fix event log routing for accounts

keygen-sh · Dec 16, 2024 · 294b67c · 294b67c
1 parent fb819b5
commit 294b67c
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 6 deletions.
diff --git a/app/serializers/event_log_serializer.rb b/app/serializers/event_log_serializer.rb
@@ -91,7 +91,11 @@ class EventLogSerializer < BaseSerializer
 
     if @object.resource_id.present? && @object.resource_type.present?
       link :related do
-        @url_helpers.polymorphic_path [:v1, @object.account, @object.resource]
+        if @object.resource == @object.account # event subject could be the account
+          @url_helpers.polymorphic_path [:v1, @object.account]
+        else
+          @url_helpers.polymorphic_path [:v1, @object.account, @object.resource]
+        end
       end
     end
   end

diff --git a/features/api/v1/event_logs/index.feature b/features/api/v1/event_logs/index.feature
@@ -7,9 +7,9 @@ Feature: List event logs
       | 9b96c003-85fa-40e8-a9ed-580491cd5d79 | Standard 1 |
       | 44c7918c-80ab-4a13-a831-a2c46cda85c6 | Ent 1      |
     Given the following "account" rows exist:
-      | name     | slug     | plan_id                              |
-      | Standard | standard | 9b96c003-85fa-40e8-a9ed-580491cd5d79 |
-      | Ent      | ent      | 44c7918c-80ab-4a13-a831-a2c46cda85c6 |
+      | id                                   | name     | slug     | plan_id                              |
+      | 99b7580f-d2fc-4b8f-8279-ec95fb523a17 | Standard | standard | 9b96c003-85fa-40e8-a9ed-580491cd5d79 |
+      | c6c845b1-e9fa-4126-b89d-bdf32aa6d047 | Ent      | ent      | 44c7918c-80ab-4a13-a831-a2c46cda85c6 |
     And I send and accept JSON
 
   Scenario: Endpoint should be inaccessible when account is not on Ent tier
@@ -33,11 +33,31 @@ Feature: List event logs
   Scenario: Admin retrieves all logs for their account
     Given I am an admin of account "ent"
     And the current account is "ent"
-    And the current account has 3 "event-logs"
+    And the following "event-type" rows exist:
+      | id                                   | event                             |
+      | 1d721621-cbb5-4f4d-ae73-41d77a26276a | test.account.updated              |
+      | c257ce16-4f38-490e-8e4e-1be9ba1e8830 | test.license.created              |
+      | 8c312434-f8e9-402f-8169-49fc1409198e | test.license.updated              |
+      | 1e7c4ec0-127f-4691-b400-427333362176 | test.license.validation.succeeded |
+      | 204590ba-b02e-4efd-ac32-5d1588932efa | test.license.validation.failed    |
+    And the current account has the following "license" rows:
+      | id                                   |
+      | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
+    And the current account has the following "event-log" rows:
+      | whodunnit_type | whodunnit_id                         | event_type_id                        | resource_type | resource_id                          |
+      | User           | 97e58005-11ab-4186-aa78-c21550f6d0ce | c257ce16-4f38-490e-8e4e-1be9ba1e8830 | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
+      | License        | 19c0e512-d08a-408d-8d1a-6400baaf5a40 | 1e7c4ec0-127f-4691-b400-427333362176 | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
+      | Product        | e37fa95d-7771-4e30-84be-acabdedc81ce | 8c312434-f8e9-402f-8169-49fc1409198e | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
+      | License        | 19c0e512-d08a-408d-8d1a-6400baaf5a40 | 1e7c4ec0-127f-4691-b400-427333362176 | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
+      | License        | 19c0e512-d08a-408d-8d1a-6400baaf5a40 | 1e7c4ec0-127f-4691-b400-427333362176 | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
+      |                |                                      | 204590ba-b02e-4efd-ac32-5d1588932efa | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
+      | User           | 54a44eaf-6a83-4bb4-b3c1-17600dfdd77c | 8c312434-f8e9-402f-8169-49fc1409198e | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
+      | User           | 54a44eaf-6a83-4bb4-b3c1-17600dfdd77c | 8c312434-f8e9-402f-8169-49fc1409198e | Machine       | 19ac6439-5576-4ba8-92cd-f4c17573159e |
+      | User           | 54a44eaf-6a83-4bb4-b3c1-17600dfdd77c | 1d721621-cbb5-4f4d-ae73-41d77a26276a | Account       | c6c845b1-e9fa-4126-b89d-bdf32aa6d047 |
     And I use an authentication token
     When I send a GET request to "/accounts/ent/event-logs"
     Then the response status should be "200"
-    And the response body should be an array with 3 "event-logs"
+    And the response body should be an array with 9 "event-logs"
 
