forked from Alex/Pterodactyl-Panel
Test that a deleted backup makes an audit log entry
This commit is contained in:
parent
d33522c857
commit
d3e3b1db38
@ -69,6 +69,7 @@ class AuditLog extends Model
|
||||
* @var string[]
|
||||
*/
|
||||
protected $casts = [
|
||||
'is_system' => 'bool',
|
||||
'device' => 'array',
|
||||
'metadata' => 'array',
|
||||
];
|
||||
|
@ -21,6 +21,7 @@ use Illuminate\Database\Eloquent\SoftDeletes;
|
||||
* @property \Carbon\CarbonImmutable $updated_at
|
||||
* @property \Carbon\CarbonImmutable|null $deleted_at
|
||||
* @property \Pterodactyl\Models\Server $server
|
||||
* @property \Pterodactyl\Models\AuditLog[] $audits
|
||||
*/
|
||||
class Backup extends Model
|
||||
{
|
||||
@ -98,4 +99,14 @@ class Backup extends Model
|
||||
{
|
||||
return $this->belongsTo(Server::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return \Illuminate\Database\Eloquent\Relations\HasMany
|
||||
*/
|
||||
public function audits()
|
||||
{
|
||||
return $this->hasMany(AuditLog::class, 'metadata->backup_uuid', 'uuid')
|
||||
->where('action', 'LIKE', 'server:backup.%');
|
||||
// ->where('metadata->backup_uuid', $this->uuid);
|
||||
}
|
||||
}
|
||||
|
@ -7,6 +7,7 @@ use Pterodactyl\Models\Node;
|
||||
use Pterodactyl\Models\Task;
|
||||
use Pterodactyl\Models\User;
|
||||
use Webmozart\Assert\Assert;
|
||||
use InvalidArgumentException;
|
||||
use Pterodactyl\Models\Backup;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Subuser;
|
||||
@ -60,8 +61,6 @@ abstract class ClientApiIntegrationTestCase extends IntegrationTestCase
|
||||
*/
|
||||
protected function link($model, $append = null): string
|
||||
{
|
||||
Assert::isInstanceOfAny($model, [Server::class, Schedule::class, Task::class, Allocation::class]);
|
||||
|
||||
$link = '';
|
||||
switch (get_class($model)) {
|
||||
case Server::class:
|
||||
@ -76,6 +75,11 @@ abstract class ClientApiIntegrationTestCase extends IntegrationTestCase
|
||||
case Allocation::class:
|
||||
$link = "/api/client/servers/{$model->server->uuid}/network/allocations/{$model->id}";
|
||||
break;
|
||||
case Backup::class:
|
||||
$link = "/api/client/servers/{$model->server->uuid}/backups/{$model->uuid}";
|
||||
break;
|
||||
default:
|
||||
throw new InvalidArgumentException(sprintf('Cannot create link for Model of type %s', class_basename($model)));
|
||||
}
|
||||
|
||||
return $link . ($append ? '/' . ltrim($append, '/') : '');
|
||||
|
@ -0,0 +1,65 @@
|
||||
<?php
|
||||
|
||||
namespace Pterodactyl\Tests\Integration\Api\Client\Server\Backup;
|
||||
|
||||
use Mockery;
|
||||
use Illuminate\Http\Response;
|
||||
use Pterodactyl\Models\Backup;
|
||||
use Pterodactyl\Models\AuditLog;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Repositories\Wings\DaemonBackupRepository;
|
||||
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
|
||||
class DeleteBackupTest extends ClientApiIntegrationTestCase
|
||||
{
|
||||
private $repository;
|
||||
|
||||
public function setUp(): void
|
||||
{
|
||||
parent::setUp();
|
||||
|
||||
$this->repository = $this->mock(DaemonBackupRepository::class);
|
||||
}
|
||||
|
||||
public function testUserWithoutPermissionCannotDeleteBackup()
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_BACKUP_CREATE]);
|
||||
|
||||
$backup = Backup::factory()->create(['server_id' => $server->id]);
|
||||
|
||||
$this->actingAs($user)->deleteJson($this->link($backup))
|
||||
->assertStatus(Response::HTTP_FORBIDDEN);
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests that a backup can be deleted for a server and that it is properly updated
|
||||
* in the database. Once deleted there should also be a corresponding record in the
|
||||
* audit logs table for this API call.
|
||||
*/
|
||||
public function testBackupCanBeDeleted()
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_BACKUP_DELETE]);
|
||||
|
||||
/** @var \Pterodactyl\Models\Backup $backup */
|
||||
$backup = Backup::factory()->create(['server_id' => $server->id]);
|
||||
|
||||
$this->repository->expects('setServer->delete')->with(Mockery::on(function ($value) use ($backup) {
|
||||
return $value instanceof Backup && $value->uuid === $backup->uuid;
|
||||
}))->andReturn(new Response());
|
||||
|
||||
$this->actingAs($user)->deleteJson($this->link($backup))->assertStatus(Response::HTTP_NO_CONTENT);
|
||||
|
||||
$backup->refresh();
|
||||
|
||||
$this->assertNotNull($backup->deleted_at);
|
||||
|
||||
$this->actingAs($user)->deleteJson($this->link($backup))->assertStatus(Response::HTTP_NOT_FOUND);
|
||||
|
||||
$event = $backup->audits()->where('action', AuditLog::SERVER__BACKUP_DELETED)->latest()->first();
|
||||
|
||||
$this->assertNotNull($event);
|
||||
$this->assertFalse($event->is_system);
|
||||
$this->assertEquals($backup->server_id, $event->server_id);
|
||||
$this->assertEquals($user->id, $event->user_id);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user