Custom action with security

[Ezequias Rocha]

Hi everyone

I am using a custom action in admin, it is simple but not secure. I would like some custom actions would work only for some users and i think it could be done with a different url and a differente authorization role (in Admin).

Could you give me some advice to make this issue work on my admin in a different URL?

I am using Django-rest-framework.

My implementation was quite easy (but I need to have access to this action for some specific users in Admin and Postman).

model.py:

@action(methods=['put'], detail=True, permission_classes=[IsAdminUser], url_path='aprovarArtigo', url_name='aprovar_artigo')

def approveArtcle(modeladmin, request, queryset):

queryset.update(fl_approved=True)

@action(methods=['put'], detail=True, permission_classes=[IsAdminUser], url_path='desaprovarArtigo', url_name='desaprovar_artigo')

def disapproveArtcle(modeladmin, request, queryset):

queryset.update(fl_approved=False)

I tried to put the commented line to work but this simple not work.

model.py:

class AprovarArtigoAdmin(admin.ModelAdmin):

list_display = ('id', 'nu_usuario_id', 'de_titulo', 'de_texto', 'fl_aprovado', 'dt_inclusao', 'dt_alteracao', 'nu_usuario_alteracao' )

readonly_fields = ['nu_usuario_alteracao', 'fl_aprovado']

actions = [approveArticle, disapproveArticle]

approveArticle.short_description = "Approve selected Articles"

disapproveArticle.short_description = "Disapprove selected Articles"

list_filter = ('fl_approved',)

admin.site.register(Article, ArticleAdmin)

#admin.site.register(ApproveArticleAdmin,)

I got the error:

TypeError: 'MediaDefiningClass' object is not iterable

Regards

Ezequias