   Scenario: Admin retrieves a list of logs that is automatically limited
     Given I am an admin of account "ent"
@@ -121,6 +141,7 @@ Feature: List event logs
     And the current account is "ent"
     And the following "event-type" rows exist:
       | id                                   | event                             |
+      | 1d721621-cbb5-4f4d-ae73-41d77a26276a | test.account.updated              |
       | c257ce16-4f38-490e-8e4e-1be9ba1e8830 | test.license.created              |
       | 8c312434-f8e9-402f-8169-49fc1409198e | test.license.updated              |
       | 1e7c4ec0-127f-4691-b400-427333362176 | test.license.validation.succeeded |
@@ -137,6 +158,8 @@ Feature: List event logs
       | License        | 19c0e512-d08a-408d-8d1a-6400baaf5a40 | 1e7c4ec0-127f-4691-b400-427333362176 | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
       |                |                                      | 204590ba-b02e-4efd-ac32-5d1588932efa | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
       | User           | 54a44eaf-6a83-4bb4-b3c1-17600dfdd77c | 8c312434-f8e9-402f-8169-49fc1409198e | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
+      | User           | 54a44eaf-6a83-4bb4-b3c1-17600dfdd77c | 8c312434-f8e9-402f-8169-49fc1409198e | Machine       | 19ac6439-5576-4ba8-92cd-f4c17573159e |
+      | User           | 54a44eaf-6a83-4bb4-b3c1-17600dfdd77c | 1d721621-cbb5-4f4d-ae73-41d77a26276a | Account       | c6c845b1-e9fa-4126-b89d-bdf32aa6d047 |
     And I use an authentication token
     When I send a GET request to "/accounts/ent/event-logs?whodunnit[type]=license&whodunnit[id]=19c0e512-d08a-408d-8d1a-6400baaf5a40"
     Then the response status should be "200"
@@ -147,6 +170,7 @@ Feature: List event logs
     And the current account is "ent"
     And the following "event-type" rows exist:
       | id                                   | event                             |
+      | 1d721621-cbb5-4f4d-ae73-41d77a26276a | test.account.updated              |
       | c257ce16-4f38-490e-8e4e-1be9ba1e8830 | test.license.created              |
       | 8c312434-f8e9-402f-8169-49fc1409198e | test.license.updated              |
       | 1e7c4ec0-127f-4691-b400-427333362176 | test.license.validation.succeeded |
@@ -164,6 +188,7 @@ Feature: List event logs
       | License        | 19c0e512-d08a-408d-8d1a-6400baaf5a40 | 1e7c4ec0-127f-4691-b400-427333362176 | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
       |                |                                      | 204590ba-b02e-4efd-ac32-5d1588932efa | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
       | User           | 54a44eaf-6a83-4bb4-b3c1-17600dfdd77c | 8c312434-f8e9-402f-8169-49fc1409198e | Machine       | 19ac6439-5576-4ba8-92cd-f4c17573159e |
+      | User           | 54a44eaf-6a83-4bb4-b3c1-17600dfdd77c | 1d721621-cbb5-4f4d-ae73-41d77a26276a | Account       | c6c845b1-e9fa-4126-b89d-bdf32aa6d047 |
     And I use an authentication token
     When I send a GET request to "/accounts/ent/event-logs?resource[type]=license&resource[id]=19c0e512-d08a-408d-8d1a-6400baaf5a40"
     Then the response status should be "200"
@@ -174,6 +199,7 @@ Feature: List event logs
     And the current account is "ent"
     And the following "event-type" rows exist:
       | id                                   | event                             |
+      | 1d721621-cbb5-4f4d-ae73-41d77a26276a | test.account.updated              |
       | c257ce16-4f38-490e-8e4e-1be9ba1e8830 | test.license.created              |
       | 8c312434-f8e9-402f-8169-49fc1409198e | test.license.updated              |
       | 1e7c4ec0-127f-4691-b400-427333362176 | test.license.validation.succeeded |
@@ -192,6 +218,7 @@ Feature: List event logs
       |                |                                      | 204590ba-b02e-4efd-ac32-5d1588932efa | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
       |                |                                      | 204590ba-b02e-4efd-ac32-5d1588932efa | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |
       | User           | 54a44eaf-6a83-4bb4-b3c1-17600dfdd77c | 8c312434-f8e9-402f-8169-49fc1409198e | Machine       | 19ac6439-5576-4ba8-92cd-f4c17573159e |
+      | User           | 54a44eaf-6a83-4bb4-b3c1-17600dfdd77c | 1d721621-cbb5-4f4d-ae73-41d77a26276a | Account       | c6c845b1-e9fa-4126-b89d-bdf32aa6d047 |
     And I use an authentication token
     When I send a GET request to "/accounts/ent/event-logs?event=test.license.validation.failed"
     Then the response status should be "200"
@@ -202,6 +229,7 @@ Feature: List event logs
     And the current account is "ent"
     And the following "event-type" rows exist:
       | id                                   | event                             |
+      | 1d721621-cbb5-4f4d-ae73-41d77a26276a | test.account.updated              |
       | c257ce16-4f38-490e-8e4e-1be9ba1e8830 | test.license.created              |
       | 8c312434-f8e9-402f-8169-49fc1409198e | test.license.updated              |
       | 1e7c4ec0-127f-4691-b400-427333362176 | test.license.validation.succeeded |
@@ -223,6 +251,7 @@ Feature: List event logs
       |                |                                      | 204590ba-b02e-4efd-ac32-5d1588932efa | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |                                      |
       |                |                                      | 204590ba-b02e-4efd-ac32-5d1588932efa | License       | 19c0e512-d08a-408d-8d1a-6400baaf5a40 |                                      |
       | User           | 54a44eaf-6a83-4bb4-b3c1-17600dfdd77c | 8c312434-f8e9-402f-8169-49fc1409198e | Machine       | 19ac6439-5576-4ba8-92cd-f4c17573159e |                                      |
+      | User           | 54a44eaf-6a83-4bb4-b3c1-17600dfdd77c | 1d721621-cbb5-4f4d-ae73-41d77a26276a | Account       | c6c845b1-e9fa-4126-b89d-bdf32aa6d047 |                                      |
     And I use an authentication token
     When I send a GET request to "/accounts/ent/event-logs?request=97708dc6-9dd2-4de1-84be-24f50287296c"
     Then the response status should be "200"