rafalp · rafalp · Dec 17, 2025 · Dec 17, 2025 · Dec 17, 2025 · Dec 18, 2025
diff --git a/.gitignore b/.gitignore
@@ -57,4 +57,7 @@ pylint.txt
 *.pot
 
 # Docker Compose Override
-docker-compose.override.yml
+docker-compose.override.yml
+
+# Database snapshot
+database.sql
diff --git a/dev-docs/html-attributes.md b/dev-docs/html-attributes.md
@@ -2,12 +2,29 @@
 
 Like [htmx](https://htmx.org/reference/), Misago includes a set of custom HTML attributes that template authors can use.
 
+- [`mg-confirm`](#mg-confirm)
 - [`mg-error`](#mg-error)
 - [`mg-if`](#mg-if)
 - [`mg-loader`](#mg-loader)
 - [`mg-text`](#mg-text)
 
 
+### `mg-confirm`
+
+A `form` element attribute that displays a confirmation prompt on submit:
+
+```html
+<form
+    post="..."
+    mg-confirm="Are you sure?"
+>
+    <button>Submit</button>
+</form>
+```
+
+Use this attribute instead of `hx-confirm` for form submissions that don't use HTMX.
+
+
 ### `mg-error`
 
 If an htmx request returns an error response, Misago will display it in a toast.

diff --git a/dev-docs/plugins/hooks/can-see-post-edit-count-hook.md b/dev-docs/plugins/hooks/can-see-post-edit-count-hook.md
@@ -0,0 +1,131 @@
+# `can_see_post_edit_count_hook`
+
+This hook wraps a standard Misago function used to check if a user has permission to see a post’s edit count. Returns `True` if they can and `False` if they don't.
+
+
+## Location
+
+This hook can be imported from `misago.permissions.hooks`:
+
+```python
+from misago.permissions.hooks import can_see_post_edit_count_hook
+```
+
+
+## Filter
+
+```python
+def custom_can_see_post_edit_count_filter(
+    action: CanSeePostsEditCountHookAction,
+    permissions: 'UserPermissionsProxy',
+    category: Category,
+    thread: Thread,
+    post: Post,
+) -> bool:
+    ...
+```
+
+A function implemented by a plugin that can be registered in this hook.
+
+
+### Arguments
+
+#### `action: CanSeePostsEditCountHookAction`
+
+Next function registered in this hook, either a custom function or Misago's standard one.
+
+See the [action](#action) section for details.
+
+
+#### `users: UserPermissionsProxy`
+
+A proxy object with the current user's permissions.
+
+
+#### `category: Category`
+
+A category to check permissions for.
+
+
+#### `thread: Thread`
+
+A thread to check permissions for.
+
+
+#### `post: Post`
+
+A post to check permissions for.
+
+
+### Return value
+
+A `bool` with `True` if user can see post's edit count, and `False` if they can't.
+
+
+## Action
+
+```python
+def can_see_post_edit_count_action(
+    permissions: 'UserPermissionsProxy',
+    category: Category,
+    thread: Thread,
+    post: Post,
+) -> bool:
+    ...
+```
+
+Misago function used to check if a user has permission to see a post’s edit count. Returns `True` if they can and `False` if they don't.
+
+
+### Arguments
+
+#### `users: UserPermissionsProxy`
+
+A proxy object with the current user's permissions.
+
+
+#### `category: Category`
+
+A category to check permissions for.
+
+
+#### `thread: Thread`
+
+A thread to check permissions for.
+
+
+#### `post: Post`
+
+A post to check permissions for.
+
+
+### Return value
+
+A `bool` with `True` if user can see post's edit count, and `False` if they can't.
+
+
+## Example
+
+The code below implements a custom filter function that blocks a user from seeing a specific post's edit count if it has a flag.
+
+```python
+from django.core.exceptions import PermissionDenied
+from django.utils.translation import pgettext
+from misago.categories.models import Category
+from misago.permissions.hooks import can_see_post_edit_count_hook
+from misago.permissions.proxy import UserPermissionsProxy
+from misago.threads.models import Post, Thread
+
+@can_see_post_edit_count_hook.append_filter
+def check_user_can_see_post_edits(
+    action,
+    permissions: UserPermissionsProxy,
+    category: Category,
+    thread: Thread,
+    post: Post,
+) -> bool:
+    if post.plugin_data.get("hide_edits"):
+        return False
+
+    return action(permissions, category, thread, post)
+```
diff --git a/dev-docs/plugins/hooks/can-see-post-likes-count-hook.md b/dev-docs/plugins/hooks/can-see-post-likes-count-hook.md
@@ -1,6 +1,6 @@
 # `can_see_post_likes_count_hook`
 
