3a5ac0f201
Creates AuditLog model with JSONB details column for tracking admin actions. Integrates log_audit() helper into admin endpoints (role change, team admin toggle, deactivate, activate) and tree delete. IP address column reserved for future Railway proxy header support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
25 lines
680 B
Python
25 lines
680 B
Python
"""Centralized audit logging for admin and destructive actions."""
|
|
from uuid import UUID
|
|
from typing import Optional
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
from app.models.audit_log import AuditLog
|
|
|
|
|
|
async def log_audit(
|
|
db: AsyncSession,
|
|
user_id: UUID,
|
|
action: str,
|
|
resource_type: str,
|
|
resource_id: Optional[UUID] = None,
|
|
details: Optional[dict] = None,
|
|
) -> None:
|
|
"""Record an audit log entry. Does not commit — piggybacks on the caller's commit."""
|
|
entry = AuditLog(
|
|
user_id=user_id,
|
|
action=action,
|
|
resource_type=resource_type,
|
|
resource_id=resource_id,
|
|
details=details,
|
|
)
|
|
db.add(entry)
|