Render permissions changes in KB history timeline (#23205)

f2cmb · web-flow · commit 3879084d9f76 · 2026-03-03T14:33:33.000+01:00
diff --git a/css/includes/components/_kb.scss b/css/includes/components/_kb.scss
@@ -92,6 +92,12 @@
 
 [data-glpi-knowbase-side-panel-offcanvas] {
     width: min(400px, 85vw);
+
+    .steps-vertical {
+        --tblr-steps-padding: 1.5rem;
+
+        margin-left: 0;
+    }
 }
 
 // KB Documents footer section
diff --git a/src/Glpi/Knowbase/History/HistoryBuilder.php b/src/Glpi/Knowbase/History/HistoryBuilder.php
@@ -35,9 +35,13 @@
 namespace Glpi\Knowbase\History;
 
 use Document;
+use Entity;
+use Group;
 use KnowbaseItem;
 use KnowbaseItem_Revision;
 use Log;
+use Profile;
+use User;
 
 final class HistoryBuilder
 {
@@ -56,6 +60,7 @@ public function buildHistory(): HistoryEventList
         $this->addFaqStatusChangesToHistory();
         $this->addAssociatedItemChangesToHistory();
         $this->addDocumentChangesToHistory();
+        $this->addPermissionChangesToHistory();
         $this->history->sort();
         return $this->history;
     }
@@ -136,6 +141,45 @@ private function addCurrentVersionToHistory(): void
         ));
     }
 
+    private function addPermissionChangesToHistory(): void
+    {
+        global $DB;
+
+        $target_types = [
+            Entity::class,
+            Group::class,
+            Profile::class,
+            User::class,
+        ];
+
+        $logs = $DB->request([
+            'SELECT' => ['date_mod', 'user_name', 'linked_action', 'old_value', 'new_value'],
+            'FROM'   => Log::getTable(),
+            'WHERE'  => [
+                'itemtype'      => KnowbaseItem::class,
+                'items_id'      => $this->kb->getID(),
+                'linked_action' => [Log::HISTORY_ADD_RELATION, Log::HISTORY_DEL_RELATION],
+                'itemtype_link' => $target_types,
+            ],
+            'ORDER' => 'id DESC',
+        ]);
+
+        foreach ($logs as $row) {
+            $is_add = (int) $row['linked_action'] === Log::HISTORY_ADD_RELATION;
+            $target_name = $is_add ? $row['new_value'] : $row['old_value'];
+            $description = $is_add
+                ? sprintf(__("Access granted to %s by"), $target_name)
+                : sprintf(__("Access revoked from %s by"), $target_name);
+
+            $this->history->addEvent(new LogEvent(
+                label: __("Permissions updated"),
+                description: $description,
+                date: $row['date_mod'],
+                author: $row['user_name'],
+            ));
+        }
+    }
+
     private function addFaqStatusChangesToHistory(): void
     {
         global $DB;
@@ -156,7 +200,6 @@ private function addFaqStatusChangesToHistory(): void
             'ORDER' => 'id DESC',
         ]);
 
-
         foreach ($logs as $row) {
             $label = $row['new_value']
                 ? __("Added to the FAQ")
@@ -176,6 +219,16 @@ private function addAssociatedItemChangesToHistory(): void
     {
         global $DB, $CFG_GLPI;
 
+        // Exclude permission types (Entity, Group, Profile, User) as they
+        // are handled separately by addPermissionChangesToHistory().
+        $permission_types = [
+            Entity::class,
+            Group::class,
+            Profile::class,
+            User::class,
+        ];
+        $item_types = array_values(array_diff($CFG_GLPI['kb_types'], $permission_types));
+
         $logs = $DB->request([
             'SELECT' => [
                 'date_mod',
@@ -189,7 +242,7 @@ private function addAssociatedItemChangesToHistory(): void
             'WHERE' => [
                 'itemtype'      => KnowbaseItem::class,
                 'items_id'      => $this->kb->getID(),
-                'itemtype_link' => $CFG_GLPI['kb_types'],
+                'itemtype_link' => $item_types,
                 'linked_action' => [
                     Log::HISTORY_ADD_RELATION,
                     Log::HISTORY_DEL_RELATION,
diff --git a/tests/e2e/specs/Knowbase/revisions.spec.ts b/tests/e2e/specs/Knowbase/revisions.spec.ts
@@ -122,6 +122,32 @@ test('Associated item changes appear in history', async ({ page, profile, api })
     await expect(events.filter({ hasText: 'Computer' })).toBeVisible();
 });
 
