Merge 72459b0 into 4fd8210

django-cms · Apr 26, 2024 · f8214c6 · f8214c6
2 parents 4fd8210 + 72459b0
commit f8214c6
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 14 deletions.
diff --git a/.github/workflows/new_contributor_pr.yml b/.github/workflows/new_contributor_pr.yml
@@ -37,7 +37,7 @@ jobs:
                 {
                   "title": "New Contributor Alert",
                   "description": "A new contributor has opened a pull request!",
-                  "color": 3066993,  # You can customize the color here
+                  "color": 3066993,
                   "fields": [
                     {
                       "name": "Repository",

diff --git a/cms/admin/pageadmin.py b/cms/admin/pageadmin.py
@@ -369,11 +369,6 @@ def delete_view(self, request, object_id, extra_context=None):
             **get_deleted_objects_additional_kwargs
         )
 
-        # `django.contrib.admin.utils.get_deleted_objects()` only returns the verbose_name of a model,
-        # we hence have to use that name in order to allow the deletion of objects otherwise prevented.
-        perms_needed.discard(Placeholder._meta.verbose_name)
-        perms_needed.discard(PageContent._meta.verbose_name)
-
         if request.POST and not protected:  # The user has confirmed the deletion.
             if perms_needed:
                 raise PermissionDenied
@@ -1263,13 +1258,6 @@ def delete_view(self, request, object_id, extra_context=None):
             list(perms_needed_url) + list(perms_needed_translation) + list(perms_needed_plugins)
         )
 
-        # This is bad and I should feel bad.
-        if 'placeholder' in perms_needed:
-            perms_needed.remove('placeholder')
-
-        if 'page content' in perms_needed:
-            perms_needed.remove('page content')
-
         if request.method == 'POST':
             if perms_needed:
                 raise PermissionDenied

diff --git a/cms/admin/placeholderadmin.py b/cms/admin/placeholderadmin.py
@@ -192,17 +192,27 @@ class PlaceholderAdminMixin(metaclass=PlaceholderAdminMixinBase):
 class PlaceholderAdmin(admin.ModelAdmin):
 
     def has_add_permission(self, request):
+        # Placeholders are created by the system
         return False
 
     def has_change_permission(self, request, obj=None):
+        # Placeholders are not editable in the admin
         return False
 
     def has_delete_permission(self, request, obj=None):
-        return False
+        # Placeholders are deleted by cascading the deletion of their source object
+        # so we don't need to check for delete permissions here.
+        return True
 
     def has_module_permission(self, request):
+        # Do not show in admin
         return False
 
+    def delete_view(self, request, object_id, extra_context=None):
+        # Placeholder are deleted by cascading the deletion of their source object
+        # but the admin's delete view is not available for placeholders.
+        raise PermissionDenied
+
     def get_urls(self):
         """
         Register the plugin specific urls (add/edit/copy/remove/move)