Hacker-Software/opencrm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

complete new audit system

Browse Source
This commit is contained in:
duffyduck
2026-03-21 18:23:54 +01:00
parent 4f359df161
commit 219e1930f7
159 changed files with 2841 additions and 736 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/dist/services/user.service.js
Vendored
+43 -44
View File
@@ -14,10 +14,9 @@ exports.createRole = createRole;
exports.updateRole = updateRole;
exports.deleteRole = deleteRole;
exports.getAllPermissions = getAllPermissions;
const client_1 = require("@prisma/client");
const prisma_js_1 = __importDefault(require("../lib/prisma.js"));
const bcryptjs_1 = __importDefault(require("bcryptjs"));
const helpers_js_1 = require("../utils/helpers.js");
const prisma = new client_1.PrismaClient();
async function getAllUsers(filters) {
const { search, isActive, roleId, page = 1, limit = 20 } = filters;
const { skip, take } = (0, helpers_js_1.paginate)(page, limit);
@@ -36,7 +35,7 @@ async function getAllUsers(filters) {
];
}
const [users, total] = await Promise.all([
prisma.user.findMany({
prisma_js_1.default.user.findMany({
where,
skip,
take,
@@ -63,12 +62,12 @@ async function getAllUsers(filters) {
},
},
}),
prisma.user.count({ where }),
prisma_js_1.default.user.count({ where }),
]);
// Get hidden role IDs
const [developerRole, gdprRole] = await Promise.all([
prisma.role.findFirst({ where: { name: 'Developer' } }),
prisma.role.findFirst({ where: { name: 'DSGVO' } }),
prisma_js_1.default.role.findFirst({ where: { name: 'Developer' } }),
prisma_js_1.default.role.findFirst({ where: { name: 'DSGVO' } }),
]);
return {
users: users.map((u) => {
@@ -89,7 +88,7 @@ async function getAllUsers(filters) {
};
}
async function getUserById(id) {
const user = await prisma.user.findUnique({
const user = await prisma_js_1.default.user.findUnique({
where: { id },
select: {
id: true,
@@ -132,7 +131,7 @@ async function getUserById(id) {
}
async function createUser(data) {
const hashedPassword = await bcryptjs_1.default.hash(data.password, 10);
const user = await prisma.user.create({
const user = await prisma_js_1.default.user.create({
data: {
email: data.email,
password: hashedPassword,
@@ -175,7 +174,7 @@ async function updateUser(id, data) {
const rolesAreBeingChanged = roleIds !== undefined;
if (isBeingDeactivated || rolesAreBeingChanged) {
// Check if user currently has admin permissions
const currentUser = await prisma.user.findUnique({
const currentUser = await prisma_js_1.default.user.findUnique({
where: { id },
include: {
roles: {
@@ -196,7 +195,7 @@ async function updateUser(id, data) {
// Check if user will still be admin after role change
let willStillBeAdmin = false;
if (rolesAreBeingChanged) {
const newRoles = await prisma.role.findMany({
const newRoles = await prisma_js_1.default.role.findMany({
where: { id: { in: roleIds } },
include: {
permissions: {
@@ -211,7 +210,7 @@ async function updateUser(id, data) {
}
// If user is losing admin status or being deactivated, check for other admins
if (!willStillBeAdmin || isBeingDeactivated) {
const otherAdminCount = await prisma.user.count({
const otherAdminCount = await prisma_js_1.default.user.count({
where: {
id: { not: id },
isActive: true,
@@ -249,7 +248,7 @@ async function updateUser(id, data) {
// Prüfen ob Rollen geändert werden (für Zwangslogout)
let rolesChanged = false;
if (roleIds !== undefined) {
const currentRoles = await prisma.userRole.findMany({
const currentRoles = await prisma_js_1.default.userRole.findMany({
where: { userId: id },
select: { roleId: true },
});
@@ -260,7 +259,7 @@ async function updateUser(id, data) {
!currentRoleIds.every((id, i) => id === newRoleIds[i]);
}
// Update user - bei Rollenänderung Token invalidieren
await prisma.user.update({
await prisma_js_1.default.user.update({
where: { id },
data: {
...userData,
@@ -270,8 +269,8 @@ async function updateUser(id, data) {
});
// Update roles if provided
if (roleIds) {
await prisma.userRole.deleteMany({ where: { userId: id } });
await prisma.userRole.createMany({
await prisma_js_1.default.userRole.deleteMany({ where: { userId: id } });
await prisma_js_1.default.userRole.createMany({
data: roleIds.map((roleId) => ({ userId: id, roleId })),
});
}
@@ -288,20 +287,20 @@ async function updateUser(id, data) {
// Helper to set developer access for a user
async function setUserDeveloperAccess(userId, enabled) {
// Get or create developer:access permission
let developerPerm = await prisma.permission.findFirst({
let developerPerm = await prisma_js_1.default.permission.findFirst({
where: { resource: 'developer', action: 'access' },
});
if (!developerPerm) {
developerPerm = await prisma.permission.create({
developerPerm = await prisma_js_1.default.permission.create({
data: { resource: 'developer', action: 'access' },
});
}
// Get or create Developer role
let developerRole = await prisma.role.findFirst({
let developerRole = await prisma_js_1.default.role.findFirst({
where: { name: 'Developer' },
});
if (!developerRole) {
developerRole = await prisma.role.create({
developerRole = await prisma_js_1.default.role.create({
data: {
name: 'Developer',
description: 'Entwicklerzugriff auf Datenbanktools',
@@ -312,25 +311,25 @@ async function setUserDeveloperAccess(userId, enabled) {
});
}
// Check if user already has Developer role
