modified: web/blueprints/site_admin.py

2026-04-14 13:14:56 +02:00
parent 3b78f5dfb1
commit 6a6e0fc4b3
1 changed files with 46 additions and 0 deletions
--- a/web/blueprints/site_admin.py
+++ b/web/blueprints/site_admin.py
@@ -330,6 +330,12 @@ def group_member_invite(group_id):
    token      = db.create_group_invite(group_id, username, email, role, session["user_id"])
    invite     = db.get_invite_by_token(token)
    invite_url = force_https_url(url_for("auth.accept_invite", token=token, _external=True))
+    db.log_audit_event(
+        session["user_id"], session["username"], "invite.created",
+        entity_type="invite", entity_id=invite["id"] if invite else None,
+        details={"username": username, "email": email, "role": role},
+        group_id=group_id, ip_address=request.remote_addr,
+    )
    mail_settings = db.get_site_mail_settings()

    if mail_settings:
@@ -356,7 +362,14 @@ def group_member_invite(group_id):
@site_admin.route("/groups/<int:group_id>/invites/<int:invite_id>/revoke", methods=["POST"])
@admin_required
 def group_invite_revoke(group_id, invite_id):
+    invite = db.get_group_invite_by_id(invite_id, group_id)
    db.revoke_group_invite(invite_id, group_id)
+    db.log_audit_event(
+        session["user_id"], session["username"], "invite.revoked",
+        entity_type="invite", entity_id=invite_id,
+        details={"username": invite["invited_username"] if invite else None},
+        group_id=group_id, ip_address=request.remote_addr,
+    )
    flash("Invitation revoked.", "success")
    return redirect(url_for("site_admin.group_members", group_id=group_id))

@@ -392,6 +405,12 @@ def group_invite_resend(group_id, invite_id):
    try:
        send_mail(mail_settings, invite["invited_email"], subject, text_body, html_body=html_body)
        db.mark_group_invite_sent(invite_id, group_id)
+        db.log_audit_event(
+            session["user_id"], session["username"], "invite.resent",
+            entity_type="invite", entity_id=invite_id,
+            details={"to": invite["invited_email"], "username": invite["invited_username"]},
+            group_id=group_id, ip_address=request.remote_addr,
+        )
        flash("Invitation email resent.", "success")
    except Exception:
        flash("Resend failed. Please verify SMTP settings and try again.", "danger")
@@ -445,6 +464,13 @@ def user_new():
        effective_role = role if group_id else "member"
        token      = db.create_group_invite(group_id, username, email, effective_role,
                                            session["user_id"], is_site_admin=is_site_admin)
+        new_invite = db.get_invite_by_token(token)
+        db.log_audit_event(
+            session["user_id"], session["username"], "invite.created",
+            entity_type="invite", entity_id=new_invite["id"] if new_invite else None,
+            details={"username": username, "email": email, "role": effective_role, "is_site_admin": is_site_admin},
+            group_id=group_id, ip_address=request.remote_addr,
+        )
        invite_url = force_https_url(url_for("auth.accept_invite", token=token, _external=True))
        mail_settings = db.get_site_mail_settings()

@@ -488,7 +514,15 @@ def user_new():
@site_admin.route("/users/invites/<int:invite_id>/revoke", methods=["POST"])
@admin_required
 def user_invite_revoke(invite_id):
+    invite = db.get_invite_by_id_global(invite_id)
    db.revoke_invite_global(invite_id)
+    db.log_audit_event(
+        session["user_id"], session["username"], "invite.revoked",
+        entity_type="invite", entity_id=invite_id,
+        details={"username": invite["invited_username"] if invite else None},
+        group_id=invite["group_id"] if invite else None,
+        ip_address=request.remote_addr,
+    )
    flash("Invitation revoked.", "success")
    return redirect(url_for("site_admin.users"))

@@ -532,6 +566,12 @@ def user_invite_resend(invite_id):
    try:
        send_mail(mail_settings, invite["invited_email"], subject, body, html_body=html_body)
        db.mark_invite_sent_global(invite_id)
+        db.log_audit_event(
+            session["user_id"], session["username"], "invite.resent",
+            entity_type="invite", entity_id=invite_id,
+            details={"to": invite["invited_email"], "username": invite["invited_username"]},
+            group_id=invite.get("group_id"), ip_address=request.remote_addr,
+        )
        flash("Invitation email resent.", "success")
    except Exception:
        flash("Resend failed. Please verify SMTP settings and try again.", "danger")
@@ -615,6 +655,12 @@ def view_group(group_id):
    session["role"]          = "group_owner"
    session["permissions"]   = all_perms
    session["admin_viewing"] = True
+    db.log_audit_event(
+        session["user_id"], session["username"], "admin.view_group",
+        entity_type="group", entity_id=group_id,
+        details={"group_name": group["name"]},
+        group_id=group_id, ip_address=request.remote_addr,
+    )
    return redirect(url_for("panel.dashboard"))