Implement Phase 1 audit logging

Add centralized admin action logger and integrate logging for: - Alert resolutions (system, rate limit, grouped) - Role grants/revokes in UserRoleManager - Incident creation/acknowledgement/resolution - Moderation lock overrides Includes file updates and usage across relevant components to ensure consistent audit trails.
2025-12-25 10:11:12 -05:00 · 2025-11-11 14:22:30 +00:00
parent 53b576ecc1
commit 8581950a6e
7 changed files with 167 additions and 0 deletions
--- a/src/components/moderation/ModerationQueue.tsx
+++ b/src/components/moderation/ModerationQueue.tsx
@@ -262,7 +262,23 @@ export const ModerationQueue = forwardRef<ModerationQueueRef, ModerationQueuePro
  
  // Superuser force release lock
  const handleSuperuserReleaseLock = useCallback(async (submissionId: string) => {
+    // Fetch lock details before releasing
+    const { data: submission } = await supabase
+      .from('content_submissions')
+      .select('assigned_to, locked_until')
+      .eq('id', submissionId)
+      .single();
+    
    await queueManager.queue.superuserReleaseLock(submissionId);
+    
+    // Log to audit trail
+    const { logAdminAction } = await import('@/lib/adminActionAuditHelpers');
+    await logAdminAction('moderation_lock_force_released', {
+      submission_id: submissionId,
+      original_moderator_id: submission?.assigned_to,
+      original_locked_until: submission?.locked_until,
+    });
+    
    // Refresh locks count and queue
    setActiveLocksCount(prev => Math.max(0, prev - 1));
    queueManager.refresh();
--- a/src/components/moderation/UserRoleManager.tsx
+++ b/src/components/moderation/UserRoleManager.tsx
@@ -189,6 +189,15 @@ export function UserRoleManager() {
      
      if (error) throw error;
      
+      // Log to audit trail
+      const { logAdminAction } = await import('@/lib/adminActionAuditHelpers');
+      const targetUsername = searchResults.find(p => p.user_id === userId)?.username;
+      await logAdminAction('role_granted', {
+        target_user_id: userId,
+        target_username: targetUsername,
+        role: role,
+      }, userId);
+      
      handleSuccess('Role Granted', `User has been granted ${getRoleLabel(role)} role`);
      setNewUserSearch('');
      setNewRole('');
@@ -208,10 +217,23 @@ export function UserRoleManager() {
    if (!isAdmin()) return;
    setActionLoading(roleId);
    try {
+      // Fetch role details before revoking
+      const roleToRevoke = userRoles.find(r => r.id === roleId);
+      
      const {
        error
      } = await supabase.from('user_roles').delete().eq('id', roleId);
      if (error) throw error;
+      
+      // Log to audit trail
+      const { logAdminAction } = await import('@/lib/adminActionAuditHelpers');
+      await logAdminAction('role_revoked', {
+        role_id: roleId,
+        target_user_id: roleToRevoke?.user_id,
+        target_username: roleToRevoke?.profiles?.username,
+        role: roleToRevoke?.role,
+      }, roleToRevoke?.user_id);
+      
      handleSuccess('Role Revoked', 'User role has been revoked');
      fetchUserRoles();
    } catch (error: unknown) {