Open srtab opened 2 years ago
Hi @srtab,
Are you able to confirm the impact of this step:
- Configured ModelAdmin to allow inspect view
This sounds unrelated to the problem, but I didn't know whether it was necessary to recreate the issue?
Hi @ababic,
Yes, it's unrelated and not necessary to recreate the issue. The step 3 is only relevant for the solution I mentioned.
@srtab cool, thanks.
And can I just double-check that the user you're testing with is not a superuser (has the "Admin" checkbox checked), and you're not overriding the ButtonHelper/PermissionHelper classes?
@ababic Good question!
I was testing with superuser yes and i override the PermissionHelper to disable edit permission to anyone. Updating steps to consider this override.
Got the same, just put this in your custom permission helper:
def user_can_edit_obj(self, user, obj):
return False
Log in as a superuser.
Same applies for the inspect story. A button appears but everyone clicks on the title instead, resulting in permission denied.
I can confirm this is a bug introduced by wagtail/wagtail#7408, which added the link around the content without considering the permissions of the user. @Thibaud would you be okay to look at this?
Related: wagtail/wagtail#8261
I think there's a similar issue in snippets, I'll try to reproduce it and file a separate issue. For this one, I'm transferring over to wagtail-modeladmin as per wagtail/rfcs#85.
Issue Summary
Edit link added to ModelAdmin index view when I remove edit permissions is causing a permission denied redirect.
Steps to Reproduce
wagtail_hooks.py
with ModelAdmin configurations;I think that the correct behavior here will be replacing the edit link of first column content with the inspect link instead. And in case I haven't inspect view enabled, shouldn't add link at all to avoid the permission denied redirect.
Technical details