feat(perm): audit log for permission + feature-flag changes
Adds audit entries for: - permission.set (role-level change) - permission.user_set (per-user override) - permission.user_reset (clear user override) - feature.update (global feature flag toggle, per-key with old->new diff) Old value captured for feature.update for full diff trail. permissionsController: added audit import, wired audit() after each write. adminController.updateFeatures: replaced bulk audit with per-key entries capturing old value from app_settings before overwrite. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Maxim Dolgolyov
@@ -327,13 +327,16 @@ function updateFeatures(req, res) {
|
||||
'flashcards', 'knowledge_map', 'board', 'biochem', 'live_quiz', 'classroom'];
|
||||
const updates = req.body;
|
||||
const stmt = db.prepare("INSERT OR REPLACE INTO app_settings (key, value) VALUES (?, ?)");
|
||||
const changed = [];
|
||||
const getOld = db.prepare("SELECT value FROM app_settings WHERE key = ?");
|
||||
for (const [name, enabled] of Object.entries(updates)) {
|
||||
if (!allowed.includes(name)) continue;
|
||||
stmt.run(`feature_${name}_enabled`, enabled ? '1' : '0');
|
||||
changed.push(`${name}=${enabled ? 'on' : 'off'}`);
|
||||
const settingKey = `feature_${name}_enabled`;
|
||||
const oldRow = getOld.get(settingKey);
|
||||
const oldVal = oldRow ? oldRow.value : null;
|
||||
const newVal = enabled ? '1' : '0';
|
||||
stmt.run(settingKey, newVal);
|
||||
audit(req, 'feature.update', `feature:${name}`, `${oldVal} -> ${newVal}`);
|
||||
}
|
||||
if (changed.length) audit(req, 'features.update', null, changed.join(', '));
|
||||
res.json({ ok: true });
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user