fix: .load jQuery method erroneously replaced by .on('load') (#7679)

* Fix: `.load` jQuery method erroneously replaced by `on('load')`

* fix: Remove `can_publish` permission from django CMS 4 core (#7635)

* Fix css glitch

* Update translations source fill which was missing strings

* Fix: Remove can_publish permission

* Update _toolbar.scss

* Fix: Use svg icons for boolean values in admin (present since Dango 1.11)

* Fix: Update to use .format for icon base

* Fix: missing alt attribute

cms/admin/forms.py

@@ -1099,7 +1099,6 @@ class Meta:
             'can_add',
             'can_change',
             'can_delete',
-            'can_publish',
             'can_change_advanced_settings',
             'can_change_permissions',
             'can_move_page',
@@ -1143,7 +1142,6 @@ class Meta:
             'can_add',
             'can_change',
             'can_delete',
-            'can_publish',
             'can_change_advanced_settings',
             'can_change_permissions',
             'can_move_page',

cms/admin/permissionadmin.py

@@ -88,7 +88,7 @@ def get_formset(self, request, obj=None, **kwargs):
         """
         Some fields may be excluded here. User can change only
         permissions which are available for him. E.g. if user does not haves
-        can_publish flag, he can't change assign can_publish permissions.
+        can_change flag, he can't change assign can_change permissions.
         """
         exclude = self.exclude or []
         if obj:
@@ -97,8 +97,6 @@ def get_formset(self, request, obj=None, **kwargs):
                 exclude.append('can_add')
             if not obj.has_delete_permission(user):
                 exclude.append('can_delete')
-            if not obj.has_publish_permission(user):
-                exclude.append('can_publish')
             if not obj.has_advanced_settings_permission(user):
                 exclude.append('can_change_advanced_settings')
             if not obj.has_move_page_permission(user):
@@ -122,8 +120,8 @@ class ViewRestrictionInlineAdmin(PagePermissionInlineAdmin):
 
 
 class GlobalPagePermissionAdmin(admin.ModelAdmin):
-    list_display = ['user', 'group', 'can_change', 'can_delete', 'can_publish', 'can_change_permissions']
-    list_filter = ['user', 'group', 'can_change', 'can_delete', 'can_publish', 'can_change_permissions']
+    list_display = ['user', 'group', 'can_change', 'can_delete', 'can_change_permissions']
+    list_filter = ['user', 'group', 'can_change', 'can_delete', 'can_change_permissions']
 
     form = GlobalPagePermissionAdminForm
     search_fields = []

cms/api.py

@@ -488,7 +488,7 @@ def create_page_user(created_by, user,
 
 def assign_user_to_page(page, user, grant_on=ACCESS_PAGE_AND_DESCENDANTS,
                         can_add=False, can_change=False, can_delete=False,
-                        can_change_advanced_settings=False, can_publish=False,
+                        can_change_advanced_settings=False, can_publish=None,
                         can_change_permissions=False, can_move_page=False,
                         can_recover_page=True, can_view=False,
                         grant_all=False, global_permission=False):
@@ -507,13 +507,16 @@ def assign_user_to_page(page, user, grant_on=ACCESS_PAGE_AND_DESCENDANTS,
     :param can_*: Permissions to grant
     :param bool grant_all: Grant all permissions to the user
     """
+    if can_publish is not None:
+        warnings.warn('This API function no longer accepts a "can_publish" argument.',
+                      UserWarning, stacklevel=2)
+
     grant_all = grant_all and not global_permission
     data = {
         'can_add': can_add or grant_all,
         'can_change': can_change or grant_all,
         'can_delete': can_delete or grant_all,
         'can_change_advanced_settings': can_change_advanced_settings or grant_all,
-        'can_publish': can_publish or grant_all,
         'can_change_permissions': can_change_permissions or grant_all,
         'can_move_page': can_move_page or grant_all,
         'can_view': can_view or grant_all,

cms/cache/permissions.py

@@ -3,7 +3,7 @@
 PERMISSION_KEYS = [
     'add_page', 'change_page', 'change_page_advanced_settings',
     'change_page_permissions', 'delete_page', 'move_page',
-    'publish_page', 'view_page',
+    'view_page',
 ]
 
