-
Notifications
You must be signed in to change notification settings - Fork 0
Audit Log
StaffPortal keeps an append-only audit trail of significant system events. Administrators review it under Admin, Audit Log.
Events are written by writeAuditLog in lib/audit.ts into the audit_logs table. Each entry records the actor, the action, the affected table and row, optional before and after snapshots, and the time. Recorded actions include:
- Authentication:
login,logout,sso_login,password_reset - Leave:
leave_submitted,leave_approved,leave_rejected,leave_accrued - Attendance and kiosk:
kiosk_clock_in,kiosk_clock_out, correction events - People and structure:
user_created,user_updated, role and department changes - Visitors, expenses, purchase requests, calendar, feedback, and complaints
- Data protection:
gdpr_export
The full action set is the audit_action enum, mirrored in the AuditAction type in types/database.ts. New values are added by ordered migrations (the May-2026 features added sso_login, leave_accrued, and gdpr_export in migration 025).
- Writes use the service-role client so an entry is always recorded regardless of the caller's row-level permissions.
- A write failure is logged but never breaks the originating operation, so auditing cannot take down a user action.
- The table is append-only in practice: the application never updates or deletes rows, and indexes on actor, entity, action, and time keep the admin view fast.
The Admin, Audit Log page shows the most recent events grouped by date, with quick counts for total events, logins, and changes. Each row shows the actor, the action, and the affected table.