Skip to content

Operation Logs

API fact source: Django backend generated docs

What Logs Record

logs records important business operations for admin query and export. It is an audit aid, not a driver of business state.

Code entry:

  • backend/apps/logs/models.py
  • backend/apps/logs/views/operation_log.py
  • backend/apps/logs/utils.py
  • backend/apps/logs/permissions.py

Context Source

Business code writes logs through log_operation(...). OperationLogContextMiddleware stores the current request in a ContextVar, allowing service code to recover request context when it is not passed explicitly.

A useful log entry describes who did what, under which role, and to which target. Technical actions alone are usually not enough for audit.

Operations That Need Logs

Approval, cancellation, import, configuration changes, and device-token issuance/revocation are critical business actions. Log export uses the same filters as log query, so the page and exported file describe the same dataset.

Logs are audit aids, not permission checks or rollback state.

Known Debt

IsLogAdmin still reads the legacy user.role field, while the current user model uses roles. Log endpoints are therefore reliably accessible mainly through Django is_superuser / is_staff. A fix needs integration with the current role system and permission tests.