7676 get_language_tuple ,
7777 get_site_language_from_request ,
7878)
79+ from cms .utils .permissions import clear_permission_lru_caches
7980from cms .utils .plugins import copy_plugins_to_placeholder
8081from cms .utils .urlutils import admin_reverse
8182
@@ -97,7 +98,6 @@ def get_site(request):
9798
9899@admin .register (Page )
99100class PageAdmin (admin .ModelAdmin ):
100- change_list_template = "admin/cms/page/tree/base.html"
101101 actions_menu_template = 'admin/cms/page/tree/actions_dropdown.html'
102102
103103 form = AdvancedSettingsForm
@@ -113,10 +113,13 @@ def has_change_permission(self, request, obj=None):
113113 Return true if the current user has permission on the page.
114114 Return the string 'All' if the user has all rights.
115115 """
116- if obj is None :
117- return
118-
119116 site = get_site (request )
117+ if obj is None :
118+ # Checks if user can change at least one page
119+ return page_permissions .user_can_change_at_least_one_page (
120+ user = request .user ,
121+ site = site ,
122+ )
120123 return page_permissions .user_can_change_page (request .user , page = obj , site = site )
121124
122125 def has_change_advanced_settings_permission (self , request , obj = None ):
@@ -334,105 +337,22 @@ def get_list(self, *args, **kwargs):
334337 return HttpResponseForbidden ()
335338
336339 def changelist_view (self , request , extra_context = None ):
337- can_change_any_page = page_permissions .user_can_change_at_least_one_page (
338- user = request .user ,
339- site = get_site (request ),
340- use_cache = False ,
341- )
342-
343- if not can_change_any_page :
344- raise Http404
345- return HttpResponseRedirect (admin_reverse ('cms_pagecontent_changelist' ))
346-
347- @transaction .atomic
348- def delete_view (self , request , object_id , extra_context = None ):
349- # This is an unfortunate copy/paste from django's delete view.
350- # The reason is to add the descendant pages to the deleted objects list.
351- opts = self .model ._meta
352- app_label = opts .app_label
353-
354- obj = self .get_object (request , object_id = object_id )
355-
356- if not self .has_delete_permission (request , obj ):
357- raise PermissionDenied
358-
359- if obj is None :
360- raise self ._get_404_exception (object_id )
361-
362- # Populate deleted_objects, a data structure of all related objects that
363- # will also be deleted.
364- objs = [obj ] + list (obj .get_descendant_pages ())
340+ parameter = "?" + request .GET .urlencode () if request .GET else ""
341+ return HttpResponseRedirect (admin_reverse ('cms_pagecontent_changelist' ) + parameter )
365342
366- get_deleted_objects_additional_kwargs = {'request' : request }
367- (deleted_objects , model_count , perms_needed , protected ) = get_deleted_objects (
368- objs , admin_site = self .admin_site ,
369- ** get_deleted_objects_additional_kwargs
370- )
371-
372- if request .POST and not protected : # The user has confirmed the deletion.
373- if perms_needed :
374- raise PermissionDenied
375- obj_display = force_str (obj )
376- obj_id = obj .serializable_value (opts .pk .attname )
377- self .log_deletion (request , obj , obj_display )
378- self .delete_model (request , obj )
379-
380- if IS_POPUP_VAR in request .POST :
381- popup_response_data = json .dumps ({
382- 'action' : 'delete' ,
383- 'value' : str (obj_id ),
384- })
385- return TemplateResponse (request , self .popup_response_template or [
386- f'admin/{ opts .app_label } { opts .model_name } ,
387- 'admin/%s/popup_response.html' % opts .app_label ,
388- 'admin/popup_response.html' ,
389- ], {'popup_response_data' : popup_response_data })
390-
391- self .message_user (
392- request ,
393- _ ('The %(name)s "%(obj)s" was deleted successfully.' ) % {
394- 'name' : force_str (opts .verbose_name ),
395- 'obj' : force_str (obj_display ),
396- },
397- messages .SUCCESS ,
398- )
399-
400- can_change_any_page = page_permissions .user_can_change_at_least_one_page (
401- user = request .user ,
402- site = get_site (request ),
403- use_cache = False ,
404- )
405-
406- if can_change_any_page :
407- query = self .get_preserved_filters (request )
408- post_url = admin_reverse ('cms_pagecontent_changelist' ) + '?' + query
409- else :
410- post_url = admin_reverse ('index' )
411- return HttpResponseRedirect (post_url )
412-
413- object_name = force_str (opts .verbose_name )
343+ def response_delete (self , request , obj_display , obj_id ):
344+ """
345+ Determine the HttpResponse for the delete_view stage. Clear the user's permission
346+ lru cache
347+ """
348+ clear_permission_lru_caches (request .user )
349+ return super ().response_delete (request , obj_display , obj_id )
414350
415- if perms_needed or protected :
416- title = _ ("Cannot delete %(name)s" ) % {"name" : object_name }
417- else :
418- title = _ ("Are you sure?" )
419-
420- context = dict (
421- self .admin_site .each_context (request ),
422- title = title ,
423- object_name = object_name ,
424- object = obj ,
425- deleted_objects = deleted_objects ,
426- model_count = dict (model_count ).items (),
427- perms_lacking = perms_needed ,
428- protected = protected ,
429- opts = opts ,
430- app_label = app_label ,
431- is_popup = (IS_POPUP_VAR in request .POST or IS_POPUP_VAR in request .GET ),
432- to_field = None ,
433- )
434- context .update (extra_context or {})
435- return self .render_delete_form (request , context )
351+ def get_deleted_objects (self , objs , request ):
352+ deleted_objs = list (objs )
353+ for obj in objs :
354+ deleted_objs .extend (obj .get_descendant_pages ())
355+ return super ().get_deleted_objects (deleted_objs , request )
436356
437357 def delete_model (self , request , obj ):
438358 operation_token = send_pre_page_operation (
@@ -1061,7 +981,6 @@ def has_change_permission(self, request, obj=None):
1061981 can_change_page = page_permissions .user_can_change_at_least_one_page (
1062982 user = request .user ,
1063983 site = site ,
1064- use_cache = False ,
1065984 )
1066985 return can_change_page
1067986
0 commit comments