From 6e32b6cf9b296edc48730fba5ae3640f47b3bef5 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Mon, 2 Jun 2014 14:18:19 +0100
Subject: [PATCH 01/33] Update Page.route API so that it returns a Page
 instance rather than an HttpResponse; catch the latter in the 'serve' view
 for backward compatibility

---
 wagtail/tests/fixtures/test.json             | 25 +++++++++++++++++++-
 wagtail/tests/models.py                      | 13 ++++++++++
 wagtail/wagtailcore/models.py                |  2 +-
 wagtail/wagtailcore/tests/test_page_model.py | 21 ++++++++++++++--
 wagtail/wagtailcore/views.py                 | 14 +++++++++--
 5 files changed, 69 insertions(+), 6 deletions(-)

diff --git a/wagtail/tests/fixtures/test.json b/wagtail/tests/fixtures/test.json
index 2d3db6e35..b769b7960 100644
--- a/wagtail/tests/fixtures/test.json
+++ b/wagtail/tests/fixtures/test.json
@@ -23,7 +23,7 @@
     "model": "wagtailcore.page",
     "fields": {
         "title": "Welcome to the Wagtail test site!",
-        "numchild": 3,
+        "numchild": 4,
         "show_in_menus": false,
         "live": true,
         "depth": 2,
@@ -257,6 +257,29 @@
     }
 },
 
+{
+    "pk": 10,
+    "model": "wagtailcore.page",
+    "fields": {
+        "title": "Old style route method",
+        "numchild": 0,
+        "show_in_menus": true,
+        "live": true,
+        "depth": 3,
+        "content_type": ["tests", "pagewitholdstyleroutemethod"],
+        "path": "000100010004",
+        "url_path": "/home/old-style-route/",
+        "slug": "old-style-route"
+    }
+},
+{
+    "pk": 10,
+    "model": "tests.pagewitholdstyleroutemethod",
+    "fields": {
+        "content": "<p>Test with old style route method</p>"
+    }
+},
+
 {
     "pk": 1,
     "model": "wagtailcore.site",
diff --git a/wagtail/tests/models.py b/wagtail/tests/models.py
index ff6dc2dcc..0c369dd34 100644
--- a/wagtail/tests/models.py
+++ b/wagtail/tests/models.py
@@ -106,6 +106,19 @@ class SimplePage(Page):
     content = models.TextField()
 
 
+class PageWithOldStyleRouteMethod(Page):
+    """
+    Prior to Wagtail 0.4, the route() method on Page returned an HttpResponse
+    rather than a Page instance. As subclasses of Page may override route,
+    we need to continue accepting this convention (albeit as a deprecated API).
+    """
+    content = models.TextField()
+    template = 'tests/simple_page.html'
+
+    def route(self, request, path_components):
+        return self.serve(request)
+
+
 # Event page
 
 class EventPageCarouselItem(Orderable, CarouselItem):
diff --git a/wagtail/wagtailcore/models.py b/wagtail/wagtailcore/models.py
index cf33bcbfb..d8edbfc72 100644
--- a/wagtail/wagtailcore/models.py
+++ b/wagtail/wagtailcore/models.py
@@ -415,7 +415,7 @@ class Page(six.with_metaclass(PageBase, MP_Node, ClusterableModel, Indexed)):
         else:
             # request is for this very page
             if self.live:
-                return self.serve(request)
+                return self
             else:
                 raise Http404
 
diff --git a/wagtail/wagtailcore/tests/test_page_model.py b/wagtail/wagtailcore/tests/test_page_model.py
index da9fc6174..0543bf32c 100644
--- a/wagtail/wagtailcore/tests/test_page_model.py
+++ b/wagtail/wagtailcore/tests/test_page_model.py
@@ -2,7 +2,7 @@ from django.test import TestCase, Client
 from django.http import HttpRequest, Http404
 
 from wagtail.wagtailcore.models import Page, Site
-from wagtail.tests.models import EventPage, EventIndex, SimplePage
+from wagtail.tests.models import EventPage, EventIndex, SimplePage, PageWithOldStyleRouteMethod
 
 
 class TestSiteRouting(TestCase):
@@ -136,8 +136,13 @@ class TestRouting(TestCase):
 
         request = HttpRequest()
         request.path = '/events/christmas/'
-        response = homepage.route(request, ['events', 'christmas'])
+        found_page = homepage.route(request, ['events', 'christmas'])
+        self.assertEqual(found_page, christmas_page)
 
+    def test_request_serving(self):
+        christmas_page = EventPage.objects.get(url_path='/home/events/christmas/')
+        request = HttpRequest()
+        response = christmas_page.serve(request)
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.context_data['self'], christmas_page)
         used_template = response.resolve_template(response.template_name)
@@ -226,6 +231,18 @@ class TestServeView(TestCase):
         self.assertContains(response, '<a href="/events/christmas/">Christmas</a>')
 
 
+    def test_old_style_routing(self):
+        """
+        Test that route() methods that return an HttpResponse are correctly handled
+        """
+        response = self.client.get('/old-style-route/')
+        expected_page = PageWithOldStyleRouteMethod.objects.get(url_path='/home/old-style-route/')
+
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.context['self'], expected_page)
+        self.assertEqual(response.templates[0].name, 'tests/simple_page.html')
+
+
 class TestStaticSitePaths(TestCase):
     def setUp(self):
         self.root_page = Page.objects.get(id=1)
diff --git a/wagtail/wagtailcore/views.py b/wagtail/wagtailcore/views.py
index 1b1f6cf43..7377cf761 100644
--- a/wagtail/wagtailcore/views.py
+++ b/wagtail/wagtailcore/views.py
@@ -1,4 +1,6 @@
-from django.http import Http404
+import warnings
+
+from django.http import HttpResponse, Http404
 
 
 def serve(request, path):
@@ -8,4 +10,12 @@ def serve(request, path):
         raise Http404
 
     path_components = [component for component in path.split('/') if component]
-    return request.site.root_page.specific.route(request, path_components)
+    page = request.site.root_page.specific.route(request, path_components)
+    if isinstance(page, HttpResponse):
+        warnings.warn(
+            "Page.route should return a Page, not an HttpResponse",
+            DeprecationWarning
+        )
+        return page
+
+    return page.serve(request)

From 9cc3614097b1ea645eabf63a45fe6e2338a641af Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Mon, 2 Jun 2014 23:00:20 +0100
Subject: [PATCH 02/33] Catch the deprecation warning for old-style routes
 during unit tests

---
 wagtail/wagtailcore/tests/test_page_model.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/wagtail/wagtailcore/tests/test_page_model.py b/wagtail/wagtailcore/tests/test_page_model.py
index 0543bf32c..34f8356f2 100644
--- a/wagtail/wagtailcore/tests/test_page_model.py
+++ b/wagtail/wagtailcore/tests/test_page_model.py
@@ -1,3 +1,5 @@
+import warnings
+
 from django.test import TestCase, Client
 from django.http import HttpRequest, Http404
 
@@ -235,9 +237,15 @@ class TestServeView(TestCase):
         """
         Test that route() methods that return an HttpResponse are correctly handled
         """
-        response = self.client.get('/old-style-route/')
-        expected_page = PageWithOldStyleRouteMethod.objects.get(url_path='/home/old-style-route/')
+        with warnings.catch_warnings(record=True) as w:
+            response = self.client.get('/old-style-route/')
 
+            # Check that a DeprecationWarning has been triggered
+            self.assertEqual(len(w), 1)
+            self.assertTrue(issubclass(w[-1].category, DeprecationWarning))
+            self.assertTrue("Page.route should return a Page" in str(w[-1].message))
+
+        expected_page = PageWithOldStyleRouteMethod.objects.get(url_path='/home/old-style-route/')
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.context['self'], expected_page)
         self.assertEqual(response.templates[0].name, 'tests/simple_page.html')

From df15ece5dcef3962b5c0b2ee914018491bf20e9a Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Mon, 2 Jun 2014 23:30:00 +0100
Subject: [PATCH 03/33] Implement before_serve_page hook

---
 wagtail/tests/wagtail_hooks.py               | 8 ++++++++
 wagtail/wagtailcore/tests/test_page_model.py | 4 ++++
 wagtail/wagtailcore/views.py                 | 7 +++++++
 3 files changed, 19 insertions(+)

diff --git a/wagtail/tests/wagtail_hooks.py b/wagtail/tests/wagtail_hooks.py
index 13e3e46d2..4ad63e881 100644
--- a/wagtail/tests/wagtail_hooks.py
+++ b/wagtail/tests/wagtail_hooks.py
@@ -1,3 +1,5 @@
+from django.http import HttpResponse
+
 from wagtail.wagtailcore import hooks
 from wagtail.wagtailcore.whitelist import attribute_rule, check_url, allow_without_attributes
 
@@ -17,3 +19,9 @@ def whitelister_element_rules():
         'a': attribute_rule({'href': check_url, 'target': True}),
     }
 hooks.register('construct_whitelister_element_rules', whitelister_element_rules)
+
+
+def block_googlebot(page, request):
+    if request.META.get('HTTP_USER_AGENT') == 'GoogleBot':
+        return HttpResponse("<h1>bad googlebot no cookie</h1>")
+hooks.register('before_serve_page', block_googlebot)
diff --git a/wagtail/wagtailcore/tests/test_page_model.py b/wagtail/wagtailcore/tests/test_page_model.py
index 34f8356f2..ab5b9c148 100644
--- a/wagtail/wagtailcore/tests/test_page_model.py
+++ b/wagtail/wagtailcore/tests/test_page_model.py
@@ -250,6 +250,10 @@ class TestServeView(TestCase):
         self.assertEqual(response.context['self'], expected_page)
         self.assertEqual(response.templates[0].name, 'tests/simple_page.html')
 
+    def test_before_serve_hook(self):
+        response = self.client.get('/events/', HTTP_USER_AGENT='GoogleBot')
+        self.assertContains(response, 'bad googlebot no cookie')
+
 
 class TestStaticSitePaths(TestCase):
     def setUp(self):
diff --git a/wagtail/wagtailcore/views.py b/wagtail/wagtailcore/views.py
index 7377cf761..0872dd68f 100644
--- a/wagtail/wagtailcore/views.py
+++ b/wagtail/wagtailcore/views.py
@@ -2,6 +2,8 @@ import warnings
 
 from django.http import HttpResponse, Http404
 
+from wagtail.wagtailcore import hooks
+
 
 def serve(request, path):
     # we need a valid Site object corresponding to this request (set in wagtail.wagtailcore.middleware.SiteMiddleware)
@@ -18,4 +20,9 @@ def serve(request, path):
         )
         return page
 
+    for fn in hooks.get_hooks('before_serve_page'):
+        result = fn(page, request)
+        if isinstance(result, HttpResponse):
+            return result
+
     return page.serve(request)

From 4af5f3d24d50ebaa0f65dba76b678115c3afca07 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Tue, 3 Jun 2014 11:22:46 +0100
Subject: [PATCH 04/33] Add PageViewRestriction model, and apply permission
 check in the 'serve' view

---
 .../0005_create_page_view_restriction.py      | 117 ++++++++++++++++++
 wagtail/wagtailcore/models.py                 |   7 ++
 wagtail/wagtailcore/wagtail_hooks.py          |  11 ++
 3 files changed, 135 insertions(+)
 create mode 100644 wagtail/wagtailcore/migrations/0005_create_page_view_restriction.py
 create mode 100644 wagtail/wagtailcore/wagtail_hooks.py

diff --git a/wagtail/wagtailcore/migrations/0005_create_page_view_restriction.py b/wagtail/wagtailcore/migrations/0005_create_page_view_restriction.py
new file mode 100644
index 000000000..f2d79573f
--- /dev/null
+++ b/wagtail/wagtailcore/migrations/0005_create_page_view_restriction.py
@@ -0,0 +1,117 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from south.utils import datetime_utils as datetime
+from south.db import db
+from south.v2 import SchemaMigration
+from django.db import models
+
+
+class Migration(SchemaMigration):
+
+    def forwards(self, orm):
+        # Adding model 'PageViewRestriction'
+        db.create_table('wagtailcore_pageviewrestriction', (
+            ('id', self.gf('django.db.models.fields.AutoField')(primary_key=True)),
+            ('page', self.gf('django.db.models.fields.related.ForeignKey')(related_name='view_restrictions', to=orm['wagtailcore.Page'])),
+            ('password', self.gf('django.db.models.fields.CharField')(max_length=255)),
+        ))
+        db.send_create_signal('wagtailcore', ['PageViewRestriction'])
+
+
+    def backwards(self, orm):
+        # Deleting model 'PageViewRestriction'
+        db.delete_table('wagtailcore_pageviewrestriction')
+
+
+    models = {
+        'auth.group': {
+            'Meta': {'object_name': 'Group'},
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
+            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
+        },
+        'auth.permission': {
+            'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+        },
+        'auth.user': {
+            'Meta': {'object_name': 'User'},
+            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'user_set'", 'blank': 'True', 'to': "orm['auth.Group']"}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
+            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'user_set'", 'blank': 'True', 'to': "orm['auth.Permission']"}),
+            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
+        },
+        'contenttypes.contenttype': {
+            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
+            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
+        },
+        'wagtailcore.grouppagepermission': {
+            'Meta': {'object_name': 'GroupPagePermission'},
+            'group': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'page_permissions'", 'to': "orm['auth.Group']"}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'page': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'group_permissions'", 'to': "orm['wagtailcore.Page']"}),
+            'permission_type': ('django.db.models.fields.CharField', [], {'max_length': '20'})
+        },
+        'wagtailcore.page': {
+            'Meta': {'object_name': 'Page'},
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'pages'", 'to': "orm['contenttypes.ContentType']"}),
+            'depth': ('django.db.models.fields.PositiveIntegerField', [], {}),
+            'expire_at': ('django.db.models.fields.DateTimeField', [], {'null': 'True', 'blank': 'True'}),
+            'expired': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'go_live_at': ('django.db.models.fields.DateTimeField', [], {'null': 'True', 'blank': 'True'}),
+            'has_unpublished_changes': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'live': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'numchild': ('django.db.models.fields.PositiveIntegerField', [], {'default': '0'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'owned_pages'", 'null': 'True', 'to': "orm['auth.User']"}),
+            'path': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '255'}),
+            'search_description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'seo_title': ('django.db.models.fields.CharField', [], {'max_length': '255', 'blank': 'True'}),
+            'show_in_menus': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'slug': ('django.db.models.fields.SlugField', [], {'max_length': '50'}),
+            'title': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
+            'url_path': ('django.db.models.fields.CharField', [], {'max_length': '255', 'blank': 'True'})
+        },
+        'wagtailcore.pagerevision': {
+            'Meta': {'object_name': 'PageRevision'},
+            'approved_go_live_at': ('django.db.models.fields.DateTimeField', [], {'null': 'True', 'blank': 'True'}),
+            'content_json': ('django.db.models.fields.TextField', [], {}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'page': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'revisions'", 'to': "orm['wagtailcore.Page']"}),
+            'submitted_for_moderation': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.User']", 'null': 'True', 'blank': 'True'})
+        },
+        'wagtailcore.pageviewrestriction': {
+            'Meta': {'object_name': 'PageViewRestriction'},
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'page': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'view_restrictions'", 'to': "orm['wagtailcore.Page']"}),
+            'password': ('django.db.models.fields.CharField', [], {'max_length': '255'})
+        },
+        'wagtailcore.site': {
+            'Meta': {'unique_together': "(('hostname', 'port'),)", 'object_name': 'Site'},
+            'hostname': ('django.db.models.fields.CharField', [], {'max_length': '255', 'db_index': 'True'}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'is_default_site': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'port': ('django.db.models.fields.IntegerField', [], {'default': '80'}),
+            'root_page': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'sites_rooted_here'", 'to': "orm['wagtailcore.Page']"})
+        }
+    }
+
+    complete_apps = ['wagtailcore']
\ No newline at end of file
diff --git a/wagtail/wagtailcore/models.py b/wagtail/wagtailcore/models.py
index d8edbfc72..b035a0856 100644
--- a/wagtail/wagtailcore/models.py
+++ b/wagtail/wagtailcore/models.py
@@ -9,6 +9,8 @@ from modelcluster.models import ClusterableModel
 
 from django.db import models, connection, transaction
 from django.db.models import get_model, Q
+from django.db.models.signals import post_save
+from django.dispatch import receiver
 from django.http import Http404
 from django.core.cache import cache
 from django.core.handlers.wsgi import WSGIRequest
@@ -1150,3 +1152,8 @@ class PagePermissionTester(object):
         else:
             # no publishing required, so the already-tested 'add' permission is sufficient
             return True
+
+
+class PageViewRestriction(models.Model):
+    page = models.ForeignKey('Page', related_name='view_restrictions')
+    password = models.CharField(max_length=255)
diff --git a/wagtail/wagtailcore/wagtail_hooks.py b/wagtail/wagtailcore/wagtail_hooks.py
new file mode 100644
index 000000000..1dd480001
--- /dev/null
+++ b/wagtail/wagtailcore/wagtail_hooks.py
@@ -0,0 +1,11 @@
+from django.http import HttpResponse
+
+from wagtail.wagtailcore import hooks
+from wagtail.wagtailcore.models import PageViewRestriction
+
+def check_view_restrictions(page, request):
+    ancestors_and_self = list(page.get_ancestors().values_list('id', flat=True)) + [page]
+    restrictions = PageViewRestriction.objects.filter(page__in=ancestors_and_self)
+    for restriction in restrictions:
+        return HttpResponse("<h1>Blocked due to view restriction</h1>")
+hooks.register('before_serve_page', check_view_restrictions)

From 6f855d7fd86556956248ded90c7e27832b3a713d Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Tue, 3 Jun 2014 15:34:27 +0100
Subject: [PATCH 05/33] simplified get_ancestors logic

---
 wagtail/wagtailcore/wagtail_hooks.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/wagtail/wagtailcore/wagtail_hooks.py b/wagtail/wagtailcore/wagtail_hooks.py
index 1dd480001..73c98a01d 100644
--- a/wagtail/wagtailcore/wagtail_hooks.py
+++ b/wagtail/wagtailcore/wagtail_hooks.py
@@ -4,8 +4,7 @@ from wagtail.wagtailcore import hooks
 from wagtail.wagtailcore.models import PageViewRestriction
 
 def check_view_restrictions(page, request):
-    ancestors_and_self = list(page.get_ancestors().values_list('id', flat=True)) + [page]
-    restrictions = PageViewRestriction.objects.filter(page__in=ancestors_and_self)
+    restrictions = PageViewRestriction.objects.filter(page__in=page.get_ancestors(inclusive=True))
     for restriction in restrictions:
         return HttpResponse("<h1>Blocked due to view restriction</h1>")
 hooks.register('before_serve_page', check_view_restrictions)

From d0e93f997f5caf8be28989d1907413f12c3e9b56 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Tue, 3 Jun 2014 17:24:04 +0100
Subject: [PATCH 06/33] Delegate serving of the 'password required' response to
 the Page model

---
 wagtail/wagtailcore/models.py                            | 8 ++++++++
 .../templates/wagtailcore/password_required.html         | 9 +++++++++
 wagtail/wagtailcore/wagtail_hooks.py                     | 4 +---
 3 files changed, 18 insertions(+), 3 deletions(-)
 create mode 100644 wagtail/wagtailcore/templates/wagtailcore/password_required.html

diff --git a/wagtail/wagtailcore/models.py b/wagtail/wagtailcore/models.py
index b035a0856..59c9eb861 100644
--- a/wagtail/wagtailcore/models.py
+++ b/wagtail/wagtailcore/models.py
@@ -811,6 +811,14 @@ class Page(six.with_metaclass(PageBase, MP_Node, ClusterableModel, Indexed)):
     def get_prev_siblings(self, inclusive=False):
         return self.get_siblings(inclusive).filter(path__lte=self.path).order_by('-path')
 
