# NGBVD Audit, Permission Navigation and Import Upload Patch

This patch adds:

1. A modern upload drop-zone for `/dataentry/import` without changing the accepted UI baseline elsewhere.
2. System audit logs for authenticated web/system activity.
3. Audit log pages under `/audit/logs` and CSV export.
4. Permission registry entries for audit logs and missing API integration actions.
5. Navigation visibility for API URLs, API clients, sharing logs and system audit logs.
6. Route-level permission mapping for audit log routes so direct URL access is blocked.

## Migrations

Run on staging first:

```bash
php artisan migrate --path=database/migrations/2026_06_04_000130_create_audit_logs_table.php
```

## Required cache reset

```bash
composer dump-autoload
php artisan optimize:clear
php artisan config:clear
php artisan route:clear
php artisan view:clear
php artisan cache:clear
```

## Permissions to assign

Grant these where required:

- `audit_logs.view`
- `audit_logs.export`
- `api_integrations.view`
- `api_integrations.view_api_urls`
- `api_integrations.manage_clients`
- `api_integrations.create_clients`
- `api_integrations.disable_clients`
- `api_integrations.view_logs`
- `api_integrations.export_logs`
- `api_integrations.retry`
- `api_integrations.ubos_push`
- `api_integrations.sauti_push`

Administrator accounts remain full access.

## URLs

- `/audit/logs`
- `/audit/logs/{uuid}`
- `/audit/logs/export`
- `/integrations#api-endpoints`
- `/integrations/logs`
- `/integrations/api-clients`