maxim.dolgolyov/Learn_System
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(perm): audit log for permission + feature-flag changes

Browse Source 
Adds audit entries for:
- permission.set (role-level change)
- permission.user_set (per-user override)
- permission.user_reset (clear user override)
- feature.update (global feature flag toggle, per-key with old->new diff)

Old value captured for feature.update for full diff trail.
permissionsController: added audit import, wired audit() after each write.
adminController.updateFeatures: replaced bulk audit with per-key entries
capturing old value from app_settings before overwrite.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Maxim Dolgolyov
2026-05-17 14:16:45 +03:00
parent dd1adc0c69
commit 539d33df31
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/controllers/adminController.js
+7 -4
View File
@@ -327,13 +327,16 @@ function updateFeatures(req, res) {
'flashcards', 'knowledge_map', 'board', 'biochem', 'live_quiz', 'classroom'];
const updates = req.body;
const stmt = db.prepare("INSERT OR REPLACE INTO app_settings (key, value) VALUES (?, ?)");
const changed = [];
const getOld = db.prepare("SELECT value FROM app_settings WHERE key = ?");
for (const [name, enabled] of Object.entries(updates)) {
if (!allowed.includes(name)) continue;
stmt.run(`feature_${name}_enabled`, enabled ? '1' : '0');
changed.push(`${name}=${enabled ? 'on' : 'off'}`);
const settingKey = `feature_${name}_enabled`;
const oldRow = getOld.get(settingKey);
const oldVal = oldRow ? oldRow.value : null;
const newVal = enabled ? '1' : '0';
stmt.run(settingKey, newVal);
audit(req, 'feature.update', `feature:${name}`, `${oldVal} -> ${newVal}`);
}
if (changed.length) audit(req, 'features.update', null, changed.join(', '));
res.json({ ok: true });
}
backend/src/controllers/permissionsController.js
+4
View File
@@ -1,4 +1,5 @@
const db = require('../db/db');
const { audit } = require('../utils/audit');
/* ── All known permissions ─────────────────────────────────────────────── */
const ALL_PERMISSIONS = [
@@ -212,6 +213,7 @@ function setPermission(req, res) {
'UPDATE users SET token_version = token_version + 1 WHERE role = ?'
).run(role);
})();
audit(req, 'permission.set', `role:${role}/${permission}`, `enabled=${enabled ? 1 : 0}`);
res.json({ ok: true });
}
@@ -293,6 +295,7 @@ function setUserPermission(req, res) {
'UPDATE users SET token_version = token_version + 1 WHERE id = ?'
).run(uid);
})();
audit(req, 'permission.user_set', `user:${uid}/${permission}`, `enabled=${enabled ? 1 : 0}`);
res.json({ ok: true });
}
@@ -307,6 +310,7 @@ function resetUserPermissions(req, res) {
} else {
db.prepare('DELETE FROM user_permissions WHERE user_id = ?').run(uid);
}
audit(req, 'permission.user_reset', `user:${uid}`, permission || null);
res.json({ ok: true });
}