Allow CREATE and PUBLISH but disable EDIT and DELETE in Wagtail

2
votes

I have a group which asks for a content type in which I should allow a user to add and publish a page, but disable any changes. Basically after publication the published page should be 'read only'. Is there a way to achieve this with the permission tools in wagtail?

I have a LabPage and I have registered the permissions to be reflected in the groups display:

wagtail_hooks.py

@hooks.register('register_permissions')
def register_labpage_permissions():
    return Permission.objects.filter(
        content_type__app_label='my_app',
        codename__in=['add_labpage', 'change_labpage', 'delete_labpage']
    )

I have set only the "add" permissions for LabPage. "change" and "delete" are unset:

LabPage permissions

But my LabPage is contained in the site and the permissions are overridden by the general site Page Permissions:

General site permissions

My question is how do I allow the member of this specific group to have the default permissions for the site, but in the particular case of the LabPage to be able to ADD and PUBLISH, but not to EDIT or DELETE?

A more generic question would be: How do I set permissions per content type only (ex: LabPage) for a specific group, without them being overridden by parent group settings? How could this be achieved with wagtail hooks?

1
permissionswagtail
'Document' do you mean Document for storing files OR a Document a Page? You can always subclass Document (or Page) and define your own clean method. But that doesn't change the UI. - allcaps
Sorry for the confusion. My problem refers to a page. I changed the text above for clarification. - jcuot

1 Answers

1
votes

I found a solution which solves my problem 90%. It mainly boils down to changing ownership to None after page creation.

Solution details:

Create 2 groups:

Admin Group enter image description here

Member Group enter image description here

Basically the user in the "Member Group" is able to create and publish her own pages.

To block this, I created a hook in wagtail_hooks.py:

@hooks.register('after_create_page')
def set_read_only_lab_page(request, page):
if page.specific_class == MyPage:
    page.owner = None
    page.save()
    return messages.info(request, "Created read only My Page.")

So the member of the restricted "Member Group" looses ownership after page creation, but the member of the "Admin Group" can still edit all documents in the site.

The only downside of this solution is, that the restricted member still has permissions to unpublish all other pages in the site.

Another variant would be to remove the "publish" permission for the restricted members, but then admins will have to moderate submitted pages.

It's ugly, but it works. Any better suggestions?