+test('Permission changes appear in history', async ({ page, profile, api }) => {
+    await profile.set(Profiles.SuperAdmin);
+    const kb = new KnowbaseItemPage(page);
+
+    const entity_id = getWorkerEntityId();
+    const id = await api.createItem('KnowbaseItem', {
+        name: 'KB entry for permission history test',
+        entities_id: entity_id,
+        answer: 'Test content',
+    });
+    await api.createItem('Entity_KnowbaseItem', {
+        knowbaseitems_id: id,
+        entities_id: entity_id,
+        is_recursive: 0,
+    });
+
+    await kb.goto(id);
+    await page.getByTitle('More actions').click();
+    await kb.getButton('History').click();
+    await expect(kb.getHeading('History')).toBeVisible();
+
+    const events = page.getByTestId('history-event');
+    await expect(events.filter({ hasText: /Permissions updated/ })).toBeVisible();
+    await expect(events.filter({ hasText: /Access granted to/ })).toBeVisible();
+});
+
 test('Document attachment changes appear in history', async ({ page, profile, api }) => {
     await profile.set(Profiles.SuperAdmin);
     const kb = new KnowbaseItemPage(page);
diff --git a/tests/functional/Glpi/Knowbase/History/HistoryBuilderTest.php b/tests/functional/Glpi/Knowbase/History/HistoryBuilderTest.php
@@ -37,11 +37,15 @@
 use Computer;
 use Document;
 use Document_Item;
+use Entity;
+use Entity_KnowbaseItem;
 use Glpi\Tests\DbTestCase;
 use KnowbaseItem;
 use KnowbaseItem_Item;
 use KnowbaseItem_Revision;
+use KnowbaseItem_User;
 use Ticket;
+use User;
 
 final class HistoryBuilderTest extends DbTestCase
 {
@@ -229,6 +233,154 @@ public function testRevisionEventDescriptionDistinguishesCreationFromUpdate(): v
         $this->assertEquals("Created by", $version_1->getDescription());
     }
 
