Skip to content

Superuser: browse site-wide admin action log (#1413)#1414

Merged
jonfroehlich merged 1 commit into
masterfrom
1413-superuser-admin-action-log
Jul 1, 2026
Merged

Superuser: browse site-wide admin action log (#1413)#1414
jonfroehlich merged 1 commit into
masterfrom
1413-superuser-admin-action-log

Conversation

@jonfroehlich

Copy link
Copy Markdown
Member

Closes #1413.

Problem

The admin index "Recent actions" sidebar is scoped to the current user's own actions (Django's for_user filter), so a superuser can only see My actions — no easy way to see what other editors/contributors have done. Every admin add/change/delete is recorded in django.contrib.admin.models.LogEntry; it was just never surfaced.

What this does (Option A)

Registers LogEntry as a read-only, superuser-only admin so a superuser can browse everyone's admin activity:

  • Filter by user, action type (add/change/delete), and content type
  • Search by object name, change message, username/name
  • Columns: time, user, colored action label, content type, link to the affected object (repr fallback for deletions), change summary
  • Strictly read-only — it's an append-only audit trail
  • Superuser-only visibility (matches the Grant/Award access model); editors/contributors can't see or reach it
  • Appears under Administration as "Log entries"

Tests

New website/tests/test_logentry_admin.py (6 tests, all passing) pins:

  • read-only + superuser-only permission enforcement
  • end-to-end changelist (200 for superuser, non-200 for an editor)
  • display columns don't raise on any action type (incl. the deletion fallback)

Screenshots

UI change — screenshot of the Log entries changelist to follow.

Notes

Considered Option B (widen the sidebar panel for superusers); not doing that here — the filterable changelist is the more useful tool.

🤖 Generated with Claude Code

…og (#1413)

The admin index "Recent actions" sidebar is scoped to the current user's
own actions (Django's for_user filter), so a superuser has no easy way to
see what other editors/contributors have done. Every admin action is
already recorded in django.contrib.admin.models.LogEntry; this surfaces it.

Register LogEntry as a read-only, superuser-only ModelAdmin:
- Filter by user / action type / content type; search object repr, change
  message, username/name.
- Columns: time, user, colored action label, content type, link to the
  affected object (repr fallback for deletions), change summary.
- Strictly read-only (append-only audit trail); superuser-only visibility
  matching the Grant/Award access model.
- Shows under the Administration group as "Log entries".

Adds regression tests pinning read-only + superuser-only enforcement, the
end-to-end changelist (200 superuser / non-200 editor), and that the display
columns don't raise on any action type.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@jonfroehlich jonfroehlich merged commit 1b799c8 into master Jul 1, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Superuser: browse site-wide admin action log (all users, not just My actions)

1 participant