chore(CE): Add Audit to Workspace Controller (#640)

* Resolve conflict in cherry-pick of cd1bbac and change the commit message

* chore(CE): Resolve conflict

---------

Co-authored-by: TivonB-AI2 <[email protected]>
Co-authored-by: TivonB-AI2 <[email protected]>

Author: github-actions[bot]

server/app/controllers/api/v1/workspaces_controller.rb

@@ -5,7 +5,10 @@ module Api
   module V1
     class WorkspacesController < ApplicationController
       include Workspaces
+      include AuditLogger
+      include ResourceLinkBuilder
       skip_after_action :verify_authorized, only: %i[index show]
+      after_action :create_audit_log, only: %i[create update]
 
       def index
         result = ListAll.call(user: current_user)
@@ -31,6 +34,10 @@ def create
         result = Create.call(user: current_user, workspace_params:)
         if result.success?
           @workspace = result.workspace
+          @audit_resource = @workspace.name
+          @resource_id = @workspace.id
+          @payload = workspace_params
+          authorize @workspace
           render json: result.workspace, status: :created
         else
           render_error(
@@ -46,6 +53,9 @@ def update
         result = Update.call(id: params[:id], user: current_user, workspace_params:)
         if result.success?
           @workspace = result.workspace
+          @audit_resource = @workspace.name
+          @payload = workspace_params
+          authorize @workspace
           render json: @workspace, status: :ok
         else
           render_error(
@@ -58,6 +68,9 @@ def update
 
       def destroy
         authorize current_workspace, policy_class: WorkspacePolicy
+        action = "delete"
+        resource = current_user.workspaces.find_by(id: params[:id]).name
+        audit!(action:, resource_id: params[:id], resource:)
         result = Workspaces::Delete.call(id: params[:id], user: current_user)
         if result.success?
           head :no_content
@@ -72,6 +85,12 @@ def destroy
 
       private
 
+      def create_audit_log
+        resource_id = @resource_id || params[:id]
+        resource_link = build_link!(resource_id:)
+        audit!(action: @action, resource_id:, resource: @audit_resource, payload: @payload, resource_link:)
+      end
+
       def workspace_params
         params.require(:workspace).permit(:name, :organization_id, :description, :region)
       end

server/spec/requests/api/v1/workspaces_controller_spec.rb

@@ -160,6 +160,18 @@
           .to eq(request_body.dig(:workspace, :organization_id))
         expect(response_hash.dig(:data, :attributes, :members_count))
           .to eq(workspace.users.count)
+
+        audit_log = AuditLog.last
+        expect(audit_log).not_to be_nil
+        expect(audit_log.user_id).to eq(user.id)
+        expect(audit_log.action).to eq("create")
+        expect(audit_log.resource_type).to eq("Workspace")
+        expect(audit_log.resource_id).to eq(response_hash.dig(:data, :id).to_i)
+        expect(audit_log.resource).to eq(response_hash.dig(:data, :attributes, :name))
+        expect(audit_log.workspace_id).to eq(workspace_id)
+        expect(audit_log.resource_link).to eq("/reports/#{response_hash.dig(:data, :id)}")
+        expect(audit_log.created_at).not_to be_nil
+        expect(audit_log.updated_at).not_to be_nil
       end
 
       it "creates a new workspace and returns success for member_role" do
@@ -216,6 +228,18 @@
         expect(response_hash.dig(:data, :attributes, :name)).to eq("test")
         expect(response_hash.dig(:data, :attributes, :description)).to eq("workspace description changes")
         expect(response_hash.dig(:data, :attributes, :region)).to eq("us-west2")
+
+        audit_log = AuditLog.last
+        expect(audit_log).not_to be_nil
+        expect(audit_log.user_id).to eq(user.id)
+        expect(audit_log.action).to eq("update")
+        expect(audit_log.resource_type).to eq("Workspace")
+        expect(audit_log.resource_id).to eq(response_hash.dig(:data, :id).to_i)
+        expect(audit_log.resource).to eq(response_hash.dig(:data, :attributes, :name))
+        expect(audit_log.workspace_id).to eq(workspace_id)
+        expect(audit_log.resource_link).to eq("/reports/#{response_hash.dig(:data, :id)}")
+        expect(audit_log.created_at).not_to be_nil
+        expect(audit_log.updated_at).not_to be_nil
       end
 
       it "updates the workspace and returns success if slug is missing" do
@@ -230,6 +254,18 @@
         expect(response_hash.dig(:data, :attributes, :name)).to eq("test")
         expect(response_hash.dig(:data, :attributes, :description)).to eq("workspace description changes")
         expect(response_hash.dig(:data, :attributes, :region)).to eq("us-west2")
+
+        audit_log = AuditLog.last
+        expect(audit_log).not_to be_nil
+        expect(audit_log.user_id).to eq(user.id)
+        expect(audit_log.action).to eq("update")
+        expect(audit_log.resource_type).to eq("Workspace")
+        expect(audit_log.resource_id).to eq(response_hash.dig(:data, :id).to_i)
+        expect(audit_log.resource).to eq(response_hash.dig(:data, :attributes, :name))
+        expect(audit_log.workspace_id).to eq(workspace_id)
+        expect(audit_log.resource_link).to eq("/reports/#{response_hash.dig(:data, :id)}")
+        expect(audit_log.created_at).not_to be_nil
+        expect(audit_log.updated_at).not_to be_nil
       end
 
       it "updates the workspace and returns success for viewer_role" do
@@ -275,6 +311,18 @@
       it "returns success and delete workspace" do
         delete "/api/v1/workspaces/#{workspace.id}", headers: auth_headers(user, workspace_id)
         expect(response).to have_http_status(:no_content)
+
+        audit_log = AuditLog.last
+        expect(audit_log).not_to be_nil
+        expect(audit_log.user_id).to eq(user.id)
+        expect(audit_log.action).to eq("delete")
+        expect(audit_log.resource_type).to eq("Workspace")
+        expect(audit_log.resource_id).to eq(workspace_id)
+        expect(audit_log.resource).to eq(workspace.name)
+        expect(audit_log.workspace_id).to eq(nil)
+        expect(audit_log.resource_link).to eq(nil)
+        expect(audit_log.created_at).not_to be_nil
+        expect(audit_log.updated_at).not_to be_nil
       end
 
       it "returns success and delete workspace for viewer_role" do