(permissions_overview)=
Wagtail adapts and extends the Django permission system to cater to the needs of website content creation, such as moderation workflows, and multiple teams working on different areas of a site (or multiple sites within the same Wagtail installation). Permissions can be configured through the 'Groups' area of the Wagtail admin interface, under 'Settings'.
Whilst Wagtail supports a number of user roles and permissions, the Wagtail Admin should still be restricted to trusted users.
Permissions can be attached at any point in the page tree, and propagate down the tree. For example, if a site had the page tree:
MegaCorp/
About us
Offices/
UK
France
Germany
then a group with 'edit' permissions on the 'Offices' page would automatically receive the ability to edit the 'UK', 'France', and 'Germany' pages. Permissions can be set globally for the entire tree by assigning them on the 'root' page - since all pages must exist underneath the root node, and the root cannot be deleted, this permission will cover all pages that exist now and in the future.
Whenever a user creates a page through the Wagtail admin, that user is designated as the owner of that page. Any user with 'add' permission has the ability to edit pages they own, as well as add new ones. This is in recognition of the fact that creating pages is typically an iterative process involving creating a number of draft versions - giving a user the ability to create a draft but not letting them subsequently edit it would not be very useful. The ability to edit a page also implies the ability to delete it; unlike Django's standard permission model, there is no distinct 'delete' permission.
The full set of available permission types is as follows:
Drafts can be viewed only if the user has either Edit or Publish permission.
(image_document_permissions)=
The permission rules for images and documents work on a similar basis to pages. Images and documents are considered to be 'owned' by the user who uploaded them; a user with 'add' permission also has the ability to edit items they own; and deletion is considered equivalent to editing rather than having a specific permission type.
Access to specific sets of images and documents can be controlled by setting up collections. By default, all images and documents belong to the 'root' collection, but users with appropriate permissions can create new collections in the Settings -> Collections area of the admin interface. Permissions set on 'root' apply to all collections, so a user with 'edit' permission for images in the root collection can edit all images; permissions set on other collections only apply to that collection and any of its sub-collections.
The 'choose' permission for images and documents determines which collections are visible within the chooser interface used to select images and document links for insertion into pages (and other models, such as snippets). Typically, all users are granted choose permission for all collections, allowing them to use any uploaded image or document on pages they create, but this permission can be limited to allow creating collections that are only visible to specific groups.
(collection_management_permissions)=
Permission for managing collections themselves can be attached at any point in the collection tree. The available collection management permissions are as follows:
Delete - grants the ability to delete collections that were added below this collection. Note: A collection must have no subcollections under it and the collection itself must be empty before it can be deleted.
Users are not allowed to move or delete the collection that is used to assign them permission to manage collections.
See Django's documentation on custom permissions for details on how to set permissions up.
Permissions for models registered with Wagtail will automatically show up in the Wagtail admin Group edit form. For other models, you can also add the permissions using the register_permissions
hook (see [](register_permissions)).
To add a custom permission to be used in the Wagtail admin without relating to a specific model, you can create it using the content type of the wagtail.admin.models.Admin
model. For example:
from django.contrib.auth.models import Permission
from django.contrib.contenttypes.models import ContentType
from wagtail.admin.models import Admin
content_type = ContentType.objects.get_for_model(Admin)
permission = Permission.objects.create(
content_type=content_type,
codename="can_do_something",
name="Can do something",
)
After registering the permission using the register_permissions
hook, it will be displayed in the Wagtail admin Group edit form under the 'Other permissions' section, alongside the 'Can access Wagtail admin' permission.
FieldPanel
and PanelGroup
permissionsPermissions can be used to restrict access to fields within the editor interface. See permission
on FieldPanel.
Permissions can be used to restrict groups of panels via the permission
keyword argument on PanelGroup
classes (TabbedInterface
, ObjectList
, FieldRowPanel
, MultiFieldPanel
). See how PanelGroup
usage can be customized [](forms_panels_overview).