Add papertrail gem

.rubocop.yml

@@ -83,6 +83,9 @@ Naming/FileName:
 Rails/EnumHash:
   Enabled: false
 
+Rails/SkipsModelValidations:
+  AllowedMethods: ["touch"]
+
 # Keep for now, easier with superclass definitions
 Style/ClassAndModuleChildren:
   Enabled: false

Gemfile

@@ -18,6 +18,7 @@ gem 'faker'
 gem 'haml'
 gem 'maxmind-db'
 gem 'openid_connect'
+gem 'paper_trail', '~> 12.3'
 gem 'password_strength'
 gem 'pg'
 gem 'pundit'

Gemfile.lock

@@ -195,6 +195,9 @@ GEM
       validate_email
       validate_url
       webfinger (>= 1.0.1)
+    paper_trail (12.3.0)
+      activerecord (>= 5.2)
+      request_store (~> 1.1)
     parallel (1.21.0)
     parser (3.1.1.0)
       ast (~> 2.4.1)
@@ -263,6 +266,8 @@ GEM
     rainbow (3.1.1)
     rake (13.0.6)
     regexp_parser (2.2.1)
+    request_store (1.5.1)
+      rack (>= 1.4)
     rexml (3.2.5)
     rspec-core (3.11.0)
       rspec-support (~> 3.11.0)
@@ -384,6 +389,7 @@ DEPENDENCIES
   mysql2
   net-ldap
   openid_connect
+  paper_trail (~> 12.3)
   password_strength
   pg
   pry

app/controllers/api/encryptables_controller.rb

@@ -5,6 +5,8 @@ class Api::EncryptablesController < ApiController
 
   self.permitted_attrs = [:name, :description, :tag]
 
+  before_action :set_paper_trail_whodunnit
+
   helper_method :team
 
   # GET /api/encryptables
@@ -19,6 +21,7 @@ def index
   def show
     authorize entry
     entry.decrypt(decrypted_team_password(team))
+    log_read_access
     render_entry
   end
 
@@ -69,6 +72,16 @@ def model_class
   end
   # rubocop:enable Metrics/MethodLength
 
+  def fetch_entries
+    if encryptable_file?
+      super
+    elsif tag_param.present?
+      user_encryptables.find_by(tag: tag_param)
+    else
+      Encryptables::FilteredList.new(current_user, params).fetch_entries
+    end
+  end
+
   def build_entry
     return build_encryptable_file if encryptable_file?
 
@@ -128,4 +141,11 @@ def permitted_attrs
       []
     end
   end
+
+  def log_read_access
+    v = encryptable.paper_trail.save_with_version
+    v.event = :viewed
+    v.created_at = DateTime.now
+    v.save!
+  end
 end

app/controllers/api/logs_controller.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+class Api::LogsController < ApiController
+
+  def index(options = {})
+    authorize(team, :index?, policy_class: LogPolicy)
+    render({ json: fetch_entries,
+             each_serializer: @model_serializer ||= LogsSerializer }
+      .merge(render_options)
+      .merge(options.fetch(:render_options, {})))
+  end
+
+  def fetch_entries
+    PaperTrail.serializer = JSON
+    limit = params[:load] || 20
+    offset = params[:offset] || 0
+    Version
+      .includes(:user)
+      .where(item_id: params[:encryptable_id])
+      .order(created_at: :desc)
+      .offset(offset)
+      .limit(limit)
+  end
+
+  def team
+    @team ||= Encryptable.find(params[:encryptable_id]).folder.team
+  end
+end

app/models/encryptable.rb

@@ -17,6 +17,12 @@
 
 class Encryptable < ApplicationRecord
 
+  has_paper_trail on: [:touch, :update], ignore: [:tag, :type], versions: {
+    class_name: 'Version'
+  }
+
+  before_destroy :destroy_versions
+
   serialize :encrypted_data, ::EncryptedData
 
   attr_readonly :type
@@ -71,4 +77,8 @@ def decrypt_attr(attr, team_password)
     instance_variable_set("@cleartext_#{attr}", cleartext_value)
   end
 
+  def destroy_versions
+    versions.destroy_all
+  end
+
 end

app/models/user.rb

@@ -31,6 +31,8 @@ class User < ApplicationRecord
   validates :username, uniqueness: :username
   validates :username, presence: true
 
+  has_many :versions, foreign_key: :whodunnit, dependent: :destroy, class_name: 'Version'
+
   def update_password(old, new)
     return unless auth_db?
 

