Skip to content

Resolve "Add project download/export audit event"

Manoj M J requested to merge 4550-add-project-download-export-audit-event into master

What does this MR do?

Issue: https://gitlab.com/gitlab-org/gitlab-ee/issues/4550 CE Port: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31103

  • Adds audit log when downloading the export of a project

Screenshot_2019-07-24_at_7.28.34_PM

  • Adds audit log when downloading archive for a public project when the user is unauthenticated - via UI
  • Adds audit log when downloading archive of a project when the user is logged in - via UI

Screenshot_2019-07-26_at_11.18.30_AM

  • Adds audit log when downloading archive of a public project when the user is unauthenticated - via API
  • Adds audit log when downloading archive of a project when the user is logged in - via API

Screenshot_2019-07-26_at_11.19.23_AM

Side effect: For password reset audit event, the author name changes from (removed) to An unauthenticated user

Before: Screenshot_2019-07-26_at_12.07.57_PM

After: Screenshot_2019-07-26_at_12.02.39_PM

Does this MR meet the acceptance criteria?

Conformity

Performance and testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Manoj M J

Merge request reports

Loading