fix: respect uppercase letters in username filter for audit (#7880)

* fix: respect uppercase letters in username filter for audit

* updated documentation

coderd/audit.go

@@ -37,6 +37,7 @@ import (
 // @Router /audit [get]
 func (api *API) auditLogs(rw http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
+	apiKey := httpmw.APIKey(r)
 
 	page, ok := parsePagination(rw, r)
 	if !ok {
@@ -55,6 +56,11 @@ func (api *API) auditLogs(rw http.ResponseWriter, r *http.Request) {
 	filter.Offset = int32(page.Offset)
 	filter.Limit = int32(page.Limit)
 
+	if filter.Username == "me" {
+		filter.UserID = apiKey.UserID
+		filter.Username = ""
+	}
+
 	dblogs, err := api.Database.GetAuditLogsOffset(ctx, filter)
 	if err != nil {
 		httpapi.InternalServerError(rw, err)

coderd/database/queries.sql.go

@@ -412,34 +412,40 @@ WHERE
 			action = $6 :: audit_action
 		ELSE true
 	END
+	-- Filter by user_id
+	AND CASE
+		WHEN $7 :: uuid != '00000000-0000-0000-0000-000000000000'::uuid THEN
+			user_id = $7
+		ELSE true
+	END
 	-- Filter by username
 	AND CASE
-		WHEN $7 :: text != '' THEN
-			users.username = $7
+		WHEN $8 :: text != '' THEN
+			user_id = (SELECT id FROM users WHERE lower(username) = lower($8) AND deleted = false)
 		ELSE true
 	END
 	-- Filter by user_email
 	AND CASE
-		WHEN $8 :: text != '' THEN
-			users.email = $8
+		WHEN $9 :: text != '' THEN
+			users.email = $9
 		ELSE true
 	END
 	-- Filter by date_from
 	AND CASE
-		WHEN $9 :: timestamp with time zone != '0001-01-01 00:00:00Z' THEN
-			"time" >= $9
+		WHEN $10 :: timestamp with time zone != '0001-01-01 00:00:00Z' THEN
+			"time" >= $10
 		ELSE true
 	END
 	-- Filter by date_to
 	AND CASE
-		WHEN $10 :: timestamp with time zone != '0001-01-01 00:00:00Z' THEN
-			"time" <= $10
+		WHEN $11 :: timestamp with time zone != '0001-01-01 00:00:00Z' THEN
+			"time" <= $11
 		ELSE true
 	END
     -- Filter by build_reason
     AND CASE
-	    WHEN $11::text != '' THEN
-            workspace_builds.reason::text = $11
+	    WHEN $12::text != '' THEN
+            workspace_builds.reason::text = $12
         ELSE true
     END
 ORDER BY
@@ -457,6 +463,7 @@ type GetAuditLogsOffsetParams struct {
 	ResourceID     uuid.UUID `db:"resource_id" json:"resource_id"`
 	ResourceTarget string    `db:"resource_target" json:"resource_target"`
 	Action         string    `db:"action" json:"action"`
+	UserID         uuid.UUID `db:"user_id" json:"user_id"`
 	Username       string    `db:"username" json:"username"`
 	Email          string    `db:"email" json:"email"`
 	DateFrom       time.Time `db:"date_from" json:"date_from"`
@@ -499,6 +506,7 @@ func (q *sqlQuerier) GetAuditLogsOffset(ctx context.Context, arg GetAuditLogsOff
 		arg.ResourceID,
 		arg.ResourceTarget,
 		arg.Action,
+		arg.UserID,
 		arg.Username,
 		arg.Email,
 		arg.DateFrom,

coderd/database/queries/auditlogs.sql

@@ -62,10 +62,16 @@ WHERE
 			action = @action :: audit_action
 		ELSE true
 	END
+	-- Filter by user_id
+	AND CASE
+		WHEN @user_id :: uuid != '00000000-0000-0000-0000-000000000000'::uuid THEN
+			user_id = @user_id
+		ELSE true
+	END
 	-- Filter by username
 	AND CASE
 		WHEN @username :: text != '' THEN
-			users.username = @username
+			user_id = (SELECT id FROM users WHERE lower(username) = lower(@username) AND deleted = false)
 		ELSE true
 	END
 	-- Filter by user_email

docs/admin/audit-logs.md

@@ -37,7 +37,7 @@ The supported filters are:
 - `resource_id` - The ID of the resource.
 - `resource_target` - The name of the resource. Can be used instead of `resource_id`.
 - `action`- The action applied to a resource. You can [find here](https://pkg.go.dev/github.com/coder/coder/codersdk#AuditAction) all the actions that are supported.
-- `username` - The username of the user who triggered the action.
+- `username` - The username of the user who triggered the action. You can also use `me` as a convenient alias for the logged-in user.
 - `email` - The email of the user who triggered the action.
 - `date_from` - The inclusive start date with format `YYYY-MM-DD`.
 - `date_to` - The inclusive end date with format `YYYY-MM-DD`.