API: Added audit log list endpoint

Not yested covered with testing.
Changes database columns for more presentable names and for future use
to connect additional model types.
For #4316

app/Activity/ActivityQueries.php

@@ -27,14 +27,14 @@ class ActivityQueries
     public function latest(int $count = 20, int $page = 0): array
     {
         $activityList = $this->permissions
-            ->restrictEntityRelationQuery(Activity::query(), 'activities', 'entity_id', 'entity_type')
+            ->restrictEntityRelationQuery(Activity::query(), 'activities', 'loggable_id', 'loggable_type')
             ->orderBy('created_at', 'desc')
             ->with(['user'])
             ->skip($count * $page)
             ->take($count)
             ->get();
 
-        $this->listLoader->loadIntoRelations($activityList->all(), 'entity', false);
+        $this->listLoader->loadIntoRelations($activityList->all(), 'loggable', false);
 
         return $this->filterSimilar($activityList);
     }
@@ -59,8 +59,8 @@ class ActivityQueries
         $query->where(function (Builder $query) use ($queryIds) {
             foreach ($queryIds as $morphClass => $idArr) {
                 $query->orWhere(function (Builder $innerQuery) use ($morphClass, $idArr) {
-                    $innerQuery->where('entity_type', '=', $morphClass)
-                        ->whereIn('entity_id', $idArr);
+                    $innerQuery->where('loggable_type', '=', $morphClass)
+                        ->whereIn('loggable_id', $idArr);
                 });
             }
         });
@@ -82,7 +82,7 @@ class ActivityQueries
     public function userActivity(User $user, int $count = 20, int $page = 0): array
     {
         $activityList = $this->permissions
-            ->restrictEntityRelationQuery(Activity::query(), 'activities', 'entity_id', 'entity_type')
+            ->restrictEntityRelationQuery(Activity::query(), 'activities', 'loggable_id', 'loggable_type')
             ->orderBy('created_at', 'desc')
             ->where('user_id', '=', $user->id)
             ->skip($count * $page)

app/Activity/Controllers/AuditLogApiController.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace BookStack\Activity\Controllers;
+
+use BookStack\Activity\Models\Activity;
+use BookStack\Http\ApiController;
+
+class AuditLogApiController extends ApiController
+{
+    /**
+     * Get a listing of audit log events in the system.
+     * The loggable relation fields currently only relates to core
+     * content types (page, book, bookshelf, chapter) but this may be
+     * used more in the future across other types.
+     * Requires permission to manage both users and system settings.
+     */
+    public function list()
+    {
+        $this->checkPermission('settings-manage');
+        $this->checkPermission('users-manage');
+
+        $query = Activity::query()->with(['user']);
+
+        return $this->apiListingResponse($query, [
+            'id', 'type', 'detail', 'user_id', 'loggable_id', 'loggable_type', 'ip', 'created_at',
+        ]);
+    }
+}

app/Activity/Controllers/AuditLogController.php

@@ -32,7 +32,7 @@ class AuditLogController extends Controller
 
         $query = Activity::query()
             ->with([
-                'entity' => fn ($query) => $query->withTrashed(),
+                'loggable' => fn ($query) => $query->withTrashed(),
                 'user',
             ])
             ->orderBy($listOptions->getSort(), $listOptions->getOrder());

app/Activity/Models/Activity.php

@@ -17,24 +17,22 @@ use Illuminate\Support\Str;
  * @property User   $user
  * @property Entity $entity
  * @property string $detail
- * @property string $entity_type
- * @property int    $entity_id
+ * @property string $loggable_type
+ * @property int    $loggable_id
  * @property int    $user_id
  * @property Carbon $created_at
- * @property Carbon $updated_at
  */
 class Activity extends Model
 {
     /**
-     * Get the entity for this activity.
+     * Get the loggable model related to this activity.
+     * Currently only used for entities (previously entity_[id/type] columns).
+     * Could be used for others but will need an audit of uses where assumed
+     * to be entities.
      */
-    public function entity(): MorphTo
+    public function loggable(): MorphTo
     {
-        if ($this->entity_type === '') {
-            $this->entity_type = null;
-        }
-
-        return $this->morphTo('entity');
+        return $this->morphTo('loggable');
     }
 
     /**
@@ -47,8 +45,8 @@ class Activity extends Model
 
     public function jointPermissions(): HasMany
     {
-        return $this->hasMany(JointPermission::class, 'entity_id', 'entity_id')
-            ->whereColumn('activities.entity_type', '=', 'joint_permissions.entity_type');
+        return $this->hasMany(JointPermission::class, 'entity_id', 'loggable_id')
+            ->whereColumn('activities.loggable_type', '=', 'joint_permissions.entity_type');
     }
 
