diff --git a/src/Controller/OrganizationController.php b/src/Controller/OrganizationController.php index 0d74bd2..a615a41 100644 --- a/src/Controller/OrganizationController.php +++ b/src/Controller/OrganizationController.php @@ -12,14 +12,17 @@ use App\Form\OrganizationForm; use App\Repository\OrganizationsRepository; use App\Service\ActionService; use App\Service\AwsService; +use App\Service\LoggerService; use App\Service\OrganizationsService; use App\Service\UserOrganizationService; use App\Service\UserService; use Doctrine\ORM\EntityManagerInterface; use Exception; +use Psr\Log\LoggerInterface; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\Routing\Attribute\Route; use App\Entity\Organizations; use Symfony\Component\HttpFoundation\Response; @@ -37,7 +40,7 @@ class OrganizationController extends AbstractController private readonly ActionService $actionService, private readonly UserOrganizationService $userOrganizationService, private readonly OrganizationsRepository $organizationsRepository, - private readonly AwsService $awsService) + private readonly AwsService $awsService, private readonly LoggerService $loggerService, private readonly LoggerInterface $logger) { } @@ -50,7 +53,6 @@ class OrganizationController extends AbstractController if ($this->isGranted("ROLE_SUPER_ADMIN")) { $organizations = $this->organizationsRepository->findBy(['isDeleted' => false]); - } else { //get all the UO of the user $uos = $this->entityManager->getRepository(UsersOrganizations::class)->findBy(['users' => $user]); @@ -100,6 +102,8 @@ class OrganizationController extends AbstractController try { $this->entityManager->persist($organization); $this->entityManager->flush(); + $this->loggerService->logOrganizationInformation($organization->getId(), $actingUser->getId(), "Organization Created"); + $this->loggerService->logSuperAdmin($actingUser->getId(), $organization->getId(), $actingUser->getId(), "Organization Created"); $this->actionService->createAction("Create Organization", $actingUser, $organization, $organization->getName()); return $this->redirectToRoute('organization_index'); } catch (Exception $e) { @@ -124,20 +128,33 @@ class OrganizationController extends AbstractController $actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier()); $organization = $this->organizationsRepository->find($id); if (!$organization) { + $this->loggerService->logEntityNotFound('Organization', [ + 'org_id' => $id, + 'message' => 'Organization not found for edit'], $actingUser->getId() + ); $this->addFlash('error', self::NOT_FOUND); return $this->redirectToRoute('organization_index'); } if (!$this->isGranted("ROLE_SUPER_ADMIN")) { //check if the user is admin of the organization - $user = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier()); - $uo = $this->entityManager->getRepository(UsersOrganizations::class)->findOneBy(['users' => $user, 'organization' => $organization]); + $uo = $this->entityManager->getRepository(UsersOrganizations::class)->findOneBy(['users' => $actingUser, 'organization' => $organization]); if (!$uo) { + $this->loggerService->logEntityNotFound('UO link', [ + 'user_id' => $actingUser->getId(), + 'org_id' => $organization->getId(), + 'message' => 'UO link not found for edit organization' + ], $actingUser->getId()); $this->addFlash('error', self::ACCESS_DENIED); return $this->redirectToRoute('organization_index'); } $roleAdmin = $this->entityManager->getRepository(Roles::class)->findOneBy(['name' => 'ADMIN']); $uoaAdmin = $this->entityManager->getRepository(UserOrganizatonApp::class)->findOneBy(['userOrganization' => $uo, 'role' => $roleAdmin]); if (!