diff --git a/src/cmdforge/registry/app.py b/src/cmdforge/registry/app.py
index adcd370..8a065e0 100644
--- a/src/cmdforge/registry/app.py
+++ b/src/cmdforge/registry/app.py
@@ -1360,10 +1360,6 @@ def create_app() -> Flask:
     @require_admin
     def admin_list_collections() -> Response:
         """List all collections with full details (admin)."""
-        user = get_current_user()
-        if not user or user.get("role") not in ("admin", "moderator"):
-            return error_response("FORBIDDEN", "Admin access required", 403)
-
         rows = query_all(
             g.db,
             "SELECT * FROM collections ORDER BY name",
@@ -1392,16 +1388,12 @@ def create_app() -> Flask:
     @require_admin
     def admin_create_collection() -> Response:
         """Create a new collection (admin)."""
-        user = get_current_user()
-        if not user or user.get("role") != "admin":
-            return error_response("FORBIDDEN", "Admin access required", 403)
-
         data = request.get_json() or {}
         name = data.get("name", "").strip().lower()
         display_name = data.get("display_name", "").strip()
         description = data.get("description", "").strip()
         icon = data.get("icon", "").strip()
-        maintainer = data.get("maintainer", user.get("username", "")).strip()
+        maintainer = data.get("maintainer", g.current_publisher.get("slug", "")).strip()
         tools = data.get("tools", [])
         pinned = data.get("pinned", {})
         tags = data.get("tags", [])
@@ -1441,7 +1433,7 @@ def create_app() -> Flask:
             g.db.commit()
 
             # Audit log
-            log_admin_action(g.db, user["id"], "create_collection", {"collection": name})
+            log_audit("create_collection", "collection", name, {"collection": name})
 
             return jsonify({
                 "success": True,
@@ -1456,10 +1448,6 @@ def create_app() -> Flask:
     @require_admin
     def admin_update_collection(name: str) -> Response:
         """Update a collection (admin)."""
-        user = get_current_user()
-        if not user or user.get("role") != "admin":
-            return error_response("FORBIDDEN", "Admin access required", 403)
-
         existing = query_one(g.db, "SELECT * FROM collections WHERE name = ?", [name])
         if not existing:
             return error_response("COLLECTION_NOT_FOUND", f"Collection '{name}' not found", 404)
@@ -1512,7 +1500,7 @@ def create_app() -> Flask:
             g.db.commit()
 
             # Audit log
-            log_admin_action(g.db, user["id"], "update_collection", {"collection": name})
+            log_audit("update_collection", "collection", name, {"collection": name})
 
             return jsonify({
                 "success": True,
@@ -1526,10 +1514,6 @@ def create_app() -> Flask:
     @require_admin
     def admin_delete_collection(name: str) -> Response:
         """Delete a collection (admin)."""
-        user = get_current_user()
-        if not user or user.get("role") != "admin":
-            return error_response("FORBIDDEN", "Admin access required", 403)
-
         existing = query_one(g.db, "SELECT id FROM collections WHERE name = ?", [name])
         if not existing:
             return error_response("COLLECTION_NOT_FOUND", f"Collection '{name}' not found", 404)
@@ -1539,7 +1523,7 @@ def create_app() -> Flask:
             g.db.commit()
 
             # Audit log
-            log_admin_action(g.db, user["id"], "delete_collection", {"collection": name})
+            log_audit("delete_collection", "collection", name, {"collection": name})
 
             return jsonify({
                 "success": True,