+    password_required_template = getattr(settings, 'PASSWORD_REQUIRED_TEMPLATE', 'wagtailcore/password_required.html')
+    def serve_password_required_response(self, request, form):
+        return TemplateResponse(request, self.password_required_template, {
+            'self': self,
+            'request': request,
+            'form': form,
+        })
+
 
 def get_navigation_menu_items():
     # Get all pages that appear in the navigation menu: ones which have children,
diff --git a/wagtail/wagtailcore/templates/wagtailcore/password_required.html b/wagtail/wagtailcore/templates/wagtailcore/password_required.html
new file mode 100644
index 000000000..d4ee0b1fc
--- /dev/null
+++ b/wagtail/wagtailcore/templates/wagtailcore/password_required.html
@@ -0,0 +1,9 @@
+<!DOCTYPE HTML>
+<html>
+    <head>
+        <title>Password required</title>
+    </head>
+    <body>
+        <h1>Password required</h1>
+    </body>
+</html>
diff --git a/wagtail/wagtailcore/wagtail_hooks.py b/wagtail/wagtailcore/wagtail_hooks.py
index 73c98a01d..347194c32 100644
--- a/wagtail/wagtailcore/wagtail_hooks.py
+++ b/wagtail/wagtailcore/wagtail_hooks.py
@@ -1,10 +1,8 @@
-from django.http import HttpResponse
-
 from wagtail.wagtailcore import hooks
 from wagtail.wagtailcore.models import PageViewRestriction
 
 def check_view_restrictions(page, request):
     restrictions = PageViewRestriction.objects.filter(page__in=page.get_ancestors(inclusive=True))
     for restriction in restrictions:
-        return HttpResponse("<h1>Blocked due to view restriction</h1>")
+        return page.serve_password_required_response(request, None)
 hooks.register('before_serve_page', check_view_restrictions)

From e4008a814824a24f36c288f7309c4867b8919870 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Wed, 4 Jun 2014 15:28:03 +0100
Subject: [PATCH 07/33] implement form submission logic for the password form

---
 wagtail/wagtailcore/forms.py                  | 16 +++++++++++++
 wagtail/wagtailcore/models.py                 | 18 +++++++++-----
 .../wagtailcore/password_required.html        |  6 +++++
 wagtail/wagtailcore/urls.py                   |  5 +++-
 wagtail/wagtailcore/views.py                  | 24 +++++++++++++++++++
 wagtail/wagtailcore/wagtail_hooks.py          | 10 +++++++-
 6 files changed, 71 insertions(+), 8 deletions(-)
 create mode 100644 wagtail/wagtailcore/forms.py

diff --git a/wagtail/wagtailcore/forms.py b/wagtail/wagtailcore/forms.py
new file mode 100644
index 000000000..1b83c8c94
--- /dev/null
+++ b/wagtail/wagtailcore/forms.py
@@ -0,0 +1,16 @@
+from django import forms
+
+class PasswordPageViewRestrictionForm(forms.Form):
+    password = forms.CharField(label="Password", widget=forms.PasswordInput)
+    return_url = forms.CharField(widget=forms.HiddenInput)
+
+    def __init__(self, *args, **kwargs):
+        self.restriction = kwargs.pop('instance')
+        super(PasswordPageViewRestrictionForm, self).__init__(*args, **kwargs)
+
+    def clean_password(self):
+        data = self.cleaned_data['password']
+        if data != self.restriction.password:
+            raise forms.ValidationError("The password you have entered is not correct. Please try again.")
+
+        return data
diff --git a/wagtail/wagtailcore/models.py b/wagtail/wagtailcore/models.py
index 59c9eb861..08e1b612b 100644
--- a/wagtail/wagtailcore/models.py
+++ b/wagtail/wagtailcore/models.py
@@ -812,12 +812,18 @@ class Page(six.with_metaclass(PageBase, MP_Node, ClusterableModel, Indexed)):
         return self.get_siblings(inclusive).filter(path__lte=self.path).order_by('-path')
 
     password_required_template = getattr(settings, 'PASSWORD_REQUIRED_TEMPLATE', 'wagtailcore/password_required.html')
-    def serve_password_required_response(self, request, form):
-        return TemplateResponse(request, self.password_required_template, {
-            'self': self,
-            'request': request,
-            'form': form,
-        })
+    def serve_password_required_response(self, request, form, action_url):
+        """
+        Serve a response indicating that the user has been denied access to view this page,
+        and must supply a password.
+        form = a Django form object containing the password input
+            (and zero or more hidden fields that also need to be output on the template)
+        action_url = URL that this form should be POSTed to
+        """
+        context = self.get_context(request)
+        context['form'] = form
+        context['action_url'] = action_url
+        return TemplateResponse(request, self.password_required_template, context)
 
 
 def get_navigation_menu_items():
diff --git a/wagtail/wagtailcore/templates/wagtailcore/password_required.html b/wagtail/wagtailcore/templates/wagtailcore/password_required.html
index d4ee0b1fc..d7601ca69 100644
--- a/wagtail/wagtailcore/templates/wagtailcore/password_required.html
+++ b/wagtail/wagtailcore/templates/wagtailcore/password_required.html
@@ -5,5 +5,11 @@
     </head>
     <body>
         <h1>Password required</h1>
+        <p>You need a password to access this page.</p>
+        <form action="{{ action_url }}" method="POST">
+            {% csrf_token %}
+            {{ form.as_p }}
+            <input type="submit" value="Continue" />
+        </form>
     </body>
 </html>
diff --git a/wagtail/wagtailcore/urls.py b/wagtail/wagtailcore/urls.py
index f0336fec4..9777dea8a 100644
--- a/wagtail/wagtailcore/urls.py
+++ b/wagtail/wagtailcore/urls.py
@@ -2,7 +2,10 @@ from django.conf.urls import url
 from wagtail.wagtailcore import views
 
 urlpatterns = [
-    # All front-end views are handled through Wagtail's core.views.serve mechanism.
+    url(r'^_util/authenticate_with_password/(\d+)/(\d+)/$', views.authenticate_with_password,
+        name='wagtailcore_authenticate_with_password'),
+
+    # Front-end page views are handled through Wagtail's core.views.serve mechanism.
     # Here we match a (possibly empty) list of path segments, each followed by
     # a '/'. If a trailing slash is not present, we leave CommonMiddleware to
     # handle it as usual (i.e. redirect it to the trailing slash version if
diff --git a/wagtail/wagtailcore/views.py b/wagtail/wagtailcore/views.py
index 0872dd68f..bd12d7f97 100644
--- a/wagtail/wagtailcore/views.py
+++ b/wagtail/wagtailcore/views.py
@@ -1,8 +1,12 @@
 import warnings
 
 from django.http import HttpResponse, Http404
+from django.shortcuts import get_object_or_404, redirect
+from django.core.urlresolvers import reverse
 
 from wagtail.wagtailcore import hooks
+from wagtail.wagtailcore.models import Page, PageViewRestriction
+from wagtail.wagtailcore.forms import PasswordPageViewRestrictionForm
 
 
 def serve(request, path):
@@ -26,3 +30,23 @@ def serve(request, path):
             return result
 
     return page.serve(request)
+
+
+def authenticate_with_password(request, page_view_restriction_id, page_id):
+    """
+    Handle a submission of PasswordPageViewRestrictionForm to grant view access over a
+    subtree that is protected by a PageViewRestriction
+    """
+    restriction = get_object_or_404(PageViewRestriction, id=page_view_restriction_id)
+    page = get_object_or_404(Page, id=page_id).specific
+
+    if request.POST:
+        form = PasswordPageViewRestrictionForm(request.POST, instance=restriction)
+        if form.is_valid():
+            # TODO: record 'has authenticated against this page view restriction' flag in the session
+            return redirect(form.cleaned_data['return_url'])
+    else:
+        form = PasswordPageViewRestrictionForm(instance=restriction)
+
+    action_url = reverse('wagtailcore_authenticate_with_password', args=[restriction.id, page.id])
+    return page.serve_password_required_response(request, form, action_url)
diff --git a/wagtail/wagtailcore/wagtail_hooks.py b/wagtail/wagtailcore/wagtail_hooks.py
index 347194c32..ccac0bd43 100644
--- a/wagtail/wagtailcore/wagtail_hooks.py
+++ b/wagtail/wagtailcore/wagtail_hooks.py
@@ -1,8 +1,16 @@
+from django.core.urlresolvers import reverse
+
 from wagtail.wagtailcore import hooks
 from wagtail.wagtailcore.models import PageViewRestriction
+from wagtail.wagtailcore.forms import PasswordPageViewRestrictionForm
 
 def check_view_restrictions(page, request):
     restrictions = PageViewRestriction.objects.filter(page__in=page.get_ancestors(inclusive=True))
+
     for restriction in restrictions:
-        return page.serve_password_required_response(request, None)
+        form = PasswordPageViewRestrictionForm(instance=restriction,
+            initial={'return_url': request.get_full_path()})
+        action_url = reverse('wagtailcore_authenticate_with_password', args=[restriction.id, page.id])
+        return page.serve_password_required_response(request, form, action_url)
+
 hooks.register('before_serve_page', check_view_restrictions)

From 1e71e10cd22d18e170d45d05349b8427358c7153 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Wed, 4 Jun 2014 16:02:43 +0100
Subject: [PATCH 08/33] Keep track of passed page view restrictions in the
 session

---
 wagtail/wagtailcore/views.py         | 11 ++++++++++-
 wagtail/wagtailcore/wagtail_hooks.py | 13 ++++++++-----
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/wagtail/wagtailcore/views.py b/wagtail/wagtailcore/views.py
index bd12d7f97..78e0476b6 100644
--- a/wagtail/wagtailcore/views.py
+++ b/wagtail/wagtailcore/views.py
@@ -3,6 +3,7 @@ import warnings
 from django.http import HttpResponse, Http404
 from django.shortcuts import get_object_or_404, redirect
 from django.core.urlresolvers import reverse
+from django.conf import settings
 
 from wagtail.wagtailcore import hooks
 from wagtail.wagtailcore.models import Page, PageViewRestriction
@@ -43,7 +44,15 @@ def authenticate_with_password(request, page_view_restriction_id, page_id):
     if request.POST:
         form = PasswordPageViewRestrictionForm(request.POST, instance=restriction)
         if form.is_valid():
-            # TODO: record 'has authenticated against this page view restriction' flag in the session
+            has_existing_session = (settings.SESSION_COOKIE_NAME in request.COOKIES)
+            passed_restrictions = request.session.setdefault('passed_page_view_restrictions', [])
+            if restriction.id not in passed_restrictions:
+                passed_restrictions.append(restriction.id)
+            if not has_existing_session:
+                # if this is a session we've created, set it to expire at the end
+                # of the browser session
+                request.session.set_expiry(0)
+
             return redirect(form.cleaned_data['return_url'])
     else:
         form = PasswordPageViewRestrictionForm(instance=restriction)
diff --git a/wagtail/wagtailcore/wagtail_hooks.py b/wagtail/wagtailcore/wagtail_hooks.py
index ccac0bd43..b2ab31248 100644
--- a/wagtail/wagtailcore/wagtail_hooks.py
+++ b/wagtail/wagtailcore/wagtail_hooks.py
@@ -7,10 +7,13 @@ from wagtail.wagtailcore.forms import PasswordPageViewRestrictionForm
 def check_view_restrictions(page, request):
     restrictions = PageViewRestriction.objects.filter(page__in=page.get_ancestors(inclusive=True))
 
-    for restriction in restrictions:
-        form = PasswordPageViewRestrictionForm(instance=restriction,
-            initial={'return_url': request.get_full_path()})
-        action_url = reverse('wagtailcore_authenticate_with_password', args=[restriction.id, page.id])
-        return page.serve_password_required_response(request, form, action_url)
+    if restrictions:
+        passed_restrictions = request.session.get('passed_page_view_restrictions', [])
+        for restriction in restrictions:
+            if restriction.id not in passed_restrictions:
+                form = PasswordPageViewRestrictionForm(instance=restriction,
+                    initial={'return_url': request.get_full_path()})
+                action_url = reverse('wagtailcore_authenticate_with_password', args=[restriction.id, page.id])
+                return page.serve_password_required_response(request, form, action_url)
 
 hooks.register('before_serve_page', check_view_restrictions)

From cae0d8fecbcfb428ecc0130045ab6bdfee463269 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Thu, 5 Jun 2014 11:04:37 +0100
Subject: [PATCH 09/33] add public/private indicator on explorer and page
 editor

---
 .../wagtailadmin/pages/_view_permission_indicator.html      | 6 ++++++
 wagtail/wagtailadmin/templates/wagtailadmin/pages/edit.html | 3 +++
 wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html | 5 ++++-
 wagtail/wagtailcore/models.py                               | 3 +++
 wagtail/wagtailcore/wagtail_hooks.py                        | 3 +--
 5 files changed, 17 insertions(+), 3 deletions(-)
 create mode 100644 wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html

diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html
new file mode 100644
index 000000000..7f9c7d82b
--- /dev/null
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html
@@ -0,0 +1,6 @@
+{% load i18n %}
+{% if page.get_view_restrictions %}
+    <div>{% trans 'Private' %}</div>
+{% else %}
+    <div>{% trans 'Public' %}</div>
+{% endif %}
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/edit.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/edit.html
index 8cc7fdca6..e56ad170c 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/edit.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/edit.html
@@ -16,6 +16,9 @@
             <div class="right col3">
                  {% trans "Status:" %} {% if page.live %}<a href="{{ page.url }}" class="status-tag {% if page.live %}primary{% endif %}">{{ page.status_string }}</a>{% else %}<span class="status-tag">{{ page.status_string }}</span>{% endif %}
             </div>
+
+            {% include "wagtailadmin/pages/_view_permission_indicator.html" with page=page only %}
+
         </div>
     </header>
 
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
index 7258c5429..5fe32838e 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
@@ -48,6 +48,9 @@
                         {% else %}
                             <h2>{{ parent_page.title }}</h2>
                         {% endif %}
+
+                        {% include "wagtailadmin/pages/_view_permission_indicator.html" with page=parent_page only %}
+
                         <ul class="actions">
                             {% if parent_page_perms.can_edit and 'edit' not in hide_actions|default:'' %}
                                 <li><a href="{% url 'wagtailadmin_pages_edit' parent_page.id %}" class="button button-small">{% trans 'Edit' %}</a></li>
@@ -249,4 +252,4 @@
             </li>
         </ul>
     </div>
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/wagtail/wagtailcore/models.py b/wagtail/wagtailcore/models.py
index 08e1b612b..8670f0315 100644
--- a/wagtail/wagtailcore/models.py
+++ b/wagtail/wagtailcore/models.py
@@ -811,6 +811,9 @@ class Page(six.with_metaclass(PageBase, MP_Node, ClusterableModel, Indexed)):
     def get_prev_siblings(self, inclusive=False):
         return self.get_siblings(inclusive).filter(path__lte=self.path).order_by('-path')
 
+    def get_view_restrictions(self):
+        return PageViewRestriction.objects.filter(page__in=self.get_ancestors(inclusive=True))
+
     password_required_template = getattr(settings, 'PASSWORD_REQUIRED_TEMPLATE', 'wagtailcore/password_required.html')
     def serve_password_required_response(self, request, form, action_url):
         """
diff --git a/wagtail/wagtailcore/wagtail_hooks.py b/wagtail/wagtailcore/wagtail_hooks.py
index b2ab31248..e92971c99 100644
--- a/wagtail/wagtailcore/wagtail_hooks.py
+++ b/wagtail/wagtailcore/wagtail_hooks.py
@@ -1,11 +1,10 @@
 from django.core.urlresolvers import reverse
 
 from wagtail.wagtailcore import hooks
-from wagtail.wagtailcore.models import PageViewRestriction
 from wagtail.wagtailcore.forms import PasswordPageViewRestrictionForm
 
 def check_view_restrictions(page, request):
-    restrictions = PageViewRestriction.objects.filter(page__in=page.get_ancestors(inclusive=True))
+    restrictions = page.get_view_restrictions()
 
     if restrictions:
         passed_restrictions = request.session.get('passed_page_view_restrictions', [])

From eaee2b9695842f4c38a79874a55eec1e0aeb4065 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Fri, 6 Jun 2014 12:52:34 +0100
Subject: [PATCH 10/33] Implement (mostly-empty) views for setting view
 restrictions, accessible from the permission indicator

---
 .../js/view-permission-indicator.js           |  9 +++++
 .../ancestor_restriction.html                 |  8 +++++
 .../set_view_restrictions.html                |  7 ++++
 .../wagtailadmin/pages/_editor_js.html        |  1 +
 .../pages/_view_permission_indicator.html     | 25 ++++++++++---
 .../templates/wagtailadmin/pages/edit.html    |  6 ++--
 .../templates/wagtailadmin/pages/index.html   |  4 +++
 .../templates/wagtailadmin/pages/list.html    |  2 +-
 wagtail/wagtailadmin/urls.py                  |  4 ++-
 .../views/page_view_restrictions.py           | 35 +++++++++++++++++++
 wagtail/wagtailcore/models.py                 |  3 ++
 11 files changed, 94 insertions(+), 10 deletions(-)
 create mode 100644 wagtail/wagtailadmin/static/wagtailadmin/js/view-permission-indicator.js
 create mode 100644 wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/ancestor_restriction.html
 create mode 100644 wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html
 create mode 100644 wagtail/wagtailadmin/views/page_view_restrictions.py

diff --git a/wagtail/wagtailadmin/static/wagtailadmin/js/view-permission-indicator.js b/wagtail/wagtailadmin/static/wagtailadmin/js/view-permission-indicator.js
new file mode 100644
index 000000000..52b7442a7
--- /dev/null
+++ b/wagtail/wagtailadmin/static/wagtailadmin/js/view-permission-indicator.js
@@ -0,0 +1,9 @@
+$(function() {
+    /* Interface to set view permissions from the explorer / editor */
+    $('a.action-set-view-permissions').click(function() {
+        ModalWorkflow({
+            'url': this.href
+        });
+        return false;
+    });
+});
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/ancestor_restriction.html b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/ancestor_restriction.html
new file mode 100644
index 000000000..d8b652f32
--- /dev/null
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/ancestor_restriction.html
@@ -0,0 +1,8 @@
+{% load i18n %}
+{% trans "Access restricted" as title_str %}
+{% include "wagtailadmin/shared/header.html" with title=title_str %}
+
+<div class="nice-padding">
+    {% trans "Access to this page is restricted because it is within the section:" %}
+    <b>{{ page_with_restriction.title }}</b>
+</div>
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html
new file mode 100644
index 000000000..82e928c68
--- /dev/null
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html
@@ -0,0 +1,7 @@
+{% load i18n %}
+{% trans "Set access restrictions" as title_str %}
+{% include "wagtailadmin/shared/header.html" with title=title_str %}
+
+<div class="nice-padding">
+    <p>form for setting access restrictions goes here</p>
+</div>
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_js.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_js.html
index 17bcbd8bf..f494f75ec 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_js.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_js.html
@@ -21,6 +21,7 @@
     <script src="{{ STATIC_URL }}wagtailadmin/js/page-editor.js"></script>
     <script src="{{ STATIC_URL }}wagtailadmin/js/page-chooser.js"></script>
     <script src="{{ STATIC_URL }}admin/js/urlify.js"></script>
+    <script src="{{ STATIC_URL }}wagtailadmin/js/view-permission-indicator.js"></script>
 
