feat: capture query params in audit log details for all requests

2026-03-05 05:13:21 +00:00 · 2026-02-25 05:24:16 +03:00
parent 388fc7ee67
commit bea9da96d4
1 changed files with 8 additions and 4 deletions
--- a/app/cabinet/dependencies.py
+++ b/app/cabinet/dependencies.py
@@ -326,17 +326,21 @@ def require_permission(*permissions: str):
                    detail=f'Permission denied: {reason}',
                )

-        # Capture request body for mutating methods
-        details: dict | None = None
+        # Capture request details
+        details: dict = {}
        if request.method in ('POST', 'PUT', 'PATCH', 'DELETE'):
            try:
                body = await request.body()
                if body:
                    import json

-                    details = {'request_body': json.loads(body)}
+                    details['request_body'] = json.loads(body)
            except Exception:
                pass
+        # Capture query params for all methods
+        query_params = dict(request.query_params)
+        if query_params:
+            details['query_params'] = query_params

        # Log successful access with all requested permissions
        await PermissionService.log_action(
@@ -349,7 +353,7 @@ def require_permission(*permissions: str):
            user_agent=user_agent,
            request_method=request.method,
            request_path=str(request.url.path),
-            details=details,
+            details=details or None,
        )
        await db.commit()
        return user