Fix no audit if Field->never_persist = true (#30)

abbadon1334 · DarkSide666 · web-flow · commit c8133bd69344 · 2020-05-21T13:27:01.000+03:00
* Fix no audit if Field-&gt;never_persist = true

* Apply fixes from StyleCI

* Add ignore of never_save &amp; read_only + Test

Co-authored-by: Imants Horsts &lt;imants.horsts@inbox.lv&gt;
diff --git a/src/Controller.php b/src/Controller.php
@@ -272,6 +272,11 @@ public function getDiffs(Model $m)
                 continue;
             }
 
+            // security fix : https://github.com/atk4/audit/pull/30
+            if ($f->never_persist || $f->never_save || $f->read_only) {
+                continue;
+            }
+
             // don't log DSQL expressions because they can be recursive and we can't store them
             if ($original instanceof Expression || $m[$key] instanceof Expression) {
                 continue;
diff --git a/tests/FieldTypeTest.php b/tests/FieldTypeTest.php
@@ -30,6 +30,11 @@ public function init(): void
         $this->addField('f_ser_json', ['type' => 'array', 'serialize' => 'json']);
         $this->addField('f_ser_ser', ['type' => 'array', 'serialize' => 'serialize']);
 
+        // security test - never show in changes
+        $this->addField('f_security_never_persist', ['never_persist' => true]);
+        $this->addField('f_security_never_save', ['never_save' => true]);
+        $this->addField('f_security_read_only', ['read_only' => true]);
+
         $this->add(new \atk4\audit\Controller());
     }
 }
@@ -83,6 +88,9 @@ public function testFieldTypes()
                     'f_enum'        => 'M',
                     'f_ser_json'    => json_encode([789,'qwe'=>'asd']),
                     'f_ser_ser'     => serialize([789,'qwe'=>'asd']),
+                    'f_security_never_persist' => 'never persist',
+                    'f_security_never_save' => 'never save',
+                    'f_security_read_only' => 'read only',
                 ],
             ],
             'audit_log' => $this->audit_db,
@@ -108,6 +116,9 @@ public function testFieldTypes()
                     'f_enum'        => 'F',
                     'f_ser_json'    => [987,'qwe'=>'zxc'],
                     'f_ser_ser'     => [987,'qwe'=>'zxc'],
+                    'f_security_never_persist' => 'change never persist',
+                    'f_security_never_save' => 'change never save',
+                    //'f_security_read_only' => 'change read only', trigger error on change before
                 ]);
         $m->save();
 
@@ -128,5 +139,9 @@ public function testFieldTypes()
         $this->assertTrue(is_int(strpos($l['descr'], 'f_enum=')));
         $this->assertTrue(is_int(strpos($l['descr'], 'f_ser_json=')));
         $this->assertTrue(is_int(strpos($l['descr'], 'f_ser_ser=')));
+
+        $this->assertFalse(strpos($l['descr'], 'f_security_never_persist='));
+        $this->assertFalse(strpos($l['descr'], 'f_security_never_save='));
+        $this->assertFalse(strpos($l['descr'], 'f_security_read_only='));
     }
 }
