You can clone with
HTTPS or Subversion.
This allows editing an application hooked to a page behind the curtains, otherwise editor can't interact with application data unless page is published.
@digi604 any comment on this?
The apphook would be accessible ... but the page is not published...
Doesn't look like it's working this way ATM. More detailed tests tomorrow. Assigning to me for review
i know that we resolve the apphooks in the views.py... could we check if edit is true there and staff = true? Is it resolved there as well after the restart? If yes we could check permissions there as well
Showing the main view it's quite straightfoward: code in https://github.com/divio/django-cms/blob/develop/cms/views.py#L96-L120 will take care of this, provided that we change https://github.com/divio/django-cms/blob/develop/cms/views.py#L108 from:
not page.is_published(current_language) and request.toolbar.edit_mode:
if not page.is_published(current_language) and request.toolbar.edit_mode and not request.user.is_staff:
"Deeper" views will remain unaccessible because urls are loaded statically from the public version of the page (see #2480 (comment)).
A different approach might be feasible but postponing to 3.1 it's a better option.
I'll open a different issue for this