diff --git a/resources/init.php b/resources/init.php index fa60b03a..6e22e3b6 100644 --- a/resources/init.php +++ b/resources/init.php @@ -107,6 +107,13 @@ $_SESSION["user_exists"] = $USER->exists(); $_SESSION["is_pi"] = $USER->isPI(); + $SQL->addLog( + $OPERATOR->getUID(), + $_SERVER['REMOTE_ADDR'], + "user_login", + $OPERATOR->getUID() + ); + if (!$_SESSION["user_exists"]) { // populate cache $REDIS->setCache($SSO["user"], "org", $SSO["org"]); diff --git a/resources/lib/UnityGroup.php b/resources/lib/UnityGroup.php index ac0dd9bb..54992612 100644 --- a/resources/lib/UnityGroup.php +++ b/resources/lib/UnityGroup.php @@ -124,7 +124,7 @@ public function requestGroup($send_mail = true) /** * This method will create the group (this is what is executed when an admin approved the group) */ - public function approveGroup($send_mail = true) + public function approveGroup($operator = null, $send_mail = true) { // check for edge cases... if ($this->exists()) { @@ -143,6 +143,15 @@ public function approveGroup($send_mail = true) // this will silently fail if the request doesn't exist $this->SQL->removeRequest($this->getOwner()->getUID()); + $operator = is_null($operator) ? $this->getOwner()->getUID() : $operator->getUID(); + + $this->SQL->addLog( + $operator, + $_SERVER['REMOTE_ADDR'], + "approved_group", + $this->getOwner()->getUID() + ); + // send email to the newly approved PI if ($send_mail) { $this->MAILER->sendMail( @@ -155,7 +164,7 @@ public function approveGroup($send_mail = true) /** * This method is executed when an admin denys the PI group request */ - public function denyGroup($send_mail = true) + public function denyGroup($operator = null, $send_mail = true) { // remove request - this will fail silently if the request doesn't exist $this->SQL->removeRequest($this->getOwner()->getUID()); @@ -164,6 +173,15 @@ public function denyGroup($send_mail = true) return; } + $operator = is_null($operator) ? $this->getOwner()->getUID() : $operator->getUID(); + + $this->SQL->addLog( + $operator, + $_SERVER['REMOTE_ADDR'], + "denied_group", + $this->getOwner()->getUID() + ); + // send email to the requestor if ($send_mail) { $this->MAILER->sendMail( diff --git a/resources/lib/UnitySQL.php b/resources/lib/UnitySQL.php index 5cdaa9d0..cf5b1630 100644 --- a/resources/lib/UnitySQL.php +++ b/resources/lib/UnitySQL.php @@ -118,7 +118,7 @@ public function deleteRequestsByUser($user) $stmt->execute(); } - public function addNotice($title, $date, $content) + public function addNotice($title, $date, $content, $operator) { $stmt = $this->conn->prepare( "INSERT INTO " . self::TABLE_NOTICES . " (date, title, message) VALUES (:date, :title, :message)" @@ -128,6 +128,15 @@ public function addNotice($title, $date, $content) $stmt->bindParam(":message", $content); $stmt->execute(); + + $operator = $operator->getUID(); + + $this->addLog( + $operator, + $_SERVER['REMOTE_ADDR'], + "added_cluster_notice", + $operator + ); } public function editNotice($id, $title, $date, $content) @@ -197,7 +206,7 @@ public function getPage($id) return $stmt->fetchAll()[0]; } - public function editPage($id, $content) + public function editPage($id, $content, $operator) { $stmt = $this->conn->prepare( "UPDATE " . self::TABLE_PAGES . " SET content=:content WHERE page=:id" @@ -206,6 +215,15 @@ public function editPage($id, $content) $stmt->bindParam(":content", $content); $stmt->execute(); + + $operator = $operator->getUID(); + + $this->addLog( + $operator, + $_SERVER['REMOTE_ADDR'], + "edited_page", + $operator + ); } public function addEvent($operator, $action, $entity) diff --git a/resources/lib/UnityUser.php b/resources/lib/UnityUser.php index 90ea740b..99bedb3f 100644 --- a/resources/lib/UnityUser.php +++ b/resources/lib/UnityUser.php @@ -212,10 +212,18 @@ public function getOrg($ignorecache = false) * * @param string $firstname */ - public function setFirstname($firstname) + public function setFirstname($firstname, $operator = null) { $ldap_user = $this->getLDAPUser(); $ldap_user->setAttribute("givenname", $firstname); + $operator = is_null($operator) ? $this->getUID() : $operator->getUID(); + + $this->SQL->addLog( + $operator, + $_SERVER['REMOTE_ADDR'], + "firstname_changed", + $this->getUID() + ); if (!