Charles-Edouard
/
Easy_solution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor for monolog user activateStatus

This commit is contained in:
Charles 2025-12-03 14:33:28 +01:00
parent 47724734a2
commit 3c789dc68e
2 changed files with 153 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

172
src/Controller/UserController.php
View File

@ -53,6 +53,7 @@ class UserController extends AbstractController
private readonly LoggerInterface $userManagementLogger, private readonly LoggerInterface $userManagementLogger,
private readonly LoggerInterface $organizationManagementLogger, private readonly LoggerInterface $organizationManagementLogger,
private readonly LoggerInterface $errorLogger, private readonly LoggerInterface $errorLogger,
private readonly LoggerInterface $securityLogger,
private readonly LoggerService $loggerService, private readonly LoggerService $loggerService,
private readonly EmailService $emailService, private readonly EmailService $emailService,
private readonly AwsService $awsService, private readonly AwsService $awsService,
@ -185,13 +186,6 @@ class UserController extends AbstractController
} }
$form = $this->createForm(UserForm::class, $user); $form = $this->createForm(UserForm::class, $user);
$form->handleRequest($request); $form->handleRequest($request);
$this->userManagementLogger->notice('Format test', [
'target_user_id' => $user->getId(),
'acting_user_id' => $actingUser->getId(),
'ip' => $request->getClientIp(),
'timestamp' => (new \DateTimeImmutable('now'))->format(DATE_ATOM),
]);
if ($form->isSubmitted() && $form->isValid()) { if ($form->isSubmitted() && $form->isValid()) {
// Handle user edit // Handle user edit
@ -237,7 +231,7 @@ class UserController extends AbstractController
} catch (\Exception $e) { } catch (\Exception $e) {
$this->errorLogger->critical($e->getMessage()); $this->errorLogger->critical($e->getMessage());
} }
$this->SecurityLogger->warning('Access denied on user edit', [ $this->securityLogger->warning('Access denied on user edit', [
'target_user_id' => $id, 'target_user_id' => $id,
'acting_user' => $actingUser?->getId(), 'acting_user' => $actingUser?->getId(),
'ip' => $request->getClientIp(), 'ip' => $request->getClientIp(),
@ -382,90 +376,136 @@ class UserController extends AbstractController
public function activeStatus(int $id, Request $request): JsonResponse public function activeStatus(int $id, Request $request): JsonResponse
{ {
$this->denyAccessUnlessGranted('ROLE_ADMIN'); $this->denyAccessUnlessGranted('ROLE_ADMIN');
$actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier()); $actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier());
$ip = $request->getClientIp();
$status = $request->get('status');
try { try {
if ($this->userService->hasAccessTo($actingUser, true)) { // Access control
if (!$this->userService->hasAccessTo($actingUser, true)) {
$this->securityLogger->warning('Access denied on user status change', [
'target_user_id' => $id,
'acting_user_id' => $actingUser?->getId(),
'acting_identifier' => $actingUser?->getUserIdentifier(),
'requested_status' => $status,
'ip' => $ip,
]);
throw $this->createAccessDeniedException(self::ACCESS_DENIED);
}
// Load target user
$user = $this->userRepository->find($id); $user = $this->userRepository->find($id);
if (!$user) { if (!$user) {
$this->securityLogger->warning('User not found for status change', [
'target_user_id' => $id,
'acting_user_id' => $actingUser->getId(),
'requested_status' => $status,
'ip' => $ip,
]);
throw $this->createNotFoundException(self::NOT_FOUND); throw $this->createNotFoundException(self::NOT_FOUND);
} }
$status = $request->get('status');
// Deactivate
if ($status === 'deactivate') { if ($status === 'deactivate') {
$user->setIsActive(false); $user->setIsActive(false);
$this->userOrganizationService->deactivateAllUserOrganizationLinks($actingUser, $user); $this->userOrganizationService->deactivateAllUserOrganizationLinks($actingUser, $user);
if ($this->userService->isUserConnected($user->getUserIdentifier())) { if ($this->userService->isUserConnected($user->getUserIdentifier())) {
$this->userService->revokeUserTokens($user->getUserIdentifier()); $this->userService->revokeUserTokens($user->getUserIdentifier());
$this->securityLogger->info('User tokens revoked due to deactivation', [
'target_user_id' => $user->getId(),
'target_identifier' => $user->getUserIdentifier(),
'acting_user_id' => $actingUser->getId(),
'ip' => $ip,
]);
} }
$user->setModifiedAt(new \DateTimeImmutable('now')); $user->setModifiedAt(new \DateTimeImmutable('now'));
$this->entityManager->persist($user);
$this->entityManager->flush(); $this->entityManager->flush();
$this->logger->notice("User deactivated " . $user->getUserIdentifier());
$this->actionService->createAction("Deactivate user", $actingUser, null, $user->getUserIdentifier()); $this->userManagementLogger->notice('User deactivated', [
'target_user_id' => $user->getId(),
'target_identifier' => $user->getUserIdentifier(),
'acting_user_id' => $actingUser->getId(),
'ip' => $ip,
]);
if ($this->isGranted('ROLE_SUPER_ADMIN')) {
