Skip to content

fix(perm): do not let normal CMS editors edit static placeholders#1187

Merged
wesleyboar merged 1 commit into
mainfrom
fix/revoke-static-placeholder-perm
Jun 18, 2026
Merged

fix(perm): do not let normal CMS editors edit static placeholders#1187
wesleyboar merged 1 commit into
mainfrom
fix/revoke-static-placeholder-perm

Conversation

@wesleyboar

@wesleyboar wesleyboar commented Jun 18, 2026

Copy link
Copy Markdown
Member

Overview

Content editor groups should not be able to change sitewide static placeholders (footer, future header slots). This removes that permission when group setup runs, so existing sites drop it on the next deploy that runs the helper.

Related

Changes

  • added del_perm helper (mirror of add_perm)
  • updated let_view_page_and_structure to revoke Can change static placeholder instead of granting it

Testing

  1. On a dev DB, grant a content group Can change static placeholder (or use a site that still has it).
  2. Run the management command path that calls let_view_page_and_structure for that group (same as existing group setup).
  3. Confirm the group no longer has Can change static placeholder in Django admin.
  4. Confirm superusers can still edit static placeholders.

UI

No UI change.

Notes

Includes a TODO to delete the revoke block after all sites have deployed once. Open question in code: whether “Sitewide Content Manager” should retain this permission.

@wesleyboar
fix(perm): revoke static placeholder change permission from content g…
a80704e 
…roups

Sitewide static placeholders should be superuser-only; remove the perm when
group setup runs so legacy sites drop it on deploy.

Relates-to #1171
@qodo-code-review

qodo-code-review Bot commented Jun 18, 2026

Copy link
Copy Markdown

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

@wesleyboar wesleyboar changed the title fix(perm): revoke static placeholder change permission from content groups fix(perm): do not let normal CMS editors edit static placeholders Jun 18, 2026
@wesleyboar wesleyboar merged commit 477cc14 into main Jun 18, 2026
@wesleyboar wesleyboar deleted the fix/revoke-static-placeholder-perm branch June 18, 2026 23:37
@wesleyboar wesleyboar mentioned this pull request Jun 18, 2026
Merged
wesleyboar added a commit that referenced this pull request Jun 19, 2026
@wesleyboar
refactor(gh-999): simplify header logo rendering (#1189)
d8d6114 
## Overview

Stacks on #1083. Drops the extra ContentRenderer path and duplicate
settings template; `header.html` owns the static placeholder,
`header_logo.html` stays settings markup as on `main`.

## Related

- requires #1083
- footer Structure label: #1188 (merged to `main`)
- static-placeholder perm: #1187 (merged to `main`)

## Changes

- **deleted** `render.py`, `constants.py`, `header_tags`, and
`header_logo_via_settings.html`
- **updated** `header.html`: `{% static_placeholder "header-logo" or %}`
→ `header_logo.html`
- **updated** `CMS_PLACEHOLDER_CONF` for `header-logo` (keeps
`footer-content` with #1188)
- **updated** `docs/gh-999-editable-header-plan.md` (minimal deltas)

## Testing

Same as #1083 steps 1–4 after this branch is merged into
`feat/GH-999-let-cms-admin-edit-header`.

## UI

No new UI; structure only.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wesleyboar