feat: Re-introduce publish permission just as in v4.0

cms/admin/forms.py

@@ -1156,6 +1156,7 @@ class Meta:
             "can_add",
             "can_change",
             "can_delete",
+            "can_publish",
             "can_change_advanced_settings",
             "can_change_permissions",
             "can_move_page",
@@ -1199,6 +1200,7 @@ class Meta:
             "can_add",
             "can_change",
             "can_delete",
+            "can_publish",
             "can_change_advanced_settings",
             "can_change_permissions",
             "can_move_page",

cms/admin/permissionadmin.py

@@ -97,6 +97,8 @@ def get_formset(self, request, obj=None, **kwargs):
                 exclude.append('can_add')
             if not obj.has_delete_permission(user):
                 exclude.append('can_delete')
+            if not obj.has_publish_permission(user):
+                exclude.append('can_publish')
             if not obj.has_advanced_settings_permission(user):
                 exclude.append('can_change_advanced_settings')
             if not obj.has_move_page_permission(user):
@@ -120,8 +122,8 @@ class ViewRestrictionInlineAdmin(PagePermissionInlineAdmin):
 
 
 class GlobalPagePermissionAdmin(admin.ModelAdmin):
-    list_display = ['user', 'group', 'can_change', 'can_delete', 'can_change_permissions']
-    list_filter = ['user', 'group', 'can_change', 'can_delete', 'can_change_permissions']
+    list_display = ['user', 'group', 'can_change', 'can_delete', 'can_publish', 'can_change_permissions']
+    list_filter = ['user', 'group', 'can_change', 'can_delete', 'can_publish', 'can_change_permissions']
 
     form = GlobalPagePermissionAdminForm
     search_fields = []

cms/api.py

@@ -437,7 +437,7 @@ def add_plugin(placeholder, plugin_type, language, position='last-child',
 def create_page_user(created_by, user,
                      can_add_page=True, can_view_page=True,
                      can_change_page=True, can_delete_page=True,
-                     can_recover_page=True, can_add_pageuser=True,
+                     can_publish_page=True, can_add_pageuser=True,
                      can_change_pageuser=True, can_delete_pageuser=True,
                      can_add_pagepermission=True,
                      can_change_pagepermission=True,
@@ -466,7 +466,7 @@ def create_page_user(created_by, user,
         'can_view_page': can_view_page,
         'can_change_page': can_change_page,
         'can_delete_page': can_delete_page,
-        'can_recover_page': can_recover_page,
+        'can_publish_page': can_publish_page,
         'can_add_pageuser': can_add_pageuser,
         'can_change_pageuser': can_change_pageuser,
         'can_delete_pageuser': can_delete_pageuser,
@@ -515,6 +515,7 @@ def assign_user_to_page(page, user, grant_on=ACCESS_PAGE_AND_DESCENDANTS,
         'can_add': can_add or grant_all,
         'can_change': can_change or grant_all,
         'can_delete': can_delete or grant_all,
+        'can_publish': can_publish or grant_all,
         'can_change_advanced_settings': can_change_advanced_settings or grant_all,
         'can_change_permissions': can_change_permissions or grant_all,
         'can_move_page': can_move_page or grant_all,

cms/cache/permissions.py

@@ -3,7 +3,7 @@
 PERMISSION_KEYS = [
     'add_page', 'change_page', 'change_page_advanced_settings',
     'change_page_permissions', 'delete_page', 'move_page',
-    'view_page',
+    'publish_page', 'view_page',
 ]
 
