feat: Auditing group members as part of group resource (#5730)

* added AuditableGroup type * added json tags * Anonymizing gGroup struct * adding support on the FE for nested group diffs * added type for GroupMember * Update coderd/database/modelmethods.go Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com> * Update coderd/database/modelmethods.go Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com> * fetching group members in group.delete * passing through right error * broke out into util function and added tests Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
2025-07-13 21:36:50 +00:00 · 2023-01-18 15:13:39 -05:00
parent 56b996532f
commit 6b68fbbf18
10 changed files with 230 additions and 27 deletions
--- a/enterprise/coderd/groups.go
+++ b/enterprise/coderd/groups.go
@ -32,7 +32,7 @@ func (api *API) postGroupByOrganization(rw http.ResponseWriter, r *http.Request)
 		ctx               = r.Context()
 		org               = httpmw.OrganizationParam(r)
 		auditor           = api.AGPL.Auditor.Load()
-		aReq, commitAudit = audit.InitRequest[database.Group](rw, &audit.RequestParams{
+		aReq, commitAudit = audit.InitRequest[database.AuditableGroup](rw, &audit.RequestParams{
 			Audit:   *auditor,
 			Log:     api.Logger,
 			Request: r,
@ -75,7 +75,9 @@ func (api *API) postGroupByOrganization(rw http.ResponseWriter, r *http.Request)
 		httpapi.InternalServerError(rw, err)
 		return
 	}
-	aReq.New = group
+
+	var emptyUsers []database.User
+	aReq.New = group.Auditable(emptyUsers)

 	httpapi.Write(ctx, rw, http.StatusCreated, convertGroup(group, nil))
 }
@ -93,7 +95,7 @@ func (api *API) patchGroup(rw http.ResponseWriter, r *http.Request) {
 		ctx               = r.Context()
 		group             = httpmw.GroupParam(r)
 		auditor           = api.AGPL.Auditor.Load()
-		aReq, commitAudit = audit.InitRequest[database.Group](rw, &audit.RequestParams{
+		aReq, commitAudit = audit.InitRequest[database.AuditableGroup](rw, &audit.RequestParams{
 			Audit:   *auditor,
 			Log:     api.Logger,
 			Request: r,
@ -101,7 +103,14 @@ func (api *API) patchGroup(rw http.ResponseWriter, r *http.Request) {
 		})
 	)
 	defer commitAudit()
-	aReq.Old = group
+
+	currentMembers, currentMembersErr := api.Database.GetGroupMembers(ctx, group.ID)
+	if currentMembersErr != nil {
+		httpapi.InternalServerError(rw, currentMembersErr)
+		return
+	}
+
+	aReq.Old = group.Auditable(currentMembers)

 	if !api.Authorize(r, rbac.ActionUpdate, group) {
 		http.NotFound(rw, r)
@ -233,15 +242,15 @@ func (api *API) patchGroup(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

-	members, err := api.Database.GetGroupMembers(ctx, group.ID)
+	patchedMembers, err := api.Database.GetGroupMembers(ctx, group.ID)
 	if err != nil {
 		httpapi.InternalServerError(rw, err)
 		return
 	}

-	aReq.New = group
+	aReq.New = group.Auditable(patchedMembers)

-	httpapi.Write(ctx, rw, http.StatusOK, convertGroup(group, members))
+	httpapi.Write(ctx, rw, http.StatusOK, convertGroup(group, patchedMembers))
 }

 // @Summary Delete group by name
@ -257,7 +266,7 @@ func (api *API) deleteGroup(rw http.ResponseWriter, r *http.Request) {
 		ctx               = r.Context()
 		group             = httpmw.GroupParam(r)
 		auditor           = api.AGPL.Auditor.Load()
-		aReq, commitAudit = audit.InitRequest[database.Group](rw, &audit.RequestParams{
+		aReq, commitAudit = audit.InitRequest[database.AuditableGroup](rw, &audit.RequestParams{
 			Audit:   *auditor,
 			Log:     api.Logger,
 			Request: r,
@ -265,7 +274,14 @@ func (api *API) deleteGroup(rw http.ResponseWriter, r *http.Request) {
 		})
 	)
 	defer commitAudit()
-	aReq.Old = group
+
+	groupMembers, getMembersErr := api.Database.GetGroupMembers(ctx, group.ID)
+	if getMembersErr != nil {
+		httpapi.InternalServerError(rw, getMembersErr)
+		return
+	}
+
+	aReq.Old = group.Auditable(groupMembers)

 	if !api.Authorize(r, rbac.ActionDelete, group) {
 		httpapi.ResourceNotFound(rw)