search

thunderstore-io / Thunderstore

Thunderstore is a mod database and API for downloading mods. Thunderstore Discord: https://discord.thunderstore.io/
https://thunderstore.io/
GNU Affero General Public License v3.0
128 stars 27 forks source link

Make audit event user optional for system logs #980

Closed MythicManiac closed 8 months ago

MythicManiac commented 8 months ago

Make the user field in audit events optional for logs produced by system events.

codecov[bot] commented 8 months ago

Codecov Report

Attention: 5 lines in your changes are missing coverage. Please review.

Comparison is base (874ab10) 93.04% compared to head (4ff9c77) 93.03%.

Files Patch % Lines
django/thunderstore/webhooks/models/audit.py 37.50% 3 Missing and 2 partials :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #980 +/- ## ========================================== - Coverage 93.04% 93.03% -0.01% ========================================== Files 296 296 Lines 8645 8647 +2 Branches 769 770 +1 ========================================== + Hits 8044 8045 +1 Misses 498 498 - Partials 103 104 +1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

MythicManiac commented 8 months ago

I was debating on creating a migration that creates a dedicated user for the "System user" so we can use the same flow for all events, but that quickly turned into a much more complex operation than what I had time to implement in the moment so this is what we have for now.

I do think we should do all permission checks through users and simply create a root user of some kind for system operations (fake or otherwise). Making it an actual user has some security implications though so it's probably best to keep it as a code-only accessible user.