Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Test that a deleted backup makes an audit log entry

Browse source
This commit is contained in:
Dane Everitt 2021-07-11 12:15:39 -07:00
parent d33522c857
commit d3e3b1db38
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
4 changed files with 83 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/Models/AuditLog.php
View file

@ -69,6 +69,7 @@ class AuditLog extends Model
* @var string[] * @var string[]
*/ */
protected $casts = [ protected $casts = [
'is_system' => 'bool',
'device' => 'array', 'device' => 'array',
'metadata' => 'array', 'metadata' => 'array',
]; ];

11
app/Models/Backup.php
View file

@ -21,6 +21,7 @@ use Illuminate\Database\Eloquent\SoftDeletes;
* @property \Carbon\CarbonImmutable $updated_at * @property \Carbon\CarbonImmutable $updated_at
* @property \Carbon\CarbonImmutable|null $deleted_at * @property \Carbon\CarbonImmutable|null $deleted_at
* @property \Pterodactyl\Models\Server $server * @property \Pterodactyl\Models\Server $server
* @property \Pterodactyl\Models\AuditLog[] $audits
*/ */
class Backup extends Model class Backup extends Model
{ {
@ -98,4 +99,14 @@ class Backup extends Model
{ {
return $this->belongsTo(Server::class); return $this->belongsTo(Server::class);
} }
/**
* @return \Illuminate\Database\Eloquent\Relations\HasMany
*/
public function audits()
{
return $this->hasMany(AuditLog::class, 'metadata->backup_uuid', 'uuid')
->where('action', 'LIKE', 'server:backup.%');
// ->where('metadata->backup_uuid', $this->uuid);
}
} }

8
tests/Integration/Api/Client/ClientApiIntegrationTestCase.php
View file

@ -7,6 +7,7 @@ use Pterodactyl\Models\Node;
use Pterodactyl\Models\Task; use Pterodactyl\Models\Task;
use Pterodactyl\Models\User; use Pterodactyl\Models\User;
use Webmozart\Assert\Assert; use Webmozart\Assert\Assert;
use InvalidArgumentException;
use Pterodactyl\Models\Backup; use Pterodactyl\Models\Backup;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Pterodactyl\Models\Subuser; use Pterodactyl\Models\Subuser;
@ -60,8 +61,6 @@ abstract class ClientApiIntegrationTestCase extends IntegrationTestCase
*/ */
protected function link($model, $append = null): string protected function link($model, $append = null): string
{ {
Assert::isInstanceOfAny($model, [Server::class, Schedule::class, Task::class, Allocation::class]);
$link = ''; $link = '';
switch (get_class($model)) { switch (get_class($model)) {
case Server::class: case Server::class:
@ -76,6 +75,11 @@ abstract class ClientApiIntegrationTestCase extends IntegrationTestCase
case Allocation::class: case Allocation::class:
$link = "/api/client/servers/{$model->server->uuid}/network/allocations/{$model->id}"; $link = "/api/client/servers/{$model->server->uuid}/network/allocations/{$model->id}";
break; break;
case Backup::class:
$link = "/api/client/servers/{$model->server->uuid}/backups/{$model->uuid}";
break;
default:
throw new InvalidArgumentException(sprintf('Cannot create link for Model of type %s', class_basename($model)));
} }
return $link . ($append ? '/' . ltrim($append, '/') : ''); return $link . ($append ? '/' . ltrim($append, '/') : '');

65
tests/Integration/Api/Client/Server/Backup/DeleteBackupTest.php Normal file
View file

@ -0,0 +1,65 @@
<?php
namespace Pterodactyl\Tests\Integration\Api\Client\Server\Backup;
use Mockery;
use Illuminate\Http\Response;
use Pterodactyl\Models\Backup;
use Pterodactyl\Models\AuditLog;
use Pterodactyl\Models\Permission;
use Pterodactyl\Repositories\Wings\DaemonBackupRepository;
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
class DeleteBackupTest extends ClientApiIntegrationTestCase
{
private $repository;
public function setUp(): void
{
parent::setUp();
$this->repository = $this->mock(DaemonBackupRepository::class);
}
public function testUserWithoutPermissionCannotDeleteBackup()
{
[$user, $server] = $this->generateTestAccount([Permission::ACTION_BACKUP_CREATE]);
$backup = Backup::factory()->create(['server_id' => $server->id]);
$this->actingAs($user)->deleteJson($this->link($backup))
->assertStatus(Response::HTTP_FORBIDDEN);
}
/**
* Tests that a backup can be deleted for a server and that it is properly updated
* in the database. Once deleted there should also be a corresponding record in the
* audit logs table for this API call.
*/
public function testBackupCanBeDeleted()
{
[$user, $server] = $this->generateTestAccount([Permission::ACTION_BACKUP_DELETE]);
/** @var \Pterodactyl\Models\Backup $backup */
$backup = Backup::factory()->create(['server_id' => $server->id]);
$this->repository->expects('setServer->delete')->with(Mockery::on(function ($value) use ($backup) {
return $value instanceof Backup && $value->uuid === $backup->uuid;
}))->andReturn(new Response());
$this->actingAs($user)->deleteJson($this->link($backup))->assertStatus(Response::HTTP_NO_CONTENT);
$backup->refresh();
$this->assertNotNull($backup->deleted_at);
$this->actingAs($user)->deleteJson($this->link($backup))->assertStatus(Response::HTTP_NOT_FOUND);
$event = $backup->audits()->where('action', AuditLog::SERVER__BACKUP_DELETED)->latest()->first();
$this->assertNotNull($event);
$this->assertFalse($event->is_system);
$this->assertEquals($backup->server_id, $event->server_id);
$this->assertEquals($user->id, $event->user_id);
}
}