WeblateOrg
diff --git a/‎docs/changes.rst‎
Lines changed: 2 additions & 0 deletions b/‎docs/changes.rst‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/snippets/permissions.rst‎
Lines changed: 2 additions & 0 deletions b/‎docs/snippets/permissions.rst‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎weblate/auth/data.py‎
Lines changed: 2 additions & 0 deletions b/‎weblate/auth/data.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎weblate/auth/decorators.py‎
Lines changed: 28 additions & 3 deletions b/‎weblate/auth/decorators.py‎
Lines changed: 28 additions & 3 deletions
diff --git a/‎weblate/templates/manage/teams.html‎
Lines changed: 64 additions & 60 deletions b/‎weblate/templates/manage/teams.html‎
Lines changed: 64 additions & 60 deletions
diff --git a/‎weblate/templates/manage/tools.html‎
Lines changed: 30 additions & 26 deletions b/‎weblate/templates/manage/tools.html‎
Lines changed: 30 additions & 26 deletions
@@ -7,6 +7,8 @@ Weblate 2026.7
 
 .. rubric:: Improvements
 
+* Management interface access control is now more fine-grained with dedicated site-wide permissions.
+
 .. rubric:: Bug fixes
 
 .. rubric:: Compatibility
 
@@ -334,6 +334,8 @@ List of privileges
 +-----------------------+-------------------------------------------+---------------------------------------+
 | Site wide privileges  | Use management interface                  |                                       |
 |                       +-------------------------------------------+---------------------------------------+
+|                       | Manage site configuration                 |                                       |
+|                       +-------------------------------------------+---------------------------------------+
 |                       | Add new projects                          | :guilabel:`Add new projects`          |
 |                       +-------------------------------------------+---------------------------------------+
 |                       | Add new workspaces                        | :guilabel:`Add new projects`          |
 
@@ -130,6 +130,8 @@
     # Translators: Permission name
     ("management.use", gettext_noop("Use management interface")),
     # Translators: Permission name
+    ("management.configure", gettext_noop("Manage site configuration")),
+    # Translators: Permission name
     ("project.add", gettext_noop("Add new projects")),
     # Translators: Permission name
     ("workspace.add", gettext_noop("Add new workspaces")),
 
@@ -10,16 +10,41 @@
 from django.core.exceptions import PermissionDenied
 
 if TYPE_CHECKING:
+    from collections.abc import Callable
+
     from weblate.auth.models import AuthenticatedHttpRequest
 
 
-def management_access(view):
+def check_management_access(
+    request: AuthenticatedHttpRequest, permission: str | None = None
+) -> None:
+    """Check management interface access and optional site-wide permission."""
+    if not request.user.has_perm("management.use"):
+        raise PermissionDenied
+    if permission is not None and not request.user.has_perm(permission):
+        raise PermissionDenied
+
+
+def management_access(view: Callable):
     """Check management access decorator."""
 
     @wraps(view)
     def wrapper(request: AuthenticatedHttpRequest, *args, **kwargs):
-        if not request.user.has_perm("management.use"):
-            raise PermissionDenied
+        check_management_access(request)
         return view(request, *args, **kwargs)
 
