public void Delete(AuditEventFilter auditEventFilter)
{
foreach (IAuditEventRepository auditEventRepository in _auditEventRepositories)
{
auditEventRepository.Delete(auditEventFilter);
}
}
/// <summary>
/// Returns whether audit event meets filter criteria
/// </summary>
/// <param name="auditEvent"></param>
/// <param name="auditEventFilter"></param>
/// <returns></returns>
private static bool IsAuditEventMeetsCriteria(AuditEvent auditEvent, AuditEventFilter auditEventFilter)
{
if (IsAuditEventHeaderMeetsCriteria(auditEvent, auditEventFilter)) // Header meets criteria
{
if (auditEventFilter.ValueFilters.Count == 0) // No value filters
{
return(true);
}
// Check value filters
int countFiltersValid = 0;
int countFiltersInvalid = 0;
foreach (AuditEventValueFilter valueFilter in auditEventFilter.ValueFilters)
{
AuditEventValue auditEventValue = auditEvent.GetValueByValueTypeId(valueFilter.ValueTypeID);
if (auditEventValue == null) // Audit event doesn't have value
{
countFiltersInvalid++;
}
else // Has value, check it
{
if (auditEventValue.Value.Equals(valueFilter.Value)) // Values match
{
countFiltersValid++;
}
else
{
countFiltersInvalid++;
}
}
}
return(auditEventFilter.AllFiltersRequired ? (countFiltersValid == auditEventFilter.ValueFilters.Count) : (countFiltersValid > 0));
}
return(false);
}
/// <summary>
/// Returns whether the audit event header meets the filter criteria
/// </summary>
/// <param name="auditEvent"></param>
/// <param name="auditEventFilter"></param>
/// <returns></returns>
private static bool IsAuditEventHeaderMeetsCriteria(AuditEvent auditEvent, AuditEventFilter auditEventFilter)
{
if ((auditEvent.TenantID == auditEventFilter.TenantID.GetValueOrDefault(0) || auditEventFilter.TenantID.GetValueOrDefault(0) == 0) &&
(auditEvent.UserID == auditEventFilter.UserID.GetValueOrDefault(0) || auditEventFilter.UserID.GetValueOrDefault(0) == 0) &&
(String.IsNullOrEmpty(auditEvent.Source) || String.IsNullOrEmpty(auditEventFilter.Source) || auditEvent.Source.Equals(auditEventFilter.Source, StringComparison.OrdinalIgnoreCase)) &&
(auditEvent.TimeCreated >= auditEventFilter.MinTimeCreated.GetValueOrDefault(DateTime.MinValue.Date)) &&
(auditEvent.TimeCreated <= auditEventFilter.MaxTimeCreated.GetValueOrDefault(DateTime.MaxValue.Date)) &&
(auditEventFilter.EventTypeIds == null || auditEventFilter.EventTypeIds.Count == 0 || auditEventFilter.EventTypeIds.Contains(auditEvent.EventTypeID)))
{
return(true);
}
return(false);
}
/// <summary>
/// Returns events meeting criteria
/// </summary>
/// <param name="auditEventFilter"></param>
/// <returns></returns>
public List <AuditEvent> Get(AuditEventFilter auditEventFilter)
{
var auditEvents = new List <AuditEvent>();
if (String.IsNullOrEmpty(_folder))
{
return(auditEvents);
}
// Get time range of events in system
DateTime[] timeRange = GetAuditEventTimeRange();
if (timeRange.Length == 0)
{
return(auditEvents);
}
// If their range is wider than the events in the system then reduce range so that we check list files
DateTime minTimeCreated = auditEventFilter.MinTimeCreated.GetValueOrDefault(DateTime.MinValue.Date);
DateTime maxTimeCreated = auditEventFilter.MaxTimeCreated.GetValueOrDefault(DateTime.MaxValue.Date);
if (minTimeCreated < timeRange[0])
{
minTimeCreated = timeRange[0];
}
if (maxTimeCreated > timeRange[1])
{
maxTimeCreated = timeRange[1];
}
minTimeCreated = minTimeCreated.AddDays(-1).Date;
do
{
minTimeCreated = minTimeCreated.AddDays(1);
string auditEventLog = GetFile(minTimeCreated);
Get(auditEventFilter, auditEventLog).ForEach(auditEvent => auditEvents.Add(auditEvent));
} while (minTimeCreated < maxTimeCreated);
return(auditEvents.OrderBy(x => x.TimeCreated)
.ThenBy(x => x.TenantID)
.ThenBy(x => x.UserID)
.ToList());
}
/// <summary>
/// <para>
/// Deserializes AuditEvent from CSV values. As a performance optimization
/// then, if AuditEventFilter is passed, we check that the header meets
/// the filter criteria and only load the values if it does.
