From 4c323748fd400f8b3c137b3f1da34f6b8b323076 Mon Sep 17 00:00:00 2001
From: Matthias Hochmeister <matthias.hochmeister@apple.com>
Date: Mon, 23 Mar 2026 17:45:51 +0100
Subject: [PATCH] new features

---
 backend/src/services/audit.service.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/backend/src/services/audit.service.ts b/backend/src/services/audit.service.ts
index 4a68131..e6f0b82 100644
--- a/backend/src/services/audit.service.ts
+++ b/backend/src/services/audit.service.ts
@@ -241,7 +241,17 @@ class AuditService {
       if (admins.length === 0) return;
 
       const titel = sensitiveActions[entry.action] || 'Benutzer-Änderung';
-      const nachricht = `${entry.action} auf ${entry.resource_type}${entry.resource_id ? ' ' + entry.resource_id : ''} durch ${entry.user_email ?? 'System'}`;
+
+      let nachricht: string;
+      if (entry.action === 'PERMISSION_DENIED') {
+        const meta = entry.metadata as Record<string, unknown> | undefined;
+        const perm = meta?.required_permission ?? '?';
+        const path = meta?.attempted_path ?? '';
+        const method = meta?.attempted_method ?? '';
+        nachricht = `${entry.user_email ?? 'Unbekannt'}: ${method} ${path} — benötigt "${perm}"`;
+      } else {
+        nachricht = `${entry.action} auf ${entry.resource_type}${entry.resource_id ? ' ' + entry.resource_id : ''} durch ${entry.user_email ?? 'System'}`;
+      }
 
       for (const admin of admins) {
         // Don't notify the admin about their own actions