feat(management): fine-grained access control

[nijel]

Allow tighther control of what site admins can do based on their permissions. The previously too broad management.use only grants read-only access.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 72ab878dee

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Copilot]

Pull request overview

This PR introduces more fine-grained, site-wide permission checks for the management interface so that management.use can be limited to read-only access while sensitive actions require dedicated global permissions.

Changes:

• Added check_management_access() and management_permission_required() helpers and applied them to selected management endpoints.
• Split management UI actions by permission (e.g., separate permissions for configuration pages, user/team management, announcements).
• Added regression tests and updated management templates/docs to reflect permission-gated UI.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
weblate/wladmin/views.py	Tightens access to management views and POST actions using dedicated site-wide permissions.
weblate/wladmin/tests.py	Adds coverage ensuring management.use is limited and specialized permissions unlock specific management areas.
weblate/urls.py	Wraps selected management routes (memory, machinery, add-ons) with specific permission checks.
weblate/templates/manage/users.html	Hides user-invite and access-check UI when the viewer lacks user.edit.
weblate/templates/manage/tools.html	Hides announcement UI when the viewer lacks announcement.edit.
weblate/templates/manage/teams.html	Hides team editing/creation UI when the viewer lacks group.edit.
weblate/auth/decorators.py	Adds new decorator utilities for composing management access + specific permission checks.
weblate/auth/data.py	Introduces the new global permission management.configure.
docs/snippets/permissions.rst	Documents the new “Manage site configuration” site-wide privilege.
docs/changes.rst	Notes the management access control change in the changelog.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8f89341931

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ee4bf4acd1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[argos-ci]

The latest updates on your projects. Learn more about Argos notifications ↗︎

Build	Status	Details	Updated (UTC)
default (Inspect)	⚠️ Changes detected (Review)	8 changed	Jun 1, 2026, 10:47 AM