Test that a deleted backup makes an audit log entry

DaneEveritt · DaneEveritt · commit d3e3b1db389b · 2021-07-11T12:15:39.000-07:00
diff --git a/app/Models/AuditLog.php b/app/Models/AuditLog.php
@@ -69,6 +69,7 @@ class AuditLog extends Model
      * @var string[]
      */
     protected $casts = [
+        'is_system' => 'bool',
         'device' => 'array',
         'metadata' => 'array',
     ];
diff --git a/app/Models/Backup.php b/app/Models/Backup.php
@@ -21,6 +21,7 @@
  * @property \Carbon\CarbonImmutable $updated_at
  * @property \Carbon\CarbonImmutable|null $deleted_at
  * @property \Pterodactyl\Models\Server $server
+ * @property \Pterodactyl\Models\AuditLog[] $audits
  */
 class Backup extends Model
 {
@@ -98,4 +99,14 @@ public function server()
     {
         return $this->belongsTo(Server::class);
     }
+
+    /**
+     * @return \Illuminate\Database\Eloquent\Relations\HasMany
+     */
+    public function audits()
+    {
+        return $this->hasMany(AuditLog::class, 'metadata->backup_uuid', 'uuid')
+            ->where('action', 'LIKE', 'server:backup.%');
+            // ->where('metadata->backup_uuid', $this->uuid);
+    }
 }
diff --git a/tests/Integration/Api/Client/ClientApiIntegrationTestCase.php b/tests/Integration/Api/Client/ClientApiIntegrationTestCase.php
@@ -7,6 +7,7 @@
 use Pterodactyl\Models\Task;
 use Pterodactyl\Models\User;
 use Webmozart\Assert\Assert;
+use InvalidArgumentException;
 use Pterodactyl\Models\Backup;
 use Pterodactyl\Models\Server;
 use Pterodactyl\Models\Subuser;
@@ -60,8 +61,6 @@ protected function createTestResponse($response)
      */
     protected function link($model, $append = null): string
     {
-        Assert::isInstanceOfAny($model, [Server::class, Schedule::class, Task::class, Allocation::class]);
-
         $link = '';
         switch (get_class($model)) {
             case Server::class:
@@ -76,6 +75,11 @@ protected function link($model, $append = null): string
             case Allocation::class:
                 $link = "/api/client/servers/{$model->server->uuid}/network/allocations/{$model->id}";
                 break;
+            case Backup::class:
+                $link = "/api/client/servers/{$model->server->uuid}/backups/{$model->uuid}";
+                break;
+            default:
+                throw new InvalidArgumentException(sprintf('Cannot create link for Model of type %s', class_basename($model)));
         }
 
         return $link . ($append ? '/' . ltrim($append, '/') : '');
diff --git a/tests/Integration/Api/Client/Server/Backup/DeleteBackupTest.php b/tests/Integration/Api/Client/Server/Backup/DeleteBackupTest.php
@@ -0,0 +1,65 @@
+<?php
+
+namespace Pterodactyl\Tests\Integration\Api\Client\Server\Backup;
+
+use Mockery;
+use Illuminate\Http\Response;
+use Pterodactyl\Models\Backup;
+use Pterodactyl\Models\AuditLog;
+use Pterodactyl\Models\Permission;
+use Pterodactyl\Repositories\Wings\DaemonBackupRepository;
+use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
+
+class DeleteBackupTest extends ClientApiIntegrationTestCase
+{
+    private $repository;
+
+    public function setUp(): void
+    {
+        parent::setUp();
+
+        $this->repository = $this->mock(DaemonBackupRepository::class);
+    }
+
+    public function testUserWithoutPermissionCannotDeleteBackup()
+    {
+        [$user, $server] = $this->generateTestAccount([Permission::ACTION_BACKUP_CREATE]);
+
+        $backup = Backup::factory()->create(['server_id' => $server->id]);
+
+        $this->actingAs($user)->deleteJson($this->link($backup))
+            ->assertStatus(Response::HTTP_FORBIDDEN);
+    }
+
+    /**
+     * Tests that a backup can be deleted for a server and that it is properly updated
+     * in the database. Once deleted there should also be a corresponding record in the
+     * audit logs table for this API call.
+     */
+    public function testBackupCanBeDeleted()
+    {
+        [$user, $server] = $this->generateTestAccount([Permission::ACTION_BACKUP_DELETE]);
+
+        /** @var \Pterodactyl\Models\Backup $backup */
+        $backup = Backup::factory()->create(['server_id' => $server->id]);
+
+        $this->repository->expects('setServer->delete')->with(Mockery::on(function ($value) use ($backup) {
+            return $value instanceof Backup && $value->uuid === $backup->uuid;
+        }))->andReturn(new Response());
+
+        $this->actingAs($user)->deleteJson($this->link($backup))->assertStatus(Response::HTTP_NO_CONTENT);
+
+        $backup->refresh();
+
+        $this->assertNotNull($backup->deleted_at);
+
+        $this->actingAs($user)->deleteJson($this->link($backup))->assertStatus(Response::HTTP_NOT_FOUND);
+
+        $event = $backup->audits()->where('action', AuditLog::SERVER__BACKUP_DELETED)->latest()->first();
+
+        $this->assertNotNull($event);
+        $this->assertFalse($event->is_system);
+        $this->assertEquals($backup->server_id, $event->server_id);
+        $this->assertEquals($user->id, $event->user_id);
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@`
`21`	`21`	`* @property \Carbon\CarbonImmutable $updated_at`
`22`	`22`	`* @property \Carbon\CarbonImmutable\|null $deleted_at`
`23`	`23`	`* @property \Pterodactyl\Models\Server $server`
	`24`	`+ * @property \Pterodactyl\Models\AuditLog[] $audits`
`24`	`25`	`*/`
`25`	`26`	`class Backup extends Model`
`26`	`27`	`{`
`@@ -98,4 +99,14 @@ public function server()`
`98`	`99`	`{`
`99`	`100`	`return $this->belongsTo(Server::class);`
`100`	`101`	`}`
	`102`	`+`
	`103`	`+ /**`
	`104`	`+ * @return \Illuminate\Database\Eloquent\Relations\HasMany`
	`105`	`+ */`
	`106`	`+ public function audits()`
	`107`	`+ {`
	`108`	`+ return $this->hasMany(AuditLog::class, 'metadata->backup_uuid', 'uuid')`
	`109`	`+ ->where('action', 'LIKE', 'server:backup.%');`
	`110`	`+ // ->where('metadata->backup_uuid', $this->uuid);`
	`111`	`+ }`
`101`	`112`	`}`