On Tue, May 10, 2011 at 4:59 PM, Paweł Roman <romapa...@googlemail.com> wrote: > But does that mean that the django admin log is broken and cant be > trusted? How come there isnt any trace of adding those items?
Well, I'd say "broken" might be a bit strong. Some cars drive 200 MPH, but mine won't. Does that mean my car's "broken"? Of course not: it's just not designed to drive that fast. Similarly, the admin log isn't a designed to be a foolproof audit log. It's a rough history trail, but entries in it are essentially advisory and there are *plenty* of ways for content to be modified without leaving an admin log entry. Without seeing your code it's impossible to say exactly why these events aren't in the admin log, but I'll try to make a guess or two. If you take a look at the source, you can see that the admin log is added by the `log_addition`, `log_change`, and `log_deletion` methods on `ModelAdmin` (see http://code.djangoproject.com/browser/django/trunk/django/contrib/admin/options.py#L494). These methods, in turn, are called by the admin views (`add_view`, `change_view`, and `delete_view`) and also by the admin bulk delete action (see http://code.djangoproject.com/browser/django/trunk/django/contrib/admin/actions.py#L46). However, and this is key, these methods aren't called by anything else. So actions won't be logged if you: * Add, edit, or delete objects using any other mechanism than the admin (e.g. your own views, directly from the Python shell, in the database directly, etc.) * Have a custom admin action that modifies objects and doesn't call a log method. * Have a custom admin view that doesn't call the super method or manually call the log method. * Use a custom admin site that overrides any of the log methods. * And so on. I'm willing to bet it's one of these things. But in any case, any code path that modifies the database without calling a log method leaves things out of the admin log. My apologies if the documentation led you to believe that the admin log was some sort of foolproof audit trail. It's anything but; if there's money or legal issues on the table, you absolutely need something more robust and harder to tamper with. Jacob -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
