marcel/familienarchiv

feat(audit): track user management events in audit log (#336) #337

Merged

marcel merged 14 commits from feat/issue-336-audit-user-management into main

2026-04-26 19:42:00 +02:00

Author	SHA1	Message	Date
Marcel	ce41e96a45	test(audit): add 401 unauthenticated tests for createUser, adminUpdateUser, deleteUser Some checks failed CI / Unit & Component Tests (pull_request) Failing after 3m1s Details CI / OCR Service Tests (pull_request) Successful in 34s Details CI / Backend Unit Tests (pull_request) Failing after 3m0s Details CI / Unit & Component Tests (push) Failing after 2m59s Details CI / OCR Service Tests (push) Successful in 40s Details CI / Backend Unit Tests (push) Failing after 2m55s Details Regression guards verifying that Spring Security returns 401 (not 200) when no credentials are provided, complementing the existing 403 permission tests. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 17:44:03 +02:00
Marcel	a6c8af0971	test(audit): replace null-actorId bootstrap calls with createUserForBootstrap(), increase timeouts to 10s Removes the wait+clear cycles that existed only to drain the audit events emitted by createUserOrUpdate(null, ...). Timeouts increased 5 → 10 s to reduce CI flakiness under load. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 17:41:56 +02:00
Marcel	6d9910b805	refactor(audit): extract createUserForBootstrap() to make null actorId contract explicit createUserOrUpdate(UUID actorId, ...) is always called from the controller with a real authenticated actor. createUserForBootstrap() handles seeding/test setup without emitting an audit event, making the two contracts unambiguous. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 17:39:09 +02:00
Marcel	1dd6e054fc	test(audit): add GROUP_MEMBERSHIP_CHANGED integration test with payload assertions Some checks failed CI / Unit & Component Tests (push) Failing after 3m59s Details CI / OCR Service Tests (push) Successful in 36s Details CI / Backend Unit Tests (push) Failing after 2m57s Details CI / Unit & Component Tests (pull_request) Failing after 3m0s Details CI / OCR Service Tests (pull_request) Successful in 34s Details CI / Backend Unit Tests (pull_request) Failing after 3m3s Details Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 15:53:55 +02:00
Marcel	23cff1cdd7	refactor(audit): drop @DirtiesContext, add @BeforeEach, use existsByKind in wait conditions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 15:53:55 +02:00
Marcel	11d93919b2	refactor(audit): replace LIMIT :limit JPQL with Pageable in audit query Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 15:53:55 +02:00
Marcel	f6bcc4f72a	refactor(audit): extract actorId() helper in UserController Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 15:53:55 +02:00
Marcel	f4a4436eda	test(audit): add 403 permission tests for createUser, adminUpdateUser, deleteUser Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 15:53:55 +02:00
Marcel	1d3a3b3338	refactor(audit): extract groupChangePayload() from adminUpdateUser Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 15:53:55 +02:00
Marcel	77affcfb4f	test(audit): integration test — create + delete user produces ordered audit entries Some checks failed CI / Unit & Component Tests (pull_request) Failing after 3m4s Details CI / OCR Service Tests (pull_request) Successful in 34s Details CI / Backend Unit Tests (pull_request) Failing after 3m2s Details CI / Unit & Component Tests (push) Failing after 3m1s Details CI / OCR Service Tests (push) Successful in 35s Details CI / Backend Unit Tests (push) Failing after 3m2s Details Creates a real actor user first (needed for audit_log FK constraint), then creates and deletes a target user, asserts USER_DELETED is newest and USER_CREATED is second via findRecentUserManagementEvents. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 15:16:29 +02:00
Marcel	36529f7e11	feat(audit): add findRecentUserManagementEvents query method Adds findRecentByKinds JPQL query to AuditLogQueryRepository and findRecentUserManagementEvents(int limit) to AuditLogQueryService, returning the N most recent USER_CREATED/USER_DELETED/GROUP_MEMBERSHIP_CHANGED events ordered newest-first. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 15:16:29 +02:00
Marcel	eb8f9d4dc4	feat(audit): emit GROUP_MEMBERSHIP_CHANGED when admin updates user groups Adds actorId param to adminUpdateUser(), captures beforeGroups before mutation, computes added/removed group names, emits logAfterCommit only when the group set actually changes. Payload contains group names, not permission strings. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 15:16:29 +02:00
Marcel	a736b7399a	feat(audit): emit USER_DELETED when admin removes a user Adds actorId param to deleteUser(), captures email before deletion, emits logAfterCommit(USER_DELETED) with userId+email in payload. Updates UserController to resolve and pass actorId. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 15:16:29 +02:00
Marcel	e7c7f801c9	feat(audit): emit USER_CREATED when admin creates a new user Adds USER_CREATED, USER_DELETED, GROUP_MEMBERSHIP_CHANGED to AuditKind. Injects AuditService into UserService; changes createUserOrUpdate to accept actorId and emits logAfterCommit(USER_CREATED) only on the new-user branch. Updates UserController to resolve and pass actorId. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 15:16:29 +02:00