From 1f2cec9ac31f57a5429cccec3ffd215e353638c2 Mon Sep 17 00:00:00 2001
From: curo1305 <curo1305@proton.me>
Date: Mon, 1 Jun 2026 14:27:08 +0200
Subject: [PATCH] fix(06.2): CR-07 add audit log entry for PATCH
 /shares/{share_id} permission change

---
 backend/api/shares.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/backend/api/shares.py b/backend/api/shares.py
index 6067135..e75c87d 100644
--- a/backend/api/shares.py
+++ b/backend/api/shares.py
@@ -247,6 +247,7 @@ async def list_shared_with_me(
 async def update_share_permission(
     share_id: str,
     body: SharePermissionPatch,
+    request: Request,
     session: AsyncSession = Depends(get_db),
     current_user: User = Depends(get_regular_user),
 ) -> dict:
@@ -265,6 +266,16 @@ async def update_share_permission(
         raise HTTPException(status_code=404, detail="Share not found")
 
     share.permission = body.permission
+
+    await write_audit_log(
+        session=session,
+        event_type="share.permission_changed",
+        user_id=current_user.id,
+        actor_id=current_user.id,
+        resource_id=share.document_id,
+        ip_address=_ip(request),
+        metadata_={"share_id": str(share.id), "new_permission": body.permission},
+    )
     await session.commit()
 
     return {"id": str(share.id), "permission": share.permission}