tangledwires-audited 6.0.0

data/lib/audited/auditor.rb

@@ -0,0 +1,564 @@
+# frozen_string_literal: true
+
+module Audited
+  # Specify this act if you want changes to your model to be saved in an
+  # audit table.  This assumes there is an audits table ready.
+  #
+  #   class User < ActiveRecord::Base
+  #     audited
+  #   end
+  #
+  # To store an audit comment set model.audit_comment to your comment before
+  # a create, update or destroy operation.
+  #
+  # See <tt>Audited::Auditor::ClassMethods#audited</tt>
+  # for configuration options
+  module Auditor # :nodoc:
+    extend ActiveSupport::Concern
+
+    CALLBACKS = [:audit_create, :audit_update, :audit_destroy]
+
+    module ClassMethods
+      # == Configuration options
+      #
+      #
+      # * +only+ - Only audit the given attributes
+      # * +except+ - Excludes fields from being saved in the audit log.
+      #   By default, Audited will audit all but these fields:
+      #
+      #     [self.primary_key, inheritance_column, 'lock_version', 'created_at', 'updated_at']
+      #   You can add to those by passing one or an array of fields to skip.
+      #
+      #     class User < ActiveRecord::Base
+      #       audited except: :password
+      #     end
+      #
+      # * +require_comment+ - Ensures that audit_comment is supplied before
+      #   any create, update or destroy operation.
+      # * +max_audits+ - Limits the number of stored audits.
+
+      # * +redacted+ - Changes to these fields will be logged, but the values
+      #   will not. This is useful, for example, if you wish to audit when a
+      #   password is changed, without saving the actual password in the log.
+      #   To store values as something other than '[REDACTED]', pass an argument
+      #   to the redaction_value option.
+      #
+      #     class User < ActiveRecord::Base
+      #       audited redacted: :password, redaction_value: SecureRandom.uuid
+      #     end
+      #
+      # * +if+ - Only audit the model when the given function returns true
+      # * +unless+ - Only audit the model when the given function returns false
+      #
+      #     class User < ActiveRecord::Base
+      #       audited :if => :active?
+      #
+      #       def active?
+      #         self.status == 'active'
+      #       end
+      #     end
+      #
+      def audited(options = {})
+        audited? ? update_audited_options(options) : set_audit(options)
+      end
+
+      private
+
+      def audited?
+        included_modules.include?(Audited::Auditor::AuditedInstanceMethods)
+      end
+
+      def set_audit(options)
+        extend Audited::Auditor::AuditedClassMethods
+        include Audited::Auditor::AuditedInstanceMethods
+
+        class_attribute :audit_associated_with, instance_writer: false
+        class_attribute :audited_options, instance_writer: false
+        attr_accessor :audit_version, :audit_comment
+
+        set_audited_options(options)
+
+        if audited_options[:comment_required]
+          validate :presence_of_audit_comment
+          before_destroy :require_comment if audited_options[:on].include?(:destroy)
+        end
+
+        has_many :audits, -> { order(version: :asc) }, as: :auditable, class_name: Audited.audit_class.name, inverse_of: :auditable
+        Audited.audit_class.audited_class_names << to_s
+
+        after_create :audit_create if audited_options[:on].include?(:create)
+        before_update :audit_update if audited_options[:on].include?(:update)
+        after_touch :audit_touch if audited_options[:on].include?(:touch) && ::ActiveRecord::VERSION::MAJOR >= 6
+        before_destroy :audit_destroy if audited_options[:on].include?(:destroy)
+
+        # Define and set after_audit and around_audit callbacks. This might be useful if you want
+        # to notify a party after the audit has been created or if you want to access the newly-created
+        # audit.
+        define_callbacks :audit
+        set_callback :audit, :after, :after_audit, if: lambda { respond_to?(:after_audit, true) }
+        set_callback :audit, :around, :around_audit, if: lambda { respond_to?(:around_audit, true) }
+
+        enable_auditing
+      end
+
+      def has_associated_audits
+        has_many :audit_associates, as: :associated, class_name: Audited::AuditAssociate.name
+        has_many :associated_audits, through: :audit_associates, source: :audit, class_name: Audited.audit_class.name
+      end
+
+      def update_audited_options(new_options)
+        previous_audit_options = self.audited_options
+        set_audited_options(new_options)
+        self.reset_audited_columns
+      end
+
+      def set_audited_options(options)
+        self.audited_options = options
+        normalize_audited_options
+        self.audit_associated_with = audited_options[:associated_with]
+      end
+    end
+
+    module AuditedInstanceMethods
+      REDACTED = "[REDACTED]"
+
+      # Temporarily turns off auditing while saving.
+      def save_without_auditing
+        without_auditing { save }
+      end
+
+      # Executes the block with the auditing callbacks disabled.
