From 6a6e0fc4b3231bb34a092e4de2b1c1609bc4ca16 Mon Sep 17 00:00:00 2001
From: simon <simon@vp-server.eu>
Date: Tue, 14 Apr 2026 13:14:56 +0200
Subject: [PATCH] 	modified:   web/blueprints/site_admin.py

---
 web/blueprints/site_admin.py | 46 ++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/web/blueprints/site_admin.py b/web/blueprints/site_admin.py
index 163ca58..6f7d759 100644
--- a/web/blueprints/site_admin.py
+++ b/web/blueprints/site_admin.py
@@ -330,6 +330,12 @@ def group_member_invite(group_id):
     token      = db.create_group_invite(group_id, username, email, role, session["user_id"])
     invite     = db.get_invite_by_token(token)
     invite_url = force_https_url(url_for("auth.accept_invite", token=token, _external=True))
+    db.log_audit_event(
+        session["user_id"], session["username"], "invite.created",
+        entity_type="invite", entity_id=invite["id"] if invite else None,
+        details={"username": username, "email": email, "role": role},
+        group_id=group_id, ip_address=request.remote_addr,
+    )
     mail_settings = db.get_site_mail_settings()
 
     if mail_settings:
@@ -356,7 +362,14 @@ def group_member_invite(group_id):
 @site_admin.route("/groups/<int:group_id>/invites/<int:invite_id>/revoke", methods=["POST"])
 @admin_required
 def group_invite_revoke(group_id, invite_id):
+    invite = db.get_group_invite_by_id(invite_id, group_id)
     db.revoke_group_invite(invite_id, group_id)
+    db.log_audit_event(
+        session["user_id"], session["username"], "invite.revoked",
+        entity_type="invite", entity_id=invite_id,
+        details={"username": invite["invited_username"] if invite else None},
+        group_id=group_id, ip_address=request.remote_addr,
+    )
     flash("Invitation revoked.", "success")
     return redirect(url_for("site_admin.group_members", group_id=group_id))
 
@@ -392,6 +405,12 @@ def group_invite_resend(group_id, invite_id):
     try:
         send_mail(mail_settings, invite["invited_email"], subject, text_body, html_body=html_body)
         db.mark_group_invite_sent(invite_id, group_id)
+        db.log_audit_event(
+            session["user_id"], session["username"], "invite.resent",
+            entity_type="invite", entity_id=invite_id,
+            details={"to": invite["invited_email"], "username": invite["invited_username"]},
+            group_id=group_id, ip_address=request.remote_addr,
+        )
         flash("Invitation email resent.", "success")
     except Exception:
         flash("Resend failed. Please verify SMTP settings and try again.", "danger")
@@ -445,6 +464,13 @@ def user_new():
         effective_role = role if group_id else "member"
         token      = db.create_group_invite(group_id, username, email, effective_role,
                                             session["user_id"], is_site_admin=is_site_admin)
+        new_invite = db.get_invite_by_token(token)
+        db.log_audit_event(
+            session["user_id"], session["username"], "invite.created",
+            entity_type="invite", entity_id=new_invite["id"] if new_invite else None,
+            details={"username": username, "email": email, "role": effective_role, "is_site_admin": is_site_admin},
+            group_id=group_id, ip_address=request.remote_addr,
+        )
         invite_url = force_https_url(url_for("auth.accept_invite", token=token, _external=True))
         mail_settings = db.get_site_mail_settings()
 
@@ -488,7 +514,15 @@ def user_new():
 @site_admin.route("/users/invites/<int:invite_id>/revoke", methods=["POST"])
 @admin_required
 def user_invite_revoke(invite_id):
+    invite = db.get_invite_by_id_global(invite_id)
     db.revoke_invite_global(invite_id)
+    db.log_audit_event(
+        session["user_id"], session["username"], "invite.revoked",
+        entity_type="invite", entity_id=invite_id,
+        details={"username": invite["invited_username"] if invite else None},
+        group_id=invite["group_id"] if invite else None,
+        ip_address=request.remote_addr,
+    )
     flash("Invitation revoked.", "success")
     return redirect(url_for("site_admin.users"))
 
@@ -532,6 +566,12 @@ def user_invite_resend(invite_id):
     try:
         send_mail(mail_settings, invite["invited_email"], subject, body, html_body=html_body)
         db.mark_invite_sent_global(invite_id)
+        db.log_audit_event(
+            session["user_id"], session["username"], "invite.resent",
+            entity_type="invite", entity_id=invite_id,
+            details={"to": invite["invited_email"], "username": invite["invited_username"]},
+            group_id=invite.get("group_id"), ip_address=request.remote_addr,
+        )
         flash("Invitation email resent.", "success")
     except Exception:
         flash("Resend failed. Please verify SMTP settings and try again.", "danger")
@@ -615,6 +655,12 @@ def view_group(group_id):
     session["role"]          = "group_owner"
     session["permissions"]   = all_perms
     session["admin_viewing"] = True
+    db.log_audit_event(
+        session["user_id"], session["username"], "admin.view_group",
+        entity_type="group", entity_id=group_id,
+        details={"group_name": group["name"]},
+        group_id=group_id, ip_address=request.remote_addr,
+    )
     return redirect(url_for("panel.dashboard"))