 

cms/migrations/0035_auto_20230822_2208.py

@@ -14,4 +14,22 @@ class Migration(migrations.Migration):
             name='pagecontent',
             options={'default_permissions': [], 'verbose_name': 'page content', 'verbose_name_plural': 'page contents'},
         ),
+        migrations.AlterModelOptions(
+            name='page',
+            options={'default_permissions': ('add', 'change', 'delete'), 'permissions': (
+            ('view_page', 'Can view page'), ('edit_static_placeholder', 'Can edit static placeholders')),
+                     'verbose_name': 'page', 'verbose_name_plural': 'pages'},
+        ),
+        migrations.AlterModelOptions(
+            name='pagecontent',
+            options={'default_permissions': [], 'verbose_name': 'page content', 'verbose_name_plural': 'page contents'},
+        ),
+        migrations.RemoveField(
+            model_name='globalpagepermission',
+            name='can_publish',
+        ),
+        migrations.RemoveField(
+            model_name='pagepermission',
+            name='can_publish',
+        ),
     ]

cms/models/managers.py

@@ -245,7 +245,7 @@ def user_has_permissions(self, user, site_id, perms):
         return queryset.filter(functools.reduce(operator.or_, queries)).exists()
 
     def subordinate_to_user(self, user, site):
-        """
+        r"""
         Get all page permission objects on which user/group is lover in
         hierarchy then given user and given user can change permissions on them.
 

cms/models/pagemodel.py

@@ -192,7 +192,6 @@ class Meta:
         default_permissions = ('add', 'change', 'delete')
         permissions = (
             ('view_page', 'Can view page'),
-            ('publish_page', 'Can publish page'),
             ('edit_static_placeholder', 'Can edit static placeholders'),
         )
         verbose_name = _('page')
@@ -1001,10 +1000,6 @@ def has_delete_translation_permission(self, user, language):
         from cms.utils.page_permissions import user_can_delete_page_translation
         return user_can_delete_page_translation(user, page=self, language=language)
 
-    def has_publish_permission(self, user):
-        from cms.utils.page_permissions import user_can_publish_page
-        return user_can_publish_page(user, page=self)
-
     def has_advanced_settings_permission(self, user):
         from cms.utils.page_permissions import (
             user_can_change_page_advanced_settings,

cms/models/permissionmodels.py

@@ -84,7 +84,6 @@ class AbstractPagePermission(models.Model):
     can_add = models.BooleanField(_("can add"), default=True)
     can_delete = models.BooleanField(_("can delete"), default=True)
     can_change_advanced_settings = models.BooleanField(_("can change advanced settings"), default=False)
-    can_publish = models.BooleanField(_("can publish"), default=True)
     can_change_permissions = models.BooleanField(
         _("can change permissions"), default=False, help_text=_("on page level")
     )
@@ -114,11 +113,6 @@ def clean(self):
                         "to change the page. Edit permissions required.")
             raise ValidationError(message)
 
-        if self.can_publish:
-            message = _("Users can't publish a page without permissions "
-                        "to change the page. Edit permissions required.")
-            raise ValidationError(message)
-
         if self.can_change_advanced_settings:
             message = _("Users can't change page advanced settings without permissions "
                         "to change the page. Edit permissions required.")
@@ -162,7 +156,6 @@ def get_all_permissions(cls):
             'can_add',
             'can_change',
             'can_delete',
-            'can_publish',
             'can_change_advanced_settings',
             'can_change_permissions',
             'can_move_page',
@@ -182,7 +175,6 @@ def get_permissions_by_action(cls):
             'delete_page': ['can_change', 'can_delete'],
             'delete_page_translation': ['can_change', 'can_delete'],
             'move_page': ['can_change', 'can_move_page'],
-            'publish_page': ['can_change', 'can_publish'],
             'view_page': ['can_view'],
         }
         return permissions_by_action

cms/static/cms/js/modules/cms.changeform.js

@@ -11,7 +11,7 @@ $(function() {
 
     // all permissions and page states loader
     $('div.loading').each(function() {
-        $(this).on('load', $(this).attr('rel'));
+        $(this).load($(this).attr('rel'));
     });
 
     // hide rows when hidden input fields are added

cms/templates/admin/cms/page/permissions.html

@@ -38,7 +38,6 @@
                     <td class="can_change">{{ permission.can_change|boolean_icon }}</td>
                     <td class="can_add">{{ permission.can_add|boolean_icon }}</td>
                     <td class="can_delete">{{ permission.can_delete|boolean_icon }}</td>
-                    <td class="can_publish">{{ permission.can_publish|boolean_icon }}</td>
                     <td class="can_change_permissions">{{ permission.can_change_permissions|boolean_icon }}</td>
                     <td class="can_move_page">{{ permission.can_move_page|boolean_icon }}</td>
                     <td class="can_view">{{ permission.can_view|boolean_icon }}</td>

cms/templatetags/cms_admin.py

@@ -7,6 +7,7 @@
 from django.contrib.admin.views.main import ERROR_FLAG
 from django.template.loader import render_to_string
 from django.utils.encoding import force_str
+from django.utils.html import format_html
 from django.utils.safestring import mark_safe
 from django.utils.translation import get_language
 from django.utils.translation import gettext_lazy as _
@@ -19,7 +20,7 @@
 
 register = template.Library()
 
