def log(
self,
authorization, # type: Authorization
action, # type: str
description, # type: str
on_user=None, # type: Optional[str]
on_group=None, # type: Optional[str]
on_permission=None, # type: Optional[str]
category=AuditLogCategory.general, # type: AuditLogCategory
date=None, # type: Optional[datetime]
):
# type: (...) -> None
"""Log an action to the audit log.
Arguments don't cover all use cases yet. This method will be expanded as further use cases
are ported to this service.
"""
actor = self._id_for_user(authorization.actor)
if not date:
date = datetime.utcnow()
# We currently have no way to log audit log entries for objects that no longer exist. This
# should eventually be fixed via a schema change to use strings for all fields of the audit
# log. For now, we'll die with an exception.
user = self._id_for_user(on_user) if on_user else None
group = self._id_for_group(on_group) if on_group else None
permission = self._id_for_permission(
on_permission) if on_permission else None
entry = AuditLog(
actor_id=actor,
log_time=date,
action=action,
description=description,
on_user_id=user,
on_group_id=group,
on_permission_id=permission,
category=int(category),
)
entry.add(self.session)
# This should happen at the service layer, not the repository layer, but the API for the
# plugin currently takes a SQL object. This can move to the service layer once a data
# transfer object is defined instead.
self.plugins.log_auditlog_entry(entry)
