From 9b59c5bfe0823c9ae2b4c1e8927c717d8e84faad Mon Sep 17 00:00:00 2001
From: Harkamal Randhawa <harkamalsr@gmail.com>
Date: Sat, 11 Apr 2026 23:29:23 -0600
Subject: [PATCH] restrict activity logging to admin and staff only

---
 .../com/petshop/backend/config/ActivityLoggingFilter.java   | 6 +++++-
 .../java/com/petshop/backend/controller/AuthController.java | 5 +++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/backend/src/main/java/com/petshop/backend/config/ActivityLoggingFilter.java b/backend/src/main/java/com/petshop/backend/config/ActivityLoggingFilter.java
index 5380e6d3..39b11cf2 100644
--- a/backend/src/main/java/com/petshop/backend/config/ActivityLoggingFilter.java
+++ b/backend/src/main/java/com/petshop/backend/config/ActivityLoggingFilter.java
@@ -1,5 +1,6 @@
 package com.petshop.backend.config;
 
+import com.petshop.backend.entity.User;
 import com.petshop.backend.security.AppPrincipal;
 import com.petshop.backend.service.ActivityLogService;
 import jakarta.servlet.FilterChain;
@@ -57,15 +58,18 @@ import java.io.IOException;
         }
 
         Long userId = null;
+        User.Role role = null;
         Object principal = authentication.getPrincipal();
         if (principal instanceof AppPrincipal appPrincipal) {
             userId = appPrincipal.getUserId();
+            role = appPrincipal.getRole();
         } else if (authentication instanceof UsernamePasswordAuthenticationToken token
                 && token.getPrincipal() instanceof AppPrincipal appPrincipal) {
             userId = appPrincipal.getUserId();
+            role = appPrincipal.getRole();
         }
 
-        if (userId == null) {
+        if (userId == null || role == null || role == User.Role.CUSTOMER) {
             return;
         }
 
diff --git a/backend/src/main/java/com/petshop/backend/controller/AuthController.java b/backend/src/main/java/com/petshop/backend/controller/AuthController.java
index 9249332a..c0eff22e 100644
--- a/backend/src/main/java/com/petshop/backend/controller/AuthController.java
+++ b/backend/src/main/java/com/petshop/backend/controller/AuthController.java
@@ -101,7 +101,6 @@ public class AuthController {
         User savedUser = userRepository.save(user);
 
         String token = jwtUtil.generateToken(savedUser);
-        activityLogService.record(savedUser.getId(), "POST /api/v1/auth/register -> 201");
 
         return ResponseEntity.status(HttpStatus.CREATED).body(new RegisterResponse(
                 savedUser.getId(),
@@ -124,7 +123,9 @@ public class AuthController {
                     .orElseThrow(() -> new UsernameNotFoundException("User not found"));
 
             String token = jwtUtil.generateToken(user);
-            activityLogService.record(user.getId(), "POST /api/v1/auth/login -> 200");
+            if (user.getRole() != User.Role.CUSTOMER) {
+                activityLogService.record(user.getId(), "POST /api/v1/auth/login -> 200");
+            }
 
             return ResponseEntity.ok(new LoginResponse(
                     token,