/// </para>
/// <para>NOTE: We do not currently deserialize complex objects, just
/// return as serialized string.</para>
/// </summary>
/// <param name="headers"></param>
/// <param name="values"></param>
/// <param name="auditEventFilter"></param>
/// <returns></returns>
private AuditEvent DeserializeAuditEvent(string[] headers, string[] values, AuditEventFilter auditEventFilter = null)
{
// Key values by column name so that they're easier to handle
Dictionary <string, string> valuesKeyed = new Dictionary <string, string>();
for (int index = 0; index < headers.Length; index++)
{
valuesKeyed.Add(headers[index], values[index]);
}
// Deserialize
var auditEvent = new AuditEvent
{
TimeCreated = DateTimeOffset.Parse(valuesKeyed["Time"]).UtcDateTime,
TenantID = Convert.ToInt32(valuesKeyed["TenantID"]),
UserID = Convert.ToInt32(valuesKeyed["UserID"]),
Source = valuesKeyed.ContainsKey("Source") ? Convert.ToString(valuesKeyed["Source"]) : "", // New property
EventTypeID = Convert.ToInt32(valuesKeyed["EventTypeID"])
};
// Optimization, return null if header doesn't meet filter criteria, no point in loading values
if (auditEventFilter != null && !IsAuditEventHeaderMeetsCriteria(auditEvent, auditEventFilter))
{
return(null);
}
// Deserialize values
for (int valueIndex = 0; valueIndex < MaxValues; valueIndex++)
{
string valueTypeColumn = string.Format("ValueType{0}", valueIndex + 1);
string valueColumn = string.Format("Value{0}", valueIndex + 1);
if (valuesKeyed.ContainsKey(valueTypeColumn) && !String.IsNullOrEmpty(valuesKeyed[valueTypeColumn]))
{
auditEvent.Values.Add(DeserializeValue(Convert.ToInt32(valuesKeyed[valueTypeColumn]), valuesKeyed[valueColumn]));
}
}
return(auditEvent);
}
/// <summary>
/// Deletes all events.
///
/// NOTE: At the moment then it deletes ALL events on the dates in the range. It does not respect other filter criteria.
/// </summary>
/// <param name="auditEventFilter"></param>
public void Delete(AuditEventFilter auditEventFilter)
{
if (String.IsNullOrEmpty(_folder))
{
return;
}
// Get time range of events in system
DateTime[] timeRange = GetAuditEventTimeRange();
if (timeRange.Length == 0)
{
return;
}
// If their range is wider than the events in the system then reduce range so that we check list files
DateTime minTimeCreated = auditEventFilter.MinTimeCreated.GetValueOrDefault(DateTime.MinValue.Date);
DateTime maxTimeCreated = auditEventFilter.MaxTimeCreated.GetValueOrDefault(DateTime.MaxValue.Date);
if (minTimeCreated < timeRange[0])
{
minTimeCreated = timeRange[0];
}
if (maxTimeCreated > timeRange[1])
{
maxTimeCreated = timeRange[1];
}
minTimeCreated = minTimeCreated.AddDays(-1).Date;
do
{
minTimeCreated = minTimeCreated.AddDays(1);
string auditEventLog = GetFile(minTimeCreated);
if (File.Exists(auditEventLog))
{
File.Delete(auditEventLog);
}
} while (minTimeCreated < maxTimeCreated);
}
public void Delete(AuditEventFilter auditEventFilter)
{
// No action
}
public List <AuditEvent> Get(AuditEventFilter auditEventFilter)
{
throw new NotImplementedException();
}
public void Delete(AuditEventFilter auditEventFilter)
{
throw new NotImplementedException();
}
/// <summary>
/// Returns events meeting criteria from single log file
/// </summary>
/// <param name="auditEventFilter"></param>
/// <param name="auditEventLog"></param>
/// <returns></returns>
private List <AuditEvent> Get(AuditEventFilter auditEventFilter, string auditEventLog)
{
var auditEvents = new List <AuditEvent>();
int attempts = 0;
string[] delimiter = new[] { _delimiter };
if (!File.Exists(auditEventLog))
{
return(auditEvents);
}
do
{
attempts++;
try
{
auditEvents.Clear();
using StreamReader reader = new StreamReader(auditEventLog);
try
{
string[] headers = new string[0];
int lineCount = 0;
while (!reader.EndOfStream)
{
string[] values = reader.ReadLine().Split(delimiter, StringSplitOptions.None);
lineCount++;
if (lineCount == 1)
{
headers = values;
continue;
}
// Deserialise audit event, check if meets criteria. For optimization
// then DeserializeAuditEvent returns null if the audit event header
// doesn't meet the filter criteria.
try
{
AuditEvent auditEvent = DeserializeAuditEvent(headers, values, auditEventFilter);
if (auditEvent != null)
{
if (IsAuditEventMeetsCriteria(auditEvent, auditEventFilter))
{
if (!auditEventFilter.IncludeValues)
{
auditEvent.Values.Clear();
}
auditEvents.Add(auditEvent);
}
}
}
catch { } // Ignore error
}
attempts = -1; // Done
}
catch
{
throw;
}
finally
{
reader.Close(); // Close now, not when GC decides
}
}
catch (Exception exception) when(IsExceptionForFileInUse(exception) && attempts < 20)
{
Thread.Sleep(100);
}
} while (attempts != -1);
return(auditEvents.OrderBy(x => x.TimeCreated)
.ThenBy(x => x.TenantID)
.ThenBy(x => x.UserID)
.ToList());
}
/// <summary> /// Returns all audit events matching criteria /// </summary> /// <param name="auditEventFilter"></param> /// <returns></returns> public List <AuditEvent> Get(AuditEventFilter auditEventFilter) => _auditEventRepositories[0].Get(auditEventFilter);
