The old permission logic allowed anyone with publish permission to delete pages, with no further checks applied. This is incorrect, because the permission rules applied elsewhere establish that 1) deletion is equivalent to editing, and 2) publish permission DOES NOT imply edit permission.
Otherwise the PendingDeprecationWarnings for the next version of Django
become very noisy. The PendingDeprecationWarnings are generally ignored
because of the large range of Django versions supported, so printing
them by default causes nothing but noise. This causes actual warnings to
be ignored.
As a new contributor I found some of the information for contributing hard to
find easily. I think this restructure should fix that, by bringing relevant
menus under their headings and adding an additional heading for 'more
information' instead of just 'other contributions'.
I was getting a failure in the scheduled publishing tests, as in 10 days
time exactly the America/Chicago timezone goes through a DST transition,
which renders a time submitted in a form to be invalid.
Debugging this was fun.
Something was polluting the edit handlers with rich text fields that
then failed somewhere else due to missing configs. I'm not sure exactly
where and what the leakage was, but the test now pass consistently for
me so hopefully this fixed it? 🤷
* More helpful message if javascript is not activated.
* Clearer message when noJS
* Updating the CSS to make the noJS message look nicer on mobile version.
A form field with multiple checkboxes may introduce submissions that have more than one value. The `send_email` function would loop through all form fields and grab only the first item of each field, ignoring fields that may have multiple values selected. This is a side effect of using `QueryDict.get()`, which will only return the last value of a list.
This commit fixes that by first converting the `QueryDict` instance to a regular dict of lists so that `get` will return all values, then joining multiple items if needed.
Update page privacy form with login/group options
Add unit tests for setting group-based permissions
Add a basic login page to wagtailcore
Implement front-end logic for group and login-based permissions
Allow overriding the frontend login template name with WAGTAIL_FRONTEND_LOGIN_TEMPLATE
Add documentation for customising the login page
Add message on login page for authenticated users who don't have access
Using the new `Page.objects.first_common_ancestor()`, page choosers that
are restricted to a certain page type start at the most relevant parent
page to make selecting a page easier.
Albert O'Connor