Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Commit 221f92c broke Wagtails ViewRestrictions for Collections #671

Open
viaregio opened this issue Jan 16, 2025 · 1 comment
Open

Commit 221f92c broke Wagtails ViewRestrictions for Collections #671

viaregio opened this issue Jan 16, 2025 · 1 comment
Labels
Type: Bug Something isn't working

Comments

@viaregio
Copy link

Describe the bug

In Commit 221f92c a hook is created that bypasses the permission checks for documents in Wagtail.

Steps to reproduce

Steps to reproduce the behavior:

  1. Create a Collection in Wagtail which is not Public
  2. Create a Document in this Collection

Expected behavior

The document shouldn't be accessible for an anonymous user.

Additional context

The serve view from wagtail returns the result of the first hook that returns a HttpResponse.

An easy fix would be to register serve_document_directly with an order greater than 0.
@viaregio viaregio added the Type: Bug Something isn't working label Jan 16, 2025
@vsalvino
Copy link
Contributor

Thanks for reporting this.

I'm wondering if our hook is even still needed, since it was made for such an old version of wagtail long ago?

I'd prefer to remove it if possible. Or, if you have an idea for a fix, feel free to create a pull request and I will help merge it in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@viaregio @vsalvino