+      #
+      #   @foo.without_auditing do
+      #     @foo.save
+      #   end
+      #
+      def without_auditing(&block)
+        self.class.without_auditing(&block)
+      end
+
+      # Temporarily turns on auditing while saving.
+      def save_with_auditing
+        with_auditing { save }
+      end
+
+      # Executes the block with the auditing callbacks enabled.
+      #
+      #   @foo.with_auditing do
+      #     @foo.save
+      #   end
+      #
+      def with_auditing(&block)
+        self.class.with_auditing(&block)
+      end
+
+      # Gets an array of the revisions available
+      #
+      #   user.revisions.each do |revision|
+      #     user.name
+      #     user.version
+      #   end
+      #
+      def revisions(from_version = 1)
+        return [] unless audits.from_version(from_version).exists?
+
+        all_audits = audits.select([:audited_changes, :version, :action]).to_a
+        targeted_audits = all_audits.select { |audit| audit.version >= from_version }
+
+        previous_attributes = reconstruct_attributes(all_audits - targeted_audits)
+
+        targeted_audits.map do |audit|
+          previous_attributes.merge!(audit.new_attributes)
+          revision_with(previous_attributes.merge!(version: audit.version))
+        end
+      end
+
+      # Get a specific revision specified by the version number, or +:previous+
+      # Returns nil for versions greater than revisions count
+      def revision(version)
+        if version == :previous || audits.last.version >= version
+          revision_with Audited.audit_class.reconstruct_attributes(audits_to(version))
+        end
+      end
+
+      # Find the oldest revision recorded prior to the date/time provided.
+      def revision_at(date_or_time)
+        audits = self.audits.up_until(date_or_time)
+        revision_with Audited.audit_class.reconstruct_attributes(audits) unless audits.empty?
+      end
+
+      # List of attributes that are audited.
+      def audited_attributes
+        audited_attributes = attributes.except(*self.class.non_audited_columns)
+        audited_attributes = redact_values(audited_attributes)
+        audited_attributes = filter_encrypted_attrs(audited_attributes)
+        normalize_enum_changes(audited_attributes)
+      end
+
+      # Returns a list combined of record audits and associated audits.
+      def own_and_associated_audits
+        Audited.audit_class.unscoped
+          .includes(:audit_associates)
+          .where(auditable: self)
+          .or(Audited.audit_class.unscoped.includes(:audit_associates).where(audit_associates: { associated: self }))
+          .order(created_at: :desc)
+      end
+
+      # Combine multiple audits into one.
+      def combine_audits(audits_to_combine)
+        combine_target = audits_to_combine.last
+        combine_target.audited_changes = audits_to_combine.pluck(:audited_changes).reduce(&:merge)
+        combine_target.comment = "#{combine_target.comment}\nThis audit is the result of multiple audits being combined."
+
+        transaction do
+          begin
+            combine_target.save!
+            audits_to_combine.unscope(:limit).where("version < ?", combine_target.version).delete_all
+          rescue ActiveRecord::Deadlocked
+            # Ignore Deadlocks, if the same record is getting its old audits combined more than once at the same time then
+            # both combining operations will be the same. Ignoring this error allows one of the combines to go through successfully.
+          end
+        end
+      end
+
+      protected
+
+      def revision_with(attributes)
+        dup.tap do |revision|
+          revision.id = id
+          revision.send :instance_variable_set, "@new_record", destroyed?
+          revision.send :instance_variable_set, "@persisted", !destroyed?
+          revision.send :instance_variable_set, "@readonly", false
+          revision.send :instance_variable_set, "@destroyed", false
+          revision.send :instance_variable_set, "@_destroyed", false
+          revision.send :instance_variable_set, "@marked_for_destruction", false
+          Audited.audit_class.assign_revision_attributes(revision, attributes)
+
+          # Remove any association proxies so that they will be recreated
+          # and reference the correct object for this revision. The only way
+          # to determine if an instance variable is a proxy object is to
+          # see if it responds to certain methods, as it forwards almost
+          # everything to its target.
+          revision.instance_variables.each do |ivar|
+            proxy = revision.instance_variable_get ivar
+            if !proxy.nil? && proxy.respond_to?(:proxy_respond_to?)
+              revision.instance_variable_set ivar, nil
+            end
+          end
+        end
+      end
+
+      private
+
+      def audited_changes(for_touch: false, exclude_readonly_attrs: false)
+        all_changes = if for_touch
+          previous_changes
+        elsif respond_to?(:changes_to_save)
+          changes_to_save
+        else
+          changes
+        end
+
+        all_changes = all_changes.except(*self.class.readonly_attributes.to_a) if exclude_readonly_attrs
+
+        filtered_changes = \
+          if audited_options[:only].present?