$ldap_user->write()) { throw new Exception("Error updating LDAP entry $this->uid"); @@ -256,10 +264,18 @@ public function getFirstname($ignorecache = false) * * @param string $lastname */ - public function setLastname($lastname) + public function setLastname($lastname, $operator = null) { $ldap_user = $this->getLDAPUser(); $ldap_user->setAttribute("sn", $lastname); + $operator = is_null($operator) ? $this->getUID() : $operator->getUID(); + + $this->SQL->addLog( + $operator, + $_SERVER['REMOTE_ADDR'], + "lastname_changed", + $this->getUID() + ); if (!$this->getLDAPUser()->write()) { throw new Exception("Error updating LDAP entry $this->uid"); @@ -305,10 +321,18 @@ public function getFullname() * * @param string $mail */ - public function setMail($email) + public function setMail($email, $operator = null) { $ldap_user = $this->getLDAPUser(); $ldap_user->setAttribute("mail", $email); + $operator = is_null($operator) ? $this->getUID() : $operator->getUID(); + + $this->SQL->addLog( + $operator, + $_SERVER['REMOTE_ADDR'], + "email_changed", + $this->getUID() + ); if (!$this->getLDAPUser()->write()) { throw new Exception("Error updating LDAP entry $this->uid"); @@ -420,7 +444,7 @@ public function getSSHKeys($ignorecache = false) * * @param string $shell absolute path to shell */ - public function setLoginShell($shell, $send_mail = true) + public function setLoginShell($shell, $operator = null, $send_mail = true) { $ldapUser = $this->getLDAPUser(); if ($ldapUser->exists()) { @@ -430,6 +454,15 @@ public function setLoginShell($shell, $send_mail = true) } } + $operator = is_null($operator) ? $this->getUID() : $operator->getUID(); + + $this->SQL->addLog( + $operator, + $_SERVER['REMOTE_ADDR'], + "loginshell_changed", + $this->getUID() + ); + $this->REDIS->setCache($this->uid, "loginshell", $shell); if ($send_mail) { @@ -470,7 +503,7 @@ public function getLoginShell($ignorecache = false) return null; } - public function setHomeDir($home) + public function setHomeDir($home, $operator = null) { $ldapUser = $this->getLDAPUser(); if ($ldapUser->exists()) { @@ -479,6 +512,15 @@ public function setHomeDir($home) throw new Exception("Failed to modify home directory for $this->uid"); } + $operator = is_null($operator) ? $this->getUID() : $operator->getUID(); + + $this->SQL->addLog( + $operator, + $_SERVER['REMOTE_ADDR'], + "homedir_changed", + $this->getUID() + ); + $this->REDIS->setCache($this->uid, "homedir", $home); } } diff --git a/webroot/admin/content.php b/webroot/admin/content.php index bf42043f..fd302674 100644 --- a/webroot/admin/content.php +++ b/webroot/admin/content.php @@ -8,7 +8,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { if (!empty($_POST["pageSel"])) { - $SQL->editPage($_POST["pageSel"], $_POST["content"]); + $SQL->editPage($_POST["pageSel"], $_POST["content"], $USER); } } diff --git a/webroot/admin/notices.php b/webroot/admin/notices.php index 14fe32e1..3d01a0b1 100644 --- a/webroot/admin/notices.php +++ b/webroot/admin/notices.php @@ -9,7 +9,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { switch ($_POST["form_type"]) { case "newNotice": - $SQL->addNotice($_POST["title"], $_POST["date"], $_POST["content"]); + $SQL->addNotice($_POST["title"], $_POST["date"], $_POST["content"], $USER); break; case "editNotice": diff --git a/webroot/admin/pi-mgmt.php b/webroot/admin/pi-mgmt.php index af17ba17..1b145656 100644 --- a/webroot/admin/pi-mgmt.php +++ b/webroot/admin/pi-mgmt.php @@ -19,11 +19,11 @@ if ($_POST["action"] == "Approve") { // approve group $group = $form_user->getPIGroup(); - $group->approveGroup(); + $group->approveGroup($OPERATOR); } elseif ($_POST["action"] == "Deny") { // deny group $group = $form_user->getPIGroup(); - $group->denyGroup(); + $group->denyGroup($OPERATOR); } break; diff --git a/webroot/panel/account.php b/webroot/panel/account.php index a7bcae4f..f914f7e4 100644 --- a/webroot/panel/account.php +++ b/webroot/panel/account.php @@ -58,9 +58,9 @@ break; case "loginshell": if ($_POST["shellSelect"] == "custom") { - $USER->setLoginShell($_POST["shell"]); + $USER->setLoginShell($_POST["shell"], $OPERATOR); } else { - $USER->setLoginShell($_POST["shellSelect"]); + $USER->setLoginShell($_POST["shellSelect"], $OPERATOR); } break; case "pi_request":