Logging Audit on Checkin/out #16679
Logging Audit on Checkin/out #16679
Conversation
PR Summary
|
| @@ -71,6 +71,10 @@ public function store(AssetCheckoutRequest $request, $assetId) : RedirectRespons | |||
|
|
|||
| $admin = auth()->user(); | |||
|
|
|||
| if($request->filled('audit_on_checkinout') == "1") { | |||
| $this->authorize('audit', Asset::class); | |||
There was a problem hiding this comment.
This will probably result in a forbidden error, which is probably not what we want. We probably want to quietly ignore if they don't have permission to audit.
There was a problem hiding this comment.
okay yea. i see how that could happen.
There was a problem hiding this comment.
unsure how to fix this. originally thought was if the checkbox is filled, then check if they can do it, but don't check if its not a checked box. i am stumped on reversing that logic. may just need to write it out on my whiteboard. reverse causality and such.
There was a problem hiding this comment.
We should hide the checkbox in the blade if they're not allowed to audit (using @can) and then check the Gate in the controller.
There was a problem hiding this comment.
i think i did this already while i was mulling over how to fix it. if you could double check the more recent changes?
| @@ -75,6 +76,12 @@ public function store(AssetCheckinRequest $request, $assetId = null, $backto = n | |||
|
|
|||
| $this->authorize('checkin', $asset); | |||
|
|
|||
| if(Gate::allows('audit',$asset)) { | |||
| if ($request->filled('log_audit') == "1") { | |||
| $this->authorize('audit', Asset::class); | |||
There was a problem hiding this comment.
This duplicates the gate right above, and on failure will cause a forbidden error.
There was a problem hiding this comment.
I don't see a gate above it? only the $this->authorize('checking',$asset);
then everything else in the store method is just checking for the asset to exist?
There was a problem hiding this comment.
line 79 is what I put there? so you're saying the $this->authorize is what duplicates the gate ya?
| @@ -133,7 +140,9 @@ function (Builder $query) use ($asset) { | |||
| $asset->customFieldsForCheckinCheckout('display_checkin'); | |||
|
|
|||
| if ($asset->save()) { | |||
|
|
|||
| if($request->filled('log_audit') == "1") { | |||
| @@ -71,6 +72,12 @@ public function store(AssetCheckoutRequest $request, $assetId) : RedirectRespons | |||
|
|
|||
| $admin = auth()->user(); | |||
|
|
|||
| if(Gate::allows('audit',$asset)) { | |||
| if ($request->filled('log_audit') == "1") { | |||
| $this->authorize('audit', Asset::class); | |||
| @@ -114,6 +121,9 @@ public function store(AssetCheckoutRequest $request, $assetId) : RedirectRespons | |||
| session()->put(['redirect_option' => $request->get('redirect_option'), 'checkout_to_type' => $request->get('checkout_to_type')]); | |||
|
|
|||
| if ($asset->checkOut($target, $admin, $checkout_at, $expected_checkin, $request->get('note'), $request->get('name'))) { | |||
| if($request->filled('log_audit') == "1") { | |||
| @@ -283,6 +283,8 @@ | |||
| 'require_accept_signature_help_text' => 'Enabling this feature will require users to physically sign off on accepting an asset.', | |||
| 'require_checkinout_notes' => 'Require Notes on Checkin/Checkout', | |||
| 'require_checkinout_notes_help_text' => 'Enabling this feature will require the note fields to be populated when checking in or checking out an asset.', | |||
| 'log_audit' => 'Mark as audited', | |||
| 'log_audit_help_text' => 'Check this box to also log an audit in addition to this', | |||
There was a problem hiding this comment.
This phrasing seems a little clunky to me.
There was a problem hiding this comment.
It does, but words are not my strong suit.
However, this seems clunky since at the END after 'this' it will say checkin or checkout
example:
{{ trans('admin/settings/general.log_audit_help_text') . " " . trans('general.checkin') . "." }}
There was a problem hiding this comment.
See my example in the PR review comment. I suggested different phrasing altogether :)
| @@ -253,7 +253,6 @@ | |||
| </div> | |||
| <!-- /.form-group --> | |||
|
|
|||
|
|
|||
There was a problem hiding this comment.
Try not to commit changed files that only contain whitespace please.
There was a problem hiding this comment.
funny story about this, Marcus actually said to ignore it cause it was removing empty white space. but yes, I understand not wanting that one extra file to be changed.
There was a problem hiding this comment.
This is a good start, but I'd like to see a few changes.
There's no real reason why we can't include the audit image upload and next audit date on that form. If the checkbox is checked, we show those fields. If it's unchecked, we hide them.
Additionally, I think I'd prefer the UI to look a little more like:
[no visible label] [x] Also log an audit
Once that checkbox is clicked, the image upload, audit note, and next audit date fields are shown.
|
okay, overall made the requested changed, but I think we still would get the 403 on the checkbox check->authroize yea? I'll keep thinking about it. |
wait, wouldn't that just get removed, and only check for the gate/authorization like on the save. cause THAT is where the actual log action is happening. |
| @@ -75,6 +76,10 @@ public function store(AssetCheckinRequest $request, $assetId = null, $backto = n | |||
|
|
|||
| $this->authorize('checkin', $asset); | |||
|
|
|||
| if ($request->filled('log_audit') == "1") { | |||
| $this->authorize('audit', Asset::class); | |||
There was a problem hiding this comment.
This will cause a forbidden error. We don't need the entire block in this section.
Adding in an option to log an audit when you check in or out an asset.
There is less information on the audit itself, but all changes to an asset will be logged on the checkin or out.
NOTE: This action does not allow a user to manually set a next audit date OR upload a picture as these are not options on checkin or checkout