def get(self, application_name, cluster_name, key): """Get the audit logs of specified instance key. :param application_name: The name of application. :param cluster_name: The name of clsuter. :param key: The key of instance. :query date: The date specified to search, default is today. :query start: The offset of pagination. Default is ``0``. :>header Authorization: Huskar Token (See :ref:`token`) :status 403: You don't have required authority. :status 501: The server is in minimal mode. :status 200: The result is in the response. (See :ref:`Audit Log Schema <audit_schema>`) """ check_application(application_name) check_cluster_name(cluster_name, application_name) start = request.args.get('start', type=int, default=0) application = Application.get_by_name(application_name) can_view_sensitive_data = AuditLog.can_view_sensitive_data( g.auth.id, self.instance_type, application.id) items = AuditLog.get_multi_by_instance_index(self.instance_type, application.id, cluster_name, key) items = items[start:start + 20] if not can_view_sensitive_data: items = [item.desensitize() for item in items] return api_response(audit_log_schema.dump(items, many=True).data)
def test_normal_user_can_not_view_sensitive_data( user, application, team, target_type): if target_type == AuditLog.TYPE_SITE: target_id = 0 elif target_type == AuditLog.TYPE_TEAM: target_id = team.id else: target_id = application.id assert not AuditLog.can_view_sensitive_data( user.id, target_type, target_id)
def test_application_auth_can_view_application_sensitive_data( user, application, team, target_type, can_view, authority): application.ensure_auth(authority, user.id) if target_type == AuditLog.TYPE_SITE: target_id = 0 elif target_type == AuditLog.TYPE_TEAM: target_id = team.id else: target_id = application.id result = AuditLog.can_view_sensitive_data(user.id, target_type, target_id) assert result == can_view
def test_application_admin_can_view_team_sensitive_data( user, application, team, target_type, can_view): team.grant_admin(user.id) if target_type == AuditLog.TYPE_SITE: target_id = 0 elif target_type == AuditLog.TYPE_TEAM: target_id = team.id else: target_id = application.id result = AuditLog.can_view_sensitive_data(user.id, target_type, target_id) assert result == can_view
def get(self, name=None): """Gets the list of audit log. :param name: The name of team, application and also. :query start: The offset of pagination. Default is ``0``. :query date: The date specified to search. :<header Authorization: Huskar Token (See :ref:`token`) :status 403: You don't have required authority. :status 501: The server is in minimal mode. :status 200: The result is in the response. (See :ref:`Audit Log Schema <audit_schema>`) """ start = request.args.get('start', type=int, default=0) start = max(start, 0) date = request.args.get('date', type=strptime2date) target_id = self._find_target(name) can_view_sensitive_data = AuditLog.can_view_sensitive_data( g.auth.id, self.target_type, target_id) items = self._get_audit_logs(target_id, start, date) if not can_view_sensitive_data: items = [item.desensitize() for item in items] return api_response(audit_log_schema.dump(items, many=True).data)
def test_site_admin_can_view_all_sensitive_data(user, target_type): user.grant_admin() assert AuditLog.can_view_sensitive_data(user.id, target_type, None)