feat: add logic for audit logging implementation per ticket #499 #1057
Conversation
CK-7vn
left a comment
CK-7vn
left a comment
There was a problem hiding this comment.
Nice, just 2 things i was unsure of, that i could be missing something on, but I think this is a great start. Obviously when we get deeper into auditable actions I don't know if it'll be worth creating a separate audit object that we can embed into our models, but, definitely an awesome start.
…beforecreate hook
calisio
left a comment
calisio
left a comment
There was a problem hiding this comment.
just one small comment on helper functions-rest looks great!
backend/src/database/facilities.go
Outdated
| updates := map[string]any{ | ||
| "deleted_at": time.Now(), | ||
| } | ||
| if userID, ok := db.Statement.Context.Value(models.UserIDKey).(uint); ok { | ||
| updates["update_user_id"] = userID | ||
| } |
There was a problem hiding this comment.
ok, i keep seeing that we are doing this same action repeatedly in each function that updates the database. is there a better way to do this so we don't repeat code this frequently? I understand why we can't do it in a gorm callback; could we extract this into a helper function? Just ideas as we are talking about keeping clean code. Feel free to ignore if you don't feel its necessary. (lines 60-62)
Description of the change
This PR implements standardized database level audit tracking across the UnlockEdv2 backend. Audit fields (create_user_id and update_user_id) are now included in all relevant models via the existing DatabaseFields struct, and are populated using GORM hooks when necessary.
Key changes
NOTE: All user persisted records will be stamped with a user id (on delete, on update, on create). Please feel free to contact me when reviewing to give you tips of how to test the functionality.
Additional context
This implementation represents phase 1 of our auditing initiative. In phase 2, we can add an audit_log table with retention rules to capture more detailed event histories. This will further strengthen compliance, traceability, and reporting capabilities across the platform--we will discuss as a team about this.