-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Edit link on ModelAdmin index view without edit permissions #26
Comments
Hi @srtab, Are you able to confirm the impact of this step:
This sounds unrelated to the problem, but I didn't know whether it was necessary to recreate the issue? |
Hi @ababic, Yes, it's unrelated and not necessary to recreate the issue. The step 3 is only relevant for the solution I mentioned. |
@srtab cool, thanks. And can I just double-check that the user you're testing with is not a superuser (has the "Admin" checkbox checked), and you're not overriding the ButtonHelper/PermissionHelper classes? |
@ababic Good question! I was testing with superuser yes and i override the PermissionHelper to disable edit permission to anyone. Updating steps to consider this override. |
Got the same, just put this in your custom permission helper:
Log in as a superuser. Same applies for the inspect story. A button appears but everyone clicks on the title instead, resulting in permission denied. |
I can confirm this is a bug introduced by wagtail/wagtail#7408, which added the link around the content without considering the permissions of the user. @thibaud would you be okay to look at this? |
Related: wagtail/wagtail#8261 |
I think there's a similar issue in snippets, I'll try to reproduce it and file a separate issue. For this one, I'm transferring over to wagtail-modeladmin as per wagtail/rfcs#85. |
Issue Summary
Edit link added to ModelAdmin index view when I remove edit permissions is causing a permission denied redirect.
Steps to Reproduce
wagtail_hooks.py
with ModelAdmin configurations;I think that the correct behavior here will be replacing the edit link of first column content with the inspect link instead. And in case I haven't inspect view enabled, shouldn't add link at all to avoid the permission denied redirect.
Technical details
The text was updated successfully, but these errors were encountered: