Permissions That Allow User to Edit but Not Publish

[wesleyboar]

Description

Either describe or support a set of permissions allow a User/Group to be able to add and edit blog articles, but not publish blog articles.

Use cases

News organizations with a workflow that distinguishes who writes (adds and edits) articles, and who approves (publishes) articles.

Proposed solution

• If not intuitive to set up, then document permissions that achieve the goal.
• If possible to add "publish" permission, then add:
  djangocms_blog | blog article | Can publish blog article

Alternatives

I have found no combination of permissions that supports my organization's needs.

Additional information

This is how I currently have set up permissions:

Group Permissions

News Editor

Basically, this group can add, change, and view articles but not publish CMS pages. (I know articles differ from pages, but I don't see how to distinguish what data of an article can be edited and what cannot, so I am trying any possibly sensible combination.)

Markup of "CHOSEN PERMISSIONS"
_{click to show/hide <select multiple ... >}

```html bootstrap4_media | bootstrap4 media | Can change bootstrap4 media bootstrap4_media | bootstrap4 media | Can view bootstrap4 media bootstrap4_media | bootstrap4 media body | Can change bootstrap4 media body bootstrap4_media | bootstrap4 media body | Can view bootstrap4 media body bootstrap4_picture | bootstrap4 picture | Can add bootstrap4 picture bootstrap4_picture | bootstrap4 picture | Can change bootstrap4 picture bootstrap4_picture | bootstrap4 picture | Can delete bootstrap4 picture bootstrap4_picture | bootstrap4 picture | Can view bootstrap4 picture cms | cms plugin | Can change cms plugin cms | cms plugin | Can view cms plugin cms | page | Can change page cms | page | Can view page cms | placeholder | Can use Structure mode djangocms_blog | blog article | Can add blog article djangocms_blog | blog article | Can change blog article djangocms_blog | blog article | Can view blog article djangocms_link | link | Can change link djangocms_link | link | Can view link djangocms_text_ckeditor | text | Can add text djangocms_text_ckeditor | text | Can change text djangocms_text_ckeditor | text | Can delete text djangocms_text_ckeditor | text | Can view text djangocms_video | video player | Can change video player djangocms_video | video player | Can view video player djangocms_video | video source | Can change video source djangocms_video | video source | Can view video source djangocms_video | video track | Can change video track djangocms_video | video track | Can view video track filer | image | Can change image filer | image | Can view image ```

Page Permissions

News (i.e. Blog) Page

USER	GROUP	CAN ADD	CAN EDIT	CAN DELETE	CAN PUBLISH	CAN CHANGE ADVANCED SETTINGS	CAN CHANGE PERMISSIONS	CAN MOVE	GRANT ON	DELETE?
-	News Editor	☑	☑						Page descendants

Page Global Permissions

News Editor

None.

[wesleyboar]

I made progress adjusting my client CMS to allow this.

To Ease Testing ⭐️

Add these settings (source):

CMS_PERMISSIONS = True
# IMPORTANT: All values must be set (to prevent KeyError)
CMS_CACHE_DURATIONS = {
    'menus': 60,
    'content': 60,
    'permissions': 0,
}

To Easily Add Permissions ✅

See https://github.com/TACC/Core-CMS/blob/f090ccc/taccsite_cms/management/commands/group_perms/news_writer_advanced.py.

To Not Let User Publish Article 🐞

With caveats (see "Status"): https://github.com/TACC/tup-ui/pull/141.