     {% hook_output 'insert_editor_js' %}
 {% endcompress %}
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html
index 7f9c7d82b..030703aab 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html
@@ -1,6 +1,21 @@
-{% load i18n %}
-{% if page.get_view_restrictions %}
-    <div>{% trans 'Private' %}</div>
-{% else %}
-    <div>{% trans 'Public' %}</div>
+{% load i18n wagtailadmin_tags %}
+
+{% if not page_perms %}
+    {% page_permissions page as page_perms %}
 {% endif %}
+
+{% with page.get_view_restrictions as has_view_restrictions %}
+    {% if has_view_restrictions %}
+        {% trans 'Private' as label %}
+    {% else %}
+        {% trans 'Public' as label %}
+    {% endif %}
+
+    {% if page_perms.can_set_view_restrictions %}
+        <div>
+            <a href="{% url 'wagtailadmin_pages_set_view_restrictions' page.id %}" class="button button-small action-set-view-permissions">{{ label }}</a>
+        </div>
+    {% else %}
+        <div>{{ label }}</div>
+    {% endif %}
+{% endwith %}
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/edit.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/edit.html
index e56ad170c..a1b108933 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/edit.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/edit.html
@@ -6,6 +6,7 @@
 {% block bodyclass %}menu-explorer  page-editor{% endblock %}
 
 {% block content %}
+    {% page_permissions page as page_perms %}
     <header class="merged tab-merged nice-padding">
         {% include "wagtailadmin/shared/breadcrumb.html" with page=page %}
 
@@ -17,7 +18,7 @@
                  {% trans "Status:" %} {% if page.live %}<a href="{{ page.url }}" class="status-tag {% if page.live %}primary{% endif %}">{{ page.status_string }}</a>{% else %}<span class="status-tag">{{ page.status_string }}</span>{% endif %}
             </div>
 
-            {% include "wagtailadmin/pages/_view_permission_indicator.html" with page=page only %}
+            {% include "wagtailadmin/pages/_view_permission_indicator.html" with page=page page_perms=page_perms only %}
 
         </div>
     </header>
@@ -25,8 +26,7 @@
     <form id="page-edit-form" action="{% url 'wagtailadmin_pages_edit' page.id %}" method="POST">
         {% csrf_token %}
         {{ edit_handler.render_form_content }}
-    
-        {% page_permissions page as page_perms %}
+
         <footer>
             <ul>
                 <li class="actions">
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/index.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/index.html
index c7190bb84..0f5c25f38 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/index.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/index.html
@@ -21,6 +21,10 @@
 {% endblock %}
 
 {% block extra_js %}
+    {% comment %} modal-workflow is required by the view restrictions interface {% endcomment %}
+    <script src="{{ STATIC_URL }}wagtailadmin/js/modal-workflow.js"></script>
+    <script src="{{ STATIC_URL }}wagtailadmin/js/view-permission-indicator.js"></script>
+
     <script type="text/javascript">
         {% if ordering == 'ord' %}
             $(function() {
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
index 5fe32838e..a1d827c43 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
@@ -49,7 +49,7 @@
                             <h2>{{ parent_page.title }}</h2>
                         {% endif %}
 
-                        {% include "wagtailadmin/pages/_view_permission_indicator.html" with page=parent_page only %}
+                        {% include "wagtailadmin/pages/_view_permission_indicator.html" with page=parent_page page_perms=parent_page_perms only %}
 
                         <ul class="actions">
                             {% if parent_page_perms.can_edit and 'edit' not in hide_actions|default:'' %}
diff --git a/wagtail/wagtailadmin/urls.py b/wagtail/wagtailadmin/urls.py
index 89be5cf17..359250162 100644
--- a/wagtail/wagtailadmin/urls.py
+++ b/wagtail/wagtailadmin/urls.py
@@ -1,7 +1,7 @@
 from django.conf.urls import url
 
 from wagtail.wagtailadmin.forms import PasswordResetForm
-from wagtail.wagtailadmin.views import account, chooser, home, pages, tags, userbar
+from wagtail.wagtailadmin.views import account, chooser, home, pages, tags, userbar, page_view_restrictions
 from wagtail.wagtailcore import hooks
 
 
@@ -67,6 +67,8 @@ urlpatterns += [
     url(r'^pages/moderation/(\d+)/reject/$', pages.reject_moderation, name='wagtailadmin_pages_reject_moderation'),
     url(r'^pages/moderation/(\d+)/preview/$', pages.preview_for_moderation, name='wagtailadmin_pages_preview_for_moderation'),
 
+    url(r'^pages/(\d+)/view_restrictions/$', page_view_restrictions.set_view_restrictions, name='wagtailadmin_pages_set_view_restrictions'),
+
     url(r'^choose-page/$', chooser.browse, name='wagtailadmin_choose_page'),
     url(r'^choose-page/(\d+)/$', chooser.browse, name='wagtailadmin_choose_page_child'),
     url(r'^choose-external-link/$', chooser.external_link, name='wagtailadmin_choose_page_external_link'),
diff --git a/wagtail/wagtailadmin/views/page_view_restrictions.py b/wagtail/wagtailadmin/views/page_view_restrictions.py
new file mode 100644
index 000000000..4e2deab57
--- /dev/null
+++ b/wagtail/wagtailadmin/views/page_view_restrictions.py
@@ -0,0 +1,35 @@
+from django.core.exceptions import PermissionDenied
+from django.contrib.auth.decorators import permission_required
+from django.shortcuts import get_object_or_404
+
+from wagtail.wagtailcore.models import Page
+from wagtail.wagtailadmin.modal_workflow import render_modal_workflow
+
+@permission_required('wagtailadmin.access_admin')
+def set_view_restrictions(request, page_id):
+    page = get_object_or_404(Page, id=page_id)
+    page_perms = page.permissions_for_user(request.user)
+    if not page_perms.can_set_view_restrictions():
+        raise PermissionDenied
+
+    restrictions = page.get_view_restrictions().order_by('page__depth')
+    if restrictions:
+        if restrictions[0].page == page:
+            # a restriction is set on this specific page, and no restrictions
+            # further up the tree exist
+            return render_modal_workflow(
+                request, 'wagtailadmin/page_view_restrictions/set_view_restrictions.html', None, {}
+            )
+        else:
+            # a restriction further up the tree exists
+            return render_modal_workflow(
+                request, 'wagtailadmin/page_view_restrictions/ancestor_restriction.html', None,
+                {
+                    'page_with_restriction': restrictions[0].page,
+                }
+            )
+    else:
+        # no current view restrictions on this page
+        return render_modal_workflow(
+            request, 'wagtailadmin/page_view_restrictions/set_view_restrictions.html', None, {}
+        )
diff --git a/wagtail/wagtailcore/models.py b/wagtail/wagtailcore/models.py
index 8670f0315..df88a8b22 100644
--- a/wagtail/wagtailcore/models.py
+++ b/wagtail/wagtailcore/models.py
@@ -1112,6 +1112,9 @@ class PagePermissionTester(object):
 
         return self.user.is_superuser or ('publish' in self.permissions)
 
+    def can_set_view_restrictions(self):
+        return self.can_publish()
+
     def can_publish_subpage(self):
         """
         Niggly special case for creating and publishing a page in one go.

From 1c313652eb55be048c3acfd378538b23cfd1bdeb Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Fri, 6 Jun 2014 15:23:57 +0100
Subject: [PATCH 11/33] implement form for setting access restrictions

---
 wagtail/wagtailadmin/forms.py                 |  8 ++
 .../set_view_restrictions.html                | 25 ++++++-
 .../set_view_restrictions.js                  | 19 +++++
 .../set_view_restrictions_done.js             |  3 +
 .../views/page_view_restrictions.py           | 74 ++++++++++++++-----
 5 files changed, 111 insertions(+), 18 deletions(-)
 create mode 100644 wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.js
 create mode 100644 wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions_done.js

diff --git a/wagtail/wagtailadmin/forms.py b/wagtail/wagtailadmin/forms.py
index e55a831f4..3878eb473 100644
--- a/wagtail/wagtailadmin/forms.py
+++ b/wagtail/wagtailadmin/forms.py
@@ -75,3 +75,11 @@ class PasswordResetForm(PasswordResetForm):
             raise forms.ValidationError(_("This email address is not recognised."))
 
         return cleaned_data
+
+
+class PageViewRestrictionForm(forms.Form):
+    restriction_type = forms.ChoiceField(choices=[
+        ('none', ugettext_lazy("This page is viewable by all visitors")),
+        ('password', ugettext_lazy("This page is only viewable to users who enter this password:")),
+    ], widget=forms.RadioSelect)
+    password = forms.CharField(required=False)
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html
index 82e928c68..f3efa3699 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html
@@ -3,5 +3,28 @@
 {% include "wagtailadmin/shared/header.html" with title=title_str %}
 
 <div class="nice-padding">
-    <p>form for setting access restrictions goes here</p>
+    <form action="{% url 'wagtailadmin_pages_set_view_restrictions' page.id %}" method="POST">
+        {% csrf_token %}
+        <ul>
+            <li>
+                {# 'This page is viewable by all visitors' #}
+                {{ form.restriction_type.0 }}
+            </li>
+            <li>
+                {# 'This page is only viewable to users who enter this password:' #}
+                {{ form.restriction_type.1 }}
+
+                {# FIXME: need distinct CSS styling for the 'disabled' state #}
+                {{ form.password }}
+                {% if form.password.errors %}
+                    <p class="error-message">
+                        {% for error in form.password.errors %}
+                            <span>{{ error }}</span>
+                        {% endfor %}
+                    </p>
+                {% endif %}
+            </li>
+        </ul>
+        <input type="submit" value="Set restriction">
+    </form>
 </div>
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.js b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.js
new file mode 100644
index 000000000..0a40c0f85
--- /dev/null
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.js
@@ -0,0 +1,19 @@
+function(modal) {
+    $('form', modal.body).submit(function() {
+        modal.postForm(this.action, $(this).serialize());
+        return false;
+    });
+
+    var restrictionTypePasswordField = $("input[name='restriction_type'][value='password']", modal.body);
+    var passwordField = $("#id_password", modal.body);
+    function refreshFormFields() {
+        if (restrictionTypePasswordField.is(':checked')) {
+            passwordField.removeAttr('disabled');
+        } else {
+            passwordField.attr('disabled', true);
+        }
+    }
+    refreshFormFields();
+
+    $("input[name='restriction_type']", modal.body).change(refreshFormFields);
+}
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions_done.js b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions_done.js
new file mode 100644
index 000000000..3ccc7e057
--- /dev/null
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions_done.js
@@ -0,0 +1,3 @@
+function(modal) {
+    modal.close();
+}
diff --git a/wagtail/wagtailadmin/views/page_view_restrictions.py b/wagtail/wagtailadmin/views/page_view_restrictions.py
index 4e2deab57..481ad9ae8 100644
--- a/wagtail/wagtailadmin/views/page_view_restrictions.py
+++ b/wagtail/wagtailadmin/views/page_view_restrictions.py
@@ -2,7 +2,8 @@ from django.core.exceptions import PermissionDenied
 from django.contrib.auth.decorators import permission_required
 from django.shortcuts import get_object_or_404
 
-from wagtail.wagtailcore.models import Page
+from wagtail.wagtailcore.models import Page, PageViewRestriction
+from wagtail.wagtailadmin.forms import PageViewRestrictionForm
 from wagtail.wagtailadmin.modal_workflow import render_modal_workflow
 
 @permission_required('wagtailadmin.access_admin')
@@ -12,24 +13,63 @@ def set_view_restrictions(request, page_id):
     if not page_perms.can_set_view_restrictions():
         raise PermissionDenied
 
+    # fetch restriction records in depth order so that ancestors appear first
     restrictions = page.get_view_restrictions().order_by('page__depth')
     if restrictions:
-        if restrictions[0].page == page:
-            # a restriction is set on this specific page, and no restrictions
-            # further up the tree exist
-            return render_modal_workflow(
-                request, 'wagtailadmin/page_view_restrictions/set_view_restrictions.html', None, {}
-            )
-        else:
-            # a restriction further up the tree exists
-            return render_modal_workflow(
-                request, 'wagtailadmin/page_view_restrictions/ancestor_restriction.html', None,
-                {
-                    'page_with_restriction': restrictions[0].page,
-                }
-            )
+        restriction = restrictions[0]
+        restriction_exists_on_ancestor = (restriction.page != page)
     else:
-        # no current view restrictions on this page
+        restriction = None
+        restriction_exists_on_ancestor = False
+
+    if request.POST:
+        form = PageViewRestrictionForm(request.POST)
+        if form.is_valid() and not restriction_exists_on_ancestor:
+            if form.cleaned_data['restriction_type'] == 'none':
+                # remove any existing restriction
+                if restriction:
+                    restriction.delete()
+            else:  # restriction_type = 'password'
+                if restriction:
+                    restriction.password = form.cleaned_data['password']
+                    restriction.save()
+                else:
+                    # create a new restriction object
+                    PageViewRestriction.objects.create(
+                        page=page, password = form.cleaned_data['password'])
+
+            return render_modal_workflow(
+                request, None, 'wagtailadmin/page_view_restrictions/set_view_restrictions_done.js'
+            )
+
+    else:  # request is a GET
+        if not restriction_exists_on_ancestor:
+            if restriction:
+                form = PageViewRestrictionForm(initial={
+                    'restriction_type': 'password', 'password': restriction.password
+                })
+            else:
+                # no current view restrictions on this page
+                form = PageViewRestrictionForm(initial={
+                    'restriction_type': 'none'
+                })
+
+    if restriction_exists_on_ancestor:
+        # display a message indicating that there is a restriction at ancestor level -
+        # do not provide the form for setting up new restrictions
         return render_modal_workflow(
-            request, 'wagtailadmin/page_view_restrictions/set_view_restrictions.html', None, {}
+            request, 'wagtailadmin/page_view_restrictions/ancestor_restriction.html', None,
+            {
+                'page_with_restriction': restriction.page,
+            }
+        )
+    else:
+        # no restriction set at ancestor level - can set restrictions here
+        return render_modal_workflow(
+            request,
+            'wagtailadmin/page_view_restrictions/set_view_restrictions.html',
+            'wagtailadmin/page_view_restrictions/set_view_restrictions.js', {
+                'page': page,
+                'form': form,
+            }
         )

From 0fbd3e7e14bdc594e1eaef3ea948101fed039ef4 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Fri, 6 Jun 2014 16:34:42 +0100
Subject: [PATCH 12/33] make view permission indicator update dynamically after
 permissions are set

---
 .../js/view-permission-indicator.js           | 11 +++++++++-
 .../components/view-permission-indicator.scss |  8 +++++++
 .../set_view_restrictions_done.js             |  1 +
 .../wagtailadmin/pages/_editor_css.html       |  1 +
 .../pages/_view_permission_indicator.html     | 21 +++++++++++--------
 .../templates/wagtailadmin/pages/index.html   |  9 ++++++--
 .../views/page_view_restrictions.py           |  4 +++-
 7 files changed, 42 insertions(+), 13 deletions(-)
 create mode 100644 wagtail/wagtailadmin/static/wagtailadmin/scss/components/view-permission-indicator.scss

diff --git a/wagtail/wagtailadmin/static/wagtailadmin/js/view-permission-indicator.js b/wagtail/wagtailadmin/static/wagtailadmin/js/view-permission-indicator.js
index 52b7442a7..5e84e0840 100644
--- a/wagtail/wagtailadmin/static/wagtailadmin/js/view-permission-indicator.js
+++ b/wagtail/wagtailadmin/static/wagtailadmin/js/view-permission-indicator.js
@@ -2,7 +2,16 @@ $(function() {
     /* Interface to set view permissions from the explorer / editor */
     $('a.action-set-view-permissions').click(function() {
         ModalWorkflow({
-            'url': this.href
+            'url': this.href,
+            'responses': {
+                'setPermission': function(isPublic) {
+                    if (isPublic) {
+                        $('.view-permission-indicator').removeClass('private').addClass('public');
+                    } else {
+                        $('.view-permission-indicator').removeClass('public').addClass('private');
+                    }
+                }
+            }
         });
         return false;
     });
diff --git a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/view-permission-indicator.scss b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/view-permission-indicator.scss
new file mode 100644
index 000000000..8e26eaf74
--- /dev/null
+++ b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/view-permission-indicator.scss
@@ -0,0 +1,8 @@
+.view-permission-indicator {
+    &.public {
+        .label-private { display: none; }
+    }
+    &.private {
+        .label-public { display: none; }
+    }
+}
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions_done.js b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions_done.js
index 3ccc7e057..dafbc7b36 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions_done.js
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions_done.js
@@ -1,3 +1,4 @@
 function(modal) {
+    modal.respond('setPermission', {% if is_public %}true{% else %}false{% endif %});
     modal.close();
 }
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_css.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_css.html
index 2e140c89c..58d7d5f17 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_css.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_css.html
@@ -7,6 +7,7 @@
 {% compress css %}
     <link rel="stylesheet" href="{{ STATIC_URL }}wagtailadmin/scss/layouts/page-editor.scss" type="text/x-scss" />
     <link rel="stylesheet" href="{{ STATIC_URL }}wagtailadmin/scss/panels/rich-text.scss" type="text/x-scss" />
+    <link rel="stylesheet" type="text/x-scss" href="{{ STATIC_URL }}wagtailadmin/scss/components/view-permission-indicator.scss">
 
     {# we'll want tag-it included, for the benefit of any modals that use it, like images. #}
     {# TODO: a method of injecting these sorts of things on demand when the modal is spawned #}
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html
index 030703aab..ee6a7e3b4 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html
@@ -5,17 +5,20 @@
 {% endif %}
 
 {% with page.get_view_restrictions as has_view_restrictions %}
-    {% if has_view_restrictions %}
-        {% trans 'Private' as label %}
-    {% else %}
-        {% trans 'Public' as label %}
-    {% endif %}
-
     {% if page_perms.can_set_view_restrictions %}
-        <div>
-            <a href="{% url 'wagtailadmin_pages_set_view_restrictions' page.id %}" class="button button-small action-set-view-permissions">{{ label }}</a>
+        <div class="view-permission-indicator {% if has_view_restrictions %}private{% else %}public{% endif %}">
+            <a href="{% url 'wagtailadmin_pages_set_view_restrictions' page.id %}" class="button button-small action-set-view-permissions">
+                {# labels are shown/hidden in CSS according to the 'private' / 'public' class on view-permission-indicator #}
+                <span class="label-public">{% trans 'Public' %}</span>
+                <span class="label-private">{% trans 'Private' %}</span>
+            </a>
         </div>
     {% else %}
-        <div>{{ label }}</div>
+        {# Read-only display, for users who don't have permission to set view restrictions #}
+        {% if has_view_restrictions %}
+            <div class="view-permission-indicator private"><span class="label-private">{% trans 'Private' %}</span></div>
+        {% else %}
+            <div class="view-permission-indicator public"><span class="label-public">{% trans 'Public' %}</span></div>
+        {% endif %}
     {% endif %}
 {% endwith %}
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/index.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/index.html
index 0f5c25f38..e9e4847dd 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/index.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/index.html
@@ -1,6 +1,5 @@
 {% extends "wagtailadmin/base.html" %}
-{% load i18n %}
-{% load wagtailadmin_tags %}
+{% load i18n wagtailadmin_tags compress %}
 {% block titletag %}{% blocktrans with title=parent_page.title %}Exploring {{ title }}{% endblocktrans %}{% endblock %}
 {% block bodyclass %}menu-explorer page-explorer {% if ordering == 'ord' %}reordering{% endif %}{% endblock %}
 
