Add minimal audit logging for user-related changes

Includes failed logins (but not through the API...), password changes, email changes, any user-related changes performed by a moderator and post edits/deletions performed by a moderator.
author: Yorhel <git@yorhel.nl> 2020-04-27 10:24:01 +0200
committer: Yorhel <git@yorhel.nl> 2020-04-27 10:24:04 +0200
commit: af2768e659b73a987e65db716bfb23db7038ab9d (patch)
tree: 7485e06173f54a83c0b915e990dae76e4fdb1a16 /lib/VNWeb/Discussions
parent: 048524a1604e20791dad1b022d03f09cf18620e6 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/VNWeb/Discussions/Edit.pm b/lib/VNWeb/Discussions/Edit.pm
index 40f13a74..740eb9cb 100644
--- a/lib/VNWeb/Discussions/Edit.pm
+++ b/lib/VNWeb/Discussions/Edit.pm
@@ -51,7 +51,7 @@ elm_api DiscussionsEdit => $FORM_OUT, $FORM_IN, sub {
     return elm_Unauth if !can_edit t => $t;
 
     if($data->{delete} && auth->permBoardmod) {
-        warn "AUDIT: Delete t$tid.$num\n";
+        auth->audit($t->{user_id}, 'post delete', "deleted t$tid.$num");
         if($num == 1) {
             # (This could be a single query if there were proper ON DELETE CASCADE in the DB, though that's hard for notifications...)
             tuwf->dbExeci('DELETE FROM threads_posts WHERE tid =', \$tid);
@@ -68,6 +68,7 @@ elm_api DiscussionsEdit => $FORM_OUT, $FORM_IN, sub {
             return elm_Redirect "/t$tid";
         }
     }
+    auth->audit($t->{user_id}, 'post edit', "edited t$tid.$num") if $t->{user_id} != auth->uid;
 
     my $pollchanged = !$data->{tid} && $data->{poll};
     if($num == 1) {
author	Yorhel <git@yorhel.nl>	2020-04-27 10:24:01 +0200
committer	Yorhel <git@yorhel.nl>	2020-04-27 10:24:04 +0200
commit	af2768e659b73a987e65db716bfb23db7038ab9d (patch)
tree	7485e06173f54a83c0b915e990dae76e4fdb1a16 /lib/VNWeb/Discussions
parent	048524a1604e20791dad1b022d03f09cf18620e6 (diff)