modified: web/app.py

modified: web/blueprints/auth.py modified: web/blueprints/site_admin.py modified: web/config.py modified: web/panel_db.py modified: web/templates/admin/audit_log.html modified: web/templates/admin/dashboard.html new file: web/templates/auth/consent.html
2026-04-15 11:05:21 +02:00
parent 179a0e1042
commit bdf83bd275
8 changed files with 333 additions and 2 deletions
--- a/web/blueprints/site_admin.py
+++ b/web/blueprints/site_admin.py
@@ -48,7 +48,14 @@ def dashboard():
        "admin_count":   sum(1 for u in users if u.get("is_site_admin")),
        "mail_configured": int(has_mail),
    }
-    return render_template("admin/dashboard.html", groups=groups, users=users, stats=stats)
+    # Letzte 10 Audit-Einträge für das Dashboard-Widget
+    try:
+        recent_audit, _ = db.get_audit_log(page=1, per_page=10)
+    except Exception:
+        recent_audit = []
+    return render_template("admin/dashboard.html", groups=groups, users=users,
+                           stats=stats, recent_audit=recent_audit,
+                           retention_days=Config.AUDIT_LOG_RETENTION_DAYS)


@site_admin.route("/mail", methods=["GET", "POST"])
@@ -594,6 +601,13 @@ def user_edit(user_id):
    if not user:
        flash("User not found.", "danger")
        return redirect(url_for("site_admin.users"))
+    if request.method == "GET":
+        db.log_audit_event(
+            session["user_id"], session["username"], "admin.view_user",
+            entity_type="user", entity_id=user_id,
+            details={"target": user["username"]},
+            ip_address=request.remote_addr,
+        )
    if request.method == "POST":
        username      = request.form.get("username", "").strip()
        email         = request.form.get("email", "").strip()
@@ -702,6 +716,10 @@ def stop_view():
@site_admin.route("/audit")
@admin_required
 def audit_log():
+    db.log_audit_event(
+        session["user_id"], session["username"], "admin.view_audit_log",
+        ip_address=request.remote_addr,
+    )
    page         = request.args.get("page", 1, type=int)
    action_f     = request.args.get("action", "").strip() or None
    group_f      = request.args.get("group_id", None, type=int)