Add create-by audit for scenario creation

Kanakanajm · Kanakanajm · commit 54d6464634b9 · 2025-07-16T20:01:36.000+02:00
diff --git a/api/src/api/app/apis/scenarios_api.py b/api/src/api/app/apis/scenarios_api.py
@@ -41,10 +41,15 @@
     response_model_by_alias=True,
 )
 async def create_scenario(
+    request: Request,
     scenario: Scenario = Body(None, description="")
 ) -> ID:
     """Create a new scenario to be simulated."""
-    return await controller.create_scenario(scenario)
+    return await controller.create_scenario(
+        scenario,
+        request.state.user.userId if request.state.user else None,
+        request.state.realm if request.state.realm else None
+    )
 
 
 @router.delete(
diff --git a/api/src/api/app/controller/scenario_controller.py b/api/src/api/app/controller/scenario_controller.py
@@ -58,15 +58,16 @@ class LookupObject:
 }
 
 class ScenarioController:
-    
     async def create_scenario(
         self,
         scenario: Optional[Scenario],
+        userId: Optional[str],
+        orgId: Optional[str]
     ) -> ID:
         """Create a new scenario to be simulated."""
         if not scenario:
             raise HTTPException(status_code=500, detail="No scenario provided")
-        return scenario_create(scenario)
+        return scenario_create(scenario, userId, orgId)
 
 
     async def delete_scenario(
diff --git a/api/src/api/app/db/models.py b/api/src/api/app/db/models.py
@@ -27,7 +27,9 @@ class Scenario(SQLModel, table=True):
 
     timestampSubmitted: Optional[datetime] = Field(default=None, nullable=True)
     timestampSimulated: Optional[datetime] = Field(default=None, nullable=True)
-
+    
+    userId: Optional[str] = Field(default=None, nullable=True) # Created by user
+    orgId: Optional[str] = Field(default=None, nullable=True) # Created by user's LHA/Organization
 
 class ParameterDefinition(SQLModel, table=True):
     id: Optional[uuid.UUID] = Field(default_factory=uuid.uuid4, primary_key=True, nullable=False)
diff --git a/api/src/api/app/db/tasks.py b/api/src/api/app/db/tasks.py
@@ -412,7 +412,7 @@ def parameter_definition_delete(id: StrictStr) -> None:
 
 
 ## Scenarios ##
-def scenario_create(scenario: Scenario) -> ID:
+def scenario_create(scenario: Scenario, userId: Optional[str], orgId: Optional[str]) -> ID:
     scenario_obj = db.Scenario(
         name=scenario.name,
         description=scenario.description,
@@ -423,6 +423,8 @@ def scenario_create(scenario: Scenario) -> ID:
         percentiles=','.join([str(perc) for perc in scenario.percentiles]) if scenario.percentiles else '50',
         timestampSubmitted=datetime.now(),
         timestampSimulated=None,
+        userId=userId,
+        orgId=orgId
     )
     with next(get_session()) as session:
         nested_dict = lambda: defaultdict(nested_dict)
diff --git a/api/src/api/app/middlewares/authentication_middleware.py b/api/src/api/app/middlewares/authentication_middleware.py
@@ -22,6 +22,7 @@ async def dispatch(self, request, call_next):
                 # async def get_user(request: Request):
                 #     return request.state.user
                 request.state.user = user
+                request.state.realm = realm
 
                 # (Optional) role check can be added
                 # if ['admin'] not in user.role:
