[web] Add audit log entry for group-invite-sent

GitOrigin-RevId: 70dee3b844ab1dae05f362ad7f68214959257583
2025-12-05 01:10:29 +00:00 · 2025-11-27 10:16:26 +00:00
parent d7f7fd1d00
commit e89a5da7de
2 changed files with 69 additions and 3 deletions
--- a/services/web/app/src/Features/Subscription/TeamInvitesHandler.mjs
+++ b/services/web/app/src/Features/Subscription/TeamInvitesHandler.mjs
@@ -29,7 +29,7 @@ async function getInvite(token) {
  return { invite, subscription }
 }

-async function createInvite(teamManagerId, subscription, email) {
+async function createInvite(teamManagerId, subscription, email, auditLog) {
  email = EmailHelper.parseEmail(email)
  if (!email) {
    throw new Error('invalid email')
@@ -37,7 +37,7 @@ async function createInvite(teamManagerId, subscription, email) {
  const teamManager = await UserGetter.promises.getUser(teamManagerId)

  await _removeLegacyInvite(subscription.id, email)
-  return _createInvite(subscription, email, teamManager)
+  return _createInvite(subscription, email, teamManager, auditLog)
 }

 async function importInvite(subscription, inviterName, email, token, sentAt) {
@@ -171,7 +171,7 @@ async function createTeamInvitesForLegacyInvitedEmail(email) {
  )
 }

-async function _createInvite(subscription, email, inviter) {
+async function _createInvite(subscription, email, inviter, auditLog) {
  const { possible, reason } = await _checkIfInviteIsPossible(
    subscription,
    email
@@ -257,6 +257,23 @@ async function _createInvite(subscription, email, inviter) {
  await subscription.save()

  if (subscription.managedUsersEnabled) {
+    const auditLogData = {
+      initiatorId: auditLog?.initiatorId,
+      ipAddress: auditLog?.ipAddress,
+      groupId: subscription._id,
+      operation: 'group-invite-sent',
+      info: { invitedEmail: email },
+    }
+
+    try {
+      await Modules.promises.hooks.fire('addGroupAuditLogEntry', auditLogData)
+    } catch (error) {
+      logger.error(
+        { error, auditLog },
+        'Error adding group audit log entry for group-invite-sent'
+      )
+    }
+
    let admin = {}
    try {
      admin = await SubscriptionLocator.promises.getAdminEmailAndName(
--- a/services/web/test/unit/src/Subscription/TeamInvitesHandler.test.mjs
+++ b/services/web/test/unit/src/Subscription/TeamInvitesHandler.test.mjs
@@ -365,6 +365,55 @@ describe('TeamInvitesHandler', function () {
        .create.calledWith(invite)
        .should.eq(true)
    })
+
+    it('creates an audit log entry for group-invite-sent for managed subscription', async function (ctx) {
+      ctx.subscription.managedUsersEnabled = true
+
+      const auditLog = {
+        initiatorId: ctx.manager._id,
+        ipAddress: '192.0.2.1',
+      }
+
+      await ctx.TeamInvitesHandler.promises.createInvite(
+        ctx.manager._id,
+        ctx.subscription,
+        'John.Snow@example.com',
+        auditLog
+      )
+
+      sinon.assert.calledWith(
+        ctx.Modules.promises.hooks.fire,
+        'addGroupAuditLogEntry',
+        sinon.match({
+          initiatorId: auditLog.initiatorId,
+          ipAddress: auditLog.ipAddress,
+          groupId: ctx.subscription._id,
+          operation: 'group-invite-sent',
+          info: { invitedEmail: 'john.snow@example.com' },
+        })
+      )
+    })
+
+    it('does not create an audit log entry for non-managed subscription', async function (ctx) {
+      ctx.subscription.managedUsersEnabled = false
+
+      const auditLog = {
+        initiatorId: ctx.manager._id,
+        ipAddress: '192.0.2.1',
+      }
+
+      await ctx.TeamInvitesHandler.promises.createInvite(
+        ctx.manager._id,
+        ctx.subscription,
+        'John.Snow@example.com',
+        auditLog
+      )
+
+      sinon.assert.neverCalledWith(
+        ctx.Modules.promises.hooks.fire,
+        'addGroupAuditLogEntry'
+      )
+    })
  })

  describe('importInvite', function () {