def log( self, authorization, # type: Authorization action, # type: str description, # type: str on_user=None, # type: Optional[str] on_group=None, # type: Optional[str] on_permission=None, # type: Optional[str] category=AuditLogCategory.general, # type: AuditLogCategory date=None, # type: Optional[datetime] ): # type: (...) -> None """Log an action to the audit log. Arguments don't cover all use cases yet. This method will be expanded as further use cases are ported to this service. """ actor = self._id_for_user(authorization.actor) if not date: date = datetime.utcnow() # We currently have no way to log audit log entries for objects that no longer exist. This # should eventually be fixed via a schema change to use strings for all fields of the audit # log. For now, we'll die with an exception. user = self._id_for_user(on_user) if on_user else None group = self._id_for_group(on_group) if on_group else None permission = self._id_for_permission( on_permission) if on_permission else None entry = AuditLog( actor_id=actor, log_time=date, action=action, description=description, on_user_id=user, on_group_id=group, on_permission_id=permission, category=int(category), ) entry.add(self.session) # This should happen at the service layer, not the repository layer, but the API for the # plugin currently takes a SQL object. This can move to the service layer once a data # transfer object is defined instead. self.plugins.log_auditlog_entry(entry)