+    public function testPermissionAdded(): void
+    {
+        $this->login();
+        $this->setCurrentTime("2026-01-15 10:00:00");
+
+        $kb = $this->createItem(KnowbaseItem::class, [
+            'users_id' => 2,
+            'entities_id' => $this->getTestRootEntity(only_id: true),
+            'name' => 'Test article',
+            'answer' => 'Test content',
+        ]);
+
+        $this->setCurrentTime("2026-01-15 11:00:00");
+        $this->createItem(Entity_KnowbaseItem::class, [
+            'knowbaseitems_id' => $kb->getID(),
+            'entities_id'      => $this->getTestRootEntity(only_id: true),
+            'is_recursive'     => 1,
+        ]);
+
+        $root_entity = new Entity();
+        $root_entity->getFromDB($this->getTestRootEntity(only_id: true));
+        $entity_name = $root_entity->getNameID(['forceid' => true]);
+
+        $kb->getFromDB($kb->getID());
+        $history = (new HistoryBuilder($kb))->buildHistory();
+        $events = $history->getEvents();
+
+        $this->assertEquals([
+            new LogEvent(
+                label: "Permissions updated",
+                description: sprintf("Access granted to %s by", $entity_name),
+                date: "2026-01-15 11:00:00",
+                author: "_test_user (8)",
+            ),
+            new CreationEvent(
+                date: "2026-01-15 10:00:00",
+                author: 2,
+            ),
+        ], $events);
+    }
+
+    public function testPermissionRemoved(): void
+    {
+        $this->login();
+        $this->setCurrentTime("2026-01-15 10:00:00");
+
+        $kb = $this->createItem(KnowbaseItem::class, [
+            'users_id' => 2,
+            'entities_id' => $this->getTestRootEntity(only_id: true),
+            'name' => 'Test article',
+            'answer' => 'Test content',
+        ]);
+
+        $this->setCurrentTime("2026-01-15 11:00:00");
+        $relation = $this->createItem(Entity_KnowbaseItem::class, [
+            'knowbaseitems_id' => $kb->getID(),
+            'entities_id'      => $this->getTestRootEntity(only_id: true),
+            'is_recursive'     => 1,
+        ]);
+
+        $this->setCurrentTime("2026-01-15 12:00:00");
+        $this->deleteItem(Entity_KnowbaseItem::class, $relation->getID());
+
+        $root_entity = new Entity();
+        $root_entity->getFromDB($this->getTestRootEntity(only_id: true));
+        $entity_name = $root_entity->getNameID(['forceid' => true]);
+
+        $kb->getFromDB($kb->getID());
+        $history = (new HistoryBuilder($kb))->buildHistory();
+        $events = $history->getEvents();
+
+        $this->assertEquals([
+            new LogEvent(
+                label: "Permissions updated",
+                description: sprintf("Access revoked from %s by", $entity_name),
+                date: "2026-01-15 12:00:00",
+                author: "_test_user (8)",
+            ),
+            new LogEvent(
+                label: "Permissions updated",
+                description: sprintf("Access granted to %s by", $entity_name),
+                date: "2026-01-15 11:00:00",
+                author: "_test_user (8)",
+            ),
+            new CreationEvent(
+                date: "2026-01-15 10:00:00",
+                author: 2,
+            ),
+        ], $events);
+    }
+
+    public function testMultiplePermissionTypes(): void
+    {
+        $this->login();
+        $this->setCurrentTime("2026-01-15 10:00:00");
+
+        $kb = $this->createItem(KnowbaseItem::class, [
+            'users_id' => 2,
+            'entities_id' => $this->getTestRootEntity(only_id: true),
+            'name' => 'Test article',
+            'answer' => 'Test content',
+        ]);
+
+        $this->setCurrentTime("2026-01-15 11:00:00");
+        $this->createItem(Entity_KnowbaseItem::class, [
+            'knowbaseitems_id' => $kb->getID(),
+            'entities_id'      => $this->getTestRootEntity(only_id: true),
+            'is_recursive'     => 1,
+        ]);
+
+        $this->setCurrentTime("2026-01-15 12:00:00");
+        $this->createItem(KnowbaseItem_User::class, [
+            'knowbaseitems_id' => $kb->getID(),
+            'users_id'         => 2,
+        ]);
+
+        $root_entity = new Entity();
+        $root_entity->getFromDB($this->getTestRootEntity(only_id: true));
+        $entity_name = $root_entity->getNameID(['forceid' => true]);
+
+        $user = new User();
+        $user->getFromDB(2);
+        $user_name = $user->getNameID(['forceid' => true]);
+
+        $kb->getFromDB($kb->getID());
+        $history = (new HistoryBuilder($kb))->buildHistory();
+        $events = $history->getEvents();
+
+        $this->assertEquals([
+            new LogEvent(
+                label: "Permissions updated",
+                description: sprintf("Access granted to %s by", $user_name),
+                date: "2026-01-15 12:00:00",
+                author: "_test_user (8)",
+            ),
+            new LogEvent(
+                label: "Permissions updated",
+                description: sprintf("Access granted to %s by", $entity_name),
+                date: "2026-01-15 11:00:00",
+                author: "_test_user (8)",
+            ),
+            new CreationEvent(
+                date: "2026-01-15 10:00:00",
+                author: 2,
+            ),
+        ], $events);
+    }
+
     public function testFaqChanges(): void
     {
         // Act: create KB item with 2 FAQ status changes