@@ -20,6 +19,12 @@
 
 {% endblock %}
 
+{% block extra_css %}
+    {% compress css %}
+        <link rel="stylesheet" type="text/x-scss" href="{{ STATIC_URL }}wagtailadmin/scss/components/view-permission-indicator.scss">
+    {% endcompress %}
+{% endblock %}
+
 {% block extra_js %}
     {% comment %} modal-workflow is required by the view restrictions interface {% endcomment %}
     <script src="{{ STATIC_URL }}wagtailadmin/js/modal-workflow.js"></script>
diff --git a/wagtail/wagtailadmin/views/page_view_restrictions.py b/wagtail/wagtailadmin/views/page_view_restrictions.py
index 481ad9ae8..e36e9900d 100644
--- a/wagtail/wagtailadmin/views/page_view_restrictions.py
+++ b/wagtail/wagtailadmin/views/page_view_restrictions.py
@@ -39,7 +39,9 @@ def set_view_restrictions(request, page_id):
                         page=page, password = form.cleaned_data['password'])
 
             return render_modal_workflow(
-                request, None, 'wagtailadmin/page_view_restrictions/set_view_restrictions_done.js'
+                request, None, 'wagtailadmin/page_view_restrictions/set_view_restrictions_done.js', {
+                    'is_public': (form.cleaned_data['restriction_type'] == 'none')
+                }
             )
 
     else:  # request is a GET

From 47c0a197c8392bb216ff4e30bb6ea648e423ab96 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Fri, 6 Jun 2014 16:53:25 +0100
Subject: [PATCH 13/33] make password a required field when restriction_type =
 password

---
 wagtail/wagtailadmin/forms.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/wagtail/wagtailadmin/forms.py b/wagtail/wagtailadmin/forms.py
index 3878eb473..f3634faf0 100644
--- a/wagtail/wagtailadmin/forms.py
+++ b/wagtail/wagtailadmin/forms.py
@@ -83,3 +83,12 @@ class PageViewRestrictionForm(forms.Form):
         ('password', ugettext_lazy("This page is only viewable to users who enter this password:")),
     ], widget=forms.RadioSelect)
     password = forms.CharField(required=False)
+
+    def clean(self):
+        cleaned_data = super(PageViewRestrictionForm, self).clean()
+
+        if cleaned_data.get('restriction_type') == 'password' and not cleaned_data.get('password'):
+            self._errors["password"] = self.error_class([_('This field is required.')])
+            del cleaned_data['password']
+
+        return cleaned_data

From 9f460bff05176a3cebe2b5fea04b9419d63880b1 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Fri, 6 Jun 2014 17:09:12 +0100
Subject: [PATCH 14/33] move check_view_restrictions into the Page model, so
 that sites with non-standard routing requirements can use it independently of
 the before_serve_page hook

---
 wagtail/wagtailcore/models.py        | 24 ++++++++++++++++++++++--
 wagtail/wagtailcore/wagtail_hooks.py | 15 +--------------
 2 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/wagtail/wagtailcore/models.py b/wagtail/wagtailcore/models.py
index df88a8b22..c6cb095a1 100644
--- a/wagtail/wagtailcore/models.py
+++ b/wagtail/wagtailcore/models.py
@@ -9,12 +9,11 @@ from modelcluster.models import ClusterableModel
 
 from django.db import models, connection, transaction
 from django.db.models import get_model, Q
-from django.db.models.signals import post_save
-from django.dispatch import receiver
 from django.http import Http404
 from django.core.cache import cache
 from django.core.handlers.wsgi import WSGIRequest
 from django.core.handlers.base import BaseHandler
+from django.core.urlresolvers import reverse
 from django.contrib.contenttypes.models import ContentType
 from django.contrib.auth.models import Group
 from django.conf import settings
@@ -812,8 +811,29 @@ class Page(six.with_metaclass(PageBase, MP_Node, ClusterableModel, Indexed)):
         return self.get_siblings(inclusive).filter(path__lte=self.path).order_by('-path')
 
     def get_view_restrictions(self):
+        """Return a query set of all page view restrictions that apply to this page"""
         return PageViewRestriction.objects.filter(page__in=self.get_ancestors(inclusive=True))
 
+    def check_view_restrictions(self, request):
+        """
+        Check whether there are any view restrictions on this page which are
+        not fulfilled by the given request object. If there are, return an
+        HttpResponse that will notify the user of that restriction (and possibly
+        include a password / login form that will allow them to proceed). If
+        there are no such restrictions, return None
+        """
+        restrictions = self.get_view_restrictions()
+
+        if restrictions:
+            passed_restrictions = request.session.get('passed_page_view_restrictions', [])
+            for restriction in restrictions:
+                if restriction.id not in passed_restrictions:
+                    from wagtail.wagtailcore.forms import PasswordPageViewRestrictionForm
+                    form = PasswordPageViewRestrictionForm(instance=restriction,
+                        initial={'return_url': request.get_full_path()})
+                    action_url = reverse('wagtailcore_authenticate_with_password', args=[restriction.id, self.id])
+                    return self.serve_password_required_response(request, form, action_url)
+
     password_required_template = getattr(settings, 'PASSWORD_REQUIRED_TEMPLATE', 'wagtailcore/password_required.html')
     def serve_password_required_response(self, request, form, action_url):
         """
diff --git a/wagtail/wagtailcore/wagtail_hooks.py b/wagtail/wagtailcore/wagtail_hooks.py
index e92971c99..3763c881b 100644
--- a/wagtail/wagtailcore/wagtail_hooks.py
+++ b/wagtail/wagtailcore/wagtail_hooks.py
@@ -1,18 +1,5 @@
-from django.core.urlresolvers import reverse
-
 from wagtail.wagtailcore import hooks
-from wagtail.wagtailcore.forms import PasswordPageViewRestrictionForm
 
 def check_view_restrictions(page, request):
-    restrictions = page.get_view_restrictions()
-
-    if restrictions:
-        passed_restrictions = request.session.get('passed_page_view_restrictions', [])
-        for restriction in restrictions:
-            if restriction.id not in passed_restrictions:
-                form = PasswordPageViewRestrictionForm(instance=restriction,
-                    initial={'return_url': request.get_full_path()})
-                action_url = reverse('wagtailcore_authenticate_with_password', args=[restriction.id, page.id])
-                return page.serve_password_required_response(request, form, action_url)
-
+    return page.check_view_restrictions(request)
 hooks.register('before_serve_page', check_view_restrictions)

From 1ee707f4052a8e0b26823918e423b1ca43087bc6 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Fri, 6 Jun 2014 17:15:50 +0100
Subject: [PATCH 15/33] Add note that access restrictions will take effect on
 child pages

---
 .../page_view_restrictions/set_view_restrictions.html            | 1 +
 1 file changed, 1 insertion(+)

diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html
index f3efa3699..632c34f1b 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html
@@ -27,4 +27,5 @@
         </ul>
         <input type="submit" value="Set restriction">
     </form>
+    <p>{% trans "Access restrictions will take effect on this page and all child pages." %}</p>
 </div>

From 9e94c83843c2feeec597a2a8b65b8e061f6812f8 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Mon, 9 Jun 2014 14:08:39 +0100
Subject: [PATCH 16/33] Add 'private' indicator in page chooser for pages with
 view restrictions

---
 .../pages/_view_permission_indicator.html     | 31 +++++++++----------
 .../templates/wagtailadmin/pages/list.html    | 10 ++++++
 .../templatetags/wagtailadmin_tags.py         | 22 ++++++++++++-
 3 files changed, 46 insertions(+), 17 deletions(-)

diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html
index ee6a7e3b4..5bb8853e0 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html
@@ -1,24 +1,23 @@
 {% load i18n wagtailadmin_tags %}
 
+{% test_page_is_public page as is_public %}
 {% if not page_perms %}
     {% page_permissions page as page_perms %}
 {% endif %}
 
-{% with page.get_view_restrictions as has_view_restrictions %}
-    {% if page_perms.can_set_view_restrictions %}
-        <div class="view-permission-indicator {% if has_view_restrictions %}private{% else %}public{% endif %}">
-            <a href="{% url 'wagtailadmin_pages_set_view_restrictions' page.id %}" class="button button-small action-set-view-permissions">
-                {# labels are shown/hidden in CSS according to the 'private' / 'public' class on view-permission-indicator #}
-                <span class="label-public">{% trans 'Public' %}</span>
-                <span class="label-private">{% trans 'Private' %}</span>
-            </a>
-        </div>
+{% if page_perms.can_set_view_restrictions %}
+    <div class="view-permission-indicator {% if is_public %}public{% else %}private{% endif %}">
+        <a href="{% url 'wagtailadmin_pages_set_view_restrictions' page.id %}" class="button button-small action-set-view-permissions">
+            {# labels are shown/hidden in CSS according to the 'private' / 'public' class on view-permission-indicator #}
+            <span class="label-public">{% trans 'Public' %}</span>
+            <span class="label-private">{% trans 'Private' %}</span>
+        </a>
+    </div>
+{% else %}
+    {# Read-only display, for users who don't have permission to set view restrictions #}
+    {% if is_public %}
+        <div class="view-permission-indicator public"><span class="label-public">{% trans 'Public' %}</span></div>
     {% else %}
-        {# Read-only display, for users who don't have permission to set view restrictions #}
-        {% if has_view_restrictions %}
-            <div class="view-permission-indicator private"><span class="label-private">{% trans 'Private' %}</span></div>
-        {% else %}
-            <div class="view-permission-indicator public"><span class="label-public">{% trans 'Public' %}</span></div>
-        {% endif %}
+        <div class="view-permission-indicator private"><span class="label-private">{% trans 'Private' %}</span></div>
     {% endif %}
-{% endwith %}
+{% endif %}
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
index a1d827c43..44b058e83 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
@@ -42,6 +42,11 @@
                         {% else %}
                             <h2>{{ parent_page.title }}</h2>
                         {% endif %}
+
+                        {% test_page_is_public parent_page as is_public %}
+                        {% if not is_public %}
+                            <em>(private)</em>
+                        {% endif %}
                     {% else %}
                         {% if parent_page_perms.can_edit and 'edit' not in hide_actions|default:'' %}
                             <h2><a href="{% url 'wagtailadmin_pages_edit' parent_page.id %}">{{ parent_page.title }}</a></h2>
@@ -155,6 +160,11 @@
                                 {% else %}
                                     {{ page.title }}
                                 {% endif %}
+
+                                {% test_page_is_public page as is_public %}
+                                {% if not is_public %}
+                                    <em>(private)</em>
+                                {% endif %}
                             {% else %}
                                 {% if page_perms.can_edit and 'edit' not in hide_actions|default:'' %}
                                     <a href="{% url 'wagtailadmin_pages_edit' page.id %}" title="{% trans 'Edit this page' %}">{{ page.title }}</a>
diff --git a/wagtail/wagtailadmin/templatetags/wagtailadmin_tags.py b/wagtail/wagtailadmin/templatetags/wagtailadmin_tags.py
index f3c871507..a6467532d 100644
--- a/wagtail/wagtailadmin/templatetags/wagtailadmin_tags.py
+++ b/wagtail/wagtailadmin/templatetags/wagtailadmin_tags.py
@@ -7,7 +7,7 @@ from django.utils.translation import ugettext_lazy as _
 from wagtail.wagtailadmin.menu import MenuItem
 
 from wagtail.wagtailcore import hooks
-from wagtail.wagtailcore.models import get_navigation_menu_items, UserPagePermissionsProxy
+from wagtail.wagtailcore.models import get_navigation_menu_items, UserPagePermissionsProxy, PageViewRestriction
 from wagtail.wagtailcore.utils import camelcase_to_underscore
 
 
@@ -88,6 +88,26 @@ def page_permissions(context, page):
     return context['user_page_permissions'].for_page(page)
 
 
+@register.assignment_tag(takes_context=True)
+def test_page_is_public(context, page):
+    """
+    Usage: {% test_page_is_public page as is_public %}
+    Sets 'is_public' to True iff there are no page view restrictions in place on
+    this page.
+    Caches the list of page view restrictions in the context, to avoid repeated
+    DB queries on repeated calls.
+    """
+    if 'all_page_view_restriction_paths' not in context:
+        context['all_page_view_restriction_paths'] = PageViewRestriction.objects.select_related('page').values_list('page__path', flat=True)
+
+    is_private = any([
+        page.path.startswith(restricted_path)
+        for restricted_path in context['all_page_view_restriction_paths']
+    ])
+
+    return not is_private
+
+
 @register.simple_tag
 def hook_output(hook_name):
     """

From ff33a00deb035063c2ff0809a4dea2eb3d48902e Mon Sep 17 00:00:00 2001
From: Dave Cranwell <david@torchbox.com>
Date: Tue, 10 Jun 2014 14:33:08 +0100
Subject: [PATCH 17/33] 'view restrictions' renamed 'privacy' and general
 wagtail styling of privacy status completed

---
 wagtail/wagtailadmin/forms.py                 |  6 +-
 .../wagtailadmin/js/privacy-indicator.js      | 18 +++++
 .../js/view-permission-indicator.js           | 18 -----
 .../scss/components/formatters.scss           | 19 +++++-
 .../wagtailadmin/scss/components/forms.scss   |  6 ++
 .../wagtailadmin/scss/components/header.scss  | 10 ++-
 .../wagtailadmin/scss/components/listing.scss |  5 ++
 .../components/view-permission-indicator.scss |  8 ---
 .../static/wagtailadmin/scss/normalize.css    |  9 ---
 .../page_privacy/ancestor_privacy.html        |  8 +++
 .../page_privacy/set_privacy.html             | 16 +++++
 .../set_privacy.js}                           |  0
 .../set_privacy_done.js}                      |  0
 .../ancestor_restriction.html                 |  8 ---
 .../set_view_restrictions.html                | 31 ---------
 .../wagtailadmin/pages/_editor_css.html       |  1 -
 .../wagtailadmin/pages/_editor_js.html        |  2 +-
 .../pages/_privacy_indicator.html             | 23 +++++++
 .../pages/_view_permission_indicator.html     | 23 -------
 .../templates/wagtailadmin/pages/edit.html    | 12 ++--
 .../templates/wagtailadmin/pages/index.html   |  9 +--
 .../templates/wagtailadmin/pages/list.html    | 65 ++++++++++++-------
 .../templatetags/wagtailadmin_tags.py         |  5 +-
 wagtail/wagtailadmin/urls.py                  |  4 +-
 ...e_view_restrictions.py => page_privacy.py} | 10 +--
 25 files changed, 161 insertions(+), 155 deletions(-)
 create mode 100644 wagtail/wagtailadmin/static/wagtailadmin/js/privacy-indicator.js
 delete mode 100644 wagtail/wagtailadmin/static/wagtailadmin/js/view-permission-indicator.js
 delete mode 100644 wagtail/wagtailadmin/static/wagtailadmin/scss/components/view-permission-indicator.scss
 create mode 100644 wagtail/wagtailadmin/templates/wagtailadmin/page_privacy/ancestor_privacy.html
 create mode 100644 wagtail/wagtailadmin/templates/wagtailadmin/page_privacy/set_privacy.html
 rename wagtail/wagtailadmin/templates/wagtailadmin/{page_view_restrictions/set_view_restrictions.js => page_privacy/set_privacy.js} (100%)
 rename wagtail/wagtailadmin/templates/wagtailadmin/{page_view_restrictions/set_view_restrictions_done.js => page_privacy/set_privacy_done.js} (100%)
 delete mode 100644 wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/ancestor_restriction.html
 delete mode 100644 wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html
 create mode 100644 wagtail/wagtailadmin/templates/wagtailadmin/pages/_privacy_indicator.html
 delete mode 100644 wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html
 rename wagtail/wagtailadmin/views/{page_view_restrictions.py => page_privacy.py} (87%)

diff --git a/wagtail/wagtailadmin/forms.py b/wagtail/wagtailadmin/forms.py
index f3634faf0..e9b10f63c 100644
--- a/wagtail/wagtailadmin/forms.py
+++ b/wagtail/wagtailadmin/forms.py
@@ -78,9 +78,9 @@ class PasswordResetForm(PasswordResetForm):
 
 
 class PageViewRestrictionForm(forms.Form):
-    restriction_type = forms.ChoiceField(choices=[
-        ('none', ugettext_lazy("This page is viewable by all visitors")),
-        ('password', ugettext_lazy("This page is only viewable to users who enter this password:")),
+    restriction_type = forms.ChoiceField(label="Visibility", choices=[
+        ('none', ugettext_lazy("Public")),
+        ('password', ugettext_lazy("Private, accessible with the following password")),
     ], widget=forms.RadioSelect)
     password = forms.CharField(required=False)
 
diff --git a/wagtail/wagtailadmin/static/wagtailadmin/js/privacy-indicator.js b/wagtail/wagtailadmin/static/wagtailadmin/js/privacy-indicator.js
new file mode 100644
index 000000000..eb280f00e
--- /dev/null
+++ b/wagtail/wagtailadmin/static/wagtailadmin/js/privacy-indicator.js
@@ -0,0 +1,18 @@
+$(function() {
+    /* Interface to set permissions from the explorer / editor */
+    $('a.action-set-privacy').click(function() {
+        ModalWorkflow({
+            'url': this.href,
+            'responses': {
+                'setPermission': function(isPublic) {
+                    if (isPublic) {
+                        $('.privacy-indicator').removeClass('private').addClass('public');
+                    } else {
+                        $('.privacy-indicator').removeClass('public').addClass('private');
+                    }
+                }
+            }
+        });
+        return false;
+    });
+});
diff --git a/wagtail/wagtailadmin/static/wagtailadmin/js/view-permission-indicator.js b/wagtail/wagtailadmin/static/wagtailadmin/js/view-permission-indicator.js
deleted file mode 100644
index 5e84e0840..000000000
--- a/wagtail/wagtailadmin/static/wagtailadmin/js/view-permission-indicator.js
+++ /dev/null
@@ -1,18 +0,0 @@
-$(function() {
-    /* Interface to set view permissions from the explorer / editor */
-    $('a.action-set-view-permissions').click(function() {
-        ModalWorkflow({
-            'url': this.href,
-            'responses': {
-                'setPermission': function(isPublic) {
-                    if (isPublic) {
-                        $('.view-permission-indicator').removeClass('private').addClass('public');
-                    } else {
-                        $('.view-permission-indicator').removeClass('public').addClass('private');
-                    }
-                }
-            }
-        });
-        return false;
-    });
-});
diff --git a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/formatters.scss b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/formatters.scss
index 97e915f36..b88c4fd60 100644
--- a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/formatters.scss
+++ b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/formatters.scss
@@ -121,8 +121,8 @@
     color:lighten($color-grey-2,30%);
     -webkit-font-smoothing: auto;
     font-size:0.80em;
-    margin:0 0.5em;
-    background:white url("#{$static-root}bg-dark-diag.svg");
+    margin:0 0.5em 0.5em;
+    background:white url(   "#{$static-root}bg-dark-diag.svg");
 
     &.primary{
         color:$color-grey-2;
@@ -136,6 +136,20 @@ a.status-tag.primary:hover{
     color:$color-teal;
 }
 
+.privacy-indicator {
+    &.public {
+        .label-private { 
+            display: none;
+        }
+    }
+    &.private {
+        .label-public {
+            display: none;
+        }
+    }
+}
+
+
 /* free tagging tags from taggit */
 .tag{
     background-color:$color-teal;
@@ -174,6 +188,7 @@ a.tag:hover{
     }
 }
 
+
 /* make a block-level element inline */
 .inline{
     display:inline;
diff --git a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/forms.scss b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/forms.scss
index 3a8f67ba2..d71ff66da 100644
--- a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/forms.scss
+++ b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/forms.scss
@@ -69,6 +69,10 @@ input, textarea, select, .richtext, .tagit{
         outline:none;
         background-color:$color-input-focus;
     }
+    &:disabled, &[disabled], &:disabled:hover, &[disabled]:hover{
+        background-color:inherit;
+        cursor:not-allowed;
+    }  
 }
 
