Adding audit trail actions into the publish, yank and unyank transactions.

Author: markcatley

src/controllers/krate/publish.rs

@@ -12,7 +12,10 @@ use crate::util::{read_fill, read_le_u32};
 
 use crate::controllers::prelude::*;
 use crate::models::dependency;
-use crate::models::{Badge, Category, Keyword, NewCrate, NewVersion, Rights, User};
+use crate::models::{
+    Badge, Category, Keyword, NewCrate, NewVersion, NewVersionOwnerAction, Rights, User,
+    VersionAction,
+};
 use crate::views::{EncodableCrateUpload, GoodCrate, PublishWarnings};
 
 /// Handles the `PUT /crates/new` route.
@@ -149,6 +152,14 @@ pub fn publish(req: &mut dyn Request) -> CargoResult<Response> {
         )?
         .save(&conn, &new_crate.authors, &verified_email_address)?;
 
+        NewVersionOwnerAction::new(
+            version.id,
+            user.id,
+            req.authentication_source()?.api_token_id(),
+            VersionAction::Publish,
+        )
+        .save(&conn)?;
+
         // Link this new version to all dependencies
         let git_deps = dependency::add_dependencies(&conn, &new_crate.deps, version.id)?;
 

src/controllers/version/yank.rs

@@ -4,7 +4,7 @@ use crate::controllers::prelude::*;
 
 use crate::git;
 
-use crate::models::Rights;
+use crate::models::{NewVersionOwnerAction, Rights, VersionAction};
 
 use super::version_and_crate;
 
@@ -35,6 +35,14 @@ fn modify_yank(req: &mut dyn Request, yanked: bool) -> CargoResult<Response> {
     if user.rights(req.app(), &owners)? < Rights::Publish {
         return Err(human("must already be an owner to yank or unyank"));
     }
+    let action = if yanked {
+        VersionAction::Yank
+    } else {
+        VersionAction::Unyank
+    };
+    let api_token_id = req.authentication_source()?.api_token_id();
+
+    NewVersionOwnerAction::new(version.id, user.id, api_token_id, action).save(&conn)?;
 
     git::yank(&conn, krate.name, version, yanked)?;
 

src/middleware/current_user.rs

@@ -87,3 +87,12 @@ impl<'a> RequestUser for dyn Request + 'a {
             .chain_error(|| Unauthorized)
     }
 }
+
+impl AuthenticationSource {
+    pub fn api_token_id(&self) -> Option<i32> {
+        match self {
+            AuthenticationSource::SessionCookie => None,
+            AuthenticationSource::ApiToken(token_id) => Some(*token_id),
+        }
+    }
+}