 

cms/migrations/0035_auto_20230822_2208_squashed_0036_auto_20240311_1028.py

@@ -0,0 +1,15 @@
+# Generated by Django 3.2.23 on 2024-03-11 09:32
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    replaces = [('cms', '0035_auto_20230822_2208'), ('cms', '0036_auto_20240311_1028')]
+
+    dependencies = [
+        ('cms', '0034_remove_pagecontent_placeholders'),
+    ]
+
+    operations = [
+    ]

cms/migrations/0036_auto_20240311_1028.py

@@ -0,0 +1,27 @@
+# Generated by Django 3.2.23 on 2024-03-11 10:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('cms', '0035_auto_20230822_2208'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='page',
+            options={'default_permissions': ('add', 'change', 'delete'), 'permissions': (('view_page', 'Can view page'), ('publish_page', 'Can publish page'), ('edit_static_placeholder', 'Can edit static placeholders')), 'verbose_name': 'page', 'verbose_name_plural': 'pages'},
+        ),
+        migrations.AddField(
+            model_name='globalpagepermission',
+            name='can_publish',
+            field=models.BooleanField(default=True, verbose_name='can publish'),
+        ),
+        migrations.AddField(
+            model_name='pagepermission',
+            name='can_publish',
+            field=models.BooleanField(default=True, verbose_name='can publish'),
+        ),
+    ]

cms/models/pagemodel.py

@@ -187,6 +187,7 @@ class Meta:
         default_permissions = ('add', 'change', 'delete')
         permissions = (
             ('view_page', 'Can view page'),
+            ('publish_page', 'Can publish page'),
             ('edit_static_placeholder', 'Can edit static placeholders'),
         )
         verbose_name = _('page')
@@ -995,6 +996,10 @@ def has_delete_translation_permission(self, user, language):
         from cms.utils.page_permissions import user_can_delete_page_translation
         return user_can_delete_page_translation(user, page=self, language=language)
 
+    def has_publish_permission(self, user):
+        from cms.utils.page_permissions import user_can_publish_page
+        return user_can_publish_page(user, page=self)
+
     def has_advanced_settings_permission(self, user):
         from cms.utils.page_permissions import (
             user_can_change_page_advanced_settings,

cms/models/permissionmodels.py

@@ -83,6 +83,7 @@ class AbstractPagePermission(models.Model):
     can_change = models.BooleanField(_("can edit"), default=True)
     can_add = models.BooleanField(_("can add"), default=True)
     can_delete = models.BooleanField(_("can delete"), default=True)
+    can_publish = models.BooleanField(_("can publish"), default=True)
     can_change_advanced_settings = models.BooleanField(_("can change advanced settings"), default=False)
     can_change_permissions = models.BooleanField(
         _("can change permissions"), default=False, help_text=_("on page level")
@@ -113,6 +114,11 @@ def clean(self):
                         "to change the page. Edit permissions required.")
             raise ValidationError(message)
 
+        if self.can_publish:
+            message = _("Users can't publish a page without permissions "
+                        "to change the page. Edit permissions required.")
+            raise ValidationError(message)
+
         if self.can_change_advanced_settings:
             message = _("Users can't change page advanced settings without permissions "
                         "to change the page. Edit permissions required.")
@@ -156,6 +162,7 @@ def get_all_permissions(cls):
             'can_add',
             'can_change',
             'can_delete',
+            'can_publish',
             'can_change_advanced_settings',
             'can_change_permissions',
             'can_move_page',
@@ -174,6 +181,7 @@ def get_permissions_by_action(cls):
             'change_page_permissions': ['can_change', 'can_change_permissions'],
             'delete_page': ['can_change', 'can_delete'],
             'delete_page_translation': ['can_change', 'can_delete'],
+            'publish_page': ['can_change', 'can_publish'],
             'move_page': ['can_change', 'can_move_page'],
             'view_page': ['can_view'],
         }

cms/templates/admin/cms/page/permissions.html

@@ -38,6 +38,7 @@
                     <td class="can_change">{{ permission.can_change|boolean_icon }}</td>
                     <td class="can_add">{{ permission.can_add|boolean_icon }}</td>
                     <td class="can_delete">{{ permission.can_delete|boolean_icon }}</td>
+                    <td class="can_publish">{{ permission.can_publish|boolean_icon }}</td>
                     <td class="can_change_permissions">{{ permission.can_change_permissions|boolean_icon }}</td>
                     <td class="can_move_page">{{ permission.can_move_page|boolean_icon }}</td>
                     <td class="can_view">{{ permission.can_view|boolean_icon }}</td>

