From 0de5dac34c4c414158e43e8227d411bfa48848da Mon Sep 17 00:00:00 2001
From: jkoberg <jkoberg@owncloud.com>
Date: Fri, 11 Mar 2022 13:49:34 +0100
Subject: [PATCH] share/link removed events

Signed-off-by: jkoberg <jkoberg@owncloud.com>
---
 audit/pkg/service/service.go  |  4 ++++
 audit/pkg/types/constants.go  | 13 ++++++++++-
 audit/pkg/types/conversion.go | 44 +++++++++++++++++++++++++++++++++++
 audit/pkg/types/events.go     |  2 ++
 audit/pkg/types/types.go      |  8 +++++++
 5 files changed, 70 insertions(+), 1 deletion(-)

diff --git a/audit/pkg/service/service.go b/audit/pkg/service/service.go
index 64321f025..e60d0649c 100644
--- a/audit/pkg/service/service.go
+++ b/audit/pkg/service/service.go
@@ -51,6 +51,10 @@ func StartAuditLogger(ctx context.Context, ch <-chan interface{}, log log.Logger
 				auditEvent = types.ShareUpdated(ev)
 			case events.LinkUpdated:
 				auditEvent = types.LinkUpdated(ev)
+			case events.ShareRemoved:
+				auditEvent = types.ShareRemoved(ev)
+			case events.LinkRemoved:
+				auditEvent = types.LinkRemoved(ev)
 			default:
 				log.Error().Interface("event", ev).Msg(fmt.Sprintf("can't handle event of type '%T'", ev))
 				continue
diff --git a/audit/pkg/types/constants.go b/audit/pkg/types/constants.go
index 162a1e318..2d954bb0b 100644
--- a/audit/pkg/types/constants.go
+++ b/audit/pkg/types/constants.go
@@ -4,11 +4,12 @@ import "fmt"
 
 // short identifiers for audit actions
 const (
-	ActionShareCreated            = "share_created"
+	ActionShareCreated            = "file_shared"
 	ActionSharePermissionUpdated  = "share_permission_updated"
 	ActionShareDisplayNameUpdated = "share_name_updated"
 	ActionSharePasswordUpdated    = "share_password_updated"
 	ActionShareExpirationUpdated  = "share_expiration_updated"
+	ActionShareRemoved            = "file_unshared"
 )
 
 // MessageShareCreated returns the human readable string that describes the action
@@ -30,3 +31,13 @@ func MessageShareUpdated(sharer, shareID, fieldUpdated string) string {
 func MessageLinkUpdated(sharer, shareid, fieldUpdated string) string {
 	return fmt.Sprintf("user '%s' modified field '%s' of public link '%s'", sharer, fieldUpdated, shareid)
 }
+
+// MessageShareRemoved returns the human readable string that describes the action
+func MessageShareRemoved(sharer, shareid, itemid string) string {
+	return fmt.Sprintf("share id:'%s' uid:'%s' item-id:'%s' was removed", shareid, sharer, itemid)
+}
+
+// MessageLinkRemoved returns the human readable string that describes the action
+func MessageLinkRemoved(shareid string) string {
+	return fmt.Sprintf("public link id:'%s' was removed", shareid)
+}
diff --git a/audit/pkg/types/conversion.go b/audit/pkg/types/conversion.go
index 89bde23a0..49498ea40 100644
--- a/audit/pkg/types/conversion.go
+++ b/audit/pkg/types/conversion.go
@@ -122,6 +122,50 @@ func LinkUpdated(ev events.LinkUpdated) AuditEventShareUpdated {
 		ItemType: "",
 	}
 }
+
+// ShareRemoved converts a ShareRemoved event to an AuditEventShareRemoved
+func ShareRemoved(ev events.ShareRemoved) AuditEventShareRemoved {
+	sid, uid, iid, with, typ := "", "", "", "", ""
+	if ev.ShareID != nil {
+		sid = ev.ShareID.GetOpaqueId()
+	}
+
+	if ev.ShareKey != nil {
+		uid = ev.ShareKey.GetOwner().GetOpaqueId()
+		iid = ev.ShareKey.GetResourceId().GetOpaqueId()
+		with, typ = extractGrantee(ev.ShareKey.GetGrantee().GetUserId(), ev.ShareKey.GetGrantee().GetGroupId())
+	}
+	base := BasicAuditEvent(uid, "", MessageShareRemoved(uid, sid, iid), ActionShareRemoved)
+	return AuditEventShareRemoved{
+		AuditEventSharing: SharingAuditEvent(sid, iid, uid, base),
+		ShareWith:         with,
+		ShareType:         typ,
+
+		// NOTE: those values are not in the event and can therefore not be filled at the moment
+		ItemType: "",
+	}
+}
+
+// LinkRemoved converts a LinkRemoved event to an AuditEventShareRemoved
+func LinkRemoved(ev events.LinkRemoved) AuditEventShareRemoved {
+	uid, sid, typ := "", "", "link"
+	if ev.ShareID != nil {
+		sid = ev.ShareID.GetOpaqueId()
+	} else {
+		sid = ev.ShareToken
+	}
+
+	base := BasicAuditEvent(uid, "", MessageLinkRemoved(sid), ActionShareRemoved)
+	return AuditEventShareRemoved{
+		AuditEventSharing: SharingAuditEvent(sid, "", uid, base),
+		ShareWith:         "",
+		ShareType:         typ,
+
+		// NOTE: those values are not in the event and can therefore not be filled at the moment
+		ItemType: "",
+	}
+}
+
 func extractGrantee(uid *user.UserId, gid *group.GroupId) (string, string) {
 	switch {
 	case uid != nil && uid.OpaqueId != "":
diff --git a/audit/pkg/types/events.go b/audit/pkg/types/events.go
index aa374ea4c..b5e388135 100644
--- a/audit/pkg/types/events.go
+++ b/audit/pkg/types/events.go
@@ -11,5 +11,7 @@ func RegisteredEvents() []events.Unmarshaller {
 		events.ShareUpdated{},
 		events.LinkCreated{},
 		events.LinkUpdated{},
+		events.ShareRemoved{},
+		events.LinkRemoved{},
 	}
 }
diff --git a/audit/pkg/types/types.go b/audit/pkg/types/types.go
index 43c2715f4..06ca53386 100644
--- a/audit/pkg/types/types.go
+++ b/audit/pkg/types/types.go
@@ -52,3 +52,11 @@ type AuditEventShareUpdated struct {
 	ShareOwner     string // The UID of the share owner.
 	ShareToken     string // For link shares the unique token, else null
 }
+
+// AuditEventShareRemoved is the event logged when a share is removed
+type AuditEventShareRemoved struct {
+	AuditEventSharing
+	ItemType  string // file or folder
+	ShareType string // group user or link
+	ShareWith string // The UID or GID of the share recipient.
+}