-CMS_ADMIN_ICON_BASE = "%sadmin/img/" % settings.STATIC_URL
+CMS_ADMIN_ICON_BASE = "{}admin/img/".format(settings.STATIC_URL)
 
 
 class GetAdminUrlForLanguage(AsTag):
@@ -216,10 +217,12 @@ def choices():
 
 @register.filter
 def boolean_icon(value):
-    BOOLEAN_MAPPING = {True: 'yes', False: 'no', None: 'unknown'}
-    return mark_safe(
-        '<img src="%sicon-%s.gif" alt="%s" />' % (CMS_ADMIN_ICON_BASE, BOOLEAN_MAPPING.get(value, 'unknown'), value))
-
+    mapped_icon = {True: 'yes', False: 'no'}.get(value, 'unknown')
+    return format_html(
+        '<img src="{0}icon-{1}.svg" alt="{1}" />',
+        CMS_ADMIN_ICON_BASE,
+        mapped_icon,
+    )
 
 @register.tag(name="page_submit_row")
 class PageSubmitRow(InclusionTag):

cms/test_utils/testcases.py

@@ -121,7 +121,6 @@ def add_global_permission(self, user, **kwargs):
             'can_change': False,
             'can_delete': False,
             'can_change_advanced_settings': False,
-            'can_publish': False,
             'can_change_permissions': False,
             'can_move_page': False,
             'can_recover_page': False,
@@ -139,7 +138,6 @@ def add_page_permission(self, user, page, **kwargs):
             'can_change': False,
             'can_delete': False,
             'can_change_advanced_settings': False,
-            'can_publish': False,
             'can_change_permissions': False,
             'can_move_page': False,
             'page': page,
@@ -196,7 +194,6 @@ def _add_default_permissions(self, user):
         user.user_permissions.add(Permission.objects.get(codename='delete_link'))
         user.user_permissions.add(Permission.objects.get(codename='change_link'))
         # Page permissions
-        user.user_permissions.add(Permission.objects.get(codename='publish_page'))
         user.user_permissions.add(Permission.objects.get(codename='add_page'))
         user.user_permissions.add(Permission.objects.get(codename='change_page'))
         user.user_permissions.add(Permission.objects.get(codename='delete_page'))

cms/tests/test_admin.py

@@ -70,7 +70,6 @@ def _get_staff_user(self, use_global_permissions=True):
                 can_change=True,
                 can_delete=True,
                 can_change_advanced_settings=False,
-                can_publish=True,
                 can_change_permissions=False,
                 can_move_page=True,
             )
@@ -519,7 +518,6 @@ def _give_cms_permissions(self, user, save=True):
             can_change=True,
             can_delete=True,
             can_change_advanced_settings=False,
-            can_publish=True,
             can_change_permissions=False,
             can_move_page=True,
         )

cms/tests/test_permissions.py

@@ -11,7 +11,7 @@
 from cms.test_utils.testcases import CMSTestCase
 from cms.utils.page_permissions import (
     get_change_id_list,
-    user_can_publish_page,
+    user_can_change_page,
 )
 
 
@@ -76,15 +76,14 @@ def test_cached_permission_precedence(self):
         )
         page_permission = GlobalPagePermission.objects.create(
             can_change=True,
-            can_publish=True,
             user=self.user_normal,
         )
         page_permission.sites.add(Site.objects.get_current())
-        set_permission_cache(self.user_normal, "publish_page", [])
+        set_permission_cache(self.user_normal, "change_page", [])
 
