b.santos/cloud-cap-samples
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

audit log

Browse Source
This commit is contained in:
Koch
2023-04-20 14:38:19 +02:00
parent a8d3ac2796
commit 578448c2fa
15 changed files with 222 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
gdpr/srv/customAuditLog.js Normal file
View File

@@ -0,0 +1,143 @@
const cds = require('@sap/cds')
module.exports = class MyAuditLogService extends cds.AuditLogService {
async init() {
// console.log('My Audit Log');
// call AuditLogService's init
await super.init()
const db = await cds.connect.to('db')
const { AuditLogStore } = db.entities('sap.capire.auditLog')
// register custom handlers
this.on('dataAccessLog', async req => {
const logs = [];
const action = 'DataAccess';
const user = req.user.id;
const timestamp = req.timestamp;
const tenant = req.tenant;
const channel = req.channel;
req.data.accesses.forEach( dataAccess => {
logs.push({
Action: action,
User: user,
Timestamp: timestamp,
Tenant: tenant,
Channel: channel,
DataSubjectType: dataAccess.dataSubject.type,
DataSubjectRole: dataAccess.dataSubject.role,
DataSubjectID: JSON.stringify(dataAccess.dataSubject.id),
ObjectType: dataAccess.dataObject.type,
ObjectKey: JSON.stringify(dataAccess.dataObject.id),
Blob: JSON.stringify(dataAccess)
}) }
)
await INSERT.into(AuditLogStore).entries(logs)
}
)
this.on('dataModificationLog', async req => {
const mods = [];
const action = 'DataModification';
const user = req.user.id;
const timestamp = req.timestamp;
const tenant = req.tenant;
const channel = req.channel;
req.data.modifications.forEach( dataModification => {
mods.push({
Action: action,
User: user,
Timestamp: timestamp,
Tenant: tenant,
Channel: channel,
DataSubjectType: dataModification.dataSubject.type,
DataSubjectRole: dataModification.dataSubject.role,
DataSubjectID: JSON.stringify(dataModification.dataSubject.id),
ObjectType: dataModification.dataObject.type,
ObjectKey: JSON.stringify(dataModification.dataObject.id),
Blob: JSON.stringify(dataModification)
}) }
)
await INSERT.into(AuditLogStore).entries(mods)
}
)
}
}
/*
service AuditLogService {
// SEC-254: Log read access to sensitive personal data
event dataAccessLog {
accesses : array of Access;
};
// SEC-265: Log changes to personal data
event dataModificationLog : {
c : array of DataModification;
};
}
*/
/*
define type KeyValuePair {
keyName : String;
value : String;
};
define type DataObject {
type : String;
id : array of KeyValuePair;
};
define type DataSubject {
type : String;
id : array of KeyValuePair;
role : String;
};
define type Attribute {
name : String;
};
define type Access {
dataObject : DataObject;
dataSubject : DataSubject;
attributes : array of Attribute;
attachments : array of Attachment;
};
define type ChangedAttribute {
name : String;
oldValue : String;
newValue : String;
};
define type DataModification {
dataObject : DataObject;
dataSubject : DataSubject;
action : String @assert.range enum { Create; Update; Delete; };
attributes : array of ChangedAttribute;
}
*/

13
gdpr/srv/log-service.cds Normal file
View File

@@ -0,0 +1,13 @@
using {sap.capire.bookshop as db} from '../db/data-privacy';
using {sap.capire.auditLog as log} from '../db/AuditLogStore.cds';
//@requires: 'PersonalDataManagerUser' // security check
service LogService {
entity Customers as projection on db.Customers;
entity CustomerPostalAddress as projection on db.CustomerPostalAddress;
entity Orders as projection on db.Orders;
entity AuditLogStore as projection on log.AuditLogStore;
};

2
gdpr/srv/pdm-service.cds
View File

@@ -3,7 +3,7 @@ using {sap.capire.bookshop.Books} from '../db/data-privacy';
using {sap.capire.bookshop.Orders} from '../db/data-privacy';
using {sap.capire.bookshop.OrderItems} from '../db/data-privacy';
@requires: 'PersonalDataManagerUser' // security check
//@requires: 'PersonalDataManagerUser' // security check
service PDMService {
entity Customers as projection on db.Customers;