Add required audit functions

Emyrk · Emyrk · commit dff9a95c1e1d · 2024-06-20T18:27:39.000-05:00
diff --git a/coderd/audit/request.go b/coderd/audit/request.go
@@ -105,6 +105,8 @@ func ResourceTarget[T Auditable](tgt T) string {
 		return typed.DisplaySecret
 	case database.CustomRole:
 		return typed.Name
+	case database.OrganizationMember:
+		return typed.UserID.String()
 	default:
 		panic(fmt.Sprintf("unknown resource %T for ResourceTarget", tgt))
 	}
diff --git a/coderd/members.go b/coderd/members.go
@@ -170,11 +170,20 @@ func (api *API) listMembers(rw http.ResponseWriter, r *http.Request) {
 // @Router /organizations/{organization}/members/{user}/roles [put]
 func (api *API) putMemberRoles(rw http.ResponseWriter, r *http.Request) {
 	var (
-		ctx          = r.Context()
-		organization = httpmw.OrganizationParam(r)
-		member       = httpmw.OrganizationMemberParam(r)
-		apiKey       = httpmw.APIKey(r)
+		ctx               = r.Context()
+		organization      = httpmw.OrganizationParam(r)
+		member            = httpmw.OrganizationMemberParam(r)
+		apiKey            = httpmw.APIKey(r)
+		auditor           = api.Auditor.Load()
+		aReq, commitAudit = audit.InitRequest[database.OrganizationMember](rw, &audit.RequestParams{
+			Audit:   *auditor,
+			Log:     api.Logger,
+			Request: r,
+			Action:  database.AuditActionDelete,
+		})
 	)
+	aReq.Old = member.OrganizationMember
+	defer commitAudit()
 
 	if apiKey.UserID == member.UserID {
 		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
@@ -203,6 +212,7 @@ func (api *API) putMemberRoles(rw http.ResponseWriter, r *http.Request) {
 		})
 		return
 	}
+	aReq.New = updatedUser
 
 	resp, err := convertOrganizationMembers(ctx, api.Database, []database.OrganizationMember{updatedUser})
 	if err != nil {
diff --git a/enterprise/audit/table.go b/enterprise/audit/table.go
@@ -50,6 +50,13 @@ type Table map[string]map[string]Action
 var AuditableResources = auditMap(auditableResourcesTypes)
 
 var auditableResourcesTypes = map[any]map[string]Action{
+	&database.OrganizationMember{}: {
+		"user_id":         ActionTrack,
+		"organization_id": ActionTrack,
+		"created_at":      ActionTrack,
+		"updated_at":      ActionTrack,
+		"roles":           ActionTrack,
+	},
 	&database.CustomRole{}: {
 		"name":             ActionTrack,
 		"display_name":     ActionTrack,

Original file line number	Diff line number	Diff line change
`@@ -105,6 +105,8 @@ func ResourceTarget[T Auditable](tgt T) string {`
`105`	`105`	`return typed.DisplaySecret`
`106`	`106`	`case database.CustomRole:`
`107`	`107`	`return typed.Name`
	`108`	`+ case database.OrganizationMember:`
	`109`	`+ return typed.UserID.String()`
`108`	`110`	`default:`
`109`	`111`	`panic(fmt.Sprintf("unknown resource %T for ResourceTarget", tgt))`
`110`	`112`	`}`