Add role-based filtering and imporve code

services/auth/app/api/users.py

@@ -25,11 +25,15 @@ from shared.auth.decorators import (
     require_admin_role_dep
 )
 from shared.routing import RouteBuilder
+from shared.security import create_audit_logger, AuditSeverity, AuditAction
 
 logger = structlog.get_logger()
 router = APIRouter(tags=["users"])
 route_builder = RouteBuilder('auth')
 
+# Initialize audit logger
+audit_logger = create_audit_logger("auth-service")
+
 
 @router.get(route_builder.build_base_route("me", include_tenant_prefix=False), response_model=UserResponse)
 async def get_current_user_info(
@@ -184,14 +188,32 @@ async def delete_admin_user(
             status_code=status.HTTP_404_NOT_FOUND,
             detail=f"Admin user {user_id} not found"
         )
-    
+
+    # Log audit event for user deletion
+    try:
+        # Get tenant_id from current_user or use a placeholder for system-level operations
+        tenant_id_str = current_user.get("tenant_id", "00000000-0000-0000-0000-000000000000")
+        await audit_logger.log_deletion(
+            db_session=db,
+            tenant_id=tenant_id_str,
+            user_id=current_user["user_id"],
+            resource_type="user",
+            resource_id=user_id,
+            resource_data=user_info,
+            description=f"Admin {current_user.get('email', current_user['user_id'])} initiated deletion of user {user_info.get('email', user_id)}",
+            endpoint="/delete/{user_id}",
+            method="DELETE"
+        )
+    except Exception as audit_error:
+        logger.warning("Failed to log audit event", error=str(audit_error))
+
     # Start deletion as background task for better performance
     background_tasks.add_task(
         execute_admin_user_deletion,
         user_id=user_id,
         requesting_user_id=current_user["user_id"]
     )
-    
+
     return {
         "success": True,
         "message": f"Admin user deletion for {user_id} has been initiated",