+            all_changes.slice(*self.class.audited_columns)
+          else
+            all_changes.except(*self.class.non_audited_columns)
+          end
+
+        filtered_changes = normalize_enum_changes(filtered_changes)
+
+        if for_touch && (last_audit = audits.last&.audited_changes)
+          filtered_changes.reject! do |k, v|
+            last_audit[k].to_json == v.to_json ||
+            last_audit[k].to_json == v[1].to_json
+          end
+        end
+
+        filtered_changes = redact_values(filtered_changes)
+        filtered_changes = filter_encrypted_attrs(filtered_changes)
+        filtered_changes.to_hash
+      end
+
+      def normalize_enum_changes(changes)
+        return changes if Audited.store_synthesized_enums
+
+        self.class.defined_enums.each do |name, values|
+          if changes.has_key?(name)
+            changes[name] = \
+              if changes[name].is_a?(Array)
+                changes[name].map { |v| values[v] }
+              elsif rails_below?("5.0")
+                changes[name]
+              else
+                values[changes[name]]
+              end
+          end
+        end
+        changes
+      end
+
+      def redact_values(filtered_changes)
+        filter_attr_values(
+          audited_changes: filtered_changes,
+          attrs: Array(audited_options[:redacted]).map(&:to_s),
+          placeholder: audited_options[:redaction_value] || REDACTED
+        )
+      end
+
+      def filter_encrypted_attrs(filtered_changes)
+        filter_attr_values(
+          audited_changes: filtered_changes,
+          attrs: respond_to?(:encrypted_attributes) ? Array(encrypted_attributes).map(&:to_s) : []
+        )
+      end
+
+      # Replace values for given attrs to a placeholder and return modified hash
+      #
+      # @param audited_changes [Hash] Hash of changes to be saved to audited version record
+      # @param attrs [Array<String>] Array of attrs, values of which will be replaced to placeholder value
+      # @param placeholder [String] Placeholder to replace original attr values
+      def filter_attr_values(audited_changes: {}, attrs: [], placeholder: "[FILTERED]")
+        attrs.each do |attr|
+          next unless audited_changes.key?(attr)
+
+          changes = audited_changes[attr]
+          values = changes.is_a?(Array) ? changes.map { placeholder } : placeholder
+
+          audited_changes[attr] = values
+        end
+
+        audited_changes
+      end
+
+      def rails_below?(rails_version)
+        ::ActiveRecord.version < Gem::Version.new(rails_version)
+      end
+
+      def audits_to(version = nil)
+        if version == :previous
+          version = if audit_version
+            audit_version - 1
+          else
+            previous = audits.descending.offset(1).first
+            previous ? previous.version : 1
+          end
+        end
+        audits.to_version(version)
+      end
+
+      def audit_create
+        write_audit(action: "create", audited_changes: audited_attributes,
+          comment: audit_comment)
+      end
+
+      def audit_update
+        unless (changes = audited_changes(exclude_readonly_attrs: true)).empty? && (audit_comment.blank? || audited_options[:update_with_comment_only] == false)
+          write_audit(action: "update", audited_changes: changes,
+            comment: audit_comment)
+        end
+      end
+
+      def audit_touch
+        unless (changes = audited_changes(for_touch: true, exclude_readonly_attrs: true)).empty?
+          write_audit(action: "update", audited_changes: changes,
+            comment: audit_comment)
+        end
+      end
+
+      def audit_destroy
+        unless new_record?
+          write_audit(action: "destroy", audited_changes: audited_attributes,
+            comment: audit_comment)
+        end
+      end
+
+      def write_audit(attrs)
+        self.audit_comment = nil
+
+        if auditing_enabled
+          run_callbacks(:audit) do
+            audit = audits.create(attrs)
+            audit.audit_associates << collect_audit_associated_with unless audit_associated_with.nil?
+            combine_audits_if_needed if attrs[:action] != 'create'
+            audit
+          end
+        end
+      end
+
+      def presence_of_audit_comment
+        if comment_required_state?
+          errors.add(:audit_comment, :blank) unless audit_comment.present?
+        end
+      end
+
+      def comment_required_state?
+        auditing_enabled &&
+          audited_changes.present? &&
+          ((audited_options[:on].include?(:create) && new_record?) ||
+          (audited_options[:on].include?(:update) && persisted? && changed?))
+      end
+
+      def combine_audits_if_needed
+        max_audits = evaluate_max_audits
+
+        if max_audits && (extra_count = audits.count - max_audits) > 0
+          audits_to_combine = audits.limit(extra_count + 1)
+          combine_audits(audits_to_combine)
+        end
+      end
+
+      def evaluate_max_audits
+        max_audits = case (option = audited_options[:max_audits])
+        when Proc then option.call
+        when Symbol then send(option)
+        else
+          option
+        end
+
+        Integer(max_audits).abs if max_audits
+      end
+
+      def require_comment
+        if auditing_enabled && audit_comment.blank?
