wagtail/docs/releases/1.8.rst

==========================================
Wagtail 1.8 release notes - IN DEVELOPMENT
==========================================

.. contents::
    :local:
    :depth: 1


What's new
==========


New page privacy options
~~~~~~~~~~~~~~~~~~~~~~~~

Previously users with publishing permissions were able to restrict access to a page based on a shared password. Now they can also restrict access to logged-in users only, or to users from specific groups. This feature was developed by Shawn Makinson, Tom Miller, Luca Perico and Matt Westcott.

See: :ref:`private_pages`


Restrictions on bulk-deletion of pages
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Previously, any user with edit permission over a page and its descendants was able to delete them all as a single action, which led to the risk of accidental deletions. To guard against this, the permission rules have been revised so that a user with basic permissions can only delete pages that have no children; in order to delete a whole subtree, they must individually delete each child page first. A new "bulk delete" permission type has been added which allows a user to delete pages with children, as before; superusers receive this permission implicitly, and so there is no change of behaviour for them.

See: :ref:`permissions`

This feature was developed by Matt Westcott.


Minor features
~~~~~~~~~~~~~~

 * Added support of a custom ``edit_handler`` for site settings. See :ref:`docs for the site settings module <edit_handlers_settings>`. (Axel Haustant)
 * Added ``get_landing_page_template`` getter method to ``AbstractForm`` (Gagaro)
 * Added ``Page.get_admin_display_title`` method to override how the title is displayed in the admin (Henk-Jan van Hasselaar)
 * Added support for specifying custom HTML attributes for table rows on ModelAdmin index pages. See :ref:`modeladmin_get_extra_attrs_for_row` (Andy Babic)
 * Added ``first_common_ancestor`` method to ``PageQuerySet`` (Tim Heap)
 * Page chooser now opens at the deepest ancestor page that covers all the pages of the required page type (Tim Heap)
 * ``PageChooserBlock`` now accepts a ``target_model`` option to specify the required page type (Tim Heap)
 * Modeladmin forms now respect ``fields`` / ``exclude`` options passed on custom model forms (Thejaswi Puthraya)


Bug fixes
~~~~~~~~~

 * ``AbstractForm`` now respects custom ``get_template`` methods on the page model (Gagaro)
 * Use specific page model for the parent page in the explore index (Gagaro)
 * Remove responsive styles in embed when there is no ratio available (Gagaro)
 * Parent page link in page search modal no longer disappears on hover (Dan Braghis)
 * ModelAdmin views now consistently call ``get_context_data`` (Andy Babic)
 * Header for search results on the redirects index page now shows the correct count when the listing is paginated (Nick Smith)
 * ``set_url_paths`` management command is now compatible with Django 1.10 (Benjamin Bach)
 * Form builder email notifications now output multiple values correctly (Sævar Öfjörð Magnússon)
 * Closing 'more' dropdown on explorer no longer jumps to the top of the page (Ducky)
 * Users with only publish permission are no longer given implicit permission to delete pages (Matt Westcott)

Upgrade considerations
======================

``wagtail.wagtailimages.models.get_image_model`` has moved
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The ``get_image_model`` function should now be imported from ``wagtail.wagtailimages`` rather than ``wagtail.wagtailimages.models``. See :ref:`custom_image_model_referring_to_image_model`.


Non-administrators now need 'bulk delete' permission to delete pages with children
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

As a precaution against accidental data loss, this release introduces a new "bulk delete" permission on pages, which can be set through the Settings -> Groups area. Non-administrator users must have this permission in order to delete pages that have children; a user without this permission would have to delete each child individually before deleting the parent. By default, no groups are assigned this new permission. If you wish to restore the previous behaviour, and don't want to configure permissions manually through the admin interface, you can do so with a data migration. Create an empty migration using ``./manage.py makemigrations myapp --empty --name assign_bulk_delete_permission`` (replacing ``myapp`` with the name of one of your project's apps) and edit the migration file to contain the following:

.. code-block:: python

    from __future__ import unicode_literals

    from django.db import migrations


    def add_bulk_delete_permission(apps, schema_editor):
        """Find all groups with add/edit page permissions, and assign them bulk_delete permission"""
        GroupPagePermission = apps.get_model('wagtailcore', 'GroupPagePermission')
        for group_id, page_id in GroupPagePermission.objects.filter(
            permission_type__in=['add', 'edit']
        ).values_list('group', 'page').distinct():
            GroupPagePermission.objects.create(
                group_id=group_id, page_id=page_id, permission_type='bulk_delete'
            )


    def remove_bulk_delete_permission(apps, schema_editor):
        GroupPagePermission = apps.get_model('wagtailcore', 'GroupPagePermission')
        GroupPagePermission.objects.filter(permission_type='bulk_delete').delete()


    class Migration(migrations.Migration):

        dependencies = [
            # keep the original dependencies line
        ]

        operations = [
            migrations.RunPython(add_bulk_delete_permission, remove_bulk_delete_permission),
        ]