Append-only who/what/when trail for admin actions + scheduler run summaries, generalizing QuotaEvent. Logged at ACTION / run-summary granularity — never per-row (a scheduler run touching thousands of videos is ONE row). Backend: - migration 0054_audit_log + AuditLog model (actor_id FK SET NULL, action, target_type/id, summary, before/after JSON, created_at). - app/audit.py: AuditAction constants (single source of truth, i18n'd on the client) + record() (adds to the caller's txn) + gc(retention_days). - producers wired: role change / suspend / delete / invite approve-deny-add / demo add-remove-reset / discovery purge (admin.py); config set/reset — secret VALUES never logged, key only (config.py); scheduler interval + maintenance tune (scheduler routes); sync pause/resume (sync.py); and the scheduler _job() choke point writes ONE run-summary row per run — manual runs + errors always, automatic runs only when they changed something (no no-op-poll spam). - retention: audit_gc scheduler job prunes rows older than audit_retention_days (sysconfig, default 180; 0 = keep forever). - admin API routes/audit.py (/api/admin/audit): recent-window list (actor emails resolved, System for background) + clear (leaves one tamper-evidence row). Frontend: - new admin-only "Audit log" nav page (ScrollText) using the shared DataTable (first admin page to reuse it) — sort/filter/paginate/persist, action select filter, actor text filter, before→after detail, Clear-all with confirm. - AuditLog.tsx + auditColumns.tsx + api.adminAudit/clearAudit + AuditRow type. - trilingual audit + auditActions namespaces (HU/EN/DE) + nav + config-group + scheduler job labels; Audit config group (retention days).
71 lines
2.6 KiB
Python
71 lines
2.6 KiB
Python
"""Admin audit log API: read the append-only who/what/when trail, and clear it.
|
|
|
|
Admin-only. The client renders these rows in a DataTable (client-side sort/filter/paginate), so
|
|
this returns the most recent window of rows (capped) plus the true total, rather than paging
|
|
server-side — the log stays small in practice (state-changing runs + admin actions only)."""
|
|
from fastapi import APIRouter, Depends
|
|
from sqlalchemy import delete, func, select
|
|
from sqlalchemy.orm import Session
|
|
|
|
from app import audit
|
|
from app.audit import AuditAction
|
|
from app.db import get_db
|
|
from app.models import AuditLog, User
|
|
from app.routes.admin import admin_user
|
|
|
|
router = APIRouter(prefix="/api/admin/audit", tags=["admin"])
|
|
|
|
# Cap the client-side window. The audit log is small by design; if it ever outgrows this we'd
|
|
# switch the DataTable to server-side paging.
|
|
MAX_ROWS = 2000
|
|
|
|
|
|
def _serialize(row: AuditLog, actors: dict[int, str]) -> dict:
|
|
return {
|
|
"id": row.id,
|
|
"created_at": row.created_at.isoformat() if row.created_at else None,
|
|
# actor_id NULL = the scheduler/background did it (client shows "System"); a set id that
|
|
# can't be resolved would mean a deleted user, but SET NULL makes that NULL — so present.
|
|
"actor": actors.get(row.actor_id) if row.actor_id is not None else None,
|
|
"action": row.action,
|
|
"target_type": row.target_type,
|
|
"target_id": row.target_id,
|
|
"summary": row.summary,
|
|
"before": row.before,
|
|
"after": row.after,
|
|
}
|
|
|
|
|
|
@router.get("")
|
|
def list_audit(
|
|
limit: int = 500,
|
|
_: User = Depends(admin_user),
|
|
db: Session = Depends(get_db),
|
|
) -> dict:
|
|
limit = max(1, min(limit, MAX_ROWS))
|
|
total = db.scalar(select(func.count()).select_from(AuditLog)) or 0
|
|
rows = (
|
|
db.execute(select(AuditLog).order_by(AuditLog.created_at.desc()).limit(limit))
|
|
.scalars()
|
|
.all()
|
|
)
|
|
actor_ids = {r.actor_id for r in rows if r.actor_id is not None}
|
|
actors: dict[int, str] = {}
|
|
if actor_ids:
|
|
actors = dict(
|
|
db.execute(select(User.id, User.email).where(User.id.in_(actor_ids))).all()
|
|
)
|
|
return {
|
|
"items": [_serialize(r, actors) for r in rows],
|
|
"total": total,
|
|
"returned": len(rows),
|
|
}
|
|
|
|
|
|
@router.delete("")
|
|
def clear_audit(admin: User = Depends(admin_user), db: Session = Depends(get_db)) -> dict:
|
|
"""Clear the audit log. Leaves ONE row recording who cleared it + how many (tamper-evidence)."""
|
|
n = db.execute(delete(AuditLog)).rowcount or 0
|
|
audit.record(db, admin.id, AuditAction.AUDIT_CLEAR, summary=f"Cleared {n} audit entries")
|
|
db.commit()
|
|
return {"cleared": n}
|