Audit log
Every data-modifying action (create, edit, delete, login, export...) is automatically recorded by the system β non-disableable, non-editable. Used for:
- Investigation when something goes wrong ("who deleted order X?")
- Internal control + audits for customers / committee
- Meeting separation of duties requirements for enterprises

Action typesβ
The system splits 12 action categories:
| Action | When | Example |
|---|---|---|
| π’ CREATE | New record | Create order, create user, create route |
| π‘ UPDATE | Edit record | Update customer address, edit order price |
| π΄ DELETE | Remove record | Delete driver, delete vehicle |
| π΅ LOGIN | Successful login | Session tracking |
| β« LOGOUT | Sign out | β |
| π£ EXPORT | Data export | Excel report export, order export |
| π IMPORT | Excel import | Import customer list |
| π― FINALIZE | Finalize routes | Route plan locked |
| π LOCK / π UNLOCK | Lock / unlock route | Edit a locked plan |
| βοΈ OPTIMIZE | Run CVRP optimization | New plan / benchmark |
| π DISPATCH | Auto-assign drivers | Auto-dispatch run |
| π€ ASSIGN | Assign driver/vehicle | Manual driver pick |
| βοΈ MOVE_ORDER | Drag order between routes | Move/reorder during planning |
Filtersβ
Multi-criteria filter at the top:
- Time range: defaults to today. Choose any day, week, or month.
- User: search by email or name β view one person's actions only
- Action: tick Action types to view
- Resource: filter by object type (Order, Trip, User, Customer, Vehicle...)
Click "Apply" to refresh.
Reading one log rowβ
Each row shows:
| Column | Meaning |
|---|---|
| Time | YYYY-MM-DD HH:mm:ss (local timezone) |
| User | Email + display name |
| Action | Action type (colored badge) |
| Resource | Affected entity (e.g. Order:ABC-001) |
| Endpoint | Backend URL called |
| Status | HTTP code (200/201/400/404/500...) |
| Duration | Ms β how long the request took |
Click a row for detail with:
- User's IP address
- User-Agent (browser/mobile)
- Before/after diff for UPDATEs β each field's old β new value
Excel exportβ
Click "Export Excel" at the top β downloads .xlsx with all logs matching the current filter. Each row is one action, used for:
- Periodic report to executives
- External archival (compliance)
- Pattern analysis in Excel / Power BI
Who can view Audit Log?β
Only IT Admin and users with audit.view permission. Planner/Dispatcher/Accountant cannot β preventing employees from deleting their own logs.
FAQβ
Q: Is there a size limit on audit log? A: No hard limit, but the MongoDB collection grows. Recommended periodic archive (e.g. every 6 months) to Excel files, then delete old logs.
Q: Can audit logs be edited?
A: No. The Changes field stores diffs as append-only. No UPDATE endpoint for audit log.
Q: Does the log capture passwords / tokens?
A: No. Middleware auto-redacts sensitive fields: password, passwordHash, token, apiKey.
Nextβ
- User management β See who currently has elevated permissions
- Transportation reports β Aggregated business metrics