     /**
@@ -74,6 +72,6 @@ class Activity extends Model
      */
     public function isSimilarTo(self $activityB): bool
     {
-        return [$this->type, $this->entity_type, $this->entity_id] === [$activityB->type, $activityB->entity_type, $activityB->entity_id];
+        return [$this->type, $this->loggable_type, $this->loggable_id] === [$activityB->type, $activityB->loggable_type, $activityB->loggable_id];
     }
 }

app/Activity/Tools/ActivityLogger.php

@@ -32,8 +32,8 @@ class ActivityLogger
         $activity->detail = $detailToStore;
 
         if ($detail instanceof Entity) {
-            $activity->entity_id = $detail->id;
-            $activity->entity_type = $detail->getMorphClass();
+            $activity->loggable_id = $detail->id;
+            $activity->loggable_type = $detail->getMorphClass();
         }
 
         $activity->save();
@@ -65,8 +65,8 @@ class ActivityLogger
     {
         $entity->activity()->update([
             'detail'         => $entity->name,
-            'entity_id'    => null,
-            'entity_type'  => null,
+            'loggable_id'    => null,
+            'loggable_type'  => null,
         ]);
     }
 

app/Console/Commands/ClearActivityCommand.php

@@ -19,7 +19,7 @@ class ClearActivityCommand extends Command
      *
      * @var string
      */
-    protected $description = 'Clear user activity from the system';
+    protected $description = 'Clear user (audit-log) activity from the system';
 
     /**
      * Execute the console command.

app/Entities/Models/Entity.php

@@ -137,7 +137,7 @@ abstract class Entity extends Model implements Sluggable, Favouritable, Viewable
      */
     public function activity(): MorphMany
     {
-        return $this->morphMany(Activity::class, 'entity')
+        return $this->morphMany(Activity::class, 'loggable')
             ->orderBy('created_at', 'desc');
     }
 

database/migrations/2024_05_04_154409_rename_activity_relation_columns.php

@@ -0,0 +1,30 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('activities', function (Blueprint $table) {
+            $table->renameColumn('entity_id', 'loggable_id');
+            $table->renameColumn('entity_type', 'loggable_type');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('activities', function (Blueprint $table) {
+            $table->renameColumn('loggable_id', 'entity_id');
+            $table->renameColumn('loggable_type', 'entity_type');
+        });
+    }
+};

dev/api/responses/audit-log-list.json

@@ -0,0 +1,80 @@
+{
+  "data": [
+    {
+      "id": 1,
+      "type": "bookshelf_create",
+      "detail": "",
+      "user_id": 1,
+      "loggable_id": 1,
+      "loggable_type": "bookshelf",
+      "ip": "124.4.x.x",
+      "created_at": "2021-09-29T12:32:02.000000Z",
+      "user": {
+        "id": 1,
+        "name": "Admins",
+        "slug": "admins"
+      }
+    },
+    {
+      "id": 2,
+      "type": "auth_login",
+      "detail": "standard; (1) Admin",
+      "user_id": 1,
+      "loggable_id": null,
+      "loggable_type": null,
+      "ip": "127.0.x.x",
+      "created_at": "2021-09-29T12:32:04.000000Z",
+      "user": {
+        "id": 1,
+        "name": "Admins",
+        "slug": "admins"
+      }
+    },
+    {
+      "id": 3,
+      "type": "bookshelf_update",
+      "detail": "",
+      "user_id": 1,
+      "loggable_id": 1,
+      "loggable_type": "bookshelf",
+      "ip": "127.0.x.x",
+      "created_at": "2021-09-29T12:32:07.000000Z",
+      "user": {
+        "id": 1,
+        "name": "Admins",
+        "slug": "admins"
+      }
+    },
+    {
+      "id": 4,
+      "type": "page_create",
+      "detail": "",
+      "user_id": 1,
+      "loggable_id": 1,
+      "loggable_type": "page",
+      "ip": "127.0.x.x",
+      "created_at": "2021-09-29T12:32:13.000000Z",
+      "user": {
+        "id": 1,
+        "name": "Admins",
+        "slug": "admins"
+      }
+    },
+    {
+      "id": 5,
+      "type": "page_update",
+      "detail": "",
+      "user_id": 1,
+      "loggable_id": 1,
+      "loggable_type": "page",
+      "ip": "127.0.x.x",
+      "created_at": "2021-09-29T12:37:27.000000Z",
+      "user": {
+        "id": 1,
+        "name": "Admins",
+        "slug": "admins"
+      }
+    }
+  ],
+  "total": 6088
+}

routes/api.php

@@ -6,6 +6,7 @@
  * Controllers all end with "ApiController"
  */
 
+use BookStack\Activity\Controllers\AuditLogApiController;
 use BookStack\Api\ApiDocsController;
 use BookStack\Entities\Controllers as EntityControllers;
 use BookStack\Permissions\ContentPermissionApiController;
@@ -89,3 +90,5 @@ Route::delete('recycle-bin/{deletionId}', [EntityControllers\RecycleBinApiContro
 
 Route::get('content-permissions/{contentType}/{contentId}', [ContentPermissionApiController::class, 'read']);
 Route::put('content-permissions/{contentType}/{contentId}', [ContentPermissionApiController::class, 'update']);
+
+Route::get('audit-log', [AuditLogApiController::class, 'list']);