Merge pull request #148 from eduNEXT/and/decorate_apis

And/decorate APIs
eduNEXT · May 28, 2021 · 5c141cc · 5c141cc
2 parents 3f7477b + ae6ddc7
commit 5c141cc
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 0 deletions.
diff --git a/eox_core/api/support/v1/views.py b/eox_core/api/support/v1/views.py
@@ -21,6 +21,7 @@
 from eox_core.edxapp_wrapper.bearer_authentication import BearerAuthentication
 from eox_core.edxapp_wrapper.comments_service_users import replace_username_cs_user
 from eox_core.edxapp_wrapper.users import delete_edxapp_user, get_edxapp_user
+from eox_core.integrations.audit_wrapper import audit_api_wrapper
 
 LOG = logging.getLogger(__name__)
 
@@ -34,6 +35,7 @@ class EdxappUser(UserQueryMixin, APIView):
     permission_classes = (EoxCoreSupportAPIPermission,)
     renderer_classes = (JSONRenderer, BrowsableAPIRenderer)
 
+    @audit_api_wrapper(action='Remove edxapp User.')
     def delete(self, request, *args, **kwargs):  # pylint: disable=too-many-locals
         """
         Allows to safely remove an edxapp User.
@@ -76,6 +78,7 @@ class EdxappReplaceUsername(UserQueryMixin, APIView):
     permission_classes = (EoxCoreSupportAPIPermission,)
     renderer_classes = (JSONRenderer, BrowsableAPIRenderer)
 
+    @audit_api_wrapper(action="Update an Edxapp user's Username.")
     def patch(self, request, *args, **kwargs):
         """
         Allows to safely update an Edxapp user's Username along with the

diff --git a/eox_core/api/task_dispatcher/v1/views.py b/eox_core/api/task_dispatcher/v1/views.py
@@ -13,6 +13,7 @@
 from rest_framework.views import APIView
 
 from eox_core.edxapp_wrapper.bearer_authentication import BearerAuthentication
+from eox_core.integrations.audit_wrapper import audit_api_wrapper
 
 LOG = logging.getLogger(__name__)
 
@@ -52,6 +53,7 @@ def get(self, request):
 
         return Response({"result": str(result), "status": str(async_result.status)})
 
+    @audit_api_wrapper(action='exo-core Task dispatcher.')
     def post(self, request):
         """
         Dispatches a task to a celery worker. The task must be registered in the worker

diff --git a/eox_core/api/v1/views.py b/eox_core/api/v1/views.py
@@ -40,6 +40,7 @@
     update_pre_enrollment,
 )
 from eox_core.edxapp_wrapper.users import create_edxapp_user, get_edxapp_user
+from eox_core.integrations.audit_wrapper import audit_api_wrapper
 
 LOG = logging.getLogger(__name__)
 
@@ -112,6 +113,11 @@ class EdxappUser(UserQueryMixin, APIView):
     permission_classes = (EoxCoreAPIPermission,)
     renderer_classes = (JSONRenderer, BrowsableAPIRenderer)
 
+    @audit_api_wrapper(action='Create edxapp user', data_filter=[
+        'email',
+        'username',
+        'fullname',
+    ])
     def post(self, request, *args, **kwargs):
         """
         Creates the users on edxapp
@@ -160,6 +166,10 @@ class EdxappUserUpdater(UserQueryMixin, APIView):
     permission_classes = (EoxCoreAPIPermission,)
     renderer_classes = (JSONRenderer, BrowsableAPIRenderer)
 
+    @audit_api_wrapper(action='Partially update a user from edxapp', data_filter=[
+        'email',
+        'is_active',
+    ])
     def patch(self, request, *args, **kwargs):
         """
         Partially update a user from edxapp. Not all the fields can be updated, just the ones thought as `safe`.
@@ -217,6 +227,7 @@ class EdxappEnrollment(UserQueryMixin, APIView):
             400: "Bad request, invalid course_id or missing either email or username.",
         },
     )
+    @audit_api_wrapper(action='Create single or bulk enrollments')
     def post(self, request, *args, **kwargs):
         """
         Handle creation of single or bulk enrollments
@@ -308,6 +319,7 @@ def post(self, request, *args, **kwargs):
             400: "Bad request, invalid course_id or missing either email or username.",
         },
     )
+    @audit_api_wrapper(action='Update enrollments on edxapp')
     def put(self, request, *args, **kwargs):
         """
         Update enrollments on edxapp
@@ -452,6 +464,7 @@ def get(self, request, *args, **kwargs):
             404: "User or course not found",
         },
     )
+    @audit_api_wrapper(action='Delete enrollment on edxapp.')
     def delete(self, request, *args, **kwargs):
         """
         Delete enrollment on edxapp
@@ -576,6 +589,7 @@ class EdxappPreEnrollment(APIView):
     permission_classes = (EoxCoreAPIPermission,)
     renderer_classes = (JSONRenderer, BrowsableAPIRenderer)
 
+    @audit_api_wrapper(action='Create whitelistings on edxapp.')
     def post(self, request, *args, **kwargs):
         """
         Create whitelistings on edxapp
@@ -590,6 +604,7 @@ def post(self, request, *args, **kwargs):
         ).data
         return Response(response_data)
 
+    @audit_api_wrapper(action='Update whitelistings on edxapp.')
     def put(self, request, *args, **kwargs):
         """
         Update whitelistings on edxapp
@@ -615,6 +630,7 @@ def put(self, request, *args, **kwargs):
         response = EdxappCoursePreEnrollmentSerializer(updated_pre_enrollment).data
         return Response(response)
 
+    @audit_api_wrapper(action='Delete whitelistings on edxapp.')
     def delete(self, request, *args, **kwargs):
         """
         Delete whitelistings on edxapp