Permissions for page editing

I’m working on a simple project. It’s basically a website, but I want the customer to be able to edit the content of all pages. I set up a Django CMS which is working fine so far. I want there to be two users. One is the admin, which is me. One is the editor, which would be the customer. I don’t want the customer to be able to add or delete pages. But I want them to be able to edit pages. I set the permissions accordingly in the backend with the follwing result.
When I log in with the editor account, I can see all the editing abilites. But when I doubleclick on a text block, the editor opens but says that I don’t have permission to edit. I orignially installed this instance with advanced permission settings and later on I turned that off in the settings file. All the pages were created by the admin account.
Any suggestions are welcome.

Hi Spiff,

I posted your question in our #support channel on Slack. Carla was so kind and answered it. Here is her answer:

to grant a user access to change, add and view pages in a (test) website, the user needs to be a “Staff”-member also in order to access the toolbar.
Create an user group with the desired privileges for editing/changes pages. Or enable all and then selectively delete them until you have the desired results.
Add the user to the new user group.
For further reading about Permissions see http://docs.django-cms.org/en/latest/topics/permissions.html#use-permissions-on-groups

Hi Spiff, I believe there’s a bug in the latest django-cms version that makes the permissions unreliable, here you can find few details - https://github.com/django-cms/django-cms/issues/6801

Hence I’m not sure whether the documentation would provide a solid solution.

There are few other things you can try of course, eg as listening to the django signals or overriding the default page management url endpoints.

Hey Victor, the bug you posted pretty much describes my problem. Without superuser status, none of the other permissions seem to matter. I think for now I can resolve this by instructing editors to leave alone the settings that they are not supposed to mess with.

FYI one of the reasons why this issue wasn’t addressed right away is that we’re investing a lot of resources into Django CMS 4.0 at the moment, which brings enterprise-ready versioning and customizable page reviewing workflows. If you want to find out more about it you can check out the workgroup technical brief - https://hackmd.io/@django-cms/workgroup-djangocms4

1 Like