Skip to content

AUDIT-36: Add REST endpoint for audit log queries with user/action/date filtering#17

Closed
AshThe25 wants to merge 1 commit into
openmrs:masterfrom
AshThe25:feature/AUDIT-36-rest-endpoint
Closed

AUDIT-36: Add REST endpoint for audit log queries with user/action/date filtering#17
AshThe25 wants to merge 1 commit into
openmrs:masterfrom
AshThe25:feature/AUDIT-36-rest-endpoint

Conversation

@AshThe25

@AshThe25 AshThe25 commented Apr 19, 2026

Copy link
Copy Markdown
Contributor

Problem

This module does not have any REST API, but rather only uses the old DWR API. The OpenMRS O3 Frontend dashboard needs an endpoint that returns JSON data for the audit log.

Solution

Introduce a new GET request on /module/auditlog/rest/auditlogs with these parameters:

  • user — filters on UUID of the user
  • action — multiple values for CREATED, UPDATED, DELETED
  • startDate / endDate — ISO 8601 dates
  • startIndex / limit — paging with maximum limit set to 100

Changes

  • HibernateAuditLogDAO - add new function getAuditLogs(userUuid, ...)
  • AuditLogDAO / AuditLogService / AuditLogServiceImpl - add new function wired up through all tiers
  • AuditLogRestController - Spring MVC @controller with @responsebody
  • AuditLogDTO / AuditLogPageResponse - JSON response DTO classes

Testing

Manual testing with curl on the OpenMRS server. Unit tests coming in a different pull request.

JIRA

AUDIT-36

@AshThe25 AshThe25 changed the title AUDIT-36: Add REST endpoint for audit log queries with user/action/da… AUDIT-36: Add REST endpoint for audit log queries with user/action/date filtering Apr 19, 2026
@AshThe25

AshThe25 commented Apr 19, 2026

Copy link
Copy Markdown
Contributor Author

JIRA issue: https://issues.openmrs.org/browse/AUDIT-36

The module has no REST API, uses old DWR instead.
O3 frontend requires a JSON endpoint to show audit log information.

GET /module/auditlog/rest/auditlogs is added.
It supports the following query parameters:

  • user UUID
  • action in (CREATED, UPDATED, DELETED), comma-separated
  • date range, ISO format for both
  • pagination: startIndex, limit (not more than 100)

Frontend workspace using this endpoint:
openmrs/openmrs-esm-admin-tools#26

@AshThe25

Copy link
Copy Markdown
Contributor Author

Frontend workspace that consumes this endpoint:
openmrs/openmrs-esm-admin-tools#267

@AshThe25

Copy link
Copy Markdown
Contributor Author

Added unit tests in the latest commit covering:

  • Returns 200 with paginated results
  • Returns empty results correctly
  • Filters by user UUID
  • Parses comma-separated actions
  • Rejects startDate after endDate (400)
  • Caps limit at 100
  • Ignores invalid action values
  • AuditLogServiceImpl delegation tests

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If types is null we match all; if it is an empty list we pass an empty Restrictions.in, which Hibernate turns into 1=0. Worth adding an isEmpty guard so the caller does not accidentally get zero rows

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch — added isEmpty() guard on both types and actions lists. An empty collection now behaves the same as null instead of generating 1=0. Pushed the fix.

@AshThe25 AshThe25 requested a review from praneeth622 April 20, 2026 17:25
…pagination

Exposes GET /module/auditlog/rest/auditlogs with query parameters:
  user       - filter by user UUID
  action     - comma-separated: CREATED, UPDATED, DELETED
  startDate  - inclusive lower bound (yyyy-MM-dd)
  endDate    - inclusive upper bound (yyyy-MM-dd)
  startIndex - zero-based pagination offset (default 0)
  limit      - page size capped at 100 (default 25)

Changes:
- AuditLogDAO: new getAuditLogs(userUuid, actions, dates, ...) method with
  isEmpty guards to avoid Hibernate 1=0 on empty list args
- HibernateAuditLogDAO: Criteria-based implementation with user alias join
- AuditLogService: new method declaration with PRIV_GET_AUDITLOGS guard
- AuditLogServiceImpl: delegates to DAO
- AuditLogRestController: Spring MVC @responsebody controller returning JSON
- AuditLogDTO / AuditLogPageResponse: lightweight serialisable response types
- Unit tests for AuditLogRestController and AuditLogServiceImpl
@AshThe25 AshThe25 force-pushed the feature/AUDIT-36-rest-endpoint branch from 23d75c1 to f0179df Compare April 20, 2026 18:07
@AshThe25

Copy link
Copy Markdown
Contributor Author

@dkayiwa Hi, I'm a GSoC 2026 applicant working on the audit log module enhancement proposal. This PR adds the REST endpoint that the O3 frontend dashboard depends on. Would appreciate a review when you have time.

Related PRs in this series:

@ibacher ibacher closed this Apr 20, 2026
@AshThe25

Copy link
Copy Markdown
Contributor Author

Hi @ibacher, I see these PRs were closed. Could you share what was wrong so I can learn from it? Happy to rework any of them based on your feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants