cnk/site_creator.py

## site_creator.py
## within our "create_site" method, we make an admin and editor group for each site.
## This method has already created a collecton named for the site

        admins = Group.objects.create(name=f'{site.hostname} Admins')
        apply_default_permissions(admins, site, 'admin')
        admins.save()

        editors = Group.objects.create(name=f'{site.hostname} Editors')
        apply_default_permissions(editors, site, 'editor')
        editors.save()

### permission setting is here

def apply_default_permissions(group, site, group_type):
    """
    Applies the default permissions to the given Group.
    group_type can be 'admin', 'editor', 'moderator', or 'contributor'.
    """
    assert group_type in ('admin', 'editor', 'moderator', 'contributor')

    # Allow all groups to access the Wagtail Admin.
    wagtail_admin_permission = Permission.objects.get(codename='access_admin')
    group.permissions.add(wagtail_admin_permission)

    # Gives Admins, Editors, and Moderators full permissions for pages on this Site EXCEPT Bulk Delete. This prevents
    # anyone from accidentally erasing the entire site by deleting the homepage.
    if group_type in ('admin', 'editor', 'moderator'):
        for perm_type, short_label, long_label in PAGE_PERMISSION_TYPES:
            if perm_type != 'bulk_delete':
                GroupPagePermission.objects.get_or_create(group=group, page=site.root_page, permission_type=perm_type)

    # Allow Contributors to only Add and Edit pages.
    if group_type == 'contributor':
        for perm_type, short_label, long_label in PAGE_PERMISSION_TYPES:
            if perm_type in ('add', 'edit'):
                GroupPagePermission.objects.get_or_create(group=group, page=site.root_page, permission_type=perm_type)

    # Delete permission isn't needed because users with Edit perm can delete Images and Docs.
    add_img_perm = Permission.objects.get(content_type__app_label='wagtailimages', codename='add_image')
    change_img_perm = Permission.objects.get(content_type__app_label='wagtailimages', codename='change_image')
    choose_img_perm = Permission.objects.get(content_type__app_label='wagtailimages', codename='choose_image')
    add_doc_perm = Permission.objects.get(content_type__app_label='wagtaildocs', codename='add_document')
    change_doc_perm = Permission.objects.get(content_type__app_label='wagtaildocs', codename='change_document')
    choose_doc_perm = Permission.objects.get(content_type__app_label='wagtaildocs', codename='choose_document')

    # Give all groups full permissions on the Site's Image and Document Collections.
    collection = Collection.objects.get(name=site.hostname)
    if group_type in ('admin', 'editor', 'moderator', 'contributor'):
        GroupCollectionPermission.objects.get_or_create(group=group, collection=collection, permission=add_img_perm)
        GroupCollectionPermission.objects.get_or_create(group=group, collection=collection, permission=change_img_perm)
        GroupCollectionPermission.objects.get_or_create(group=group, collection=collection, permission=choose_img_perm)
        GroupCollectionPermission.objects.get_or_create(group=group, collection=collection, permission=add_doc_perm)
        GroupCollectionPermission.objects.get_or_create(group=group, collection=collection, permission=change_doc_perm)
        GroupCollectionPermission.objects.get_or_create(group=group, collection=collection, permission=choose_doc_perm)

    # Give site admins permission to manage collections under their site's root collection
    if group_type == 'admin':
        for codename in ['add_collection', 'change_collection', 'delete_collection']:
            perm = Permission.objects.get(content_type__app_label='wagtailcore', codename=codename)
            GroupCollectionPermission.objects.get_or_create(group=group, collection=collection, permission=perm)

    # Execute all registered site_creator_default_permissions hooks. This allows apps that create their own
    # permissions to specify how said permissions should be configured by default on new Sites.
    # All implementations of site_creator_default_permissions must accept these positional parameters:
    # group: a django Group object
    # site: a Wagtail Site object
    # group_type: the string 'admin' or 'editor'.
    for func in hooks.get_hooks('site_creator_default_permissions'):
        func(group, site, group_type)
	## within our "create_site" method, we make an admin and editor group for each site.
	## This method has already created a collecton named for the site

	admins = Group.objects.create(name=f'{site.hostname} Admins')
	apply_default_permissions(admins, site, 'admin')
	admins.save()

	editors = Group.objects.create(name=f'{site.hostname} Editors')
	apply_default_permissions(editors, site, 'editor')
	editors.save()

