feat: add logging to account actions in admin

VATSIM-UK · Nov 15, 2023 · 5e5254a · 5e5254a
1 parent 9127a22
commit 5e5254a
Show file tree

Hide file tree

Showing 9 changed files with 177 additions and 0 deletions.
diff --git a/app/Filament/Helpers/Pages/LogPageAccess.php b/app/Filament/Helpers/Pages/LogPageAccess.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Filament\Helpers\Pages;
+
+use App\Models\AdminAccessLog;
+
+trait LogPageAccess
+{
+    /**
+     * Returns the name of the action to be logged.
+     * Designed to be overridden by the class using this trait
+     * when something other than the default return value is used.
+     */
+    protected function getLogActionName(): string
+    {
+        return 'View';
+    }
+
+    public function mount($record): void
+    {
+        parent::mount($record);
+
+        AdminAccessLog::create([
+            'accessor_account_id' => auth()->user()->id,
+            'loggable_id' => $this->record->id,
+            'loggable_type' => get_class($this->record),
+            'action' => $this->getLogActionName(),
+        ]);
+    }
+}
diff --git a/app/Filament/Helpers/Pages/LogRelationAccess.php b/app/Filament/Helpers/Pages/LogRelationAccess.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Filament\Helpers\Pages;
+
+use App\Models\AdminAccessLog;
+
+trait LogRelationAccess
+{
+    /**
+     * Returns the name of the action to be logged.
+     * Designed to be overridden by the class using this trait
+     * when something other than the default return value is used.
+     */
+    protected function getLogActionName(): string
+    {
+        return 'ViewRelation';
+    }
+
+    public function mount(): void
+    {
+        parent::mount();
+
+        AdminAccessLog::create([
+            'accessor_account_id' => auth()->user()->id,
+            'loggable_id' => $this->ownerRecord->id,
+            'loggable_type' => get_class($this->ownerRecord),
+            'action' => $this->getLogActionName(),
+        ]);
+    }
+}
diff --git a/app/Filament/Resources/AccountResource/Pages/ViewAccount.php b/app/Filament/Resources/AccountResource/Pages/ViewAccount.php
@@ -3,6 +3,7 @@
 namespace App\Filament\Resources\AccountResource\Pages;
 
 use App\Filament\Helpers\Pages\BaseViewRecordPage;
+use App\Filament\Helpers\Pages\LogPageAccess;
 use App\Filament\Resources\AccountResource;
 use App\Jobs\UpdateMember;
 use App\Models\Contact;
@@ -18,8 +19,15 @@
 
 class ViewAccount extends BaseViewRecordPage
 {
+    use LogPageAccess;
+
     protected static string $resource = AccountResource::class;
 
+    protected function getLogActionName(): string
+    {
+        return 'ViewAccount';
+    }
+
     protected function getHeaderActions(): array
     {
         return [

diff --git a/app/Filament/Resources/AccountResource/RelationManagers/BansRelationManager.php b/app/Filament/Resources/AccountResource/RelationManagers/BansRelationManager.php
@@ -2,6 +2,7 @@
 
 namespace App\Filament\Resources\AccountResource\RelationManagers;
 
+use App\Filament\Helpers\Pages\LogRelationAccess;
 use App\Filament\Resources\BanResource;
 use App\Models\Mship\Account\Ban;
 use App\Models\Mship\Ban\Reason;
@@ -16,10 +17,17 @@
 
 class BansRelationManager extends RelationManager
 {
+    use LogRelationAccess;
+
     protected static string $relationship = 'bans';
 
     protected static ?string $recordTitleAttribute = 'id';
 
+    protected function getLogActionName(): string
+    {
+        return 'ViewBans';
+    }
+
     public function isReadOnly(): bool
     {
         return false;

diff --git a/app/Filament/Resources/AccountResource/RelationManagers/NotesRelationManager.php b/app/Filament/Resources/AccountResource/RelationManagers/NotesRelationManager.php
@@ -2,6 +2,7 @@
 
 namespace App\Filament\Resources\AccountResource\RelationManagers;
 
+use App\Filament\Helpers\Pages\LogRelationAccess;
 use App\Models\Mship\Account;
 use App\Models\Mship\Account\Note;
 use App\Models\Mship\Note\Type;
@@ -15,6 +16,13 @@
 
 class NotesRelationManager extends RelationManager
 {
+    use LogRelationAccess;
+
+    protected function getLogActionName(): string
+    {
+        return 'ViewNotes';
+    }
+
     protected static string $relationship = 'notes';
 
     protected static ?string $recordTitleAttribute = 'id';

diff --git a/app/Models/AdminAccessLog.php b/app/Models/AdminAccessLog.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+
+class AdminAccessLog extends Model
+{
+    use HasFactory;
+
+    protected $guarded = [];
+
+    public function accessor()
+    {
+        return $this->belongsTo(User::class, 'accessor_account_id');
+    }
+
+    public function loggable()
+    {
+        return $this->morphTo();
+    }
+}
diff --git a/database/factories/AdminAccessLogFactory.php b/database/factories/AdminAccessLogFactory.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace Database\Factories;
+
+use Illuminate\Database\Eloquent\Factories\Factory;
+
+/**
+ * @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\AdminAccessLog>
+ */
+class AdminAccessLogFactory extends Factory
+{
+    /**
+     * Define the model's default state.
+     *
+     * @return array<string, mixed>
+     */
+    public function definition(): array
+    {
+        return [
+            'accessor_account_id' => 1,
+            'loggable_id' => 1,
+            'loggable_type' => 'App\Models\User',
+            'action' => 'View',
+        ];
+    }
+}
diff --git a/database/migrations/2023_11_15_184316_create_admin_access_logs_table.php b/database/migrations/2023_11_15_184316_create_admin_access_logs_table.php
@@ -0,0 +1,30 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::create('admin_access_logs', function (Blueprint $table) {
+            $table->id();
+            $table->string('accessor_account_id');
+            $table->morphs('loggable');
+            $table->string('action')->nullable();
+            $table->timestamps();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::dropIfExists('admin_access_logs');
+    }
+};
diff --git a/tests/Feature/Admin/Account/Pages/ViewAccountPageTest.php b/tests/Feature/Admin/Account/Pages/ViewAccountPageTest.php
@@ -100,4 +100,18 @@ public function test_can_request_update()
 
         Bus::assertDispatched(UpdateMember::class, fn (UpdateMember $job) => $job->accountID === $this->privacc->id);
     }
+
+    public function test_records_page_visit_in_admin_log()
+    {
+        $this->user->givePermissionTo('account.view-insensitive.*');
+        Livewire::actingAs($this->user);
+
+        Livewire::test(ViewAccount::class, ['record' => $this->privacc->id]);
+
+        $this->assertDatabaseHas('admin_access_logs', [
+            'accessor_account_id' => $this->user->id,
+            'loggable_id' => $this->privacc->id,
+            'loggable_type' => get_class($this->privacc),
+        ]);
+    }
 }