diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/GroupController.php b/src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/GroupController.php index c5559f6a6..7619e5bbf 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/GroupController.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/GroupController.php @@ -66,9 +66,10 @@ class GroupController extends ApiMutableModelControllerBase public function addAction() { + $data = $this->request->getPost(static::$internalModelName); + $this->setSaveAuditMessage(sprintf('group \"%s\" created"', $data['name'])); $result = $this->addBase('group', 'group'); if ($result['result'] != 'failed') { - $data = $this->request->getPost(static::$internalModelName); (new Backend())->configdpRun('auth sync group', [$data['name']]); } return $result; @@ -76,9 +77,10 @@ class GroupController extends ApiMutableModelControllerBase public function setAction($uuid = null) { + $data = $this->request->getPost(static::$internalModelName); + $this->setSaveAuditMessage(sprintf('group \"%s\" changed"', $data['name'])); $result = $this->setBase('group', 'group', $uuid); if ($result['result'] != 'failed') { - $data = $this->request->getPost(static::$internalModelName); if (!empty($data['name'])) { (new Backend())->configdpRun('auth sync group', [$data['name']]); } @@ -99,6 +101,7 @@ class GroupController extends ApiMutableModelControllerBase $groupname = (string)$node->name; } } + $this->setSaveAuditMessage(sprintf('The group "%s" was successfully removed.', $groupname)); $result = $this->delBase('group', $uuid); if ($groupname != null) { (new Backend())->configdpRun('auth sync group', [$groupname]); diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php b/src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php index 4012836ba..479ea7f10 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php @@ -197,9 +197,10 @@ class UserController extends ApiMutableModelControllerBase public function addAction() { + $data = $this->request->getPost(static::$internalModelName); + $this->setSaveAuditMessage(sprintf('user \"%s\" created"', $data['name'])); $result = $this->addBase('user', 'user'); if ($result['result'] != 'failed') { - $data = $this->request->getPost(static::$internalModelName); if (!empty($data['name'])) { (new Backend())->configdpRun('auth sync user', [$data['name']]); } @@ -209,9 +210,10 @@ class UserController extends ApiMutableModelControllerBase public function setAction($uuid = null) { + $data = $this->request->getPost(static::$internalModelName); + $this->setSaveAuditMessage(sprintf('user \"%s\" changed"', $data['name'])); $result = $this->setBase('user', 'user', $uuid); if ($result['result'] != 'failed') { - $data = $this->request->getPost(static::$internalModelName); if (!empty($data['name'])) { (new Backend())->configdpRun('auth sync user', [$data['name']]); } @@ -240,6 +242,7 @@ class UserController extends ApiMutableModelControllerBase $username = (string)$node->name; } } + $this->setSaveAuditMessage(sprintf('The user "%s" was successfully removed.', $username)); $result = $this->delBase('user', $uuid); if ($username != null) { (new Backend())->configdpRun('auth sync user', [$username]); diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiMutableModelControllerBase.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiMutableModelControllerBase.php index 89cf9be78..11edb12a0 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiMutableModelControllerBase.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiMutableModelControllerBase.php @@ -58,11 +58,25 @@ abstract class ApiMutableModelControllerBase extends ApiControllerBase */ protected static $internalModelUseSafeDelete = false; + /** + * Message to append to configuration change event + */ + protected $internalAuditMessage = null; + + /** * @var null|BaseModel model object to work on */ private $modelHandle = null; + /** + * Message to use on save of this model + */ + protected function setSaveAuditMessage($msg) + { + $this->internalAuditMessage = $msg; + } + /** * Validate on initialization * @throws \Exception when not bound to a model class or a set/get reference is missing @@ -304,7 +318,12 @@ abstract class ApiMutableModelControllerBase extends ApiControllerBase { if (!(new ACL())->hasPrivilege($this->getUserName(), 'user-config-readonly')) { if ($this->getModel()->serializeToConfig($validateFullModel, $disable_validation)) { - Config::getInstance()->save(); + if ($this->internalAuditMessage) { + Config::getInstance()->save(['description' => $this->internalAuditMessage]); + } else { + /* default "endpoint made changes" message */ + Config::getInstance()->save(); + } } return array("result" => "saved"); } else { diff --git a/src/opnsense/mvc/app/library/OPNsense/Core/Config.php b/src/opnsense/mvc/app/library/OPNsense/Core/Config.php index ec9177bcd..8b57cc013 100644 --- a/src/opnsense/mvc/app/library/OPNsense/Core/Config.php +++ b/src/opnsense/mvc/app/library/OPNsense/Core/Config.php @@ -515,6 +515,8 @@ class Config extends Singleton /* If revision info is not provided, create one. $revision is used for recursion */ if (!is_array($revision)) { $revision = $this->getRevisionContext(); + } else { + $revision = array_merge($this->getRevisionContext(), $revision); } if ($node == null) { if (!isset($this->simplexml->revision)) {