✨ [#4398] Ensure logs from ownership check in pre-registration work

open-formulieren · Oct 29, 2024 · b4f669b · b4f669b
1 parent 53288d2
commit b4f669b
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 14 deletions.
diff --git a/src/openforms/logging/logevent.py b/src/openforms/logging/logevent.py
@@ -247,6 +247,14 @@ def registration_attempts_limited(submission: Submission):
     )
 
 
+def object_ownership_check_failure(submission: Submission, plugin=None):
+    _create_log(
+        submission,
+        "object_ownership_check_failure",
+        plugin=plugin,
+    )
+
+
 # - - -
 
 

diff --git a/src/openforms/logging/templates/logging/events/object_ownership_check_failure.txt b/src/openforms/logging/templates/logging/events/object_ownership_check_failure.txt
@@ -0,0 +1,4 @@
+{% load i18n %}
+{% blocktrans trimmed with plugin=log.fmt_plugin lead=log.fmt_lead %}
+   {{ lead }}: Registration plugin {{ plugin }} reported: authenticated user is not the owner of referenced object.
+{% endblocktrans %}
diff --git a/src/openforms/registrations/tasks.py b/src/openforms/registrations/tasks.py
@@ -74,27 +74,30 @@ def pre_registration(submission_id: int, event: PostSubmissionEvents) -> None:
         )
         return
 
+    registration_plugin = get_registration_plugin(submission)
+
+    # If an `initial_data_reference` was passed, we must verify that the
+    # authenticated user is the owner of the referenced object
+    if registration_plugin and submission.initial_data_reference:
+        try:
+            registration_plugin.verify_initial_data_ownership(submission)
+        except PermissionDenied as e:
+            logger.exception(
+                "Submission with initial_data_reference did not pass ownership check for plugin %s",
+                registration_plugin.verbose_name,
+            )
+            logevent.object_ownership_check_failure(
+                submission, plugin=registration_plugin
+            )
+            raise e
+
     with transaction.atomic():
-        registration_plugin = get_registration_plugin(submission)
         if not registration_plugin:
             set_submission_reference(submission)
             submission.pre_registration_completed = True
             submission.save()
             return
 
-        # If an `initial_data_reference` was passed, we must verify that the
-        # authenticated user is the owner of the referenced object
-        if submission.initial_data_reference:
-            try:
-                registration_plugin.verify_initial_data_ownership(submission)
-            except PermissionDenied as e:
-                logger.exception(
-                    "Submission with initial_data_reference did not pass ownership check for plugin %s",
-                    registration_plugin.verbose_name,
-                )
-                logevent.registration_failure(submission, e, plugin=registration_plugin)
-                raise e
-
         options_serializer = registration_plugin.configuration_options(
             data=submission.registration_backend.options,
             context={"validate_business_logic": False},