Closes #257: admin users can see all logs

2025-12-13 09:46:17 +00:00 · 2018-11-09 14:49:34 +01:00
parent 42828efa19
commit d8d5249a23
4 changed files with 31 additions and 9 deletions
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/AuditLogResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/AuditLogResource.java
@@ -6,6 +6,7 @@ import com.sismics.docs.core.dao.AclDao;
 import com.sismics.docs.core.dao.AuditLogDao;
 import com.sismics.docs.core.dao.criteria.AuditLogCriteria;
 import com.sismics.docs.core.dao.dto.AuditLogDto;
+import com.sismics.docs.core.util.SecurityUtil;
 import com.sismics.docs.core.util.jpa.PaginatedList;
 import com.sismics.docs.core.util.jpa.PaginatedLists;
 import com.sismics.docs.core.util.jpa.SortCriteria;
@@ -65,6 +66,7 @@ public class AuditLogResource extends BaseResource {
        if (Strings.isNullOrEmpty(documentId)) {
            // Search logs for a user
            criteria.setUserId(principal.getId());
+            criteria.setAdmin(SecurityUtil.skipAclCheck(getTargetIdList(null)));
        } else {
            // Check ACL on the document
            AclDao aclDao = new AclDao();
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
@@ -680,6 +680,7 @@ public class UserResource extends BaseResource {
     * @apiParam {String} username Username
     * @apiSuccess {String} username Username
     * @apiSuccess {String} email E-mail
+     * @apiSuccess {Boolean} totp_enabled True if TOTP authentication is enabled
     * @apiSuccess {Number} storage_quota Storage quota (in bytes)
     * @apiSuccess {Number} storage_current Quota used (in bytes)
     * @apiSuccess {String[]} groups Groups
@@ -720,6 +721,7 @@ public class UserResource extends BaseResource {
                .add("username", user.getUsername())
                .add("groups", groups)
                .add("email", user.getEmail())
+                .add("totp_enabled", user.getTotpKey() != null)
                .add("storage_quota", user.getStorageQuota())
                .add("storage_current", user.getStorageCurrent())
                .add("disabled", user.getDisableDate() != null);
@@ -739,6 +741,7 @@ public class UserResource extends BaseResource {
     * @apiSuccess {String} users.id ID
     * @apiSuccess {String} users.username Username
     * @apiSuccess {String} users.email E-mail
+     * @apiSuccess {Boolean} users.totp_enabled True if TOTP authentication is enabled
     * @apiSuccess {Number} users.storage_quota Storage quota (in bytes)
     * @apiSuccess {Number} users.storage_current Quota used (in bytes)
     * @apiSuccess {Number} users.create_date Create date (timestamp)
@@ -781,8 +784,8 @@ public class UserResource extends BaseResource {
            users.add(Json.createObjectBuilder()
                    .add("id", userDto.getId())
                    .add("username", userDto.getUsername())
-                    .add("totp_enabled", userDto.getTotpKey() != null)
                    .add("email", userDto.getEmail())
+                    .add("totp_enabled", userDto.getTotpKey() != null)
                    .add("storage_quota", userDto.getStorageQuota())
                    .add("storage_current", userDto.getStorageCurrent())
                    .add("create_date", userDto.getCreateTimestamp())