$uoaAdmin) { + $this->loggerService->logEntityNotFound('UOA link', [ + 'uo_id' => $uo->getId(), + 'role_id' => $roleAdmin->getId(), + 'message' => 'UOA link not found for edit organization, user is not admin of organization' + ], $actingUser->getId()); $this->addFlash('error', self::ACCESS_DENIED); return $this->redirectToRoute('organization_index'); } @@ -152,6 +169,10 @@ class OrganizationController extends AbstractController try { $this->entityManager->persist($organization); $this->entityManager->flush(); + $this->loggerService->logOrganizationInformation($organization->getId(), $actingUser->getId(), "Organization Edited"); + if ($this->isGranted("ROLE_SUPER_ADMIN")) { + $this->loggerService->logSuperAdmin($actingUser->getId(), $organization->getId(), $actingUser->getId(), "Organization Edited"); + } $this->actionService->createAction("Edit Organization", $actingUser, $organization, $organization->getName()); return $this->redirectToRoute('organization_index'); } catch (Exception $e) { @@ -171,28 +192,18 @@ class OrganizationController extends AbstractController $organization = $this->organizationsRepository->find($id); $actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier()); if (!$organization) { + $this->loggerService->logEntityNotFound('Organization', [ + 'org_id' => $id, + 'message' => 'Organization not found for view' + ], $actingUser->getId()); $this->addFlash('error', self::NOT_FOUND); return $this->redirectToRoute('organization_index'); } //check if the user is admin of the organization - if (!$this->isGranted("ROLE_SUPER_ADMIN") && !$this->userService->isAdminOfOrganization($organization)) { - $this->createNotFoundException(self::NOT_FOUND); + if (!$this->userService->isAdminOfOrganization($organization) && !$this->isGranted("ROLE_SUPER_ADMIN")) { + $this->loggerService->logAccessDenied($actingUser->getId()); + throw new AccessDeniedHttpException('Access denied'); } - $newUO = $this->entityManager->getRepository(UsersOrganizations::class)->findNewestUO($organization); - $newUsers = []; - foreach ($newUO as $uo) { - $newUsers[] = $uo->getUsers(); - } - $adminUO = $this->entityManager->getRepository(UsersOrganizations::class)->findAdminsInOrganization($organization); - $adminUsers = []; - foreach ($adminUO as $uo) { - $adminUsers[] = $uo->getUsers(); - } - $uos = $this->entityManager - ->getRepository(UsersOrganizations::class) - ->findBy(['organization' => $organization]); - - $users = $this->userService->formatOrgUsers($uos); $allApps = $this->entityManager->getRepository(Apps::class)->findAll(); // appsAll $orgApps = $organization->getApps()->toArray(); // apps @@ -205,9 +216,6 @@ class OrganizationController extends AbstractController $this->actionService->createAction("View Organization", $actingUser, $organization, $organization->getName()); return $this->render('organization/show.html.twig', [ 'organization' => $organization, - 'newUsers' => $newUsers, - 'adminUsers' => $adminUsers, - 'users' => $users, 'applications' => $apps, 'activities' => $activities, ]); @@ -220,15 +228,25 @@ class OrganizationController extends AbstractController $actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier()); $organization = $this->organizationsRepository->find($id); if (!$organization) { + $this->loggerService->logEntityNotFound('Organization', [ + 'org_id' => $id, + 'message' => 'Organization not found for delete' + ], $actingUser->getId()); throw $this->createNotFoundException(self::NOT_FOUND); } - $organization->setIsActive(false); - $organization->setIsDeleted(true); - // Deactivate all associated UsersOrganizations - $this->userOrganizationService->deactivateAllUserOrganizationLinks($actingUser, null, $organization); + try { + $organization->setIsActive(false); + $organization->setIsDeleted(true); + // Deactivate all associated UsersOrganizations + $this->userOrganizationService->deactivateAllUserOrganizationLinks($actingUser, null, $organization); + + $this->entityManager->persist($organization); + $this->actionService->createAction("Delete Organization", $actingUser, $organization, $organization->getName()); + }catch (\Exception $e){ + $this->loggerService->logError($actingUser->getId(), ['message' => 'Error deleting organization: '.$e->getMessage()]); + $this->addFlash('error', 'Error deleting organization: ' . $e->getMessage()); + } - $this->entityManager->persist($organization); - $this->actionService->createAction("Delete Organization", $actingUser, $organization, $organization->getName()); return $this->redirectToRoute('organization_index'); } @@ -239,12 +257,19 @@ class OrganizationController extends AbstractController $actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier()); $organization = $this->organizationsRepository->find($id); if (!