Add role-based filtering and imporve code

2025-10-15 16:12:49 +02:00
parent 96ad5c6692
commit 8f9e9a7edc
158 changed files with 11033 additions and 1544 deletions
--- a/services/orders/app/api/customers.py
+++ b/services/orders/app/api/customers.py
@@ -13,6 +13,7 @@ import structlog
 from shared.auth.decorators import get_current_user_dep
 from shared.auth.access_control import require_user_role
 from shared.routing import RouteBuilder
+from shared.security import create_audit_logger, AuditSeverity, AuditAction
 from app.core.database import get_db
 from app.services.orders_service import OrdersService
 from app.schemas.order_schemas import (
@@ -22,6 +23,7 @@ from app.schemas.order_schemas import (
 )

 logger = structlog.get_logger()
+audit_logger = create_audit_logger("orders-service")

 # Create route builder for consistent URL structure
 route_builder = RouteBuilder('orders')
@@ -236,7 +238,10 @@ async def delete_customer(
    orders_service: OrdersService = Depends(get_orders_service),
    db = Depends(get_db)
 ):
-    """Delete a customer (soft delete)"""
+    """
+    Delete a customer (Admin+ only, GDPR-compliant soft delete)
+    Removes PII while maintaining referential integrity
+    """
    try:
        customer = await orders_service.customer_repo.get(db, customer_id, tenant_id)
        if not customer:
@@ -245,10 +250,39 @@ async def delete_customer(
                detail="Customer not found"
            )

+        # Capture customer data before deletion (for audit trail)
+        # Note: This is anonymized after retention period in compliance with GDPR
+        customer_data = {
+            "customer_code": customer.customer_code,
+            "customer_name": customer.customer_name,
+            "email": customer.email,
+            "phone": customer.phone,
+            "business_type": customer.business_type if hasattr(customer, 'business_type') else None
+        }
+
        await orders_service.customer_repo.delete(db, customer_id, tenant_id)

-        logger.info("Customer deleted successfully",
-                   customer_id=str(customer_id))
+        # Log HIGH severity audit event for customer deletion (GDPR compliance)
+        try:
+            await audit_logger.log_deletion(
+                db_session=db,
+                tenant_id=str(tenant_id),
+                user_id=current_user["user_id"],
+                resource_type="customer",
+                resource_id=str(customer_id),
+                resource_data=customer_data,
+                description=f"Admin {current_user.get('email', 'unknown')} deleted customer {customer_data['customer_code']} (GDPR-compliant soft delete)",
+                endpoint=f"/customers/{customer_id}",
+                method="DELETE",
+                severity=AuditSeverity.HIGH.value
+            )
+        except Exception as audit_error:
+            logger.warning("Failed to log audit event", error=str(audit_error))
+
+        logger.info("Customer deleted successfully (GDPR-compliant)",
+                   customer_id=str(customer_id),
+                   tenant_id=str(tenant_id),
+                   user_id=current_user["user_id"])

    except HTTPException:
        raise