Permissions in djangocms-versioning¶
This documentation covers the permissions system introduced for publishing and unpublishing content in djangocms-versioning. This system allows for fine-grained control over who can publish and unpublish or otherwise manage versions of content.
Understanding Permissions¶
Permissions are set at the content object level, allowing for detailed
access control based on the user’s roles and permissions. The system
checks for specific methods within the content object, e.g.
PageContent
to determine if a user has the necessary permissions.
Specific publish permission (only for publish/unpublish action): To check if a user has the permission to publish content, the system looks for a method named
has_publish_permission
on the content object. If this method is present, it will be called to determine whether the user is allowed to publish the content.Example:
def has_publish_permission(self, user): if user.is_superuser: # Superusers typically have permission to publish return True # Custom logic to determine if the user can publish return user_has_permission
Change Permission (and first fallback for
has_publish_permission
): If the content object has a method namedhas_change_permission
, this method will be called to assess if a user has the permission to change the content. This is a general permission check that is not specific to publishing or unpublishing actions.Example:
def has_change_permission(self, user): if user.is_superuser: # Superusers typically have permission to publish return True # Custom logic to determine if the user can change the content return user_has_permission
First Fallback Placeholder Change Permission: For content objects that involve placeholders, such as PageContent objects, a method named
has_placeholder_change_permission
is checked. This method should determine if the user has the permission to change placeholders within the content.Example:
def has_placeholder_change_permission(self, user): if user.is_superuser: # Superusers typically have permission to publish return True # Custom logic to determine if the user can change placeholders return user_has_permission
Last resort Django permissions: If none of the above methods are present on the content object, the system falls back to checking if the user has a generic Django permission to change
Version
objects. This ensures that there is always a permission check in place, even if specific methods are not implemented for the content object. By default, the Django permissions are set on a user or group level and include all instances of the content object.Note
It is highly recommended to implement the specific permission methods on your content objects for more granular control over user actions.
Conclusion¶
The permissions system introduced in djangocms-versioning for publishing and unpublishing content provides a flexible and powerful way to manage access to content. By defining custom permission logic within your content objects, you can ensure that only authorized users are able to perform these actions.