 /* select boxes */
@@ -135,6 +139,7 @@ input[type=radio]:before{
     display:block;
     content:"K";
     width: 1em;
+    height:1em;
     line-height: 1.1em;
     padding: 4px;
     background-color: white;
@@ -741,6 +746,7 @@ input[type=submit], input[type=reset], input[type=button], .button, button{
         .choice_field &,
         .model_multiple_choice_field &,
         .boolean_field &,
+        .choice_field &,
         .model_choice_field &,
         .image_field &,
         .file_field &{
diff --git a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/header.scss b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/header.scss
index 3f079897f..1e9905d27 100644
--- a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/header.scss
+++ b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/header.scss
@@ -5,6 +5,10 @@ header{
     margin-bottom:2em;
     color:white;
 
+    a{
+        color:white;
+    }
+
     h1, h2{
         margin:0;
         color:white;
@@ -97,12 +101,6 @@ header{
     }
 }
 
-.page-explorer header{
-    margin-bottom:0;
-    padding-bottom:0em;
-}
-
-
 @media screen and (min-width: $breakpoint-mobile){
     header{
         padding-top:1.5em;
diff --git a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/listing.scss b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/listing.scss
index 9d940362a..8a5baa8d3 100644
--- a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/listing.scss
+++ b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/listing.scss
@@ -379,6 +379,11 @@ table.listing{
         }
     }
 
+    .privacy-indicator{
+        font-size:0.9em;
+        opacity:0.7;
+    }
+
     .table-headers{
         .ord{
             padding-right:0;
diff --git a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/view-permission-indicator.scss b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/view-permission-indicator.scss
deleted file mode 100644
index 8e26eaf74..000000000
--- a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/view-permission-indicator.scss
+++ /dev/null
@@ -1,8 +0,0 @@
-.view-permission-indicator {
-    &.public {
-        .label-private { display: none; }
-    }
-    &.private {
-        .label-public { display: none; }
-    }
-}
diff --git a/wagtail/wagtailadmin/static/wagtailadmin/scss/normalize.css b/wagtail/wagtailadmin/static/wagtailadmin/scss/normalize.css
index 8d57e3c96..8d945b3ec 100755
--- a/wagtail/wagtailadmin/static/wagtailadmin/scss/normalize.css
+++ b/wagtail/wagtailadmin/static/wagtailadmin/scss/normalize.css
@@ -452,15 +452,6 @@ input[type="submit"] {
     *overflow: visible;  /* 4 */
 }
 
-/**
- * Re-set default cursor for disabled elements.
- */
-
-button[disabled],
-html input[disabled] {
-    cursor: default;
-}
-
 /**
  * 1. Address box sizing set to content-box in IE 8/9.
  * 2. Remove excess padding in IE 8/9.
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/page_privacy/ancestor_privacy.html b/wagtail/wagtailadmin/templates/wagtailadmin/page_privacy/ancestor_privacy.html
new file mode 100644
index 000000000..b1471ba25
--- /dev/null
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/page_privacy/ancestor_privacy.html
@@ -0,0 +1,8 @@
+{% load i18n %}
+{% trans "Page privacy" as title_str %}
+{% include "wagtailadmin/shared/header.html" with title=title_str icon="locked" %}
+
+<div class="nice-padding">
+    <p>{% trans "This page has been made private by a parent page." %}</p>
+    <p>{% trans "You can edit the privacy settings on:" %} <a href="{% url 'wagtailadmin_pages_edit' page_with_restriction.id %}">{{ page_with_restriction.title }}</a>
+</div>
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/page_privacy/set_privacy.html b/wagtail/wagtailadmin/templates/wagtailadmin/page_privacy/set_privacy.html
new file mode 100644
index 000000000..6298d6f5f
--- /dev/null
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/page_privacy/set_privacy.html
@@ -0,0 +1,16 @@
+{% load i18n %}
+{% trans "Page privacy" as title_str %}
+{% include "wagtailadmin/shared/header.html" with title=title_str icon="locked" %}
+
+<div class="nice-padding">
+    <p>{% trans "<b>Note:</b> privacy changes apply to all children of this page too." %}</p>
+    <form action="{% url 'wagtailadmin_pages_set_privacy' page.id %}" method="POST">
+        {% csrf_token %}
+        <ul class="fields">
+            {% include "wagtailadmin/shared/field_as_li.html" with field=form.restriction_type %}
+            {% include "wagtailadmin/shared/field_as_li.html" with field=form.password li_classes="password-field" %}
+        </ul>
+        <input type="submit" value="Save" />
+    </form>
+    
+</div>
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.js b/wagtail/wagtailadmin/templates/wagtailadmin/page_privacy/set_privacy.js
similarity index 100%
rename from wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.js
rename to wagtail/wagtailadmin/templates/wagtailadmin/page_privacy/set_privacy.js
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions_done.js b/wagtail/wagtailadmin/templates/wagtailadmin/page_privacy/set_privacy_done.js
similarity index 100%
rename from wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions_done.js
rename to wagtail/wagtailadmin/templates/wagtailadmin/page_privacy/set_privacy_done.js
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/ancestor_restriction.html b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/ancestor_restriction.html
deleted file mode 100644
index d8b652f32..000000000
--- a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/ancestor_restriction.html
+++ /dev/null
@@ -1,8 +0,0 @@
-{% load i18n %}
-{% trans "Access restricted" as title_str %}
-{% include "wagtailadmin/shared/header.html" with title=title_str %}
-
-<div class="nice-padding">
-    {% trans "Access to this page is restricted because it is within the section:" %}
-    <b>{{ page_with_restriction.title }}</b>
-</div>
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html b/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html
deleted file mode 100644
index 632c34f1b..000000000
--- a/wagtail/wagtailadmin/templates/wagtailadmin/page_view_restrictions/set_view_restrictions.html
+++ /dev/null
@@ -1,31 +0,0 @@
-{% load i18n %}
-{% trans "Set access restrictions" as title_str %}
-{% include "wagtailadmin/shared/header.html" with title=title_str %}
-
-<div class="nice-padding">
-    <form action="{% url 'wagtailadmin_pages_set_view_restrictions' page.id %}" method="POST">
-        {% csrf_token %}
-        <ul>
-            <li>
-                {# 'This page is viewable by all visitors' #}
-                {{ form.restriction_type.0 }}
-            </li>
-            <li>
-                {# 'This page is only viewable to users who enter this password:' #}
-                {{ form.restriction_type.1 }}
-
-                {# FIXME: need distinct CSS styling for the 'disabled' state #}
-                {{ form.password }}
-                {% if form.password.errors %}
-                    <p class="error-message">
-                        {% for error in form.password.errors %}
-                            <span>{{ error }}</span>
-                        {% endfor %}
-                    </p>
-                {% endif %}
-            </li>
-        </ul>
-        <input type="submit" value="Set restriction">
-    </form>
-    <p>{% trans "Access restrictions will take effect on this page and all child pages." %}</p>
-</div>
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_css.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_css.html
index 58d7d5f17..2e140c89c 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_css.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_css.html
@@ -7,7 +7,6 @@
 {% compress css %}
     <link rel="stylesheet" href="{{ STATIC_URL }}wagtailadmin/scss/layouts/page-editor.scss" type="text/x-scss" />
     <link rel="stylesheet" href="{{ STATIC_URL }}wagtailadmin/scss/panels/rich-text.scss" type="text/x-scss" />
-    <link rel="stylesheet" type="text/x-scss" href="{{ STATIC_URL }}wagtailadmin/scss/components/view-permission-indicator.scss">
 
     {# we'll want tag-it included, for the benefit of any modals that use it, like images. #}
     {# TODO: a method of injecting these sorts of things on demand when the modal is spawned #}
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_js.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_js.html
index f494f75ec..a3185e096 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_js.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_editor_js.html
@@ -21,7 +21,7 @@
     <script src="{{ STATIC_URL }}wagtailadmin/js/page-editor.js"></script>
     <script src="{{ STATIC_URL }}wagtailadmin/js/page-chooser.js"></script>
     <script src="{{ STATIC_URL }}admin/js/urlify.js"></script>
-    <script src="{{ STATIC_URL }}wagtailadmin/js/view-permission-indicator.js"></script>
+    <script src="{{ STATIC_URL }}wagtailadmin/js/privacy-indicator.js"></script>
 
     {% hook_output 'insert_editor_js' %}
 {% endcompress %}
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_privacy_indicator.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_privacy_indicator.html
new file mode 100644
index 000000000..53aa44800
--- /dev/null
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_privacy_indicator.html
@@ -0,0 +1,23 @@
+{% load i18n wagtailadmin_tags %}
+
+{% test_page_is_public page as is_public %}
+{% if not page_perms %}
+    {% page_permissions page as page_perms %}
+{% endif %}
+
+<div class="privacy-indicator {% if is_public %}public{% else %}private{% endif %}">
+    {% trans "Privacy" %}
+    {% if page_perms.can_set_view_restrictions %}
+        <a href="{% url 'wagtailadmin_pages_set_privacy' page.id %}" class="status-tag primary  action-set-privacy">
+            {# labels are shown/hidden in CSS according to the 'private' / 'public' class on view-permission-indicator #}
+            <span class="label-public icon icon-unlocked">{% trans 'Public' %}</span>
+            <span class="label-private icon icon-locked">{% trans 'Private' %}</span>
+        </a>
+    {% else %}
+        {% if is_public %}
+            <span class="label-public status-tag primary icon icon-unlocked ">{% trans 'Public' %}</span>
+        {% else %}
+            <span class="label-private status-tag primary icon icon-locked">{% trans 'Private' %}</span>
+        {% endif %}
+    {% endif %}
+</div>
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html
deleted file mode 100644
index 5bb8853e0..000000000
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/_view_permission_indicator.html
+++ /dev/null
@@ -1,23 +0,0 @@
-{% load i18n wagtailadmin_tags %}
-
-{% test_page_is_public page as is_public %}
-{% if not page_perms %}
-    {% page_permissions page as page_perms %}
-{% endif %}
-
-{% if page_perms.can_set_view_restrictions %}
-    <div class="view-permission-indicator {% if is_public %}public{% else %}private{% endif %}">
-        <a href="{% url 'wagtailadmin_pages_set_view_restrictions' page.id %}" class="button button-small action-set-view-permissions">
-            {# labels are shown/hidden in CSS according to the 'private' / 'public' class on view-permission-indicator #}
-            <span class="label-public">{% trans 'Public' %}</span>
-            <span class="label-private">{% trans 'Private' %}</span>
-        </a>
-    </div>
-{% else %}
-    {# Read-only display, for users who don't have permission to set view restrictions #}
-    {% if is_public %}
-        <div class="view-permission-indicator public"><span class="label-public">{% trans 'Public' %}</span></div>
-    {% else %}
-        <div class="view-permission-indicator private"><span class="label-private">{% trans 'Private' %}</span></div>
-    {% endif %}
-{% endif %}
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/edit.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/edit.html
index a1b108933..c15efbd59 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/edit.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/edit.html
@@ -15,11 +15,15 @@
                 <h1 class="icon icon-doc-empty-inverse">{% blocktrans with title=page.title %}Editing <span>{{ title }}</span>{% endblocktrans %}</h1>
             </div>
             <div class="right col3">
-                 {% trans "Status:" %} {% if page.live %}<a href="{{ page.url }}" class="status-tag {% if page.live %}primary{% endif %}">{{ page.status_string }}</a>{% else %}<span class="status-tag">{{ page.status_string }}</span>{% endif %}
+                {% trans "Status" %}
+                {% if page.live %}
+                    <a href="{{ page.url }}" class="status-tag {% if page.live %}primary{% endif %}">{{ page.status_string }}</a>
+                {% else %}
+                    <span class="status-tag">{{ page.status_string }}</span>
+                {% endif %}
+
+                {% include "wagtailadmin/pages/_privacy_indicator.html" with page=page page_perms=page_perms only %}
             </div>
-
-            {% include "wagtailadmin/pages/_view_permission_indicator.html" with page=page page_perms=page_perms only %}
-
         </div>
     </header>
 
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/index.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/index.html
index e9e4847dd..3a3aa49a7 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/index.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/index.html
@@ -16,19 +16,12 @@
         {% page_permissions parent_page as parent_page_perms %}
         {% include "wagtailadmin/pages/list.html" with sortable=1 allow_navigation=1 full_width=1 parent_page=parent_page orderable=parent_page_perms.can_reorder_children %} 
     </form>
-
-{% endblock %}
-
-{% block extra_css %}
-    {% compress css %}
-        <link rel="stylesheet" type="text/x-scss" href="{{ STATIC_URL }}wagtailadmin/scss/components/view-permission-indicator.scss">
-    {% endcompress %}
 {% endblock %}
 
 {% block extra_js %}
     {% comment %} modal-workflow is required by the view restrictions interface {% endcomment %}
     <script src="{{ STATIC_URL }}wagtailadmin/js/modal-workflow.js"></script>
-    <script src="{{ STATIC_URL }}wagtailadmin/js/view-permission-indicator.js"></script>
+    <script src="{{ STATIC_URL }}wagtailadmin/js/privacy-indicator.js"></script>
 
     <script type="text/javascript">
         {% if ordering == 'ord' %}
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
index 44b058e83..9e252e198 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
@@ -31,30 +31,45 @@
             <tr class="index {% if not parent_page.live %} inactive{% endif %} {% if moving or choosing %}{% if parent_page.can_choose %}can-choose{% endif %}{% endif %}">
                 <td class="title" {% if orderable %}colspan="2"{% endif %}>
                     {% if moving %}
-                        {% if parent_page.can_choose %}
-                            <h2><a href="{% url 'wagtailadmin_pages_move_confirm' page_to_move.id parent_page.id %}">{{ parent_page.title }}</a></h2>
-                        {% else %}
-                            <h2>{{ parent_page.title }}</h2>
-                        {% endif %}
+                        <h2>
+                            {% if parent_page.can_choose %}
+                                <a href="{% url 'wagtailadmin_pages_move_confirm' page_to_move.id parent_page.id %}">{{ parent_page.title }}</a><
+                            {% else %}
+                                {{ parent_page.title }}
+                            {% endif %}
+
+                            {% test_page_is_public parent_page as is_public %}
+                            {% if not is_public %}
+                                <span class="privacy-indicator icon icon-locked" title="This page is protected from public view"></span>
+                            {% endif %}
+                        </h2>
                     {% elif choosing %}
-                        {% if parent_page.can_choose %}
-                            <h2><a class="choose-page" href="#{{ parent_page.id }}" data-id="{{ parent_page.id }}" data-title="{{ parent_page.title }}" data-url="{{ parent_page.url }}">{{ parent_page.title }}</a></h2>
-                        {% else %}
-                            <h2>{{ parent_page.title }}</h2>
-                        {% endif %}
+                        <h2>
+                            {% if parent_page.can_choose %}
+                                <a class="choose-page" href="#{{ parent_page.id }}" data-id="{{ parent_page.id }}" data-title="{{ parent_page.title }}" data-url="{{ parent_page.url }}">{{ parent_page.title }}</a>
+                            {% else %}
+                                {{ parent_page.title }}
+                            {% endif %}
 
-                        {% test_page_is_public parent_page as is_public %}
-                        {% if not is_public %}
-                            <em>(private)</em>
-                        {% endif %}
+                            {% test_page_is_public parent_page as is_public %}
+                            {% if not is_public %}
+                                <span class="privacy-indicator icon icon-locked" title="This page is protected from public view"></span>
+                            {% endif %}
+                        </h2>
                     {% else %}
-                        {% if parent_page_perms.can_edit and 'edit' not in hide_actions|default:'' %}
-                            <h2><a href="{% url 'wagtailadmin_pages_edit' parent_page.id %}">{{ parent_page.title }}</a></h2>
-                        {% else %}
-                            <h2>{{ parent_page.title }}</h2>
-                        {% endif %}
+                        <h2>
+                            {% if parent_page_perms.can_edit and 'edit' not in hide_actions|default:'' %}
+                                <a href="{% url 'wagtailadmin_pages_edit' parent_page.id %}">{{ parent_page.title }}</a>
+                            {% else %}
+                                    {{ parent_page.title }}
+                            {% endif %}
 
-                        {% include "wagtailadmin/pages/_view_permission_indicator.html" with page=parent_page page_perms=parent_page_perms only %}
+                            {% test_page_is_public parent_page as is_public %}
+                            {% if not is_public %}
+                                <span class="privacy-indicator icon icon-locked" title="This page is protected from public view"></span>
+                            {% endif %}
+                        </h2>
+                        
 
                         <ul class="actions">
                             {% if parent_page_perms.can_edit and 'edit' not in hide_actions|default:'' %}
@@ -160,11 +175,6 @@
                                 {% else %}
                                     {{ page.title }}
                                 {% endif %}
-
-                                {% test_page_is_public page as is_public %}
-                                {% if not is_public %}
-                                    <em>(private)</em>
-                                {% endif %}
                             {% else %}
                                 {% if page_perms.can_edit and 'edit' not in hide_actions|default:'' %}
                                     <a href="{% url 'wagtailadmin_pages_edit' page.id %}" title="{% trans 'Edit this page' %}">{{ page.title }}</a>
@@ -172,6 +182,11 @@
                                     {{ page.title }}
                                 {% endif %}
                             {% endif %}
+
+                            {% test_page_is_public page as is_public %}
+                            {% if not is_public %}
+                            <span class="privacy-indicator icon icon-locked" title="This page is protected from public view"></span>
+                            {% endif %}
                         </h2>
                         {% if not moving and not choosing %}
                             <ul class="actions">
diff --git a/wagtail/wagtailadmin/templatetags/wagtailadmin_tags.py b/wagtail/wagtailadmin/templatetags/wagtailadmin_tags.py
index a6467532d..2cb53e750 100644
--- a/wagtail/wagtailadmin/templatetags/wagtailadmin_tags.py
+++ b/wagtail/wagtailadmin/templatetags/wagtailadmin_tags.py
@@ -61,7 +61,10 @@ def fieldtype(bound_field):
     try:
         return camelcase_to_underscore(bound_field.field.__class__.__name__)
     except AttributeError:
-        return ""
+        try:
+            return camelcase_to_underscore(bound_field.__class__.__name__)
+        except AttributeError:
+            return ""
 
 
 @register.filter
diff --git a/wagtail/wagtailadmin/urls.py b/wagtail/wagtailadmin/urls.py
index 359250162..b5757694d 100644
--- a/wagtail/wagtailadmin/urls.py
+++ b/wagtail/wagtailadmin/urls.py
@@ -1,7 +1,7 @@
 from django.conf.urls import url
 
 from wagtail.wagtailadmin.forms import PasswordResetForm
-from wagtail.wagtailadmin.views import account, chooser, home, pages, tags, userbar, page_view_restrictions
+from wagtail.wagtailadmin.views import account, chooser, home, pages, tags, userbar, page_privacy
 from wagtail.wagtailcore import hooks
 
 
@@ -67,7 +67,7 @@ urlpatterns += [
     url(r'^pages/moderation/(\d+)/reject/$', pages.reject_moderation, name='wagtailadmin_pages_reject_moderation'),
     url(r'^pages/moderation/(\d+)/preview/$', pages.preview_for_moderation, name='wagtailadmin_pages_preview_for_moderation'),
 
-    url(r'^pages/(\d+)/view_restrictions/$', page_view_restrictions.set_view_restrictions, name='wagtailadmin_pages_set_view_restrictions'),
+    url(r'^pages/(\d+)/privacy/$', page_privacy.set_privacy, name='wagtailadmin_pages_set_privacy'),
 
     url(r'^choose-page/$', chooser.browse, name='wagtailadmin_choose_page'),
     url(r'^choose-page/(\d+)/$', chooser.browse, name='wagtailadmin_choose_page_child'),
diff --git a/wagtail/wagtailadmin/views/page_view_restrictions.py b/wagtail/wagtailadmin/views/page_privacy.py
similarity index 87%
rename from wagtail/wagtailadmin/views/page_view_restrictions.py
rename to wagtail/wagtailadmin/views/page_privacy.py
index e36e9900d..4cb7435c7 100644
--- a/wagtail/wagtailadmin/views/page_view_restrictions.py
+++ b/wagtail/wagtailadmin/views/page_privacy.py
@@ -7,7 +7,7 @@ from wagtail.wagtailadmin.forms import PageViewRestrictionForm
 from wagtail.wagtailadmin.modal_workflow import render_modal_workflow
 
