Fix support API audit logging

2026-01-28 21:02:25 +01:00
parent f0e8cee850
commit 0d2759b0d4
6 changed files with 308 additions and 143 deletions
--- a/app/Http/Controllers/Api/Support/SupportResourceController.php
+++ b/app/Http/Controllers/Api/Support/SupportResourceController.php
@@ -8,6 +8,7 @@ use App\Http\Requests\Support\Resources\SupportResourceFormRequest;
 use App\Http\Requests\Support\SupportResourceRequest;
 use App\Jobs\GenerateDataExport;
 use App\Models\DataExport;
+use App\Services\Audit\SuperAdminAuditLogger;
 use App\Support\ApiError;
 use App\Support\SupportApiAuthorizer;
 use App\Support\SupportApiRegistry;
@@ -77,7 +78,7 @@ class SupportResourceController extends Controller

    public function store(SupportResourceRequest $request, string $resource): JsonResponse
    {
-        if ($response = SupportApiAuthorizer::authorizeResource($request, $resource, 'write')) {
+        if ($response = SupportApiAuthorizer::authorizeAnyAbility($request, SupportApiRegistry::abilitiesFor($resource, 'write'), 'write')) {
            return $response;
        }

@@ -110,6 +111,14 @@ class SupportResourceController extends Controller

        $record = $modelClass::query()->create($payload);

+        app(SuperAdminAuditLogger::class)->record(
+            SupportApiRegistry::auditAction($resource, 'created'),
+            $record,
+            SuperAdminAuditLogger::fieldsMetadata($payload),
+            actor: $request->user(),
+            source: static::class
+        );
+
        if ($resource === 'data-exports') {
            GenerateDataExport::dispatch($record->id);
        }
@@ -121,7 +130,7 @@ class SupportResourceController extends Controller

    public function update(SupportResourceRequest $request, string $resource, string $record): JsonResponse
    {
-        if ($response = SupportApiAuthorizer::authorizeResource($request, $resource, 'write')) {
+        if ($response = SupportApiAuthorizer::authorizeAnyAbility($request, SupportApiRegistry::abilitiesFor($resource, 'write'), 'write')) {
            return $response;
        }

@@ -148,6 +157,14 @@ class SupportResourceController extends Controller
        $model->fill($payload);
        $model->save();

+        app(SuperAdminAuditLogger::class)->record(
+            SupportApiRegistry::auditAction($resource, 'updated'),
+            $model,
+            SuperAdminAuditLogger::fieldsMetadata($payload),
+            actor: $request->user(),
+            source: static::class
+        );
+
        return response()->json([
            'data' => $model->refresh(),
        ]);
@@ -155,7 +172,7 @@ class SupportResourceController extends Controller

    public function destroy(Request $request, string $resource, string $record): JsonResponse
    {
-        if ($response = SupportApiAuthorizer::authorizeResource($request, $resource, 'write')) {
+        if ($response = SupportApiAuthorizer::authorizeAnyAbility($request, SupportApiRegistry::abilitiesFor($resource, 'write'), 'write')) {
            return $response;
        }

@@ -171,6 +188,14 @@ class SupportResourceController extends Controller

        $model->delete();

+        app(SuperAdminAuditLogger::class)->record(
+            SupportApiRegistry::auditAction($resource, 'deleted'),
+            $model,
+            SuperAdminAuditLogger::fieldsMetadata([]),
+            actor: $request->user(),
+            source: static::class
+        );
+
        return response()->json(['ok' => true]);
    }