From 84c5f85907c823af8a8caf70e3f7dce3b005e86a Mon Sep 17 00:00:00 2001
From: Bill Erickson <berick@esilibrary.com>
Date: Fri, 2 Nov 2012 15:28:27 -0400
Subject: [PATCH] CStoreEditor auto-activity log redaction

CStoreEditor logs all update calls to the activity log as key/value
pairs on the updated object.  Avoid loging key/value pairs for objects
when the API call being relayed by CStoreEditor is on the list of
log-protect API calls.  Instead, log "**DETAILS REDACTED**".

Signed-off-by: Bill Erickson <berick@esilibrary.com>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
---
 .../src/perlmods/lib/OpenILS/Utils/CStoreEditor.pm | 23 +++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Utils/CStoreEditor.pm b/Open-ILS/src/perlmods/lib/OpenILS/Utils/CStoreEditor.pm
index 51854e3a77..23559e0ce4 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Utils/CStoreEditor.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Utils/CStoreEditor.pm
@@ -1,6 +1,7 @@
 use strict; use warnings;
 package OpenILS::Utils::CStoreEditor;
 use OpenILS::Application::AppUtils;
+use OpenSRF::Application;
 use OpenSRF::AppSession;
 use OpenSRF::EX qw(:try);
 use OpenILS::Utils::Fieldmapper;
@@ -637,9 +638,25 @@ sub _checkperm {
 # Logs update actions to the activity log
 # -----------------------------------------------------------------------------
 sub log_activity {
-	my( $self, $type, $action, $arg ) = @_;
+	my( $self, $method, $type, $action, $arg ) = @_;
 	my $str = "$type.$action";
-	$str .= _prop_string($arg);
+
+    if ($arg) {
+
+        my $redact = $OpenSRF::Application::shared_conf->shared->log_protect;
+        if (ref($redact) eq 'ARRAY' and grep { $method =~ /^$_/ } @{$redact}) {
+
+            # when API calls are marked as log-protect, avoid 
+            # dumping the param object to the activity log.
+            $str .= " **DETAILS REDACTED**";
+
+        } else {
+
+            $str .= _prop_string($arg);
+        }
+    }
+
+
 	$self->log(A, $str);
 }
 
@@ -760,7 +777,7 @@ sub runmethod {
 			$logger->error("Attempt to update DB while not in a transaction : $method");
 			throw OpenSRF::EX::ERROR ("Attempt to update DB while not in a transaction : $method");
 		}
-		$self->log_activity($type, $action, $arg);
+		$self->log_activity($method, $type, $action, $arg);
 	}
 
 	if($$options{checkperm}) {
-- 
2.11.0