src/applications/people/storage/PhabricatorUserLog.php

   1 <?php
   2
   3 final class PhabricatorUserLog extends PhabricatorUserDAO
   4   implements PhabricatorPolicyInterface {
   5
   6   protected $actorPHID;
   7   protected $userPHID;
   8   protected $action;
   9   protected $oldValue;
  10   protected $newValue;
  11   protected $details = array();
  12   protected $remoteAddr;
  13   protected $session;
  14
  15   public static function initializeNewLog(
  16     PhabricatorUser $actor = null,
  17     $object_phid = null,
  18     $action = null) {
  19
  20     $log = new PhabricatorUserLog();
  21
  22     if ($actor) {
  23       $log->setActorPHID($actor->getPHID());
  24       if ($actor->hasSession()) {
  25         $session = $actor->getSession();
  26
  27         // NOTE: This is a hash of the real session value, so it's safe to
  28         // store it directly in the logs.
  29         $log->setSession($session->getSessionKey());
  30       }
  31     }
  32
  33     $log->setUserPHID((string)$object_phid);
  34     $log->setAction($action);
  35
  36     $address = PhabricatorEnv::getRemoteAddress();
  37     if ($address) {
  38       $log->remoteAddr = $address->getAddress();
  39     } else {
  40       $log->remoteAddr = '';
  41     }
  42
  43     return $log;
  44   }
  45
  46   public static function loadRecentEventsFromThisIP($action, $timespan) {
  47     $address = PhabricatorEnv::getRemoteAddress();
  48     if (!$address) {
  49       return array();
  50     }
  51
  52     return id(new PhabricatorUserLog())->loadAllWhere(
  53       'action = %s AND remoteAddr = %s AND dateCreated > %d
  54         ORDER BY dateCreated DESC',
  55       $action,
  56       $address->getAddress(),
  57       PhabricatorTime::getNow() - $timespan);
  58   }
  59
  60   public function save() {
  61     $this->details['host'] = php_uname('n');
  62     $this->details['user_agent'] = AphrontRequest::getHTTPHeader('User-Agent');
  63
  64     return parent::save();
  65   }
  66
  67   protected function getConfiguration() {
  68     return array(
  69       self::CONFIG_SERIALIZATION => array(
  70         'oldValue' => self::SERIALIZATION_JSON,
  71         'newValue' => self::SERIALIZATION_JSON,
  72         'details'  => self::SERIALIZATION_JSON,
  73       ),
  74       self::CONFIG_COLUMN_SCHEMA => array(
  75         'actorPHID' => 'phid?',
  76         'action' => 'text64',
  77         'remoteAddr' => 'text64',
  78         'session' => 'text64?',
  79       ),
  80       self::CONFIG_KEY_SCHEMA => array(
  81         'actorPHID' => array(
  82           'columns' => array('actorPHID', 'dateCreated'),
  83         ),
  84         'userPHID' => array(
  85           'columns' => array('userPHID', 'dateCreated'),
  86         ),
  87         'action' => array(
  88           'columns' => array('action', 'dateCreated'),
  89         ),
  90         'dateCreated' => array(
  91           'columns' => array('dateCreated'),
  92         ),
  93         'remoteAddr' => array(
  94           'columns' => array('remoteAddr', 'dateCreated'),
  95         ),
  96         'session' => array(
  97           'columns' => array('session', 'dateCreated'),
  98         ),
  99       ),
 100     ) + parent::getConfiguration();
 101   }
 102
 103   public function getURI() {
 104     return urisprintf('/people/logs/%s/', $this->getID());
 105   }
 106
 107   public function getObjectName() {
 108     return pht('Activity Log %d', $this->getID());
 109   }
 110
 111   public function getRemoteAddressForViewer(PhabricatorUser $viewer) {
 112     $viewer_phid = $viewer->getPHID();
 113     $actor_phid = $this->getActorPHID();
 114     $user_phid = $this->getUserPHID();
 115
 116     if (!$viewer_phid) {
 117       $can_see_ip = false;
 118     } else if ($viewer->getIsAdmin()) {
 119       $can_see_ip = true;
 120     } else if ($viewer_phid == $actor_phid) {
 121       // You can see the address if you took the action.
 122       $can_see_ip = true;
 123     } else if (!$actor_phid && ($viewer_phid == $user_phid)) {
 124       // You can see the address if it wasn't authenticated and applied
 125       // to you (partial login).
 126       $can_see_ip = true;
 127     } else {
 128       // You can't see the address when an administrator disables your
 129       // account, since it's their address.
 130       $can_see_ip = false;
 131     }
 132
 133     if (!$can_see_ip) {
 134       return null;
 135     }
 136
 137     return $this->getRemoteAddr();
 138   }
 139
 140
 141 /* -(  PhabricatorPolicyInterface  )----------------------------------------- */
 142
 143
 144   public function getCapabilities() {
 145     return array(
 146       PhabricatorPolicyCapability::CAN_VIEW,
 147     );
 148   }
 149
 150   public function getPolicy($capability) {
 151     switch ($capability) {
 152       case PhabricatorPolicyCapability::CAN_VIEW:
 153         return PhabricatorPolicies::POLICY_NOONE;
 154     }
 155   }
 156
 157   public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
 158     if ($viewer->getIsAdmin()) {
 159       return true;
 160     }
 161
 162     $viewer_phid = $viewer->getPHID();
 163     if ($viewer_phid) {
 164       $user_phid = $this->getUserPHID();
 165       if ($viewer_phid == $user_phid) {
 166         return true;
 167       }
 168
 169       $actor_phid = $this->getActorPHID();
 170       if ($viewer_phid == $actor_phid) {
 171         return true;
 172       }
 173     }
 174
 175     return false;
 176   }
 177
 178   public function describeAutomaticCapability($capability) {
 179     return array(
 180       pht('Users can view their activity and activity that affects them.'),
 181       pht('Administrators can always view all activity.'),
 182     );
 183   }
 184
 185 }