Hacker-Software/opencrm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(gdpr): processedBy aus useAuth statt totem localStorage('user')

Browse Source 
localStorage('user') wird seit dem AuthContext-Umbau (Refresh-Cookie-
Pattern) nirgendwo mehr gesetzt → liefert immer null → der Fallback
ließ den `processedBy` in der GDPR-Verarbeitungs-Spur immer auf
'System' fallen, auch wenn ein echter User die Aktion ausgelöst hat.

Subtiler Audit-Trail-Bug, kein Sicherheitsproblem (User-Identitätsdaten
sind kein Geheimnis und waren im React-State eh sichtbar). Aber
funktional jetzt korrekt: useAuth().user.email landet als
`processedBy` im Backend.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
duffyduck
2026-05-16 16:51:02 +02:00
parent c4e62f0f50
commit 8188d17c87
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/src/pages/settings/GDPRDashboard.tsx
+3 -2
View File
@@ -8,6 +8,7 @@ import Button from '../../components/ui/Button';
import Select from '../../components/ui/Select'; import Select from '../../components/ui/Select';
import { ArrowLeft, FileText, Users, CheckCircle, Clock, XCircle, AlertTriangle, Download, X, ChevronRight } from 'lucide-react'; import { ArrowLeft, FileText, Users, CheckCircle, Clock, XCircle, AlertTriangle, Download, X, ChevronRight } from 'lucide-react';
import { fileUrl } from '../../utils/fileUrl'; import { fileUrl } from '../../utils/fileUrl';
import { useAuth } from '../../context/AuthContext';
const STATUS_OPTIONS = [ const STATUS_OPTIONS = [
{ value: '', label: 'Alle Status' }, { value: '', label: 'Alle Status' },
@@ -155,6 +156,7 @@ function ProcessModal({ request, onClose, onProcess, isPending }: ProcessModalPr
export default function GDPRDashboard() { export default function GDPRDashboard() {
const navigate = useNavigate(); const navigate = useNavigate();
const queryClient = useQueryClient(); const queryClient = useQueryClient();
const { user } = useAuth();
const [statusFilter, setStatusFilter] = useState<DeletionRequestStatus | ''>(''); const [statusFilter, setStatusFilter] = useState<DeletionRequestStatus | ''>('');
const [selectedRequest, setSelectedRequest] = useState<DataDeletionRequest | null>(null); const [selectedRequest, setSelectedRequest] = useState<DataDeletionRequest | null>(null);
@@ -191,11 +193,10 @@ export default function GDPRDashboard() {
const handleProcess = (action: 'complete' | 'partial' | 'reject', reason?: string) => { const handleProcess = (action: 'complete' | 'partial' | 'reject', reason?: string) => {
if (!selectedRequest) return; if (!selectedRequest) return;
const user = JSON.parse(localStorage.getItem('user') || '{}');
processMutation.mutate({ processMutation.mutate({
id: selectedRequest.id, id: selectedRequest.id,
data: { data: {
processedBy: user.email || 'System', processedBy: user?.email || 'System',
action, action,
retentionReason: reason, retentionReason: reason,
}, },