From 1ba3bd9d07d172c64368b0ded68ed7fdf1df4f24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alieh=20Ryma=C5=A1e=C5=ADski?= Date: Mon, 21 Nov 2022 15:26:23 +0000 Subject: [PATCH] Disallow changing or deleting log entries (#449) --- CHANGELOG.md | 3 +++ auditlog/admin.py | 7 ++++++- auditlog_tests/tests.py | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 174e6e9..2e76497 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ # Changes +#### Fixes +- fix: Make log entries read-only in the admin. ([#449](https://github.com/jazzband/django-auditlog/pull/449)) + ## 2.2.0 (2022-10-07) #### Improvements diff --git a/auditlog/admin.py b/auditlog/admin.py index 83fe9bb..0ba5354 100644 --- a/auditlog/admin.py +++ b/auditlog/admin.py @@ -26,5 +26,10 @@ class LogEntryAdmin(admin.ModelAdmin, LogEntryAdminMixin): ] def has_add_permission(self, request): - # As audit admin doesn't allow log creation from admin + return False + + def has_change_permission(self, request, obj=None): + return False + + def has_delete_permission(self, request, obj=None): return False diff --git a/auditlog_tests/tests.py b/auditlog_tests/tests.py index 2679efc..52e7a8b 100644 --- a/auditlog_tests/tests.py +++ b/auditlog_tests/tests.py @@ -1292,7 +1292,7 @@ class AdminPanelTest(TestCase): res = self.client.get(f"/admin/auditlog/logentry/{log_pk}/", follow=True) self.assertEqual(res.status_code, 200) res = self.client.get(f"/admin/auditlog/logentry/{log_pk}/delete/") - self.assertEqual(res.status_code, 200) + self.assertEqual(res.status_code, 403) res = self.client.get(f"/admin/auditlog/logentry/{log_pk}/history/") self.assertEqual(res.status_code, 200)