     return wrapper
+
+
+def management_permission_required(permission: str):
+    """Check management access and a specific site-wide permission."""
+
+    def decorator(view: Callable):
+        @wraps(view)
+        def wrapper(request: AuthenticatedHttpRequest, *args, **kwargs):
+            check_management_access(request, permission)
+            return view(request, *args, **kwargs)
+
+        return wrapper
+
+    return decorator
@@ -26,7 +26,7 @@ <h4 class="card-title">{% translate "Manage teams" %}</h4>
           <th>{% translate "Projects" %}</th>
           <th>{% translate "Components" %}</th>
           <th>{% translate "Members" %}</th>
-          <th></th>
+          {% if can_edit_teams %}<th></th>{% endif %}
         </tr>
       </thead>
       <tbody>
@@ -38,75 +38,79 @@ <h4 class="card-title">{% translate "Manage teams" %}</h4>
             <td>{% include "auth/teams-projects.html" %}</td>
             <td>{% include "auth/teams-components.html" %}</td>
             <td class="number">{% include "auth/teams-count.html" %}</td>
-            <td>
-              <a href="{{ group.get_absolute_url }}"
-                 class="btn btn-link btn-xs"
-                 title="{% translate "Edit" %}">{% icon 'pencil.svg' %}</a>
-              {% if not group.internal %}
-                <a href="#"
-                   data-bs-toggle="modal"
-                   data-bs-target="#delete_group_{{ group.id }}"
-                   class="btn btn-link btn-xs red"
-                   title="{% translate "Delete" %}">{% icon 'delete.svg' %}</a>
-              {% endif %}
-              <form action="{{ group.get_absolute_url }}" method="post" class="inlineform">
-                {% csrf_token %}
-                <input type="hidden" name="next" value="{{ request.get_full_path }}" />
-                <div class="modal fade"
-                     tabindex="-1"
-                     role="dialog"
-                     aria-labelledby="delete_group_title_{{ group.id }}"
-                     aria-describedby="delete_group_body_{{ group.id }}"
-                     id="delete_group_{{ group.id }}">
-                  <div class="modal-dialog" role="document">
-                    <div class="modal-content">
-                      <div class="modal-header">
-                        <h4 class="modal-title" id="delete_group_title_{{ group.id }}">{% translate "Are you absolutely sure?" %}</h4>
-                        <button type="button"
-                                class="btn-close"
-                                data-bs-dismiss="modal"
-                                aria-label="{% translate "Close" %}">
-                          <span aria-hidden="true">×</span>
-                        </button>
-                      </div>
-                      <div class="modal-body" id="delete_group_body_{{ group.id }}">
-                        {% blocktranslate with name=group %}This will delete the group <b>{{ name }}</b>.{% endblocktranslate %}
-                        {% if group.user__count %}
-                          {% blocktranslate count count=group.user__count %}There is {{ count }} member of this group. Deleting the group might affect their access.{% plural %}There are {{ count }} members of this group. Deleting the group might affect their access.{% endblocktranslate %}
-                        {% endif %}
-                      </div>
-                      <div class="modal-footer">
-                        <input type="submit"
-                               class="btn btn-danger"
-                               name="delete"
-                               value="{% translate "Delete" %}" />
+            {% if can_edit_teams %}
+              <td>
+                <a href="{{ group.get_absolute_url }}"
+                   class="btn btn-link btn-xs"
+                   title="{% translate "Edit" %}">{% icon 'pencil.svg' %}</a>
+                {% if not group.internal %}
+                  <a href="#"
+                     data-bs-toggle="modal"
+                     data-bs-target="#delete_group_{{ group.id }}"
+                     class="btn btn-link btn-xs red"
+                     title="{% translate "Delete" %}">{% icon 'delete.svg' %}</a>
+                {% endif %}
+                <form action="{{ group.get_absolute_url }}" method="post" class="inlineform">
+                  {% csrf_token %}
+                  <input type="hidden" name="next" value="{{ request.get_full_path }}" />
+                  <div class="modal fade"
+                       tabindex="-1"
+                       role="dialog"
+                       aria-labelledby="delete_group_title_{{ group.id }}"
+                       aria-describedby="delete_group_body_{{ group.id }}"
+                       id="delete_group_{{ group.id }}">
+                    <div class="modal-dialog" role="document">
+                      <div class="modal-content">
+                        <div class="modal-header">
+                          <h4 class="modal-title" id="delete_group_title_{{ group.id }}">{% translate "Are you absolutely sure?" %}</h4>
+                          <button type="button"
+                                  class="btn-close"
+                                  data-bs-dismiss="modal"
+                                  aria-label="{% translate "Close" %}">
+                            <span aria-hidden="true">×</span>
+                          </button>
+                        </div>
+                        <div class="modal-body" id="delete_group_body_{{ group.id }}">
+                          {% blocktranslate with name=group %}This will delete the group <b>{{ name }}</b>.{% endblocktranslate %}
+                          {% if group.user__count %}
+                            {% blocktranslate count count=group.user__count %}There is {{ count }} member of this group. Deleting the group might affect their access.{% plural %}There are {{ count }} members of this group. Deleting the group might affect their access.{% endblocktranslate %}
+                          {% endif %}
+                        </div>
+                        <div class="modal-footer">
+                          <input type="submit"
+                                 class="btn btn-danger"
+                                 name="delete"
+                                 value="{% translate "Delete" %}" />
+                        </div>
                       </div>
+                      <!-- /.modal-content -->
                     </div>
-                    <!-- /.modal-content -->
+                    <!-- /.modal-dialog -->
                   </div>
-                  <!-- /.modal-dialog -->
-                </div>
-                <!-- /.modal -->
-              </form>
-            </td>
+                  <!-- /.modal -->
+                </form>
+              </td>
+            {% endif %}
           </tr>
         {% endfor %}
       </tbody>
     </table>
     <div class="card-footer">{% include "paginator.html" %}</div>
   </div>
 