 @permission_required('wagtailadmin.access_admin')
-def set_view_restrictions(request, page_id):
+def set_privacy(request, page_id):
     page = get_object_or_404(Page, id=page_id)
     page_perms = page.permissions_for_user(request.user)
     if not page_perms.can_set_view_restrictions():
@@ -39,7 +39,7 @@ def set_view_restrictions(request, page_id):
                         page=page, password = form.cleaned_data['password'])
 
             return render_modal_workflow(
-                request, None, 'wagtailadmin/page_view_restrictions/set_view_restrictions_done.js', {
+                request, None, 'wagtailadmin/page_privacy/set_privacy_done.js', {
                     'is_public': (form.cleaned_data['restriction_type'] == 'none')
                 }
             )
@@ -60,7 +60,7 @@ def set_view_restrictions(request, page_id):
         # display a message indicating that there is a restriction at ancestor level -
         # do not provide the form for setting up new restrictions
         return render_modal_workflow(
-            request, 'wagtailadmin/page_view_restrictions/ancestor_restriction.html', None,
+            request, 'wagtailadmin/page_privacy/ancestor_privacy.html', None,
             {
                 'page_with_restriction': restriction.page,
             }
@@ -69,8 +69,8 @@ def set_view_restrictions(request, page_id):
         # no restriction set at ancestor level - can set restrictions here
         return render_modal_workflow(
             request,
-            'wagtailadmin/page_view_restrictions/set_view_restrictions.html',
-            'wagtailadmin/page_view_restrictions/set_view_restrictions.js', {
+            'wagtailadmin/page_privacy/set_privacy.html',
+            'wagtailadmin/page_privacy/set_privacy.js', {
                 'page': page,
                 'form': form,
             }

From 37519daf7eb15ae143d2b897bc267b98657dbd1f Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Wed, 11 Jun 2014 12:56:07 +0100
Subject: [PATCH 18/33] return a RouteResult object back from route() rather
 than a Page, making it possible to transfer params between route() and
 serve()

---
 wagtail/tests/wagtail_hooks.py               |  2 +-
 wagtail/wagtailcore/models.py                |  3 ++-
 wagtail/wagtailcore/tests/test_page_model.py |  4 ++--
 wagtail/wagtailcore/url_routing.py           | 15 +++++++++++++++
 wagtail/wagtailcore/views.py                 | 13 +++++++------
 wagtail/wagtailcore/wagtail_hooks.py         |  2 +-
 6 files changed, 28 insertions(+), 11 deletions(-)
 create mode 100644 wagtail/wagtailcore/url_routing.py

diff --git a/wagtail/tests/wagtail_hooks.py b/wagtail/tests/wagtail_hooks.py
index 4ad63e881..8c398ed2c 100644
--- a/wagtail/tests/wagtail_hooks.py
+++ b/wagtail/tests/wagtail_hooks.py
@@ -21,7 +21,7 @@ def whitelister_element_rules():
 hooks.register('construct_whitelister_element_rules', whitelister_element_rules)
 
 
-def block_googlebot(page, request):
+def block_googlebot(page, request, serve_args, serve_kwargs):
     if request.META.get('HTTP_USER_AGENT') == 'GoogleBot':
         return HttpResponse("<h1>bad googlebot no cookie</h1>")
 hooks.register('before_serve_page', block_googlebot)
diff --git a/wagtail/wagtailcore/models.py b/wagtail/wagtailcore/models.py
index c6cb095a1..b552618aa 100644
--- a/wagtail/wagtailcore/models.py
+++ b/wagtail/wagtailcore/models.py
@@ -28,6 +28,7 @@ from treebeard.mp_tree import MP_Node
 
 from wagtail.wagtailcore.utils import camelcase_to_underscore
 from wagtail.wagtailcore.query import PageQuerySet
+from wagtail.wagtailcore.url_routing import RouteResult
 
 from wagtail.wagtailsearch import Indexed, get_search_backend
 
@@ -416,7 +417,7 @@ class Page(six.with_metaclass(PageBase, MP_Node, ClusterableModel, Indexed)):
         else:
             # request is for this very page
             if self.live:
-                return self
+                return RouteResult(self)
             else:
                 raise Http404
 
diff --git a/wagtail/wagtailcore/tests/test_page_model.py b/wagtail/wagtailcore/tests/test_page_model.py
index ab5b9c148..af12fa705 100644
--- a/wagtail/wagtailcore/tests/test_page_model.py
+++ b/wagtail/wagtailcore/tests/test_page_model.py
@@ -138,7 +138,7 @@ class TestRouting(TestCase):
 
         request = HttpRequest()
         request.path = '/events/christmas/'
-        found_page = homepage.route(request, ['events', 'christmas'])
+        (found_page, args, kwargs) = homepage.route(request, ['events', 'christmas'])
         self.assertEqual(found_page, christmas_page)
 
     def test_request_serving(self):
@@ -243,7 +243,7 @@ class TestServeView(TestCase):
             # Check that a DeprecationWarning has been triggered
             self.assertEqual(len(w), 1)
             self.assertTrue(issubclass(w[-1].category, DeprecationWarning))
-            self.assertTrue("Page.route should return a Page" in str(w[-1].message))
+            self.assertTrue("Page.route should return an instance of wagtailcore.url_routing.RouteResult" in str(w[-1].message))
 
         expected_page = PageWithOldStyleRouteMethod.objects.get(url_path='/home/old-style-route/')
         self.assertEqual(response.status_code, 200)
diff --git a/wagtail/wagtailcore/url_routing.py b/wagtail/wagtailcore/url_routing.py
new file mode 100644
index 000000000..3eb78c6ac
--- /dev/null
+++ b/wagtail/wagtailcore/url_routing.py
@@ -0,0 +1,15 @@
+class RouteResult(object):
+    """
+    An object to be returned from Page.route, which encapsulates
+    all the information necessary to serve an HTTP response. Analogous to
+    django.core.urlresolvers.ResolverMatch, except that it identifies
+    a Page instance that we will call serve(*args, **kwargs) on, rather
+    than a view function.
+    """
+    def __init__(self, page, args=None, kwargs=None):
+        self.page = page
+        self.args = [] if args is None else args
+        self.kwargs = {} if kwargs is None else kwargs
+
+    def __getitem__(self, index):
+        return (self.page, self.args, self.kwargs)[index]
diff --git a/wagtail/wagtailcore/views.py b/wagtail/wagtailcore/views.py
index 78e0476b6..c05c26212 100644
--- a/wagtail/wagtailcore/views.py
+++ b/wagtail/wagtailcore/views.py
@@ -17,20 +17,21 @@ def serve(request, path):
         raise Http404
 
     path_components = [component for component in path.split('/') if component]
-    page = request.site.root_page.specific.route(request, path_components)
-    if isinstance(page, HttpResponse):
+    route_result = request.site.root_page.specific.route(request, path_components)
+    if isinstance(route_result, HttpResponse):
         warnings.warn(
-            "Page.route should return a Page, not an HttpResponse",
+            "Page.route should return an instance of wagtailcore.url_routing.RouteResult, not an HttpResponse",
             DeprecationWarning
         )
-        return page
+        return route_result
 
+    (page, args, kwargs) = route_result
     for fn in hooks.get_hooks('before_serve_page'):
-        result = fn(page, request)
+        result = fn(page, request, args, kwargs)
         if isinstance(result, HttpResponse):
             return result
 
-    return page.serve(request)
+    return page.serve(request, *args, **kwargs)
 
 
 def authenticate_with_password(request, page_view_restriction_id, page_id):
diff --git a/wagtail/wagtailcore/wagtail_hooks.py b/wagtail/wagtailcore/wagtail_hooks.py
index 3763c881b..200af8468 100644
--- a/wagtail/wagtailcore/wagtail_hooks.py
+++ b/wagtail/wagtailcore/wagtail_hooks.py
@@ -1,5 +1,5 @@
 from wagtail.wagtailcore import hooks
 
-def check_view_restrictions(page, request):
+def check_view_restrictions(page, request, serve_args, serve_kwargs):
     return page.check_view_restrictions(request)
 hooks.register('before_serve_page', check_view_restrictions)

From 37f6ea97b1bf6b5a7e0255ce928a304770ff9696 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Wed, 11 Jun 2014 13:07:43 +0100
Subject: [PATCH 19/33] Appending to the passed_page_view_restrictions list
 doesn't write it back to the session - need to explicitly write it back to
 the session dict

---
 wagtail/wagtailcore/views.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/wagtail/wagtailcore/views.py b/wagtail/wagtailcore/views.py
index c05c26212..b955efa54 100644
--- a/wagtail/wagtailcore/views.py
+++ b/wagtail/wagtailcore/views.py
@@ -49,6 +49,7 @@ def authenticate_with_password(request, page_view_restriction_id, page_id):
             passed_restrictions = request.session.setdefault('passed_page_view_restrictions', [])
             if restriction.id not in passed_restrictions:
                 passed_restrictions.append(restriction.id)
+                request.session['passed_page_view_restrictions'] = passed_restrictions
             if not has_existing_session:
                 # if this is a session we've created, set it to expire at the end
                 # of the browser session

From 812bd990e190d110173cb8c7c2974e4849e6de94 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Wed, 11 Jun 2014 13:28:19 +0100
Subject: [PATCH 20/33] remove stray angle bracket

---
 wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
index 9e252e198..225cf745a 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
@@ -33,7 +33,7 @@
                     {% if moving %}
                         <h2>
                             {% if parent_page.can_choose %}
-                                <a href="{% url 'wagtailadmin_pages_move_confirm' page_to_move.id parent_page.id %}">{{ parent_page.title }}</a><
+                                <a href="{% url 'wagtailadmin_pages_move_confirm' page_to_move.id parent_page.id %}">{{ parent_page.title }}</a>
                             {% else %}
                                 {{ parent_page.title }}
                             {% endif %}

From 4c35928092a5f4cc9db3f064763997a8fce32224 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Wed, 11 Jun 2014 17:11:41 +0100
Subject: [PATCH 21/33] add test fixtures for front-end permission testing

---
 wagtail/tests/fixtures/test.json | 57 +++++++++++++++++++++++++++++++-
 1 file changed, 56 insertions(+), 1 deletion(-)

diff --git a/wagtail/tests/fixtures/test.json b/wagtail/tests/fixtures/test.json
index b769b7960..f6fedf5b8 100644
--- a/wagtail/tests/fixtures/test.json
+++ b/wagtail/tests/fixtures/test.json
@@ -23,7 +23,7 @@
     "model": "wagtailcore.page",
     "fields": {
         "title": "Welcome to the Wagtail test site!",
-        "numchild": 4,
+        "numchild": 5,
         "show_in_menus": false,
         "live": true,
         "depth": 2,
@@ -280,6 +280,52 @@
     }
 },
 
+{
+    "pk": 11,
+    "model": "wagtailcore.page",
+    "fields": {
+        "title": "Secret plans",
+        "numchild": 1,
+        "show_in_menus": true,
+        "live": true,
+        "depth": 3,
+        "content_type": ["tests", "simplepage"],
+        "path": "000100010005",
+        "url_path": "/home/secret-plans/",
+        "slug": "secret-plans"
+    }
+},
+{
+    "pk": 11,
+    "model": "tests.simplepage",
+    "fields": {
+        "content": "<p>muahahahaha</p>"
+    }
+},
+
+{
+    "pk": 12,
+    "model": "wagtailcore.page",
+    "fields": {
+        "title": "Steal underpants",
+        "numchild": 0,
+        "show_in_menus": true,
+        "live": true,
+        "depth": 4,
+        "content_type": ["tests", "simplepage"],
+        "path": "0001000100050001",
+        "url_path": "/home/secret-plans/steal-underpants/",
+        "slug": "steal-underpants"
+    }
+},
+{
+    "pk": 12,
+    "model": "tests.simplepage",
+    "fields": {
+        "content": "<p>it's really important for something</p>"
+    }
+},
+
 {
     "pk": 1,
     "model": "wagtailcore.site",
@@ -537,5 +583,14 @@
         "width": 0,
         "height": 0
     }
+},
+
+{
+    "pk": 1,
+    "model": "wagtailcore.pageviewrestriction",
+    "fields": {
+        "page": 11,
+        "password": "swordfish"
+    }
 }
 ]

From 00942c9de7fabcd85d623335b0b9a6a3cc25aa45 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Thu, 12 Jun 2014 12:58:12 +0100
Subject: [PATCH 22/33] add unit tests for user-facing front-end-permission
 views

---
 wagtail/tests/fixtures/test.json              | 10 ++-
 wagtail/tests/models.py                       |  2 +
 .../tests/event_page_password_required.html   | 15 ++++
 .../wagtailcore/tests/test_page_privacy.py    | 70 +++++++++++++++++++
 4 files changed, 94 insertions(+), 3 deletions(-)
 create mode 100644 wagtail/tests/templates/tests/event_page_password_required.html
 create mode 100644 wagtail/wagtailcore/tests/test_page_privacy.py

diff --git a/wagtail/tests/fixtures/test.json b/wagtail/tests/fixtures/test.json
index f6fedf5b8..f31610279 100644
--- a/wagtail/tests/fixtures/test.json
+++ b/wagtail/tests/fixtures/test.json
@@ -312,7 +312,7 @@
         "show_in_menus": true,
         "live": true,
         "depth": 4,
-        "content_type": ["tests", "simplepage"],
+        "content_type": ["tests", "eventpage"],
         "path": "0001000100050001",
         "url_path": "/home/secret-plans/steal-underpants/",
         "slug": "steal-underpants"
@@ -320,9 +320,13 @@
 },
 {
     "pk": 12,
-    "model": "tests.simplepage",
+    "model": "tests.eventpage",
     "fields": {
-        "content": "<p>it's really important for something</p>"
+        "date_from": "2015-07-04",
+        "audience": "private",
+        "location": "Marks and Spencer",
+        "body": "<p>meet in the menswear department at noon</p>",
+        "cost": "free"
     }
 },
 
diff --git a/wagtail/tests/models.py b/wagtail/tests/models.py
index 0c369dd34..81f30f82b 100644
--- a/wagtail/tests/models.py
+++ b/wagtail/tests/models.py
@@ -179,6 +179,8 @@ class EventPage(Page):
     indexed_fields = ('get_audience_display', 'location', 'body')
     search_name = "Event"
 
+    password_required_template = 'tests/event_page_password_required.html'
+
 EventPage.content_panels = [
     FieldPanel('title', classname="full title"),
     FieldPanel('date_from'),
diff --git a/wagtail/tests/templates/tests/event_page_password_required.html b/wagtail/tests/templates/tests/event_page_password_required.html
new file mode 100644
index 000000000..e58d740ad
--- /dev/null
+++ b/wagtail/tests/templates/tests/event_page_password_required.html
@@ -0,0 +1,15 @@
+<!DOCTYPE HTML>
+<html>
+    <head>
+        <title>{{ self.title }}</title>
+    </head>
+    <body>
+        <h1>{{ self.title }}</h1>
+        <p>This event is invitation only. Please enter your password to see the details.</p>
+        <form action="{{ action_url }}" method="POST">
+            {% csrf_token %}
+            {{ form.as_p }}
+            <input type="submit" value="Continue" />
+        </form>
+    </body>
+</html>
diff --git a/wagtail/wagtailcore/tests/test_page_privacy.py b/wagtail/wagtailcore/tests/test_page_privacy.py
new file mode 100644
index 000000000..1159f13ab
--- /dev/null
+++ b/wagtail/wagtailcore/tests/test_page_privacy.py
@@ -0,0 +1,70 @@
+from django.test import TestCase
+from wagtail.wagtailcore.models import Page, PageViewRestriction
+
+
+class TestPagePrivacy(TestCase):
+    fixtures = ['test.json']
+
+    def setUp(self):
+        self.secret_plans_page = Page.objects.get(url_path='/home/secret-plans/')
+        self.view_restriction = PageViewRestriction.objects.get(
+            page=self.secret_plans_page)
+
+    def test_anonymous_user_must_authenticate(self):
+        response = self.client.get('/secret-plans/')
+        self.assertEqual(response.templates[0].name, 'wagtailcore/password_required.html')
+
+        submit_url = "/_util/authenticate_with_password/%d/%d/" % (self.view_restriction.id, self.secret_plans_page.id)
+        self.assertContains(response, '<form action="%s"' % submit_url)
+        self.assertContains(response, '<input id="id_return_url" name="return_url" type="hidden" value="/secret-plans/" />')
+
+        # posting the wrong password should redisplay the password page
+        response = self.client.post(submit_url, {
+            'password': 'wrongpassword',
+            'return_url': '/secret-plans/',
+        })
+        self.assertEqual(response.templates[0].name, 'wagtailcore/password_required.html')
+        self.assertContains(response, '<form action="%s"' % submit_url)
+
+        # posting the correct password should redirect back to return_url
+        response = self.client.post(submit_url, {
+            'password': 'swordfish',
+            'return_url': '/secret-plans/',
+        })
+        self.assertRedirects(response, '/secret-plans/')
+
+        # now requests to /secret-plans/ should pass authentication
+        response = self.client.get('/secret-plans/')
+        self.assertEqual(response.templates[0].name, 'tests/simple_page.html')
+
+
+    def test_view_restrictions_apply_to_subpages(self):
+        underpants_page = Page.objects.get(url_path='/home/secret-plans/steal-underpants/')
+        response = self.client.get('/secret-plans/steal-underpants/')
+
+        # check that we're overriding the default password_required template for this page type
+        self.assertEqual(response.templates[0].name, 'tests/event_page_password_required.html')
+
+        submit_url = "/_util/authenticate_with_password/%d/%d/" % (self.view_restriction.id, underpants_page.id)
+        self.assertContains(response, '<title>Steal underpants</title>')
+        self.assertContains(response, '<form action="%s"' % submit_url)
+        self.assertContains(response, '<input id="id_return_url" name="return_url" type="hidden" value="/secret-plans/steal-underpants/" />')
+
+        # posting the wrong password should redisplay the password page
+        response = self.client.post(submit_url, {
+            'password': 'wrongpassword',
+            'return_url': '/secret-plans/steal-underpants/',
+        })
+        self.assertEqual(response.templates[0].name, 'tests/event_page_password_required.html')
+        self.assertContains(response, '<form action="%s"' % submit_url)
+
+        # posting the correct password should redirect back to return_url
+        response = self.client.post(submit_url, {
+            'password': 'swordfish',
+            'return_url': '/secret-plans/steal-underpants/',
+        })
+        self.assertRedirects(response, '/secret-plans/steal-underpants/')
+
+        # now requests to /secret-plans/ should pass authentication
+        response = self.client.get('/secret-plans/steal-underpants/')
+        self.assertEqual(response.templates[0].name, 'tests/event_page.html')

From dffd4413751ef0f9372d28c742ecbfb78887b6f3 Mon Sep 17 00:00:00 2001
From: Dave Cranwell <david@torchbox.com>
Date: Thu, 12 Jun 2014 14:40:34 +0100
Subject: [PATCH 23/33] adding privacy setter into page listing. previously
 omitted by error. Also fixing breadcrumbs within page chooser, broken for a
 while.

