Add role-based filtering and imporve code

2025-10-15 16:12:49 +02:00
parent 96ad5c6692
commit 8f9e9a7edc
158 changed files with 11033 additions and 1544 deletions
--- a/services/pos/app/api/configurations.py
+++ b/services/pos/app/api/configurations.py
@@ -12,9 +12,11 @@ from app.core.database import get_db
 from shared.auth.decorators import get_current_user_dep
 from shared.auth.access_control import require_user_role, admin_role_required
 from shared.routing import RouteBuilder
+from shared.security import create_audit_logger, AuditSeverity, AuditAction

 router = APIRouter()
 logger = structlog.get_logger()
+audit_logger = create_audit_logger("pos-service")
 route_builder = RouteBuilder('pos')


@@ -110,6 +112,29 @@ async def update_pos_configuration(
 ):
    """Update a POS configuration (Admin/Owner only)"""
    try:
+        # Log HIGH severity audit event for configuration changes
+        try:
+            await audit_logger.log_event(
+                db_session=db,
+                tenant_id=str(tenant_id),
+                user_id=current_user["user_id"],
+                action=AuditAction.UPDATE.value,
+                resource_type="pos_configuration",
+                resource_id=str(config_id),
+                severity=AuditSeverity.HIGH.value,
+                description=f"Admin {current_user.get('email', 'unknown')} updated POS configuration",
+                changes={"configuration_updates": configuration_data},
+                endpoint=f"/configurations/{config_id}",
+                method="PUT"
+            )
+        except Exception as audit_error:
+            logger.warning("Failed to log audit event", error=str(audit_error))
+
+        logger.info("POS configuration updated",
+                   config_id=str(config_id),
+                   tenant_id=str(tenant_id),
+                   user_id=current_user["user_id"])
+
        return {"message": "Configuration updated successfully", "id": str(config_id)}
    except Exception as e:
        logger.error("Failed to update POS configuration", error=str(e),
@@ -130,6 +155,27 @@ async def delete_pos_configuration(
 ):
    """Delete a POS configuration (Owner only)"""
    try:
+        # Log CRITICAL severity audit event for configuration deletion
+        try:
+            await audit_logger.log_deletion(
+                db_session=db,
+                tenant_id=str(tenant_id),
+                user_id=current_user["user_id"],
+                resource_type="pos_configuration",
+                resource_id=str(config_id),
+                severity=AuditSeverity.CRITICAL.value,
+                description=f"Owner {current_user.get('email', 'unknown')} deleted POS configuration",
+                endpoint=f"/configurations/{config_id}",
+                method="DELETE"
+            )
+        except Exception as audit_error:
+            logger.warning("Failed to log audit event", error=str(audit_error))
+
+        logger.info("POS configuration deleted",
+                   config_id=str(config_id),
+                   tenant_id=str(tenant_id),
+                   user_id=current_user["user_id"])
+
        return {"message": "Configuration deleted successfully"}
    except Exception as e:
        logger.error("Failed to delete POS configuration", error=str(e),