	### permission setting is here

	def apply_default_permissions(group, site, group_type):
	"""
	Applies the default permissions to the given Group.
	group_type can be 'admin', 'editor', 'moderator', or 'contributor'.
	"""
	assert group_type in ('admin', 'editor', 'moderator', 'contributor')

	# Allow all groups to access the Wagtail Admin.
	wagtail_admin_permission = Permission.objects.get(codename='access_admin')
	group.permissions.add(wagtail_admin_permission)

	# Gives Admins, Editors, and Moderators full permissions for pages on this Site EXCEPT Bulk Delete. This prevents
	# anyone from accidentally erasing the entire site by deleting the homepage.
	if group_type in ('admin', 'editor', 'moderator'):
	for perm_type, short_label, long_label in PAGE_PERMISSION_TYPES:
	if perm_type != 'bulk_delete':
	GroupPagePermission.objects.get_or_create(group=group, page=site.root_page, permission_type=perm_type)

	# Allow Contributors to only Add and Edit pages.
	if group_type == 'contributor':
	for perm_type, short_label, long_label in PAGE_PERMISSION_TYPES:
	if perm_type in ('add', 'edit'):
	GroupPagePermission.objects.get_or_create(group=group, page=site.root_page, permission_type=perm_type)

	# Delete permission isn't needed because users with Edit perm can delete Images and Docs.
	add_img_perm = Permission.objects.get(content_type__app_label='wagtailimages', codename='add_image')
	change_img_perm = Permission.objects.get(content_type__app_label='wagtailimages', codename='change_image')
	choose_img_perm = Permission.objects.get(content_type__app_label='wagtailimages', codename='choose_image')
	add_doc_perm = Permission.objects.get(content_type__app_label='wagtaildocs', codename='add_document')
	change_doc_perm = Permission.objects.get(content_type__app_label='wagtaildocs', codename='change_document')
	choose_doc_perm = Permission.objects.get(content_type__app_label='wagtaildocs', codename='choose_document')

	# Give all groups full permissions on the Site's Image and Document Collections.
	collection = Collection.objects.get(name=site.hostname)
	if group_type in ('admin', 'editor', 'moderator', 'contributor'):
	GroupCollectionPermission.objects.get_or_create(group=group, collection=collection, permission=add_img_perm)
	GroupCollectionPermission.objects.get_or_create(group=group, collection=collection, permission=change_img_perm)
	GroupCollectionPermission.objects.get_or_create(group=group, collection=collection, permission=choose_img_perm)
	GroupCollectionPermission.objects.get_or_create(group=group, collection=collection, permission=add_doc_perm)
	GroupCollectionPermission.objects.get_or_create(group=group, collection=collection, permission=change_doc_perm)
	GroupCollectionPermission.objects.get_or_create(group=group, collection=collection, permission=choose_doc_perm)

	# Give site admins permission to manage collections under their site's root collection
	if group_type == 'admin':
	for codename in ['add_collection', 'change_collection', 'delete_collection']:
	perm = Permission.objects.get(content_type__app_label='wagtailcore', codename=codename)
	GroupCollectionPermission.objects.get_or_create(group=group, collection=collection, permission=perm)

	# Execute all registered site_creator_default_permissions hooks. This allows apps that create their own
	# permissions to specify how said permissions should be configured by default on new Sites.
	# All implementations of site_creator_default_permissions must accept these positional parameters:
	# group: a django Group object
	# site: a Wagtail Site object
	# group_type: the string 'admin' or 'editor'.
	for func in hooks.get_hooks('site_creator_default_permissions'):
	func(group, site, group_type)