$this->loggerService->logSuperAdmin(
$user->getId(),
null,
$actingUser->getId(),
$ip,
'Super admin deactivated user'
);
}
$this->actionService->createAction('Deactivate user', $actingUser, null, $user->getUserIdentifier());
return new JsonResponse(['status' => 'deactivated'], Response::HTTP_OK); return new JsonResponse(['status' => 'deactivated'], Response::HTTP_OK);
} }
// Activate
if ($status === 'activate') { if ($status === 'activate') {
$user->setIsActive(true); $user->setIsActive(true);
$user->setModifiedAt(new \DateTimeImmutable('now')); $user->setModifiedAt(new \DateTimeImmutable('now'));
$this->logger->notice("User activated " . $user->getUserIdentifier()); $this->entityManager->flush();
$this->actionService->createAction("Activate user", $actingUser, null, $user->getUserIdentifier());
return new JsonResponse(['status' => 'activated'], Response::HTTP_OK); $this->userManagementLogger->notice('User activated', [
} 'target_user_id' => $user->getId(),
} 'target_identifier' => $user->getUserIdentifier(),
}catch (\Exception $e){ 'acting_user_id' => $actingUser->getId(),
$this->logger->error($e->getMessage()); 'ip' => $ip,
} ]);
throw $this->createNotFoundException(self::NOT_FOUND);
if ($this->isGranted('ROLE_SUPER_ADMIN')) {
$this->loggerService->logSuperAdmin(
$user->getId(),
null,
$actingUser->getId(),
$ip,
'Super admin activated user'
);
} }
#[Route('/organization/activateStatus/{id}', name: 'activate_organization', methods: ['GET', 'POST'])] $this->actionService->createAction('Activate user', $actingUser, null, $user->getUserIdentifier());
public function activateStatusOrganization(int $id, Request $request): JsonResponse{
$this->denyAccessUnlessGranted('ROLE_ADMIN');
$actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier());
try {
if ($this->userService->hasAccessTo($actingUser, true)) {
$orgId = $request->get('organizationId');
$org = $this->organizationRepository->find($orgId);
if (!$org) {
throw $this->createNotFoundException(self::NOT_FOUND);
}
$user = $this->userRepository->find($id);
if (!$user) {
throw $this->createNotFoundException(self::NOT_FOUND);
}
$uo = $this->uoRepository->findOneBy(['users' => $user,
'organization' => $org]);
if (!$uo) {
throw $this->createNotFoundException(self::NOT_FOUND);
}
$status = $request->get('status');
if ($status === 'deactivate') {
$uo->setIsActive(false);
$this->userOrganizationAppService->deactivateAllUserOrganizationsAppLinks($uo);
$this->entityManager->persist($uo);
$this->entityManager->flush();
$data = ['user' => $user,
'organization' => $org];
$this->organizationsService->notifyOrganizationAdmins($data, "USER_DEACTIVATED");
$this->logger->notice("User Organizaton deactivated " . $user->getUserIdentifier());
$this->actionService->createAction("Deactivate user in organization", $actingUser, $org, $org->getName() . " for user " . $user->getUserIdentifier());
return new JsonResponse(['status' => 'deactivated'], Response::HTTP_OK);
}
if($status === "activate"){
$uo->setIsActive(true);
$this->entityManager->persist($uo);
$this->entityManager->flush();
$this->actionService->createAction("Activate user in organization", $actingUser, $org, $org->getName() . " for user " . $user->getUserIdentifier());
$data = ['user' => $user,
'organization' => $org];
$this->organizationsService->notifyOrganizationAdmins($data, "USER_ACTIVATED");
return new JsonResponse(['status' => 'activated'], Response::HTTP_OK); return new JsonResponse(['status' => 'activated'], Response::HTTP_OK);
} }
// Invalid status
$this->loggerService->warning('Invalid status passed to activeStatus', [
'target_user_id' => $user->getId(),
'acting_user_id' => $actingUser->getId(),
'requested_status' => $status,
'ip' => $ip,
]);
return new JsonResponse(['error' => 'Invalid status'], Response::HTTP_BAD_REQUEST);
} catch (\Throwable $e) {
// Application-level error logging → error.log (via error channel)
$this->errorLogger->error('Error in activeStatus', [
'exception_message' => $e->getMessage(),
'exception_class' => get_class($e),
'target_user_id' => $id,
'acting_user_id' => $actingUser?->getId(),
'requested_status' => $status,
'ip' => $ip,
]);
// Preserve 403/404 semantics, 500 for everything else
if ($e instanceof NotFoundHttpException || $e instanceof AccessDeniedException) {
throw $e;
} }
}catch (\Exception $exception){
$this->logger->error($exception->getMessage()); return new JsonResponse(['error' => 'An error occurred'], Response::HTTP_INTERNAL_SERVER_ERROR);
} }
throw $this->createNotFoundException(self::NOT_FOUND);
} }
//TODO : MONOLOG + remove picture from bucket //TODO : MONOLOG + remove picture from bucket

2
src/Service/LoggerService.php
View File

@ -97,7 +97,7 @@ readonly class LoggerService
]); ]);
} }
public function logSuperAdmin(int $userId, ?int $orgId, int $actingUserId, ?string $ip, string $message): void public function logSuperAdmin(int $userId, ?int $orgId = null, int $actingUserId, ?string $ip, string $message): void
{ {
$this->adminActionsLogger->notice($message, [ $this->adminActionsLogger->notice($message, [
'target_user_id' => $userId, 'target_user_id' => $userId,