feat: emit audit event+webhook when user is removed from a group (#640)

* feat: emit audit event+webhook when user is removed from a group * emit event as soon as relation is deleted * fix: send group org id instead of platform org id in user removal event
raystack · Jun 14, 2024 · a538c5e · a538c5e
1 parent cb7b3d0
commit a538c5e
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/core/audit/audit.go b/core/audit/audit.go
@@ -52,9 +52,10 @@ const (
 	ServiceUserCreatedEvent EventName = "app.serviceuser.created"
 	ServiceUserDeletedEvent EventName = "app.serviceuser.deleted"
 
-	GroupCreatedEvent EventName = "app.group.created"
-	GroupUpdatedEvent EventName = "app.group.updated"
-	GroupDeletedEvent EventName = "app.group.deleted"
+	GroupCreatedEvent       EventName = "app.group.created"
+	GroupUpdatedEvent       EventName = "app.group.updated"
+	GroupDeletedEvent       EventName = "app.group.deleted"
+	GroupMemberRemovedEvent EventName = "app.group.members.removed"
 
 	RoleCreatedEvent EventName = "app.role.created"
 	RoleUpdatedEvent EventName = "app.role.updated"

diff --git a/core/group/service.go b/core/group/service.go
@@ -307,6 +307,12 @@ func (s Service) AddUsers(ctx context.Context, groupID string, userIDs []string)
 // RemoveUsers removes users from a group as members
 func (s Service) RemoveUsers(ctx context.Context, groupID string, userIDs []string) error {
 	var err error
+
+	group, err := s.repository.GetByID(ctx, groupID)
+	if err != nil {
+		return err
+	}
+
 	for _, userID := range userIDs {
 		// remove all access via policies
 		userPolicies, currentErr := s.policyService.List(ctx, policy.Filter{
@@ -336,7 +342,14 @@ func (s Service) RemoveUsers(ctx context.Context, groupID string, userIDs []stri
 		}); currentErr != nil {
 			err = errors.Join(err, currentErr)
 		}
+
+		if currentErr == nil {
+			audit.GetAuditor(ctx, group.OrganizationID).LogWithAttrs(audit.GroupMemberRemovedEvent, audit.GroupTarget(groupID), map[string]string{
+				"userID": userID,
+			})
+		}
 	}
+
 	return err
 }
 

diff --git a/core/webhook/service.go b/core/webhook/service.go
@@ -107,6 +107,7 @@ func (s Service) Publish(ctx context.Context, evt Event) error {
 		Data:      data,
 		CreatedAt: timestamppb.New(evt.CreatedAt),
 	}
+
 	payload, err := protojson.Marshal(event)
 	if err != nil {
 		logger.Error("failed to marshal event", zap.Error(err))