cms/test_utils/testcases.py

@@ -123,6 +123,7 @@ def add_global_permission(self, user, **kwargs):
             'can_add': False,
             'can_change': False,
             'can_delete': False,
+            'can_publish': False,
             'can_change_advanced_settings': False,
             'can_change_permissions': False,
             'can_move_page': False,
@@ -140,6 +141,7 @@ def add_page_permission(self, user, page, **kwargs):
             'can_add': False,
             'can_change': False,
             'can_delete': False,
+            'can_publish': False,
             'can_change_advanced_settings': False,
             'can_change_permissions': False,
             'can_move_page': False,
@@ -197,6 +199,7 @@ def _add_default_permissions(self, user):
         user.user_permissions.add(Permission.objects.get(codename='delete_link'))
         user.user_permissions.add(Permission.objects.get(codename='change_link'))
         # Page permissions
+        user.user_permissions.add(Permission.objects.get(codename='publish_page'))
         user.user_permissions.add(Permission.objects.get(codename='add_page'))
         user.user_permissions.add(Permission.objects.get(codename='change_page'))
         user.user_permissions.add(Permission.objects.get(codename='delete_page'))

cms/tests/test_admin.py

@@ -68,6 +68,7 @@ def _get_staff_user(self, use_global_permissions=True):
                 user=normal_guy,
                 can_change=True,
                 can_delete=True,
+                can_publish=True,
                 can_change_advanced_settings=False,
                 can_change_permissions=False,
                 can_move_page=True,
@@ -516,6 +517,7 @@ def _give_cms_permissions(self, user, save=True):
             user=user,
             can_change=True,
             can_delete=True,
+            can_publish=True,
             can_change_advanced_settings=False,
             can_change_permissions=False,
             can_move_page=True,

cms/tests/test_permissions.py

@@ -11,7 +11,7 @@
 from cms.test_utils.testcases import CMSTestCase
 from cms.utils.page_permissions import (
     get_change_id_list,
-    user_can_change_page,
+    user_can_publish_page,
 )
 
 
@@ -76,14 +76,15 @@ def test_cached_permission_precedence(self):
         )
         page_permission = GlobalPagePermission.objects.create(
             can_change=True,
+            can_publish=True,
             user=self.user_normal,
         )
         page_permission.sites.add(Site.objects.get_current())
-        set_permission_cache(self.user_normal, "change_page", [])
+        set_permission_cache(self.user_normal, "publish_page", [])
 
-        can_change = user_can_change_page(
+        can_publish = user_can_publish_page(
             self.user_normal,
             page,
             Site.objects.get_current(),
         )
-        self.assertTrue(can_change)
+        self.assertTrue(can_publish)

cms/tests/test_permmod.py

@@ -58,15 +58,18 @@ class PermissionModeratorTests(CMSTestCase):
 
     def setUp(self):
         # create super user
-        self.user_super = self._create_user("super", is_staff=True,
-                                            is_superuser=True)
-        self.user_staff = self._create_user("staff", is_staff=True,
-                                            add_default_permissions=True)
-        self.user_master = self._create_user("master", is_staff=True,
-                                             add_default_permissions=True)
-        self.user_slave = self._create_user("slave", is_staff=True,
-                                            add_default_permissions=True)
+        self.user_super = self._create_user("super", is_staff=True, is_superuser=True)
+
+        self.user_staff = self._create_user("staff", is_staff=True, add_default_permissions=True)
+        self.add_permission(self.user_staff, 'publish_page')
+
+        self.user_master = self._create_user("master", is_staff=True, add_default_permissions=True)
+        self.add_permission(self.user_master, 'publish_page')
+
+        self.user_slave = self._create_user("slave", is_staff=True, add_default_permissions=True)
+
         self.user_normal = self._create_user("normal", is_staff=False)
+        self.user_normal.user_permissions.add(Permission.objects.get(codename='publish_page'))
 
