mirror of
https://github.com/TronoSfera/Law.git
synced 2026-05-18 18:13:46 +03:00
51 lines
2.6 KiB
Python
51 lines
2.6 KiB
Python
"""add security audit log table for file access events
|
|
|
|
Revision ID: 0014_security_audit_log
|
|
Revises: 0013_status_kind_billing
|
|
Create Date: 2026-02-23
|
|
"""
|
|
|
|
from alembic import op
|
|
import sqlalchemy as sa
|
|
from sqlalchemy.dialects import postgresql
|
|
|
|
revision = "0014_security_audit_log"
|
|
down_revision = "0013_status_kind_billing"
|
|
branch_labels = None
|
|
depends_on = None
|
|
|
|
|
|
def upgrade():
|
|
op.create_table(
|
|
"security_audit_log",
|
|
sa.Column("id", postgresql.UUID(as_uuid=True), primary_key=True),
|
|
sa.Column("created_at", sa.DateTime(timezone=True), nullable=True),
|
|
sa.Column("updated_at", sa.DateTime(timezone=True), nullable=True),
|
|
sa.Column("responsible", sa.String(length=200), nullable=False, server_default="Администратор системы"),
|
|
sa.Column("actor_role", sa.String(length=30), nullable=False),
|
|
sa.Column("actor_subject", sa.String(length=200), nullable=False, server_default=""),
|
|
sa.Column("actor_ip", sa.String(length=64), nullable=True),
|
|
sa.Column("action", sa.String(length=50), nullable=False),
|
|
sa.Column("scope", sa.String(length=50), nullable=False),
|
|
sa.Column("object_key", sa.String(length=500), nullable=True),
|
|
sa.Column("request_id", postgresql.UUID(as_uuid=True), nullable=True),
|
|
sa.Column("attachment_id", postgresql.UUID(as_uuid=True), nullable=True),
|
|
sa.Column("allowed", sa.Boolean(), nullable=False, server_default=sa.true()),
|
|
sa.Column("reason", sa.String(length=400), nullable=True),
|
|
sa.Column("details", sa.JSON(), nullable=False, server_default=sa.text("'{}'::json")),
|
|
)
|
|
op.create_index("ix_security_audit_log_created_at", "security_audit_log", ["created_at"])
|
|
op.create_index("ix_security_audit_log_allowed", "security_audit_log", ["allowed"])
|
|
op.create_index("ix_security_audit_log_action", "security_audit_log", ["action"])
|
|
op.create_index("ix_security_audit_log_actor_subject", "security_audit_log", ["actor_subject"])
|
|
op.alter_column("security_audit_log", "details", server_default=None)
|
|
op.alter_column("security_audit_log", "allowed", server_default=None)
|
|
op.alter_column("security_audit_log", "actor_subject", server_default=None)
|
|
|
|
|
|
def downgrade():
|
|
op.drop_index("ix_security_audit_log_actor_subject", table_name="security_audit_log")
|
|
op.drop_index("ix_security_audit_log_action", table_name="security_audit_log")
|
|
op.drop_index("ix_security_audit_log_allowed", table_name="security_audit_log")
|
|
op.drop_index("ix_security_audit_log_created_at", table_name="security_audit_log")
|
|
op.drop_table("security_audit_log")
|