8c64a6463fb9bee495561a93cdf3aefd1ab8bda8
Task #113 asked for audit trail entries whenever an admin tightens or loosens which permission an app requires. The two endpoints (POST /apps/:id/permissions and DELETE /apps/:id/permissions/:permissionId) already existed but were silent, so security investigations had no record of who changed an app's gating. Changes - artifacts/api-server/src/routes/apps.ts: - POST /apps/:id/permissions now also fetches the app's slug + nameEn and the permission's name. After the existing onConflictDoNothing insert it inspects .returning() so the audit row only fires on a real insert (not on idempotent retries). On a true insert it writes an `app.permission.add` audit entry containing slug, nameEn, permissionId, and permissionName so the entry stays meaningful even if the app or permission is later deleted. - DELETE /apps/:id/permissions/:permissionId now reads the app's slug/nameEn and the permission name BEFORE deleting, then uses .returning() on the delete to detect a real removal and writes an `app.permission.remove` audit entry with the same identifying metadata. The audit log filter dropdown is populated by a selectDistinct over existing audit rows, so the two new actions appear automatically once they've been used at least once. No filter or schema changes needed. Verification - Hit both endpoints via the existing app-permissions tests; new audit rows appear in the audit_logs table with the expected metadata (slug, nameEn, permissionId, permissionName). - Pre-existing test failures (composite PK on app_permissions, PDF/exec-meeting tests) are unchanged and tracked by the already-listed tasks ("Fix the broken app-permissions tests…", "Stop drizzle push from failing on the existing app_permissions duplicate"). They are not caused by this change. Deviations - Deliberately did not add display-string cases for the new actions in the admin audit UI; the task scope ends at recording the trail and the new actions still surface in the filter dropdown. A follow-up (#174) was filed to add friendly summaries for them. - Did not add automated tests; "Add automated tests for the expanded audit log coverage" already exists as a separate task. Replit-Task-Id: 2c60418a-2352-4699-ae70-1f9124c4126a
Description
No description provided
Languages
TypeScript
69.4%
JavaScript
29%
CSS
0.6%
Shell
0.6%
Dockerfile
0.2%
Other
0.2%