Add system settings, audit logging, user management, and dark mode fixes

System Settings: - Add SystemSettings.vue with Zabbix integration, SMTP/email config, SAML SSO settings - Add Setting model with key-value storage and typed values - Add settings API with caching Audit Logging: - Add AuditLog model tracking user, IP, action, entity changes - Add comprehensive audit logging to all CRUD operations: - Machines, Computers, Equipment, Network devices, VLANs, Subnets - Printers, USB devices (including checkout/checkin) - Applications, Settings, Users/Roles - Track old/new values for all field changes - Mask sensitive values (passwords, tokens) in logs User Management: - Add UsersList.vue with full user CRUD - Add Role management with granular permissions - Add 41 predefined permissions across 10 categories - Add users API with roles and permissions endpoints Reports: - Add TonerReport.vue for printer supply monitoring Dark Mode Fixes: - Fix map position section in PCForm, PrinterForm - Fix alert-warning in KnowledgeBaseDetail - All components now use CSS variables for theming CLI Commands: - Add flask seed permissions - Add flask seed settings Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 22:16:56 -05:00
parent 9efdb5f52d
commit e18c7c2d87
40 changed files with 4221 additions and 39 deletions
--- a/shopdb/core/models/auditlog.py
+++ b/shopdb/core/models/auditlog.py
@@ -0,0 +1,156 @@
+"""Audit log model for tracking changes."""
+
+from datetime import datetime
+from shopdb.extensions import db
+
+
+class AuditLog(db.Model):
+    """
+    Audit log for tracking user actions.
+
+    Records who did what, when, from where, and what changed.
+    """
+    __tablename__ = 'auditlogs'
+
+    auditlogid = db.Column(db.Integer, primary_key=True)
+
+    # Who
+    userid = db.Column(db.Integer, db.ForeignKey('users.userid'), nullable=True)
+    username = db.Column(db.String(100), nullable=True)  # Denormalized for history
+
+    # When
+    timestamp = db.Column(db.DateTime, default=datetime.utcnow, nullable=False, index=True)
+
+    # Where (client info)
+    ipaddress = db.Column(db.String(45), nullable=True)  # IPv6 max length
+    useragent = db.Column(db.String(255), nullable=True)
+
+    # What
+    action = db.Column(db.String(20), nullable=False, index=True)  # created, updated, deleted
+    entitytype = db.Column(db.String(50), nullable=False, index=True)  # Asset, Printer, Setting, etc.
+    entityid = db.Column(db.Integer, nullable=True)  # ID of the affected record
+    entityname = db.Column(db.String(255), nullable=True)  # Human-readable identifier
+
+    # Changes (stored as JSON text)
+    _changes = db.Column('changes', db.Text, nullable=True)  # {"field": {"old": x, "new": y}, ...}
+
+    @property
+    def changes(self):
+        """Get changes as dict."""
+        if self._changes:
+            import json
+            try:
+                return json.loads(self._changes)
+            except (json.JSONDecodeError, TypeError):
+                return None
+        return None
+
+    @changes.setter
+    def changes(self, value):
+        """Set changes from dict."""
+        if value is not None:
+            import json
+            self._changes = json.dumps(value)
+        else:
+            self._changes = None
+
+    # Additional context
+    details = db.Column(db.Text, nullable=True)  # Optional description
+
+    # Relationship
+    user = db.relationship('User', backref=db.backref('auditlogs', lazy='dynamic'))
+
+    def to_dict(self):
+        return {
+            'auditlogid': self.auditlogid,
+            'userid': self.userid,
+            'username': self.username,
+            'timestamp': self.timestamp.isoformat() + 'Z' if self.timestamp else None,
+            'ipaddress': self.ipaddress,
+            'useragent': self.useragent,
+            'action': self.action,
+            'entitytype': self.entitytype,
+            'entityid': self.entityid,
+            'entityname': self.entityname,
+            'changes': self.changes,
+            'details': self.details
+        }
+
+    @classmethod
+    def log(cls, action: str, entitytype: str, entityid: int = None,
+            entityname: str = None, changes: dict = None, details: str = None,
+            user=None, request=None):
+        """
+        Create an audit log entry.
+
+        Args:
+            action: 'created', 'updated', 'deleted'
+            entitytype: Type of entity (e.g., 'Asset', 'Printer', 'Setting')
+            entityid: ID of the affected record
+            entityname: Human-readable name/identifier
+            changes: Dict of field changes {"field": {"old": x, "new": y}}
+            details: Optional description
+            user: Current user object (or will try to get from flask-jwt-extended)
+            request: Flask request object (or will try to get current request)
+        """
+        from flask import request as flask_request
+        from flask_jwt_extended import current_user, verify_jwt_in_request
+
+        # Get user info
+        if user is None:
+            try:
+                verify_jwt_in_request(optional=True)
+                user = current_user
+            except:
+                pass
+
+        userid = user.userid if user else None
+        username = user.username if user else None
+
+        # Get request info
+        req = request or flask_request
+        ipaddress = None
+        useragent = None
+
+        if req:
+            # Handle proxy forwarding
+            ipaddress = req.headers.get('X-Forwarded-For', req.remote_addr)
+            if ipaddress and ',' in ipaddress:
+                ipaddress = ipaddress.split(',')[0].strip()
+            useragent = req.headers.get('User-Agent', '')[:255]
+
+        entry = cls(
+            userid=userid,
+            username=username,
+            ipaddress=ipaddress,
+            useragent=useragent,
+            action=action,
+            entitytype=entitytype,
+            entityid=entityid,
+            entityname=entityname,
+            changes=changes,
+            details=details
+        )
+
+        db.session.add(entry)
+        # Don't commit here - let the caller handle transaction
+        return entry
+
+    @classmethod
+    def log_create(cls, entitytype: str, entity, name_field: str = 'name'):
+        """Log a create action."""
+        entityname = getattr(entity, name_field, None) or str(entity)
+        entityid = getattr(entity, f'{entitytype.lower()}id', None) or getattr(entity, 'id', None)
+        return cls.log('created', entitytype, entityid=entityid, entityname=entityname)
+
+    @classmethod
+    def log_update(cls, entitytype: str, entity, changes: dict, name_field: str = 'name'):
+        """Log an update action with changes."""
+        entityname = getattr(entity, name_field, None) or str(entity)
+        entityid = getattr(entity, f'{entitytype.lower()}id', None) or getattr(entity, 'id', None)
+        return cls.log('updated', entitytype, entityid=entityid, entityname=entityname, changes=changes)
+
+    @classmethod
+    def log_delete(cls, entitytype: str, entityid: int, entityname: str = None):
+        """Log a delete action."""
+        return cls.log('deleted', entitytype, entityid=entityid, entityname=entityname)