---
 .../wagtailadmin/scss/components/listing.scss | 21 ++++++++++++++++++-
 .../templates/wagtailadmin/pages/list.html    |  6 +-----
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/listing.scss b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/listing.scss
index 8a5baa8d3..94259cc96 100644
--- a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/listing.scss
+++ b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/listing.scss
@@ -343,7 +343,6 @@ ul.listing{
                 background:$color-teal-darker;
             }
         }
-
     }
 }
 ul.listing{
@@ -357,6 +356,8 @@ table.listing{
 
  /* explorer specific tweaks */
 .page-explorer .listing {
+    position:relative;
+
     .index{
         color:white;
         background-color:$color-header-bg;
@@ -366,6 +367,13 @@ table.listing{
             padding-bottom:1.5em;
         }
 
+        .privacy-indicator{
+            opacity:1;
+            position:absolute;
+            right:5%;
+            top:2em;
+        }
+
         .title{
             h2{
                 color:white;
@@ -375,10 +383,21 @@ table.listing{
                 a:hover{
                     color:white;
                 }
+
+                .privacy-indicator{
+                    position:relative;
+                    right:auto;
+                    top:auto;
+                    opacity:0.7;
+                }
             }
+
         }
+
+        
     }
 
+
     .privacy-indicator{
         font-size:0.9em;
         opacity:0.7;
diff --git a/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html b/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
index 225cf745a..3c40d05f0 100644
--- a/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/pages/list.html
@@ -63,13 +63,9 @@
                             {% else %}
                                     {{ parent_page.title }}
                             {% endif %}
-
-                            {% test_page_is_public parent_page as is_public %}
-                            {% if not is_public %}
-                                <span class="privacy-indicator icon icon-locked" title="This page is protected from public view"></span>
-                            {% endif %}
                         </h2>
                         
+                        {% include "wagtailadmin/pages/_privacy_indicator.html" with page=parent_page %}
 
                         <ul class="actions">
                             {% if parent_page_perms.can_edit and 'edit' not in hide_actions|default:'' %}

From 1c47560c0205d8feaaac503ccdfee2b0cc854606 Mon Sep 17 00:00:00 2001
From: Dave Cranwell <david@torchbox.com>
Date: Thu, 12 Jun 2014 16:37:44 +0100
Subject: [PATCH 24/33] tweaking size of privacy indicator

---
 .../wagtailadmin/scss/components/formatters.scss      |  6 ++++++
 .../static/wagtailadmin/scss/components/listing.scss  | 11 +----------
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/formatters.scss b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/formatters.scss
index b88c4fd60..b6f5ca03c 100644
--- a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/formatters.scss
+++ b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/formatters.scss
@@ -137,6 +137,12 @@ a.status-tag.primary:hover{
 }
 
 .privacy-indicator {
+    .label-private, .label-public{
+        &:before{
+            font-size:1.5em;
+            color:$color-teal;
+        }
+    }
     &.public {
         .label-private { 
             display: none;
diff --git a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/listing.scss b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/listing.scss
index 94259cc96..537465083 100644
--- a/wagtail/wagtailadmin/static/wagtailadmin/scss/components/listing.scss
+++ b/wagtail/wagtailadmin/static/wagtailadmin/scss/components/listing.scss
@@ -368,6 +368,7 @@ table.listing{
         }
 
         .privacy-indicator{
+            font-size:1em;
             opacity:1;
             position:absolute;
             right:5%;
@@ -383,21 +384,11 @@ table.listing{
                 a:hover{
                     color:white;
                 }
-
-                .privacy-indicator{
-                    position:relative;
-                    right:auto;
-                    top:auto;
-                    opacity:0.7;
-                }
             }
 
         }
-
-        
     }
 
-
     .privacy-indicator{
         font-size:0.9em;
         opacity:0.7;

From c4216a036341ee27a317d93645772bf7ee17aee3 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Fri, 13 Jun 2014 22:32:33 +0100
Subject: [PATCH 25/33] syntactic tweak

---
 wagtail/wagtailcore/url_routing.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wagtail/wagtailcore/url_routing.py b/wagtail/wagtailcore/url_routing.py
index 3eb78c6ac..0d7a5e1c4 100644
--- a/wagtail/wagtailcore/url_routing.py
+++ b/wagtail/wagtailcore/url_routing.py
@@ -8,8 +8,8 @@ class RouteResult(object):
     """
     def __init__(self, page, args=None, kwargs=None):
         self.page = page
-        self.args = [] if args is None else args
-        self.kwargs = {} if kwargs is None else kwargs
+        self.args = args or []
+        self.kwargs = kwargs or {}
 
     def __getitem__(self, index):
         return (self.page, self.args, self.kwargs)[index]

From e0a18729219adb1e0e3e51a5b0ac5755020c78bd Mon Sep 17 00:00:00 2001
From: Karl Hobley <karl@torchbox.com>
Date: Fri, 4 Jul 2014 12:47:34 +0100
Subject: [PATCH 26/33] Added tests for FEP backend views

---
 wagtail/wagtailadmin/tests/test_privacy.py | 261 +++++++++++++++++++++
 1 file changed, 261 insertions(+)
 create mode 100644 wagtail/wagtailadmin/tests/test_privacy.py

diff --git a/wagtail/wagtailadmin/tests/test_privacy.py b/wagtail/wagtailadmin/tests/test_privacy.py
new file mode 100644
index 000000000..4d80ab27f
--- /dev/null
+++ b/wagtail/wagtailadmin/tests/test_privacy.py
@@ -0,0 +1,261 @@
+from django.test import TestCase
+from django.core.urlresolvers import reverse
+
+from wagtail.wagtailcore.models import Page, PageViewRestriction
+from wagtail.tests.models import SimplePage
+from wagtail.tests.utils import WagtailTestUtils
+
+
+class TestSetPrivacyView(TestCase, WagtailTestUtils):
+    def setUp(self):
+        self.login()
+
+        # Create some pages
+        self.homepage = Page.objects.get(id=2)
+
+        self.public_page = self.homepage.add_child(instance=SimplePage(
+            title="Public page",
+            slug='public-page',
+            live=True,
+        ))
+
+        self.private_page = self.homepage.add_child(instance=SimplePage(
+            title="Private page",
+            slug='private-page',
+            live=True,
+        ))
+        PageViewRestriction.objects.create(page=self.private_page, password='password123')
+
+        self.private_child_page = self.private_page.add_child(instance=SimplePage(
+            title="Private child page",
+            slug='private-child-page',
+            live=True,
+        ))
+
+    def test_get_public(self):
+        """
+        This tests that a blank form is returned when a user opens the set_privacy view on a public page
+        """
+        response = self.client.get(reverse('wagtailadmin_pages_set_privacy', args=(self.public_page.id, )))
+
+        # Check response
+        self.assertEqual(response.status_code, 200)
+        self.assertTemplateUsed(response, 'wagtailadmin/page_privacy/set_privacy.html')
+        self.assertEqual(response.context['page'].specific, self.public_page)
+
+        # Check form attributes
+        self.assertEqual(response.context['form']['restriction_type'].value(), 'none')
+
+    def test_get_private(self):
+        """
+        This tests that the restriction type and password fields as set correctly when a user opens the set_privacy view on a public page
+        """
+        response = self.client.get(reverse('wagtailadmin_pages_set_privacy', args=(self.private_page.id, )))
+
+        # Check response
+        self.assertEqual(response.status_code, 200)
+        self.assertTemplateUsed(response, 'wagtailadmin/page_privacy/set_privacy.html')
+        self.assertEqual(response.context['page'].specific, self.private_page)
+
+        # Check form attributes
+        self.assertEqual(response.context['form']['restriction_type'].value(), 'password')
+        self.assertEqual(response.context['form']['password'].value(), 'password123')
+
+    def test_get_private_child(self):
+        """
+        This tests that the set_privacy view tells the user that the password restriction has been applied to an ancestor
+        """
+        response = self.client.get(reverse('wagtailadmin_pages_set_privacy', args=(self.private_child_page.id, )))
+
+        # Check response
+        self.assertEqual(response.status_code, 200)
+        self.assertTemplateUsed(response, 'wagtailadmin/page_privacy/ancestor_privacy.html')
+        self.assertEqual(response.context['page_with_restriction'].specific, self.private_page)
+
+    def test_set_password_restriction(self):
+        """
+        This tests that setting a password restriction using the set_privacy view works
+        """
+        post_data = {
+            'restriction_type': 'password',
+            'password': 'helloworld',
+        }
+        response = self.client.post(reverse('wagtailadmin_pages_set_privacy', args=(self.public_page.id, )), post_data)
+
+        # Check response
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, "modal.respond('setPermission', false);")
+
+        # Check that a page restriction has been created
+        self.assertTrue(PageViewRestriction.objects.filter(page=self.public_page).exists())
+
+        # Check that the password is set correctly
+        self.assertEqual(PageViewRestriction.objects.get(page=self.public_page).password, 'helloworld')
+
+    def test_set_password_restriction_password_unset(self):
+        """
+        This tests that the password field on the form is validated correctly
+        """
+        post_data = {
+            'restriction_type': 'password',
+            'password': '',
+        }
+        response = self.client.post(reverse('wagtailadmin_pages_set_privacy', args=(self.public_page.id, )), post_data)
+
+        # Check response
+        self.assertEqual(response.status_code, 200)
+
+        # Check that a form error was raised
+        self.assertFormError(response, 'form', 'password', "This field is required.")
+
+    def test_unset_password_restriction(self):
+        """
+        This tests that removing a password restriction using the set_privacy view works
+        """
+        post_data = {
+            'restriction_type': 'none',
+            'password': '',
+        }
+        response = self.client.post(reverse('wagtailadmin_pages_set_privacy', args=(self.private_page.id, )), post_data)
+
+        # Check response
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, "modal.respond('setPermission', true);")
+
+        # Check that the page restriction has been deleted
+        self.assertFalse(PageViewRestriction.objects.filter(page=self.private_page).exists())
+
+
+class TestPrivacyIndicators(TestCase, WagtailTestUtils):
+    def setUp(self):
+        self.login()
+
+        # Create some pages
+        self.homepage = Page.objects.get(id=2)
+
+        self.public_page = self.homepage.add_child(instance=SimplePage(
+            title="Public page",
+            slug='public-page',
+            live=True,
+        ))
+
+        self.private_page = self.homepage.add_child(instance=SimplePage(
+            title="Private page",
+            slug='private-page',
+            live=True,
+        ))
+        PageViewRestriction.objects.create(page=self.private_page, password='password123')
+
+        self.private_child_page = self.private_page.add_child(instance=SimplePage(
+            title="Private child page",
+            slug='private-child-page',
+            live=True,
+        ))
+
+    def test_explorer_public(self):
+        """
+        This tests that the privacy indicator on the public pages explore view is set to "PUBLIC"
+        """
+        response = self.client.get(reverse('wagtailadmin_explore', args=(self.public_page.id, )))
+
+        # Check the response
+        self.assertEqual(response.status_code, 200)
+
+        # Check the privacy indicator is public
+        self.assertTemplateUsed(response, 'wagtailadmin/pages/_privacy_indicator.html')
+        self.assertContains(response, '<div class="privacy-indicator public">')
+        self.assertNotContains(response, '<div class="privacy-indicator private">')
+
+    def test_explorer_private(self):
+        """
+        This tests that the privacy indicator on the private pages explore view is set to "PRIVATE"
+        """
+        response = self.client.get(reverse('wagtailadmin_explore', args=(self.private_page.id, )))
+
+        # Check the response
+        self.assertEqual(response.status_code, 200)
+
+        # Check the privacy indicator is public
+        self.assertTemplateUsed(response, 'wagtailadmin/pages/_privacy_indicator.html')
+        self.assertContains(response, '<div class="privacy-indicator private">')
+        self.assertNotContains(response, '<div class="privacy-indicator public">')
+
+    def test_explorer_private_child(self):
+        """
+        This tests that the privacy indicator on the private child pages explore view is set to "PRIVATE"
+        """
+        response = self.client.get(reverse('wagtailadmin_explore', args=(self.private_child_page.id, )))
+
+        # Check the response
+        self.assertEqual(response.status_code, 200)
+
+        # Check the privacy indicator is public
+        self.assertTemplateUsed(response, 'wagtailadmin/pages/_privacy_indicator.html')
+        self.assertContains(response, '<div class="privacy-indicator private">')
+        self.assertNotContains(response, '<div class="privacy-indicator public">')
+
+    def test_explorer_list_homepage(self):
+        """
+        This tests that there is a padlock displayed next to the private page in the homepages explorer listing
+        """
+        response = self.client.get(reverse('wagtailadmin_explore', args=(self.homepage.id, )))
+
+        # Check the response
+        self.assertEqual(response.status_code, 200)
+
+        # Must have one privacy icon (next to the private page)
+        self.assertContains(response, "<span class=\"privacy-indicator icon icon-locked\"", count=1)
+
+    def test_explorer_list_private(self):
+        """
+        This tests that there is a padlock displayed next to the private child page in the private pages explorer listing
+        """
+        response = self.client.get(reverse('wagtailadmin_explore', args=(self.private_page.id, )))
+
+        # Check the response
+        self.assertEqual(response.status_code, 200)
+
+        # Must have one privacy icon (next to the private child page)
+        self.assertContains(response, "<span class=\"privacy-indicator icon icon-locked\"", count=1)
+
+    def test_edit_public(self):
+        """
+        This tests that the privacy indicator on the public pages edit view is set to "PUBLIC"
+        """
+        response = self.client.get(reverse('wagtailadmin_pages_edit', args=(self.public_page.id, )))
+
+        # Check the response
+        self.assertEqual(response.status_code, 200)
+
+        # Check the privacy indicator is public
+        self.assertTemplateUsed(response, 'wagtailadmin/pages/_privacy_indicator.html')
+        self.assertContains(response, '<div class="privacy-indicator public">')
+        self.assertNotContains(response, '<div class="privacy-indicator private">')
+
+    def test_edit_private(self):
+        """
+        This tests that the privacy indicator on the private pages edit view is set to "PRIVATE"
+        """
+        response = self.client.get(reverse('wagtailadmin_pages_edit', args=(self.private_page.id, )))
+
+        # Check the response
+        self.assertEqual(response.status_code, 200)
+
+        # Check the privacy indicator is public
+        self.assertTemplateUsed(response, 'wagtailadmin/pages/_privacy_indicator.html')
+        self.assertContains(response, '<div class="privacy-indicator private">')
+        self.assertNotContains(response, '<div class="privacy-indicator public">')
+
+    def test_edit_private_child(self):
+        """
+        This tests that the privacy indicator on the private child pages edit view is set to "PRIVATE"
+        """
+        response = self.client.get(reverse('wagtailadmin_pages_edit', args=(self.private_child_page.id, )))
+
+        # Check the response
+        self.assertEqual(response.status_code, 200)
+
+        # Check the privacy indicator is public
+        self.assertTemplateUsed(response, 'wagtailadmin/pages/_privacy_indicator.html')
+        self.assertContains(response, '<div class="privacy-indicator private">')
+        self.assertNotContains(response, '<div class="privacy-indicator public">')

From 5cead3c40af4e56034c61ca6b07146e57d45c76c Mon Sep 17 00:00:00 2001
From: Karl Hobley <karl@torchbox.com>
Date: Fri, 4 Jul 2014 14:10:06 +0100
Subject: [PATCH 27/33] Added public and not_public filters to PageQuerySet

---
 wagtail/wagtailcore/models.py                 |  6 +++
 wagtail/wagtailcore/query.py                  | 14 +++++++
 .../wagtailcore/tests/test_page_queryset.py   | 42 ++++++++++++++++++-
 3 files changed, 61 insertions(+), 1 deletion(-)

diff --git a/wagtail/wagtailcore/models.py b/wagtail/wagtailcore/models.py
index b552618aa..ecfa65ee8 100644
--- a/wagtail/wagtailcore/models.py
+++ b/wagtail/wagtailcore/models.py
@@ -229,6 +229,12 @@ class PageManager(models.Manager):
     def not_type(self, model):
         return self.get_queryset().not_type(model)
 
+    def public(self):
+        return self.get_queryset().public()
+
+    def not_public(self):
+        return self.get_queryset().not_public()
+
 
 class PageBase(models.base.ModelBase):
     """Metaclass for Page"""
diff --git a/wagtail/wagtailcore/query.py b/wagtail/wagtailcore/query.py
index 57e8ffff3..e0b6cc869 100644
--- a/wagtail/wagtailcore/query.py
+++ b/wagtail/wagtailcore/query.py
@@ -107,3 +107,17 @@ class PageQuerySet(MP_NodeQuerySet):
 
     def not_type(self, model):
         return self.exclude(self.type_q(model))
+
+    def public_q(self):
+        from wagtail.wagtailcore.models import PageViewRestriction
+
+        q = Q()
+        for restriction in PageViewRestriction.objects.all():
+            q &= ~self.descendant_of_q(restriction.page, inclusive=True)
+        return q
+
+    def public(self):
+        return self.filter(self.public_q())
+
+    def not_public(self):
+        return self.exclude(self.public_q())
diff --git a/wagtail/wagtailcore/tests/test_page_queryset.py b/wagtail/wagtailcore/tests/test_page_queryset.py
index bc07f0fba..df5367dc8 100644
--- a/wagtail/wagtailcore/tests/test_page_queryset.py
+++ b/wagtail/wagtailcore/tests/test_page_queryset.py
@@ -1,6 +1,6 @@
 from django.test import TestCase
 
-from wagtail.wagtailcore.models import Page
+from wagtail.wagtailcore.models import Page, PageViewRestriction
 from wagtail.tests.models import EventPage
 
 
@@ -270,3 +270,43 @@ class TestPageQuerySet(TestCase):
         # Check that the homepage is in the results
         homepage = Page.objects.get(url_path='/home/')
         self.assertTrue(pages.filter(id=homepage.id).exists())
+
+    def test_public(self):
+        events_index = Page.objects.get(url_path='/home/events/')
+        event = Page.objects.get(url_path='/home/events/christmas/')
+        homepage = Page.objects.get(url_path='/home/')
+
+        # Add PageViewRestriction to events_index
+        PageViewRestriction.objects.create(page=events_index, password='hello')
+
+        # Get public pages
+        pages = Page.objects.public()
+
+        # Check that the homepage is in the results
+        self.assertTrue(pages.filter(id=homepage.id).exists())
+
+        # Check that the events index is not in the results
+        self.assertFalse(pages.filter(id=events_index.id).exists())
+
+        # Check that the event is not in the results
+        self.assertFalse(pages.filter(id=event.id).exists())
+
+    def test_not_public(self):
+        events_index = Page.objects.get(url_path='/home/events/')
+        event = Page.objects.get(url_path='/home/events/christmas/')
+        homepage = Page.objects.get(url_path='/home/')
+
+        # Add PageViewRestriction to events_index
+        PageViewRestriction.objects.create(page=events_index, password='hello')
+
+        # Get public pages
+        pages = Page.objects.not_public()
+
+        # Check that the homepage is not in the results
+        self.assertFalse(pages.filter(id=homepage.id).exists())
+
+        # Check that the events index is in the results
+        self.assertTrue(pages.filter(id=events_index.id).exists())
+
+        # Check that the event is in the results
+        self.assertTrue(pages.filter(id=event.id).exists())

From 7d4f4c2edd8474542f0b9bb5acf359c9e5a7a14d Mon Sep 17 00:00:00 2001
From: Karl Hobley <karl@torchbox.com>
Date: Fri, 4 Jul 2014 16:34:50 +0100
Subject: [PATCH 28/33] Don't include protected pages in sitemap. Fixes #407

