mirror of
https://github.com/wagtail/wagtail.git
synced 2024-11-29 17:36:49 +01:00
7c3418f99e
Currently any user with any page permission can view any page revision. This commit fixes that, and ensures that the user has publish or edit permission on the page before showing a page revision. If not, the user is presented with a 403. This maintains the current behavior if the user has no page permissions, which is to redirect to the admin home page. New tests have been added to cover these changes. Fixes issue 5426.
46 lines
2.2 KiB
ReStructuredText
46 lines
2.2 KiB
ReStructuredText
==========================================
|
|
Wagtail 2.7 release notes - IN DEVELOPMENT
|
|
==========================================
|
|
|
|
.. contents::
|
|
:local:
|
|
:depth: 1
|
|
|
|
|
|
Wagtail 2.7 is designated a Long Term Support (LTS) release. Long Term Support releases will continue to receive maintenance updates as necessary to address security and data-loss related issues, up until the next LTS release (typically a period of 12 months).
|
|
|
|
|
|
What's new
|
|
==========
|
|
|
|
|
|
Other features
|
|
~~~~~~~~~~~~~~
|
|
|
|
* Added ``construct_page_listing_buttons`` hook (Michael van Tellingen)
|
|
* Added more detailed documentation and troubleshooting for installing OpenCV for feature detection (Daniele Procida)
|
|
* Move and refactor upgrade notification JS (Jonny Scholes)
|
|
|
|
|
|
Bug fixes
|
|
~~~~~~~~~
|
|
|
|
* Added line breaks to long filenames on multiple image / document uploader (Kevin Howbrook)
|
|
* Added https support for Scribd oEmbed provider (Rodrigo)
|
|
* Changed StreamField group label color so labels are visible (Catherine Farman)
|
|
* Prevented images with a very wide aspect ratio from being displayed distorted in the rich text editor (Iman Syed)
|
|
* Prevent exception when deleting a model with a protected One-to-one relationship (Neal Todd)
|
|
* Added labels to snippet bulk edit checkboxes for screen reader users (Martey Dodoo)
|
|
* Middleware responses during page preview are now properly returned to the user (Matt Westcott)
|
|
* Default text of page links in rich text uses the public page title rather than the admin display title (Andy Chosak)
|
|
* Specific page permission checks are now enforced when viewing a page revision (Andy Chosak)
|
|
|
|
|
|
Upgrade considerations
|
|
======================
|
|
|
|
``Page.dummy_request`` is deprecated
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
The internal ``Page.dummy_request`` method (which generates an HTTP request object simulating a real page request, for use in previews) has been deprecated, as it did not correctly handle errors generated during middleware processing. Any code that calls this method to render page previews should be updated to use the new method ``Page.make_preview_request(original_request=None, preview_mode=None)``, which builds the request and calls ``Page.serve_preview`` as a single operation.
|