introduce review/audit mechanism for edits, creates, and deletes

Author: retailcoder

rubberduckvba.Server/Api/Admin/AdminController.cs

@@ -2,13 +2,14 @@
 using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
+using rubberduckvba.Server.Model.Entity;
 using rubberduckvba.Server.Services;
 
 namespace rubberduckvba.Server.Api.Admin;
 
 [ApiController]
 [EnableCors(CorsPolicies.AllowAll)]
-public class AdminController(ConfigurationOptions options, HangfireLauncherService hangfire, CacheService cache) : ControllerBase
+public class AdminController(ConfigurationOptions options, HangfireLauncherService hangfire, CacheService cache, IAuditService audits) : ControllerBase
 {
     /// <summary>
     /// Enqueues a job that updates xmldoc content from the latest release/pre-release tags.
@@ -42,6 +43,16 @@ public IActionResult ClearCache()
         return Ok();
     }
 
+    [Authorize("github")]
+    [HttpGet("admin/audits")]
+    public async Task<IActionResult> GetPendingAudits()
+    {
+        var edits = await audits.GetPendingItems<FeatureEditEntity>();
+        var ops = await audits.GetPendingItems<FeatureOpEntity>();
+
+        return Ok(new { edits = edits.ToArray(), other = ops.ToArray() });
+    }
+
 #if DEBUG
     [AllowAnonymous]
     [HttpGet("admin/config/current")]

rubberduckvba.Server/Api/Features/FeaturesController.cs

@@ -6,6 +6,7 @@
 using rubberduckvba.Server.Model.Entity;
 using rubberduckvba.Server.Services;
 using rubberduckvba.Server.Services.rubberduckdb;
+using System.Security.Principal;
 
 namespace rubberduckvba.Server.Api.Features;
 
@@ -21,17 +22,19 @@ public class FeaturesController : RubberduckApiController
 {
     private readonly CacheService cache;
     private readonly IRubberduckDbService db;
+    private readonly IAuditService admin;
     private readonly FeatureServices features;
     private readonly IRepository<TagAssetEntity> assetsRepository;
     private readonly IRepository<TagEntity> tagsRepository;
     private readonly IMarkdownFormattingService markdownService;
 
-    public FeaturesController(CacheService cache, IRubberduckDbService db, FeatureServices features, IMarkdownFormattingService markdownService,
+    public FeaturesController(CacheService cache, IRubberduckDbService db, IAuditService admin, FeatureServices features, IMarkdownFormattingService markdownService,
         IRepository<TagAssetEntity> assetsRepository, IRepository<TagEntity> tagsRepository, ILogger<FeaturesController> logger)
         : base(logger)
     {
         this.cache = cache;
         this.db = db;
+        this.admin = admin;
         this.features = features;
         this.assetsRepository = assetsRepository;
         this.tagsRepository = tagsRepository;
@@ -175,11 +178,15 @@ public async Task<ActionResult<FeatureEditViewModel>> Create([FromBody] FeatureE
         }
 
         var feature = model.ToFeature();
-
-        var result = await db.SaveFeature(feature);
-        var features = await GetFeatureOptions(model.RepositoryId);
-
-        return Ok(new FeatureEditViewModel(result, features, RepositoryOptions));
+        if (User.Identity is IIdentity identity)
+        {
+            await admin.CreateFeature(feature, identity);
+            return Ok(feature);
+        }
+        else
+        {
+            return Unauthorized("User identity is not available.");
+        }
     }
 
     [HttpPost("features/update")]
@@ -198,11 +205,15 @@ public async Task<ActionResult<FeatureEditViewModel>> Update([FromBody] FeatureE
         }
 
         var feature = model.ToFeature();
-
-        var result = await db.SaveFeature(feature);
-        var features = await GetFeatureOptions(model.RepositoryId);
-
-        return new FeatureEditViewModel(result, features, RepositoryOptions);
+        if (User.Identity is IIdentity identity)
+        {
+            await admin.UpdateFeature(feature, identity);
+            return Ok(feature);
+        }
+        else
+        {
+            return Unauthorized("User identity is not available.");
+        }
     }
 
     [HttpPost("features/delete")]
@@ -213,13 +224,20 @@ public async Task Delete([FromBody] IFeature model)
         {
             throw new ArgumentException("Model is invalid for this endpoint.");
         }
-        var existingId = await db.GetFeatureId(RepositoryId.Rubberduck, model.Name);
-        if (existingId is null)
+        var existing = await db.ResolveFeature(RepositoryId.Rubberduck, model.Name);
+        if (existing is null)
         {
             throw new ArgumentException("Model is invalid for this endpoint.");
         }
 
-        await db.DeleteFeature(existingId.Value);
+        if (User.Identity is IIdentity identity)
+        {
+            await admin.DeleteFeature(existing, identity);
+        }
+        else
+        {
+            throw new UnauthorizedAccessException("User identity is not available.");
+        }
     }
 
     [HttpPost("markdown/format")]

rubberduckvba.Server/Model/Entity/FeatureEntity.cs

@@ -19,3 +19,46 @@ public record class FeatureEntity : Entity
 }
 
 public record class BlogLink(string Name, string Url, string Author, string Published) { }
+
+public record class AuditEntity
+{
+    public int Id { get; init; }
+    public DateTime DateInserted { get; init; }
+    public DateTime? DateModified { get; init; }
+    public string Author { get; init; } = string.Empty;
+}
+
+public record class FeatureEditEntity : AuditEntity
+{
+    public int FeatureId { get; init; }
+    public string FieldName { get; init; } = string.Empty;
+    public string? ValueBefore { get; init; }
+    public string ValueAfter { get; init; } = string.Empty;
+    public string? ApprovedBy { get; init; }
+    public DateTime? ApprovedAt { get; init; }
+    public string? RejectedBy { get; init; }
+    public DateTime? RejectedAt { get; init; }
+}
+
+public enum FeatureOperation
+{
+    Create = 1,
+    Delete = 2,
+}
+
+public record class FeatureOpEntity : AuditEntity
+{
+    public FeatureOperation FeatureAction { get; init; }
+
+    public int? ParentId { get; init; }
+    public string FeatureName { get; init; } = default!;
+    public int RepositoryId { get; init; }
+    public string Title { get; init; } = default!;
+    public string ShortDescription { get; init; } = default!;
+    public string Description { get; init; } = default!;
+    public bool IsHidden { get; init; }
+    public bool IsNew { get; init; }
+    public bool HasImage { get; init; }
+
+    public string Links { get; init; } = string.Empty;
+}

rubberduckvba.Server/Program.cs

@@ -228,6 +228,7 @@ private static void ConfigureServices(IServiceCollection services)
 
         services.AddSession(ConfigureSession);
         services.AddSingleton<IMemoryCache>(provider => new MemoryCache(new MemoryCacheOptions(), provider.GetRequiredService<ILoggerFactory>()));
+        services.AddSingleton<IAuditService, AuditService>();
     }
 
     private static void ConfigureLogging(IServiceCollection services)