         with self.login_user_context(self.user_super):
             self.home_page = create_page("home", "nav_playground.html", "en",
@@ -105,7 +108,7 @@ def setUp(self):
             page_a = create_page("pageA", "nav_playground.html", "en",
                                  created_by=self.user_super)
             assign_user_to_page(page_a, self.user_master,
-                                can_add=True, can_change=True, can_delete=True,
+                                can_add=True, can_change=True, can_delete=True, can_publish=True,
                                 can_move_page=True)
 
     def _add_plugin(self, user, page):
@@ -214,6 +217,9 @@ def test_user_globalpermission(self):
             user_global.is_staff = False
             user_global.save()  # Prevent is_staff permission
             global_page = create_page("global", "nav_playground.html", "en")
+            # Removed call since global page user doesn't have publish permission
+            # global_page = publish_page(global_page, user_global)
+            # it's allowed for the normal user to view the page
             assign_user_to_page(global_page, user_global, global_permission=True, can_view=True)
 
         url = global_page.get_absolute_url('en')

cms/utils/page_permissions.py

@@ -16,6 +16,7 @@
 PAGE_ADD_CODENAME = get_model_permission_codename(Page, 'add')
 PAGE_CHANGE_CODENAME = get_model_permission_codename(Page, 'change')
 PAGE_DELETE_CODENAME = get_model_permission_codename(Page, 'delete')
+PAGE_PUBLISH_CODENAME = get_model_permission_codename(Page, 'publish')
 PAGE_VIEW_CODENAME = get_model_permission_codename(Page, 'view')
 
 
@@ -28,6 +29,7 @@
     'delete_page': [PAGE_CHANGE_CODENAME, PAGE_DELETE_CODENAME],
     'delete_page_translation': [PAGE_CHANGE_CODENAME, PAGE_DELETE_CODENAME],
     'move_page': [PAGE_CHANGE_CODENAME],
+    'publish_page': [PAGE_CHANGE_CODENAME, PAGE_PUBLISH_CODENAME],
 }
 
 
@@ -196,6 +198,18 @@ def user_can_delete_page_translation(user, page, language, site=None):
     return True
 
 
+@cached_func
+@auth_permission_required('publish_page')
+def user_can_publish_page(user, page, site=None):
+    has_perm = has_generic_permission(
+        page=page,
+        user=user,
+        action='publish_page',
+        site=site,
+    )
+    return has_perm
+
+
 @cached_func
 @auth_permission_required('change_page_advanced_settings')
 def user_can_change_page_advanced_settings(user, page, site=None):
@@ -416,6 +430,21 @@ def get_move_page_id_list(user, site, check_global=True, use_cache=True):
     return page_ids
 
 
+def get_publish_id_list(user, site, check_global=True, use_cache=True):
+     """
+     Give a list of page where the user has publish rights or the string "All" if
+     the user has all rights.
+     """
+     page_ids = _get_page_ids_for_action(
+         user=user,
+         site=site,
+         action='publish_page',
+         check_global=check_global,
+         use_cache=use_cache,
+     )
+     return page_ids
+
+
 def get_view_id_list(user, site, check_global=True, use_cache=True):
     """Give a list of pages which user can view.
     """
@@ -441,6 +470,7 @@ def has_generic_permission(page, user, action, site=None, check_global=True):
         'change_page_permissions': get_change_permissions_id_list,
         'delete_page': get_delete_id_list,
         'delete_page_translation': get_delete_id_list,
+        'publish_page': get_publish_id_list,
         'move_page': get_move_page_id_list,
         'view_page': get_view_id_list,
     }