backend/app/api/audit_logs.py

# =============================================================================
# 企微IT智能服务台 — 审计日志 API (v0.7.1 task #89)
# =============================================================================
# 说明: 审计日志只读端点,给 auditor / admin 用
# 权限要求: audit_log:read:all (由 RBAC 装饰器校验)
# =============================================================================

import logging
from datetime import datetime
from typing import Optional

from fastapi import APIRouter, Depends, Query
from sqlalchemy.ext.asyncio import AsyncSession

from app.dependencies import require_permission, UserInfo
from app.database import get_db
from app.services.audit_log_service import list_audit_logs
from app.utils.response import success_response

logger = logging.getLogger(__name__)

router = APIRouter(prefix="/admin/audit-logs", tags=["审计日志"])


@router.get("")
@require_permission("audit_log", "read", "all")
async def get_audit_logs(
    employee_id: Optional[str] = Query(None, description="按操作人过滤"),
    action: Optional[str] = Query(None, description="按操作类型过滤"),
    resource: Optional[str] = Query(None, description="按资源类型过滤"),
    from_time: Optional[datetime] = Query(None, alias="from", description="起始时间(ISO8601)"),
    to_time: Optional[datetime] = Query(None, alias="to", description="结束时间(ISO8601)"),
    page: int = Query(1, ge=1, description="页码"),
    page_size: int = Query(50, ge=1, le=500, description="每页条数"),
    admin: UserInfo = None,  # 由 require_permission 注入(签名合并)
    db: AsyncSession = Depends(get_db),
):
    """查询审计日志(分页)。

    权限: 需要 audit_log:read:all (admin / auditor 角色拥有)

    Returns:
        Dict: 统一响应格式,包含 items/total/page/page_size
    """
    result = await list_audit_logs(
        db,
        employee_id=employee_id,
        action=action,
        resource=resource,
        from_time=from_time,
        to_time=to_time,
        page=page,
        page_size=page_size,
    )

    return success_response(data={
        "items": [
            {
                "id": log.id,
                "employee_id": log.employee_id,
                "action": log.action,
                "resource": log.resource,
                "resource_id": log.resource_id,
                "details": log.details,
                "result": log.result,
                "ip_address": log.ip_address,
                "user_agent": log.user_agent,
                "created_at": log.created_at.isoformat() if log.created_at else None,
            }
            for log in result["items"]
        ],
        "total": result["total"],
        "page": result["page"],
        "page_size": result["page_size"],
    })
feat(v0.7.1): P0 修复 + 企微 SSO + RBAC 细粒度 + audit_log 2026-06-22 17:38:47 +08:00			`# =============================================================================`
			`# 企微IT智能服务台 — 审计日志 API (v0.7.1 task #89)`
			`# =============================================================================`
			`# 说明: 审计日志只读端点,给 auditor / admin 用`
			`# 权限要求: audit_log:read:all (由 RBAC 装饰器校验)`
			`# =============================================================================`

			`import logging`
			`from datetime import datetime`
			`from typing import Optional`

			`from fastapi import APIRouter, Depends, Query`
			`from sqlalchemy.ext.asyncio import AsyncSession`

			`from app.dependencies import require_permission, UserInfo`
			`from app.database import get_db`
			`from app.services.audit_log_service import list_audit_logs`
			`from app.utils.response import success_response`

			`logger = logging.getLogger(__name__)`

			`router = APIRouter(prefix="/admin/audit-logs", tags=["审计日志"])`


			`@router.get("")`
			`@require_permission("audit_log", "read", "all")`
			`async def get_audit_logs(`
			`employee_id: Optional[str] = Query(None, description="按操作人过滤"),`
			`action: Optional[str] = Query(None, description="按操作类型过滤"),`
			`resource: Optional[str] = Query(None, description="按资源类型过滤"),`
			`from_time: Optional[datetime] = Query(None, alias="from", description="起始时间(ISO8601)"),`
			`to_time: Optional[datetime] = Query(None, alias="to", description="结束时间(ISO8601)"),`
			`page: int = Query(1, ge=1, description="页码"),`
			`page_size: int = Query(50, ge=1, le=500, description="每页条数"),`
			`admin: UserInfo = None, # 由 require_permission 注入(签名合并)`
			`db: AsyncSession = Depends(get_db),`
			`):`
			`"""查询审计日志(分页)。`

			`权限: 需要 audit_log:read:all (admin / auditor 角色拥有)`

			`Returns:`
			`Dict: 统一响应格式,包含 items/total/page/page_size`
			`"""`
			`result = await list_audit_logs(`
			`db,`
			`employee_id=employee_id,`
			`action=action,`
			`resource=resource,`
			`from_time=from_time,`
			`to_time=to_time,`
			`page=page,`
			`page_size=page_size,`
			`)`

			`return success_response(data={`
			`"items": [`
			`{`
			`"id": log.id,`
			`"employee_id": log.employee_id,`
			`"action": log.action,`
			`"resource": log.resource,`
			`"resource_id": log.resource_id,`
			`"details": log.details,`
			`"result": log.result,`
			`"ip_address": log.ip_address,`
			`"user_agent": log.user_agent,`
			`"created_at": log.created_at.isoformat() if log.created_at else None,`
			`}`
			`for log in result["items"]`
			`],`
			`"total": result["total"],`
			`"page": result["page"],`
			`"page_size": result["page_size"],`
			`})`