Module audit 

Admin action log — every create / update / delete driven through the admin writes a row to rustio_admin_actions. The audit trail powers two user-visible surfaces:

• GET /admin/actions — project-wide timeline with filters.
• GET /admin/<model>/<id>/history — per-object history.

The table ships in crate::auth::ensure_core_tables and is FK-cascaded to rustio_users: deleting a user wipes the log entries they produced, matching how sessions cascade.

Integrity

record rejects entries that are missing any of user_id, model_name, or object_id. The caller gets an Error::Internal so the admin handler can fail loudly rather than silently losing the audit trail — that’s what the spec means by “No logging = FAIL”.

Not included in 0.4

• Per-field diff of what changed on update (requires reading the pre-update row and diffing; deferred).
• Retention / pruning (no cron). Projects that need a bounded log should run DELETE FROM rustio_admin_actions WHERE timestamp < … on their own cadence.

Structs

AdminAction

One action-log row as loaded from the DB. The user_email is joined in by recent and for_object so the timeline can render the acting user without a second round-trip.

LogEntry

What callers hand to record. Kept as a borrow-friendly struct so handlers don’t need to clone field strings.

Enums

ActionType

The three classes of admin mutation we track. delete covers both individual and bulk deletions — each bulk-delete row writes its own Delete entry so object history is per-row complete.

Functions

for_object

All actions for one (model, object_id), newest first.

recent

Fetch the most recent limit admin actions, newest first. Optional filters by model_name and by action_type string (the UI passes both through as URL query params, so we take them as &str rather than typed enums).

record

Write one row to the action log.