You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a user has no permission to “add”, “change” or “delete” on a SnippetViewSet, he can't see the Snippet or access it, even though he has the “view” permission.
I would suggest adding the “view” permission on 3 different locations:
On the IndexView on admin > views > generic > models. This allows the user to see the index page.
On the InspectView on admin > views > generic > models. This allows the user to inspect an object. Could also be a good alternative to add the “inspect” permission here.
Thanks for the report! As far as I know, Wagtail currently does not use the "view" permission in the admin at all, so I'm inclined to mark this as an enhancement than a bug.
Issue Summary
If a user has no permission to “add”, “change” or “delete” on a
SnippetViewSet
, he can't see the Snippet or access it, even though he has the “view” permission.I would suggest adding the “view” permission on 3 different locations:
On the
IndexView
on admin > views > generic > models. This allows the user to see the index page.On the
InspectView
on admin > views > generic > models. This allows the user to inspect an object. Could also be a good alternative to add the “inspect” permission here.On the
menu_item_class
method in theModelViewSet
that will be used bySnippetViewSet
. This allows the user to see the Snippet in the menu sidebar.There could be other locations where this permission should be added, I just found this 3 relating to the
SnippetViewSet
.Steps to Reproduce
wagtail_hooks.py
and register aSnippetViewSet
ModelPermissionPolicy
and makeuser_has_permission
return false ifaction==change
, oraction==add
oraction==delete
permission_policy
property in yourSnippetViewSet
to use yourModelPermissionPolicy
Technical details
The text was updated successfully, but these errors were encountered: