Domain Admin

backend/src/routes/audit.ts

@@ -5,9 +5,45 @@ import { requireAuth } from '../middleware/auth.js';
 export const auditRouter = Router();
 auditRouter.use(requireAuth);
 
-auditRouter.get('/', async (_req, res) => {
+auditRouter.get('/', async (req, res) => {
+  const user = req.user!;
+
+  if (user.role === 'super_admin') {
+    // Super admin sees everything.
+    const result = await pool.query(
+      `SELECT * FROM audit_log ORDER BY created_at DESC LIMIT 200`,
+    );
+    res.json(result.rows);
+    return;
+  }
+
+  // Domain admin: filter to entries that touch one of their domains.
+  // We fetch a slightly larger window because filtering happens after the LIMIT
+  // would skip relevant rows. 1000 should be plenty for a single domain.
+  const allowed = (user.allowed_domains ?? []).map((d) => d.toLowerCase());
+  if (allowed.length === 0) {
+    res.json([]);
+    return;
+  }
+
   const result = await pool.query(
-    `SELECT * FROM audit_log ORDER BY created_at DESC LIMIT 200`,
+    `SELECT * FROM audit_log ORDER BY created_at DESC LIMIT 1000`,
   );
-  res.json(result.rows);
+
+  const visible = result.rows
+    .filter((row) => {
+      const t = String(row.target_type ?? '').toLowerCase();
+      const id = String(row.target_id ?? '').toLowerCase();
+      if (t === 'domain') return allowed.includes(id);
+      if (t === 'mailbox') {
+        const at = id.lastIndexOf('@');
+        if (at < 0) return false;
+        return allowed.includes(id.slice(at + 1));
+      }
+      // 'node' and unknown types: globally scoped, hidden from domain admins.
+      return false;
+    })
+    .slice(0, 200);
+
+  res.json(visible);
 });