modified: web/blueprints/auth.py

modified:   web/blueprints/group_admin.py
	modified:   web/blueprints/site_admin.py
	modified:   web/config.py
	modified:   web/panel_db.py
	modified:   web/templates/admin/audit_log.html

web/blueprints/site_admin.py

@@ -216,6 +216,11 @@ def group_delete(group_id):
 @site_admin.route("/groups/<int:group_id>/members")
 @admin_required
 def group_members(group_id):
+    db.log_audit_event(
+        session["user_id"], session["username"], "admin.view_group_members",
+        entity_type="group", entity_id=group_id,
+        ip_address=request.remote_addr,
+    )
     group   = db.get_group_by_id(group_id)
     members = db.get_group_members(group_id)
     pending_invites = db.list_active_group_invites(group_id)
@@ -424,6 +429,10 @@ def group_invite_resend(group_id, invite_id):
 @site_admin.route("/users")
 @admin_required
 def users():
+    db.log_audit_event(
+        session["user_id"], session["username"], "admin.view_users",
+        ip_address=request.remote_addr,
+    )
     return render_template(
         "admin/users.html",
         users=db.list_all_users(),
@@ -597,6 +606,12 @@ def user_edit(user_id):
         db.update_user(user_id, username, email, is_site_admin)
         if new_password:
             db.change_password(user_id, new_password)
+            db.log_audit_event(
+                session["user_id"], session["username"], "user.password_changed",
+                entity_type="user", entity_id=user_id,
+                details={"target": username},
+                ip_address=request.remote_addr,
+            )
             flash("Password changed.", "info")
         db.log_audit_event(
             session["user_id"], session["username"], "user.updated",
@@ -715,4 +730,18 @@ def audit_log():
         actor_filter=actor_f or "",
         all_groups=all_groups,
         actions=actions,
+        retention_days=Config.AUDIT_LOG_RETENTION_DAYS,
     )
+
+
+@site_admin.route("/audit/purge", methods=["POST"])
+@admin_required
+def audit_purge():
+    deleted = db.purge_old_audit_events(Config.AUDIT_LOG_RETENTION_DAYS)
+    db.log_audit_event(
+        session["user_id"], session["username"], "audit.purged",
+        details={"deleted_count": deleted, "retention_days": Config.AUDIT_LOG_RETENTION_DAYS},
+        ip_address=request.remote_addr,
+    )
+    flash(f"Purged {deleted} audit log entries older than {Config.AUDIT_LOG_RETENTION_DAYS} days.", "success")
+    return redirect(url_for("site_admin.audit_log"))