-This hook wraps a standard Misago function used to check if a user has permission to see a post’s likes count. Returns `True` if they can and `False` if they can't.
+This hook wraps a standard Misago function used to check if a user has permission to see a post’s likes count. Returns `True` if they can and `False` if they don't.
 
 
 ## Location
@@ -74,7 +74,7 @@ def can_see_post_likes_count_action(
     ...
 ```
 
-Misago function used to check if a user has permission to see a post’s likes count. Returns `True` if they can and `False` if they can't.
+Misago function used to check if a user has permission to see a post’s likes count. Returns `True` if they can and `False` if they don't.
 
 
 ### Arguments

diff --git a/dev-docs/plugins/hooks/check-access-category-permission-hook.md b/dev-docs/plugins/hooks/check-access-category-permission-hook.md
@@ -1,6 +1,6 @@
 # `check_access_category_permission_hook`
 
-This hook wraps a standard Misago function used to check if a user has permission to access a category of unknown type (threads, private threads, or plugin-defined). Raises Django’s `Http404` or `PermissionDenied` if they can't.
+This hook wraps a standard Misago function used to check if a user has permission to access a category of any type (threads, private threads, or plugin-defined). Raises Django’s `Http404` or `PermissionDenied` if they don't.
 
 
 ## Location
@@ -54,7 +54,7 @@ def check_access_category_permission_action(
     ...
 ```
 
-Misago function used to check if a user has permission to access a category of unknown type (threads, private threads, or plugin-defined). Raises Django’s `Http404` or `PermissionDenied` if they can't.
+Misago function used to check if a user has permission to access a category of any type (threads, private threads, or plugin-defined). Raises Django’s `Http404` or `PermissionDenied` if they don't.
 
 
 ### Arguments

diff --git a/dev-docs/plugins/hooks/check-access-post-permission-hook.md b/dev-docs/plugins/hooks/check-access-post-permission-hook.md
@@ -1,6 +1,6 @@
 # `check_access_post_permission_hook`
 
-This hook wraps a standard Misago function used to check if a user has permission to access a post of unknown type (threads, private threads, or plugin-defined). Raises Django’s `Http404` or `PermissionDenied` if they can't.
+This hook wraps a standard Misago function used to check if a user has permission to access a post of any type (threads, private threads, or plugin-defined). Raises Django’s `Http404` or `PermissionDenied` if they don't.
 
 
 ## Location
@@ -69,7 +69,7 @@ def check_access_post_permission_action(
     ...
 ```
 
-Misago function used to check if a user has permission to access a post of unknown type (threads, private threads, or plugin-defined). Raises Django’s `Http404` or `PermissionDenied` if they can't.
+Misago function used to check if a user has permission to access a post of any type (threads, private threads, or plugin-defined). Raises Django’s `Http404` or `PermissionDenied` if they don't.
 
 
 ### Arguments

diff --git a/dev-docs/plugins/hooks/check-access-thread-permission-hook.md b/dev-docs/plugins/hooks/check-access-thread-permission-hook.md
@@ -1,6 +1,6 @@
 # `check_access_thread_permission_hook`
 
-This hook wraps a standard Misago function used to check if a user has permission to access a thread of unknown type (threads, private threads, or plugin-defined). Raises Django’s `Http404` or `PermissionDenied` if they can't.
+This hook wraps a standard Misago function used to check if a user has permission to access a thread of any type (threads, private threads, or plugin-defined). Raises Django’s `Http404` or `PermissionDenied` if they don't.
 
 
 ## Location
@@ -62,7 +62,7 @@ def check_access_thread_permission_action(
     ...
 ```
 
-Misago function used to check if a user has permission to access a thread of unknown type (threads, private threads, or plugin-defined). Raises Django’s `Http404` or `PermissionDenied` if they can't.
+Misago function used to check if a user has permission to access a thread of any type (threads, private threads, or plugin-defined). Raises Django’s `Http404` or `PermissionDenied` if they don't.
 
