From abb32bc4d75c637c78c3506aa6640f66488ee641 Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Tue, 26 Dec 2023 15:58:33 +0100 Subject: 🗃️ GDPR: add routable_ip information - allow null ip and user - add django-ipware dependency to manage precisely request IP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ishtar_common/models.py | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'ishtar_common/models.py') diff --git a/ishtar_common/models.py b/ishtar_common/models.py index 8cb59be3e..a7f715516 100644 --- a/ishtar_common/models.py +++ b/ishtar_common/models.py @@ -20,6 +20,7 @@ """ Models description """ +from ipware import get_client_ip import sys from bs4 import BeautifulSoup @@ -3230,9 +3231,11 @@ class GDPRPerson(models.Model): class GDPRLog(models.Model): - user = models.ForeignKey(User, verbose_name=_("User"), on_delete=models.PROTECT) + user = models.ForeignKey(User, verbose_name=_("User"), on_delete=models.PROTECT, blank=True, + null=True) date = models.DateTimeField(verbose_name=_("Date"), default=datetime.datetime.now) - ip = models.GenericIPAddressField(verbose_name=_("IP")) + ip = models.GenericIPAddressField(verbose_name=_("IP"), blank=True, null=True) + routable_ip = models.BooleanField(verbose_name=_("Routable IP"), default=False) activity = models.CharField(_("Activity"), max_length=2, choices=GDPR_ACTIVITY) persons = models.ManyToManyField(GDPRPerson, verbose_name=_("Persons"), blank=True) @@ -3260,8 +3263,18 @@ class GDPRLog(models.Model): return f"{self.user.username} - {self.date} - {self.activity_lbl}" @classmethod - def create_log(cls, user_id, ip, activity, person_query): - log = cls.objects.create(user_id=user_id, ip=ip, activity=activity) + def create_log(cls, request, activity, person_query): + if not request.user: + # log creation is for logged user should be a script, a bug or a hacker... + user_id = None + else: + user_id = request.user.id + client_ip, routable_ip = get_client_ip(request) + cls._create_log(user_id, client_ip, routable_ip, activity, person_query) + + @classmethod + def _create_log(cls, user_id, ip, routable_ip, activity, person_query): + log = cls.objects.create(user_id=user_id, ip=ip, routable_ip=routable_ip, activity=activity) person_query = person_query.exclude(raw_name__isnull=True).exclude(raw_name="") # create all missing GDPRPerson -- cgit v1.2.3