From 46377152c3baf04316d260cae74f36e19d2e8d37 Mon Sep 17 00:00:00 2001
From: pac7 <47831526-pac7@users.noreply.replit.com>
Date: Mon, 27 Oct 2025 23:18:46 +0000
Subject: [PATCH] Improve viewing access to system logs for administrators

Update the database policy for the admin_audit_log view to allow moderators to access logs without requiring multi-factor authentication, while maintaining strict security for log insertions.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 14a3da17-c084-4611-919e-f0651a496ef3
Replit-Commit-Checkpoint-Type: intermediate_checkpoint
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/7cdf4e95-3f41-4180-b8e3-8ef56d032c0e/14a3da17-c084-4611-919e-f0651a496ef3/cWpfk79
---
 ...251027231823_fix_audit_log_view_policy.sql | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 supabase/migrations/20251027231823_fix_audit_log_view_policy.sql

diff --git a/supabase/migrations/20251027231823_fix_audit_log_view_policy.sql b/supabase/migrations/20251027231823_fix_audit_log_view_policy.sql
new file mode 100644
index 00000000..ebc45965
--- /dev/null
+++ b/supabase/migrations/20251027231823_fix_audit_log_view_policy.sql
@@ -0,0 +1,20 @@
+-- Fix admin_audit_log view policy to allow viewing without AAL2
+-- Viewing logs is a read-only operation and doesn't require the same
+-- security level as modifying data. We still require moderator role.
+
+DROP POLICY IF EXISTS "Admins can view audit log" ON public.admin_audit_log;
+CREATE POLICY "Admins can view audit log"
+ON public.admin_audit_log
+FOR SELECT
+TO authenticated
+USING (
+  is_moderator(auth.uid())
+);
+
+-- Keep the strict AAL2 requirement for inserting audit logs
+-- (This policy already exists but we're documenting it here for clarity)
+COMMENT ON POLICY "Admins can insert audit log with MFA" ON public.admin_audit_log 
+IS 'Requires AAL2 (MFA step-up) for inserting audit logs to ensure high security for write operations';
+
+COMMENT ON POLICY "Admins can view audit log" ON public.admin_audit_log 
+IS 'Allows moderators to view audit logs without AAL2 since this is a read-only operation';