You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current wagtailcore.models.PagePermissionTester.can_reorder_children implementation just returns self.can_publish_subpage(), which has a side-effect of checking the page has creatable children. In case it has children with is_creatable=False, we cannot reorder them, even though we have permissions to edit them (i.e. only creation of new ones should be restricted).
Method can_reorder_children should probably be reimplemented in a different way, checking only editing permissions for children.
Steps to reproduce
Create a parent page model
Create a child page model
Make is_creatable field of the child to be a descriptor returning false in case there are more then two instances. For example (pseudo code):
can_publish_subpage is misnamed, really - it should probably be called something like can_publish_new_subpage - and I think that's what caught me out here. I think we want can_reorder_children to equal "can publish subpages" in the literal sense, since it's making an immediate change (albeit a minor one) to the live site, which is usually something that only users with publish permission can do:
def can_reorder_children(self):
"""
Keep reorder permissions the same as publishing, since it immediately affects published pages
(and the use-cases for a non-admin needing to do it are fairly obscure...)
"""
if not self.user.is_active:
return False
return self.user.is_superuser or ('publish' in self.permissions)
(We'll need to add a test to cover this additional case, of course.)
Summary
The current wagtailcore.models.PagePermissionTester.can_reorder_children implementation just returns self.can_publish_subpage(), which has a side-effect of checking the page has creatable children. In case it has children with
is_creatable=False
, we cannot reorder them, even though we have permissions to edit them (i.e. only creation of new ones should be restricted).Method
can_reorder_children
should probably be reimplemented in a different way, checking only editing permissions for children.Steps to reproduce
is_creatable
field of the child to be a descriptor returning false in case there are more then two instances. For example (pseudo code):Technical details
1.9
The text was updated successfully, but these errors were encountered: