diff --git a/core/audit/audit.go b/core/audit/audit.go index 411226b0f..ac597be41 100644 --- a/core/audit/audit.go +++ b/core/audit/audit.go @@ -52,9 +52,10 @@ const ( ServiceUserCreatedEvent EventName = "app.serviceuser.created" ServiceUserDeletedEvent EventName = "app.serviceuser.deleted" - GroupCreatedEvent EventName = "app.group.created" - GroupUpdatedEvent EventName = "app.group.updated" - GroupDeletedEvent EventName = "app.group.deleted" + GroupCreatedEvent EventName = "app.group.created" + GroupUpdatedEvent EventName = "app.group.updated" + GroupDeletedEvent EventName = "app.group.deleted" + GroupMemberRemovedEvent EventName = "app.group.members.removed" RoleCreatedEvent EventName = "app.role.created" RoleUpdatedEvent EventName = "app.role.updated" diff --git a/core/group/service.go b/core/group/service.go index 09ad22877..d4494d9da 100644 --- a/core/group/service.go +++ b/core/group/service.go @@ -307,6 +307,12 @@ func (s Service) AddUsers(ctx context.Context, groupID string, userIDs []string) // RemoveUsers removes users from a group as members func (s Service) RemoveUsers(ctx context.Context, groupID string, userIDs []string) error { var err error + + group, err := s.repository.GetByID(ctx, groupID) + if err != nil { + return err + } + for _, userID := range userIDs { // remove all access via policies userPolicies, currentErr := s.policyService.List(ctx, policy.Filter{ @@ -336,7 +342,14 @@ func (s Service) RemoveUsers(ctx context.Context, groupID string, userIDs []stri }); currentErr != nil { err = errors.Join(err, currentErr) } + + if currentErr == nil { + audit.GetAuditor(ctx, group.OrganizationID).LogWithAttrs(audit.GroupMemberRemovedEvent, audit.GroupTarget(groupID), map[string]string{ + "userID": userID, + }) + } } + return err } diff --git a/core/webhook/service.go b/core/webhook/service.go index 553962f3a..461df7587 100644 --- a/core/webhook/service.go +++ b/core/webhook/service.go @@ -107,6 +107,7 @@ func (s Service) Publish(ctx context.Context, evt Event) error { Data: data, CreatedAt: timestamppb.New(evt.CreatedAt), } + payload, err := protojson.Marshal(event) if err != nil { logger.Error("failed to marshal event", zap.Error(err))