You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Even if a user does not have the "change" permission, the SnippetViewSet still renders a link to the EditView, which then results in a permission error for this user. For example, we often use SnippetViewSet and use inspect_view_enabled = True and only allow inspect.
Falling back to the inspect view, if it has been enabled, and not defining a link if none of the others are available, seems a good way to solve it.
Steps to Reproduce
Add a wagtail_hooks.py and register a SnippetViewSet
Create a custom ModelPermissionPolicy and make user_has_permission return false if action==change
Redefined the permission_policy property in your SnippetViewSet to use your ModelPermissionPolicy
Technical details
Django version: 5.0.3
Wagtail version: 6.0.1
Browser version: You can use Chrome 123 to find this out.
The text was updated successfully, but these errors were encountered:
Issue Summary
Even if a user does not have the "change" permission, the
SnippetViewSet
still renders a link to theEditView
, which then results in a permission error for this user. For example, we often useSnippetViewSet
and use inspect_view_enabled = True and only allowinspect
.Falling back to the inspect view, if it has been enabled, and not defining a link if none of the others are available, seems a good way to solve it.
Steps to Reproduce
SnippetViewSet
ModelPermissionPolicy
and make user_has_permission return false ifaction==change
permission_policy
property in yourSnippetViewSet
to use yourModelPermissionPolicy
Technical details
The text was updated successfully, but these errors were encountered: