Skip to main content

Publisher workflow for django models and Django CMS pages.

Project description

Publisher workflow for django models and Django CMS pages.

This is a fork of andersinno/django-model-publisher-ai which is a fork of the origin jp74/django-model-publisher.

Build Status on travis-ci.org

travis-ci.org/wearehoods/django-ya-model-publisher

Coverage Status on codecov.io

codecov.io/gh/wearehoods/django-ya-model-publisher

Coverage Status on coveralls.io

coveralls.io/r/wearehoods/django-ya-model-publisher

Features

  • Django CMS page support.

  • Add request/reject buttons in Django CMS toolbar.

  • Django CMS placeholders support.

  • Hvad/Parler support.

  • Restrict user access to publish functions with user permissions.

base info

We have these three user types:

  • A user with only a few rights (we call it ‘reporter’)

  • A user with more rights (We call it ‘editor’)

  • The superuser with all rights

The user case is following:

  • ‘reporter’:

    • can only change draft content

    • can’t change public content

    • can’t delete publisher model entries or CMS pages.

    • can send a (un-)publish request to the ‘editor’ with a text node.

  • ‘editor’:

    • can response open publishing request from ‘reporter’.

    • can change drafts and public content, but only if there is no pending request.

    • can delete publisher model entries or CMS pages.

    • can’t delete/manipulate publisher state model entries.

permissions

Permissions for ‘reporter’ who can only create (un-)publish requests:

...
[ ] cms.publish_page
...
[*] cms.add_page
[*] cms.change_page
[ ] cms.delete_page
...
[ ] publisher.add_publisherstatemodel
[*] publisher.change_publisherstatemodel
[ ] publisher.delete_publisherstatemodel
...
[ ] <app_name>.can_publish_<model_name>
...
[*] <app_name>.add_<model_name>
[*] <app_name>.change_<model_name>
[ ] <app_name>.delete_<model_name>
...

Permissions for ‘editor’ who can accept/reject (un-)publish requests:

...
[*] cms.publish_page
...
[*] cms.add_page
[*] cms.change_page
[*] cms.delete_page
...
[ ] publisher.add_publisherstatemodel
[*] publisher.change_publisherstatemodel
[ ] publisher.delete_publisherstatemodel
...
[*] <app_name>.can_publish_<model_name>
...
[*] <app_name>.add_<model_name>
[*] <app_name>.change_<model_name>
[*] <app_name>.delete_<model_name>
...

Important: To prevent a privilege escalation, both users must not have access to these models:

  • django.contrib.auth.models.Permission

  • django.contrib.auth.models.Group

  • cms.models.PagePermission

Test users:

See user permission tests in:

Primary key type compatibility

The publisher.models.PublisherStateModel used a PositiveIntegerField for the GenericForeignKey so it can only be used for models with a integer primary keys! See also: https://docs.djangoproject.com/en/1.11/ref/contrib/contenttypes/#django.contrib.contenttypes.fields.GenericForeignKey

Django compatibility

django-ya-model-publisher

django version

python

>=v0.5.x

1.8, 1.9, 1.10, 1.11

3.5, 3.6

v0.4.x

1.8, 1.9, 1.10, 1.11

2.7, 3.4, 3.5, 3.6

Note: See travis/tox config files for current test matrix

run tests

run tests via py.test with current python/environment:

$ make test
or
$ ./setup.py test
or
$ python tests/manage.py test myapp

run test via tox e.g.:

$ make tox
or
$ ./setup.py tox
or
$ tox

run test project

You can run the test environment by:

$ ./run_test_project_dev_server.sh

or:

$ ./publisher_test_project/manage.py run_test_project_dev_server

The following steps will be executed:

  • Create django users if not exists:

    • A django ‘superuser’

    • The user editor: He can accept/reject un-/publish requests

    • The user reporter: He can create un-/publish requests

    • note: Both users will used the same password as the ‘superuser’ !

  • run migration

  • insert test fixtures (Create Django CMS pages)

  • collect static files

  • run the django development server on localhost

You can pass arguments to the helper script, e.g.:

$ ./run_test_project_dev_server.sh --help
...
usage: manage.py run_test_project_dev_server [-h] [--version] [-v {0,1,2,3}]
                                             [--settings SETTINGS]
                                             [--pythonpath PYTHONPATH]
                                             [--traceback] [--no-color]
                                             [--ipv6] [--nothreading]
                                             [--noreload] [--nostatic]
                                             [--insecure]
                                             [addrport]
...