app/models/version.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+class Version < PaperTrail::Version
+  belongs_to :user, class_name: 'User', foreign_key: :whodunnit
+  belongs_to :encryptable, class_name: 'Encryptable', foreign_key: :item_id
+end

app/policies/log_policy.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class LogPolicy < TeamPolicy
+  def index?
+    team_member?
+  end
+
+  def show?
+    @team.teammember?(@user.id) && [email protected]_a?(User::Api)
+  end
+end

app/presenters/encryptables/filtered_list.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module ::Encryptables
+  class FilteredList < ::FilteredList
+
+    def fetch_entries
+      filtered_encryptables = encryptables
+
+      filtered_encryptables = filter_by_recent if recent?
+      filtered_encryptables = filter_by_query(filtered_encryptables) if query
+
+
+      filtered_encryptables
+    end
+
+    private
+
+    def query
+      @params[:q]&.strip&.downcase
+    end
+
+    def recent?
+      true?(@params[:recent])
+    end
+
+    def encryptables
+      @current_user.encryptables
+    end
+
+    def filter_by_query(encryptables)
+      encryptables.where(
+        'lower(encryptables.description) LIKE :query
+        OR lower(encryptables.name) LIKE :query',
+        query: "%#{query}%"
+      )
+    end
+
+    def filter_by_recent
+      Version
+        .includes(:encryptable, encryptable: [:folder])
+        .where(whodunnit: @current_user)
+        .order(created_at: :desc)
+        .group(:item_id, :item_type)
+        .select(:item_id, :item_type)
+        .limit(5)
+        .map(&:encryptable)
+    end
+  end
+end

app/presenters/filtered_list.rb

@@ -15,4 +15,8 @@ def fetch_entries
   def list_param(key)
     @params[key].to_a.map(&:to_i)
   end
+
+  def true?(value)
+    %w[1 yes true].include?(value.to_s.downcase)
+  end
 end

app/serializers/logs_serializer.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class LogsSerializer < ApplicationSerializer
+  attributes :id, :item_type, :event, :user_id, :username, :created_at
+
+  belongs_to :encryptable
+
+  def user_id
+    object.whodunnit
+  end
+
+  def encryptable
+    object.item
+  end
+
+  def username
+    object.user.username
+  end
+end

config/routes/api.rb

@@ -11,7 +11,9 @@
       end
     end
 
-    resources :encryptables, except: [:new, :edit]
+    resources :encryptables, except: [:new, :edit] do
+      resources :logs, only: [:index]
+    end
 
     resources :api_users, except: [:new, :edit] do
       member do

db/migrate/20220401130939_create_versions.rb

@@ -0,0 +1,38 @@
+# This migration creates the `versions` table, the only schema PT requires.
+# All other migrations PT provides are optional.
+class CreateVersions < ActiveRecord::Migration[7.0]
+
+  # The largest text column available in all supported RDBMS is
+  # 1024^3 - 1 bytes, roughly one gibibyte.  We specify a size
+  # so that MySQL will use `longtext` instead of `text`.  Otherwise,
+  # when serializing very large objects, `text` might not be big enough.
+  TEXT_BYTES = 1_073_741_823
+
+  def change
+    create_table :versions do |t|
+      t.string   :item_type, null: false
+      t.bigint   :item_id,   null: false
+      t.string   :event,     null: false
+      t.string   :whodunnit
+      t.text     :object, limit: TEXT_BYTES
+
+      # Known issue in MySQL: fractional second precision
+      # -------------------------------------------------
+      #
+      # MySQL timestamp columns do not support fractional seconds unless
+      # defined with "fractional seconds precision". MySQL users should manually
+      # add fractional seconds precision to this migration, specifically, to
+      # the `created_at` column.
+      # (https://dev.mysql.com/doc/refman/5.6/en/fractional-seconds.html)
+      #
+      # MySQL users should also upgrade to at least rails 4.2, which is the first
+      # version of ActiveRecord with support for fractional seconds in MySQL.
+      # (https://github.com/rails/rails/pull/14359)
+      # 
+      # MySQL users should use the following line for `created_at`
+      t.datetime :created_at, limit: 6
+      #t.datetime :created_at
+    end
+    add_index :versions, %i(item_type item_id)
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2022_03_29_122335) do
+ActiveRecord::Schema[7.0].define(version: 2022_04_01_130939) do
   create_table "encryptables", force: :cascade do |t|
     t.string "name", limit: 255, default: "", null: false
     t.integer "folder_id"
@@ -92,4 +92,14 @@
     t.index ["default_ccli_user_id"], name: "index_users_on_default_ccli_user_id"
   end
 
+  create_table "versions", force: :cascade do |t|
+    t.string "item_type", null: false
+    t.bigint "item_id", null: false
+    t.string "event", null: false
+    t.string "whodunnit"
+    t.text "object", limit: 1073741823
+    t.datetime "created_at"
+    t.index ["item_type", "item_id"], name: "index_versions_on_item_type_and_item_id"
+  end
+
 end

frontend/app/adapters/version.js

@@ -0,0 +1,19 @@
+import ApplicationAdapter from "./application";
+
+export default ApplicationAdapter.extend({
+  namespace: "api/encryptables",
+
+  pathForType() {
+    return "logs";
+  },
+
+  urlForQuery(query, modelName) {
+    if (query.encryptableId) {
+      let url = `/${this.namespace}/${query.encryptableId}/logs`;
+
+      delete query.encryptableId;
+      return url;
+    }
+    return super.urlForQuery(query, modelName);
+  }
+});