 
 ### Arguments

diff --git a/dev-docs/plugins/hooks/check-delete-post-edit-permission-hook.md b/dev-docs/plugins/hooks/check-delete-post-edit-permission-hook.md
@@ -0,0 +1,141 @@
+# `check_delete_post_edit_permission_hook`
+
+This hook wraps the standard Misago function used to check whether a user has permission to delete a post edit. Raises Django’s `PermissionDenied` if they don’t.
+
+
+## Location
+
+This hook can be imported from `misago.permissions.hooks`:
+
+```python
+from misago.permissions.hooks import check_delete_post_edit_permission_hook
+```
+
+
+## Filter
+
+```python
+def custom_check_delete_post_edit_permission_filter(
+    action: CheckDeletePostEditPermissionHookAction,
+    permissions: 'UserPermissionsProxy',
+    category: Category,
+    thread: Thread,
+    post: Post,
+    post_edit: PostEdit,
+) -> None:
+    ...
+```
+
+A function implemented by a plugin that can be registered in this hook.
+
+
+### Arguments
+
+#### `action: CheckDeletePostEditPermissionHookAction`
+
+Next function registered in this hook, either a custom function or Misago's standard one.
+
+See the [action](#action) section for details.
+
+
+#### `user_permissions: UserPermissionsProxy`
+
+A proxy object with the current user's permissions.
+
+
+#### `category: Category`
+
+A category to check permissions for.
+
+
+#### `thread: Thread`
+
+A thread to check permissions for.
+
+
+#### `post: Post`
+
+A post to check permissions for.
+
+
+#### `post_edit: PostEdit`
+
+A post edit to check permissions for.
+
+
+## Action
+
+```python
+def check_delete_post_edit_permission_action(
+    permissions: 'UserPermissionsProxy',
+    category: Category,
+    thread: Thread,
+    post: Post,
+    post_edit: PostEdit,
+) -> None:
+    ...
+```
+
+Misago function used to check if a user has permission to delete a post edit. Raises Django’s `PermissionDenied` if they don't.
+
+
+### Arguments
+
+#### `user_permissions: UserPermissionsProxy`
+
+A proxy object with the current user's permissions.
+
+
+#### `category: Category`
+
+A category to check permissions for.
+
+
+#### `thread: Thread`
+
+A thread to check permissions for.
+
+
+#### `post: Post`
+
+A post to check permissions for.
+
+
+#### `post_edit: PostEdit`
+
+A post edit to check permissions for.
+
+
+## Example
+
+The code below implements a custom filter function that blocks a user from deleting a post edit record if it has a protected flag.
+
+```python
+from django.core.exceptions import PermissionDenied
+from django.utils.translation import pgettext
+from misago.categories.models import Category
+from misago.edits.models import PostEdit
+from misago.permissions.hooks import check_delete_post_edit_permission_hook
+from misago.permissions.proxy import UserPermissionsProxy
+from misago.threads.models import Post, Thread
+
+@check_delete_post_edit_permission_hook.append_filter
+def check_user_can_delete_protected_post_edit(
+    action,
+    permissions: UserPermissionsProxy,
+    category: Category,
+    thread: Thread,
+    post: Post,
+    post_edit: PostEdit,
+) -> None:
+    # Run standard permission checks
+    action(permissions, category, thread, post, post_edit)
+
+    if post.plugin_data.get("is_protected"):
+        raise PermissionDenied(
+            pgettext(
+                "edits permission error",
+                "You can't delete this post edit."
+            )
+        )
+```