Patrick Plate
05933a08ca
- V8 migration: audit_events table (JSONB metadata, immutable by design) - AuditEvent entity + AuditEventType enum (18 event types) - AuditService: log events, paginated query, PDF export - AuditController: GET /api/v1/audit (paginated, filtered), GET export - AuditEventRepository with JPQL filtered queries - Frontend: /audit-log page (read-only, filterable, timezone-aware) - PDF export button for Behörde inspections - Sidebar: 'Protokoll' under new Compliance section - PdfReportGenerator: generateAuditReport method added - 10-year retention, REVOKE DELETE documented - Full i18n (de/en) with 18 event type translations
27 lines
1.1 KiB
SQL
27 lines
1.1 KiB
SQL
-- V8: Immutable Audit Log (KCanG §19 — 10-year retention)
|
|
CREATE TABLE IF NOT EXISTS audit_events (
|
|
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
event_type VARCHAR(50) NOT NULL,
|
|
entity_type VARCHAR(50) NOT NULL,
|
|
entity_id UUID,
|
|
actor_id UUID NOT NULL,
|
|
actor_name VARCHAR(255) NOT NULL,
|
|
actor_role VARCHAR(20) NOT NULL,
|
|
description TEXT NOT NULL,
|
|
metadata JSONB,
|
|
ip_address VARCHAR(45),
|
|
timestamp TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW(),
|
|
tenant_id UUID NOT NULL
|
|
);
|
|
|
|
-- Indexes for efficient querying
|
|
CREATE INDEX idx_audit_timestamp ON audit_events(timestamp DESC);
|
|
CREATE INDEX idx_audit_entity ON audit_events(entity_type, entity_id);
|
|
CREATE INDEX idx_audit_actor ON audit_events(actor_id);
|
|
CREATE INDEX idx_audit_tenant ON audit_events(tenant_id);
|
|
CREATE INDEX idx_audit_type ON audit_events(event_type);
|
|
|
|
-- IMMUTABILITY: Revoke DELETE from application user
|
|
-- (In production, run as DBA: REVOKE DELETE ON audit_events FROM cannamanage_app;)
|
|
COMMENT ON TABLE audit_events IS 'Immutable audit log — 10-year retention (KCanG). Application role cannot DELETE.';
|