From aaec6af6adb20e2ad6521235b4fe79bb11adb050 Mon Sep 17 00:00:00 2001 From: Cory Hawkvelt Date: Mon, 20 Apr 2026 16:57:37 +0930 Subject: [PATCH] feat(audit): add audit logging for organization invites Log ORG_INVITE_SENT action when a user sends an organization invite, capturing the invited email and role in the audit metadata. --- gatehouse_app/api/v1/organizations/invites.py | 16 +++++++++++++++- gatehouse_app/utils/constants.py | 1 + 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/gatehouse_app/api/v1/organizations/invites.py b/gatehouse_app/api/v1/organizations/invites.py index ad51068..762d5a2 100644 --- a/gatehouse_app/api/v1/organizations/invites.py +++ b/gatehouse_app/api/v1/organizations/invites.py @@ -8,7 +8,8 @@ from gatehouse_app.services.notification_service import NotificationService from gatehouse_app.services.auth_service import AuthService from gatehouse_app.services.organization_service import OrganizationService from gatehouse_app.services.email_templates import build_org_invite_html -from gatehouse_app.utils.constants import OrganizationRole +from gatehouse_app.utils.constants import AuditAction, OrganizationRole +from gatehouse_app.services.audit_service import AuditService @api_v1_bp.route("/organizations//invites", methods=["POST"]) @@ -56,6 +57,19 @@ def create_org_invite(org_id): logging.getLogger(__name__).info(f"[INVITE] Email queued for {email}") email_sent = True # async — assume queued successfully + AuditService.log_action( + action=AuditAction.ORG_INVITE_SENT, + user_id=g.current_user.id, + organization_id=org_id, + resource_type="org_invite", + resource_id=invite.id, + metadata={ + "invited_email": email, + "role": role, + }, + description=f"Invitation sent to {email} with role {role}", + ) + response_data = { "invite": { "id": invite.id, diff --git a/gatehouse_app/utils/constants.py b/gatehouse_app/utils/constants.py index 9968a01..1d600b7 100644 --- a/gatehouse_app/utils/constants.py +++ b/gatehouse_app/utils/constants.py @@ -75,6 +75,7 @@ class AuditAction(str, Enum): ORG_MEMBER_REMOVE = "org.member.remove" ORG_MEMBER_ROLE_CHANGE = "org.member.role_change" ORG_OWNERSHIP_TRANSFERRED = "org.ownership.transferred" + ORG_INVITE_SENT = "org.invite.sent" # Session actions SESSION_CREATE = "session.create"