Merge branch 'logs_changes_am' into GR_remove_logs_redir

Author: RatGabi

lib/travis/api/app/endpoint/logs.rb

@@ -9,6 +9,14 @@ class Logs < Endpoint
         resource = service(:find_log, id: params[:id]).run
         job = resource ? Job.find(resource.job_id) : nil
 
+        halt 404 unless job
+
+        repo = Travis::API::V3::Models::Repository.find(job.repository.id)
+        repo_can_write = current_user ? !!repo.users.where(id: current_user.id, permissions: { push: true }).first : false
+
+        raise LogExpired if repo.user_settings.job_log_time_based_limit && job.started_at && job.started_at < Time.now - repo.user_settings.job_log_access_older_than_days.days
+        raise LogAccessDenied if repo.user_settings.job_log_access_based_limit && !repo_can_write
+
         if !resource || ((job.try(:private?) || !allow_public?) && !has_permission?(job))
           halt 404
         elsif resource.removed_at && accepts?('application/json')

lib/travis/api/v3/models/audit.rb

@@ -0,0 +1,6 @@
+module Travis::API::V3
+  class Models::Audit < Model
+    belongs_to :owner, polymorphic: true
+    belongs_to :source, polymorphic: true
+  end
+end

lib/travis/api/v3/models/json_slice.rb

@@ -2,7 +2,9 @@
 
 module Travis::API::V3
   class Models::JsonSlice
-    include Virtus.model, Enumerable, Models::JsonSync, ActiveModel::Validations
+    include Virtus.model, Enumerable, Models::JsonSync, ActiveModel::Validations, ActiveSupport::Callbacks, ActiveModel::Dirty
+    extend ActiveSupport::Concern
+    define_callbacks :after_save
 
     class << self
       attr_accessor :child_klass
@@ -30,14 +32,21 @@ def read(name)
 
     def update(name, value)
       raise NotFound unless respond_to?(:"#{name}=")
+      @changes = { :"#{name}" => { before: send(name), after: value } } unless value == send(name)
       send(:"#{name}=", value)
       raise UnprocessableEntity, errors.full_messages.to_sentence unless valid?
       sync!
+      run_callbacks :after_save
+      @changes = {}
       read(name)
     end
 
     def to_h
       Hash[map { |x| [x.name, x.value] }]
     end
+
+    def changes
+      @changes
+    end
   end
 end

lib/travis/api/v3/models/user_settings.rb

@@ -20,8 +20,12 @@ class Models::UserSettings < Models::JsonSlice
 
     validate :job_log_access_older_than_days_restriction
 
+    set_callback :after_save, :after, :save_audit
+
     attr_reader :repo
 
+    attr_accessor :user, :change_source
+
     def initialize(repo, data)
       @repo = repo
       super(data)
@@ -75,5 +79,13 @@ def job_log_access_older_than_days_restriction
         errors.add(:job_log_access_older_than_days, "is outside the bounds")
       end
     end
+
+    private
+
+    def save_audit
+      if self.change_source
+        Travis::API::V3::Models::Audit.create!(owner: self.user, change_source: self.change_source, source: self.repo, source_changes: { settings: self.changes })
+      end
+    end
   end
 end

lib/travis/api/v3/queries/log.rb

@@ -1,16 +1,14 @@
 module Travis::API::V3
   class Queries::Log < RemoteQuery
-    def find_by_job_id(repo_can_write, job_id)
-      find repo_can_write, Models::Job.find(job_id)
+    def find_by_job_id(job_id)
+      find Models::Job.find(job_id)
     end
 
-    def find(repo_can_write, job)
+    def find(job)
       @job = job
-      raise LogExpired if !job.repository.user_settings.job_log_time_based_limit && job.started_at < Time.now - job.repository.user_settings.job_log_access_older_than_days.days
-      raise LogAccessDenied if job.repository.user_settings.job_log_access_based_limit && !repo_can_write
-
       remote_log = Travis::RemoteLog::Remote.new(platform: platform).find_by_job_id(platform_job_id)
       raise EntityMissing, 'log not found'.freeze if remote_log.nil?
+
       log = Travis::API::V3::Models::Log.new(remote_log: remote_log, job: job)
       # if the log has been archived, go to s3
       if log.archived?

lib/travis/api/v3/queries/user_setting.rb

@@ -6,8 +6,11 @@ def find(repository)
       repository.user_settings.read(_name)
     end
 
-    def update(repository)
-      repository.user_settings.update(_name, _value)
+    def update(repository, user, from_admin)
+      user_settings = repository.user_settings
+      user_settings.user = user
+      user_settings.change_source = 'travis-api' unless from_admin
+      user_settings.update(_name, _value)
     end
 
     private

lib/travis/api/v3/services/log/find.rb

@@ -6,8 +6,11 @@ def run!
       job = Models::Job.find(params['job.id'])
       repo_can_write = access_control.user ? !!job.repository.users.where(id: access_control.user.id, permissions: { push: true }).first : false
 
-      log = query.find(repo_can_write, job)
+      log = query.find(job)
       raise(NotFound, :log) unless access_control.visible? log
+      raise LogExpired if job.repository.user_settings.job_log_time_based_limit && job.started_at && job.started_at < Time.now - job.repository.user_settings.job_log_access_older_than_days.days
+      raise LogAccessDenied if job.repository.user_settings.job_log_access_based_limit && !repo_can_write
+
       result log
     end
   end

lib/travis/api/v3/services/user_setting/update.rb

@@ -9,8 +9,9 @@ def run!
 
       user_setting = query.find(repository)
       access_control.permissions(user_setting).write!
+      app_id = Travis::Api::App::AccessToken.find_by_token(access_control.token).app_id
 
-      user_setting = query.update(repository)      
+      user_setting = query.update(repository, access_control.user, app_id == 2)
       result user_setting
     end
   end