From 28d69fc030eac29889b81ec919ff2bda1db55f15 Mon Sep 17 00:00:00 2001
From: Tim Heap <tim@timheap.me>
Date: Tue, 11 Oct 2016 15:39:55 +1100
Subject: [PATCH] Do not show summary items if user has no permissions

---
 wagtail/wagtailadmin/site_summary.py   | 13 ++++++++++++-
 wagtail/wagtaildocs/wagtail_hooks.py   |  5 +++++
 wagtail/wagtailimages/wagtail_hooks.py |  5 +++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/wagtail/wagtailadmin/site_summary.py b/wagtail/wagtailadmin/site_summary.py
index de71a9166..33502433d 100644
--- a/wagtail/wagtailadmin/site_summary.py
+++ b/wagtail/wagtailadmin/site_summary.py
@@ -2,6 +2,7 @@ from __future__ import absolute_import, unicode_literals
 
 from django.template.loader import render_to_string
 
+from wagtail.wagtailadmin.utils import user_has_any_page_permission
 from wagtail.wagtailcore import hooks
 from wagtail.wagtailcore.models import Page, Site
 
@@ -18,6 +19,9 @@ class SummaryItem(object):
     def render(self):
         return render_to_string(self.template, self.get_context(), request=self.request)
 
+    def is_shown(self):
+        return True
+
 
 class PagesSummaryItem(SummaryItem):
     order = 100
@@ -40,6 +44,9 @@ class PagesSummaryItem(SummaryItem):
             'total_pages': Page.objects.count() - 1,  # subtract 1 because the root node is not a real page
         }
 
+    def is_shown(self):
+        return user_has_any_page_permission(self.request.user)
+
 
 @hooks.register('construct_homepage_summary_items')
 def add_pages_summary_item(request, items):
@@ -57,6 +64,10 @@ class SiteSummaryPanel(object):
             fn(request, self.summary_items)
 
     def render(self):
+        summary_items = [s for s in self.summary_items if s.is_shown()]
+        if not summary_items:
+            return ''
+
         return render_to_string('wagtailadmin/home/site_summary.html', {
-            'summary_items': sorted(self.summary_items, key=lambda p: p.order),
+            'summary_items': sorted(summary_items, key=lambda p: p.order),
         }, request=self.request)
diff --git a/wagtail/wagtaildocs/wagtail_hooks.py b/wagtail/wagtaildocs/wagtail_hooks.py
index 782658b43..b54d24c64 100644
--- a/wagtail/wagtaildocs/wagtail_hooks.py
+++ b/wagtail/wagtaildocs/wagtail_hooks.py
@@ -84,6 +84,11 @@ class DocumentsSummaryItem(SummaryItem):
             'total_docs': get_document_model().objects.count(),
         }
 
+    def is_shown(self):
+        return permission_policy.user_has_any_permission(
+            self.request.user, ['add', 'change', 'delete']
+        )
+
 
 @hooks.register('construct_homepage_summary_items')
 def add_documents_summary_item(request, items):
diff --git a/wagtail/wagtailimages/wagtail_hooks.py b/wagtail/wagtailimages/wagtail_hooks.py
index f9c326e20..dc64a62cc 100644
--- a/wagtail/wagtailimages/wagtail_hooks.py
+++ b/wagtail/wagtailimages/wagtail_hooks.py
@@ -94,6 +94,11 @@ class ImagesSummaryItem(SummaryItem):
             'total_images': get_image_model().objects.count(),
         }
 
+    def is_shown(self):
+        return permission_policy.user_has_any_permission(
+            self.request.user, ['add', 'change', 'delete']
+        )
+
 
 @hooks.register('construct_homepage_summary_items')
 def add_images_summary_item(request, items):