From 7f793dd72ceca336a8a28ac152500dd17659acfa Mon Sep 17 00:00:00 2001
From: Steven Bal <steven@maykinmedia.nl>
Date: Tue, 11 Jan 2022 16:42:42 +0100
Subject: [PATCH] :sparkles: Log extra JWT claims in AuditTrail

issue: https://github.com/open-zaak/open-zaak/issues/1088

New JWT claims:
- roles
- department
- company
- kvk
---
 .../migrations/0015_auto_20220111_1523.py     | 57 +++++++++++++++++++
 vng_api_common/audittrails/models.py          | 27 ++++++++-
 vng_api_common/audittrails/viewsets.py        |  8 +++
 3 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100644 vng_api_common/audittrails/migrations/0015_auto_20220111_1523.py

diff --git a/vng_api_common/audittrails/migrations/0015_auto_20220111_1523.py b/vng_api_common/audittrails/migrations/0015_auto_20220111_1523.py
new file mode 100644
index 00000000..c483b646
--- /dev/null
+++ b/vng_api_common/audittrails/migrations/0015_auto_20220111_1523.py
@@ -0,0 +1,57 @@
+# Generated by Django 2.2.25 on 2022-01-11 15:23
+
+import django.contrib.postgres.fields
+from django.db import migrations, models
+
+import vng_api_common.fields
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("audittrails", "0014_auto_20210323_1654"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="audittrail",
+            name="afdeling",
+            field=models.CharField(
+                blank=True,
+                help_text="De afdeling waartoe de gebruiker behoort.",
+                max_length=255,
+                verbose_name="afdeling",
+            ),
+        ),
+        migrations.AddField(
+            model_name="audittrail",
+            name="bedrijf",
+            field=models.CharField(
+                blank=True,
+                help_text="Bedrijf waartoe de gebruiker behoort.",
+                max_length=255,
+                verbose_name="bedrijf",
+            ),
+        ),
+        migrations.AddField(
+            model_name="audittrail",
+            name="kvk",
+            field=vng_api_common.fields.RSINField(
+                blank=True,
+                help_text="KVK nummer van het bedrijf waartoe de gebruiker behoort.",
+                max_length=9,
+                verbose_name="kvk nummer",
+            ),
+        ),
+        migrations.AddField(
+            model_name="audittrail",
+            name="rollen",
+            field=django.contrib.postgres.fields.ArrayField(
+                base_field=models.CharField(max_length=255),
+                default=list,
+                help_text="Komma-gescheiden lijst van rollen van de gebruiker.",
+                size=None,
+                verbose_name="rollen",
+            ),
+        ),
+    ]
diff --git a/vng_api_common/audittrails/models.py b/vng_api_common/audittrails/models.py
index 075161d7..c880a3ff 100644
--- a/vng_api_common/audittrails/models.py
+++ b/vng_api_common/audittrails/models.py
@@ -1,12 +1,14 @@
 import uuid
 
-from django.contrib.postgres.fields import JSONField
+from django.contrib.postgres.fields import ArrayField, JSONField
 from django.contrib.postgres.indexes import GinIndex
 from django.core.serializers.json import DjangoJSONEncoder
 from django.core.validators import MaxValueValidator, MinValueValidator
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
 
+from vng_api_common.fields import RSINField
+
 from ..constants import ComponentTypes
 from ..descriptors import GegevensGroepType
 
@@ -91,6 +93,29 @@ class AuditTrail(models.Model):
         blank=True,
         help_text=_("Toelichting waarom de handeling is uitgevoerd."),
     )
+    rollen = ArrayField(
+        models.CharField(max_length=255),
+        default=list,
+        verbose_name=_("rollen"),
+        help_text=_("Komma-gescheiden lijst van rollen van de gebruiker."),
+    )
+    afdeling = models.CharField(
+        max_length=255,
+        blank=True,
+        verbose_name=_("afdeling"),
+        help_text=_("De afdeling waartoe de gebruiker behoort."),
+    )
+    bedrijf = models.CharField(
+        max_length=255,
+        blank=True,
+        verbose_name=_("bedrijf"),
+        help_text=_("Bedrijf waartoe de gebruiker behoort."),
+    )
+    kvk = RSINField(
+        blank=True,
+        verbose_name=_("kvk nummer"),
+        help_text=_("KVK nummer van het bedrijf waartoe de gebruiker behoort."),
+    )
     wijzigingen = GegevensGroepType(
         {"oud": oud, "nieuw": nieuw}, optional=["oud", "nieuw"], none_for_empty=True
     )
diff --git a/vng_api_common/audittrails/viewsets.py b/vng_api_common/audittrails/viewsets.py
index 989dfa4e..d7af2b34 100644
--- a/vng_api_common/audittrails/viewsets.py
+++ b/vng_api_common/audittrails/viewsets.py
@@ -64,6 +64,10 @@ def create_audittrail(
 
         user_id = jwt_auth.payload.get("user_id") or ""
         user_representation = jwt_auth.payload.get("user_representation") or ""
+        roles = jwt_auth.payload.get("roles") or ""
+        department = jwt_auth.payload.get("department") or ""
+        company = jwt_auth.payload.get("company") or ""
+        kvk = jwt_auth.payload.get("kvk") or ""
 
         toelichting = get_header(self.request, "X-Audit-Toelichting") or ""
 
@@ -78,6 +82,10 @@ def create_audittrail(
             actie_weergave=CommonResourceAction.labels.get(action, ""),
             gebruikers_id=user_id,
             gebruikers_weergave=user_representation,
+            rollen=roles,
+            afdeling=department,
+            bedrijf=company,
+            kvk=kvk,
             resultaat=status_code,
             hoofd_object=main_object,
             resource=self.basename,