const hasRole = await prisma.userRole.findFirst({
const hasRole = await prisma_js_1.default.userRole.findFirst({
where: { userId, roleId: developerRole.id },
});
if (enabled && !hasRole) {
await prisma.userRole.create({
await prisma_js_1.default.userRole.create({
data: { userId, roleId: developerRole.id },
});
// Token invalidieren bei Rechteänderung
await prisma.user.update({
await prisma_js_1.default.user.update({
where: { id: userId },
data: { tokenInvalidatedAt: new Date() },
});
}
else if (!enabled && hasRole) {
await prisma.userRole.delete({
await prisma_js_1.default.userRole.delete({
where: { userId_roleId: { userId, roleId: developerRole.id } },
});
// Token invalidieren bei Rechteänderung
await prisma.user.update({
await prisma_js_1.default.user.update({
where: { id: userId },
data: { tokenInvalidatedAt: new Date() },
});
@@ -339,17 +338,17 @@ async function setUserDeveloperAccess(userId, enabled) {
// Helper to set GDPR access for a user
async function setUserGdprAccess(userId, enabled) {
// Get or create DSGVO role
let gdprRole = await prisma.role.findFirst({
let gdprRole = await prisma_js_1.default.role.findFirst({
where: { name: 'DSGVO' },
});
if (!gdprRole) {
// Create DSGVO role with all audit:* and gdpr:* permissions
const gdprPermissions = await prisma.permission.findMany({
const gdprPermissions = await prisma_js_1.default.permission.findMany({
where: {
OR: [{ resource: 'audit' }, { resource: 'gdpr' }],
},
});
gdprRole = await prisma.role.create({
gdprRole = await prisma_js_1.default.role.create({
data: {
name: 'DSGVO',
description: 'DSGVO-Zugriff: Audit-Logs und Datenschutz-Verwaltung',
@@ -360,23 +359,23 @@ async function setUserGdprAccess(userId, enabled) {
});
}
// Check if user already has DSGVO role
const hasRole = await prisma.userRole.findFirst({
const hasRole = await prisma_js_1.default.userRole.findFirst({
where: { userId, roleId: gdprRole.id },
});
if (enabled && !hasRole) {
await prisma.userRole.create({
await prisma_js_1.default.userRole.create({
data: { userId, roleId: gdprRole.id },
});
await prisma.user.update({
await prisma_js_1.default.user.update({
where: { id: userId },
data: { tokenInvalidatedAt: new Date() },
});
}
else if (!enabled && hasRole) {
await prisma.userRole.delete({
await prisma_js_1.default.userRole.delete({
where: { userId_roleId: { userId, roleId: gdprRole.id } },
});
await prisma.user.update({
await prisma_js_1.default.user.update({
where: { id: userId },
data: { tokenInvalidatedAt: new Date() },
});
@@ -384,7 +383,7 @@ async function setUserGdprAccess(userId, enabled) {
}
async function deleteUser(id) {
// Check if user is an admin
const user = await prisma.user.findUnique({
const user = await prisma_js_1.default.user.findUnique({
where: { id },
include: {
roles: {
@@ -407,7 +406,7 @@ async function deleteUser(id) {
const isAdmin = user.roles.some((ur) => ur.role.permissions.some((rp) => rp.permission.resource === 'users' && rp.permission.action === 'delete'));
if (isAdmin) {
// Count other admins (users with users:delete permission)
const adminCount = await prisma.user.count({
const adminCount = await prisma_js_1.default.user.count({
where: {
id: { not: id },
isActive: true,
@@ -431,11 +430,11 @@ async function deleteUser(id) {
throw new Error('Dieser Benutzer ist der letzte Administrator und kann nicht gelöscht werden');
}
}
return prisma.user.delete({ where: { id } });
return prisma_js_1.default.user.delete({ where: { id } });
}
// Role operations
async function getAllRoles() {
return prisma.role.findMany({
return prisma_js_1.default.role.findMany({
include: {
permissions: {
include: { permission: true },
@@ -448,7 +447,7 @@ async function getAllRoles() {
});
}
async function getRoleById(id) {
return prisma.role.findUnique({
return prisma_js_1.default.role.findUnique({
where: { id },
include: {
permissions: {
@@ -458,7 +457,7 @@ async function getRoleById(id) {
});
}
async function createRole(data) {
return prisma.role.create({
return prisma_js_1.default.role.create({
data: {
name: data.name,
description: data.description,
@@ -475,13 +474,13 @@ async function createRole(data) {
}
async function updateRole(id, data) {
const { permissionIds, ...roleData } = data;
await prisma.role.update({
await prisma_js_1.default.role.update({
where: { id },
data: roleData,
});
if (permissionIds) {
await prisma.rolePermission.deleteMany({ where: { roleId: id } });
await prisma.rolePermission.createMany({
await prisma_js_1.default.rolePermission.deleteMany({ where: { roleId: id } });
await prisma_js_1.default.rolePermission.createMany({
data: permissionIds.map((permissionId) => ({ roleId: id, permissionId })),
});
}
@@ -489,15 +488,15 @@ async function updateRole(id, data) {
}
async function deleteRole(id) {
// Check if role is assigned to any users
const count = await prisma.userRole.count({ where: { roleId: id } });
const count = await prisma_js_1.default.userRole.count({ where: { roleId: id } });
if (count > 0) {
throw new Error(`Rolle kann nicht gelöscht werden, da sie ${count} Benutzern zugewiesen ist`);
}
return prisma.role.delete({ where: { id } });
return prisma_js_1.default.role.delete({ where: { id } });
}
// Permission operations
async function getAllPermissions() {
return prisma.permission.findMany({
return prisma_js_1.default.permission.findMany({
orderBy: [{ resource: 'asc' }, { action: 'asc' }],
});
}