---
 .../contrib/wagtailsitemaps/sitemap_generator.py    |  2 +-
 wagtail/contrib/wagtailsitemaps/tests.py            | 13 ++++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/wagtail/contrib/wagtailsitemaps/sitemap_generator.py b/wagtail/contrib/wagtailsitemaps/sitemap_generator.py
index eb08d81b7..d22f88112 100644
--- a/wagtail/contrib/wagtailsitemaps/sitemap_generator.py
+++ b/wagtail/contrib/wagtailsitemaps/sitemap_generator.py
@@ -8,7 +8,7 @@ class Sitemap(object):
         self.site = site
 
     def get_pages(self):
-        return self.site.root_page.get_descendants(inclusive=True).live().order_by('path')
+        return self.site.root_page.get_descendants(inclusive=True).live().public().order_by('path')
 
     def get_urls(self):
         for page in self.get_pages():
diff --git a/wagtail/contrib/wagtailsitemaps/tests.py b/wagtail/contrib/wagtailsitemaps/tests.py
index d2d612fa2..469e210ad 100644
--- a/wagtail/contrib/wagtailsitemaps/tests.py
+++ b/wagtail/contrib/wagtailsitemaps/tests.py
@@ -1,7 +1,7 @@
 from django.test import TestCase
 from django.core.cache import cache
 
-from wagtail.wagtailcore.models import Page, Site
+from wagtail.wagtailcore.models import Page, PageViewRestriction, Site
 from wagtail.tests.models import SimplePage
 
 from .sitemap_generator import Sitemap
@@ -23,6 +23,13 @@ class TestSitemapGenerator(TestCase):
             live=False,
         ))
 
+        self.protected_child_page = self.home_page.add_child(instance=SimplePage(
+            title="Protected",
+            slug='protected',
+            live=True,
+        ))
+        PageViewRestriction.objects.create(page=self.protected_child_page, password='hello')
+
         self.site = Site.objects.get(is_default_site=True)
 
     def test_get_pages(self):
@@ -31,6 +38,7 @@ class TestSitemapGenerator(TestCase):
 
         self.assertIn(self.child_page.page_ptr, pages)
         self.assertNotIn(self.unpublished_child_page.page_ptr, pages)
+        self.assertNotIn(self.protected_child_page.page_ptr, pages)
 
     def test_get_urls(self):
         sitemap = Sitemap(self.site)
@@ -49,6 +57,9 @@ class TestSitemapGenerator(TestCase):
         # Make sure the unpublished page didn't make it into the xml
         self.assertNotIn('/unpublished/', xml)
 
+        # Make sure the protected page didn't make it into the xml
+        self.assertNotIn('/protected/', xml)
+
 
 class TestSitemapView(TestCase):
     def test_sitemap_view(self):

From e23975eb933d10b542e719387fc7473e958faedb Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Fri, 4 Jul 2014 16:56:14 +0100
Subject: [PATCH 29/33] move Page.check_view_restrictions back into the body of
 the check_view_restrictions hook - it's view-level functionality, not model
 level, and its presence in the Page model is confusing (and the reason it was
 there has now been superseded). See
 https://groups.google.com/d/msg/wagtail/085Z7Mp73gE/dqfxW0sC72IJ

---
 wagtail/wagtailcore/models.py        | 21 ---------------------
 wagtail/wagtailcore/wagtail_hooks.py | 22 +++++++++++++++++++++-
 2 files changed, 21 insertions(+), 22 deletions(-)

diff --git a/wagtail/wagtailcore/models.py b/wagtail/wagtailcore/models.py
index ecfa65ee8..52aa60e4f 100644
--- a/wagtail/wagtailcore/models.py
+++ b/wagtail/wagtailcore/models.py
@@ -13,7 +13,6 @@ from django.http import Http404
 from django.core.cache import cache
 from django.core.handlers.wsgi import WSGIRequest
 from django.core.handlers.base import BaseHandler
-from django.core.urlresolvers import reverse
 from django.contrib.contenttypes.models import ContentType
 from django.contrib.auth.models import Group
 from django.conf import settings
@@ -821,26 +820,6 @@ class Page(six.with_metaclass(PageBase, MP_Node, ClusterableModel, Indexed)):
         """Return a query set of all page view restrictions that apply to this page"""
         return PageViewRestriction.objects.filter(page__in=self.get_ancestors(inclusive=True))
 
-    def check_view_restrictions(self, request):
-        """
-        Check whether there are any view restrictions on this page which are
-        not fulfilled by the given request object. If there are, return an
-        HttpResponse that will notify the user of that restriction (and possibly
-        include a password / login form that will allow them to proceed). If
-        there are no such restrictions, return None
-        """
-        restrictions = self.get_view_restrictions()
-
-        if restrictions:
-            passed_restrictions = request.session.get('passed_page_view_restrictions', [])
-            for restriction in restrictions:
-                if restriction.id not in passed_restrictions:
-                    from wagtail.wagtailcore.forms import PasswordPageViewRestrictionForm
-                    form = PasswordPageViewRestrictionForm(instance=restriction,
-                        initial={'return_url': request.get_full_path()})
-                    action_url = reverse('wagtailcore_authenticate_with_password', args=[restriction.id, self.id])
-                    return self.serve_password_required_response(request, form, action_url)
-
     password_required_template = getattr(settings, 'PASSWORD_REQUIRED_TEMPLATE', 'wagtailcore/password_required.html')
     def serve_password_required_response(self, request, form, action_url):
         """
diff --git a/wagtail/wagtailcore/wagtail_hooks.py b/wagtail/wagtailcore/wagtail_hooks.py
index 200af8468..ef6ca9f82 100644
--- a/wagtail/wagtailcore/wagtail_hooks.py
+++ b/wagtail/wagtailcore/wagtail_hooks.py
@@ -1,5 +1,25 @@
+from django.core.urlresolvers import reverse
+
 from wagtail.wagtailcore import hooks
 
 def check_view_restrictions(page, request, serve_args, serve_kwargs):
-    return page.check_view_restrictions(request)
+    """
+    Check whether there are any view restrictions on this page which are
+    not fulfilled by the given request object. If there are, return an
+    HttpResponse that will notify the user of that restriction (and possibly
+    include a password / login form that will allow them to proceed). If
+    there are no such restrictions, return None
+    """
+    restrictions = page.get_view_restrictions()
+
+    if restrictions:
+        passed_restrictions = request.session.get('passed_page_view_restrictions', [])
+        for restriction in restrictions:
+            if restriction.id not in passed_restrictions:
+                from wagtail.wagtailcore.forms import PasswordPageViewRestrictionForm
+                form = PasswordPageViewRestrictionForm(instance=restriction,
+                    initial={'return_url': request.get_full_path()})
+                action_url = reverse('wagtailcore_authenticate_with_password', args=[restriction.id, page.id])
+                return page.serve_password_required_response(request, form, action_url)
+
 hooks.register('before_serve_page', check_view_restrictions)

From 06c79d4866cdc4c50fa1259cdaef54e27d031de9 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Fri, 4 Jul 2014 17:50:26 +0100
Subject: [PATCH 30/33] update building_your_site and model_recipes docs to
 cover the new route/serve API

---
 docs/building_your_site/djangodevelopers.rst |  7 ++--
 docs/model_recipes.rst                       | 41 +++++++++++++-------
 2 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/docs/building_your_site/djangodevelopers.rst b/docs/building_your_site/djangodevelopers.rst
index c24040364..89f0ed642 100644
--- a/docs/building_your_site/djangodevelopers.rst
+++ b/docs/building_your_site/djangodevelopers.rst
@@ -177,9 +177,10 @@ Anatomy of a Wagtail Request
 For going beyond the basics of model definition and interrelation, it might help to know how Wagtail handles requests and constructs responses. In short, it goes something like:
 
     #.  Django gets a request and routes through Wagtail's URL dispatcher definitions
-    #.  Starting from the root content piece, Wagtail traverses the page tree, letting the model for each piece of content along the path decide how to ``route()`` the next step in the path.
-    #.  A model class decides that routing is done and it's now time to ``serve()`` content.
-    #.  ``serve()`` constructs a context using ``get_context()``
+    #.  Wagtail checks the hostname of the request to determine which ``Site`` record will handle this request.
+    #.  Starting from the root page of that site, Wagtail traverses the page tree, calling the ``route()`` method and letting each page model decide whether it will handle the request itself or pass it on to a child page.
+    #.  The page responsible for handling the request returns a ``RouteResult`` object from ``route()``, which identifies the page along with any additional args/kwargs to be passed to ``serve()``.
+    #.  Wagtail calls ``serve()``, which constructs a context using ``get_context()``
     #.  ``serve()`` finds a template to pass it to using ``get_template()``
     #.  A response object is returned by ``serve()`` and Django responds to the requester.
 
diff --git a/docs/model_recipes.rst b/docs/model_recipes.rst
index e799ef70a..7f9b5f7b6 100644
--- a/docs/model_recipes.rst
+++ b/docs/model_recipes.rst
@@ -58,8 +58,8 @@ Wagtail routes requests by iterating over the path components (separated with a
                 # find a matching child or 404
                 try:
                     subpage = self.get_children().get(slug=child_slug)
-                    except Page.DoesNotExist:
-                raise Http404
+                except Page.DoesNotExist:
+                    raise Http404
 
                 # delegate further routing
                 return subpage.specific.route(request, remaining_components)
@@ -67,13 +67,16 @@ Wagtail routes requests by iterating over the path components (separated with a
             else:
                 # request is for this very page
                 if self.live:
-                    # use the serve() method to render the request if the page is published
-                    return self.serve(request)
+                    # Return a RouteResult that will tell Wagtail to call
+                    # this page's serve() method
+                    return RouteResult(self)
                 else:
                     # the page matches the request, but isn't published, so 404
                     raise Http404
 
-The contract is pretty simple. ``route()`` takes the current object (``self``), the ``request`` object, and a list of the remaining ``path_components`` from the request URL. It either continues delegating routing by calling ``route()`` again on one of its children in the Wagtail tree, or ends the routing process by serving something -- either normally through the ``self.serve()`` method or by raising a 404 error.
+``route()`` takes the current object (``self``), the ``request`` object, and a list of the remaining ``path_components`` from the request URL. It either continues delegating routing by calling ``route()`` again on one of its children in the Wagtail tree, or ends the routing process by returning a ``RouteResult`` object or raising a 404 error.
+
+The ``RouteResult`` object (defined in wagtail.wagtailcore.url_routing) encapsulates all the information Wagtail needs to call a page's ``serve()`` method and return a final response: this information consists of the page object, and any additional args / kwargs to be passed to ``serve()``.
 
 By overriding the ``route()`` method, we could create custom endpoints for each object in the Wagtail tree. One use case might be using an alternate template when encountering the ``print/`` endpoint in the path. Another might be a REST API which interacts with the current object. Just to see what's involved, lets make a simple model which prints out all of its child path components.
 
@@ -82,6 +85,7 @@ First, ``models.py``:
 .. code-block:: python
 
     from django.shortcuts import render
+    from wagtail.wagtailcore.url_routing import RouteResult
 
     ...
 
@@ -89,15 +93,20 @@ First, ``models.py``:
   
         def route(self, request, path_components):
             if path_components:
-                return render(request, self.template, {
-                    'self': self,
-                    'echo': ' '.join(path_components),
-                })
+                # tell Wagtail to call self.serve() with an additional 'path_components' kwarg
+                return RouteResult(self, kwargs={'path_components': path_components})
             else:
                 if self.live:
-                    return self.serve(request)
-            else:
-                raise Http404
+                    # tell Wagtail to call self.serve() with no further args
+                    return RouteResult(self)
+                else:
+                    raise Http404
+
+        def serve(self, path_components=[]):
+            render(request, self.template, {
+                'self': self,
+                'echo': ' '.join(path_components),
+            })
 
     Echoer.content_panels = [
         FieldPanel('title', classname="full title"),
@@ -107,7 +116,7 @@ First, ``models.py``:
         MultiFieldPanel(COMMON_PANELS, "Common page configuration"),
     ]
 
-This model, ``Echoer``, doesn't define any properties, but does subclass ``Page`` so objects will be able to have a custom title and slug. The template just has to display our ``{{ echo }}`` property. We're skipping the ``serve()`` method entirely, but you could include your render code there to stay consistent with Wagtail's conventions.
+This model, ``Echoer``, doesn't define any properties, but does subclass ``Page`` so objects will be able to have a custom title and slug. The template just has to display our ``{{ echo }}`` property.
 
 Now, once creating a new ``Echoer`` page in the Wagtail admin titled "Echo Base," requests such as::
 
@@ -117,6 +126,12 @@ Will return::
 
     tauntaun kennel bed and breakfast
 
+Be careful if you're introducing new required arguments to the ``serve()`` method - Wagtail still needs to be able to display a default view of the page for previewing and moderation, and by default will attempt to do this by calling ``serve()`` with a request object and no further arguments. If your ``serve()`` method does not accept that as a method signature, you will need to override the page's ``serve_preview()`` method to call ``serve()`` with suitable arguments:
+
+.. code-block:: python
+
+    def serve_preview(self, request, mode_name):
+        return self.serve(request, color='purple')
 
 .. _tagging:
 

From 4fde40df9230ea4f2dacefbcda87f931518e3c79 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Fri, 4 Jul 2014 18:24:01 +0100
Subject: [PATCH 31/33] Update example in static_site_generation docs to use
 new-style route API

---
 docs/static_site_generation.rst | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/static_site_generation.rst b/docs/static_site_generation.rst
index 9feb59c36..d6b598520 100644
--- a/docs/static_site_generation.rst
+++ b/docs/static_site_generation.rst
@@ -45,6 +45,8 @@ For example, let's say we have a Blog Index which uses pagination. We can overri
 
 .. code:: python
 
+    from wagtail.wagtailcore.url_routing import RouteResult
+
     class BlogIndex(Page):
         ...
 
@@ -54,7 +56,7 @@ For example, let's say we have a Blog Index which uses pagination. We can overri
         def route(self, request, path_components):
             if self.live and len(path_components) == 2 and path_components[0] == 'page':
                 try:
-                    return self.serve(request, page=int(path_components[1]))
+                    return RouteResult(self, kwargs={'page': int(path_components[1])})
                 except (TypeError, ValueError):
                     pass
 

From 383ce75b398e3d7f6f496d02990ac954a48db1a0 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Fri, 4 Jul 2014 19:22:57 +0100
Subject: [PATCH 32/33] Document the before_serve_page hook

---
 docs/editing_api.rst | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/docs/editing_api.rst b/docs/editing_api.rst
index 5113eb3b8..615175c08 100644
--- a/docs/editing_api.rst
+++ b/docs/editing_api.rst
@@ -402,6 +402,23 @@ Registering functions with a Wagtail hook follows the following pattern:
 
 Where ``'hook'`` is one of the following hook strings and ``function`` is a function you've defined to handle the hook.
 
+.. _before_serve_page:
+
+``before_serve_page``
+  .. versionadded:: 0.4
+
+  Called when Wagtail is about to serve a page. The callable passed into the hook will receive the page object, the request object, and the args and kwargs that will be passed to the page's ``serve()`` method. If the callable returns an ``HttpResponse``, that response will be returned immediately to the user, and Wagtail will not proceed to call ``serve()`` on the page.
+
+  .. code-block:: python
+
+    from wagtail.wagtailcore import hooks
+
+    def block_googlebot(page, request, serve_args, serve_kwargs):
+        if request.META.get('HTTP_USER_AGENT') == 'GoogleBot':
+            return HttpResponse("<h1>bad googlebot no cookie</h1>")
+
+    hooks.register('before_serve_page', block_googlebot)
+
 .. _construct_wagtail_edit_bird:
 
 ``construct_wagtail_edit_bird``

From 466df9ffd6e1c7ba4eedaf5bf418289aea71ce02 Mon Sep 17 00:00:00 2001
From: Matt Westcott <matt@west.co.tt>
Date: Fri, 4 Jul 2014 20:51:39 +0100
Subject: [PATCH 33/33] Add developer docs for private pages

---
 docs/index.rst         |  1 +
 docs/private_pages.rst | 64 ++++++++++++++++++++++++++++++++++++++++++
 docs/settings.rst      | 10 +++++++
 3 files changed, 75 insertions(+)
 create mode 100644 docs/private_pages.rst

diff --git a/docs/index.rst b/docs/index.rst
index ae2300556..f51a4edf2 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -20,6 +20,7 @@ It supports Django 1.6.2+ on Python 2.6, 2.7, 3.2, 3.3 and 3.4. Django 1.7 suppo
    deploying
    performance
    static_site_generation
+   private_pages
    management_commands
    contributing
    support
diff --git a/docs/private_pages.rst b/docs/private_pages.rst
new file mode 100644
index 000000000..bfd20ee09
--- /dev/null
+++ b/docs/private_pages.rst
@@ -0,0 +1,64 @@
+.. _private_pages:
+
+Private pages
+=============
+
+Users with publish permission on a page can set it to be private by clicking the 'Privacy' control in the top right corner of the page explorer or editing interface, and setting a password. Users visiting this page, or any of its subpages, will be prompted to enter a password before they can view the page.
+
+Private pages work on Wagtail out of the box - the site implementer does not need to do anything to set them up. However, the default "password required" form is only a bare-bones HTML page, and site implementers may wish to replace this with a page customised to their site design.
+
+Setting up a global "password required" page
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+By setting ``PASSWORD_REQUIRED_TEMPLATE`` in your Django settings file, you can specify the path of a template which will be used for all "password required" forms on the site (except for page types that specifically override it - see below):
+
+.. code-block:: python
+
+  PASSWORD_REQUIRED_TEMPLATE = 'myapp/password_required.html'
+
+This template will receive the same set of context variables that the blocked page would pass to its own template via ``get_context()`` - including ``self`` to refer to the page object itself - plus the following additional variables (which override any of the page's own context variables of the same name):
+
+ - **form** - A Django form object for the password prompt; this will contain a field named ``password`` as its only visible field. A number of hidden fields may also be present, so the page must loop over ``form.hidden_fields`` if not using one of Django's rendering helpers such as ``form.as_p``.
+ - **action_url** - The URL that the password form should be submitted to, as a POST request.
+
+A basic template suitable for use as PASSWORD_REQUIRED_TEMPLATE might look like this:
+
+ .. code-block:: django
+
+    <!DOCTYPE HTML>
+    <html>
+        <head>
+            <title>Password required</title>
+        </head>
+        <body>
+            <h1>Password required</h1>
+            <p>You need a password to access this page.</p>
+            <form action="{{ action_url }}" method="POST">
+                {% csrf_token %}
+
+                {{ form.non_field_errors }}
+
+                <div>
+                    {{ form.password.errors }}
+                    {{ form.password.label_tag }}
+                    {{ form.password }}
+                </div>
+
+                {% for field in form.hidden_fields %}
+                    {{ field }}
+                {% endfor %}
+                <input type="submit" value="Continue" />
+            </form>
+        </body>
+    </html>
+
+Setting a "password required" page for a specific page type
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The attribute ``password_required_template`` can be defined on a page model to use a custom template for the "password required" view, for that page type only. For example, if a site had a page type for displaying embedded videos along with a description, it might choose to use a custom "password required" template that displays the video description as usual, but shows the password form in place of the video embed.
+
+ .. code-block:: python
+
+    class VideoPage(Page):
+        ...
+        password_required_template = 'video/password_required.html'
diff --git a/docs/settings.rst b/docs/settings.rst
index 018af5d01..712e3b254 100644
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -246,6 +246,16 @@ Email Notifications
 Wagtail sends email notifications when content is submitted for moderation, and when the content is accepted or rejected. This setting lets you pick which email address these automatic notifications will come from. If omitted, Django will fall back to using the ``DEFAULT_FROM_EMAIL`` variable if set, and ``webmaster@localhost`` if not.
 
 
+Private Pages
+-------------
+
+.. code-block:: python
+
+  PASSWORD_REQUIRED_TEMPLATE = 'myapp/password_required.html'
+
+This is the path to the Django template which will be used to display the "password required" form when a user accesses a private page. For more details, see the :ref:`private_pages` documentation.
+
+
 Other Django Settings Used by Wagtail
 -------------------------------------