Feature #33551
Audits should be searchable by the current user so a role with filter to "see my audits" can be created
Associated revisions
Refs #33551 - fix the searching in audits by user
The first PR allowed to search in search_users relation, however that
searches on the actual audited objects. So when used in filters, it
would grant access to see all audits of $my account by anyone. While
such search may still be useful, the original intention was to allow
searching by the author of the audit.
Given the user is already a search keyword, we call this
authored_by_user. The correct syntax then is
authored_by_user = admin
authored_by_user = current_user
authored_by_user.id = 2
authored_by_user.id = current_user
History
#1
Updated by The Foreman Bot 9 months ago
- Assignee set to Marek Hulán
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/8792 added
#2
Updated by Nacho Barrientos 9 months ago
Similarly, it'd be nice to be able to create a filter allowing to see audits on resources that the user that's logged in can see at this very moment (hosts, hostgroups, etc). So basically if the current user can see a given host at the moment they'll be able to see the entire audit log of that resource, even if in the past it was not visible to them.
#3
Updated by The Foreman Bot 8 months ago
- Fixed in Releases 3.1.0 added
#4
Updated by Marek Hulán 8 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman|b46326a459f75b4e7ebd7a635ba7d04fe2c2994b.
#5
Updated by The Foreman Bot 8 months ago
- Pull request https://github.com/theforeman/foreman/pull/8864 added
#6
Updated by Amit Upadhye 7 months ago
- Category set to Audit Log
Fixes #33551 - allow searching audits by current_user
A user would like to define a filter that would allow all users to see
their own audits. The only thing that's missing is to define the
scoped_search on Audit model that would accept the current_user value
for audits' user_id and user.
This PR allows to search audits by the following terms
```
user.id = 1
user.id = 100
user.id = current_user
user = admin
user = current_user
```
the syntax is consitent with other places we have similar support (e.g.
the tasks).