-  <form method="post">
-    {% csrf_token %}
-    <div class="card">
-      <div class="card-header">
-        <h4 class="card-title">{% translate "Create new team" %}</h4>
+  {% if can_edit_teams %}
+    <form method="post">
+      {% csrf_token %}
+      <div class="card">
+        <div class="card-header">
+          <h4 class="card-title">{% translate "Create new team" %}</h4>
+        </div>
+        <div class="card-body">{{ form|crispy }}</div>
+        <div class="card-footer">
+          <input type="submit" value="{% translate "Save" %}" class="btn btn-primary" />
+        </div>
       </div>
-      <div class="card-body">{{ form|crispy }}</div>
-      <div class="card-footer">
-        <input type="submit" value="{% translate "Save" %}" class="btn btn-primary" />
-      </div>
-    </div>
-  </form>
+    </form>
+  {% endif %}
 
 {% endblock content %}
@@ -14,21 +14,23 @@
 {% block content %}
 
 
-  <form method="post">
-    {% csrf_token %}
-    <div class="card">
-      <div class="card-header">
-        <h4 class="card-title">
-          {% documentation_icon 'admin/announcements' right=True %}
-          {% translate "Post announcement" %}
-        </h4>
-      </div>
-      <div class="card-body">{{ announce_form|crispy }}</div>
-      <div class="card-footer">
-        <input type="submit" class="btn btn-primary" value="{% translate "Send" %}" />
+  {% if can_post_announcement %}
+    <form method="post">
+      {% csrf_token %}
+      <div class="card">
+        <div class="card-header">
+          <h4 class="card-title">
+            {% documentation_icon 'admin/announcements' right=True %}
+            {% translate "Post announcement" %}
+          </h4>
+        </div>
+        <div class="card-body">{{ announce_form|crispy }}</div>
+        <div class="card-footer">
+          <input type="submit" class="btn btn-primary" value="{% translate "Send" %}" />
+        </div>
       </div>
-    </div>
-  </form>
+    </form>
+  {% endif %}
 
 
   <div class="card">
@@ -43,20 +45,22 @@ <h4 class="card-title">{% translate "Django admin interface" %}</h4>
     </div>
   </div>
 
-  <form method="post">
-    {% csrf_token %}
-    <div class="card">
-      <div class="card-header">
-        <h4 class="card-title">{% translate "Send test e-mail" %}</h4>
-      </div>
-      <div class="card-body">{{ email_form|crispy }}</div>
-      <div class="card-footer">
-        <input type="submit" class="btn btn-primary" value="{% translate "Send" %}" />
+  {% if can_configure %}
+    <form method="post">
+      {% csrf_token %}
+      <div class="card">
+        <div class="card-header">
+          <h4 class="card-title">{% translate "Send test e-mail" %}</h4>
+        </div>
+        <div class="card-body">{{ email_form|crispy }}</div>
+        <div class="card-footer">
+          <input type="submit" class="btn btn-primary" value="{% translate "Send" %}" />
+        </div>
       </div>
-    </div>
-  </form>
+    </form>
+  {% endif %}
 
-  {% if has_sentry %}
+  {% if can_configure and has_sentry %}
     <form method="post">
       {% csrf_token %}
       <div class="card">