Currently any user with any page permission can view any page revision.
This commit fixes that, and ensures that the user has publish or edit
permission on the page before showing a page revision. If not, the user
is presented with a 403.
This maintains the current behavior if the user has no page permissions,
which is to redirect to the admin home page.
New tests have been added to cover these changes.
Fixes issue 5426.
When editing a rich text field and entering a link to a page whose Page
type overrides get_admin_display_title, the custom admin display title
is used both when browsing to select the page to link to and also when
viewing the rich text editor.
The first behavior is consistent with how custom admin display titles
are used throughout the admin, but the second behavior is not. The
Wagtail user should be able to use the rich text field as a reasonable
preview of what the rendered content will look like for the end user. To
do this, the "real" page title should be used, not the admin one.
This commit alters the data that gets passed to the rich text editor so
that its title is the real page title and not the admin one.
Fixes issue 5131.
Modeladmin handles notification to the user if a model instance has protected ForeignKey
relationships. However, if the protected relation is a OneToOneField it raises an exception:
File ".../wagtail/wagtail/contrib/modeladmin/views.py", line 742, in post
for obj in qs.all():
AttributeError: 'MyRelatedModel' object has no attribute 'all'
because qs in this case is the related instance rather than a queryset of related instances
(as is the case for a ForeignKey).
This commit handles the OneToOneField case as well.
User interaction with the form within the 10s delay also won’t trigger the confirmation message. There will still be race condition issues if form widgets like rich text take 10+ seconds to initialise – but that doesn’t seem likely.
This hook mimics the functiolity provided by `construct_page_action_menu`
in that it constructs the final list of buttons to be shown in the wagtail
admin interface. This means that within this function button's can be
removed, added or re-ordered.
See #4925
Testing the queryset in the if clause was causing the whole queryset
to be retrieved and populated from DB, all to check whether it was empty
or not.
The optimization is to rely on the strict behavior of
first_common_ancestor, which raises an exception if the queryset is
empty.
The USERNAME_FIELD exists to allow customisation. Therefore we should make an assumption that `.username` exists on the model. Instead, we need to pull the required value from the USERNAME_FIELD and add in a fallback default.
* Ensure that when you open the explorer the focus moves to the first link of the menu, and add a label for the explorer navigation
* Add dialog role to pages explorer popup, and ensure that there is an option to close the dialog window when tabbing by making the close button visually hidden rather than display none
revisions_for_moderation() was iterating over Page instances only
to use their path attribute. The optimization uses values_list()
over the GroupPagePermission queryset to retrieve only the page
paths without having to create the model instances in memory. This
saves roughly 50% of the runtime.
- adds a fieldset around checkboxes with the same name
- add correct labels for object permissions table
- Ensure that image and document permissions labels display correctly, and ensure that labels for the dropdowns for document and image collections are not display:none
- Hide labels from sighted users in group edit / group add pages
* Adds clearer text to the close button for modals
* Use existing wagtailConfig.STRINGS to store the new translatable string for JS, rather than introducing a new library.
* Update list of string constants for translation in the tests file
* Remove aria-hidden on modal dialog close button
Samir Shah