feat(admin-log): role and permission changes are now tracked (#3833)

thorsten · thorsten · commit 9df3a1b9e3f1 · 2026-01-06T20:14:21.000+01:00
diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/GroupController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/GroupController.php
@@ -19,7 +19,6 @@
 
 namespace phpMyFAQ\Controller\Administration\Api;
 
-use phpMyFAQ\Controller\AbstractController;
 use phpMyFAQ\Core\Exception;
 use phpMyFAQ\Permission\MediumPermission;
 use phpMyFAQ\User\CurrentUser;
@@ -28,7 +27,7 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;
 
-final class GroupController extends AbstractController
+final class GroupController extends AbstractAdministrationApiController
 {
     /**
      * @throws Exception
diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/UserController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/UserController.php
@@ -22,8 +22,8 @@
 use phpMyFAQ\Administration\Report;
 use phpMyFAQ\Auth;
 use phpMyFAQ\Category;
-use phpMyFAQ\Controller\AbstractController;
 use phpMyFAQ\Core\Exception;
+use phpMyFAQ\Enums\AdminLogType;
 use phpMyFAQ\Enums\PermissionType;
 use phpMyFAQ\Filter;
 use phpMyFAQ\Helper\MailHelper;
@@ -40,7 +40,7 @@
 use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
 use Symfony\Component\Routing\Attribute\Route;
 
-final class UserController extends AbstractController
+final class UserController extends AbstractAdministrationApiController
 {
     /**
      * @throws Exception
@@ -102,7 +102,6 @@ public function csvExport(): Response
             ['ID', 'Status', 'Super Admin', 'Visible', 'Display Name', 'Username', 'Email', 'Auth Source'],
             separator: ',',
             enclosure: '"',
-            escape: '\\',
             eol: PHP_EOL,
         );
 
@@ -122,7 +121,6 @@ public function csvExport(): Response
                 ],
                 separator: ',',
                 enclosure: '"',
-                escape: '\\',
                 eol: PHP_EOL,
             );
         }
@@ -208,6 +206,7 @@ public function activate(Request $request): JsonResponse
         $currentUser->getUserById((int) $userId, allowBlockedUsers: true);
         try {
             if ($currentUser->activateUser()) {
+                $this->adminLog->log($this->currentUser, AdminLogType::USER_EDIT->value . ' (activated):' . $userId);
                 return $this->json(['success' => $currentUser->getStatus()], Response::HTTP_OK);
             }
 
@@ -254,6 +253,8 @@ public function overwritePassword(Request $request): JsonResponse
                 return $this->json(['error' => Translation::get(key: 'ad_passwd_fail')], Response::HTTP_BAD_REQUEST);
             }
 
+            $this->adminLog->log($this->currentUser, AdminLogType::USER_CHANGE_PASSWORD->value . ':' . $userId);
+
             return $this->json(['success' => Translation::get(key: 'ad_passwdsuc')], Response::HTTP_OK);
         }
 
@@ -300,6 +301,8 @@ public function deleteUser(Request $request): JsonResponse
             $permissions->removeFromAllGroups($userId);
         }
 
+        $this->adminLog->log($this->currentUser, AdminLogType::USER_DELETE->value . ':' . $userId);
+
         return $this->json(['success' => Translation::get(key: 'ad_user_deleted')], Response::HTTP_OK);
     }
 
@@ -374,6 +377,8 @@ public function addUser(Request $request): JsonResponse
                 /* @mago-expect lint:no-empty-catch-clause */
             }
 
+            $this->adminLog->log($this->currentUser, AdminLogType::USER_ADD->value . ':' . $newUser->getUserId());
+
             return $this->json(['success' => Translation::get(key: 'ad_adus_suc')], Response::HTTP_OK);
         }
 
@@ -433,6 +438,8 @@ public function editUser(Request $request): JsonResponse
             return $this->json(['error' => 'ad_msg_mysqlerr'], Response::HTTP_BAD_REQUEST);
         }
 
+        $this->adminLog->log($this->currentUser, AdminLogType::USER_EDIT->value . ':' . $userId);
+
         $success =
             Translation::get(key: 'ad_msg_savedsuc_1')
             . ' "'
@@ -478,6 +485,8 @@ public function updateUserRights(Request $request): JsonResponse
             $user->perm->grantUserRight($userId, (int) $userRight);
         }
 
+        $this->adminLog->log($this->currentUser, AdminLogType::USER_CHANGE_PERMISSIONS->value . ':' . $userId);
+
         $user->terminateSessionId();
         $success =
             Translation::get(key: 'ad_msg_savedsuc_1')
diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/GroupController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/GroupController.php
@@ -20,6 +20,7 @@
 namespace phpMyFAQ\Controller\Administration;
 
 use phpMyFAQ\Core\Exception;
+use phpMyFAQ\Enums\AdminLogType;
 use phpMyFAQ\Enums\PermissionType;
 use phpMyFAQ\Filter;
 use phpMyFAQ\Session\Token;
@@ -114,6 +115,7 @@ public function create(Request $request): Response
         }
 
         if ($groupId !== 0) {
+            $this->adminLog->log($this->currentUser, AdminLogType::GROUP_ADD->value . ':' . $groupId);
             $message = sprintf('<div class="alert alert-success">%s</div>', Translation::get(key: 'ad_group_suc'));
         }
 
