user group restriction

[enricofer]

Hi, thanks for your handy app. With the PR I'm suggesting to limit the availability of 'Mass edit' action only to users belonging to a specified group. Mass Edit action could be very dangerous and sometimes should be perfomed only by conscious users.

Best Regards. Enrico

[PetrDlouhy]

@enricofer Thanks for the patch. Could you please add some tests demonstrating the new function and fix the linting error?

[PetrDlouhy]

@enricofer I was also thinking why does we need to limit the access restriction only for cases when ADD_ACTION_GLOBALLY=False. I understand that it is because the admin action is added through admin.site.add_action() on global level, but then I bumped to this in the Django docs: https://docs.djangoproject.com/en/4.0/ref/contrib/admin/actions/#setting-permissions-for-actions

I am not sure from the docs if it is available also for the global actions, but can you please try if it works?

[enricofer]

Unfortunately I can't get user permission checking with ADD_ACTION_GLOBALLY=True . Action list manipulation and even those actions decorators are only available under modelAdmin class through a mixin. I don't find at the moment any solution for this. So for user permission checking we have to set ADD_ACTION_GLOBALLY=False and subclass client model admin from MassEditMixin

[enricofer]

documentation update will follow

[enricofer]

And finally there is a demo site missing migration in the master repo: https://github.com/burke-software/django-mass-edit/pull/110/commits/3e7243bbadba6bc52976bf29318c1f28ed8e7153 The pull request is going to fix this too.

[PetrDlouhy]

@enricofer Thank you very much for everything. It looks very nice now. There is one last thing. Can you please add following tests:

• [ ] mass_change_view when the user has massadmin.can_mass_edit permissions.
• [ ] MassEditMixin.get_actions() (ideally both with and without permissions).
• [ ] Admin action is available when ADD_ACTION_GLOBALLY=True (use override_settings)