284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
61 lines
2.0 KiB
JavaScript
61 lines
2.0 KiB
JavaScript
/**
|
|
* @param { import("knex").Knex } knex
|
|
* @returns { Promise<void> }
|
|
*/
|
|
exports.up = function(knex) {
|
|
return knex.schema.createTable('audit_logs', table => {
|
|
// Primary key
|
|
table.uuid('audit_id').primary();
|
|
|
|
// Required fields
|
|
table.string('tenant').notNullable();
|
|
table.string('user_id'); // Nullable since system actions might not have a user
|
|
table.string('operation').notNullable();
|
|
table.string('table_name').notNullable();
|
|
table.string('record_id').notNullable();
|
|
table.jsonb('changed_data').notNullable();
|
|
table.jsonb('details').notNullable(); // Additional context/notes about the audit entry
|
|
table.timestamp('timestamp').notNullable().defaultTo(knex.fn.now());
|
|
|
|
// Indexes
|
|
table.index(['table_name', 'record_id']); // For querying entity history
|
|
table.index('timestamp'); // For time-based queries
|
|
table.index('tenant'); // For RLS filtering
|
|
})
|
|
.then(() => {
|
|
// Add RLS policy
|
|
return knex.raw(`
|
|
ALTER TABLE audit_logs ENABLE ROW LEVEL SECURITY;
|
|
|
|
CREATE POLICY tenant_isolation_policy ON audit_logs
|
|
USING (tenant = current_setting('app.current_tenant')::text);
|
|
|
|
CREATE POLICY tenant_isolation_policy_insert ON audit_logs
|
|
FOR INSERT
|
|
WITH CHECK (tenant = current_setting('app.current_tenant')::text);
|
|
|
|
-- Create trigger to automatically set tenant from app.current_tenant
|
|
CREATE OR REPLACE FUNCTION set_tenant_from_current_setting()
|
|
RETURNS TRIGGER AS $$
|
|
BEGIN
|
|
NEW.tenant = current_setting('app.current_tenant');
|
|
RETURN NEW;
|
|
END;
|
|
$$ LANGUAGE plpgsql;
|
|
|
|
CREATE TRIGGER set_tenant_on_audit_log_insert
|
|
BEFORE INSERT ON audit_logs
|
|
FOR EACH ROW
|
|
EXECUTE FUNCTION set_tenant_from_current_setting();
|
|
`);
|
|
});
|
|
};
|
|
|
|
/**
|
|
* @param { import("knex").Knex } knex
|
|
* @returns { Promise<void> }
|
|
*/
|
|
exports.down = function(knex) {
|
|
return knex.schema.dropTable('audit_logs');
|
|
};
|