From 432b2d5b1e2c4fd92da8fee44923f12d0c006f8e Mon Sep 17 00:00:00 2001 From: Masahiko AMANO Date: Tue, 16 Jun 2026 14:04:41 +0300 Subject: [PATCH] feat(backend): audit event for pool file reordering Reorder was the only pool-file operation that didn't record an audit entry, unlike AddFiles (file_pool_add) and RemoveFiles (file_pool_remove). Log file_pool_reorder on success and seed the new action type. Co-Authored-By: Claude Opus 4.8 --- backend/internal/service/pool_service.go | 7 ++++++- backend/migrations/007_seed_data.sql | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/backend/internal/service/pool_service.go b/backend/internal/service/pool_service.go index 307175d..66555e3 100644 --- a/backend/internal/service/pool_service.go +++ b/backend/internal/service/pool_service.go @@ -247,5 +247,10 @@ func (s *PoolService) Reorder(ctx context.Context, poolID uuid.UUID, fileIDs []u if err := s.authorizeEdit(ctx, poolID); err != nil { return err } - return s.pools.Reorder(ctx, poolID, fileIDs) + if err := s.pools.Reorder(ctx, poolID, fileIDs); err != nil { + return err + } + objType := poolObjectType + _ = s.audit.Log(ctx, "file_pool_reorder", &objType, &poolID, map[string]any{"count": len(fileIDs)}) + return nil } diff --git a/backend/migrations/007_seed_data.sql b/backend/migrations/007_seed_data.sql index 2486029..c58ed9f 100644 --- a/backend/migrations/007_seed_data.sql +++ b/backend/migrations/007_seed_data.sql @@ -30,7 +30,7 @@ INSERT INTO activity.action_types (name) VALUES ('pool_create'), ('pool_edit'), ('pool_delete'), -- Relations ('file_tag_add'), ('file_tag_remove'), - ('file_pool_add'), ('file_pool_remove'), + ('file_pool_add'), ('file_pool_remove'), ('file_pool_reorder'), -- ACL ('acl_change'), -- Admin