Disallow changing or deleting log entries (#449)

2026-03-16 22:20:26 +00:00 · 2022-11-21 15:26:23 +00:00 · 2022-11-21 15:26:23 +00:00 · 1ba3bd9d07
commit 1ba3bd9d07
parent 96275d5386
3 changed files with 10 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,8 @@
 # Changes

+#### Fixes
+- fix: Make log entries read-only in the admin. ([#449](https://github.com/jazzband/django-auditlog/pull/449))
+
 ## 2.2.0 (2022-10-07)

 #### Improvements
--- a/auditlog/admin.py
+++ b/auditlog/admin.py
@ -26,5 +26,10 @@ class LogEntryAdmin(admin.ModelAdmin, LogEntryAdminMixin):
    ]

    def has_add_permission(self, request):
-        # As audit admin doesn't allow log creation from admin
+        return False
+
+    def has_change_permission(self, request, obj=None):
+        return False
+
+    def has_delete_permission(self, request, obj=None):
        return False
--- a/auditlog_tests/tests.py
+++ b/auditlog_tests/tests.py
@ -1292,7 +1292,7 @@ class AdminPanelTest(TestCase):
        res = self.client.get(f"/admin/auditlog/logentry/{log_pk}/", follow=True)
        self.assertEqual(res.status_code, 200)
        res = self.client.get(f"/admin/auditlog/logentry/{log_pk}/delete/")
-        self.assertEqual(res.status_code, 200)
+        self.assertEqual(res.status_code, 403)
        res = self.client.get(f"/admin/auditlog/logentry/{log_pk}/history/")
        self.assertEqual(res.status_code, 200)