FEATURE: log admin/moderator grant/revoke action

app/controllers/admin/users_controller.rb

@@ -87,6 +87,7 @@ class Admin::UsersController < Admin::AdminController
   def revoke_admin
     guardian.ensure_can_revoke_admin!(@user)
     @user.revoke_admin!
+    StaffActionLogger.new(current_user).log_revoke_admin(@user)
     render nothing: true
   end
 
@@ -103,18 +104,21 @@ class Admin::UsersController < Admin::AdminController
   def grant_admin
     guardian.ensure_can_grant_admin!(@user)
     @user.grant_admin!
+    StaffActionLogger.new(current_user).log_grant_admin(@user)
     render_serialized(@user, AdminUserSerializer)
   end
 
   def revoke_moderation
     guardian.ensure_can_revoke_moderation!(@user)
     @user.revoke_moderation!
+    StaffActionLogger.new(current_user).log_revoke_moderation(@user)
     render nothing: true
   end
 
   def grant_moderation
     guardian.ensure_can_grant_moderation!(@user)
     @user.grant_moderation!
+    StaffActionLogger.new(current_user).log_grant_moderation(@user)
     render_serialized(@user, AdminUserSerializer)
   end
 

app/models/user_history.rb

@@ -46,7 +46,11 @@ class UserHistory < ActiveRecord::Base
                           create_category: 28,
                           change_site_text: 29,
                           block_user: 30,
-                          unblock_user: 31)
+                          unblock_user: 31,
+                          grant_admin: 32,
+                          revoke_admin: 33,
+                          grant_moderation: 34,
+                          revoke_moderation: 35)
   end
 
   # Staff actions is a subset of all actions, used to audit actions taken by staff users.
@@ -74,7 +78,11 @@ class UserHistory < ActiveRecord::Base
                         :delete_category,
                         :create_category,
                         :block_user,
-                        :unblock_user]
+                        :unblock_user,
+                        :grant_admin,
+                        :revoke_admin,
+                        :grant_moderation,
+                        :revoke_moderation]
   end
 
   def self.staff_action_ids

app/services/staff_action_logger.rb

@@ -294,6 +294,38 @@ class StaffActionLogger
     }))
   end
 
+  def log_grant_admin(user, opts={})
+    raise Discourse::InvalidParameters.new(:user) unless user
+    UserHistory.create( params(opts).merge({
+      action: UserHistory.actions[:grant_admin],
+      target_user_id: user.id
+    }))
+  end
+
+  def log_revoke_admin(user, opts={})
+    raise Discourse::InvalidParameters.new(:user) unless user
+    UserHistory.create( params(opts).merge({
+      action: UserHistory.actions[:revoke_admin],
+      target_user_id: user.id
+    }))
+  end
+
+  def log_grant_moderation(user, opts={})
+    raise Discourse::InvalidParameters.new(:user) unless user
+    UserHistory.create( params(opts).merge({
+      action: UserHistory.actions[:grant_moderation],
+      target_user_id: user.id
+    }))
+  end
+
+  def log_revoke_moderation(user, opts={})
+    raise Discourse::InvalidParameters.new(:user) unless user
+    UserHistory.create( params(opts).merge({
+      action: UserHistory.actions[:revoke_moderation],
+      target_user_id: user.id
+    }))
+  end
+
   private
 
     def params(opts=nil)

config/locales/client.en.yml

@@ -2329,6 +2329,10 @@ en:
             create_category: "create category"
             block_user: "block user"
             unblock_user: "unblock user"
+            grant_admin: "grant admin"
+            revoke_admin: "revoke admin"
+            grant_moderation: "grant moderation"
+            revoke_moderation: "revoke moderation"
         screened_emails:
           title: "Screened Emails"
           description: "When someone tries to create a new account, the following email addresses will be checked and the registration will be blocked, or some other action performed."