granular and multi-layered. Permission modes Permissions operate in two different modes, depending on the CMS_PERMISSION setting. Simple permissions mode (CMS_PERMISSION = False): only the standard Django Django Users and Groups permissions will apply. This is the default. Page permissions mode (CMS_PERMISSION = True): as well as standard Django permissions, django CMS provides row-level permissions on pages users. Permissions in Page permissions mode In Page permissions mode, you also need to give users permission to the right pages and sub-sites. Global and per-page permissions This can be done in two ways

granular and multi-layered. Permission modes Permissions operate in two different modes, depending on the CMS_PERMISSION setting. • Simple permissions mode (CMS_PERMISSION = False): only the standard Django Users and Groups permis- sions will apply. This is the default. • Page permissions mode (CMS_PERMISSION = True): as well as standard Django permissions, django CMS provides row-level permissions on pages users. Permissions in Page permissions mode In Page permissions mode, you also need to give users permission to the right pages and sub-sites. 48 Chapter 5. Software version requirements and release notes

granular and multi-layered. Permission modes Permissions operate in two different modes, depending on the CMS_PERMISSION setting. • Simple permissions mode (CMS_PERMISSION = False): only the standard Django Users and Groups permis- sions will apply. This is the default. • Page permissions mode (CMS_PERMISSION = True): as well as standard Django permissions, django CMS provides row-level permissions on pages users. Permissions in Page permissions mode In Page permissions mode, you also need to give users permission to the right pages and sub-sites. 48 Chapter 5. Software version requirements and release notes

" % pk) if not placeholder.has_change_permission(request): return HttpResponseBadRequest("You do not have enough permission to alias this placeholder.") clipboard = sampleapp.urls"] permissions = False If you still want some of your views to use the CMS’s permission checks you can enable them via a decorator, cms.utils.decorators.cms_perms Here is a simple example: decorators import cms_perms @cms_perms def my_view(request, **kw): ... If you have your own permission checks in your application, then use exclude_permissions property of the apphook: class SampleApp(CMSApp):

" % pk) if not placeholder.has_change_permission(request): return HttpResponseBadRequest("You do not have enough permission to alias this placeholder.") clipboard = sampleapp.urls"] permissions = False If you still want some of your views to use the CMS’s permission checks you can enable them via a decorator, cms.utils.decorators.cms_perms Here is a simple example: decorators import cms_perms @cms_perms def my_view(request, **kw): ... If you have your own permission checks in your application, then use exclude_permissions property of the apphook: class SampleApp(CMSApp):

add or change permission on related Model or instance. • to change: require add or change permission on related Model or instance. • to delete: require add or change or delete permission on related Model usually added through the default Django auth application and its admin interface. Object- level permission can be handled by writing a custom authentication backend as described in django docs For example id %s not found." % ˓→pk) if not placeholder.has_change_permission(request): return HttpResponseBadRequest("You do not have enough permission to ˓→alias this placeholder.") clipboard = request.toolbar

granular and multi-layered. Permission modes Permissions operate in two different modes, depending on the CMS_PERMISSION setting. Simple permissions mode (CMS_PERMISSION = False): only the standard Django Django Users and Groups permissions will apply. This is the default. Page permissions mode (CMS_PERMISSION = True): as well as standard Django permissions, django CMS provides row-level permissions on pages users. Permissions in Page permissions mode In Page permissions mode, you also need to give users permission to the right pages and sub-sites. Global and per-page permissions This can be done in two ways

mixin PlaceholderAdminMixin along with the ModelAdmin. Note: Using this mixin is mandatory for permission check to work properly. Note that the PlaceholderAdminMixin must precede the ModelAdmin in the add or change permission on related Model or instance. • to change: require add or change permission on related Model or instance. • to delete: require add or change or delete permission on related Model usually added through the default Django auth application and its admin interface. Object-level permission can be handled by writing a custom authentication backend as described in django docs For example

require add or change permission on related Model or instance. to change: require add or change permission on related Model or instance. to delete: require add or change or delete permission on related Model usually added through the default Django auth application and its admin interface. Object-level permission can be handled by writing a custom authentication backend as described in django docs [https://docs if not placeholder.has_change_permission(request): return HttpResponseBadRequest( "You do not have enough permission to alias this placeholder."

require add or change permission on related Model or instance. to change: require add or change permission on related Model or instance. to delete: require add or change or delete permission on related Model usually added through the default Django auth application and its admin interface. Object-level permission can be handled by writing a custom authentication backend as described in django docs [https://docs if not placeholder.has_change_permission(request): return HttpResponseBadRequest( "You do not have enough permission to alias this placeholder."