Cwdoe 1021 log privileged functions (#49)

* added privilege logging
cmu-sei · Aug 28, 2023 · d283116 · d283116
1 parent 4e54346
commit d283116
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 8 deletions.
diff --git a/Steamfitter.Api/Services/UserPermissionService.cs b/Steamfitter.Api/Services/UserPermissionService.cs
@@ -10,10 +10,12 @@
 using AutoMapper;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Logging;
 using Steamfitter.Api.Data;
 using Steamfitter.Api.Data.Models;
 using Steamfitter.Api.Infrastructure.Authorization;
 using Steamfitter.Api.Infrastructure.Exceptions;
+using Steamfitter.Api.Infrastructure.Extensions;
 using SAVM = Steamfitter.Api.ViewModels;
 
 namespace Steamfitter.Api.Services
@@ -33,13 +35,15 @@ public class UserPermissionService : IUserPermissionService
         private readonly IAuthorizationService _authorizationService;
         private readonly ClaimsPrincipal _user;
         private readonly IMapper _mapper;
+        private readonly ILogger<IUserPermissionService> _logger;
 
-        public UserPermissionService(SteamfitterContext context, IAuthorizationService authorizationService, IPrincipal user, IMapper mapper)
+        public UserPermissionService(SteamfitterContext context, IAuthorizationService authorizationService, IPrincipal user, ILogger<IUserPermissionService> logger, IMapper mapper)
         {
             _context = context;
             _authorizationService = authorizationService;
             _user = user as ClaimsPrincipal;
             _mapper = mapper;
+            _logger = logger;
         }
 
         public async STT.Task<IEnumerable<ViewModels.UserPermission>> GetAsync(CancellationToken ct)
@@ -74,7 +78,7 @@ public UserPermissionService(SteamfitterContext context, IAuthorizationService a
 
             _context.UserPermissions.Add(userPermissionEntity);
             await _context.SaveChangesAsync(ct);
-
+            _logger.LogWarning($"Permission {userPermission.PermissionId} added to user {userPermission.UserId} by {_user.GetId()}");
             return await GetAsync(userPermissionEntity.Id, ct);
         }
 
@@ -90,7 +94,7 @@ public async STT.Task<bool> DeleteAsync(Guid id, CancellationToken ct)
 
             _context.UserPermissions.Remove(userPermissionToDelete);
             await _context.SaveChangesAsync(ct);
-
+            _logger.LogWarning($"Permission {userPermissionToDelete.PermissionId} removed from user {userPermissionToDelete.UserId} by {_user.GetId()}");
             return true;
         }
 
@@ -106,7 +110,7 @@ public async STT.Task<bool> DeleteByIdsAsync(Guid userId, Guid permissionId, Can
 
             _context.UserPermissions.Remove(userPermissionToDelete);
             await _context.SaveChangesAsync(ct);
-
+            _logger.LogWarning($"Permission {userPermissionToDelete.PermissionId} removed from user {userPermissionToDelete.UserId} by {_user.GetId()}");
             return true;
         }
 

diff --git a/Steamfitter.Api/Services/UserService.cs b/Steamfitter.Api/Services/UserService.cs
@@ -12,6 +12,7 @@
 using AutoMapper.QueryableExtensions;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Logging;
 using Steamfitter.Api.Data;
 using Steamfitter.Api.Data.Models;
 using Steamfitter.Api.Infrastructure.Extensions;
@@ -37,14 +38,16 @@ public class UserService : IUserService
         private readonly IAuthorizationService _authorizationService;
         private readonly IUserClaimsService _userClaimsService;
         private readonly IMapper _mapper;
+        private readonly ILogger<IUserService> _logger;
 
-        public UserService(SteamfitterContext context, IPrincipal user, IAuthorizationService authorizationService, IUserClaimsService userClaimsService, IMapper mapper)
+        public UserService(SteamfitterContext context, IPrincipal user, IAuthorizationService authorizationService, IUserClaimsService userClaimsService, ILogger<IUserService> logger, IMapper mapper)
         {
             _context = context;
             _user = user as ClaimsPrincipal;
             _authorizationService = authorizationService;
             _userClaimsService = userClaimsService;
             _mapper = mapper;
+            _logger = logger;
         }
 
         public async STT.Task<IEnumerable<ViewModels.User>> GetAsync(CancellationToken ct)
@@ -78,7 +81,7 @@ public UserService(SteamfitterContext context, IPrincipal user, IAuthorizationSe
 
             _context.Users.Add(userEntity);
             await _context.SaveChangesAsync(ct);
-
+            _logger.LogWarning($"User {user.Name} ({userEntity.Id}) created by {_user.GetId()}");
             return await GetAsync(user.Id, ct);
         }
 
@@ -102,7 +105,7 @@ public UserService(SteamfitterContext context, IPrincipal user, IAuthorizationSe
 
             _context.Users.Update(userToUpdate);
             await _context.SaveChangesAsync(ct);
-
+            _logger.LogWarning($"User {userToUpdate.Name} ({userToUpdate.Id}) updated by {_user.GetId()}");
             return await GetAsync(id, ct);
         }
 
@@ -123,7 +126,7 @@ public async STT.Task<bool> DeleteAsync(Guid id, CancellationToken ct)
 
             _context.Users.Remove(userToDelete);
             await _context.SaveChangesAsync(ct);
-
+            _logger.LogWarning($"User {userToDelete.Name} ({userToDelete.Id}) deleted by {_user.GetId()}");
             return true;
         }