🐛(backend) allow creator to delete subpages

An editor who created a subpages should be allowed to delete it. We change the abilities to be coherent between the creation and the deletion. Fixes #1193
2025-08-22 14:57:02 +02:00
parent eec419bdba
commit 2e04b63d2d
5 changed files with 115 additions and 10 deletions
--- a/src/backend/core/models.py
+++ b/src/backend/core/models.py
@@ -753,6 +753,12 @@ class Document(MP_Node, BaseModel):
        can_update = (
            is_owner_or_admin or role == RoleChoices.EDITOR
        ) and not is_deleted
+        can_create_children = can_update and user.is_authenticated
+        can_destroy = (
+            is_owner
+            if self.is_root()
+            else (is_owner_or_admin or (user.is_authenticated and self.creator == user))
+        )

        ai_allow_reach_from = settings.AI_ALLOW_REACH_FROM
        ai_access = any(
@@ -775,11 +781,11 @@ class Document(MP_Node, BaseModel):
            "media_check": can_get,
            "can_edit": can_update,
            "children_list": can_get,
-            "children_create": can_update and user.is_authenticated,
+            "children_create": can_create_children,
            "collaboration_auth": can_get,
            "cors_proxy": can_get,
            "descendants": can_get,
-            "destroy": is_owner,
+            "destroy": can_destroy,
            "duplicate": can_get and user.is_authenticated,
            "favorite": can_get and user.is_authenticated,
            "link_configuration": is_owner_or_admin,