-        can_publish = user_can_publish_page(
+        can_change = user_can_change_page(
             self.user_normal,
             page,
             Site.objects.get_current(),
         )
-        self.assertTrue(can_publish)
+        self.assertTrue(can_change)

cms/tests/test_permmod.py

@@ -62,15 +62,11 @@ def setUp(self):
                                             is_superuser=True)
         self.user_staff = self._create_user("staff", is_staff=True,
                                             add_default_permissions=True)
-        self.add_permission(self.user_staff, 'publish_page')
         self.user_master = self._create_user("master", is_staff=True,
                                              add_default_permissions=True)
-        self.add_permission(self.user_master, 'publish_page')
         self.user_slave = self._create_user("slave", is_staff=True,
                                             add_default_permissions=True)
         self.user_normal = self._create_user("normal", is_staff=False)
-        self.user_normal.user_permissions.add(
-            Permission.objects.get(codename='publish_page'))
 
         with self.login_user_context(self.user_super):
             self.home_page = create_page("home", "nav_playground.html", "en",
@@ -109,7 +105,7 @@ def setUp(self):
             page_a = create_page("pageA", "nav_playground.html", "en",
                                  created_by=self.user_super)
             assign_user_to_page(page_a, self.user_master,
-                                can_add=True, can_change=True, can_delete=True, can_publish=True,
+                                can_add=True, can_change=True, can_delete=True,
                                 can_move_page=True)
 
     def _add_plugin(self, user, page):
@@ -218,9 +214,6 @@ def test_user_globalpermission(self):
             user_global.is_staff = False
             user_global.save()  # Prevent is_staff permission
             global_page = create_page("global", "nav_playground.html", "en")
-            # Removed call since global page user doesn't have publish permission
-            # global_page = publish_page(global_page, user_global)
-            # it's allowed for the normal user to view the page
             assign_user_to_page(global_page, user_global, global_permission=True, can_view=True)
 
         url = global_page.get_absolute_url('en')

cms/tests/test_toolbar.py

@@ -647,7 +647,6 @@ def test_no_change_button(self):
         request = self.get_page_request(page, user, edit_url, disable=False)
         request.toolbar.post_template_populate()
         self.assertFalse(page.has_change_permission(request.user))
-        self.assertFalse(page.has_publish_permission(request.user))
 
         items = request.toolbar.get_left_items() + request.toolbar.get_right_items()
         # Logo + page-menu + admin-menu + color scheme + logout

cms/utils/page_permissions.py

@@ -16,7 +16,6 @@
 PAGE_ADD_CODENAME = get_model_permission_codename(Page, 'add')
 PAGE_CHANGE_CODENAME = get_model_permission_codename(Page, 'change')
 PAGE_DELETE_CODENAME = get_model_permission_codename(Page, 'delete')
-PAGE_PUBLISH_CODENAME = get_model_permission_codename(Page, 'publish')
 PAGE_VIEW_CODENAME = get_model_permission_codename(Page, 'view')
 
 
@@ -29,8 +28,6 @@
     'delete_page': [PAGE_CHANGE_CODENAME, PAGE_DELETE_CODENAME],
     'delete_page_translation': [PAGE_CHANGE_CODENAME, PAGE_DELETE_CODENAME],
     'move_page': [PAGE_CHANGE_CODENAME],
-    'publish_page': [PAGE_CHANGE_CODENAME, PAGE_PUBLISH_CODENAME],
-    'revert_page_to_live': [PAGE_CHANGE_CODENAME]
 }
 
 
@@ -199,18 +196,6 @@ def user_can_delete_page_translation(user, page, language, site=None):
     return True
 
 
-@cached_func
-@auth_permission_required('publish_page')
-def user_can_publish_page(user, page, site=None):
-    has_perm = has_generic_permission(
-        page=page,
-        user=user,
-        action='publish_page',
-        site=site,
-    )
-    return has_perm
-
-
 @cached_func
 @auth_permission_required('change_page_advanced_settings')
 def user_can_change_page_advanced_settings(user, page, site=None):
@@ -431,21 +416,6 @@ def get_move_page_id_list(user, site, check_global=True, use_cache=True):
     return page_ids
 
 
-def get_publish_id_list(user, site, check_global=True, use_cache=True):
-    """
-    Give a list of page where the user has publish rights or the string "All" if
-    the user has all rights.
-    """
-    page_ids = _get_page_ids_for_action(
-        user=user,
-        site=site,
-        action='publish_page',
-        check_global=check_global,
-        use_cache=use_cache,
-    )
-    return page_ids
-
-
 def get_view_id_list(user, site, check_global=True, use_cache=True):
     """Give a list of pages which user can view.
     """
@@ -472,7 +442,6 @@ def has_generic_permission(page, user, action, site=None, check_global=True):
         'delete_page': get_delete_id_list,
         'delete_page_translation': get_delete_id_list,
         'move_page': get_move_page_id_list,
-        'publish_page': get_publish_id_list,
         'view_page': get_view_id_list,
     }