$organization) { + $this->loggerService->logEntityNotFound('Organization', [ + 'org_id' => $id, + 'message' => 'Organization not found for deactivate' + ], $actingUser->getId()); throw $this->createNotFoundException(self::NOT_FOUND); } + $organization->setIsActive(false); // $this->userOrganizationService->deactivateAllUserOrganizationLinks($actingUser, null, $organization); $this->entityManager->persist($organization); $this->actionService->createAction("Deactivate Organization", $actingUser, $organization, $organization->getName()); + $this->loggerService->logSuperAdmin($actingUser->getId(), $organization->getId(), $actingUser->getId(),'Organization deactivated'); + return $this->redirectToRoute('organization_index'); } @@ -255,10 +280,16 @@ class OrganizationController extends AbstractController $actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier()); $organization = $this->organizationsRepository->find($id); if (!$organization) { + $this->loggerService->logEntityNotFound('Organization', [ + 'org_id' => $id, + 'message' => 'Organization not found for activate' + ], $actingUser->getId()); throw $this->createNotFoundException(self::NOT_FOUND); } $organization->setIsActive(true); $this->entityManager->persist($organization); + $this->loggerService->logOrganizationInformation($organization->getId(), $actingUser->getId(),'Organization Activated'); + $this->loggerService->logSuperAdmin($actingUser->getId(), $organization->getId(), $actingUser->getId(),'Organization Activated'); $this->actionService->createAction("Activate Organization", $actingUser, $organization, $organization->getName()); return $this->redirectToRoute('organization_index'); } @@ -276,8 +307,6 @@ class OrganizationController extends AbstractController $filters = $request->query->all('filter'); - $user = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier()); - $qb = $this->organizationsRepository->createQueryBuilder('o') ->where('o.isDeleted = :del')->setParameter('del', false); diff --git a/src/Service/LoggerService.php b/src/Service/LoggerService.php index bcb05c6..db25e2c 100644 --- a/src/Service/LoggerService.php +++ b/src/Service/LoggerService.php @@ -16,6 +16,7 @@ readonly class LoggerService private LoggerInterface $adminActionsLogger, private LoggerInterface $securityLogger, private LoggerInterface $errorLogger, + private LoggerInterface $awsLogger, private RequestStack $requestStack, ) {} @@ -155,18 +156,18 @@ readonly class LoggerService public function logEntityNotFound(string $entityType, array $criteria, ?int $actingUserId): void { - $this->errorLogger->warning('Entity not found', [ + $this->errorLogger->error('Entity not found', array_merge($criteria, [ 'entity_type' => $entityType, - 'criteria' => $criteria, 'acting_user_id' => $actingUserId, 'ip' => $this->requestStack->getCurrentRequest()?->getClientIp() ?? 'unknown', 'timestamp' => $this->now(), - ]); + 'page_accessed' => $_SERVER['REQUEST_URI'] ?? 'unknown', + ])); } public function logAWSAction(string $action, array $details): void { - $this->securityLogger->info("AWS action performed: $action", array_merge($details, [ + $this->awsLogger->info("AWS action performed: $action", array_merge($details, [ 'ip' => $this->requestStack->getCurrentRequest()?->getClientIp() ?? 'unknown', 'timestamp' => $this->now(), ])); @@ -174,7 +175,7 @@ readonly class LoggerService public function logTokenRevocation(string $message, array $array): void { - $this->securityLogger->notice($message, array_merge($array, [ + $this->securityLogger->warning($message, array_merge($array, [ 'ip' => $this->requestStack->getCurrentRequest()?->getClientIp() ?? 'unknown', 'timestamp' => $this->now(), ])); @@ -182,7 +183,7 @@ readonly class LoggerService public function logUOALinkDeactivated(int $uoaId, int $appId, int $roleId): void { - $this->securityLogger->notice('UOA link deactivated', [ + $this->organizationManagementLogger->notice('UOA link deactivated', [ 'uoa_id' => $uoaId, 'app_id' => $appId, 'role_id' => $roleId,