To ‘reset’ the test fixtures, run this:

$ ./publisher_test_project/manage.py create_test_data --fresh

For a complete fresh database, just remove the sqlite file, e.g.:

$ rm publisher_test_project/publisher_test_database.sqlite3

Backwards-incompatible changes

v0.6.0

The permission names changed! Please update your django user permissions, too.

These permissions are removed:

  • direct_publisher

  • ask_publisher_request

  • reply_publisher_request

Please read the information above.

history

  • dev compare v0.6.5…master

  • v0.6.5 - 30.01.2018 - compare v0.6.4…v0.6.5

    • Bugfix: Missing “Request publishing” toobar link on new created pages

    • Add username list on test pages

  • v0.6.4 - 29.01.2018 - compare v0.6.3…v0.6.4

    • Hide PublisherStateModel admin actions for all non-superusers

  • v0.6.3 - 26.01.2018 - compare v0.6.2…v0.6.3

    • Security Fix: User without ‘can_publish’ permission can accept/reject requests.

    • Hide ‘change’ PublisherStateModel admin view for all non-superusers

    • Disable ‘add’ PublisherStateModel admin view for all users

  • v0.6.2 - 02.01.2018 - compare v0.6.1…v0.6.2

    • Handle publishes states with deletes instance: Add a admin view to close the request.

    • Bugfix: deny editing pending request objects

    • Create messages after (un-)/publish request created.

  • v0.6.1 - 28.12.2017 - compare v0.6.0…v0.6.1

    • remove own “unique_together”: Add "publisher_is_draft" to your own “unique_together” tuple

    • remove out dated manage command “update_permissions” (can be found in django-tools)

  • v0.6.0 - 27.12.2017 - compare v0.5.1…v0.6.0

    • refactor permissions and publisher workflow

    • NEW: publisher.views.PublisherCmsViewMixin

    • NEW: publisher.admin.VisibilityMixin

    • bugfix django v1.11 compatibility

    • Expand tests with publisher_test_project.publisher_list_app

  • v0.5.1 - 20.12.2017 - compare v0.5.0…v0.5.1

    • fix python package (add missing parts)

    • change travis/tox/pytest configuration

    • minor code update

  • v0.5.0 - 19.12.2017 - compare v0.4.1…v0.5.0

    • Skip official support for python v2.7 and v3.4 (remove from text matrix)

    • Implement “request/reject/accept publishing” workflow with a shot messages and logging

    • Add “request/reject/accept publishing” buttons to Django CMS toolbar for cms pages.

  • v0.4.1 - 14.11.2017 - compare v0.4.0.dev1…v0.4.1

    • Refactor test run setup

    • bugfix project name

  • v0.4.0.dev1 - 14.11.2017 - compare v0.3.1…v0.4.0.dev1

donation

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-ya-model-publisher-0.6.5.tar.gz (67.9 kB view details)

Uploaded Source

Built Distributions

django_ya_model_publisher-0.6.5-py3.6.egg (83.0 kB view details)

Uploaded Source

django_ya_model_publisher-0.6.5-py2.py3-none-any.whl (90.5 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file django-ya-model-publisher-0.6.5.tar.gz.

File metadata

File hashes

Hashes for django-ya-model-publisher-0.6.5.tar.gz
Algorithm Hash digest
SHA256 d80637f431628f453a0d48b7f1295193eb83cadd28e87443625686205b38a9d8
MD5 605de6408887b07357807f53a61da066
BLAKE2b-256 52648a89864078b4ef7dccc40773c9fe2a721ccf51cd3bfad92aa535e6827756

See more details on using hashes here.

File details

Details for the file django_ya_model_publisher-0.6.5-py3.6.egg.

File metadata

File hashes

Hashes for django_ya_model_publisher-0.6.5-py3.6.egg
Algorithm Hash digest
SHA256 2de27dc2369aaf9974d26788c5cbde388303158412a7cfc55f4525aa1b776b42
MD5 97145c7cc320042100045501825748da
BLAKE2b-256 e9abebe7dfe5d56213144e9800208b39f41d9ce0a62b8dc5f2a7195ad8de09e6

See more details on using hashes here.

File details

Details for the file django_ya_model_publisher-0.6.5-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for django_ya_model_publisher-0.6.5-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 55c5a394c60fba3733bdb9e913fca255174591668e2bd1fdcb61d8b62f78eccc
MD5 0457b08f758da0edd999e39c7378631f
BLAKE2b-256 b9a4358eab315b1af3b05adcaab104f075dcebf4c495b7b6a1a19cc57c236f4d

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page