, boolean, text[]) IS
|
247
|
+
$$
|
248
|
+
Add auditing support to a table.
|
249
|
+
|
250
|
+
Arguments:
|
251
|
+
target_table: Table name, schema qualified if not on search_path
|
252
|
+
audit_rows: Record each row change, or only audit at a statement level
|
253
|
+
audit_query_text: Record the text of the client query that triggered the audit event?
|
254
|
+
ignored_cols: Columns to exclude from update diffs, ignore updates that change only ignored cols.
|
255
|
+
$$;
|
256
|
+
|
257
|
+
-- Pg doesn't allow variadic calls with 0 params, so provide a wrapper
|
258
|
+
CREATE OR REPLACE FUNCTION SELECTED_SCHEMA_NAME.audit_table(target_table regclass, audit_rows boolean, audit_query_text boolean)
|
259
|
+
RETURNS void AS
|
260
|
+
$$
|
261
|
+
SELECT SELECTED_SCHEMA_NAME.audit_table($1, $2, $3, ARRAY[]::text[]);
|
262
|
+
$$
|
263
|
+
LANGUAGE SQL;
|
264
|
+
|
265
|
+
-- And provide a convenience call wrapper for the simplest case
|
266
|
+
-- of row-level logging with no excluded cols and query logging enabled.
|
267
|
+
--
|
268
|
+
CREATE OR REPLACE FUNCTION SELECTED_SCHEMA_NAME.audit_table(target_table regclass)
|
269
|
+
RETURNS void AS
|
270
|
+
$$
|
271
|
+
SELECT SELECTED_SCHEMA_NAME.audit_table($1, BOOLEAN 't', BOOLEAN 't');
|
272
|
+
$$
|
273
|
+
LANGUAGE SQL;
|
274
|
+
|
275
|
+
COMMENT ON FUNCTION SELECTED_SCHEMA_NAME.audit_table(regclass) IS
|
276
|
+
$$
|
277
|
+
Add auditing support to the given table. Row-level changes will be logged with full client query text. No cols are ignored.
|
278
|
+
$$;
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: better_record
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.18.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sampson Crowley
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-02-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -270,7 +270,10 @@ files:
|
|
270
270
|
- db/migrate/20181228204403_create_better_record_attachment_validations.rb
|
271
271
|
- db/migrate/20190107202602_add_updated_at_to_better_record_table_sizes.rb
|
272
272
|
- db/migrate/20190123225641_add_exchange_rate_integer_type.rb
|
273
|
+
- db/migrate/20190209033946_update_better_record_audit_functions.rb
|
273
274
|
- db/postgres-audit-trigger.psql
|
275
|
+
- db/postgres-audit-v2-table.psql
|
276
|
+
- db/postgres-audit-v2-trigger.psql
|
274
277
|
- lib/better_record.rb
|
275
278
|
- lib/better_record/batches.rb
|
276
279
|
- lib/better_record/concerns/active_record_extensions/associations_extensions/association_scope_extensions.rb
|