@@ -175,6 +177,7 @@ public function delete(Request $request): Response
         }
 
         if ($deleteResult) {
+            $this->adminLog->log($this->currentUser, AdminLogType::GROUP_DELETE->value . ':' . $groupId);
             $message = sprintf('<div class="alert alert-success">%s</div>', Translation::get(key: 'ad_group_deleted'));
         }
 
@@ -222,6 +225,7 @@ public function update(Request $request): Response
         }
 
         if ($changeResult) {
+            $this->adminLog->log($this->currentUser, AdminLogType::GROUP_EDIT->value . ':' . $groupId);
             $message = sprintf(
                 '<p class="alert alert-success">%s <strong>%s</strong> %s</p>',
                 Translation::get(key: 'ad_msg_savedsuc_1'),
@@ -264,6 +268,8 @@ public function updateMembers(Request $request): Response
                 $user->perm->addToGroup((int) $groupMember, $groupId);
             }
 
+            $this->adminLog->log($this->currentUser, AdminLogType::GROUP_EDIT->value . ' (members):' . $groupId);
+
             $message = sprintf(
                 '<p class="alert alert-success">%s <strong>%s</strong> %s</p>',
                 Translation::get(key: 'ad_msg_savedsuc_1'),
@@ -306,6 +312,8 @@ public function updatePermissions(Request $request): Response
                 $user->perm->grantGroupRight($groupId, (int) $groupPermission);
             }
 
+            $this->adminLog->log($this->currentUser, AdminLogType::GROUP_CHANGE_PERMISSIONS->value . ':' . $groupId);
+
             $message = sprintf(
                 '<p class="alert alert-success">%s <strong>%s</strong> %s</p>',
                 Translation::get(key: 'ad_msg_savedsuc_1'),

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@`
`20`	`20`	`namespace phpMyFAQ\Controller\Administration;`
`21`	`21`
`22`	`22`	`use phpMyFAQ\Core\Exception;`
	`23`	`+use phpMyFAQ\Enums\AdminLogType;`
`23`	`24`	`use phpMyFAQ\Enums\PermissionType;`
`24`	`25`	`use phpMyFAQ\Filter;`
`25`	`26`	`use phpMyFAQ\Session\Token;`
`@@ -114,6 +115,7 @@ public function create(Request $request): Response`
`114`	`115`	`}`
`115`	`116`
`116`	`117`	`if ($groupId !== 0) {`
	`118`	`+ $this->adminLog->log($this->currentUser, AdminLogType::GROUP_ADD->value . ':' . $groupId);`
`117`	`119`	`$message = sprintf('<div class="alert alert-success">%s</div>', Translation::get(key: 'ad_group_suc'));`
`118`	`120`	`}`
`119`	`121`
`@@ -175,6 +177,7 @@ public function delete(Request $request): Response`
`175`	`177`	`}`
`176`	`178`
`177`	`179`	`if ($deleteResult) {`
	`180`	`+ $this->adminLog->log($this->currentUser, AdminLogType::GROUP_DELETE->value . ':' . $groupId);`
`178`	`181`	`$message = sprintf('<div class="alert alert-success">%s</div>', Translation::get(key: 'ad_group_deleted'));`
`179`	`182`	`}`
`180`	`183`
`@@ -222,6 +225,7 @@ public function update(Request $request): Response`
`222`	`225`	`}`
`223`	`226`
`224`	`227`	`if ($changeResult) {`
	`228`	`+ $this->adminLog->log($this->currentUser, AdminLogType::GROUP_EDIT->value . ':' . $groupId);`
`225`	`229`	`$message = sprintf(`
`226`	`230`	`'<p class="alert alert-success">%s <strong>%s</strong> %s</p>',`
`227`	`231`	`Translation::get(key: 'ad_msg_savedsuc_1'),`
`@@ -264,6 +268,8 @@ public function updateMembers(Request $request): Response`
`264`	`268`	`$user->perm->addToGroup((int) $groupMember, $groupId);`
`265`	`269`	`}`
`266`	`270`
	`271`	`+ $this->adminLog->log($this->currentUser, AdminLogType::GROUP_EDIT->value . ' (members):' . $groupId);`
	`272`	`+`
`267`	`273`	`$message = sprintf(`
`268`	`274`	`'<p class="alert alert-success">%s <strong>%s</strong> %s</p>',`
`269`	`275`	`Translation::get(key: 'ad_msg_savedsuc_1'),`
`@@ -306,6 +312,8 @@ public function updatePermissions(Request $request): Response`
`306`	`312`	`$user->perm->grantGroupRight($groupId, (int) $groupPermission);`
`307`	`313`	`}`
`308`	`314`
	`315`	`+ $this->adminLog->log($this->currentUser, AdminLogType::GROUP_CHANGE_PERMISSIONS->value . ':' . $groupId);`
	`316`	`+`
`309`	`317`	`$message = sprintf(`
`310`	`318`	`'<p class="alert alert-success">%s <strong>%s</strong> %s</p>',`
`311`	`319`	`Translation::get(key: 'ad_msg_savedsuc_1'),`