Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(db): add deletedAt audit timestamp to soft-deletable models

Browse Source 
Add deletedAt DateTime? to User, Client, Role, Resource, and Blueprint
models for GDPR-compliant deactivation audit trail. Soft-delete mutations
now stamp deletedAt: new Date() on deactivation and clear it on
reactivation. Migration and test assertions updated accordingly.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Hartmut Nörenberg
2026-04-09 20:03:38 +02:00
parent f7407bd882
commit 1a8ea11331
10 changed files with 43 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/api/src/router/user-procedure-support.ts
+2 -2
View File
@@ -473,7 +473,7 @@ export async function deactivateUser(
throw new TRPCError({ code: "BAD_REQUEST", message: "User is already inactive." });
}
await ctx.db.user.update({ where: { id: input.userId }, data: { isActive: false } });
await ctx.db.user.update({ where: { id: input.userId }, data: { isActive: false, deletedAt: new Date() } });
// Invalidate all existing sessions so the user is logged out immediately
await ctx.db.activeSession.deleteMany({ where: { userId: input.userId } });
@@ -506,7 +506,7 @@ export async function reactivateUser(
throw new TRPCError({ code: "BAD_REQUEST", message: "User is already active." });
}
await ctx.db.user.update({ where: { id: input.userId }, data: { isActive: true } });
await ctx.db.user.update({ where: { id: input.userId }, data: { isActive: true, deletedAt: null } });
audit({
entityType: "User",