+          errors.add(:audit_comment, :blank)
+          throw(:abort)
+        end
+      end
+
+      CALLBACKS.each do |attr_name|
+        alias_method "#{attr_name}_callback".to_sym, attr_name
+      end
+
+      def auditing_enabled
+        run_conditional_check(audited_options[:if]) &&
+          run_conditional_check(audited_options[:unless], matching: false) &&
+          self.class.auditing_enabled
+      end
+
+      def run_conditional_check(condition, matching: true)
+        return true if condition.blank?
+        return condition.call(self) == matching if condition.respond_to?(:call)
+        return send(condition) == matching if respond_to?(condition.to_sym, true)
+
+        true
+      end
+
+      def reconstruct_attributes(audits)
+        attributes = {}
+        audits.each { |audit| attributes.merge!(audit.new_attributes) }
+        attributes
+      end
+
+      def collect_audit_associated_with
+        Array(audit_associated_with).map do |associated|
+          Audited::AuditAssociate.new(associated: send(associated))
+        end
+      end
+    end
+
+    module AuditedClassMethods
+      # Returns an array of columns that are audited. See non_audited_columns
+      def audited_columns
+        @audited_columns ||= column_names - non_audited_columns
+      end
+
+      # We have to calculate this here since column_names may not be available when `audited` is called
+      def non_audited_columns
+        @non_audited_columns ||= calculate_non_audited_columns
+      end
+
+      def non_audited_columns=(columns)
+        @audited_columns = nil # reset cached audited columns on assignment
+        @non_audited_columns = columns.map(&:to_s)
+      end
+
+      # Executes the block with auditing disabled.
+      #
+      #   Foo.without_auditing do
+      #     @foo.save
+      #   end
+      #
+      def without_auditing
+        auditing_was_enabled = class_auditing_enabled
+        disable_auditing
+        yield
+      ensure
+        enable_auditing if auditing_was_enabled
+      end
+
+      # Executes the block with auditing enabled.
+      #
+      #   Foo.with_auditing do
+      #     @foo.save
+      #   end
+      #
+      def with_auditing
+        auditing_was_enabled = class_auditing_enabled
+        enable_auditing
+        yield
+      ensure
+        disable_auditing unless auditing_was_enabled
+      end
+
+      def disable_auditing
+        self.auditing_enabled = false
+      end
+
+      def enable_auditing
+        self.auditing_enabled = true
+      end
+
+      # All audit operations during the block are recorded as being
+      # made by +user+. This is not model specific, the method is a
+      # convenience wrapper around
+      # @see Audit#as_user.
+      def audit_as(user, &block)
+        Audited.audit_class.as_user(user, &block)
+      end
+
+      def auditing_enabled
+        class_auditing_enabled && Audited.auditing_enabled
+      end
+
+      def auditing_enabled=(val)
+        Audited.store["#{table_name}_auditing_enabled"] = val
+      end
+
+      def default_ignored_attributes
+        [primary_key, inheritance_column] | Audited.ignored_attributes
+      end
+
+      protected
+
+      def normalize_audited_options
+        audited_options[:on] = Array.wrap(audited_options[:on])
+        audited_options[:on] = ([:create, :update, :touch, :destroy] - Audited.ignored_default_callbacks) if audited_options[:on].empty?
+        audited_options[:only] = Array.wrap(audited_options[:only]).map(&:to_s)
+        audited_options[:except] = Array.wrap(audited_options[:except]).map(&:to_s)
+        audited_options[:max_audits] ||= Audited.max_audits
+      end
+
+      def calculate_non_audited_columns
+        if audited_options[:only].present?
+          (column_names | default_ignored_attributes) - audited_options[:only]
+        elsif audited_options[:except].present?
+          default_ignored_attributes | audited_options[:except]
+        else
+          default_ignored_attributes
+        end
+      end
+
+      def class_auditing_enabled
+        Audited.store.fetch("#{table_name}_auditing_enabled", true)
+      end
+
+      def reset_audited_columns
+        @audited_columns = nil
+        @non_audited_columns = nil
+      end
+    end
+  end
+end

data/lib/audited/railtie.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Audited
+  class Railtie < Rails::Railtie
+    initializer "audited.sweeper" do
+      ActiveSupport.on_load(:action_controller) do
+        if defined?(ActionController::Base)
+          ActionController::Base.around_action Audited::Sweeper.new
+        end
+        if defined?(ActionController::API)
+          ActionController::API.around_action Audited::Sweeper.new
+        end
+      end
+    end
+  end
+end