fix(audit): enforce tenant scoping for audit log queries by kryputh · Pull Request #309 · CredenceOrg/Credence-Backend

kryputh · 2026-04-26T06:07:00Z

Prevent cross-tenant leakage by enforcing tenant scoping in audit log repositories and routes.

Key changes:

Updated AuditLogService to require tenantId for all logging and retrieval operations.
Implemented tenant-aware filtering in PostgresAuditLogsRepository and InMemoryAuditLogsRepository.
Refactored all administrative services (Webhooks, Replay, Policy, Members, Impersonation) to pass the authenticated user's tenantId to the audit trail.
Enforced strict scoping in routes by passing the tenantId from the authenticated request context.
Fixed potential ReferenceError in admin route catch blocks by ensuring the next parameter is correctly defined and utilized.
Verified isolation logic with updated unit tests.

Scoping Policy:

Standard Admin: Restricted strictly to their own tenantId.
Super Admin: Can view all logs or filter by specific tenant if allowSuperScope is explicitly enabled.

Closes #228

drips-wave · 2026-04-26T06:12:53Z

@kryputh Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

fix(audit): enforce tenant scoping for audit log queries

e89ff19

Merge branch 'main' into fix/auditlog-tenant-scope-fresh

70113fd

Baskarayelu merged commit 47179e4 into CredenceOrg:main Apr 26, 2026

Provide feedback