feat: Auditing group members as part of group resource (#5730)

* added AuditableGroup type * added json tags * Anonymizing gGroup struct * adding support on the FE for nested group diffs * added type for GroupMember * Update coderd/database/modelmethods.go Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com> * Update coderd/database/modelmethods.go Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com> * fetching group members in group.delete * passing through right error * broke out into util function and added tests Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
2025-07-08 11:39:50 +00:00 · 2023-01-18 15:13:39 -05:00
parent 56b996532f
commit 6b68fbbf18
10 changed files with 230 additions and 27 deletions
--- a/coderd/audit.go
+++ b/coderd/audit.go
@ -464,6 +464,8 @@ func resourceTypeFromString(resourceTypeString string) string {
 		return resourceTypeString
 	case codersdk.ResourceTypeAPIKey:
 		return resourceTypeString
+	case codersdk.ResourceTypeGroup:
+		return resourceTypeString
 	}
 	return ""
 }
--- a/coderd/audit/diff.go
+++ b/coderd/audit/diff.go
@ -16,8 +16,8 @@ type Auditable interface {
 		database.User |
 		database.Workspace |
 		database.GitSSHKey |
-		database.Group |
-		database.WorkspaceBuild
+		database.WorkspaceBuild |
+		database.AuditableGroup
 }

 // Map is a map of changed fields in an audited resource. It maps field names to
--- a/coderd/audit/request.go
+++ b/coderd/audit/request.go
@ -64,8 +64,8 @@ func ResourceTarget[T Auditable](tgt T) string {
 		return ""
 	case database.GitSSHKey:
 		return typed.PublicKey
-	case database.Group:
-		return typed.Name
+	case database.AuditableGroup:
+		return typed.Group.Name
 	default:
 		panic(fmt.Sprintf("unknown resource %T", tgt))
 	}
@ -87,8 +87,8 @@ func ResourceID[T Auditable](tgt T) uuid.UUID {
 		return typed.ID
 	case database.GitSSHKey:
 		return typed.UserID
-	case database.Group:
-		return typed.ID
+	case database.AuditableGroup:
+		return typed.Group.ID
 	default:
 		panic(fmt.Sprintf("unknown resource %T", tgt))
 	}
@ -110,7 +110,7 @@ func ResourceType[T Auditable](tgt T) database.ResourceType {
 		return database.ResourceTypeWorkspaceBuild
 	case database.GitSSHKey:
 		return database.ResourceTypeGitSshKey
-	case database.Group:
+	case database.AuditableGroup:
 		return database.ResourceTypeGroup
 	default:
 		panic(fmt.Sprintf("unknown resource %T", tgt))
--- a/coderd/database/modelmethods.go
+++ b/coderd/database/modelmethods.go
@ -1,9 +1,38 @@
 package database

 import (
+	"sort"
+
 	"github.com/coder/coder/coderd/rbac"
 )

+type AuditableGroup struct {
+	Group
+	Members []GroupMember `json:"members"`
+}
+
+// Auditable returns an object that can be used in audit logs.
+// Covers both group and group member changes.
+func (g Group) Auditable(users []User) AuditableGroup {
+	members := make([]GroupMember, 0, len(users))
+	for _, u := range users {
+		members = append(members, GroupMember{
+			UserID:  u.ID,
+			GroupID: g.ID,
+		})
+	}
+
+	// consistent ordering
+	sort.Slice(members, func(i, j int) bool {
+		return members[i].UserID.String() < members[j].UserID.String()
+	})
+
+	return AuditableGroup{
+		Group:   g,
+		Members: members,
+	}
+}
+
 const AllUsersGroup = "Everyone"

 func (s APIKeyScope) ToRBAC() rbac.Scope {