Implement deletion audit logging and restore functionality for posts/comments

[moheladwy]

Overview

Implement a comprehensive audit logging system to track who deletes posts and comments in the database, and provide admin functionality to restore content deleted by AI or admins.

Requirements

1. Deletion Audit Logging

Track the following information when posts/comments are deleted:

• Deletion Actor Type: Who performed the deletion
  • User (self-deletion)
  • AI (automated content moderation)
  • Admin (manual moderation)
• Timestamp: When the deletion occurred
• Actor ID: The specific user/admin ID or AI system identifier
• Deletion Reason: Optional field for why the content was removed

2. Database Schema Changes

Add audit fields to posts and comments tables:

• DeletedBy (enum or string): USER, AI, or ADMIN
• DeletedByActorId (string/guid): Reference to the user/admin who deleted it
• DeletedAt (datetime): Timestamp of deletion
• DeletionReason (text): Optional reason for deletion
• IsDeleted (boolean): Soft delete flag
• CanBeRestored (boolean): Computed based on DeletedBy field

3. Admin Restore Functionality

Implement restore capability with the following rules:

• ✅ Admins CAN restore content deleted by:
  • AI systems (automated moderation)
  • Other admins (manual moderation review)
• ❌ Admins CANNOT restore content deleted by:
  • Users (user's own deletion - respects user privacy and choice)

4. API Endpoints

New/Modified Endpoints:

• DELETE /api/posts/{id} - Update to log deletion actor
• DELETE /api/comments/{id} - Update to log deletion actor
• POST /api/admin/posts/{id}/restore - Admin-only restore endpoint
• POST /api/admin/comments/{id}/restore - Admin-only restore endpoint
• GET /api/admin/deleted-content - View deleted content with audit info

5. Admin Dashboard Features

• View deleted posts/comments with full audit trail
• Filter by deletion actor type (User/AI/Admin)
• Restore button (enabled only for AI/Admin deletions)
• Display deletion reason and timestamp
• Show who deleted the content

Implementation Steps

1. Update database entities with audit fields
2. Create/update database migrations
3. Modify deletion logic to capture actor information
4. Implement restore service logic with validation
5. Create admin API endpoints for restore functionality
6. Update admin dashboard UI to show audit information
7. Add authorization checks for restore operations
8. Add logging for restore operations
9. Write unit tests for restoration logic
10. Write integration tests for admin endpoints

Technical Considerations

• Use soft delete pattern (don't physically remove from DB)
• Ensure audit trail is immutable (log changes if content is restored)
• Consider adding restore audit log (who restored what and when)
• Implement proper authorization for admin-only operations
• Add rate limiting for restore operations to prevent abuse

Acceptance Criteria

• All deletions are logged with actor information
• Admins can view full deletion audit trail
• Admins can restore AI-deleted content
• Admins can restore admin-deleted content
• Admins cannot restore user-deleted content
• Restored content maintains original metadata
• Restore operations are logged
• API endpoints have proper authorization
• Unit and integration tests pass
• Admin UI shows deletion audit information