recording note content and title changes to audit_log

2025-03-01 14:22:32 +01:00 · 2017-09-30 21:18:23 -04:00 · 2017-09-30 21:18:23 -04:00 · 569f7a392d
commit 569f7a392d
parent 470e1fc19f
4 changed files with 19 additions and 2 deletions
--- a/2
+++ b/2
@ -1,7 +1,7 @@
- logout detection
 - conflict detection
  - note title and content changes are not in audit_log table
 - deleting cloned nodes ends with 500 (probably only on folders)
 - what links here
 - recent changes - link to note should lead to the revision
 - db upgrade / migration
+- dates should be stored in UTC to work correctly with time zones
--- a/src/audit_category.py
+++ b/src/audit_category.py
@ -1,4 +1,5 @@
 UPDATE_CONTENT = 'CONTENT'
+UPDATE_TITLE = 'TITLE'
 CHANGE_POSITION = 'POSITION'
 CREATE_NOTE = 'CREATE'
 DELETE_NOTE = 'DELETE'
--- a/src/notes_api.py
+++ b/src/notes_api.py
@ -10,7 +10,7 @@ from flask_login import login_required

 from sql import delete
 from sql import execute, insert, commit
-from sql import getResults, getSingleResult, getOption, addAudit
+from sql import getResults, getSingleResult, getOption, addAudit, deleteRecentAudits

 import audit_category

@ -68,6 +68,14 @@ def updateNote(note_id):
            now
        ])

+    if note['detail']['note_title'] != detail['note_title']:
+        deleteRecentAudits(audit_category.UPDATE_TITLE, request, note_id)
+        addAudit(audit_category.UPDATE_TITLE, request, note_id)
+
+    if note['detail']['note_text'] != detail['note_text']:
+        deleteRecentAudits(audit_category.UPDATE_CONTENT, request, note_id)
+        addAudit(audit_category.UPDATE_CONTENT, request, note_id)
+
    if note['detail']['encryption'] != detail['encryption']:
        addAudit(audit_category.ENCRYPTION, request, note_id, detail['encryption'], note['detail']['encryption'])

--- a/src/sql.py
+++ b/src/sql.py
@ -46,6 +46,14 @@ def addAudit(category, request = None, note_id = None, change_from = None, chang
    execute("INSERT INTO audit_log (date_modified, category, browser_id, note_id, change_from, change_to, comment)"
            " VALUES (?, ?, ?, ?, ?, ?, ?)", [now, category, browser_id, note_id, change_from, change_to, comment])

+def deleteRecentAudits(category, request, note_id):
+    browser_id = request.headers['x-browser-id']
+
+    delete_cutoff = math.floor(time.time()) - 10 * 60;
+
+    execute("DELETE FROM audit_log WHERE category = ? AND browser_id = ? AND note_id = ? AND date_modified > ?",
+            [category, browser_id, note_id, delete_cutoff])
+
 def delete(tablename, note_id):
    execute("DELETE FROM " + tablename + " WHERE note_id = ?", [note_id])