TenantAtlas/apps/platform/app/Services/SystemConsole/SystemConsoleAuditLogger.php

<?php

declare(strict_types=1);

namespace App\Services\SystemConsole;

use App\Models\OperationRun;
use App\Models\PlatformUser;
use App\Models\Tenant;
use App\Services\Auth\BreakGlassSession;
use App\Services\Intune\AuditLogger;
use App\Support\Audit\AuditActorType;

final class SystemConsoleAuditLogger
{
    public function __construct(
        private readonly AuditLogger $auditLogger,
        private readonly BreakGlassSession $breakGlassSession,
    ) {}

    /**
     * @param  array<string, mixed>  $metadata
     */
    public function log(
        PlatformUser $actor,
        string $action,
        string $status = 'success',
        array $metadata = [],
        ?OperationRun $run = null,
    ): void {
        $tenant = Tenant::query()->where('external_id', 'platform')->first();

        if (! $tenant instanceof Tenant) {
            return;
        }

        $metadata['break_glass_active'] = $this->breakGlassSession->isActive();

        if ($run instanceof OperationRun) {
            $metadata['operation_run_id'] = (int) $run->getKey();
        }

        $this->auditLogger->log(
            tenant: $tenant,
            action: trim($action),
            context: ['metadata' => $metadata],
            actorId: (int) $actor->getKey(),
            actorEmail: $actor->email,
            actorName: $actor->name,
            status: trim($status),
            resourceType: $run instanceof OperationRun ? 'operation_run' : null,
            resourceId: $run instanceof OperationRun ? (string) $run->getKey() : null,
            actorType: AuditActorType::Platform,
            operationRunId: $run instanceof OperationRun ? (int) $run->getKey() : null,
        );
    }
}