Skip to content

Commit 74ffd27

Browse files
Kira-PilotKira-Pilot
authored
fix: respect uppercase letters in username filter for audit (#7880)
* fix: respect uppercase letters in username filter for audit * updated documentation
1 parent 91dd3fb commit 74ffd27

File tree

4 files changed

+32
-12
lines changed

4 files changed

+32
-12
lines changed

coderd/audit.go

+6
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ import (
3737
// @Router /audit [get]
3838
func (api *API) auditLogs(rw http.ResponseWriter, r *http.Request) {
3939
ctx := r.Context()
40+
apiKey := httpmw.APIKey(r)
4041

4142
page, ok := parsePagination(rw, r)
4243
if !ok {
@@ -55,6 +56,11 @@ func (api *API) auditLogs(rw http.ResponseWriter, r *http.Request) {
5556
filter.Offset = int32(page.Offset)
5657
filter.Limit = int32(page.Limit)
5758

59+
if filter.Username == "me" {
60+
filter.UserID = apiKey.UserID
61+
filter.Username = ""
62+
}
63+
5864
dblogs, err := api.Database.GetAuditLogsOffset(ctx, filter)
5965
if err != nil {
6066
httpapi.InternalServerError(rw, err)

coderd/database/queries.sql.go

+18-10
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/auditlogs.sql

+7-1
Original file line numberDiff line numberDiff line change
@@ -62,10 +62,16 @@ WHERE
6262
action = @action :: audit_action
6363
ELSE true
6464
END
65+
-- Filter by user_id
66+
AND CASE
67+
WHEN @user_id :: uuid != '00000000-0000-0000-0000-000000000000'::uuid THEN
68+
user_id = @user_id
69+
ELSE true
70+
END
6571
-- Filter by username
6672
AND CASE
6773
WHEN @username :: text != '' THEN
68-
users.username = @username
74+
user_id = (SELECT id FROM users WHERE lower(username) = lower(@username) AND deleted = false)
6975
ELSE true
7076
END
7177
-- Filter by user_email

docs/admin/audit-logs.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ The supported filters are:
3737
- `resource_id` - The ID of the resource.
3838
- `resource_target` - The name of the resource. Can be used instead of `resource_id`.
3939
- `action`- The action applied to a resource. You can [find here](https://pkg.go.dev/github.com/coder/coder/codersdk#AuditAction) all the actions that are supported.
40-
- `username` - The username of the user who triggered the action.
40+
- `username` - The username of the user who triggered the action. You can also use `me` as a convenient alias for the logged-in user.
4141
- `email` - The email of the user who triggered the action.
4242
- `date_from` - The inclusive start date with format `YYYY-MM-DD`.
4343
- `date_to` - The inclusive end date with format `YYYY-MM-DD`.

0 commit comments

Comments
 (0)