Add role-based filtering and imporve code

services/pos/app/api/configurations.py

@@ -12,9 +12,11 @@ from app.core.database import get_db
 from shared.auth.decorators import get_current_user_dep
 from shared.auth.access_control import require_user_role, admin_role_required
 from shared.routing import RouteBuilder
+from shared.security import create_audit_logger, AuditSeverity, AuditAction
 
 router = APIRouter()
 logger = structlog.get_logger()
+audit_logger = create_audit_logger("pos-service")
 route_builder = RouteBuilder('pos')
 
 
@@ -110,6 +112,29 @@ async def update_pos_configuration(
 ):
     """Update a POS configuration (Admin/Owner only)"""
     try:
+        # Log HIGH severity audit event for configuration changes
+        try:
+            await audit_logger.log_event(
+                db_session=db,
+                tenant_id=str(tenant_id),
+                user_id=current_user["user_id"],
+                action=AuditAction.UPDATE.value,
+                resource_type="pos_configuration",
+                resource_id=str(config_id),
+                severity=AuditSeverity.HIGH.value,
+                description=f"Admin {current_user.get('email', 'unknown')} updated POS configuration",
+                changes={"configuration_updates": configuration_data},
+                endpoint=f"/configurations/{config_id}",
+                method="PUT"
+            )
+        except Exception as audit_error:
+            logger.warning("Failed to log audit event", error=str(audit_error))
+
+        logger.info("POS configuration updated",
+                   config_id=str(config_id),
+                   tenant_id=str(tenant_id),
+                   user_id=current_user["user_id"])
+
         return {"message": "Configuration updated successfully", "id": str(config_id)}
     except Exception as e:
         logger.error("Failed to update POS configuration", error=str(e),
@@ -130,6 +155,27 @@ async def delete_pos_configuration(
 ):
     """Delete a POS configuration (Owner only)"""
     try:
+        # Log CRITICAL severity audit event for configuration deletion
+        try:
+            await audit_logger.log_deletion(
+                db_session=db,
+                tenant_id=str(tenant_id),
+                user_id=current_user["user_id"],
+                resource_type="pos_configuration",
+                resource_id=str(config_id),
+                severity=AuditSeverity.CRITICAL.value,
+                description=f"Owner {current_user.get('email', 'unknown')} deleted POS configuration",
+                endpoint=f"/configurations/{config_id}",
+                method="DELETE"
+            )
+        except Exception as audit_error:
+            logger.warning("Failed to log audit event", error=str(audit_error))
+
+        logger.info("POS configuration deleted",
+                   config_id=str(config_id),
+                   tenant_id=str(tenant_id),
+                   user_id=current_user["user_id"])
+
         return {"message": "Configuration deleted successfully"}
     except Exception as e:
         logger.error("Failed to delete POS configuration", error=str(e),

services/pos/app/models/__init__.py

@@ -2,6 +2,13 @@
 Database models for POS Integration Service
 """
 
+# Import AuditLog model for this service
+from shared.security import create_audit_log_model
+from shared.database.base import Base
+
+# Create audit log model for this service
+AuditLog = create_audit_log_model(Base)
+
 from .pos_config import POSConfiguration
 from .pos_transaction import POSTransaction, POSTransactionItem
 from .pos_webhook import POSWebhookLog
@@ -12,5 +19,6 @@ __all__ = [
     "POSTransaction",
     "POSTransactionItem", 
     "POSWebhookLog",
-    "POSSyncLog"
+    "POSSyncLog",
+    "AuditLog"
 ]