Development #73481
audit: enregistrer les accès aux fichiers "distants" (redirection)
Status:
Nouveau
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
17 January 2023
Due date:
% Done:
0%
Estimated time:
Patch proposed:
No
Planning:
No
Description
Pour l'audit sur l'accès aux fichiers actuellement on fait dans wcs/forms/common.py :
class FileDirectory(Directory):
...
def _q_lookup(self, component):
...
if file.has_redirect_url():
redirect_url = file.get_redirect_url(backoffice=get_request().is_in_backoffice())
if not redirect_url:
raise errors.TraversalError()
redirect_url = sign_url_auto_orig(redirect_url)
return redirect(redirect_url) <-- pas d'audit dans ce cas
if not self.thumbnails:
# do not log access to thumbnails as they will already be accounted for as
# a view of the formdata/carddata containing them.
audit('download file', obj=self.formdata, extra_label=component) <-- audit sur l'accès direct
return self.serve_file(file, thumbnail=self.thumbnails)
En cas de redirect on n'enregistre rien. On pourrait avoir un type "download file (redirect)" ou "download file (remote)".