From 0ee7d91528d565c333288cf8a0353a7812127d69 Mon Sep 17 00:00:00 2001
From: Sebastian Frick <sebastian@monkeysquad.de>
Date: Wed, 18 Feb 2026 12:03:02 +0100
Subject: [PATCH] fix: audit log entity_id zu lang bei
 ROLE_ASSIGNED/ROLE_REMOVED
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

AssignRole und RemoveRole übergaben einen zusammengesetzten String
("User: uuid, Role: NAME") als entity_id-Spalte, die nur VARCHAR(36)
erlaubt. Neuer AuditLogger-Overload log(event, entityId, details, actor)
trennt UUID und Zusatzinformationen sauber.
---
 .../usermanagement/AssignRole.java            |  2 +-
 .../usermanagement/AuditLogger.java           | 10 +++++++++
 .../usermanagement/RemoveRole.java            |  2 +-
 .../audit/DatabaseAuditLogger.java            | 22 +++++++++++++++++++
 4 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/backend/src/main/java/de/effigenix/application/usermanagement/AssignRole.java b/backend/src/main/java/de/effigenix/application/usermanagement/AssignRole.java
index 1d01660..989e50b 100644
--- a/backend/src/main/java/de/effigenix/application/usermanagement/AssignRole.java
+++ b/backend/src/main/java/de/effigenix/application/usermanagement/AssignRole.java
@@ -73,7 +73,7 @@ public class AssignRole {
         }
 
         // 4. Audit log
-        auditLogger.log(AuditEvent.ROLE_ASSIGNED, "User: " + userId.value() + ", Role: " + role.name(), performedBy);
+        auditLogger.log(AuditEvent.ROLE_ASSIGNED, userId.value(), "Role: " + role.name(), performedBy);
 
         return Result.success(UserDTO.from(user));
     }
diff --git a/backend/src/main/java/de/effigenix/application/usermanagement/AuditLogger.java b/backend/src/main/java/de/effigenix/application/usermanagement/AuditLogger.java
index 942617c..9e295c2 100644
--- a/backend/src/main/java/de/effigenix/application/usermanagement/AuditLogger.java
+++ b/backend/src/main/java/de/effigenix/application/usermanagement/AuditLogger.java
@@ -27,6 +27,16 @@ public interface AuditLogger {
      */
     void log(AuditEvent event, String details);
 
+    /**
+     * Logs an audit event with entity and additional details.
+     *
+     * @param event Event type
+     * @param entityId ID of the entity affected (UUID, max 36 chars)
+     * @param details Additional details (e.g., role name, reason)
+     * @param performedBy Actor who performed the action
+     */
+    void log(AuditEvent event, String entityId, String details, ActorId performedBy);
+
     /**
      * Logs an audit event without entity (e.g., LOGIN_SUCCESS).
      *
diff --git a/backend/src/main/java/de/effigenix/application/usermanagement/RemoveRole.java b/backend/src/main/java/de/effigenix/application/usermanagement/RemoveRole.java
index 9fd25b4..742497b 100644
--- a/backend/src/main/java/de/effigenix/application/usermanagement/RemoveRole.java
+++ b/backend/src/main/java/de/effigenix/application/usermanagement/RemoveRole.java
@@ -80,7 +80,7 @@ public class RemoveRole {
         }
 
         // 4. Audit log
-        auditLogger.log(AuditEvent.ROLE_REMOVED, "User: " + userId + ", Role: " + roleName, performedBy);
+        auditLogger.log(AuditEvent.ROLE_REMOVED, userId, "Role: " + roleName, performedBy);
 
         return Result.success(UserDTO.from(user));
     }
diff --git a/backend/src/main/java/de/effigenix/infrastructure/audit/DatabaseAuditLogger.java b/backend/src/main/java/de/effigenix/infrastructure/audit/DatabaseAuditLogger.java
index 4556efb..ea3d50e 100644
--- a/backend/src/main/java/de/effigenix/infrastructure/audit/DatabaseAuditLogger.java
+++ b/backend/src/main/java/de/effigenix/infrastructure/audit/DatabaseAuditLogger.java
@@ -85,6 +85,28 @@ public class DatabaseAuditLogger implements AuditLogger {
         }
     }
 
+    @Override
+    @Transactional(propagation = Propagation.REQUIRES_NEW)
+    public void log(AuditEvent event, String entityId, String details, ActorId performedBy) {
+        try {
+            AuditLogEntity auditLog = new AuditLogEntity(
+                    UUID.randomUUID().toString(),
+                    event,
+                    entityId,
+                    performedBy.value(),
+                    details,
+                    LocalDateTime.now(),
+                    getClientIpAddress(),
+                    getUserAgent()
+            );
+
+            repository.save(auditLog);
+            log.debug("Audit log created: event={}, entityId={}, details={}, actor={}", event, entityId, details, performedBy.value());
+        } catch (Exception e) {
+            log.error("Failed to create audit log: event={}, entityId={}, details={}, actor={}", event, entityId, details, performedBy.value(), e);
+        }
+    }
+
     @Override
     @Transactional(propagation = Propagation.REQUIRES_NEW)
     public void log(AuditEvent event, ActorId performedBy) {