from app.celery_app import celery_app from app.db.session import SessionLocal from common_logging import get_logger logger = get_logger(__name__) @celery_app.task(name="log_permission_check") def log_permission_check( user_id: int, tenant_id: int, resource: str, action: str, result: bool, role_id: int | None = None, ip_address: str | None = None, user_agent: str | None = None, request_path: str | None = None, ): db = SessionLocal() try: from app.models.permission_audit_log import PermissionAuditLog log = PermissionAuditLog( action_type="check", user_id=user_id, tenant_id=tenant_id, resource=resource, action=action, role_id=role_id, result=result, ip_address=ip_address, user_agent=user_agent, request_path=request_path, ) db.add(log) db.commit() except Exception as e: logger.error(f"Failed to log permission check: {e}") db.rollback() finally: db.close() @celery_app.task(name="log_permission_change") def log_permission_change( action_type: str, tenant_id: int, resource: str, action: str, role: str, user_id: int = 0, ip_address: str | None = None, user_agent: str | None = None, request_path: str | None = None, ): db = SessionLocal() try: from app.models.permission_audit_log import PermissionAuditLog role_id = None if ":" in role: role_part = role.split(":")[-1] if role_part.isdigit(): role_id = int(role_part) log = PermissionAuditLog( action_type=action_type, user_id=user_id, tenant_id=tenant_id, resource=resource, action=action, role_id=role_id, ip_address=ip_address, user_agent=user_agent, request_path=request_path, ) db.add(log) db.commit() except Exception as e: logger.error(f"Failed to log permission change: {e}") db.rollback() finally: db.close()